06 Jun 2019

Provision of Dynamic Application Security Testing Services SAAS- Framework Agreement

Type of document: Contract Notice
Country: Ireland

2. Awarding Authority: An Post, General Post Office, O’Connell Street, Dublin, IE Tel: 00353 17058272. Email: deirdre.fox@anpost.ie. (Noelle Kenneally)
3. Contract type: Service contract
4. Description: The Awarding Authority is seeking to enter into a Framework Agreement with one provider to meet its requirements for the Provision of Dynamic Application Security Testing services SAAS. It is anticipated that the Framework Agreement will commence in H2 2019 and continue for a period of 1 years with an option to extend the Contract for a further 2 years. The Awarding Authority utilise a Dynamic Web Application Security Testing (DAST) Software as a Service (SaaS) solution to assess the security of their public facing web applications and networks. The successful supplier’s SaaS solution will perform DAST assessments on the public facing web applications and networks designated as in scope by An Post. Please note CREST certification is mandatory for penetration testing services with the successful supplier. The solution must encompass a Client Access Portal that provides the following: – View the list of in scope assets/network ranges – Schedule on-demand ad-hoc assessments – View results of security assessments – View technical details of findings such as requests/responses as they relate to the vulnerabilities where applicable – Retest individual findings or entire host/range – Automatically generate vulnerability reports (Technical/Executive), ability to also generate reports based on compliance requirements such as PCI-DSS – View trends for assets/network ranges – Ability to generate email alerts based on various criteria such as: Assessment started/completed, new vulnerability found, port opened, new host detected and so on – Multi Factor authentication support for administrative access to the portal – Client Access Platform must be hosted in the EEA Where reference is made to any brand name or proprietary product or service this is for reference purposes only and should be interpreted to be accompanied by the words, “or equivalent”. Any volumes contained in this notice are indicative only and the Awarding Authority reserves the right to change in accordance with ongoing operational requirements.
5. CPV Code(s): 72254100, 72800000
6. NUTS code(s): IE061
7. Main site or location of works, main place of delivery or main place of performance: Dublin.
8. Reference attributed by awarding authority: 1920
9. Estimated value of requirement: Not provided.
10. Response deadline 12.7.2019 (12:00).
11. Address to which they must be sent: For further information regarding the above contract notice please visit:
12. Other information: Please refer the website above for documentation