← Back to Tenders
Estonia18 days leftOpen

Information systems security testing

Tender Overview

LOCATION

, Estonia

VALUE

€12,660,000

DEADLINE

February 20, 2026 at 12:00

CATEGORY

Services

CPV CODE

72254100-1

REFERENCE

302364

Project Timeline

Contact Information

View Original

Original Tender Description

Hanke eesmärgiks on tellija poolt tellitavate, olemasolevate ja valitud süsteemide turvalisuse testimine OWASP (Open Web Application Security Project) ASVS (Application Security Verification Standard) ja MASVS (Mobile Application Security Verification Standard) (versioon 5.0.0 (või juhul, kui sõlmitava raamlepingu kehtivuse perioodil peaks eksisteerima uuem versioon, siis uuemale) tasemetele 2 ja 3.
⚠️

MANDATORY EXCLUSION GROUNDS

  • The bidder must not have performed IT development work for the contracting authorities (Estonian Information System Authority, State Information and Communication Foundation, Centre of Registers and Information Systems, Centre of Health and Welfare Information Systems) in the last 2 years.
  • Absence of conflict of interest must be confirmed.

ELIGIBILITY REQUIREMENTS

  • The bidder must submit a European Single Procurement Document (ESPD).
  • The bidder must provide a team of at least 9 members, including 1 project manager and 8 testers.
  • The project manager must have Estonian language proficiency at least at B1 level.
  • Team members' CVs must demonstrate required experience, certificates, and language skills.
  • The bidder must confirm compliance with all tender conditions.
🔧

TECHNICAL CAPABILITY REQUIREMENTS

  • Services must include information system security testing according to OWASP ASVS (level 2 and 3) and MASVS standards.
  • Services must include methodical assessment of all security flaws.
  • Services must include submission of detailed test reports with solution recommendations.
  • The bidder must demonstrate the ability to find high-quality security vulnerabilities through a trial work.
  • The trial work report must be complete and include additional findings.
💰

FINANCIAL REQUIREMENTS

  • The security testing hourly rate will be evaluated, contributing 30% to the overall score.
  • The maximum total value for the State Information and Communication Foundation's framework agreement is 2 million EUR over 48 months.
  • The estimated contract value for the overall tender is 12,660,000.0 EUR.
📋

SUBMISSION REQUIREMENTS

  • Bids must be submitted electronically.
  • All submitted documents must be in Estonian or include an Estonian translation.
  • The bidder must submit a completed European Single Procurement Document (ESPD).
  • The bidder must submit a signed Confidentiality Declaration.
  • The bidder must submit CVs for all proposed team members (1 project manager, 8 testers) using the provided CV form.
  • The bidder must submit data of authorized persons.
  • If bidding jointly, a Power of Attorney for joint bidders must be submitted, confirming solidary responsibility.
  • The bidder must perform a trial work within a specified time.
  • The bidder must submit an encrypted report for the trial work, adhering to OWASP ASVS rules.
  • The trial work report must be complete and include additional findings for evaluation.
  • The bidder must submit their security testing hourly rate.

Requirements Preview

Sign up to view complete requirements and analysis

AI-powered requirement analysis
Complete compliance breakdown
Strategic bidding insights
Instant eligibility check

No credit card required • Setup in 2 minutes

PDF
Vastavustingimused
CV302364_vastavustingimused.pdf39.0 KB
Summary:
This document outlines bid submission conditions, requiring bidders to confirm compliance, absence of conflict of interest, team composition (including CVs), provide data on authorized persons, and attach a power of attorney for joint bids.
DOC
CV vorm
CVCV-vorm.docx29.0 KB
Summary:
This CV form is intended for tenderers to present the experience, certifications, and language skills of their team members (project manager, tester) to demonstrate compliance with the team requirements specified in the procurement documents.
PDF
Hindamiskriteeriumid ja hinnatavad näitajad
Hindamiskriteeriumid302364_hindamiskriteeriumid.pdf14.7 KB
Summary:
This document outlines the evaluation criteria for information system security testing bids, where the completeness and additional findings of a trial work report account for 70% and the hourly rate for security testing accounts for 30% of the score.
PDF
Hankepass täiendatavate selgitustega
Kvalifikatsiooninõuded302364_hankepass_taiendavate_selgitusteg...63.9 KB
Summary:
This document serves as an explanatory guide for the European Single Procurement Document (ESPD), detailing the qualification requirements and information expected from companies for the information system security testing tender.
DOC
Hindamismetoodika
HindamiskriteeriumidHindamismetoodika.docx25.2 KB
Summary:
This document details the tender evaluation methodology, focusing on the completeness of the trial work report and additional findings, explaining the scoring system and criteria for assessing the quality of security vulnerability discoveries.
DOC
Konfidentsiaalsusdeklaratsioon
VastavusdeklaratsioonKonfidentsiaalsusdeklaratsioon.docx19.0 KB
Summary:
This confidentiality declaration is a mandatory document where the bidder acknowledges and undertakes obligations regarding the use of confidential information disclosed for participating in and submitting a bid for the "Information System Security Testing" public procurement.
DOC
Nõuded meeskonnale
CVNõuded meeskonnale.docx28.0 KB
Summary:
Bidders must propose a team of at least 9 members (1 project manager, 8 testers) with specified language skills (Estonian B1 for PM, Estonian/English for others) and adhere to CV submission guidelines, while also ensuring no prior IT development work for the contracting authority within the last two years.
DOC
Piiratud hankemenetlused - lisateave pakkujale
Hanke TingimusedPiiratud hankemenetlused - lisateave pak...28.5 KB
Summary:
This document provides additional information on the restricted procurement procedure, detailing the joint contracting authorities (RIA, RIT, RIK, TEHIK) and conditions for submitting applications, including electronic submission and the requirement for Estonian translations.
DOC
Proovitöö
Tehnilised SpetsifikatsioonidProovitöö.docx23.1 KB
Summary:
This document outlines the organization and task of a trial work for information system security testing, requiring bidders to identify security vulnerabilities in a test system within a specified timeframe and submit an encrypted report according to OWASP ASVS rules.
DOC
RIA raam- ja hankelepingu projekt
Lepingu MallRaam- ja hankelepingu projekt - ühe pakk...63.1 KB
Summary:
This document is a draft framework and procurement contract prepared by the Estonian Information System Authority for ordering information system security testing services, defining contract terms, validity, and maximum cost.
DOC
RIT raam- ja hankelepingu projekt
Lepingu MallRIT raam- ja hankelepingu projekt.docx50.3 KB
Summary:
This document is a draft framework agreement for ordering information system security testing services over 48 months with a maximum total value of 2 million euros, outlining conditions for placing orders and involving subcontractors.
DOC
RmITi raam- ja hankelepingu projekt
Lepingu MallRmITi raam- ja hankelepingu projekt.docx63.2 KB
Summary:
This document is a draft framework agreement for information system security testing, outlining the contract terms, duration, and procedures for concluding specific procurement contracts resulting from the tender "Information System Security Testing".
DOC
Lisa 3 - Tehniline kirjeldus
Tehnilised SpetsifikatsioonidTehniline kirjeldus.docx15.4 KB
Summary:
The tender aims to conduct security testing of information systems according to OWASP ASVS (levels 2 & 3) and MASVS standards, involving methodical assessment of all potential security flaws and submission of detailed test reports with recommended solutions.
DOC
Ühispakkujate volikiri
VolikiriÜhispakkujate volikiri.docx12.7 KB
Summary:
This power of attorney grants one joint bidder the right to represent another joint bidder in the public procurement "Testing of Information Systems Security", confirming the joint bidders' solidary liability for the performance of the framework agreement and procurement contracts.

Documents Preview

Sign up to view document summaries and analysis

AI document summaries
Key requirement extraction
Risk & compliance alerts
Strategic document insights

No credit card required • Setup in 2 minutes

79
Good

Tender Quality Score

This tender for information system security testing is well-structured and highly clear, with comprehensive documentation and robust evaluation criteria. However, restrictive eligibility requirements and a lack of explicit sustainability focus present areas for improvement.

Score Breakdown

Legal Compliance90/100

The tender demonstrates strong legal compliance with reasonable submission deadlines, a clearly defined procedure, and appropriate CPV codes. Mandatory disclosure requirements are met, and there are no reported disputes. The exclusion ground, while restrictive, is often a justified measure for conflict of interest in security testing.

Clarity95/100

The tender is exceptionally clear, with a precise description of services, well-documented requirements, and transparent evaluation criteria. The technical specifications and trial work details are unambiguous, ensuring bidders understand expectations.

Completeness80/100

Most essential information, including title, reference, organization, value, and deadlines, is comprehensively provided. Detailed requirements and evaluation criteria are well-defined across numerous documents. The NUTS code is missing, and the overall framework duration for the total estimated value could be more explicitly consolidated.

Missing NUTS code
Overall framework duration for total estimated value could be more explicitly consolidated
Fairness60/100

While the tender offers full document access, discloses value, and uses objective evaluation criteria, the mandatory exclusion ground (no IT development work for specific CAs in the last 2 years) and the requirement for a large team (9 members) significantly restrict the pool of eligible bidders. This could limit competition, even if justified by conflict of interest concerns.

Mandatory exclusion ground significantly restricts bidder pool
Large minimum team size may disadvantage smaller firms
Practicality75/100

The tender supports electronic submission and e-procurement, enhancing accessibility. Financing information is available. However, a specific overall contract start date is not provided, and the consolidated duration for the entire 12.66M EUR framework could be clearer. Document URLs are implied rather than explicitly stated.

Specific overall contract start date not provided
Consolidated duration for entire framework could be clearer
Data Consistency90/100

The tender exhibits good data consistency, with key fields largely populated and logical dates. There are no reported suspensions or disputes. The automated flag regarding missing evaluation criteria is inaccurate, as these are clearly defined in the tender documents.

Missing NUTS code (minor)
Sustainability40/100

The tender lacks explicit criteria for green procurement, social aspects, or innovation focus. While the requirement to adhere to current OWASP standards (v5.0.0 or newer) implies a degree of keeping up with industry best practices, it does not constitute a strong sustainability or innovation focus. The tender is not indicated as EU funded.

No explicit green procurement criteria
No explicit social criteria

Strengths

Highly clear and detailed technical specifications and evaluation criteria.
Comprehensive documentation supporting all aspects of the tender.
Strong legal compliance with reasonable deadlines and transparent procedures.
Electronic submission and e-procurement enabled for accessibility.
Objective and practical trial work as a primary evaluation method.

Concerns

Mandatory exclusion ground significantly restricts bidder pool.
Large minimum team size may disadvantage smaller, specialized firms.
Lack of explicit sustainability, social, or innovation criteria.
Missing NUTS code and consolidated overall framework duration.
Trial work requirement demands significant upfront effort from bidders.

Recommendations

1. Re-evaluate the mandatory exclusion ground to ensure it is proportionate and does not unduly limit competition, potentially allowing for mitigation measures.
2. Consider incorporating explicit sustainability, social, or innovation criteria to align with modern procurement best practices.
3. Provide a single, clear overall duration for the entire framework agreement and ensure all location details (NUTS code) are included.

AI Scoring Preview

Sign up to view complete requirements and analysis

Complete quality score analysis
Detailed sub-score breakdown
Strengths & concerns insights
Strategic recommendations

No credit card required • Setup in 2 minutes

Generate DocumentsReview Documents
B
Tender Quality Score
79/ 100 · Good

Tender Assistant

Ask me anything about this tender

Tender Assistant

Hello! I'm your AI assistant for this tender. I can help you understand requirements, deadlines, eligibility criteria, and provide strategic insights.

What are the main requirements?
When is the deadline?
Who is eligible to bid?

No credit card required

Setup in 2 minutes

Save with Notes