Prequalification - Procurement of security monitoring services (SOC)

Digdir is seeking a provider of security monitoring services that can assist in detecting and preventing malicious activity connected to Altinn 3 (Hereafter referred to as "External SOC"). Digdir aims to enter into a SSA-L (Contract for ongoing service procurements) for 3 years and an option for an extension for …

CPV: 72212730 Udvikling af sikkerhedsprogrammel, 48732000 Datasikkerhedsprogrampakke, 72000000 It-tjenester: rådgivning, programmeludvikling, internet og support, 72200000 Programmering af software og konsulentvirksomhed, 72212731 Udvikling af filsikkerhedsprogrammel, 72212732 Udvikling af datasikkerhedsprogrammel, 72220000 Konsulentvirksomhed i forbindelse med systemer og teknik, 72221000 Konsulentvirksomhed i forbindelse med forretningsanalyser, 72222000 Strategisk gennemgang og planlægning af informationssystemer eller -teknologi, 72223000 Gennemgang af behov for informationsteknologi, 72224000 Konsulentvirksomhed i forbindelse med projektstyring, 72224200 Planlægning af kvalitetssikring af systemer, 72225000 Vurdering og gennemgang af systemkvalitetssikring, 79417000 Sikkerhedsrådgivning, 79714000 Overvågningstjenester
Henrettelsessted:
Prequalification - Procurement of security monitoring services (SOC)
Tildelende organ:
Digitaliseringsdirektoratet
Tildelingsnummer:
2025/2170

1. Buyer

1.1 Buyer

Official name : Digitaliseringsdirektoratet
Legal type of the buyer : Public undertaking
Activity of the contracting authority : General public services

2. Procedure

2.1 Procedure

Title : Prequalification - Procurement of security monitoring services (SOC)
Description : Digdir is seeking a provider of security monitoring services that can assist in detecting and preventing malicious activity connected to Altinn 3 (Hereafter referred to as "External SOC"). Digdir aims to enter into a SSA-L (Contract for ongoing service procurements) for 3 years and an option for an extension for up to 2 years. The estimated contract value is NOK 16,000,000. excluding VAT over a period of four years. The estimated value does not give any purchasing obligations.
Procedure identifier : 9a5cdb0a-bd22-4e64-b41b-0950056573fa
Internal identifier : 2025/2170
Type of procedure : Negotiated with prior publication of a call for competition / competitive with negotiation
The procedure is accelerated : no
Main features of the procedure : External SOC includes: 24 hour security monitoring: Tenderers shall supplement our internal team by offering a 24/7/365 duty scheme on monitoring and support for incident handling.   Detection and analysis of threats: Tenderers shall strengthen detection capability by identifying attacks, including sophisticated attacks by high-capacity threat actors, by combining advanced analysis methods, including machine learning, anomalies, and using global and local threat information. In addition tenderers shall engage in active threat hunting in order to uncover hidden or advanced threats that are not caught by traditional detection mechanisms. The tenderer will, in cooperation with the Contracting Authority ́s technical personnel, define the extent of the data sources and log collection for monitoring Altinn 3.    Response: Tenderers shall establish and maintain automations for quick and precise identification and management of threats and security incidents.  Threat Information: Tenderers shall collect and correlate threat information from internal and external data sources, for the purpose of creating the data basis that is used to identify threats in logs and the accompanying suspicious activity in the Contracting Authority ́s platform.   Consultancy services: The tenderer must be able to support the Customer with consultancy services within areas related to the service.   External SOC shall give the Customer insight into security events and threats, control over rules, alarms and automations, as well as an option for self-analysis and testing of alarms and events. The Customer ́s technical resources will be responsible for following-up and developing monitoring, alarms and security logic in Azure. This requires that the system and the cooperation facilitate insight, control and interaction with the Contracting Authority ́s internal team. The contract also includes options for continual vulnerability monitoring and a response agreement for event handling. See the attached Government Standard Terms and Conditions (SSA-L) with annexes for further information.

2.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72212730 Security software development services
Additional classification ( cpv ): 48732000 Data security software package
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72200000 Software programming and consultancy services
Additional classification ( cpv ): 72212731 File security software development services
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72221000 Business analysis consultancy services
Additional classification ( cpv ): 72222000 Information systems or technology strategic review and planning services
Additional classification ( cpv ): 72223000 Information technology requirements review services
Additional classification ( cpv ): 72224000 Project management consultancy services
Additional classification ( cpv ): 72224200 System quality assurance planning services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 79417000 Safety consultancy services
Additional classification ( cpv ): 79714000 Surveillance services

2.1.2 Place of performance

Country : Norway
Anywhere in the given country

2.1.2 Place of performance

Country : Norway
Anywhere in the given country

2.1.3 Value

Estimated value excluding VAT : 16 000 000 Norwegian krone

2.1.4 General information

Legal basis :
Directive 2014/24/EU
Anskaffelsesforskriften - The aim of the new contract is to cover Digdir's need for a security monitoring service provider who can assist with detecting and preventing malicious activity connected to Altinn 3. Digdir shall enter into an ongoing contract that shall be valid for 3 years and an option for an extension for up to 2 years. The total value of the procurement is estimated to be up to NOK 16,000,000 excluding VAT.

2.1.6 Grounds for exclusion

Sources of grounds for exclusion : Notice
Corruption : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a enforceable verdict has been convicted of corruption by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Corruption as defined in Article 3 of the Convention on Combating Corruption, Involving European Communities or European Union Member States (EUT C 195 of 25.6.1997, s. 1), and in Article 2, point 1, in the Council ́s framework decision 2003/568/RIA of 22 July 2003 on combating corruption in the private sector (EUT L 192 of 31.7.2003, p. 54). This rejection reason also includes corruption as defined in national law for the contracting authority or supplier.
Fraud : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, at the time a legally convicted of fraud has been convicted of fraud by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Fraud included in Article 1 of the Convention on protection of the Financial Interests of the European Communities (EFT C 316 of 27.11.1995, p. 48).
Money laundering or terrorist financing : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of money laundering or financing terrorism by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Money laundering or financing terrorism As defined in Article 1 of the European Parliament and Council Directive 2005/60/EF of 26 October 2005 on preventive measures against the use of the financial system for money laundering and financing terrorism (EUT L 309 of 25.11.2005, p. 15).
Participation in a criminal organisation : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, at the time a legally convicted verdict of participation in a criminal organisation by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Participation in a criminal organisation as defined in Article 2 of the Council ́s framework decision 2008/841/RIA of 24 October 2008 on control of organised crime (EUT L 300 of 11.11.2008, p. 42)
Terrorist offences or offences linked to terrorist activities : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body, or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of acts of terrorism or criminal acts connected to terrorist activities by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Acts of terrorism or criminal acts relating to terrorist activity as defined in Article 1 and 3 of the Council ́s framework decision 2002/475/RIA of 13 June 2002 on combating terrorism (EFT L 164, af 22.6.2002, p. 3). This rejection reason also includes incitement to, participation or attempts to commit such actions as included in Article 4 in the mentioned framework decision.
Child labour and including other forms of trafficking in human beings : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of child labour and other forms of human trafficking by a verdict handed down no more than five years ago, or a rejection period determined directly in the judgement that still applies? Child labour and other forms of human trafficking as defined in Article 2 of the European Parliament and council directive 2011/36/EU of 5. 1 April 2011 on the prevention and control of human trafficking and the protection of its victims and for compensation of the Council ́s framework decision 2002/629/RIA (EUT L 101 of 15.4.2011, p. 1).
Breaching of obligations in the fields of environmental law : Is the tenderer aware of breaches of environmental provisions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.
Breaching of obligations in the fields of labour law : Is the tenderer aware of breaches of provisions on working conditions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.
Breaching of obligations in the fields of social law : Is the tenderer aware of breaches of provisions on social conditions as stated in national law, the relevant notice or procurement documents or Article 18 (2) of Directive 2014/24/EU.
Agreements with other economic operators aimed at distorting competition : Has the tenderer entered into agreement(s) with other tenderers with the intention of turning the competition?
Grave professional misconduct : Has the tenderer committed serious errors in professional practice? If relevant, see the definitions in national law, the relevant notice or procurement documents.
Misrepresentation, withheld information, unable to provide required documents and obtained confidential information of this procedure : Have the tenderer:a) given grossly incorrect information when notifying the information required to verify that there is no basis for rejection, or of the qualification requirements being met,b) failed to provide such information,c) subject to immediately submitting the supporting documents requested by the Contracting Authority, ord) improperly affecting the Contracting Authority's decision process to acquire confidential information that could give this an unlawful advantage in connection with competition, or negligently has given misleading information that can have a significant influence on decisions on rejection, selection or award?
Conflict of interest due to its participation in the procurement procedure : Are tenderers aware of a conflict of interest as stated in national law, the relevant notice or procurement documents?
Direct or indirect involvement in the preparation of this procurement procedure : Has the tenderer or an entity associated with the supplier advised the contracting authority or in another way been involved in the planning of the competition?
Early termination, damages, or other comparable sanctions : Has the tenderer committed significant breaches of contract in connection with the fulfilment of a previous public contract, a previous contract with a public contracting authority or a previous concession contract, where the breach has led to the cancellation of the contract, compensation or other similar sanctions?
Breaching of obligations set under purely national exclusion grounds : The contracting authority shall state that in Norway there are national rejection reasons. These shall be described in the procurement documents. Tenderers must respond to whether they are in one or more of the situations described in the national rejection reasons. Will the purely national rejection reasons, as stated in the relevant notice or in the procurement documents, apply?
Breaching obligation relating to payment of social security contributions : Have tenderers failed to fulfil all their social security obligations in the country where they are established and in their member state, if this is a different country than what he is established in?
Breaching obligation relating to payment of taxes : Has the tenderer not fulfilled his tax and duty obligations in the country in which he is established, and in the contracting authority's member state, if this is a different country than what he is established in?
Business activities are suspended : Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.
Bankruptcy : Is the tenderer in a bankruptcy situation? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.
Arrangement with creditors : Is the supplier in a situation where he has been forced debt arrangement? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.
Insolvency : Is the tenderer in an insolvency situation? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.
Assets being administered by liquidator : Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.
Analogous situation like bankruptcy, insolvency or arrangement with creditors under national law : Is the supplier in a situation where he has been forced debt arrangement? Specify why, under the mentioned circumstances, one is able to carry out the contract, considering the current national provisions and measures for continuing the business activities? It is not necessary to provide this information if rejection of tenderers made mandatory in accordance with the current national law without the possibility for exceptions.

5. Lot

5.1 Lot technical ID : LOT-0000

Title : Prequalification - Procurement of security monitoring services (SOC)
Description : Digdir is seeking a provider of security monitoring services that can assist in detecting and preventing malicious activity connected to Altinn 3 (Hereafter referred to as "External SOC"). Digdir aims to enter into a SSA-L (Contract for ongoing service procurements) for 3 years and an option for an extension for up to 2 years. The estimated contract value is NOK 16,000,000. excluding VAT over a period of four years. The estimated value does not give any purchasing obligations.
Internal identifier : 2025/2170

5.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72212730 Security software development services
Additional classification ( cpv ): 48732000 Data security software package
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72200000 Software programming and consultancy services
Additional classification ( cpv ): 72212731 File security software development services
Additional classification ( cpv ): 72212732 Data security software development services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72221000 Business analysis consultancy services
Additional classification ( cpv ): 72222000 Information systems or technology strategic review and planning services
Additional classification ( cpv ): 72223000 Information technology requirements review services
Additional classification ( cpv ): 72224000 Project management consultancy services
Additional classification ( cpv ): 72224200 System quality assurance planning services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 79417000 Safety consultancy services
Additional classification ( cpv ): 79714000 Surveillance services

5.1.2 Place of performance

Country : Norway
Anywhere in the given country
Additional information :

5.1.2 Place of performance

Country : Norway
Anywhere in the given country
Additional information :

5.1.3 Estimated duration

Duration : 60 Month

5.1.5 Value

Estimated value excluding VAT : 16 000 000 Norwegian krone

5.1.6 General information

Reserved participation : Participation is not reserved.
Procurement Project not financed with EU Funds.
The procurement is covered by the Government Procurement Agreement (GPA) : no
Information about previous notices :
Identifier of the previous notice : 150177-2025

5.1.7 Strategic procurement

5.1.9 Selection criteria

Sources of selection criteria : Notice
Criterion : Enrolment in a trade register
Description : Tenderers are registered in a company register or a trade register in the member state in which the tenderer is established. As described in annex XI of directive 2014/24/EU; suppliers from certain member states may have to fulfil other requirements in the mentioned annex. Minimum qualification requirements Documentation requirement: Tenderers shall be a legally established company. Norwegian companies shall enclose a company registration certificate. Foreign companies: Verification that the company is registered in a trade register, company register, professional register or a commerce register as prescribed by the law of the country where the tenderer is established.
Criterion : Other economic or financial requirements
Description : The tenderer does not have significant arrears: Requirement: The tenderer does not have significant arrears in connection with payment of taxes, VAT and social security contributions. Documentation requirement: Norwegian tenderers: Tax and VAT certificate from the tax authorities. Not older than 6 months calculated from the deadline for requests to participate in the competition. The contracting authority will obtain a certificate via e Proof if a licence is given. If a tenderer does not give consent to the use of an e-Certificate on tax certificates, the documentation must be submitted manually by the tenderer. Foreign tenderers must provide certificates from authorities equivalent to the Norwegian authorities.
Criterion : Other economic or financial requirements
Description : Economic and financial qualifications: Requirement: The tenderer shall have sufficient financial strength to be able to fulfil the contract. Documentation requirement: The tenderer (i.e. the tenderer) shall enclose a credit rating from a certified credit institution/company. The credit report shall be based on the last known accounting figures. The credit assessment shall include a so-called rating (credit rating, part judgement and historical rating). The credit rating shall not be lower than score A (credit worthy) or equivalent if a different rating is used (assessment of figures). Tenderers with a rating lower than A or equivalent (i.e. not credit worthy or credit worthy with security) will not be considered. Newly established tenderers shall not be worse than AN (creditworthy newly established companies) or equivalent if a different rating is used (number rating).
Criterion : Relevant educational and professional qualifications
Description : Requirement: The tenderer shall have relevant competence and the capacity to carry out the service. The entity is required, in total, to have provided such services for at least 3 years. Documentation requirement: A short, overall description shall be given of the company (maximum three pages), including: - The company's core competence related to the service - Possibly implementation methodology and certifications - The company's experience with different technologies and tools for security monitoring services - The organisation of the company - how the tenderer is organised for the execution of this agreement, including a description of which parts of the assignment shall be taken care of by sub-suppliers - How the tenderer will ensure good capacity for the execution of this contract - Confirmation that the company has been carrying out such services for at least three years If the tenderer is newly established, the experience requirement can be fulfilled by one or several employees at the tenderer.
The criteria will be used to select the candidates to be invited for the second stage of the procedure
Criterion : Supply chain management
Description : Requirement: Tenderers shall not have ownership interests from actors who are deemed to have malicious intentions or who can pose a security risk. This includes, but is not limited to, ownership of countries or entities subject to international sanctions or that have a history of unethical or illegal activity. Documentation requirement: Tenderers shall document the ownership structure, including the identity of all significant owners, as well as confirming that there are no ownership interests from actors who are deemed to have malicious intentions or that could pose a security risk.
Criterion : Relevant educational and professional qualifications
Description : Requirement: The tenderer shall have experience from similar services. Documentation requirement: A short description of three of the tenderer's most relevant contracts in the course of the last three years. Tenderers shall highlight their competence and experience and it shall, among other things, be stated: - Contact information for reference persons - Choice of technology - Choice of implementation method - Size of the assignment and the period in which the tenderer has had the roles in the assignment It is the tenderer ́s responsibility to document relevance through the description. The contracting authority reserves the right to contact the references in order to verify the information.
The criteria will be used to select the candidates to be invited for the second stage of the procedure
Information about the second stage of a two-stage procedure :
Minimum number of candidates to be invited for the second stage of the procedure : 3
Maximum number of candidates to be invited for the second stage of the procedure : 7
The procedure will take place in successive stages. At each stage, some participants may be eliminated
The buyer reserves the right to award the contract on the basis of the initial tenders without any further negotiations

5.1.11 Procurement documents

Languages in which the procurement documents are officially available : Norwegian
Address of the procurement documents : https://permalink.mercell.com/261316374.aspx

5.1.12 Terms of procurement

Terms of submission :
Electronic submission : Required
Languages in which tenders or requests to participate may be submitted : Norwegian
Electronic catalogue : Not allowed
Advanced or qualified electronic signature or seal (as defined in Regulation (EU) No 910/2014) is required
Variants : Not allowed
Deadline for receipt of requests to participate : 16/09/2025 10:00 +00:00
Terms of contract :
The execution of the contract must be performed within the framework of sheltered employment programmes : No
Electronic invoicing : Required
Electronic ordering will be used : no
Electronic payment will be used : no

5.1.15 Techniques

Framework agreement :
No framework agreement
Information about the dynamic purchasing system :
No dynamic purchase system

5.1.16 Further information, mediation and review

Review organisation : Oslo tingrett
Information about review deadlines : Ten day waiting period.

8. Organisations

8.1 ORG-0001

Official name : Digitaliseringsdirektoratet
Registration number : 991825827
Postal address : Postboks 1382 Vika
Town : Oslo
Postcode : 0114
Country subdivision (NUTS) : Oslo ( NO081 )
Country : Norway
Contact point : Geir-Kristian Slydahl
Telephone : +47 22451000
Internet address : http://www.digdir.no
Roles of this organisation :
Buyer

8.1 ORG-0002

Official name : Oslo tingrett
Registration number : 926725939
Town : Oslo
Postcode : 0125
Country subdivision (NUTS) : Oslo ( NO081 )
Country : Norway
Telephone : 22035200
Roles of this organisation :
Review organisation

Notice information

Notice identifier/version : c16c10dc-df15-4ac4-b17a-4da6b0e37bc4 - 01
Form type : Competition
Notice type : Contract or concession notice – standard regime
Notice dispatch date : 12/08/2025 10:46 +00:00
Notice dispatch date (eSender) : 12/08/2025 11:10 +00:00
Languages in which this notice is officially available : English
Notice publication number : 00529542-2025
OJ S issue number : 154/2025
Publication date : 13/08/2025