OFA-Framework agreement security testing.

The framework agreement is for security testing of infrastructure, applications, cloud services (IaaS, Paas, Saas etc.). Areas for security testing can be applications, cloud services, integrations, databases, infrastructure and system/source code. In addition there can be password testing, social manipulation, denial of service attack testing and security testing/revision of systems …

CPV: 72222300 Information technology services, 72000000 IT services: consulting, software development, Internet and support, 72200000 Software programming and consultancy services, 72220000 Systems and technical consultancy services, 72225000 System quality assurance assessment and review services, 72227000 Software integration consultancy services, 72228000 Hardware integration consultancy services, 72240000 Systems analysis and programming services, 72266000 Software consultancy services, 79417000 Safety consultancy services
Deadline:
Oct. 30, 2025, 11 a.m.
Deadline type:
Submitting a bid
Place of execution:
OFA-Framework agreement security testing.
Awarding body:
OFA IKS
Award number:
2025/14

1. Buyer

1.1 Buyer

Official name : OFA IKS
Legal type of the buyer : Body governed by public law, controlled by a local authority
Activity of the contracting authority : Public order and safety

2. Procedure

2.1 Procedure

Title : OFA-Framework agreement security testing.
Description : The framework agreement is for security testing of infrastructure, applications, cloud services (IaaS, Paas, Saas etc.). Areas for security testing can be applications, cloud services, integrations, databases, infrastructure and system/source code. In addition there can be password testing, social manipulation, denial of service attack testing and security testing/revision of systems purchased by sub-suppliers. The list is not exhaustive.
Procedure identifier : 79785020-bd79-49b7-9ed8-b24d9eecca36
Internal identifier : 2025/14
Type of procedure : Open
The procedure is accelerated : no

2.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72222300 Information technology services
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72200000 Software programming and consultancy services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72227000 Software integration consultancy services
Additional classification ( cpv ): 72228000 Hardware integration consultancy services
Additional classification ( cpv ): 72240000 Systems analysis and programming services
Additional classification ( cpv ): 72266000 Software consultancy services
Additional classification ( cpv ): 79417000 Safety consultancy services

2.1.2 Place of performance

Anywhere
Additional information : Agder County, Norway

2.1.3 Value

Estimated value excluding VAT : 8 000 000 Norwegian krone

2.1.4 General information

Additional information : The following Contracting Authorities participate in the agreement: ICT-Agder IKS DDV IKS Lillesand municipality Birkenes municipality Sirdal Municipality Kristiansand municipality
Legal basis :
Directive 2014/24/EU

2.1.6 Grounds for exclusion

Sources of grounds for exclusion : European Single Procurement Document (ESPD)

5. Lot

5.1 Lot technical ID : LOT-0000

Title : OFA-Framework agreement security testing.
Description : The framework agreement is for security testing of infrastructure, applications, cloud services (IaaS, Paas, Saas etc.). Areas for security testing can be applications, cloud services, integrations, databases, infrastructure and system/source code. In addition there can be password testing, social manipulation, denial of service attack testing and security testing/revision of systems purchased by sub-suppliers. The list is not exhaustive.
Internal identifier : 2025/14

5.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72222300 Information technology services
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support
Additional classification ( cpv ): 72200000 Software programming and consultancy services
Additional classification ( cpv ): 72220000 Systems and technical consultancy services
Additional classification ( cpv ): 72225000 System quality assurance assessment and review services
Additional classification ( cpv ): 72227000 Software integration consultancy services
Additional classification ( cpv ): 72228000 Hardware integration consultancy services
Additional classification ( cpv ): 72240000 Systems analysis and programming services
Additional classification ( cpv ): 72266000 Software consultancy services
Additional classification ( cpv ): 79417000 Safety consultancy services
Options :
Description of the options : The following contracting authorities have an option to join the contract: Agder county, Arendal municipality, Bygland municipality, Bykle municipality, Evje and Hornnes municipalities. Farsund municipality, Flekkefjord municipality, Froland municipality. Gjerstad municipality, Grimstad municipality, Hægebostad municipality Iveland municipality, Kvinesdal municipality Lindesnes municipality, Risør municipality, Tvedestrand municipality. Valle municipality, Vegårshei municipality, Vennesla municipality Åmli municipality, Åseral municipality

5.1.2 Place of performance

Anywhere
Additional information : Agder County, Norway

5.1.3 Estimated duration

Duration : 48 Month

5.1.5 Value

Estimated value excluding VAT : 8 000 000 Norwegian krone

5.1.6 General information

Reserved participation : Participation is not reserved.
Procurement Project not financed with EU Funds.
The procurement is covered by the Government Procurement Agreement (GPA) : yes
Additional information : The following Contracting Authorities participate in the agreement: ICT-Agder IKS DDV IKS Lillesand municipality Birkenes municipality Sirdal Municipality Kristiansand municipality

5.1.9 Selection criteria

Sources of selection criteria : Notice
Criterion : Other economic or financial requirements
Description : Tax Certificate Documentation requirement: The certificate must not be more than six months old. The certificate must not be more than six months from the deadline for receipt of tenders. The certificate can be obtained electronically from Altinn. See the Skatteetaten.no for further information. Foreign tenderers: Foreign tenderers must submit equivalent certificates from their own country that show that they have an arrangement for the payment of taxes and duties. If the authorities in the relevant country do not issue such certificates, the tenderer shall submit a statement which states that all taxes and duties have been paid. The declaration shall be approved and signed by the tenderer's Financial Director/ person responsible for Finance.
Criterion : Enrolment in a relevant professional register
Description : Demand: Tenderers shall be registered in a company register, professional register or a commerce register in the country where the tenderer is established. Documentation requirement: • Norwegian companies: Company Registration Certificate. • Foreign companies: Verification that the tenderer is registered in a company register, professional register or a commerce register in the country where the tenderer is established.
Criterion : Certificates by quality control institutes
Description : Quality assurance system Demand: Tenderers shall have implemented and functioning quality assurance systems. Documentation requirement: Description of the company's quality assurance system that is implemented in the company. If a tenderer is certified in accordance with ISO 9001 or equivalent third-party verified systems, it is sufficient to enclose a copy of a valid certificate.
Criterion : Financial ratio
Description : Economic and financial capacity Requirement: Tenderers shall have sufficient economic and financial capacity to fulfil the contract. The required financial capacity will be assessed in relation to the contract ́s value, services, risk and duration. Documentation requirement: The contracting authority will obtain a credit rating of the tenderer itself. The contracting authority reserves the right to obtain supplementary information about the tenderer's finances. Select: If a tenderer has a justifiable reason, they can document their economic and financial capacity by presenting other relevant documentation.

5.1.10 Award criteria

Criterion :
Type : Price
Name : Price
Description : Documentation: Completed Annex 5 The following volume figures will form the basis of the evaluation: • Senior consultant: 100 hours • Meet in DDV: 3 • Meet in ICT Agder: 6 • Meet Lillesand, Birkenes 3 • Meet in Kristiansand: 5
Category of award threshold criterion : Weight (percentage, exact)
Award criterion number : 30
Criterion :
Type : Quality
Name : Delivery
Description : Documentation: The contracting authority will evaluate the prepared methodology description and routines in requirements Annex 1 The contracting authority ́s requirement specifications, chapters 4, requirements 2 and 3. In addition, emphasis will be put on whether the tenderer has AN NBMS certification scheme for data interventions. Tenderers shall describe response time for normal assignments. Annex 2 can be used to gather the documentation.
Category of award threshold criterion : Weight (percentage, exact)
Award criterion number : 20
Criterion :
Type : Quality
Name : Competence and experience offered to key personnel
Description : Documentation: Completed Annex 1 a Template CV with requested information on the offered key personnel. The following points can be emphasised in the evaluation in: - Relevance of the reference assignments to the contracting authority ́s needs. - Certifications and their relevance for the contracting authority ́s needs. - Formal competence and its relevance for the contracting authority ́s needs. - Courses, post education etc. and the relevance of these for the contracting authority ́s needs. - Number of years of relevant experience - Number of offered consultants The contracting authority reserves the right to contact the contracting authority for each reference assignment in order to verify the content of the reference project. Contact information for the contracting authority is to be given on request.
Category of award threshold criterion : Weight (percentage, exact)
Award criterion number : 50

5.1.11 Procurement documents

5.1.12 Terms of procurement

Terms of submission :
Electronic submission : Required
Languages in which tenders or requests to participate may be submitted : Norwegian
Electronic catalogue : Not allowed
Variants : Not allowed
Tenderers may submit more than one tender : Not allowed
Deadline for receipt of tenders : 30/10/2025 11:00 +00:00
Deadline until which the tender must remain valid : 3 Month
Terms of contract :
The execution of the contract must be performed within the framework of sheltered employment programmes : No
Electronic invoicing : Required
Electronic ordering will be used : yes
Electronic payment will be used : yes

5.1.15 Techniques

Framework agreement :
Framework agreement, with reopening of competition
Maximum number of participants : 5
Information about the dynamic purchasing system :
No dynamic purchase system

5.1.16 Further information, mediation and review

Review organisation : Agder Tingrett
Information about review deadlines : See the Public Procurement Regulations §§ 25-2 and 25-3

8. Organisations

8.1 ORG-0001

Official name : OFA IKS
Registration number : 931832336
Department : OFA IKS
Postal address : Kjøita 40
Town : Kristiansand
Postcode : 4630
Country subdivision (NUTS) : Agder ( NO092 )
Country : Norway
Contact point : Bjarki Steinarsson.
Telephone : +47 98997537
Roles of this organisation :
Buyer
Central purchasing body acquiring supplies and/or services intended for other buyers
Central purchasing body awarding public contracts or concluding framework agreements for works, supplies or services intended for other buyers

8.1 ORG-0002

Official name : Agder Tingrett
Registration number : 926723480
Town : Kristiansand
Postcode : 4614
Country subdivision (NUTS) : Agder ( NO092 )
Country : Norway
Roles of this organisation :
Review organisation

Notice information

Notice identifier/version : b092b77c-e41f-4661-b5a6-5fd69f47dec1 - 01
Form type : Competition
Notice type : Contract or concession notice – standard regime
Notice dispatch date : 23/09/2025 10:06 +00:00
Notice dispatch date (eSender) : 23/09/2025 15:01 +00:00
Languages in which this notice is officially available : English
Notice publication number : 00627391-2025
OJ S issue number : 184/2025
Publication date : 25/09/2025