National portal for digital security

The Norwegian National Security Authority (NSM) is Norway ́s directorate for preventive safety. NSM makes up, together with the Intelligence Service and the Police Security Service (PST), Norway ́s three intelligence surveillance and security services. The directorate's main task is to improve Norway's ability to protect against snooping, sabotage, terror …

CPV: 48000000 Pacotes de software e sistemas de informação, 72000000 Serviços de TI: consultoria, desenvolvimento de software, Internet e apoio, 72420000 Serviços de desenvolvimento da Internet
Prazo:
26 de Maio de 2025 às 10:00
Tipo de prazo:
Submissão da oferta
Local de execução:
National portal for digital security
Local de premiação:
Nasjonal sikkerhetsmyndighet
Número do prémio:
25/00019

1. Buyer

1.1 Buyer

Official name : Nasjonal sikkerhetsmyndighet
Legal type of the buyer : Body governed by public law, controlled by a central government authority
Activity of the contracting authority : General public services

2. Procedure

2.1 Procedure

Title : National portal for digital security
Description : The Norwegian National Security Authority (NSM) is Norway ́s directorate for preventive safety. NSM makes up, together with the Intelligence Service and the Police Security Service (PST), Norway ́s three intelligence surveillance and security services. The directorate's main task is to improve Norway's ability to protect against snooping, sabotage, terror and compound threats. Through consultancy, control activities, inspections, testing and research, NSM contributes to ensuring civil and military information, systems, objects and infrastructure of importance to national security. NSM is responsible for a national warning system (VDI) that shall uncover and notify about cyber operations against digital infrastructure. NSM also has a national responsibility to coordinate the handling of serious cyber operations. The National Cyber Security Centre (NCSC) is a part of NSM. NSM is administratively subject to the Ministry of Justice and Emergency Services, at the same time that the Ministry of Defence has instructions to the NSM in cases of their area of responsibility. The Government will launch a national portal for digital security where advice from the authorities gather. The portal shall be a common gateway for different user groups, but designed so that everyone gets uniform advice suitable for their user group. This is without a prior knowledge of roles and responsibilities within the area. NSM shall manage and coordinate the work on the portal, in close cooperation with the relevant authorities and any other actors. Denmark, Australia and the United Kingdom have similar portals on digital security. Other public services that may be relevant to refer to that also share information from several authorities are norge.no and ung.no.The Digitalisation Council has previously shared recommendations for the project and the recommendations can be found here: National Security Authority: Authority Portal | Digdir Insight work beyond this will be shared with the tenderer during the execution of this assignment. See the nsm.no for general information advice and guidance from NSM on digital security. See also information in the National Cyber Security Centre - National Security Authority. NSM envisages a gradual development after flexible methodology, with the ambition of launching a first version, a so-called MVP (Minimum Viable Product), already in the summer/autumn of 2025.NSM envisages that the use of artificial intelligence (KI) and that a reporting service (warning to the authorities) will be part of the solution within one year.
Procedure identifier : e1063244-27c0-427d-aca8-1996b5d47356
Internal identifier : 25/00019
Type of procedure : Open
The procedure is accelerated : no
Justification for the accelerated procedure :
Main features of the procedure : NSM needs a tenderer who, in close cooperation with NSM, can develop a new national portal for digital security. The following will be the needs that shall be covered by deliveries under this agreement: The national portal for digital security shall be a gateway for each inhabitant, small and medium sized businesses, municipalities, owners of critical infrastructure and authorities so that everyone has uniform advice suitable for their target group, without a prerequisite knowledge of roles and responsibilities within the digital security area. The portal must be user oriented and user friendly. The portal shall be able to view content from several different sources and the user shall be able to click on themselves further and end up to the owner of the content. Publication in the portal shall be editor managed. The content shall be easily found by utilising search engine optimisation. The system shall allow users to notify the authorities through the portal. Notification to the authorities is not included in the first mvp, but the tenderer's concept must be described The portal shall comply with orders and recommendations on digitalisation of the public sector given in the government's digitalisation strategy and in the digitisation circularHosting of the solution is not a part of this agreement. Tenderers must maintain the development environment themselves, whilst the final product shall be coughed at NBMS hosting provider Redpill Linpro. Alternatively, the service provider must justify why another hosting provider is proposed. The solution should be movable (e.g. by being container based) and independent of underlying hosting environments in order to enable moving between hosting environments over the portal ́s lifetime. Each user shall be able to subscribe to and get notifications in accordance with stated interestsThe individual actors who publish on the authority portal must be able to notify with different degrees of importance and to selected user groupsThere shall be facilitated for the use of new technology in the system, e.g. the KI-assistant.KI-assist shall be able to train to only extract data from NSM specified domains. The aim of the KI assist is to enable the user to find the right information without any notable prior knowledge of the regulations in the government sector The supplier must have documented experience with working product orientes and flexible, and offer a team that has all the roles required to bring out a new product.  A description of the team and need for competence for both the first mvp development phase, but also the subsequent continual improvement phase of a product in production, must be described. Tenders shall include CVs for the consultants who are offered. Tenderers must be able to document the execution of similar assignments previously for Norwegian customers and have a methodology that can be reused in this assignment as they present in the tender offer. The assignments that are used as references shall have a gender neutral preferred at the customer. The supplier ́s recommended strategy for how the product shall tolerate technology changes in the next five years shall be included. The tenderer ́s draft of the plan with the launch of the first version in summer/autumn 2025, as well as proposals for continual improvements throughout 2025 shall be submitted with the tender. The tenderer ́s proposal for a system shall meet the requirements in the law and regulations on universal design. It must be arranged for the portal to show all content in all Norwegian official languages (Bokmål, Nynorsk and Sami). The system being developed shall be developed with built-in security and built-in privacy. Tenderers must belong to a country that Norway have a security cooperation with. The contract is for the development of the portal up until the first launch, as well as further development with prioritised functionality as determined together with NSM. The tenderer must also be able to take responsibility for administering the system in the period from launching to the end of the agreement period. The agreement period is one year. The cost of the first version is estimated by the tenderer, but the annual cost must not exceed NOK 2.2 million excluding VAT per annum for further development and management. The operation of the service will be carried out by NBMS ́s hosting provider and it is not included in this agreement. The assignment will run continuously within the time frame, but the volume of procurements in periods will follow the joint agreed plan. The tenderer ́s personnel will not be able to reckon on working on development assignments in the period from 1 July to 15 August or in the Christmas room.

2.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72420000 Internet development services
Additional classification ( cpv ): 48000000 Software package and information systems
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support

2.1.2 Place of performance

Country : Norway
Anywhere in the given country

2.1.3 Value

Estimated value excluding VAT : 2 200 000 Norwegian krone

2.1.4 General information

Legal basis :
Directive 2014/24/EU
Anskaffelsesforskriften - Parts I and III of the Public Procurement Regulations.
Anskaffelsesforskriften - In accordance with law

2.1.6 Grounds for exclusion

Sources of grounds for exclusion : Notice
Corruption : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a enforceable verdict has been convicted of corruption by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Corruption as defined in Article 3 of the Convention on Combating Corruption, Involving European Communities or European Union Member States (EUT C 195 of 25.6.1997, s. 1), and in Article 2, point 1, in the Council ́s framework decision 2003/568/RIA of 22 July 2003 on combating corruption in the private sector (EUT L 192 of 31.7.2003, p. 54). This rejection reason also includes corruption as defined in national law for the contracting authority or supplier.
Fraud : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, at the time a legally convicted of fraud has been convicted of fraud by a verdict handed down not more than five years ago, or a rejection period determined directly in the judgement that still applies? Fraud included in Article 1 of the Convention on protection of the Financial Interests of the European Communities (EFT C 316 of 27.11.1995, p. 48).
Money laundering or terrorist financing : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of money laundering or financing terrorism by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Money laundering or financing terrorism As defined in Article 1 of the European Parliament and Council Directive 2005/60/EF of 26 October 2005 on preventive measures against the use of the financial system for money laundering and financing terrorism (EUT L 309 of 25.11.2005, p. 15).
Participation in a criminal organisation : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, at the time a legally convicted verdict of participation in a criminal organisation by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Participation in a criminal organisation as defined in Article 2 of the Council ́s framework decision 2008/841/RIA of 24 October 2008 on control of organised crime (EUT L 300 of 11.11.2008, p. 42)
Terrorist offences or offences linked to terrorist activities : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body, or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of acts of terrorism or criminal acts connected to terrorist activities by a verdict handed down no more than five years ago, or a rejection period set out directly in the judgement that still applies? Acts of terrorism or criminal acts relating to terrorist activity as defined in Article 1 and 3 of the Council ́s framework decision 2002/475/RIA of 13 June 2002 on combating terrorism (EFT L 164, af 22.6.2002, p. 3). This rejection reason also includes incitement to, participation or attempts to commit such actions as included in Article 4 in the mentioned framework decision.
Child labour and including other forms of trafficking in human beings : Is the tenderer himself or a person, who is a member of the tenderer's administration, management or supervisory body or has the competence to represent or control or make decisions in such bodies, in the event a legal verdict has been convicted of child labour and other forms of human trafficking by a verdict handed down no more than five years ago, or a rejection period determined directly in the judgement that still applies? Child labour and other forms of human trafficking as defined in Article 2 of the European Parliament and council directive 2011/36/EU of 5. 1 April 2011 on the prevention and control of human trafficking and the protection of its victims and for compensation of the Council ́s framework decision 2002/629/RIA (EUT L 101 of 15.4.2011, p. 1).
Breaching obligation relating to payment of social security contributions : Have tenderers failed to fulfil all their social security obligations in the country where they are established and in their member state, if this is a different country than what he is established in?
Breaching obligation relating to payment of taxes : Has the tenderer not fulfilled his tax and duty obligations in the country in which he is established, and in the contracting authority's member state, if this is a different country than what he is established in?

5. Lot

5.1 Lot technical ID : LOT-0000

Title : National portal for digital security
Description : The Norwegian National Security Authority (NSM) is Norway ́s directorate for preventive safety. NSM makes up, together with the Intelligence Service and the Police Security Service (PST), Norway ́s three intelligence surveillance and security services. The directorate's main task is to improve Norway's ability to protect against snooping, sabotage, terror and compound threats. Through consultancy, control activities, inspections, testing and research, NSM contributes to ensuring civil and military information, systems, objects and infrastructure of importance to national security. NSM is responsible for a national warning system (VDI) that shall uncover and notify about cyber operations against digital infrastructure. NSM also has a national responsibility to coordinate the handling of serious cyber operations. The National Cyber Security Centre (NCSC) is a part of NSM. NSM is administratively subject to the Ministry of Justice and Emergency Services, at the same time that the Ministry of Defence has instructions to the NSM in cases of their area of responsibility. The Government will launch a national portal for digital security where advice from the authorities gather. The portal shall be a common gateway for different user groups, but designed so that everyone gets uniform advice suitable for their user group. This is without a prior knowledge of roles and responsibilities within the area. NSM shall manage and coordinate the work on the portal, in close cooperation with the relevant authorities and any other actors. Denmark, Australia and the United Kingdom have similar portals on digital security. Other public services that may be relevant to refer to that also share information from several authorities are norge.no and ung.no.The Digitalisation Council has previously shared recommendations for the project and the recommendations can be found here: National Security Authority: Authority Portal | Digdir Insight work beyond this will be shared with the tenderer during the execution of this assignment. See the nsm.no for general information advice and guidance from NSM on digital security. See also information in the National Cyber Security Centre - National Security Authority. NSM envisages a gradual development after flexible methodology, with the ambition of launching a first version, a so-called MVP (Minimum Viable Product), already in the summer/autumn of 2025.NSM envisages that the use of artificial intelligence (KI) and that a reporting service (warning to the authorities) will be part of the solution within one year.
Internal identifier : 25/00019

5.1.1 Purpose

Main nature of the contract : Services
Main classification ( cpv ): 72420000 Internet development services
Additional classification ( cpv ): 48000000 Software package and information systems
Additional classification ( cpv ): 72000000 IT services: consulting, software development, Internet and support

5.1.2 Place of performance

Country : Norway
Anywhere in the given country
Additional information :

5.1.3 Estimated duration

Duration : 12 Month

5.1.5 Value

Estimated value excluding VAT : 2 200 000 Norwegian krone

5.1.6 General information

Reserved participation : Participation is not reserved.
Procurement Project not financed with EU Funds.
The procurement is covered by the Government Procurement Agreement (GPA) : yes

5.1.9 Selection criteria

Sources of selection criteria : Notice
Criterion : Enrolment in a trade register
Description : Tenderers are registered in a company register or a trade register in the member state in which the tenderer is established. As described in annex XI of directive 2014/24/EU; suppliers from certain member states may have to fulfil other requirements in the mentioned annex.
Criterion : Financial ratio
Description : For financial key figures stated in the notice or in the procurement documents, the tenderer declares that the actual value(s) of the requested key figures are as follows: Minimum qualification requirements
Criterion : Supply chain management
Description : The tenderer will be able to use the following management of the supply chain and tracing systems for the execution of the contract: Minimum qualification requirements

5.1.11 Procurement documents

Deadline for requesting additional information : 23/05/2025 10:00 +00:00
Address of the procurement documents : https://permalink.mercell.com/256471656.aspx

5.1.12 Terms of procurement

Terms of submission :
Electronic submission : Required
Languages in which tenders or requests to participate may be submitted : Norwegian
Electronic catalogue : Not allowed
Variants : Not allowed
Deadline for receipt of tenders : 26/05/2025 10:00 +00:00
Deadline until which the tender must remain valid : 36 Day
Information about public opening :
Opening date : 26/05/2025 10:00 +00:00
Terms of contract :
The execution of the contract must be performed within the framework of sheltered employment programmes : No
Electronic invoicing : Allowed
Electronic ordering will be used : no
Electronic payment will be used : yes

5.1.15 Techniques

Framework agreement :
No framework agreement
Information about the dynamic purchasing system :
No dynamic purchase system

5.1.16 Further information, mediation and review

Review organisation : Oslo Tingrett -
Organisation providing more information on the review procedures : Nasjonal sikkerhetsmyndighet -
Organisation receiving requests to participate : Nasjonal sikkerhetsmyndighet -
Organisation processing tenders : Nasjonal sikkerhetsmyndighet -

8. Organisations

8.1 ORG-0001

Official name : Nasjonal sikkerhetsmyndighet
Registration number : 985165262
Postal address : Postboks 814
Town : Sandvika
Postcode : 1306
Country subdivision (NUTS) : Akershus ( NO084 )
Country : Norway
Contact point : Karin Elisabeth Berg-Pettersen
Telephone : 95297193
Internet address : http://www.nsm.stat.no/
Roles of this organisation :
Buyer
Organisation receiving requests to participate
Organisation processing tenders
Organisation providing more information on the review procedures

8.1 ORG-0002

Official name : Oslo Tingrett
Registration number : 926 725 939
Department : Oslo
Town : OSLO
Postcode : 0125
Country subdivision (NUTS) : Oslo ( NO081 )
Country : Norway
Roles of this organisation :
Review organisation

10. Change

Version of the previous notice to be changed : 224d961a-6227-45e4-a69c-96917817fc6e-01
Main reason for change : Information updated
Description : The tender deadline has been changed so that it corresponds to the tender documentation.

10.1 Change

Section identifier : PROCEDURE

10.1 Change

Section identifier : LOT-0000
Notice information
Notice identifier/version : f6ceaf5b-1fc1-48d8-9e46-df3921608718 - 01
Form type : Competition
Notice type : Contract or concession notice – standard regime
Notice dispatch date : 14/05/2025 10:08 +00:00
Notice dispatch date (eSender) : 14/05/2025 10:22 +00:00
Languages in which this notice is officially available : English
Notice publication number : 00313776-2025
OJ S issue number : 93/2025
Publication date : 15/05/2025