Annex 13

advertisement
Annex 13 - Award criteria questionnaire
Under section 2.4.1 Overall methodology and management (max. 60 points)
Compliance Comments, references to the section of the
(Please
offer
Criterion
answer
yes/no)
Criterion a) Overall organisation and infrastructure (20 points – minimum threshold
12 points)
1. The organisational structure
that the tenderer intends to put
in place to implement the
required services (see section
Provide here the reference(s) to the relevant section in
"Error! Reference source not
the offer.
found. Error! Reference
source not found." of these
tender
specifications)
supported by a single structure
chart (i.e. in case of a group of
tenderers, one single chart for
Yes/no
the consortium as a whole)
including the description of
functions,
roles,
responsibilities and lines of
reporting, location of each
service as well as managing
accidental or long term
absences by any member of the
team.
2. A description of the
relationships
between
the
various functional departments
of the tenderer; or in the case
of a consortium, a description
of the governance of the
Provide here the reference(s) to the relevant section in
consortium, including the
Yes/no the offer.
allocation of roles between
consortium members and the
escalation model should a
problem arise;
3. A description of the
interaction model with the
Commission and the other
contractor of the Commission
providing service desk services
as the 2nd level support
Yes/no
Provide here the reference(s) to the relevant section in
the offer.
1
4. A description of the human
resources
management
at
project level, and in particular,
the integration of any new staff
members into the project team;
5. A description of the
mechanism to ensure that the
project
team
follows
a
continuous training path to
acquire the knowledge of the
latest security threats and
vulnerabilities linked with
software development;
6. A description of the
contractor's internal knowledge
management system enabling
staff working under this
contract to properly distribute
the acquired know-how and
ensure
a
continuous
improvement process
7. A description of the
infrastructure
and
tools,
deployed/hosted/managed
at
the tenderer's premises, that the
tenderer proposes to use;
Criterion
Yes/no
Provide here the reference(s) to the relevant section in
the offer.
Yes/no
Provide here the reference(s) to the relevant section in
the offer.
Yes/no
Provide here the reference(s) to the relevant section in
the offer.
Provide here the reference(s) to the relevant section in
the offer.
Yes/no
Compliance Comments, references to the section of the
(Please
offer
answer
yes/no)
Criterion b): Organisational and technical security measures to be put in
place (10 points – minimum threshold 6 points)
1. Physical security - all
controls defined in chapter 11
Physical security of ISO
27002:2013,
2. Logical document security
(esp. of the development
environment and handling of
sensitive information) - all
controls defined in chapter 8
Asset Management of ISO
27002:2013.
Yes/no
Provide here the reference(s) to the relevant section in the
offer.
Yes/no
Provide here the reference(s) to the relevant section in the
offer.
2
Compliance Comments, references to the section of the
(Please
offer
answer
yes/no)
Criterion
Criterion c):
Security measures during the development phase (20
points – minimum threshold 12 points)
1.To ensure the independence
of the entity that will be in
charge of the verification of
the Union Registry web
application in accordance with
the
OWASP
Application
Security Verification Standard
– version 3.0 dated October
2015 considering that:
•
a level 3 verification is
requested;
•
verification cannot be
performed by the same
persons that take part into the
development of the application
to be verified.
2. To ensure the remediation
of the security issues in
accordance
with
the
remediation flaws document
provided in annex (see Annex
12), as an adaptation of the
ALC_FLR component as
standardized in the ISO 15408
Common
criteria
v3.2
standard).
Provide here the reference(s) to the relevant section in the
offer.
Yes/no
Provide here the reference(s) to the relevant section in the
offer.
Compliance
(Please
answer
yes/no)
Criterion
Criterion d):
Yes/no
Comments, references to the section of the offer
Quality assurance and control measures (10 points –
minimum threshold 6 points)
This criterion will assess the
quality assurance and quality
control system applied to the
management of the framework
contract, the implementation
of the tasks under section 3.4,
the quality assurance of the
final deliverables as described
under section 3.5, as well as
Yes/no
3
the language quality check.
The criterion will also assess
the proposed methodology to
improve the quality assurance
and quality control system on
the basis of lessons learned
within the implementation of
the tasks of this Framework
contract.
Provide here the reference(s) to the relevant section in the
offer.
Furthermore
under
this
criterion the contractor must
describe the mechanisms it
will implement to ensure a
proper risk management, in
particular covering the risk of
unavailability of staff assigned
to tasks under this contract
(both temporary as well as
permanent unavailability)
A low score will be attributed
to those tenders who propose
only a generic quality control
system. This criterion will be
assessed
based
on
the
description of the quality
assurance
and
controls
measures.
Under section 2.4.2 Illustrative Assignment (max. 20 points)
Criterion
Compliance Comments, references to the section of the
(Please
offer
answer
yes/no)
Criterion e) Illustrative assignment – quality and completeness (20 points,
minimum 12 points)
4
1. This criterion will assess the
degree to which the tender
meets the requirements under
section "Error! Reference
source not found.". The
tenderer's answers will be
evaluated for quality (both
technical as well as nontechnical e.g. structure, clarity,
English), completeness with
the requirements set out under
the section "Error! Reference
source not found.".
Criterion
Provide here the reference(s) to the relevant section in the
offer.
Yes/no
Compliance Comments, references to the section of the
(Please
offer
answer
yes/no)
Criterion f) Illustrative assignment - proposed security methodology and
organisation of work (15 points, minimum 9 points)
1. This criterion will assess the
suitability and strength of the
proposed methodology for
implementing the tasks under
the illustrative assignment in
terms of reaching a state of the
art security (software security
as well as process security)
that could be independently
verified based on industry
standards.
In describing the methodology
the tenderer shall make a clear
reference to the roles and
responsibilities
of
the
proposed experts' profiles as
well as the communication
within the tenderer's team and
with
the
Commission.
Furthermore, this criterion will
also assess the proposed
project plan, including a
schedule per deliverable.
Provide here the reference(s) to the relevant section in the
offer.
Yes/no
5
Criterion
Compliance Comments, references to the section of the
(Please
offer
answer
yes/no)
Criterion g) Illustrative assignment - quality control measures (5 points,
minimum 3 points)
1. This criterion will assess the
quality control and quality
assurance measures applied to
the tasks foreseen in the
illustrative
assignment
concerning the quality of the
deliverables,
the
documentation and language
quality check, continuity of
the service in case of absence
of a member of the team. The
quality control system should
be detailed in the tender and
specific to the tasks at hand; a
generic quality system will
result in a low score.
Provide here the reference(s) to the relevant section in the
offer.
Yes/no
6
Download