Buyer Name: City of Edinburgh Council
Buyer Address: Waverley Court, Edinburgh, UKM75, EH8 8BG, United Kingdom
Contact Name: Shane Newell
Contact Email: shane.newell@edinburgh.gov.uk
Cyber Security Assurance Services Framework
Buyer Contact Info
Status
complete
complete
Procedure
selective
selective
Value
750000.0 GBP
750000.0 GBP
Published
06 Aug 2025, 14:29
06 Aug 2025, 14:29
Deadline
n/a
n/a
Contract Start
n/a
n/a
Contract End
n/a
n/a
Category
services
services
CPV
72000000 - IT services: consulting, software development, Internet and support
72000000 - IT services: consulting, software development, Internet and support
Region
n/a
n/a
Awarded To
Trustmarque Solutions Ltd, Redcentric Solutions Limited, NCC Group Security Services Limited, Entserv UK Ltd
Trustmarque Solutions Ltd, Redcentric Solutions Limited, NCC Group Security Services Limited, Entserv UK Ltd
Official Source
Open Find a Tender
Open Find a Tender
Description
The City of Edinburgh Council is awarding a robust Framework for the procurement of secure digital services. It aims to enhance the Councils ability to assess and select IT service providers that meet stringent security requirements, ensuring the delivery of secure and reliable digital services.
Linked Documents
No linked documents found for this notice.
Opportunity Context
Lots
Lot Title: Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Penetration testing and vulnerability assessments against industry standards at application, component, and full stack levels, and - Security assurance and reporting of proposed new technologies and services. Suppliers must also provide: - Advice and consultation on proposed and existing cloud developments, - Advice and consultation on proposed and existing cloud infrastructure configurations, and - Advice and consultation on cloud technologies to support ongoing management of our cloud operations.
Lot 1 Status: cancelled
Lot 1 Has Options: No
Lot 1 Award Criterion (quality): Delivery of Services
Lot 1 Award Criterion (quality): Advice and Consultancy
Lot 1 Award Criterion (quality): Account Management and Staffing
Lot 1 Award Criterion (quality): Business continuity
Lot 1 Award Criterion (quality): The Environment
Lot 1 Award Criterion (quality): Fair Work Practices
Lot 1 Award Criterion (quality): Community Benefits
Lot Title: Incident Response, Digital Forensics, Data Breach Assessment & Recovery
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Incident Response, - Digital Forensics, - Data Breach Assessment and Recovery.
Lot 2 Status: cancelled
Lot 2 Has Options: No
Lot 2 Award Criterion (quality): Quality from Lot 1
Lot Title: Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Security Audit – PCI, - Security Architecture/Design Review, - Compliance and Regulatory Services.
Lot 3 Status: cancelled
Lot 3 Has Options: No
Lot 3 Award Criterion (quality): Quality from Lot 1
Lot Title: Threat Intelligence
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Threat Intelligence
Lot 4 Status: cancelled
Lot 4 Has Options: No
Lot 4 Award Criterion (quality): Quality from Lot 1
Lot Title: Vulnerability Assessments
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Vulnerability Assessments
Lot 5 Status: cancelled
Lot 5 Has Options: No
Lot 5 Award Criterion (quality): Quality from Lot 1
Lot Title: Data & Hardware Sanitisation
Lot Description: The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments. These include: - Data and Hardware Sanitisation
Lot 6 Status: cancelled
Lot 6 Has Options: No
Lot 6 Award Criterion (quality): Quality from Lot 1
Contracts
Contract Title: Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
Contract Title: Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
Contract Title: Threat Intelligence
Contract Title: Vulnerability Assessments
Contract Title: Data & Hardware Sanitisation
Contract Title: Incident Response, Digital Forensics, Data Breach Assessment & Recovery
Awards
Award Title: Essential Services: Penetration Testing, Security Assurance & Reporting, Advice & Consultation
Award Title: Security Audit – PCI, Security Architecture/Design Review, Compliance & Regulatory Services.
Award Title: Threat Intelligence
Award Title: Vulnerability Assessments
Award Title: Data & Hardware Sanitisation
Award Title: Incident Response, Digital Forensics, Data Breach Assessment & Recovery
Raw Notice JSON
Expand raw payload
{
"awards": [
{
"id": "046608-2025-1",
"relatedLots": [
"1"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-107397",
"name": "Trustmarque Solutions Ltd"
},
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Essential Services: Penetration Testing, Security Assurance \u0026 Reporting, Advice \u0026 Consultation"
},
{
"id": "046608-2025-2",
"relatedLots": [
"3"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-107397",
"name": "Trustmarque Solutions Ltd"
},
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Security Audit \u2013 PCI, Security Architecture/Design Review, Compliance \u0026 Regulatory Services."
},
{
"id": "046608-2025-3",
"relatedLots": [
"4"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-107397",
"name": "Trustmarque Solutions Ltd"
},
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Threat Intelligence"
},
{
"id": "046608-2025-4",
"relatedLots": [
"5"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-107397",
"name": "Trustmarque Solutions Ltd"
},
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Vulnerability Assessments"
},
{
"id": "046608-2025-5",
"relatedLots": [
"6"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-107397",
"name": "Trustmarque Solutions Ltd"
},
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Data \u0026 Hardware Sanitisation"
},
{
"id": "046608-2025-6",
"relatedLots": [
"2"
],
"status": "active",
"suppliers": [
{
"id": "GB-FTS-157203",
"name": "Redcentric Solutions Limited"
},
{
"id": "GB-FTS-108965",
"name": "NCC Group Security Services Limited"
},
{
"id": "GB-FTS-157204",
"name": "Entserv UK Ltd"
}
],
"title": "Incident Response, Digital Forensics, Data Breach Assessment \u0026 Recovery"
}
],
"bids": {
"statistics": [
{
"id": "1",
"measure": "bids",
"relatedLot": "1",
"value": 4
},
{
"id": "6",
"measure": "bids",
"relatedLot": "3",
"value": 4
},
{
"id": "11",
"measure": "bids",
"relatedLot": "4",
"value": 4
},
{
"id": "16",
"measure": "bids",
"relatedLot": "5",
"value": 4
},
{
"id": "21",
"measure": "bids",
"relatedLot": "6",
"value": 4
},
{
"id": "26",
"measure": "bids",
"relatedLot": "2",
"value": 3
},
{
"id": "2",
"measure": "smeBids",
"relatedLot": "1",
"value": 4
},
{
"id": "7",
"measure": "smeBids",
"relatedLot": "3",
"value": 4
},
{
"id": "12",
"measure": "smeBids",
"relatedLot": "4",
"value": 4
},
{
"id": "17",
"measure": "smeBids",
"relatedLot": "5",
"value": 4
},
{
"id": "22",
"measure": "smeBids",
"relatedLot": "6",
"value": 4
},
{
"id": "27",
"measure": "smeBids",
"relatedLot": "2",
"value": 3
},
{
"id": "3",
"measure": "foreignBidsFromEU",
"relatedLot": "1",
"value": 0
},
{
"id": "8",
"measure": "foreignBidsFromEU",
"relatedLot": "3",
"value": 0
},
{
"id": "13",
"measure": "foreignBidsFromEU",
"relatedLot": "4",
"value": 0
},
{
"id": "18",
"measure": "foreignBidsFromEU",
"relatedLot": "5",
"value": 0
},
{
"id": "23",
"measure": "foreignBidsFromEU",
"relatedLot": "6",
"value": 0
},
{
"id": "28",
"measure": "foreignBidsFromEU",
"relatedLot": "2",
"value": 0
},
{
"id": "4",
"measure": "foreignBidsFromNonEU",
"relatedLot": "1",
"value": 4
},
{
"id": "9",
"measure": "foreignBidsFromNonEU",
"relatedLot": "3",
"value": 4
},
{
"id": "14",
"measure": "foreignBidsFromNonEU",
"relatedLot": "4",
"value": 4
},
{
"id": "19",
"measure": "foreignBidsFromNonEU",
"relatedLot": "5",
"value": 4
},
{
"id": "24",
"measure": "foreignBidsFromNonEU",
"relatedLot": "6",
"value": 4
},
{
"id": "29",
"measure": "foreignBidsFromNonEU",
"relatedLot": "2",
"value": 3
},
{
"id": "5",
"measure": "electronicBids",
"relatedLot": "1",
"value": 4
},
{
"id": "10",
"measure": "electronicBids",
"relatedLot": "3",
"value": 4
},
{
"id": "15",
"measure": "electronicBids",
"relatedLot": "4",
"value": 4
},
{
"id": "20",
"measure": "electronicBids",
"relatedLot": "5",
"value": 4
},
{
"id": "25",
"measure": "electronicBids",
"relatedLot": "6",
"value": 4
},
{
"id": "30",
"measure": "electronicBids",
"relatedLot": "2",
"value": 3
}
]
},
"buyer": {
"id": "GB-FTS-53539",
"name": "City of Edinburgh Council"
},
"contracts": [
{
"awardID": "046608-2025-1",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-1",
"status": "active",
"title": "Essential Services: Penetration Testing, Security Assurance \u0026 Reporting, Advice \u0026 Consultation",
"value": {
"amount": 750000,
"currency": "GBP"
}
},
{
"awardID": "046608-2025-2",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-2",
"status": "active",
"title": "Security Audit \u2013 PCI, Security Architecture/Design Review, Compliance \u0026 Regulatory Services.",
"value": {
"amount": 750000,
"currency": "GBP"
}
},
{
"awardID": "046608-2025-3",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-3",
"status": "active",
"title": "Threat Intelligence",
"value": {
"amount": 750000,
"currency": "GBP"
}
},
{
"awardID": "046608-2025-4",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-4",
"status": "active",
"title": "Vulnerability Assessments",
"value": {
"amount": 750000,
"currency": "GBP"
}
},
{
"awardID": "046608-2025-5",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-5",
"status": "active",
"title": "Data \u0026 Hardware Sanitisation",
"value": {
"amount": 750000,
"currency": "GBP"
}
},
{
"awardID": "046608-2025-6",
"dateSigned": "2025-08-06T00:00:00+01:00",
"id": "046608-2025-6",
"status": "active",
"title": "Incident Response, Digital Forensics, Data Breach Assessment \u0026 Recovery",
"value": {
"amount": 750000,
"currency": "GBP"
}
}
],
"date": "2025-08-06T15:29:24+01:00",
"description": "Contained in tender documentation\n(SC Ref:806607)",
"id": "046608-2025",
"initiationType": "tender",
"language": "en",
"links": [
{
"href": "https://api.publiccontractsscotland.gov.uk/v1/Notice?id=ocds-r6ebe6-0000767446",
"rel": "canonical"
}
],
"ocid": "ocds-h6vhtk-0478f3",
"parties": [
{
"address": {
"countryName": "United Kingdom",
"locality": "Edinburgh",
"postalCode": "EH8 8BG",
"region": "UKM75",
"streetAddress": "Waverley Court"
},
"contactPoint": {
"email": "shane.newell@edinburgh.gov.uk",
"name": "Shane Newell"
},
"details": {
"buyerProfile": "https://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspxD=AA00290",
"classifications": [
{
"description": "Regional or local authority",
"id": "REGIONAL_AUTHORITY",
"scheme": "TED_CA_TYPE"
},
{
"description": "General public services",
"id": "01",
"scheme": "COFOG"
}
],
"url": "http://www.edinburgh.gov.uk"
},
"id": "GB-FTS-53539",
"identifier": {
"legalName": "City of Edinburgh Council"
},
"name": "City of Edinburgh Council",
"roles": [
"buyer"
]
},
{
"address": {
"countryName": "United Kingdom",
"locality": "York.",
"postalCode": "YO26 6RW",
"region": "UKE21",
"streetAddress": "Marlborough House, Westminster Place, York Business Park,"
},
"details": {
"scale": "sme"
},
"id": "GB-FTS-107397",
"identifier": {
"legalName": "Trustmarque Solutions Ltd"
},
"name": "Trustmarque Solutions Ltd",
"roles": [
"supplier"
]
},
{
"address": {
"countryName": "United Kingdom",
"locality": "Harrogate",
"postalCode": "HG3 1UG",
"region": "UKE2",
"streetAddress": "Central House, Beckwith Knowle"
},
"details": {
"scale": "sme"
},
"id": "GB-FTS-157203",
"identifier": {
"legalName": "Redcentric Solutions Limited"
},
"name": "Redcentric Solutions Limited",
"roles": [
"supplier"
]
},
{
"address": {
"countryName": "United Kingdom",
"locality": "MANCHESTER",
"postalCode": "M3 3AQ",
"region": "UK",
"streetAddress": "XYZ Building, 2 Hardman Boulevard, Spinningfields,"
},
"details": {
"scale": "large"
},
"id": "GB-FTS-108965",
"identifier": {
"legalName": "NCC Group Security Services Limited"
},
"name": "NCC Group Security Services Limited",
"roles": [
"supplier"
]
},
{
"address": {
"countryName": "United Kingdom",
"locality": "Aldershot",
"postalCode": "GU11 1PZ",
"region": "UK",
"streetAddress": "Royal Pavilion, Wellesley Road"
},
"details": {
"scale": "sme"
},
"id": "GB-FTS-157204",
"identifier": {
"legalName": "Entserv UK Ltd"
},
"name": "Entserv UK Ltd",
"roles": [
"supplier"
]
},
{
"address": {
"countryName": "United Kingdom",
"locality": "Edinburgh",
"postalCode": "EH1 1LB",
"streetAddress": "Sheriff Court House, 27 Chambers Street"
},
"id": "GB-FTS-5024",
"identifier": {
"legalName": "Sheriff Court"
},
"name": "Sheriff Court",
"roles": [
"reviewBody"
]
}
],
"tag": [
"award",
"contract"
],
"tender": {
"classification": {
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
},
"coveredBy": [
"GPA"
],
"description": "The City of Edinburgh Council is awarding a robust Framework for the procurement of secure digital services. It aims to enhance the Councils ability to assess and select IT service providers that meet stringent security requirements, ensuring the delivery of secure and reliable digital services.",
"id": "CT1218",
"items": [
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "1",
"relatedLot": "1"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "2",
"relatedLot": "2"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "3",
"relatedLot": "3"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "4",
"relatedLot": "4"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "5",
"relatedLot": "5"
},
{
"additionalClassifications": [
{
"description": "IT services: consulting, software development, Internet and support",
"id": "72000000",
"scheme": "CPV"
}
],
"deliveryAddresses": [
{
"region": "UKM75"
}
],
"id": "6",
"relatedLot": "6"
}
],
"legalBasis": {
"id": "32014L0024",
"scheme": "CELEX"
},
"lots": [
{
"awardCriteria": {
"criteria": [
{
"description": "30",
"name": "Delivery of Services",
"type": "quality"
},
{
"description": "30",
"name": "Advice and Consultancy",
"type": "quality"
},
{
"description": "15",
"name": "Account Management and Staffing",
"type": "quality"
},
{
"description": "10",
"name": "Business continuity",
"type": "quality"
},
{
"description": "5",
"name": "The Environment",
"type": "quality"
},
{
"description": "5",
"name": "Fair Work Practices",
"type": "quality"
},
{
"description": "5",
"name": "Community Benefits",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Penetration testing and vulnerability assessments against industry standards at application, component, and full stack levels, and\n- Security assurance and reporting of proposed new technologies and services.\nSuppliers must also provide:\n- Advice and consultation on proposed and existing cloud developments,\n- Advice and consultation on proposed and existing cloud infrastructure configurations, and\n- Advice and consultation on cloud technologies to support ongoing management of our cloud operations.",
"hasOptions": false,
"id": "1",
"status": "cancelled",
"title": "Essential Services: Penetration Testing, Security Assurance \u0026 Reporting, Advice \u0026 Consultation"
},
{
"awardCriteria": {
"criteria": [
{
"description": "50",
"name": "Quality from Lot 1",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Incident Response,\n- Digital Forensics,\n- Data Breach Assessment and Recovery.",
"hasOptions": false,
"id": "2",
"status": "cancelled",
"title": "Incident Response, Digital Forensics, Data Breach Assessment \u0026 Recovery"
},
{
"awardCriteria": {
"criteria": [
{
"description": "50",
"name": "Quality from Lot 1",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Security Audit \u2013 PCI,\n- Security Architecture/Design Review,\n- Compliance and Regulatory Services.",
"hasOptions": false,
"id": "3",
"status": "cancelled",
"title": "Security Audit \u2013 PCI, Security Architecture/Design Review, Compliance \u0026 Regulatory Services."
},
{
"awardCriteria": {
"criteria": [
{
"description": "50",
"name": "Quality from Lot 1",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Threat Intelligence",
"hasOptions": false,
"id": "4",
"status": "cancelled",
"title": "Threat Intelligence"
},
{
"awardCriteria": {
"criteria": [
{
"description": "50",
"name": "Quality from Lot 1",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Vulnerability Assessments",
"hasOptions": false,
"id": "5",
"status": "cancelled",
"title": "Vulnerability Assessments"
},
{
"awardCriteria": {
"criteria": [
{
"description": "50",
"name": "Quality from Lot 1",
"type": "quality"
},
{
"description": "50",
"type": "price"
}
]
},
"description": "The City of Edinburgh Council intends to establish a Framework Agreement that will provide the Council with a range of ICT information and system security assessments.\nThese include:\n- Data and Hardware Sanitisation",
"hasOptions": false,
"id": "6",
"status": "cancelled",
"title": "Data \u0026 Hardware Sanitisation"
}
],
"mainProcurementCategory": "services",
"procurementMethod": "selective",
"procurementMethodDetails": "Restricted procedure",
"reviewDetails": "An economic operator that suffers or risks suffering loss or damage attributable to a breach of duty under Public Contracts (Scotland) Regulations 2015 may bring proceedings in the Sheriff Court or Court of Session. A claim for an ineffectiveness order must be made within 30 days of the Contract Award Notice being published in the Find a Tender Service within 30 days of the date those who expressed an interest in or otherwise bid for the contract were informed of the conclusion of the contract or in any other case within 6 months from the date on which the contract was entered into.",
"status": "complete",
"techniques": {
"hasFrameworkAgreement": true
},
"title": "Cyber Security Assurance Services Framework"
}
}