Provision of information technology (IT) security services
The ESM intends to establish framework agreements with up to 5 suitable service providers for the provision of information technology security services (‘IT security services’) to the ESM on a regular and, when needed, ad-hoc basis in line with the operational needs of the ESM as defined below and in the procurement documents. The IT security services will consist of threat analytics, penetration tests, IT security risk and control reviews and any other IT security advisory services for the ESM’s IT systems and data centres maintained by the ESM and/or provided to the ESM by third parties, and will include the following range of services: threat intelligence and review of IT controls, incident response, IT security culture, advisory on IT security, including new security threats, technology and/or applications.