Provision of Internal Audit Services

Description

The National Galleries Scotland (NGS) is seeking to appoint a sole Service Provider for the Provision of Internal Audit Services. For full details of the Contract Requirements please refer to the associated Tender and Contract Documents. In the event of unsatisfactory performance by the successful Service Provider and the termination of the contract by either party, NGS reserves the right to negotiate the continuance of the services with the second and third placed Service Providers. The procurement will be conducted through the use of the Restricted Procedure. The SPD will be used as a downsizing tool in this procedure. It is the intention of NGS to shortlist a maximum of 5 Service Providers but NGS reserves the right to invite in excess of this number of Service Providers in the event of a tie. Economic Operators may be excluded from this competition if they are in any of the situations referred to in regulation 8 and 9 of the Procurement (Scotland) Regulations 2016. The objective criteria for shortlisting candidates is detailed under section III of this Contract Notice. A DRAFT Contract Agreement, DRAFT Contract Requirements and DRAFT second stage quality scoring sections has been uploaded to the portal. This is for INFORMATION ONLY as to the requirements of the contract and tender process and may be subject to change. Bidders should satisfy themselves that they can fulfil the contract requirements prior to completing the SPD. This procurement will utilise Scottish Government's Cyber Security Procurement Support Tool (CSPST). There are minimum requirements concerning Cyber Security for this contract to which a pass/fail will attach. Stage 2 Tenderers will be required to complete an online Supplier Assurance Questionnaire (SAQ) using the CSPST. A link to the CSPST can be found here://cyberassessment.gov.scot/ The questionnaire will be aligned to a Cyber Risk Profile that has been established for the contract, based on NGS's assessment of cyber risk. For this contract, minimum requirements also include ISO 27001 (or equivalent) and Cyber Essentials Plus (or equivalent) accreditation. Further details are set out in the procurement documents. A contract condition for this procurement requires the Tenderer to comply with the minimum security requirements.