enderView.ai
Sign InStart free
PlannedServicesMarktconsultatie

Follow-up market consultation Security Operations Center (SOC)

BIJ12 namens IPO · Marktconsultatie · 1 lots · 423408
Type
Services
72000000 · IT services: advisory,
Estimated value
Not published
To deadline
Ongoing
Knock-outs
0
exclusion grounds
Award basis
Best price-quality ratio
Assess manuallyconfidence moderate

This concerns a framework agreement for the delivery of basic SOC services for IT and OT environments, including monitoring, detection and incident response in support of the Cyber Security Act.

Services · Marktconsultatie · National procedure

Contracting authority
BIJ12 namens IPO
Contract type
Services
Marktconsultatie
Estimated value
Estimate not published
Submission deadline
Ongoing
Scope
National
National procedure
Lots
1
1 lots
Main CPV code
72000000
IT services: advisory, software development, internet and support
Location
Netherlands
CharacteristicsCPV 72ServicesSOCSecurity Operations CenterCBW

01What is being requested

The assignment concerns the delivery of Basic SOC services for IT and/or OT environments within a framework agreement. The services include monitoring, detection, incident response, threat intelligence, reporting, use case management and knowledge transfer, whereby optional services such as vulnerability management and forensics can be additionally procured.

In 2025, IPO/BIJ12 conducted a market consultation in preparation for the procurement of SOC services. Based on this, the requirements, together with the provinces, have been further elaborated in a draft description and (draft) Program of Requirements (PoR).

72000000Services
1Follow-up market consultation Security Operations Center (SOC)

02Strategic insight

Strategic insight · AI analysis
<ul Ensure a strong focus on OT security expertise and the required IEC 62443 standard, as this is a specific part of the requirements. Ensure that the analyst certification (e.g., CySA+ or GCIA) is directly demonstrable in the bid. Design the service for seamless integration with existing ITSM systems (such as ServiceNow or TOPdesk) and ensure robust log health monitoring to meet the SLA obligations.
Read automatically from the tender documents using AI. Always verify against the original documents.

03Points of attention

Important · 5
Responsibility: The Participant remains at all times ultimately responsible for the information security policy, compliance with laws and regulations (such as the Cyber Security Act/NIS2) and decision-making regarding risk acceptance.Important
OT monitoring: Support for OT-specific protocols and log formats (such as Modbus, DNP3 and OPC UA) is required for full monitoring of OT environments.Important
SLA reservation: SLA parameters are partly dependent on the quality, availability and timeliness of the log sources provided by the Participant; if preconditions are not met, SLAs apply on a best effort basis.Important
Mandate levels: The degree of authority for technical response measures (Mandate level 1 through 3) will be explicitly established per Participant in advance.Important
Open results: The aim is to make results available as open and commonly usable results within the government, without unnecessary proprietary restrictions.Important

04Can I take part?

Technical · 3
Analysts must demonstrably possess relevant SOC certifications such as CySA+ or GCIA.Technical
Demonstrable knowledge and experience with OT security monitoring in accordance with the principles and guidelines of IEC 62443, including passive monitoring within Purdue Zone 2 and Zone 3 and analysis of OT protocols (such as Modbus/TCP, DNP3, IEC 61850 and BACnet).Technical
The security monitoring service provided by the Contractor must demonstrably comply with the relevant provisions of the Cbw, ISO/IEC 27001 and the Baseline Information Security Government (BIO).Technical

05Value in context

Estimate not published

The contracting authority did not publish an estimated value — common for a large share of contracts. The EU threshold for diensten is € 221.000, for reference.

06Likely competitors

#Likely bidderFitWins
1PinkRoccade Local Government B.V.SME9466×
2Ordina Unknown9421×
3Centric Netherlands B.V.SME9372×
4Protinus IT B.V.SME9251×
5Visma Circle B.V.SME9233×
6Unit4 Business Software Netherlands B.V.SME9229×

07Tender documents

TN587884 - EFE1 Vrijwillige aankondiging van voorafgaande marktconsultatie 20260430125452pdfApr 30, 2026 · 178 KB
Marktconsultatie SOC 260430-1pdfApr 30, 2026 · 567 KB
Bijlage 2 - Programma van WensenpdfApr 30, 2026 · 252 KB
Bijlage 1c - Spec vd Prestatie - Kwaliteits- en Prestatie-eisenpdfApr 30, 2026 · 427 KB
Bijlage 1b - Spec vd Prestatie - ArchitectuurpdfApr 30, 2026 · 716 KB
Bijlage 1a - Spec vd Prestatie - DienstenpdfApr 30, 2026 · 992 KB

08Legal themes that may be relevant here

09Frequently asked questions

How can I submit feedback on the proposed procurement?
Responses can be submitted via the TenderNed messaging module.
What is the purpose of this consultation?
Market parties are invited to provide feedback on the proposed procurement. The input will be incorporated where appropriate into the further elaboration of the draft description and the Program of Requirements.
What technical capabilities are expected from participants?
Participants must be able to discuss how a SOC infrastructure can be technically set up within an organisation.
Which services are covered in the draft description?
The draft description includes basic services such as monitoring, detection, incident response, threat intelligence and reporting, as well as optional services such as vulnerability management, threat hunting and forensics.

Automatically compiled from the official tender data and documents.

10Estimated value versus the market

p25
€ 327K
median
€ 800K
p75
€ 2,5 mln
deze opdracht

Gegunde waarden in CPV 72 · diensten n=1436