The contract implies a joint procurement.The contracting authority is purchasing also on behalf of other contracting authorities.The
participating institutions are:Banca d'Italia, Via Nazionale 91, Roma, IT 00184, ItalyBanco de España, Calle Alcalá, 48, 28014,
SpainBanque centrale du Luxembourg, 2, boulevard Royal, L-2983 LuxembourgCentral Bank of Cyprus, 80 Kennedy Avenue, Nicosia,
CY-1076, CYPRUSCentral ...
The contract implies a joint procurement.The contracting authority is purchasing also on behalf of other contracting authorities.The
participating institutions are:Banca d'Italia, Via Nazionale 91, Roma, IT 00184, ItalyBanco de España, Calle Alcalá, 48, 28014,
SpainBanque centrale du Luxembourg, 2, boulevard Royal, L-2983 LuxembourgCentral Bank of Cyprus, 80 Kennedy Avenue, Nicosia,
CY-1076, CYPRUSCentral Bank of Ireland, New Wapping Street, North Wall Quay, Dublin 1, IrelandCentral Bank of Malta, Castille
Place, Valletta, VLT1060, MaltaEuropean Central Bank, Sonnemannstrasse 20, Frankfurt am Main,60314, GermanyOesterreichische
Nationalbank, Otto-Wagner-Platz 3, Wien, 1090, AustriaMalta Financial Services Authority, Triq l-Imdina, Zone 1, Central Business
District, Birkirkara, MaltaOther institutions, having the right to participate in EPCO’s activities (according to Decision
ECB/2008/17 as amended), which did not express an interest in this procedure before the publication of the contract notice
in the OJEU will also have the possibility to join the Framework Agreements - if they wish so - before its expiry. The identity
of EPCO members may be consulted on EPCO's website: https://epco.lu/.The objective of the current joint tender procedure is
to contract the services for identifying the cybersecurity risks and for guidance to take appropriate technical and organizational
measures to minimize those risks within current and future EPCO members of the ESCB.To cover a wider scope, according to the
testing methodology, the National Bank of Romania identified three lots for the joint tender procedure:• Lot no. 1 - IT Security
Assessment Services in line with the latest Regular Penetration Testing Execution Standards;IT Security Assessment Services
according to the TIBER-EU framework:• Lot no. 2 - Targeted Threat Intelligence Services;• Lot no. 3 - Red team IT Security
Services.Each lot will result in a framework agreement with the following characteristics: multi-supplier framework agreement
(max 5), with reopening the competition. For all Participating Institutions, except NBR, this Framework Agreement shall be
non-exclusive, meaning that these Participating Institutions will not have obligation to award assignments to the Contractor
according to this Framework Agreement for the purchase of IT Security Assessment Services with the Contractor. For NBR this
Framework Agreement shall be exclusive, meaning that during the term of this Framework Agreement NBR will have the obligation
to fulfill its needs for IT Security Assessment Services through this Framework Agreement by concluding Further Agreements
with the Contractors.All current and future EPCO member central banks are together potential beneficiaries of the Framework
Agreements, which the Participating Institutions will implement via reopening of the competition (mini-competition) among
the Contractors. Each Participating Institution shall be entitled to describe its specific needs regarding the IT Security
Assessment Services (the IT infrastructure that needs to be tested), apply its own offers evaluation methodology, and quality/price
weighting within the terms of the Framework Agreement to assign the Further Agreements.Deadline for requesting clarifications
to the award documentation: 16 days before the deadline for submission of offersDate of response to all requests for clarification:
11 days before the deadline for submission of offers