CFT-1749 - IT Security Managed Services

The European Investment Bank (EIB) has issued a call for tenders, EIB/2024/OP/0003, for IT Security Managed Services. Aimed at securing an off-site Security Operations Center (SOC) for continuous 24/7 security monitoring and incident response services, this tender has an estimated total value of €7,000,000, with a maximum contract duration of 72 months, divided into an initial 48-month term and two renewal options.

The opportunity requires substantial operational capacity, thus it is not suitable for small and medium-sized enterprises (SMEs). Eligible applicants include large IT security service providers, managed security service providers (MSSPs), specialized cybersecurity firms, and multinational IT companies with European presence. The application process is via electronic submission, with a deadline set for January 28, 2026, at 15:00:59 CET.

The evaluation will be based on quality (80% weight) and price (20% weight), emphasizing a strong technical proposal over cost. Interested bidders must register for a Participant Identification Code (PIC) and will need to submit administrative documentation, a technical proposal, and pricing information as part of their submissions.

The contract is intended for immediate operational services and not for research or development purposes. The EIB aims to enhance its IT security infrastructure against potential breaches, ensuring operational continuity through advanced security measures. This procurement process follows standard public tendering procedures, specifically within the European Union framework, and is open to all qualified entities.

The European Investment Bank (EIB) has published a call for tenders, EIB/2024/OP/0003, for IT Security Managed Services. The TED reference for this tender is 211/2025 725596-2025. This is an open procedure, and submissions must be made electronically. The objective is to award a contract to a successful tenderer for the provision of an off-site Security Operations Center (SOC) to provide continuous (24/7) advanced security monitoring and detection function over the EIB Group’s IT Security infrastructure, as well as off-site Incident Response (IR) services to prepare for, detect, contain, and recover from (possible) data breaches that could interrupt the EIB Groups processes. The estimated total value of the contract is 7,000,000 EUR. The TED publication date is 03/11/2025. The lead contracting authority is the European Investment Bank. The main classification (CPV) code is 72000000 - IT services: consulting, software development, Internet and support. The nature of the contract is for services, with a maximum contract duration of 72 months. The award method is based on the best price-quality ratio. There is no framework agreement associated with this tender. Key milestones include the TED publication date of 03/11/2025, the date and time of the public opening on 29/01/2026 at 11:00 Europe/Luxembourg, and the deadline for receipt of tenders on 28/01/2026 at 15:00 Europe/Luxembourg. The contracting authority is not bound to reply to questions submitted after 14/01/2026 at 07:00 Europe/Luxembourg.

The following documents are available for download:
General Administrative and Submission Clauses (GASC) Tender specifications - adm. part, published on 03/11/2025, Version 1, No translations available.
Terms of Reference, published on 03/11/2025, Version 1, No translations available.
Annex A - Technical Specifications, published on 03/11/2025, Version 1, No translations available.
Annex B - Technical Proposal Form, published on 03/11/2025, Version 1, No translations available.
Annex C - Pricing Form Financial offer form, published on 03/11/2025, Version 1, No translations available.
Annex D1 - Model Contract for Provision of Services CFT-1749 final, published on 03/11/2025, Version 1, No translations available.
Annex D2 - General Terms & Conditions for Provision of Information and Communication Technology (ICT) Services, published on 03/11/2025, Version 1, No translations available.
Annex E - Contract Reference Form, published on 03/11/2025, Version 1, No translations available.
Annex F - Statement on background checks on external staff resources, published on 03/11/2025, Version 1, No translations available.
Annex G - Administrative forms for EIB tenders (Forms 1 - 6), published on 03/11/2025, Version 1, No translations available.

Submissions must be sent exclusively via electronic submission.

Some frequently asked questions (FAQ) are answered:
To proceed if the system is slow or doesn’t work while uploading/downloading documents, use the latest versions of Google Chrome or Mozilla Firefox. If the issue persists, clear the cache and cookies on the Internet browser.
The eSubmission system supports the latest versions of Google Chrome or Mozilla Firefox. For the most up-to-date technical recommendations, click on the link System Requirements.
It is not possible to view the details of the submission after the deadline, as the system encrypts all attachments upon upload and will not allow decryption after the deadline.
Submissions can be found in Manage My Area, in the Funding & Tenders portal, in ‘My Submission(s)’: tenders in response to open calls for tenders, requests to participate.
Attachments should be less than 50 MB in size.
Attachments in eSubmission must be named following the System Requirements.
The system supports video submissions. Check the System Requirements of eSubmission for supported formats.
Invited candidates can only see the procurement documents after having selected an organisation. Go to F&T Portal, “My Invitations”. Click on “Select Organisation” from the “Action” column.
A Personal Identification Code (PIC) is mandatory to participate in a call for tenders as a sole candidate/tenderer or as a member of a group (consortium).
If there is an issue uploading a file in eSubmission and it’s giving an error, make sure it follows the technical requirements of the system.
The maximum number of documents that can be uploaded per tender is 200 files.
It is mandatory to register for a PIC if you intend to submit a tender or a request to participate.
To register an organisation and get a Participant Identification Code (PIC), first check if the organisation is already registered using the Search PIC tool under 'How to Participate' > Participant Register.
The system is multilingual and supports all 24 official EU languages.
The character set encoding is UTF-8.
The system uses encryption to ensure the integrity and the confidentiality of the information.
The supported file types depend on the type of submission you want to make. The allowed file types are specified within the system requirements linked to the procedure in question.
Until the deadline for the submission has been reached, submissions in the draft status can be edited, viewed and deleted.
In the submission report, if "Legal form: UNKNOWN" is displayed under the name of the entity, it is just a display issue and is not blocking for submission.
An automatic email informing that the deadline for the reception of submissions had been reached does not mean that the submission was not correctly sent.

In summary, this is a call for tenders by the European Investment Bank seeking a provider for off-site IT security managed services, including continuous security monitoring and incident response. The contract is valued at 7 million EUR and will run for 72 months. The tender process is open and electronic, with a deadline for submissions on January 28, 2026. Interested parties must provide a technical proposal, pricing information, and administrative documents as detailed in the tender documents. The award will be based on the best price-quality ratio. The EIB is looking for a provider to manage their IT security infrastructure, protect against data breaches, and ensure the continuity of their processes.

Eligible Applicant Types: The opportunity is open to successful tenderers, suggesting that eligible applicants are likely companies or organizations capable of providing IT security services, including consulting, software development, internet and support. The tender is aimed at awarding a contract to a provider of an off-site Security Operations Center (SOC).

Funding Type: The funding type is procurement, specifically a service contract. The call for tenders aims to award a contract for the provision of services.

Consortium Requirement: The text mentions that a Personal Identification Code (PIC) is mandatory to participate in a call for tenders as a sole candidate/tenderer or as a member of a group (consortium). This suggests that both single applicants and consortia are eligible.

Beneficiary Scope (Geographic Eligibility): The provided text does not explicitly state geographic eligibility. However, given that it is published on the EU Funding & Tenders Portal and the lead contracting authority is the European Investment Bank (EIB), it is highly likely that the beneficiary scope includes EU member states, and potentially EEA countries or other countries eligible for EIB funding.

Target Sector: The target sector is clearly IT Security. The call specifically mentions the provision of an off-site Security Operations Center (SOC), advanced security monitoring, detection functions, and Incident Response (IR) services. The main classification CPV code is 72000000 - IT services: consulting, software development, Internet and support.

Mentioned Countries: The text mentions Luxembourg in the context of the date and time of the public opening and deadline for receipt of tenders, specifically "Europe/Luxembourg".

Project Stage: The project stage is for operational services. The tender seeks a provider to deliver continuous (24/7) advanced security monitoring and incident response services, implying a need for a fully operational and scalable solution.

Funding Amount: The estimated total value of the contract is 7,000,000 EUR.

Application Type: The application type is an open call for tenders, as indicated by the "Open procedure" and "Open For Submission" labels.

Nature of Support: The nature of support is a service contract. The successful tenderer will receive money in exchange for providing IT security services.

Application Stages: The number of application stages is not explicitly stated, but given it is an open tender, it is likely a multi-stage process involving submission of a technical proposal, a financial offer, and administrative documents, followed by evaluation and selection.

Success Rates: The success rate is not mentioned in the provided text.

Co-funding Requirement: The text does not explicitly mention a co-funding requirement.

Summary:

This is a call for tenders by the European Investment Bank (EIB) for the provision of IT Security Managed Services, specifically an off-site Security Operations Center (SOC) to provide continuous (24/7) advanced security monitoring and Incident Response (IR) services for the EIB Group's IT Security infrastructure. The procedure is an open call, meaning any eligible organization can apply. The estimated total value of the contract is 7,000,000 EUR, and the maximum contract duration is 72 months. The submission method is electronic, and the deadline for receipt of tenders is January 28, 2026. The tender documents include General Administrative and Submission Clauses, Terms of Reference, Technical Specifications, a Technical Proposal Form, a Pricing Form, a Model Contract, General Terms & Conditions for ICT Services, a Contract Reference Form, a Statement on background checks, and Administrative forms for EIB tenders. The successful tenderer will be selected based on the best price-quality ratio. Tenderers must register for a Participant Identification Code (PIC) to participate, and submissions must adhere to the system requirements, including file size limits (under 50 MB per file) and naming conventions. The eSubmission system supports all 24 official EU languages and uses encryption to ensure the integrity and confidentiality of the information.