The National Security Framework in public procurement

The Administrative Procurement Advisory Board of the Generalitat de Catalunya reports on the consequences for bidding companies of not accrediting compliance with the National Security Framework (ENS), in its report 12/2020 of 2 October, at request of Quart Town Council.

I.

The aim of the ENS is to foster confidence in the fact that information systems provide their services and store information in accordance with their functional specifications, without interruptions or uncontrolled modifications, and without allowing information to be accessed by unauthorized persons. It applies to electronic systems, data, communications and services managed by public administrations or operators that provide services or provide solutions to public entities, in accordance with Royal Decree 3/2010.

II.

Determining compliance with the ENS is established according to the category of information systems –basic, medium or high–, which depends on the services or products provided by private operators. In this way, operators must use the same model used by public entities both for the Declaration of Conformity with the ENS, in the case of basic systems, and for the Certificate of Conformity, in the case o medium or high category systems. For the latter, they must be approved by a certification body that fulfils the requirements established in the Technical Security Regulations. In cases where operators provide solutions to public entities which must comply with the ENS, the conditions of the tender procedure may include this requirement as a technical specification or as an obligation of the contracting company, defining at what point the bidding companies must be in a position to submit the corresponding declaration or certification of conformity with the ENS depending on the system in question or requiring the bidder to have one or the other in the future, in the event that they win the contract and for the performance of the contract as long as it is appropriate to the purpose of the contract and the circumstances in each case.

III.

Not providing proof of this commitment, or where applicable conformity with the ENS, is something that can be remedied since it does not imply a change of intent on behalf of bidders since their initial proposal, although it could lead to their exclusion if they do not remedy this or if the technical description contained in the bid reveals an express breach of one of the tender conditions because it is incompatible or contravenes the aforementioned intent.

For more information, see the full text of report 12/2020, of 2 October, of the Administrative Procurement Advisory Board of the Generalitat de Catalunya, at the following link

For any additional questions or clarifications, you can contact the Ministry of Health DPO