Provision of Virtual Data Room Services

Kurze Beschreibung

FMS Wertmanagement wishes to engage the services of a virtual data room provider in order to facilitate its ongoing portfolio wind-down through selling financial assets and other financial instruments on the secondary market.

Beschreibung der Beschaffung

FMS-WM wishes to engage the services of a virtual data room provider in order to facilitate its ongoing portfolio wind-down through selling assets and other financial instruments on the secondary market. The virtual data room must allow FMS-WM to share confidential legal and other documentation to prospective transaction purchasers. It must be possible to have multiple independent virtual data rooms running at the same time, with complete confidentiality within each virtual data room. Ease of use for both FMS-WM and potential purchasers is an important consideration. Access to, and document storage in, the Virtual Data Rooms must have strong security protection.
Mandatory requirements:
A. data room functionality
(a) the data rooms shall be able to deal with DOC, XLS, PDF, TXT, JPG, PPT, RTF, 7z, ZIP, and CSV files (FS1.1);
(b) the data rooms shall support all characters that can be used in Windows file names, i.e., all standard keyboard characters excluding <,>,:,",/,\,|,?, and * (FS1.3);
(c) the platform shall be able to have multiple separate data rooms at the same time (up to 12) (FS1.4);
(d) the data rooms shall support ‘Drag and Drop’ functionality to allow folders and sub-folders to be copied into data room in full, retaining the folder structure (FS1.5);
B. access to the virtual data rooms
(a) the access for each user should be individually password (FS2.1).
C. Certifications and regulations
(a) the solution shall be ISO27001 certified. A certification of the whole solution provider is a benefit (TS1.1);
(b) the solution as well as the contractual documentation shall be EUGDPR conform (TS1.2);
(c) the Data Centre(s) where the solution is hosted shall be certified (TS1.4);
(d) the website certificate shall be provided by a recognized Trust Centre (e.g. GlobalSign, VeriSign or others) (TS1.5);
D) data Storage and availability
(a) the data shall be stored within the European Economic Area (EEA) (data centre location) (TS2.1);
(b) the data centre(s) where the solution is hosted shall provide a high level of physical security and reliability (TS2.2);
E. encryptions, prodections and passwords
(a) the solution shall support TLS Version 1.2, 1.3 (1.3 strongly preferred) or higher (TS3.1);
(b) the hosting operation systems shall be hardened acording to an industry standard (like CIS, NIST, BSI) (TS3.4);
(c) passwords shall be stored in an encrypted\hashed format (Hash function SHA256 or better strongly preferred) (TS3.8);
F. availability, incidents and help desk
(a) the solution shall be highly available (at least 99,3 % availability) (TS4.1);
(b) the solution provider shall have an incident management process including a process to inform the client about possible data breaches as soon as possible (TS4.2);
G. updates and testing
(a) all used hard- and software components shall be regularly updated regarding to a patch management process (TS5.2);
(b) the solution provider shall have a pro-active vulnerability management. All components of the platform solution (webserver, databases, etc.) should receive regular updates. Security patches must be installed on time (TS5.3).
Besides the mandatory criteria, FMS-WM defined several (31) evaluation criteria.
All bidders are obliged to fill out E.4 Specification sheet in order to evaluate the virtual data room capabilities of the corresponding bidder.

Liste und kurze Beschreibung der Bedingungen

Licence to exercise occupation
Please confirm that you are in possession of a licence to exercise your occupation, e.g. by means of an entry in the professional or commercial register.

Liste und kurze Beschreibung der Auswahlkriterien

1) Minimum turnover
Please confirm the achievement of the required order-specific minimum turnover per completed business year in the amount of not less than EUR 220 000 net. Please enter the turnover in form D.8 Declaration on turnover.
2) Business or professional liability insurance
Please confirm that your company is covered by business or professional liability insurance from a liability insurer or financial institution licensed in the EU. The contracting authority reserves the right to request appropriate verification before awarding the contract.

1) Minimum turnover
Please confirm the achievement of the required order-specific minimum turnover per completed business year in the amount of not less than EUR 220 000 net. Please enter the turnover in form D.8 Declaration on turnover.
2) Business or professional liability insurance
Please confirm that your company is covered by business or professional liability insurance from a liability insurer or financial institution licensed in the EU. The contracting authority reserves the right to request appropriate verification before awarding the contract.

Liste und kurze Beschreibung der Auswahlkriterien

1) References
Please name at least three of your current reference customers in the financial sector, stating in each case the total order volume, the contract term and the scope of service. Please also give the name of a contact person for each referee with an appropriate telephone number. Please note here that references may not be more than 3 years old.
2) ISO 27001 certificate
Please confirm that your company is certified in accordance with DIN EN ISO 27001 with regard to IT, security procedures, IT security management systems.

Bedingungen für die Teilnahme (technische und berufliche Fähigkeiten)

1) References
Please name at least three of your current reference customers in the financial sector, stating in each case the total order volume, the contract term and the scope of service. Please also give the name of a contact person for each referee with an appropriate telephone number. Please note here that references may not be more than 3 year olds.
2) ISO 27001 certificate.
Please confirm that your company is certified in accordance with DIN EN ISO 27001 with regard to IT, security procedures, IT security management systems.

In addition, reference is made to the information contained in the EU publication and in the letter ‘Call for tenders’. No compensation will be granted for the processing and submission of tenders and participation in the tender procedure. Documents submitted are transferred free of charge to the contracting authority. Documents are retained in accordance with legal requirements. After expiry of the statutory retention period, they will be destroyed.

Genaue Informationen über Fristen für Überprüfungsverfahren

The admissibility of applications for review is governed by s. 160 GWB. According to s. 160(3) No 1 GWB, an application for review is inadmissible if the applicant detected the alleged in-fringement in the procurement procedure and did not complain to the contracting authority within a period of 10 calendar days. Infringements that can be detected on the basis of the notification or the tender documents must be reported to the contracting authority at the latest by the end of the tender period (s. 160 (3) No 2 and No 3 GWB).
If the contracting authority states that the complaint will not be remedied, an application for review may only be submitted in writing to the competent procurement tribunal within 15 calendar days of receipt of the notification (s. 160 (3) No 4 GWB), whereby the date of receipt of the application for review by the procurement tribunal is decisive for observance of the dead-line. The procedure for the investigation of alleged infringements of the procurement procedure is governed by the provisions of s. 155 ff. GWB.