Description of the goods or services required
Audit Services for Certification of the Department of Agriculture, Food and the Marine's Information Security Management System to the requirements of the ISO/IEC 27001:2013 Standard
The EU Commission introduced a delegated regulation (No 907/2014 of 11 March 2014) to replace legislation on the accreditation of EU paying agencies.
The regulation requires paying agencies’ ISMS to be certified in accordance with ISO/IEC 27001:2013 or equivalent. Paying agencies should only be accredited by Member States if they comply with certain minimum criteria established at Union level. Those criteria should cover four basic areas: internal environment, control activities, information, communication and monitoring. The Commission now makes it mandatory for all Paying Agencies (who pay out over €400m annually) to be fully certified to ISO 27001.
The Department of Agriculture, Food and the Marine (DAFM) is committed to protecting its information and that of its customers. To achieve this goal and to meet EU requirements, DAFM has implemented an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013.
The successful tenderer will be required to perform surveillance assessments at the DAFM locations in scope to confirm the conformity of the ISMS to the ISO/IEC 27001:2013 standard.