Call for tenders' details

IT Infrastructure services
Contracting authority:
European Centre for Disease Prevention and Control (ECDC)
TED publication date:
Time limit for receipt of tenders:
English (en)
Question details
Information Security Management System (ISMS)
On p.32 of the ToR it is stated that: 'The contractor shall have a defined and documented information security management system (ISMS) including an information security policy and procedures in place, which shall be presented in the tender, approved by ECDC and communicated to relevant contractor personnel.' May we confirm the following: Q: Do we have to submit this ISMS with our bid? Q: Can this document be presented in an Annex, or must it be presented within the page limits of the mandatory sections (i.e. 30 page limit of the Service Delivery Plan)
Indeed the ISMS should be submitted as part as the evidence for Technical and professional capacity under “description of the roadmap for the implementation of the security controls after signature of the relevant specific contract (page 46 of the Tender Specifications)”. The ISMS can be an annex to this description.