Tender for the Construction of the Cybersecurity Protection System and Security Operations Center (SOC) Services for the Opole Provincial Medical Center in Poland

Project Description: The core of this procurement is to provide the Purchaser with comprehensive Security Operations Center (SOC) managed services, complete the technical integration with the existing Integrated Service Platform (PUI), and provide supporting cybersecurity training. The project aims to enhance the Purchaser's overall cybersecurity situational awareness, threat detection and response capabilities, and strengthen the security awareness and skills of internal personnel through training. For detailed service scope, technical parameters, and delivery standards, refer to Appendices 2.1, 2.2, 2.3 of the Terms of Reference (SWZ), corresponding to three service tasks (Task 1, 2, and 3).
Contract Duration: 60 days
Contract Type: Services
Project Location (NUTS): PL524 (Poland, Opole Province)
Main CPV Code: 72263000 (Software implementation services)
Funding Source: EU Funds – National Recovery Plan (KPO), Investment Project D1.1.2 "Accelerating the Digital Transformation Process in Healthcare through Further Development of Digital Services in the Health Sector"
Exclusion Grounds: The tenderer must not be subject to mandatory exclusion due to criminal offenses, unpaid taxes/social security contributions, bankruptcy, conflict of interest, or sanctions related to Russia/Belarus based on EU Council Regulation No. 833/2014 and relevant Polish domestic legislation.
Tender Language: Polish
Tender Address: https://platformazakupowa.pl/transakcja/1255173
Procurement Documents Address: https://platformazakupowa.pl/transakcja/1255173
Bid Opening Date: 2026-03-11 12:05 (CET)
Bid Validity Period: Until 2026-06-08 (90 days)
Division into Lots: This procurement is divided into three independent service lots (LOT-0001, LOT-0002, LOT-0003)

Lot 1 (LOT-0001) Title: Task 1 – Healthcare System Update Services
Lot 1 (LOT-0001) Service Description: Provide implementation services for version upgrades, functional enhancements, and performance optimization of existing healthcare IT systems. The service scope includes system compatibility testing, data migration, module configuration, user acceptance test support, and initial post-deployment operational support. Detailed technical requirements, list of functional modules, performance indicators, and service deliverables must comply with the provisions in Appendix 2.1 (Technical Parameter List for Task 1) of the Terms of Reference (SWZ).
Lot 1 (LOT-0001) CPV Code: 72263000 (Software implementation services)
Lot 1 (LOT-0001) Technical/Professional Capacity Requirements: Successful completion of at least two healthcare system implementation or update service projects within the past three years, with each contract's total value (gross) not less than PLN 500,000.00.
Lot 1 (LOT-0001) Required Certificates/Documents: Submit the completed and signed Appendix 2.1 (Technical Parameter List - Task 1).

Lot 2 (LOT-0002) Title: Task 2 – IT System and Server Infrastructure Implementation Services
Lot 2 (LOT-0002) Service Description: Provide deployment and implementation services for IT systems and server infrastructure, including solutions utilizing artificial intelligence mechanisms. The service scope covers racking and configuration of hardware (servers, network equipment), installation and debugging of system software (operating systems, virtualization platforms), and deployment and integration of specific AI-based application systems. Detailed technical specifications, performance requirements, configuration lists, and service deliverables must comply with the provisions in Appendix 2.2 (Technical Parameter List for Task 2) of the Terms of Reference (SWZ).
Lot 2 (LOT-0002) CPV Code: 72611000 (Technical support services)
Lot 2 (LOT-0002) Technical/Professional Capacity Requirements: Successful completion of at least two IT system implementation or update service projects within the past three years, with each contract's total value (gross) not less than PLN 150,000.00.
Lot 2 (LOT-0002) Required Certificates/Documents: 1. Submit the completed and signed Appendix 2.2 (Technical Parameter List - Task 2); 2. Provide the following specific IT domain certifications to demonstrate the service team's professional competence: at least two certifications related to the Microsoft environment (e.g., MS 50255: Managing, Maintaining, and Protecting Networks Using Group Policy; SC-900: Security, Compliance, and Identity Fundamentals; MS-55341: Windows Server Installation, Storage, and Compute); ITIL® Foundation certification; at least two penetration testing-related certifications (e.g., Offensive Security Certified Professional (OSCP); Offensive Security Certified Expert (OSCE); eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)); at least two networking technology certifications (e.g., Aruba Certified Campus Access Professional (ACCP); Aruba Certified Campus Access Expert (ACCX); Aruba Certified Network Architect (ACNA) or equivalent); Juniper Networks Certified Specialist – Security (JNCIS-SEC) or equivalent certification.

Lot 3 (LOT-0003) Title: Task 3 – AI-Powered Healthcare and Communication Process Support System Implementation Services
Lot 3 (LOT-0003) Service Description: Provide implementation services for IT systems utilizing artificial intelligence to support healthcare and communication processes. Service content includes requirements analysis, AI algorithm/model adaptation, application system configuration and development, data interface integration with existing HIS/EMR systems, user training, and system trial operation support. Specific functional requirements, algorithm requirements, data interface standards, and implementation service specifications must comply with the provisions in Appendix 2.3 (Technical Parameter List for Task 3) of the Terms of Reference (SWZ).
Lot 3 (LOT-0003) CPV Code: 72263000 (Software implementation services)
Lot 3 (LOT-0003) Technical/Professional Capacity Requirements: Successful completion of at least two healthcare system implementation or update service projects within the past three years, with each contract's total value (gross) not less than PLN 150,000.00.
Lot 3 (LOT-0003) Required Certificates/Documents: Submit the completed and signed Appendix 2.3 (Technical Parameter List - Task 3).

Cybersecurity SOC Service Details: The core of this project is comprehensive cybersecurity services. The specific service scope includes the following key elements:
SOC Managed Service Content: Provide 24/7 cybersecurity monitoring services, including but not limited to real-time collection, correlation analysis, and threat hunting of security logs from the Purchaser's core medical systems, servers, network equipment, security devices, and endpoints. The service provider is responsible for initial assessment and prioritization of security alerts, investigation and analysis, and providing emergency response services upon confirmation of a security incident, assisting the Purchaser in containment, eradication, and recovery.
Integration Service Content: The SOC services must be technically integrated and data-integrated with the Purchaser's existing or to-be-deployed Integrated Service Platform (PUI), ensuring all security alerts, incident tickets, threat intelligence, and situational awareness data can be aggregated, analyzed, and presented visually and managed within the platform.
Training Service Content: Provide targeted cybersecurity training services. Training should be conducted at different levels, including cybersecurity awareness training for all employees (covering phishing email identification, password security, data breach prevention, etc.), specialized technical training for IT administrators (covering security policy configuration, log analysis, incident response procedures, etc.), and security risk situational training for management. Specific training course outlines, duration, assessment methods, and instructor requirements will be specified in the detailed technical parameters.
Service Standard Basis: All specific service scopes, Service Level Agreement (SLA) metrics (e.g., Mean Time to Detect - MTTD, Mean Time to Respond - MTTR), deliverable standards (e.g., weekly reports, monthly reports, incident reports), technical parameters, and interface protocols for SOC services, PUI integration, and cybersecurity training are ultimately based on Appendices 2.1, 2.2, 2.3 of the Terms of Reference (SWZ).

Economic/Financial Standing Requirements (All Lots): Provide a valid professional liability insurance policy proving the tenderer has insurance coverage of not less than PLN 500,000.00 for activities related to the subject matter of the contract.
Award Criteria: Price – Weight 100%
Appeal Authority: National Appeal Chamber (Krajowa Izba Odwoławcza)
Appeal Deadlines: 1. Appeals regarding the content of the procurement documents must be submitted within 10 days from the date of publication of the notice in the Official Journal of the European Union (OJEU); 2. Appeals regarding other actions of the contracting authority must be submitted within 10 days from the date the relevant information is communicated electronically.