BOND — CPV 726 – IT Security Services
Live
Servicio de asistencia técnica, mantenimiento y gestión de aplicaciones informáticas de carácter científico, destinado al Secretaría General Adjunta de Informática de la Agencia Estatal Consejo Superior de Investigaciones Científicas.
ES
in 2 days
Deadline
Servicio de administración y soporte de la infraestructura de sistemas destinada a proyectos basados en una arquitectura de microservicios para el Organismo Estatal de Inspección de Trabajo y Seguridad Social.
ES
in 4 days
Deadline
Servicio de atención especializada en el soporte técnico relativo al uso de los servicios electrónicos de la Agencia Estatal de Administración Tributaria.
ES
in 2 weeks
Deadline
Servicio de creación y operación de una oficina de gobierno del dato para Mutua Balear
ES
in 3 weeks
Deadline
Servicio de soporte a usuarios de las aplicaciones de la Agencia Tributaria Valenciana: proyecto CAU-ATV.
ES
in 4 weeks
Deadline
Updated 2 min ago
Deutsch
CPV Code

CPV 726 – IT Security Services

CPV 726 covers IT security services including penetration testing, security audits, ISMS consultancy, SOC operations, incident response and cybersecurity advisory for public authorities.

What does CPV 726 cover?

CPV group 726 covers services for reviewing, improving and continuously operating IT security in organisations. In contrast to the procurement of security software products (CPV 487x), the focus here is on human expertise and service-based delivery: penetration testing to identify security vulnerabilities, security audits and assessments, consultancy for the implementation and certification of information security management systems (ISMS) to ISO 27001 or equivalent national frameworks, the operation of Security Operations Centres (SOC), and incident response services following security incidents.

For public authorities, IT security services have grown significantly in importance due to the NIS2 Directive, national cybersecurity requirements and the rising threat landscape of ransomware and cyber attacks on public infrastructure. Requirements placed on service providers are high: security screening of personnel, specialist certifications (e.g. OSCP for penetration testers, ISO 27001 Lead Auditor) and strict confidentiality agreements are frequently demanded.

Further information on the CPV system is available from the European Commission (SIMAP) and from Regulation (EC) No 213/2008 on the revision of the CPV.

Typical Services in CPV 726

  • Penetration testing (network, web applications, social engineering)
  • Security audits and IT security assessments
  • Information security management system (ISMS) implementation
  • ISO 27001 certification support and advisory
  • Security Operations Centre (SOC) operation and managed detection and response
  • Incident response and forensic analysis following security incidents
  • Vulnerability management programmes

Examples of Tenders with CPV 726

  • Penetration Testing for a Federal Agency's IT Infrastructure: External black-box and grey-box penetration testing of web applications, internal infrastructure and directory services, including a detailed findings report and re-testing.
  • SOC Operations for a Regional Data Centre: Managed security service for 24/7 operation of a Security Operations Centre, including SIEM operation, threat intelligence, alerting and incident response support for 15 connected public bodies.
  • Information Security Advisory for a District Administration: Conducting an IT structure analysis, protection needs assessment and preparation of an IT security concept to recognised national standards for the entire IT infrastructure of the district.

Current tenders with CPV 726 are published on TED (Tenders Electronic Daily) and on national procurement platforms such as the German Procurement Portal (DTVP).

Who is CPV 726 relevant for?

Public Contracting Authorities

Public authorities procuring IT security services must pay particular attention to confidentiality and security during contract execution. Information from security audits and penetration tests is highly sensitive. Eligibility requirements should therefore cover, in addition to professional qualifications, aspects such as reliability, confidentiality obligations and where relevant, security screening of the personnel deployed. Further information is available from the Federal Ministry for Economic Affairs and Climate Action (BMWK).

Companies and Bidders

IT security firms and penetration testers delivering security services to public authorities will find a growing market segment under CPV 726. Recognised certifications (OSCP, CISM, CISSP, ISO 27001 Lead Auditor), experience with public-sector IT environments and a demonstrably structured approach to handling sensitive security information are key success factors.

How does Bond help with CPV 726?

Tender Match – Automatically Find Tenders (CPV 726)

With tender.match, IT security companies and penetration testers automatically receive all relevant tenders with CPV 726 directly in their dashboard. BOND indexes tenders from over 1,000 procurement portals in the EU – from TED to national platforms and regional contracting authorities. Instead of manually searching dozens of portals every day, matching cybersecurity contracts are filtered and delivered by industry, competency, region, and company profile. An automated gap analysis immediately shows where the company meets the requirements and where gaps exist. This ensures companies never miss a deadline and can focus on preparing their bids.

Company Match – Find the Right Partners and Suppliers (CPV 726)

For companies looking for suppliers, subcontractors, or consortium partners for cybersecurity projects, company.match provides direct access to qualified firms from an EU-wide database of over 28 million companies. Especially for larger IT security tenders that a single company cannot handle alone, company.match automatically identifies suitable partners for bidding consortia and partial services – increasing the chances of winning the contract.

Frequently Asked Questions about CPV 726

What does the CPV code 72600000 mean?

The CPV code 72600000 designates IT support and advisory services in the European classification system. Under CPV 726, it specifically covers IT security services including penetration testing, security audits, ISMS implementation and SOC operations for public contracting authorities.

How do I find tenders with CPV 726?

Tenders with CPV 726 are published on TED (Tenders Electronic Daily) for EU-wide procedures and on the German Procurement Portal (DTVP) for national tenders. Bond automatically aggregates all relevant tenders from over 1,000 portals and delivers them filtered by company profile.

What are the requirements for participating in tenders with CPV 726?

Bidders are generally required to provide recognised security certifications, ISO 27001 or equivalent accreditation, references from comparable security engagements in the public sector and evidence of secure handling of sensitive information. Details are governed by the VgV and, for below-threshold awards, the UVgO.

Get started

Book a demo.

See what BOND finds for your company — tenders, suppliers, and partners you'd never discover on your own. Cancel any month, anytime.

Book demo