ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION ICT SECURITY SERVICES RAF /2014/00014 Date: Time: 7 April 2014 10h00 AGENDA 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. Welcome and Introductions Background Purpose of the Bid Evaluation Criteria Pricing Functional Criteria and points Mandatory Criteria Mandatory Documents SLA Submission of Bids Contact details Questions and Answers WELCOME The Road Accident Fund (RAF) welcome all interested bidders to the Compulsory briefing session for the invitation to bid for ICT Security Services The RAF team: Dinesh Govender JP du Plessis Lee Zietsman Page 3 RAF – ICT RAF – ICT RAF – Procurement Citrix Support Background The RAF ICT needs to improve security management across all security aspects to manage risks and external threats. To remain actively vigilant of external activities the RAF ICT must maintain a 24/7 365 monitoring service to reduce the risk. The RAF has identified the need to implement an information awareness programme for all RAF employees to achieve information security integrity and responsibility Purpose To achieve success in respect of the RAF ICT GRS objectives, the RAF ICT requires the services of a highly experienced service provider to offer a fully integrated holistic “one-stop” security management solution. The bid comprises of three aspects of security concerns, governed by the RAF ICT: External Security Monitoring The RAF ICT will require the services of a certified Cisco service provider – minimum Cisco Silver partnership. The services should include monitoring and predefined direct responses to external threats . Gauteng Vulnerability Management Information Security Awareness The bidder is expected to automate the process, provide network discovery and mapping, assessment reporting, remediation tracking and document compliance with internal security policies as well as external regulations. The bidder must adhere to ISO27001 regulations and ICT Best practices. The objective of the awareness programme is to focus on the attention of employees on maintaining the confidentiality, integrity, and availability of information assets as well as their role and responsibility in achieving information security. Gauteng Regional PROJECT MANAGEMENT Page 5 Citrix Support Evaluation Criteria The Bid evaluation will be based on the following: − Mandatory Requirements − Evaluation: Technical / Functionality – 90 points − Evaluation: Presentation – 10 points » The bidders who score more than 65 points out of the 90 points before presentations will be shortlisted for presentations and those that score below, will be disqualified. » Presentations will be scheduled with the individual qualified bidders before final evaluation. Presentations will take place on the date scheduled by the Bid Evaluation Committee at the RAF premises in Eco Glades. Bidders will be given Three (3) days to prepare presentation. − Price and BEE Evaluations (90/10 points) Page 6 Citrix Support Bid Mandatory Requirements • Provide proof of ability to provide the services by submitting references in respect of each of the category of services required by the RAF – Client Reference sheet • Capability of delivering an end to end solution in respect of all three security aspects relating to: External Security Monitoring, Vulnerability Management and Information Security Awareness This can be done as a single service provider, consortium or Joint Venture • Company Certification and Accreditation with reference to the services requested for following requirements: − External Security Monitoring – Cisco Accredited Partner − Vulnerability Management – Industry Standard Vulnerability Management accreditation for services and tools. • Dedicated Project Manager to manage the contract for the period of two years, conduct monthly meetings, or as and when required and provide progress reports to the RAF ICT management. Page 7 Citrix Support Functionality Criteria Technical / Functional Evaluation Points 1. Experience of the Company: The Bidder must indicate the number of years experience in providing security services – Year allocation table per requirement to be completed 20 2. Project Management: It is required that the bidder provide minimum of 2 references of the resource assigned as project manager – Reference sheet to be completed by clients 20 3. Resources: The bidder is requested to indicate the years of experience and qualification of the relevant resources. Resource CV’s must be attached and proof of certification. External Security Monitoring - CCIE (Security) / CCNP (Security) / CCSP (Security) / CCNA (Security) Vulnerability Management – CEH / SANS Information Security Awareness – CISM / CISSP 50 . Page 8 Citrix Support Functionality Criteria Technical / Functional Evaluation 4. Points Presentation Methodology The bidder must include as part of their presentation proposal a methodology that must provide for the following: Holistic end to end solution Percentage of time allocated on site and off site Resources allocated for each component of the security service bid and capabilities Access to systems Performance management 10 Total points 100 All Bidders who score LESS than 65 points on overall functionality including presentations shall not be considered for further evaluation on Price and BBBEE Page 9 Citrix Support Pricing Schedule Page 10 Citrix Support Pricing Schedule Page 11 Citrix Support Mandatory Documents • • • • • • • • • • • • • • • Original and valid SARS Tax Clearance Certificate – No copies accepted Certified copy of VAT registration certificate, if applicable Annual Financial Statements with signed audit report Original certified copies of your CIPRO/CIPC company registration documents listing all members with percentage members interest, in case of a close corporation Original certificate of good standing or proof of application issued by the Compensation Fund (COID) or a licensed compensation insurer B-BBEE certificate by an accredited verification agency (South African bidders only) Confirmation of vendor registration with the RAF, if already registered Schematic representation of bidder structure, indicating holding company, shareholders, members, affiliates, franchisees, etc., as applicable Shareholding / membership breakdown per race, gender and percentage shareholding with shareholders of the bidding company who are not individuals Declaration of interest If the bidder is a joint venture, consortium or other unincorporated grouping of two or more persons / entities, a copy of the joint venture agreement between the members Completed price schedule with detailed breakdown Completed Bidder's Particulars Bid Conditions Signed Instructions to Bidders and any other additional bid requirements, such as proof of certification, etc.. Page 12 Citrix Support SLA Bidders will need to comply to the following SLA terms and Conditions: Each page of the SLA is to be initialed and signed copies of the SLA must be submitted in duplicate Subject to the Conditions of Contract, the Contract shall endure for a period of 2 (two) years from the Implementation Date. Penalties shall be calculated based on the period by which a specific Key Milestone is missed. Submission of Bid Responses • One original completed and signed bid submission marked ORIGINAL with 2 copies • Two envelope system – submit PRICE/BEE and Financials in a separate file/envelope clearly marked with bidders details and bid reference • Original Bid document must be completed and not separated in file, all pages must be maintained as Section 1 of the bid submission, thereafter additional required documents are to be referenced and indexed • All bids submissions must be hand delivered and put in the tender box at reception. • All bids being delivered must be registered by company name in the Bid registration file at Reception. Submission Address : RAF ECO GLADES 420 WITCH HAZEL AVENEUE CENTURION 11am on the Friday 9th May 2014 at 11am Bidders will be disqualified if they fail to submit bid response by the closing date and time Page 14 Citrix Support Contact Details All queries and questions must be in writing via email to leez@raf.co.za No telephonic queries will be accepted Briefing Session attendance register will be published to web, together with minutes taken at briefing session All Q&A details will be published to the RAF website www.raf.co.za on the 22nd April 2014 Questions and Answers Bidders to ask bid related questions to line management Thank You