1 - EBRD

advertisement
PUR1310/11
Pre-qualification Questionnaire (PQQ)
-----------------------------------------------------------Provision of Information Security Awareness and Training Services
------------------------------------------------------------
1.0
INTRODUCTION
The European Bank for Reconstruction and Development (the "EBRD") is an international financial institution.
The EBRD was established by treaty in 1990 to foster the transition towards open market oriented economies and
to promote private and entrepreneurial initiatives in Central and Eastern Europe, the Baltic States and the
Commonwealth of Independent States that are committed to and applying the principles of multiparty democracy,
pluralism and market economics. The EBRD has 63 members (61 countries, the European Community and the
European Investment Bank). Further information about the EBRD's roles and activities can be found on the
EBRD's website: www.ebrd.com.
2.0
OBJECTIVE OF THIS PQQ
The objective of this PQQ is to obtain responses to the attached questionnaire from suppliers of Information
Security Awareness and Training services. Responses will be evaluated in order to qualify suppliers to participate
in a tender. Only suppliers who answer “yes” to all of these questions will be deemed qualified for the subsequent
tender.
3.0
EBRD CONTACT DETAILS
Your sole contact for the purposes of the PQQ is:
Jason Redrup – Procurement Manager
Corporate Procurement Unit
EBRD
One Exchange Square
London
EC2A 2JN
Telephone: 020 7338 8612
Email: [email protected]
Mandatory Functional and Technical Requirements:
Relating to Information Security Awareness Material/Content
Content
1.
Do you develop and provide Information Security (IS) training and
awareness content yourselves (Your response must be no if this is done by
a third party)?
2.
Have you provided IS training and awareness content to organisations
within the Financial Sector?
3.
Is your IS training and awareness content capable of being delivered
through your own e-Learning solution as well as being available as
‘stand-alone’ content which can be delivered through Newsletters, e-mails
or uploaded to intranet sites as static content?
Policy Integration
4.
Will your IS training and awareness content allow integration of Bankspecific ‘policies and procedures’ into your static Information Security
content?
Technical Detail
5.
Where required by the Bank, can you provide general IS training and
awareness content containing technical detail (for example, a step-by-step
guide for staff on how to secure their personal Android, IOS or Windows
mobile devices)?
Branding
6.
Can the IS training and awareness material be branded, e.g. with EBRD
logos, images etc?
Content
7.
Can you provide off the shelf IS training and awareness content including
(but not limited to):
a. Viruses & Malware
Y/N
Comments
b.
c.
d.
e.
f.
g.
h.
i.
Mobile Security
Phishing
Social Engineering
Cloud Security
Protecting your PC
Password Security
E-Mail and Instant Messaging Security
Access Control
Tailored Content
8.
Can you provide tailored content on a range of specific IS
subjects if requested by the Bank
Mandatory Technical Requirements:
Relating to the e-Learning solution/Learning Management System
(LMS)
Architecture and Infrastructure
9.
Can the e-Learning solution/Learning Management System (LMS) be
hosted outside of the Bank’s infrastructure, for example, a cloud-based
solution and managed by the third party?
10. Can the e-Learning solution/Learning Management System (LMS) be
hosted on the Bank’s infrastructure?
11. Can the e-Learning solution/Learning Management System (LMS) be
hosted on the Bank’s infrastructure but managed by the supplier rather
than the EBRD?
Infrastructure Integration
12. Is the e-Learning solution/Learning Management System (LMS)
accessible from the following environment:
a. Microsoft Windows 7 SP1 (64-bit)
b. Internet Explorer 9
Y/N
Comments
13. Where access is required outside of the Bank’s infrastructure, does the
solution support IE8/9/10/11, Firefox 24+ and Google Chrome 30+.
14. Does the e-Learning solution/Learning Management System (LMS)
support both 32 bit and 64 bit machines?
15. Is the e-Learning solution/Learning Management System (LMS)
accessible from virtual environments (e.g. Citrix)?
16. Does the e-Learning solution/Learning Management System (LMS)
support access via Mobile Devices (e.g. BlackBerry, Android, Apple
IOS)?
Policy Integration within the e-Learning solution/Learning
Management System (LMS)
17. Will the IS content within the e-Learning solution/Learning Management
System (LMS) allow Bank policies and procedures to be integrated into
online e-Learning content?
Management and Logging
18. Does the e-Learning solution/Learning Management System (LMS)
provide a central management facility?
19. Will the e-Learning solution/Learning Management System (LMS) be
managed entirely by the third-party including user base administration,
alert notifications etc
20. Does the e-Learning solution/Learning Management System (LMS) log
all user activity?
21. Does the e-Learning solution/Learning Management System (LMS)
provide customisable management reports on user activity?
Branding
22. Can the e-Learning solution/Learning Management System (LMS) and its
material/reports be branded, e.g. with EBRD logos, images etc
Y/N
Financial Information
23. Can you provide the Turnover, Gross Profit and Net Profit covering the
last three years, or for the period that is available if trading for less than
three years? (If ‘Y’, please provide details in the comments)
24. Can you provide audited accounts covering the last three years, or for the
period that is available if trading for less than three years? (If ‘Y’, please
provide these)
Comments
Download