DENA BANK INFORMATION TECHNOLOGY DEPARTMENT, HO, MUMBAI.

Size: px
Start display at page:

Download "DENA BANK INFORMATION TECHNOLOGY DEPARTMENT, HO, MUMBAI."

Transcription

1 Replies to Queries during the Pre-bid meeting held on 12 th May, 2015 for Tender Managed Security Services [Tender Ref: HO/ITD/206/2015 Dated 06/05/2015]. Sr. No. RFP Reference No. Query Clarification/ Change Request Response 1 Need device details - device/type/version/location/count along with services to be supported. All these information will be shared with successful bidder. 2 Need website count to be covered under malware scanning? 3 Pg No. 5, Point no The Bidder need to connect SOC to Bank s DC& DR by using links of adequate bandwidth. The network equipments at Bank s end and SOC end will be arranged by the Bidder. The monitoring & uptime of link will also be bidder s responsibility. The space and infrastructure at the SOC for installing the equipments like WAN cabling, LAN cabling, Power etc for should be provided by bidder at no additional cost to the Bank. It is assumed that link, space, infrastructure, power will be provided by bank. If not, pls clarify. 10 websites need to be covered under malware scanning. Which may be increase/decreased as per bank's requirement. Network Link from SOC to Dena Bank DC and DR site along with CPE device need to be procured and mantained by the successful bidder. 4 Pg No. 8, Point No Implementation of all the services. 4 weeks from date of issuing the purchase order Request to extend implementation timeline Implementation timeline for all component have been increased to 8 weeks.

2 5 Pg No. 7/8, Point No Pg No. 5, Forensic Investigation, Other Security Services The vulnerability assessment must cover network equipment like routers, switches, firewalls, webservers, Operating systems, Databases, etc. Kindly elaborate on the service/resource expecation from bidder. Request the bank to share the count of these devices under the scope of Vulnerability management Forensic Investigations and services for future security challenges need to be provided Switches(47), routers- 21, Network Security devices -44, and servers Pg No. 5, The vendor shall also provide the SCDs (Secure Configuration documents) to secure the OS / Database pertaining to servers / devices with different flavors and Request the bank to share the details of the types of OS/ DB, web servers, routers, switches and other network/ security devices. 8 Kindly share the exact count of SCDs to be developed for the bank on a year on year basis different versions of the operating 9 systems (like Windows, Linux, Unix, Kindly share the count of OS, DB, web servers, AIX, etc.), databases (like Oracle, SQL, routers, switches and network/ security devices etc.), webservers (like Windows IIS, which the bank has in its environment for which Apache Tomcat for Windows and the SCD have to be developed Linux, etc.), routers, switches, etc. 10 Page 5, , a. The vendor has to implement all the SCD at least once in the live environment successfully. b. SCD to be integrated with VM management tools for configuration review We assume that, if SCD needs to be integrated with VM tool then we will need Admin User id and passwords. Kindly confirm whether the bank can share the same. If the admin rights are not given, then SCD will not be integrated with the VM tool. We request the bank to modify the clause since it is very unlikely that admin rights will be shared with us. This will be shared with successful bidder. As per RFP. SCDs need to be provided for all the devices which are under the scope of Vulnerability Assessement. Required access will be provided for implementation. 11 Pg No. 5, The vendor must undertake to do the vulnerability assessment activity onsite Please confirm if the expectation of the bank is to have a tool deployed onsite. If yes, the tool would be licensed for the bank or the bidder Bank will not procure any licenses. Successful bidder need to procure the license.

3 12 Pg No. 6, Pg No. 6, Application security testing (Appsec- Grey box testing) The vendor is expected to carry out onsite a total of 35nos. of AppSec for various applications per annum on need basis. We understand that this activity would involve application assessment. It is assumed that code review (static or dynamic) is not part of the scope. Please confirm if the count of applications would remain at 35 over the tenure of engagement. Or is there a scope of increase in number of applications, basis which the bidder has to make their solution scalable Code review is not the part of the scope. As per RFP. 14 Pg No. 6, AppSec testing shall be carried out at banks premises; only licensed tools to be used to perform in-depth analysis of whole application. The AppSec testing should be initiated within 2 Please confirm if the tool is to be deployed onsite. Also, whether the tool should be licensed for the bank or the bidder. 15 Is a bank fine if the bidder uses a cloud based solution for application security days of Bank s request. 16 Pg No. 6, The Bidder shall carry out PTs for various devices / systems per annum. The Bidder shall carry out PT for Dena Bank websites on a quarterly basis. Request the bank to confirm the number of devices/systems on which PT has to be done for both annual and quarterly basis All licenses need to be procured by the successful bidder only. Bank will avail the services in OPEX mode. AppSec Testing need to be done onsite. Approximate 15 public Ips for which PT need to be carried. 17 Page 19, 8.02 The payment for Managed Security Services will be divided into 4 equal installments for the year and paid quarterly in arrears post after acceptance of all the relevant requirements under this tender We request bank to modify the clause for payment in advance for every quarter. As per RFP.

4 18 General As a best practise, pentest is done through a combination of open sourced/ freeware tools. Is the bank willing to let the bidder under the PT exercise through plethora of open source/ freeware tools. Please confirm 19 General If the tools are to be deployed in the bank's premises, would the hardware/ Vm for the tools be provided by the bank or the bidder has to factor in the cost for hardware 20 Commercial Evaluation yes. Sucessful bidder may use different combination tools for PT. Successful Bidder also need to use gartner recommended licensed tools for PT. Hardware will be provided the Bank. Details of Tools deployed by the successful bidder and configuration of the hardware need to be provided. page 16 L1 bidder will be decided through reverse auction in each of the category separately. 21 L1 bidder will be selected on the basis of the least total cost of ownership (TCO) criteria in each of the category separately. Bidder may quote for any number of categories as per their page 16 choice. 22 Eligibility Criteria Point 9 We request Bank to kindly withdraw this clause Commercial Evaluation L1 bidder will be decided through reverse auction L1 bidder will be selected on the basis of the least total cost of ownership (TCO). Clause modified as given in Corregendum

5 23 Section 8 Neither Bank nor Bidder shall in any event be liable for any indirect or consequential loss or damages, including, loss of income or profits or anticipated savings. To the maximum extent allowed under law and notwithstanding anything to the contrary contained elsewhere, the maximum liability of Bidder under this Agreement regardless of the form of claim, damage under contract, torts or any other legal theory shall be limited to annual value of the respective purchase order to which such claim relates Please clarify that the compliance table in clause 6.17, sub-clause (e) also includes providing inputs for clause 8 (Terms and conditions of the offer). As per RFP As per RFP

6 25 Indemnity 8.06 We request the indemnity clause be mutually agreed to align with the indemnities generally provided under IT contracts. We request that the indemnities under the Agreement be restricted to third party claims due to non-compliance of applicable law, any claims by a third party for infringement by Bidder of a third party's intellectual property rights and any third party claims due to Bidder's gross negligence and willful misconduct which result in (a) bodily injury or death or (b) damage to Bank's tangible property As per RFP

7 26 Clause 8.07 and clause 8.08 We request that any audit (except for statutory audits) be subject to the following: As per RFP 1. only after reasonable prior notice of at least one month 2. Not more than once a year 3. No external auditors shall be competitor of Bidder 4. All Bidder policy related to security, IT shall be adhered to by Bank or its auditor while on Bidder s premises. 5. At Bank's cost The following shall not be in scope of the audit: (i) any information relating to other clients or information not related to the services; (ii) Bidder s locations/ premises (or portions thereof) that are not related to Bank or the services; or (iii) Bidder s records or documents relating to the make-up of Bidder s internal overhead calculations or direct costs, their relationship to the service charges, any financial cost model, calculation of service charges or Bidder s profitability ; or (iv) internal audit reports. 27 Delivery period we request delivery on proposed project timeline of 8 weeks for starting services 8 weeks from date of issuance of Purchase order.

8 28 Charges for phishing site takedown Management of Security devices/solutions including rule base audit, management of devices and creation of rules during non-business hours. The Bidder shall be involved in understanding and suggesting changes to the network and systems security issues to determine what security vulnerabilities exist on the network and various systems and how to fix them. The vulnerability assessment must cover network equipment like routers, switches, firewalls, webservers, Operating systems, Databases, etc. The vendor must undertake to do vulnerability assessment activity on site. The bidder shall carry out PT for various devices/systems per anumm Request the bank to share indicative volume and minimum guaranteed payment so that service can provisioned adequately please provide the number of rule base audits to be conducted. Please provide the number and type of security devices for device management how many VA Scans need to be performed in a year.? How many assets included in each VA scan.? How many SCDs need to provided? Please provide the list and type of assets with its version details. Please provide number of Ips to be considered in external PT. we are assuming that the PT is to be conducted remotely for external facing assets?. Do we have to conduct PT for only 1 website per year? Please confirm As per RFP There are 44 Security Devices which incudes IDS, IPS, Firewalls and critical Routers for which changes in the Rules are made by Bank and System Integrator of Bank. Successful bidder need to audit the rules and advise the Bank for suitable modifications. Quarterly VA need to be conducted. Approximate 325 devices for which VA need to be conducted which may increase/decrease in future as per Bank's Requirement. SCDs need to be provided as per RFP. List, version and type of assets will be provided to successful bidder. 10 Ips to considered for external PT which may increase/decrease as per Bank's requirement. PT need to conducted remotely for external facing assets. PT need to be conducted quarterly.

9 Monitoring of 100 devices Minimum Features need to be available in Security Dashboard Please provide the complete device list details and number of devices to be considered in each platform for log collection. Please fill the table mentioned below(table-1) As part of the security dashboard and analytics requirement, does Dena Bank wish to have the following capabilities as part of the proposed managed services for threat and vulnerability management: ability to create an inventory of key IT assets that need to undergo a security assessment ability to update detailed information about each asset such as IT Asset owner, location, department, IP address. ability to specify the linkages between the assets uploaded into the dashboard ability to allow the bank's security team to select the assets from the IT Asset inventory for the purpose of performing a security assessment ability to plan and schedule periodic or ad-hoc security assessment activity for an asset or a group of assets ability to automatically execute a vulnerability assessment scan for an asset as per the defined schedule of the bank, on a pre-defined date, by integrating with leading vulnerability scanners No. of Devices may be cosidered as 100 which may increase or decrease as per Bank's requirement.

10 ability to compare the results from back-to-back vulnerability scans to verify that vulnerabilities are closed either by patching, implementing a compensating control, or by documenting and accepting a reasonable business risk- to meet RBI compliance requirements ability to automatically import the results of the security assessments for further analysis and reporting ability to integrate with the SIEM platform to import threat alerts into the dashboard and corelating threats and vulnerabilities in the context of an asset for better visibility and risk identification automated workflow for assigning and tracking remediation activity of threats and vulnereabilities to respective asset owners within the bank facility to asset owners and security managers to approve security exceptions for those vulnerabilities for which remediation is not possible or compensating controls are available and also define target dates for remediation and further tracking remediation tasks/ security exceptions that cross their target/expiry dates workflow for raising incident alerts and monitoring and reporting their closure

11 Overall vulnerability posture derived from all types of assessments carried out with updated status regarding numbers of unmitigated, critical vulnerabilities, for each department/division/owner/application, plan for mitigation indicating critical issues with senior management to provide effective incentives for mitigation Consolidated Vulnerability Dashboard as a single view of vulnerability posture across the assets through all types of assessments. Owner wise, Application wise & Asset wise consolidated finding/threat/vulnerability reported for each asset through various assessments being carried out to be available Executive and detailed technical reports of identified vulnerabilities along with recommendation for closure in excel and/or word and/or pdf format as per the requirement ability for bank's users to views available data without the need for any expert assistance or professional services facility to monitor key performance indicators and trends and metrics related to threat management and vulnerability management role based access control - the administrator should be able to define which user has access to which system functionality and views based on his business role

12 51 52 The solution should comply with the password security policy of the bank provision for performing advanced analytics or forensic investigation on historical data / security logs uploaded into the solution Corregendum for change in Eligibility Criteria Sr. No. Exisitng Clause Clause after the Change 1 The bidder should be enabled with CERT-IN The bidder or the partner carrying out Appsec /VAPT services should be empanelled with CERT-In. Copy of current Empanelment Certificate of the bidder / partner to be submitted. (In case of a partner for AppSec& VAPT, the bidder needs to submit CERT In empanelment certificate of the vendor/partner and back to back arrangement as part of the bid documents.) Please note that date of submission is 02/06/ Hrs

available in India to be conducted for the following application vs

available in India to be conducted for the following application vs 1 1.2.3. Review/ Audit of Please mention which of the in-scope applications are deployed in India visà-vis, Test system will be the international locations and whether the test systems for all the in-

More information

Reply to queries raised for Procurement of Bulk Services

Reply to queries raised for Procurement of Bulk  Services 1 2 3 4 3-3.2 (Eligibility Criteria for Bulk Email Services (OPEX Model) 3-3.3 (Eligibility Criteria for Bulk Email Services (OPEX Model) 4-4.2.3 (Scope of work for Bulk 4-4.2.4 (Scope of work for Bulk

More information

RESERVE BANK OF INDIA

RESERVE BANK OF INDIA भ रत य रज़वर ब क स चन गक वभ ग Corporate Communications Division RESERVE BANK OF INDIA Department of Information Technology Annexure-A RFP for RFP for providing certification services under ISO 27001:2013

More information

Pre Bid Query Response. Request for Proposal for Procurement of Cloud Services

Pre Bid Query Response. Request for Proposal for Procurement of Cloud Services S No Section Existing Clause Revised Clause 1 Section 4 Calendar of Last Date & Time for Bid Submission : 5 th May Last Date & Time for Bid Submission : events 2018 : 3:30 pm or before 30 th April : 4:00

More information

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017

ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS. December 1, 2017 ORACLE MANAGED CLOUD SECURITY SERVICES - SERVICE DESCRIPTIONS December 1, 2017 Table of Contents Oracle Managed Security Database Encryption Service for Oracle IaaS... 3 Oracle Managed Security Database

More information

locuz.com SOC Services

locuz.com SOC Services locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security

More information

Request for Proposal (RFP)

Request for Proposal (RFP) Request for Proposal (RFP) BOK PENETRATION TESTING Date of Issue Closing Date Place Enquiries Table of Contents 1. Project Introduction... 3 1.1 About The Bank of Khyber... 3 1.2 Critical Success Factors...

More information

CORRIGENDUM- I. Sr. Page/Section Description Bidder s Query Clarification / Amendments. 1 Page 5 of Vol-I, and Page 15 of Vol-II

CORRIGENDUM- I. Sr. Page/Section Description Bidder s Query Clarification / Amendments. 1 Page 5 of Vol-I, and Page 15 of Vol-II CORRIGENDUM- I Name of work: RFP for selection of agency for creation of Digital Project Management Platform comprising OSO, Supply, Implementation and Support of 5D-BIM & ERP for the Nagpur Metro Rail

More information

IBM Managed Security Services - Vulnerability Scanning

IBM Managed Security Services - Vulnerability Scanning Service Description IBM Managed Security Services - Vulnerability Scanning This Service Description describes the Service IBM provides to Client. 1.1 Service IBM Managed Security Services - Vulnerability

More information

DIT/BPR&BTD/OA/1206/

DIT/BPR&BTD/OA/1206/ UCO BANK Department of Information Technology Request for Proposal (RFP) For Building of Data Centre Infrastructure for non-cbs servers at 6th Floor, HO DIT (Re-tendering) RFP Ref No: DIT/BPR&BTD/OA/1206/2018-19

More information

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template RFP/RFI Questions for Managed Security Services Sample MSSP RFP Template Table of Contents Request for Proposal Template Overview 1 Introduction... 1 How to Use this Document... 1 Suggested RFP Outline

More information

Sub : ADDENDUM/CORRIGENDUM for Request for Proposal for Providing Managed Networking Solutions using SDWAN Technology for ESIC Offices across India

Sub : ADDENDUM/CORRIGENDUM for Request for Proposal for Providing Managed Networking Solutions using SDWAN Technology for ESIC Offices across India EMPLOYEES STATE INSURANCE CORPORATION ESIC Hqrs. Extension office, Express Building, BSZ Marg, Ground Floor, New Delhi-02 VOIP No. 10011008/10011048 PH: 011-23701356, email: ac_icthq@esic.nic.in F. No.

More information

Request for Proposal (RFP) for setting up a Security Operations Centre (SOC), SIEM and Security Tools Implementation

Request for Proposal (RFP) for setting up a Security Operations Centre (SOC), SIEM and Security Tools Implementation BANK OF INDIA HEAD OFFICE INFOSEC CELL RFP for setting up a SOC, SIEM and Security Tools Implementation 16.12.2015 CORRIGENDUM 8 Request for Proposal (RFP) for setting up a Security Operations Centre (SOC),

More information

Allahabad Bank. Page 1 of 6

Allahabad Bank. Page 1 of 6 RFP Ref. :-HO/DIT/MDM/2017-18/71 dated 12.09.2017) Addendum-I to RFP towards Empanelment of Vendor on Rate Contract Basis towards Supply & Implementation of Mobile Device Management (MDM) Solution for

More information

Tender Schedule No. Figure: Active-Active Cluster with RAC

Tender Schedule No. Figure: Active-Active Cluster with RAC Tender Schedule No SIBL-IT-2014-01- ORACLE_RAC_ADG Social Islami Bank Ltd is running Core Islami Banking Solution since 2009. Total no of Branches/Users is increasing per year. Now, Database Server Load

More information

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017)

Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017) Epicor ERP Cloud Services Specification Multi-Tenant and Dedicated Tenant Cloud Services (Updated July 31, 2017) GENERAL TERMS & INFORMATION A. GENERAL TERMS & DEFINITIONS 1. This Services Specification

More information

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding) BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding) CLAUSE 13 ON-LINE BIDDING 13.1 ON-LINE BIDDING.1 Definitions: Owner means the party and/or their agent designated to receive on-line

More information

Reference Bidders Query RECTPCL response. 1. Kindly confirm the total No of Instances required?

Reference Bidders Query RECTPCL response. 1. Kindly confirm the total No of Instances required? Clarification to the Bidders Queries w.r.t the Bid Documents for Engagement of Agency for providing Cloud Hosting Space with Managed services, Operations & Maintenance support for hosting Application of

More information

INVITATION OF BIDS FOR TENDER

INVITATION OF BIDS FOR TENDER INVITATION OF BIDS FOR TENDER Tender No : 01/2018 0947/IT/DGNCC/Budget Government of India Ministry of Defence Dte General of NCC West Block IV, RK Puram, New Delhi 110066 17 Apr 2018 From: HQ Dte General

More information

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion

More information

Areas of impact for client consideration taken from the Rules for achieving and maintaining IATF recognition 4 th Edition for ISO/TS 16949

Areas of impact for client consideration taken from the Rules for achieving and maintaining IATF recognition 4 th Edition for ISO/TS 16949 Areas of for client consideration taken from the Rules for achieving and maintaining IATF recognition 4 th Edition for ISO/TS 16949 1 st February 2014 1 Foreword Introduction The IATF recognizes certification

More information

SCHEME OF SUPERVISION AND CONTROL OF THE USE OF THE HONG KONG GREEN MARK GENERAL REQUIREMENTS AND OBLIGATIONS APPLICABLE TO ALL CERTIFIED COMPANIES

SCHEME OF SUPERVISION AND CONTROL OF THE USE OF THE HONG KONG GREEN MARK GENERAL REQUIREMENTS AND OBLIGATIONS APPLICABLE TO ALL CERTIFIED COMPANIES SCHEME OF SUPERVISION AND CONTROL OF THE USE OF THE HONG KONG GREEN MARK PART 1: GENERAL REQUIREMENTS AND OBLIGATIONS APPLICABLE TO ALL CERTIFIED COMPANIES GENERAL Companies that are authorized to use

More information

:- IDBI /PCELL/ RFP/

:- IDBI /PCELL/ RFP/ Sr. No RFP Page No Section / Clause/Para No Existing clause 1 6 Control Sheet Schedule for receipt of Bids: - 31 st March 2017 at 1600 Hrs. 2 6 Control Sheet Schedule for Opening of Technical Bids: 31

More information

DATA PROCESSING TERMS

DATA PROCESSING TERMS DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica

More information

ASD CERTIFICATION REPORT

ASD CERTIFICATION REPORT ASD CERTIFICATION REPORT Amazon Web Services Elastic Compute Cloud (EC2), Virtual Private Cloud (VPC), Elastic Block Store (EBS) and Simple Storage Service (S3) Certification Decision ASD certifies Amazon

More information

Enclosed the reply to your queries to RFP Invitation for Expression of Interest (EOI) for providing Security

Enclosed the reply to your queries to RFP Invitation for Expression of Interest (EOI) for providing Security Date: 13.10.2017 Enclosed the reply to your queries to RFP Invitation for Expression of Interest (EOI) for providing Security Operation Center (SOC) services and its management of Reference no. CO-IT/BPR/CSC/2017-2018/1

More information

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

Schedule document N4MDM. PUBLIC Node4 limited 31/11/2018. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ Schedule document N4MDM PUBLIC Node4 limited 31/11/2018 Schedule document N4MDM This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management

More information

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ

SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017. Node4 Limited Millennium Way Pride Park Derby DE24 8HZ SCHEDULE DOCUMENT N4MDM PUBLIC NODE4 LIMITED 13/07/2017 SCHEDULE This Schedule contains additional terms, Service Description & Service Level Agreement applicable to the N4 End Point Management Service

More information

Service Description: Software Support

Service Description: Software Support Page 1 of 6 Service Description: Software Support This document describes the service offers under Cisco Software Support. This includes Software Support Service (SWSS), Software Support Basic, Software

More information

Oracle Managed Cloud Services for Software as a Service - Service Descriptions. February 2018

Oracle Managed Cloud Services for Software as a Service - Service Descriptions. February 2018 Oracle Managed Cloud Services for Software as a Service - Service Descriptions February 2018 Table of Contents Oracle Managed Cloud GxP Compliance for SaaS...3 Oracle Managed Cloud Helpdesk for SaaS...5

More information

WORKSHARE SECURITY OVERVIEW

WORKSHARE SECURITY OVERVIEW WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625

More information

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT

PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT PRIVATE MOBILE CONNECTION (formerly COMMERCIAL CONNECTIVITY SERVICE (CCS)) CUSTOM APN ATTACHMENT Last Revised: 12/20/17 1. Private Mobile Connection - Custom APN. Pursuant to the terms and conditions of

More information

PRE BID REPLIES FOR NPCI:RFP: /0020 DATED RFQ FOR SMS GATEWAY SERVICES FOR INTEGRATION WITH FRM SOLUTIONS

PRE BID REPLIES FOR NPCI:RFP: /0020 DATED RFQ FOR SMS GATEWAY SERVICES FOR INTEGRATION WITH FRM SOLUTIONS PRE BID REPLIES FOR NPCI:RFP:2012-13/0020 DATED 27.11.2012 RFQ FOR SMS GATEWAY SERVICES FOR INTEGRATION WITH FRM SOLUTIONS SR.No Document Ref Page No Clause No Description in RFQ Clarification Sought Addittional

More information

VMware vcloud Air Accelerator Service

VMware vcloud Air Accelerator Service DATASHEET AT A GLANCE The VMware vcloud Air Accelerator Service assists customers with extending their private VMware vsphere environment to a VMware vcloud Air public cloud. This Accelerator Service engagement

More information

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC

Chapter 8: SDLC Reviews and Audit Learning objectives Introduction Role of IS Auditor in SDLC Chapter 8: SDLC Reviews and Audit... 2 8.1 Learning objectives... 2 8.1 Introduction... 2 8.2 Role of IS Auditor in SDLC... 2 8.2.1 IS Auditor as Team member... 2 8.2.2 Mid-project reviews... 3 8.2.3 Post

More information

RESPONSE TO QUERIES II

RESPONSE TO QUERIES II RESPONSE TO QUERIES II (Volume., Section, Page ) 1 Volume II: Scope of Work Electrical Works, Page no : 513 MSI shall be responsible to facilitate with provisioning of electricity to the cameras through

More information

PROCUREMENT, INSTALLATION, COMMISSIONING AND TESTING OF WI-FI SYSTEM OFC BACKBONE UPTO SWITCH AT SBIM, RAJARHAT CORRIGENDUM-VI DATED

PROCUREMENT, INSTALLATION, COMMISSIONING AND TESTING OF WI-FI SYSTEM OFC BACKBONE UPTO SWITCH AT SBIM, RAJARHAT CORRIGENDUM-VI DATED PROCUREMENT, INSTALLATION, COMMISSIONING AND TESTING OF WI-FI SYSTEM OFC BACKBONE UPTO SWITCH AT SBIM, RAJARHAT SBI/ITS/KOL/2017-18/03 DATED 30.06.2017 CORRIGENDUM-VI DATED 17.07.2017 Sr Clause No Existing

More information

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.

Security In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery. Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property

More information

Additional License Authorizations for HPE OneView for Microsoft Azure Log Analytics

Additional License Authorizations for HPE OneView for Microsoft Azure Log Analytics Additional License Authorizations for HPE OneView for Microsoft Azure Log Analytics Product Use Authorizations This document provides Additional License Authorizations for HPE OneView for Microsoft Azure

More information

Critical Cyber Asset Identification Security Management Controls

Critical Cyber Asset Identification Security Management Controls Implementation Plan Purpose On January 18, 2008, FERC (or Commission ) issued Order. 706 that approved Version 1 of the Critical Infrastructure Protection Reliability Standards, CIP-002-1 through CIP-009-1.

More information

RFP FOR INFORMATION SYSTEM AUDIT

RFP FOR INFORMATION SYSTEM AUDIT RFP FOR INFORMATION SYSTEM AUDIT 2018-19 I. Introduction II. The Kerala State Cooperative Bank Ltd. is the apex bank of the Cooperative Banking structure in Kerala that is approved by the Registrar of

More information

Bidding Document. Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS)

Bidding Document. Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS) Bidding Document Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS) Last Date for Submission: Tender Opening Date: 23-01-2019 at 3:30PM 23-01-2019 at

More information

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW: SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE Protecting your business assets and sensitive data requires regular vulnerability assessment,

More information

UCO BANK DEPARTMENT OF INFORMATION TECHNOLOGY

UCO BANK DEPARTMENT OF INFORMATION TECHNOLOGY UCO BANK DEPARTMENT OF INFORMATION TECHNOLOGY Request for Proposal (RFP) for Supply, Installation & Maintenance of Laptops, Thin Clients, Line Printers, Dot Matrix Printers and Flatbed Scanners on rate

More information

Request For Proposal ONWAA Website & E-Learn Portal

Request For Proposal ONWAA Website & E-Learn Portal Request For Proposal ONWAA Website & E-Learn Portal ONWAA 880 17 E, Garden River, Ontario P6A 6Z5 Table Of Contents General information Project Overview Statement of Needs Proposal Format Proposal Preparation

More information

Fxhoster VPS Agreement

Fxhoster VPS Agreement Fxhoster VPS Agreement The Fxhoster VPS Agreement governs the terms and conditions in which You ( Client, You or Your ) purchase a new VPS through Fxhoster. You hereby agreed to this Agreement. The terms

More information

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009 IETF TRUST Legal Provisions Relating to IETF Documents February 12, 2009 Effective Date: February 15, 2009 1. Background The IETF Trust was formed on December 15, 2005, for, among other things, the purpose

More information

QNB Bank-ONLINE AGREEMENT

QNB Bank-ONLINE AGREEMENT This is an Agreement between you and QNB Bank ("QNB"). It explains the rules of your electronic access to your accounts through QNB Online. By using QNB-Online, you accept all the terms and conditions

More information

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites

Solution Pack. Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Solution Pack Managed Services Virtual Private Cloud Security Features Selections and Prerequisites Subject Governing Agreement DXC Services Requirements Agreement between DXC and Customer including DXC

More information

Corrigendum I. Tender No. : CON/IT/2547/18/01 Date: 21/01/2019

Corrigendum I. Tender No. : CON/IT/2547/18/01 Date: 21/01/2019 Corrigendum I Tender No. : CON/IT/2547/18/01 Date: 21/01/2019 Sub : Open Tender in Two Bid System for Software Development, Migration and Implementation of Single Commercial System for EXIM & Domestic

More information

A Comprehensive Guide to Remote Managed IT Security for Higher Education

A Comprehensive Guide to Remote Managed IT Security for Higher Education A Comprehensive Guide to Remote Managed IT Security for Higher Education About EventTracker EventTracker enables its customers to stop attacks and pass IT audits. EventTracker s award-winning product suite

More information

Corrigendum: RFP by MAB IT Ops for procurement of SIM cards for use in PoS terminals RFP ref: SBI/GITC/MAB/2017/2018/418

Corrigendum: RFP by MAB IT Ops for procurement of SIM cards for use in PoS terminals RFP ref: SBI/GITC/MAB/2017/2018/418 Corrigendum: RFP by MAB IT Ops for procurement of SIM cards for use in PoS terminals RFP ref: SBI/GITC/MAB/2017/2018/418 Sr No Page of RFP 1 19 Award criteria-i, Clause Present clause / condition / criteria

More information

BT Compute Protect Schedule to the General Terms

BT Compute Protect Schedule to the General Terms BT Compute Protect Schedule to the General Terms Contents A note on you... 2 Words defined in the General Terms... 2 Part A The BT Compute Protect Service... 2 1 Service Summary... 2 2 Standard Service

More information

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1 RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016 Solution Summary Rapid7 Nexpose Enterprise drives the collection

More information

CCISO Blueprint v1. EC-Council

CCISO Blueprint v1. EC-Council CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Service Definition Table of Contents 1 INTRODUCTION... 2 2 SERVICE OFFERINGS VULNERABILITY MANAGEMENT... 2 3 SOLUTION PURPOSE... 3 4 HOW IT WORKS... 3 5 WHAT S INCLUDED... 4 6

More information

UCO BANK Department of Information Technology

UCO BANK Department of Information Technology UCO BANK Department of Information Technology Request for Proposal (RFP) for Selection of Service Provider for Implementation of Phone Banking Services RFP Ref. No.: DIT/BPR & BTD/OA/3865/2018-19 Dated:

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate

More information

November 1, 2018, RP Provision of Managed Security Services on an Annual Contract ADDENDUM #2

November 1, 2018, RP Provision of Managed Security Services on an Annual Contract ADDENDUM #2 November 1, 2018, RP029-18 Provision of Managed Security Services on an Annual Contract ADDENDUM #2 Please see the below summation of the technical questions and answers that have been received regarding

More information

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2 Requirement Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence

More information

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH 1 Speaker Bio Katie McIntosh, CISM, CRISC, CISA, CIA, CRMA, is the Cyber Security Specialist for Central Hudson Gas &

More information

IBM Security Intelligence on Cloud

IBM Security Intelligence on Cloud Service Description IBM Security Intelligence on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients

More information

Page No(ten Clause(tender Ref) Description in the tender (tender Ref) # Bidder Name

Page No(ten Clause(tender Ref) Description in the tender (tender Ref) # Bidder Name What is the count of applications that need to be tested within the Client premises and the number of pages in these applications on an average? What is the count of applications that need to be tested

More information

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation

More information

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

The SANS Institute Top 20 Critical Security Controls. Compliance Guide The SANS Institute Top 20 Critical Security Controls Compliance Guide February 2014 The Need for a Risk-Based Approach A common factor across many recent security breaches is that the targeted enterprise

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Mailbox Rental Terms and Conditions

Mailbox Rental Terms and Conditions Mailbox Rental Terms and Conditions (valid from 26th September 2018) Subject to the customer ("the Customer") observing the Terms and Conditions set out below, Mail Boxes Etc. ("the Company") agrees to

More information

HPE CUSTOMER TERMS - PORTFOLIO

HPE CUSTOMER TERMS - PORTFOLIO HPE Agreement Number(s) where required:. HPE entity: Customer: Effective Date (if applicable):. Term Length (if applicable):... HPE CUSTOMER TERMS - PORTFOLIO 1. Parties. These terms represent the agreement

More information

White Paper. How to Write an MSSP RFP

White Paper. How to Write an MSSP RFP White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current

More information

SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES

SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES DATE: May 30, 2017 SUBJECT: REQUEST FOR PROPOSALS FOR HARBOR DEPARTMENT CLOUD COMPUTING SERVICES Pursuant to the Harbor Department Cloud Computing Services Request for Proposals (RFP), all proposers were

More information

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010 Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at

More information

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation

More information

FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017)

FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017) FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT Expression of Interest (EOI) (04/2017) Closing Date: 4pm Friday 4 August 2017 EXPRESSION OF INTEREST [EOI] SYSTEM CONSULTANCY AUDIT OF FEO s ELECTION MANAGEMENT

More information

Sl # Clause No Existing Clause Revised Clause 1. Page No-18 Section 5.1 Point No-7 EMD & Document Fee

Sl # Clause No Existing Clause Revised Clause 1. Page No-18 Section 5.1 Point No-7 EMD & Document Fee REQUEST FOR PROPOSAL FOR PROCUREMENT OF POINT TO POINT FIBRE OPTIC LINKS BETWEEN OCAC BUILDING AND IT CENTRE, SECRETARIAT, BHUBANESWAR FOR A PERIOD OF 2 YEARS RFP REF NO OCAC-SEGP-INFRA-0010-2017-ENQ-17052

More information

CORRIGENDUM. Corrigendum to RFP No. SBI/GITC/PMD/ /402 dated

CORRIGENDUM. Corrigendum to RFP No. SBI/GITC/PMD/ /402 dated CORRIGENDUM Corrigendum to RFP No. SBI/GITC/PMD/2017-18/402 dated 30.06.2017 For procurement of services for setting up Transformation Management Office (TMO) and for providing services to the Enterprise

More information

IBM Resilient Incident Response Platform On Cloud

IBM Resilient Incident Response Platform On Cloud Service Description IBM Resilient Incident Response Platform On Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means the contracting party and its authorized

More information

Entrust SSL Web Server Certificate Subscription Agreement

Entrust SSL Web Server Certificate Subscription Agreement Entrust SSL Web Server Certificate Subscription Agreement ATTENTION - READ CAREFULLY: THIS SUBSCRIPTION AGREEMENT (THIS "AGREEMENT") IS A LEGAL CONTRACT BETWEEN THE PERSON, ENTITY, OR ORGANIZATION NAMED

More information

REQUEST FOR EXPRESSIONS OF INTEREST

REQUEST FOR EXPRESSIONS OF INTEREST REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTING SERVICES FIRMS SELECTION) Country : INDIA Project : FINANCING PUBLIC PRIVATE PARTNERSHIP THROUGH SUPPORT TO THE INDIA INFRASTRUCTURE FINANCE COMPANY LIMITED

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT

More information

A company built on security

A company built on security Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for

More information

I. PURPOSE III. PROCEDURE

I. PURPOSE III. PROCEDURE A.R. Number: 2.11 Effective Date: 2/1/2009 Page: 1 of 5 I. PURPOSE This policy outlines the procedures that third party organizations must follow when connecting to the City of Richmond (COR) networks

More information

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

RFQ OIT-1 Q&A. Questions and Answers, in the order received. Question Does the system have an existing SSP? Do they use a system like Xacta or CSAM to generate the SSP. Will they provide us the current POAM list? Will they provide scanning tools or we have to bring

More information

SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013

SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013 SPECIAL CONDITIONS FOR SO YOU START DEDICATED SERVER RENTAL Latest version dated 03/12/2013 ARTICLE 1: PURPOSE The purpose of these Special Conditions, which supplement the So You Start General Conditions

More information

RfP No. APSFL/CCTVPMA/231/2016, Dated:

RfP No. APSFL/CCTVPMA/231/2016, Dated: S.No 1 2 3 RfP No. APSFL/CCTVPMA/231/2016, Dated: 30.05.2018 RfP for Selection of Project Monitoring Agency (PMA) for implementation of cloud based IP CCTV Surveillance System in AP Corrigendum 2 Dated:

More information

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC)

भ रत य ररज़र व ब क. Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Annex-2 Setting up and Operationalising Cyber Security Operation Centre (C-SOC) Introduction 1 - Banking Industry in India has evolved technologically over the years and currently delivering innovative

More information

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008 IETF TRUST Legal Provisions Relating to IETF Documents Approved November 6, 2008 Effective Date: November 10, 2008 1. Background The IETF Trust was formed on December 15, 2005, for, among other things,

More information

Service Description: Software Support

Service Description: Software Support Page 1 of 1 Service Description: Software Support This document describes the service offers under Cisco Software Support. This includes Software Support Service (SWSS), Software Support Basic, Software

More information

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au

Your guide to the Payment Card Industry Data Security Standard (PCI DSS) banksa.com.au Your guide to the Payment Card Industry Data Security Standard (PCI DSS) 1 13 13 76 banksa.com.au CONTENTS Page Contents 1 Introduction 2 What are the 12 key requirements of PCIDSS? 3 Protect your business

More information

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045 Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that

More information

Cybersecurity Auditing in an Unsecure World

Cybersecurity Auditing in an Unsecure World About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity

More information

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9 HAWK Overview Agenda Contents Slide Challenges 3 HAWK Introduction 4 Key Benefits 6 About Gavin Technologies 7 Our Security Practice 8 Security Services Approach 9 Why Gavin Technologies 10 Key Clients

More information

ROLE DESCRIPTION IT SPECIALIST

ROLE DESCRIPTION IT SPECIALIST ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head

More information

Sr. No. Section/clause No. Relevant Section/Clause Bidder's Query Bank's Response

Sr. No. Section/clause No. Relevant Section/Clause Bidder's Query Bank's Response REQUEST FOR PROPOSAL (RFP) FOR PROCUREMENT OF EPABX (HYBRID IP-PBX) FOR STATE BANK OF INDIA, GLOBAL IT CENTRE, CBD BELAPUR, NAVI MUMBAI AND SBI COLONY (STAFF QUARTERS ), NERUL NAVI MUMBAI Ref: SBI/GITC/ESTATE/2016-17/248

More information

GOVERNMENT OF INDIA MINISTRY OF MINES INDIAN BUREAU OF MINES INDIRA BHAWAN, CIVIL LINES, NAGPUR RFP No. MTS/01/ /CCOM

GOVERNMENT OF INDIA MINISTRY OF MINES INDIAN BUREAU OF MINES INDIRA BHAWAN, CIVIL LINES, NAGPUR RFP No. MTS/01/ /CCOM GOVERNMENT OF INDIA MINISTRY OF MINES INDIAN BUREAU OF MINES INDIRA BHAWAN, CIVIL LINES, NAGPUR- 440 001 RFP No. MTS/01/2015-16/CCOM CORRIGENDUM No. 1 13 October 2015 Page 1 of 7 Contents Corrigendum Item

More information

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002 ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION

More information

IBM Case Manager on Cloud

IBM Case Manager on Cloud Service Description IBM Case Manager on Cloud This Service Description describes the Cloud Service IBM provides to Client. Client means and includes the company, its authorized users or recipients of the

More information

Daxko s PCI DSS Responsibilities

Daxko s PCI DSS Responsibilities ! Daxko s PCI DSS Responsibilities According to PCI DSS requirement 12.9, Daxko will maintain all applicable PCI DSS requirements to the extent the service prov ider handles, has access to, or otherwise

More information

External Supplier Control Obligations. Cyber Security

External Supplier Control Obligations. Cyber Security External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place

More information

RFQ OIT-1 Q&A. Questions and Answers, in the order received.

RFQ OIT-1 Q&A. Questions and Answers, in the order received. Question Does the system have an existing SSP? Do they use a system like Xacta or CSAM to generate the SSP. Will they provide us the current POAM list? Will they provide scanning tools or we have to bring

More information

Request for Proposal for Technical Consulting Services

Request for Proposal for Technical Consulting Services Request for Proposal for Technical Consulting Services The Node.js Foundation is requesting proposals from highly qualified consultants with demonstrated expertise in providing Node.js technical consultation

More information