REQUEST FOR EXPRESSIONS OF INTEREST

Similar documents
IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

ISO/IEC INTERNATIONAL STANDARD

Request for Proposal (RFP)

Predstavenie štandardu ISO/IEC 27005

ITG. Information Security Management System Manual

ITG. Information Security Management System Manual

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

APPROVAL SHEET PROCEDURE INFORMATION SECURITY MANAGEMENT SYSTEM CERTIFICATION. PT. TÜV NORD Indonesia PS - TNI 001 Rev.05

FIJIAN ELECTIONS OFFICE SYSTEM CONSULTANCY AUDIT. Expression of Interest (EOI) (04/2017)

ISO/IEC INTERNATIONAL STANDARD

_isms_27001_fnd_en_sample_set01_v2, Group A

Spillemyndigheden s requirements for accredited testing organisations. Version of 1 July 2012

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT

Zero Defect Zero Effect (ZED) Certification Scheme Rating Process

Application for Certification

falanx Cyber ISO 27001: How and why your organisation should get certified

INFORMATION TECHNOLOGY AUDIT &

INFORMATION SECURITY MANAGEMENT

QUESTIONNAIRE TO ASSIST PREPARATION FOR AN ISMS CERTIFICATION

ISO : Competence Requirements Clause 7

Position Description IT Auditor

UNITED NATIONS INDUSTRIAL DEVELOPMENT ORGANIZATION. The National Quality Infrastructure Project for Nigeria (NQIP) Project ID

Information technology Security techniques Requirements for bodies providing audit and certification of information security management systems

ISO 9000:2015 LEAD AUDITOR

REPUBLIC OF KENYA THE NATIONAL TREASURY P. O. BOX NAIROBI

Conformity assessment Requirements for bodies providing audit and certification of management systems. Part 6:

Chapter 4. EDGE Approval Protocol for Auditors

RESERVE BANK OF INDIA

Global Security Consulting Services, compliancy and risk asessment services

SPECIFIC PROVISIONS FOR THE ACCREDITATION OF CERTIFICATION BODIES IN THE FIELD OF INFOR- MATION SECURITY MANAGEMENT SYSTEMS (ISO/IEC 27001)

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE REQUIREMENTS FOR CERTIFICATION BODIES

Information Technology General Control Review

Certification Body Audit Resources

Request for Expressions of Interest: The EU mhealth Hub

What is ISO/IEC 27001?

ISO 27001:2013 certification

Description of the certification procedure MS - ISO 9001, MS - ISO 14001, MS - ISO/TS and MS BS OHSAS 18001, MS - ISO 45001, MS - ISO 50001

Sýnishorn ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Information Technology Branch Organization of Cyber Security Technical Standard

IDBI BANK LIMITED IDBI TOWER, WTC COMPLEX, CUFFE PARADE MUMBAI

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

CISA Course. Course Details: iathena.com, a Navitus Education Venture

Level Access Information Security Policy

Implementing an ISMS: Stories from the Trenches. Peter H. Gregory, CISA, CISSP, DRCE

ISO LEAD AUDITOR TRAINING

Chapter 4 EDGE Approval Protocol for Auditors Version 3.0 June 2017

Ingram Micro Cyber Security Portfolio

Cyber Security is it a boardroom issue?

UKAS Guidance for Bodies Offering Certification of Anti-Bribery Management Systems

Department of Management Services REQUEST FOR INFORMATION

SPECIFIC PROCUREMENT NOTICE IT SERVICES

A80F300e Description of the SA8000:2014 certification procedure

Global Specification Protocol for Organisations Certifying to an ISO Standard related to Market, Opinion and Social Research.

ISO/IEC Information technology Security techniques Code of practice for information security controls

Federal Acquisition Service Authorized Federal Supply Schedule Price List

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

AUDITOR / LEAD AUDITOR PHARMACEUTICAL AND MEDICAL DEVICE INDUSTRY

COURSE BROCHURE CISA TRAINING

Job Specification & Recruiting Profile of Vacancy

Cymsoft Information Technologies

PROCUREMENT OF GOODS UNDER NATIONAL SHOPPING PROCEDURES

IPC Certification Scheme IPC QMS/EMS Auditors

VOLUNTARY CERTIFICATION SCHEME FOR MEDICINAL PLANT PRODUCE

BCM Program Development

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

This document is a preview generated by EVS

Audit & Inspection Department - Head Office: Manipal. Empanelment of CISA qualified individuals on Contract Basis for conducting IS Audits

Call for Expressions of Interest

Saving the Project Brief document under its own name

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

ISO/IEC TR TECHNICAL REPORT. Information technology Security techniques Information security management guidelines for financial services

BHConsulting. Your trusted cybersecurity partner

Certified Information Systems Auditor Training and Certification

Inhalt. Description of Certification Procedure ISO 22000, HACCP and DIN 15593

OIL & GAS DIVISION TRAINING CONSULTING ENGINEERING IMPLEMENTING AUDITING. Reva Phoenix Engineers & Consultants India Private Limited

REPCO HOME FINANCE LIMITED

locuz.com SOC Services

EXAM PREPARATION GUIDE

POSITION DESCRIPTION

IT Audit Process Prof. Liang Yao Week Six IT Audit Planning

TERMS OF REFERENCE. ISO training and gap analysis of selected personnel certification bodies

"Energy and Ecological Transition for the Climate" Label Control and Monitoring Plan Guidelines

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System

Request for Quotations

Rules for LNE Certification of Management Systems

Certified Information Security Manager (CISM) Course Overview

ISO Gap Analysis Excerpt from sample report

Areas of impact for client consideration taken from the Rules for achieving and maintaining IATF recognition 4 th Edition for ISO/TS 16949

John Snare Chair Standards Australia Committee IT/12/4

ISO 55001: 2014 Asset Management System 5-Day Training Course (IAM Certified)

PROVINCIAL DISASTER MANAGEMENT AUTHORITY SINDH REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTING SERVICES INDIVIDUAL CONSULTANT)

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

Project Proposal for Revising GUID 5300 on Information Technology Audit October 16, 2017

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

Odisha Urban Infrastructure Development Fund

ISO27001:2013 The New Standard Revised Edition

Training Catalog. Decker Consulting GmbH Birkenstrasse 49 CH 6343 Rotkreuz. Revision public. Authorized Training Partner

Transcription:

REQUEST FOR EXPRESSIONS OF INTEREST (CONSULTING SERVICES FIRMS SELECTION) Country : INDIA Project : FINANCING PUBLIC PRIVATE PARTNERSHIP THROUGH SUPPORT TO THE INDIA INFRASTRUCTURE FINANCE COMPANY LIMITED Sector : Finance and Private Sector Development Grant No. : TF096466 Reference No. : C 3 Assignment Title: Implementation of ISO 27001 based Information Security Management System 1. The India Infrastructure Finance Company Limited (IIFCL) has received a Grant from the World Bank-towards the cost of Building Capacity and Strengthening Monitoring and Implementation Capability of India Infrastructure Company Finance Limited, and intends to apply part of the proceeds to payment for goods and consulting services to be procured under this Grant. 2. The consultants will implement an Information Security Management System (ISMS) based on the latest version of International Information Security Standard ISO /IEC 27001 at all IIFCL offices located in New Delhi. The broad steps to be carried out and the major deliverables at various milestones are given in Annex 1. 3. Skill Requirements / Eligibility Criteria for Vendors or Consultants or IT Consultants Vendor to state the extent of compliance to the following qualification criteria: Robust Methodology: Vendor shall employ proven & robust framework for ISMS Implementation to ensure successful completion of project leading to certification under ISO 27001. ISMS implementation experience: Vendor shall provide references of at least three organizations in BFSI Sector where they have executed projects related to ISO 27001 (ISMS) implementation. Completion certificates of the assignments from these organizations would need to be furnished.

Vendor s Security Expertise: Vendor shall have at least two ISO 27001 Lead Auditors and / or Implementers and one CISSP/ CISA or SANS Certified Security Professionals employed with them. Team to be deployed for the project: Project Team must include an ISO 27001 Certified Security Consultant as Project Manager and a CISSP / CISA or SANS certified security professional in the team. Each member should have at least 3 years of experience and should have successfully implemented at least 3 ISMS projects each in BFSI space. Track Record in Information Security Services: Vendor should have an experience of at least 3 Years in offering Information Security Services (including Security Assessment, Security Policies & Procedures Design and Security Consulting assignments) to leading organizations including minimum of three BFSI organizations. Vendors must list all such security services assignments undertaken by them in the last three years outlining the client name, brief project description, location, project duration, project value & date of completion. Vendor should have executed at least three IS Audit, Security Project of minimum value of Rs 20 lakhs in BFSI Sector in the last 3 years. 4. The IIFCL now invites eligible consulting firms to indicate their interest in providing the above services. Interested Consultants must provide information (brochures, description of similar assignments, experience in similar conditions, and availability of appropriate skills among staff) indicating that they are qualified to perform the services. The information regarding the consultant s organization and experience to be provided in the relevant attached forms: a. Consultant s Organization : ref Form - I b. Consultant s Experience : ref Form - II 5. The attention of interested Consultants is drawn to paragraph 1.9 of the World Bank s Guidelines: Selection and Employment of Consultants by World Bank Borrowers May 2004 Revised October 1, 2006. ( Consultant Guidelines ), setting forth the World Bank s policy on conflict of interest. Consultants may associate with other firms in the form of a joint venture or a sub consultancy to enhance their qualifications.

6. A consultant will be selected in accordance with the procedures set out in the World Bank s Guidelines: Selection and Employment of Consultants by World Bank Borrowers May 2004 Revised October 1, 2006. 7. Further information can be obtained at the address below during office hours (1030 hours to 1700 hours) India Infrastructure Finance Company Limited CGM-IT 8 th Floor, Hindustan Times House, 18&20, Kasturba Gandhi Marg, New Delhi 110 001 Tel: +91-11-23708263, 23708264 Fax: +91-11-23736355 E-mail: technology@iifcl.org Web site: www.iifcl.org The Expressions of Interest must be delivered to the address below by 22nd October 2014 by 17:00 hrs.

Annexure I Information Security Management System (ISMS) IIFCL requires establishment and implementation of an Information Security management system (ISMS) based on the latest version of International Information Security Standard ISO /IEC 27001 at all IIFCL offices located in New Delhi. Broad steps required to be done by the vendor as an integral part of the exercise shall include, but not be limited, to the following: Gap Analysis -Assessment of Organization s security environment to assess the current security posture and level of preparedness of the Organization against the requirements of ISO 27001 standards. 1. Identification of various controls already implemented in the Organization including technical controls, administrative controls etc. Major Deliverable - Gap Analysis Report. 2. Development of Scope and Management Sign-off Major Deliverable Signed-off Scope statement 3. Setup of ISO (Information Security Organization) in the Organization preferably nominating a dedicated CISO and dedicated Information Security team. 4. Developing Risk Assessment Methodology and Management Sign-off Major Deliverable Signed-off Risk Assessment Methodology. 5. Identification of all Assets under scope of ISO 27001 together with all possible threats and vulnerabilities to these assets. Major Deliverable Asset Register 6. Vulnerability Assessment and Penetration Testing (VAPT) of all assets identified and system hardening to address all identified vulnerabilities. Major Deliverable VAPT report 7. Risk Assessment of all assets under scope of the project and development of Risk treatment plan esp. for all medium and high category risks identified. Major Deliverable Risk Assessment and Risk Treatment Reports.

8. Development and Implementation of appropriate Policies, Procedures, Standards and Guidelines. Major Deliverable Policies, Procedures, Standards and Guidelines. 9. List of all controls required and development of a SoA (Statement of Applicability) and procurement of all new controls to be implemented. Major Deliverable SoA (approved). 10. Establishing Control of Records and Control of Documents. 11. Implementation of all controls agreed to be implemented under SoA. 12. Training and awareness to all IIFCL staff & any third-party staff working at IIFCL office should be provided to create necessary awareness regarding Information Security and to foster a strong security culture within the organization. 13. Internal Audit to verify all risks identified have been successfully treated and all residual risks have been accepted by the management. Major Deliverable Internal Audit Report 14. Review of Internal Audit by Management. Major Deliverable Management commitment record 15. Prepare the Organization for Third Party/Certification Audit

FORM - I: Consultant s Organization and Experience A - Consultant s Organization [Provide here a brief (two pages) description of the background and organization of your firm/entity and each associate for this assignment.]

FORM - II B - Consultant s Experience [Using the format below, provide information on each assignment for which your firm, and each associate for this assignment, was legally contracted either individually as a corporate entity or as one of the major companies within an association, for carrying out consulting services similar to the ones requested under this assignment] Assignment name: Approx. value of the contract (in current US$ or Euro): Country: Location within country: Duration of assignment (months): Name of Client: Total No. of staff-months of the assignment: Address: Start date (month/year): Completion date (month/year): Name of associated Consultants, if any: Approx. value of the services provided by your firm under the contract (in current US$ or Euro): No. of professional staff-months provided by associated Consultants: Name of senior professional staff of your firm involved and functions performed (indicate most significant profiles such as Project Director/Coordinator, Team Leader): Narrative description of Project: Description of actual services provided by your staff within the assignment. State whether project since implemented

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback