REPUBLIC OF KENYA THE NATIONAL TREASURY P. O. BOX NAIROBI

Similar documents
REQUEST FOR EXPRESSIONS OF INTEREST

THE CO-OPERATIVE BANK OF KENYA LIMITED

Request for Proposal (RFP)

ADMINISTRATION DEPARTMENT TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS TOTAL SECURITTY FOR BUSINESS LICENSES FOR USE AT NIT KARACHI

Request for Quotations

Telecommunications Consultants India Ltd. (A Government of India Enterprise)

CORRIGENDUM. Corrigendum to RFP No. SBI/GITC/PMD/ /402 dated

TENDER FOR RENEWAL OF EXISTING KASPERSKY ANTIVIRUS LICENSES FOR USE AT NIT, KARACHI

SECTION 10 CONTRACTING FOR PROFESSIONAL SERVICES CONSULTANT COMPETITIVE NEGOTIATION ACT (CCNA)

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Application for Certification

Terms of Reference for the Design, Development, Testing and Commissioning of a National Address Database for Malawi

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

Trend Micro Professional Services Partner Program

IT MANAGER PERMANENT SALARY SCALE: P07 (R ) Ref:AgriS042/2019 Information Technology Manager. Reporting to. Information Technology (IT)

NATIONAL INFORMATION TECHNOLOGY AUTHORITY - UGANDA (NITA-U) REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP) INFORMATION SECURITY SPECIALIST

TERMS OF REFERENCE FOR THE APPOINTMENT OF A SERVICE PROVIDER FOR WEBSITE AND DOMAIN HOSTING SERVICES

Position Description IT Auditor

Biotech Consortium India Limited

ISO/IEC INTERNATIONAL STANDARD

AppPulse Point of Presence (POP)

ROLE DESCRIPTION IT SPECIALIST

Clarification Note 2 GSA internal reference: Procurement procedure: GSA/01/01/17 General ICT Support to the GSA

REQUEST FOR PROPOSAL (RFP)

Tender Schedule No. Figure: Active-Active Cluster with RAC

Information Technology Department Kolkata EOI NO.: BL/ /EOI/10 DUE ON : 07/10/2013 DATE : 16/09/2013

Request For Quotation from Service Providers. for. Appointment of Consultant for Migration to ISO/IEC 27001:2013 alongwith Implementation for UTIITSL

Directorate of Horticulture, Bihar

Tender Document. Ref. No.: NIT/AMU/CPCC-01/ThinClient/ For. Procurement of Thin Client Solution

UNITED NATIONS DEVELOPMENT PROGRAMME TERMS OF REFERENCE

Zero Defect Zero Effect (ZED) Certification Scheme Rating Process

Job Specification & Recruiting Profile of Vacancy

"Charting the Course... ITIL 2011 Operations Support Analysis (OSA) Certification Program. Course Summary

No. 10(02)/2016-NICSI

RfP No. APSFL/CCTVPMA/231/2016, Dated:

"Charting the Course... ITIL 2011 Service Offerings & Agreement (SOA) Certification Program. Course Summary

Town of Gilmanton, New Hampshire SELECTMENS OFFICE

Request For Quotation from Service Providers. for

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

Security and Privacy Governance Program Guidelines

REQUEST FOR PROPOSALS FOR COMPUTER HARDWARE, SOFTWARE, PERIPHERALS, AND INSTALLATION SERVICES PROPOSAL NO.s PIT & PIT ADDENDUM #4

CORRIGENDUM- I. Sr. Page/Section Description Bidder s Query Clarification / Amendments. 1 Page 5 of Vol-I, and Page 15 of Vol-II

EUROPEAN UNION DELEGATION TO THE REPUBLIC OF SERBIA

e-submission Quick Reference Guide for Economic Operators

Bidding Document. Renewal and Maintenance Support of Intrusion Detection System / Intrusion Prevention System (IDS/IPS)

Invitation for Bids (Open Tender Bidding)

EVALUATION AND APPROVAL OF AUDITORS. Deliverable 4.4.3: Design of a governmental Social Responsibility and Quality Certification System

Chapter 4. EDGE Approval Protocol for Auditors

SPECIFIC PROCUREMENT NOTICE IT SERVICES

Reference Framework for the FERMA Certification Programme

EXAM PREPARATION GUIDE

The Institute of Chartered Accountants of Sri Lanka

Security. Official. Company Profile

Request for Proposal. I. Introduction. II. Scope of Work. IT Managed Services Support. IT Environment. Main Facility

WEBSITE DESIGN, DEVELOPMENT AND HOSTING SERVICES

Risk Advisory Academy Training Brochure

BCS Foundation Certificate in Software Asset Management Essentials Syllabus

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

REPORT 2015/010 INTERNAL AUDIT DIVISION

manner. IOPA conducts its reviews in conformance with Government Auditing Standards issued by the Comptroller General of the United States.

Washington State Emergency Management Association (WSEMA) Olympia, WA

OIL AND GAS REGULATORY AUTHORITY *******

The Evolution of IT Service Management

Cloud Services. Infrastructure-as-a-Service

BCS EXIN ITAMOrg Software Asset Management Specialist Syllabus Version 1.1 December 2016

Welcome to the new BC Bid!

BENCHMARKING PPP PROCUREMENT 2017 IN ARMENIA

Website:

SAFARICOM LIMITED P.O. BOX WESTLANDS NAIROBI, KENYA TEL FAX

Systems Administrator / Systems Analyst

Managed Security Services - Endpoint Managed Security on Cloud

SERVICE DEFINITION G-CLOUD 7 THALES PSN REMOTE ACCESS. Classification: Open

ORIGINAL BID - Invitation For Bid Automated External Defibrillator (AED)

Effective COBIT Learning Solutions Information package Corporate customers

ITG. Information Security Management System Manual

PAN INDIA INFRAPROJECTS PRIVATE LIMITED VENDOR REGISTRATION FORM. Enlistment of contractor for Electrical / Civil / Miscellaneous works

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

PUR1205/07. Request for Information (RFI) Provision of Lotus Domino environment and Lotus Notes application support service.

POSITION DESCRIPTION

EXAM PREPARATION GUIDE

The Ministry of Economy and Finance (Haiti) Information Systems Division (ISD/MEF)

National Institute of Technology Patna (Under the Ministry of HRD; Govt. of India) Bihar Telephone: , Fax:

EXAM PREPARATION GUIDE

ITIL Service Operation Lifecycle Classroom

SAFE ROADS TO PROSPERITY

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

EXAM PREPARATION GUIDE

Making each relationship with the client EXTRAORDINARY! Corporate Profile

Predstavenie štandardu ISO/IEC 27005

Bidding Document PROVISION AND INSTALLATION OF VOICE OVER IP PHONE EQUIPMENT. Last Date for Submission: Tender Opening Date:

NOTICE INVITING TENDER FOR ISO CERTIFICATION

Invitation to Tender Content Management System Upgrade

EXAM PREPARATION GUIDE

When Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.

APPLICATION FOR ACCREDITATION OF CERTIFICATION BODIES

EXAM PREPARATION GUIDE

Red Hat APAC. Professional Services Partner Program. FY18 Guide. (for Partners)

Application Guideline for BOP/Volume Zone Business Support Coordinator UZBEKISTAN in FY 2015

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Project Management Professional PMP. Exam preparatory course

Transcription:

REPUBLIC OF KENYA THE NATIONAL TREASURY P. O. BOX 30007 00100 NAIROBI EXPRESION OF INTEREST FOR PROCUREMENT OF IFMIS ENTERPRISE SECURITY AND NETWORK SUPPORT TNT/EOI/02/2017-2018 CLOSING DATE: THURSDAY 22 ND MARCH, 2018 AT 10.00 AM. Page 1 of 15

EXPRESSION OF INTEREST THE NATIONAL TREASURY & MINISTRY OF PLANNING PROCUREMENT OF IFMIS ENTERPRISE SECURITY AND NETWORK SUPPORT NATIONAL COMPETITIVE BIDDING TNT/EOI/02/2017-2018 The National Treasury invites Expression of Interest from interested eligible bidders for the procurement of IFMIS enterprise security and network support. The Expression of Interest is intended to shortlist firms with demonstrable technical and financial capabilities who will be invited for a further bidding process. The firm may download detailed information from the website http://treasury.go.ke and those who download the documents from the website must forward their particulars immediately for recording and any further clarifications and addenda to procurement@treasury.go.ke. Completed Expressions of Interest documents, enclosed in plain sealed envelopes, marked EOI TNT/EO1/02/2017 2018 for Procurement of IFMIS enterprise security and network support, should be addressed to:- The Principal Secretary, The National Treasury, P.O. Box 30007 00100, Nairobi, Kenya and be deposited in the tender box provided at the Treasury Building, 6 th Floor, Harambee Avenue, Nairobi, so as to be received on or before Thursday 22 nd March, 2018 at 10.00 am. The Expressions of Interest will be opened immediately thereafter in the presence of the tenderers or their representatives who choose to attend the opening at The National Treasury, Treasury Building, 6 th floor, Conference Room No. 603 on Thursday 22 nd March, 2018 at 10.00 a.m. HEAD, SUPPLY CHAIN MANAGEMENT SERVICES FOR: PRINCIPAL SECRETARY Page 2 of 15

TERMS OF REFERENCE FOR PROCUREMENT OF IFMIS ENTERPRISE SECURITY AND NETWORK SUPPORT BACKGROUND The National Treasury through the IFMIS Department has implemented an Enterprise Class Security System that protects the entire IFMIS environment (Oracle E-Business Suite, The Hyperion Planning and Performance System), Oracle Databases and IFMIS web applications. The solution comprises of Data Center, LAN Switches, Network and Security Management System and Network Security devices. The security configuration is meant to provide the IFMIS environment with high security in line with industry standard for:- Confidentiality of the data held in IFMIS. Integrity of the data held in IFMIS. Availability of data and information. Security of the IFMIS system is currently one of the top strategic and operation risks for the National Treasury. The National Treasury thus desires to manage both known and emerging security issues, in line with evolving threat landscape and emerging technologies. IFMIS security architecture configuration The IFMIS security architecture is summarized in the diagram below. The details of the solutions implemented are provided in the section below. Page 3 of 15

i) Security Applications The following security applications are installed at the National Treasury: a) IBM InfoSphere Guardium b) IBM Q1 Labs QRadar c) IBM Smartcloud Control Desk d) IBM Identity and Access Assurance: e) IBM Tivoli Endpoint Manager f) IBM Network Management g) Symantec Endpoint Protection h) Symantec Data Loss Prevention i) F5 Application Security Manager j) F5 Local Traffic Management ii) Implemented Network and Security Devices: The network Infrastructure consists of the following hardware:- a) Cisco Core Switches b) Cisco Distribution Switches c) Cisco Access Switches d) Cisco DMZ Switches e) External Firewalls with IPS f) Internal Firewalls g) Identity Service Engine h) Mobility Service Engine i) Cisco Prime Security & Infrastructure iii) Physical Security The Physical Security comprise of Biometric system and CCTV cameras The recordings are captured at high resolution onto a high end NVR network video recording device and backed up off the DC premise to a remote storage. Page 4 of 15

The doors are fitted with high power 500KG magnetic locks and access is controlled by card readers, pin and biometric devices which requires one to be a recognized and registered staff to gain entry. iv) Security Operations Centre A Security Operation Center (SOC) is a room purely dedicated for IFMIS security monitoring. The prime bidder shall operate from this room and shall provide 24/7 support and monitoring of all security solutions in the IFMIS Infrastructure v) Virtual Private Network (VPN) and Active Directory (AD) The IFMIS applications are accessed through a Virtual Private Network (VPN) with authentication being handled by an Active Directory (AD). There are two active directory domain servers deployed at IFMIS. The domain functional level is Windows Server 2012 native (DCs: 2012 or later). The two servers are also domain name servers(dns) as well as Certification Authorities(CA) at IFMIS. The National Treasury wishes to receive Expressions of Interest (EOIs) from qualified bidders for the support of the above IFMIS Network & Security infrastructure, in both the Primary and Secondary data centres. In response to this bid, the bidders should clearly demonstrate their capability and experience in supporting similar environments. In addition, the bidders will be required to demonstrate how they will ensure:- Effective incident management and risk mitigation Metrics-driven performance Protection of critical information and assets Reduced TCO Availability and business continuity by 24/7 Security from advanced threats and risks Regulatory compliance with industry standards Increased responsiveness, scalability and flexibility Quality Management Interested bidders should express their interest by providing information/documents in support of their competence, ability and suitability as outlined in the Evaluation criteria. Page 5 of 15

The Preliminary evaluation shall be mandatory: The evaluation shall adopt YES/ No Approach. The non-responsive submissions will be eliminated from the entire preliminary evaluation process and will not be considered further. Bidders must submit the following documents; A copy of certificate of registration / incorporation (Prime bidder for joint venture) A copy of valid tax compliance certificate (Prime bidder for joint venture) Confidential Business Questionnaire (duly filled) The bidder must have a MAF for all the requested 3 products i.e IBM, Cisco and Symantec. In case of a Joint venture/teaming agreement the lead/prime bidder MUST have a MAF for either Cisco or IBM, the rest of the MAFs can be provided by the consortium partners. AT THIS STAGE, THE TENDERER S SUBMISSION WILL EITHER BE RESPONSIVE OR NON RESPONSIVE. THE NON RESPONSIVE SUBMISSIONS WILL BE ELIMINATED FROM THE ENTIRE EVALUATION PROCESS AND WILL NOT BE CONSIDERED FURTHER. Technical Evaluation Criteria PROVISION OF SUPPORT SERVICES FOR IFMIS SECURITY Evaluation Rating Criteria I Experience of the Consulting Firm in relation to the assignment 40 1. At least two customer reference sites similar to the National Treasury in size where the bidder has implemented large scale Enterprise network and security. Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 2. At least two customer reference sites similar to the National Treasury in size where the bidder has implemented Active directory service. Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 3 At least two customer reference sites similar to the National Treasury in size where the bidder has implemented IBM solutions (Qradar, Infosphere Guardiam, Smart Cloud Control desk, Netcool) or similar log management solutions Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services 6 4 6 Page 6 of 15

PROVISION OF SUPPORT SERVICES FOR IFMIS SECURITY Evaluation Rating Criteria - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 4. At least two customer reference sites similar to the National Treasury in size where the bidder has implemented security configurations for Oracle Applications (e-business suite, Hyperion, eprocurement) or any other ERP solution. Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 5. At least two customer reference sites similar to the National Treasury in size where the bidder has implemented/managed Physical security configurations, special emphasis should focus on monitoring and access control for a large scale data center Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 6. At least two customer reference sites similar to the National Treasury in size where the bidder has implemented security configurations for Applications layer security, special emphasis should focus on configuration of CISCO Firewall, F5 or equal and implementation of SSL certificate in multiple domain and subdomain environment. Details must include but not limited to the following: - - Full descriptions of the environment and the nature of the scope of services - Narration of the work done as per the (Firm s references form) - Names and telephone numbers of contact persons - Physical location, Postal address, Telephone contacts and e-mail address of the organization - Recommendation/Appreciation letter/email from the client or certificate of completion Or Purchase Order Copy for the specific product and services 7. Evidence of Partner Level credentials for any 3 of the products below 1. Cisco Security systems 2. IBM Security systems & Symantec 3. F5 or equal application layer security systems 4. Oracle Database/Application specialization 8. Prime Bidder should have any of the below ISO certificates: - ISO 22301 2 Mark - ISO/IEC 20000-1 2 Mark 6 6 6 3 3 Page 7 of 15

III 9. PROVISION OF SUPPORT SERVICES FOR IFMIS SECURITY Evaluation Rating Criteria - ISO/IEC-27001 2 Mark - ISO 9001 2 Mark (any certification of the above) Adequacy of the proposed work plan and methodology in responding to the Terms of Reference Adequacy of the Proposed Approach and Methodology a) A detailed description of the system implementation approach you will use for security solutions deployment. 20 b) A detailed description of the approach you will use for supporting the security applications and the related technologies. The approach should include:- i) Clear demonstration of how functional, technical and critical support shall be provided. ii) Knowledge transfer management (to GOK staff) as well as iii) Identification of security risks and mitigation measures 10 10. Adequacy of the Proposed Team Structure a) Team organization structure for delivering assignment. b) Roles and responsibilities for key team members and matching of team members to the proposed work plan. 10 c) Proposed corresponding structure for client team and their roles and responsibilities. IV Qualifications and Competence of the key Staff for the assignment (Please note the number of resources to be evaluated for each area) Bidders must provide copies of certifications for the proposed resources and their CVs must clearly demonstrate required experience. 11. Project Manager (Certified security Consultant, CISSP or equivalent) - (at least one) (Qualification & Experience Rating) 40 4 Master s Degree in Information Technology / Computer Science or 10+ years experience in Page 8 of 15

PROVISION OF SUPPORT SERVICES FOR IFMIS SECURITY Evaluation Rating Criteria Information technology. 5 consecutive years experience in IT project management 8 to 10 Years experience of security solutions Implementation & information security Management At least 2 security implementation projects experience in financial domain At least one security product certification related to the assignments At least one professional qualification in project management e.g PMP/Prince2 Certified/Equivalent Experience in Public sector preferred 12. Security Consultant - (at least four) (Consultants/Experience) At least a Bachelor s Degree in technology and minimum of 7 years experience in Information technology. At least 5 Years Experience of Implementation and security solutions At least one professional Security certification (CISA, CISM, CISSP, CRISC) CCNA Security certified COBIT / ITIL or equivalent certified At least one certification in the following security products (IBM or Symantec) 13. Network Administrators - (at least two) (Qualification & Experience Rating) At least a Bachelor s Degree in Information Technology / Computer Science Network certification CCNP or equivalent At least 5 years of network support or network implementation experience 14. System Administrators (Operating system) -(at least one) 24 8 (Qualification & Experience Rating) At least a Bachelor s Degree Information Technology / Computer Science 4 At least one certification in any operating system (Windows/Solaris/Unix/Red-hut) At least 3 years experience of system administration(windows/solaris) Server Certification MCSE/MCTIP or equivalent Experience / certification in the following applications (Qradar, Infosphere Guardiam, Smart Cloud Control desk, Tivoli Netcool/OMNIbus, Envision) TOTAL 100 Page 9 of 15

Notes: 1. The pass mark for Technical score to be 70% 2. Bidders should provide copies of certificates for proposed staff, as per the requirements schedule. 3. Mandatory Requirements a. Evaluation of the Certificate of Incorporation and Tax Compliance under mandatory requirements will be limited to the Prime Bidder. b. The bidder must have a MAF for all the requested 3 products i.e IBM, Cisco and Symantec. In case of a Joint venture/teaming agreement the lead/prime bidder MUST have a MAF for either Cisco or IBM, the rest of the MAFs can be provided by the consortium partners. Page 10 of 15

2. FIRM S REFERENCES Relevant Services Carried Out in the Last Five Years That Best Illustrate Qualifications Using the format below, provide information on each assignment for which your firm either individually, as a corporate entity or in association, was legally contracted. Assignment Name: Country Location within Country: Professional Staff provided by Your Firm/Entity(profiles): Name of Client: Clients contact person for the assignment. Address: No of Staff-Months; Duration of Assignment: Start Date (Month/Year): Completion Date Approx. Value of Services (Kshs) (Month/Year): Name of Associated Consultants. If any: No of Months of Professional Staff provided by Associated Consultants: Name of Senior Staff (Project Director/Coordinator, Team Leader) Involved and Functions Performed: Page 11 of 15

Narrative Description of project: Description of Actual Services Provided by Your Staff: Firm s Name: Name and title of signatory; (May be amended as necessary) Page 12 of 15

REPUBLIC OF KENYA CONFIDENTIAL BUSINESS QUESTIONNAIRE You are requested to give the particulars indicated in Part I and either Part 2 (a), 2 (b) or 2 (c) whichever applies to your type of business. You are advised that it is a serious offence to give false information on this form Part I- General : Business Name.. Location of business premises. Plot No... Street/Road..... Postal Address...Tel. No...... Nature of business Current Trade Licence No. Expiring date.... Maximum value of business which you can handle at any one time : K. Name of your bankers Branch.. Part 2 (a) Sole Proprietor Your name in full..age.. Nationality Country of origin. *Citizenship details... Part 2 (b) Partnership Given details of partners as follows: Name Nationality Citizenship Details Shares..... Page 13 of 15

Part 2 ( c) Registered Company: Private or Public. State the nominal and issued capital of company- Nominal K.. Issued K.. Given details of all directors as follows:- Name Nationality Citizenship Details Shares 1. 2. 3. 4. 5.. Date...Signature of Candidate. *if Kenya Citizen, indicate under Citizenship Details whether by Birth, Naturalization or Registration. Page 14 of 15

FORM RB 1 REPUBLIC OF KENYA PUBLIC PROCUREMENT ADMINISTRATIVE REVIEW BOARD APPLICATION NO.OF..20... BETWEEN.APPLICANT AND RESPONDENT (Procuring Entity) Request for review of the decision of the (Name of the Procuring Entity) of dated the day of.20.in the matter of Tender No.. of..20 REQUEST FOR REVIEW I/We,the above named Applicant(s), of address: Physical address.fax No Tel. No..Email, hereby request the Public Procurement Administrative Review Board to review the whole/part of the above mentioned decision on the following grounds, namely:- 1. 2. etc. By this memorandum, the Applicant requests the Board for an order/orders that: - 1. 2. etc SIGNED. (Applicant) Dated on.day of / 20 FOR OFFICIAL USE ONLY Lodged with the Secretary Public Procurement Administrative Review Board on day of...20. SIGNED Board Secretary Page 15 of 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback