non-compulsory briefing session request for information: ict security solutions raf /2015/00019...

NON-COMPULSORY BRIEFING SESSION

REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019

Date: 29 September 2015

Time: 10:00

AGENDA

Background of the RFI

Purpose of the RFI

Scope of work

Submission of responses

Contact details

Presentation by Ethics unit

Questions and Answers

BACKGROUND

•RAF/2015/00019: Request for information: ICT Security Solutions.

RFI was advertised on Friday, 18 September 2015

Closing on 20 October 2015 at 11h00

[Insert presentation title]

PURPOSE OF THE RFB

The Road Accident Fund (RAF) is improving its Information Security

infrastructure to ensure alignment to strategic objectives in both the

Information Security & IT Risk Management strategies as well as

compliance with legislation such as Protection of Personal Information

(PoPI). The purpose of this RFI is to request appropriate best practice

industry information that may be used in the drafting and publishing of a

future bid process.

Background of the Project


SCOPE OF WORK

The RAF is seeking information from bidders to provide ICT Security Solutions or

Services for a period of three (3) years. We are specifically looking for information

about on-premise, cloud based or hybrid solutions/services. In the event of cloud

based solutions, preference is for local bound solutions within the borders of South

Africa. Our current IT infrastructure is centralized in Gauteng. Bidders can respond to

one or more of the following solutions:

• Identity and Access Management Solution (IAM);

• Personal information Identification and Marking;

• Database Activity Monitoring (DAM) Solution;

• Unstructured Data Solution; and

• Data Loss Prevention (DLP) Solution.

The systems must have the capability to provide reports and analytics.


SCOPE OF WORK continues

The solutions/services scope covers:

1. Identity and Access Management Solution (IAM) key features:

•Enhanced security for the identification, authentication and authorization of

employees.

•Centralization of authentication for easier user lifecycle management.

•Multifactor authentication mechanisms.

•Privileged user management.




2. Personal information Identification and Marking key features:

•Identify information stored on file servers, online portals, document management

systems and notebook computers that may be sensitive information but not easily

identifiable.

•Identification, alerting and remediation of sensitive information with poor access

controls

•Definition of policies for protection, access rules and classification of personal

information identified.

•Supports the implementation of legislative requirements e.g. POPI





•Database Activity Monitoring (DAM) Solution key features:

•Enterprise database auditing and real-time protection.

•Generation of log data for import into log management system.

•Activity monitoring, intrusion prevention and risk management for business

applications and databases

•Fingerprinting database and application interactions to protect against threats.

•Enforce information handling rules on databases and SharePoint

•Fraud protection on all systems using backend databases including SAP




•Real time monitoring of unauthorized database access and document management

systems

•Detection of unauthorized access by administrators.

•Ability to detect and respond to unauthorized activity by preventing access to data

– operates like a database and application firewall

•Ease of compliance reporting




4. Unstructured Data Solution key features:

•The solution has the capability to identify, monitor and access control information

that is stored in shared servers and other file storage.

•Authorized access to unstructured data is assured while audit trails are maintained

for accessed data

•Information classification implementation is enhanced through identification of data

and owners.




5. Data Loss Prevention (DLP) Solution key features:

•Identify RAF Information and implement access control for data in motion and data

at rest

•Risk based tracking of data in motion and data at rest

•Addressing of insider threats to organization by enforcing what users are permitted

to transfer out of the organization.


MANDATORY EVALUATION CRITERIA

MANDATORY REQUIREMENTS

Mandatory Comply Not

Comply

1 The solutions/services must have been

deployed in an enterprise information security

environment preferably similar to the RAF

industry.

Substantiate / Comments


The Proposal clearly marked and indexed with all pages numbered.

One (1) original and one (1) copy submitted in a sealed envelope, clearly

marked (RAF/2015/00019), to the address provided below.

Submission Address :

Road Accident Fund

Eco Glades Reception (Block F)

420 Witch-hazel Avenue, Centurion

Closing Time : 11:00 am (PER THE CLOCK AT THE RAF RECEPTION)

Closing Date : 20 October 2015

Submission of RFI responses


Responses sent by courier must reach the reception at least 36 hours

before the closing date (20 October 2015), to be deposited into the Bid

box.

Submission Register must be signed at the reception by bidder when

submitting bid documents.

Important note:

Please ensure that the attendance register has been signed

Name of company

Contact details

If a courier company is submitting on behalf of the bidder please ensure

that they write your company name and not the courier company

name(for ease of reference)

Late response will not be considered

Submission of RFI responses

Contact Details

All queries must be forwarded to [email protected]

Enquiries and clarification will close on Wednesday, 30 September

2015.

Q and A Pack will be uploaded on the website on Monday, 05

October 2015 before COB.

mailto:[email protected]

THANK YOU

Presentation by Ethics unit

Presenter: Khali Mofuoa

Questions and Answers

?

non-compulsory briefing session request for information: ict security solutions raf /2015/00019...

Documents