request for information for the provision of physical ... control... · pim permit issuing module...
TRANSCRIPT
Page | 1
Request for Information for the Provision of Physical Access Control and Permit Issuing System Upgrade for Airports Company South Africa SOC Limited (ACSA’s) Sites
Tender Number: : COR213/2018
Issue Date : 19 July 2018
Closing Date : 26 September 2018
Briefing Session Date and Time : 05 September 2018
Page | 2
CONTENTS Page
1 BACKGROUND............................................................................................................ 7 2 OBJECTIVES ............................................................................................................... 7
3 SCOPE OF WORK ....................................................................................................... 7 4 TECHNICAL INFORMATION AND SPECIFICATION ...................................................... 7 5 INSTRUCTIONS TO RESPONDENTS AND EVALUATION PROCESS .......................... 11
6 ENQUIRIES................................................................................................................ 14 7 TERMS AND CONDITIONS ......................................................................................... 14 8 RETURNABLE DOCUMENTS AND SCHEDULES ........................................................ 15
9 APPENDIX A: HIGH LEVEL ENVISAGED APAC SYSTEM DEFINITION ....................... 17
Page | 3
LIST OF ACRONYMS
Term Definition ACI-ASQ Airports Council International – Airports Services Quality
ACSA Airports Company South Africa (SOC) Ltd
AC VPN Access Control Virtual Private Network
AD Active Directory
AES Advanced Encryption Standard
AIT Airside Induction Training
APA Authorised Permit Administrator
APAC Airport Permit and Access Control
AS Authorised Signatory
AVOP Airside Vehicle Operator Permit
BFN Bram Fischer International Airport
BI Business Intelligence
BRS Business Requirements Specification
CAT7 Category 7 Cable (networking)
CAT Central African Time
CCTV Closed Circuit Television
CMMI Capability Maturity Model Integration
COR ACSA Corporate Office
CTIA Cape Town International Airport
CV Curricula Vitae
DHA Department of Home Affairs
DR Disaster Recovery
ELS East London Airport
ERP Enterprise Resource Planning
FIPS Federal Information Processing Standards
GRJ George Airport
HTTPS Hyper Text Transfer Protocol Secure
ID Identification Document
IEC International Electrotechnical Commission
IEEE Institute of Electrical and Electronic Engineers
IP Internet Protocol
ISO International Organization for Standardization
IT Information Technology
ITIL Information Technology Infrastructure Library
KB Kilobytes
KIM Kimberley Airport
KSIA King Shaka International Airport
LAN Local Area Network
MIOS Minimum Interoperability Standards
NFC Near Field Communication
OEM Original Equipment Manufacturer
OPACITY Open Protocol for Access Control Identification and Ticketing with privacy. OPACITY is registered to the ISO 24727-6 standard
Page | 4
Term Definition ORTIA Oliver Reginald Tambo International Airport
PIDS Perimeter Intrusion Detection System
PIM Permit Issuing Module
PKI A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
PLZ Port Elizabeth International Airport
PO Permit Office
PoE+ Power over Ethernet Plus
RFI Request for Information
SAM Secure Access Module
SAPS South African Police Services
SMS Short Message Service
SNMP Simple Network Monitoring Protocol
SSA State Security Agency
SSL Secure Sockets Layer
T&A Time and Attendance
TCP/IP Transmission Control Protocol/Internet Protocol
UTN Upington International Airport
VLAN Virtual Local Area Network
WAN Wide Area Network
Page | 5
GLOSSARY
Term Definition Authorised Signatory
This is an individual with limited rights on the APAC system for the administration and approval of permit applications as well as conducting other related permit activities on behalf of the stakeholder.
Authorised Permit Administrator
This is an individual with limited rights on the APAC system for the administration of permit applications and other related permit activities on behalf of the stakeholder. This individual does not have approval rights.
Client
Airports Company South Africa SOC Limited.
Consultant This refers to the main and other consultants assisting ACSA with overall project / programme management and technical services.
Permit Office Official
An individual working inside the permit office that has rights to approve, amend and issue permits on the APAC system.
Designated individual on the client ‘s side
The individual that has overall responsibility for registration of a company on the APAC system. This individual is responsible for managing company information and managing log in accounts including access for authorised signatories and authorised permit administrators for that specific company.
Interface
A common boundary or interconnection between systems. An interface is usually controlled by a predefined set of protocols and communication standards.
Embedded card number
This refers to the unique code that is electronically embedded in a permit card.
Permit
A permit acts as official approval for an individual or vehicle to access certain restricted areas with certain approved equipment. A permit may indicate restrictions and privileges for the holder
Permit card
This is a card provided to a holder as proof that the holder is in possession of a valid permit.
Permit Issuing System
Computerised system that is specifically designed to issue and manage permits.
Permit Office
An area from where permits are issued and administrated.
Process Map
A visual representation of activities of a process.
Background Checks (Screening)
The process of checking an applicant’s criminal history and other legal requirements in order to determine the suitability of the applicant to hold a permit.
Page | 6
Term Definition
Solution
The solution includes people, process, technology and information.
System
This refers to the technology in terms of hardware and software.
Supplier
This is the entity that will provide all the services and products required for the proposed solution. This supplier could include sub-contractors.
System Integrator
Forms part of the supplier services. The system integrator will be responsible for installation, commissioning and integration of the APAC backbone system.
Vetting
This is a process whereby individuals working with sensitive information are checked and interviewed by the State Security Agency to determine if the applicant is suitable to work with such information.
Zones
Refers to security zones as defined by ACSA.
Page | 7
1 BACKGROUND
Airports Company South Africa (ACSA) is focused on providing world class safe and secure infrastructure whilst promoting socioeconomic growth through tourism and local and international business. To ensure the safety of passengers and employees alike, as well as to ensure the continued business of its customers and tenants. ACSA has decided to embark on a program to upgrade, improve or replace the Permit Issuing System and Access Control System, currently being utilised in the nine airports across South Africa and its corporate offices based in Bedfordview.
2 OBJECTIVES
This Request for Information is for ACSA to obtain insight on available technology which can assist with
improving security efficiency at nine ACSA airports. The RFI seeks to identify possible solution, skills
and experienced technical resources for design, configuration, supply, installation, integration,
commissioning and maintenance of the future Airport Permit and Access Control system (APAC). The
solution includes infrastructure (software and hardware) taking into consideration both scalability and
technological change. The main objective of this RFI process is to identify possible solutions that will
address ACSA Access Control challenges. Please note that no appointments will take place at this
stage.
3 SCOPE OF WORK
The Scope of Work with respect to this RFI requires to identify possible solution to address ACSA access control challenges in response to Section 4 (Technical Information and Specification requirements). Potential respondents are advised to read through all the information provided carefully in order to obtain a thorough understanding of the nature and complexity of this project.
4 TECHNICAL INFORMATION AND SPECIFICATION
Potential respondents responding to this RFI are requested to submit a response document that clearly
set out their proposed solution and associated technologies in line with questions posed below. More
information regarding the proposed APAC system has been provided in Appendix A. It is imperative
that potential respondents read through this information carefully in order to ensure a properly
constituted RFI document.
Please note that the information received in the form of a response to this RFI document will be
evaluated in line with relevancy and applicability. Respondents are welcome to attach addendums to
substantiate their response, innovation is encouraged.
Page | 8
4.1 Relevant Experience
Refer to paragraph 8.1 and complete in line with instructions and guidelines provided.
4.2 Maturity
Indicate if you have a similar existing online solution currently operational in the industry that can be
adapted to address ACSA APAC system requirements. If so, provide a short overview of the solution
where it has been deployed and how it works - address aspects such as:
a. Solution architecture;
b. Functioning of online applications over a network;
c. Process for issuing of permits (access cards); and
d. Updating of the physical access control components with access privileges of newly issued permits.
4.3 Local Capacity and Administration
This should include but not limited to capacity, sourcing, lead times, local content, enhancements and customisation.
4.4 Security and Data Protection
Indicate the measures that you would implement to protect the system from unauthorised intrusion, unauthorised access to information and Encryption Key Management.
4.5 Methodology
1. Indicate if your organisation complies with any formal standards with respect to project delivery
(e.g. International Organization for Standardization (ISO), Institute of Electrical and Electronic
Engineers (IEEE), Capability Maturity Model Integration (CMMI), Information Technology
Infrastructure Library ITIL).
2. Provide a detailed methodology and implementation strategy for a project of this nature
4.6 Documentation
The respondent will have to be competent in all aspects of the complete solution life cycle, including
detailed low-level specifications and designs. Attach samples of the documentation to provide an
indication of your typical document content and structure.
Page | 9
4.7 Proposed overall design and architecture
Provide a high-level design of your proposed solution. The following is of utmost importance:
a. High level architectural design with accompanying diagram(s).
b. Explain how the solution will be driven by workflow as per the business processes.
c. Database architecture and provision for replication.
d. Typical speed of updates (right down to door controller level) and transactions (system response
times).
e. Indicate your solution’s infrastructure requirements such as hardware, 3rd party software and network.
4.8 Redundancy and Backups
Indicate how you would ensure business continuity during any down-time, highlighting various
scenarios and your treatment thereof. Include system backup and restore plan or process.
4.9 Flexibility and Scalability
Highlight with realistic examples your agility with regards to software upgrades and enhancement to meet changing business requirements.
4.10 Business Intelligence, Reporting and Monitoring Methodology (including reporting examples) Indicate your business intelligence and reporting capability and monitoring methodology.
4.11 Electronic Document Storage
Explain how your solution would manage storage and security of electronic documents related to permits and permit applications.
4.12 Integration
Explain how your solution will enable a permit holder to have one permit card that can be enabled and used to access multiple facilities such as but not limited to CCTV, Time and Attendance systems, Computer Logon, X-ray Systems.
Page | 10
4.13 Identification and Authentication Technology
Provide a detailed comparison between the various Identification and Authentication technologies including, functionality, security and durability.
4.14 Special Requirements
Briefly describe how your proposed solution could deal with the following special requirements:
1. Boarding gates: Boarding gates should be manned always when doors are open for boarding
procedures. A boarding gate should thus never be in an open position without a permit holder being in
control of the door (either passing through the door or manning the door). Your solution should ensure
this scenario is maintained at all times. The current system uses a card retainer which holds the access
card when the door is open and retains it, and only releases the card when the door is closed.
2. Prevention of tailgating. More than one person should not gain access at one time i.e. an individual
should not be able to enter with another person with the use of one access card.
3. Prevention of anti-pass back. An individual should not be able to enter or leave an area without being
recognised by the system.
4. How would you typically deal with security risks arising from having an access-controlled door that is
also a fire escape door?
Page | 11
5 INSTRUCTIONS TO RESPONDENTS
The following should be noted in terms of this RFI process and submission.
5.1 Briefing Session
The Briefing Session details are as follows:
Date: 05 September 2018
Time: 13:30 to 15:00 (CAT)
Venue: ACSA Corporate office
Address: 24 Johnson Road, Bedfordview, Riverwoods Office Park, Airside Boardroom
5.2 Clarifications
Formal enquiries and clarifications with respect to this RFI should be submitted to this email
Clarifications by potential respondents may be submitted to ACSA post the briefing session until the 19
September 2018 at 16h00 (CAT).
5.3 RFI Closing Date and Time
The RFI closing time and date is: 26 September 2018 at 14h00 (CAT).
Responses should be submitted to the following address on or before the closing date and time.
a) Hand delivery:
The bid document must be delivered to the Tender Management Office located at the address below
Tender box A:
The Tender Box A is located at:
ACSA Offices
North Wing
3rd Floor
OR Tambo International Airport
Page | 12
No late submissions will be considered. Respondents are therefore advised to submit their responses on time.
Responses should be clearly marked as – Request for Information – Access Control and Permit Issuing Upgrade for ACSA “[INSERT RFI REFERENCE NUMBER]” on a sealed envelope or alternative packaging.
The compliant’s details must appear on the back of the sealed envelope.
Submissions must be done in TRIPLICATE hardcopy and an electronic copy in a sealed envelope or alternative packaging.
5.4 RFI Document
The RFI tender document will be published on the National Treasury Website as the National Treasury Regulations and SCM Policies and Procedures.
5.5 RFI Process Timelines
Procurement Activities Date
RFI Advertised 19 July 2018
RFI Briefing Session 05 September 2018
RFI Last Date for Questions 19 September 2018
RFI Closing Date 26 September 2018
RFI Reviewing RFI Responses 03 October 2018
5.6 Structure of The Response Document
Respondents should ensure that the document is structured in a logical manner. The following proposed
sections are recommended:
1. Company Information/Profile with relevant experience.
2. Main Response Document with current and completed projects and proposed solution.
3. Proposed Key Personnel for a project of this nature with relevant CV’. Also including specific
project experience:
Page | 13
❖ Project name,
❖ Location (Country),
❖ Year from and to (Actual involvement),
❖ Brief project background / description,
❖ Roles and responsibilities (actual performed or current), and
❖ Client name.
4. Recommendations and Innovation proposals.
5. Pricing structure to include design, implementation, hardware, software and other.
5.7 Reviewal or Evaluation of RFI Responses
MANDATORY EVALUATION CRITERIA YES NO Provide information on a minimum of two projects where a respondent implemented an access control project with a minimum of 2500 card readers and 150000 permit cards spread across five to ten sites, within the last three years in South Africa or internationally
Provision of 2x Hard Copies and 1x Electronic Copy
Client name and two contactable references per project (email addresses and telephone numbers should be provided)
Provide indicative pricing
Provide Curricula Vitae of proposed personnel.
REVIEW OR EVALUATION CRITERIA YES NO
Completeness. Are there answers to all the questions asked? Do we have all the information requested?
Quality. Is it a considered, detailed and realistic response or is it a rushed, copy and paste job?
Clarity. Is it clearly written, with no unnecessary jargon or marketing speak?
Does the response demonstrate an understanding of the requirements of the criterion?
Does it provide a practical feasibility of the solution for the group, from a process efficiency, system interface requirements and speed to implementation perspectives.
Page | 14
5.8 General Information
ACSA reserves the right to request any respondent to provide a presentation on their proposed solution at short notice. Respondents are required to respond to any queries that ACSA may have in terms of the respondent’s document within 48 hours of receipt.
6 ENQUIRIES
Enquiries can be directed to the email address [email protected]
7 TERMS AND CONDITIONS
The following terms and conditions are applicable to this RFI process.
❖ Costs are estimates for budget purposes only. There is no commitment on the part of either the
vendor or ACSA; or any obligation by ACSA to the vendor. The information provided must be
presented in a format that corresponds to and references sections outlined within this RFI. This
will allow ACSA to more easily formulate a budget based on a comparison and extraction of
information from all respondents. Unlike an RFP where a single vendor is selected, each RFI
response will be a potential contributor to part of the overall specification formulation, budget
and other.
❖ All responses will be kept confidential and not be available for public knowledge
❖ Any irregularities or lack of clarity in the RFI should be brought to ACSA’s attention as soon as
possible so that corrective addenda may be furnished to prospective respondents.
❖ Alterations, modifications or variations to a proposal may not be considered unless authorized
by the RFI or by addendum or amendment.
❖ Proposals may be withdrawn by written notice received prior to RFI closure.
❖ In addition to the terms and conditions stipulated, potential respondents should ensure that they
have relevant experience and capacity to embark on a project of this nature with contactable
references/sites.
❖ ACSA reserves the right to stop this process.
Page | 15
8 RETURNABLE DOCUMENTS AND SCHEDULES The following section provides more detail in terms of information required (in addition to main response
document) from potential suppliers.
8.1 Previous Experience
Respondents are required to provide information on a minimum of two applicable and similar projects
completed within the last five years in South Africa or internationally. The following criteria should be
noted with respect to the applicability and relevance of the experience:
❖ Demonstrated use of the proposed technology i.e. the technologies being recommended by
potential suppliers should have been successfully implemented at another site.
❖ Experience in all aspects of the solution life cycle should be clearly demonstrated, such as
requirements elicitation, designs, functional and technical specifications, deployment,
implementation, maintenance and support.
❖ Factors such as the size of the system, volumes of transactions, complexity and specific
technical features of the system will be used to determine whether the previous experience was
similar in nature to the scope of this project. ACSA reserves the right to request potential
respondents to arrange a site visit or demonstration of technologies and systems utilised at short
notice
❖ Experience in the management of sub-contractors should be clearly demonstrated.
❖ References should be current and contactable via telephone or email. At least two valid
references should be provided per project.
The following minimum information is required per project overview or description provided:
1. Project name and description (permit application volumes, access control system size, total
number of users, high level architecture or system design etc.).
2. Project commencement date (Month and Year).
3. Project completion date (Month and Year).
4. Project value (Actual Fees not contract value).
5. Country.
6. Project location within Country.
7. Professional staff provided.
8. Client name and two contactable references per project (email addresses and telephone
numbers should be provided). Please note that should we not be able to reach your contacts
Page | 16
within a reasonable time period; your experience will not be considered in terms of the
evaluation.
9. Associated firms (if any) and number of staff provided by associated firms (if applicable).
10. Senior staff involved, and functions performed.
8.2 Proposed Key Personnel
The service provider should provide Curricula Vitae (CV) of individuals within its organisation that could be utilised on a project of this nature.
8.3 Indicative Pricing Schedule
Please provide an indicative cost per unit for the proposed solution main components and options. The price should include supply, delivery, installation, commissioning. Also, provide an indication of Maintenance costs.
ITEM DESCRIPTION
UNIT OF MEASURE
TOTAL (excluding Value Added Tax at 15% ZA)
8.4 Company Infromation
Basic information on your entity is required for evaluation purposes.
Page | 17
9 APPENDIX A: HIGH LEVEL ENVISAGED APAC SYSTEM DEFINITION
9.1 Overview
This section provides a high-level overview of the envisaged solution framework, to provide a basis and
guideline for development of responses to this RFI proposal. ACSA prefers an online and integrated
solution without compromising security across all 10 sites.
The diagram illustrates typical system components. Respondents are welcome to propose other
solutions.
Page | 18
9.2 Performance
The system should cater for the following performance requirements:
Table 1: System Performance Requirements
Description
No of cards >150 000
Estimated number of readers required
at implementation phase
2500
Total estimated system transactions
per year
>30 000000
System life Expectancy
15 Years
Where applicable, all hardware components will comply with and be tested against the relevant International Organization for Standardization (ISO) standards.
9.2.1 Permit Volumes
It is estimated that permit application volumes for all ten ACSA facilities combined is approximately
60,000 permit applications to be processed per annum (approximately 1200 per week). A 5% per annum
growth rate should be catered for.