180 likes | 188 Views
The Road Accident Fund seeks ICT Security Solutions to enhance Information Security infrastructure, align with strategic objectives, and comply with legislation. Provide information on IAM, DAM, DLP, and more.
E N D
NON-COMPULSORY BRIEFING SESSIONREQUEST FOR INFORMATION: ICT SECURITY SOLUTIONSRAF /2015/00019 Date: 29 September 2015 Time: 10:00
AGENDA • Background of the RFI • Purpose of the RFI • Scope of work • Submission of responses • Contact details • Presentation by Ethics unit • Questions and Answers
BACKGROUND • RAF/2015/00019: Request for information: ICT Security Solutions. • RFI was advertised on Friday, 18 September 2015 • Closing on 20 October 2015 at 11h00
PURPOSE OF THE RFB • The Road Accident Fund (RAF) is improving its Information Security infrastructure to ensure alignment to strategic objectives in both the Information Security & IT Risk Management strategies as well as compliance with legislation such as Protection of Personal Information (PoPI). The purpose of this RFI is to request appropriate best practice industry information that may be used in the drafting and publishing of a future bid process. • Background of the Project
SCOPE OF WORK The RAF is seeking information from bidders to provide ICT Security Solutions or Services for a period of three (3) years. We are specifically looking for information about on-premise, cloud based or hybrid solutions/services. In the event of cloud based solutions, preference is for local bound solutions within the borders of South Africa. Our current IT infrastructure is centralized in Gauteng. Bidders can respond to one or more of the following solutions: • Identity and Access Management Solution (IAM); • Personal information Identification and Marking; • Database Activity Monitoring (DAM) Solution; • Unstructured Data Solution; and • Data Loss Prevention (DLP) Solution. The systems must have the capability to provide reports and analytics.
SCOPE OF WORK continues The solutions/services scope covers: 1. Identity and Access Management Solution (IAM) key features: • Enhanced security for the identification, authentication and authorization of employees. • Centralization of authentication for easier user lifecycle management. • Multifactor authentication mechanisms. • Privileged user management.
SCOPE OF WORK continues The solutions/services scope covers: 2. Personal information Identification and Marking key features: • Identify information stored on file servers, online portals, document management systems and notebook computers that may be sensitive information but not easily identifiable. • Identification, alerting and remediation of sensitive information with poor access controls • Definition of policies for protection, access rules and classification of personal information identified. • Supports the implementation of legislative requirements e.g. POPI
SCOPE OF WORK continues The solutions/services scope covers: 3. Personal information Identification and Marking key features: • Database Activity Monitoring (DAM) Solution key features: • Enterprise database auditing and real-time protection. • Generation of log data for import into log management system. • Activity monitoring, intrusion prevention and risk management for business applications and databases • Fingerprinting database and application interactions to protect against threats. • Enforce information handling rules on databases and SharePoint • Fraud protection on all systems using backend databases including SAP
SCOPE OF WORK continues 3. Personal information Identification and Marking key features: • Real time monitoring of unauthorized database access and document management systems • Detection of unauthorized access by administrators. • Ability to detect and respond to unauthorized activity by preventing access to data – operates like a database and application firewall • Ease of compliance reporting
SCOPE OF WORK continues The solutions/services scope covers: 4. Unstructured Data Solution key features: • The solution has the capability to identify, monitor and access control information that is stored in shared servers and other file storage. • Authorized access to unstructured data is assured while audit trails are maintained for accessed data • Information classification implementation is enhanced through identification of data and owners.
SCOPE OF WORK continues The solutions/services scope covers: 5. Data Loss Prevention (DLP) Solution key features: • Identify RAF Information and implement access control for data in motion and data at rest • Risk based tracking of data in motion and data at rest • Addressing of insider threats to organization by enforcing what users are permitted to transfer out of the organization.
MANDATORY EVALUATION CRITERIA MANDATORY REQUIREMENTS
The Proposal clearly marked and indexed with all pages numbered. • One (1) original and one (1) copy submitted in a sealed envelope, clearly marked (RAF/2015/00019), to the address provided below. • Submission Address : • Road Accident Fund • Eco Glades Reception (Block F) • 420 Witch-hazel Avenue, Centurion • Closing Time : 11:00 am (PER THE CLOCK AT THE RAF RECEPTION) • Closing Date : 20 October 2015 Submission of RFI responses
Responses sent by courier must reach the reception at least 36 hours before the closing date (20 October 2015), to be deposited into the Bid box. • Submission Register must be signed at the reception by bidder when submitting bid documents. Important note: • Please ensure that the attendance register has been signed • Name of company • Contact details • If a courier company is submitting on behalf of the bidder please ensure that they write your company name and not the courier company name(for ease of reference) • Late response will not be considered Submission of RFI responses
Contact Details • All queries must be forwarded to Noluthandon@raf.co.za • Enquiries and clarification will close on Wednesday, 30 September 2015. • Q and A Pack will be uploaded on the website on Monday, 05 October 2015 before COB.
Presentation by Ethics unit • Presenter: Khali Mofuoa