Post on 05-Jan-2016
NON-COMPULSORY BRIEFING SESSION
REQUEST FOR INFORMATION: ICT SECURITY SOLUTIONS RAF /2015/00019
Date: 29 September 2015
Time: 10:00
AGENDA
Background of the RFI
Purpose of the RFI
Scope of work
Submission of responses
Contact details
Presentation by Ethics unit
Questions and Answers
BACKGROUND
•RAF/2015/00019: Request for information: ICT Security Solutions.
RFI was advertised on Friday, 18 September 2015
Closing on 20 October 2015 at 11h00
Page 4[Insert presentation title]
PURPOSE OF THE RFB
The Road Accident Fund (RAF) is improving its Information Security
infrastructure to ensure alignment to strategic objectives in both the
Information Security & IT Risk Management strategies as well as
compliance with legislation such as Protection of Personal Information
(PoPI). The purpose of this RFI is to request appropriate best practice
industry information that may be used in the drafting and publishing of a
future bid process.
Background of the Project
Page 5[Insert presentation title]
SCOPE OF WORK
The RAF is seeking information from bidders to provide ICT Security Solutions or
Services for a period of three (3) years. We are specifically looking for information
about on-premise, cloud based or hybrid solutions/services. In the event of cloud
based solutions, preference is for local bound solutions within the borders of South
Africa. Our current IT infrastructure is centralized in Gauteng. Bidders can respond to
one or more of the following solutions:
• Identity and Access Management Solution (IAM);
• Personal information Identification and Marking;
• Database Activity Monitoring (DAM) Solution;
• Unstructured Data Solution; and
• Data Loss Prevention (DLP) Solution.
The systems must have the capability to provide reports and analytics.
Page 6[Insert presentation title]
SCOPE OF WORK continues
The solutions/services scope covers:
1. Identity and Access Management Solution (IAM) key features:
•Enhanced security for the identification, authentication and authorization of
employees.
•Centralization of authentication for easier user lifecycle management.
•Multifactor authentication mechanisms.
•Privileged user management.
Page 7[Insert presentation title]
SCOPE OF WORK continues
The solutions/services scope covers:
2. Personal information Identification and Marking key features:
•Identify information stored on file servers, online portals, document management
systems and notebook computers that may be sensitive information but not easily
identifiable.
•Identification, alerting and remediation of sensitive information with poor access
controls
•Definition of policies for protection, access rules and classification of personal
information identified.
•Supports the implementation of legislative requirements e.g. POPI
Page 8[Insert presentation title]
SCOPE OF WORK continues
The solutions/services scope covers:
3. Personal information Identification and Marking key features:
•Database Activity Monitoring (DAM) Solution key features:
•Enterprise database auditing and real-time protection.
•Generation of log data for import into log management system.
•Activity monitoring, intrusion prevention and risk management for business
applications and databases
•Fingerprinting database and application interactions to protect against threats.
•Enforce information handling rules on databases and SharePoint
•Fraud protection on all systems using backend databases including SAP
Page 9[Insert presentation title]
SCOPE OF WORK continues
3. Personal information Identification and Marking key features:
•Real time monitoring of unauthorized database access and document management
systems
•Detection of unauthorized access by administrators.
•Ability to detect and respond to unauthorized activity by preventing access to data
– operates like a database and application firewall
•Ease of compliance reporting
Page 10[Insert presentation title]
SCOPE OF WORK continues
The solutions/services scope covers:
4. Unstructured Data Solution key features:
•The solution has the capability to identify, monitor and access control information
that is stored in shared servers and other file storage.
•Authorized access to unstructured data is assured while audit trails are maintained
for accessed data
•Information classification implementation is enhanced through identification of data
and owners.
Page 11[Insert presentation title]
SCOPE OF WORK continues
The solutions/services scope covers:
5. Data Loss Prevention (DLP) Solution key features:
•Identify RAF Information and implement access control for data in motion and data
at rest
•Risk based tracking of data in motion and data at rest
•Addressing of insider threats to organization by enforcing what users are permitted
to transfer out of the organization.
Page 12[Insert presentation title]
MANDATORY EVALUATION CRITERIA
MANDATORY REQUIREMENTS
Mandatory Comply Not
Comply
1 The solutions/services must have been
deployed in an enterprise information security
environment preferably similar to the RAF
industry.
Substantiate / Comments
Page 13[Insert presentation title]
The Proposal clearly marked and indexed with all pages numbered.
One (1) original and one (1) copy submitted in a sealed envelope, clearly
marked (RAF/2015/00019), to the address provided below.
Submission Address :
Road Accident Fund
Eco Glades Reception (Block F)
420 Witch-hazel Avenue, Centurion
Closing Time : 11:00 am (PER THE CLOCK AT THE RAF RECEPTION)
Closing Date : 20 October 2015
Submission of RFI responses
Page 14[Insert presentation title]
Responses sent by courier must reach the reception at least 36 hours
before the closing date (20 October 2015), to be deposited into the Bid
box.
Submission Register must be signed at the reception by bidder when
submitting bid documents.
Important note:
Please ensure that the attendance register has been signed
Name of company
Contact details
If a courier company is submitting on behalf of the bidder please ensure
that they write your company name and not the courier company
name(for ease of reference)
Late response will not be considered
Submission of RFI responses
Contact Details
All queries must be forwarded to Noluthandon@raf.co.za
Enquiries and clarification will close on Wednesday, 30 September
2015.
Q and A Pack will be uploaded on the website on Monday, 05
October 2015 before COB.