REQUEST FOR PROPOSAL For
Security Information & Event Management (SIEM) Solution
RFP # no.: 17/ Services/HAAD/PT/2012
Bid issue date: May 27, 2012 Deadline for submission of proposals: June 21,2012 Closing time: 02:00 pm
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 1 of 26
INDEX Contents of the Request for Proposals ................................................................................. 3 Definitions and Abbreviations: ............................................................................................... 4 Section A – Instruction to Bidders .......................................................................................... 5 ARTICLE 1 TENDER PROCESS DEADLINES ....................................................................................................... 5 ARTICLE 2 PACKING AND LABELLING OF PROPOSALS ....................................................................................... 5 ARTICLE 3 SUBMISSION OF PROPOSALS........................................................................................................... 5 ARTICLE 4 PROPOSAL CONTENTS ................................................................................................................... 6 A. TECHNICAL OFFER ...................................................................................................................................... 6 B. FINANCIAL OFFER ....................................................................................................................................... 7 ARTICLE 5 BID BOND .................................................................................................................................... 8 ARTICLE 6 RFP TERMS AND CONDITIONS ....................................................................................................... 8 ARTICLE 7 VALIDITY OF PROPOSAL ................................................................................................................ 8 ARTICLE 8 INCOMPLETE AND LATE OFFERS: ................................................................................................... 8 ARTICLE 9 INQUIRIES .................................................................................................................................... 8 ARTICLE 10 ALTERATION OF PROPOSALS.......................................................................................................... 8 ARTICLE 11 ELIGIBLE BIDDERS........................................................................................................................ 9 ARTICLE 12 PROOF OF NON-PROFIT STATUS ..................................................................................................... 9 ARTICLE 13 COSTS FOR PREPARING PROPOSALS................................................................................................. 9 ARTICLE 14 CLARIFICATION ............................................................................................................................ 9 ARTICLE 15 EVALUATION OF PROPOSALS .......................................................................................................... 9 A) TECHNICAL EVALUATION OF BIDS ................................................................................................................. 9 B) EVALUATION OF FINANCIAL OFFERS .............................................................................................................. 9 ARTICLE 16 AMENDMENTS.............................................................................................................................. 9 ARTICLE 17 CONFIDENTIALITY ...................................................................................................................... 10 ARTICLE 18 OWNERSHIP OF PROPOSALS......................................................................................................... 10 ARTICLE 19 BID CANCELLATION .................................................................................................................... 10 ARTICLE 20 DISCUSSION/NEGOTIATION ......................................................................................................... 10 ARTICLE 21 AWARD LETTER & CONTRACT ..................................................................................................... 10 ARTICLE 22 PERFORMANCE BOND ................................................................................................................. 10 ARTICLE 23 BIDDER’S RESPONSIBILITIES........................................................................................................ 10 ARTICLE 24 GOVERNING LAW AND LANGUAGE ................................................................................................ 11
Section B – Terms of References .......................................................................................... 12 ARTICLE 1 GENERAL BACKGROUND AND HAAD OBJECTIVES ........................................................................... 12 ARTICLE 2 BACKGROUND AND OBJECTIVES ................................................................................................... 12 ARTICLE 3 PURPOSE AND EXPECTED RESULTS OF THIS RFP ........................................................................... 12 ARTICLE 4 SCOPE OF WORK ........................................................................................................................ 13 B. TRAINING, CUSTOMER SUPPORT, SERVICE LEVEL AGREEMENTS, DOCUMENTATION: ....................................... 21 ARTICLE 5 IT INFRASTRUCTURE ENVIRONMENT DETAILS ............................................................................... 21 ARTICLE 6 PROJECT MANAGEMENT .............................................................................................................. 22 ARTICLE 7 PERIOD OF EXECUTION ............................................................................................................... 22 ARTICLE 8 PROJECT’S DELIVERABLES ........................................................................................................... 22 ARTICLE 9 CAPABILITIES OF SELECTED BIDDER............................................................................................. 23 ARTICLE 10 DELIVERY, INSTALLATION & CONFIGURATION TERMS .................................................................... 23 ARTICLE 11 WARRANTY AND SUPPORT TERMS ............................................................................................... 23
Annex I- Items’ Technical Specification (BoQ)................................................................ 25 Annex II – Evaluation factors ................................................................................................ 26
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 2 of 26
Contents of the Request for Proposals The complete Request for Proposals shall include the following: Section A:
Instructions to Bidders
Section B:
Terms of Reference
Annexes: Annex I: S Items Specification Annex II:
Evaluation Criteria
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 3 of 26
Definitions and Abbreviations: The terms used in this RFP and the subsequent contract shall have the following meanings: Bidder
Contracting Authority/HAAD
A legal entity entitled to submit a proposal in response to this bid The awarded bidder selected to perform the project’s scope of work and enter in to legal binding Agreement with HAAD Health Authority – Abu Dhabi
Days/months/years
Calendar days/ months/years
Government
Government of Abu Dhabi
N/A
Not applicable
RFP
Request For Proposals
ToR
Terms of Reference
Vendor
Items/hardware
The devices offered by the bidder
Project FAQ
The Scope of Work , listed items in Annex I, any and all other requirements stated in this RfP Frequently Asked Questions
ODBC
Open Database Connectivity
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 4 of 26
Section A – Instruction to Bidders In submitting proposals, bidders must comply with all instructions contained in this RFP document. Failure to submit a proposal containing all the specified information and documentation (inclusive of all completed forms and templates, and a declaration that all the specified ToR will be accepted) within the stated submission deadline will lead to rejection of the proposal. Article 1 -
Tender Process Deadlines
Deadline for requesting clarifications from the HAAD*
June 11,2012
Last date for issuing clarifications by the HAAD*
June 13,2012
Deadline for submission of proposals
June 21,2012
Public Bid opening of technical proposals to all participated Bidders in the Tender
Date: June 24,2012
Terms for attending the Public Bid opening Session:
Venue: Meeting room – 2nd floor – HAAD building (address stated in Article 2/Section A)
The bidder’s representative who wishes to attend the Public Bid opening should hold authorization letter stating his ID no. (Passport no.) Signed and stamped by the authorized person in his Company.
Time: 10:00 am
*Bidders are strictly not allowed to inquire about any financial or procedural questions. Any inquiries have to be requested in writing and as stated in article 9 below. Any deviation to such rules will eliminate the bidder from participation in this tender . Article 2 -
Packing and Labelling of Proposals
Each submitted proposal must comprise a technical offer and a financial offer, each of which must be submitted separately. Each technical offer and financial offer must contain one original, clearly marked "Original", and 2 copies, each marked "Copy". Article 3 -
Submission of Proposals
Proposals must be submitted either by recorded delivery (official postal service) or hand delivery directly to the HAAD in return for a signed and dated receipt to the following address: To: Mr. Sultan Al Marzouqi Section Head, Procurement Att.: Mr. Moinudeen Zayed Procurement Officer Procurement & General Services- Section Health Authority – Abu Dhabi Airport Road – behind Al Futtaim Motors Agency P.O. Box 5674 2nd floor ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 5 of 26
Note: Proposals submitted by any other means (i.e, fax or e-mail) will be rejected. Any deviation from these instructions (e.g., unsealed envelopes or references to price in the technical offer) is to be considered a breach of the rules, and will lead to rejection of the proposal. The outer envelope should carry the following information: a) The address for submission of proposal indicated above; b) The reference code of the bid to which the bidder is responding (#:17/S/HAAD/PT/2012) c) The name of the bidder. The pages of the Technical and Financial offers should be numbered. Article 4 -
Proposal Contents
Technical offer The Technical offer must include the following documents: A.
Document Title
Check List Y/N
Table of Contents, including page numbers. Full contact details of the key person in the company in case of any clarification requirements *Letter of Submission on Contractor’s letterhead signed and stamped by the person in charge or the Contractor’s authorized representative acknowledging the Contractor’s agreement to the terms and conditions of this RFP and certifying that all information offered in the submitted proposal are true, accurate, and complete. *An executive summary, demonstrating the bidder’s understanding of the project’s requirements, his approach to deliver the RfP requirements achieving best level of high service and satisfactory performance, Bidder must confirm to provide warranty, Support, Maintenance and Preventive Maintenance Services for items mentioned in Annex- I...etc within maximum five pages. *Detailed Item list with all hardware and software of proposed solution(Detailed BoQ), The deliverables must be mentioned clearly in details stating the Quantity/item. Project Management Plan: The Bidder should provide a reasonable and comprehensive project plan including the milestones for delivering the project activities (supply, installation, operation of items… etc). Audited Financial Statements for the past one year. Copy of valid trade license/ Legal registration documents/agency registration in UAE. Business references the overall services experience of the vendor, including customer references for services delivery of a similar nature and volume in the UAE that verify that the bidder ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 6 of 26
has a satisfactory performance record and demonstrate that the bidder has the capability of meeting the project requirements. The references should specify the bidder’s relevant contribution to each listed project. References can only be considered if the bidder clearly lists a point of contact in the client organization for that project (name, address, telephone number, etc.). Soft copy of the Technical proposal ONLY (with No reference to commercial offer). *Unconditional bid Bond Detailed CVs Bidder should provide the name and the technical experiences and qualifications of the engineers and technicians who will be involved in handling this projects, its support and maintenance services. In case the Vendor decide to change one of the approved staff after the delivering of the quotation or during the life cycle of the project he has to submit first his technical experiences and qualifications and it has to be approved by HAAD before he will be able to join the team. HAAD reserve the right to request changing any one of team in case they see him not competently qualified and/or has communication problem and/or has behavior problem. * Note: After the bid opening and in case bidder did not submit the required documents stated above, the proposal will be administratively rejected without further consideration or clarification for review. Financial offer The Financial offer must be in U.A.E currency (AED), inclusive of all costs and all applicable tariffs and /or taxes. The bidder should use Annex I Items’ Technical Specification (BoQ), including any additions, as may be required (stating the Quantityunit price and Total price) - herein this RfP. B.
The Bidder should quote his prices clearly stating the total amount “Not to exceed basis” for providing the required services as per the RFP Notes to bidders in preparing the financial offer: A. Detailed Items list with (Qty/unit price/total prices).The bidder should use Annex I
B.
C. D. E. F.
- Items’ Technical Specification (BoQ) including optional items as stated in Section B/article 4- Scope of Work clearly marked optional. Vendor must provide in their proposals, the software and hardware Operating system upgrading strategy during the warranty and support period whether it’s minor or major releases It is bidder’s responsibility to examine and consider all the RFP requirements while preparing the financial proposals for this tender. Quoted prices are not subject to change after proposal submission to HAAD. Unit Price shall be fixed whatever the quantity requested by HAAD. Each item must be individually (unit) priced (separately) including services such as project management, installation, implementation & configuration, warranty & support, etc. and extended and totalled.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 7 of 26
Article 5 -
Bid Bond
The bidder must submit a bid bond with an amount of 20,000 AED (Twenty Thousand Dirham) enclosed in the technical proposal. The bond shall be unconditional, valid for 120 days starting from the closing date of proposal submission and addressed to the Health Authority – Abu Dhabi. Priority for issuing the Bid bonds in UAE should be from Abu-Dhabi Banks. The bid bond will be returned back to bidders after the evaluation and awarding processes are completed. Article 6 -
RFP Terms and Conditions
Failure to meet the specified terms and conditions of this RFP at the time of award will result in disqualification of the Bidder. Article 7 -
Validity of Proposal
Proposals must remain valid and open for the acceptance of the HAAD for 120 days from the RFP closing date. Proposals specifying a shorter acceptance period will be rejected. Article 8 -
Incomplete and Late Offers:
Incomplete and late proposals will not be accepted. It is the bidder’s responsibility to ensure that the proposal is submitted complete, on time and in accordance with the RFP terms and conditions. Late proposals shall be returned to Bidders unopened. Article 9 -
Inquiries
Bidders may submit questions in writing either through fax or e-mail to the following address and before the deadline stated in the table of tender deadlines (Article 1/ Section A). Contact name : Ms. Dina Mohsen Khaled Procurement Officer Address : Health Authority – Abu Dhabi Fax no. : +9712 4496969 E-mail :
[email protected] Any clarification issued by the HAAD will be communicated in writing to all the bidders before date stated in the table above. No further clarifications will be given after the stated date. Note: Any clarification issued by HAAD will be communicated in writing to all the bidders & will be published on HAAD website: www.haad.ae . Any prospective bidders seeking to arrange individual meetings with HAAD or any of its employees concerning this contract during the bidding period may be excluded from the bidding procedure. Article 10 -
Alteration of Proposals
Bidders may alter their proposals by written notification prior to the deadline for submission of proposals stated in this RFP. No proposals may be altered after this deadline. ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 8 of 26
Article 11 -
Eligible Bidders
Bidders considered eligible to submit proposals are defined as: 1- The entity /organisation that is legally registered in the UAE to do business and can provide a valid certificate of legal registration/ trade registration license. 2- Have sufficient experience in supplying, installing, training and supporting, industry renowned Security Information & Event Management Solution. Article 12 -
Proof of Non-profit Status
Bidders claiming non-profit status must provide certification from the registering body with their proposals. Article 13 -
Costs for preparing proposals
Under no circumstances will the HAAD accept liability for any costs incurred in connection to the preparation and submission of proposals even if the HAAD decides to reject all the proposals or cancel the tender altogether. Article 14 -
Clarification
During the evaluation process, the HAAD may request additional information from bidders with regard to the submitted proposal if deemed necessary by the tender evaluation committee. Article 15 -
Evaluation of proposals
The evaluation process will identify and recommend the proposal which is technically superior at reasonable price. • The weight of the technical factors = 70 % • The weight of the cost = 30 % Only proposals with average scores of at least 70 points in the technical evaluation criteria, set out in Annex II, qualify for the financial evaluation. A)
Technical evaluation of bids
The technical quality of each bid will be evaluated in accordance with the evaluation criteria specified in Annex II of this RFP document. No other award criteria will be used. The award criteria will be examined in accordance with the requirements indicated in this RFP. B)
Evaluation of financial offers
Upon completion of the technical evaluation, the financial offers of those bidders who passed the technical evaluation stage will be opened. Article 16 -
Amendments
During the proposal submission period, if the HAAD decides to modify/ change any requirement/s of the RFP, [the modification/s shall be released through the issuance of an amendment to the RFP.] Any amendment will be issued in writing and will be sent to all bidders. ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 9 of 26
Article 17 -
Confidentiality
The entire evaluation procedure is confidential and all proposals are for official use only and may be communicated neither to the bidders nor to any party other than the HAAD. Article 18 -
Ownership of Proposals
The HAAD retains ownership of all proposals received as part of this tender. Consequently, bidders have no legal right to have their proposals returned to them. Article 19 -
Bid Cancellation
The HAAD has the right at any stage in the bidding process to cancel the whole bid without justification to any of the bidders. In the event, Bidders will be notified in writing of the cancellation by the HAAD. Article 20 -
Discussion/Negotiation
HAAD may initiate discussions should clarification or negotiation be necessary. Bidders should be prepared to provide qualified personnel to discuss technical and contractual aspects of the proposal. Article 21 -
Award Letter & Contract
HAAD reserves the option of contracting only for a portion of the specified project scope or of not awarding a contract to any bidder. Final approval to enter into a contract, the contract form and the scope of services to be provided pursuant to the contract, rests with HAAD. A contract may be awarded to more than one bidder based on the quality of the proposals and HAAD’s needs. Please note that an award letter is not a contract and can be withdrawn at HAAD sole discretion. Article 22 -
Performance Bond
The Vendor will be required to secure a performance bond in an amount equal to -10% of the of the total award price within 10 days from signing the contract and to be in effect for the duration of the performance period. The performance bond may be used to satisfy penalties for lack of delivery and/or loss incurred in the event of the Vendor’s failure to deliver or perform according to the requirements of this RFP and the purchase order. The performance bond may be liquidated by HAAD for reasons including without limitation in case of lack of performance; when 10% delay penalty imposed on the Vendor; if the Vendor found to be corrupt or committed fraud; and if the Vendor sub-contracts or assigns the contract without HAAD prior written approval. Article 23 -
Bidder’s Responsibilities
It is bidder’s responsibility to examine all of the RFP’s terms and conditions and to request for clarification from the Contracting Authority (only to the contacts mentioned in the RFP in writing) for unclear and vague statements, if any. It shall be bidder’s responsibility if his proposal is eliminated due to submission of unclear, improper and loose proposals. ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 10 of 26
Article 24 -
Governing Law and Language
24.1. This Tender is subject to and shall be construed according to the applicable laws and regulations of the United Arab Emirates, the Emirate of Abu Dhabi and HAAD polices. 24.2. The Tender and all notices pursuant to the provisions thereof shall be in English.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 11 of 26
Section B – Terms of References Article 1 -
General background and HAAD objectives
The Health Authority - Abu Dhabi (HAAD) is a local governmental entity established by Law (01/2007); the main function of HAAD is to regulate the Healthcare Sector within the Emirate of Abu Dhabi, both Public and Private, through Policies, Laws, Regulations, Inspections and Audits. The corporate office of HAAD is located in the capital of UAE, Abu Dhabi. HAAD is responsible for licensing, quality control and in regulating all of the health care facilities and health professionals in the Emirate of Abu Dhabi, with the vision in developing health communities, and to monitor healthcare facilities so that it delivers high quality healthcare services in accordance with the best international practices and quality standards to its population. HAAD does not itself provide healthcare services or health insurance. For more information on the company please visit: www.haad.ae Article 2 -
Background and Objectives
HAAD endeavors in ensuring reliable excellence in healthcare and compliments Abu Dhabi e-Government initiatives. HAAD operates and manages information processing facilities that compliment HAAD Business in delivering effective e-services. HAAD strives to improve the security posture of its information processing facilities, by proactive identification, response and analysis of events & threats, and thus complimenting in the enhancement of HAAD’s security posture and regulatory compliance requirements. Article 3 -
Purpose and Expected Results of this RFP
The purpose of issuing this RFP is to select a competent and highly qualified bidder, has sufficient experience in supplying, installing, training and supporting, industry renowned Security Information & Event Management Solution to provide HAAD with a comprehensive solution, modular in nature or capable of handling HAAD’s future requirement, and is capable in addressing the following goals/objectives as minimum (and as explained in article 4), along with the recommended security architectural representation of the desired solution objectively highlighting the benefits of the solution; 1. Discover and collect event data from all infrastructure devices and servers 2. Correlate event data and effective detection of complex cyber-attacks & security incidents 3. Reporting and alerting 4. Ability to analyze 5. Preserve native logs and maintain central repository of log data ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 12 of 26
6. Provides configuration management and asset inventory 7. Business service (e-services & applications) monitoring 8. Network & security operations management 9. Topology visualization and user identity & location tracking 10. Technology & Architecture The solution shall cover information & information processing facilities of HAAD to identify, log, correlate and alert identified individuals, on anomaly and system behavior. The bidder shall provide detailed executive summary that elaborates on the approach and methodologies, used to complete the scope of work specified herein. The bidder shall split up the scope of work into tasks/sub-tasks/activities and provide HAAD with detailed project plan illustrating in details the milestones and deliverables for executing this project. Article 4 -
Scope of Work
A- The offered solution by the bidder should fulfil the following requirements as a minimum: 4.1. Discover and collect event data from all infrastructure devices and servers:
Support automated discovery of information processing equipments / devices, through an agent-less deployment.
Capable of discovering new information processing equipments/devices, added to the existing scope.
Capable of collecting, understanding or provide standardized support in identifying all types of event/log data formats, generated by operating-systems, virtual-machines, networking equipments, security devices, applications (custom-made & out-of-shelf), web-servers, databases, any other IT infrastructure devices and industry recognized formats (like SNMP Trap, SYSLOG, etc.).
Store event/log data in a compressed manner and shall have features that support different retention requirements for various data/event logs under the scope.
Capable of collecting event data over a secure channel.
Support automated time-stamp synchronization (as applicable in HAAD environment), through standard NTP.
Capable of detecting inconsistencies/variations in the source time stamp and provide meaningful / right information for correlation.
Optional requirements (This optional requirement won’t affect the evaluation scoring of the bidder as this is considered as additional requirements):
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 13 of 26
4.2.
Supports sudden surge in the number of events collected per seconds, without compromise in the solutions ability to operate, for a continuous period of atleast five hours without any restriction in the number of events collected per second. Correlate event data and effective detection of complex cyber-attacks & security incidents to support the following :
real-time cross-correlation of events across HAAD information processing environment to identify security incidents and identify key performance issues of information processing equipments / devices, under the scope of solution’s coverage.
Correlation mechanism used to correlate and identify anomalies. The details shall at least include; o Behavioral patterns considered; o Time frame during which events/logs are considered; o Predefined criteria; o Useful information from other integrated security infrastructure;
Correlation algorithm;During correlation, the solution shall consider the following : o distinguish between authorized privileged operations and anomalies, to provide correct / appropriate / meaningful information. o User actions shall be considered by the solution, while performing correlation of event data. o Failed authentication request o Failed resource access (authorization) o Failed access attempts, with respect to, application-to-application / application-to-system / application-to-backend / web-to-application and/or vice versa. o Successful logons, after consecutive failed access attempts. o Network failures and floods o Consider start-up / start & shut-down / stop of system(s) and service(s). o All related events of the main event data. o Changes in HAAD’s operating environment shall be considered during correlation. The following type of changes, but not limited to, shall be considered;
System state
Operating systems
Application
Database
Configuration files
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 14 of 26
Network & security infrastructures
Privileges
Access methods
o
Based on the criticality of event and asset under consideration, the solution shall be capable of classifying /identifying anomalies and performance issues.
Results of correlations shall provide meaningful information of anomalies, with respect to the affected / involved system(s).
The solution shall be capable of integrating with other security infrastructures of HAAD (like vulnerability management solution, data leakage prevention solution, firewall, intrusion preventions system, end-point security solutions, etc.) to correlate and provide a central dash-board to manage all security related anomalies.
4.3.
Reporting and alerting:
The solution shall provide and support the following:
Built-in and customizable reporting format to generate comprehensive and brief reports, with respect to the event data under consideration.
Generating incident report, with all relevant supporting data / information /evidence to provide detailed and brief insight into the incident, and shall support in the incident management process of HAAD.
Capabilities to provide executive reports, of events/incidents, in a pictorial representation.
Generating reports on changes to information processing equipments or devices.
Securing the following reporting requirements, as a minimum ; o Reports based on individual system o Reports based on specific service o Reports based on specific events/incidents o Reports based on application(s) in use o Reports based on location o Reports based on source & target o Reports based on specific timing / duration o Reports based on priority / criticality of the events/incidents o Reports based on impact (system / service / application / infrastructure unavailability) o Reports based on ownership of system / equipments / application / service o Reports based on changes to system / equipments / application / service o Reports on exploited systems/equipments/application/service
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 15 of 26
o Reporting formats – at least two of the following formats “PDF, MS Excel, HTML & plain text” o Reports based on native format of the system / equipments / application / service under consideration
Produce a pictorial representation of the anomaly detected, highlighting all involved components and affected systems / equipments / applications / services.
Provide for the export of log / event data (selective or complete).
Support audit and forensic requirements of the authority or regulatory / law enforcement authorities, by means of providing required event data information and the relevant native log information (native-format) of the event.
meaningful use of off-line storage, archived log-data for compliance requirements.
On real-time basis, the system shall have the capability for early alerting of identified/nominated individual or group of individuals, by means of e-mail & SMS, at-least for the following situation/criteria; o During detection of attack patterns & incidents affecting critical assets o During detection of incidents, targeted system/equipments/application/service
towards
critical
o During successful exploitation o During the health degradation or before failure of assets under scope o During high resource utilization o During rise in the number of event data and/or during exceptions in the number of events received/processed, as compared to the license agreement (committed rate)
Detect and alert on any interruption caused in getting logs / event data or stoppage of event data logging, from the source, and the possible cause for the same.
Alerting mechanism shall be capable of the following as a minimum: o sending repeated alerts, till such time the incident is addressed or has been turned-off by authorized resources. o Provide means for escalations, when the alerts are not addressed with-in stipulated time window, for various identified category of alerts. o Manual alerting mechanism shall be provided by the solution, used by administrators to manually raise alerts during discovery of anomalies, using custom alerts. o On a real-time basis, the solution shall alert the administrator(s) or nominated person, on identification/discovery of new information processing equipments or devices.
The solution shall provide for generating trend analysis reports.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 16 of 26
Optional requirements (This optional requirement won’t affect the evaluation scoring of the bidder as this is considered as additional requirements): o Capabilities to alert internal targets, on possible events/incidents. o Capabilities to provide remedial recommendations, to effectively mitigate reported incidents.
4.4.
Ability to analyze: The solution shall provide for deep data analysis, so as to generate meaningful information to satisfy requirements of; o
Management reporting
o
Addressing security and operational anomalies
o
Protocol analysis
o
Compliance and audit reporting
o
Forensic analysis
o
Trend analysis & predictions
o
Bench marking
o
Anomaly identification with respect to most affected system, mostly present incident type, etc.
o
Detailed reporting
Based on defined criteria’s, the solution shall provide automated analysis report on a weekly/monthly/yearly basis, and shall be forwarded to identified resources through HAAD’s e-mail infrastructure.
The solution shall provide options to save generated analysis reports, with-in and/or out-of the solution.
Ability to conduct analysis and generate report shall be controlled through appropriate privilege assignment.
Optional requirements (This optional requirement won’t affect the evaluation scoring of the bidder as this is considered as additional requirements): o Capabilities of the solution to look at archived data, when performing deep data analysis.
4.5.
Preserve native logs and maintain central repository of log data to support the following:
Preserve all native logs, system/equipments/application/service.
Maintain a central repository of log data, in its native and normalized forms, for a period not less than one year.
Purging of data, from the central log repository shall be allowed only after successful archival of log data.
generated
by
various
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 17 of 26
Access to the log repository shall be controlled by the solution, and shall be granted only to administrators.
Integrity of log data shall be maintained by the solution, and attempts to modify log data shall be logged and alerted.
Native logs at no point-in-time shall be modified and shall support, as evidence/records, for legal proceedings and forensic analysis.
The solution shall support HAAD’s requirements on log retention.
Support data archival and shall have capabilities in making reference to archive logs, during analysis and report generation.
Means for encryption of in-scope data during storage and motion, and shall ensure integrity of data collected, stored and analyzed.
4.6.
Configuration management and asset inventory to perform the following, as minimum:
Capable of detecting changes in information processing system/equipments, applications, service and infrastructure.
Monitor the environments under scope to identify; o
changes in software installations;
o
changes in business services/applications;
o
removal of software/applications;
o
unauthorized software installations, as compared to an existing software white-list;
o
changes to databases;
o
privilege assignment, modification and deletion, with respect to active directory, database, ERP & BPM Solutions, business services/application, networking equipments, firewall devices, web servers & applications, IP telephony systems and infrastructure devices/equipments;
o
changes in firewall rule-base and configurations;
o
configuration & routing table changes in networking devices; and
o
all & any type of changes in the production environment.
Have a central repository of configuration data for assets under consideration, versioned and maintained for specific assets.
Have capabilities to identify assets in the environment, based on automated agentless discovery mode.
Categorizing assets based on location of use, business service(s), user groups & functions, source & target of incident and impact of incident.
Organize assets based on business service(s).
The solution shall have capabilities to dynamically update properties of assets, and maintain previous histories of such properties, for a period of at least three years.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 18 of 26
Recognize and record, but not limited to, the following properties associated with an asset; o
name of the asset;
o
owner of the asset
o
location of the asset (based on port numbers and switches);
o
software/applications/configurations associated with the asset;
o
type of the asset (server, desktop, laptop, router, switch, IP Telephone, etc.);
Optional requirements (This optional requirement won’t affect the evaluation scoring of the bidder as this is considered as additional requirements): o Support for application / software white-listing. o Provisions to record and track number of available software licenses and the instances of use.
4.7.
Business service or application monitoring (PAM) to perform the following, as minimum:
Identify and categorize business service offerings of HAAD.
Assign ownership for identified business services, which will be used for reporting anomaly detection & incidents.
Monitor & report on the performance of business services.
Provide for bench-marking / base-lining of business services and compliment in the reporting of anomalies, to nominated personnel.
Complement the efforts of application maintenance team, in ways to identify bottle-necks in business services.
Derive impact of business services on HAAD and will support in the assessment of SLA violations.
4.8.
Network & Security operations management to perform the following, as minimum:
Have group dependencies feature and shall allow for intelligently defining relationship between connected interfaces/devices. The feature shall allow for a single critical alert in case of core device (router) going down, instead of generating multiple alerts for each of the connected devices/interfaces.
Monitor wireless devices, including thin & autonomous access points, along with the associated clients.
Monitoring, analyzing and reporting on VoIP usage, performance and anomalies. The solution shall provide statistical information on top talkers.
Integrate with third party utilities (mainly Cisco NetFlow & Juniper J-Flow) and capture flow data for monitoring & analysis.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 19 of 26
Providing views of, and monitoring Class-Based Quality of Services (CBQoS) to ensure traffic prioritization policies are effective.
Visually track performance statistics in real-time via dynamic network maps.
Provide comprehensive fault and performance monitoring capabilities for system/network (LAN/WAN)/security infrastructures and provide appropriate alert and reports during; o
unavailability
o
network congestions/latency, errors, discards & packet loss
o
slow processing
o
heavy utilization of processing power, memory and bandwidth
Present views of spanning tree topology, with status of each link.
Analyzing and provide details of activities & anomalies.
Capabilities for real-time monitoring and provide detailed reports on bandwidth utilization, based on user, protocol, service, host-name/IP address (source & destination), zones, etc.
Compliment HAAD, in establishing Security & Network Operations Center.
4.9.
Topological visualization and user identity & location tracking to perform the following, as minimum: Using different colour scheme, the solution shall have capabilities to present topological view of; o
Complete network;
o
Business services;
o
Bottle-necks & incidents;
o
Anomalies;
o
User access information, with geographical location mapping & name registration information.
The topological view shall have capabilities to project access routes, inclusive of various routing/hoping points, through dotted / solid line representations.
Through the click of mouse, from topological view, the solution shall provide details of selected items and provides easy means to monitor and analyze anomalies and log data.
4.10. Technology & Architecture the solution should be mainly specified as follows :
Simple to implement and easy to operate.
Supporting geographically dispersed implementation and provides for central administration.
Support appliance based and software based implementations.
ODBC compliant.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 20 of 26
Have its own data store that supports for active archival for short-term reference data, for up to one year.
Have its own, role based user management module with capabilities to assign and manage privileges, and shall support integration with Microsoft and/or industry standard identity & access management solution.
Support multifactor authentication scheme, to authenticate privileged user access / operations.
Product / Operating system updates shall have at-least one manual intervention before implementation of updates.
Capable to monitor & log activities performed using the solution itself.
Provide detailed guides to configure and operate the solution, along with access to Frequently Asked Questions.
B. Training, Customer Support, Service Level Agreements, Documentation:
1- Training: Training is part of the project’s requirements and the bidder shall provide details on the level of training recommended and to be presented included as a minimum the following:.
Describe training courses that are provided as part of the solution as a know how to minimum two persons.
2- Customer Support, Service Level Agreements, and Documentation:
The bidder should include the following in his plan: details on standard hours defined for customer service and support services ,
Support in reference to online support, phone support and onsite support, provided during maintenance and support phase of the solution.
Provide details on standard support response times.
State if any professional services are required or recommended.
Provide the details on types of documentation provided along with the solution, along with access to FAQ.
Provide details on the warranty options that are available along with the solution procurement.
Include a copy of the solution’s terms and conditions.
Article 5 -
IT Infrastructure Environment details
The IT infrastructure environment of HAAD has, but not limited to; Sr.No
Environment
Description Suse Linux, Microsoft Windows (Server & Workstation flavors), CISCO IOS & Junipher.
01.
Operating System
02.
System/Device Type Servers,
Work
Stations/Desktop,
Network
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 21 of 26
Switches/Routers, Firewall & IPS, Wireless LAN, CISCO IP Telephony and Load Balancer. 03.
Web Services / Applications
Web services, Apache, IIS, .Net Framework, ERP/BPM Solutions, Microsoft - business software & office products, Oracle Applications, Microsoft Exchange, etc.
04.
Databases
Oracle and MS SQL
05.
Security Environment
Anti-Virus/End-point security, Websense, Microsoft TMG, Vulnerability Management Solution, Data Leakage Prevention Solution, etc
Article 6 -
Project Management
The bidder shall clearly specify the project management plan for the offered solution. Specifying the following as minimum: 1. The method and approach used to manage the overall project.
Also, briefly describe the execution plan of the project, covering the complete life cycle of the project.
2. a detailed effort estimation chart, detailing efforts required for each of the activity
identified as part of the project life cycle.
HAAD will assign a Project Manager who will be responsible for follow up and monitoring the work progress during the project execution period. HAAD will be responsible for involving other key stakeholders within the organization or from the Healthcare Sector, as deemed necessary. Article 7 -
Period of Execution
the expected commencement of the Security Information & Event Management Solution implementation should commence within one week from signing the Agreement and shall be completed within the stipulated time-frame, as detailed in the effort estimation chart. Bidders should submit a time schedule for the project implementation period. Article 8 -
Project’s Deliverables
While HAAD will monitor the output of the Vendor and the project progress, the Vendor should be responsible to deliver the following documents as a minimum: Deliverables 1. Executive Summary report
Description A report that summarizes the scope, approach, implementation overview and benefits derived by the organization, in a manner which is suitable for senior management.
2. Technical documentations (User Documentation developed for the use of HAAD’s Manuals and Administrative technical staff which discusses the detailed technical procedures for deployment, configuration and Guides) and Standard Operating ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 22 of 26
Procedures
management of Security Information & Event Management solution.
1. Deliverables, as defined in above table for the implementation of the whole solution shall be provided at the completion of the project to the satisfaction of HAAD. 2. Warranty Certificate for the delivered and installed items/hardware for the period of three years, starts from the date of complete installation and successful operation of the delivered items. Article 9 -
Capabilities of Selected Bidder
The selected bidder is expected to possess the following capabilities as a minimum:
The bidder shall have Enterprise Security or IT / Information Security as one of their primary business line;
The bidder should have conducted projects of similar nature, in at least one of the Abu Dhabi Government entities or any large scale industries/organizations within UAE;
The bidder shall provide resumes of key persons, involved to the implementation of Security Information & Event Management solution, showing all the relevant experience in conducting similar projects for comparable organizations or IT environments.
Article 10 -
Delivery, Installation & Configuration Terms
1- Requested Solution must be delivered, installed, functioning and tested as per the tender requirements. 2- Vendor is responsible for providing the licenses required for the function of the delivered solution. 3- Vendor must install, configure, and customize the proposed solution according to HAAD security, and network/system environment. 4- Vendor must comply and confirm with the tender requirements in their Proposals. Article 11 -
Warranty and Support Terms
1- The Vendor shall provide maintenance, support and warranty for the whole solution for a period of 3 years, along with all the solution upgrades and software updates on a 24x7 basis, 365 days. 2- The warranty shall cover all materials, services, and support. All licenses shall be under the name of HAAD and the Vendor shall handover license keys to HAAD. 3- The vendor shall provide details on standard response & resolution times. Response and resolution time, begin just after HAAD reports the incident to the vendor. ________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 23 of 26
4- The vendor shall provide onsite/off-site support based on the standard support terms and conditions and shall provide adequate reports. 5- The vendor shall provide a hot line number for use outside office hours for logging service calls. A certified technical expert on the solution shall be available for immediate response. 6- Vendor shall deliver in their technical offer, the escalation procedures with required contact names, E-mail’s and mobile numbers in order to solve any technical and non-technical problems throughout the life cycle of the project and warranty period. 7- The Vendor shalll be responsible to resolve any problem related to installation, configuration, integration, software, and hardware and Operating System bugs. 8- Vendor must provide in their proposals, the solution’s (software and/or hardware Operating system) upgrading strategy during the warranty and support period whether it’s minor or major releases 9- Warranty of the equipment will begin after the project delivery, testing and operation acceptance is signed by the Contracting Authority. A completion letter must be signed by both parties, Contracting Authority and the Vendor, after which the warranty period would begin. 10- In case of failure to comply with the response time commitment and rectification time commitment, inclusive of device replacement as per warranty terms, HAAD would levy penalty of 2.5% of the total Contract Value per week delay with maximum 10% of the Agreement value from the time of lodging complaint for delay in bringing the system to working condition. 11- Supplier shall have presence in UAE for Support.
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 24 of 26
Annex I- Financial template Phase Title 1) One-time Cost
I: Sub Total: One time cost 2) Recurring Cost
Total Cost in AED*
Phase Deliverables Hardware cost Software cost Perpetual license cost Training / Knowledge transfer cost Professional Services cost (implementation & configuration) Additional Module cost, if any
Software Maintenance, support and Content Updates Hardware Support, Preventive Maintenance twice a year starting from first year
1st Year 2nd Year 3rd Year 1st Year 2nd Year 3rd Year
Total financial offer (I + II) *Total cost inclusive of all /any anticipated (travel, accommodation, ,,etc), overhead costs and applicable taxes, VAT, tariffs
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 25 of 26
Annex II – Evaluation factors *The cut-off point for rejection (i.e. the total technical criteria score must be above 70 to be accepted) must be provided by the Requesting Dept. in collaboration with concerned departments. Maximum Score Evaluation factors for other items Score
Understanding of the project's requirements and the suitability of the proposed solution, approach and demonstrated evidence to be able to deliver the solution as per HAAD's needs and expectations. Offered solution capable to be integrated or operated with HAAD’s systems Bidder’s strong and demonstrated background and experience on projects of similar nature, especially within government entities, including references inputs and/or feedbacks Availability of sufficient and capable personnel with the required qualifications, skills and experience dedicated to the project, detailed team structure provided The details, quality, adequacy and schedule of the project plan for the activities planned. Training and transfer of knowledge which indicates the type of training available, duration of the training, training syllabus, training location and Certification examination. Mandatory criteria: Existence of local representative which can provide after sales-services, warranty services and local support.
Total Technical Criteria Score must be at least
35
25
15 10 15
Yes/No
70
Bid: Accepted Rejected
________________________________________________________________________________________ RfP no.: 17/S/HAAD/PT/2012 Page 26 of 26
