ROAD ACCIDENT FUNDCOMPULSORY BRIEFING SESSION

ICT SECURITY SERVICESRAF /2014/00014

Date: 7 April 2014

Time: 10h00

AGENDA

1. Welcome and Introductions

2. Background

3. Purpose of the Bid

4. Evaluation Criteria

5. Pricing

6. Functional Criteria and points

7. Mandatory Criteria

8. Mandatory Documents

9. SLA

10. Submission of Bids

11. Contact details

12. Questions and Answers

Page 3 Citrix Support

WELCOME

The Road Accident Fund (RAF) welcome all interested bidders to the Compulsory briefing session for the invitation to bid for ICT Security Services

The RAF team:

Dinesh Govender RAF – ICT JP du Plessis RAF – ICT Lee Zietsman RAF – Procurement

Background

The RAF ICT needs to improve security management across all security aspects to manage risks and external threats.

To remain actively vigilant of external activities the RAF ICT must maintain a 24/7 365 monitoring service to reduce the risk.

The RAF has identified the need to implement an information awareness programme for all RAF employees to achieve information security integrity and responsibility

Page 5 Citrix Support

PurposeTo achieve success in respect of the RAF ICT GRS objectives, the RAF ICT requires the services of a highly experienced service provider to offer a fully integrated holistic “one-stop” security management solution.

The bid comprises of three aspects of security concerns, governed by the RAF ICT:

External Security Monitoring

The RAF ICT will require the services of a certified Cisco service provider – minimum Cisco Silver partnership. The services should include monitoring and predefined direct responses to external threats .

Vulnerability Management

The bidder is expected to automate the process, provide network discovery and mapping, assessment reporting, remediation tracking and document compliance with internal security policies as well as external regulations. The bidder must adhere to ISO27001 regulations and ICT Best practices.

Information Security Awareness

The objective of the awareness programme is to focus on the attention of employees on maintaining the confidentiality, integrity, and availability of information assets as well as their role and responsibility in achieving information security.

Gauteng Gauteng Regional

PROJECT MANAGEMENT

Page 6 Citrix Support

Evaluation Criteria

The Bid evaluation will be based on the following:

− Mandatory Requirements

− Evaluation: Technical / Functionality – 90 points− Evaluation: Presentation – 10 points

» The bidders who score more than 65 points out of the 90 points before presentations will be shortlisted for presentations and those that score below, will be disqualified.

» Presentations will be scheduled with the individual qualified bidders before final evaluation. Presentations will take place on the date scheduled by the Bid Evaluation Committee at the RAF premises in Eco Glades. Bidders will be given Three (3) days to prepare presentation.

− Price and BEE Evaluations (90/10 points)

Page 7 Citrix Support

• Provide proof of ability to provide the services by submitting references in respect of each of the category of services required by the RAF – Client Reference sheet

• Capability of delivering an end to end solution in respect of all three security aspects relating to: External Security Monitoring, Vulnerability Management and Information Security Awareness - This can be done as a single service provider, consortium or Joint Venture

• Company Certification and Accreditation with reference to the services requested for following requirements:

−External Security Monitoring – Cisco Accredited Partner

−Vulnerability Management – Industry Standard Vulnerability Management accreditation for services and tools.

• Dedicated Project Manager to manage the contract for the period of two years, conduct monthly meetings, or as and when required and provide progress reports to the RAF ICT management.

Bid Mandatory Requirements

Page 8 Citrix Support

Functionality Criteria

Technical / Functional Evaluation Points

1. Experience of the Company:The Bidder must indicate the number of years experience in providing security services – Year allocation table per requirement to be completed

20

2. Project Management:It is required that the bidder provide minimum of 2 references of the resource assigned as project manager – Reference sheet to be completed by clients

20

3. Resources:The bidder is requested to indicate the years of experience and qualification of the relevant resources. Resource CV’s must be attached and proof of certification.External Security Monitoring - CCIE (Security) / CCNP (Security) / CCSP (Security) / CCNA (Security)Vulnerability Management – CEH / SANSInformation Security Awareness – CISM / CISSP

.

50

Page 9 Citrix Support

Functionality Criteria

Technical / Functional Evaluation Points

4. PresentationMethodologyThe bidder must include as part of their presentation proposal a methodology that must provide for the following:Holistic end to end solutionPercentage of time allocated on site and off siteResources allocated for each component of the security service bid and capabilitiesAccess to systemsPerformance management

10

Total points 100

All Bidders who score LESS than 65 points on overall functionality including presentations shall not be considered for further evaluation on Price and BBBEE

Page 10 Citrix Support

Pricing Schedule

Page 11 Citrix Support

Pricing Schedule

Page 12 Citrix Support

Mandatory Documents

• Original and valid SARS Tax Clearance Certificate – No copies accepted

• Certified copy of VAT registration certificate, if applicable

• Annual Financial Statements with signed audit report

• Original certified copies of your CIPRO/CIPC company registration documents listing all members with percentage members interest, in case of a close corporation

• Original certificate of good standing or proof of application issued by the Compensation Fund (COID) or a licensed compensation insurer

• B-BBEE certificate by an accredited verification agency (South African bidders only)

• Confirmation of vendor registration with the RAF, if already registered

• Schematic representation of bidder structure, indicating holding company, shareholders, members, affiliates, franchisees, etc., as applicable

• Shareholding / membership breakdown per race, gender and percentage shareholding with shareholders of the bidding company who are not individuals

• Declaration of interest

• If the bidder is a joint venture, consortium or other unincorporated grouping of two or more persons / entities, a copy of the joint venture agreement between the members

• Completed price schedule with detailed breakdown

• Completed Bidder's Particulars

• Bid Conditions

• Signed Instructions to Bidders and any other additional bid requirements, such as proof of certification, etc..

SLA

Bidders will need to comply to the following SLA terms and Conditions:

Each page of the SLA is to be initialed and signed copies of the SLA must be submitted in duplicate

Subject to the Conditions of Contract, the Contract shall endure for a period of 2 (two) years from the Implementation Date.

Penalties shall be calculated based on the period by which a specific Key Milestone is missed.

Page 14 Citrix Support

Submission of Bid Responses

• One original completed and signed bid submission marked ORIGINAL with 2 copies

• Two envelope system – submit PRICE/BEE and Financials in a separate file/envelope clearly marked with bidders details and bid reference

• Original Bid document must be completed and not separated in file, all pages must be maintained as Section 1 of the bid submission, thereafter additional required documents are to be referenced and indexed

• All bids submissions must be hand delivered and put in the tender box at reception.

• All bids being delivered must be registered by company name in the Bid registration file at Reception.

Submission Address :

RAF ECO GLADES

420 WITCH HAZEL AVENEUE

CENTURION

11am on the Friday 9th May 2014 at 11am

Bidders will be disqualified if they fail to submit bid response by the closing date and time

Contact Details

All queries and questions must be in writing via email to leez@raf.co.za

No telephonic queries will be accepted

Briefing Session attendance register will be published to web, together with minutes taken at briefing session

All Q&A details will be published to the RAF website www.raf.co.za on the 22nd April 2014

Questions and Answers

Bidders to ask bid related questions to line management

Thank You