09 October 2017 COMPULSORY TENDER BRIEFING SESSION: OPEN TENDER : AGSA/14/2017– Appointment of a service provider to render information security managed.

Slides:

Advertisements

Similar presentations

Using the work of internal audit Mpumalanga. Our reputation promise/mission The Auditor-General of South Africa (AGSA) has a constitutional mandate and,

Advertisements

Office Alterations RAF/2012/00027 Compulsory Briefing Session 01 October 2012 RAF – EcoGlades Centurion.

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RAF/ 2012 /00032 Date: 15 January 2013 Time: 11:00.

Enterprise Project Portfolio Management Solution RAF/2014/00012 Compulsory Briefing Session 31 March 2014 Centurion.

Tender Briefing Session Skills Audit of Sub-sectors to the W&R Sector to determine critical review and skills analysis CQO/2013/0006.

Review of 2015/16 Annual Performance Plan (APP) Department of Water and Sanitation (DWS) - 31 March 2016.

Vacancies and the impact on service delivery Social development sector February 2012.

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION RAF/2014/00009 Date: 26 March 2014 Time: 11:00.

1page 1 Strategic plan and budget of the Auditor General of South Africa for Version October 2009 SCoAG presentation.

ROAD ACCIDENT FUND NON COMPULSORY BRIEFING SESSION RFP /2013/00021 Date: 22 July 2013 Time: 11:00.

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RFP: RAF/ 2012 /00004 Presenter: Anna Mosupyoe and Ravi Moodley Date: 24 January 2012 Time: 10:00.

Security Equipment RAF/2012/00042 Compulsory Briefing Session 15 April 2013 RAF – Centurion - GP.

COMPULSORY BRIEFING SESSION Maturity Assessment and implementation recommendation for ITIL V3, COBIT 5 and KING III Chapter 5 RAF /2015/00016 Date: 04.

Department of Water Affairs (DWA) and Water Trading entity (WTE) Predetermined Objectives – 2013/14 March 2013.

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RFP: RAF/ 2012 /00034 Date: 14 January 2013 Time: 11h00.

Tender Briefing Session The Development of Monitoring and Evaluation Tool CQO/2013/0004.

Page 1 Presentation to the Portfolio Committee on Tourism Fundamentals of effective Internal Control 21 July 2010.

Compulsory Briefing Session 13 September 2013 Brand Activation Agency.

Page 1 SCOPA Workshop 23 June 2009 Audit Development and Innovation.

DEPARTMENT OF DEFENCE Briefing on Audit Outcomes Year ended 31 March 2010 AGSA AUDIT TEAM.

Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.

Department of Home Affairs Vacancy Rates. 2 Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.

Department of Agriculture, Forestry and Fisheries Presentation to the Portfolio Committee 10 October 2011.

Page 1 Fundamental elements of internal control. 2 Reputation promise/mission The Auditor-General has a constitutional mandate and, as the Supreme Audit.

AGSA POSITION PAPER ON mSCOA. Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution.

ICASA and USSASA Predetermined Objectives – 2013/14 March 2013 Portfolio committee.

COMPULSORY BRIEFING SESSION Enterprise Wireless Solution (Wi-Fi) RAF /2015/00022 Date: 18 January 2016 Time: 11:00.

Page 1 Fundamental elements of internal control Sharonne Adams, Senior Manager 13 April 2010.

DEFINING THE REGULATED EXPECTATIONS FROM THE AGSA Procurement and contract management PURCO Higher Education Procurement Conference October 2012.

RFP FOR DEVELOPMENT OF TRAINING MATERIAL, PROVISION OF BASE LINE TRAINING AND PROMOTION OF SASSA IN-HOUSE CORE TRAINING COMPETENCE.

The role of knowledge management and information sharing in capacity building for records managers A case study from South Africa Tshimangadzo (Mangi)

Appointment of a qualified and experienced bidder for the supply, architecture, implementation including licensing, support and maintenance of an electronic.

COMPULSORY BRIEFING SESSION Maturity Assessment and implementation recommendation for ITIL V3, COBIT 5 and KING III Chapter 5 RAF /2015/00016 Date:

Brand Activation Agency

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RAF/ 2012 /00032

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION RAF/2014/00009

ROAD ACCIDENT FUND RFB/RAF/HO/00214 DATE: 11 August 011

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION RFP /2017/00033 Supply and delivery of Corporate Uniform Date: 07 July 2017 Time: 11:00.

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION RAF/2015/00007

Presentation on SOE’s 16 August 2011.

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RFP: RAF/ 2012 /00034

Audit of predetermined objectives

ROAD ACCIDENT FUND VENDOR BRIEFING SESSION RFP: RAF/ 2012 /00004

9 May 2017 COMPULSORY TENDER BRIEFING SESSION: OPEN TENDER : AGSA/14/2017– Appointment of a service provider to render information security managed services.

Fundamental elements of internal control

ROAD ACCIDENT FUND NON COMPULSORY BRIEFING SESSION RFP /2013/00021

Fundamental elements of internal control

Predetermined Objectives – 2013/14

AGSA APPROACH TO mSCOA REFORM 9 March 2017

Office Alterations RAF/2012/00027 Compulsory Briefing Session

Enterprise Project Portfolio Management Solution RAF/2014/00020 Compulsory Briefing Session Centurion 15 July 2014.

PSIRA – lease of the building

5 April 2016 Briefing to the Higher Education Portfolio Committee on review of the draft APPs.

Standing Committee on Appropriations

Performance audit of consultants

Enterprise Project Portfolio Management Solution RAF/2014/00012 Compulsory Briefing Session Centurion 31 March 2014.

Department of Environmental Affairs: Disagreement

08 March 2016 Briefing to the Portfolio Committee of Tourism on review of the draft APP.

09 October 2017 “Sustaining service delivery amidst the challenging economic climate” CIGFARO 88th Annual Conference.

05 April 2016 Briefing to the Portfolio Committee on review of the draft APP - Department of Arts and Culture.

ROAD ACCIDENT FUND COMPULSORY BRIEFING SESSION RAF/2015/00007

16 May 2018 Briefing to the Portfolio Committee of the Department of Sport and Recreation portfolio on the review of the draft APP.

Security Equipment RAF/2012/00030 Compulsory Briefing Session

Predetermined Objectives – 2013/14

OVERALL AUDIT OUTCOMES ON HUMAN SETTLEMENTS 2014/15

15 March 2017 Briefing to Portfolio Committee of the Higher Education and Training on review of the draft APPs.

PC Briefing note Transport Portfolio 14 October 2014.

30 January 2014 Department of Agriculture, Forestry and Fisheries (DAFF) Briefing to the Portfolio Committee.

Briefing to the Portfolio Committee on Department of Correctional Services on the audit outcomes for the 2013/2014 financial year Presenter: Solly Jiyana.

Audit outcomes of Human Settlements portfolio

Presentation transcript:

09 October 2017 COMPULSORY TENDER BRIEFING SESSION: OPEN TENDER : AGSA/14/2017– Appointment of a service provider to render information security managed services to the AGSA for a period of three (3) years in line with the Information Security Framework

Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.

Geographical Operations and Organisational Structure

CONTEXT - CORE LAYERED SECURITY SERVICES – DEFENSE IN DEPTH

Information Security Framework – Gap Analysis

Current Solutions vs Solutions Required Status Required Solutions Firewall Expiring in 2020 DLP Secure Web Gateway Expiring in 2018 SIEM VPN (Virtual Private Network) Antivirus Expiring in 2019 VPN Vulnerability Scan Required Penetration testing Encryption – Full Disk and Media Encryption Vulnerability manager SSL Certificates Ad hoc Data Governance/File Analysis Data Governance Expiring in 2018 Email Content Filter (Spam Filter) Data Masking Currently implemented

Managed Service The managed service provider (on-premise) is expected to provide a comprehensive proposal covering the following: Information security solution as per specifications Consulting services to implement the proposed information security solutions Where feasible, integrate the above information security solutions implemented Support and maintenance of the solutions implemented, for the duration of the contract Training, skills and knowledge transfer to AGSA information security and ICT teams.

Prequalification Criteria/Eligibility Bidders who do not meet the following prequalification criteria will not be evaluated further: Partner with small and medium enterprises with BBBEE level 1 or 2. Provide proof that the company is a managed service. Attend the briefing session.

Skills & Knowledge Transfer Technical Evaluation Criteria Experience Minimum of 5 years experience is required, where 5 years = 50%, 6-10 years = 80% and 10 years or more = 100%. EVIDENCE Solution accreditation letters from each vendor of the solution proposed. References List at least three contactable references for the implementation of similar security solutions/services, value of the contract, type of work and size of the company. Reference letters signed by the customers. Skills & Knowledge Transfer Training, skills and knowledge transfer to AGSA ICT employees. Training, skills and knowledge transfer plan.

Support Compliance Architecture Technical Evaluation Criteria Level of support services for up to 3 years for proposed solution. The solution is required to be available 24/7. AGSA working hours 07h30 – 16h30 EVIDENCE SLA and escalation matrix Compliance Compliance with technical specifications and on-premise managed service. Comprehensive technical responses and supporting information for each solution. Architecture Diagrammatic depiction of the DLP, SIEM, VPN, penetration testing, vulnerability antivirus and data governance solution. Architectural design per solution proposed and how they integrate.

Partnership Project Management Threshold Technical Evaluation Criteria Level of partnership with vendors, where silver = 50%, gold = 70%, platinum = 100%. Equivalent of the above partner grading system is required. EVIDENCE Partnership certificate per solution per vendor Project Management Project management implementation methodology. AGSA has standardised on PRINCE2. Full write-up on the project implementation approach and the methodology used. Threshold Service providers who achieve 70% or more will be considered for further evaluation.

Managed Services – Information Security Services Tender Specifications Managed Services – Information Security Services DLP SIEM ANTIVIRUS VPN VULNERABILITY MANAGER DATA GOVERNANCE/FILE ANALYSIS PENETRATION TESTING

Pricing Schedule Pricing Summary

Pricing Schedule – Detail Pricing

Question and Answer Session

Thank you Follow the AGSA on Twitter: @AuditorGen_SA www.agsa.co.za Auditor-General of South Africa Follow the AGSA on Twitter: @AuditorGen_SA