Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Enterprise Vulnerability Management Solution

VIEWS: 4 PAGES: 23

									                             REQUEST FOR PROPOSAL

                                           For

             Enterprise Vulnerability Management Solution




                     RFP # no.: 19/ Services/HAAD/PT/2012




                             Bid issue date: June 10,2012
                  Deadline for submission of proposals: July 02,2012

                                  Closing time: 02:00 pm




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 1 of 23
                                                                        INDEX
 Contents of the Request for Proposals ................................................................................. 3
 Definitions and Abbreviations: ............................................................................................... 4
 Section A – Instruction to Bidders ......................................................................................... 5
 ARTICLE 1 -       TENDER PROCESS DEADLINES ....................................................................................................... 5
 ARTICLE 2 -       PACKING AND LABELLING OF PROPOSALS ....................................................................................... 5
 ARTICLE 3 -       SUBMISSION OF PROPOSALS........................................................................................................... 5
 ARTICLE 4 -       PROPOSAL CONTENTS ................................................................................................................... 6
 ARTICLE 5 -       BID BOND .................................................................................................................................... 8
 ARTICLE 6 -       RFP TERMS AND CONDITIONS ....................................................................................................... 8
 ARTICLE 7 -       VALIDITY OF PROPOSAL ................................................................................................................ 8
 ARTICLE 8 -       INCOMPLETE AND LATE OFFERS: ................................................................................................... 8
 ARTICLE 9 -       INQUIRIES .................................................................................................................................... 8
 ARTICLE 10 -      ALTERATION OF PROPOSALS.......................................................................................................... 8
 ARTICLE 11 -      ELIGIBLE BIDDERS........................................................................................................................ 9
 ARTICLE 12 -      PROOF OF NON-PROFIT STATUS ..................................................................................................... 9
 ARTICLE 13 -      COSTS FOR PREPARING PROPOSALS................................................................................................. 9
 ARTICLE 14 -      CLARIFICATION ............................................................................................................................ 9
 ARTICLE 15 -      EVALUATION OF PROPOSALS .......................................................................................................... 9
 ARTICLE 16 -      TECHNICAL EVALUATION OF BIDS ................................................................................................... 9
 ARTICLE 17 -      EVALUATION OF FINANCIAL OFFERS.............................................................................................. 10
 ARTICLE 18 -      AMENDMENTS............................................................................................................................ 10
 ARTICLE 19 -      CONFIDENTIALITY ...................................................................................................................... 10
 ARTICLE 20 -      OWNERSHIP OF PROPOSALS......................................................................................................... 10
 ARTICLE 21 -      BID CANCELLATION .................................................................................................................... 10
 ARTICLE 22 -      DISCUSSION/NEGOTIATION ......................................................................................................... 10
 ARTICLE 23 -      AWARD LETTER & CONTRACT ..................................................................................................... 10
 ARTICLE 24 -      PERFORMANCE BOND ................................................................................................................. 10
 ARTICLE 25 -      BIDDER’S RESPONSIBILITIES........................................................................................................ 11
 ARTICLE 26 -      GOVERNING LAW AND LANGUAGE ................................................................................................ 11

 Section B – Terms of References .......................................................................................... 12
 ARTICLE 1 -       GENERAL BACKGROUND AND HAAD OBJECTIVES ........................................................................... 12
 ARTICLE 2 -       SCOPE OF WORK ........................................................................................................................ 12
 ARTICLE 3 -       PROJECT’S DELIVERABLES ........................................................................................................... 20
 ARTICLE 4 -       DELIVERY, INSTALLATION & CONFIGURATION TERMS .................................................................... 20
 ARTICLE 5 -       WARRANTY AND SUPPORT TERMS ............................................................................................... 20
 Annex I- Financial template ................................................................................................... 22
 Annex II – Evaluation factors ................................................................................................. 23




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 2 of 23
              Contents of the Request for Proposals


The complete Request for Proposals shall include the following:


Section A:    Instructions to Bidders

Section B:    Terms of Reference



Annexes:
Annex I: S Financial Template
Annex II:    Evaluation Criteria




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 3 of 23
         Definitions and Abbreviations:

   The terms used in this RFP and the subsequent contract shall have the following meanings:


Bidder                            A legal entity entitled to submit a proposal in response to this
                                  bid
Vendor                            The awarded bidder selected to perform the project’s scope of
                                  work and enter in to legal binding Agreement with HAAD
Contracting                       Health Authority – Abu Dhabi
Authority/HAAD
Days/months/years                 Calendar days/ months/years
Government                        Government of Abu Dhabi
N/A                               Not applicable
RFP                               Request For Proposals
ToR                               Terms of Reference
Project                           The Scope of Work , listed items in Annex I, any and all other
                                  requirements stated in this RfP




         ________________________________________________________________________________________
         RfP no.: 19/S/ HAAD/PT/2012                                              Page 4 of 23
                           Section A – Instruction to Bidders

In submitting proposals, bidders must comply with all instructions contained in
this RFP document. Failure to submit a proposal containing all the specified
information and documentation (inclusive of all completed forms and templates,
and a declaration that all the specified ToR will be accepted) within the stated
submission deadline will lead to rejection of the proposal.

Article 1 -      Tender Process Deadlines

Deadline for requesting clarifications from the HAAD                June 25,2012

Last date for issuing clarifications by the HAAD                    June 27,2012

Deadline for submission of proposals                                July 02,2012

Public Bid opening of technical proposals to all participated       Date: July 04,2012
Bidders in the Tender                                               Time: 10:00 am
Terms for attending the Public Bid opening Session:                 Venue: Meeting room –
The bidder’s representative who wishes to attend the Public         2nd floor – HAAD
Bid opening should hold authorization letter stating his ID         building (address stated
no. (Passport no.) Signed and stamped by the authorized             in Article 3/Section A)
person in his Company.

Article 2 -      Packing and Labelling of Proposals

Each submitted proposal must comprise a technical offer and a financial offer, each of
which must be submitted separately. Each technical offer and financial offer must contain
one original, clearly marked "Original", and 2 copies, each marked "Copy".

Article 3 -      Submission of Proposals

Proposals must be submitted either by recorded delivery (official postal service) or hand
delivery directly to the HAAD in return for a signed and dated receipt to the following
address:

   To: Mr. Sultan Al Marzouqi
        Section Head, Procurement
   Att.: Mr. Moinudeen Zayed
         Procurement Officer
         Procurement & General Services- Section
         Health Authority – Abu Dhabi
         Airport Road – behind Al Futtaim Motors Agency
         P.O. Box 5674
         2nd floor

Note: Proposals submitted by any other means (i.e, fax or e-mail) will be rejected.


________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 5 of 23
Any deviation from these instructions (e.g., unsealed envelopes or references to price in
the technical offer) is to be considered a breach of the rules, and will lead to rejection of
the proposal.
The outer envelope should carry the following information:

a) The address for submission of proposal indicated above;
b) The reference code of the bid to which the bidder is responding
     (#:19/S/HAAD/PT/2012)
c) The name of the bidder.
   The pages of the Technical and Financial offers should be numbered.

Article 4 -      Proposal Contents

A.     Technical offer
The Technical offer must include the following documents:
                     Document Title                                    Check List Y/N

Table of Contents, including page numbers.
Full contact details of the key person in the company in case
of any clarification requirements
*Letter of Submission on Contractor’s letterhead signed and
stamped by the person in charge or the Contractor’s
authorized representative acknowledging the Contractor’s
agreement to the terms and conditions of this RFP and
certifying that all information offered in the submitted
proposal are true, accurate, and complete.
*An executive summary, demonstrating the bidder’s
understanding of the project’s requirements, his approach to
deliver the RfP requirements achieving best level of high
service and satisfactory performance, Bidder must confirm to
provide warranty, Support, Maintenance and Preventive
Maintenance Services for items mentioned in Annex- I...etc
within maximum five pages
*Detailed Item list (Detailed BoQ including hardware and
software of proposed solution)/;: The deliverables must be
mentioned clearly in detail stated the Quantity/item.
Project Plan: The Bidder should provide a reasonable and
comprehensive project plan including the milestones for
delivering the project activities (supply, installation, operation
of items,… etc.).
 Audited Financial Statements for the past one year.
Copy of valid trade license/ Legal registration
documents/agency registration in UAE.
Business references the overall services experience of the
vendor, including customer references for services delivery of
a similar nature and volume in the UAE that verify that the
bidder has a satisfactory performance record and
demonstrate that the bidder has the capability of meeting the
project requirements. The references should specify the
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 6 of 23
bidder’s relevant contribution to each listed project.
References can only be considered if the bidder clearly lists a
point of contact in the client organization for that project
(name, address, telephone number, etc.).
Soft copy of the Technical proposal ONLY (with No
reference to commercial offer).
*Unconditional bid Bond
 Detailed CVs Bidder should provide the name and the
 technical experiences and qualifications of the engineers and
 technicians who will be involved in handling this projects, its
 support and maintenance services. In case the Vendor decide
 to change one of the approved staff after the delivering of the
 quotation or during the life cycle of the project he has to
 submit first his technical experiences and qualifications and it
 has to be approved by HAAD before he will be able to join the
 team. HAAD reserve the right to request changing any one of
 team in case they see him not competently qualified and/or
 has communication problem and/or has behavior problem.

* Note: After the bid opening and in case bidder did not submit the required
documents stated above, the proposal will be administratively rejected without
further consideration or clarification for review.

B.      Financial offer
The Financial offer must be in U.A.E currency (AED), inclusive of all costs and all
applicable tariffs and /or taxes. The bidder should use Annex I Financial template.

The Bidder should quote his prices clearly stating the total amount “Not to exceed basis”
for providing the required services as per the RFP

Notes to bidders in preparing the financial offer:

A. Detailed Items list with (Qty/unit price/total prices).The bidder should use Annex I -
   Items’ Technical Specification (BoQ) including optional items as stated in Section
   B/article 2- Scope of Work clearly marked optional.
B. Vendor must provide in their proposals the software and hardware Operating system
   upgrading strategy during the warranty and support period whether it’s minor or
   major releases
C. It is bidder’s responsibility to examine and consider all the RFP requirements while
   preparing the financial proposals for this tender.
D. Quoted prices are not subject to change after proposal submission to HAAD.
E. Unit Price shall be fixed whatever the quantity requested by HAAD.
F. Each item must be individually (unit) priced (separately) including services such as
   project management, installation, implementation & configuration and warranty and
   support etc., and extended and totalled.




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 7 of 23
Article 5 -      Bid Bond

The bidder must submit a bid bond with an amount of 15,000 AED (Fifteen Thousand
Dirham) enclosed in the technical proposal. The bond shall be unconditional, valid for
120 days starting from the closing date of proposal submission and addressed to the
Health Authority – Abu Dhabi. Priority for issuing the Bid bonds in UAE should be from
Abu-Dhabi Banks. The bid bond will be returned back to bidders after the evaluation and
awarding processes are completed.

Article 6 -      RFP Terms and Conditions

Failure to meet the specified terms and conditions of this RFP at the time of award will
result in disqualification of the Bidder.

Article 7 -      Validity of Proposal

Proposals must remain valid and open for the acceptance of the HAAD for 120 days from
the RFP closing date. Proposals specifying a shorter acceptance period will be rejected.

Article 8 -      Incomplete and Late Offers:

Incomplete and late proposals will not be accepted. It is the bidder’s responsibility to
ensure that the proposal is submitted complete, on time and in accordance with the RFP
terms and conditions. Late proposals shall be returned to Bidders unopened.

Article 9 -      Inquiries

Bidders may submit questions in writing either through fax or e-mail to the following
address and before the deadline stated in the table of tender deadlines (Article 1/ Section
A).
Contact name        : Ms. Dina Mohsen Khaled
                      Procurement Officer
Address             : Health Authority – Abu Dhabi
Fax no.             : +9712 4496969
E-mail              : dkhaled@haad.ae

Any clarification issued by the HAAD will be communicated in writing to all the bidders
before date stated in the table above. No further clarifications will be given after the
stated date.
Note: Any clarification issued by HAAD will be communicated in writing to all the bidders
& will be published on HAAD website: www.haad.ae .

Any prospective bidders seeking to arrange individual meetings with HAAD or any of its
employees concerning this contract during the bidding period may be excluded from the
bidding procedure.

Article 10 -     Alteration of Proposals

Bidders may alter their proposals by written notification prior to the deadline for
submission of proposals stated in this RFP. No proposals may be altered after this
deadline.

________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 8 of 23
Article 11 -     Eligible Bidders

Bidders considered eligible to submit proposals are defined as:
  1- The entity /organisation that is legally registered in the UAE to do business and can
     provide a valid certificate of legal registration/ trade registration license.
      The bidder shall have minimum three years of experience in the UAE market
  2- The bidder must be an authorized partner/reseller of the solution, with a minimum
     of two resources certified on the proposed solution
 3- The bidder shall have Enterprise Security or IT / Information Security as one of
    their primary business line;
 4- The bidder should have conducted projects of similar nature, with at least one of the
    Abu Dhabi Government entities or any large scale industries/organizations within
    UAE;
 5- The bidder shall provide resumes of key persons, assigned to the implementation of
    Enterprise Vulnerability Management Solution, showing all the relevant experience
    in conducting similar projects for comparable organizations or IT environments.

Article 12 -     Proof of Non-profit Status

Bidders claiming non-profit status must provide certification from the registering body
with their proposals.

Article 13 -     Costs for preparing proposals

Under no circumstances will the HAAD accept liability for any costs incurred in
connection to the preparation and submission of proposals even if the HAAD decides to
reject all the proposals or cancel the tender altogether.

Article 14 -     Clarification

During the evaluation process, the HAAD may request additional information from
bidders with regard to the submitted proposal if deemed necessary by the tender
evaluation committee.

Article 15 -     Evaluation of proposals

The evaluation process will identify and recommend the proposal which is technically
superior at reasonable price.
• The weight of the technical factors = 70 %
• The weight of the cost = 30 %
Only proposals with average scores of at least 70 points in the technical evaluation
Criteria set out in Annex II qualify for the financial evaluation.

Article 16 -     Technical evaluation of bids

The technical quality of each bid will be evaluated in accordance with the evaluation
criteria specified in Annex II of this RFP document. No other award criteria will be used.
The award criteria will be examined in accordance with the requirements indicated in
this RFP.
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                              Page 9 of 23
Article 17 -      Evaluation of financial offers

Upon completion of the technical evaluation, the financial offers of those bidders who
passed the technical evaluation stage will be opened.

Article 18 -      Amendments

During the proposal submission period, if the HAAD decides to modify/ change any
requirement/s of the RFP, [the modification/s shall be released through the issuance of
an amendment to the RFP.] Any amendment will be issued in writing and will be sent to
all bidders.

Article 19 -      Confidentiality

The entire evaluation procedure is confidential and all proposals are for official use only
 and may be communicated neither to the bidders nor to any party other than the HAAD.

Article 20 -      Ownership of Proposals

The HAAD retains ownership of all proposals received as part of this tender.
Consequently, bidders have no legal right to have their proposals returned to them.

Article 21 -      Bid Cancellation

The HAAD has the right at any stage in the bidding process to cancel the whole bid without
 justification to any of the bidders. In the event, Bidders will be notified in writing of the
 cancellation by the HAAD.

Article 22 -      Discussion/Negotiation

HAAD may initiate discussions should clarification or negotiation be necessary. Bidders
should be prepared to provide qualified personnel to discuss technical and contractual
aspects of the proposal.

Article 23 -      Award Letter & Contract

HAAD reserves the option of contracting only for a portion of the specified project scope
or of not awarding a contract to any bidder. Final approval to enter into a contract, the
contract form and the scope of services to be provided pursuant to the contract, rests
with HAAD. A contract may be awarded to more than one bidder based on the quality of
the proposals and HAAD’s needs. Please note that an award letter is not a contract and
can be withdrawn at HAAD sole discretion.

Article 24 -      Performance Bond

The Vendor will be required to secure a performance bond in an amount equal to -10% of
the of the total award price within 10 days from signing the contract and to be in effect
for the duration of the performance period. The performance bond may be used to satisfy
penalties for lack of delivery and/or loss incurred in the event of the Vendor’s failure to
deliver or perform according to the requirements of this RFP and the purchase order. The
performance bond may be liquidated by HAAD for reasons including without limitation in
case of lack of performance; when 10% delay penalty imposed on the Vendor; if the
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 10 of 23
Vendor found to be corrupt or committed fraud; and if the Vendor sub-contracts or
assigns the contract without HAAD prior written approval.

Article 25 -     Bidder’s Responsibilities

It is bidder’s responsibility to examine all of the RFP’s terms and conditions and to
request for clarification from the Contracting Authority (only to the contacts mentioned
in the RFP in writing) for unclear and vague statements, if any. It shall be bidder’s
responsibility if his proposal is eliminated due to submission of unclear, improper and
loose proposals.

Article 26 -     Governing Law and Language

20.1. This Tender is subject to, and shall be construed according to the applicable laws
      and regulations of the United Arab Emirates, the Emirate of Abu Dhabi and HAAD
      polices.

20.2. The Tender and all notices pursuant to the provisions thereof shall be in English.




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 11 of 23
                            Section B – Terms of References

Article 1 -      General background and HAAD objectives

The Health Authority - Abu Dhabi (HAAD) is a local governmental entity established by
Law (01/2007); the main function of HAAD is to regulate the Healthcare Sector within
the Emirate of Abu Dhabi, both Public and Private, through Policies, Laws, Regulations,
Inspections and Audits. The corporate office of HAAD is located in the capital of UAE, Abu
Dhabi.

HAAD is responsible for licensing, quality control and in regulating all of the health care
facilities and health professionals in the Emirate of Abu Dhabi, with the vision in
developing health communities, and to monitor healthcare facilities so that it delivers
high quality healthcare services in accordance with the best international practices and
quality standards to its population. HAAD does not itself provide healthcare services or
health insurance.

For more information on the company please visit: www.haad.ae.

Article 2 -      Scope of Work

1) Specific Background and Objectives

HAAD IT Department supports the objectives of HAAD in ensuring reliable excellence in
healthcare and compliments Abu Dhabi e-Government initiatives. HAAD IT operates and
manages information processing facilities that complement HAAD’s business in
delivering effective e-services.

HAAD – IT Department strives to improve information security posture on a continuous
basis, by identifying and addressing known weakness associated with its information
processing facilities. The main objective of this project is to complement, HAAD IT
Department, in enhancing its IT Risk Management program by systematically
implementing a suitable Enterprise Vulnerability Management Solution, to accomplish its
mission in establishing a secure IT environment.

2) Technical Requirements

Through this RFP, HAAD is requesting proposals from competent and highly qualified
bidders, who have sufficient experience in supplying, installing, training and supporting,
industry renowned Enterprise Vulnerability Management Solution.

The Vulnerability Management Solution should target operating systems, networking &
security devices, databases, web services and applications.

The bidder should plan and incorporate training / certification of minimum two
personnel for knowledge transfer.

The bidder should be proficient in information security with an excellent knowledge and
practice of, especially, Vulnerability Management. The execution of similar projects in
other government entities will be a plus.
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 12 of 23
The bidder shall clearly specify the proposed approach, methodology and plan for
implementing Enterprise Vulnerability Management Solution.

3) Purpose and Expected Results of this RFP

The purpose of this RFP is to evaluate and procure an Enterprise Vulnerability
Management Solution which will automate vulnerability assessment process of HAAD’s IT
Systems, and assist in prioritizing remediation actions for effective implementation, in
timely manner.
The expected outcomes of this project are:
       The Enterprise Vulnerability Management Solution/system delivered, installed,
        configured, deployed and operational.
       Comprehensive host and network profiling.
       An automated and comprehensive devices discovery report.
       Comprehensive method and procedure for asset identification.
       Comprehensive method and procedure for prioritizing vulnerabilities for
        remediation.
       Sample reports of vulnerability assessment.
       A centralized operational reporting and administration web interface for
        administration, configuration, reporting and workflow.
       Automated steps for vulnerability management lifecycle from discovery to
        prioritization and issue resolution.
       Training of identified personnel
       After sale support

4) IT Infrastructure Environment details

The IT infrastructure environment covers the below mentioned details:

Sr.No        Environment                               Description
                                 Suse Linux, Microsoft Windows (Server & Workstation
 01.     Operating System
                                 flavors), CISCO IOS & Junipher.
                                 Servers,    Work       Stations/Desktop,   Network
 02.     System/Device Type      Switches/Routers, Firewall, Wireless LAN, CISCO IP
                                 Telephony and Load Balancer.
                                 Web services, Apache, IIS, .Net Framework, ERP/BPM
         Web Services /
 03.                             Solutions, Microsoft - business software & office
         Applications
                                 products, Oracle Applications, Microsoft Exchange, etc.
 04.     Databases               Oracle and MS SQL




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 13 of 23
5) Enterprise Vulnerability Management Solution

The bidder should provide comprehensive description of the proposed Vulnerability
Management solution in response to the RFP.

The detailed description of Vulnerability Management Solution should include:

      Solution Architecture
      Deployment and Administration
      Service / System Discovery
      Vulnerability Assessment
      Remediation/Patch Management
      Reporting & Alerts
      Integration Capabilities
      Solution and Data Security
      Software and Vulnerability Updates
      Training, Customer Support, Service Level Agreements and Documentation
      Pricing

The bidder shall consider the below mentioned requirements while responding to this
RFP:

5.1.   Solution Architecture:
      The bidder shall provide details regarding the proposed solution’s make and
       features. It must be specified whether the solution is software based or Hardware
       based.
      The described details must cover the operational requirements (hardware
       platform, operating system, database, hardware sizing and storage capacity, etc.)
       of the solution.
      The solution’s security architecture must be efficient and should complement
       towards enhancing the existing security infrastructure of the Authority.
      The solution shall support advanced User Interface and Central Management
       console.
      The solution shall support role-based access control and must have features for
       assigning varied level of privileges to users of the solution.
      The solutions shall have limited impact/traffic on the IT environment.
      The solution should have features to control the impact on network bandwidth
       and server performance caused by proposed solution.
      The solutions shall not cause any services or devices to fail. If there are any known
       adverse impacts being reported in past, on any type of devices or services, the
       details on same must be provided by the bidder in the response to this RFP.
      The solution shall have ability to create log entries for activities being performed.
       The bidder shall provide details on the storage requirements for logs beings
       generated by the solution.


________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 14 of 23
5.2.   Deployment and Administration:
      The bidder shall describe the typical requirements of their proposed solution for
       deploying in the production environment of HAAD.
      The solution should have capabilities to arrange IPs and form groups to represent
       various business functions or service offerings within the Organization.
      The management/administrative module of the solution should have capabilities
       to create users and user groups with varied level of access rights and privileges
       assigned to them.
      The bidder shall provide details on the type of responsibilities involved prior to,
       during and after deployment of the solution.
      The bidder shall provide details regarding the backup and restoration
       requirements of the solution.
      The bidder shall provide the warranty terms and conditions available with the
       solution/product, post procurement of the solution.
      The selected vendor shall provide user administration guide and manuals
       describing the procedures for administrating the solution.
      The vendor shall also train and conduct knowledge transfer exercise for technical
       staffs at HAAD.
      The solutions capabilities to perform asset identification and/or grouping will be a
       plus.

5.3.   Service / System Discovery
      The solution shall be capable of performing network wide discovery and shall
       have capabilities to identify type of system/service (e.g. Applications, network
       topology, switches, firewall, mail-server, desktop, etc.)
      The bidder shall provide details on:
       o Maximum number of ports the solution can probe at a given point in time and
         can these default set of ports be customized and modified.
       o Types of operating systems the solution can identify.
       o Types of services/protocols the solution can identify.
       o Types of applications identified by the solution.
       o List of devices (printers, routers, wireless access points, etc.) identified by the
         solution.
      The bidders shall also describe the ability of the solution to identify applications
       running on non-standard ports.
      The solution shall have ability to list the number of unique vulnerabilities that are
       identified and profiled against various Operating Systems, Networking
       components, wireless devices, services/protocols, web services, applications and
       database systems.
      The solution shall not have any adverse impact on hosts or services while
       discovering devices on the network.


________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 15 of 23
      The solution shall have ability to track the hosts over time in a dynamic IP
       environment (DHCP).

5.4.   Vulnerability Assessment
      The bidder shall describe in detail the methods by which the solution detects
       vulnerabilities, in consideration with below:
       o The capability to perform remote assessments, local checks with or without
         credentials, passive assessment, agent-based and/or agent-less assessments.
       o Types of systems supported with local checks with or without credentials (i.e.
         Windows, SSH, SNMP, etc.)
       o The ability of the product to manage credentials for hosts in a large enterprise.
      The bidder shall provide details on the size of vulnerability signature database,
       including breakdown of types of signatures (i.e. CGI, RPC, etc.) and number of
       signatures that map directly to CVE IDs.
      The solution shall be capable of providing accurate results, while performing
       vulnerability assessment and shall have reduced number of false positives and
       false negatives.
      The bidders shall describe the ability of the solution to configure scan
       windows/scheduled scans to work around corporate scan windows, scan
       scheduling, and automatic/manual pausing/stopping/restarting of scans.
      The bidder shall describe various scanning options available with the solution, in
       terms of predefined scan templates and customizable scan templates.
      The solution shall have features to scan for a particular vulnerability or set of
       vulnerabilities.
      The solution shall provide options, for administrators, to modify existing rules or
       create their own rules.
      The bidder shall describe the level of expertise required (i.e. scripting vs. wizard
       interface) for customizing the existing rules or to create new rules.

5.5.   Remediation/Patch Management
      The solution shall have features to support automated remediation workflow
       functionality.
      The bidders shall describe a sample vulnerability lifecycle scenario including the
       steps an administrator would take to find, fix, and validate the remediation of
       vulnerability.
      The solution’s workflow functionality shall include the ability to create policies to
       set baseline standards for the devices and systems.
      The reports/results generated by the solution shall include links to patches and
       remediation instructions.
      The solution shall support validation of remediation actions defined for the
       vulnerability (i.e. scan a specific host or group of hosts on demand to verify that
       vulnerabilities have been remediated.)


________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 16 of 23
      The solution shall have options to automate validation of remediation actions
       defined for the vulnerability in internal workflow functionality and/or using an
       external ticketing system.

5.6.   Reporting & Alerts
      The offered solution should be able to capture and provide detailed reporting
       capabilities with the following as minimum requirements:
      Generate different types of standard reports that comply with various industry
       norms and standards.
      Provide samples of standard reports generated by the solution.
      Details on various types of formats, in which the solution’s reports can be
       downloaded and/or exported.
      Details on the solution’s vulnerability scoring system and the methodology behind
       it.
      Have prioritization capabilities with respect to vulnerabilities and remediation
       tasks.
      Details on factors that the solution utilizes to prioritize vulnerabilities (i.e.
       vulnerability risk, asset value, proximity of host to an insecure network, etc.)
      The solution’s vulnerability scoring system shall provide options                   for
       customization and shall complement HAAD’s vulnerability rating scheme.
      Features to create custom reports that provide details on the specific services,
       vulnerabilities, applications, network, hosts, etc.
      Support differential reporting to review the progress status of previously defined
       remediation actions.
      The reports generated by the solution shall include remediation information with
       respect to the identified vulnerabilities.
      Capable of consolidating scan data to produce a single report for the entire
       network/enterprise.
      Capable of generating specific regulatory compliance reports (ISO/IEC 27001,
       ADSIC, HIPPA, etc.).
      Capable of producing reports, listing all hosts & vulnerabilities associated with the
       particular application / service.
      Have capabilities to manage system baselining/policy management.
      Capable of generating report, listing all applications on a host or network,
       regardless of whether the application is vulnerable or not.
      The solution shall generate alerts based on:
       o Specific vulnerability condition
       o Discovery of new host on the network
       o Exceeding the threshold scores/baseline set for the hosts.
      Capable of distributing reports automatically, at scheduled intervals, to identified
       personnel via emails.
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 17 of 23
5.7.   Integration Capabilities
      The bidders shall provide details regarding the capability of the solution to
       integrate with typical enterprise network environment.
      The following integration capabilities are looked at, by the Authority;
       o Integration with other security solutions (i.e. Security Information/Event
         Management, Patch Management, IDS, IPS, etc.). The bidder shall provide a list
         of all such completed functional integrations for the proposed solution.
       o Integration with external system or programs by using an Application
         Programming Interface (API). The bidder shall provide details regarding the
         functionality available via the API and the method utilized by the solution to
         interact with external systems or programs.
       o Integration with external Ticketing / Helpdesk System (HEAT – Helpdesk
         System) to generate automatic tickets, whenever a report is circulated to
         designated personnel for taking appropriate actions.
       o Integration with any asset management systems.

5.8.   Solution and Data Security
      The solution shall have role based access controls in place to control and manage
       users of the solution.
      The solution shall have capabilities to generate logging and audit-trails for actions
       performed by the users.
      The bidder shall provide details on the level of logging and audit-trail capabilities.
      The bidders shall provide details on the flow of data through/to the solution and
       the security measures in place to protect this data.
      The bidders shall mention on what operating system the solution’s appliance is
       based on, if appliance based solution is proposed.
      The solution should exercise secure means for storing the vulnerability data
       identified during the scanning of systems / devices.
      The solution should utilize adequate security measures to protect the data in
       transit.

5.9.   Software and Vulnerability Updates
      The bidder shall explain in detail the solution’s software and vulnerability update
       process.
      The solution shall have automated procedures to deploy software or vulnerability
       updates. The solution shall require one manual intervention during the process of
       software or vulnerability updates.
      The solution’s update procedures shall support change control processes.
      The solution’s software or vulnerability updates shall be provided with an easy to
       roll-back features, to ensure deployed updates can be rolled back easily in an
       event of disruption caused by the released updates.
      The bidder shall provide information regarding the vulnerability signature
       creation methodology and QA process.
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 18 of 23
      The solution shall have defined frequencies to update with vulnerability rules and
       software.
      The solution shall have a service level agreement (SLA), on the timelines for the
       release of vulnerability updates, when new vulnerabilities are discovered.
      The bidder shall provide a roadmap of upcoming features of the proposed
       solution.

5.10. Training, Customer Support, Service Level Agreements, Documentation
      The bidder shall include training as part of the Solution procurement and also
       provide details on the level of training required and recommended.
      The bidder shall describe official training courses that are provided as part of the
       solution procurement.
      The bidders shall include details on standard hours defined for customer service
       and support.
      The bidder shall include the details on terms and conditions of support in
       reference to online support, phone support and onsite support, provided during
       maintenance and support phase of the solution.
      The bidders shall provide details on standard support response times and service
       level agreements.
      The bidders shall state if any professional services are required or recommended.
      The bidder shall provide the details on types of documentation provided along
       with the solution.
      The bidder shall provide details on the warranty options that are available along
       with the solution procurement.
      The bidder shall include a copy of the solution’s terms and conditions.

6) Project Management

      The bidder shall include the method and approach used to manage the overall
       project. Also, briefly describe the execution plan of the project, covering the
       complete life cycle of the project.
      The bidder shall also submit a detailed effort estimation chart, detailing efforts
       required for each of the activity identified as part of the project life cycle.
      HAAD will assign a Project Manager who will be responsible for follow up and
       monitoring the work progress during the project execution period. HAAD will be
       responsible for involving other key stakeholders within the organization or from
       the Healthcare Sector, as deemed necessary.

7) Period of Execution

When a bidder is selected and a contract is signed between the bidder and HAAD, the
expected commencement of the Enterprise Vulnerability Management Solution
implementation should begin within one week and shall be completed within the
stipulated time-frame, as detailed in the effort estimation chart..
________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 19 of 23
The period of execution of the whole project will be a maximum of 15 working days
starting from the commencement date to be stated in the signed Contract.

Bidders should submit a time schedule for the project implementation period.

Article 3 -      Project’s Deliverables

While HAAD will monitor the output of the Vendor and the project progress, the Vendor
should be responsible to deliver the following documents as a minimum:

              Deliverables                                   Description
                                        A report that summarizes the scope, approach,
                                        implementation overview and benefits derived by the
1. Executive Summary report             organization, in a manner which is suitable for senior
                                        management.
                                        Documentation developed for the use of HAAD’s
2. Technical documentations (User       technical staff which discusses the detailed technical
   Manuals    and   Administrative      procedures for deployment, asset profiling, scanning,
   Guides) and Standard Operating       identifying vulnerabilities, assigning risk ratings, risk
   Procedures                           prioritization, risk remediation plan and reporting
                                        features of the Solution.


1. Deliverables, as defined in above table for the implementation of the whole solution
   shall be provided at the completion of the project to the satisfaction of HAAD.
2. Warranty Certificate for the delivered and installed items for the period of three
   years, starts from the date of complete installation and successful operation of the
   delivered items.

Article 4 -      Delivery, Installation & Configuration Terms

    1- Requested Solution must be delivered, installed, functioning and tested as per the
       tender requirements.
    2- Vendor is responsible for providing the licenses required for the function of the
       delivered solution.
    3- Vendor must install, configure, and customize the proposed solution according to
       HAAD security, and network/system environment.
    4- Vendor must comply and confirm with the tender requirements in their Proposals.

Article 5 -      Warranty and Support Terms

    1- The Vendor shall provide maintenance, support and warranty for the whole
       solution for a period of 3 years, along with all the solution upgrades and software
       updates on a 24x7 basis, 365 days.
    2- The warranty shall cover all materials, services, and support. All licenses shall be
       under the name of HAAD and the Vendor shall handover license keys to HAAD.

________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 20 of 23
   3- The vendor shall provide details on standard response & resolution times.
       Response and resolution time begin just after HAAD reports the incident to the
       vendor.
   4- The vendor shall provide onsite/off-site support based on the standard support
       terms and conditions and shall provide adequate reports.
   5- The vendor shall provide a hot line number for use outside office hours for logging
       service calls. A certified technical expert on the solution shall be available for
       immediate response.
   6- Vendor shall deliver in their technical offer, the escalation procedures with
       required contact names, E-mail’s and mobile numbers in order to solve any
       technical and non-technical problems throughout the life cycle of the project and
       warranty period.
   7- The Vendor will be responsible to resolve any problem related to installation,
       configuration, integration, software, and hardware and Operating System bugs.
   8- Vendor must provide in their proposals the Solution’s (software and/or hardware
       Operating system) upgrading strategy during the warranty and support period
       whether it’s minor or major releases
   9- Warranty of the equipment will begin after the project delivery, testing and
       operation acceptance is signed by the Contracting Authority. A completion letter
       must be signed by both parties, Contracting Authority and the Vendor, after which
       the warranty period would begin.
   10- In case of failure to comply with the response time commitment and rectification
       time commitment, inclusive of device replacement as per warranty terms, HAAD
       would levy penalty of 5% per day of the total Contract Value from the time of
       lodging complaint for delay in bringing the system to working condition.
   11- Supplier shall have presence in UAE for Support.




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 21 of 23
                                        Annex I- Financial template

                                                                Item description     Total Cost in
       Phase Title            Phase Deliverables
                                                                                        AED*
1) One-time Cost     Hardware cost**
                     Software cost
                     Perpetual license cost
                     Training / Knowledge transfer cost
                     Professional Services cost
                     (implementation & configuration)
                     Additional Module cost, if any
                     Other Costs (freight, insurance,
                     miscellaneous, etc.)
I: Sub Total: One
time cost
2) Recurring Cost                                       2nd
                     Software Maintenance,             Year
                     support and Content Updates        3rd
                                                       Year
                     Hardware Support,                  2nd
                     Preventive Maintenance twice      Year
                     a year starting from second        3rd
                     year                              Year
II: Sub Total:
Recurring Cost

Total financial
offer
(I + II)

                                *Total cost inclusive of all /any anticipated (travel,
                           accommodation, ,,etc), overhead costs and applicable taxes, VAT,
                                                       tariffs


      **All hardware and software should be including one year warranty and full support
      with no cost for the first year starting from the date of accepting delivered and installed
      hardware/software




      ________________________________________________________________________________________
      RfP no.: 19/S/ HAAD/PT/2012                                             Page 22 of 23
                                    Annex II – Evaluation factors

*The cut-off point for rejection (i.e. the total technical criteria score must be above 70 to be accepted)
must be provided by the Requesting Dept. in collaboration with concerned departments.
                                                                                  Maximum
                                                                                                     Score
                   Evaluation factors for other items                               Score
Understanding of the project's requirements and the suitability of
the proposed solution, approach and demonstrated evidence to
                                                                                   30
be able to deliver the solution as per HAAD's needs and
expectations.
Bidder’s strong and demonstrated background and experience on
projects of similar nature, especially within government entities,                 30
including references inputs and/or feedbacks
Availability of sufficient and capable personnel with the required
qualifications, skills and experience dedicated to the project,                    20
detailed team structure provided
The details, quality, adequacy and schedule of the project plan for
                                                                                   10
the activities planned.
Training and transfer of knowledge which indicates the type of
training available, duration of the training, training syllabus,                   10
training location and Certification examination
                                                                                                    Bid:
           Total Technical Criteria Score must be at least                        100           Accepted 
                                                                                                Rejected 

Mandatory Criteria                                                              Yes /No
Existence of local representative which can provide after sales-
services, warranty services and local support.




________________________________________________________________________________________
RfP no.: 19/S/ HAAD/PT/2012                                             Page 23 of 23

								
To top