Closed ATM View - ASA RFP PRN_12971
Managed Security Services Provider (ICT)
Show close time for other time zones
Canberra, Sydney, Melbourne, Adelaide, Perth, Brisbane, Darwin, Hobart
Managed Security Services Provider (ICT) including:
• General - Successfully perform the relevant underlying activities across all SOC functions to support the overall business outcomes. Includes adherence to all relevant Airservices operating policies & procedures and seamless integration of supporting tools for the transition In and ongoing Sustainment of the SOC solution.
• Security Monitoring - Deliver secure, centralised collection, storage, alerting, validation, analysis of all security related log files Ensure alignment to current controls and policy updates through effective configuration and change management constructs.
• Information Security Incident - Provide an effective and consistent security incident handling, detection, containment, eradication, recovery and post incident capability.
• Risk Reporting and Analytics - Deliver a security accredited risk reporting capability to support ASD ISM Essential 8 reporting. Includes relevant policy exception controls management.
• Digital Forensics and Malware Analysis - Deliver a digital forensics capability for the ongoing analysis of Malware and events/breaches investigations. Includes the capability of sandboxing to enable development of mitigation controls and malicious actors in an isolated environment.
• Threat and Vulnerability Management - Provide vulnerability insight, detection and cross system reporting along with the associated risk assessment of critical risks and gap analysis. Includes actions for rectification of same.
• Monitoring & Optimisation - Deliver an overall solution for the continuous improvement of all SOC functions, services, products and processes.
Respondents must direct any questions regarding the Request for Proposal (RFP) to the following email address: ISG.AirservicesProcurement@isg-one.com . Proposals will close 2:00pm AEST on Tuesday, 14th August 2018.
Airservices has engaged the services of Information Services Group Americas (ISG) to assist in the RFP process. Throughout, ISG personnel will be acting on behalf of Airservices Australia.
The Mandatory Criteria for this RFP are set out in Part D.5 (Pre-Qualification Response) of this RFP. The Respondent must submit its response to the Mandatory Criteria as soon as possible but no later than two (2) Business Days following the Industry Briefing described in Item 12 above.
The following are the Mandatory Criteria for this RFP:
1. The Respondent must have the ability to perform Transition in and ongoing Sustainment of all 6 Services and business outcomes (Refer Exhibit 2 (Statement of Requirements)), either wholly or by sub-contracting).
The 6 Services are:
a) Security monitoring;
b) Information security incident response;
c) Risk reporting and analytics;
d) Digital forensics and malware analysis;
e) Threat and vulnerability management; and
f) Monitoring technology optimisation
2. All SOC Functions, Services and Platforms to operate wholly within Australia.
3. MSSP SOC to currently operate at and maintain ISM UD at commencement of Service, with the capability to be cost effectively lifted to operate and maintain PROTECTED at a future time requested by Airservices without causing the loss of or degradation of service.
4. The Respondent and any subcontractors proposed in the Respondent’s Proposal must not be named as not complying with the Workplace Gender Equality Act 2012 (Cth).
5. The Respondent and any subcontractors in the Respondent’s Proposal must not be named on the Consolidated List, being the list of persons and entities who are subject to targeted financial sanctions or travel bans under Australian sanction laws, as maintained by the Department of Foreign Affairs and Trade at http://dfat.gov.au/international-relations/security/sanctions/Pages/consolidated-list.aspx.
Respondents will not be allowed to attend the Document Access Session unless they meet the Mandatory Criteria.
• Industry Briefing - Five (5) Business Days after RFP release date (10 July 2018)
• Submission of Mandatory Criteria response - Two (2) Business Days after Industry briefing.
Respondent to submit Part D.5 (Pre-Qualification response) no later than two (2) Business Days after the Industry briefing.
• Document Access Session - Five (5) Business Days after Industry briefing (17 July 2018)
Respondent to submit Part D.7 (DAS Registration) no later than three (3) Business Days prior to the DAS session.
• Proposal Phase 1 evaluation finalised - September 2018
• Solution and Commercial Dialogue Sessions - September 2018
• Proposal Phase 2 evaluation finalised - October 2018
• Negotiation of Agreement finalised - October 2018
• Agreement signed - November 2018
• Supply of Requirement commences - November 2018