Closed ATM View - RBA-OT-IT-13
IT Service Management Refresh
Canberra, Sydney, Melbourne, Adelaide, Perth, Brisbane, Darwin, Hobart
Procure and integrate a cloud-based solution for the electronic management of business processes that can be measured and monitored. The Supply will automate workflow activities and realise time efficiencies. Training will be included in the Supply for Bank staff and administrators.
Last day to register for industry briefing - 2pm AEST 12 May 2021
Industry Briefing - 2pm AEST 14 May 2021
Cut-off time for questions - 2pm AEST 28 May 2021
Last day to return signed Response Deed - 2pm AEST 9 June 2021
RFP response received prior to the closing time
Exists as a legal entity with an Australian Business Number at the closing time
Only one response per Respondent will be accepted
Statement on employee entitlements and work, health & safety
Statement on workplace gender equality
Entities must not be listed as terrorist organisations or subject to sanctions
Public disclosure requirements & right of audit
Minimum content and format requirements;
Responses should be lodged in Microsoft Word, Microsoft Excel or PDF format. Responses should not be password protected
All RFP response documents, including any additional documents in support thereof, must be in English
RFP response received, completed and signed Respondent’s details and deed
All costs, fees, prices and other monetary amounts in the Proposal must be expressed in Australian currency
Mandatory Criteria;
•Does the Supply have the ability to integrate with the Bank’s Azure Active Directory (AD) for user management?
•Does the Supply allow service requests and incidents to be logged via email, self-service portal and mobile application (iOS and Android)?
•Does the Supply provide the ability for workflows to execute task assignment actions in the system based on business rules and roles?
•Does the Supply provide a segregated environment (physically or logically) so that all customer’s data is isolated from other customers’ data and protected against any unauthorised access?
•Does the Supply use Transport Layer Security (TLS) 1.2 or higher encryption for all data in transit between the Bank and the Supply (including all server-to-server data transmissions, within data centres (cloud))?
•Does the Supply support multi-factor authentication, such as mobile one-time passwords or soft tokens?
•Does the Supply ensure only authorised users have access and are given the necessary rights to perform the tasks required of their role (i.e. role-based access control)?
•Does the Supply comply with the Australian Signals Directorate Information Security Manual Cryptographic Controls encryption of data in transit and data at rest, as per the cryptography guidelines in the following link: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms?
•Does the Respondent have a security incident response plan describing the roles, responsibilities, notification service-level agreements (SLAs) and communication channels etc?
•Does the Supply have an availability ratio of at least 99%?
•Is the Supply able to prevent the loss of data or data corruption as a result of failover?
•Does the Supply provide a non-repudiable audit log of all Bank administrative activity, including as a minimum:
* creation and deletion of users
* change in authorisations
* change in credential (password change)
* change in security configuration controls
* change in system configuration controls?
•Does each new release of the Supply include a comprehensive change log and / or release notes?
•Is solution support available 365-days a year, 24x7 using a “follow the sun” model?
•Is the Bank able to securely archive data at the end of its retention period (or as required)?
•Is the proposed tool a software as a service (SaaS) cloud solution?
•Does the Supply provide information technology infrastructure (ITIL) capabilities including as a minimum: Incident Management, Problem Management, Change Management, Self Service (event logging), Service Request Management, Service Catalogue, Configuration Management and Service Level Management?
•Does the application meet Web Content Accessibility Guidelines (WCAG) 2.1 level AA for accessibility?
•Does the Supply allow for delegation of an approval for authorisation of requests?
August 2022 implementation