Clarification to Bidders Batch no.: 1 RFP No. 42/S/HAAD/PT/2014 Clarification issue date : 01 st October, 2014

Transcription

1 Q. S/R Questions & Answers 1. Q. The number of ITIL processes that are already implemented A: 5 ITIL processes are implemented within currant service desk and we are in process for more Service request, incident management, problem management, change request & configuration management \ISMS process also implemented 2. Q: The maturity of the ITIL processes will also determine the effort that will be required to plug the gaps to conform with the ISO/IEC requirements A: Maturity assessment 3. Q: Staff experience and knowledge of ITIL and ISO/IEC A: Senior management in IT is having enough experience and knowledge 4. Q: ITSM tools that are already in place to support the ITSM processes e.g. service desk/incident management tools, change management, CMS (configuration management system etc.) having a good integrated ITSM suite of tools will greatly facilitate the documentation requirements laid down by the ISO /IEC standard Existing certificates, like e.g. ISO 9000, ISO/IEC A: Already certifies ISO 9000, ISO/IEC Q: The size of your IT organization A: Q. The complexity of your services t complicated 7. Q: The scope (small, medium, large) of the certification 1 / 13

2 A: Define small, medium, large 8. Q: The culture of the organisation resistance to change? 9. A: HAAD culture is accepting changes Q: The commitment and support of the organisation s top management - is the organisation s CEO supportive of the initiative this is a key success factor for getting the organisation certified A: Yes 10. Q. On title page, HAAD is asking to provide proposal on ISO :2005 but in detail scope they have mentioned ISO :2011; just to tell you that 2005 version in no more available and replaced by ISO :2011. Please clear this point? A: 2011 Version Standard 11. Q. Is HAAD ISO9001 certified? A: Yes 12. Q: Is HAAD ISO27001 certified? A: Yes 13. Q: Does HAAD has implemented any help desk or service desk software fully because they said on page 16 that they have mentioned iheat software but they said they are going to upgrade or may change this software. Phase-2 scope of work would be done on help desk and service desk software. To be more precisely it should be clear. Whether they just want charging model and algorithm set on paper or want automated on service desk/help desk? How many users license HAAD has? One page 13 of RFP they said they have SSD and help desk, which they want to outsource! Its mean they have both software please confirm HAAD on my above asking in this question. 14. A: It s in process now to change the helpdesk tool to be Manage Engine MSP Q: HAAD wants to implement Financial Cost Model and Chargeback in phase-2 for all IT services configure in Service Catalogue! HAAD wants this on paper or automation required at Service Support Desk or Help desk software? List of IT 2 / 13

3 services HAAD is providing to internal & external customers? Please list of services separately for (Internal / External). A: Model and Chargeback To be automated 15. Q: RFP clause for vendor to must have *ISO 9001:2008 is compulsory? HAAD is asking company should be *ISO 9001:2008 certificate compliant. Please clarify with them? A: Yes is set for evaluation criteria Q. Does HAAD has in-house software development team? If yes, please mention number of people? A: Yes 7 resources 17. Q: Does a Service Desk exist which manages co-ordinates and resolves incidents reported by customers? A: yes 18. Q: Is there any special training programs, orientation workshops, gap-analyses, etc. with reference to Information Security, IT Service Management System which have been done in the last 2 years? 19. A: Very simple basic security related training has been conducted for both internal IT and whole organization s staff. However, nothing has been initiated for IT Service Management. Q: Is there any Disaster Recovery Site. HAAD has? Or any third party business continuity function at HAAD is in place? A: Yes 20. Q. According to our understanding HAAD would be responsible for hiring the Certification body. Please confirm if this is correct. [Article 4 Section A #10 Page 15/27 & Article 6 Section C Page 18/27] A: Vendor should contract with the certification body as per the HAAD IT recommendation 21. Q. Can you please confirm that the existence and alignment of the listed processes in Article 4 Section A #5 (Page 14/27) are compliant to the ITIL/ITSM best practices? [Artcile 4 Section C Page 16/27] A: Yes it is 3 / 13

4 22. Q: When was the last ISMS certification audit conducted and was the IT Support esk under the scope of that audit? A: Last year / Yes Support desk was under the same 23. Q: Is HAAD currently measuring any performance metrics on its IT infrastructure, applications and processes? If so, can you please share the same with vendor? [Artcile 4 Section A #8 Page 15/27] ware not measuring any performance 24. Q. Does HAAD currently have defined SLA/OLA mechanisms in place? Is SLA benchmarking also in place? [Artcile 4 Section A #5 Page 14/27] t yet define Q. Does HAAD have an existing team which is into IT process definition? If yes, what is the team size and what will be the team's involvement in the ISO certification journey, will they take part in documentation along with vendor consultants. A: We are 27 head count and sure IT senior management will be involve for the same 26. Q: The proposed timelines seem aggressive to exhibit the improvement cycle for ISO processes, is there a possibility to extend project timelines currently defined for Phase 1 and Phase 2? [Article 5, Page 17/27] A: You can propose the approach and time line and we will evaluate the same 27. Q: Does HAAD have any Financial Cost Models or Chargeback Calculations for IT services currently in place? If so, what is the current mechanism and are there any challenges with the existing models? [Artcile 4 Section B Page 15/27] we don t have any cost chargeback in place 4 / 13

5 28. Q: As stated in the RFP, the current Help desk tool iheat is either to be upgraded or changed. What is the tool migration plan for it? [Artcile 4 Section C Page 16/27] A: Refer to Q. No Q. Please provide a list of current IT services provided by HAAD? A: Examples only Desktop support service, infrastructure services, in house development services 30. Q. Please provide a list of IT processes that are already implemented by IT Service Management teams in HAAD? A: This can be share later Q: As part of the ITIL implementation the expected vendor would develop the required process and train the relevant teams. Is vendor consultants expected to implement and configure any ITSM tool? 32. Q: Should the expected vendor engage in development of RFI s/rfp s for procurement of the new ITSM tool, vendor evaluation etc. as part of implementation support 33. Q: Is expected vendor s consultants expected to implement and configure the new ITSM tool? 34. Q. Should the certification cost be included in the cost proposal? A: Yes 35. Q. Do you want to monitor performance and availability of the network devices? (Server, switches, routers, access points, etc.) 5 / 13

6 36. Q: Do you want to monitor performance and availability of applications? (MS Exchange, Share Point, MS SQL, Oracle, Active Directory)? Yes/No 37. Q: If yes, how many applications do you have? 38. Q: Do you want to manage device configurations? (config, backup/restore, tracking changes, inventory, etc) If yes, how many devices you will manage? 39. Q. Do you want to monitor performance and availability of Storages? If yes Total No. of HDD in storage? if no, Brand & Model no of Storage? 40. Q. Do you need visibility of users network activity? (protocols, top talkers, receivers, transmitters) based on Netflow, sflow, jflow, ipfix data? yes / no 41. Q: Do you need monitor the quality of service experienced by your end-users, especially on web sites and web applications? Yes / no 42. Q: Do you need to know where devices are connected in your network? Yes / no 43. Q: Do you need ticketing system (Helpdesk)? Yes / no if yes, Number of Engineers in your team? 44. Q. Do you want to monitor Virtual Environment? ( VMware or Hyper V). if yes, No of CPU in physical hosts? 6 / 13

7 45. Q. Do you want to monitor IP address, Subnets,DHCP servers and DNS servers? (Available IP, DHCP managing IP, Used IP, device which using that particular IP etc). yes / no 46. No. of endpoints: Servers? Laptops? Desktops? 47. Q: No. of operating systems : Mac? Unix? Linux? Windows Server 2000? indows Server 2003? Windows Server 2008? Other? please specify 48. Do you have a DR site(s)? A: yes yes / no 49. Q. Please fill in the following options needed with regards to your NPM requirement: Training (1 day)? Customization of NPM? Implementation Services? POC? Audit of existing network? upgrade? A: N/A 50. Q. Article 2. Paragraph. 1. The IT infrastructure currently in place consists of a fullfledged Data Center that connects all HAAD locations and offices, and serves the business needs of its employees, customers, associated business and government entities and the healthcare ecosystem at large. For how many locations does HAAD offer IT Services, and what are these locations? (This is to get a better understanding on final scope of certification). A: 5 Main location 51. Q: Article 2. Paragraph. 1. The IT infrastructure currently in place consists of a fullfledged Data Center that connects all HAAD locations and offices, and serves the business needs of its employees, customers, associated business and government entities and the healthcare ecosystem at large. Who are HAAD IT Services clients ( are they purely internal or external as well)? A: Internal and External as e-services support 52. Q: Article 2. Paragraph. 1. The IT infrastructure currently in place consists of a fullfledged Data Center that connects all HAAD locations and offices, and serves the 7 / 13

8 business needs of its employees, customers, associated business and government entities and the healthcare ecosystem at large. Article 4. C. No of Locations under Scope 1 HAAD HO Abu Dhabi. Will HAAD offer IT Services only from one location as specified in RFP? A: Yes 53. Q: Article 2. Paragraph. 1. The IT infrastructure currently in place consists of a fullfledged Data Center that connects all HAAD locations and offices, Does HAAD have a single Data Centre or multiple data centres ( also from Business continutity point of view )? A: Multiple Data Centers 54. Q. Article 2. Paragraph. 2. In line with the HAAD strategy and with the objective of maximizing focus on core services and maximizing the efficiency and effectiveness of support services; the IT department plans to outsource the functions of IT service desk. What other services other than Service Desk will be outsourced? A: We have already outsource mange print services, Business application support 55. Q. Article 2. Paragraph. 2. In line with the HAAD strategy and with the objective of maximizing focus on core services and maximizing the efficiency and effectiveness of support services; the IT department plans to outsource the functions of IT service desk A: Already Outsource 56. Q: Article 4. C. Number of IT Personnel 20. Does HAAD have level 1 or Level 2 technical support team? A: Yes we have level 1 & level 2 support in form of helpdesk 57. Q: Article 2. Paragraph. 3. IT Service desk integrated with call center & IT desktop support. Can you please clarify on this statement with emphasis on service definition & support scope? A: With the help of this contract, we would like to receive IT helpdesk call center and desktop level support (it does not include server and network maintenance) 58. Q: Article 4. A. 2.Conduct a gap analysis of the current processes, review the existing set of policies, procedures and practices adopted by HAAD against ITSM 8 / 13

9 requirements based on ISO standard and ITIL best practices; Does HAAD currently have a tool oriented Configuration Management Database? A: Yes for the Asset tracking 59. Q. Article 4. A. 3. Development of a Scope of Certification based on HAAD s environment. Does HAAD's IT Strategy involve placing all its IT services under ISO scope or would it be limiting the scope of certification? A: We would like to receive your consultation / inputs in the proposal 60. Q. Article 4. A. 5. Formulate the new IT policies and Procedures or update the existing one (for example Change Management) in line with the ITIL and ISO 20000:2011 standards which should cater to the following areas relating to IT Service management and Service Delivery but not limited to:f. Service Level Management (should include SLA / OLA development ). How many Business functions exist within HAAD. How many OLAs would be required? A: Refer to the below URL Q: Article 4. A. 5. Formulate the new IT policies and Procedures or update the existing one (for example Change Management) in line with the ITIL and ISO 20000:2011 standards which should cater to the following areas relating to IT Service management and Service Delivery but not limited to:f. Service Level Management (should include SLA / OLA development ).g. Service Catalogue Management. The expected vendor shall cover Service Catalogue Management within Service Level Management procedure as Modification of the IT Service Catalogue. Kindly confirm. A: yes 62. Q. Article 4. A. 5. Formulate the new IT policies and Procedures or update the existing one (for example Change Management) in line with the ITIL and ISO 20000:2011 standards which should cater to the following areas relating to IT Service management and Service Delivery but not limited to:f. Service Level Management (should include SLA / OLA development )h. Service Reporting. The expected vendor shall cover Service Reporting within Service Level Management procedure as Service Performance Reporting and Review. Kindly confirm. A: yes 9 / 13

10 63. Q: Article 4. A. 6. Train and handover the developed IT service support policies and procedures to the IT team. Kindly confirm that HAAD is not expecting certification training such as ITIL foundation or ISO LI training as part of the scope? A: It would be grate to receive high level training 64. Q: Does HAAD expect EY to perform project management and quality assurance for the ITSM tool implementation? 65. Q: If you require EY support for tool selection and PM & QA services during implementation, what is the preferred commercial model for HAAD? (manday rate, man month rate or lumpsum fee?) 66. Q. Article 4. A. 10. Vendor shall provide necessary audit assistance and prepare HAAD to achieve compliance with ISO by contracting with the Certification body however HAAD will recommend the selection of the certification body. - Do you expect EY to bear the fee for the certification body as part of the contract? - Do you expect EY to perform ISO 20K internal audit or does HAAD have internal audit department who will perform ISO 20K internal audit?- Do you expect EY to provide internal audit training for the HAAD internal audit team? A: We expect Bidder to conduct internal audit 67. Q. Article 4. A. 4. Designing the IT service catalogue, ITSM policies, processes, procedures, Key Performance Indicators (KPIs) and ITSM Roles and responsibilities, Article 4. B. 1. Review and update the existing service catalogue. Kindly mention the number of IT services are currently offered to business. Also the number of Enterprise application services that are provided by IT to HAAD business functions. A: We don t have the formal IT service catalogue 68. Q: Article 4. C. iheat (Currently HAAD is in process to upgrade or change the tool). Will assessment of new ticketing \ ITSM tool be under scope? need for new ticketing system 10 / 13

11 69. Q: Article 4. C. iheat (Currently HAAD is in process to upgrade or change the tool). If answer to the above question is Yes, would the scope include configuring the Tool? 70. A: N/A Q: Article ITSMS Policies and Baseline Standards, Article ITSMS Polices & Procedures. Both deliverables refer to the same ITSM policies, processes, procedures deliverable mentioned in Article 4. A. 4. and Article 4. A. 5. Kindly confirm.? A: First one referring to standards and policies and second one referring to procedures 71. Q. We understand that all deliverables are going to be in English only. Kindly confirm. A: yes 72. Q. If the answer to the above question about the language of the deliverables is no (meaning Arabic is also required), we suggest that only Executive Summaries of 2-3 deliverables be translated to Arabic. Kindly provide feedback on this. A: N/A 73. Q: How many (approximately speaking) IT procedures currently being followed by HAAD IT? Can you kindly provide a brief idea about these procedures? A: We are following ISO27000 ISMS procedures 74. Q: We understand that scope of work includes only the IT services provided by HAAD to its internal users and does not include the entities HAAD regulates across the Emirate. Your confirmation of this understanding is appreciated. 75. A: YES Q: We would like to request for an extension till after Eid (October 9th). If this is not possible, at least to October the 5th. A: the deadline is already extended till12/10/ Q. 1. The scope of work mentions SLA/OLA development as part of A Phase 1 5f. 11 / 13

12 a. Please advice if the consultant is expected to define the SLA & OLA for all services defined in the IT Service Catalogue? A: Yes the consultant should define the same 78. Q. b. It is our assumption that the business approvals shall be obtained by the HAAD IT Department. Kindly confirm A: yes 79. Q: Does HAAD wish to certify against the 2005 version or the 2011 version of the standard? A: 2011 Version Standard 80. Q: What are the current ITSM processes implemented or documented? 81. A: ISMS processes is implemented we would like to combine them together Q: Is there an Internal Quality team? How big it is and does it play any role in ITSM?. we don t have Internal Quality Team 82. Q: Formal Accredited ISO training ( Foundation / Auditor ) is required and asked by Auditors? Should this be included? If yes which training ( Foundation / Auditor ) and for how many participants? A: It s good to have Foundation not auditor 83. Q. It is mentioned in the proposal that the Help Desk tool will be upgraded / changed. Will this happen during Phase 1 ( 4-5 months ) of this project or later? A: It s already in process and we are changing the tool which will be ready by Nov Q: Do you wish for the consultant to identify ITSM tools as a separate project later? A: Yes it s fine 12 / 13

13 85. Q: Was any consulting firm involved earlier to implement ITSM / ISO 20000? this is the first time 86. Q. HAAD looking for present ITSM tool replacement, New ITSM Tool proposal to be added along with the consultation. (Or already started the Tool selection process.) A: It s already in process and we are changing the tool which will be ready by Nov Q. 10. Expectation regarding Phase II, looking for fixed cost or combination of Fixed and Time & Material in the proposal. A: Fixed cost 88 Q: Is closing the project and approving all deliverables contingent upon successfully completing ISO certification by the certification body? Or is the vendor only responsible for assisting with pre-certification audits and performing the necessary pre-audit steps? A: Upon successfully completing ISO certification by the certification body 89 Q: HAAD chooses to recommend the ISO certification body. Is the vendor contracting with the certification body or is HAAD contracting with the certification body? 90 A: Vendor should contract with the certification body as per the HAAD IT recommendation Q: Should the awareness program be conducted in English and Arabic languages or should it be in English only? A: English and Arabic languages End of Clarification no. 01 ***************************************************** 13 / 13