Services for Assessment, Designing and Implementation of IT Governance Framework

Transcription

1 [Abstract] BIDDING DOCUMENT Services for Assessment, Designing and Implementation of IT Governance Framework June, 2018 General Services Department, House Building Finance Company Limited) 3 rd Floor, FTC Building, Shahrah-e-Faisal, Karachi Tel:

2 Ref: HBFCL/HOK/GSD/2018 Dated: June 20, 2018 Invitation for Bids Services for Assessment, Designing and Implementation of IT Governance Framework House Building Finance Company Limited (HBFCL), Pakistan s leading housing finance institution, invites Expression of Interest (EOI) from reputed firms/companies registered with Tax Authorities and appear on Active Taxpayer List (ATL) of FBR, to provide services for assessment, designing and implementation of IT Governance Framework. Expression of Interest documents containing scope of work, technical requirement, documents required, checklist / format of response to EOI can be obtained from the undersigned during office hours or can be downloaded from websites: The expression of interest (EOI) prepared in accordance with the instructions provided in the EOI documents must reach at HBFCL Head Office, 3 rd Floor, Finance & Trade Centre, Shahrah-e-Faisal, Karachi on or before at a.m. The bids will be evaluated in terms of Rule-36(b) of Public Procurement Rules 2004 i.e. Single Stage Two Envelope Procedure. Conditional / late expression will not be accepted. The EoI will be opened on the same day at a.m., in the presence of consultant/firm s designated representatives, who may choose to attend. This advertisement is also available on PPRA website at HBFCL reserves the right to accept or reject any or all EOI in compliance with the relevant clause of PPRA Rules. Head General Services Department House Building Finance Company Limited 3 rd Floor, FTC Building, Shahrah-e-Faisal, Karachi Tel: hafeez.rehman@hbfcl.com

3 A. General 1. Scope of Bid House Building Finance Company Limited, having its Head Office at 3 rd Floor, FTC Building, Shahrah-e-Faisal, Karachi, invites sealed bids from tax registered eligible companies/consulting firms for Services for Assessment, Designing and Implementation of IT Governance Framework 2. Cost of Bidding The Bidder shall bear all costs associated with the preparation and submission of its bid, and the HBFCL will in no case be responsible or liable for those costs. B. Bidding Documents 3. Content of Bidding Documents 4. Amendment of Bidding Documents i Bidders are expected to examine all instructions, forms, terms, specifications and other information in the Bidding Documents. Failure to furnish all information required by the Bidding Documents or to submit a bid not substantially responsive to the Bidding Documents in every respect will be at the Bidder s risk and may result in the rejection of its bid. i) At any time prior to the deadline for submission of bids, the Company may, for any reason, whether at its own initiative or in response to a clarification requested by a prospective Bidder, amend the Bidding Documents. Later amendments on the same subject modify or replace earlier ones. ii) iii) Amendments will be provided in the form of Addenda to the Bidding Documents, which will be sent in writing to all prospective Bidders that received the Bidding Documents from the Company. Addenda will be binding on Bidders. Bidders are required to immediately acknowledge receipt of any such Addenda. It will be assumed that the amendments contained in such Addenda will have been taken into account by the Bidder in its bid. In order to afford prospective Bidders reasonable time in which to take the amendment into account in preparing their bids, the Company may, at its discretion, extend the deadline for the submission of bids consistent with provision of Rule 27 of PPR 2004 C. Preparation of Bids 5. Bid Prices The prices quoted would be inclusive of all charges/taxes livable by the local Authority/Provincial/Federal Governments including loading/unloading, lifting & transportation charges to the place of work. D Submission of Bids 6. Deadline for Submission of Bids i) Bids must be received at the address specified in Bid Data Sheet no later than the time and date specified in the Bid Data Sheet. ii) The Company may extend the deadline for submission of bids by issuing an amendment in accordance with Clause 9, in which case all rights and obligations of the Company and the bidders previously subject to the original deadline will then be subject to the new deadline.

4 7. Late Bids Any Bid received by the Company after the deadline prescribed in Clause 18 will be returned unopened to the Bidder. E Bids Opening and Evaluation 8. Bid Opening The Company will open all bids, including withdrawals and modifications, in public, in the presence of Bidders representatives who choose to attend, at the time, on the date and at the place specified in the BDS. Bidders representatives shall sign a register as proof of their attendance 8. Evaluation and Comparison of Bids The technical proposals of the only qualified bids after preliminary evaluation shall be evaluated in detail. The Financial Proposals of the only technically accepted proposals will be opened and the bid found to be the lowest evaluated bid shall be accepted. 9. Bid Security Bidders will be required to provide bid security in the form and amount indicated in the BDS. The successful bidder will be required to provide performance security in the form and amount indicated in the BDS. F - Award of Contract 10. Award Criteria The contract will be awarded to the successful Bidder whose bid has been found technically & commercially compliant and has offered the lowest evaluated cost, emerged as lowest evaluated bid. Provided further that the Bidder is determined to perform the contract satisfactorily. 11. Company s Right to Reject all the Bids 12. Overriding Effect of PPR-2004 The Company reserves the right to annul the bidding process and reject all bids at any time prior to award of contract. Whenever in conflict with these documents the stipulation of PPR-2004 as internally adopted by Company shall prevail.

5 G. Bid Data Sheet 1. Services for Assessment, Designing and Implementation of IT Governance Framework 2. The bidders must be registered with Tax Authorities and appear on Active Taxpayers List (ATL) of FBR. 3. No tender shall be considered as valid unless it is accompanied by The Earnest Money equal to 2% of the total value of contract in the form of a Bank Pay Order in favor of House Building Finance Company Limited from a scheduled Bank at Karachi. No other form of payment of Earnest Money shall be acceptable. The earnest money shall be liable for forfeiture, in case the tenderer withdraws his tender during the period the tenders are opened for acceptance. The Earnest Money of unsuccessful Tenderers will be returned to them after expiry of the validity of the tender/offer. 4. The Bids will be evaluated in terms of PPRA s rule 36(b) Single Stage Two Envelope Procedure. 5. The deadline for submission of bids shall be at 11:00 a.m. 6. Bids will be opened on same day at 11:30 am at the following address: HBFCL, Head Office, 3 rd Floor, FTC Building, Shahrah-e-Faisal, Karachi. 7. Bidders have to submit bids for COMPLETE REQUIREMENTS, partial and incomplete bids will be rejected. Bids submitted without signed Bid Form by authorized nominee of the bidder will be rejected. Bids with material deviation, exception, objection, conditionality or reservation will be rejected. Bids submitted late will be rejected. 8. The successful tenderer shall furnish a Bank Pay Order equal to 3% of the total value of contract in the form of a Bank Pay Order in favor of House Building Finance Company Limited from a scheduled Bank within (3) three days from the date of acceptance of the tender. No interest shall be payable by the House Building Finance Company Limited on these deposits. In the event of breach of any terms of the contract, apart from forfeiture of the earnest money & security. Earnest money & Security Deposit shall be refundable on completion of supplies and satisfactory performance of all the terms of the contract.

6 Schedule of Tender:- Sr.# Item (Detail & specification ) Qty Unit Cost Including all Taxes & Charges Total Cost Including all Taxes & Charges SIGNATURE OF THE TENDERER NAME OF THE FIRM: ADDRESS: TELEPHONE NOS:- OFFICIAL STAMP:-

7 EXPRESSION OF INTEREST SERVICES FOR ASSESSMENT, DESIGNING & IMPLEMENTATION OF ITGOVERNANCE FRAMEWORK

8 BIDDING PROCEDURE Table of Contents Introduction 2 Need for IT Governance 2 Bidding Procedure 3 A. Objective 3 B. scope of work / Techinal Requirement 3 C. Required Documents, but not limited to the following:- 4 D. Checklist / Format of response to EOI 6 Page 1

9 BIDDING PROCEDURE Introduction NEED FOR IT GOVERNANCE House Building Finance Company Limited (HBFCL) would like to initiate a project with respect to ensure HBFCL strategic alignment of IT and the business, value delivery to businesses, risk management, resource management (including project management) and performance management and to ensure that HBFCL stands fully compliant with the SBP Enterprise Technology Governance & Risk Management Framework. Page 2

10 BIDDING PROCEDURE Bidding Procedure A. OBJECTIVE In order to execute the project, it has been decided to appoint a well reputed vendor, with required competence and proven track record on similar work/projects. The vendor shall assist our entity in assessment; designing and implementation of IT Governance as per Enterprise Technology Governance & Risk Management Framework issued vide SBP s circular no.5 of B. SCOPE OF WORK / TECHINAL REQUIREMENT High level scope of work of desired consultancy services is given below. However, detailed one will be assessed and required from vendor for the evaluation of EOI Proposals. Following is the list of Policies in line with SBP BPRD Circular No 5 of 2017 Governance Framework that are required by the Bank to be developed/updated as per requirement: 1. Assess current state and perform gap analysis 2. Develop IT Governance Framework 3. Assist in the implementation of overall governance which includes at least following: Develop / Update IT/IS policies & procedures Develop / Update SOPs of the DFI Develop / Update templates/forms (where required) 4. Monitor changes to environmental and business drivers 5. Develop Program Management Framework 6. Security and gap assessment of network and infrastructure which includes: Network Devices: Routers, Switches, Next Generation Firewall, IPS & IDS, Proxy (Content filtering), NMS & etc. Page 3 Data Centre Operations and DR-Site Database Administration: Grid control model of DB, licensing, Backups (real time and offsite). Web Application;

11 BIDDING PROCEDURE 7. Assessment of server including back end and front end assessment 8. SMTP/POP Assessment, spoofing & Web based assessment 9. Assessment of Host (not exceed to 10) against malware & intruders C. REQUIRED DOCUMENTS, BUT NOT LIMITED TO THE FOLLOWING:- 1. Technology Governance Framework 2. IT Strategy Plan 3. Digital Strategy Plan 4. TORs of Board of Directors & Senior Management 5. Technology Policy Framework (IS, Services Delivery & Operations Management, Project Management, Acquisition, Development & Implementation of Technology Solution/Systems, Business Continuity and Disaster Recovery) 6. BOD MIS to oversee the Implementation of IT Strategy, Business Plan and Exception from board- approved IT Polices and progress on Major IT Projects 7. Management MIS to monitor the implementation of IT Governance and Risk Management 8. IT Training Policy, Program which includes framework, processes and procedures 9. Risk Assessment & Treatment Process 10. Disposal and Destruction Policy & Process 11. Information Classification Strategy & Guidelines 12. User Access Request Process & Procedures (Remote, Local host data and systems 13. Cyber Security Awareness Program 14. Vendor Access Request Procedure 15. Cyber Security Incident MIS 16. Vulnerability Management Program 17. IT Service Management Framework 18. IT Problem Management Policy, Process & Procedure 19. Patch Management Process & Procedure 20. IT Capacity Management Plan Page 4

12 BIDDING PROCEDURE 21. IT Data Center structure & Operations Procedures 22. IT Project Management Framework (Methodology, Team Roles & Responsibilities) 23. System Development and Acquisition Framework (Secure System Development Life Cycle Methodology) 24. Project Management Standards 25. IT Procurement Policy 26. Change Management Process & Procedure 27. Cloud Service Provider Policy 28. Data Leakage & Protection (USB and other Storage device) Policy 29. IT Helpdesk Policy 30. IT Hiring Policy 31. IT Audit Program 32. Audit Document Maintenance and Retention Policy 33. All Technology related IT / IS Procedures and SOPs 34. Review & Update of IT / IS Organizations Structure / TORs (Board IT Committee, IT Steering Committee) 35. Review & Update of BCP Plan & Process 36. Review & Update of DR Plan 37. Review & Update of IT Assets and Configuration Management Policy 38. Review & Update of Network Management Policy 39. Review & Update of Policy 40. Review & Update of Internet and Intranet Usage Policy 41. Review of Third-Party and Outsource Policy 42. Review & Update of Data Management and Backup Policy 43. Review & Update of Vulnerability Assessment & Penetration Testing Framework 44. Review & Update of Cyber Security Framework & Action Plan 45. Review & Update of IT Risk Management Policy, IS Risk Management Framework 46. Review & Update of Cyber Security Incident Management Plan, Policy, Process & Procedures Page 5

13 BIDDING PROCEDURE D. CHECKLIST / FORMAT OF RESPONSE TO EOI Qualified and interested vendors having requisite technical expertise and experience may submit their response to EOI containing following details. Following checklist, duly filled, must be provided in the beginning of response to EOI along with vendor proposal. S.No Required Documents / Information 1 Title Page: Interested vendors may please mention at-least following information on title page of their response to EOI: Title: IT Governance Transformation. Name of the Bidding firm. Name of authorized contact person along with his designation, Cell No, address, Land line No and contact address. Date of Submission of response to EOI. 2 Company Profile: Please provide at-least following information: Company Name List of Current Directors / Partners List of Offices (Street Address, Land Line No, Contact Person) Years of local and international experience in financial sector Management structure (Senior Management, Managers) 3 Company Credentials: Similar credentials of financial sector Similar credentials of other sector 4 Proposed Methodology, Processes: Please describe the proposed methodology, processes, and specific considerations etc. for assessment, design and implementation of IT Governance Page 6 Attached (Yes / No) Reference (Page No / Annexure No)

14 BIDDING PROCEDURE S.No Project Resources: Details of relevant / key resource: Required Documents / Information Attached (Yes / No) Reference (Page No / Annexure No) 5 Please provide at-least following information in respect of each relevant proposed resource in this project: Name of Employee Title/ Designation of Employee Qualification of Employee Experience/Skills of the Employee Name of Projects in which the resource participated along with performed role List of all certifications resource hold 6 The bidder must have legal presence in Pakistan. The firm must submit List of Offices across Pakistan. 7 Any other information relevant to this project that you deem necessary for selection of vendor. Page 7