Technical dialogue regarding forensic data analysis software

Transcription

1 31 January 2014 File ref.: SOK Case officer: OKA001 STATE PROSECUTOR FOR SERIOUS ECONOMIC AND INTERNATIONAL CRIME Kampmannsgade 1 DK-1604 Copenhagen V Tel.: OKA001@politi.dk Web: Technical dialogue regarding forensic data analysis software

2 Contents 1. Purpose of conducting a technical dialogue About the State Prosecutor for Serious Economic and International Crime Current state of forensic data analysis at SØIK Conducting the technical dialogue Themes The supplier s presentation Formalities Invitation to participate in the technical dialogue Preclusive time limit for requests to participate Selection criteria Technical dialogue dates Procedure for the technical dialogue Rights and obligations Appendix... 8 Page 1 of 8

3 1. Purpose of conducting a technical dialogue The State Prosecutor for Serious Economic and International Crime (SØIK) wants to conduct a technical dialogue with relevant market players to gain insight into the conditions of the market for forensic data analysis software. This will enable the State Prosecutor to make a decision regarding the most practical way to invite tenders for forensic data analysis software with a view to achieving good competitive exposure as well as market-consistent services and contract terms. In other words, the technical dialogue will form the basis for decisions about the key planning elements of an upcoming invitation to tender for forensic data analysis software and provide inspiration for the most expedient invitation process, with related commercial conditions, to secure the most attractive deliverables and stable commercial terms for SØIK. 2. About the State Prosecutor for Serious Economic and International Crime The State Prosecutor for Serious Economic and International Crime (SØIK) is a unit of the Danish Prosecution Service, and its main duties are investigating and prosecuting cases concerning serious economic crime. Specifically, these are suspected cases of economic crime: of significant scope, as part of organised crime, using peculiar business methods or that otherwise are of a particularly qualified nature. Secondly, SØIK handles international criminal cases, particularly genocide, crimes against humanity, war crimes and other serious crime committed abroad whose investigation and criminal prosecution require: specialised knowledge and insight into conditions abroad and the establishment of collaboration with authorities, institutions, organisations, etc, in other countries. As well as specific criminal cases, SØIK is also involved in preparatory legislative and international work, and its duties furthermore include: Receipt and analysis of reports about money laundering and the financing of terrorism Tracking, recovery and confiscation of proceeds from crime Initial review of criminal cases, including reports about intellectual rights infringements. SØIK staff consist of legal staff, police officers, special advisors with a financial background, analysts and administrative assistants, a total of 124 people. Of these, approx are expected to be required to use the forensic data analysis software. All users are expected to work from the State Prosecutor s offices in Copenhagen. SØIK works with a number of authorities including the National Police Service, SKAT (the Danish tax authority), the Danish Competition and Consumer Authority, and the Financial Supervisory Authority. Page 2 of 8

4 3. Current state of forensic data analysis at SØIK IT material required for the investigation of criminal cases at SØIK is acquired through searches, requests for disclosure of documents or provided in connection with crimes reported by individuals or authorities. SØIK actively collects evidence material (data) via the National Police High Tech Crime Centre (NITES), which forensically images all data on storage media selected by SØIK investigators. Such media include single computers, networks, smartphones, USB keys, CDs, etc. The forensic imaging process secures active data, deleted data, operating systems, log files, programs and activities carried out by active and former users without changing the data. NITES uses the EnCase forensic imaging system. Imaging takes place on site, and quality control normally also takes place on site, because EnCase validates whether the imaged data are identical with the original data before the data securing process is considered concluded. NITES secures data on separate, wiped hard disks that are re-copied onto other hard disks for use by SØIK as working copies. SØIK carries out all subsequent IT material processing on a working copy. The original image is kept for reference on a back-up tape, in case of any later doubt regarding the data or allegations of subsequent changes. EnCase analysis is used for investigating files from computers. The program filters operating systems, programs and file types for subsequent indexation of all humanly created files from all imaged computers in the same case. Using various forms of software, investigators can search accessible files across the imaged computers by search words and other parameters. The search results can be opened, reviewed and manually printed with a source reference. The subsequent image data processing consists of four elements: filtration, indexation, search and presentation. The processing is done on large desktop computers unconnected to a network. For security reasons, the computers used for investigation are stand-alone machines and thus not exposed to malicious code (virus, spyware, etc). SØIK uses commercially available standard tools for data searches and indexation. In future, NITES is also expected to supply data in Guidance Software EnCase 6 and 7 format. It is also expected that it must be possible to input data from the Danish Competition and Consumer Authority, which uses AccessData Forensic Toolkit. 4. Conducting the technical dialogue The technical dialogue will be conducted as meetings between SØIK and relevant suppliers. One supplier only will attend each meeting, and one meeting only will be held with each supplier. The meetings will have a maximum duration of one hour. Representatives from SØIK and the Government s Legal Advisor will take part in the meetings. The meetings will also be attended by Deloitte, which will assist SØIK with planning and conducting the invitation to tender for forensic data analysis software. The format of the technical dialogue will consist of the supplier s oral presentation of a written proposal based on the information and themes outlined in the following. Page 3 of 8

5 In its presentation, the supplier is expected to compare SØIK with other relevant and comparable customers and describe its acquired experience. The supplier is also expected to relate this experience to general market trends and to explain the commercial and technical risks that commonly arise in comparable projects. 4.1 Themes During the technical dialogue, SØIK wants to hear the supplier s viewpoints on the following themes: Contract and licence terms Delivery models Payment models System flexibility Other matters. The themes will be elaborated on below. Contract and licence terms The State Prosecutor for Serious Economic and International Crime wants a contract based on on stable, transparent licence and contract terms. In principle, tenderers will be expected to use a standard K02 contract 1 with related appendices. The supplier s view on which equipment and licence ownership models are most advantageous for SØIK. The supplier s view on the risks in the K02 contract. The supplier s view on the risks in the appendices to the K02 contract. Any general reservations the supplier may have regarding the K02 contract with appendices. A proposed alternative to the contract form if the supplier has reservations regarding K02. Delivery models SØIK is seeking a delivery model that allows it to install and operate the forensic data analysis software inhouse. The software is expected to work without external ties on SØIK s closed network. The future supplier is also expected to assist with solution configuration and support. Which delivery models can the supplier offer (eg, local installation, cloud, on-demand)? The supplier s views on delivery models which, from experience, should be considered for closer assessment with a view to achieving a more cost-efficient and market-consistent product. Which delivery model does the supplier recommend? What requirements does the delivery model recommended by the supplier make on SØIK s infrastructure or network? What type of consultancy service (eg, in connection with installation and configuration) can the supplier offer? 1 Standard contract for long-term IT projects (in Danish): Standardkontrakt-for-laengerevarende-it-projekter. In English: Standardkontrakt-for-laengerevarende-it-projekter/Engelsk-version-af-K02. Page 4 of 8

6 Which support and maintenance delivery models, possibly including on-site support, can the supplier offer? Which support and maintenance delivery model would the supplier recommend? What type of system training and instruction can the supplier offer? Payment models The State Prosecutor for Serious Economic and International Crime wants a contract based on a transparent payment model in which the price units and discount structures will match the supplier s actual cost-drivers in order to obtain an attractive price, for example, by minimising the supplier s risks?. The supplier s proposals for relevant payment models and actual cost-drivers, including the price units and discount structures that will best match the supplier s true cost structure. The number of users is expected to rise during the term of the contract, and it is similarly expected that external data access will eventually be granted to other authorities or defence attorneys in specific cases. The supplier s proposals for relevant payment models that best match the expected increase in users. The supplier s proposals for relevant payment models that best match the anticipated granting of access to external parties. SØIK also wishes to benefit from technological developments during the term of the contract, for example, in the form of new versions and releases. How does the supplier propose to ensure that SØIK can benefit from technological developments during the term of the contract? System flexibility Data input to the solution is currently expected to be in the form of EnCase or FTK (Forensic Toolkit) files. However, the solution must accommodate the need to support a broader range of file and data types in future. Are there any limitations on the file types supported by the supplier s solution? How are search data results displayed? Does the supplier s solution support the display of accounts, database tables/sources and similar? What possibilities exist for indexation and searches for/in image, sound and video files? Are there any limitations on data volumes or similar in the supplier s solution? What possibilities does the solution offer for securing physical documents (eg, by scanning)? Can the supplier s solution support encrypted file input? If so, which encryption forms are supported? What general skills are users of the solution required to have? Does the supplier s solution require additional user and skills profiles? The supplier s general proposals for optimal data security and indexation procedures, etc, in the solution. Other matters Page 5 of 8

7 SØIK would like to achieve good competitive exposure for the tendering for forensic data analysis software, as well as contract terms and services that are as market consistent as possible and support positive and efficient collaboration with the supplier, requesting The supplier s input to the process, time schedule, etc., for an invitation to tender for forensic data analysis software. The supplier s other views on matters of relevance for an upcoming invitation to tender, including relevant experience positive as well as negative from other tendering procedures of which SØIK should be aware. 4.2 The supplier s presentation The presentation should be organised according to the following structure: Contract and licence terms Delivery models Payment models System flexibility Other matters. Since a maximum of one hour has been assigned per supplier, the supplier s oral presentation of the written proposal may last no longer than 45 minutes to enable SØIK to use the remaining time to ask questions about the supplier s presentation. SØIK has listed the themes in order of priority. If a supplier does not cover all the themes in its 45-minute oral presentation, SØIK will find information itself about the other themes in the written proposal. It should be emphasised that SØIK does not want a general presentation of the supplier s company, business concept, etc. SØIK wants the technical dialogue to focus consistently on the inspiration that the supplier can provide for an upcoming invitation to tender for forensic data analysis software for SØIK. 5. Formalities 5.1 Invitation to participate in the technical dialogue This invitation to participate in the technical dialogue was sent electronically to the Official Journal of the European Union on 11. February 2014 as a prior information notice. This material was published on 11. February 2014 on Preclusive time limit for requests to participate Suppliers must register their request for participation in the technical dialogue by 2 pm (14.00) on Thursday 27 February 2014 at the latest by to saoek@ankl.dk Suppliers must submit a completed Appendix 1 along with their requests for participation. Page 6 of 8

8 Requests received after expiry of the deadline f requests not accompanied by a completed Appendix 1 will not be considered. 5.3 Selection criteria SØIK hopes to conduct a technical dialogue with a maximum of five relevant suppliers. If SØIK receives more than five requests, it reserves the right to select the suppliers with which it wishes to conduct a technical dialogue. In such an event, suppliers will be selected on the basis of the following prioritised selection criteria: Experience with performing comparable supplies Revenue generated by comparable contracts with public authorities within the latest financial year available, depending on when the supplier was established or started its business, if these revenue figures are available. Suppliers must complete the enclosed Appendix 1 and forward it when requesting participation; see item Technical dialogue dates The technical dialogue round will be held in the period from Monday 3 March to Friday 7 March, both dates inclusive. SØIK has reserved the following meeting times: Monday 3 March Tuesday 4 March Wednesday 5 March Thursday 6 March Friday 7 March The meeting times will be allocated as follows: The first supplier who requests participation in a technical dialogue has the first option of selecting a meeting time from the above list, and so on, provided the supplier in question is selected to take part in the technical dialogue. Suppliers should indicate their preferred meeting times, in order of priority, in Appendix 1. All times are given in Danish local time, CET (UTC+01:00). The meetings will be held at the offices of the State Prosecutor for Serious Economic and International Crime, Kampmannsgade 1, DK-1604 Copenhagen V. However, the meetings can be held as videoconferences if the supplier so requests. The meetings will be held in Danish, Norwegian, Swedish or English. Page 7 of 8

9 5.5 Procedure for the technical dialogue At the meeting, the supplier will present its written proposal, structured according to item 4.2. SØIK would prefer that the supplier forward its presentation at the latest at 10 am on the day before the technical dialogue with the supplier concerned to the address given in item 4.2. The forwarded presentation must be in PDF format. In addition, the supplier must forward the material in MS Office format on a USB key or via . The material may be prepared in Danish or English. 5.6 Rights and obligations SØIK reserves the right to use the information that may come to its knowledge in connection with the technical dialogue procedure. The information may be used in connection with SØIK s preparation of the set of tender documents. 6. Appendix Appendix 1 Form to be used for submitting information about the supplier; see item 5.2. Page 8 of 8