DATA SECURITY ASSESSMENT REQUIREMENTS QUESTIONNAIRE RESPONSE GUIDANCE, EVALUATION AND MARKING SCHEME CROWN TRAVEL SERVICES REFERENCE NUMBER RM1081
|
|
- Alyson Stevens
- 7 years ago
- Views:
Transcription
1 DATA SECURITY ASSESSMENT REQUIREMENTS QUESTIONNAIRE RESPONSE GUIDANCE, EVALUATION AND MARKING SCHEME CROWN TRAVEL SERVICES REFERENCE NUMBER RM1081 ATTACHMENT 2 1
2 SECURITY QUESTIONNAIRE RESPONSE GUIDANCE, EVALUATION AND MARKING SCHEME 1 INTRODUCTION 1.1 This document provides an overview of the methodology which will be adopted by the Authority to evaluate your response to each question set out within the Security Questionnaire. It also sets out the Marking Scheme which will apply. For the avoidance of doubt, references to you in this document shall be references to the Potential Provider. 1.2 The defined terms used in the ITT document (Attachment 1) shall apply to this document. 2 OVERVIEW 2.1 The Security Questionnaire is broken down into the following sections: SECTION A MANDTORY QUESTIONS 2.2 If you fail to provide a response to any applicable question of the Security Questionnaire, your Tender may be deemed to be non-compliant. If a Tender is deemed to be non-compliant, the Tender will be rejected and excluded from further participation in this Procurement. 2
3 SECTION A MANDATORY QUESTIONS [SECQA1] SECURITY Please indicate by selecting either option YES or NO, that in the event you are awarded a place on the Framework Agreement, you will or will not, unreservedly deliver in full, all the mandatory Service requirements as set out in Framework Schedule 20 Data Security Management. YES - You will, unreservedly deliver in full, all the Data Security requirements as set out in Framework Schedule 20 Data Security Management. NO - You will not, or cannot, deliver in full, all the Data Security requirements as set out in Framework Schedule 20 Data Security Management. AQA1 Response Guidance This is a PASS/FAIL question. If you cannot or are unwilling to select YES to this question, you will be disqualified from further participation in this Procurement. You are required to select either option YES or NO from the drop down list associated with this question. Providing a YES response means the Potential Provider will, unreservedly deliver in full, all the Data Security requirements as set out in Framework Schedule 20 Data Security Management. If the Potential Provider selects NO (or does not answer the question) to indicate that they will not, or cannot, deliver in full, all the Data Security requirements as set out in Framework Schedule 20 Data Security Management, then the Potential Provider will be disqualified from further participation in this Procurement. Marking Scheme PASS FAIL Evaluation Guidance The Potential Provider has confirmed that they will, unreservedly deliver in full, all the Data Security requirements as set out in Framework Schedule 20 Data Security Management. The Potential Provider has confirmed that they will not, or cannot, deliver in full, all Data Security requirements as set out in Framework Schedule 20 Data Security Management. OR The Potential Provider has not selected either YES or NO. 3
4 [SECQA2] SECURITY RESPONSE MATRIX To enable the Authority to assess the Data Security levels you will be able to provide under this Framework Agreement, you must download, populate, save and upload the following Attachment in accordance with the instructions provided in the Response Guidance: Attachment 16 Data Security Response Matrix Please select either option YES or NO to confirm that you have: a) downloaded Attachment 16 - Data Security Response Matrix from the esourcing Suite b) completed Attachment 16 - Data Security Response Matrix in line with the Response Guidance; c) saved the completed details; d) uploaded your completed Attachment 16 - Data Security Response Matrix into the esourcing Suite by attaching it to question SECQA2 and entitled [insert your company name] _SECQA2 Please note: No additional attachments should be submitted with a Tender unless specifically requested by the Authority - please refer to Attachment 1 Invitation to Tender paragraph 5.5 [SECQA2] Response Guidance To respond to this part of question SECQA2, you must download Attachment 16 Data Security Response Matrix. The Potential Provider must read the following before completing Attachment 16 Data Security Response Matrix: a) Framework Agreement Schedule 20 Data Security Management b) Security Assurance Process/Framework CTS Ref 003 Annex 2 of Framework Schedule 20 Data Security Management. This document describes a range of potential assurance processes which a Potential Provider could use to provide evidence regarding the secure implementation of controls. If the Potential Provider is awarded a Framework Agreement under the lotting structure of this Framework Agreement, the Authority will request that the Supplier delivers what they have stated in Attachment 16 Data Security Response Matrix regarding the type and nature of assurance process(es) that will be used to verify the implementation of all security controls. Where the assurance process is defined then a Potential Provider can reference this process. A Potential Provider could propose different assurance processes for consideration by the Accreditor. c) Security Principle Control Matrix CTS Ref 005 Annex 1 of Framework Schedule 20 Data Security Management - Attachment 12. This document describes the security objective and controls against which the Potential Provider shall be expected to state the compliance of the service implementation. The controls are deliberately described to be Potential Provider agnostic. If the Potential Provider is awarded a Framework Agreement under the lotting structure of this Framework Agreement, this definition shall be used as the basis for validating the solution is able to operate securely and also to derive the assurance process they are proposing to use to verify the implementation in Attachment 16 - Data Security Response Matrix. d) Attachment 17 - Data Security Response Matrix Example. This document is to provide the Potential Provider with an example how to complete Attachment 16 - Data Security Response Matrix. Potential Providers must provide a response in Attachment 16 Data Security Response 4
5 Matrix against each Implementation Objective(s) (as listed in Table 1 below) for: a) Commitment to Satisfy the Implementation Objective(s); b) Assurance Activities Undertaken; and c) Proposal Detail Table 1 Implementation Objective(s) 1.1 Data in Transit Protection: Contracting Body and Service 1.2 Data in Transit Protection: Within the Service 1.3 Data in Transit Protection: Between the Service and other Services 2.1 Physical Location and Legal Jurisdiction 2.2 Data Centre Security 2.3 Data at Rest Protection 2.4 Data Sanitisation - Retention Period 2.5 Data Sanitisation - Contracting Body Onboarding and Offboarding 2.6 Data Sanitisation - End of Life 2.7 Physical Resilience and Availability 3 Separation Between Tenants 4.1 IA Risk Management Processes 4.2 IA Organisational Maturity 5.1 Configuration and Change Management 5.2 Vulnerability Management 5.3 Protective Monitoring 5.4 Incident Management 6.1 Service Contracting Body 7 Secure Development 8 Supply Chain Security 9.1 Authentication of Contracting Body(s) to Management Interfaces 9.2 Separation of Contracting Body(s) to Management Interfaces 9.3 Secure Contracting Body Support 10 Identity and Authentication 11 External Interface Protection 12 Secure Service Administration 5
6 13 Audit Information for Tenants When the Potential Provider has inserted all the relevant details into Attachment 16 Data Security Response Matrix and saved the details, the Potential Provider must upload the completed file into the esourcing Suite, by attaching it to question SECQA2. The Potential Provider is required to select either option YES or NO from the drop down list associated with this question to confirm that it has followed these instructions and uploaded a completed Attachment 16 Data Security Response Matrix to question SECQA2. Attachment 16 Data Security Response Matrix will be incorporated into the Framework Agreement as follows: Attachment 16 will become Annex 6 in Framework Schedule 20 Data Security Management The Data Security Stage evaluation comprises of two Data Security Assessment Stages, Data Security Assessment Stage A and Stage B. Data Security Assessment Stages Data Security Assessment Stage A Commitment to Satisfy the Implementation Objective(s) Data Security Assessment Stage B Assurance Activities Please note: No additional attachments should be submitted with a Tender unless specifically requested by the Authority. Please refer to Attachment 1 Invitation to Tender paragraph 5.5 Marking Scheme Data Security Assessment Stage A Commitment to Satisfy the Implementation Objective(s) Evaluators will assess each response in respect of Assessment Stage A - Commitment to Satisfy the Implementation Objective(s) using the following criteria: 6
7 Data Security Assessment Stage A - Commitment to Satisfy each Implementation Objective(s) Assessment Stage A Marking Scheme FULLY PARTIALLY NON-CONFORMANT NOT APPLICABLE Evaluation Guidance The proposed solution addresses every aspect of the Implementation Objectives, implementing one of the control options specified in the Security Principle Control Matrix CTS Ref 005 (Annex 1 of Framework Schedule 20 - Attachment 12) The proposed solution addresses some of the Implementation Objectives. The Potential Provider has a credible plan in place to address the remainder. The proposed solution does not meet the Implementation Objective. The Implementation Objective is not relevant to the proposed solution. The Potential Provider must produce credible evidence to demonstrate this assertion. Data Security Assessment Stage B Assurance Activities Evaluators will assess each response in respect of Assessment Stage B - Assurance Activities Undertaken using the following criteria: Data Security Assessment Stage B Assurance Activities Assessment Stage B Marking Scheme Evaluation Guidance FULLY PARTIALLY The Potential Provider asserts that they shall undertake all relevant assurance activities defined in the Security Assurance Process / Framework CTS Ref 003 (Annex 2 of Framework Schedule 20) and the Security Principle Control Matrix CTS Ref 005 (Annex 1 of Framework Agreement Schedule 20 - Attachment 12) The Potential Provider asserts that they shall undertake some of the assurance activities defined in the Security Assurance Process / Framework document (Security Assurance Process / Framework CTS Ref 003, Annex 2 of Framework Schedule 20) at least one type of assurance has been provided. The Potential Provider has failed to undertake or commit to NON-CONFORMANT undertake any assurance activities defined in the Security Assurance Process / Framework document (Security Assurance Process / Framework CTS Ref 003, Annex 2 of Framework Schedule 20) Overview of Data Security Assessment Final Mark Evaluators will asses the mark awarded for Data Security Assessment Stage A and Data Security Assessment Stage B for each Implementation Objective(s) and will award a Final Mark of PASS or FAIL as detailed in Table 4 below: 7
8 Assessment Stage A - Mark Commitment to Satisfy the Implementation Objective(s) Assessment Stage B Mark Assurance Activities Final Mark PASS/FAIL FULLY FULLY PASS FULLY PARTIALLY PASS FULLY NON-CONFORMANT FAIL PARTIALLY FULLY PASS PARTIALLY PARTIALLY PASS PARTIALLY NON-CONFORMANT FAIL NON-CONFORMANT FULLY FAIL NON-CONFORMANT PARTIALLY FAIL NON-CONFORMANT NON-CONFORMANT FAIL NOT APPLICABLE FULLY PASS NOT APPLICABLE PARTIALLY PASS NOT APPLICABLE NON-CONFORMANT FAIL To proceed to the Selection Stage evaluation, Potential Providers must achieve a PASS for ALL Implementation Objective(s) as listed in Table 1 in accordance with the Table 4 above. Potential Providers who receive a FAIL for one or more Implementation Objective(s) as listed in Table 1 in accordance with the Table 4 above will be deemed as having failed in this procurement and the Tender rejected and disqualified from further participation. 8
9 See worked examples in the tables below: Worked Example 1 - Potential Provider A has achieved a PASS for ALL Implementation Objective(s) and will proceed to the Selection Stage evaluation Please note: this is a worked example for illustrative purposes only. Potential Providers should not constitute this as an answer. Potential Provider A Implementation Objective(s) Data Security Assessment A Commitment to Satisfy the Implementation Objectives Data Security Assessment B Undertake Assurance Activities Final Mark Data in Transit Protection: Contracting Body and FULLY FULLY PASS 1.1 Service 1.2 Data in Transit Protection: Within the Service FULLY FULLY PASS Data in Transit Protection : Between the Service FULLY FULLY PASS 1.3 and other Services 2.1 Physical Location and Legal Jurisdiction FULLY PARTIALLY PASS 2.2 Data Centre Security FULLY PARTIALLY PASS 2.3 Data at Rest Protection PARTIALLY FULLY PASS 2.4 Data Sanitisation - Retention Period PARTIALLY PARTIALLY PASS 2.5 Data Sanitisation - Contracting Body FULLY PARTIALLY PASS Onboarding and Offboarding 2.6 Data Sanitisation - End of Life PARTIALLY FULLY PASS 2.7 Physical Resilience and Availability PARTIALLY PARTIALLY PASS 3 Separation Between Tenants PARTIALLY PARTIALLY PASS 4.1 IA Risk Management Processes NOT APPLICABLE FULLY PASS 4.2 IA Organisational Maturity NOT APPLICABLE PARTIALLY PASS 5.1 Configuration and Change Management PARTIALLY FULLY PASS 5.2 Vulnerability Management PARTIALLY PARTIALLY PASS 5.3 Protective Monitoring FULLY PARTIALLY PASS 5.4 Incident Management PARTIALLY FULLY PASS 6.1 Service Contracting Body PARTIALLY PARTIALLY PASS 7 Secure Development PARTIALLY PARTIALLY PASS 8 Supply Chain Security NOT APPLICABLE FULLY PASS 9.1 Authentication of Contracting Body(s) to NOT APPLICABLE PARTIALLY PASS Management Interfaces 9.2 Separation of Contracting Body(s) to FULLY PARTIALLY PASS Management Interfaces 9.3 Secure Contracting Body Support PARTIALLY FULLY PASS 10 Identity and Authentication PARTIALLY PARTIALLY PASS 11 External Interface Protection PARTIALLY PARTIALLY PASS 12 Secure Service Administration NOT APPLICABLE FULLY PASS 13 Audit Information for Tenants NOT APPLICABLE PARTIALLY PASS 9
10 Worked Example 2: Potential Provider B has received a Final Mark of a FAIL for one or more Implementation Objective(s) and the tender will be deemed as having failed in this procurement and the Tender rejected and disqualified from further participation in the procurement. Please note: this is a worked example for illustrative purposes only. Potential Providers should not constitute this as an answer. Potential Provider B Implementation Objective(s) Assessment A Commitment to Satisfy the Implementation Objectives Assessment B Undertake Assurance Activities Final Mark PASS/FAIL 1.1 Data in Transit Protection: Contracting Body and FULLY FULLY PASS Service 1.2 Data in Transit Protection: Within the Service FULLY FULLY PASS 1.3 Data in Transit Protection: Between the Service and FULLY FULLY PASS other Services 2.1 Physical Location and Legal Jurisdiction FULLY PARTIALLY PASS 2.2 Data Centre Security FULLY PARTIALLY PASS 2.3 Data at Rest Protection PARTIALLY FULLY PASS 2.4 Data Sanitisation - Retention Period PARTIALLY PARTIALLY PASS 2.5 Data Sanitisation - Contracting Body Onboarding and Offboarding FULLY NON- CONFORMANT 2.6 Data Sanitisation - End of Life PARTIALLY FULLY PASS 2.7 Physical Resilience and Availability PARTIALLY PARTIALLY PASS 3 Separation Between Tenants PARTIALLY NON- CONFORMANT FAIL 4.1 IA Risk Management Processes NON- CONFORMANT FULLY FAIL 4.2 IA Organisational Maturity NOT APPLICABLE PARTIALLY PASS 5.1 Configuration and Change Management PARTIALLY FULLY PASS 5.2 Vulnerability Management PARTIALLY PARTIALLY PASS 5.3 Protective Monitoring FULLY PARTIALLY PASS 5.4 Incident Management PARTIALLY FULLY PASS 6.1 Service Contracting Body PARTIALLY PARTIALLY PASS 7 Secure Development PARTIALLY PARTIALLY PASS 8 Supply Chain Security NOT APPLICABLE FULLY PASS 9.1 Authentication of Contracting Body(s) to Management Interfaces NOT APPLICABLE PARTIALLY PASS 9.2 Separation of Contracting Body(s) to Management Interfaces FULLY PARTIALLY PASS 9.3 Secure Contracting Body Support PARTIALLY FULLY PASS 10 Identity and Authentication PARTIALLY PARTIALLY PASS 11 External Interface Protection PARTIALLY PARTIALLY PASS 12 Secure Service Administration NOT APPLICABLE FULLY PASS 13 Audit Information for Tenants NOT APPLICABLE PARTIALLY PASS FAIL 10
INVITATION TO TENDER FOR SO16649 DEBT MANAGEMENT FUNCTIONAL DESIGN PRINCIPLES, STANDARDS AND MEASURES, AND DEBT LANDSCAPE
INVITATION TO TENDER FOR SO16649 DEBT MANAGEMENT FUNCTIONAL DESIGN PRINCIPLES, STANDARDS AND MEASURES, AND DEBT LANDSCAPE Version 1.0 Date: 8 th February 2016 Author: Harbinder Manku CONTENTS 1. INTRODUCTION...
More informationOPEN PROCEDURE INVITATION TO TENDER FOR
OPEN PROCEDURE INVITATION TO TENDER FOR G- Cloud 5 REFERENCE NUMBER RM1557v Attachment 1 CONTENTS 1. INTRODUCTION... 2 2. THE FRAMEWORK AGREEMENT AND CALL-OFF CONTRACTS... 5 3. REQUIREMENTS, LOT STRUCTURE
More informationCLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH
CLOUD-BASED BIM AND SMART ASSET MANAGEMENT: ADOPTING A SECURITY-MINDED APPROACH March 2016 Disclaimer Reference to any specific commercial product, process or service by trade name, trademark, manufacturer,
More informationAnglo American Procurement Solutions Site
Anglo American Procurement Solutions Site Event Terms and Conditions Anglo American Procurement Solutions Site Event Terms and Conditions Event Terms and Conditions 3 1. Defined terms 3 2. Interpretation
More informationAnnex A: Pre-Qualification Questionnaire Core Questions
Annex A: Pre-Qualification Questionnaire Core Questions This Pre-Qualification Questionnaire ( PQQ ) has been issued by the Authority in connection with a competitive procurement conducted under the Public
More informationGOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com
GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers
More informationTo join Achilles UVDB, visit www.achilles.com/uvdb, call +44 (0)1235 861118 or email enquiries@achilles.com
UVDB Achilles UVDB FAQ s About Achilles UVDB What is the Achilles UVDB Supplier Information Management Service? Achilles UVDB is the community for the UK utilities industry. It enables the utilities sector
More informationThe New Line of Business IT System - A Successful Procurement
STATES OF JERSEY r ANDIUM HOMES REPAIRS AND MAINTENANCE FOLLOWING UP THE REPORT OF THE COMPTROLLER AND AUDITOR GENERAL (P.A.C.1/2015) RESPONSE OF CHIEF OFFICERS Presented to the States on 17th July 2015
More informationINVITATION TO TENDER (ITT) Consultancy Support for Oracle Configuration Controls Governor Implementation TENDER REFERENCE: RMP 6140
INVITATION TO TENDER (ITT) FOR Consultancy Support for Oracle Configuration Controls Governor Implementation TENDER REFERENCE: RMP 6140 Invitation to Tender e-tendering open procedure v1.0 Page 1 of 34
More informationInfo sheet : Considering labour standards in the procurement process
Info sheet : Considering labour standards in the procurement process In line with the EU procurement rules and the Government s value for money principle, contracting authorities can take steps to consider
More informationSecurity Annex for 2FA Additional Terms for Two Factor Authentication Service
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Provisioning... 2 2.2 Setup... 2 2.3 Technical Support... 3 2.4 Administrator Responsibilities... 3 2.5 Devices... 3 3 Vendor
More informationAUDITOR GUIDELINES. Responsibilities Supporting Inputs. Receive AAA, Sign and return to IMS with audit report. Document Review required?
1 Overview of Audit Process The flow chart below shows the overall process for auditors carrying out audits for IMS International. Stages within this process are detailed further in this document. Scheme
More informationDerbyshire Trading Standards Service Quality Manual
Derbyshire Trading Standards Service Quality Manual This Quality Manual has been developed to give a broad outline of how the Trading Standards Division s range of services comply with the requirements
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationSQAS Guidelines March 2011
SQAS Guidelines March 2011 NOTICE OF TERMS OF USE While the advice given in these guidelines has been developed using the best information currently available, it is intended purely as guidance and to
More informationSecurity Annex for 2FA Additional Terms for Managed Authentication Service
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 General... 2 2.2 Provisioningddd... 2 2.3 Setup... 3 2.4 Technical Support... 3 2.5 Administrator Responsibilities... 3 2.6
More informationProcurement Policy Note Use of Cyber Essentials Scheme certification
Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply
More informationContents. Version 1.4 June 2015. PCS-Tender Supplier Response Guide
Version 1.4 June 2015 Contents What is Public Contracts Scotland - Tender (PCS-Tender)?... 2 What is the Pre-Qualification Questionnaire (PQQ) and Invitation to Tender (ITT) Templates?... 2 What types
More informationService Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
More informationSUFFOLK COUNTY COUNCIL PROCUREMENT RULES. Version 2 Jan 2016. Page 1 of 19
SUFFOLK COUNTY COUNCIL PROCUREMENT RULES 2015 Version 2 Jan 2016. Page 1 of 19 TABLE OF CONTENTS 1. Introduction and Definitions... 3 2. Scope... 4 3. General Principles... 5 4. Responsibilities... 7 5.
More informationAsset Support Contract Model Service Information. Annex 25 Integrated Asset Management
Asset Support Contract Model Annex 25 Integrated Asset Management Page A25-1 SERVICE INFORMATION FOR ASC CONTRACT ANNEX 25 CONTENTS AMENDMENT SHEET Amend. No. Issue Date Amendments Initials Date Page A25-2
More informationINFORMATION FROM THE LEGAL PRACTICE BOARD INTRODUCTION OF A PRACTICE MANAGEMENT COURSE FOR PRINCIPALS OF A LEGAL PRACTICE
INFORMATION FROM THE LEGAL PRACTICE BOARD INTRODUCTION OF A PRACTICE MANAGEMENT COURSE FOR PRINCIPALS OF A LEGAL PRACTICE Amendments to the Legal Profession Rules 2009 (Rules) were gazetted on 19 February
More informationesa-star Registration User Manual
esa-star Registration User Manual CHANGE LOG REASON FOR CHANGE VERSION DATE PARAGRAPH(S) First Issue 1.0 01/03/2016 All Updated Bank account creation procedure. Added par 2.9 1.1 12/05/2016 2.7, 2.9 1
More information23. The quality management system
23. The quality management system Version 2.0 On this page: Mandatory requirements: Extracts from the HFE Act Extracts from licence conditions HFEA guidance: Definition of the quality management system
More informationLEAD PROVIDER FRAMEWORK CALL OFF TERMS AND CONDITIONS
LEAD PROVIDER FRAMEWORK CALL OFF TERMS AND CONDITIONS 1 LEAD PROVIDER FRAMEWORK - CALL OFF TERMS AND CONDITIONS - SUMMARY Where an Order Form is issued by the Authority that refers to the Framework Agreement,
More informationCLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD
CLICK TO OPEN FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Click on tabs below FOOD AUTHENTICITY FIVE STEPS TO HELP PROTECT YOUR BUSINESS FROM FOOD FRAUD Food and drink manufacturers
More informationProcurement Journey Notes - GB - Version 8. Procurement Journey - SOC Mitigation
Procurement Journey - SOC Mitigation The following notes should be considered when developing/ implementing all procurement strategies. It considers the strategy subject and determines whether enhanced
More informationThe IFA is also available within the Civil 2015 Qualification ITT in the etendering system.
Final Frequently Asked Questions document related to the Invitation to Tender to deliver face-to-face Actions Against the Police etc, Clinical Negligence and Public Law Services in England and Wales from
More informationSmart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)
Smart Meters Programme Schedule 2.5 (Security Management Plan) (CSP South version) Schedule 2.5 (Security Management Plan) (CSP South version) Amendment History Version Date Author Status v.1 Signature
More informationTitle: Rio Tinto management system
Standard Rio Tinto management system December 2014 Group Title: Rio Tinto management system Document No: HSEC-B-01 Standard Function: Health, Safety, Environment and Communities (HSEC) No. of pages: 23
More informationa) To achieve an effective Quality Assurance System complying with International Standard ISO9001 (Quality Systems).
FAT MEDIA QUALITY ASSURANCE STATEMENT NOTE 1: This is a CONTROLLED Document as are all quality system files on this server. Any documents appearing in paper form are not controlled and should be checked
More informationInternal Audit Quality Assessment Framework
Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format
More informationIAF Mandatory Document for the Transfer of Accredited Certification of Management Systems
IAF MD 2:2007. International Accreditation Forum, Inc. IAF Mandatory Document IAF Mandatory Document for the Transfer of Accredited Certification of Management Systems (IAF MD 2:2007) IAF MD2:2007 International
More informationBusiness Solutions for Energy Efficiency. John Ryan Director of Services Unravelling SI 426 Conference, March 2015
HELLO Business Solutions for Energy Efficiency John Ryan Director of Services Unravelling SI 426 Conference, March 2015 OVERVIEW 1. Context of presentation 2. Business critical points of energy efficiency
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationMaturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce
Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO
More informationExtended Request for Quotation (RFQ) for. Provision of Delivered Catering Service
Easthampstead House, Town Square, Bracknell, Berkshire RG12 1AQ Tel: (01344) 352000 Extended Request for Quotation (RFQ) for April 2015 COMPLETED BY ORGANISATION NAME DATE [Supplier to complete] [Supplier
More informationDARLINGTON BOROUGH COUNCIL LEARNING & SKILLS SERVICE SUPPLY CHAIN FEES AND CHARGES POLICY 2015/16
DARLINGTON BOROUGH COUNCIL LEARNING & SKILLS SERVICE SUPPLY CHAIN FEES AND CHARGES POLICY 2015/16 1. POLICY STATEMENT 1.1 Darlington Borough Council s Learning & Skills Service (the Service) is funded
More informationUniversity of Liverpool
University of Liverpool Information Security Review Policy Reference Number Title CSD-014 Information Security Review Policy Version Number 1.2 Document Status Document Classification Active Open Effective
More informationTransport for London. INVITATION TO TENDER FOR BRIDGE DESIGN CONSULTANCY SERVICES ITT REF: TfL/90711 PUBLICATION DATE: 13 FEBRUARY 2013
Transport for London INVITATION TO TENDER FOR BRIDGE DESIGN CONSULTANCY SERVICES ITT REF: TfL/90711 PUBLICATION DATE: 13 FEBRUARY 2013 Invitation to Tender TfL/90711 Bridge Design Consultancy Services
More informationHKCAS Supplementary Criteria No. 8
Page 1 of 12 HKCAS Supplementary Criteria No. 8 Accreditation Programme for Information Security Management System (ISMS) Certification 1 INTRODUCTION 1.1 HKAS accreditation for information security management
More informationJoint Bidding Guide. 9. Opportunity Assessment. prepared for Leaders of Potential Consortia and Bid Managers
Joint Bidding Guide 9. Opportunity Assessment prepared for Leaders of Potential Consortia and Bid Managers Figure 1.1 The Joint Bidding Cycle Key Chapter for Both Sides 1. Introduction Chapter for Supply
More informationTENDER REFERENCE: Omnicom 17358
MINI-COMPETITION ITT for Consultancy Services to Conduct a Defra Network Data Management Review (ITT) Calling off Government Procurement Service (GPS) Framework Agreement RM353, Multi Disciplinary Consultancy
More informationElectoral Commission. Auction # 10220759. Patch Management Solution
Electoral Commission Auction # 10220759 Patch Management Solution IMPORTANT NOTICE Failure to comply with the completion of the auction conditions and the required information (i.e. Make, model and size
More informationRISQS FAQs. About RISQS. services provided by
services provided by RISQS FAQs About RISQS RISQS, formerly known as Achilles Link-up, supports the GB Rail industry in the management of supply chain risk. The scheme has been developed to provide a service
More informationComplying with the Records Management Code: Evaluation Workbook and Methodology
Complying with the Records Management Code: Evaluation Workbook and Methodology Page 1 of 110 Crown copyright 2006 First edition published February 2006 Author: Richard Blake The National Archives Ruskin
More informationwww.etenders.gov.ie Electronic Tender Management System Quick User Guide Supplier
Electronic Tender Management System Quick User Guide Supplier Page 1 Contents 1. Using the system 1.1 1.2 Supplier registration Finding published tenders 2. Responding to a public advertisement / notice
More informationPM Governance. Executive Team ADCA ADCA
Item 6.5a Action Plan against the Recommendations Made in the Review of Risk Management Arrangements by PM Governance, November 2014 Key: PM Governance Paul Moore, Risk Consultant ADCA Associate Director
More informationBCS Foundation Certificate in Information Security Management Principles
S Foundation ertificate in Information Security Management Principles Specimen Paper Record your surname/last/family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions
More informationPrivate Certification to Inform Regulatory Risk-Based Oversight: Discussion Document
Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document 1 Table of Contents INTRODUCTION... 3 BACKGROUND... 3 PRIVATE CERTIFICATION SCHEMES VS. REGULATORY STANDARDS... 3 PRIVATE
More informationPROCUREMENT & LOGISTICS DEPARTMENT
PROCUREMENT & LOGISTICS DEPARTMENT Tender/OJEU Procedure Overview This procedure applies to all purchases over 50,000 not covered by existing contracts and should be followed in conjunction with the Tender/OJEU
More informationContact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux
Version 6.3 Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué 92130 Issy-les-Moulineaux France Secretariat email: gfsinfo@theconsumergoodsforum.com
More informationEARSC Guideline Document. EARSC EO Industry Certification Scheme
EARSC Guideline Document EARSC EO Industry Certification Scheme Management System Requirements for Earth Observation Data Based Products and Services EARSC/CERT/REQ/2015/002 March 2015 Contents 1 Introduction...1
More informationAndrew Bratt, Assistant Director Human Resources, Resources and Quality Assurance abratt@gmc-uk.org, 0161 923 6215
Agenda item: 21 Report title: Report by: Action: People Strategy- Leadership and Management Andrew Bratt, Assistant Director Human Resources, Resources and Quality Assurance abratt@gmc-uk.org, 0161 923
More informationSecurity Annex for Firewalls Additional Terms for Firewall Service
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Firewall Service and Next Generation Firewall Service... 2 2.2 Roaming SSL Access Services... 2 2.3 DMZ Services... 3 2.4
More informationNorth American Development Bank. Model Prequalification Document: Prequalification of Contractors
North American Development Bank Model Prequalification Document: Prequalification of Contractors 2 Preface Procurement under projects financed by the North American Development Bank (the Bank), is carried
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationGovernance and Audit Committee 23 November 2015
Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on
More informationCEF Energy model grant agreement
CEF Energy model grant agreement Main features, financial and reporting conditions CEF Energy Info Day Delphine Silhol - Legal Adviser, INEA 16 March 2015 Background Single model grant agreement for the
More informationService: Contract Management (Software as a Service)
Service: Contract Management (Software as a Service) 1. Description: An overview of the G-Cloud Service (functional, non-functional) econtract Management allows for the management of a contract after award,
More informationSupplier & Contract Management System (SCMS)
Meeting of the Executive Member for Corporate Services and Advisory Panel 30 October 2007 Report of the Assistant Director Audit and Risk Management Supplier & Contract Management System (SCMS) Summary
More informationLondon Local Authorities Business Continuity Guidance for Suppliers & Contractors
London Local Authorities Business Continuity Guidance for Suppliers & Contractors This document has been produced by the LAP-IG Supply Chain Resilience Sub Group. For further information please contact:
More informationClient information note Assessment process Management systems service outline
Client information note Assessment process Management systems service outline Overview The accreditation requirements define that there are four elements to the assessment process: assessment of the system
More informationCODE GOVERNANCE COMMITTEE CHARTER. 1 Functions and responsibilities of the Code Governance Committee
CODE GOVERNANCE COMMITTEE CHARTER 1 Functions and responsibilities of the Code Governance Committee 1.1 Consistent with the Code and the Constitution, the Code Governance Committee shall be responsible
More informationCOMMISSION REGULATION (EU)
L 122/22 Official Journal of the European Union 11.5.2011 COMMISSION REGULATION (EU) No 445/2011 of 10 May 2011 on a system of certification of entities in charge of maintenance for freight wagons and
More informationResilience and Cyber Essentials
Resilience and Cyber Essentials Richard Bach Assistant Director Cyber Security Talk outline Why Cyber Essentials: the Policy context What is Cyber Essentials: Scheme background How the Scheme works: accreditation,
More informationVICTORIAN GOVERNMENT DEPARTMENT ENVIRONMENTAL MANAGEMENT SYSTEM MODEL MANUAL
MODEL FINAL VERSION 1, MARCH 2003 ACKNOWLEDGMENTS This Manual is based on Environment Australia s Model EMS 1 and has been adapted for use by Victorian Government agencies by Richard Oliver International.
More informationHow to do Business with the London. Borough of Sutton
How to do Business with the London Borough of Sutton February 2013 1 About this guide This guide has been developed to assist businesses wishing to sell their goods and services to the Borough. Contents
More informationNational Programme for IT
National Programme for IT Safer Design Key Clinical Safety Activities Safer Design Clinical Risk Guidance Document Clinical Safety Contents FOREWORD 3 1.0 INTRODUCTION 4 2.0 Overview 5 3.0 DESIGN ACTIVITIES
More informationHM Treasury. Corporate Financial Advice. Invitation to Tender: Investment Advisory Services. Contract reference: HMT 1230.
HM Treasury Corporate Financial Advice Invitation to Tender: Investment Advisory Services Contract reference: HMT 1230 20 June 2012 1 CONTENTS Part 1 Tender 1 Purpose 2 Specification 3 Pricing 4 Presentations
More informationCABINET. 24 March 2015
CABINET 24 March 2015 Title: Procurement of Electricity and Gas Supplies Report of the Cabinet Member for Finance Open Report with Exempt Appendix 4 Wards Affected: All Report Author: Andrew Sivess Group
More informationSupplier prequalification Document
Table of Contents Part 1 Invitation to Applicants Invitation Notice Statement of Requirements Part 2 Application Procedures Section 1 Instructions to Applicants Section 2 Application submission control
More informationUK Financial Investments. Invitation to Tender ( ITT ): Market Research Services. Contract reference: UKFI 15-07-01. 1 July 2015
UK Financial Investments Invitation to Tender ( ITT ): Market Research Services Contract reference: UKFI 15-07-01 1 July 2015 Page 1 of 75 CONTENTS Part 1 Tender 1 Purpose 2 About the Authority 3 Requirement
More informationINTERNATIONAL COMMERCIAL AGENCY AGREEMENT TEMPLATE
INTERNATIONAL COMMERCIAL AGENCY AGREEMENT TEMPLATE Download International Commercial Agency Agreement sample in Word format. Fill in the blanks and choose the terms of this international agreement that
More informationGrowth Through Excellence
Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...
More informationAustralian Transport Council. National Standard for the Administration of Marine Safety SECTION 5
Australian Transport Council National Standard for the Administration of Marine Safety SECTION 5 APPROVAL AND AUDITING OF REGISTERED TRAINING ORGANISATIONS August 2008 First Published: August 2008 Endorsed
More informationABSTRACT. The Guidelines Section F is related to the Purchasing requirements of NSQ100 (Chapter 7.4). Summary
Page 1 / 9 ABSTRACT This document is the Section F to NSQ-100 Guidelines. Its objective is to help to the understanding of NSQ-100 requirements through some examples or recommendations and descriptions
More informationCONTRACTS STANDING ORDERS (CSOs) 2015 / 2016 CSO 2015-6 1
CONTRACTS STANDING ORDERS (CSOs) 2015 / 2016 CSO 2015-6 1 PART 3G Contracts Standing Orders 2015/16 Definitions Aggregation is the combining together of the total contract value from separate contracts
More informationCITY UNIVERSITY OF HONG KONG
CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication
More informationProcurement Guide. 3.1.12.2 Once you have found the required document, double click and it will upload onto the screen.
3.1.12 If you need to attach quotes, emails or other documents to the purchase order to adhere to the purchasing delegations and enable the release of the order, click on the Attachments option, which
More informationSecurity Annex for Firewalls Additional Terms for Firewall Service
CONTENTS 1 Glossary of Terms & Definitions... 2 2 Service Description... 2 2.1 Firewall Service and Next Generation Firewall Service... 2 2.2 Roaming SSL Access Services... 3 2.3 DMZ Services... 3 3 Vendor
More informationCOVER: to be inserted. APIA Industry Guideline for Effective Auditing and Enhanced HSE Performance
COVER: to be inserted APIA Industry Guideline for Effective Auditing and Enhanced HSE Performance 1 Published by Australian Pipeline Industry Association Ltd Document prepared by Environmental Management
More informationMarket Research Guide for Suppliers
Market Research Guide for Suppliers Frequently Asked Questions Framework reference: RM1086 1 P a g e Introduction Suppliers (providers) are critical to the success of our procurement service - that s why
More informationHSCIC Post Audit Review of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project / Work Data Sharing Audits Status Final Acting Director Chris Roebuck Version 1.0 Owner Rob Shaw Version issue date 16-Jun-2015 HSCIC Post Audit
More informationPage 5. The Adult Social Services and Health Committee. The Strategic Director of Adult Social Services, Housing and Health
Page 5 Agenda Item 5 Report to: The Adult Social Services and Health Committee Date: 20 th November 2012 Report of: The Strategic Director of Adult Social Services, Housing and Health Ward Location: All
More informationUNICEF s Quality Assurance System for Procurement of Micronutrient Powders (MNP)
UNICEF s Quality Assurance System for Procurement of Micronutrient Powders (MNP) Nutrition Supplier Meeting, June 30, 2015 Dimitris Catsoulacos Quality Assurance Specialist PRESENTATION OVERVIEW Quality
More informationAISA Sydney 15 th April 2009
AISA Sydney 15 th April 2009 Where PCI stands today: Who needs to do What, by When Presented by: David Light Sense of Security Pty Ltd Agenda Overview of PCI DSS Compliance requirements What & When Risks
More informationEXAMPLE NAME OF PROCUREMENT CONTRACT NUMBER
EXAMPLE NAME OF PROCUREMENT CONTRACT NUMBER Close of Tenders Tenders close at Time AEST on Date Month Year Invitation to Tender Contract No: XXXX Name of Procurement Tenders are invited from suitably qualified
More informationPoints to Note on Preparing Marking Scheme for Tender Evaluation
Points to Note on Preparing Marking Scheme for Tender Evaluation Schools should note the following points in case a marking scheme is used to evaluate tenders: (a) A marking scheme should be used for purchasing
More informationACG Commissioning Guideline
ACG Commissioning Guideline Appendix A Sample Commissioning Specification NOTES TO APPENDIX A This appendix contains a sample Request for Proposal (RFP) for Commissioning Services as would be issued by
More informationSupplier Guidance on using Procserve
Supplier Guidance on using Procserve Since commencement of the new Low Value Provision (LVP) process, DWP Shared Services have developed the following guidance to assist new suppliers register and transact
More informationInformation Security Registered Assessors Program - Gatekeeper PKI Framework Guide
Information Security Registered Assessors Program - Gatekeeper PKI Framework Guide V2.0 NOVEMBER 2014 Information Security Registered Assessors Program - Gatekeeper PKI Framework Guide V 2.0 NOVEMBER
More informationSCHEDULE PART 24 THIRD PARTY SOFTWARE AND THIRD PARTY SUPPORT CONTRACTS
SCHEDULE PART 24 THIRD PARTY SOFTWARE AND THIRD PARTY SUPPORT CONTRACTS In this Part 24 of the Schedule (Third Party Licences and Third Party Support Contracts), the following terms shall (unless the context
More informationGeneral Rules for the certification of Management Systems
General Rules for the certification of Management Systems Effective from 19/11/2015 RINA Via Corsica 12 16128 Genova - Italy tel. +39 010 53851 fax +39 010 5351000 website : www.rina.org Technical rules
More informationINDEPENDENT REVIEW PANEL
Decision No. 11/08 INDEPENDENT REVIEW PANEL In the matter of: Metex Trading Co. Ltd v/s (Applicant) Central Water Authority (Cause No. 17/08/IRP) (Respondent) Decision A. Background The Central Procurement
More informationINTERNAL QUALITY AUDITS
Page 1 of 12 INTERNAL QUALITY AUDITS Name Prepared: Quality Management Representative Signature 14/6/2010 Date Approved By : Director 14/6/2010 Page 2 of 12 Contents 1. GENERAL... 3 1.1 PURPOSE... 3 1.2
More informationInformation Integrity & Data Management
Group Standard Information Integrity & Data Management Serco recognises its responsibility to ensure that any information and data produced meets customer, legislative and regulatory requirements and is
More informationDelivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for Schools
1. Introduction Background The National e-procurement Project (NePP) and Centre for Procurement Performance (CPP) are working to support and enable schools to meet their e- Government targets and to gain
More informationOLB certification process for Forestry Companies GP01
OLB certification process for Forestry Companies GP01 Reference: GP01 OLB FC 1.2 version, 22/03/2013 Bureau Veritas Certification France 60 Général de Gaulle Avenue - 92046 Paris - La Défense Cedex - France
More information