REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM



Similar documents
Detecting a Hacking Attempt

Symantec Security Information Manager Version 4.7

ArcSight Supports a Wide Range of Security Relevant Products

Tripwire Log Center PRODUCT BRIEF HIGH PERFORMANCE LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

REQUEST FOR PROPOSAL

Supported Devices (Event Log Sources)

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

Configuration Audit & Control

RSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method

ProtectID. for Financial Services

Peter Dulay, CISSP Senior Architect, Security BU

VULNERABILITY & COMPLIANCE MANAGEMENT SYSTEM

REQUEST FOR PROPOSAL FOR DESKTOP MANAGEMENT SYSTEM FOR MIDVALE CITY OFFICES

Request for Proposal Managed IT Services 7 December 2009

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

REQUEST FOR PROPOSAL STORAGE AREA NETWORK SOLUTIONS FOR THE PARK CITY SCHOOL DISTRICT RFP #

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

CiscoWorks SIMS(Netforensics)

Acquisition & Implementation of Software Information Systems

Request for Proposals (RFP) Managed Services, Help Desk and Engineering Support for Safer Foundation

Statement of Work Security Information & Event Management (SIEM) December 20, 2012 Request for Proposal No

Managed Service Plans

Assuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices

PCI DSS. Get Compliant, Stay Compliant Seminar

Monthly Fee Per Server 75/month 295/month 395/month Monthly Fee Per Desktop/Notebook/ 15/month 45/month 55/month

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

Monitoring Windows Workstations Seven Important Events

1.0 Purpose of Solicitation

IBM Endpoint Manager for Server Automation

REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES

Prepared by: OIC OF SOUTH FLORIDA. May 2013

City of Richmond Business and Financial Services Department. Contract 4595P. Security Information Event Management System

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES

custom hosting for how you do business

How To Manage Your Information Systems At Aerosoft.Com

INCIDENT RESPONSE CHECKLIST

Request for Proposal Environmental Management Software

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Request for Expressions of Interest 3777EOI Fleet Management Software

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

FUNCTIONAL OVERVIEW

Symantec IT Management Suite 7.5 powered by Altiris

Oracle Desktop Virtualization

Sagari Ltd. Service Catalogue and Service Level Agreement For Outsource IT Services

Cisco Security Agent (CSA) Network Admission Control (NAC)

Security Correlation Server Quick Installation Guide

Data Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

List of Supported Systems & Devices

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

PREMIER SUPPORT STANDARD SERVICES BRONZE SILVER GOLD

AdvancedHosting SM Solutions from SunGard Availability Services

SERVICES BRONZE SILVER GOLD PLATINUM. On-Site emergency response time 3 Hours 3 Hours 1-2 Hours 1 Hour or Less

Infrastructure Technical Support Services. Request for Proposal

Measurably reducing risk through collaboration, consensus & practical security management CIS Security Benchmarks 1

CITY OF GOLETA, CALIFORNIA REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES

Request for Proposals

SapphireIMS Business Service Monitoring Feature Specification

Request for Proposal INFORMATION SECURITY ASSESSMENT SERVICES RFP # Addendum 1.0

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Whitepaper. Business Service monitoring approach

Eaton NetWatch v5.0 NetWatch on Microsoft Hyper-V server 2008 Installation and configuration guide

IBM Tivoli Remote Control

ManageEngine (division of ZOHO Corporation) Infrastructure Management Solution (IMS)

Symantec Client Management Suite 8.0

Request for Proposal For Cloud Based Office Productivity Services

Symantec Server Management Suite 7.6 powered by Altiris technology

TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: December Two-Second Advantage

Security Information and Event Management (SIEM) Hardware & Software RFP #

SapphireIMS 4.0 BSM Feature Specification

Heroix Longitude Quick Start Guide V7.1

Buyer s Guide to Automated Layer 2 Discovery & Mapping Tools

Citadel Security Software Inc.

HP PCM Plus v3 Network Management Software Series Overview

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

PROPOSALS REQUESTED THE TOWN OF OLD ORCHARD BEACH POLICE DEPARTMENT FOR IP-BASED VOICE COMMUNICATION SYSTEM

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

Secospace elog. Secospace elog

Security Information and Event Management Introduction to envision: The Information Management Platform for Security and Compliance Operations Success

GFI Product Manual. Deployment Guide

How To Write A Request For Information (Rfi)

ACL Compliance Director FAQ

Citadel Security Software Inc.

Eoin Thornton Senior Security Architect Zinopy Security Ltd.

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Virtualization Journey Stages

ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER

Transcription:

REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM Proposal Release Date: AUGUST 20 th 2008 Proposal Due Date: SEPTEMBER 16 th 2008

TABLE OF CONTENTS 1 - INTRODUCTION... 3 2 STATEMENT OF PURPOSE... 4 3 EXISTING ENVIRONMENT... 8 3.1 TELEPERFORMANCE GROUP INTERNATIONAL OVERVIEW AND LOCATIONS... 8 4 SUPPLIER REQUIREMENTS & INSTRUCTIONS... 9 4.1 RFP INSTRUCTIONS... 9 4.2 QUESTIONS... 9 4.3 RFP RESPONSE FORMAT... 9 4.4 RFP REQUIRED OUTLINE... 9 4.5 IMPORTANT DATES... 10 5 TERMS AND CONDITIONS... 11 5.1 CONTRACT DURATION... 11 5.2 RFP EXPENSES... 11 5.3 PRICING IS BEST AND FINAL... 11 5.4 EVALUATION CRITERIA... 12 5.5 AWARDING OF POTENTIAL BIDS... 12 5.6 CUSTOMER REFERENCES... 13 5.7 INVOICING... 13 5.8 NOTE TO SUPPLIER... 13 2 P a g e

1 - INTRODUCTION Teleperformance is a leading CRM contact center aka Call Center. Security is becoming increasingly important and Teleperformance is preparing to improve its log management system for all of its critical data environments and security perimeters. We are inquiring about information for a log management system. This implies we are interested in a log management solution; however we must first evaluate each solution to determine which will be best for our many environments. Teleperformance has over 281 call centers throughout 45 different countries. Teleperformance has various Different security logging requirements including but not limited windows event log, CISCO, Netscreen, Check Point, Linux/Unix (various), Norton, CA, Trend, McAfee, RSA. This RFP solicitation intent is to identify the best solution(s) for the best price to use at our various call center locations. Our initial project includes gathering information and determining the best possible log management solution to fit our needs. However, we are soliciting information to find the preferred solution based on a variety of requirements to meet the needs of our various locations, functionality and best price. Teleperformance Reserves the right to do nothing in response to the proposal. We also reserve the right to award business to one or more vendors. 3 P a g e

2 STATEMENT OF PURPOSE The purpose of this RFP is to solicit information for supplying a log management solution for Teleperformance. This solution must be flexible and satisfy the different needs of each location including but not limited to: Normalization of various different log formats. Ability to move log data events to remote locations including off-shore locations without causing bandwidth issues. This is due to our hub and spoke model. Identify a global solution provider(s) based on functionality and price. We anticipate selecting vendor(s) who offers a variety of configurations accommodating different needs. Some of these needs are in the following areas: 1. Teleperformance requires a solution that can consolidate logs back to a central point with minimal network impact. 2. The solution should have the ability to push or pull events, agent or agent-less, based on our needs. 3. The solution needs to be compatible with the following source types out of the box or with minimal effort. Source types Windows Event Log Syslog XML SDEE SNMP databases, and flat files 4. The solution needs the ability to collect logs from, but not limited to, the following vendor formats. OS Windows Server 2003 Windows Server 2008 (32/64) (SP2/R2) (32/64) Windows Vista (32/64) Windows XP (32/64) Windows 2000 Professional Windows 2000 Server Solaris 8, 9, 10 BSD (open, free) Red Hat Linux Mac OS X Cent OS Debian HP-UX AIX Firewalls: Cisco FWSM Cisco ASA Barracuda Spam Firewall Juniper Networks Secure Access Cisco PIX Cisco VPN Concentrator Linux 2.4+ Check Point (IPTables/Netfilter) Net Screen Microsoft Windows Firewall Microsoft ISA 2006 IP Filter Microsoft ISA 2000 Microsoft ISA 2004 4 P a g e

5 P a g e August 20, 2008 [TELEPERFORMANCE LOG MANAGEMENT SYSTEM RFP] Citrix Secure Access SecureGuard Gateway Nortel Switched Firewall SonicWall IDS/IPS: Cisco ASA w/ AIP-SSM Cisco IPS 4200 Series Cisco IDSM-2 Cisco NM-CIDS Juniper IDP TippingPoint McAfee IntruShield Tripwire SourceFire Symantec Gateway IDS ISS Proventia ISS RealSecure IDS AV and Spyware CA ITM Clam AV Symantec AV Trend Micro AV AVG AV Windows Defender Mcafee AV Kaspersky AV Security apps: CA access control Microsoft's MBSA* CA Secure Content manager Cisco Secure ACS RSA SecureID HID access card systems Shavlik Microsoft Identity EnterpriseInspector* Integration Server 2003 Foundstone FoundScan Microsoft Windows IAS RADIUS eeye Retina Nessus SAINT Others (web server, Microsoft IIS apache SQL, custom logs): Cisco NAC VMWare Citrix Windows Terminal Server Microsoft Exchange Microsoft SQL Server 2000 Microsoft SQL Server 2005 Customized or in-house logs 5. The system must prevent loss of logs if the management system fails to work for whatever reason. 6. The solution should have high availability support. 7. The system must require access approval to view logs set policies and mange user rights to the solution. 8. The system must support various compliance acts for rules and reports. Most important would be PCI, HIPAA, and ISO 27001. It would also be recommended to support Safe Harbor (European Union). 9. The system must be scalable and have aggressive pricing. 10. The system will be installed, in most cases in our data centers and collect from those centralized sources as well as collect from sources based on our hub and spoke model. 11. The system must be easy to implement with education and training from the vendor, no professional service must be required. 12. Technical Support for the solution must be 24x7x365 to properly support our global requirements.

13. The solution must be able to trigger notifications via email, sms, script execution, and integrate with help desk ticketing systems. 14. The solution rule and correlation engine must have: a. Out of the box rules for supported formats must be available. b. Wizards to create new rules must be comprehensive, yet not complicated. c. Correlation rules should not take a lot of time to write and test. d. All rule building components must be easy to identify and understand. 15. The solution s reports must have: a. Various types of reports based on compliance, and business needs out of the box. b. Reports need to have the ability to be customized, and create new reports based on the needs of the business. c. Generating and scheduling reports needs to be easy to understand and implement for Teleperformance administrators of the preferred solution. d. Reports systems should have built in functions to be sent to email of various groups that need to review these reports. 16. The solution must ensure encryption of data in transit and at rest. 17. The solution must ensure tamper control during capture, transfer, and storage. 18. The storage area, data warehouse, for the logs must meet the ability to store logs online for at least 90 days. 19. The solution should have some kind of storage compression ability for archiving and backup. 20. The solution provider must provide resources, testing, training, and well defined documentation to ensure that all installations are completed quickly and that our staff can manage, maintain, and implement future installments. 21. Teleperformance is based upon a hub and spoke design where one centralized location is capable of controlling several satellite offices. Each satellite office could contain up to as many as 300 devices in need of monitoring. Furthermore, each location is required to maintain a log collection device capable of storing the audit logs. These locations should be capable of being controlled by one separate site, but may be controlled locally in the event of network connectivity issues. Please provide us with architecture examples of how your solution would integrate into this type of infrastructure. a. Be as detailed as possible with your answer to this question. b. If possible, provide a diagram of this example with the response given. c. Provide an inventory listing of devices and/or software used in your architecture examples required for your solution. d. Please explain how your example provides best practices in logging for compliance and regulations. 6 P a g e

Our primary objectives in implementing this log management system are as follows: 1. We Require that the solution have the ability to support our log management needs related to PCI, HIPAA, ISO, and best practices. 2. We need to increase the ability to get alerts out to system owners and others faster. We need to ensure that these alerts are unique and can be customized to the situation. 3. We must be able to deploy solutions to mission critical servers and networking devices with minimal system impact. Having the ability to use agents and agent less solutions would be recommended. 4. We must be able to bring reports outs faster, and more readily available. 5. We must have support for all countries that we deploy the solution to. 7 P a g e

3 EXISTING ENVIRONMENT 3.1 TELEPERFORMANCE GROUP INTERNATIONAL OVERVIEW AND LOCATIONS Teleperformance has over 281 call centers throughout 45 different countries. Additional information can be found at: http://teleperformance.com Teleperformance owns over 73000 workstations and 2300 servers worldwide. 8 P a g e

9 P a g e August 20, 2008 [TELEPERFORMANCE LOG MANAGEMENT SYSTEM RFP] 4 SUPPLIER REQUIREMENTS & INSTRUCTIONS 4.1 RFP INSTRUCTIONS All vendors are required to follow the instructions in order to be considered in the final evaluation. Failure to comply with these instructions may result in disqualification from consideration. 4.2 QUESTIONS All suppliers must submit questions to TPRFP@teleperformance.com no later than September 9, 2008 5:00 p.m. MST. A copy of all questions and their associated responses will be emailed to all participants that submitted a question. 4.3 RFP RESPONSE FORMAT Each supplier must provide 1 hard copy response and one softcopy response. RFP responses (both hard copy and softcopy) must be submitted no later than September 16, 2008 5:00 p.m. MST. PLEASE SUBMIT HARDCOPY TO: Gavin Bailey 1991 South 4650 West Salt Lake City, Utah 84104 PLEASE SUBMIT SOFTCOPY TO: TPRFP@teleperformance.com 4.4 RFP REQUIRED OUTLINE The following table summarizes the mandatory information contents and format requirements of your proposal. Section Section Title Page 1 Executive Summary X 2 Suppliers Background X 3 Customer References X 4 Pricing Structure X 5 Implementation Services & Pricing X 6 Technology Specifics & Compatibility X

7 Invoicing Requirements X 8 Detailed System Requirements X Executive Summary please provide your standard corporate executive summary. Supplier Background we are seeking information regarding the background of your organization in order to access the ability of your organization to fulfill the requirements of this RFP in a timely and efficient manner. Please include answers to the following: Provide, company name and headquarters location. Provide length of time of which you have been offering these security technology solutions and services. Provide the names, role, telephone, fax and email addresses of primary points of contact within your company. Disclose fully all your relationships with any and all security system providers for Teleperformance. Indicate whether your company is currently in litigation with any organization regarding fulfillment of contractual obligations, performance, or copyright and patent infringement. Conflict of Interest Certification: certify that your firm has no real or potential conflicts of interest which would prevent the supplier from acting in the best interests of Teleperformance. If you are a public company, provide audited financial statements for the past 2 years. Include annual reports if available. If you are a subsidiary of another corporation, include the holding company annual report. If you are a privately held company and will not disclose any financial information, provide the information indicated using either true dollars or percentage information. If you are providing data on a percentage basis, make sure that you scale everything to total sales. That is, assume total sales represents 100% and scale all sales and cost items as a percentage of this number. Any additional information the supplier deems useful for Teleperformance s evaluation of the supplier s qualifications. 4.5 IMPORTANT DATES Date to be received Sept 9, 2008 5:00 p.m. MST Sept 16, 2008 5:00 p.m. MST Items to be returned Final Day to Submit Questions Completed RFP Response 10 P a g e

5 TERMS AND CONDITIONS 5.1 CONTRACT DURATION For purposes of this RFP, prices quoted for solutions and services are to be valid for a minimum period of 3 years if contract is awarded. 5.2 RFP EXPENSES Any costs incurred by you in preparing and providing a response to this RFP are solely the responsibility of your organization. 5.3 PRICING IS BEST AND FINAL Teleperformance is soliciting a solution to identify a global log management solution(s) and provider(s). Teleperformance plans to implement these solutions globally. This will be heavily weighted to the vendor who provides an acceptable solution with the most attractive pricing. We are looking for global capacity pricing but are not committing to any single purchase or any number of purchases. Our intent is to identify the best solution at the best price, and a global provider or channel partner that offers us the ability to purchase that solution anywhere at that set price. The solution(s) selected will become the standard for all future purchases. Your pricing should include aggressive discounts to be considered as the vendor of choice. Your best and final pricing should be based on the purchase of one 1 solution and not a commitment to more than one. Pricing shall include: Detailed solution costs. Detailed education and training pricing, and availability. Detailed maintenance costs. Any and all other costs must be explained in detail. 11 P a g e

5.4 EVALUATION CRITERIA This request for proposal is designed to provide Teleperformance with the ability to determine which supplier will best satisfy the requirements of Teleperformance with the most attractive pricing. The evaluation scoring criteria are listed below. Each category will receive a score in the range of 1-5 with 5 as a high score. Each category will be multiplied by the weight factor to identify the total category score. The total category scores will be added together to determine the vendor solution final score. Category Weight Financials (vendors financial stability) 2 Customer references 2 Scalability 5 Compatibility with our existing security systems, meeting our requirements 5 Additional features of value to us not specified in RFP 2 Total price (solution, implementation and maintenance) 5 Global delivery/sales distribution 4 Teleperformance will reduce the potential suppliers to one or two based upon the evaluation scoring. Teleperformance expects to invite the one or two top suppliers on site to make a formal presentation regarding their proposal to a team of Teleperformance representatives. 5.5 AWARDING OF POTENTIAL BIDS Teleperformance, at its sole discretion, reserves the right to either accept or reject any and all proposals, and do nothing. The existence of this request for information shall not, in any way, obligate Teleperformance to any contractual obligation. The supplier(s) with the highest score will be considered. Teleperformance reserves the right to identify the correct solution and still cancel the RFP if our budget does not support the purchase. 12 P a g e

5.6 CUSTOMER REFERENCES Supplier must provide a list of three references that use the proposed solution. Teleperformance will contact these references only at the end of the selection process as part of the due diligence phase of supplier selection. In addition, Teleperformance will only contact these references after the supplier has specifically been asked to arrange for such contact. It is expected that if the supplier lists a reference in their proposal they will have the ability to arrange for a reference call. Include for each reference: Company name Contact name Company address Contact telephone number Contact email address 5.7 INVOICING Supplier must include your proposed fee schedule and terms in the proposal. Indicate payment terms in regard to any available percentage discount for early payment. Teleperformance standard payment term is net 45 days. 5.8 NOTE TO SUPPLIER It is expected that all information submitted would be in accordance with what has been clearly outlined in the RFP. Once information has been submitted it is final. The time for questions is clearly detailed in this RFP. Once completed, your signature or that of a duly authorized individual of your company must be affixed, in order for us to acknowledge the fact that you have read the RFP thoroughly and have completed the information request within the stipulated guidelines. 13 P a g e

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information