EoI - Vulnerability Assessment and Management Service
Request for Expression of Interest (EOI)
06 October 2015
Expected contract duration
Summary of Requirements
The Organization for Security and Cooperation in Europe (OSCE) is interested to establish a Contract for the provision of a Vulnerability Assessment and Management Service.
Technical landscape of the OSCE
The Organisation operates a distributed information systems architecture, with servers primarily concentrated at the organisation’s secretariat offices in Vienna, Austria, and distributed infrastructure and local application servers in several locations across Europe and Central Asia. For some locations, IT infrastructure is connected to the internet and corporate network via high latency networks such as satellite links.
The OSCE’s current Information Technology landscape mainly consists of the following:
Microsoft environment comprising servers and exchange servers;
Electronic Document and Records Management System (Livelink/Open Text Content Server);
Oracle EBS and databases;
Physical servers and VMware virtualization;
The volume of external servers is approximately 100 devices, with approximately 500 internal servers and infrastructure elements. There are approximately 3000 end user devices on the internal network.
Areas of Interest
Provide a Vulnerability Assessment and Management platform that provides capabilities to:
Assess the vulnerabilities of the OSCE’s Internet facing and internal servers and applications;
Provide the technical community within the OSCE with a tool to assess and self-manage identified vulnerabilities and ensure compliance with security requirements;
Provide strong management reporting to facilitate assessment of overall vulnerability status and risk assessment;
Support a variety of deployment scenarios to accommodate scaling the service and to adapt to a changing architecture.
Pool of trained, knowledgeable functional and technical English speaking consultants;
Experience with and significant supported deployments of any proposed solution;
Externally verifiable security assurance for data stored and managed by any cloud based solution.
Should you company become interested and capable to participate in the competitive tender process, please send your respond by email to Mr. Yury GOLOVKOV, OSCE Secretariat Procurement at firstname.lastname@example.org
Kindly include in your response the following information:
1. Your company’s feedback on the above requirements;
2. Name and email address of your company staff to receive the tender document.
Please note that this is not an invitation for submission of a proposal.
This is the Request for Expression of Interest (EoI) to identify qualified service providers interested and capable in participating in the tender process.