Call for the market study for the contracting of “Non-consulting services for the Identification and Continuous Assessment of information security events in the technological infrastructure of the Ministry of Public Health – Central Plant through a Security Operations Center (SOC)” – Ministry of Public Health

The Ministry of Public Health, through the Directorate of Information and Communication Technologies, invites suppliers to participate in the process of preparing the Market Study for the “HIRING OF NON-CONSULTING SERVICES FOR THE IDENTIFICATION AND CONTINUOUS ASSESSMENT OF COMPUTER SECURITY EVENTS IN THE TECHNOLOGICAL INFRASTRUCTURE OF THE MINISTRY OF PUBLIC HEALTH CENTRAL PLANT THROUGH A SECURITY OPERATIONS CENTER (SOC)”

This market study will be used to define the referential budget prior to the publication of the contracting process.

The referential price of the services must consider the following aspects:

1. The validity of the quote must not be less than 120 days;
2. The source of financing will be made with resources from the Inter-American Development Bank, so the bidders must belong to the IDB member countries;
3. The offer must be submitted for the entire contract.
4. This process does not contemplate the readjustment of prices.

DESCRIPTION OF THE CONSULTANCY

It is required to hire a service that provides continuous monitoring and reporting of computer security events that allows the detection, identification, assessment, classification of vulnerabilities and computer security events, thus being able to obtain alerts in real time, containment and mitigation recommendations report, with in order to minimize the risks derived from information assets through a Security Operations Center (SOC). Which has the technical specifications attached in Annex 1:

https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV

The MSP will deliver the applicable information assets to be monitored in the service – Assets-Production Annex:

https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV

Monitoring will be carried out using automated and manual tools, which will be provided for the contracted service.

The service provider must inform in a predetermined time, according to the level of risk of each event, through calls, messages, alerts and reports the level of criticality (critical, high, medium, low or informative) of the vulnerabilities and security events that arise in information assets, systems and applications, you must issue a report of conclusions and recommendations to mitigate the security event, in addition, within the documentation, you must record the findings found.

Any reference to the service is considered highly confidential and therefore cannot be disclosed without the express authorization of the relevant MSP authorities. Likewise, the personnel involved in the provision of the service must sign consents for the non-disclosure and confidentiality of the information.

REACH

The Security Operations Center (SOC) will continuously monitor and report information security events in the technological infrastructure of the Ministry of Public Health Central Plant, whose purpose is to collect (log) in real time and identify security and vulnerability events, to to be able to correlate them through Security Information and Event Management (SIEM) which allows scanning, detecting, identifying, analyzing, assessing, classifying vulnerabilities as well as information security events, thus being able to obtain a report of migration recommendations vulnerabilities and computer security events in order to mitigate the risks derived from assets, systems and applications.

For scope detail verification, review Annex_1 in → https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV

CHARACTERISTICS SERVICE TECHNIQUES

The requested technical specifications as found in Annex 1 → https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV

WORK METHODOLOGY

The service must be based on best practices focused on cybersecurity, as well as methodologies and strategic processes to build and maintain cybersecurity defenses.

In order to reduce false positives, as well as carry out a more exact and exhaustive process, new generation tools must be used to find vulnerabilities and important computer security events. This tool should cover at least the following scenarios:

• Monitoring of information assets.
• Detection of vulnerabilities and computer security events.
• Malware detection.
• Lateral movement activity detection.
• Privilege escalation detection.
• Detection of possible persistence.

The service provider must, within a maximum period of 15 days from the day after signing the contract, implement the solution components that allow the activation of the contracted service and the identification of production assets and controls. carried out in the monitoring process.

Additionally, the service provider must have at least ISO 27000, or ISO 27001 or ISO 9001 or ISO 20000 or ISO 27700 certifications in integration activities of various teams for the collection, retention and analysis of logs such as event monitoring; identification, reaction and control of cybersecurity threats; Incident Management; preventive solutions and reports.

The bidder must deliver the monthly and quarterly reports as established in the characteristics of the service to be contracted.

REPORTS

The service provider must generate and submit standardized reports (see: Annex_1: Reports Section – https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV ) according to the periodicity and frequency required in the scope of the service.

For descriptive report formats and specifications, see Annex_1 → https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV

RESOURCES

Due to the specialization required to meet the objectives, it is considered necessary and it will be especially valued that the service have resources in human talent highly specialized in experience, participation and implementation of similar programs, preferably in national health management models, and national projects for health information systems.

The service provider must have and indicate the state-of-the-art licensed tools, which they will use to manage and carry out all the requirements and objectives set, as well as to collect information, systematize it, document it, and monitor the progress of the project.

The methodology, instruments/tools offered must have a history of having been used and tested in other related services, which must be presented as support.

During the time of execution of the service, the MSP may request access to said tools, but in no case will it incur additional costs for it, for which reason it must be borne by the contracted service.

SERVICE PROVIDER CAPABILITY

The service provider must present the supporting documents that demonstrate their experience within the last 5 (five) years, in monitoring work of the Security Operations Center (SOC) either in the Public or Private Sector.

EXPECTED PRODUCTS OF THE SERVICE

The MSP expects the service to provide the following products, which are detailed in the following Table:

SCHEDULE AND DELIVERABLES

The aforementioned deliverables and their delivery schedule from the activation of the service (calendar days) are detailed below, as shown in the following table:

Deliverable Schedule Table

The schedule may be subject to changes as long as both parties (MSP and SERVICE PROVIDER) agree, not exceeding the total time set for the service (365 days from the signing of the contract).

PAYMENT METHOD

The method of payment for this service will be quarterly.

Quotations must be sent in digital format (signed), to institutional emails [email protected] y [email protected] until April 25, 2023with the following data:

Quotation Presentation Format

Bidder data:

Business name:

RUC:

Address:

Telephone:

Way to pay: (Payments will be quarterly)

Service delivery time: (365 days)

Offer issuance date:

Offer Validity: (must not be less than 120 days)

Responsibility signature preferably electronically signed in QR format, for which it is suggested to use the FIRMA EC application https://www.firmadigital.gob.ec/descargar-firmaec/

Data of the contracting party:

On behalf of: Ministry of Public Health

RUC: 1760001120001

Address: Quito, Av. Quitumbe Road and Av. Amaru Ñan, Governmental Platform for Social Development.

Telephone: 593-2 381-4400 ext. 4008

Economic proposal:

Take into consideration the Annex_1 of Technical Characteristics → https://almacenamiento.msp.gob.ec/index.php/s/5o0akPbRi9tSyRV for details, characteristics and product development methodology.

Attach to the quote the compliance of the technical characteristics, in the format (If it complies).

Example:

And compliance with the Technical Profiles

List of eligible countries

• List of member countries when financing comes from the Inter-American Development Bank: Germany, Argentina, Austria, Bahamas, Barbados, Belgium, Belize, Bolivia, Brazil, Canada, Chile, Colombia, Costa Rica, Croatia, Denmark, Ecuador, El Salvador, Finland, France, Guatemala, Guyana, Haiti, Honduras, Israel, Italy, Jamaica, Japan, Mexico, Nicaragua, Netherlands, Panama, Paraguay, Peru, Portugal, Republic of Korea, Slovenia, Spain, United States , Dominican Republic, People’s Republic of China, Sweden, Switzerland, Suriname, Trinidad and Tobago, Uruguay, and Venezuela.

Eligible Territories

• Guadeloupe, French Guyana, Martinique, Reunion – as they are Departments of France.
• US Virgin Islands, Puerto Rico, Guam – for being Territories of the United States of America.
• Aruba – for being a Constituent Country of the Kingdom of the Netherlands; and Bonaire, Curaçao, Sint Maarten, Sint Eustatius – as they are Departments of the Kingdom of the Netherlands.
• Hong Kong – as a Special Administrative Region of the People’s Republic of China.