الوصف

TOR for Conducting ICT Vulnerability Assessment and Penetration Test

Background

SOS Children’s Villages is an international organization operates in Palestine since 1966. We offer services to vulnerable families in both Gaza & West Bank through our programs that aim at family strengthening, youth empowerment, and providing alternative childcare.

SOS Palestine is currently seeking to engage a specialized Company to conduct Vulnerability Assessment and Penetration Tests for its three locations as per the following terms and conditions.

Interested Firms are welcome to submit their technical and financial proposals after careful reading of terms and conditions.

Objective

SOS - Palestine wants to conduct Vulnerability Assessment and Penetration Testing (VAPT) to secure its externally visible infrastructure. This section details the scope of the current assignment by stating the underlying assumptions, enumerating the areas of assessment, and marking out the boundaries. Finally, the Section formally states what factors will lead to the successful completion of an engagement such as the one proposed in this document

Scope of Work

The main objective of the RFP is vulnerability assessment and penetration testing for the following Locations:

National Office

Nazzal Building, 4th floor, Manger Street, Bethlehem.

Bethlehem Village

Hermann Gaminer Street, Karakfa – Bethlehem

Rafah Village

Tal Al Sultan Street, Rafah,Gaza.

Scope Particulars:

External Penetration Testing & Vulnerability of Internet-facing Servers / IP addresses(Black Box)

Public IP Address Qty: 6

External Penetration Testing & Vulnerability of Internet-facing App / IP addresses(Black Box)

Application Qty: 3

Vulnerability Assessment of Network Devices & Firewall(Black or Grey Box Internal Penetration Testing Best Effort)

Network devices & Firewall Qty: 20

Firewall devises Rule/Policy Review

Devices Qty: 4

Deliverables:

We expect to receive a comprehensive report explaining:

Executive Summary – Summarize the scope, critical findings, and the positive security aspects identified in a manner suitable for the management.
Categorization of vulnerabilities based on risk level – The report should classify the vulnerabilities as High/Medium/Low/Informatory based on the Impact and Ease of Exploitation.
Details of the security vulnerabilities discovered during the review – The detailed findings should be brought out in the report, which will cover the details in all aspects.
Recommendations for the discovered vulnerabilities – The report should contain emergency quick-fix solutions and long-term solutions based on industry standards.

Eligibility Criteria:

The bidder must meet the following criteria:

Must be a specialised company in the mentioned field.
Proven competency (record of previous experiences) in the announced field(s).
A very good understanding of child rights and issues affecting vulnerable children and their families.
Holding an internationally or nationally recognized qualifications in this field.
Must commit to the timeline and quality of deliverables.
Technical Proposal Weight: 75%, Financial Offer Weight: 25%.

Application Process

Interested bidders are welcome to provide SOS Children Villages with the following Documents: (In one sealed envelope, that includes Technical & Financial Offers)

Technical Offer: Must include the following:
- Implementation Plan.
- Organization/Firm’s experience and history.
- Three recent references for similarly provided services.
- Should be stamped and Signed from the organization/company person in charge, with listing of contact details.
- Company Profile.

Key Personnel’ Resumes (Annex)
- CVs should be directly related to this engagement outcome. (Each CV should be limited to 2 pages)
- Any copy of related Certification obtained by the specialists.

Organization Documents (Annex)

The following documents should be enclosed

Certificate of Registration.
Valid Deduction of Source Certificate, or written commitment that bidder is eligible to issue this certificate upon need.
Confirmation that the applicant is eligible to have a Zero-VAT Document from MOF.