Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

Scope of Work

Security Information and Event Management

(SIEM) and privileged Access management
(PAM)

This document outlines the requirements and specifications for the design, supply, installation and implementation of the
Managed Security Information and Event Management System (MSIEM), Privilege Access Management (PAM) solutions, and
managed security services required by Client in both primary and secondary Data Centers.

1|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

CONTENTS OF RFP

1 RFP OBJECTIVES..................................................................................................................................................................................... 3
1.1 OVERVIEW ............................................................................................................................................................................................................................3
1.2 STATEMENT OF CONFIDENTIALITY ....................................................................................................................................................................................3
1.3 SERVICE PROVIDERS RESPONSE ......................................................................................................................................................................................................3
1.4 QUESTIONS AND CLARIFICATIONS ....................................................................................................................................................................................3
1.5 PROJECT TIME FRAME ........................................................................................................................................................................................................3
2 GENERAL SPECIFICATIONS ................................................................................................................................................................... 4
2.1 ABOUT THE CLIENT ..............................................................................................................................................................................................................4
2.2 CURRENT ENVIRONMENT ...................................................................................................................................................................................................4
2.3 SCOPE OF WORK .................................................................................................................................................................................................................4
2.4 NON-TECHNICAL SPECIFICATIONS ..................................................................................................................................................................................................5
3 CONDITIONS AND TECHNICAL REQUIREMENTS ....................................................................................................................... 6
3.1 CONDITIONS ........................................................................................................................................................................................................................6
3.2 SIZING FOR (SIEM) AND (PAM) SOLUTIONS ................................................................................................................................................................7
3.3 TECHNICAL REQUIREMENTS FOR (SIEM) AND (PAM) .................................................................................................................... 8
3.3.1 SIEM Technical Requirements ............................................................................................................................. 8
3.3.2 PAM Technical Requirements .............................................................................................................................. 8
3.3.3 Engineering Requirements .................................................................................................................................. 9
3.3.4 Monitoring Requirements .................................................................................................................................. 10
3.3.5 Incident Response and Forensics .............................................................................................................................. 11
3.3.6 The secondary Threat Intelligence Feed requirements ..................................................................................... 11
3.3.7 Proactive Services ....................................................................................................................................................... 12
4 WARRANTY, SUPPORT, AND LICENSES REQUIREMENTS....................................................................................................... 13
5 TRAINING, DOCUMENTATION REQUIREMENTS AND KNOWLEDGE ..................................................................................... 14
6 EVALUATION CRITERIA .............................................................................................................................................................. 15

2|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

1 RFP objectives
1.1 Overview
Client is looking to further strengthen its Information Security Systems by engaging a Managed Security Services Partner to:
 Licenses renewal, warranty and support of the existing SIEM (IBM QRADAR) or provide a replacement solution that is
compliant with the terms and conditions in this document and UAE IA Standards.
 Improve Client’s cyber security resilience through a 24 x 7 security monitoring for the business critical applications
and all devices involved in transactions.
 The purchase, installation, and configuration of Privileged Access Management solution (PAM) compliant with the
terms and conditions in this document and UAE IA Standards
 Provide licenses, warranty and support for all components, software and services detailed in this contract for Three
years and six months.
1.2 Statement of Confidentiality
This RFP and all materials submitted by CLIENT must be considered confidential. CLIENT requests that this RFP must not be
forwarded to any third party for evaluation or for any other purpose without the express written consent of CLIENT. When
submitting confidential material to CLIENT, the bidder must clearly mark it as such.
1.3 Service providers Response
The service provider's response should contain technical information and pricing details of their products & services, which
will meet or exceed Client’s requirements & specifications as described in this document.

The proposal should also contain the service provider’s corporate profile & scope of capability information.
In order to expedite the evaluation process and fairly evaluate all proposals, it is mandatory that the general Terms &
Conditions are being accepted.

Failure to agree or comply to any of the terms and conditions or not following the required mandatory outline or not providing
required information as softcopy or will result in a bidder's proposal being disqualified from the evaluation.
1.4 Questions and Clarifications
The service provider can request for a meeting with Client technical team to ask for clarification about the RFP as per the
following conditions:
1. All meetings will be held in Client, it’s not allowed to arrange for any meeting outside of Client.
2. Client can approve or deny the meeting request.
1.5 Project Time Frame
Client intends to offer a contract for three years and six months, to provide the solution as per requirements mentioned in this
document. Client preserves the right to terminate the contract upon nonperformance or noncompliance to the agreement
commitment.

3|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

2 General Specifications
2.1 About the Client
The Client is responsible for proposing the economic and commercial policy of the Abu Dhabi Emirate and preparing the plans
and programs required for implementing such policy. It is also responsible for conducting the necessary studies to encourage
and promote the private sector. The Client provides commercial licensing and trade name registration. It also participates in
economic and trading seminars and conferences locally and internationally.
To achieve such objectives, the Department takes charge of the major following activities:
1. Lay out mechanisms for activating economic sectors.
2. Lay out programs and plans to encourage investments.
3. Study negative trade phenomena, give proposals to limit their negative impact on the growth of the commercial
sector, and familiarize consumers and merchants with the damages of commercial deceit.
4. Lay out marketing plans to attract foreign investments in the economic activities that are required to be developed.
2.2 Current Environment
1. Client is currently using Qradar as the SIEM solution.
2. No system currently in place for Privileged Access Management (PAM)
2.3 Scope of Work
The security service provider must provide following services while retaining all the logs in Client premises:
1. The vendor must conduct a site survey to collect all the information about the existing infrastructure, SIEM solution
and about the new requirements.
2. The proposed solutions must be prepared based on collected information to accomplish the successful deployment
of the project, as per Client’s requirements
3. The provisioning of the accompanying licenses, warranties and support from the manufacturers and the local vendor
for (PAM) solution as per the requirements and conditions of this document.
4. Licenses and support renewal of existing SIEM solution.
5. In case of proposing an alternative SIEM solution, it must provision the accompanying licenses, warranties and
support from the manufacturers and the local vendor for the SIEM solution as per the requirements and conditions
of this document.
6. The installation and configuration of all systems within this contract as per the requirements of this document and
the business requirements of Client.
7. Migration of existing SIEM from the physical hardware to the virtual environment.
8. Perform all the required configuration and fine tuning to make sure that the system will receive all the logs from
existing networks, security, servers/applications and Database infrastructure.
9. API Integration of SIEM solution with existing Client’s network, security and servers/applications infrastructure.
10. The full installation, License Activation, configuration and fine tuning of the proposed solutions to ensure its
compliance with UAE IA Standards requirements.
11. Integrate the proposed solutions with Client’s existing network and security infrastructure.
12. Provide management, support, and maintenance services which meet all the requirements listed in this document.
13. The Managed SIEM shall be able to identify information security threats/ vectors targeting Client's environment. It
must be able to prevent any impact or breach through implementation of adequate security mechanisms.
14. Incident Management: Reporting and logging of information security incidents. Track and monitor the closure of these
information security incidents and escalation of these incidents to appropriate teams/ individuals in Client, if required.

4|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

15. The vendor is responsible to perform 24x7x365 log monitoring and analysis for all Client business critical applications
and all devices involved in the transactions.
16. Information security incident management around the clock.
17. Rapid response to incidents.
18. Continuous security baseline improvement for the proposed solution.
19. Protection against identity theft and fraud, user behavior analysis and detecting suspicious transactions.
2.4 Non-technical specifications
Client recognizes that service provider’s stability is of paramount importance and will take all factors into consideration in
order to prevent any corporate data or infrastructure compromise. Due to their fact, it is necessary to consider a number of
non-technical factors as part of the service provider selection process. The service provider should provide details about these
factors in their proposals. These factors will be used to evaluate the overall solution.
These factors include but not limited to:
1. Number of years (minimum four years) the service provider has been offering the proposed service.
2. Availability of local support.
3. Previous experience with the Client and other institutions.
4. Clarity of offer and material.
5. Implementation, training and knowledge transfer plan.
6. Service provider must provide the department with the information of the last two similar contracts with government
departments.

5|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

3 Conditions and Technical Requirements

3.1 Conditions
1. The proposed solutions must be in Gartner’s Leaders Quadrant in the latest publication.
2. The alternative proposal must meet or exceed the requirements mentioned in the “Technical Specifications” section
of the RFP.
3. Service provider must submit an official letter from the Principal vendors affirming the service provider’s status as a
partner. The letter must be part of the Technical proposal and will not be accepted separately.
4. The vendor must possess at least two engineers with highest possible certification in the installation, configuration,
management and administration of the proposed solutions.
5. The service provider must be the direct provider of the services within this contract. Should the service provider
require to utilize any subcontractors for any part of the contract, approval must be granted by Client prior to the date
of proposal submission.
6. The service provider must commit clearly and in writing to all the conditions and requirements in this document
without modification, addition or omission. Any changes will be considered a valid justification for disqualification
from the tendering process.

Estimated Count of Event Log Sources (Only

Site 1 (Main) Site 2 (DR)
what will be logging):
AD/Auth, DHCP, DNS, ESX 1 AD/Auth AD/Auth
2 DHCP & DNS DHCP & DNS
ESX ESX

Web and Mail Servers 4 2

Windows General Purpose Servers 300 60

Linux/Unix General Purpose Servers 25 8

Antivirus, Anti-Malware Servers 2 1

Database Servers 2
Active/Passive SQL Clusters. 2
Active/Active Node Oracle RAC.
Firewalls, Proxy Servers Proxy servers 1 proxy server
Edge firewalls 2 Edge firewalls
Core Firewalls Core Firewalls
MPLS firewalls MPLS firewalls
Branch Firewalls
ADSL firewall

6|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

3.2 Sizing for (SIEM) and (PAM) solutions

IDS, IPS, VPN, WAF, DAM, DLP, LB 3 load Balancers
6 load Balancers
1 VPN appliance
2 VPN appliances
1 mail security appliance
2 mail security appliances

60 L2/L3 Switches
Routers, Switches, Wireless 1 Wireless Controller
5 Wireless Controllers
Additional Devices - 1 3 Vulnerability Assessment: 1 security scanner
(Security Scanner, PVS, LCE)

Total Number of Workstations 1000

Throughput Needs for Q-Flow, QNI or QIF To be estimated

Estimated Events Per Seconds (EPS) 5000 or more

Number of Major Data Centers 2

Available WAN Bandwidth (For streaming logs) 100 MBps

Total number of SIEM Users Expected 5

Total numbers of PAM users Expected 45

System Preference (Virtual, Cloud, Appliance, etc?) virtual, appliance

HA and/or DR Requirements HA and DR both are required

On-Line Log/Flow On-Line Retention Req 6 months

7|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

3.3 Technical requirements for (SIEM) and (PAM)

Client invites responses from suitably qualified Managed Security Service providers to propose a contractual arrangement for
providing the required services and solutions as described in this document. The service provider must fulfill the following
requirements as minimum: (Please describe how your solution meets these requirement where possible):
3.3.1 SIEM Technical Requirements:
1. Client will provide the required infrastructure (VMs, Storages, DB…)
2. The proposed virtual appliances must support (Nutanix hyperconverged, VMware vsphare 6.0 and later, Oracle VM).
3. The proposed solution (correlation & log management) must be licensed to accommodate 5000 EPS, where events at
peak must be correlated, not queued.
4. The proposed solution must support all Log Sources (check sizing list 3.2).
5. The proposed solution must provide at least 6 months (180 days) of online and another 6 months (180 days) of offline
retention.
6. The system must have the ability to archive the events to an external Storage space with indexing, which can be
directly accessed by the system and it should be possible to search in the archive location itself, without retrieval.
7. 20% increase or decrease in number of devices or events/sec is free of charge.
3.3.2 PAM Technical Requirements:
1. Privileged Access Management for all systems, including but not limited to:
a. Physical & Virtual servers
b. Microsoft Windows or any other Operating systems
c. Network & security appliances
d. Applications
e. Databases
2. The proposed solution must have passwords management capability:
a. Eliminate the storage of static, plaintext passwords, and periodically randomizes service passwords and can
be retrieved securely by applications when needed.
b. Save password history: All old passwords are retained in the vault.
c. Notification of the Service Account Password change to Windows Service Control Manager, Scheduler, IIS,
and other components.
d. Ability to disable passwords centrally when needed.
3. Connect users and programs to privileged accounts after appropriate authentication and authorization.
4. Activate the email notification mechanism or any other recommended methods to authorize the approvals and
privileges activation in an effective manner.
5. Implement the required automation and workflow approvals for the access requirements and privileges.
6. Provide the required customization for PAM solution Website portal.
7. Limit Concurrent Administrator Logins by controlling the number of users who can simultaneously connect to a given
privileged account.
8. Encrypt and secure the PAM solution related critical data.
9. Provide an easy and simple way to retrieve the historical data and privileges related processes.
10. Both a static access control model and a dynamic authorization workflow are required.
11. Fast and quick response and action on any security privilege access incidents.

8|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

12. Extensive logging and reporting.

13. Provide central reporting service including any customizations for reporting service.
14. The proposed solution must record screen, keyboard and other data while users are connected to privileged accounts:
a. The recording may be of just the window launched to connect a user to a privileged account or of the user's
entire desktop as per Client requirements.
b. Recordings can be made of SSH, RDP, vSphere, SQL Studio and any other administrative sessions launched
via Privileged Access Manager.
c. Session recordings may be archived indefinitely.
d. These recordings must be protected against unauthorized search, playback, and should be tamper resistant.
15. Ability to export logs to SIEM.
16. Schedule elevation of privilege.
17. Centralized privileged access management and control across diverse server domains including delegation of
privileged user accounts and commands.
18. Fully integrated with Microsoft Active Directory (AD).
19. Provide the required integration with current Client systems.
20. The proposed solution must be fully compatible with all Client’s systems, applications, Databases, network and
security infrastructure.
21. Emergency Access to Administrator Accounts by using one-time disclosure of passwords in convenient and secure
way using a workflow engine designed to allow people who do not have regular administrative access to systems to
request such access.
22. The proposed solution should include an infrastructure auto-discovery capability to find systems on the network and
apply rules.
The vendor must submit the project plan and all other installation and implementation documents. Client must review and
approve these documents prior to the implementation.

3.3.3 Engineering Requirements

1. The service provider must provide the license and support renewal of Client’s existing SIEM solution.
2. The service provider should have already implemented workflow requirements in their SOC. This will be used by Client
as a service.
3. Administration and maintenance of SIEM tool & correlation components.
4. Perform threat hunting whenever is required.
5. Perform custom log parser.
6. The service provider must be powered by both global and regional threat intelligences feeds and holds all skills
required to develop and customize use cases required to secure Client’s applications, network and security
infrastructure.
7. The service provider must retain the logs within Client environment for the agreed retention period. Logs must not
be transported outside of Client environment.
8. The service provider must ensure compliance to local laws.

9|Page
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

9. The service provider should enclose their security monitoring service SLA along with their technical proposal.
10. The service provider must provide security advisory reports based on the global and regional security threat profiles.
11. The service provider must follow UAE Information Assurance Standards compliant for the controls associated with
Incident Response & Monitoring.
12. The service provider must be ISO 27001 certified.
13. The service provider must have their SOC locally operated in UAE.
14. Notifications provided by the service provider’s SOC should be available via email and SMS.
15. The service provider’s SOC Team must have the technical expertise on the proposed SIEM solution provided in
response to this RFP and the ability to provide the first line of support for Client.
16. The service provider must provide subscription to an additional Threat Intelligence feed.

3.3.4 Monitoring Requirements:

1. All onsite MSS/support personnel must be residents of UAE with valid work permit in UAE. (Bidder to submit proof of
visa page copy in passport).
2. The service provider must provide remote SOC services on a 24x7x365 basis and provide reports to Client on a
periodic basis throughout the contract period.
3. Service provider should provide real time monitoring of security logs to detect malicious or abnormal events and
raise the alerts for any suspicious events that may lead to security breach.
4. Service Provider should provide log baselines for all under scope that are required to be monitored.
5. Service provider should detect both internal & external attacks. In addition to security attacks on IT infrastructure,
service provider should also monitor for security events on databases and servers.
6. The service provider must provide Active Directory monitoring services to detect and mitigate against any
reconnaissance process, credential theft, and lateral movement.
7. Service Provider should carry out correlations amongst the logs from multiple sources to detect multi-vector attacks.
8. Service Provider should send alerts with details of mitigation steps to designated personnel of Client.
9. Service Provider should be able to provide reports that are compliant with UAE IA Standards.
10. Service Provider should provide reports on daily, weekly and monthly basis. It should include the operations trend
analysis with the reports correlation of the present period's data.
11. The Service Provider should bring workflows and solutions that can automate majority of the incident response
activities such as false positive management, managing whitelists, escalation workflow, SLA management, etc.
12. Alerts should be notified to Client only after proper triage process. Alerts from SIEM should be enriched with context
data, environmental data, vulnerability details, etc.
13. Historical parameters should include and not limited to attack volume, attacker volume, and destination volume for
every alert.
14. Service Provider should give long term solution to prevent such threats in the future.
15. The service provider must analyze the daily alerts received from ADDA SOC team and ensure timely response to their
requests/reported incidents.

10 | P a g e
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

3.3.5 Incident Response and Forensics.

3.3.5.1 Incident response requirements:
1. Incident report with classification, chronology of events, RCA, IOC.
2. Track impacted assets related to an incident.
3. Ability for quick counter response
4. Usage of ticketing system and case management workflow
5. Classification of incidents.
6. Maintain track of first response and subsequent measures for the incident.
7. Maintain chronological order of events related to incident response.
8. Maintain IOC and artifacts related to incident.
9. Incident response team comprising of cyber security experts & resources who are sans certified.
10. Review and update the existing incident management & response framework.
11. Define, develop, implement, update and maintain new incident management & response procedure addressing the
gaps identified post assessment of existing framework.
12. Develop procedure for preparation, identification, containment, eradication, recovery and knowledge base for
incident handling.
13. Should at the least consist of defining, developing, implementing and maintaining the following:
a. Incident management plan, process, governance.
b. Incident response plan, process and governance.
c. Workflows for incident management and response.
d. Communications & escalation plan, playbooks, process & metrics.
e. Incident management & response case management.
f. Incident management & response metrics.
3.3.5.2 Forensics requirements:
1. Forensics and work flow automation.
2. Provide forensics as a service
3. Team must be certified.
3.3.5.3 SLA – Response:

Priority Response time

P1 - Incident notification 1 Hour

P2 – medium 4 Hours

P3 – low 24 Hours
3.3.6 The secondary Threat Intelligence Feed requirements
1. Licenses must start from year 2 after signing the contract.
2. Managed service provider must be able to integrate SIEM with the secondary threat intelligence.
3. Solution must be proposed as virtual appliance, hardware components will not be accepted by Client.
4. Solution must have an automated means to curate Threat Intelligence Data. That is, the removal of false positives,
risk scoring, and aging out of IOC’s.
5. Solution must be able to enrich IOC’s with context, and provide the context along with any relevant output.

11 | P a g e
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

6. Solution must be able to bring in a variety of threat feeds in a variety of formats, including both premium and
open source providers.
7. Solution must have the ability to ingest and scrape phishing emails or any emails with IOC content.
8. Solution must be able to provide functionality as both a STIX/TAXII client and server. Allowing for both ingestion
of TAXII feeds, as well as the output of data to various TAXII-capable technologies.
9. Solution must be able to visualize and extract reporting functionality- such as subsets of IOC’s from the platform,
as well as matches from Integrations.
10. Solution must have capability to accept imports in both structured and unstructured format, and provide scoring
visibility on the data.
11. Solution must have the ability, in a sensible way, to track new threats and add new Intel to an open investigation
where other members can collaborate.
12. Solution must have a graph-like relationships tool built in to visualize and explore connected associations.
13. Solution must have a foundation for associating descriptions of TTP’s, Campaigns, Cyber Incidents, Actor profiles,
and IOC’s with each other. This will include out of box information but also the ability to author similar content
internally.
14. Solution must provide a secure, vetted, and user friendly means to share and receive threat data from relevant
organizations.
15. Solution must contain a lookup method for searching across all data for specific keywords. These searches can
come in the form of Actors, threat types, or indicators themselves. Preferable that these searches can be saved
for ease of use.
3.3.7 Proactive Services:
Ability to use the IR retainer in proactive services such as:
1. Active threat assessment.
2. Table Top Exercise.

12 | P a g e
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

4 Warranty, Support, and licenses Requirements

1. The vendor must provide the warranty and support for all hardware, software, and licenses that are part of this RFP
for three years and six months.
2. The warranty and support must start from the date of signing the contract.
3. The warranty shall include on site parts and labor, as directed by Client.
4. The vendor must provide comprehensive and reliable support for the proposed solution.
5. All licenses that are part of this contract must be valid for three years and six months, starting from the date of signing
the contract.
6. The vendor will be fully responsible for the replacement of faulty hardware (either a device or component) by
contacting the manufacturing company.
7. All Return Merchandize Authorization (RMA) requests must be fulfilled on a four hour response basis during the First
Party’s working hours. All parts subject to the request must be replaced within next business day. This time frame
includes the parts and all required configuration to restore the system to its original operational status.
8. Client staff must be informed about all installation and configuration changes.
9. During the contract period, the vendor is responsible to perform all the required configuration of the proposed
solution, without any limitations.
10. The vendor is responsible for any minor or major configuration changes to the systems that are part of this contract
as per the Client’s requirements.
11. The vendor is responsible to perform all software and firmware upgrades during the contract period.
12. All software and firmware upgraded must be done as per Client’s requirements.
13. The vendor must provide onsite maintenance and support for the whole solution.
14. The vendor must provide immediate response for critical issues and immediate call-back for all first party calls.
15. Client doesn’t allow any remote deployment. The vendor must provide onsite implementation during the project
period.
16. The vendor is responsible to provide 24 x 7 on-site implementation and support, during the contract period.
17. The vendor must provide an engineer call-back within one hour of a customer support call representing the highest
priority level.
18. In case of failure of any of the solution components, Vendor is expected to assign an engineer, to attend the problem
within two hours of fault reporting. A fix or a replacement component should be made as mentioned in point #7.
19. Client has the sole right to determine the severity of any issue. The vendor is responsible to abide by the SLA
corresponding to the severity determined by Client.
20. Periodic Health checks, Monitoring and reporting which includes but not limited to:
20.1. Quarterly Proactive maintenance visits.
20.2. Fault discovery, reporting and fixing.
20.3. Firmware, drivers, and BIOS updates.
21. Performance and utilization monitoring and reporting for the provided solution.

13 | P a g e
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

5 Training, Documentation Requirements and Knowledge

1. The proposal must include certified official training for the administration and management of the proposed solutions
compliant with the following conditions:
1.1. Number of attendees: 4 Engineers on different training timing and to be scheduled during the contract period
1.2. Location: Client City. Client has the right to choose the training location
1.3. The training must be free of charge.
2. The training should be cover of all components of the systems mentioned in this document so as to enhance the
capacity of the Department's staff to fully manage these systems.
3. SIEM training should enhance the ability of Client‘s Information Security personnel to analyze logs collected by in real
time to detect suspicious activities and potential attacks
4. The service provider proposal must include knowledge transfer plan.
5. Detailed design and configuration document for the solution, including its connectivity and integration with other
Client systems.
6. Service provider must provide documentation for all configuration changes made in a standard document format to
the IT staff at Client.
7. The service provider must supply electronic documentation for administration, configuration, and helpdesk support.

14 | P a g e
 Security Information and Event Management (SIEM) and privileged Access management (PAM) – Scope of Work

6 Evaluation Criteria

SN Tender Technical evaluation criteria Degree

1 Compliance with RFP Objectives (Section: 1) 5%

2 Compliance with General Specifications (Section: 2) 35%

3 Compliance with Conditions and Technical Requirements (Section: 3) 35%

Compliance with Warranty, Support, and licenses Requirements (section:

4 4) 20%

Compliance with Training, Documentation

5 Requirements and Knowledge Transfer (Section: 5) 5%

Total %100

Mechanism for technical and financial evaluation:

Only suppliers technically accepted that have a total of 70% and more in the technical
evaluation will be accepted.

- In case the supplier does not get 70% or more in the technical evaluation, will not be
eligible for financial evaluation

15 | P a g e