台灣採購公報網-行動版

TBN CC #: 4686167
公佈日期 : 2023/12/01
採購單位 : 臺灣銀行股份有限公司
採購案號 : 112-15
採購名稱 : 2023 NYDFS Cyber Security Requirements Comply, Audit and Consult
決標廠商 : 請登入會員
廠商代碼 : 94998251
決標金額 : 新台幣請登入會員元整
預算金額 : 新台幣請登入會員元整
底價金額 : 新台幣 2,494,800元整
決標日期 : 請登入會員

原招標公告

公告單位案號：112-15
採購名稱：2023 NYDFS Cyber Security Requirements Comply, Audit and Consult
採購類別：勞務-勞務及派遣
採購單位：臺灣銀行股份有限公司
機關地址：999其他100WallSt.,11FNewYorkNY10005
採購方式：公開招標
連絡人：丁顯龍
連絡人電話：(212)9688128#39
傳真號碼：(212)9688370
本網站公告日期：2023/11/14
截止收件日期：2023/11/20
開標日期：2023/11/21
預算或預估採購金額：新台幣元
Email：902202@mail.bot.com.tw
廠商資格 :
除上述外之其他資格 1.1 The consultant company must have following qualifications and experiences: 1.1.1 Assisted 5 or more financial institutions(FIs) acquired ISO 27001 certificate. 1.1.2 Assisted information security compliance for class A government unit or 3 or more class B unit. 1.1.3 Assisted 3 or more FIs for 23 NYCRR Part 500 compliance. 1.1.4 Assisted 8 or more FIs in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, and SWIFT Customer Security Program. continue
附加說明 :
In addition, at least 3 of the FIs must located in United State. 1.1.5 Conducted 5 or more on site audit for FIs’ oversea branches in recent 2 years. 1.1.6 Assist FIs establish information security organization. 1.1.7 Implemented information security management system, acquired ISO 27001:2013 or other similar certificate. Certificates shall continue to be effective during the project period. 1.2 The project manager must have following qualifications: 1.2.1 At least 5 year experiences in information security management projects. 1.2.2 Acquired one of following certificates: ISO27001 Lead Auditor, Certified Information Systems Auditor(CISA), Certified Information Systems Security Professional(CISSP), or Offensive Security Certified Professional(OSCP). 1.2.3 Performed NYDFS 23 NYCRR 500 compliance review for at least three FIs. 1.3 Team members of the project must have one of following qualifications: 1.3.1 Assisted FIs acquired ISO 27001 certificate and assisted overseas branches of financial institutions in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, SWIFT Customer Security Program. 1.3.2 ISO27001 Lead Auditor, Certified Information Systems Auditor(CISA), Certified Information Systems Security Professional(CISSP), or Offensive Security Certified Professional(OSCP). [Additional Description] Bidder is required to provide due diligence documents specified by the procuring entity. The relevant due diligence documents may include cybersecurity related policies and procedures, company profile, company registration certificate, business contingency plan, and overall disaster recovery plan, etc.
本案附加說明及其他相關重要公告資訊 :
In addition, at least 3 of the FIs must located in United State. 1.1.5 Conducted 5 or more on site audit for FIs’ oversea branches in recent 2 years. 1.1.6 Assist FIs establish information security organization. 1.1.7 Implemented information security management system, acquired ISO 27001:2013 or other similar certificate. Certificates shall continue to be effective during the project period. 1.2 The project manager must have following qualifications: 1.2.1 At least 5 year experiences in information security management projects. 1.2.2 Acquired one of following certificates: ISO27001 Lead Auditor, Certified Information Systems Auditor(CISA), Certified Information Systems Security Professional(CISSP), or Offensive Security Certified Professional(OSCP). 1.2.3 Performed NYDFS 23 NYCRR 500 compliance review for at least three FIs. 1.3 Team members of the project must have one of following qualifications: 1.3.1 Assisted FIs acquired ISO 27001 certificate and assisted overseas branches of financial institutions in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, SWIFT Customer Security Program. 1.3.2 ISO27001 Lead Auditor, Certified Information Systems Auditor(CISA), Certified Information Systems Security Professional(CISSP), or Offensive Security Certified Professional(OSCP). [Additional Description] Bidder is required to provide due diligence documents specified by the procuring entity. The relevant due diligence documents may include cybersecurity related policies and procedures, company profile, company registration certificate, business contingency plan, and overall disaster recovery plan, etc.

provider:UCS.Inc