DOKUMEN SEBUTHARGA
SEBUTHARGA MEMBEKAL, MENGHANTAR, MEMASANG, MENGUJI, MENTAULIAH PEROLEHAN 120 UNIT PERISIAN BERLESEN
ANTIVIRUS UNTUK KEGUNAAN SERVER, KOMPUTER DAN LAPTOP YAYASAN MELAKA BESERTA SOKONGAN UNTUK SISTEM
PENGOPERASIAN WINDOWS DAN LINUX
BAGI
YAYASAN MELAKA
NO. RUJUKAN SEBUTHARGA : 4/2017
YAYASAN MELAKA NO 40-48 & 52, JALAN BKD 27,
TAMAN BUKIT KATIL DAMAI 2, 75450 BUKIT KATIL, MELAKA
(U.P.: BAHAGIAN TEKNOLOGI MAKLUMAT)
PERINGATAN PENTING:
1. PENYEBUTHARGA-PENYEBUTHARGA DIKEHENDAKI MEMBACA DAN MEMAHAMI KESELURUHAN BUTIRAN YANG TERKANDUNG DI DALAM DOKUMEN SEBUTHARGA INI SEBELUM MENYEMPURNAKANNYA.
2. PENYEBUTHARGA YANG MEMBUAT KESILAPAN DAN TIDAK
MEMATUHI MANA-MANA PERUNTUKAN DI DALAM DOKUMEN SEBUTHARGA INI TIDAK AKAN DIPERTIMBANGKAN.
2
CONTENTS
NO.
CONTENTS
PAGES
1.
PART I
GENERAL TERMS AND CONDITIONS OF QUOTATION
3
2.
PART II
SOFTWARE SPECIFICATION
10
3.
PART III
SCHEDULE OF INFORMATION
27
3
PART 1- GENERAL TERMS DAN CONDITIONS OF QUOTATION
NO. CONTENTS PAGE 1. Proposal……………………………………………………………. . …….
4
2. Selection Procedures……………………………………………………….
4
3. Criteria for Selection……………………………………………………….
5
4. Compilation of Quotation…………………………………………………..
5
5. Amendments………………………………………………………………..
7
6. Language Of Quotation Submission………………………………………
7
7. Notification of Acceptance…………………………………………………
7
8. Basis and Conditions of Quotation…………………………………………
7
9. Price and Charges…………………………………………………………..
8
10. Acceptance of Quotation...…………………………………………………
8
11. Delivery and Installation of the Proposed Equipment ………………………………………………………………..
8
4
PART 1 – GENERAL TERMS DAN CONDITIONS OF QUOTATION 1. PROPOSAL
1.1 To propose the following software :-
i) Antivirus EndPoint Security and Control Solution Renewals License - 120 unit
2. SELECTIONS PROCEDURES
2.1 Satisfy Quotation Procedures
Vendor is required to comply strictly with the quotation procedures stated below. Non-compliance with any of the procedures will result in disqualification. a) All Vendors MUST be registered with the Ministry of Finance under
210100 and sub-heading 210107. b) Quotation proposals must be submitted before or at the latest by 12.00
Noon on Thursday, 23th Mac 2017. Late proposal will not be considered. c) Quotation proposals must be submitted in three (3) sets and must be in
accordance to specification listed in paragraph 4.
2.2 Satisfy Specification Requisites
Proposals that comply to the quotation procedures will have to meet all specification requisites as described in Part II. Proposals not complying with specification requisites will be disqualified.
2.3 Testing of Equipment
Yayasan Melaka (YM) reserves the right to conduct testing on all proposals which meet the specification requisites to ensure compliance with specifications stated. The equipment sent must be equivalent to that proposed in the quotation.
2.4 Final Shortlist
The Final short listed quotation will be subjected to further detailed evaluation in both technical excellence and cost effectiveness. Separate technical and cost rankings will then be conducted after which the most effective solution will be recommended for acceptance.
5
3. CRITERIA FOR SELECTION 3.1 Software and Reliability
The software proposed shall be new, durable, high quality, reliable and be able to operate under normal office environment.
3.2 Support
Utmost consideration will be given to hardware support that will be provided by the vendor, the policy of the company, the relationship with their principals, their standing as supplies of the equipment required by the vendor and their after-sales services will be highly placed upon. The vendor is required to supply Yayasan Melaka with a list of all installation having the same proposed equipments in Malaysia for public and private sector.
4. COMPILATION OF QUOTATION
4.1 Content Quotation proposal must be submitted in three (3) sets, with the original clearly marked “ASAL” or “ORIGINAL” and it shall consist of :-
i) FINANCIAL PROPOSAL
a) Lampiran Q. b) Vendor’s Profile (APPENDIX 1).
c) Schedule Of Price (APPENDIX 2).
d) A copy of Letter or Certificate of Registration with the Ministry of
Finance
e) A copy of Letter or Certificate of Registration with the Companies Commission of Malaysia (SSM).
f) A Copy of Bank Statement for the latest 3 months.
6
ii) TECHNICAL PROPOSAL
g) Schedule of Equipment in accordance with the Schedule of Prices
(APPENDIX 2) but without the prices including full details of Type and Model No. and Manufacturer's Name and the accessories to be supplied.(APPENDIX 3).
h) Record of Experience (APPENDIX 4).
i) Technical Information and compliance for Software (APPENDIX
5).
j) Brochure/Full technical information on the equipment proposed.
k) A letter from the manufacturer/distributor of the Antivirus Software Product proposed confirming vendors rights as distributor / authorized dealer/agent.
All quotation documents shall be duly signed or initialed and schedules with all items filled in by the vendor. Non-compliance with any of the above will result in the proposals being disqualified. The vendor is required to answer every question asked. In answering the questions, the vendor must at all time answer accurately and in accordance with the intents and formats of the questionnaires. The answers should be precise with references made to relevant parts of the main proposal.
4.2 Submission
Each quotation proposal must be well sealed duly marked as “SULIT – SEBUTHARGA MEMBEKAL, MENGHANTAR, MEMASANG, MENGUJI, MENTAULIAH PEROLEHAN 120 UNIT PERISIAN BERLESEN ANTIVIRUS UNTUK KEGUNAAN SERVER, KOMPUTER DAN LAPTOP YAYASAN MELAKA BESERTA SOKONGAN UNTUK SISTEM PENGOPERASIAN WINDOWS DAN LINUX at the top left hand corner and addressed clearly to :- PENGURUS BESAR, YAYASAN MELAKA, NO 40-48 & 52, JALAN BKD 27, TAMAN BUKIT KATIL DAMAI 2, 75450 BUKIT KATIL, MELAKA (u.p. : Bahagian Teknologi Maklumat)
7
5. AMENDMENTS 5.1 Yayasan Melaka reserves the right to amend or delete any documents forming
part of this Invitation to vendor, at any time without prior notice in order to give effect to a change in policy or to correct any error, omission, ambiguity or inconsistency that may arise after the issue of this Invitation to quotation.
5.2 In the event of any re-issue of this Invitation to quotation all vendor will be
notified accordingly. 6. LANGUAGE OF QUOTATION SUBMISSION
6.1 All documents submitted by the vendor, including technical manuals should be in
the Bahasa Malaysia or English Language. 7. NOTIFICATION OF ACCEPTANCE
7.1 Notice of Acceptance will be given in writing to the successful vendor once his
quotation is accepted by Yayasan Melaka.
7.2 The notice may include any additional conditions or alterations to the conditions accompanying this document and if so, the quotation cannot be deemed to have been agreed unless and until there is a written confirmation from the vendor accepting the additional condition(s)/alteration(s).
7.3 When agreed upon, a contract is considered to have been made between the
Government and the vendor in accordance with the accompanying conditions (inclusive of the additional and altered conditions) and no other agreement or conditions shall be deem to have been included in this contract.
8. BASIS AND CONDITIONS OF QUOTATION
8.1 The quotation should be based on the specifications and conditions contained in
this document.
8.2 In no case will any claim of expenses incurred by the vendor in the preparation and submission of this quotation be allowed.
8
9. PRICE AND CHARGES
9.1 Prices shall be quoted in Malaysian Ringgit and on the basis on CIF or FOB
where is applicable. 9.2 Prices quoted in the proposal should be valid for a period of not less than 90 days
from the date of the closing of this quotation. 9.3 Prices must be broken down on a per item basis and according to the format
provided under the schedule of price as given in APPENDIX 2. The schedule of price shall be quoted on the basis of Outright Purchase where the Unit Price and Total Price (both inclusive of delivery and installation but excluding customs duties and monthly maintenance).
9.4 Quotation should include separate prices for all optional and alternative features
available for the equipment. 9.5 The brand name and the model number where applicable must be stated in all
cases. 10. ACCEPTANCE OF QUOTATION
10.1 Yayasan Melaka shall not be bound to accept the lowest of any quotation.
Yayasan Melaka reserves the right, regardless of the quotation submitted, to accept bids for the entire schedule, or combination of schedule or for individual items at its own discretion unless the vendor has stipulated specific limitations.
11. DELIVERY AND INSTALLATION OF THE PROPOSED EQUIPMENT
11.1 Delivery Programmed
The delivery programmed is thus as follows:-
Programmed Date Award of LA To Successful Tendered
Return of LA
1 week after issuance of LA
Equipment deliver and install at site
Within 4 weeks after return of LA
9
A critical selection criterion would be the installation time frame. Vendors are required to conform to the above schedule, and to elaborate on the details of delivery and installation in their quotation submission. Yayasan Melaka reserves the right to determine the date of installation.
11.2 Delivery and Installation
The successful vendor shall have the delivers and install the proposed equipments at site as requested by YAYASAN MELAKA within 2 weeks from the date when an official acceptance is given to the successful vendor. YAYASAN MELAKA shall take all reasonable measure that site preparation and provision for electricity supply be effected before the physical installation of the proposed equipment.
10
PART II – SOFWARE SPECIFICATION
NO. CONTENTS PAGE
1. Software Specification :
Software Specification For Antivirus EndPoint Security and Control Solution
11
11
PART II - SOFTWARE SPECIFICATIONS
A. ENDPOINT SECURITY AND CONTROL SOLUTION (Sophos Enterprise Console)
No. Question/Description Requirements Remarks 1.0 Enterprise Management Console with the
following functionalities:
1.1. Shall be able to do centralized signature update to all anti-virus programs on the desktops.
1.2. The console server must be supported on Windows 2008, 2012 & Centos Linux server.
1.3. Must provide anti-rootkit detection and cleanup centrally from Console.
1.4. Console should be able to provide the following protection management from a single console:
- Antivirus management - Anti-Spyware
management - Personal Firewall
management - HIPS management - Buffer Overflow
protection management - Application Control
management - Data Leakage
Protection (DLP) - Temper Protection
Management - Web Security
Protection - Patch Assessment
1.5. The management console must support the following client deployment mechanisms:
- Active Directory discovery
- IP subnet range
12
No. Question/Description Requirements Remarks - Windows domain - Automatic Active
Directory Synchronization
- Automatic protection mechanism
1.6. Shall be able to manage the following platforms from a single console
- Windows - MAC OS - Linux - Solaris - HP-UX - AIX
1.7. Must be able to perform central updating for multi-platform.
1.8. The Central management console should provide a central dashboard with the summarized information
1.9. Must be able to perform targeted remote malware and PUAs cleanup.
1.10. Able to set thresholds and automatic email alert from management console.
1.11. Able to set warning and critical threshold on malware alerts and send via email to inform administrator without the need to constantly log on to the console.
1.12. Should have the ability to further investigate incidents that occurs on the endpoints, such as able to view events what devices have been plugged into the endpoints, what applications have been triggered by the users on that endpoints. The search criteria must be able
13
No. Question/Description Requirements Remarks to be filtered by user or computer name.
1.13. Should be able to generate scheduled and ad hoc reports.
1.14. Should be able to save reports in the below formats:
PDF HTML DOC XLS RTF CSV XML
1.15. Must be able to support multiple roles for management of the console. Roles should include, but not limited to :
Administrator Guest Helpdesk System Administrator
1.16. Must be able to define custom roles for management of the console
1.17. NO additional plug in for DLP and device control required.
1.18. Be able to manage multi- platform in a single management console
1.19. Be able to communicate with gateway for exchange data – Synchronized security
2.0 Antivirus & HIPS
2.1. Shall be able to do centralized signature update to all anti-virus programs on the desktops :
2.2. Support the following client platforms:
- Windows 95/98/Me
14
No. Question/Description Requirements Remarks - Windows
2000/XP/Vista/2003/2008 (32 bits and 64 bits)
- Windows 2008 Core (32 bits and 64 bits)
- Windows 7 - MAC OS X
(Intel/PowerPC) - Netware 4.x/5.x - AIX - FreeBSD - Linux (Intel/AMD x64) - HPUX (HP-PA) - HPUX (Itanium) - Solaris (Intel /Sparc) - Windows Mobile 5/6
2.3. The solution must provide a
way of scanning for and detecting script based attacks in an internet browser
2.4. Able to detect polymorphic virus
2.5. Able to detect and clean encrypted viruses.
2.6. Able to check against a set of patterns or known sequence of code for known viruses using Genotype Technology
2.7. The Endpoint must support bandwidth throttling
2.8. The EndPoint must be able to run kernel memory scan
2.9. End Point must be integrated with Live Protection where live DNS (SXL) lookups are done to obtain the latest threat information from the vendor’s
lab without waiting for the product to be updated.
2.10. End Points must be integrated with Live URL Protection
15
No. Question/Description Requirements Remarks where it prevents real-time access to URLs that have been identified as hosting malware based upon an URL database hosted by Vendor’s Labs. This
database should contain more than 11 million malicious URLS. Regardless of where the user is – in the office, at home or using an unprotected Wi-Fi network – they should be protected against the growing number of web-based threats.
2.11. The Solution platform must support different rules and policies
2.12. Shall be able to detect/remove Potential Unwanted Applications from the Console.
2.13. Should have the ability for the AV engine to detect suspicious process and quarantine/delete the process before the execution.
2.14. Must have high-performance on-access scanning technology to improve system performance.
2.15. Must not rely too heavily on signature files.
2.16. Must offer protection against polymorphic and other dynamic types of malware?
2.17. Must have the ability to block malicious script execution?
2.18. Must include Host IPS capability
2.19. IDEs files must be small, at least from 3k-5kB size.
16
No. Question/Description Requirements Remarks 2.20. Must be able to set different
update intervals for Threat Data Updates and Software updates
2.21. Automatic remote updates of virus definition files and engines without restarting servers or desktops
2.22. Must have Intelligent Mobile Updating or “location
roaming”, where a roaming
computer such as a laptop are able to update from a nearby update source rather than the source back in its “home”
location.
2.23. Must be able to configure scheduled scans to run with low priority, so that the end users are unaware that a scheduled scan is taking place and should be able to continue using their computer as normal.
2.24. Ability to select clean-up actions for malware :
Automatically cleanup malware
Deny access (quarantine)
Delete
2.25. Ability to assign different AV & HIPS policy by groups
2.26. Must Support Malicious Traffic Detection to prevent advantage persistent threat
3.0 Application Control
3.1. EndPoint must have Application Control to monitor and prevent installation/execution of unauthorized software.
17
No. Question/Description Requirements Remarks 3.2. Application control must have
pre-defined list compiled from vendor’s lab. This list should be provided as an update to the Console. This list also defined in category where selection of each application is manageable. Such as: Category: Instant Messeging:
- MSN Messenger - Yahoo Messenger
File Sharing - Bit-torrent
3.3. Must be able to select application by category or individual applications
3.4. Must have and option autoselect future applications added by the vendor if the category is selected.
3.5. Must be able to set control applications and set policies by groups
3.6. Shall be able to provide free application discovery tool to allow scanning of applications in the network before activating the Control Application feature.
3.7. Shall be able to control P2P file sharing application, MSN Messenger and Yahoo Messenger to selective groups of users.
3.8. Must have the ability to create custom desktop message when policy is triggered
3.9. Must be able to hide desktop messaging when policy is triggered
18
No. Question/Description Requirements Remarks 3.10. Must be able to run Application
Control in Monitor mode and track applications used by user hosts.
4.0 Device Control
4.1. Device Control must be able to: Detect and block
unauthorized use of removable storage devices, optical media drives and wireless networking protocols (WiFi, Bluetooth and Infrared)
Allow administrators to set a block or allow policy for different groups of computers
Report instantly on device activity in the management console
4.2. Able to integrate Device Control capability and provide pre-define hardware list from vendor. Must be manage from a single console.
4.3. Device Control must be able to support “Disable Bridging”
functionality when connected in corporate LAN, where wireless connection can be disabled.
4.4. Must have ability view device control events on the Console
4.5. Must have ability to exempt devices directly from Device Control Event logs from the console
4.6. Ability to exempt device by: · Device ID · Device Make/Model with the option of allowing “Full
19
No. Question/Description Requirements Remarks Access” or “Read Only”
4.7. Must be able to monitor use of removable storage, floppy, optical drives, wireless, modem, Bluetooth and infrared devices.
4.8. Must have the ability to create custom desktop message when policy is triggered
4.9. Must be able to hide desktop messaging when policy is triggered
4.10. No additional plug-in required
5.0 Data Control
5.1. The End Point must come with Integrated with data control where it enables you to monitor for the transfer of sensitive data, such as Personally Identifiable Information (PII) or company confidential documents. Data control should reduce the risk of this data being accidentally saved to removable storage device or sent out of the organization.
5.2. Data Control must be able to stop users from transmitting sensitive documents from the following medium: Removable storage Optical and disk drives
(CD/DVD/Floppy) Internet enabled
applications (web browser, email client, instant messenger client)
5.3. Must be able to set a File Matching rule to various source like Email Clients, Internet browser and Storage Devices.
5.4. Must have predefined File-Type Groups provided by the vendor.
20
No. Question/Description Requirements Remarks 5.5. Must be able to detect File
Matching rules based on : True File Type File name
5.6. Must be able to set a Content Matching Rule to various source like Email Clients, Internet browser and Storage Devices.
5.7. Must have pre-defined Content Control List (CCL) from vendor containing rules to detect Personally Identifiable Information (PII) which is constantly updated by the vendor.
5.8. Must be able to define custom Content Matching rule with support for strings detection and regular expression rules for more complex detection.
5.9. Must be able to detect content matching rules up to the meta-data level of a file.
5.10. Must have the ability to enforce content matching data control rules based on:
Predefined content rules from principle (e.g. credit card numbers, social security numbers, postal addresses, or email addresses)
Custom Content Rule
5.11. Ability to choose data control rule action · Allow file Transfer and Log event · Allow file transfer on acceptance by user and log event · Block transfer and log
21
No. Question/Description Requirements Remarks event
5.12. Ability view data control events on the SEC with audit information as below but not limited to :
Date & Time Username Hostname RuleName Action Destination
5.13. Must have the ability to create custom desktop message when policy is triggered
5.14. Must be able to hide desktop messaging when policy is triggered
6.0 Client Firewall
6.1. Must integrate Client Firewall component and able to manage the policy centrally from a single console.
6.2. Client Firewall must come with Location Awareness
6.3. Location Awareness must allow the user to set different firewall policies for each location
6.4. Must be able to detect Location by DNS or gateway MAC Address
6.5. Must be able to add in application checksum into the firewall by simply selecting the required files.
6.6. Must have client firewall log management capability
22
No. Question/Description Requirements Remarks 6.7. Client firewall must come with
a wizard for rules creation and advanced option for custom rules creation.
6.8. Must be able to export client firewall rules from endpoints or console.
6.9. Must be able to import Client firewall rules with an option to merge rules being imported to existing rule.
6.10. Client Firewall must be able to operate in :
Interactive Mode Allow by Default
/Monitor Mode Block by Default Mode
6.11. Client Firewall must be able to set LAN segments for clients to have access to.
6.12. Client Firewall must be able to separately control NetBIOS and ICMP
6.13. Client Firewall must be able to set custom Application and Network rules
6.14. Client Firewall must be able to report unknown applications and network traffic to the console.
6.15. Must be able to view firewall events from the console
6.16. Must be able to create firewall rules from the Firewall Event viewer on the Console.
7.0 Web Security & Filtering
7.1. Web security must integrated into your antivirus
23
No. Question/Description Requirements Remarks 7.2. Advanced web malware
detection catches the latest threats
7.3. Must have Live URL filtering for instant protection from the latest malicious sites
7.4. Must have Tamper-proof network layer scanning blocks threats before they get to the browser
7.5. Cross-browser support for IE, Firefox, Safari, Chrome, and Opera
7.6. Must Provide essential compliance by controlling categories like adult, gambling, violence, and more
7.7. Must Protect your users from inappropriate content while keeping your organization safe from irresponsible activity
7.8. Must Able to Set categories to Allow or Block or use the Warn option to empower users to make a choice before surfing questionable content
7.9. Able Gain insights into users that attempt to visit blocked sites and see who’s bypassing
warnings and take action before their surfing habits become a problem
8.0 Patch Assessment
8.1. Shall be easy & simple scan finds unpatched computers vulnerable to threats
8.2. Scans for Windows and other common application patches
24
No. Question/Description Requirements Remarks 8.3. Able to prioritize patches based
on threats and likelihood of exploit
8.4. Must able to make it easy to see computers missing critical patches, and to sort by patch vendor, threat, priority and more
9.0 Miscellaneous
9.1. EndPoints must support the following client platforms:
- Windows 95/98/Me - Windows
2000/XP/Vista/2003/2008 (32 bits and 64 bits)
- Windows 2008 Core (32 bits and 64 bits)
- Windows 7 - MAC OS X
(Intel/PowerPC) - Netware 4.x/5.x - AIX - FreeBSD - Linux (Intel/AMD x64) - HPUX (HP-PA) - HPUX (Itanium) - Solaris (Intel /Sparc) - Windows Mobile 5/6
9.2. The console server must be supported on - Windows 2008 server - Windows 2003 server - Windows XP - Windows Vista
9.3. Must have a central lab that can perform all threats analysis (email/web/endpoint) from a single location.
9.4. The solution must be scalable to network of more than 10K+ clients and servers. Please give details regarding scalability.
25
No. Question/Description Requirements Remarks 9.5. Shall be able to provide free
application discovery tool to allow scanning of applications in the network before activating the Control Application feature.
9.6. Single Agent for all functions (Antivirus, Anti Spy ware, Personal Firewall, Host Intrusion Prevention, Database Application Control, Device Control, Data Loss Prevention & Temper Protection )
9.7. End Point solution must be able to remove existing Anti-virus client before installing EndPoint solution automatically during central push.
9.8. Must have tamper Protection capabilities to avoid un-installation and modification of EndPoints.
9.9. Tamper protection must protect: AV and HIPS module Client Firewall Device Control Data Control
9.10. Should have the ability to further investigate incidents that occurs on the endpoints, such as able to view events what devices have been plugged into the endpoints, what applications have been triggered by the users on that endpoints. The search criteria must be able to be filtered by user or computer name.
9.11. Includes 24x7x365 support for the duration of the license and Sophos can be contacted for one-to-one assistance at any time
26
No. Question/Description Requirements Remarks 9.12. Allow prioritize patches for
vulnerabilities for patch assessment
9.13. Be able to manage multi-platform(client) in a single management console.
9.14. Using fast scanning engine and decision caching technology which transparent to user.
9.15. Compromised endpoints can be isolated by the firewall automatically while endpoint terminated and remove malicious software.
9.16. Small Definition update makes no impact on the system, 300kb
9.17. Centralized policy provides user centric policies for client machine
9.18. Compromised systems are clearly identified with computer name, user and path.
9.19. Endpoint and ngfw work together sharing information to immediately identify suspicious traffic and advance threat
9.20. Simple dashboard present complete information such as no.of protected machine and any errors, and admin be able to click and view the specific machine involved.
27
PART III – SCHEDULE OF INFORMATION
NO.
CONTENTS
PAGES
1.
General
28
2.
Appendix
29
28
PART III - SCHEDULE OF INFORMATION 1. GENERAL 1.1 Tenderers are required to provided the following :
Quotation proposal must be submitted in three (3) sets, with the original clearly marked “ASAL” or “ORIGINAL” and it shall consist of :-
i) FINANCIAL PROPOSAL
a) Lampiran Q.
b) Vendor’s Profile (APPENDIX 1).
c) Schedule Of Price (APPENDIX 2).
d) A copy of Letter or Certificate of Registration with the Ministry of Finance.
e) A Copy of Bank Statement for the latest 3 months
ii) TECHNICAL PROPOSAL
a) Schedule of Equipment in accordance with the Schedule of Prices (APPENDIX 2) but without the prices including full details of Type and Model No. and Manufacturer's Name and the accessories to be supplied.(APPENDIX 3).
b) Record of Experience (APPENDIX 4).
c) Technical Information and compliance for software (APPENDIX 5).
1.2 In answering questions listed in Appendix as mentioned above herein, tenderers must
always answer accurately and in accordance with the intents and format of the questionnaire rather than in a format to suit their own conveniences and tastes. The answers should be precise and with references, where necessary, to relevant parts of submission on details.
29
2. APPENDIX APPENDIX CONTENTS
2.1 …………………………………………………… Lampiran Q
2.2 Appendix 1……………………………………… Vendor’s Profile
2.3 Appendix 2………………………………………. Schedule of Prices For Hardware & Software
2.4 Appendix 3………………………………………….Schedule of Equipment
2.5 Appendix 4 ………………………………………….Record of Experience 2.6 Appendix 5 ………………………………………….Technical Information and
Compliance For Hardware & Software
2.7 Appendix 6 ………………………………………….Location for Installation Hardware & Software
LAMPIRAN Q
Bil
Perihal barang-barang/perkhidmatan dan Syarat-syarat Khas
Unit Ukuran
Kuantiti/ Kekerapan
Kadar (RM)
Harga (RM)
Untuk diisi oleh Jabatan
Untuk diisi oleh Penyebutharga
SEPERTI DI LAMPIRAN
Tarikh Penyerahan/Penyempurnaan :
--------------------------
Ditawarkan seperti di LAMPIRAN A dan sertakan Surat Akuan Pembida seperti di LAMPIRAN B
* Sila sertakan sesalinan Sijil Pendaftaran dengan Kementerian Kewangan
Jumlah
(i) Harga yang ditawarkan adalah harga bersih ; dan
(ii) Tarikh penyerahan /penyempurnaan ialah seperti di LAMPIRAN A dan sertakan Surat Akuan Pembida seperti di LAMPIRAN B
Saya/Kami dengan ini menawarkan untuk membekalkan barang-barang/perkhidmatan di atas dengan harga dan syarat-syarat yang ditunjukkan di atas dengan tertakluk kepada syarat-syarat di atas dan di belakang ini.
Tandatangan
Penyebutharga …….……………………...........
Nama dan K/P…….…………………................
Alamat Syarikat ……………………….……….
………...………………………
………...………………………
Tarikh ……………………………….
Mustahak – Lihat Syarat-syarat Am Di Belakang
SYARAT-SYARAT AM
Tertakluk kepada apa-apa syarat khas yang ditetapkan di tempat lain dalam pelawaan ini, syarat-syarat am yang berikut hendaklah dipakai, melainkan setakat mana syarat-syarat am itu ditolak atau diubah dengan khususnya oleh penyebut harga.
1. KEADAAN BARANG
Semua barang hendaklah tulen, baru dan belum digunakan.
2. HARGA
Harga yang ditawarkan hendaklah harga bersih termasuk semua diskaun dan kos tambahan yang berkaitan.
3. SEBUTHARGA SEBAHAGIAN
Sebutharga boleh ditawarkan bagi barang-barang setara yang sesuai dengan syarat butir-butir penuh diberi.
4. BARANG-BARANG SETARA
Sebutharga boleh ditawarkan bagi barang-barang setara yang sesuai dengan syarat butir-butir penuh diberi.
5. PENYETUJUAN
(i) Yayasan Melaka tidak terikat untuk menyetuju terima sebutharga yang terendah atau mana-mana sebutharga.
(ii) Tiap-tiap satu butiran akan ditimbangkan sebagai suatu sebutharga yang berasingan.
6. PEMERIKSAAN
(i) Yayasan Melaka adalah sentiasa berhak menghendaki barang-barang itu diperiksa atau diuji oleh seseorang pegawai yang dilantik olehnya dalam masa pembuatan atau pada bila-bila masa lain sebelum penyerahan.
(ii) Penyebutharga hendaklah memberi kemudahan pemeriksaan atau pengujian apabila dikehendaki.
7. PERAKUAN MENYATAKAN PENENTUAN TELAH DIPATUHI
Barang-barang Penyebutharga dikehendaki memperakui bahawa ―――――― yang perkhidmatan dibekalkan oleh mereka adalah mengikut penentuan atau piawai (jika ada) yang dinyatakan di dalam pelawaan ini.
8. PENOLAKAN
(i) Barang-barang yang rendah mutunya atau yang berlainan daripada barang-barang yang telah dipersetujui sebutharganya boleh ditolak.
(ii) Apabila diminta penyebutharga hendaklah menyebabkan barang-barang yang ditolak itu dipindahkan atas tanggungan dan perbelanjaannya sendiri, dan ia hendaklah membayar balik kepada Yayasan Melaka segala perbelanjaan yang telah dilakukan mengenai barang-barang yang ditolak itu.
(iii) Fasa-kecil (i) dan (ii) di atas ini tidaklah memudaratkan apa-apa hak Yayasan
Melaka untuk mendapatkan gantirugi kerana kemungkinan kontrak.
9. PENGIKLANAN
Tiada apa-apa iklan mengenai persetujuan terhadap mana-mana sebutharga boleh disiarkan dalam mana-mana akhbar, majalah, atau lain-lain saluran iklan tanpa kelulusan Ketua Setiausaha Perbendaharaan atau Akauntan Jabatan terlebih dahulu.
10. TAFSIRAN
Sebutharga ini dan apa-apa kontrak yang timbul daripadanya hendaklah diertikan mengikut dan dikawal oleh undang-undang Malaysia, dan penyebutharga bersetuju tertakluk hanya kepada bidangkuasa Mahkamah Malaysia sahaja dalam apa-apa pertikaian atau perselisihan jua pun yang mungkin timbul mengenai sebutharga ini atau apa-apa kontrak yang timbul daripadanya.
11. INSURAN
Tiada apa-apa insurans atas barang-barang dalam perjalanan daripada negeri pembekal atau dalam Malaysia dikehendaki dimasukkan ke dalam sebutharga.
BARANG-BARANG EK-STOK ATAU KELUARAN MALAYSIA
12. CUKAI
Harga yang ditawarkan adalah diertikan sebagai termasuk cukai jika berkenaan.
13. PEMBUNGKUSAN
(i) Harga yang ditawarkan adalah diertikan sebagai termasuk belanja bungkusan dan belanja pembungkusan.
(ii) Apa-apa kerugian atau kerosakan akibat bungkusan atau pembungkusan yang tidak mencukupi atau yang cacat, hendaklah diganti oleh penjual.
14. PENGENALAN
Nama pembuat, jenama, nombor perniagaan atau nombor katalog dan negeri tempat asal barang-barang itu, jika berkenaan, hendaklah ditunjukkan.
BARANG-BARANG DIPESAN DARI LUAR MALAYSIA
15. CUKAI
Harga tawaran hendaklah diertikan sebagai termasuk semua cukai, unsur-unsur cukai adalah dikehendaki ditunjukkan berasingan
16. MATAWANG
Sebutharga hendaklah dinyatakan dalam Ringgit Malaysia (RM)
17. PEMBUNGKUSAN
(i) Barang-barang hendaklah dibungkus dengan sesuai untuk dieksport ke Malaysia melainkan jika mengikut norma perdagangan barang-barang itu dieksport dengan tidak dibungkus.
(ii) Harga yang ditawarkan adalah diertikan sebagai termasuk belanja bungkusan dan belanja pembungkusan.
(iii) Apa-apa kerugian atau kerosakan akibat bungkusan atau pembungkusan yang tidak mencukupi atau cacat hendaklah diganti oleh penyebutharga.
LAMPIRAN A
1. Program Penghantaran 1.1 Penghantaran dan pemasangan untuk semua Peralatan / Aplikasi Perisian mesti dibuat selepas pemulangan Surat Setuju Terima (Letter of Acceptence (L.O.A.)). 1.2 Program penghantaran adalah seperti berikut :
Program
Jangkamasa
Penganugerahan dan penyerahan L.O.A. kepada Penyebutharga.
Pengembalian L.O.A. 1 minggu selepas penerimaan L.O.A.
Penghantaran dan pemasangan Peralatan / Aplikasi Perisian di lokasi yang ditetapkan.
Dalam jangkamasa 4 minggu selepas pengembalian L.O.A.
1.3 Kriteria pemilihan yang utama adalah bergantung kepada jangkamasa pemasangan. Penyebutharga adalah digalakkan untuk menetapkan penjadualan dan pengskedulan secara terperinci bagi penghantaran dan pemasangan dan menyertakannya di dalam sebutharga tersebut. 2. Penerimaan Peralatan / Aplikasi Perisian adalah seperti berikut : 2.1 Penerimaan Sementara Peralatan / Aplikasi Perisian
2.1.1 Penyebutharga mesti membenarkan Yayasan Melaka menggunakan Peralatan / Aplikasi
Perisian sebagai percubaan dalam jangkamasa empat (4) minggu selepas tarikh Peralatan / Aplikasi Perisian dihantar dan dipasang. Jika semasa tempoh percubaan ini Peralatan / Aplikasi Perisian berfungsi seperti spesifikasi yang ditetapkan dan down time sistem tidak melebihi lima (5) peratus, maka Peralatan / Aplikasi Perisian ini akan diterima secara SEMENTARA.
2.1.2 Sekiranya Peralatan / Aplikasi Perisian gagal memenuhi ‘standard of performance’ dalam
jangkamasa empat (4) minggu selepas tarikh Peralatan / Aplikasi Perisian dihantar dan dipasang, Yayasan Melaka berhak meminta Peralatan / Aplikasi Perisian gantian atau menamatkan pesanan. Dalam keadaan dimana Peralatan / Aplikasi Perisian harus dikembalikan kepada Yayasan Melaka, Penyebutharga harus menanggung segala kos terbabit.
2.1.3 Yayasan Melaka berhak untuk memanjangkan tempoh percubaan/ujian jika terdapat
kerosakan utama pada Peralatan / Aplikasi Perisian yang berpunca dari hasil kerja yang detektif, rekabentuk atau bahan didapati tidak berfungsi dengan baik. (inherent weakness).
2.1.3 Tarikh PENERIMAAN SEMENTARA akan diberitahu kepada Penyebutharga secara
bertulis (selepas ini dikenali sebagai Tarikh Penerimaan Muktamad Peralatan) dengan mengeluarkan SIJIL PENERIMAAN SEMENTARA.
2.2 Penerimaan Muktamad Peralatan / Aplikasi Perisian
2.2.1 Penyebutharga mesti membenarkan Yayasan Melaka menggunakan Peralatan / Aplikasi
Perisian sebagai percubaan dalam jangkamasa empat (4) minggu selepas tarikh penerimaan sementara. Jika semasa tempoh percubaan ini Peralatan / Aplikasi Perisian berfungsi seperti spesifikasi yang ditetapkan dan down time sistem tidak melebihi lima (5) peratus, maka Aplikasi Perisian ini akan diterima secara MUKTAMAD.
2.2.2 Sekiranya Peralatan / Aplikasi Perisian gagal memenuhi ‘standard of performance’ dalam jangkamasa empat (4) minggu selepas tarikh penerimaan sementara, Yayasan Melaka berhak meminta Peralatan / Aplikasi Perisian gantian atau menamatkan pesanan. Dalam keadaan dimana Peralatan / Aplikasi Perisian harus dikembalikan kepada Yayasan Melaka, Penyebutharga harus menanggung segala kos terbabit.
2.2.3 Yayasan Melaka berhak untuk memanjangkan tempoh percubaan/ujian jika terdapat
kerosakan utama pada Peralatan / Aplikasi Perisian yang berpunca dari hasil kerja yang detektif, rekabentuk atau bahan didapati tidak berfungsi dengan baik. (inherent weakness).
2.2.4 Tarikh PENERIMAAN MUKTAMAD akan diberitahu kepada Penyebutharga secara
bertulis (selepas ini dikenali sebagai Tarikh Penerimaan Muktamad Peralatan) dengan mengeluarkan SURAT PENERIMAAN MUKTAMAD.
3. Jadual bayaran : 3.1 Semua harga sebutharga mestilah dalam Ringgit Malaysia dan berdasarkan kepada format
yang disediakan. Tawaran Harga yang dikemukakan mestilah dinyatakan dalam angka yang tepat bagi unit harga dan jumlah harga (termasuk MEMBEKAL, MENGHANTAR, MEMASANG, MENGUJI, MENTAULIAH PEROLEHAN 120 UNIT PERISIAN BERLESEN ANTIVIRUS UNTUK KEGUNAAN SERVER, KOMPUTER DAN LAPTOP YAYASAN MELAKA BESERTA SOKONGAN UNTUK SISTEM PENGOPERASIAN WINDOWS DAN LINUX) dan kerja-kerja yang berkaitan.
3.2 Pembayaran penuh akan dilakukan setelah perkhidmatan dilaksanakan sepenuhnya dengan lengkap dan sempurna serta disahkan oleh Yayasan Melaka.
LAMPIRAN B
SURAT AKUAN PEMBIDA Sebutharga: 4/2017
SEBUTHARGA MEMBEKAL, MENGHANTAR, MEMASANG, MENGUJI, MENTAULIAH
PEROLEHAN 120 UNIT PERISIAN BERLESEN ANTIVIRUS UNTUK KEGUNAAN SERVER, KOMPUTER DAN LAPTOP YAYASAN MELAKA BESERTA SOKONGAN UNTUK SISTEM
PENGOPERASIAN WINDOWS DAN LINUX Saya,………..………...………...................... nombor K.P ….……………................... .. yang mewakili ………………………….................... nombor Pendaftaran …………………................................ dengan ini mengisytiharkan bahawa saya atau mana-mana individu yang mewakili syarikat ini tidak akan menawar atau memberi rasuah kepada mana-mana individu dalam ……….……...................................... atau mana-mana individu lain, sebagai sogokan untuk dipilih dalam Quotation/sebut harga* seperti di atas. Bersama ini dilampirkan Surat Perwakilan Kuasa bagi saya mewakili syarikat seperti tercatat di atas untuk membuat pengisytiharan ini. 2. Sekiranya saya, atau mana-mana individu yang mewakili syarikat ini didapati cuba menawar atau memberi rasuah kepada mana-mana individu dalam Yayasan Melaka atau mana-mana individu lain sebagai sogokan untuk dipilih dalam Quotation /sebut harga* seperti di atas, maka saya sebagai wakil syarikat bersetuju tindakan-tindakan berikut diambil: 2.1 Penarikan balik tawaran kontrak bagi Quotation/sebut harga* di atas; atau 2.2 Penamatan kontrak bagi Quotation/sebut harga* di atas; dan 2.3 Lain-lain tindakan tatatertib mengikut peraturan perolehan Yayasan Melaka yang berkuat-kuasa 3. Sekiranya terdapat mana-mana individu cuba meminta rasuah daripada saya atau mana- mana individu yang berkaitan dengan syarikat ini sebagai sogokan untuk dipilih dalam Quotation/sebutharga* seperti di atas, maka saya berjanji akan dengan segera melaporkan perbuatan tersebut kepada pejabat Suruhanjaya Pencegahan Rasuah Malaysia (SPRM) atau balai polis yang berhampiran. Yang Benar, ……….................………….. (Nama dan No. KP) Cop Syarikat : Catatan: i) *Potong mana yang tidak berkenaan. ii) Surat akuan ini hendaklah dikemukakan bersama Surat Perwakilan Kuasa
APPENDIX 1 :
Vendor's Profile
APPENDIX 1
KETERANGAN MENGENAI VENDOR
1. NAMA SYARIKAT : 2. ALAMAT SYARIKAT :
i. Ibu Pejabat :
ii. Cawangan :
3. NO. TELEFON :
i. Ibu Pejabat : _______________________
ii. Telefon Bimbit : _______________________
iii. Fax : _______________________
iv. Cawangan : _______________________ 4. TARIKH SYARIKAT DITUBUHKAN : 5. JENIS SYARIKAT : 6. JENIS PERNIAGAAN : 7. NAMA PENGERUSI : 8. KOMPOSISI MODAL (BUMIPUTERA / BUKAN BUMIPUTERA)
(Sila sertakan sijil pengiktirafan yang dikeluarkan oleh Kementerian Kewangan Malaysia)
9. MODAL PENYEBUTHARGA: (Isi mana yang berkenaan sahaja)
9.1. Perseorangan/Perkongsian : RM __________________
9.2. Sendirian Berhad (Sdn. Bhd.) / Berhad (Bhd) :
9.2.1. Modal Dibenar : RM _____________________ 9.2.2. Modal Dibayar : RM _____________________
10. BUTIR-BUTIR PEMILIKAN (OWNERSHIP)
10.1. Perseorangan :
Nama Pemilik: No. K/P :
10.2. Perkongsian :
Nama Pekongsi No. K/Pengenalan % Kongsian
10.3. Sendirian Berhad/Berhad :
Nama Pemegang
Saham No. K/Pengenalan % Bahagian
(Sila guna kertas berasingan jika tidak mencukupi)
11. AHLI LEMBAGA PENGARAH : a. b. c. d. e. f. g. h. i. j.
12. NAMA DAN KEWARGANEGARAAN AHLI LEMBAGA PENGARAH a. b. c. d. e. f. g. h. i. j. 13. STATUS SYARIKAT : a. 100% Kepunyaan Syarikat Tempatan b. Perkongsian Antara Syarikat Tempatan / Luar Negeri c. Syarikat Luar Negeri d. Lain-lain (nyatakan)
14. PENDAFTARAN SYARIKAT DENGAN KEMENTERIAN KEWANGAN a. No. Pendaftaran : b. Tarikh ditubuhkan :
c. Tempoh Pendaftaran Mulai : ______________
(Wajib menyertakan salinan sijil ) Hingga :_______________
15. PENDAFTARAN PERBENDAHARAAN a. No. Pendaftaran : b. Tarikh mula Pendaftaran : c. Tarikh Tamat Pendaftaran : d. Bidang Pendaftaran : 16. PENYATA KEWANGAN BAGI 3 BULAN TERAKHIR (Berdasarkan kepada bulan tarikh Sebutharga dikeluarkan)
a. Nama Bank : b. No. Akaun Bank : c. Berbayar :
d. Baki Akaun Bank Tertinggi : e. Baki Akaun Bank Terendah :
Penyata Bank mulai : hingga
f. Nilai Aset Semasa : g. Nilai Liabiliti Semasa :
** PENYEBUTHARGA WAJIB menyertakan PENYATA KEWANGAN. Kegagalan menyertakan borang berkenaan akan menyebabkan Sebutharga tidak akan dipertimbangkan.
17. PERATUSAN KAKITANGAN a. Bumiputera : b. Bukan Bumiputera : c. Pelabur Asing : 18. BILANGAN KAKITANGAN BUMIPUTERA BUKAN LAIN-LAIN BUMIPUTERA a. Pentadbiran/ Pengurusan : b. Teknikal / Professional : c. Lain-lain (nyatakan) : 19. STATUS YANG DIBENARKAN OLEH PEMBUAT / PEMBEKAL BAGI
SETIAP PERALATAN PERALATAN STATUS a. b. c. d. e. f. g. h. i. j. 20. BUATAN DALAM MALAYSIA : (A) Sebutkan sama ada barang-barang yang hendak dibekalkan itu dibuat
dalam Malaysia atau di luar Malaysia (B) Jika barang dibuat dalam Malaysia, sebutkan peratus nilai bahagian
barang yang dibuat di Malaysia 21. SILA NYATAKAN SAMA ADA PENGELUAR UTAMA ATAU AGEN :
22. KONTRAK DENGAN KERAJAAN PADA MASA LALU :
Jika Vendor pernah mengikat kontrak dengan mana-mana Jabatan Kerajaan atau Badan-badan berkanun beritahu sama ada firma tuan mengalami pergantungan dan penamatan kontrak dalam perjalanan kontrak dengan Kerajaan oleh kerana pelanggaran syarat-syarat kontrak.
23. LAIN-LAIN MAKLUMAT BAGI MENYOKONG CADANGAN INI : 24. TAWARAN HARGA SEBUTHARGA SECARA KESELURUHAN : Saya perakui bahawa segala keterangan di atas adalah benar. Tandatangan Vendor : ………………………… Tarikh : Nama : Jawatan Rasmi dalam Syarikat : Tandatangan Saksi : Nama : Jawatan :
APPENDIX 2 :
Schedule of Prices For
Hardware & Software
APPENDIX 2
SCHEDULE OF PRICES FOR HARDWARE & SOFTWARE
(include all emulation, communication and networking equipment required)
Hardware Items Country Origin
Model Number
Quantity Unit Price inclusive of Delivery and Installation
(RM)
Other* Charges ( RM )
Total Price (RM)
Maintenance Cost
Per Annum (RM)
Remarks (Port of Loading)
Antivirus EndPoint Security and Control Solution Renewals License (120 users)
1
OTHER CHARGES (Please Specify)
Total
* Include Government Duties * Warranty period shall be 1 year for support and services Tandatangan : ……………………………… Nama dan Jawatan : …………............................……...................................................… Nama Syarikat : …............................................…………………………......................................................................................................... Tarikh : …………………………... Cop Syarikat : ………………………………….
APPENDIX 3 :
Schedule of Equipment
APPENDIX 3
SCHEDULE OF EQUIPMENT
(include all emulation, communication and networking equipment required)
Hardware Item
Country Origin
Model Number
Quantity
Antivirus EndPoint Security and Control Solution Renewals License (120 users)
1
* Include Government Duties * Warranty period shall be 1 year for support and services Tandatangan : ……………………………… Nama Syarikat : …………………………… Nama dan Jawatan : ……………………………… Tarikh : …………………………...
APPENDIX 4 :
Record of Experience
APPENDIX 4
MULA TAMAT
Tandatangan …………………………..……………………. Nama Syarikat ……………………………………
Nama dan Jawatan …………………………..…………………….. Tarikh …………………………………………………
PEGAWAI YANGBOLEH DIHUBUNGI
CATATAN (JENIS PERKHIDMATANYANG DIBERI)
REKOD PENGALAMAN ( BAGI TEMPOH 5 TAHUN TERDAHULU )
NILAIKONTRAK (RM)
TARIKH PERATUSANKERJA SIAP
PROJEK DANPELANGGAN
APPENDIX 5 :
Technical Information and
Compliance For Hardware
and Software
APPENDIX 5
TECHNICAL INFORMATION AND COMPLIANCE FOR HARDWARE AND SOFTWARE
A. ENDPOINT SECURITY AND CONTROL SOLUTION (Sophos Enterprise Console)
No. Question/Description Requirements Compliance Remarks 1.0 Enterprise Management Console with the
following functionalities:
1.1. Shall be able to do centralized signature update to all anti-virus programs on the desktops.
1.2. The console server must be supported on Windows 2008, 2012 & Centos Linux server.
1.3. Must provide anti-rootkit detection and cleanup centrally from Console.
1.4. Console should be able to provide the following protection management from a single console:
- Antivirus management - Anti-Spyware
management - Personal Firewall
management - HIPS management - Buffer Overflow
protection management - Application Control
management - Data Leakage
Protection (DLP) - Temper Protection
Management - Web Security
Protection - Patch Assessment
No. Question/Description Requirements Compliance Remarks 1.5. The management console must
support the following client deployment mechanisms:
- Active Directory discovery
- IP subnet range - Windows domain - Automatic Active
Directory Synchronization
- Automatic protection mechanism
1.6. Shall be able to manage the following platforms from a single console
- Windows - MAC OS - Linux - Solaris - HP-UX - AIX
1.7. Must be able to perform central updating for multi-platform.
1.8. The Central management console should provide a central dashboard with the summarized information
1.9. Must be able to perform targeted remote malware and PUAs cleanup.
1.10. Able to set thresholds and automatic email alert from management console.
1.11. Able to set warning and critical threshold on malware alerts and send via email to inform administrator without the need to constantly log on to the console.
No. Question/Description Requirements Compliance Remarks 1.12. Should have the ability to
further investigate incidents that occurs on the endpoints, such as able to view events what devices have been plugged into the endpoints, what applications have been triggered by the users on that endpoints. The search criteria must be able to be filtered by user or computer name.
1.13. Should be able to generate scheduled and ad hoc reports.
1.14. Should be able to save reports in the below formats:
PDF HTML DOC XLS RTF CSV XML
1.15. Must be able to support multiple roles for management of the console. Roles should include, but not limited to :
Administrator Guest Helpdesk System Administrator
1.16. Must be able to define custom roles for management of the console
1.17. NO additional plug in for DLP and device control required.
1.18. Be able to manage multi- platform in a single management console
1.19. Be able to communicate with gateway for exchange data – Synchronized security
No. Question/Description Requirements Compliance Remarks 2.0 Antivirus & HIPS
2.1. Shall be able to do centralized signature update to all anti-virus programs on the desktops :
2.2. Support the following client platforms:
- Windows 95/98/Me - Windows
2000/XP/Vista/2003/2007/ 2008/2010 (32 bits and 64 bits)
- Windows 2008 Core (32 bits and 64 bits)
- Windows 7 - MAC OS X
(Intel/PowerPC) - Netware 4.x/5.x - AIX - FreeBSD - Linux (Intel/AMD x64) - HPUX (HP-PA) - HPUX (Itanium) - Solaris (Intel /Sparc) - Windows Mobile 5/6
2.3. The solution must provide a way of scanning for and detecting script based attacks in an internet browser
2.4. Able to detect polymorphic virus
2.5. Able to detect and clean encrypted viruses.
2.6. Able to check against a set of patterns or known sequence of code for known viruses using Genotype Technology
2.7. The Endpoint must support bandwidth throttling
2.8. The EndPoint must be able to run kernel memory scan
No. Question/Description Requirements Compliance Remarks
2.9. End Point must be integrated with Live Protection where live DNS (SXL) lookups are done to obtain the latest threat information from the vendor’s
lab without waiting for the product to be updated.
2.10. End Points must be integrated with Live URL Protection where it prevents real-time access to URLs that have been identified as hosting malware based upon an URL database hosted by Vendor’s Labs. This
database should contain more than 11 million malicious URLS. Regardless of where the user is – in the office, at home or using an unprotected Wi-Fi network – they should be protected against the growing number of web-based threats.
2.11. The Solution platform must support different rules and policies
2.12. Shall be able to detect/remove Potential Unwanted Applications from the Console.
2.13. Should have the ability for the AV engine to detect suspicious process and quarantine/delete the process before the execution.
2.14. Must have high-performance on-access scanning technology to improve system performance.
2.15. Must not rely too heavily on signature files.
2.16. Must offer protection against polymorphic and other dynamic types of malware?
No. Question/Description Requirements Compliance Remarks 2.17. Must have the ability to block
malicious script execution?
2.18. Must include Host IPS capability
2.19. IDEs files must be small, at least from 3k-5kB size.
2.20. Must be able to set different update intervals for Threat Data Updates and Software updates
2.21. Automatic remote updates of virus definition files and engines without restarting servers or desktops
2.22. Must have Intelligent Mobile Updating or “location
roaming”, where a roaming
computer such as a laptop are able to update from a nearby update source rather than the source back in its “home”
location.
2.23. Must be able to configure scheduled scans to run with low priority, so that the end users are unaware that a scheduled scan is taking place and should be able to continue using their computer as normal.
2.24. Ability to select clean-up actions for malware :
Automatically cleanup malware
Deny access (quarantine)
Delete
2.25. Ability to assign different AV & HIPS policy by groups
2.26. Must Support Malicious Traffic Detection to prevent advantage persistent threat
No. Question/Description Requirements Compliance Remarks 3.0 Application Control
3.1. EndPoint must have Application Control to monitor and prevent installation/execution of unauthorized software.
3.2. Application control must have pre-defined list compiled from vendor’s lab. This list should be
provided as an update to the Console. This list also defined in category where selection of each application is manageable. Such as: Category: Instant Messeging:
- MSN Messenger - Yahoo Messenger
File Sharing - Bit-torrent
3.3. Must be able to select application by category or individual applications
3.4. Must have and option autoselect future applications added by the vendor if the category is selected.
3.5. Must be able to set control applications and set policies by groups
3.6. Shall be able to provide free application discovery tool to allow scanning of applications in the network before activating the Control Application feature.
3.7. Shall be able to control P2P file sharing application, MSN Messenger and Yahoo Messenger to selective groups of users.
No. Question/Description Requirements Compliance Remarks 3.8. Must have the ability to create
custom desktop message when policy is triggered
3.9. Must be able to hide desktop messaging when policy is triggered
3.10. Must be able to run Application Control in Monitor mode and track applications used by user hosts.
4.0 Device Control
4.1. Device Control must be able to: Detect and block
unauthorized use of removable storage devices, optical media drives and wireless networking protocols (WiFi, Bluetooth and Infrared)
Allow administrators to set a block or allow policy for different groups of computers
Report instantly on device activity in the management console
4.2. Able to integrate Device Control capability and provide pre-define hardware list from vendor. Must be manage from a single console.
4.3. Device Control must be able to support “Disable Bridging”
functionality when connected in corporate LAN, where wireless connection can be disabled.
4.4. Must have ability view device control events on the Console
No. Question/Description Requirements Compliance Remarks 4.5. Must have ability to exempt
devices directly from Device Control Event logs from the console
4.6. Ability to exempt device by: · Device ID · Device Make/Model with the option of allowing “Full Access” or “Read Only”
4.7. Must be able to monitor use of removable storage, floppy, optical drives, wireless, modem, Bluetooth and infrared devices.
4.8. Must have the ability to create custom desktop message when policy is triggered
4.9. Must be able to hide desktop messaging when policy is triggered
4.10. No additional plug-in required
5.0 Data Control
5.1. The End Point must come with Integrated with data control where it enables you to monitor for the transfer of sensitive data, such as Personally Identifiable Information (PII) or company confidential documents. Data control should reduce the risk of this data being accidentally saved to removable storage device or sent out of the organization.
5.2. Data Control must be able to stop users from transmitting sensitive documents from the following medium: Removable storage Optical and disk drives
(CD/DVD/Floppy) Internet enabled
applications (web browser, email client, instant messenger client)
No. Question/Description Requirements Compliance Remarks 5.3. Must be able to set a File
Matching rule to various source like Email Clients, Internet browser and Storage Devices.
5.4. Must have predefined File-Type Groups provided by the vendor.
5.5. Must be able to detect File Matching rules based on :
True File Type File name
5.6. Must be able to set a Content Matching Rule to various source like Email Clients, Internet browser and Storage Devices.
5.7. Must have pre-defined Content Control List (CCL) from vendor containing rules to detect Personally Identifiable Information (PII) which is constantly updated by the vendor.
5.8. Must be able to define custom Content Matching rule with support for strings detection and regular expression rules for more complex detection.
5.9. Must be able to detect content matching rules up to the meta-data level of a file.
5.10. Must have the ability to enforce content matching data control rules based on:
Predefined content rules from principle (e.g. credit card numbers, social security numbers, postal addresses, or email addresses)
Custom Content Rule
No. Question/Description Requirements Compliance Remarks 5.11. Ability to choose data control
rule action · Allow file Transfer and Log event · Allow file transfer on acceptance by user and log event · Block transfer and log event
5.12. Ability view data control events on the SEC with audit information as below but not limited to :
Date & Time Username Hostname RuleName Action Destination
5.13. Must have the ability to create custom desktop message when policy is triggered
5.14. Must be able to hide desktop messaging when policy is triggered
6.0 Client Firewall
6.1. Must integrate Client Firewall component and able to manage the policy centrally from a single console.
6.2. Client Firewall must come with Location Awareness
6.3. Location Awareness must allow the user to set different firewall policies for each location
6.4. Must be able to detect Location by DNS or gateway MAC Address
No. Question/Description Requirements Compliance Remarks 6.5. Must be able to add in
application checksum into the firewall by simply selecting the required files.
6.6. Must have client firewall log management capability
6.7. Client firewall must come with a wizard for rules creation and advanced option for custom rules creation.
6.8. Must be able to export client firewall rules from endpoints or console.
6.9. Must be able to import Client firewall rules with an option to merge rules being imported to existing rule.
6.10. Client Firewall must be able to operate in :
Interactive Mode Allow by Default
/Monitor Mode Block by Default Mode
6.11. Client Firewall must be able to set LAN segments for clients to have access to.
6.12. Client Firewall must be able to separately control NetBIOS and ICMP
6.13. Client Firewall must be able to set custom Application and Network rules
6.14. Client Firewall must be able to report unknown applications and network traffic to the console.
6.15. Must be able to view firewall events from the console
No. Question/Description Requirements Compliance Remarks 6.16. Must be able to create firewall
rules from the Firewall Event viewer on the Console.
7.0 Web Security & Filtering
7.1. Web security must integrated into your antivirus
7.2. Advanced web malware detection catches the latest threats
7.3. Must have Live URL filtering for instant protection from the latest malicious sites
7.4. Must have Tamper-proof network layer scanning blocks threats before they get to the browser
7.5. Cross-browser support for IE, Firefox, Safari, Chrome, and Opera
7.6. Must Provide essential compliance by controlling categories like adult, gambling, violence, and more
7.7. Must Protect your users from inappropriate content while keeping your organization safe from irresponsible activity
7.8. Must Able to Set categories to Allow or Block or use the Warn option to empower users to make a choice before surfing questionable content
7.9. Able Gain insights into users that attempt to visit blocked sites and see who’s bypassing
warnings and take action before their surfing habits become a problem
No. Question/Description Requirements Compliance Remarks 8.0 Patch Assessment
8.1. Shall be easy & simple scan finds unpatched computers vulnerable to threats
8.2. Scans for Windows and other common application patches
8.3. Able to prioritize patches based on threats and likelihood of exploit
8.4. Must able to make it easy to see computers missing critical patches, and to sort by patch vendor, threat, priority and more
9.0 Miscellaneous
9.1. EndPoints must support the following client platforms:
- Windows 95/98/Me - Windows
2000/XP/Vista/2003/2008 (32 bits and 64 bits)
- Windows 2008 Core (32 bits and 64 bits)
- Windows 7 - MAC OS X
(Intel/PowerPC) - Netware 4.x/5.x - AIX - FreeBSD - Linux (Intel/AMD x64) - HPUX (HP-PA) - HPUX (Itanium) - Solaris (Intel /Sparc) - Windows Mobile 5/6
9.2. The console server must be supported on - Windows 2008 server - Windows 2003 server - Windows XP - Windows Vista
No. Question/Description Requirements Compliance Remarks 9.3. Must have a central lab that can
perform all threats analysis (email/web/endpoint) from a single location.
9.4. The solution must be scalable to network of more than 10K+ clients and servers. Please give details regarding scalability.
9.5. Shall be able to provide free application discovery tool to allow scanning of applications in the network before activating the Control Application feature.
9.6. Single Agent for all functions (Antivirus, Anti Spy ware, Personal Firewall, Host Intrusion Prevention, Database Application Control, Device Control, Data Loss Prevention & Temper Protection )
9.7. End Point solution must be able to remove existing Anti-virus client before installing EndPoint solution automatically during central push.
9.8. Must have tamper Protection capabilities to avoid un-installation and modification of EndPoints.
9.9. Tamper protection must protect: AV and HIPS module Client Firewall Device Control Data Control
9.10. Should have the ability to further investigate incidents that occurs on the endpoints, such as able to view events what devices have been plugged into the endpoints, what applications have been triggered by the users on that endpoints.
No. Question/Description Requirements Compliance Remarks The search criteria must be able to be filtered by user or computer name.
9.11. Includes 24x7x365 support for the duration of the license and Sophos can be contacted for one-to-one assistance at any time
9.12. Allow prioritize patches for vulnerabilities for patch assessment
9.13. Be able to manage multi-platform(client) in a single management console.
9.14. Using fast scanning engine and decision caching technology which transparent to user.
9.15. Compromised endpoints can be isolated by the firewall automatically while endpoint terminated and remove malicious software.
9.16. Small Definition update makes no impact on the system, 300kb
9.17. Centralized policy provides user centric policies for client machine
9.18. Compromised systems are clearly identified with computer name, user and path.
9.19. Endpoint and ngfw work together sharing information to immediately identify suspicious traffic and advance threat
9.20. Simple dashboard present complete information such as no.of protected machine and any errors, and admin be able to click and view the specific machine involved.
APPENDIX 6 :
Location For Installation
Hardware and Software
APPENDIX 6
LOCATION OF THE DELIVERY, INSTALATION AND CONFIGURATION OF NETWORK EQUIPMENT
No.
Hardware Item
Quantity
Location
1.
Antivirus EndPoint Security and Control Solution Renewals License (120 users)
1
Yayasan Melaka Server, Personel Computer (PC) / Workstation