Professional Documents
Culture Documents
Bid Document
Bid Document
Bid Document
(EOI)
Project Name : The Operation and Management of National Cyber Security Center
EOI : MoCIT/G/NCB/EOI/2080-081/03
Office Name: Ministry of Communication and Information Technology
Office Address: Singhdurbar Kathmandu
CV - Curriculum Vitae
DO - Development Partner
EA - Executive Agency
EOI - Expression of Interest
GON - Government of Nepal
JV - Joint Venture
NCSC - National Cyber Security Center
PAN - Permanent Account Number
PPA - Public Procurement Act
PPR - Public Procurement Regulation
TOR - Terms of Reference
VAT - Value Added Tax
MOCIT - Ministry of Communication and Information Technology.
VAPT - Vulnerability Assessment and Penetration Testing
ICT - Information and communication Technology.
NITC - National Information and Technology Center.
CIA - Confidentiality Integrity and Availability.
Table of Contents
Name of Project: The Operation and Management of National Cyber Security Center
1. Government of Nepal (GoN) has allocated fund toward the cost of The Operation and Management of National Cyber Security
Center and intend to apply portion of this fund to eligible payments under the Contract for which this Expression of Interest is
invited for National consulting service
2. The Ministry of Communication and Information Technology now invites Expression of Interest (EOI) from eligible consulting
firms (“consultant”) to provide the following consulting services: The Operation and Management of National Cyber Security
Center
3. Interested eligible consultants may obtain further information and EOI document free of cost at the address Ministry of
Communication and Information Technology,https://www.bolpatra.gov.np/ during office hours on or before 29-12-2023 12:00
or visit e-GP system www.bolpatra.gov.np/egp or visit the client’s website mocit.gov.np
4. Consultants may associate with other consultants to enhance their qualifications.
5. Expressions of interest shall be delivered online through e-GP system www.bolpatra.gov.np/egp on or before 29-12-2023 12:00
6. In case the last date of obtaining and submission of the EOI documents happens to be a holiday, the next working day will be
deemed as the due date but the time will be the same as stipulated.
7. EOI will be assessed based on Qualification 50.0 %, Experience 40.0 %, and Capacity 10.0 % of consulting firm and key
personnel. Based on evaluation of EOI, only shortlisted firms will be invited to submit technical and financial proposal through
a request for proposal.
8. Minimum score to pass the EOI is 60
B. Instructions for Submission of Expression of Interest
Instructions for Submission of Expression of Interest
1. Expression of Interest may be submitted by a sole firm or a joint venture of consulting firms and the maximum number of
partners in JV shall be limited to three.
2. Interested consultants must provide information indicating that they are qualified to perform the services (descriptions,
organization and employee and of the firm or company, description of assignments of similar nature completed in the last 7
years and their location, experience in similar conditions, general qualifications and the key personnel to be involved in the
proposed assignment).
3. This expression of interest is open to all eligible consulting firm/person/ company/ organization/ JV (Partners in JV shall be
limited to 3)..
4. In case, the applicant is individual consultant, details of similar assignment experience, their location in the previous 4 years and
audited balance sheet and bio data shall be considered for evaluation.
5. The assignment has been scheduled for a period of end of the fiscal year.. Expected date of commencement of the assignment
is 27-02-2024.
6. A Consultant will be selected in accordance with the QCBS method.
(i) A covering letter addressed to the representative of the client on the official letter head of company duly signed by
authorized signatory.
(ii) Applicants shall provide the following information in the respective formats given in the EOI document:
• EOI Form: Work Experience Details (Form 3(A), 3(B) & 3(C))
8. Applicants may submit additional information with their application but shortlisting will be based on the evaluation of
information requested and included in the formats provided in the EOI document.
9. The Expression of Interest (EOI) document must be duly completed and submitted by electronically only using the forms and
instructions provided by the system.
10. The completed EOI document must be submitted on or before the date and address mentioned in the “Request for Expression of
Interest”. In case the submission falls on public holiday the submission can be made on the next working day. Any EOI
Document received after the closing time for submission of proposals shall not be considered for evaluation.
C. Objective of Consultancy Services or Brief TOR
Terms of Reference
For
The Management and Operation of National Cyber Security Monitoring Center
(NCSMC)
Background
1
and operation of NCSMC as well. The team is required to work together with close
coordination with NITERT.
Objectives
The main objective of this consultancy is as follows:
• to ensure potential security incidents correctly identified, investigated,
analyzed, defended, and reported promptly,
• to fully operate and update technical tools and devices configuration in the
National Cyber Security Monitoring Centre, and
• to help ensure business continuity of critical and other important IT
infrastructures related to the National Cyber Security Monitoring
Centre.
1. Service Responsibilities
The followings are the main tasks to be performed by the consultant:
• 24X7 monitoring by at least two people on NCSMC Premises.
• To investigate and analyze Incidents and Phishing reported from the NITERT
website.
• To fully manage and operate existing monitoring systems deployed in NCSMC.
• To find different vulnerabilities, threats, risks identified in Security Information
and Events Management (SIEM) and facilitate the remedy of those.
• To prepare and provide advisories on Cyber Security based on recent best
international practices to MoCIT and NITERT regularly.
• To prepare technical reports, and documentation related to security incident
resolution and report to NITERT.
• To properly manage the official website of the NITERT.
• To prepare/update relevant contents and articles based on international practices on
the NITERT website.
• To provide technical assistance to NITERT for incident handling and resolution of
other Agencies of Government of Nepal as required.
• To provide training and transfer knowledge to other security team working in
NCSMC, National ITERT and other staffs as required.
• To perform all the tasks related to cyber security as instructed by NITERT.
• To prepare and updated cyber security related policies, guidelines, procedures etc.
as instructed by MoCIT and NITERT.
• To provide training on Contemporary issues related to cyber security as instructed
by NITERT.
2
2. Evaluation Criteria:
a. Consulting Firm:
• The consulting firm must have experience of providing Managed
Security Service and also have at least three years of working experience
in the field of Cyber Security.
• The consulting firm must have experience of having conducted IT
security assessment or VAPT in any five government organizations or
banks or other private organizations.
• The consulting firm having experience in SEIM/SOAR will have an
advantage.
b. Team Composition:
Estimated
man-month
S. Domain (no. of
Qualification Work Experience/skills
N Expert personnel ×
total no. of
months)
1. Information • Bachelor’s Degree in • At least 5 years of 1× 5
Security ICT related field with experience in cyber
Expert experience in Cyber security field.
Security projects • Experience as a
• Certification/Training team leader / project
in CISA (Computer manager / executive
Information Security
3
Auditor), ITIL or officer will be an added
CISSP (Certification advantage.
of Information System • Experience in
Security Professional) Cyber Security field
or relevant related projects is highly
certification will be preferred.
added advantage. • Exposure to
international practices in
Information and
Communication
Technologies is highly
preferred.
3. Deliverables
• Daily Report submission.
4
• The inception report of the tasks (within one month from contract
date)
• Submit instant report of any unusual event seen in NCSMC and other
cyber incidents occurred in Nepal Cyber Space to Cyber Security
Section of MoCIT.
• Submit monthly report regarding all tasks and remedy techniques
applied.
• These deliverables should be submitted as per the following deadlines:
4. Payment Schedule
The payment shall be done in monthly basis after the submission of monthly
progress report along with the tax invoice by the consultant for approval and after
the submission of all relevant deliverables for that particular month.
5. Duration of Assignment
This assignment will be a Time-Based Assignment. The duration for this
assignment will last till the end of fiscal year 2080/81. The agreement can be
extended if ministry needs the service in future.
6. Location
The consultant should work at MoCIT. The monitoring should be done 24X7
including public holidays. For this, at least two SOC analysts should be present
physically anytime. The Information Security Expert should be present in office
working days. S/he must provide online services on other days too.
5
7. Disclosure
Unless explicitly stated, all materials, tangible or otherwise, including but not
limited to: incident reports, events, technological details regarding the SOC,
etc.are considered strictly confidential and vendor will be prohibited from
disclosing aforementioned contents. A detailed NDA can be signed before
beginning the contract.
6
D. Evaluation of Consultant’s EOI Application
Evaluation of Consultant’s EOI Application
Consultant’s EOI application which meets the eligibility criteria will be ranked on the basis of the Ranking Criteria.
1 Corporate Registration
2 Tax Clearance of fiscal year 2079-080 / Tax Clearance of fiscal year 2078-079 and Tax Return
Submission of fiscal year 2079-080
3 VAT/PAN Registration
Score: 50.0
B. Experience
Sl. No. Criteria Minimum Requirement
Score: 40.0
C. Capacity
Score: 10.0
Form 4. Capacity
1. Letter of Application
(Letterhead paper of the Applicant or partner responsible for a joint venture, including full
postal address, telephone no., fax and email address)
Date: ..........................
To,
Full Name of Client: __________________________
Full Address of Client: ________________________
Telephone No.: ______________________________
Fax No.: ____________________________________
Email Address: _______________________________
Sir/Madam,
1. Being duly authorized to represent and act on behalf of (hereinafter "the Applicant"), and
having reviewed and fully understood all the short-listing information provided, the
undersigned hereby apply to be short-listed by [Insert name of Client) as Consultant for
{Insert brief description of Work/Services}.
3. [Insert name of Client] and its authorized representatives are hereby authorized to verify
the statements, documents, and information submitted in connection with this application.
This Letter of Application will also serve as authorization to any individual or
authorized representative of any institution referred to in the supporting information, to
provide such information deemed necessary and requested by yourselves to verify
statements and information provided in this application, or with regard to the resources,
experience, and competence of the Applicant.
4. [Insert name of Client) and its authorized representatives are authorized to contact
any of the signatories to this letter for any further information.1
5. All further communication concerning this Application should be addressed to the following
person,
[Person]
[Company]
[Address]
1
Applications by joint ventures should provide on a separate sheet, relevant information for each party to the
Application.
Standard EOI Document
7. We further confirm that, if any of our experts is engaged to prepare the TOR for any ensuing
assignment resulting from our work product under this assignment, our firm, JV member or
sub-consultant, and the expert(s) will be disqualified from short-listing and participation in
the assignment.
8. The undersigned declares that the statements made and the information provided in the duly
completed application are complete, true and correct in every detail.
Signed :
Name :
1. Name of Firm/Company:
4. Country of Registration:
9. Consultant’s Organization:
(Provide Company Profile with description of the background and organization of the
Consultant and, if applicable, for each joint venture partner for this assignment.)
Standard EOI Document
3. Experience
1.
2.
3.
4.
5.
6.
7.
Standard EOI Document
Firm’s Name:
2
Consultant should state value in the currency as mentioned in the contract
Standard EOI Document
1.
2.
3.
4.
5.
6.
7.
Standard EOI Document
4. Capacity
4(A). Financial Capacity
(In case of joint venture of two or more firms to be filled separately for each constituent
member)
Annual Turnover
(Note: Supporting documents for Average Turnover should be submitted for the above.)
Standard EOI Document
1.
2.
3.
4.
5.
3 Delete this table if infrastructure/equipment for the proposed assignment is not required.
Standard EOI Document
(In case of joint venture of two or more firms to be filled separately for each
constituent member)
Specific
Highest Work Experience Work
SN Name Position Nationality
Qualification (in year) Experience
(in year)
1