Australia Council for the Arts 2017 – Infrastructure as a Service, Network, Telephony and Managed Services RFT Applicant Information: Part E
November, 2017
Part E: Applicant Information
Infrastructure as a Service, Network, Telephony and Managed Services RFT
Applicant Name
To be Completed and Returned as part of RFT
November 2017
Version Final
CONTENTS
1 Introduction 4
1.1 Overview 4
1.2 Form of Responses 4
1.3 Required Compliance and Pricing Schedules 4
2 Applicant Details 5
2.1 Declaration of compliance 5
2.2 Conflict of Interest 5
2.3 Applicant Information 5
2.4 Contractual Compliance 6
3 General Information Requirements 7
3.1 Infrastructure as a Service Details 7
3.2 References and Federal Government or Equivalent Experience 7
3.3 Certifications and Compliance 8
3.4 Overall Solution Design and Architecture 9
3.5 Financial and Litigation Details 9
3.6 Insurance Details 9
4 Part B System Requirements 10
4.1 Introduction 10
4.2 Network Design 10
4.3 Local Area Network 10
4.4 Security and DMZ Design 10
4.5 Telephony Requirements 10
4.6 Cloud Infrastructure and End user Computing Services Responsibilities – Tenderer responsibilities 10
4.7 Backup Requirements 10
4.8 Technical Standards 10
4.9 Implementation Plan 11
4.10 Risk Assessment 12
5 Part C Information Requirements 13
5.1 Introduction 13
5.2 ITSM Standards and Best Practices 13
5.3 Service Agreement 13
5.4 Service Terms 13
5.5 Service Catalogue 14
5.6 ITSM Arrangements 14
5.7 Release and Change Processes and Timing 14
5.8 Sample Bill, Reports and Online Admin Portal 14
5.9 Additional Service Requirements 14
5.10 Service Level Agreements 16
5.11 System Administrator Access 16
5.12 Data BackUp and Recovery 16
5.13 Data Archiving, Retention and Records Management 17
5.14 Change Management Levels 17
5.15 Continuous Service Improvement 17
6 Pricing 18
6.1 Pricing Worksheet Details 18
6.2 Service Pricing Assumptions 19
6.3 Implementation Pricing Assumptions 20
1 Introduction
1.1 Overview
Please use this document to provide the additional applicant information as requested.
1.2 Form of Responses
Please complete all sections of this document and completed Workbooks 1 – 4 listed below.
Example files can be referenced and attached in a zip file as required. Please include your vendor name in all file names.
1.3 Required Compliance and Pricing Schedules
In addition to the completion of this document, Part E, please ensure the following workbooks are completed as part of your response:
· Workbook 1: Response to Part B Detailed Systems Requirements
· Workbook 2: Response to Part C IT Service Management Requirements
· Workbook 3: Pricing (please see Pricing section below for completion details)
· Workbook 4: Service Level Requirements for Part C schedules
2 Applicant Details
2.1 Declaration of compliance
Our response fully complies with the Request for Tender and we agree to all draft contract conditions.
2.2 Conflict of Interest
You must declare any actual or perceived conflict of interest that is likely to arise if your submission is the successful tender and how this conflict is proposed to be managed. This may include for example, where your organisation is also a product vendor or provider of technology solutions.
Where, in the opinion of the Australia Council, the conflict of interest is one that compromises the integrity of the tender process and likely to be unable to be satisfactorily managed, the Australia Council reserves the right to treat your submission as unsuccessful.
2.3 Applicant Information
Please record applicant details below
Full name of Applicant:Trading or business name:
Tenderer’s Contact:
Name:
Address:
Email:
Mobile:
Registered office
The principal place of business:
Australian Company Number and Australian Business Number:
Place and date of incorporation:
Management Structure
2.4 Contractual Compliance
Please detail any clauses in Part D, Contract Conditions where the applicant is non-compliant
Section / Non Compliance /3 General Information Requirements
3.1 Infrastructure as a Service Details
Please provide the details of your proposed service.
Solution & Applicant Details / Details (for each separately sourced component or add in) / Details (for each separately sourced component or add in)Hosting Basis (Public Cloud, Hosted application)
Hosting Platform
Security Compliance
Federal Government clients of IaaS solution
Estimated number of installations – Australia
Locations of AC data
Applicant relation with IaaS provider (e.g. installation partner)
Number of installations for which the partner is responsible
3.2 References and Federal Government or Equivalent Experience
Vendors need to supply two references for their proposed services. Where multiple vendors are partnered in a bid two references must be supplied for each partner. Federal Government best practice requires outsourced vendors are already working with like clients. Two references for cloud deployment of Federal Government or equivalent IaaS hosted production systems must be provided.
/ Vendor Name(s) / Vendor Name(s) / Vendor Name(s) / Vendor Name(s) /Reference name
Reference Service Description
Service Duration / Start End
Current Status
Reference Contact Name
Reference Contact Email and Phone
3.3 Certifications and Compliance
Vendors are required to be certified to a number of relevant ISO and related security and service provider standards. Vendors must provide certification details against each of the required standards, and any addition relevant qualifications.
Vendor to also detail their security policies, framework and principles for complying with best practice guidelines including any relevant audit reports.
Vendors are to outline their compliance program for continually monitoring control systems in accordance with the above standards. Copies of audit reports where published should be attached.
Standard / Certification Details /Please attach copies of relevant certificates and compliance reports.
3.4 Overall Solution Design and Architecture
Applicants should provide details of the overall infrastructure solution that is proposed including Office 365 / Azure architecture, DMZ, Website hosting, Network, Phone and Managed Services.
3.5 Financial and Litigation Details
The applicant must provide their last two years audited financials and corporate structure to support Council’s due diligence process.
All vendors should detail any litigation or claims concerning their products or services in the last two years.
3.6 Insurance Details
Vendors should supply details of current insurance policies for workers compensation, public, product and professional liabilities including policy details and coverage.
Insurance / Policy Cover / Policy Details /Works Compensation
Public Liability
Product Liability
Professional Indemnity
4 Part B System Requirements
4.1 Introduction
Please complete Workbook 1: Response to Part B Detailed Systems Requirements to record compliance with stated requirements. (Excel Spreadsheet)
4.2 Network Design
Please detail the proposed network solution.
4.3 Local Area Network
Please provide details of proposed local area network, support and proposed equipment including any existing Australia Council equipment used in your solution.
4.4 Security and DMZ Design
Please provide details of identification, authentication and access management functions and the proposed high availability DMZ and Azure AD design.
Please provide the proposed design of a secure, high availability DMZ that follows Azure best practice frameworks The design must comply with the DMZ and security requirements set out in Part B Section 3.3 DMZ and Security Requirements, as per current and future Federal Government Information Security standards.
4.5 Telephony Requirements
Please detail your proposed Telephony Solution including:
· using Office 365 and Enterprise Voice; and
· how DR is implemented to minimise downtime in the event of a primary service failure.
4.6 Cloud Infrastructure and End user Computing Services Responsibilities – Tenderer responsibilities
Please provide details on options to enable Council to self-administer such as Office 365 licences, user set up etc., and potential per month cost difference over the Tenderer performing this service.
4.7 Backup Requirements
Please provide details of your proposed backup solution for Azure and Office 365. Azure solution should include data and VM snapshots.
4.8 Technical Standards
Vendors should indicate proposed changes to Council’s existing technical standards as set out in Part B Section 8.4 Technical Standards and referenced in the table below:
Technical Component / Current Standard / Planned / Allowable Standard /Development Environment / .Net 4.5, Java, Eclipse, Visual Studio 2012
Integration Services / Web services
Server Platform / Win Server 2008 r2, / Win Server 2016 to be implemented for Cloud system
Database Server / SQL Server 2008 r2, / SQL Server 2016 for cloud systems
Security / AD 2008 / Azure AD
Virus Scanning / McAfee
Real time monitoring / SCOM and SCCM / SCCM and InTune
Communications / Telephony / Lync 2013
Digital Rights Mgt / Microsoft DRM
Virtualisation / VM Ware / Hyper-V is expected
Virtual Desktop / None
Email / Exchange 2010 / Office 365
Desktop / Windows 7 / Windows 10 Enterprise Edition
Virtual Desktop / Citrix / None
Desktop client / Standard PC has i5 4gb of RAM and 500 gb disk / Desktop refresh under way
Internet / IE 11 / Planning underway for IE 11 / Edge
Office / Office 2010 / Office 365 / 2016
Exchange archive / Exchange / Office 365
Intranet / Search / SharePoint 2010 / Office 365 / SharePoint Online
Backup / Commvault / Azure Back Up
VPN / Junos / Vendor to detail preferred solution
Phones / Lync compatible Polycom CX600
Mobile Phone / iPhone
Wi-FI / Maraki
4.9 Implementation Plan
Please provide implementation Plan as requested in Part B, Section 6 Transition in/out, Data Ownership and Implementation Planning and Part C Schedule 9 Service Transition Plan. This should include
· a Risk Management Plan
· proposed implementation team and their availability to meet Council target dates.
· Proposed migration methods and tools for emails to Office 365 and VM’s to Azure.
· details on the implementation team including relevant qualifications and experience
· Specifically address tasks identified in Part C Schedule 9 to ensure full readiness criteria are met prior to go live with any new or changed service.
4.10 Risk Assessment
Please provide a Risk Management Plan as requested in Part B, Section 6 Transition in/out, Data Ownership and Implementation Planning.
5 Part C Information Requirements
5.1 Introduction
Please complete Workbook 2: Response to Part C ITSM Requirements to record compliance with stated requirements.
5.2 ITSM Standards and Best Practices
Please detail ITSM systems and processes in accordance with Part C 1.1 OVERALL REQUIREMENTS.
Where service responsibilities are split between the applicant as a partner or agent of a SaaS service these details need to be provided for both and a RACI or table detailing the split of responsibilities of each party.
5.3 Service Agreement
Applicants should provide their Service Agreement in accordance with Part C. 1.4 FORM OF CLOUD SERVICES AGREEMENT and 1.6 SPECIFIED ITSM CLOUD SERVICES, Service Guideline 5.7 Establish a cloud service agreement
Where parts of the solution are provided by separate service providers or vendors, such as specific add ins, service terms and agreements should be provided for each separate product or service.
5.4 Service Terms
Applicants should detail their Service Terms in accordance with Part C. 1.5 AVAILABLE SERVICE TERMS
The Applicant must detail the IaaS and network service terms including
a) Standard service term type for example “Subscription Service”
b) Charge types including per various user licenses or access, and any separate data storage or transfer (data in or out) charges, processing changes, or service requests (as per the service catalogue required in Section 1.7 below)
c) Standard service term or subscription period for example “Monthly” or “Annual”
d) Minimum service term, normal service term, extended service term where applicable
e) Discounts if any for extended terms such as three and five year contracts
f) Scale up or scale down service fees or costs
g) All and any exit or termination fees
h) Standard service hours for Council and 24 x7 support for applicants in defined lodgment periods
i) Extended service options (see below)
Applicants should outline all details of theses service terms and all applicable charges in Part E – Applicant Information, Service Terms and Charges.
Please note the service terms below define business hours as being from 7AM to 7 PM five days a week and also request 24 x 7 support of applicants during defined application lodgment periods, and a VIP service request service (elevating response times) for up to 5 nominated users. Applicants should indicate in their response:
· Their standard service hours
· Any cost where this is less than the Council defined hours of the extended service
· Whether a VIP service is provided and if so the additional cost (if any)
5.5 Service Catalogue
Applicants should provide their Service Catalogue in accordance with Part C. 1.6 SPECIFIED ITSM CLOUD SERVICES, Service Guideline 5.3 Provide a catalogue of cloud services
This catalogue should align with ISO 20000-1, 6.1 and ISO 20000-9, Scenario 3 Service Catalogue details
5.6 ITSM Arrangements
Please detail ITSM ISO 20000 compliance or assurances of ITILv3 (2011) best practices, including Service Management tools and service management arrangements where the Applicant is a partner of agent for a SaaS service.
Please confirm agreement to cooperate with other vendors including overall infrastructure support partner and CRM partner. Where a RACI is available that covers ITSM and system integration responsibilities, a copy should be included as part of the Service Agreement above. A RACI will need to be agreed as part of the Statement of Work to ensure responsibilities between vendors for support and integration are clear.
5.7 Release and Change Processes and Timing
Please detail upgrade plans and options in accordance with Part C. 1.6 SPECIFIED ITSM CLOUD SERVICES, Service Guideline 5.12 Check and improve the SMS and cloud services
5.8 Sample Bill, Reports and Online Admin Portal
Applicants should provide sample bills and monthly reports in accordance with Part C. 1.6 SPECIFIED ITSM CLOUD SERVICES, Service Guideline 5.10 Monitor and report cloud services.
This should include details of web monitoring and reporting portal available to Council across all relevant services.
5.9 Additional Service Requirements
Applicants should provide response to each item set out in Part C Section 1.7 Additional Service Requirements.
Policy / Contractual Requirement / Required Details / Application Response /DR and BCP (aka IT Service Continuity Management) / Tenderer to detail service guarantees including RTO / RPO levels.
Australia Council requirement is for 2 hours/2 hours.
Security management / Tenderer to confirm compliance with IRAP or ISO 27000 series for any services outside Azure and Office 365
Risk Management framework / Tenderer to provide details of their Risk Management Framework and how it is used. The risk management framework should be used to proactively monitor and manage potential issues before they materialise. This framework should be updated at least six monthly to reflect changing risks and issues.
Council data protection / Tenderer to confirm location of Council data, redundancy and backup, form of encryption (if any) and data protection policies, including specific compliance with relevant IT security standards in accordance with Federal Government cloud policies.
Vendor cooperation / As the Tenderer will be Council’s main IT Support Partner for IT Service Management Tenderer to confirm co-operation, including proposed collaboration approach with respect to incident, problem and change management processes, service integration and the Service Desk function with other Finance and CRM SaaS providers
Where a RACI is available that covers ITSM and system integration responsibilities, a copy should be included as part of the Service Agreement above. A RACI will need to be agreed as part of the Statement of Work to ensure responsibilities between vendors for support and integration are clear.
In terms of Service Desk functions, ideally an integrated interface will be provided to the Australia Council primary service desk, with updates to seamlessly flow from the service desk. Tenderers are requested to provide Service Desk integration and data feed options in Part E under Section 4.6 Service Desk Integration.
Annual reviews / Tenderer to confirm process for annual review of service, including presentation to Council management of service performance and planned or suggested service improvements
Transition Out / Tenderer to detail process for handover of support from current support vendor, who manages all Council hosted services, DR, network, desktop and mobile support.
5.10 Service Level Agreements