Académique Documents
Professionnel Documents
Culture Documents
Unit 2002-2005, 20/F ING Tower, 308 Des Voeux Road Central,
Sheung Wan, Hong Kong.
Tel.: +852 2319 1313 Fax: +852 2319 2626
Email: enquiry@hkirc.hk
Website: www.hkirc.hk
Table of Contents
1.
2.
3.
4.
Summary ................................................................................................................3
Definitions..............................................................................................................3
About HKIRC ........................................................................................................3
Information Security ..............................................................................................4
5.
6.
7.
8.
1. Summary
HKIRC is going to commission an external Service Provider to provide Data Centre
Colocation Service for the Company. The service shall provide four 42U rack space,
power for all racks and environment, security protection as well as remote hand
support for server support. It shall also include all services required for the
implementation of the Project. The period of the contract will be 24 months.
2. Definitions
The following terms are defined as in this section unless otherwise specified.
The Contractor means the company delivering the Project.
HKIRC means Hong Kong Internet Registration Corporation Limited.
HKDNR means Hong Kong Domain Name Registration Company Limited, a
wholly-owned subsidiary of HKIRC, the company requesting the proposal for the
Project.
The Project means the Data Centre Colocation project with requirements stipulated
in Section 5 of this document, the Background of the Project.
remote hand means physical access to and operation of the equipment on the rack
by qualified technical personnel of the Contractor under the direction of HKIRCs
technical staff.
RFP means this Request for Proposal
3. About HKIRC
Hong Kong Internet Registration Corporation Limited (HKIRC) is a
non-profit-making and non-statutory corporation responsible for the administration of
Internet domain names under '.hk' country-code top level domain. HKIRC provides
registration services through its wholly-owned subsidiary, Hong Kong Domain Name
Registration Company Limited (HKDNR), for domain names ending with '.com.hk',
'.org.hk', '.gov.hk', '.edu.hk', '.net.hk', '.idv.hk', '..hk', '..hk', '..hk', '.
.hk', '..hk', '..hk' and '.hk'.
Customer-orientated
Non-discriminatory
Efficient and effective
Proactive and forward-looking
4. Information Security
The company submitting the proposal (the company) shall acknowledge and agree
that, if the company is selected as the Contractor, it shall be bounded by our
Non-Disclosure Agreement (NDA) and Information Security Policy (highlights of the
policies are illustrated in Appendix A). The company shall also comply with the
obligations under the Personal Data (Privacy) Ordinance and any other obligations in
relation to personal data.
The company shall be provided with a set of NDA and Information Security
Compliance Statement after HKIRC received the companys Express-of-Interest
before the stipulated time. The NDA and the Information Security Compliance
Statement shall be signed and returned to HKIRC attached with documents required
by the Compliance Statement before the scheduled deadline. HKIRC will only
consider proposals from companies which have signed both the NDA and the
Information Security Compliance Statement.
The proposal should be marked RESTRICTED at the centre-top of each page in
black color. It must be encrypted if transmitted electronically.
Each proposal will be reviewed under the terms of non-disclosure by the HKIRCs
staff and Board of Directors of HKIRC.
Background
Currently, all our production servers are co-located in a hosting service providers
data centre. Current equipment occupies four 42U Racks. The hosting service
provider is responsible for providing power conditioning (main and UPS),
environmental control/protection (fire, flood, temperature, humidity etc.), and security
and access control. In addition, the service provider also provides remote hand to
physically access the servers if needed.
5.2.
Scope of Service
5.2.1
Each power feed should not come from the same phase
Each power feed should be fed from independent breaker
Each power feed should provide at least twenty 13A sockets
All power feed must be protected from brownout, spike & surge by
5
5.2.2
Implementation Services
The professional services for this Project should cover the following:
Basic hardware and network setup
8
Documentation for the processes and procedures like NOC Support procedures,
Incident Report procedures, Incident Handling Process etc.
5.2.3
Information Security
The Contractor shall follow HKDNR Information Security Policy and Guidelines
set out by HKDNR on personal and co-operation data security.
Contractors Information Security Policy is subject to HKIRC review if needed.
5.3.
Service Acceptance
The overall project acceptance can be broken down into acceptances at various
levels:1.
2.
3.
4.
5.
Under this acceptance framework, the vendor should fulfill the scope of services
described in section 5.2.1. In addition, interested vendors may provide additional
acceptance criteria and the related plan in detail in their proposals.
5.4.
Contractual Consideration
Although the contract period is 24 month, HKIRC will start the new contract
re-tendering process at month 21. In case the re-tendering process did not complete at
the end of the current contract, HKIRC reserves the right to extend the current
contracts for another 3 months, with the same terms and conditions. Also, if for any
reason the contract is to be terminated before the completion of the contract period,
the initiating party should give a 3-month notice in advance of the early termination
date.
Contractor of the Project, it shall indemnify HKIRC and HKDNR against any claim,
demand, loss, damage, cost, expense or liability which the company may suffer from.
10
7. Project Schedule
Project schedule
Tasks
To be Completed
Remark
by
1 Publish RFP
8/5/2009
2 Express of interest
15/5/2009
29/5/2009
interested vendors
4
5:30pm
19/6/2009
2/7/2009
4/7/2009
9/7/2009
vendor
9 Service implementation
10
Service commencement
8/8/2009
9/7/2009
If relocation needed
8/8/2009
If relocation needed
8. Payment Schedule
The following payment schedule is recommended but interested vendors may propose
their own in their proposals.
Milestone/Acceptance
Expected
Payment
duration
1
4 weeks
One time
setup
charge
11
24 month
Monthly
charge
Proposals are evaluated based on major criteria as follows (the percentages given are
the weighting)
start the negotiation with the next qualified vendor on the selection list.
Contacts
Hong Kong Internet Registration
Corporation Limited
IT Manager
Unit 2002-2005,
+852 23193811
ben.lee@hkirc.hk
Ben Lee
Project Manager
Hong Kong
Benjamin Choy
+852 23193819
ben.choy@hkirc.hk
CEO
Jonathan Shea
+852 23193821
jonathan.shea@hkirc.hk
13
and third party users shall be carried out in accordance with relevant laws, regulations
and ethics, and proportional to the business requirements, the classification of the
information to be accessed, and the perceived risks.
8.1.3 As part of their contractual obligations, employees, contractors and third party
users shall agree and sign the terms and conditions of their employment contract,
which shall state their and the organizations responsibilities for information security.
8.2 During employment
Security objective: To ensure that all employees, contractors and third party users are
aware of information security threats and concerns, their responsibilities and liabilities,
and are equipped to support organizational security policy in the course of their
normal work, and to reduce the risk of human error.
8.2.1 Management shall require employees, contractors and third party users to apply
security measures in accordance with established policies and procedures of the
organization.
8.2.2 All employees of the organization and, where relevant, contractors and third
party users shall receive appropriate awareness training and regular updates on
organizational policies and procedures, as relevant to their job functions.
8.3 Termination or change of employment
Security objective: To ensure that employees, contractors and third party users exit an
organization or change employment in an orderly manner.
8.3.2 All employees, contractors and third party users shall return all of the
organizations assets in their possession upon termination of their employment,
contract or agreement.
8.3.3 The access rights of all employees, contractors and third party users to
information and information processing facilities shall either be removed upon
termination of their employment, contract or agreement, or adjusted upon change.
12. Information systems acquisition, development and maintenance
12.5.5 Outsourced software development shall be supervised and monitored by the
organization
15
third party users shall be conducted in accordance with relevant laws, regulations and
ethics, and proportional to the business requirements, the classification of the
information to be accessed, and the perceived risks.
8.1.3 Terms and Conditions of Employment
As part of their contractual obligation, employees, contractors and third party users
shall agree and sign the terms and conditions of their employment contract, which
shall state their and the organizations responsibilities for information security.
8.2.1 Management Responsibilities
Management shall require employees, contractors and third party users to apply
security measures in accordance with established policies and procedures of the
organization.
12. Information systems acquisition, development and maintenance
12.5.5 Outsourced Software Development
Outsourced software development shall be supervised and monitored by the
organization.
17
Company Background
o Financial Situation
o Track Records
o Organization and management team
o Project team with credentials
Company credentials
o Staff credentials
Facilities standard and management practice related to colocation service
Knowledge and Advices on Projects
18
Proposal requirements
Submission deadline
Delivery address
Hard copies
Electronic copy
Proposal format
Page count
30 pages or fewer.
Font
Stapled.
Do not bind.
font.
Name:
Title:
Mailing
address:
Phone:
19
Fax:
Email:
Company
Contact person:
Title:
Company
name:
Mailing
address:
Phone:
Fax:
Email:
Website:
emergency.
Equipment that is permanently placed or purchased for HKIRC, if any.
Subsequent support or maintenance service.
Other direct costs including services, materials, supplies, postage, etc.
21