[Tender Reference No.] 111-17
[Subject of the Procurement] NYDFS Cyber Security Requirements Comply, Audit, and Consult
[Procuring Entity] Bank of Taiwan, New York Branch
[Contact Person] Procurement Department, Mr. Tin
[Tel. No.] 212-968-8128 ext.39
[Time-limit for Receipt of Tenders] 12/14/2022 17:00 EST
[Date of Tender Opening] 12/14/2022 17:30 EST
[Summary of the Qualification requirements]
1.1 The consultant must have following qualifications and experiences:
1.1.1 Assisted 3 or more financial institutions (FIs) acquired ISO 27001 certificate.
1.1.2 Assisted FIs in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, and SWIFT Customer Security Program.
1.1.3 Implemented information security management system, acquired ISO 27001:2013 or another similar certificate. Certificates shall continue to be effective during the project period.
1.2 The project manager must have following qualifications:
1.2.1 At least 5-year experiences in information security management projects.
1.2.2 Acquired one of following certificates: ISO27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP).
1.2.3 Performed NYDFS 23 NYCRR 500 compliance review for at least three FIs.
1.3 Team members of the project must have one of following qualifications:
1.3.1 Assisted FIs acquired ISO 27001 certificate and assisted overseas branches of financial institutions in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, SWIFT Customer Security Program.
1.3.2 ISO27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP).
1.4 Other qualification refers to Tender Documents.
https://www.bot.com.tw/latest news/business announcement
[Additional Description]
Bidder is required to provide due diligence documents specified by the procuring entity. The relevant due diligence documents may include cybersecurity related policies and procedures, company profile, company registration certificate, business contingency plan, and overall disaster recovery plan, etc.