Objectives

The primary objective of this tender is to appoint a qualified service provider to conduct comprehensive penetration testing of the Bankseta Information and Communication Technology (ICT) environment over a period of two years. The testing aims to identify vulnerabilities across cloud infrastructure, network systems, web applications, physical security, wireless networks, and system configurations to enhance the security posture of Bankseta’s ICT environment.

Scope

The scope encompasses:

• Penetration testing of Bankseta’s cloud infrastructure within Microsoft Azure and Microsoft 365 E5 services.
• Assessment of network infrastructure including firewalls, routers, switches, access points, surveillance systems, and endpoints at Bankseta’s offices in Centurion, East London, and Polokwane.
• Evaluation of web applications such as SharePoint and single sign-on systems.
• Simulation of social engineering attacks to test staff awareness.
• Physical security testing of access controls, surveillance, fingerprint, and card readers.
• Wireless network security testing including Wi-Fi encryption and access controls.
• System testing of operating systems on endpoints, surveillance servers, and network equipment.
• Testing of third-party systems including ERP, HR, learner management, PABX, and internet services.
• Reporting, remediation implementation, user awareness sessions, and warranty certificates over the two-year period.

Technical Requirements

The technical requirements include:

• Assessment of security controls and vulnerabilities in cloud, network, web applications, wireless, physical, and system environments.
• Provision of four detailed reports with recommendations, two annually.
• Implementation of remediations totaling 160 hours over two years (80 hours per year).
• Issuance of four assurance certificates confirming secure configurations post-remediation.
• Conducting two user awareness sessions annually via Microsoft Teams.
• Compliance with specified system specifications and infrastructure components listed in the tender.

Skills Requirements

The bidder must demonstrate:

• Experience in penetration testing and security assessments of cloud, network, web, and physical systems.
• Proven track record with reference letters from previous clients where penetration testing was successfully implemented.
• Qualified personnel including:
• A project manager with project management NQF Level 6 certification or higher, and experience in IT project management.
• Team member no. 1 with at least NQF Level 4 or higher in Ethical Hacking and relevant certification.
• Team member no. 2 with at least NQF Level 4 or higher in switching or networking and relevant certification.
• Demonstrated experience in ethical hacking, switching, and networking.
• Ability to provide open-source or proprietary tools with assurance of non-harmful impact on Bankseta’s systems.
• Capacity to deliver reports, remediations, and user awareness sessions as specified.

Overall, the successful bidder must possess the technical expertise, personnel qualifications, and proven experience to deliver comprehensive penetration testing services aligned with the scope and technical requirements outlined in the tender.