Canada - Managed Security Services Provider

Description

The VIA Information Technology (IT) department would like to select an IT Managed Security Services Provider (MSSP) to manage a portfolio of VIA's for Security Event Monitoring, Incident Detection and Response activities.

Mandatory Requirements:

Official Languages

The Proponent must provide fluent written and verbal support for the MSSP solution in both official Canadian languages (English and French), according to the language of choice of VIA's requester.

2.Experience

The Proponent must have minimum five (5) years of experience providing Managed Security Services for clients in Canada and/or US with hybrid IT infrastructure (on-premises and cloud) of similar scale and complexity to VIA and; A minimum of three (3) references must be provided for VIA to contact and; One (1) of the references must be in the transportation or railway industry.

3. Access to Solution Dashboard

VIA requires access to the solution's dashboard and customer portal. The Proponent will provide VIA with read-only access to all solutions provided as part of the services. Visibility of what's going on in the environment. Single point interface to access the status of the services.

Security Operations Center (SOC)

Proponent must have an established and functioning SOC at one or more facilities in Canada and/or US that it owns or leases for monitoring and assessing services for active clients 24 X 7 X 365.

Threat Intelligence

Proponent must demonstrate ability to perform research or obtain access to high quality threat intelligence that implicates Canadian Government, Crown Corporation, Transportation industry, or North American critical infrastructure contexts.

6. Security Professional Services

Operate a credible Professional services practice that includes SOC analysts, security strategy & planning, compliance & auditing, policy assessment & development, testing, breach & incident response, forensics, threat intelligence & research team and more.

Security Certifications

SOC 2, or SOC3 attestation report on their SOC management processes. The SOC 2 must cover security and availability principles at minimum and must have passed the compliance requirements against globally recognized IT framework(s) and control standards.

Service Management and Ticketing

Proponent must use (or integrate with) VIA's IT service management and ticketing solution (ServiceNow) for incident management and response activities, before end of transition period.Bidding and Documents are available on http://www.merx.com. Fees may apply; See https://www.merx.com/public/pricing for more information.

Opportunity closing date

23 December 2024

Value of contract

to be confirmed