Activity-1: Consultancy Services for IT Audit and Expansion of existing Data Center (Contract Package #S24)
Objective: To engage a leading IT Audit and Infrastructure design consulting firm to provide blue print and strategy of expansion of the existing TIER – 3 Data Center to meet the current and future demand in phases.
Deliverable
- Inception Report inclusive of Work plan, documentation formats.
- Survey of current and projected data volume for next 10 years
- IT Audit including security audit of existing data center
- Review of existing applications and demand
- Submission of technical specification document for expansion of existing Data Centre; and Data Recovery Center
- Workshop(s) to finalize draft technical specification documents and reports
- Submission of final technical specification documents and reports
National Enterprise Architecture
Activity-1: Consulting Services for Establishing Enterprise Architecture and Interoperability Framework (Contract Package# S10)
Objective: Establishing Enterprise Architecture and Interoperability Framework
Deliverable
- Inception Report
- Leading Practices Report
- Business Architecture report
- Application Architecture report
Deliverables under processing:
- Draft Report on National Enterprise Architecture and Interoperability Framework for Bangladesh (NEA and e- GIF) with Mobile Service Delivery Platform (MSDP).
- Draft eGIF architecture report
- FRS and SRS for 3 e-services
- Proposals concerning the draft Digital Security Act of Bangladesh (BCC-CIRT-0010)
Activities
- Workshop to review and guide teams
- Workshop to discuss draft NEA, e-GIF and MSDP documents
- 2 Batches of stakeholders are sent to NUS for TOGAF training
Computer Incidence Response Team
Activity-1: Consulting Services for Development of Information Security Policies, standards, and National Computer Incident Response Team (CIRT) implementation (International) (Contract Package # S11)
Implementations
- Contract signed with the Joint Venture of Norway Registers Development AS, Norway and JSC NRD CS (NRD CyberSecurity), Lithuania on 27 July, 2015.
- Kick-off meeting was held on 29 July, 2015
- Requirements for CIRT infrastructure (OS, VM, and DBs) were discussed, submitted and confirmed on 30 July, 2015
- Draft project communication procedure was prepared and submitted.
- Consultant team completed translation on draft „Digital Security Act, 2015‟ from Bengali to English
- Final Inception report submitted on 30 August, 2015
- Submitted „Forensic lab design concept v1‟ report on 03 September, 2015
ISO 27001
Activity-1: Non-Consulting Services for Information Security Management System (ISMS) ISO/ IEC 27001:2013 Certification for National Data Center (Contract Package # NS9))
Implementations
- The contract signed with PricewaterhouseCoopers Pvt. Ltd., India on 19 May 2015.
- The vendor has submitted the inception report.
- Primary issue was the deliverables were found to be extracted from academic books. PWC has been reprimanded by BCC and the issue has been brought up to PWC management for resolution
ISO 20000
Activity-1: Non-Consulting Services for IT Service Management Certification (ISO/IEC 20000) for National Data Center (Contract Package # NS8)
Implementations
- Contract signed with QAI Ltd., India on 16 April 2015.
- QAI Ltd. has completed the gap analysis and has identified the lack of proper documentation on policy, planning, budgeting, HR planning, reporting mechanisms, process documents, operational agreements, and internal audits.
- QAI Ltd submitted draft report and mentioned that lack of adequate manpower resources within BCC as the key challenge to obtaining the certification. It is recommended for additional headcounts to be incorporated into BCC's establishment.