Scribd
Upload
291 views

VAPT RFP v1

This document is a request for proposal from TPL Trakker Limited seeking proposals from security organizations and professionals to conduct vulnerability assessments and penetration tests of their web applications and systems. It provides details on the scope of work, deliverables, proposal requirements and evaluation criteria. The scope involves external and internal testing of 8 IP addresses. Proposals are due by June 29th and should include company and consultant qualifications, detailed methodology, pricing, and sample reports. The selection will be based on best technical solution and experience along with lowest price. All proposal information will be kept confidential.

Uploaded by

Rashid Kamal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
291 views

VAPT RFP v1

This document is a request for proposal from TPL Trakker Limited seeking proposals from security organizations and professionals to conduct vulnerability assessments and penetration tests of their web applications and systems. It provides details on the scope of work, deliverables, proposal requirements and evaluation criteria. The scope involves external and internal testing of 8 IP addresses. Proposals are due by June 29th and should include company and consultant qualifications, detailed methodology, pricing, and sample reports. The selection will be based on best technical solution and experience along with lowest price. All proposal information will be kept confidential.

Uploaded by

Rashid Kamal
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

REQUEST FOR PROPOSAL (RFP)

FOR

VULNERABILITY ASSESSMENT & PENETRATION TESTING

Date: June 14, 2018


Table of Contents

1 About the Company .............................................................................................................................. 3


2 Purpose ................................................................................................................................................. 3
3 Scope of Work ....................................................................................................................................... 3
4 Deliverable ............................................................................................................................................ 4
5 Proposal Requirements, Format & Evaluation Criteria......................................................................... 4
5.1 Proposal Format ............................................................................................................................ 4
5.2 Contact .......................................................................................................................................... 5
5.3 Evaluation Criteria......................................................................................................................... 5
6 Timeframe and Key Dates ..................................................................................................................... 5
7 Confidentiality ....................................................................................................................................... 6
1 About the Company
TPL Trakker Limited is Pakistan’s leading tracking company with a vision to creating value
through digital transformation. The company is in the business of providing superior quality
GPS, GSM & Satellite Mobile Asset Tracking Management and Information Solutions. We
work with various businesses spread across a broad spectrum of industries to equip them with
advanced data tools for location tracking, fuel monitoring, reporting, safety and compliance.

TPL Trakker Limited portfolio includes Car Tracking Units, Software, Operational and Project
Management Expertise, Deployment, Data Evaluation, and Consultancy. Modified solutions
like Stolen Vehicle Services, Fleet Management Solutions, Safe Transport Environment
Project, Trakker NAV, Personal Trakking, and e-Solutions are also offered to clients looking
for tailored services to meet very specific needs.

Over a very short span of time, TPL Trakker Limited has established itself as a true regional
player by securing its presence in Pakistan and UAE It has more than 550,000 units installed
successfully and has successfully captured the niche in SVR (Stolen Vehicle Recovery)
services with a recovery rate metric of more than 90%. In fact, it’s the only vehicle tracking
company to be assigned a long-term financial status rating of A- by the Pakistan Credit Rating
Agency Limited (PACRA).

2 Purpose
TPL Trakker Limited requests proposal for vulnerability assessment and penetration testing from
competent information security organizations and professionals with extensive experience in the
field of vulnerability assessment and penetration testing of applications, databases, systems,
networks to identify and evaluate vulnerabilities and the impact it may have when exploited of the
in-scope information systems; and to strengthen the controls to mitigate the risk.

3 Scope of Work
The scope of engagement is to conduct vulnerability assessment and penetration testing (referred
herein as “VA/PT”):

S. No. Scope No. of IP


1 External VA/PT of web application and system 3
2 Internal VA/PT of web application and system 5
3 Revalidation/ follow-up on the closure of reported observations
Please note:
 IP/ URL shall be disclosed upon awarding of the contract
4 Deliverable
Written reports should be submitted as a deliverable of the project. The reports should at the
minimum comprise of the scope of work, methodology/ approach, executive summary, details of
vulnerabilities identified (observation), its risk, risk rating and specific practical recommendations
to remediate it. The reports should also provide details of both successful and unsuccessful exploits
executed by the penetration tester against reported vulnerability.

Same pattern should be followed for revalidation/ follow-up report.

5 Proposal Requirements, Format & Evaluation Criteria


The following information must be provided in the proposal:

a. A brief company profile along with details of:


 Similar nature of projects completed during last 2 years along with description of
service provided and the client names (where possible)
 Project/ services provided to TPL Trakker Limited in past 5 years (if any).
b. Detailed approach for conducting vulnerability assessment and penetration testing (both
internal and external);
c. High Level Project Plan
d. Details of deliverable format (sample report format)
e. Pricing for the service
f. Details of the persons who will be designated to perform the required services (fieldwork)
which should comprise of the following:
 Relevant experience, qualification and certifications
 List of clients on which the designated person performed similar nature of vulnerability
assessment and penetration tests during last two (2) years; along with client contact
name, email address and a contact phone number.

5.1 Proposal Format


Proposals may be submitted either via:

 Email
In Softcopy (Word or PDF format) with subject “Vulnerability Assessment &
Penetration Testing”
Proposals should be sent to [email protected] and [email protected]

OR

 Hardcopy: One (1) Original and one (1) copy of original in sealed envelopes clearly marked
“Vulnerability Assessment & Penetration Testing”
Proposals should be addressed as follows:
Attention: Mr. Furqan ul Huda & Ms. Syeda Aeman Shujaat

Company Name: TPL TRAKKER LIMITED


Company Address: Corporate Office
11th and 12th Floor, Centrepoint,
Off Shaheed-e-Millat Expressway,
Adjacent KPT Interchange, Karachi
Postal Code 74900

Responses to this RFP are requested to be submitted latest by June 29, 2018 by 5:00 p.m.

5.2 Contact
The following personnel will be the sole contact for this RFP.

Contact Email Address


Furqan ul Huda [email protected]
Syeda Aeman Shujaat [email protected]
Any and all questions relating to the content, timeline, or requirements outlined in this RFP, as
well as the associated proposals, should be made via email. TPL TRAKKER LIMITED will help
clarify any issues or questions regarding this RFP. It is the vendor’s responsibility to seek this
clarification.

Communication with any other TPL TRAKKER employee or consultant during the RFP period is
not permitted, and may result in your company being disqualified from the evaluation process.

5.3 Evaluation Criteria


The following shall form the basis of evaluation criteria:

a. Best fit technical solution (industry’s standards, best practices, benchmarks) with lowest
bid price
b. Qualifications and relevant experience of company as well as of personnel who will
perform the fieldwork.

6 Timeframe and Key Dates


Activity Date
RFP issued June 14, 2018
Vendor RFP questions due June 22, 2018
Vendor RFP responses due June 26, 2018
Submission of proposal by vendor June 29, 2018
Proposal evaluation and negotiations due July 6, 2018
Award notification(s) July 18, 2018
7 Confidentiality
This RFP and TPL Trakker Limited’s process of evaluating sourcing opportunities, as well as the
timing and content of any correspondence, meeting, discussions, and negotiations between TPL
Trakker Limited and the Respondent, will be deemed “Confidential Information”.

Respondents must recognize and acknowledge that TPL Trakker Limited operates in a highly
competitive business environment and, for that reason, expects that Respondents will treat all
materials and data provided by TPL Trakker Limited as confidential.

You might also like