Appointment of a Service Provider - Construction Education

Returnable Documents:

The CETA is a Sector Education and Training Authority established in terms of the Skills Development Act, 1998, as amended. The National Skills Development Plan 2030 (NSDP) has five principles and goals that guide the CETA's strategic and annual performance plans. The CETA recognises the need for a turn-key managed ICT service provider to enhance and unlock the full potential of CETA operations. Currently, the CETA operates manually and is decentralised, leading to inefficient ICT utilisation, relegating ICT to an afterthought rather than a strategic business enabler. The CETA is looking to elevate the role and use of ICT throughout the organisation, leading with a cloud-first strategy for its digitalisation needs. The CETA has offices in all 9 provinces and has an organisational structure comprising 180 positions. 4. CETA ORGANISATIONAL STRUCTURE The CETA organisational structure is currently made up of the following divisions: 3.1 Office of the CEO: o Risk Management o Legal and Compliance o Transformation o Monitoring and Evaluation o Special Projects 3.2 Finance o Supply Chain Management o Financial Management o Facilities Management 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • The work of this division is supported by SAGE 200 3.3 ETQA and Projects o Qualifications and Accreditation o Learning Programmes Implementation and Monitoring o Client Services and Projects • The Learner Management System supports the work of this division 3.4 Strategic Support o Human Resources o ICT o Marketing, Communications and Stakeholder Management o Research, Planning and Reporting • The Learner Management System and SAGE 300 supports the work of this division 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 5. OBJECTIVES OF THE CETA- FULL TURNKEY MANAGED ICT SERVICE PROVIDER Engaging a single managed service provider (MSP) to assist the Construction Education and Training Authority (CETA) with a range of IT services offers several advantages: 1. Streamlined Project Management a. Single Point of Contact: Simplifies communication and coordination by providing a single point of contact for all IT-related services, reducing the complexity of managing multiple vendors. b. Consistent Communication: Ensures that information is shared consistently and accurately across all services, preventing misunderstandings and misalignments. 2. Cost Efficiency a. Bundled Services: Potential for cost savings through bundled services and negotiated discounts for a comprehensive package, as opposed to individual services from multiple vendors. b. Reduced Overhead: Lower administrative overhead due to simplified vendor management, invoicing, and contract negotiation processes. 3. Integrated Solutions a. Seamless Integration: Ensures all systems and services are integrated and compatible, leading to a more cohesive and efficient IT infrastructure. b. Holistic Approach: An MSP with a broad scope can design solutions that consider the interdependencies between different components (e.g., network configuration, endpoint security, and server management). 4. Enhanced Security a. Unified Security Strategy: A single MSP can develop and implement a comprehensive security strategy that covers all aspects of the IT environment, eliminating coverage gaps. b. Centralised Monitoring: Centralised monitoring and management of security systems (e.g., endpoint security, Mimecast) for quicker detection and response to threats. 5. Expertise and Support a. Specialised Knowledge: Access to a team of experts with specialised knowledge across various IT domains, ensuring high-quality installation, configuration, and maintenance. b. Proactive Support: Consistent and proactive support and maintenance services that pre- emptively address issues before they become critical. 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6. Scalability and Flexibility a. Adaptability: Easier to scale services up or down as the organisation’s needs change, without the need to negotiate with multiple vendors. b. Flexibility: Ability to deploy new technologies and services, as the MSP has a comprehensive understanding of the existing infrastructure. 7. Simplified Compliance and Policy Development a. Consistent Policies: Consistent development and implementation of ICT policies across all systems, ensuring compliance with regulatory requirements and organisational standards. b. Comprehensive Documentation: Centralised documentation of all processes and policies, aiding in audits and compliance checks. 8. Improved Efficiency and Performance a. Optimised Performance: Holistic optimisation of the IT infrastructure, ensuring all components work together efficiently and effectively. b. Minimised Downtime: Reduced risk of downtime through coordinated maintenance and support, enhancing overall productivity. 9. Strategic Planning and Futureproofing a. Long-Term Planning: Ability to create long-term strategic plans for IT infrastructure development and upgrades, aligning with organisational goals. b. Futureproofing: Implementation of scalable and flexible solutions that can adapt to future technological advancements and organisational growth. 10. Comprehensive Reporting and Analytics a. Unified Reporting: Consolidated reporting on IT performance, security, and usage, providing clear insights and aiding in decision-making. b. Data-Driven Decisions: Use of analytics to inform strategic decisions and improve overall IT governance. Conclusion: By engaging a single managed service provider for the installation, configuration, and maintenance of the network, access points, laptops, cell phones, Microsoft 365 E5 suite, endpoint security, Email security, ICT policy development, data room build support, and ongoing support, CETA can benefit from streamlined management, cost efficiencies, integrated solutions, enhanced security, and improved overall performance. This approach enables CETA to focus on its core mission while ensuring a robust and reliable IT infrastructure. 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6. PROJECT SCOPE 6.1. Infrastructure Modernisation 6.1.1. Network Architecture Transformation The service provider must execute a complete transition from our current MPLS-based network to a comprehensive SD-WAN solution: Current State: • MPLS connections across nine provincial offices • Existing business district locations with established connectivity • Legacy network infrastructure requiring modernisation Target Architecture: • Complete SD-WAN deployment with dual-path redundancy • Cost-optimised connectivity leveraging multiple ISP providers • Centralised network management with real-time monitoring • Enhanced security with integrated firewall and threat detection • Quality of Service (QoS) prioritisation for business-critical applications • Automatic failover capabilities ensure business continuity 6.1.2. Network Access Control Requirements: • 802.1X authentication for wired and wireless access • Device profiling and automatic VLAN assignment • Guest network isolation with captive portal • IoT device network segmentation • MAC authentication bypass (MAB) for non-802.1X devices • Certificate-based authentication for corporate devices 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Integration with Active Directory/Azure AD • Rogue device detection and quarantine • Non-compliant device remediation workflows • Post-connection health checks (antivirus, OS patches) • Automated VLAN assignment based on user/device type • Network visibility for all connected devices • Contractor/temporary staff access management with expiry • NAC policy enforcement for BYOD devices • Quarantine VLAN for non-compliant devices • Integration with an endpoint security solution • NAC appliance redundancy and failover 6.1.3. Server and Computing Infrastructure Head Office Requirements (130 users): • Modernised server room infrastructure with appropriate cooling and power management • Virtualised server environment supporting 180+ concurrent users plus intern capacity • High-availability storage systems with automated backup solutions • Disaster recovery capabilities within South African data centres Provincial Office Support (50 users distributed): • Standardised computing environments across all 9 provinces • Local backup systems with centralised management • Remote management capabilities for efficient support 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6.1.4. Cloud Strategy and Migration • Comprehensive cloud adoption framework aligned with cloud-first strategy • Azure cloud architecture design and implementation • Cloud migration assessment and roadmap for existing applications • Multi-cloud strategy and governance (Azure primary, contingency planning) • Cloud cost optimisation and FinOps implementation • Cloud security posture management (CSPM) • Cloud workload protection platform (CWPP) • Cloud-native application development guidelines • Infrastructure as Code (IaC) implementation • Cloud resource tagging and cost allocation strategy • Cloud backup and disaster recovery strategy • Hybrid cloud connectivity and integration • Cloud performance monitoring and optimisation • Azure landing zones implementation • Cloud governance policies and compliance monitoring 6.2. Managed ICT Services 6.2.1. Service Desk and Support • 24/7 technical support with guaranteed response times • Multi-channel support (phone, email, web portal, mobile app) • On-site technical support at the Head Office within 4 hours • Remote support capabilities for provincial offices • User training and adoption support for new technologies 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6.2.2. System Administration and Maintenance • Complete management of server infrastructure and applications • Regular security updates and patch management • Performance monitoring and optimisation • Capacity planning and scaling recommendations 6.2.3. Capacity Planning and Performance Requirements: • Quarterly capacity planning reports for all infrastructure • 12-month capacity forecast for compute, storage, and network • Performance baseline documentation for all systems • Trend analysis and growth modelling • Resource utilisation monitoring and alerting • Infrastructure right-sizing recommendations • Capacity planning for user growth (20% year-on-year allowance) • Network bandwidth utilisation trending and forecasting • Storage growth analysis and forecasting • Database sizing and growth projections • Application performance benchmarking quarterly • "What-if" scenario modelling for capacity planning • Capacity constraint identification and remediation plans • Infrastructure lifecycle management planning (5-year view) • Monthly capacity management reports to ICT steering committee • Automated capacity threshold alerting 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Performance optimisation recommendations quarterly 5.2.5 Backup Infrastructure: • Backup solution supporting all platforms (Windows, macOS, Linux, VMware, Azure) • Deduplicate and compression ratios documented • Backup bandwidth management should not impact production • Backup storage sizing: 30 days retention × 3 copies (3-2-1 rule) • Off-site backup copy in a geographically separate location Backup Schedule: • Tier 1 systems: Hourly incremental, daily full, RPO 1 hour • Tier 2 systems: 6-hourly incremental, daily full, RPO 4 hours • Tier 3 systems: Daily incremental, weekly full, RPO 24 hours • Tier 4 systems: Weekly full backup, RPO 24 hours Recovery Testing: • Monthly restore test for random Tier 1 systems • Quarterly restore test for Tier 2 systems • Semi-annual restore test for Tier 3/4 systems • Annual full DR site restore test • File-level recovery: 95% within 2 hours • Application-level recovery: 95% within RTO • Monthly backup report including success rates, capacity, and failed backups 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” Backup Security: • Backup data encryption at rest (AES-256) • Backup data encryption in transit (TLS 1.3) • Backup administrator access via PAM solution • Immutable backup copies for ransomware protection • Air-gapped backup copy updated weekly • Backup integrity verification daily • Backup job monitoring and alerting 24/7 6.2.4. Security Management • Comprehensive cybersecurity, including endpoint protection • Network security monitoring with 24/7 SOC capabilities • Regular security assessments and vulnerability management • Compliance management supporting government regulatory requirements • Backup and disaster recovery with tested restoration procedures 6.2.5. Software Asset Management and Licensing • Comprehensive software asset management solution implementation • Microsoft 365 licence optimisation and management • Software licence compliance monitoring and reporting • Licence harvesting and reallocation • Software usage analytics and optimisation • Annual software licence true-up and reconciliation 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Software vendor relationship management • End-of-life software identification and remediation • Software standardisation and rationalisation • License cost forecasting and budgeting support • Software audit preparation and support • Cloud subscription management (SaaS/PaaS/IaaS) • Enterprise agreement management • Software assets register maintenance • Quarterly licence optimisation recommendations 5.2.5 Print Infrastructure and Management • Centralised print management solution across all offices (Konica Minolta) • Secure print release (follow-me printing) • Print quota management per user/department • Print cost allocation and chargebacks • Mobile and cloud printing capability • Printer fleet monitoring and management (250 users + interns) • Consumables management and automated ordering • Print security policies (watermarking, confidential printing) • Print audit trails for compliance • Energy-efficient printer settings and monitoring • Print job reporting and analytics • Printer driver management and deployment • Document scanning and digital workflow integration 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Paperless initiatives support • Monthly print usage reporting by department/user 5.2.6 Business Intelligence and Analytics • Executive dashboard development (Power BI) • ICT metrics dashboard (availability, performance, incidents) • Financial reporting integration from SAGE • Training and learner analytics from LMS • Custom report development (up to 30 reports per year) • Self-service reporting portal for authorised users • Data warehouse for historical trend analysis • Predictive analytics for capacity planning • Mobile BI access (Power BI mobile app) • Scheduled report distribution • Report performance optimisation • User training on BI tools • Data visualisation best practices implementation • Integration with Microsoft 365 for collaboration • Monthly business review reports for executive management 6.3. Business Applications and Systems 6.3.1. Core Business Applications • Microsoft 365 environment optimisation and management • Financial management system support • HR and payroll system integration • Document management and collaboration platforms 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Skills development tracking and reporting systems 6.3.2. Stakeholder Engagement Platforms • Public-facing website maintenance and hosting • Stakeholder portal development and management • Mobile applications for learner and employer engagement • Integration with the Department of Higher Education systems 6.3.3. Enhanced Service Desk Capabilities: • ITIL v4 compliant service desk processes with documented procedures • Self-service portal with a comprehensive knowledge base (minimum 200 articles) • AI-powered chatbot for tier-0 support (24/7 availability) • Mobile service desk app (iOS and Android) • Remote desktop support tools (TeamViewer, Any Desk or equivalent) • Automated ticket categorisation and routing • Service catalogue with 50+ documented services • Knowledge base search functionality with relevance ranking • User satisfaction surveys after ticket closure • Major incident management procedures • Problem management process with root cause analysis • Asset management integration with service desk • Multi-language support (English, Afrikaans, Zulu minimum) • Video support capability for complex issues • Screen recording for issue documentation 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Automated escalation based on SLA breaches • Monthly knowledge base content review and updates • Service desk dashboard accessible to management (real-time) 6.4. Detailed Technical Infrastructure Specifications 6.4.1. Server Room Environmental Requirements 6.4.1.1. Head Office Server Room Standards: • Physical Security: • Biometric access control with audit logging • 24/7 CCTV monitoring with 90-day retention • Environmental monitoring with real-time alerting • Fire suppression system (FM-200 or equivalent clean agent) • Water detection sensors with automatic shut-off • Power Infrastructure: • Dual-feed power supply from separate utility substations • N+1 redundant UPS systems with a minimum 30-minute runtime at full load • UPS capacity: Minimum 40kVA for full server room load • Generator backup with automatic transfer switch (ATS) • Generator fuel capacity: Minimum 72 hours continuous operation • Power distribution units (PDUs) with remote monitoring • Surge protection and power conditioning • Cooling and Climate Control: • Precision air conditioning with N+1 redundancy • Target temperature: 18-27°C (ASHRAE standards) • Target humidity: 40-60% relative humidity 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Hot aisle/cold aisle containment system • Temperature and humidity monitoring with alerts • Backup cooling system for emergencies • Structured Cabling: • Category 6A or better for all data connections • Fibre optic backbone (single-mode and multi-mode) • Cable management system with proper labelling • Minimum 30% spare capacity for growth • Proper separation of power and data cables 6.4.1.2. Provincial Office Infrastructure: • Secure lockable network cabinet (minimum 12U) • Climate control (air conditioning or adequate ventilation) • UPS protection: Minimum 15-minute runtime • Environmental monitoring (temperature alerts) • Basic physical security (lockable cabinet, access control) 6.4.1.3. Advanced Wireless Infrastructure: • WIFI 6 (802.11ax) access points minimum • Separate SSID for corporate, guest, and IoT devices • Guest WIFI with sponsored access and terms acceptance • Location-based services and WIFI analytics • Wireless intrusion prevention system (WIPS) • Rogue AP detection and mitigation • WIFI capacity planning and heat mapping 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Wireless site surveys for all office locations • High-density deployment for training rooms (50+ concurrent users) • WIFI bandwidth management and QoS • Client device visibility and troubleshooting • Automatic RF optimisation • Seamless roaming between APs (fast roaming) • Guest WIFI bandwidth throttling (10Mbps per user) • WIFI usage analytics and reporting • Integration with the NAC solution • Wireless bridge support for remote areas • WIFI uptime requirement: 99.5% per office 6.5. Network Security Infrastructure Specifications 6.5.1. Next-Generation Firewall (NGFW) Requirements: • Throughput Performance: • Firewall throughput: Minimum 10 Gbps • IPS throughput: Minimum 5 Gbps • Application control throughput: Minimum 5 Gbps • VPN throughput: Minimum 2 Gbps • Threat prevention throughput: Minimum 3 Gbps • Capacity and Sessions: • Concurrent sessions: Minimum 2 million • New sessions per second: Minimum 100,000 • VPN tunnels: Minimum 500 site-to-site 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • SSL VPN concurrent users: Minimum 200 • Maximum throughput with all security features enabled: Minimum 3 Gbps • Security Features Required: • Deep packet inspection (DPI) for all traffic • Application-level filtering and control • Intrusion Prevention System (IPS) with automatic updates • Anti-malware and anti-virus scanning • SSL/TLS inspection for encrypted traffic • Web content filtering with category-based policies • Advanced threat protection with sandboxing • Geo-blocking and reputation-based filtering • DDoS protection and mitigation • Zero-day threat protection • Management and Visibility: • Centralised management console for all firewalls • Real-time traffic visibility and analytics • User and application-based reporting • High-availability (HA) configuration with automatic failover • Virtual firewall support for segmentation • API integration for automation 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6.5.2. VPN Requirements: • Site-to-site VPN for all provincial offices • SSL VPN for remote users (minimum 200 concurrent) • Multi-factor authentication (MFA) for VPN access • Split tunnelling capability • Per-application VPN policies • Mobile VPN support (iOS and Android) 5.5.3 Identity and Access Management Requirements • Azure Active Directory Premium implementation and optimisation • Hybrid identity architecture (Azure AD Connect) • Single Sign-On (SSO) across all business applications • Multi-factor authentication (MFA) enforcement for all users • Conditional access policies based on location, device, and risk • Privileged Identity Management (PIM) for administrative access • Just-in-time (JIT) access for elevated privileges • Identity governance and administration • Access reviews and attestation (quarterly) • Privileged access workstation (PAW) implementation • Password policy enforcement and password less authentication • Service account management and governance • Identity protection and risk-based policies • B2B guest access management • Self-service password reset (SSPR) • Identity lifecycle management automation • Role-based access control (RBAC) framework across all systems 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” 6.6. Security Information and Event Management (SIEM/SOC) Requirements 6.6.1. SIEM Platform Specifications: • Log Collection and Retention: • Minimum log sources: 250+ devices and applications • Log collection rate: Minimum 5,000 events per second (EPS) • Real-time log ingestion with a maximum 5-second delay • Hot storage: 90 days of searchable logs • Warm storage: 1 year of compressed logs • Cold storage: 7 years for compliance (encrypted archive) • Log Sources to be Integrated: • All firewalls and network security devices • Domain controllers and Active Directory • Windows servers and workstations (security events) • Linux/Unix servers (syslog) • Microsoft 365 (audit logs, email security) • Database servers (access and query logs) • Application servers and web servers • VPN and remote access systems • Physical and virtual infrastructure • Cloud services (Azure, AWS if applicable) • Endpoint protection platforms • Network devices (switches, routers, wireless) • Correlation and Analytics: 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Real-time correlation engine with custom rules • Machine learning and behavioural analytics • User and Entity Behaviour Analytics (UEBA) • Advanced threat detection using threat intelligence feeds • Automated incident creation and prioritisation • Pre-built correlation rules for common threats • Custom rule development capability • Integration with global threat intelligence feeds • Incident Response Integration: • Automated playbooks for common security incidents • Integration with the ticketing system for incident tracking • Case management for security investigations • Evidence collection and chain of custody • Automated response actions (account lockout, isolation, etc.) • Integration with endpoint detection and response (EDR) 6.6.2. Security Operations Centre (SOC) Services: • 24/7/365 Monitoring: • Dedicated South African-based SOC analysts • Three-tier SOC structure (L1, L2, L3 analysts) • Minimum 2 analysts per shift • Average analyst experience: Minimum 3 years in security operations • SOC Service Deliverables: • Real-time security event monitoring and analysis • Threat hunting and proactive investigation 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Security incident investigation and response • Vulnerability correlation with active threats • Threat intelligence analysis and reporting • Security metrics and KPI tracking • Weekly threat briefings • Monthly executive security reports • Response Procedures: • Initial triage: Within 15 minutes of critical alert • Incident classification: Within 30 minutes • CETA notification: Within 1 hour for high/critical incidents • Containment actions: Within 2 hours for critical incidents • Full incident report: Within 24 hours of containment 6.7. Endpoint Protection Specifications 6.7.1. Endpoint Detection and Response (EDR) Requirements: • Coverage: • All Windows workstations and servers (180+ endpoints + interns) • macOS devices • Linux servers • Mobile devices (iOS and Android) • Protection Capabilities: • Next-generation anti-malware with AI/ML detection • Behavioural analysis and anomaly detection • Exploit prevention and mitigation 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Ransomware protection with automatic rollback • Zero-day threat protection • Fileless malware detection • Script and macro attack prevention • Memory protection and buffer overflow prevention • Detection and Response: • Real-time threat detection and alerting • Automated threat containment and isolation • Endpoint activity recording (process, network, file) • Forensic data collection and analysis • Threat hunting capabilities across all endpoints • Root cause analysis for security incidents • Integration with SIEM for centralised visibility 6.7.2. 5.7.5 Modern Desktop Management • Windows Autopilot implementation for zero-touch deployment • Endpoint device lifecycle management (procurement to disposal) • Automated application deployment (win32, MSIX, LOB apps) • Windows Update for Business management • Feature update rings and pilot groups • Configuration profiles via Intune/GPO • Desktop-as-a-Service (DaaS) evaluation and implementation if beneficial • Thin client infrastructure for secure areas (if required) • Virtual desktop infrastructure (VDI) for remote/intern users (if required) 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Standard operating environment (SOE) design and maintenance • Application compatibility testing for Windows updates • Device imaging and deployment automation • Hardware refresh programme planning and execution • Device provisioning time target: <30 minutes from box to productive • Automated driver management and updates 6.7.3. Data Loss Prevention (DLP) Requirements: • Data Classification: • Automatic content classification based on sensitivity • Support for POPIA data categories (personal information) • Custom classification policies for CETA data types • Labelling integration with Microsoft 365 • DLP Controls: • Email DLP (outbound email scanning and blocking) • Endpoint DLP (USB, printing, screen capture control) • Web/Cloud DLP (upload blocking to unauthorised sites) • Network DLP (data in motion monitoring) • Policy-based encryption for sensitive data • User notification and policy education • Device Encryption Requirements: • Full disk encryption (BitLocker or equivalent) for all devices • Centralised key management and recovery 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173 Request For Proposal “Developing Skills. Serving Society” • Pre-boot authentication capability • Removable media encryption enforcement • Encryption status monitoring and reporting • Compliance reporting for audit purposes • Application Control: • Whitelist/blacklist application management • Unsigned application blocking • Browser and plugin control • Peripheral device control (USB, Bluetooth, etc.) • Privilege management and elevation control 6.8. Email Security Requirements 6.8.1. Advanced Threat Protection (ATP) for Email: • Anti-Phishing Protection: • URL rewriting and safe links inspection • Real-time URL reputation checking • Spear-phishing detection using machine learning • Business email compromise (BEC) protection • CEO fraud and impersonation detection • Domain spoofing protection (DMARC, SPF, DKIM enforcement) • Malware Protection: • Multi-engine anti-malware scanning • Sandbox detonation for suspicious attachments • Polymorphic malware detection 52 14th Road, Noordwyk, Midrand, 1687 +27 11 265 5901 scmtenders@ceta.co.za www.ceta.org.za of 173

No specific requirements found