dongping 发表于 2022-12-17

Tender Notice

Tender Notice
Tender Notice
111-17
NYDFS Cyber Security Requirements Comply, Audit, and Consult                  
Bank of Taiwan, New York Branch
Procurement Department, Mr. Tin
212-968-8128 ext.39               
12/21/2022 17:00 EST
12/22/2022 09:30 EST

1.1    The consultant must have following qualifications and experiences:
1.1.1   Assisted 3 or more financial institutions (FIs) acquired ISO 27001 certificate.
1.1.2         Assisted FIs in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, and SWIFT Customer Security Program.
1.1.3         Implemented information security management system, acquired ISO 27001:2013 or another similar certificate. Certificates shall continue to be effective during the project period.
1.2    The project manager must have following qualifications:
1.2.1   At least 5-year experiences in information security management projects.
1.2.2   Acquired one of following certificates: ISO27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP).
1.2.3   Performed NYDFS 23 NYCRR 500 compliance review for at least three FIs.
1.3    Team members of the project must have one of following qualifications:
1.3.1   Assisted FIs acquired ISO 27001 certificate and assisted overseas branches of financial institutions in information security compliance, including experience in NYCRR 500, FFIEC Cybersecurity Assessment Tool, SWIFT Customer Security Program.
1.3.2   ISO27001 Lead Auditor, Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), or Offensive Security Certified Professional (OSCP).
1.4    Other qualification refers to Tender Documents.
https://www.bot.com.tw/latest news/business announcement


Bidder is required to provide due diligence documents specified by the procuring entity. The relevant due diligence documents may include cybersecurity related policies and procedures, company profile, company registration certificate, business contingency plan, and overall disaster recovery plan, etc.


页: [1]
查看完整版本: Tender Notice