PAM Clarification Questions and Answers - CORP 4214

Questions Answers 1. In the briefing session yesterday, the following After internal discussions regarding this question was raised: On gate-keep no 2—can we gatekeeper, Eskom has decided to retain it as is. provide international references- currently it states Eskom requires the respondent to have local local- Eskom said in the session yesterday that presence, and to have implemented the proposed international references would be acceptable, but solution within South Africa. they said that they in writing that local references will suffice. 2. Please indicate the total number of IT Administrators Eskom has a total of (100+5=105) administrators that currently manage the Eskom PAM Landscape? as specified in the tender. Please refer to the pricing schedule. 3. Please indicate if there are multiple installations or Eskom has one primary, centralised Data Centre there is a centralised data centre. and one DR site. Additionally, there are nine regional sites with servers and desktops that connect to the Data Centres via WAN links. 4. Do you operate on a Centralised Data Centre Model Eskom has a primary, centralised Data Centre or a Decentralised Data Centre Model? with one DR site [see point 3 above]. 5. If decentralised, how many Data Centres are there? Eskom has a primary, centralised Data Centre with one DR site [see point 3 above]. 6. Change Management – are we expected to provide The successful tenderer is expected to render the you with change management resources to execute change management service to prepare Eskom or just provide you with a plan? administrators to adopt, and use, the solution. 7. On your pricing Workbook , on the Resource Criteria The pricing workbook will be updated to explicit tab you ask for a Project Manager qualification and project management services. This is a service- on the pricing schedule under Professional Services based tender, which means that Eskom requires you refer to Change Management , please clarify the services as identified in the tender documents, i.e. Project Management; Solution Design; Change Management; and Development, testing, implementation and configuration services. The The services should, at a minimum, include the resources specified in the pricing workbook i.e. Project manager, Solution Designer /Architect, as well as the Solution Technical Specialist. Additional resources can be provided as seen fit by the respondents to render the service. Refer to updated pricing worksheet 8. The PAM landscape specifies the number of end End-point privilege security must be user desktops as 35,000. So is there a need to implemented on all 35,000 desktops, i.e. the implement EPS (Endpoint privilege security) solution must manage privileged accounts on component also? workstations and servers. If EPS is not required then the number of in-scope servers comes down from 43254 to 8254. Therefore please confirm if EPS is required? 9. If EPS is required then what are the requirements Eskom has SCCM implemented that could be around EPS? DO you have a SCCM solution in place used to push the agents to end-points. to push EPS agents on end user's machines or this would need to be done manually? 10. Does the solution need to cover even the network As per the tender [see the PAM Technical devices? Please clarify. Evaluation Criteria], the solution must allow the management of privileged accounts on network devices. 11. What is the estimated number of Privileged This number is not known and respondents accounts in the current environment that needs to should refer to the information made available in be managed? the tender document. 12. What is the current process of managing the Privileged accounts are currently not managed privileged accounts on these systems? consistently, thus the need for this tender to acquire a PAM solution. 13. What is the current process used for storage of Privileged accounts and passwords are addressed privileged passwords to systems? Is there an existing in Eskom Security Policy but the management security policy that covers the usage and life cycle thereof is difficult due to the lack of a PAM. management of account passwords? Does it cover privileged passwords as well? 14. How many locations are in scope for supporting Eskom has one primary, centralised Data Centre Privileged Access Management solution? and one DR site. Additionally, there are nine - Number of Datacentres are in scope regional sites with servers and desktops that - Number of Geo's connect to the Data Centres via WAN links. Different sites from which the IT users will access the PAM solution? (Ex: Geographical segregation, AUS , Singapore , US Office, Europe Office etc.)

15. What is the process used when any of the existing All passwords are subject to regular changes administrators with the knowledge of the privileged when password expiry is reached. passwords leaves the organization? 16. How many environments need to be built? The solution must be implemented in QA, Pre- (Dev/Test/Prod/DR). Is there a DR site identified? Prod and Production, as well as in DR. Eskom has - Please share the details one DR site. 17. What will be the source of user identities for PAM User identities are provisioned and de- tool? provisioned by Eskom’s existing IAM solution. - Please share the details Please refer to the PAM Technical Evaluation Criteria for details. 18. Is there any requirement for integrating PAM with The solution must integrate with the ticketing ticketing system? system using standard Web Services or APIs. The - Please share the details current ticketing system may be replaced and the proposed solution should integrate with any other replacement ticketing system. 19. Please specify if the PAM solution needs to be The PAM solution must integrate to Eskom’s MFA integrated with any two factor authentication solution. The integration should be through solution? If any Two Factor Solution already in place standard Web Services or APIs. or being considered? Please refer to the PAM Technical Evaluation - Name Criteria for details. - Technology details e.g. Version 20. Any other information - 21. What is going to be the expected support window? Maintenance and support will be for 3 years, including the year of implementing the solution. 22. Is there a L1 business help desk available to address Eskom has an IT Help Desk to service user first level tickets? requests. 23. Is there any ticketing tool available? How will end Eskom users will call the Eskom IT Help Desk or users raise ticket in case of any issues log calls through the Eskom ticketing system.