Provision of an Identity and Access Management Solution for the University of Birmingham
The selected solution will be required to integrate with and extend the existing security framework and public key infrastructure (PKI) used for authentication and access control.
UK-Birmingham: Software package and information systems
2013/S 087-148148
Contract notice
Services
Directive 2004/18/EC
Section I: Contracting authority
I.1)Name, addresses and contact point(s)
University of Birmingham
Edgbaston
Contact point(s): University of Birmingham
For the attention of: Jaina Rathod
B15 2TT Birmingham
UNITED KINGDOM
Telephone: +44 1214158806
E-mail: j.rathod@bham.ac.uk
Internet address(es):
General address of the contracting authority: http://www.bham.ac.uk
Address of the buyer profile: https://in-tendhost.co.uk/universityofbirmingham
Electronic access to information: https://in-tendhost.co.uk/universityofbirmingham
Electronic submission of tenders and requests to participate: https://in-tendhost.co.uk/universityofbirmingham
Further information can be obtained from: The above mentioned contact point(s)
Specifications and additional documents (including documents for competitive dialogue and a dynamic purchasing system) can be obtained from: The above mentioned contact point(s)
Tenders or requests to participate must be sent to: The above mentioned contact point(s)
I.2)Type of the contracting authority
Body governed by public law
I.3)Main activity
Education
I.4)Contract award on behalf of other contracting authorities
The contracting authority is purchasing on behalf of other contracting authorities: no
Section II: Object of the contract
II.1)Description
II.1.1)Title attributed to the contract by the contracting authority:
Provision of an Identity and Access Management Solution for the University of Birmingham.
II.1.2)Type of contract and location of works, place of delivery or of performance
Services
Service category No 1: Maintenance and repair services
NUTS code UKG31
Service category No 1: Maintenance and repair services
NUTS code UKG31
II.1.3)Information about a public contract, a framework agreement or a dynamic purchasing system (DPS)
The notice involves a public contract
II.1.4)Information on framework agreement
II.1.5)Short description of the contract or purchase(s)
The University of Birmingham has a large, varied and mature suite of IT systems spread across many departments. Many of these have evolved over time or have been implemented to meet specific local requirements. This has resulted in a very high degree of complexity and some duplication of functionality. In addition, this means that data and services can be hidden from potential consumers due to the difficulty in finding, identifying and combining them.
The University’s IT Strategy defines five major themes for the next five years Advancing the University, Effective Information Stewardship, University Operational Excellence, IT Complexity Reduction and IT Functional Excellence. Upgrading and enhancing the information security framework is an important measure that contributes to the realization of the strategy and forms part of an overarching architecture vision that also includes enhanced collaboration tools, integrated communications and middleware.
Part of this will be the implementation of an Identity and Access Management (IAM) application to provide a single source for identity information covering all University staff, students and external collaborators. The IAM system will consolidate and extend the scope of identity management at the University, replacing legacy software and filling gaps. IAM is of central importance in the Internet age and is likely to be involved in most of the projects and initiatives that the University will undertake over the next few years.
The selected solution will be required to integrate with and extend the existing security framework and public key infrastructure (PKI) used for authentication and access control.
The legacy BIIS application is nearing end of life and will need to be replaced in the near future. There is an accumulating backlog of requests for changes and increasing difficulty in running a system that was not designed for the demands being made of it.
The current system manages around 60,000 user accounts.
An integrated, endtoend approach is needed to identity management that recognizes the need for a subject to fill multiple roles and maintain multiple electronic addresses concurrently or spread over time.
Integrated identity management is needed to support social networking and other new applications while maintaining confidentiality and consistency.
Productivity gains are available through rationalizing and refining business processes that involve interaction with the IAM system, in areas such as human resources and student management. The IAM system must allow the University to benefit from such productivity gains through the use of a workflow engine.
The University’s IT Strategy defines five major themes for the next five years Advancing the University, Effective Information Stewardship, University Operational Excellence, IT Complexity Reduction and IT Functional Excellence. Upgrading and enhancing the information security framework is an important measure that contributes to the realization of the strategy and forms part of an overarching architecture vision that also includes enhanced collaboration tools, integrated communications and middleware.
Part of this will be the implementation of an Identity and Access Management (IAM) application to provide a single source for identity information covering all University staff, students and external collaborators. The IAM system will consolidate and extend the scope of identity management at the University, replacing legacy software and filling gaps. IAM is of central importance in the Internet age and is likely to be involved in most of the projects and initiatives that the University will undertake over the next few years.
The selected solution will be required to integrate with and extend the existing security framework and public key infrastructure (PKI) used for authentication and access control.
The legacy BIIS application is nearing end of life and will need to be replaced in the near future. There is an accumulating backlog of requests for changes and increasing difficulty in running a system that was not designed for the demands being made of it.
The current system manages around 60,000 user accounts.
An integrated, endtoend approach is needed to identity management that recognizes the need for a subject to fill multiple roles and maintain multiple electronic addresses concurrently or spread over time.
Integrated identity management is needed to support social networking and other new applications while maintaining confidentiality and consistency.
Productivity gains are available through rationalizing and refining business processes that involve interaction with the IAM system, in areas such as human resources and student management. The IAM system must allow the University to benefit from such productivity gains through the use of a workflow engine.
II.1.6)Common procurement vocabulary (CPV)
48000000, 72200000, 48900000, 48810000
II.1.7)Information about Government Procurement Agreement (GPA)
The contract is covered by the Government Procurement Agreement (GPA): yes
II.1.8)Lots
This contract is divided into lots: no
II.1.9)Information about variants
Variants will be accepted: no
II.2)Quantity or scope of the contract
II.2.1)Total quantity or scope:
II.2.2)Information about options
Options: no
II.2.3)Information about renewals
This contract is subject to renewal: no
II.3)Duration of the contract or time limit for completion
Duration in months: 60 (from the award of the contract)
Section III: Legal, economic, financial and technical information
III.1)Conditions relating to the contract
III.1.1)Deposits and guarantees required:
n/a
III.1.2)Main financing conditions and payment arrangements and/or reference to the relevant provisions governing them:
n/a
III.1.3)Legal form to be taken by the group of economic operators to whom the contract is to be awarded:
n/a
III.1.4)Other particular conditions
The performance of the contract is subject to particular conditions: no
III.2)Conditions for participation
III.2.1)Personal situation of economic operators, including requirements relating to enrolment on professional or trade registers
Information and formalities necessary for evaluating if the requirements are met: as per the PQQ and tender documentation
III.2.2)Economic and financial ability
Information and formalities necessary for evaluating if the requirements are met: as set out in the PQQ and tender documentation
Minimum level(s) of standards possibly required: as set out in the PQQ and tender documentation
Minimum level(s) of standards possibly required: as set out in the PQQ and tender documentation
III.2.3)Technical capacity
Information and formalities necessary for evaluating if the requirements are met:
as set out in the PQQ and tender documentation
Minimum level(s) of standards possibly required:
It is recommended that Suppliers review the Minimum Standards below prior to submitting a response.
1) IAM must be capable of being the master data source for some information while allowing other system to be the master for other information. It is anticipated that some data will be stored in the IAM system only. This should be configurable and extensible. Provide detail on how this is achieved.
2) IAM must be capable of receiving data from master sources in a variety of formats including text, html, database tables. Provide details of the formats supported.
3) The proposed solution must provide good information management including archiving of expired data and selective recovery of data from the archive. Give details of the information management functions provided.
4) IAM must be secure. Describe the security mechanisms provided in the proposed solution.
5) IAM must protect the confidentiality of information held within it using authentication, authorisation and encryption. Describe how this would be ensured using the proposed solution
6) IAM must implement role-based access control (RBAC). Provide details of the functionality of RBAC in the proposed solution.
7) IAM must keep an audit trail of all access to data held within it and all changes made, including the identity of the user or system responsible. Required to enforce non-repudiation. Provide details of the scope of the audit trail provided and the functionality within it.
8) IAM must integrate with Active Directory and other directory services using LDAP. Provide details of the integration provided in the proposed solution.
9) The system must participate in single sign on (SSO). Please state the mechanisms supported to achieve this.
10) The proposed solution must be compatible with the Data protection Act (DPA) and other relevant legislation. Provide details of any relevant legislation and how the proposed solution ensures compliance.
as set out in the PQQ and tender documentation
Minimum level(s) of standards possibly required:
It is recommended that Suppliers review the Minimum Standards below prior to submitting a response.
1) IAM must be capable of being the master data source for some information while allowing other system to be the master for other information. It is anticipated that some data will be stored in the IAM system only. This should be configurable and extensible. Provide detail on how this is achieved.
2) IAM must be capable of receiving data from master sources in a variety of formats including text, html, database tables. Provide details of the formats supported.
3) The proposed solution must provide good information management including archiving of expired data and selective recovery of data from the archive. Give details of the information management functions provided.
4) IAM must be secure. Describe the security mechanisms provided in the proposed solution.
5) IAM must protect the confidentiality of information held within it using authentication, authorisation and encryption. Describe how this would be ensured using the proposed solution
6) IAM must implement role-based access control (RBAC). Provide details of the functionality of RBAC in the proposed solution.
7) IAM must keep an audit trail of all access to data held within it and all changes made, including the identity of the user or system responsible. Required to enforce non-repudiation. Provide details of the scope of the audit trail provided and the functionality within it.
8) IAM must integrate with Active Directory and other directory services using LDAP. Provide details of the integration provided in the proposed solution.
9) The system must participate in single sign on (SSO). Please state the mechanisms supported to achieve this.
10) The proposed solution must be compatible with the Data protection Act (DPA) and other relevant legislation. Provide details of any relevant legislation and how the proposed solution ensures compliance.
III.2.4)Information about reserved contracts
III.3)Conditions specific to services contracts
III.3.1)Information about a particular profession
Execution of the service is reserved to a particular profession: no
III.3.2)Staff responsible for the execution of the service
Legal persons should indicate the names and professional qualifications of the staff responsible for the execution of the service: no
Section IV: Procedure
IV.1)Type of procedure
IV.1.1)Type of procedure
competitive dialogue
IV.1.2)Limitations on the number of operators who will be invited to tender or to participate
Objective criteria for choosing the limited number of candidates: as set out in the PQQ and tender documentation
IV.1.3)Reduction of the number of operators during the negotiation or dialogue
Recourse to staged procedure to gradually reduce the number of solutions to be discussed or tenders to be negotiated no
IV.2)Award criteria
IV.2.1)Award criteria
The most economically advantageous tender in terms of the criteria stated in the specifications, in the invitation to tender or to negotiate or in the descriptive document
IV.2.2)Information about electronic auction
An electronic auction will be used: no
IV.3)Administrative information
IV.3.1)File reference number attributed by the contracting authority:
FRAM274/13
IV.3.2)Previous publication(s) concerning the same contract
no
IV.3.3)Conditions for obtaining specifications and additional documents or descriptive document
Time limit for receipt of requests for documents or for accessing documents: 5.6.2013 – 12:00
Payable documents: no
Payable documents: no
IV.3.4)Time limit for receipt of tenders or requests to participate
5.6.2013 – 12:00
IV.3.5)Date of dispatch of invitations to tender or to participate to selected candidates
IV.3.6)Language(s) in which tenders or requests to participate may be drawn up
English.
IV.3.7)Minimum time frame during which the tenderer must maintain the tender
IV.3.8)Conditions for opening of tenders
Persons authorised to be present at the opening of tenders: no
Section VI: Complementary information
VI.1)Information about recurrence
This is a recurrent procurement: no
VI.2)Information about European Union funds
The contract is related to a project and/or programme financed by European Union funds: no
VI.3)Additional information
VI.4)Procedures for appeal
VI.4.1)Body responsible for appeal procedures
not applicable
UNITED KINGDOM
Body responsible for mediation procedures
not applicable
UNITED KINGDOM
VI.4.2)Lodging of appeals
VI.4.3)Service from which information about the lodging of appeals may be obtained
not applicable
UNITED KINGDOM
VI.5)Date of dispatch of this notice:30.4.2013