PS23-DB-005 - REQUEST FOR PROPOSAL - Cybersecurity Hardening Services

REQUEST FOR PROPOSALS – CYBERSECURITY HARDENING SERVICES 
 
ABOUT FCC 
 
FCC is Canada’s leading agriculture and food lender, dedicated to the industry that feeds the world. FCC employees are committed to the long-standing success of those who produce and process Canadian food by providing flexible financing, AgExpert business management software, information and knowledge. FCC provides a complement of expertise and services designed to support the complex and evolving needs of food businesses. As a financial Crown corporation, FCC is a stable partner that reinvests profits back into the industry and communities it serves. For more information, visit fcc.ca. 
 
RFP CONTACT 
 
Dhruv Bhatt  
Procurement Manager 
Farm Credit Canada  
procurement@fcc.ca 
 
RFP SCOPE 
 
FCC supports over 2000 internal users in 100 offices across Canada, and leverages an outsourced data center, AWS and Azure cloud environments as well as a number of SaaS applications. FCC leverages partnerships to manage our security posture and protect information and is looking for a partner to help with the cybersecurity hardening services.  FCC would like to receive relevant threat intelligence information about possible threats to FCC assets so we may respond accordingly based on risk assessments. FCC would like to perform various exercise activities, including red teaming, pen testing, targeted vulnerability scanning and social engineering attacks so we may assess our defenses and make improvements based on gap analysis.  FCC would like to receive best practices guidance and thought leadership in the domain of cybersecurity hardening and security controls to improve our cybersecurity posture. 
Cybersecurity hardening Proponent is  expected to be able to provide the following services: 

• Threat hunting 
• Threat intelligence 

• Red teaming exercises 
• Social Engineering testing exercises including, but not limited to, phishing, smishing, and vishing 
• Network vulnerability assessments and penetration testing 
• Application vulnerability assessments and penetration testing 
• Infrastructure vulnerability assessments and penetration testing 

• Knowledge transfer, mentoring, guidance, recommendations and training of FCC cyber security staff on the aforementioned items 

• All conditions for Proponent participation are included in the RFP documents. 
• Duration of Contract: Refer to details of RFP  
• Options: Refer to details of RFP  

• Estimated Quantity of Goods or Services: N/A 
• Timeframe of Delivery of Goods or Services:  N/A 

• RFP Release Date:  October 5th, 2023 
• Proponent Questions Accepted Until:  October 18th ,2023 at 2:00PM* 
• FCC Response to Proponent Questions Delivered Before:  October 31st, 2023 at 5:00PM* 
• RFP Closing Date/Time: November 10, 2023, at 2:00PM* 

• This opportunity is covered under the provisions of Chapter 5 (Government Procurement) of the Canadian Free Trade Agreement (CFTA) and Chapter 19 (Government Procurement) of the Canada-European Union Comprehensive Economic and Trade Agreement (CETA). 

• FCC is subject to the Official Languages Act (Canada). Proponents may choose to respond to this RFP in their official language of choice (English or French). 
• This opportunity notice references a non-binding, competitive RFP, and is not a call for tenders. FCC is not obligated to proceed with the Work described in the RFP Scope, and may cancel the RFP at any time. FCC’s procurement process allows for consecutive or concurrent negotiations between FCC and one (1) or multiple Proponents, prior to awarding a Contract. 

• This Request for Proposals (RFP), including any attachments and amendments to such RFP, is available for download by the Proponent on MERX. MERX is a Canadian Public Tenders electronic bidding system accessible at https://www.merx.com. It is the sole responsibility of the Proponent to ensure its compatibility with MERX. 
• Proponent proposals MUST be submitted electronically through MERX, preferably in a PDF or MS Word file, prior to the RFP Closing Date/Time specified in the RFP. Proposals submitted in other formats, by other methods or through any other means, or after the RFP Closing Date/Time specified in the RFP, may be rejected by FCC.