Name: Cyber Security Audit for NPS Trust
Start: 2024-05-06
End: 2024-05-28
Location: National Pension System Trust

Organization Details:

Organization Name:

National Pension System Trust

Country:

India

Contact Person:

Address:

Contact Details - Email:

Phone

Notice Details:

Notice Type

Tender Notice

Bidding Type

Other

Notice No.

81492683

Deadline

2024-05-28

Description

RFP for selection of
auditor to conduct
Cyber Security Audit for NPS Trust
NATIONAL PENSION SYSTEM TRUST
TOWER B, B-302, THIRD FLOOR,
WORLD TRADE CENTER, NAUROJI NAGAR,
NEW DELHI 110029
6
th May, 2024
NPST/19/19/1/2024-IT
Cyber Security Audit
Background
National Pension System Trust (NPS Trust) was established by PFRDA as per the provisions of the
Indian Trusts Act of 1882 for taking care of the assets and funds under the NPS in the best interest of
the subscribers. The powers, functions and duties of NPS Trust are laid down under the PFRDA
(National Pension System Trust) Regulations 2015, besides the provisions of the Trust deed dated
27.02.2008. NPS Trust is the registered owner of all assets under the NPS architecture and pension
funds purchase the securities on behalf of the NPS Trust. However, subscribers remain the beneficial
owner of the securities, assets and funds under NPS. For more information please visit the website
https://npstrust.org.in.
Current IT infrastructure of NPS Trust
NPS Trust Website and Mobile App: NPS Trust launched its new website https://npstrust.org.in in
July, 2023 which carries enhanced user experience and provides seamless access to information
related to the National Pension System (NPS) and Atal Pension Yojana (APY). The same is hosted in
NIC. NPS Trust mobile app is available for both Android and IOS.
Digital Compliance Monitoring System: NPS Trust has developed a Digital Compliance Monitoring
System which is a web interface for the users of intermediaries to upload and submit the compliance
reports to NPS Trust. The licenses of the system have been procured in the name of NPS Trust. NPS
Trust users can view deviations, accept/reject the submitted data, view and access the accepted
reports. The SAS analytics dashboard of DCMS represents the consolidated data. The application is
hosted on Google Cloud. The portal carries licenses of Liferay and SAS.
E-mail and e-office: NPS Trust has availed the e-mail and e-office services from NIC. E-office provides
a workflow-based system that includes an efficient electronic system to store documents. It has features
such as digital signature certificate, role-based access, authentication, easy tracking and transparency.
Other IT infrastructure: NPS Trust has availed the leased line services from ACT Fibernet, has 2
MTNL WIFI connections and has installed a firewall. All employees of NPS Trust are assigned a laptop
and stand-alone desktops are assigned to the outsourced staff.
Eligibility Criteria:
The bidder should be empanelled with CERT-In and NICSI under application security audit and
compliance services.
Scope of work
For the purpose of conducting an on-premises comprehensive cyber security audit, the broad
scope of work includes the following:
a. Conduct a comprehensive Cybersecurity Audit of NPS Trust IT Infrastructure in
conformance with Information and Cyber Security Policy of NPS Trust and the latest
version of “Cyber Security Audit Baseline Requirements” by National Security Council
Secretariat followed by CERT-In and ascertain the ISO 27001 and ISMS readiness.
b. The scope of Audit shall broadly cover the following areas:
i. Current IT infrastructure of NPS Trust
ii. Information security policies
iii. Human resource security
iv. Asset management
v. Access control
vi. Physical and environmental security
vii. Operations security
viii. Communications/Network security
ix. Vendor/Service provider relationships
x. Information security incident management
xi. Information security aspects of business continuity management
xii. Data security for alignment with the Digital Personal Data Protection Act, 2023
c. Conduct Vulnerability Assessment / Penetration Test of the NPS Trust’s IT setup,
website and network, wherever necessary. Based on the findings, suggest corrective
actions / redressals / mitigation of risks / non- conformities and provide a comprehensive
roadmap to counter the assessed / potential vulnerabilities.
d. Submit detailed audit report containing security gap analysis based on which action
would be taken by NPS Trust.
e. Conduct post audit compliance verification subsequently to ensure remediation action
taken against all the observation points/gaps and submit a detailed report and analysis
on the latest cyber security status of NPS Trust.
f. Certify the infrastructure / web applications as “Safe for Hosting” and provide the final
certification.
g. Maintain all the mandatory standards of cyber security audit guidelines / regulations of
CERT-IN
h. Review of NPS Trust existing IT and cyber security policies and Procedures and
recommend suitable measures for adopting best practices in line with ISO 27001 and
ISMS readiness.
i. Recommend suitable Cyber Crisis Management Plan (CCMP) and strategy framework
to counter cyber-attack threats
j. Recommend on the Security Assurance Measures to be undertaken while embracing Cloud
Adoption
Selection of Auditor
The bidder submitting the lowest commercial bid (Total cost including GST) will be selected for
the execution of the project. The commercial bid must be submitted in the below format in the
letter head of the firm in a sealed cover to the address: The General Manager, NPS Trust, B302, Tower B, World Trade Centre, Nauroji Nagar, Delhi 110029 on or before 28th May,
2024, 15:00 hrs.
Estimated man-days
Resource wise cost break-up Resource
Designation
Cost in Rs.
(NICSI rate)
excl. GST
Audit cost in Rs. excluding GST
Total Cost in Rs. excluding GST
GST
Total Cost in Rs. including GST
(Amount in words _)
DOCUMENTS TO BE SUBMITTED
I. A duly signed valid empanelment lette

Soft Copy

Soft copy

Documents

Download documents

In case you are unable to document the documents, please copy the link and paste it in a new tab.

View National Pension System Trust tenders for free on Global Tenders

Filter Your Search