The subject of this tender is the delivery of software tools that will ensure support for cybersecurity.

These software tools will improve the hospital's preparedness for future challenges in cyberspace security and IT environment management. The selected solutions will comply with current standards and recommendations in the field of information technology.

The subject matter of performance includes:

2FA - VPN access
• 2FA solution using FortiClient - this would be an extension of the existing licenses over technologies that the contracting authority has.

Cybersecurity, asset management and recording of security incidents
• The product provides a comprehensive tool for ensuring the cybersecurity of an organization, focusing on the management of information assets and monitoring security incidents. It allows for systematic recording and classification of assets, including assigning responsibility and determining their importance from a security standpoint. The solution also includes a robust module for monitoring and logging security incidents, which allows for the recording, analyzing, and escalating of potential incidents. By providing a centralized approach to asset and incident data, the product facilitates risk management, supports compliance with legislative requirements (e.g. NIS2, ZOKB), and increases readiness for cyber threats.

Privileged Account Management - PIM/PAM
• Privileged Account Management (PIM/PAM) refers to a set of tools and processes used for the secure management of access for users with elevated privileges to sensitive systems and data. The goal is to minimize the risks of abuse of administrator accounts by centralizing, tightening, and continuously monitoring access. PIM (Privileged Identity Management) solutions focus on managing and time-limiting assigned privileges, while PAM (Privileged Access Management) ensures their secure use – for example, through audits, approval processes, session recording, or multi-factor authentication.

Endpoints - Software and Hardware assets
• The tool serves for effective management and control of software and hardware assets within the organization. It allows automated collection of information regarding installed software, hardware configuration, and user activities on endpoints. It supports software license management, optimizes the use of IT resources, and ensures compliance with both internal and external requirements. Through clear outputs and statistics, it provides data for decision-making and increases transparency in IT asset management.

Network scanning and documentation
• A tool for thorough analysis and documentation of the organization's network infrastructure. The aim is to provide an objective and independent view of the current state of the network, identify potential weaknesses, and propose specific measures for its optimization and security. The service includes creating or updating network documentation and providing recommendations for further infrastructure development.

DLP
• The Data Loss Prevention (DLP) tool offers comprehensive protection of sensitive information across various channels, including endpoints, networks, email, web, and cloud applications. It enables organizations to identify, classify, and protect important data in real-time, thus minimizing the risk of unintentional or intentional leakage. Through centralized policy and incident management via a unified console, administrators can effectively monitor and respond to security events. The system also offers features for user education through immediate alerts and justification requests in case of policy violations, which helps raise awareness of security practices. The solution supports compliance with various regulatory frameworks, such as GDPR, HIPAA, and PCI DSS, and provides extensive reporting and analysis options for audit purposes. Its modular architecture allows the system to be tailored to the specific needs of the organization and integrated with other security tools to enhance overall data protection.

Firewall log storage extension
• The tool serves as an advanced extension for centralized analysis, evaluation, and management of logs from security devices and network infrastructure. It allows gathering and correlating events from various sources, providing a real-time overview of the security situation. With advanced reporting capabilities, threat detection, forensic analysis, and support for audit activities, it serves as a key element in ensuring compliance with both internal and external security requirements. Its deployment increases visibility across the entire infrastructure and streamlines incident responses within the organization's security ecosystem.

A detailed description of the performance is provided in the technical specification, which is Appendix No. 1 (1a - 1g) of the tender documentation.

The offered solution must include all specified individual items and all related services for delivery and implementation, as required. Part of the offer must include a description of the performance offered by the supplier, in accordance with the requirements of the contracting authority (including filling out Appendices No. 1 (1a - 1g) of the tender documentation).

The contracting authority hereby informs the suppliers that it is, within the meaning of Act No. 181/2014 Coll., on cybersecurity and on the amendment of related laws, as amended (hereinafter referred to as the “Act”), a mandatory entity (i.e. according to § 3 (f) and (g) of the Act, the contracting authority is the administrator and operator of the information system of the basic service), and further warns that it is, pursuant to § 4 (2) of the Act, obligated to implement and maintain security measures to the extent necessary to ensure cybersecurity of the operated systems. In accordance with § 4 (4) of the Act, the contracting authority is required to consider the requirements arising from security measures when selecting a supplier. Taking into account the requirements arising from security measures cannot therefore be considered an unlawful restriction of competition or an unreasonable obstacle to competition.

LOT-0001
Development of Cybersecurity for Klaudián Hospital – Software Tools.
The subject of this tender is the delivery of software tools that will ensure support for cybersecurity.

These software tools will improve the hospital's preparedness for future challenges in cybersecurity and IT environment management. The selected solutions will comply with current standards and recommendations in the field of information technology.

The subject matter of performance includes:

2FA - VPN access
• 2FA solution using FortiClient - this would be an extension of the existing licenses over technologies that the contracting authority has.

Cybersecurity, asset management and recording of security incidents
• The product provides a comprehensive tool for ensuring the cybersecurity of an organization, focusing on the management of information assets and monitoring security incidents. It allows for systematic recording and classification of assets, including assigning responsibility and determining their importance from a security standpoint. The solution also includes a robust module for monitoring and logging security incidents, which allows for the recording, analyzing, and escalating of potential incidents. By providing a centralized approach to asset and incident data, the product facilitates risk management, supports compliance with legislative requirements (e.g. NIS2, ZOKB), and increases readiness for cyber threats.

Privileged Account Management - PIM/PAM
• Privileged Account Management (PIM/PAM) refers to a set of tools and processes used for the secure management of access for users with elevated privileges to sensitive systems and data. The goal is to minimize the risks of abuse of administrator accounts by centralizing, tightening, and continuously monitoring access. PIM (Privileged Identity Management) solutions focus on managing and time-limiting assigned privileges, while PAM (Privileged Access Management) ensures their secure use – for example, through audits, approval processes, session recording, or multi-factor authentication.

Endpoints - Software and Hardware assets
• The tool serves for effective management and control of software and hardware assets within the organization. It allows automated collection of information regarding installed software, hardware configuration, and user activities on endpoints. It supports software license management, optimizes the use of IT resources, and ensures compliance with both internal and external requirements. Through clear outputs and statistics, it provides data for decision-making and increases transparency in IT asset management.

Network scanning and documentation
• A tool for thorough analysis and documentation of the organization's network infrastructure. The aim is to provide an objective and independent view of the current state of the network, identify potential weaknesses, and propose specific measures for its optimization and security. The service includes creating or updating network documentation and providing recommendations for further infrastructure development.

DLP
• The Data Loss Prevention (DLP) tool offers comprehensive protection of sensitive information across various channels, including endpoints, networks, email, web, and cloud applications. It enables organizations to identify, classify, and protect important data in real-time, thus minimizing the risk of unintentional or intentional leakage. Through centralized policy and incident management via a unified console, administrators can effectively monitor and respond to security events. The system also offers features for user education through immediate alerts and justification requests in case of policy violations, which helps raise awareness of security practices. The solution supports compliance with various regulatory frameworks, such as GDPR, HIPAA, and PCI DSS, and provides extensive reporting and analysis options for audit purposes. Its modular architecture allows the system to be tailored to the specific needs of the organization and integrated with other security tools to enhance overall data protection.

Firewall log storage extension
• The tool serves as an advanced extension for centralized analysis, evaluation, and management of logs from security devices and network infrastructure. It allows gathering and correlating events from various sources, providing a real-time overview of the security situation. With advanced reporting capabilities, threat detection, forensic analysis, and support for audit activities, it serves as a key element in ensuring compliance with both internal and external security requirements. Its deployment increases visibility across the entire infrastructure and streamlines incident responses within the organization's security ecosystem.

A detailed description of the performance is provided in the technical specification, which is Appendix No. 1 (1a - 1g) of the tender documentation.

The offered solution must include all specified individual items and all related services for delivery and implementation, as required. Part of the offer must include a description of the performance offered by the supplier, in accordance with the requirements of the contracting authority (including filling out Appendices No. 1 (1a - 1g) of the tender documentation).

The contracting authority hereby informs the suppliers that it is, within the meaning of Act No. 181/2014 Coll., on cybersecurity and on the amendment of related laws, as amended (hereinafter referred to as the “Act”), a mandatory entity (i.e. according to § 3 (f) and (g) of the Act, the contracting authority is the administrator and operator of the information system of the basic service), and further warns that it is, pursuant to § 4 (2) of the Act, obligated to implement and maintain security measures to the extent necessary to ensure cybersecurity of the operated systems. In accordance with § 4 (4) of the Act, the contracting authority is required to consider the requirements arising from security measures when selecting a supplier. Taking into account the requirements arising from security measures cannot therefore be considered an unlawful restriction of competition or an unreasonable obstacle to competition.