PDCTELCO/RFP-NGN/001/2026 Date Issued: 19th March 2026

Provision of Managed Security Operations Center (SOC) Monitoring Service (Sovereign SOC) for PDC Telecommunication Services Sdn Bhd (PDC Telco).

1. Executive Summary

PDC Telco's network infrastructure forms the backbone of Penang's digital connectivity ecosystem. As a critical provider of telecommunications infrastructure and digital services, ensuring the security, availability, and resilience of this infrastructure is of strategic importance.

To strengthen its cybersecurity posture, PDC Telco is issuing this Request for Proposal (RFP) to procure a Managed Security Operations Center (SOC) Monitoring Service to provide continuous security monitoring, threat detection, and incident response advisory services.

The selected vendor will deliver 24×7 security monitoring, centralized log analysis, threat detection, and incident investigation through a structured SOC operational model. The service shall include real-time monitoring, alert triage, security event correlation, and incident escalation to assist PDC Telco in responding effectively to cybersecurity threats.

The SOC platform shall be deployed within the PDC Telco infrastructure environment, ensuring that telemetry and operational data remain hosted and processed within Malaysia in support of a sovereign SOC operating model.

The implementation of this SOC capability aims to:

• Provide continuous monitoring and detection of cybersecurity threats
  
  
• Improve visibility of security events across infrastructure and network environments
  
  
• Reduce operational burden on internal IT teams through managed monitoring services
  
  
• Enhance compliance readiness and regulatory alignment

The proposed SOC solution shall provide the necessary security controls, continuous monitoring, and audit-ready reporting to actively assist PDC Telco in achieving and maintaining compliance with the Personal Data Protection Act (PDPA), ISO/IEC 27001, the Cybersecurity Act 2024, and the Malaysian Communications and Multimedia Commission (MCMC) Information Network Security Guidelines (INSG).

2. Company Overview

PDC Telecommunications Services Sdn Bhd (PDC Telco) is a telecommunications infrastructure provider supporting the digital connectivity ecosystem within the State of Penang. The organization plays a key role in enabling broadband infrastructure, network services, and digital connectivity for government agencies, enterprises, and strategic development initiatives.

As part of its commitment to delivering reliable and secure digital infrastructure, PDC Telco continuously enhances its cybersecurity posture to safeguard its operational technology, network infrastructure, and digital services from evolving cyber threats.

The deployment of a dedicated Security Operations Center (SOC) capability is a strategic initiative to ensure continuous monitoring, early detection of threats, and improved incident response capabilities across its infrastructure environment.

3. Project Overview & Objective

PDC Telco intends to implement a Managed Security Operations Center (SOC) Monitoring Service to strengthen the organization's cybersecurity monitoring and incident detection capabilities.

The SOC service will provide centralized log collection, event correlation, security monitoring, and threat analysis across PDC Telco's internal infrastructure, servers, applications, and network devices.

The primary objectives of this initiative are to:

• Establish continuous 24×7 monitoring of security events across PDC Telco infrastructure
  
  
• Detect and analyze cybersecurity threats affecting network and server environments
  
  
• Improve operational visibility of security activities through centralized monitoring
  
  
• Support regulatory compliance and internal audit readiness
  
  
• Enable faster incident detection, investigation, and response coordination

The SOC service will operate as a managed monitoring capability, with the vendor providing SOC expertise, monitoring operations, and incident analysis while working closely with the PDC Telco internal IT team for escalation and response coordination.

4. Project Requirements and Scope

The SOC service shall support PDC Telco's regulatory compliance and governance requirements. The solution should facilitate monitoring and reporting capabilities that align with applicable cybersecurity and data protection frameworks including:

· Personal Data Protection Act (PDPA)

· ISO/IEC 27001 Information Security Management System requirements

· Cybersecurity Act 2024

· Malaysian Communications and Multimedia Commission (MCMC) Information Network Security Guidelines (INSG)

5. Deployment Model

The SOC platform shall be deployed within the PDC Telco infrastructure environment to ensure that telemetry data, log data, and monitoring systems remain under the organization's operational control.

Remote monitoring and analysis by the vendor's SOC analysts (within Malaysia) is permitted; however, all log data and telemetry shall remain hosted within Malaysia in accordance with sovereign cybersecurity operational practices.

6. Continuous Monitoring

The vendor shall provide 24×7 continuous security monitoring services through a dedicated SOC team. The monitoring service shall include:

· Security event monitoring and alert triage

· Event correlation and threat analysis

· Security incident investigation and escalation

· Incident response advisory support

7. SIEM and Security Analytics Capability

The SOC platform shall provide centralized log ingestion, event correlation, and security analytics across PDC Telco's production infrastructure.

The solution should provide visibility across, but not limited to, the following environments:

• Operating Systems: Windows Server, Linux-based systems (RHEL, Ubuntu, Debian), and virtualized infrastructure
  
  
• Network Infrastructure: routers, switches, firewalls, VPN gateways, and network security appliances
  
  
• Identity Services: Active Directory, authentication and access control services
  
  
• Core Network Services: DNS, DHCP, NTP and related infrastructure services
  
  
• Applications: internally hosted enterprise applications and web services
  
  
• Network telemetry including mirrored network traffic where available
  
  

8. Network Traffic Monitoring

The SOC platform should support monitoring of network telemetry obtained via SPAN or mirrored network traffic from core network segments where available. This capability should enable detection of suspicious network behavior, abnormal traffic patterns, and potential network-based threats.

9. Log Ingestion Capacity

The SOC platform shall be capable of ingesting and processing approximately 70GB of log data per day on average, originating from PDC Telco's core operational infrastructure. The solution should be scalable to accommodate future growth in log volume.

10. Log Retention

The vendor shall support a log retention policy of 1 year, structured as follows:

• Hot Storage: 3 months of searchable logs for operational monitoring and incident investigation
  
  
• Cold Storage: 9 months of archived logs for compliance and forensic purposes

Archived logs shall remain retrievable for forensic analysis when required.

11. Service Level Agreement (SLA)

The vendor shall provide a clearly defined Service Level Agreement for security incident monitoring and escalation.

For critical security incidents, the SOC team shall acknowledge alerts within 30 minutes and initiate investigation immediately. Escalation to PDC Telco shall occur according to the agreed incident response workflow.

12. Regulatory Licensing

The vendor must demonstrate compliance with relevant Malaysian cybersecurity regulatory requirements and should hold appropriate cybersecurity service licensing issued by the National Cyber Security Agency (NACSA) where applicable.

13. Local Technology Recognition

Preference will be given to solutions recognized under the MySTI (Malaysia Science, Technology and Innovation) Inventory of Products and Services, demonstrating alignment with national innovation and technology development initiatives.

14. Sovereign SOC & Localized Governance

Vendors shall demonstrate operational presence in Malaysia and ensure that SOC monitoring infrastructure and telemetry data remain hosted within the country. This requirement supports sovereign cybersecurity operations and ensures localized support capabilities.

15. Operational Reporting

The vendor shall provide periodic operational reporting to PDC Telco including:

• Monthly SOC monitoring reports
  
  
• Summary of detected security events and incidents
  
  
• Threat trend observations
  
  
• Security posture insights and recommendations

16. Threat Intelligence Integration

The SOC platform should leverage global and regional threat intelligence feeds to enhance detection of emerging cyber threats and malicious indicators. These

intelligence sources should support correlation with observed security events within the PDC Telco environment.

17. Vulnerability Assessment

The vendor shall be capable of conducting bi-annual network vulnerability assessments utilizing premium vulnerability signatures. The scope of these assessments shall cover up to 20 public or private IP addresses within PDC Telco's operational infrastructure. This capability should enable the proactive identification of security weaknesses, misconfigurations, and potential attack vectors to maintain a resilient security posture.

18. Evaluation Criteria

Proposals will be evaluated based on a 100-point scoring system. Vendors shall meet all mandatory requirements to be considered for full scoring.

19. Non-Disclosure Agreement (NDA):

To ensure the confidentiality of information provided during this RFP review and the proposal process, all applicants are required to submit a Non-Disclosure Agreement (NDA) with their proposal. The NDA shall be signed by an authorized representative of your company before submitting the proposal.

The NDA is available for download along with this RFP notice.

20. Key Dates & Contact Information

• RFP Issued: 19th March 2026
• 
  Deadline for Submission: 01st April 2026 (before 12.00pm)
• 
  Contact Person: Muhammad Firdaus bin Hashim / firdaus@pdctelco.com.my 
  
  

21. Submission Instructions

To complete your submission, please:

RFP document that have been completed should be placed in a sealed envelope and labeled "PDCTELCO/RFP-NGN/001/2026: PROVISION OF MANAGED SECURITY OPERATIONS CENTER (SOC) MONITORING SERVICE (SOVEREIGN SOC) FOR PDC TELECOMMUNICATION SERVICES SDN BHD (PDC TELCO)". The documents must be submitted to the below-mentioned office address on or before 12:00 noon, 01st April 2026.

PDC Telecommunication Services Sdn. Bhd.
1-12A-12A, SUNTECH@Penang Cybercity,
Lintang Mayang Pasir 3,
Bandar Bayan Baru
11950 Bayan Lepas, Pulau Pinang
Telefon : 04-640 6644
Faks     : 04-640 6640

Isnin - Jumaat (9.00am-05.00pm)

Rehat (Isnin – Khamis: 1.00pm-2.00pm) & (Jumaat: 12.15pm-2.45pm)