BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 1 of 50
REQUEST FOR PROPOSAL (RFP)
For
Empanelment of Information Security and Audit Service Providers [ISASPs]
For Information Security Cell [ISC] and
Information Systems Audit Cell [ISAC]
Ref: HO: BOI/HO/RMD/INFOSEC/2014/112
Dated 31.10.2014 [Friday]
The information provided in response to this Request For Proposal (RFP) will
become the property of the bank and will not be returned. The Bank reserves
the right to amend, rescind or reissue this RFP and all amendments will be
advised to the bidders and such amendments will be binding on them. The
Bank also reserves the right to accept or reject any or all the responses to this
RFP without assigning any reasons whatsoever.
This document is prepared by Bank of India for its Empanelment of
Information Security and Audit Service Providers [ISASPs]. It should not be
reissued or copied or used either partially or fully in any form.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 2 of 50
CONTENTS
PART DESCRIPTION PAGE
NO.
1. INVITATION TO BID (ITB) 3
2. DISCLAIMER 6
3. INSTRUCTIONS FOR BIDDERS (IFB) 7
4. TERMS & CONDITIONS OF CONTRACT (TCC) 26
5. ADDRESSES FOR NOTICES
31
6. BID FORMS, PRICE SCHEDULES AND OTHER FORMS 32
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 3 of 50
PART 1
INVITATION TO BID [ITB]
1. Background:-
Bank of India is a leading and innovative Public Sector Bank, having its registered office in
Mumbai. The Bank has 4800+ branches in India spread over all states / union territories including
150+ specialized branches and 36+ Extension Counters. Bank has 6 Staff Training Centers
[STCs]. M/s HP is the solution provider for Finacle CBS application and the system integration.
These branches are controlled through 50 Zonal Offices [ZOs] under six National Banking
Groups [NBGs]. The Bank has a dominant presence abroad with 56+ branches / offices. The
Bank is listed at both NSE & BSE. The Bank has 5,700+ ATMs spread over the Country.
2. Objectives:-
The bank has its primary Data Centre [DC] and Near Site in Mumbai and its Disaster Recovery
[DR] site at Bengaluru. The Data Center serves the domestic branches in India, Overseas
Branches, Offices of the Bank and Regional Rural Banks [RRBs] sponsored by Bank of India.
The Data Center houses various other applications and resources. The database environment is
a heterogeneous mix of UNIX, Linux, HP-Unix, AIX, Solaris and Windows platforms, with
databases like Oracle, SQL, PostgreSQL, Networking devices like CISCO, Check Point etc. The
Bank has Integrated Treasury Operations in Mumbai.
With multifarious servers, databases, network devices and applications serving as components of
the critical infrastructure, continuous maintenance, management and monitoring of the resources
are required.
The Bank had called for Expression of Interest (EOI) on the Bank’s website on 12.08.2014 for
Empanelment of Information Security Service Providers [ISSPs] from eligible vendors. Vendors
with their preferred services have participated in that process and made presentations to
understand the details about the various services offered by them.
3. General Terms and Conditions in brief:-
Now Bank of India invites sealed bids from the eligible Bidders to participate in this RFP for
empanelment of ISASPs under the following terms and conditions;
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 4 of 50
a) Fulfillment of eligibility criteria as mentioned below. These are MANDATORY and are to be
included in Technical Bid, without which the Bid is liable to be rejected.
b) Bank reserves the right to change the evaluation process for adherence to CVC guidelines
and / or better transparency as it deems fit.
c) This RFP is to empanel eligible firms to provide various services and activities related to
Information Security and Information Systems Audit for the Bank.
d) Bank’s decision on admissible and acceptable evidences is binding on the bidder.
e) Bank may have two groups of empanelment of ISASPs. Basing on the marks obtained in
Evaluation of Technical Bids, panels of the Groups will be decided by the Bank.
f) Bank will reserve list of empaneled ISASPs to be used as per Bank’s discretion.
g) The purpose of the grouping is only to form two tiers for management convenience,
criticality of operations to be handled effectively etc.
h) It is the discretion of the Bank to decide which group an ISC / ISAC related exercise /
assignments would be allocated.
i) The Bank will communicate to the empaneled vendors about the objective, scope,
eligibility requirements, deliverables, time lines, any other information that is deemed fit for
smooth execution of the assignment and services.
j) The vendor would submit their quote regarding deployment of resources, number of man-
days required for the specific assignment.
k) The selected empaneled bidder has to provide the documentation / presentation for the
assignment for PRE and POST implementation of the services during the process of
actual process of assignment. We would also like to inform the bidders that, the Bank has
a complex infrastructure with multiple resources maintained and managed through multiple
vendors. So the bidder has to coordinate with the service providers of different
applications / system integrators [SI] of the Bank to carry out assignment/s.
l) Upon empanelment Bidder is required to enter into an appropriate Service Level
Agreement [SLA], wherein Clause for active Participation in the various Assignments and
Services offered by Bank from time to time during the complete tenure of agreement.
4. Non Refundable Bid Amount:-
A Non-refundable bid amount o f `. 5 ,000/- [ R u p e e s F i v e T h o u s a n d o n l y ] to be
paid by means of a demand draft / pay order favouring “Bank of India" payable at Mumbai
towards the cost of the Bid Application.
The Technical Bid envelop, without Bid Amount would be treated as non-responsive and
in such case, financial / price bid envelop would not be opened.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 5 of 50
5. Empanelment Period:-
The empanelment of ISASPs is proposed to be for a period of five years. This would be subject
to annual review. Bank reserves the right to de-empanel any empanelled ISASP. Empanelment
does not confer any rights on the vendors to necessarily receive assignments / jobs. This
allocation of assignments / jobs will be at the sole discretion of the Bank. Empaneled ISASPs are
required to enter into Service Level Agreement [SLA] and Non-Disclosure Agreement [NDA]. The
decision of the Bank in this regards will be final.
6. Schedule / Relevant Dates of this RFP:-
RFP Issuance Date 31/10/2014 – FRIDAY
Last date for requesting any clarifications by Email 13/11/2014 up to 12.00 noon – THURSDAY
Pre-bid meetings for clarifications. 14/11/2014, 4.00 To 5.00 p.m. – FRIDAY
Last Date & Time for Receipt of Bids at our Office. 25/11/2014 by 3.00 p.m. – TUESDAY
Date and Time of opening of Technical Bids 25/11/2014, 4.00 p.m. - TUESDAY
Representatives of bidder may be present
during opening of Technical bid, however, it
would be opened even in the absence of
any or all of the bidder`s representative.
Presentation on experience, proposed approach,
work plan and methodology
1st Week of December 2014 – Exact schedule will be advised separately.
Date and time of opening of Commercial Bids 2nd Week of December 2014 – Exact schedule will be advised separately.
Contact Persons & Telephone Numbers Shri Sanjay Save @ ISC – 6668 4974 & Shri R. K. Pamnani @ ISAC – 6131 9425
Address for Communication & Submission of bid The General Manager, Risk Management Department, Information Security Cell, 4th Floor, East Wing, Star House - I, C-5, G-Block, Bandra Kurla Complex, Bandra East, Mumbai – 400 051. Email: [email protected]
Availability of Bid Document and all other related
communications.
Available on our Website – www:\bankofindia.co.in under Tender Section
Bank reserves the right to change the dates / time mentioned in the RFP if any, which will be
communicated to bidders through our Website / Email separately.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 6 of 50
PART – 2
DISCLAIMER
The information contained in this Request for Proposal (RFP) document or information provided
subsequently to bidder(s) or applicants whether verbally or in documentary form by or on behalf
of Bank of India (BOI - Bank), is provided to the bidder(s) on the terms and conditions set out in
this RFP document and all other terms and conditions subject to which such information is
provided.
This RFP is neither an agreement nor an offer and is only an invitation by BOI [Bank] to the
interested parties for submission of bids. The purpose of this RFP is to provide the bidder(s) with
information to assist the formulation of their proposals. This RFP does not claim to contain all the
information each bidder may require. Each bidder should conduct its own investigations and
analysis and should check the accuracy, reliability and completeness of the information in this
RFP and where necessary obtain independent advice. BOI makes no representation or warranty
and shall incur no liability under any law, statute, rules or regulations as to the accuracy, reliability
or completeness of this RFP. BOI may in its absolute discretion, but without being under any
obligation to do so, update, amend or supplement the information in this RFP.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 7 of 50
PART – 3
INSTRUCTIONS FOR BIDDERS (IFB)
TABLE OF CLAUSES
Clause No.
Topic Clause
No. Topic
A. Introduction 3.16 Period of Validity of Bids
3.1 General Background 3.17 Format and Signing of Bid
3.2 Broad Scope of Work D. Submission of Bids
3.3 Consortium 3.18 Sealing and Marking of Bids
3.4 Cost of Bidding. 3.19 Deadline for Submission of Bids
3.5 Eligibility Criteria 3.20 Late Bids
B. Bidding Documents 3.21 Modification & Withdrawal of Bids
3.6 Content of Bidding Documents E. Bid Opening and Evaluation
3.7 Clarification of Bidding Documents 3.22 Opening of Technical Bids by the Bank
3.8 Amendment of Bidding Documents 3.23 Clarification of Bids
C. Preparation of Bids 3.24 Preliminary Examination
3.9 Language of Bid 3.25 BID Evaluation & Comparison of Price Bids
3.10 Format / Documents & Signing of the Bid
3.26 Contacting the Bank
3.11 Bid Prices / Rates
F. Award of Contract
3.12 Bid Currencies 3.27 Bank’s Rights
3.13 Documents establishing Bidder’s Eligibility and Qualifications
3.28 Notification of Award
3.14 Documents establishing eligibility and conformity
3.29 Signing of Contract
3.15 Bid Security
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 8 of 50
A. Introduction
3.1 General Background
Bank of India (hereinafter referred to as the “Bank”) intends to prepare a panel of reputed Information Security and Audit Service Providers [ISASP], Information Security [IS] Consulting Organisations, Information Technology [IT] Auditors, Information Systems [IS] Audit Agencies / Firms [including Chartered Accountant Audit Firms with CISA qualified Auditors], Cyber Security Auditors and Forensic Consultants etc. for carrying out various activities, assignments and assistance to Information Security and IT / IS Audit related work of Information Security Cell [ISC] in Risk Management Department and Information Systems Audit Cell [ISAC] in Inspection and Audit Department of the Bank. The Bank has mixed environment of IT outsourcing and managing in-house. During the past decade, the Bank has strengthened its IT infrastructure. To embark upon its ambitious growth plan and meet present and future need of Bank’s business, Bank is under process of undergoing IT up gradation process with latest available technology.
The complexity of bank’s IT operations has really increased demanding higher level of IS skills and Monitoring the IS Operations, as IS Audit requirements as well. The Bank invites ‘Request for Proposal [RFP] from reputed Companies / firms / Service Providers who have proven experience in the field of work related to Information Security, IT/IS Audit, Cyber Security and related work and fulfil the eligibility criteria as laid down in this document.
Bank intends to have an Empanelment of Information Security and Audit Service Providers [ISASPs] for Information Security / IT & IS Audit related work, for approximately for a period of five years at Bank’s discretion. This would be subject to annual review. In case the empaneled ISASP do not respond to the quotation / inquiry by Bank on three occasions or do not perform / execute the assignment during the validity of the empanelment, they may be delisted from the Panel by the Bank. The decision of the Bank will be final and binding to the Empaneled ISASPs.
3.2 Broad Scope of Work [SoW]
Types of present and future activities and services required by our ISC and ISAC of the Bank are covered / defined in this RFP is illustrative and indicative but not exhaustive. The scope may also undergo changes / updates due to implementation of new products, technology, projects, configuration requirements, business needs, legal and regulatory requirements etc. Broad SoW is as under;
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 9 of 50
1) Services on Information Security & Audit Projects and Security Certifications
2) Assistance in implementation of ISC and or ISAC related Project/s and Tools
3) IT and IS Audits including Outsourced Activities and Third Party Audits.
4) Technological Risk Assessment [TRA], Risk Profiling and Threat Perception of Assets,
GAP Analysis, Third Party Outsourcing Activities etc.
5) Documentation – Policy, Process, Procedure Creation / Review / Modification etc.
6) Immediate Risk Mitigation Measures / suggestive steps
7) Vulnerability Assessment [VA]
8) Penetration Testing [PT]
9) Application Security Testing
10) ISC and ISAC related work related Application Development and Services
11) Secured Configuration Documents [SCDs]
12) Network Audit and Supervision
13) Database Audits / Migration Audit
14) Cyber Security Audit
15) Application Audits / Website Audit / ATM Network Audit
16) Fraud Investigation
17) Forensics Investigation
18) BCP / DR Preparedness / Readiness
19) Data Centers, Treasury Branch, DR / NR Sites / Data warehouse Audit
20) Assistance in Training and Security Awareness
21) Assurance Services as per Regulatory requirements where Bank has Branches / Offices
22) Advanced Real Time Threat Intelligence including Anti-Phishing, Anti- Trojan, and Anti-
Malware Services, Zero Day Vulnerabilities etc. services for Security Project Management
and Services.
23) Assistance in Compliance
24) Assist / suggest ISC / ISAC related changes due to transformative technology like Mobility,
Virtualisation, Cloud, Social Networking, Service-Oriented Architecture (SOA) etc.
25) Assess & Develop IS performance dashboard focused on ROI with a mechanism and
process to convey value of investment on IS infrastructure across the Bank including Top
Management using industry standard Benchmark
26) Assisting in Network Security including Virtualisation, wireless & Mobile Technologies
27) Review / set up IS Controls, Standards, Metrics their effectiveness and adequacy
28) Any other activity as decided by the Bank during the empanelment period.
3.3 Consortium
Any type of formation of consortium, sub-contracting and joint assignment will not be allowed /
considered. Such proposal will be disqualified.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 10 of 50
3.4 Cost of Bidding
The Bidder shall bear all costs associated with the preparation and submission of its Bid /
POC / Presentations etc., and the Bank will in no case be responsible or liable for these
costs, regardless of the conduct or outcome of the Bidding process.
3.5 Eligibility Criteria - Pre-Requisite Qualification
The Bid is open to all Bidders who fulfil the following eligibility criteria. Bidders are required to
submit their Bids along with supporting documents. If the Bid is NOT accompanied by ALL the
required documents together with CHECK LIST as per FORMAT – 6.13 supporting and
confirming eligibility criteria, the same would be REJECTED. No further communication will be
entertained in this regards.
Sr.
No.
Eligibility Criteria Enclose - Required
Documents as Proof
To be
Marked as
1 Bidder should be Indian Company / Firm /
Organisation, registered in India under
Companies Act 1956 or related Act at least for
the past FIVE years i.e. established on or
before 01.04.2009.
Certificate of Incorporation
/ Date of Establishment /
Registered Organisation.
EC – 1
2 Bidder should be empaneled with CERT-IN. CERT-IN Certificate EC – 2
3 Bidders should have experience & expertise in
handling Assignments / Services related to IS /
IS-IT Audit in India in BFSI Sectors in last
THREE years i.e. On or after 01.11.2011.
They must have carried out Minimum TWO
Information Security and or IS Audit related
Assignments in BFSI during preceding year
i.e. on or after 01.11.2013 for a duration of
minimum 15 Man-Days.
1> Details of Assignments
and Experience Certificate
from BFSI Sectors
together with PO as per
- FORMAT – 6.6.
2> Number of different
types of activities carried
out in Banks in past 3
years i.e. after 01.11.2011
- FORMAT – 6.7.
EC – 3
4 Bidder should have NET Profit in last THREE
Financial Years [i.e. 2011-2012, 2012-2013
and 2013-2014].
Audited Balance Sheet,
P&L or Certificate from
CA.
EC – 4
5 Bidder should have minimum Turnover of
`. 10.00 Crores in the last Financial Year.
Certificate from CA. EC – 5
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 11 of 50
6 Fair Practice Code by Bidder – No [Black
Listing, Barred, Litigation] by ANY
Regulator / Statutory Body / Sector.
Present and Past Litigations / Disputes [if
any], Out come and present status – Self
Certificate.
Self-Declaration giving
full details of Blacklisting,
litigations etc. [if any
please give results /
present status with proof
as an evidence.]
EC – 6
7 Bidder should have Minimum TEN staff with
any of the following qualifications /
Certifications.
I> CISA II> CISSP, III> CISM, IV> PCI-DSS,
V> ISO 27001 LA/LI Holder, VI> COBIT
Certificate Holder, VII> CEH, VIII> ISO 22301
LA/LI, IX> CCNA, X> COBIT Certification, XI>
CRISC, XII> CHFI, XIII> GIAC, XIV> SSCP,
XV> Any Other Specialised Products /
Domains related Professional Qualifications /
Certifications [Please Specify].
Provide details of No. of
staff having listed
certificates after avoiding
duplication. Multiple
Certificate Holders will be
counted once only. Total
10 Staff. FORMAT – 6.8.
EC – 7
8 Check List of Enclosures of all related
documents including Bid Amount of `. 5,000/=.
As per the CHECK List.
FORMAT – 6.13.
EC – 8
NOTES on Qualification / Eligibility Criteria:-
1> Assignments done during past three years i.e. on or after 01.11.2011 should only be
mentioned.
2> While it is desired to empanel vendors of versatile exposure and resources in the
Information Security and IS / IT Audit related activities for entrusting jobs from time to time
in any of the areas mentioned hereinabove, Bank at its sole and absolute discretion,
may opt for empanelment of firms with well-known specialised expertise in specific areas,
for limited empanelment for some specified activities only, in case of not fully and or
partly complying with all and or any of clauses stated above but are able to present
equivalent expertise in their specific areas, for specific jobs on a case to case basis.
3> ALL Documents are to be signed by the Authorised Signatories of the Bidders.
4> Supporting documents shall be copy of Work Order [PO], letters from clients on their letter
head, contacts of clients including Scope of Work [SoW] for all the relevant assignments
carried out during past three years from the date of RFP.
5> Brochures / Emails attached shall not be considered for evaluation.
6> Information Security and IT / IS Audit Services does not include sale of Products.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 12 of 50
7> The Eligibility criteria mentioned in the RFP like turnover, staff experience, number of
qualified staff etc., should be maintained by the service provider till the end of the
empanelment period/contract period.
8> CHECK LIST in FORMAT– 6.13 must be enclosed.
B. The Bidding Documents
3.6 Content of Bidding Document/s
3.6.1 The Solution required, Bidding procedures, and contract terms are prescribed in the
Bidding Documents. The Bidding Documents includes:
(a) PART 1 - Invitation To Bid (ITB)
(b) PART 2 - Disclaimer
(c) PART 3 - Instruction For Bidders (IFB)
(d) PART 4 - Terms and Conditions of Contract (TCC)
(e) PART 5 - Technical and Functional Formats and Specifications (TFF / TFS)
(f) PART 6 - Bid Forms, Price Schedules and other forms (BF)
3.6.2 The Bidder is expected to examine all instructions, forms, terms and specifications in the
Bidding Document. Failure to furnish all information required by the Bidding Document or
to submit a Bid not substantially responsive to the Bidding Document in every respect will
be at the Bidder’s risk and may result in the rejection of the Bid. We repeat to confirm the
CHECK LIST in FORMAT– 6.13 before submitting the Bid document to the Bank.
3.7 Clarification of Bidding Document/s
3.7.1 Bidder / requiring any clarifications, queries, questions etc. on the Bidding Document
[RFP] may notify the Bank by e-mail only indicated in Invitation to Bid on or before
12.00 noon on Thursday, 13.11.2014
3.7.2 A pre-bid meeting is scheduled on Friday, 14.11.2014 from 4.00 p.m. to 5.00 p.m.
Venue for the pre-bid meeting will be at the communication address given bellow.
Bank of India, The General Manager – RMD, Information Security Cell [ISC], 4th Floor, East Wing, Star House - I, C-5, G-Block, Bandra Kurla Complex, Bandra East, Mumbai – 400 051. Email: [email protected] Contact Officials / Senior Managers;
[1] Shri Sanjay Save - 6668 4974 from ISC and [2] Shri R. K. Pamnani - 6131 9425 from ISAC.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 13 of 50
Bidders should provide their email address in their queries without fail. All responses will be posted on the website of the Bank.
3.8 Amendment of Bidding Document/s
3.8.1 At any time prior to the deadline for submission of Bids, the Bank, for any reason,
whether, at its own initiative or in response to a clarification requested by a prospective
Bidder, may modify the Bidding Document/s, by amendment.
3.8.2 All prospective Bidders will be notified of the amendment, if any, by Bank hosting the same
on the Bank’s website which will be final and binding on all the bidders. It will be the
responsibility of the bidders to regularly visit the Bank’s website for any amendments from
time to time and respond accordingly. No other intimation will be given by the Bank.
3.8.3 In order to allow prospective Bidders reasonable time in which to take the amendment into
account in preparing their Bids, the Bank, at its discretion, may extend the deadline for the
submission of Bids.
C. Preparation of Bids
3.9 Language of Bid
The Bid prepared by the Bidder, as well as all correspondence and documents relating to
the Bid exchanged by the Bidder and the Bank and supporting documents and printed
literature shall be written in English.
3.10 Format / Documents & Signing of the Bid
All the documents submitted by bidder shall be duly signed by the authorised
signatory.
3.10.1 Each bid shall be in two parts:-
Part I - Technical Bid Form – Stage I (in FORMAT – 6.11)
Part II – Commercial Bid (in FORMAT – 6.3)
The two parts should be in two separate covers, each super-scribed with the name of the Project
as well as i.e. “Empanelment of ISASPs - Technical Bid” and “Empanelment of ISASPs -
Commercial Bid” as the case may be. Both these two envelops should be sealed in one
main envelop.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 14 of 50
Bids are liable to be rejected, if is incomplete.
3.10.2 The Bid shall be typed or written in indelible ink and shall be signed by the Bidder or a person or persons duly authorized to bind the Bidder to the Contract. The person or persons signing the Bids shall initial all pages of the Bids, except for un-amended printed literature.
3.10.3 Any inter-lineations, erasures or overwriting shall be valid only if they are initialled by the person signing the Bids. The Bank reserves the right to reject bids not conforming to any of above.
3.10.4 Documentary evidence establishing that the Bidder is eligible to Bid and is qualified for ISASP Empanelment as per CHECK LIST of evidences in FORMAT No.6.13 of the Bidding Document if it’s Bid is accepted.
3.10.5 A Non-disclosure Agreement as per FORMAT – 6.2
3.10.6 Documents comprising Price Bid Envelope, should be a complete document and placed in
a sealed envelope super-scribed as “COMMERCIAL BID” as per FORMAT – 6.3. Price
bids containing any deviations or similar clauses will be summarily rejected.
3.10.7 While submitting, the Technical Documents and other documentary evidence, Literature
on the Solution Architecture Diagram, Drawings, Data and Broachers should be
segregated and kept together in one section/lot along with CD containing Technical
Documents and PPT of the proposed Presentation.
3.10.8 The other papers, Forms as mentioned above, etc. should form the main section, bound
properly so that no paper can be taken out/loosened, and should be submitted in one lot,
separate from the section containing literature and annual accounts etc. This includes
Referral letters from clients and customers.
3.11. Bid Prices / Rates
The prices / rates indicated in the Price Schedule shall be entered in the following manner:
The prices / rates should be specified only in “Commercial Bid” and must not be
specified at any other place in the bid document. The quoted prices should be exclusive of
all taxes and statutory levies such as Service Tax / VAT, Sales Tax, Octroi etc. which
should be specified separately.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 15 of 50
Prices / rates quoted as above shall be valid for a minimum period of 180 days from last
date for submission of the tender / bid. This quote is applicable for this RFP process.
The Bank has the discretion to adopt the pricing formula on a case to case basis which will
be communicated to the empaneled bidders during the bidder selection process for an
exercise.
3.12. Bid Currencies
Bids are to be quoted in Indian Rupees only.
3.13 Documents Establishing Bidder’s Eligibility and Qualifications
3.13.1The Bidder shall furnish, as part of its Bid, documents establishing the Bidder’s eligibility
to Bid and its qualifications to be empanel as ISASPs, if its Bid is accepted.
3.14.2 The documentary evidence of the Bidder’s qualifications to empanel as ISASPs if it’s Bid
is accepted shall establish to the Bank’s satisfaction:
a) That the Bidder has the technical and professional capability necessary to perform the
Contract as per Organization Profile;
b) That adequate, specialized expertise is already available to ensure that the support
services are responsive and the Bidder will assume total responsibility for the operation
and assignment on continuous real time basis.
3.14 Documents Establishing Eligibility and Conformity to Bidding Documents as per
Techno – Commercial eligibility and Evaluation process prescribed by the Bank.
3.15. Bid Security
Upon empanelment as ISASPs, the Bidder may require to furnish bid security at the time
of actual assignment decided for the respected activity. The Bid security is required to
protect the Bank against the risk of Bidder’s conduct, which would warrant the security’s
forfeiture. The Bid security shall be denominated in Indian Rupees and shall be in the
form of bank guarantee issued by a nationalised / public sector bank.
In case the Bidder is not ready to offer as above, will be rejected by the Bank, as non-
responsive.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 16 of 50
The successful completion of the assignment/s, Bid security will be discharged.
The Bid security may be forfeited:
a) if a Bidder withdraws its Bid during the period of Bid – assignment validity specified by
the Bidder on the Bid Form; or
b) if a Bidder makes any statement or encloses any form which turns out to be false /
incorrect at any time prior to signing of Contract; or
c) in the case of a successful Bidder, if the Bidder fails;
(i) to sign the Contract; OR
(ii) to furnish Performance Security OR
(iii) to furnish NDA
3.16 Period of Validity of Bids
Bids / rates shall remain valid for 180 days from the date of opening of the Bid. A Bid valid
for a shorter period shall be rejected by the Bank as non-responsive.
In exceptional circumstances, the Bank may solicit the Bidders’ consent to an extension of
the period of validity. The request and the responses thereto shall be made in writing.
3.17. Format and Signing of Bid
3.17.1 The Bid shall be typed or written in indelible ink and shall be signed by the Bidder or a
person or persons duly authorized to bind the Bidder to the Contract. The person or
persons signing the Bids shall initial all pages of the Bids, except for un-amended printed
literature.
3.17.2 Any inter-lineations, erasures or overwriting shall be valid only if they are initialled by the
person signing the Bids. The bank reserves the right to reject bids not confirming to
above.
D. Submission of Bids
3.18. Sealing and Marking of Bids
3.18.1The inner and outer envelopes shall:
a) be addressed to the Bank at the address given; and
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 17 of 50
b) Envelops should bear the Project Name "Empanelment of Information Security and
Audit Service Provider” and a statement: “DO NOT OPEN BEFORE (mention last
date of submission of the bid i.e. 25.11.2014 before 4.00 p.m.”.
c) All envelopes should indicate on the cover the name and address of the Bidder.
3.18.2 If the outer envelope is not sealed and marked, the Bank will assume no responsibility for
the Bid’s misplacement or premature opening.
3.19. Deadline for Submission of Bids
3.19.1 Bids must be received by the Bank at the address specified, not later than the date
and time for submission of Bids specified in the Invitation to Bid [RFP].
3.19.2 The Bank may, at its discretion, extend this deadline for the submission of Bids by
amending the Bid Documents, in which case, all rights and obligations of the Bank and
Bidders previously subject to the deadline will thereafter be subject to the deadline as
extended.
3.20. Late Bids
Any Bid received by the Bank after the deadline for submission of Bids prescribed, will be
rejected and returned unopened to the Bidder.
3.21. Modification and Withdrawal of Bids
3.21.1 The Bidder may modify or withdraw its Bid after the Bid’s submission, provided that
written notice of the modification, including substitution or withdrawal of the Bids, is
received by the Bank, prior to the deadline prescribed for submission of Bids.
3.21.2 The Bidder’s modification or withdrawal notice shall be prepared, sealed, marked and
dispatched. A withdrawal notice may also be sent by Fax, but followed by a signed
confirmation copy, postmarked no later than the deadline for submission of Bids.
3.21.3 No Bid may be modified after the deadline for submission of Bids.
3.21.4 No Bid may be withdrawn in the interval between the deadline for submission of Bids
and the expiration of the period of Bid validity specified by the Bidder on the Bid Form.
Withdrawal of a Bid during this interval may result in the Bidder’s forfeiture of its Bid
security amount.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 18 of 50
E. Opening and Evaluation of Bids
3.22 Opening of Technical Bids by the Bank
The Bidders’ names, Bid modifications or withdrawals and the presence or absence of
requisite Bid Security and such other details as the Bank, at its discretion, may consider
appropriate, will be announced at the Bid opening. No bid shall be rejected at bid
opening, except for late bids, which shall be returned unopened to the Bidder.
Bids (and modifications sent) that are not opened at Bid Opening shall not be
considered further for evaluation, irrespective of the circumstances. Withdrawn bids will
be returned unopened to the Bidders.
3.23. Clarification of Bids
During evaluation of the Bids, the Bank, at its discretion, may ask the Bidder for
clarification of its Bid. The request for clarification and the response shall be in writing,
and no change in the prices or substance of the Bid shall be sought, offered, or
permitted.
3.24 Preliminary Examination
3.24.1 The Bank will examine the Bids to determine whether they are complete, required
formats have been furnished, the documents have been properly signed, and the Bids
are generally in order.
3.24.2 The Bank may, at its discretion, waive any minor infirmity, non-conformity, or irregularity
in a Bid, which does not constitute a material deviation.
3.24.3 Prior to the detailed evaluation, the Bank will determine the substantial responsiveness of
each Bid to the Bidding Document. For purposes of these Clauses, a substantially
responsive Bid is one, which confirms to all the terms and conditions of the Bidding
Document without material deviations. Deviations from, or objections or reservations to
critical provisions, such as those concerning Bid Security, Applicable Law, Performance
Security, Qualification Criteria, Insurance, Contract, AMC and Force Majeure will be
deemed to be a material deviation. The Bank’s determination of a Bid’s responsiveness is
to be based on the contents of the Bid itself, without recourse to extrinsic evidence. The
Bank reserves the right to evaluate the bids on technical & functional parameters
including possible visit to inspect live site/s of the Service providers and witness demos,
presentations or undertake a POC exercise of the system and verify functionalities,
response times, users acceptability etc.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 19 of 50
3.24.4 If a Bid is not substantially responsive, it will be rejected by the Bank and may not
subsequently be made responsive by the Bidder by correction of the non-conformity. The
bank may, at its sole discretion, opt for a technical evaluation which will take into account
the capability of the bidder application to implement the proposed services.
3.24.5 In case of the successful bidder, the Bank will evaluate the capability of the bidder to fulfil
the requirements. If the Bank is not satisfied with the offerings, the Bank may cancel /
remove from empanelment from ISASPs without incurring any liability to anybody
whatsoever.
3.24.6The Bank’s determination of a Bid’s responsiveness will be based on the contents of the
Bid itself, without recourse to extrinsic evidence.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 20 of 50
3.25. Bid Evaluation Weightage and Comparison of Price Bids [TWO STAGES]
STAGE – I
Bank proposes for TWO stages for Evaluation Process. In STAGE - !, Bank shall intends
to arrive at TWO GROUPs. Based on the Highest Scorer list of Bidders will be prepared and
GROUPED. This STAGE – I only for the purpose of Empanelment of ISASPs in TWO Groups.
3.25.1 Technical BID Evaluation – [STAGE – I]
Sr.
No. Activities / Details Max
Marks
Marks
Scored
*
Weightage REMARKS
1 Total No of Assignments carried out in BFSI related to IS / ISAC
Activities in India as declared in FORMAT – 6.10 to be submitted by
the Bidder. Proof need to be submitted. - One Mark per Assignment
/ Purchase Order [Maximum 3 Marks for 3 years for same /
similar activity] for different activities in different organisations.
23
2 Total No of Assignments carried out for IS / ISAC related activities for
their Global Clients as per the LIST enclosed as an evidence by the
Bidder. One Mark per Assignment / Purchase Order after
01.11.2011 [i.e. during past three years].
10
3 Total No. of Skilled Employees / Resources available as per the
enclosed LIST of Employees with their Credentials / Certifications
related to IS / ISAC Activities given in the FORMAT – 6.8.
11 to 25 Employees 05 Marks
26 to 50 10 Marks
Over 51 15 Marks
15
4 No. of Years’ Existence/Establishment in IS/ISAC related activities in
INDIA in BFSI Sector. Evidence of the 1st Assignment to be enclosed
as a proof of Experience. - One Mark per year prior to 01.04.2009.
12
5 Technical Skill Credentials (extra ordinary activities) – Proprietary
Tools Developed, R&D Work Done, Papers Published, Forensic
Assignment Carried out. Other Value added Services and Additional
Deliverables, Proprietary Tools, Dashboards, Training, Knowledge
sharing, etc. Attach Evidences as a proof. (each activity will carry
1 mark)
10
6 Certifications/Accreditations relevant to IS/ IS Audit Services received
from GoI, RBI, IDRBT, IBA, Gartner, BFSI Sector or any other
independent Authority. - One Mark per valid current Certificate
05
7 Presentation and Methodologies, Procedures, Tools, Utilities,
Templates Developed / used during execution of previous assignments
and arrangements for BCPDR Infrastructure proposed etc. presented
by the Bidder. – To be given by Bank Team based on Presentations.
25
* TOTAL Marks are to be calculated and filled by the Bidders for
item Nos. 1 to 6 and submit together with the Technical Bid Cover
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 21 of 50
3.25.2 Bank shall have Technical Evaluation based on following broad criteria/parameters;
1> only qualifying eligible bidders will be considered for Technical Evaluation.
2> As per inputs and information provided in the bid, Services undertaken, presentations
by bidders, site visits [if required], existing customers feedback, highlights of noteworthy /
superior features of their services. Noticeable State of the Art Services, Capabilities
proposed and demonstrated, Future IS threats, Vision, future requirements NOT
highlighted by the Bank in the RFP, Specialised Services like Forensic Services etc.
offered. Bidder to provide evidences to substantiate their claims. This includes in house
capabilities, Proprietary Tools developed, Additional Support facility provided etc. Broad
base of Technical Evaluation weightage by the Bank Team / Committee will be as under;
a. Variety of Experience - 15%
b. Proposed Methodology and Work Plan - 30%
c. Professional Staff - 15%
d. Execution Capabilities - 15%
e. Specialised Services Offered - 15%
f. Other like Vision, Tools, Support Offered, Client Opinion etc. - 10%
3> To qualify, Bidders must score minimum 55%Technical Score in Technical Evaluation.
4> Bank proposed to form shortlist in TWO groups base on %age Tech. Score as under;
- Group “A” 76% and Above Tech. Score
- Group “B” 55% to 75% Tech. Score
- Bidders scoring less than 55% Tech. Score will not be considered. Their
Commercial Bids will NOT be considered for further process. Commercial Bids of
NOT qualifying Bidders will NOT be opened and returned the respective Bidders.
BOI will NOT be responsible for security / privacy of such Bid/s.
- Bank may change / modify captioned criteria / parameters of Evaluation procedure
etc. at its sole discretion. Bank will decide on evaluation and weightage of
marks on the evidences / proof (acceptable to the bank) submitted and
presentation made by the bidder. The decision of the bank will be final. Bank
has right to verify, seek confirmation on the evidences furnished by the
bidders from the respective BFSI / Organisations.
3.25.3. The Bank may use the services of external consultants for bid evaluation, if required.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 22 of 50
3.25.4. The Bank will evaluate and compare the Price bids, which have been determined to be
substantially responsive.
3.25.5 Arithmetical errors [if any] will be rectified on the following basis. If there is a discrepancy
between the unit price [man day rate] and the total price [no of days] that is obtained by
multiplying the unit price and quantity, the unit price shall prevail, and the total price shall
be corrected. If the successful bidder does not accept the correction of the errors, its Bid
will be rejected, and its Bid security may be forfeited. If there is a discrepancy between
words and figures, the amount in words will prevail.
3.25.5 The evaluation will be done on the basis of evaluation of the Technical bid and the bidder
offering the lowest price as mentioned in the respective FORMAT.
3.25.6 Commercial Evaluation
The envelope containing the Commercial Bids of only those Bidders, who are short-listed
and eligible after technical evaluation – STAGE - I, would be opened. The format for
quoting commercial bid set out in FORMAT 6.3.
Commercial quotes of Bidders of Group A will be opened and compared. The lowest
quoted rates will be offered to the other bidders of Group A. All the Group A bidders
accepting the lowest quoted rates will be empanelled at those rates.
Similar separate process will be followed for bidders of Group B.
Bank will create two separate panels – Group A and Group B.
Allocation / Distribution of activities / assignments to different Group or any other Empaneled Bidders will be solely at the discretion of the bank.
Empanelment by the Bank does not constitute any right on the vendor to receive assignments / activities / work orders. The bank reserves the right to opt for manual negotiation. 3.25.7 Awarding of Assignment and Technical Bid Evaluation – STAGE - 2 This is an empanelment only, the actual job allocation or Scope of Work [SoW] will be a
dynamic time to time activity and in any areas of ISC / ISAC related activities as required by
Bank; payments will be based on actual work mutually agreed at the time awarding an
assignment / contract.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 23 of 50
While the empanelment will attempt to set specific service rates (man–hour, man-day /
man-month rate i.e. Rate per Hour, Rate per Day and Rate per Month), Bank can, at its
sole and absolute discretion, prefer multiple price models including piece rates for some
activities or techno-commercial bids for any specific activities or assignments from time to
time.
Entire process of Awarding actual assignment and Services is explained by giving an illustration as under; [However, this process is illustrative. Bank at discretion may adopt / change the process / parameters with prior intimation to respective empaneled bidders]
Example: Arrival of L1 [At the time actual awarding a Contract / Assignment]
A. Proficiency Assessment: (TECHNICAL EVALUATION - STAGE – II of Technical Bid)
1) Full marks i.e. 100 (notional absolute value) will be awarded to the empaneled bidder/s scoring the highest marks at the time of process of awarding a contract.
2) The inputs will be based on the information provided in this RFP - Bid process or Bank may ask for the latest information concerning the assignment / services.
3) Proportionate marks will be awarded to the other bidders as the percentage of the highest marks received.
4) Full 70 marks will be awarded to the bidder getting the highest marks.
5) Similarly proportionate marks will be awarded to the other bidders. (as per calculation shown under item B – Example).
6) Normally this will be dynamic based on the information provided by the Empanelled bidders for actual assignment / services.
7) Marks on Proficiency may vary / differ based on nature / critically / proficiency required etc. This will be communicated to the bidders before actual requirement.
B. Commercial Assessment (Price Bid):
1) Rate of Man Hour / Day / Month will be the same rate agreed with the Empaneled ISASPs by the Bank.
2) Full marks i.e. 100 (notional absolute value) will be awarded to the bidder quoting number of MAN - HOURS / DAYS / MONTH for actual requirement for an assignment / services.
3) Actual cost of the Assignment will be No of Man days quoted x Agreed RATES for Man days [as the case may be]
4) Actual cost quoted by the Bidder for lowest price / rate as shown above.
5) Proportionate marks will be awarded to the other bidders as the percentage of the lowest quote.
6) Full 30 marks will be awarded to the bidder quoting the lowest price i.e. 30% of 100 i.e. 30.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 24 of 50
7) Similarly proportionate marks will be awarded to absolute value quoted by other bidders (as per calculation shown under item a– Example)
8) As stated above Marks on Commercial Assessment may vary / differ based on requirements of nature / criticality / professional services etc.
Comparative Chart of Calculations
Bidder X Y Z
(a) Price in `. (30% marks)
1000 1100 1200
Calculation (i) (1000/1000) x 100=100 (1000/1100)x 100 = 90.90 (1000/1200) x 100 = 83.33
Base is 100% of the lowest bidder
100 90.90 83.33
Calculation (ii) (100/100)x30=30 (90.90/100)x30=27.27 (83.33/100)x 30 =24.99
Actual Marks (A) Out of 30
30 27.27 24.99
(b) Proficiency Marks (70% marks)
85 100 95
Base is 100% of the highest scoring bidder
85 100 95
Calculation (85/100)x70= 59.50 (100/100)x70=70 (95/100)x70= 66.50
Actual Marks (B) Out of 70
59.50 70 66.50
Total Marks (A+B) Out of 100
89.50 97.27 91.49
Ranking of Bidder L3 L1 L2
Y is the L1 bidder with highest cumulative marks.
3.26 Contacting the Bank
a> No Bidder shall contact the Bank on any matter relating to its Bid, from the time of opening of
Bid to the time the Contract is awarded.
b> Any effort by a Bidder to influence the Bank in its decisions on Bid evaluation, Bid
comparison or contract award may result in the rejection of the Bidder’s Bid.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 25 of 50
F. Award of Contract
3.27. Bank’s Right to Accept Any Bid and to reject any or All Bids.
The Bank reserves the right to accept or reject any Bid in part or in full at any time prior to
contract award, without thereby incurring any liability to the affected Bidder or Bidders or
any obligation to inform the affected Bidder or Bidders on the grounds for the Bank’s
action.
3.28 Notification of Award
3.28.1Prior to expiration of the period of Bid validity, the Bank will notify the successful Bidder in
writing or by fax or by mail, that its Bid has been tentatively accepted.
3.28.2The notification of award will constitute the formation of the Contract.
3.29. Signing of Contract
3.29.1At the same time as the Bank notifies the successful Bidder that its Bid has been
accepted, the Bank will send the Bidder the Contract Form as per Format 6.5,
incorporating all agreements between the parties.
3.29.2At the same time the Bank would call the bidder to study the requirements and assure
itself that they are capable of fulfilling the requirements.
3.29.3 The successful Bidder shall sign and date the Contract and return it to the Bank.
Note:
Notwithstanding anything said above, the Bank reserves the right to reject / award the
contract to any vendor or cancel the entire RFP process without assigning any reasons
thereto.
**********
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 26 of 50
4: TERMS AND CONDITIONS OF CONTRACT (TCC)
TABLE OF CLAUSES
Clause
No.
Topic Clause
No.
Topic
4.1 Definitions
4.2 Country of Origin
4.3 Use of Contract Documents and
Information
4.4 Contract
4.5 Payment
4.6 Contract Amendments
4.7 Delay in Supplier’s
Performance
4.8 Force Majeure
4.9 Termination for Insolvency
4.10 Resolution of Disputes
4.11 Governing Language
4.12 Applicable Law
4.13 Taxes and Duties
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 27 of 50
4: TERMS AND CONDITIONS OF CONTRACT (TCC)
4.1. Definitions
In this Contract, the following terms shall be interpreted as indicated:
4.1.1 Vendor is the successful Bidder who has been determined to qualify to perform the
Contract / assignment satisfactorily, and whose Bid has been determined to be substantially
responsive, and is the lowest evaluated Bid.
4.1.2 “The Contract” means the agreement entered into between the Bank and the Service
Provider, as recorded in the Contract Form signed by the parties, including all attachments
and appendices thereto and all documents incorporated by reference therein;
4.1.3 “The Contract Price” means the price payable to the Service Provider under the Contract for
the full and proper performance of its contractual obligations;
4.1.4 “TCC” means the Terms and Conditions of Contract contained in this section;
4.1.5 ‘System' means a Computer System consisting of all Hardware, Software, etc., which
should work together to provide the services as mentioned in the Bid and to satisfy the
Technical and Functional Specifications.
4.1.6 ‘Software’ means Application/System software, Database, Middleware and other third
party utilities which will seamlessly integrate with the environment described in this
document without any hitch or hindrance.
4.1.7 In case of a difference of opinion on the part of the Bidder in comprehending and/or interpreting any
Clause / Provision of the Bid Document after submission of the Bid, the interpretation by the Bank
shall be binding and final on the Bidder.
4.2 Country of Origin
All services to be supplied under the Contract shall have their origin in eligible source
countries, as per the prevailing Regulations in India.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 28 of 50
4.3 Use of Contract Documents and Information
4.3.1 The Service Provider shall not, without the Bank’s prior written consent, disclose the
Contract, or any provision thereof, or any specification, plan, sample or information
furnished by or on behalf of the Bank in connection therewith, to any person other than a
person employed by the Service Provider in the performance of the Contract. Disclosure to
any such employed person shall be made in confidence and shall extend only as far as
necessary for purposes of such performance.
4.3.2 The Service Provider shall not, without the Bank’s prior written consent, make use of any
document or information enumerated in this Bidding Document except for purposes of
performing the Contract.
4.3.3 Any document, other than the Contract itself, enumerated in this Bidding Document shall
remain the property of the Bank.
4.3.4 The Bidder shall sign a Non-disclosure Agreement as per Format 6.2.
4.4 Contract
4.4.1 The empanelment is for 5 years and reviewed on annual basis. The decision of the bank
will be final and binding to all Service Providers.
4.4.2 Contract Uptime
During the Period of contract, Service Provider will maintain the services as per contract.
4.5 Payment
4.5.1 Payment shall be made in Indian Rupees.
4.5.2 The price quoted shall be all-inclusive (including VAT if any). Only service tax if applicable
will be paid extra.
4.5.3 All payments shall be made net of taxes, if any i.e. Less Tax Deduction at Source (TDS).
4.6 Contract Amendments
No variation in or modification of the terms of the Contract shall be made, except by
written amendment, signed by the parties.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 29 of 50
4.7 Delay in the Performance & Liquidated Damages
Bank will decide the penalty clause at the time of actual assignment awarded.
4.8 Force Majeure
4. 8.1 Notwithstanding the provisions of TCC, the Supplier shall not be liable for forfeiture of its
performance security, liquidated damages, or termination for default if and to the extent
that it’s delay in performance or other failure to perform its obligations under the Contract
is the result of an event of Force Majeure.
4.8.2 For purposes of this clause, “Force Majeure” means an event beyond the control of the
Service Provider and not involving the Supplier’s fault or negligence and not foreseeable.
Such events may include, but are not restricted to, acts of the Bank in its sovereign
capacity, wars or revolutions, fires, floods, epidemics, quarantine restrictions, and freight
embargoes.
4.8.3 If a Force Majeure situation arises, the Service Provider shall promptly notify the Bank in
writing of such condition and the cause thereof. Unless otherwise directed by the Bank in
writing, the Supplier shall continue to perform its obligations under the Contract as far as is
reasonably practical, and shall seek all reasonable alternative means for performance not
prevented by the Force Majeure event.
4.9 Termination for Insolvency
The Bank may, at any time, terminate the Contract by giving written notice to the Service
Provider if the Service Provider becomes bankrupt or otherwise insolvent. In this event,
termination will be without compensation to the Service Provider, provided that such
termination will not prejudice or affect any right of action or remedy which has accrued or
will accrue thereafter to the Bank.
4.10 Resolution of Disputes
4.10.1The Bank and the Service Provider shall make every effort to resolve amicably by direct
informal negotiation, any disagreement or dispute arising between them under or in
connection with the Contract.
4.10.2 If, the Bank and the Service Provider have been unable to resolve amicably a Contract
dispute even after a reasonably long period, either party may require that the dispute be
referred for resolution to the formal mechanisms specified herein below. These
mechanisms may include, but are not restricted to, conciliation mediated by a third party
and/or adjudication in an agreed national forum.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 30 of 50
4.10.3 The dispute resolution mechanism to be applied shall be as follows:
(a) In case of Dispute or difference arising between the Bank and the Service Provider
relating to any matter arising out of or connected with this agreement, such disputes or
difference shall be settled in accordance with the Arbitration and Conciliation Act, 1996.
The third Arbitrator shall be chosen by mutual discussion between the Bank and the
Service Provider.
(b) Arbitration proceedings shall be held at Mumbai, and the language of the arbitration
proceedings and that of all documents and communications between the parties shall
be English;
(c) The decision of the majority of arbitrators shall be final and binding upon both parties.
The cost and expenses of Arbitration proceedings will be paid as determined by the
arbitral tribunal. However, the expenses incurred by each party in connection with the
preparation, presentation, etc., of its proceedings as also the fees and expenses paid
to the arbitrator appointed by such party or on its behalf shall be borne by each party
itself.
4.11 Governing Language
The governing language shall be English.
4.12 Applicable Law
The Contract shall be interpreted in accordance with the laws of the Union of India and the
Bidder shall agree to submit to the courts under whose exclusive jurisdiction the Registered
Office of the Bank falls.
4.13 Taxes and Duties
4.13.1 The Service Provider will be entirely responsible for all applicable taxes, duties, levies,
charges, license fees, road permits, etc. in connection with delivery of Solution at site
including incidental services and commissioning. Only applicable service tax would be
paid extra. Applicable TDS would be deducted at the time of actual payment.
4.13.2 Income / Corporate Taxes in India:
The Service Provider shall be liable to pay all corporate taxes and income tax that shall be
levied according to the laws and regulations applicable from time to time in India and the
price bid by the Service Provider shall include all such taxes in the contract price.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 31 of 50
PART 5
Addresses for Notices
The following shall be the address of the Bank.
Bank’s address for notice purposes:
Bank of India,
Risk Management Department, Head Office,
Information Security Cell,
Star House 1, 4th floor, C-5, G Block, Bandra Kurla Complex,
Mumbai - 400 051, Phone: - 022-6668 4974 Fax: - 022-668 4786
Email: - [email protected]
A notice shall be effective when delivered or on effective date of the notice whichever is
later.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 32 of 50
PART 6
BID FORM, PRICE SCHEDULES
AND OTHER FORMATS
INDEX
FORMAT NUMBERS
6.1 Covering Letter
6.2 Non-Disclosure Agreement
6.3 Commercial Bid
6.4 Contract Form
6.5 Organisational Profile
6.6 Details of related Assignment in Banks
6.7 No of assignments / Experience during past three years in Banks
6.8 List of experienced staff working in the company more than three years
6.9 Bid Covering letter
6.10 Priority List of Services and assignements by the ISSP in BFSI Sector
6.11 Technical BID Form
6.12 Local communication details form
6.13 Document Verification Check List for Proposal
NOTE
For Convenience, we have enlisted all Technical & Functional Specifications,
FORMATS which are to be submitted by the Bidders are kept in this PART
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 33 of 50
FORMAT – 6.1
COVERING LETTER
(To be included in main Bid Envelope)
Date:...................
To:
Bank of India,
Risk Management Department,
4th Floor ,
Star House, C-5, G-Block, Bandra Kurla Complex
Bandra (East), Mumbai-400 051.
Gentlemen:
Re.: Empanelment of Information Security and Audit Service Providers
(Your RFP Ref: HO: BOI/HO/RMD/INFOSEC/2014/112 dated 31.10.2014)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Having examined the Bidding Documents, the receipt of which is hereby duly acknowledged, we,
the undersigned, to Empanelment of Information Security and Audit Service Providers in
conformity with the said Bidding documents.
We undertake, if our Bid is accepted, to enter into and execute at our cost when called upon by
the Bank to do so, the contract in the prescribed form.
We agree to abide by the Bid and the rates quoted therein up to the period prescribed in
the Bid, which shall remain binding upon us.
Until a formal contract is prepared and executed, this Bid, together with your written acceptance
thereof and your notification of award, shall constitute a binding Contract between us.
We undertake that, in competing for (and, if the award is made to us, in executing) the above
contract, we will strictly observe the laws against fraud and corruption in force in India namely
“Prevention of Corruption Act 1988”.
We understand that you are not bound to accept the lowest or any Bid you may receive. You
may reject all or any bid without assigning any reason or giving any explanation whatsoever.
Dated this ....... day of ............................ 2014.
_______________ ________________________________
(Signature) (Name) (In the capacity of)
Duly authorized to sign Bid for and on behalf of ________________________________
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 34 of 50
FORMAT 6.2
NON-DISCLOSURE AGREEMENT
WHEREAS, we, ________________________________________, having Registered Office at
__________________________________, hereinafter referred to as the COMPANY, are
agreeable to Empanelment of Information Security And Audit Service Providers for Bank of
India, having its registered office at Star House, C-5, G Block, Bandra Kurla Complex, Mumbai –
400 051, hereinafter referred to as the BANK and,
WHEREAS, the COMPANY understands that the information regarding the Bank’s web site
shared by the BANK in their Request for Proposal is confidential and/or proprietary to the BANK,
and
WHEREAS, the COMPANY understands that in the course of submission of the offer to
Empanelment of Information Security and Audit Service Providers and Services and/or in
the aftermath thereof, it may be necessary that the COMPANY may perform certain jobs/duties
on the Bank’s properties and/or have access to certain plans, documents, approvals or
information of the BANK;
NOW THEREFORE, in consideration of the foregoing, the COMPANY agrees to all of the
following conditions, in order to induce the BANK to grant the COMPANY specific access to the
BANK’s property/information
The COMPANY will not publish or disclose to others, nor, use in any services that the COMPANY
performs for others, any confidential or proprietary information belonging to the BANK, unless the
COMPANY has first obtained the BANK’s written Authorization to do so;
The COMPANY agrees that notes, specifications, designs, memoranda and other data shared by
the BANK or, prepared or produced by the COMPANY for the purpose of submitting the offer to
the BANK to Empanelment of Information Security And Audit Service Providers, will not be
disclosed to during or subsequent to submission of the offer to the BANK, to anyone outside the
BANK
The COMPANY shall not, without the BANK’s written consent, disclose the contents of this
Request for Proposal (Bid) or any provision thereof, or any specification, plan, pattern, sample or
information (to be) furnished by or on behalf of the BANK in connection therewith, to any
person(s) other than those employed/engaged by the COMPANY for the purpose of submitting
the offer to the BANK and/or for the performance of the Contract in the aftermath. Disclosure to
any employed/engaged person(s) shall be made in confidence and shall extend only so far as
necessary for the purposes of such performance.
Authorized Signatory
Designation Name:
Place:
Date: Office Seal:
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 35 of 50
FORMAT – 6.3
Commercial Bid
(Include in Commercial Bid Only in a separate sealed envelope)
The indicative commercial Bid needs to contain the information listed hereunder in a sealed
envelope bearing the identification – “Indicative Commercial Bid for Empanelment of Information
Security and Audit Service Providers (ISASPs)”.
Name of the Bidder:-
A> Qualifications [Certifications] and Related Experience (in the company as on
31.10.2014) Requirements:-
Level 1
Experience up to 3 years
• Mini. Certifications: CEH, ISO 27001, CCNA, CISSP, CISA, CISM
• Mini. Experience:
Minimum of 150 VAs; Minimum of 50 PTs; Minimum of 10 TRAs;
Minimum of 10 Application Security Assessments;
• Minimum of 5 IT GC Audits, Process Audits, Application Audits
and Security Audits
Level 2
Experience between
3 years and 5 years
• Certifications: Level – 1 and or Specialized Product Certifications.
• Experience: Conduct of Domain Level Assessment / Assignment.
Level 3
Experience above 5 years
• Certifications: As per Level – 2 and or CRISC, CHFI.
• Experience: Previous Experience in Specialized Services.
Senior Executive Level • As per need of the project / assignment
B> Resource Level wise Per Hour / Day / Month indicative Rates Offered:-
Sr
No.
Resource
Level
Resource Cost Per Person
/ Per Hour – in `.
Resource Cost Per
Person / Per Day – in `.
Resource Cost Per
Person / Per Month in `.
1
2
3
4
Important Notes:-
Depending upon the nature of Assignment / Services appropriate rate will be considered.
The lowest price quoted by one vendor under each level will be final and binding to all other
vendors under the category.
Signature of Bidder------------------------
Name -------------------------
Business address ----------------------
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 36 of 50
Place: Date:
C. Suggestive Annual increase in the original Agreed rate:-
D. Out of Pocket / Lodging / Travelling / Boarding Charges @ Outside
Mumbai
1. Bank do NOT intends to give any additional charges / out of pocket / travelling expenses.
2. In case of exigencies / urgencies and need of the bank, bank may consider the following
additional charges
a. Travel Expenses: - Air Travel – Economy Class or Lowest Fare of the shortest air
route.
b. Out of Pocket / Lodging / Boarding Expenses – As per Bank’s Rules Applicable to
Chief Manager from time to time.
c. The above charges will be done from the Company’s [bidders] / Head Office /
Mumbai / current location of the resources to carry out the activity i.e. whichever location is
nearer. The least of charges will be paid.
3. All applicable taxes / TDS shall be paid / recovered as relevant.
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-________
Item % increase over original rate
agreed (for new assignments
ordered during a year)
Remarks / Logical Reason/s if
any
Yearly set up
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 37 of 50
FORMAT 6.4
CONTRACT FORM
THIS AGREEMENT made the .......day of.................................., 2014. Between..........................
(Name of Service Provider) (hereinafter called "Service Provider") of the one part
and..................... (Name of Service Provider) of......................... (City and Country of Service
Provider) (hereinafter called " Service Provider ") of the other part:
WHEREAS the Bank invited Bids for Empanelment of Information Security and Audit Service
Providers (ISASPs) and has accepted a Bid,
NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:
1. In this Agreement words and expressions shall have the same meanings as are respectively
assigned to them in the Conditions of Contract referred to.
2. The following documents of Bid No.: HO:BOI/HO/RMD/INFOSEC/2014/112 dated
31.10.2014 shall be deemed to form and be read and construed as part of this Agreement,
viz.:
a) the Bid Form and the Price Schedule submitted by the Bidder
b) the Technical & Functional Specifications;
c) the Terms and Conditions of Contract;
d) the Service Providers Notification of Award;
e) DELIVERY SCHEDULE:
IN WITNESS whereof the parties hereto have caused this Agreement to be executed in
accordance with their respective laws the day and year first above written.
Signed, Sealed and Delivered by the
said..................................................... (For the Bank)
in the presence of:.......................................
Signed, Sealed and Delivered by the
said..................................................... (For the Service Provider)
in the presence of:.......................................
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 38 of 50
FORMAT 6.5
ORGANISATIONAL PROFILE
(Include in Main Bid Only – Not to be included in Price Proposal)
CONSTITUTION
1. Proprietary
2. Partnership
3. Private Ltd.
4. Public Ltd.
:
Established since
:
:
Address of Registered Office :
Name Phone Nos. (with STD
Codes)
Names of
Proprietor/Partners/ Directors
: 1.
2.
3.
Note: Please support the above facts with documentary evidence. Please also attach:
Income-Tax Clearance Certificate (latest) Referral Letters from Clients mentioned above
Signature of Bidder: __________________
Name: _____________________________
Business address: ____________________
Place Date:
Seal of the Service Provider
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 39 of 50
FORMAT 6. 6
Details of Related Assignments / Contracts
(For past THREE Years from the date of RFP in BFSI)
(Banking Clients should appear at top, followed by other BFSI etc.)
Sr.
No.
Details of
Name of
Clients -
Companies
[Address, Key
Persons, Cell
Nos. etc.]
Particulars of
Assignments -
Purchase
Order - Date,
Value, Period
of Completion
of SoW etc.
SoW Code No.
of the
Assignment As
given in this
RFP
START &
ACTUAL Date
of Completion
of Engagement
/ Assignment /
Project/Service
& ACTUAL
Man – Days /
Hours taken.
Remarks
Repeat Order
/ Extension of
Engagement
and related
information.
1
2
3
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 40 of 50
FORMAT 6.7
No. of Assignments / Experience during Past three years in BANKS
Activities
[as per
SoW code
No. –
Format
6.10]
CBS /
Finacle
ATM
NW /
Switch
Internet
Banking
Mobile
Banking –
All
Platforms
Treasury
Operations
Various
Certifications
TPP /Out
Sourced
Activities
Any
other
activity
Note : Mention only no. of assignments under the respective head.
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 41 of 50
FORMAT 6. 8
List of Experienced Staff working in the Company
Sr.
No.
Name of
the
Employee
Designation Professionals /
Technical /
Qualifications /
Certifications
Date of
Joining
No. of
Completed
Years as on
31.10.2014
No. of
ISC &
ISAC
Projects
Handled
Activities
[as per
SoW
code No.
– Format
6.10]
1
2
3
Note : a. Employee should be on permanent Pay Roll of the company.
b. Adhoc / Temporary staff or other outsources / organisation should not be
included.
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 42 of 50
FORMAT 6. 9
BID COVERING LETTER
(The bidder shall submit together with CHECK LIST & other Bid Documents)
To,
The General Manager,
Bank of India, Head Office,
Risk Management Department, InfoSec Cell,
4th Floor – East Wing, Star House – I, C-5, “G” Block,
Bandra Kurla Complex, Bandra – East, Mumbai – 400 051.
Dear Sir,
Sub:- Our Bid for Empanelment of Information Security And Audit Service Providers
We intend to participate in the RFP process for empanelment of the vendors [ISSPs] to provide various ISC and ISAC related services required by the Bank. We submit our Bid Documents along with CHECK LIST. We understand that;
1> You are not bound to accept the lowest or any bid received by you, and you may reject all or any bid without assigning any reason or giving any explanation whatsoever.
2> Bank may follow close or open bidding [RFP] process as per requirement and sole discretion of the Bank.
3> If our Bid is accepted, we undertake to enter into and execute at our cost, when called upon by Bank to do so, a contract in the prescribed Form.
4> You may accept or entrust the entire work to one vendor or divide the work to more than one vendor without assigning any reason or giving any explanation whatsoever.
5> Vendor [ISASPs] means the Bidder (s) who is / are selected by the Bank after the RFP - bidding process.
6> The name(s) of successful bidder(s) to whom the empanelment is finally awarded after the completion of bidding process shall be communicated to the successful bidder(s) - ISSPs. Bank shall NOT entertain any communication in this regards.
7> We have gone through the Technical, Commercial Bidding process and other Terms and Conditions as mentioned in the RFP.
8> We understand that this RFP process is ONLY for empanelment of ISASPs and deciding the mutually agreed Man-Days / Man-Month Service charges.
9> We agree that the lowest price quoted by any vendor under each level will be final and binding on us.
10> We understood the entire bid process of empanelment including the grouping and levels mentioned within the groups.
11> The number of pages in the document is ……………….. This has been duly verified, signed and company’s stamp affixed.
Yours faithfully,
For: [Name of the Company] (Signature of the Authorised Official)
Name:- Designation:-
Place:- Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 43 of 50
FORMAT 6.10
Priority List of SERVICES and ASSIGNMENTS by the ISSP in BFSI Sector
SoW Services / Assignments Capability Total No. of
CODE No. YES PRIORITY
1 is TOP
Priority
Assignments
ISC-STD-01 Vulnerability Assessment [VA].
ISC-STD-02 Penetration Testing [PT].
ISC-STD-03 Secured Configuration, & Hardening
Documents Review - [Technical Standards
Updation].
ISC-STD-04 Mobile Application Review and Security related
Work.
ISC-STD-05 Risk Assessment, Asset Classification,
Review, Compliance of NDAs, SLA with
Vendors / Third Party Outsourcing Agencies.
ISC-STD-06 SMS and All Middleware Security Review and
related work.
ISC-SPL-07 Network Security, Access Control, Review of
NAP Locations, Switches and Routers and
LAN - WAN NW.
ISC-STD-08 General Controls Review / Audit Review and
related Work.
ISC-STD-09 Anti-Phishing, Anti-Malware and Brand
Monitoring Services etc.
ISC-STD-10 PCI DSS Certification and Compliance related
Work.
ISC-SPL-11 COBIT – Advisory Services and related Work.
ISC-STD-12 ISO 20000 Certification and related Work.
ISC-STD-13 ISO 22301 Certification, Automated Score
ISMS Score Board and related Work.
ISC-STD-14 ISO 27001 Certification and related Work.
ISAC-STD-15 ISO 27001 Audit and Compliance related
Work.
ISAC-SPL-16 Review, Update Gaps of IS Audit Policies, IS
Audit Manual, IS Audit Procedures, Metrics
and related Work.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 44 of 50
ISC-SPL-17 Review, Update Gaps of Corporate Information
Security Policy [CISP], Procedures, Metrics,
Controls.
ISAC-SPL-18 IS Audit - Internal Control Guidelines of
Treasury Branch, Dealing Room Activities
Review and related Work.
ISAC-STD-19 IS Audit of ATMs of Bancs under Section PSS
Act 2007 of RBI and related Work.
ISAC-STD-20 IS Audit of ATMs of BOI Network, Gaps and
related Work.
ISAC-SPL-21 Concurrent Audit of Data Center
ISC-SPL-22 Forensic Audit / Analysis / Special Reviews /
Scrutinise / Cyber Crime – Investigations and
related Work.
ISAC-STD-23 Green Process Audit [GPA], Configuration
Audit and related Work.
ISC-SPL-24 Project Management Office [PMO] – Security
Solution Assessment, Identification,
Requirements for Pre-Implementation of IS
Projects, Production Evolution for Monitoring of
IS Projects and related Work.
ISC-SPL-25 Application [SW] Security Assessment /
Review of Domain / Channel Process Audit
including Associated Infrastructure [Including
WEB]
ISAC-SPL-26 Application Code Audit - Review – Gap
Analysis, Post Compliance Audit and related
Work.
ISC–STD-27 Data Governance, Data Protection Strategy
Framework and Development related Work.
ISAC-SPL-28 GAP Analysis of Requirements of Local
Regulator/s of Foreign Centres including
Threat and Vulnerability Risk Assessment
[TVRA].
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 45 of 50
ISAC-SPL-29 Conducting IS Audit of IT
Infrastructure at DC / DR / NR Site /
Treasury / RRBs / FCBS / Service
Branches – CTS etc. Quality
Assurance, GAPs, Compliance Audit/s
and related Work.
ISC-SPL-30 Quality Assurance, Conducting GAP
Analysis, Compliance Audit/s of RBI /
G. G. Committee Recommendations,
IT Act 2008, Guidelines of other
Foreign Regulators & GoI Guidelines
etc. Automation of Compliance
requirements and related Work.
ISC-SPL-31 Development and Implementation of
IT Governance, Risk and Compliance
[IT – GRC], most suitable IS Solutions
and Tool/s and related Work.
ISC-SPL-32 Assisting in Selection of suitable tool,
solution for ISC / ISAC related work.
ISC-SPL-33 Review of BCPDR System, strategy
and related Work.
ISC-SPL-34 Review, Development, Selection,
Implementation of various Tools for
Data Privacy, Data Protection Data
Classification, Data Governance
Strategy, and Framework of the Bank
in pursuance of the various Regulatory
and Government Guidelines in vogue
from time to time.
ISC-SPL-35 Develop, Implement, Training IS
Awareness, E-Learning Modules
related to InfoSec related areas and
Issues.
ISC-SPL-36 Review of Post - Implementation of
various IS initiatives and Project/s
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 46 of 50
NOTE on SoW:-
1> In case of capability, experience and expertise vendors shall mention “YES” and give
“Priority of list of services and Assignments” stating 1,2,3.. & so on. In case of “Capability”
coloum kept blank, respective SoW item no will be considered as NO.
2> Kindly mention the No. of Assignments carried out in past TEN years from the date of RFP
against respective SoW Code No.
3> In case of ANY other related Activities NOT included in the above list, but related
assignment/s carried out by the Bidder, may be added and included in the list after
avoiding duplication along with the priority no. of such additional items.
4> The information provided in the list must be supported by documentary evidence. Non
submission or incomplete documentary evidence will be considered as Non-conformity for
particular SoW and it will not be considered. Bank’s decision in this regards will be final.
5> In case the Bidder has carried out any other assignments over and above list they may
add these assignment together with evidence and PRIORITY for that assignment. The
Bidder should give and list out all their ISC and ISAC related Assignments and Services.
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-
ISC-SPL-37 Assisting in Log Management –
Revamping and upgration of our SOC
Operations, Monitoring, Assessment
of SIEM Solution, Optimisation
technical process, correlation review
for existing DLP, DAM, SIEM, IPS /
IDS etc., Identify and assistance in
implementation of recommend IS
Tools such as IAM, IRM etc. and other
related Work.
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 47 of 50
FORMAT 6.11
Technical BID Form – Stage – I
Sr
No
Activities / Details Max
Marks
Marks
Scored
*
Weightage Remarks
1 Total No of Assignments carried out in BFSI related to IS /
ISAC Activities in India as declared in FORMAT – 6.10 to be
submitted by the Bidder. Proof need to be submitted. - One
Mark per Assignment / Purchase Order [Maximum 3 Marks
for 3 years for same / similar activity] for different
activities in different organisations.
23
2 Total No of Assignments carried out for IS / ISAC related
activities for their Global Clients as per the LIST enclosed as
an evidence by the Bidder. One Mark per Assignment /
Purchase Order after 01.11.2011 [i.e. during past three
years].
10
3 Total No. of Skilled Employees / Resources available as per
the enclosed LIST of Employees with their Credentials /
Certifications related to IS / ISAC Activities given in the
FORMAT – 6.8.
11 to 25 Employees 05 Marks
26 to 50 10 Marks
Over 51 15 Marks
15
4 No. of Years’ Existence/Establishment in IS/ISAC related
activities in INDIA in BFSI Sector. Evidence of the 1st
Assignment to be enclosed as a proof of Experience. - One
Mark per year prior to 01.04.2009.
12
5 Technical Skill Credentials (extra ordinary activities) –
Proprietary Tools Developed, R&D Work Done, Papers
Published, Forensic Assignment Carried out. Other Value
added Services and Additional Deliverables, Proprietary Tools,
Dashboards, Training, Knowledge sharing, etc. Attach
Evidences as a proof. (each activity will carry 1 mark)
10
6 Certifications/Accreditations relevant to IS/ IS Audit Services
received from GoI, RBI, IDRBT, IBA, Gartner, BFSI Sector or
any other independent Authority. - One Mark per valid
current Certificate
05
7 Presentation and Methodologies, Procedures, Tools, Utilities,
Templates Developed / used during execution of previous
assignments and arrangements for BCPDR Infrastructure
proposed etc. presented by the Bidder. – To be given by Bank
Team based on Presentations.
25
* TOTAL Marks are to be calculated and filled by the
Bidders for item Nos. 1 to 6 and submit together with the
Technical Bid Cover
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 48 of 50
Yours faithfully,
For: [Name of the Company]
(Signature of the Authorised Official)
Name:-
Designation:-
Place:- Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 49 of 50
FORMAT 6.12
Local communication/correspondence Details Form
City /
Location
Postal Address, Telephone, Fax, E-Mail
and Contact Details of Contact Personnel
Name & Designation of the
contact person
Yours faithfully,
For: [Name of the Company]
__________________
(Signature of the Authorised Official)
Name:-
Designation:-
Place:-
Date:-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL – RFP FOR EMPANELMENT OF ISASP
Page 50 of 50
FORM -6.13
DOCUMENT VERIFICATION CHECK LIST FOR PROPOSAL
Sr.
No.
Name of the Document Remarks
(i) Covering Letter (6.1) YES
(ii) Non-Disclosure Agreement (6.2) YES
(iii) Commercial Bid (6.3) YES
iv) Contract Form (6.4) YES
v) Organisational Profile (6.5) YES
vi) Details of related Assignments in BFSI (6.6) YES
vii) No of Assignments in BANKS (6.7) YES
viii) List of experienced Staff working in the company (6.8) YES
ix) Bid Covering Letter (6.9) YES
x) Priority List of Services & Assignments (6.10) YES
xi) Technical BID Form – Stage – I (6.11) YES
xii) Local Communication/Correspondence details Form (6.12) YES
xiii) Document Verification Checklist Form 6.13 YES
xiv) Demand Draft/PO – Non-refundable Bid Amount `. 5,000/- YES
xv) CD Containing Technical Document and Presentation YES
xvi) Evidence for Eligibility Criteria properly marked as EC-1,
EC-2 etc. duly signed and enclosed
YES
NOTE: All Forms must be filled in by the bidder and necessary supporting evidences must be enclosed with this checklist.
(Name) (Signature) (in the capacity of)
Date: Place:
Duly authorized to sign the proposal for and on behalf of _______________________
Seal
-x-x-x- EOD -x-x-x-