Tender Document

No.MTNL/20-80(400)/2011-MM/Wi-Fi Hotspot Dated 09.12.
2011 To,
Ref:
Global EOI No.MTNL/20-80(400)/2011-MM/ Wi-Fi Hotspot Dated 09.12.2011
Dear Sir, Please find enclosed the following bid documents in original to be used for submission of the bid. S. No. 1. 2. 3. 4. 5. 6. 7. 8. TITLE Notice Inviting Tender (NIT) EOI Document Bid Security Form(Annexure-I) Proforma for Performance Bank Guarantee-(Annexure-II) Format for submission of proposal-(Annexure-III) AMC Agreement-(Annexure-IV) Security Template Agreement-(Annexure-V) Security Bank Guarantee-(Annexure-VI) Page No. 2 3-19 20 21-22 23 24-28 29-55 56-58
The tender shall be submitted through e-tendering system on website https://epsdelhi.mtnldelhi.in. Your offer complete in all respects as per enclosed documents must be submitted latest by 15:00 Hrs of 19.01.2012. Tender bids shall be opened on line at 15:00 Hrs. on next day i.e. 20.01.2012. The representatives of the bidders may attend the bid opening either online after logging on to the MTNL's e-procurement portal or at MTNL premises. Bidders are required to familiarize themselves well in advance with e-procurement system & on line bidding procedure. Bidders are also advised to upload their bid well in time to avoid last minute problem/error/mistake etc. In case of any problem in uploading of bid on web-portal the following officer may be contacted during business hours on working days:Assistant Manager (MM), MTNL, CO Ph.No.011-23358637 Fax. 011-23739323 Email ID: ammm4co@gmail.com
Thanking you, Yours faithfully,
(Mukesh Kumar) DGM (MM-I) Encl: Bid documents.
SECTION I GLOBAL NOTICE INVITING EOI
EOI No. MTNL/20-80(400)/2011-MM/Wi-Fi Hotspot Dated 09.12.2011. Due date of submission Due date of opening 1. : : 19.01.2012 20.01.2012 (Up to 15:00 hrs) (At 15:00 hrs)
On Behalf of Chairman and Managing Director, Mahanagar Telephone Nigam Limited (MTNL) invites Global Expression of Interest (EOI) for empanelment of vendors for setting up Wi-Fi hotspots in Delhi and Mumbai using MTNL internet services. This Global EOI is aimed at inviting techno-commercial and financial bids from interested eligible bidders for setting up Wi-Fi hotspots in Delhi and Mumbai. Financial bids from empanelled vendors shall be invited by field units as per their requirement. Bid security in the form of bank guarantee will be Rs.20,00,000/- (Rs. Twenty Lac only). The bid security shall be submitted before the scheduled date and time of opening of the bids. A scanned copy of the bid security shall be uploaded along with the techno-commercial bid. One hard copy of your offer complete in all respects as per enclosed documents must reach latest by 15:00 Hrs of 19.01.2012 at the following address: Sh. Balveer Singh Manager (MM-I) Mahanagar Telephone Nigam Limited, Corporate Office, 13th floor, Room No. 1314, Jeevan Bharati Building, Tower-I, 124, Connaught Circus, New Delhi 110 001.
2.
3.
4.
N.B. MTNL reserves the right to change the above dates at its discretion.
DGM (MM-I), CO
No.MTNL/20-80(400)/2010-MM/Wi-Fi Hotspot Dated 09.12.2011 EXPRESSION OF INTEREST (EOI) FOR EMPANELMENT OF VENDORS FOR SETTINGUP WI-FI HOTSPOTS IN DELHI AND MUMBAI USING MTNL INTERNET SERVICES 1.0 1.1 INTRODUCTION: Mahanagar Telephone Nigam Limited (MTNL) is a major telecommunication service provider in Delhi & Mumbai. It is offering full range of telecom services / solutions like Voice, Data, Internet, Broadband, VOIP, IPTV etc from its vast fixed & mobile networks in its license service areas of Delhi & Mumbai. In a quest to develop world class telecom facilities for its esteemed subscribers & to provide broadband services to the citizens in the nook and corner of its licensed service areas, MTNL proposes to deploy Wi-Fi hotspots on revenue share/ outright purchase basis. This Global EOI is aimed at inviting techno-commercial and financial bids from interested eligible bidders for setting up Wi-Fi hotspots in Delhi and Mumbai. The site design shall be jointly decided and MTNL shall endeavor to do it in least possible time. Financial bids from empanelled vendors shall be invited by field units as per their requirement. This EOI does not constitute any form of commitment on part of MTNL. Furthermore, this EOI confers neither the right nor an expectation on any Company to participate in the proposed Project. MTNL reserves the right to reject any or all the applications (bids) received or stop the process of EOI at any stage, at its sole discretion, without assigning any reason. The bidder shall bear all costs associated with the preparation and submission of the EOI. The MTNL will, in no case, be responsible or liable for any costs, regardless of the conduct or outcome of the biding process. OBJECTIVE OF THE EOI: To enable MTNL to provide complete end-to-end Broadband connectivity to esteemed customers, MTNL intends to have a tie up with leading System Integrators (SI)/ OEMs who will be responsible for the supply of Wi-Fi Hotspot equipments along with its configuration, operations, maintenance & support activities and co-ordination at customer end. In this regard, MTNL invites the Expression of Interest from the leading system integrators/ OEMs for fulfilling the following objectives: a. Supply, Installation, Configuration, Maintenance and Support of Wi-Fi hotspot access equipments, Bandwidth control equipments (NAS/BRAS), Customer Premises Equipments (CPEs), router, Line Drivers / Modems, Switches, PC/UPS etc. Such hotspots shall be setup in public places like malls, hotels, airports, Universities etc. The charging shall be done on individual user basis. The third party tie-ups including other telecom operators for roaming etc are not allowed. MTNL reserves the right to setup the Hotspots on revenue sharing or outright purchase basis from the empanelled bidders.
1.2
1.3
1.4
b.
c.
2.0 2.1
DURATION OF EMPANELMENT: The empanelment shall be valid for two years from the date of the empanelment letter/ notification. At the end of two years, MTNL at its discretion may extend the empanelment on yearly basis for a further period of two years, on the terms and conditions of this EoI. In case of termination of empanelment or non extension the SIs/OEMs shall be liable to provide the support for 7 years from the date of commissioning for the equipment deployed by them. In case, any empanelled vendor does not want to continue with empanelment after expiry of two years term, a prior intimation, at least three months before the date of expiry of two years term, shall be submitted in this regard by such vendor. However, in such cases also Sis/OEMs shall be liable to provide the support for 7 years from the date of commissioning of equipments deployed by them. PROCESS OF EMPANELMENT: a. Two SIs who are Channel partners of same make can be empanelled. b. Only those bidders shall be empanelled who fulfill the eligibility criteria of respective category given against Clause 4.0 and also submit supporting documents in support of their eligibility and documents enlisted against clause 8. MTNL reserves the right to seek presentations from the bidders and visit their Support Centers and other infrastructural facilities before finalization of the empanelment process. c. MTNL may install hot-spots on its own or from any vendor, so, this empanelment is on non exclusive basis. d. The bidder shall submit their case for empanelment in the bids as per format given in Annexure-III.
2.2
3.0
4.0
ELIGIBILITY CRITERIA: a. The bidder may be an Original Equipment Manufacturer (OEM) engaged in manufacturing of Wi-Fi Hotspot Access Equipments or an Indian registered company System Integrator (SI) engaged in implementation of projects in the field of IT/Networking/Telecommunication having MoU with the OEM of Hot-spot Access Equipments. The SI must submit the copy of MoU along with the bid, which should clearly indicate the commitment of OEM for extending all types of technical support for their products for at least 7 years from the date of commissioning. In case the bidder is not an OEM/ OD (Original Developer) of Bandwidth control equipment (NAS/BRAS) and web portal, in such cases, a copy of MoU along with the bid, which should clearly indicate the commitment of OEM/OD of these components for extending all types of technical support for their products for at least 7 years from the date of commissioning shall be submitted. The SI may give in the bid the system integration works done by them in last two years. b. The bidder should have an annual Turnover of at least Rs.20 Crores during each of the last two years (2008-09 & 2009-10). The annual reports/ audited balance sheets should be submitted by the bidder in support of Turn Over. c. The solution quoted in the bid must have been successfully deployed and supported over at least 25 locations during last two year from the date of
submission of bids. A certificate from the Customers for successful implementation and support of Hot Spot solution must be submitted along with the bid. In case of SIs, experience of OEMs shall be applicable. d. The bidder should have Support Centres in Mumbai/ Navi Mumbai and Delhi/NCR for extending the services. In case the bidder is not having Support Centres in Mumbai/Navi Mumbai and Delhi/NCR, the same should be set up within 3 months from the date of empanelment. The details of support Centres or an undertaking to set up the same within 3 months from the date of empanelment shall have to be submitted by the bidder along with the bid. e. The bidders have to provide the information about any MoU/Agreement signed by them with any other Telecom Service Providers in Delhi & Mumbai for HotSpot solutions. f. The bidders who are already empanelled against MTNL EOI No. MTNL/2080(386)/2010-MM/ Wi-Fi Hotspot Dated 07.05.2010 are also required to participate in this EOI for getting empanelled.
5.0 5.1 5.2
ENGAGEMENT TERMS FOR SI & MTNL: For each requirement of customer, MTNL will issue a PO/Work Order to the successful bidder along with terms and conditions. IN CASE OF REVENUE SHARE ARRANGEMENT:a. (i) RESPONSIBILITY of OEM/SISupply, installation, commissioning, operation and maintenance of Wi-Fi Hotspot access equipments, Bandwidth control equipments (here onward called NAS), CPEs and web portal. Integration of NAS and web portal with Wi-Fi user centralized Authentication Servers, Prepaid billing system and Payment Gateways of MTNL. Submission of details of users on periodicity decided by MTNL. Co-operate and implement Lawful Interception and provide usage detail for such purposes. Payment of electricity and space charges (if applicable) at subscriber premises. RESPONSIBILITY OF MTNLProvision of internet bandwidth of the quantity, required by the OEM/SI, up to the gateway port of the NAS and the type of backhaul shall depend on the site finalized. Generate pre-paid vouchers from prepaid billing system. Facilitate integration of NAS and web portal with relevant systems of MTNL as given in para 5.2a (ii) above. Billing and payments Collection. JOINT RESPONSIBILITIES OF MTNL AND OEMs/SIsMarketing of services. Hot-spots may be co-branded as MTNL+Partner. Selling of pre-paid vouchers to retail customers. Collection of user verification documents from retail customers.
(ii) (iii) (iv) (v) b. (i)
(ii) (iii) (iv) c. (i) (ii)
(iii)
(iv)
Ensuring compliance to DoT guidelines on Wi-Fi network security no. 820I/2008-Ds Pt II Dated 23.02.2009.
Note: These responsibilities are dependent on the model of agreement i.e. revenue share or outright purchase. The extent and modalities for joint responsibilities will be laid down in the agreement. However, the empanelled partner(s) will be compulsorily required to participate in the bid enquiry process initiated by MTNL for revenue share on case by case basis. 5.3 IN CASE OF OUTRIGHT PURCHASEThe responsibility of the vendor shall be provision of Wi-Fi hotspot solution along with NAS, CPEs, Web portal etc. along with Integration & installation and commissioning, warranty and AMC support. 5.4 The short-listed vendors need to enter into an agreement with MTNL before award of each work. Empanelled vendor will adhere to SLAs which MTNL offers to its customers. Empanelled vendor will conduct technical seminar for MTNL Officers to make them conversant about their product capabilities vis--vis customer requirement. Empanelled vendor will demonstrate the capabilities of offered end-to-end services to customers. It shall be mandatory for empanelled SIs to quote their prices, whenever there is any requirement in MTNL. MTNL reserves the right to terminate the empanelment and to forfeit the Performance Security of such SIs who do not respond to the request for quotation by MTNL for any work during the period of empanelment. BID SECURITY (EMD): The bidder shall submit bid security of the amount of Rs.20,00,000/- in the enclosed format (Annexure I) at the time of submission of bid. The bidders (small scale units) who are registered with National Small Scale Industries Corporation UNDER SINGLE POINT REGISTRATION SCHEME are exempted from payment of bid security up to the amount equal to their monetary limit. In case of bidders having monetary limit as NO LIMIT, WITHOUT LIMIT, or MORE THAN Rs. 50 LAKHS, the exemption will be limited to Rs.50,00,000/- (Rupees Fifty Lakhs) only. A proof regarding current registration with NSIC for the TENDERED ITEMS will have to be attached along with the bid. The scanned copy of the bank guarantee for bid security and NSIC certificate shall be enclosed by the bidder in its bid and original copy of bank guarantee shall be submitted to Manager(MM-I), MTNL Corporate Office , Room No. 1314 Jeeven Bharti Building , Tower 1, Connaught Circus , New Delhi -110001, before scheduled date and time of opening of the bids. 6.2 The Bid Security should be valid for a period of 180 days from the date of bid opening. (For details of returns/adjustments/forfeiting, refer to clause 6.6, 6.7 and 6.8 below).
5.5 5.6
5.7
5.8
6 6.1
6.3
The bid security is required to protect the Purchaser (MTNL) against the risk of bidders conduct, which would warrant the forfeiture of the security, pursuant to Para 6.8. The bid security shall be in the form of a Bank Guarantee as per enclosed format issued by a Scheduled Bank of India in favour of the Purchaser. A bid not secured in accordance with Para 6.1, 6.2 and 6.3 shall not be opened by the Purchaser as it is non-responsive and the bid will be returned unopened. The bid security of the unsuccessful bidder will be returned as promptly as possible, but not later than 45 days after the expiry of the Bid-Security. The successful bidders bid security will be discharged upon the bidders acceptance of the offer of MTNL for empanelment and furnishing the performance security. The bid security may be forfeited: (a) If a bidder withdraws his bid during the period of validity specified in this document or (b) In the case of a successful bidder, if the bidder fails to sign the contract and furnish performance security. (c) In both the above cases, i.e. 6.8 (a) & (b), the bidder will not be eligible to participate in the tender for same item for one year from the date of issue of offer. The bidder will not approach the court against the decision of MTNL in this regard.
6.4
6.5
6.6
6.7
6.8
7. 7.1
PERIOD OF VALIDITY OF BIDS: Bid shall remain valid for 150 days after the date of bid opening prescribed by the Purchaser. A bid valid for a shorter period shall be rejected by the Purchaser as non-responsive. In exceptional circumstances, the Purchaser may request in writing the bidders unqualified/unequivocal consent for extension(s) to the period of bid validity. The request and the responses there-to shall be made in writing. The bid security provided under Clause 6 shall also be suitably extended. A bidder may refuse the request without forfeiting his bid security. The bidder accepting the request and granting extension will not be permitted to modify his bid. SUBMISSION OF RESPONSE AGAINST THIS EOI:
7.2
8.
8.1 The following documents are required to be submitted along with the EOI, wherever applicable. a) b) c) Annual reports/Balance Sheet of Last two years, together with copies of Audited Accounts, showing Turnover. Certificate of Incorporation with copy of Articles and Memorandum of Association Organizational Chart, infrastructural details and with the list of support centers (NOC) at Delhi/NCR and Mumbai/Navi Mumbai.
d)
e)
f) g) h)
Certificate of Experience from customers as defined in eligibility criteria along with customer details, project profile with dates, addresses and telephone numbers of the customer. MOU with OEM if applicable, clearly indicating the commitment of OEM to extend all types of support for 7 Years from date of commissioning for their equipment Clause by clause compliance of this EoI. Any other documents, the bidder like to submit in support of eligibility clause 4.0. One softcopy of complete proposal should be submitted in CD along with the proposal.
8.2
All costs & expenses associated with submission of proposal shall be borne by the bidder submitting the proposal and MTNL shall have no liability in any manner in this regard if it decides to terminate the process of short-listing for any reason whatsoever. The right to suspend the short listing process or part of the process to accept or reject any or all applications at any stage of the process and/ or to modify the process or any part thereof at any time without assigning any reason is reserved by MTNL without any obligation or liability whatsoever. CLARIFICATION OF BID DOCUMENTS A prospective bidder, requiring any clarification on the Bid Documents shall notify the Purchaser on line by using the e-procurement site of MTNL. The Purchaser shall respond in writing to any request for the clarification of the Bid Documents, which it receives latest by 29.12.2011. The query (without identifying the source) and clarifications by the Purchaser shall be posted on MTNLs website for information of all the prospective bidders. Any clarification issued by MTNL in response to query raised by prospective bidders shall form an integral part of bid documents and it may amount to an amendment of relevant clauses of the bid documents. The bidders are required to keep a watch on the MTNL Web Site w.r.t. any amendment in the tender document or to clarification to the queries raised by the bidders till a day prior to the opening of the tender. MTNL reserves the right for rejection of bids if the bids are submitted without taking into account these amendments/clarifications. Further bidder will be fully responsible for downloading of the tender document and amendments for their completeness. AMENDMENT TO BID DOCUMENTS At any time, prior to the date of submission of bids, the Purchaser may for any reason, whether at its own initiative or in response to a clarification requested by a prospective Bidder, modify/alter any terms & conditions of the bid documents by amendments as long as they are uniformly applied to all. The amendments shall be displayed on MTNLs web-site and these amendments will be binding on all the bidders.
8.3
9. 9.1
9.2
9.3
10. 10.1
10.2
10.3
In order to give prospective bidders reasonable time to take the amendments into account while preparing their bids or for any other reason, the Purchaser may, at its discretion, extend the last date / time for the submission of bids suitably. FORMAT AND SIGNING OF BIDS: The Bid shall be typed or printed, numbered sequentially and digitally signed by the bidder or a person or persons duly authorized to bind the bidder to the contract. An index of various documents and page no. where it is available, shall be given .The letter of authorization shall be indicated by written power-of-attorney. The copy of power of attorney shall be enclosed along with the bid and original power of attorney shall be submitted along with Bid Security to Manager (MM-I) MTNL Corporate Office , Room No. 1314, Jeevan Bharti Building Tower-I , Connaught Place New Delhi. SEALING AND MARKING OF BIDS: Bids along with documents as indicated in clause 8 shall be digitally submitted in the format prescribed by MTNL. The supporting documents shall be suitably mapped along with the format. Tender Opening: Tender will be opened online by the designated tender opening committee of MTNL on the schedule date and time of opening of the bids. The representative of the bidders may attend the bid opening either online after logging on to the MTNL's E-Procurement portal or at MTNL premises. SUBMISSION OF BIDS: Bids must be received by the Purchaser not later than 15:00 hrs. on 19.01.2012. The Purchaser may, at its discretion, extend this deadline for the submission of bids by amending the Bid Documents in accordance with clause 10 in which case all rights and obligations of the purchaser and bidders previously subject to the deadline will thereafter be subjected to the deadline as extended. The bidder shall submit his bid offer against a set of bid documents downloaded by him for all or some of the systems/equipment as per requirement of the Bid Documents. He may include alternate offer, if permissible as per the bid. However not more than one independent and complete offer shall be permitted from the bidder. The bidders shall submit a hard copy of the bid also before the due date and time of submission of the bids. The hardcopy shall be referred only in case the eprocurement system does not function properly. In the event of any discrepancy between the hard copy and the soft copy submitted online, the soft copy shall govern/prevail. LATE BIDS: E-procurement system is date and time locked. The system will not accept any bid after the scheduled date and time of submission of the bids. MODIFICATIONS AND WITHDRAWAL OF BIDS The bidder may modify or withdraw his bid after submission prior to the deadline prescribed for submission of bids.
11.
12. 12.1
12.2
13. 13.1 13.2
13.3
13.4
14.
15. 15.1
15.2 16. 16.1
No bid shall be modified subsequent to the deadline for submission of bids. OPENING OF BIDS BY PURCHASER: The purchaser shall open bids at 15:00 hrs on due date. The bidders representatives (maximum two) who choose to be physically present at MTNL premises shall sign in an attendance register. Authority letter to this effect shall be submitted by the bidders before they are allowed to participate in bid opening. If the date fixed for opening of bids, is subsequently declared as holiday by MTNL, a revised date of opening will be notified. However, in absence of such notification, the bids will be opened on next working day, time and venue remaining unaltered. PERFORMANCE SECURITY The supplier shall furnish performance security to the purchaser for an amount of Rs. 50,00,000/- within 14 days from the date of issue of offer for empanelment by MTNL. This shall be valid initially for Three years and MTNL reserves the right to get it extended. It will be endeavour of MTNL to award the work as per its requirement from market, however no assurance on awarding a certain value of projects can be predicted. The proceeds of the performance security shall be payable to the Purchaser as compensation for any loss resulting from the suppliers failure to complete its obligations under the contract. The performance Bond shall be in the form of Bank Guarantee issued by a scheduled Bank and in the form provided in Annexure-II of this Bid Document. The performance security Bond will be discharged by the Purchaser after completion of the suppliers performance obligations including any warranty obligations under the contract. No separate performance security shall be collected by units on placement of total work orders up to a total value of Rs. 5 Crore by each unit of Delhi & Mumbai to one bidder. Over and above this amount a 5% PBG shall be submitted. PAYMENT TERMS: IN CASE OF REVENUE SHARE
16.2
17. 17.1
17.2
17.3
17.4
17.5
18. (I)
A. All offers to the customers will be made in the name of MTNL. No direct payment shall be collected by the vendor in the name of MTNL. B. The subscriber/customer will make all payment of usage charges and customer end equipment to MTNL (either in lump sum or in installment as per the prevailing policy of MTNL). C. Revenue share arrangement will be there between MTNL and the vendor. The Revenue share shall be done on the revenue collected by MTNL after deduction of applicable govt. duties and taxes e.g. service tax etc. D. The revenue share will commence with the commercial launch of services and continue until the end of the agreement period. All information in respect of revenues
10
arising out of running the services as per this EOI and subsequent Agreement shall be disclosed to either party for the purposes of revenue sharing and reconciliation to this effect would be done monthly with mutual consultation. (II) IN CASE OF OUTRIGHT PURCHASE Payment shall be made in Indian Rupees. Payment can also be considered for release in US$ or other foreign currency equivalent to value in Indian Rupees and made through Telegraphic Transfer (TT) with cost of TT to be borne by the supplier. This is subject to exchange control regulations in India. Payment Terms shall be as follows. A. (a) FOR GOODS (HARDWARE/ SOFTWARE) Payment of 80% of the price (excluding CENVAT-able duties and taxes) shall be made on the receipt of goods by consignee in good condition and installation & commissioning or commercial use of the hardware, whichever is earlier. For claiming this payment the following documents are to be submitted to the paying authority:Invoice clearly indicating breakup details of composite price i.e. basic price, Sales Tax and other non CENVAT-able Duties and Taxes, Freight/Packing Charges etc. (ii) Inspection certificate of the goods issued by bidder / authorized person(s) or the MTNLs authorized representatives as the case may be. (iii) Packing List. (iv) Suppliers Certificate that the amounts in the invoice are correct in terms of the contract and that all terms and conditions of the contract have been complied with. (v) Consignees certificate that equipment has been received in good condition. The consignee shall issue the receipt of equipment only after the production of Excise/Custom Gate Pass by the supplier. (vi) Installation and commissioning certificate or certificate regarding commercial deployment of the system from user unit. (b) Balance 20% (excluding CENVAT-able duties and taxes) payment shall be made after one year from the due date of 80% payment as given in (a) above.. FOR SERVICES:For Installation & Commissioning: 100% Payment (excluding CENVAT-able duties and taxes) for installation & commissioning shall be made after the equipment has been commissioned & taken over. C. FOR AMC:The payment (excluding CENVAT-able duties and taxes) shall be made on three monthly (quarterly) basis after successful execution of the work under AMC agreement in the previous quarter. D. (i) Form-C and also a certificate stating that the tendered item (stores) are meant for the use of MTNL shall be provided by the purchaser on the request of the bidder as and when asked for. (i)
B.
11
(ii)
No payment will be made for goods rejected at the site on testing.
(iii) Payment of CENVAT-able duties and taxes shall be released as per actuals on production of proof of payment by the supplier with necessary supporting documents i.e. excise/customs invoices etc. in respect of the Duties/taxes which are CENVAT-able. The prices quoted by the bidder shall be in sufficient detail (including details of CENVAT-able & non CENVAT-able duties) to enable the MTNL to arrive at the price of equipment/system/services offered. It is mandatory to quote CENVAT-able duties as per prevailing duties at the time of submission of the financial bid. If the supplier fails to furnish necessary supporting documents i.e. Excise/Custom invoices etc. in respect of the Duties/taxes which are CENVAT-able, the amount pertaining to such Duties/Taxes will not be paid. 19. 19.1 MAINTENANCE AND SUPPORT SERVICES: Vendor shall provide on-site maintenance, call support, Warranty/AMC and support services to MTNL in respect of the Equipment /Network supplied/ deployed by them. Vendor shall carry out quarterly preventive maintenance by visiting each project site. Vendor shall provide to MTNL 24 hrs, 7 days a week either web based or IVRS based help centre. For emergency cases, specifically for situation where critical node is down, vendor shall ensure that the consultation, assistance and advice within four hours for severity level A and eight hours for severity level B or as defined in SLA entered with the customer. Sufficient spares need to be kept with the vendor to address any equipment related problem within 4 hours for severity level A and 8 hours for severity level B. All software patches and up gradations for seven years from the date of commissioning shall be provided free of cost. The terms and conditions for AMC after one year warranty is enclosed vide Annexure IV for outright purchase. Same terms and conditions would be applicable for revenue share arrangement except for AMC payments, which will have to be borne by the vendors from their revenue share. However, the maximum value of penalty that can be imposed in revenue share model shall not exceed 3 % of the revenue share of the vendor for that month. SUSPENSION, REVOCATION OR TERMINATION : MTNL reserves the right to suspend the operation of the agreement, at any time, without assigning any reason. MTNL may, without prejudice to any other remedy available for the breach of any conditions of agreement, by a written notice of one month issued to the vendor at its registered office, terminate/ or suspend this agreement under any of the following circumstances: If the vendor fails to perform any obligation(s) under the agreement; If the vendor fails to rectify, within the time prescribed, any defect as may be pointed out by MTNL.
19.2 19.3
19.4
19.5
19.6
20. 20.1 20.2
12
20.3
Non adherence to SLA which MTNL has committed to customer If the vendor Goes into liquidation or ordered to be wound up by competent authority In case of breach of security.
It shall be the responsibility of the vendor to maintain the Quality of Performance of Solution, even during the period when the notice for surrender/termination of agreement is pending and if the Quality of Performance of Solution is not maintained, during the said notice period, it shall be treated as material breach liable for termination at risk and consequent of the vendor and Performance Bank Guarantee shall be forfeited, without any further notice. Breach of non-fulfillment of agreement conditions may come to the notice of MTNL through complaints or as a result of the regular monitoring. Wherever considered appropriate, MTNL may conduct an inquiry either suo-moto or on complaint to determine whether there has been any breach in compliance of the terms and conditions of the agreement by the vendor and upon such inquiry, SI shall extend all reasonable facilities and shall endeavor to remove the hindrance of every type. After giving notice to the vendor MTNL may encash the PBG on breach of SLA, breach of contract, non adherence to the maintenance time lines etc. After the expiry of initial agreement period of two year, MTNL reserves the right to refuse the request for extension, modify some/ all the clauses of the agreement after mutual discussion. NON-ADHERENCE TO SLAs: If due to failure on the part of the vendor, MTNL could not meet the SLA conditions then, MTNL may deduct from vendors balance payment or from Security deposits, the amount which MTNL needs to pay to customer on account of non-adherence to SLA. TERMINATION FOR INSOLVENCY: The Purchaser may at any time terminate the contract by giving written notice to the Supplier, without compensation to the Supplier, if the supplier becomes unwilling, bankrupt or otherwise insolvent, provided that such termination will not prejudice or affect any right of action or remedy which has accrued or will accrue thereafter to the purchaser FORCE MAJEURE: If at anytime, during the continuance of this contract, the performance in whole or in part by either party of any obligations under this contract shall be prevented or delayed by reason of any war, or hostility, acts of the public enemy, civil commotion, sabotage, fires, floods, explosions, epidemics, quarantine restriction, strikes, lockouts or act of God (Hereinafter referred to as events) provided notice of happenings, of any such eventuality is given by the either party to the other within 21 days from the date of occurrence thereof, neither party shall by reason of such event be entitled to terminate this and contract shall be resumed as soon as practicable after such event may come to an end or cease to exist, and the decision of the MTNL as to whether the deliveries have been so resumed or not shall be final and conclusive, provided further that if the performance in whole or part of any obligation under this contract is prevented or delayed by reason of any such event for a period exceeding 60 days either party may, at its option terminate the contract.
20.4
20.5
20.6
20.7
21. 21.1
13
21.2
Provided also that if the contract is terminated under this clause, the purchaser shall be at liberty to take over from the contractor at a price to be fixed by the Purchaser, which shall be final, all unused, undamaged and acceptable materials, bought out components and stores in course of manufacturer in possession of the contractor at the time of such termination of such portions thereof as the purchaser may deem fit excepting such materials / bought out components and stores as the contractor may with concurrence of the purchaser elect to retain. ARBITRATION In the event of any question, dispute or difference arising under this agreement or in connection there-with (except as to the matters, the decision to which is specifically provided under this agreement), the same shall be referred to the sole arbitration of the CMD, MTNL or in case his designation is changed or his office is abolished, then in such cases to the sole arbitration of the officer for the time being entrusted (whether in addition to his own duties or otherwise) with the functions of the CMD, MTNL or by whatever designation such an officer may be called (hereinafter referred to as the said officer), and if the CMD or the said officer is unable or unwilling to act as such, then to the sole arbitration of some other person appointed by the CMD or the said officer. The agreement to appoint an arbitrator will be in accordance with the Arbitration and Conciliation Act 1996. There will be no objection to any such appointment on the ground that the arbitrator is a Government Servant or that he has to deal with the matter to which the agreement relates or that in the course of his duties as a Government Servant he has expressed his views on all or any of the matters in dispute. The award of the arbitrator shall be final and binding on both the parties to the agreement. In the event of such an arbitrator to whom the matter is originally referred, being transferred or vacating his office or being unable to act for any reason whatsoever, the CMD, MTNL or the said officer shall appoint another person to act as an arbitrator in accordance with terms of the agreement and the person so appointed shall be entitled to proceed from the stage at which it was left out by his predecessors. The arbitrator may from time to time with the consent of both the parties enlarge the time frame for making and publishing the award. Subject to the aforesaid, arbitration and Conciliation Act, 1996 and the rules made there under, any modification thereof for the time being in force shall be deemed to apply to the arbitration proceeding under this clause. The venue of the arbitration proceeding shall be the office of the CMD, MTNL, New Delhi or such other places as the arbitrator may decide. SET OFF: Any sum of money due and payable to the supplier (including security deposit refundable to him) under this contract may be appropriated by the purchaser or the MTNL or any other person(s) contracting through the MTNL and set off the same against any claim of the Purchaser or MTNL or such other person or person(s) for payment of a sum of money arising out of this contract or under any other contract made by the supplier with the Purchaser or MTNL or such other person(s) contracting through the MTNL.
22. 22.1
22.2
22.3
23.
14
23.
MTNL reserves its rights to remove from list of approved suppliers / contractors or to ban business dealings if any bidder/contractor who has been found to have committed misconduct and also to suspend business dealings pending investigation. OTHER TERMS AND CONDITIONS: DELIVERY SCHEDULE: A. IN CASE OF REVENUE SHARE:The commissioning of works at Customers premises will be done by the empanelled vendor. The supply and commissioning of the equipment must complete at site within the timeframe promised to customer by MTNL and it will be a maximum timeframe of 3 months. B. IN CASE OF OUTRIGHT PURCHASE:Completion of Supplies and : Commissioning including Testing Within 3 months from the date of issue of PO/Work order
25. 25.1
25.2
In case of outright purchase, should the vendor fail to install and commission the project (or supply the equipment wherever only equipment supply is ordered) within the stipulated time the MTNL shall be entitled to recover 0.5% of the value of the purchase order for each week of delay or part thereof for a period up to 10 (TEN) weeks and thereafter @ 0.7% of the value of purchase order for each week of delay or part thereof for another 10 (TEN) weeks of delay. However, this penalty shall be limited to a maximum of 12% of the value of the order. In case of revenue share arrangement, the penalty mentioned in this clause shall be charged from the revenue share of the vendor and penalty percentage may be treated as 0.5% for each week for each week of delay, upto a maximum of 12% of his share. In case of revenue share model, the penalty shall be applicable for one year only and from next year, the vendor shall get complete revenue share due to him. Empanelled vendor will depute appropriate resources to monitor and manage the progress of the project to execute the work in stipulated time. In case of outright purchase, the empanelled vendor shall provide warranty support for one year. The cost of warranty should be included in the price of equipment. The AMC support of six year after warranty shall also be provided by SI on chargeable basis for which they will quote in their financial bid. EVALUATION PROCESS a. The vendor who brings a customer to MTNL will be given a preference in terms of ranking only, in the bidding process for that particular work. An addition of 5% shall be done in the share of MTNL quoted by such bidder. After application of this criterion, the award of work shall be done to the bidder offering highest revenue share to MTNL. However, during award of work revenue share to MTNL shall be that of highest quote available in bids. This is explained in following example:
25.3
25.4
25.5
15
Suppose four vendors have offered revenue share against a work asVendor A B C D MTNLs Share 55 58 60 62 Vendors Share 45 42 40 38
In case the vendor C has brought customer to MTNL, the bids shall be considered in following fashion, for evaluation purpose-
Vendor A B C D
MTNLs Share 55 58 65 62
Vendors Share 45 42 35 38
The vendor C becomes the winning bidder. However, for ordering purpose, the revenue share shall be applicable in the ratio of 62:38 for MTNL and vendor respectively. In case, the winning bidder refuses to accept the offer, the inter-se ranking shall be redrawn and the award of work shall be done to the bidder offering highest revenue share to MTNL. b. It may happen that there may be two or more winning bidders offering same highest revenue share to MTNL. Such cases may be categorized as follows: (I) Scenario A (One of the winning bidder has brought customer to MTNL) Priority shall be given to the bidder who has brought customer to MTNL for award of the work for which the bids were called. (II) Scenario B (None of the winning bidder has brought customer to MTNL) It would be the sole discretion of MTNL to award the work based on performance/ technical solution etc. c. MTNL shall endeavor to go for revenue share model for the cases where empanelled vendor brings customer to MTNL. The empanelled bidder can bring in any proposal to make any property like Hotels, Conference Halls etc. WiFi enabled. d. For outright purchase, MTNL will award the work to the lowest bidder. e. It shall be sole discretion of MTNL to go for outright purchase or revenue share model and no request from the vendors shall be entertained in this regard. f. In case of multiple empanelled partners the evaluation process shall be as elaborated above.
16
TECHNICAL DETAILS 26.0 Integration with existing systems of MTNL: The vendor shall integrate its components i.e. access network, NAS, web portal etc. with following systems of MTNLa. Billing system of M/s Elitecore. b. Payment gateway c. The bidder has to interface with the centralised Authentication System of MTNL for WiFi users. The PO for the same has already been placed on M/s. Vayam Technologies Ltd. and expected to be commissioned within 6 months. d. The extent of coverage at each hot-spot shall be decided by the MTNL. 27.0 Procedure for provisioning of service: The following procedure shall be followed for provisioning of service for a Public hot spot Wi-Fi user: a. For entering the network, users will install the dialer software (using the CD Or an additional Guest-SSID to connect and download the dialer from the subscriber portal) given to hot spot admin. The software registers itself with single click to the client laptop/PC and requests for the username and password. Subscriber is asked to send a SMS to the specified number of the SMS gateway from his/her mobile to receive the username & password. User sends the predefined code to the SMS gateway and receives the username & password. SMS gateway communicates with centralized server and the server generates Wi-Fi Dialer username & password, and adds the user in its user database. For public Wi-Fi users the authentication system shall link the user ID and password of the user with his/her mobile number. For DSL subscribers, the userIDs and Passwords of various users (child passwords) with the main userID and Password (Parent Password). The bidders are free to offer any Wi-Fi Dialer. Wi-Fi Dialer shall be smart enough to create profile automatically based on the WPA/WPA2 preferences configured for the access points. E.g. suppose access point is configured based on TTLS/MS-CHAP2 protocol then Wi-Fi Dialer will automatically communicate and create profile accordingly. It shall handle the complex technical details automatically and provide a simplified interface to the user. User remains liable for specifying the user credentials only. Subscriber enters the Wi-Fi Dialer username & password received from the SMS gateway in the Wi-Fi Dialer.
b.
c.
d.
e.
17
f.
On successful WPA/WPA2 authentication user will be allowed to enter the LAN network. The Flow diagram shall be as follows:
g.
Note: The empanelled vendors shall be free to propose any alternate solution in respect of dialer client and Authentication for hot-spot users, which complies to DOT Wi-Fi Security guidelines refereed in Clause 5.2c(iv). 28.0 Web Self Care: This shall work as interface between MTNL and Wi-Fi user. Any prospective user coming into MTNL public hotspot shall be presented a webpage portal giving details of Wi-Fi services, tariffs and procedure to subscribe to the services. The link to payment gateway and to download the dialer shall also be presented to the prospective user. The other features of the web self care shall be as follows: a. The subscriber shall be able to check his Wi-Fi account details. b. Shall be able to change his password. c. Shall be able to create new Wi-Fi accounts through Captive/Web portal.
18
d. Shall be able to display the complete information includes IP address using which the subscriber logged in as well as the MAC address of the subscriber (if MAC binding option is selected). e. For security reasons it shall suggest subscribers to regularly change or update their password. f. It shall allow subscribers to update personal details and contact information. g. Proposed customer Web self care for Wi-Fi users should integrated seamlessly with existing customer Web self care deployed in MTNL for broadband services. 29.0 The offered system shall be dual stacked (having and working for IPv4 & IPv6 stacks). The extent of coverage at each hot-spot shall be decided by the MTNL. The bidder shall be required to sign an agreement as per template as per Annexure-V on Rs. 50/- Non Judicial Stamp Paper. The vendor shall furnish a Security Bank Guarantee (SBG) in the format provided in Annexure-VI at the time of Acceptance of APO from a scheduled Bank for the value of the Advance Purchase Order initially valid for 3 years and the same shall be extended time to time till the scrapping/de-commissioning of the equipment. In case of any security breach, the SBG shall be encashed by MTNL. The SBG shall be released after scrapping /de-commissioning of the equipment. In the event of forfeiture of the existing Security Bank Guarantee submitted by the Vendor/Supplier under the provisions of the Agreement for security concerns, the Vendor/Supplier shall submit a fresh SBG of the same amount and validity.
30.0 31.0
32.0
33.0
34.0
*****
19
ANNEXURE I BID SECURITY FORM Whereas .................................. (hereinafter called the Bidder) has submitted its bid dated............for the supply of ........................ vide Tender No dated............ KNOW ALL MEN by these presents that WE ....................... OF .................... having our registered office at .................(hereinafter called the Bank) are bound unto MAHANAGAR TELEPHONE NIGAM LIMITED (hereinafter called the Purchaser) in the sum of Rs.................... for which payment will and truly to be made of the said Purchaser, the Bank binds itself, its successors and assigns by these present. THE CONDITIONS of the obligation are: 1. If the bidder withdraws his bid during the period of validity specified in this document or In the case of a successful bidder, if the bidder fails to sign the contract and furnish performance security.
2.
We undertake to pay to the Purchaser up to the above amount upon receipt of its first written demand, without the purchaser having to substantiate its demand, provided that in its demand, the purchaser will note that the amount claimed by it is due to it owning to the occurrence of one or both of the two conditions, specifying the occurred condition or conditions. This guarantee will remain in force as specified in clause 6 of the Bid Document up to and including THIRTY (30) days after the Period of bid validity and any demand in respect thereof should reach the Bank not later than the specified date/dates. Signature of the Bank Authority. Name Signed in Capacity of Name & Signature of witness Address of witness *** Full address of Branch Tel No. of Branch Fax No. of Branch
20
ANNEXURE-II PROFORMA FOR PERFORMANCE BANK GUARANTEE To MTNL In consideration of the MTNL having agreed to sign an agreement with M/s_____________________________________________ to ________________________________ (hereinafter called SI) to supply, configure and maintain the customer end equipment for End to End Solution offered by MTNL (hereinafter called the Service) to MTNL subscribers as per the agreement No. ____________________ (hereinafter called the said agreement) on the terms and conditions contained in the said agreement, which inter-alia provides for production of a Bank Guarantee to the extent of Rs.__________________ (in words _________________________) for the service by way of security for the due observance and performance of the terms and conditions of the said agreement. We _______________ (indicate the name and address and other particulars of the Bank) (hereinafter referred to as the Bank) at the request of SI hereby irrevocably and unconditionally guarantee to MTNL that SI shall render all necessary and efficient services which may be required to be rendered by SI in connection with and/or for the performance of the said SI and further guarantees that the service which shall be provided by SI under the said agreement, shall be actually performed in accordance with terms & conditions of SI to the satisfaction of the MTNL. 2. We, the Bank, hereby undertake to pay MTNL an amount not exceeding Rs. (Rupees only) against any loss or damage caused to or suffered or would be caused to or suffered by MTNL by reason of any breach by the said SI of any of the terms and conditions contained in the said agreement including failure to extend the validity of this guarantee or to give a fresh guarantee in lieu of the existing one. 3. We, the Bank hereby, in pursuance of the terms of the said agreement, absolutely, irrevocably and unconditionally guarantee as primary obligor and not merely as surety the payment of an amount of Rs._________________________ (Rupees _____________________ Only) to the MTNL to secure due and faithful performance by SI of all his/their obligations under the said agreement. 4. We, the Bank hereby also undertake to pay the amounts due and payable under this guarantee without any demur, merely on a demand from the MTNL stating that the amount claimed is due by way of loss or damage caused or would be caused to or suffered by the MTNL by reason of breach by the said SI of any of the terms or conditions contained in the said agreement or by reason of SI's failure to perform any of its obligations under the said agreement. 5. We, the Bank, hereby agree that the decision of the MTNL as to whether SI has failed to or neglected to perform or discharge his duties and obligations as aforesaid and/or whether the service is free from deficiencies and defects and is in accordance with or not of the terms & conditions of the said agreement and as to the amount payable to the MTNL by the Bank hereunder shall be final and binding on the Bank.
21
6.
WE, THE BANK, DO HEREBY DECLARE AND AGREE that:
(a) The Guarantee herein contained shall remain in full force and effect for a period of one and half years from the date hereof and that it shall continue to be enforceable till all the dues of the MTNL and by virtue of the said agreement have been fully paid and its claims satisfied or discharged or till MTNL satisfies that the terms and conditions of the said agreement have been fully and properly carried out by the said SI and accordingly discharged this guarantee. (b) The MTNL shall have the fullest liberty without our consent and without affecting in any manner our obligations hereunder to vary any of the terms and conditions of the said agreement or to extend time of performance of any obligations by the said SI from time to time or to postpone for any time or from time to time any of the powers exercisable by the MTNL against the said SI and to forbear or to enforce any of the terms and conditions relating to the said agreement and we shall not be relieved from our liability by reason of any variation or extension being granted to the said SI or forbearance act or omission on the part of the MTNL or any indulgence by the MTNL to the said SI or to give such matter or thing whatsoever which under the law relating to sureties would but for this provision, have effect of so relieving us. (c) Any claim which we have against SI shall be subject and subordinate to the prior payment and performance in full of all the obligations of us hereunder and we will not without prior written consent of the MTNL exercise any legal right or remedy of any kind in respect of any such payment or performance so long as the obligations of us hereunder remains owing and outstanding. (d) This Guarantee shall be irrevocable and the obligations of us herein shall not be conditional of any prior notice by us or by SI. 7. We the BANK undertake not to revoke this Guarantee during its currency except with the previous consent of the MTNL in writing. 8. Notwithstanding anything contained above, our liability, under the Guarantee shall be restricted to Rs. and our Guarantee shall remain in force until . year from the date hereof. Unless a demand or claim under this Guarantee is made on us in writing within this date i.e. all your rights under the Guarantee shall be forfeited and we shall be released and discharged from all liabilities there under. Dated_______________ day ________________ for _____________________ (Name of the Bank) Witness: 1.. .. 2..
22
ANNEXURE III FORMAT FOR SUBMISSION OF PROPOSAL The bidders have option to get empanelled either for revenue share arrangement or for outright purchase or for both in any/both of two cities i.e. Delhi and Mumbai. The bidder shall submit their case of empanelment in the following tables-
A. For Delhi Name and address of Bidder Empanel For outright purchase (Yes/No) Empanel For Revenue Share (Yes/ No)
B. For Mumbai Name and address of Bidder Empanel For outright purchase (Yes/No) Empanel For Revenue Share (Yes/ No)
Note: The Delhi and Mumbai units shall call the financial bids from the technocommercially responsive bidders either on outright purchase model or revenue share model as per their decision.
23
ANNEXURE-IV
ANNUAL MAINTENANE CONTRACT AGREEMENT FOR (----name of work----)
This agreement is made on the ________ day of ______(year) to be effective from ___________ between M/s. Mahanagar Telephone Nigam Limited a company registered under the Companies Act 1956 having licence to provide all types of services of Telegraph and having its registered office at 12th Floor, Jeevan Bharti Building Tower-I, 124 Connaught Circus New Delhi-I (hereinafter called MTNL) of the ONE PART and ______________ a company registered under the Companies Act 1956 and having its registered office at _____________________ (hereinafter called SUPPLIER which expression shall unless repugnant to the context, include its successors in business, legal representatives and administrators or permitted assigns) of the OTHER PART. WHEREAS, MTNL has placed purchase order on the SUPPLIER vide No. _________ dated ________ for supply, installation, commissioning & Annual Maintenance of ----name of work---- against tender No._________, dated_____________. WHEREAS the SUPPLIER has made the offer to duly comply with all the provisions of the Bid Document, including those pertaining to Post Warranty Annual Maintenance Contract, after making himself fully aware and understanding fully the implications of the terms and conditions and specifications mentioned therein and which has been accepted by MTNL on the terms and conditions mentioned hereafter and after ascertaining that the SUPPLIER is fully capable of complying with the aforesaid terms of the Bid Document. NOW the AGREEEMENT WITNESSETH as follows: 1.0 1.1 PERIOD OF VALIDITY OF THE AGREEMENT. This Agreement shall remain in force for six years from the date of completion of one year warranty, while at the same time the term and conditions of this agreement except for payment of charges to the SUPPLIER shall also apply during warranty period. Extension of this Agreement shall be negotiable for the second term depending on the performance of the SUPPLIER during the period of the initial term. In addition to complying with all the terms and conditions recorded in the Bid Document, the SUPPLIER hereby agrees and unequivocally undertakes to fully comply with all the terms and conditions stipulated in this Agreement and without any deviation or reservations of any kind. Unless otherwise mentioned or appearing from the context, the Tender (Bid) Document and any clarifications thereof and the purchase order shall form part and parcel of this agreement, provided that in case of conflict or inconsistency on any issue relating to this Agreement, the terms set out in the body of this agreement with schedules and Annexure thereto shall prevail.
1.2 2.
3.
24
4.
During the period of AMC the SUPPLIER shall inter alia: i) ii) iii) iv) v) vi) vii) Diagnose the hardware and software faults. Rectify the hardware/software faults detected. Repair and replace the faulty PCB and any other equipment or part thereof. Carry out the periodic preventive maintenance. Upkeep the software periodically. Create customized reports. Provide patches and upgradation of software of the system.
5.
6. 7.
8.
The supplier shall prepare the schedule of preventive maintenance for each quarter and shall submit the same to MTNL in advance. The preventive maintenance shall not affect the normal functioning of the system. The SUPPLIER shall provide all software patches to meet the tender requirements of MTNL, free of cost as a part of the AMC as well the maintenance. The SUPPLIER shall be solely responsible for the maintenance, repair & upgradation of the software/hardware systems, equipments and parts thereof as the case may be and MTNL shall not be liable to interact with any of the partners/ collaborators or subcontractors of the SUPPLIER. The successful bidder has to strictly ensure full availability of services during the service/maintenance period.
REPAIR AND MAINTENANCE: 8.1 TECHNICAL SUPPORT CENTRE: The SUPPLIER shall have Technical support Centers in each Delhi & Mumbai to meet the criteria for fault restoration/faulty Unit repair times as mentioned in the AMC. The SUPPLIER shall furnish the names, locations, complete postal address, Telephone numbers and FAX numbers of all Technical support Centers at the time of signing this Agreement. Any change in Address, Phone number, FAX Number etc shall have to be intimated in writing by the SUPPLIER to the concerned In-charge of the IT unit, Delhi & Mumbai and MTNL Corporate Office at the earliest. 8.2 RESPONSIBILITIES OF TECHNICAL SUPPORT CENTRE:
8.2.1 The SUPPLIER shall ensure that all the Technical support centers are manned by fully competent and responsible Engineers and are: (i) Capable of giving all types of necessary technical guidance/assistance over phone to the respective Node. Capable of attending the faults at the MTNL sites whenever needed by deputing competitive technical expert.
(ii)
8.2.2
The SUPPLIER shall also ensure that Technical support Centres are manned and are able to provide service to MTNL round the clock, all the seven days of the week throughout the year. The level of service provided to MTNL shall not go down during nighttime or due to any day being holiday, or for any other reason.
25
9.
The SUPPLIER shall ensure that a sufficient stock is maintained as spare stock at the Technical support Centers. AMC CHARGES AND PAYMENTS: The charges for AMC will be as given in the purchase order. A copy of the same is enclosed at Appendix C. (to be made part of the agreement at the time of signing this agreement) PBG for AMC is required before entering into contract for AMC. For fulfilling the above obligations, the following procedure shall be followed for paying the SUPPLIER the charges for the services rendered by the SUPPLIER under this Agreement. Bills for AMC shall be paid by MTNL in advance for each of following quarter, after successful execution of the works under this Agreement in previous quarter. All payments shall be made by MTNL after deducting penalties if any. For this purpose, MTNL shall designate nodal officers from Delhi & Mumbai respectively. MTNL reserves the right to adjust any over-payment of AMC charges in any quarter, any time during the period of AMC. FORCE MAJEURE Neither MTNL nor the SUPPLIER shall be liable to the other for any delay in or failure of performance of their respective obligation under the agreement caused by occurrences beyond the control of MTNL or the SUPPLIER including but not limited to fire (including failure or reductions), acts of God, acts to the public enemy, was, insurrections, riots, strikes, lockouts, sabotage, any law, status or ordinance, thereof of any other local authority, or any compliance therewith or any other causes ,contingencies of circumstances similar to the above. Either party shall promptly but not later than twenty days thereafter notify the other of the commencement, and cessation of such contingencies, and if such contingencies continues beyond three months. Both parties agree upon the equitable solution for termination of this agreement or otherwise decide the course of action to be adopted.
10. 10.1
10.2 10.3
10.4
10.5
10.6
11.
12.1
Any fault in the equipment/system affecting the availability of service shall be categorized as Severity Level A and shall be rectified within four hours of its reporting to the supplier. Faults at any of the sites causing slow performance as a whole shall be categorized as Severity Level B and shall be rectified within twenty four hours of reporting to the supplier. The time for restoration of fault will be counted from the time of reporting of fault to the technical support centre.
12.2
12.3
26
13. 13.1
Penalties: If the supplier fails to restore the fault within the time limit specified in clause 12 above, following penalties shall be applicable Severity Level A B Penalty per hour of delay/ Rs.200/Rs.100/(Delay will be counted in steps of one hour).
13.2
The penalty shall be deducted from the quarterly bills. The maximum value of penalty for fault in nodes shall not exceed 20% of AMC amount in that quarter. After the expiry of annual maintenance contract, it shall be optional for MTNL not to enter the AMC contract further with the contractor. If MTNL is not satisfied with the performance of the SUPPLIER during AMC it reserves the right to terminate the AMC during its currency, after giving three months notice to the SUPPLIER and in such an event the vendor will hand over all the spares. TERMINATION FOR INSOLVENCY: The Purchaser may at any time terminate the contract by giving written notice to the Supplier, without compensation to the Supplier, if the supplier becomes unwilling, bankrupt or otherwise insolvent, provided that such termination will not prejudice or affect any right of action or remedy which has accrued or will accrue thereafter to the purchaser. DISPUTES & ARBITRATION:
14.
15.
16.
17.
17.1 In the event of any question, dispute or difference arising under this agreement or in connection there-with (except as to matter the decision of which is specifically provided under this agreement), the same shall be referred to sole arbitration of the CMD, MTNL or in case his designation is changed or his office is abolished then in such case to the sole arbitration of the officer for the time being entrusted (whether in addition to his own duties or otherwise) with the functions of the CMD MTNL or by whatever designation such officers may be called (hereinafter referred to as the said officer) and if the CMD MTNL or the said officer is unable or unwilling to act as such the sole arbitration or some other person appointed by the CMD MTNL or the said officer. The agreement to appoint an arbitrator will be in accordance with the Arbitration and Conciliation Act, 1996. There will be no objection to any such appointment on the ground that the arbitrator is MTNL Servant or that he has to deal with the matter to which the agreement relates or that in the course of his duties as MTNL Servant he has expressed views on all or any of the matter under dispute. The award of the arbitrator shall be final and binding on the parties to the agreement. In the event of such arbitrator to whom the matter is originally referred, being transferred or vacating his office or being unable to act for any reasons whatsoever the CMD MTNL or the said officer shall appoint another person to act as arbitrator in accordance with terms of the
27
agreement and the person so appointed shall be entitled to proceed from the stage at which it was left out by his predecessors. 17.2 The arbitrator may from time to time with the consent of parties enlarge the time for making and publishing the award. Subject to aforesaid Arbitration and Conciliation Act, 1996 and the Rules made thereunder, any modification thereof for the time being in force shall be deemed to apply to the arbitration proceeding under this clause. The venue of the arbitration proceeding shall be the Office of the CMD MTNL or such other Places as the arbitrator may decide. Any party shall not use any information obtained from other party during the course of dispute resolution process under this clause for any purpose other than to resolve the dispute and such information shall not be used in any litigation. Both parties disputes by dispute that resolution of agreement. SET OFF: Any sum of money due and payable to the SUPPLIER (including security deposit refundable to him) under this contract may be appropriated by the purchaser or the MTNL or any other person or persons contracting through the MTNL and set off the same against any claim of the Purchaser or MTNL or such other person or persons for payment of a sum of money arising out of this contract or under any other contract made by the SUPPLIER with the Purchaser or MTNL or such other person or persons contracting through MTNL. IN WITNESS WHEREOF the parties hereto have caused this Agreement to be executed through their respective authorized representatives on the day and year first above written. Signed and Delivered for and on behalf of Mahanagar Telephone Nigam Limited. By____________ Signed on behalf of M/s.___________________ By Shri _______________ holder of General Power of Attorney dated__________ executed in accordance with the Resolution No. Nil dated _____________ passed by Board of Directors. In the presence of: Witness: -------------------******** shall use their best efforts in good faith and best intention to resolve mutual negotiation and consultation and shall settle amicably any may arise or relate to this agreement or a breach thereof. Pending a dispute, the supplier shall continue to fulfill its obligations under this
17.3 17.4
17.5
18.
28
ANNEXURE-V
THE AGREEMENT BETWEEN MAHANAGAR TELEPHONE NIGAM LIMITED (MTNL) AND M/s. ., THE VENDOR OF EQUIPMENT, PRODUCTS AND SERVICES FOR ADDRESSING SECURITY CONCERNS. Reference: T.E. No Purchase Order No.
29
THIS AGREEMENT made on this ......... day of ......... 20--, between Mahanagar Telephone Limited a company incorporated under the Companies Act, 1956 and having its registered office at 12th Floor, Jeevan Bharti Tower-I, 124 Connaught Circus new Delhi-110001hereinafter called " MTNL" (which expression shall, unless it be repugnant to the context or meaning thereof, be deemed to mean and include its successors and assigns)and M/s. , a company incorporated under the Companies Act, 1956 and having its registered office at ......... hereinafter called "vendor" (which expression shall, unless it be repugnant to the context or meaning thereof, be deemed to mean and include its successors and assigns) . Both the parties combinedly referred to as Parties.
WHEREAS MTNL engaged in providing telecommunication services in license area of Delhi and Mumbai has invited a Tender vide T.E. No. --------------------------------for procurement of -------------------------------------------
WHEREAS the vendor submitted its bid against the said tender agreeing to all the terms and conditions of tender . Upon being considered as successful bidder the Purchase Order No. --------------------------------------has been placed on the vendor.
WHEREAS the vendor agrees to supply, install, commission and hand over the equipment as per the scope, specifications and quality requirements specified in the Tender/ Purchase Order. The vendor agrees to supply the equipment and services ensuring that it is free from any security threat .
30
NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:
Terms and Conditions (i) With a view to help and address the business continuity, communication, security and security management of MTNLs networks in respect of equipments / products/ software/services, the parties hereto are desirous of recording the terms and conditions as set forth in this Agreement. This Agreement would be read in conjunction with the respective contractual agreements the MTNL and the Vendor, which they have for the supply of Equipments/Products and Services. In case of any conflict, the conditions of this agreement shall prevail.
(ii)
31
1.
Definition of Terms and expressions Unless the context otherwise requires, the different terms and expression used shall have the meaning assigned to them for the purpose of this agreement in the following paragraphs: e. Access - interconnection with MTNL Systems or access to or use of MTNL Information stored on MTNL Systems through interconnection with MTNL Systems or access to or use of MTNL Information stored on Vendor Systems or access to or use of MTNL Information stored in any mobile device. f. Authorised - MTNL has approved Access as part of the authorisation process and the Vendor Security Contact has a record of this authorisation. Authorisation shall be construed accordingly. g. Commencement Date and End Date means the date the agreement is executed and the date when the validity or term of this contract ends or terminated. h. Contract Personnel means dedicated resources of the Vendor in terms of employees, subcontractors including employees of sub contractors and agents including agents sub contractors and their employees engaged for the purpose of this Agreement. i. NAIF means Network Authorisation and Interconnect Facility is a procedure for registration of global network interconnect between MTNLs and external companies. Sensitive Information means any MTNL Information marked as classified as per MTNLs data classification policy or deemed business critical. This also includes any other data, or element of information, notified as such by the Government (e.g. IT Act 2000).
j.
k. Security Standards means all the relevant contemporary standards associated with national and international security standard related to IT & Telecom equipment hardware and software and those related to information & communication security, including but without limitation to ISO 27000 series, ISO/ IEC 15408, 3GPP, 3GPP2, WiMAX etc. and as evolved from time to time. l. Subcontractor- any person, partnership or corporation with whom the Vendor places a contract and/or an order for the supply of any equipment, item, service or for any work in relation to the purpose of this Agreement. "Subcontract" shall be construed accordingly.
m. Supplies means all components, materials, plant, tools, test equipment, documentation, hardware firmware, Software, spares parts, services and all the things & items to be provided to MTNL pursuant to the Agreement together with all Information and Work the Agreement requires to be supplied or performed for MTNL. n. Term means the term of this Agreement from the [Commencement Date] to [End Date].
32
o. MTNL means Mahanager Telephone Nigam Limited, a Telecom Service Provider licensed under section 4 of Indian Telegraph Act 1885 by the Licensor, Department of Telecommunications (DoT), Government of India p. MTNL Group Security means the security organisation based within the MTNL q. MTNL Information means all data including data, text, image, sound, voice, codes, circuit diagrams, core & applications software and database, intellectual property as well as personal, public, operational and services data in MTNLs custody which is and /or received which are supplied/ shared with Vendor for the purpose of this Agreement or are obtained by the Vendor on behalf of MTNL. r. MTNL Items - all items provided by MTNL to the Vendor and all items held by the Vendor which belong to MTNL. s. MTNL Regulatory Contact means incharge of MTNL Regulatory Operations or such other person whose details shall be notified by MTNL to the Vendor from time to time. t. MTNL Security Contact means incharge of MTNL Security Operations Centre or such other person whose details shall be notified by MTNL to the Vendor from time to time. u. MTNL ,network software between Systems means any MTNL computer, application, databases infrastructure, network elements and appliances, core and applications or such other systems as may be agreed in writing from time to time MTNL and the Vendor.
v. Vendor means who supplies Equipment, Software and/or managed services to MTNL for the purpose of installation, provision, operations and/or maintenance of MTNLs networks. w. Vendor Security Contact means such person whose details shall be notified by the Vendor to MTNL from time to time for such purpose. x. Vendor Regulatory Contact means such person whose details shall be notified by the Vendor to MTNL from time to time for such purpose. y. Vendor Systems means any Vendor owned computer hardware or software, application database or network elements / appliance or such other systems as may be agreed in writing from time to time by MTNL and the Vendor. 2. Scope This Agreement sets out the provisions under which the Vendor will be able to supply equipments and services and be granted Access to MTNL Systems, network, equipments, data and facilities and MTNL Information including Sensitive Information for the purpose of installation, provision, operations and maintenance by the Vendor
33
3.
International Security Standard Certification The Vendor shall have contemporary relevant Security standard certification and shall comply with the provisions of security standards certification w.r.t. Telecom & IT equipment hardware and software and those related to information & communication security management, such as ISO 15408 standards as applicable to IT and IT related products, ISO 27001 for Information Security Management System, standards used by other relevant standard formulation bodies for Telecom equipment like 3GPP, 3GPP2, ITU standard etc or equivalent acceptable international standards or certification.
4. Security Requirements: The vendor shall comply with following security policies: 4.1 GENERAL 4.1.1 The Vendor shall be Authorised to access only MTNL Systems and Informations in accordance with the provisions of this Agreement and only during the term of this Agreement. 4.1.2 The Vendor shall identify to MTNL details of Vendor Security Contact at the Commencement Date who will act as a single point of contact for MTNL, such as a senior manager or CIO responsible for security, for any security issues. This responsibility shall be detailed within his/her job description. This does not mean that the Vendor shall not be responsible as an organization or company and its management. The vendor security contact shall only be a security cleared Indian national. The security clearance for the security contact will be applied and obtained by the MTNL from the Licensor.
4.1.3 As part of the Authorisation process, details of Vendors Contract Personnel that need Access will be requested by MTNL. The Vendor Security Contact shall at all times ensure that only Contract Personnel who have a need to Access in order to fulfill the purpose of this Agreement are Authorised. This authorization and any changes in the personnel would be notified by the Vendor for the information and for the approval (wherever applicable) of the MTNL. 4.1.4 Pursuant to Clause 4.1.3 above, the Vendor acknowledges that only the Contract Personnel having requisite training are Authorized to access MTNL System.
4.1.5 The Vendor shall have a well defined Information Security policy compliant with ISO/IEC 27001:2005 or have equivalent standards and in line with the MTNLs information security policies and requirements. 4.1.6 The Vendor shall ensure that they have information security organization in place to implement the provisions of MTNLs information security policies. The Information Security responsibilities of all Vendor employees working for MTNL shall be defined and communicated.
4.1.7 The Vendor shall establish and maintain contacts with special interest groups to ensure that the understanding of the information security environment is current,
34
including updates on security advisories, vulnerabilities and patches and ensure that the same is implemented. 4.1.8 The Vendor shall conduct a Risk Analysis and ensure that all risks due to it own and subcontractors operations with MTNL are identified, measured and mitigated as per the MTNLs requirements. The Risk Assessment report is required to be shared with the Chief Security officer/CISO of MTNL. 4.2 PHYSICAL SECURITY
4.2.1 All Contract Personnel including sub contractors and their employees, agents and their employees of the Vendor working on MTNL premises shall be in possession of a MTNL Identification or Electronic Access Control (MTNL ID/EAC) card. This card is to be used as a means of identity verification on MTNL premises at all times and as such the photographic image displayed on the MTNL ID/EAC card must be clear and be a true likeness of the Contract Personnel. If the MTNL has any advanced identity verification systems the same would also apply. MTNL may redefine such verification measures from time to time. 4.2.2 All Contract Personnel including sub contractors and their employees, agents and their employees of the Vendor accessing premises (sites, buildings or internal areas) to fulfil the Purpose, where MTNL Information is stored or processed, shall be in possession of an Identification or Electronic Access Control (ID/EAC) card. This card is to be used as a means of identity verification on these premises at all times and as such the photographic image displayed on the ID/EAC card must be clear and be a true likeness of the Contract Personnel or the Subcontractor or the Vendors employees, subcontractors and agents. If the MTNL has any advanced identity verification systems the same would also apply. MTNL may re-define such verification measures from time to time 4.2.3 The Vendor shall not (and, where relevant, shall procure that any Contract Personnel shall not) without the prior written Authorisation of the MTNL Security Contact connect any equipment, device or software to any MTNL System and where it is not intended to be connected at a point in the MTNL system. 4.2.4 The Vendor shall demonstrate that it has procedures to deal with security threats directed against MTNL or against a Vendor working on behalf of MTNL whilst safeguarding MTNL Information.
4.2.5 The vendor and/or its contract personnel shall not access MTNLs electronic systems without first obtaining the written consent of the MTNL security Contact; 4.2.6 The Vendors Access to sites, buildings or internal areas where MTNL Information is stored or processed, shall be as Authorised and the Vendor and all its Authorised personnel shall adhere to robust processes and procedures to ensure compliance. 4.2.7 The Vendor shall ensure that all MTNL Information, Contract Personnel, Vendor Systems and MTNL Systems and networks used to fulfill the Purpose are logically and physically separated in a secure manner from all other information, personnel or networks created or maintained by the Vendor. Additionally, secure areas in Vendor premises (e.g. network communications rooms), shall be segregated and protected by appropriate entry controls to ensure that only authorised Contract Personnel are allowed access to these secure areas. The access made to these
35
areas by any Vendors personnel shall be audited regularly, and re-authorisation of access rights to these areas must be carried out at least once annually. 4.2.8 The use of digital or conventional cameras, including any form of video camera or mobile phone cameras, of the interior of MTNL premises is not permissible without prior Authorisation from the MTNL Security Contact. Vendor shall ensure that photography or capture of moving image of Vendor areas where MTNL Information is processed or stored shall not capture any MTNL Information. 4.2.9 CCTV security systems and their associated recording medium shall be used by the MTNL/ Vendor either in response to security incidents, as a security surveillance tool, as a deterrent or as an aid to the possible apprehension of individuals caught in the act of committing a crime. As such, these systems shall be authorised by appropriate MTNL Security Contact when used by vendor, and stored images shall be securely held for at least 6 months. Notwithstanding the above, MTNL may object to CCTV surveillance if circumstances deem that such surveillance is inappropriate in relation to the purpose of this Agreement. 4.2.10 The Vendor shall maintain a controlled record of all assigned MTNL physical assets and assigned MTNL Items to them. 4.2.11 The local area surrounding the Vendors facilities at MTNLs premises shall be inspected for risks and threats on a regular basis by the Vendor and such reports made available to MTNL. 4.2.12 The Vendor shall disable the Access immediately if any Contract Personnel no longer require Access or change role for any reason whatsoever or whose integrity is suspected or considered doubtful or as may be notified by MTNL in accordance with clause 4.3.1. 4.3 LOGICAL SECURITY 4.3.1 The Vendor shall notify MTNL immediately if any Contract Personnel no longer requires Access or change role for any reason whatsoever thus enabling MTNL to disable or modify the Access rights. 4.3.2 The Vendor shall maintain systems, which detect and record any attempted damage, amendment or unauthorised access to MTNL Information. 4.3.3 The Vendor shall, implement agreed as well as generally prevalent security measures across all supplied components and materials including software & Data to ensure safeguard and confidentiality, availability and integrity of MTNL Systems and MTNL Information. The Vendor shall provide MTNL with full documentation in relation to the implementation of logical security in relation to Purpose and shall ensure that it has such security as: prevents unauthorized to MTNL Systems; and individuals e.g. hackers from gaining Access
reduces the risk of misuse of MTNL Systems or MTNL information, which could potentially cause loss of revenue or service (and its Quality) or reputation, breach of security by those individuals who are Authorised to Access it; and detects any security breaches that do occur enabling quick rectification of any problems that result and identification of the individuals who obtained Access and determination of how they obtained it.
36
4.4
INFORMATION SECURITY
4.4.1 The Vendor shall not use MTNL Information for any purpose other than for the purposes for which they were provided to the Vendor by MTNL and only to the extent necessary to enable the Vendor to perform as per this Agreement. 4.4.2 The Vendor shall ensure that all information security requirements in this Agreement are communicated including in writing to all Contract Personnel in relation to their role. 4.4.3 The Vendor shall ensure that it operates a proactive strategy to minimise the risk and effects of fraud and other security risks and the Vendor shall maintain processes to monitor such activities. 4.4.4 The Vendor shall ensure procedures and controls are in place to protect the exchange of information through the use of emails, voice, facsimile and video communications facilities. 4.4.5 The Vendor shall use physical and electronic security measures to protect MTNL Systems, MTNL Information and areas where work is undertaken or where Vendor Systems provide Access. 4.5 CONTRACT PERSONNEL SECURITY
4.5.1 The Vendor shall ensure that the MTNL Information provided under this Agreement is used only to the extent necessary to enable the Vendor to perform as per the terms of this Agreement. All Contract Personnel sign a confidentiality agreement either as part of their initial terms and conditions of employment or when they start working in MTNL buildings or on MTNL Systems and MTNL Information. These confidentiality agreements shall be retained by the Vendor and accessible to MTNL. 4.5.2 The Vendor shall deal with breaches of security policies and procedures, including interfering with or otherwise compromising security measures, through a formal disciplinary process. 4.5.3 The Vendor shall provide a 'whistleblower' facility, available to all staff, with all MTNL related issues reported back to the MTNL Security Contact to the extent permissible by the law in a location in India where the Vendor is delivering its Purpose. For the avoidance of doubt, this facility shall be used by the Contract Personnel if MTNLs employee, agent or contractor instructs Contract Personnel to act in an inconsistent manner in violation of the Agreement. 4.5.4 The Vendor shall ensure that in respect to any Contract Personnel assigned to this Agreement; it shall carry out recruitment checks in accordance with the provisions in Vendor Pre-Employment Checks Policy defined by MTNL. 4.5.5 The Vendor shall ensure that all Contract Personnel maintain a clear-desk and a clear- screen policy to protect MTNL Information. 4.5.6 The Vendor shall ensure that an auditable process is developed for the ongoing control and management of Contract Personnel access profiles. 4.5.7 The Vendor shall, and shall procure that any Contract Personnel securely destroy any MTNL Information received in a recorded form from MTNL (or has recorded received MTNL Information), when the Contract Personnels job or role has changed or terminated.
37
4.6
SERVICE CONTINUITY ASSURANCE: Appropriate commercial arrangement should be made by MTNL with vendor to assure the continuity of service by including clauses such as:
4.6.1 The Vendor shall ensure by means of all tools, skills, resources that the services of MTNL remains operational at all times as per Quality of Service parameters laid down by Telecom Regulatory Authority of India. 4.6.2 At the time of termination of contract or as and when required by the MTNL, the vendor shall ensure making over all tools, procedures, documents, softwares, training etc using which MTNL system were maintained operated, analyzed, attended etc, by the Vendor so that MTNL can continue to provide the services. 4.7 ADDITIONAL SECURITY POLICIES
4.7.1 The Vendor shall have documented operating procedures to discharge the security requirements detailed within this Agreement and provide MTNL with access to such documentation in accordance with Access to Vendor systems as stipulated in this agreement. 4.7.2 The Vendor shall notify the MTNL Security Contact immediately of any changes to its Access method through the firewalls, including the provision of network address translation. 4.7.3 The Vendor shall implement a controlled exit procedure in respect of the individual Contract Personnel to ensure the return of any MTNL assets or MTNL Items or MTNL Information in the possession of the individual when any of the Contract Personnel who have Access, leave the employment of the Vendor or are no longer engaged for the purpose of this Agreement. Such controlled exit procedure shall include a written communication by the Vendor Security Contact to MTNL Security Contact of this removal. 4.7.4 The Vendor shall inform the MTNL Security Contact immediately upon its becoming aware of any actual or suspected unauthorised Access or misuse of MTNL Systems or MTNL Information or breach of any of the Vendor's obligations under this Agreement. 4.7.5 The Vendor shall maintain integrity of the software build including upgrades, operating systems and applications from factory to desk. The Vendor shall demonstrate that the software build (both proprietary and off-the-shelf) delivered to MTNL is the same as the software build agreed with MTNL. The software should not have such bugs, which could hamper security in future including any unauthorized leakage of MTNL Information including Sensitive Information. 4.7.6 Self-help systems operated by MTNL shall only be remotely accessible by Authorised contract Personnel.
4.7.7 Any change of location by the Contract Personnel or Vendor for any part of the supply chain or the support centers shall be notified to MTNL immediately. 4.7.8 MTNL may carry out current and future risk assessments and other audits with proactive support from the Vendor on any part of the Vendors supply chain to identify additional risks to MTNL. MTNL may then stipulate additional countermeasures to address any risks. This in no means would reduce the Vendors ultimate obligations and responsibility relating to security
38
4.7.9 No replacement of MTNL System support tools must be undertaken by the Vendor without specific agreement from MTNL. 4.7.10 If MTNL agrees to the Vendors appointment of Subcontractor under this Agreement, MTNL may require that the associated security risks are clearly identified and assessed by MTNL Group Security or the appropriate MTNL line of business security team. This will ensure that any unacceptable security risks are identified and addressed. This in anyway shall not reduce the Vendor from being solely responsible to MTNL for the ultimate obligations to be performed under this Agreement and responsibility relating to security. 4.7.11 Where MTNL has approved Vendors use of Subcontractors, formal contracts containing all necessary security requirements shall be put in place between the Vendor and its subcontractor before the Subcontractor or its personnel can access MTNL Systems and MTNL Information or occupy space in MTNLs buildings or space in the Vendors building that is used to access, hold or process MTNL Information. 4.7.12 MTNL may update from time to time, security related policies, guidelines, standards and requirements. MTNL will incorporate such updates by reference which shall be notified in writing by MTNL to the Vendor promptly. The Vendor is deemed to accept all the updates. If the Vendor has an issue with such updates, the Vendor shall promptly detail its concerns to MTNL in writing. If MTNL cannot agree on resolution of the Vendors issues promptly, MTNL reserves the right to revoke the Vendors Authorisation and terminate this Agreement. 4.7.13 The Vendor shall record and maintain detailed information of all Contract Personnel who are authorised to Access MTNL Systems or MTNL Information. 4.7.14 The Vendor shall ensure that all computers or laptops used to access MTNL Systems and MTNL Information have their ports locked down such that removable storage media (memory sticks, removable hard drives, compact flash and secure digital cards, floppy disks, CDs, DVDs, MP3 players and other similar devices) cannot be connected. 5. Access to MTNL Systems 5.1 MTNL allows (so far as it can and is able to do so) the Vendor, to have Access solely for the purpose as contemplated herein during the term of this Agreement. 5.2 In relation to Access, the Vendor shall (and, where relevant, shall procure that all Contract Personnel shall): a) ensure each individual Contract Personnel has a unique user identification and password known only to such user for his/her sole use. b) ensure Contract Personnel never share user identification, passwords or security tokens. c) promptly provide to MTNL such reports as MTNL shall from time to time require concerning the Vendors use and security of Access and any related matters to Access. d) ensure that physical access to fixed computer equipment having Access or storing MTNL Information is solely with smart or proximity cards (or equivalent security systems) and Vendor conducts regular internal audit to ensure compliance with these provisions.
39
e) ensure onward bridging or linking to MTNL Systems is prevented unless authorised by MTNL. f) use all reasonable endeavors to ensure no viruses or malicious code like malware, spyware, key logger, bots (as the expressions are generally understood in the computing industry) are introduced, and that there is no corruption or modification or compromisation of MTNL Systems or MTNL Information. This should un-doubtedly ensure that nothing results in denial of Service, interruption of Service, outages, reduction or compromise in quality and efficiency of Service, leakage or stealing of MTNL Information, interference with mandated lawful interception policy, methodology & provisions, enhance risks of attacks, overbilling, frauds or any other aspect that compromises the security of all the stake holders including the Government, users, MTNL etc. g) use reasonable endeavours to ensure that personal files which contain information, data or media with no relevance to the purpose, are not stored on MTNL building servers or MTNL centralised storage facilities or MTNL Systems. 5.3 If MTNL has provided the Vendor with Access to the Internet/Intranet, the Vendor shall, and shall ensure that the Contract Personnel, access the Internet/Intranet appropriately. It is the Vendors responsibility to ensure that practical guidance on internet and email abuse (as amended) is communicated to the Contract Personnel from time to time. The Vendor shall ensure that all Contract Personnel, subject to the Clauses headed Regulatory Matters and Confidentiality comply with Classifying and Handling of Information. Any security software procured by the Vendor shall be used by the Vendor without modification, unless there is an essential need to do so, in which case appropriate controls shall be applied and the agreement of MTNL Group Security sought. Access to Vendor Systems If Contract Personnel is granted Access to Vendor Systems having bearing on MTNL data, information or network, the Vendor shall: a) Ensure each individual has a unique user identification and password known only to such individual for his/her sole use. b) promptly provide to MTNL such reports as MTNL shall from time to time require,, concerning the Vendors use and security of access to Vendor Systems. c) Allow Access only to the minimum extent required to enable the Contract Personnel perform their duties. d) Allow Access using a secure login process. e) Establish and implement formal procedures to control the allocation and deallocation of Access rights. f) Ensure that the allocation and use of enhanced privileges and access to sensitive tools and facilities in Vendor Systems are controlled and limited to only those users who have a business need. g) ensure that the allocation of user passwords to Vendor Systems that hold or access MTNL Information is controlled through a formal auditable management process. 40
5.4
5.5
6 6.1
h) Conduct regular reviews of user ids and their Access rights. i) Provide processes to demonstrate that remote and home working activities are only permitted where Authorised by MTNL and subject to appropriate security controls within the Vendors organisation including but not limited to remote Access by users being subject to strong authentication. j) Demonstrate that users follow security best practice in the management of their passwords. k) Implement a password management system which provides a secure and effective interactive facility that ensures quality passwords. l) Ensure that user sessions are terminated after a defined period of inactivity. m) Ensure that audit logs are generated to record user activity and securityrelevant events and securely managed and retained with nil ability on the part of the Vendor to allow any un-authorised access or amendment to the audit logs. Such audit logs must be maintained for future reference for a period of at least one year. n) Ensure that monitoring of audit and event logs and analysis reports for anomalous behaviour and/or attempted unauthorised access are performed by Vendors staff independent of those users being monitored. o) Make available audit logs where required by MTNL for review. p) ensure all systems holding, processing or accessing MTNL Information shall be hardened to MTNL standards (Note to Buyer: If in doubt, please contact MTNL Security). q) ensure that to the extent possible, development, test and live environments are segregated from each other and the other work areas in Vendor buildings. r) Implement controls to detect and protect against malicious software and ensure that appropriate user awareness procedures are implemented. s) Ensure that Vendor has in relation to all Vendor Systems formal security incident management procedures with defined responsibilities. t) ensure that any unauthorised software is identified and removed from Vendor Systems holding, processing or accessing MTNL Information. u) Ensure that Access to diagnostic and management ports as well as diagnostic tools are securely controlled to MTNLs reasonable satisfaction. v) Ensure that Access to Vendors audit tools shall be restricted to Relevant Contract Personnel and their use is monitored. w) Ensure that data gathered after running audit tool is properly protected. x) Perform enhanced independent code reviews (including penetration testing) on all Vendor Systems. 6.2 The Vendor shall demonstrate to MTNL that Contract Personnel who hold and use the Information on PCs and mobile computing devices are responsible for ensuring that the PCs and mobile computing devices are protected from unauthorised access. Consideration must be given to whether Sensitive Information must be stored on mobile computing devices. All Sensitive Information shall be encrypted if stored on a mobile computing device or in the event of any transmission of Sensitive Information by Contract Personnel outside of MTNLs trusted network. Laptops and PCs containing Sensitive Information shall have the whole of the disk encrypted. Devices that do not allow
41
whole-disk encryption such as memory sticks, CD/DVDs, shall be subjected to additional controls such as: (a) Use of file encryption, where available; or (b) Use of application password facilities; and (c) Where the device is "pocket-sized", it must be kept with the owner at all times. Black-berry mobile phones and other such devices which use proprietary encryption technique should not be used for holding MTNL information. 6.3 To the extent the servers are used to fulfill the purpose of this Agreement, Vendors servers shall not be deployed on un-trusted networks without appropriate security controls. Changes to individual Vendor Systems shall be controlled and subject to formal change control procedures. All documentation relating to Vendor Systems shall be protected from unauthorized Access or amendment. Security procedures and controls shall be used to secure equipment holding, accessing or processing MTNL Information in Vendor Systems. Conditions for Equipment Vendors: Conformance to Security Standards and Policies: The vendor shall ensure and certify that the supplied equipment has been subjected to penetration testing and all addressable vulnerabilities have been mitigated and the equipment is Safe to Connect in the Telecom Network as per the latest standards and recommendations on the subject from ITU/ISO/IETF/IEC etc. It will also include that the equipment confirms to the security policies of the MTNL with respect to network elements. This applies to all telecom network elements and IT equipment used in the network. The vendor shall also ensure that the equipment supplied has all the contemporary security related features, facilities, hardware, software etc for the purpose of Interception, Monitoring, Analysis etc for use by the Law Enforcement Agencies and provide complete information to enable these features and facilities before the supply of the equipment or the procedure of enabling these, if these are to be enabled after the commissioning of the Network. The Vendor shall also submit a test report on these features and facilities and also a certificate that all contemporary features and facilities of this category exist in the equipment supplied. 7.2 Submission of Test Reports:
6.4
6.5
7. 7.1
7.2.1 General: A report of the tests conducted with results of the tests conducted and mentioning areas where vulnerability exists and what precautions are to be taken by the MTNL to minimize the effect of such vulnerabilities. For this purpose additional requirements may be provided in the Solution Designs. Compliance statements should be made against the relevant Security Standards and where practicable, tests performed to demonstrate compliance.
42
7.2.2 Port Enumeration Port and protocol scans must be conducted with reference to the network design, proving that management protocols are only accessible via management interfaces, and control plane protocols are only accessible via control plane interfaces. All interfaces where the network element can be identified (where it would be possible to respond to a PING request or appear in a route trace) must be tested. If the interface switches/routes traffic transparently or is not IP based then that interface need not be scanned. Scans should be performed with all Access Control Lists (ACLs) first disabled, so as to give a clearer view of which ports/services are active, and then enabled, to demonstrate what is normally visible. Tests should detail: Which addresses were scanned (management, interface). All open, open/filtered and closed/filtered ports Detail why ports which are open are required.
Port scan may be performed using latest version of n-map or any other open source software tool. 7.2.3 IP Vulnerability Scanning Service vulnerability audits must be conducted with reference to the results of the port/protocol scans and the network design. The audit should detail: Low, medium and high risk vulnerabilities so that risk assessments can be made and fixes implemented where necessary List any mitigation to medium and high risk.
7.2.4 Compliance to AAA Design Where a Network Element supports either RADIUS or TACACS+ for authentication, authorization and accounting of user accounts compliance to the MTNL AAA Design should be confirmed and demonstrated and test report submitted. 7.3 Equipments Configuration Guide Two sets of equipment configuration guide should be supplied which detail the configuration required to meet the policies in the standards at least in respect of following: Network Element security policies: Generic OS Technical Standard for Switches and Routers Management Standard for Switches and Routers
43
7.4
Additional Security Tests for Telecommunication Equipments i) A report must be submitted in respect of following additional tests. i. Firmware inspection i. Basic validation of physical device integrity at least in respect of following Core network elements i) ii) iii) Main GSM Network peripherals (BSC, PCU, MSC/VLR, HLR, SGSN, GGSN) Main CDMA Network peripherals (BSC, MSC, GMSC, PCF, PDSN) Billing Systems & Servers for both GSM and CDMA network
ii) A test report on workstation Configuration & Integrity in respect of the following: i. ii. 7.5 Administrators workstations and lab stations User workstations
A report on the susceptibility to the attacks on mobile networks: Mobile Network like GSM equipment and its network are susceptible to several attacks. A few of the known attacks with their description are given in Appendix II. The vendor must submit a report categorically stating that out of these attacks or any other attack to which the equipment and the network is susceptible, the degree of risk of each type of attack and mitigation technique to deal with these attacks. The vendor will ensure that whatever mitigation was possible as per the current available technologies, techniques, configuration have already been used and adopted by them before the supply of the equipment. Similarly, for the CDMA Network Managers it may be re-ensured that the security features such as OS hardening, user access and operation audit, privilegebased user groups, centralized authentication, user profile and group management, customer plug-ins for authentication and secure remote access with IP Security Protocol (IPSec) and other capabilities in upgrading releases as well have been provided. Subscriber authentication to protect the infrastructure and to prevent unauthorized access to network resources: CDMA 1X access authentication is accomplished by means of a authentication signature that is verified by the networks databases of user information. The Home Location Register and Authentication Center as well as 1xEV-DO algorithm in OTASP to exchange keys between the mobile device and the Access Node-Authentication Authorization Accounting (AN-AAA) server should be thoroughly tested by the Vendor and reported. The authentication key exchange protocols ensures the identity of the mobile device. For CDMA2000 1X data sessions and EV-DO, including the Challenge Handshake Authentication Protocol (CHAP) or upgraded equivalent by the Packet Data Serving Node-Authentication Authorization Accounting (PDSN-AAA), server should not be compromised in any case and the tests reported.
44
7.6
Security from Malware: There are no known cases of malware disrupting telecom services, yet. However, malware can cause information leaks and can result in the leak of private user information. However, some viruses, worms and Trojans can infect devices and spread malware via text messages or Bluetooth connectivity. This network-based service will also block Denial of Service attacks and restrict network traffic based on source, destination, IP ports and applications. It will also allow enterprise IT managers to lock and/or delete data on lost or stolen devices. The connectivity could affect platforms if adequate firewalls, IDPs are not strong. Therefore vendors would provide adequate firewall and IDPs and submit a certificate in this regard.
7.7
Cryptography Related Security Issues: Vendors will take suitable measures to deal with cryptography related vulnerabilities and submit a report of the measures along with a certificate that they have taken adequate measures to deal with these vulnerabilities. i. ii. Attacks on COMP-128 algorithm Compromised cipher key
iii. Key recovery allowing SIM cloning iv. Hijacking outgoing calls in networks with encryption disabled v. Hijacking outgoing calls in networks with encryption enabled vi. Hijacking incoming calls in networks with encryption disabled vii. Hijacking incoming calls in networks with encryption enabled viii. Suppressing encryption between the target user and the intruder ix. Suppressing encryption between target user and the true network 7.8 Data Flow Attacks Many sophisticated attacks disguise themselves in data flows across sessions and ports the more traffic there is, the harder it is to identify the threats. Vendors may ensure that they are aware of this and take adequate steps to make it future proof and submit compliance on the same. 7.9 Additional Interfaces Many of the problems in the Data intensive infrastructure may come to increased number of interfaces additionally for Data than those were present for voice only initial 2G systems, hence, infra vendors must give special attention to interfaces and their related vulnerability. Such vendors may ensure that they provide additional notes that they have taken care of the same and the test mechanism and methodology adopted by them with adequate evidence. Some of these interfaces are listed below: Gi: Exposed to Internet and corporate networks
45
Gp: Primary interconnection pt. between operators n/w and un-trusted external networks Gc: Allows access (via HLR) to key user info. from remote network during roaming Vulnerable Interfaces Gi: Exposed to all threats from Internet: viruses, DoS, and malicious network traffic Gp: Connection hijacking, overbilling from a roaming network during handover Gn: Not encrypted by default 7.10 Security Against Remote Access: The vendor shall submit a written undertaking to the MTNL clearly identifying all possible means of remote control/ remote access/remote command and control in the supplied equipment as well as suitable mitigation means to close such access mechanisms. NOTE: The security related test listed here in the sample template are not exhaustive and are indicative. The list is a guideline to the provider to verify that the vendor has tested against the vulnerabilities and reported the outcome of the tests in a comprehensive test report made available to him. All required security related tests as available and applicable must be performed. 7.11 Software and Hardware Design Surety; The following conditions shall be applicable for safety and security of software and hardware design; 7.12.1 The Vendor shall at MTNLs request enter into an escrow deposit arrangement in respect of all Information and documentation in relation to Supplies in respect of Hardware, executable Software/source code/gold build etc, High Level Designs (HLD), Detail Design Documents (DDD), listings and programmers notes) (the Escrow Information) as would enable MTNL to complete any outstanding obligations of the Vendor under this Agreement, including, without limitation, obligations that would have existed (including the requirement to fulfill any orders that MTNL would have otherwise placed under this Agreement) had this Agreement not been terminated by MTNL (other than pursuant to of the Condition headed Termination) before the expiry of its natural term.
7.12.2 Without affecting any other rights it may have, MTNL shall have the right, free of charge, to use the Escrow Information, after its release, in order to use or maintain (including to upgrade) the Software, to modify or have modified the Software, and to authorize such modified Software to or have it maintained by third parties, in case vendor refuse to do so as per contract agreement. 7.12.3 The Vendor shall ensure that the Escrow Information deposited in accordance with para 7.12.1 above is and will be maintained as sufficient to allow a reasonably skilled programmer or analyst to maintain, modify and correct the Hardware and Software without the help of any other person or reference, and the Vendor further undertakes to keep the Escrow Information fully up- to-date throughout the Term.
46
7.12.4 On the occurrence of any event permitting the release of the Escrow Information, the Vendor shall immediately provide, at its cost and expense, to MTNL for a reasonable period, such advice, support assistance, data, information, access to Vendor's personnel or any key personnel of legal owner of the [Hardware and/or] Software for the purpose of understanding, maintaining (including upgrading), modifying and correcting any of the Hardware and/or Software. The softwares and codes written only in ENGLISH language shall be acceptable. The code/softwares shall be proven to be operational and correct version and to be certified that it does not have self- destructing programmes. This may be ensured by using the same at least once for loading the system initially before being deposited. The MTNL may engage the service of any escrow service agency if it opts for escrow arrangement. In such case it would be mandatory to avail the service of Indian agency, if available. Alternatively, if the vendor is not agreeing for ESCROW arrangement then the following has to be provided by the vendor to MTNL, without any additional cost: Gold software copy or the Executable copy of the software Dumb hardware can be loaded with software by the MTNL or under the supervision of MTNL from Gold software copy or from the executable copy after checking that hardware is free from any software and ensuring that there are no harmful malware into the hardware. Upgradation of software for a minimum period of seven years from the date of commissioning of the equipment Design of network in digital form and/ or in hard copy Penalty: If any Security breach is detected in the equipment supplied by the vendor due to inadvertent inadequacy (ies) in precaution and because of which a penalty is imposed by the licensor (Deptt of Telecom, Govt of India), then MTNL shall pass on the penalty on the vendor. The vendor shall be liable to pay this penalty. In case of act of intentional omissions, deliberate vulnerability left into the equipment or in case of deliberate attempt for a security breach, penalty amount will be Rs. 50 Crore per breach. The same breach in the same equipment purchased through same Purchase Order or in the same lot or the same negligence at the same time at multiple locations in MTNLs network will be considered as a single breach for the purpose of levying penalty under this clause. The vendor shall be liable to pay this penalty amount within 15 days from the date of issue of notice by MTNL in this regard. Besides the penalty, liability and criminal proceedings under the relevant provisions of various Acts such as Indian Telegraph act, Information Technology Act, Indian Penal Code (IPC), Criminal Procedure Code(Cr PC) etc can also be initiated against the vendor. In case of inadequate measures, act of intentional omissions, deliberate vulnerability left into the equipment or in case of deliberate attempt for a security
7.13 a)
b)
c)
d)
47
breach, the Licensor(Deptt of Telecom Govt of India) or MTNL may at its discretion blacklist the vendor/ Manufacturer of the equipment (Hardware/Software) from making any supply deals with Indian Operators. e) The vendor shall furnish a Security Bank Guarantee (SBG) in the format provided in Annexure-VI at the time of Acceptance of APO from a scheduled Bank for the value of the Advance Purchase Order initially valid for 3 years and the same shall be extended time to time till the scrapping/de-commissioning of the equipment. f) In case of any security breach, the SBG shall be encashed by MTNL. The SBG shall be released after scrapping /de-commissioning of the equipment. g) In the event of forfeiture of the existing Security Bank Guarantee submitted by the Vendor/Supplier under the provisions of the Agreement for security concerns, the Vendor/Supplier shall submit a fresh SBG of the same amount and validity. 7.14 Inspection: The Vendor/Supplier shall allow MTNL, Licensor (Deptt of Telecom Govt of India) and/or its designated agencies to inspect the hardware, software, design, development, manufacturing facility and supply chain and subject all software to a security/threat check at the time of procurement of equipment and upto two more times every year until the supplies under the contract have been completed, at the time of discretion of MTNL. All the documents should be in English and handed over to the visiting team at least 4 weeks ahead of the visit. 7.15 Language of Supplies: All the software codes, firmware, operating system, hardware details should be in ENGLISH only. 8 8.1 Data Protection: The Parties acknowledge that, in respect of all Personal Data and processed by the Vendor for the purpose of the provision of Supplies under this Contract, MTNL alone as data controller shall determine the purposes for which and the manner in which such Personal Data will be processed by the Vendor. Other than at MTNL's request, or where required by law to provide the supplies, the Vendor shall not disclose or allow access to any Personal Data other than, subject to Paragraph 8.4(f) to a person placed by the Vendor under the same obligations as contained in this Condition who is employed or engaged by the Vendor or within the control of the Vendor in the performance of the Contract. The Vendor shall not use Personal Data for any purpose other than the provision of the Supplies and shall return any Personal Data to MTNL immediately upon request at any time providing such return does not prevent the Vendor from fulfilling its obligations under this Contract. The Vendor shall retain Personal Data no longer than is necessary for the provision of the Supplies, in accordance with the relevant Data Protection Legislation and such instructions as MTNL may provide from time to time. Upon expiry or termination of this Contract for whatever reason, the Vendor shall immediately return to MTNL all Personal Data and certify that no copies have been made or retained by the Vendor or any third party acting on its behalf.
8.2
8.3
48
8.4
The Vendor shall: (a) (b) process Personal Data only on the instructions of MTNL and to the extent necessary for the performance of this Contract; and not modify, amend or alter the contents of the Personal Data except as required or permitted by this Contract or with MTNLs prior written consent; and implement the appropriate technical and organisational measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of processing, which measures are set out in more detail in Condition headed Security of Information and provide to MTNL a written description of the measures taken when requested by MTNL; and comply with all relevant provisions of any MTNL codes of practice notified to the Vendor from time to time and the Data Protection Legislation; and keep all Personal Data secure and confidential, act only on MTNL's instructions with respect to it, and comply with such further reasonable requirements from time to time of MTNL for the security of it; and ensure that, of the Vendors staff, only those of the Contract Personnel who need to have access to the Personal Data are granted access to the Personnel Data only for the purposes of the performance of this Contract and the Contract Personnel are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Condition; and notify MTNL forthwith, and in any event, no later than 12 hours from the time it comes to the Vendors attention, that Personal Data transferred by MTNL to the Vendor has been the subject of accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, or any other unlawful forms of processing; and notify MTNL in the event that it receives a request or notice from any data subject to have access to that persons Personal Data held by it and will provide MTNL with full co-operation and assistance in relation to any complaint or request including providing MTNL with any relevant Personal Data it holds within the timescales provided by the request or notice or as otherwise required by MTNL.
(c)
(d) (e)
(f)
(g)
(h)
8.5
In respect of Transfer of Personal Data the following conditions shall apply: (a) (b) obtain MTNLs prior written consent before transferring Personal Data to any Subcontractors in connection with the provision of the Supplies; prior to any Transfer of Personal Data, enter into or procure that any Subcontractor delivering the Supplies will enter into contracts for the transfer of personal data. In respect of Personal Data transferred by MTNL to the Vendor or acquired by the Vendor from MTNLs systems to a country outside 49
of India shall be on the basis of the Legislation issued by the Indian Government, or such other data protection model contract terms as may be agreed between the Parties from time to time, except where the relevant Data Protection Legislation provides for a derogation from this requirement. 8.6 Any breach of this Condition by the Vendor shall be deemed to be a material breach of the Contract and the Vendor shall indemnify MTNL against any costs, losses, damages, proceedings, claims, expenses or demands incurred or suffered by MTNL which arise as a result of such breach. The Vendor shall, upon MTNL giving reasonable notice, allow MTNL or its nominated representatives such access to its premises, Information and records and those of its agents subsidiaries and sub contractors, as may be reasonably required by MTNL from time to time to assess the Vendors and/or Contract Personnels compliance with this Condition. Regulatory Matters The Vendor shall (a) comply with all Regulatory Matters including, without limitation, any actions that MTNL may require in connection with any Regulatory Matter, that are notified to the Vendor Regulatory Contact from time to time by the MTNL Regulatory Contact in so far as they relate to the performance of the Contract by the Vendor; within 14 days of the Commencement Date, ensure that the Vendor Regulatory Contact contacts the MTNL Regulatory Contact to establish the nature and extent of communication between them, which assist them in meeting all regulatory requirement as set by licensor or Sectoral regulator or any other person nominated by Licensor. ensure that the vendor and its Contract Personnel have undergone the proper and adequate Training for the purpose of execution of this agreement; promptly provide such information to MTNL as shall be necessary for MTNL to respond fully and to the timescale required to any request or requirement for information from a government or any regulatory authority, to the extent that such information relates to the performance of the Agreement by the Vendor; and permit MTNL and/or its authorised agents such access to the Vendor's premises and such Access to and copies of its Information and Records (and to and of those of any Contract Personnel) as is required by MTNL to assess and/or validate the Vendor's performance of its obligations under or in relation to this Clause.
8.7
9 9.1
(b)
(c)
(d)
(e)
10 10.1
Confidentiality In this Clause, MTNL Information which MTNL from time to time identifies to the Vendor as being commercially confidential, or is by its nature commercially confidential or defined by MTNL as confidential, or confidential as per the applicable law.
50
10.2 10.3
Except with MTNL's agreement, the Vendor shall not disclose Information to any MTNL employee, not authorized to receive Subject to the Condition headed Intellectual Property, either party receiving Information ("the Recipient") from the other shall not without the others prior written consent use such Information except for Contract purposes or disclose such Information to any person other than MTNL's employees, agents and contractors or Contract Personnel who have a need to know and who are bound by equivalent obligations of confidentiality. Any breach of such obligations by Contract Personnel or MTNL's employees, agents or contractors (as the case may be) shall be deemed to be a breach by the Vendor or MTNL respectively. Paragraphs 2 and 3 of this clause shall not apply to Information that is: (a) (b) (c) published except by a breach of the Contract; or lawfully known to the Recipient at the time of disclosure and is not subject to any obligations of confidentiality; or lawfully disclosed to the Recipient obligations of confidentiality; or by a Vendor without any
10.4
(d)
replicated by development independently carried out by or for the Recipient by an employee or other person without access to or knowledge of the Information.
10.5
The Vendor shall not publicise this Agreement without MTNLs prior written consent and shall ensure that any subcontractor is bound by similar confidentiality terms to those in this clause.
10.6 Either party that has during the course of this Agreement received Information in a recorded form from the other (or has recorded received Information) shall return or destroy in a complete irrecoverable mode (at the option of the disclosing party) such records upon: (a) expiry or termination of this Agreement; or (b) upon earlier request unless such records are part of the Supplies. 10.7 11. This clause shall survive termination / expiry of this Agreement. Intellectual Property Each Party will retain its right, title and interest in its respective trademarks, service marks and trade names as well as rights in respect of any patent, copyright, trade secrets or other intellectual property used during the performance of this Agreement. Both Parties recognise that except as otherwise expressly provided herein or agreed between the Parties, they shall have no right, title, interest or claim over the others intellectual property.
51
12.
Security Review The Vendor shall: (a) give to (or procure the giving to) MTNL (or any person authorised by MTNL) such access at all reasonable times to the Vendors and any Subcontractors records and premises related to this Agreement as MTNL may require from time to time to assess the Vendors compliance of these policies in this Agreement; and such assessments may include assessments of all elements of physical and logical audits, penetration testing of the Vendors Systems. The Vendor shall facilitate this assessment by permitting MTNL to collect, retain and analyse information to identify potential security risks including trace files, statistics, network addresses and the actual information or screens accessed or transferred; and provide such reports to MTNL and attend such meetings as may be reasonably required by MTNL.
(b)
(c) 13. 13.1
Induction of Security Certified Equipments: The MTNL shall induct only those network elements into its telecom network which have been got tested as per relevant contemporary Indian or International security standards e.g. IT and IT related elements against ISO/IEC 15408 standards, for information security management system against ISO 27000 series standards, telecom and Telecom related elements against 3GPP security standards, 3GPP2 security standards etc. from any international agency / labs of the standards e.g. common criteria labs in case of ISO/IEC 15408 standards till 31st march 2013. From 1st April 2013 the certification shall be got done only from authorized and certified agencies /labs in India. The vendor shall supply the certified equipments only as per above criterion. The copies of test results and test certificates for the supplied equipments shall be submitted by the vendor along with the each lot of equipment supply. The vendor shall include all contemporary security related features and features related to communication security as prescribed under relevant security standards while supplying the equipment and implement all such contemporary features into the network. A list of features, equipments, software etc. procured and implemented shall be provided by the vendor to MTNL, which may be subjected to inspection and testing by the licensor at any time, in the network or otherwise, at the option of the Licensor. Network Audit, Test And Certification: The process of networks Audit and certification shall be performed by Third Party/Parties to include following activities: (I) Network forensics to identify existing unwanted running processes\ malwares\ backdoors etc. on all networks' elements. The operation includes sniffing of live traffic to identify unwanted redirection and interception of traffic. Network Hardening to map all networks elements and to calibrate
13.2
14.
(II)
52
them to optimized secured state. Network penetration test to assure system durability against any kind of attack. (IV) Risk assessment to understand what actions should be taken to minimize future damage to carrier and what risks are inevitable. (V) Actions to fix found problems by setting systems to default or acquiring relevant IT Security technologies to prevent such problems from reoccurring. (III) The MTNL may engage the services of any 3rd Party Network Audit and Security Certification agency as specified DoT from time to time or any other suitable agency. 15 The Vendor shall ensure the following supplying and further maintenance of the equipments: a. b. c. Ensure that all the documentation including software details are obtained from manufacturer / supplier in English language. Keep a record of operation and maintenance procedure in the form of a manual. Necessary provisions to keep a record of operation and maintenance command logs for a period of 12 months , which should include the actual command given, which gave the command, when was it given with date and time and from For next 24 months the same information shall be stored / retained in a non-online mode. For this purpose licensee shall keep a list of User ID linked with name and other details of the user duly certified by the system administrator. The user list shall be provided to licensor or agencies designated by the Licensor as and when required. Necessary provisions to keep a record of all the software updation and changes. The major updation and changes are required to be informed to licensor within 15 days of completion of such updation and changes. Provide Information to keep a record of supply chain (manufacturer /vendor/supplier) of the products (Hardware/software) as per the format given in Appendix-1. Comply with the conditions of Remote Access (RA). The vendor/supplier will allow the MTNL, Licensor/DOT and /or its designated agencies to inspect the hardware, software, design, development, manufacturing facility and supply chain and subject all software to a security/threat check any time during the supplies of equipment. The number of such visits will be limited to two in a purchase order. The vendor shall make necessary arrangement for such inspection visit in the manufacturer/ vendor/ suppliers premises for upto 40 man days per visit. However, the traveling expenditure including boarding/ lodging of the inspection team shall be borne by MTNL. While fulfilling the warranty and AMC obligations, the vendor shall build its own capability and capacity to maintain and operate the network, preferably through local maintenance personnel, because the telecom network is a security sensitive infrastructure. Location Details: The vendor shall provide location details of mobile customers in the license service area as per below mentioned time frame from the date of issue of this accuracy. It should be a part of CDR in the form of longitude and latitude,
d.
e.
f. g.
h.
i. (a)
53
besides the co-ordinate of the cell sites, which is already one of the mandated fields of CDR. Accuracy in Percentage : Distance in Urban Sub-Urban and rural Meters More than 1 Million mobiles in a municipal limit 1 Year 2 Years 1 Year* 2 Years 3 Years 50 100 300 500 30 60 80 50 75 95 50 60 50 60 70 60 70 80 50 60 60 70
Remote
2Years
3 Years
* Applicable for the state of J&K , Assam and NE region. (b) To start with, these details will be provided for specified mobile numbers. However, within a period of 3 years location details shall be part of CDR for all mobile calls. Note1: Depending upon the technological development the limits of accuracy could be modified any time in future. 16 16.1 Investigation: If MTNL believes that there has been a breach by the Vendor of the provisions of this Agreement, MTNL will inform the Vendor Security Contact. The Vendor shall cooperate with MTNL fully in any ensuing investigation. The Vendor shall provide list of users who have had access to MTNL Systems and MTNL Information to MTNL and/or any law enforcement agency. MTNL shall have access to the Vendor Systems and MTNL Information in the Vendors premises generally with prior notice but include the right to make unannounced visits. The Vendor shall report to MTNL Security Contact promptly of any potential misuse of MTNL Information or improper or unauthorised access to MTNL Systems and MTNL Information. Upon request, the Vendor shall promptly provide to MTNL a written report with details of the potential misuse of MTNL Information or improper or unauthorised access to MTNL Systems and MTNL Information, a remedial plan and a timetable for achievement of the planned improvements and steps to be taken to avoid the repeat of the potential misuse of MTNL Information or improper or unauthorised access to MTNL Systems and MTNL Information. Please see note at the end of the clause 16. If any audit or investigation reveals that there is a potential risk to the confidentiality, integrity or availability of MTNL Information in the Vendors processes or Vendor Systems, Vendor shall promptly correct any security risk in the Vendors processes or Vendor Systems promptly. During investigation, the Vendor shall co-operate with MTNL, providing reasonable access, accommodation, facilities and assistance to all Vendor Systems as
16.2
16.3
16.4
54
reasonably necessary to investigate the breach of the provisions of this Agreement including permitting interview of any sales, engineering or other operational personnel of Vendor. MTNL shall, or at MTNLs request shall instruct the Vendor to, confiscate for evaluation any tangible or intangible asset suspected to have been used for information/ security breach or provide lead to investigation belonging to the Vendor or its subcontractor to aid the investigation. Note: The clause No. 16.1 to 16.4 relates to investigation of all the security aspects and other relevant provisions contained in the earlier paras/clauses. 17 18 Limitation of Liability: The liability(ies) of the vendor shall be as specified in clause 7.13, 8.6 and 18 of this agreement and in the tender. Termination
18.1 This Agreement shall be effective from the date hereof and shall continue to be in full force and effect concurrently with the Vendor agreement ( "Term" ) including warranty and AMC obligations unless terminated earlier by MTNL in accordance with the provisions below. 18.2 The Agreement may be terminated at instance of MTNL. It can also be terminated on directions of the Licensor along with Penalty under the Laws of the land in India in relation to security breaches noticed. Without prejudice to MTNL s rights and remedies under the Agreement , the Vendor shall at its own cost and expense take all steps necessary to rectify the breach/ restore the lost or corrupted MTNL Information to the last back -up and/ or terminate the unauthorised use of or access to the Information to the extent it caused such loss, corruption or unauthorised use of the MTNL Information, due to act of omission or commission on the part of vendor. Law and jurisdiction This Agreement is governed by Indian law and subject to clause 20, Parties agree to the exclusive jurisdiction of the Indian courts where the registered office of the MTNL is situated. 20 Arbitration Any dispute arising out of this Agreement shall be settled and resolved as per the dispute resolution and arbitrations clause agreed between the Parties under the Supply & Services Agreement. 21 Notices All notices, requests, consents, waivers or other communication required or permitted hereunder shall be delivered as per the Notice clause agreed between the Parties under the Supply & Services Agreement.
18.3
19
55
ANNEXURE-VI
SECURITY BANK GUARANTEE
THIS DEED OF GUARANTEE IS MADE THIS DAY OF.between Mahanagar Telephone Nigam Limited (MTNL) (which expression shall unless excluded by all Repugnant to the context include its successors and assigned) of one part and . hereinafter called the Bank (which expression shall unless excluded by all Repugnant to the context include its successors and assigned) of other part. WHEREAS MAHANAGAR TELEPHONE NIGAM LIMITED accepted the tender of M/s. .. (hereinafter called Vendor/Supplier) to provide/supply, install, commission and hand over the equipments to MTNL as per the scope, specifications and quality requirements specified in the Tender Enquiry No..dated and Purchase Order No...dated .. And Whereas MTNL and the Vendor/supplier have entered into an Agreement dated .. (hereinafter referred to as the said Agreement) wherein the vendor agrees to supply the equipments, products and services ensuring that it is free from any security threat. AND WHEREAS THE said Agreement provides that vendor/supplier shall furnish the Security Bank Guarantee to the extent of value of the Purchase Order as and by way of security for the due observance and performance of the terms and conditions of the said Agreement for addressing security concerns i.r.o. the equipments, products and services supplied by the Vendor/Service Provider. AND WHEREAS at the request of the vendor/supplier, the Bank has agreed to execute these presents. NOW THE DEED WITNESSED AND IT IS HEREBY AGREED AND DECLARED BY AND between the parties here to as follows:1. We (Name of Bank). do hereby undertake to pay to the MTNL an amount not exceeding in case any security breach is detected in the equipment, products and services supplied/provided by the vendor/supplier due to inadvertent inadequacy(ies) in precaution or intentional omissions or deliberate vulnerability left into the equipment, products and services or in case of deliberate attempt or any loss or damage caused to or suffered or would be caused to or suffered by the MTNL by reason of any breach by the said Vendor/Supplier of any of the terms or conditions contained in the said Agreement for addressing security related concerns in the equipments, products and services. 2. We (Name of the Bank) .do hereby undertake to pay the amounts due and payable under this guarantee without any demure, merely on a demand from the MTNL stating that the amount claimed is due by way of detection of security breach in the equipment, products and services supplied/provided by the vendor/supplier due to inadvertent inadequacy(ies) in precaution or intentional omissions or deliberate vulnerability left into the equipment, products and services or in case of deliberate attempt or any loss or damage caused to or suffered or would be caused to or
56
suffered by the MTNL by reason of any breach by the said Vendor/Supplier of any of the terms or conditions contained in the said Agreement for addressing security related concerns in the equipments, products and services. Any such demand made on the Bank shall be conclusive as regard the amount due and payable by the Bank under this guarantee where the decision of the MTNL in these counts shall be final and binding on the Bank. However, our liability under this guarantee shall be restricted to an amount not exceeding 3. We undertake to pay to the MTNL any money so demanded notwithstanding any dispute raised by the contractor/supplier/vendor in any suit or proceeding pending before any court or tribunal relating thereto our liability under this present being absolute and unequivocal. The payment so made by us under this bond shall be valid discharge of our liability for payment thereunder and the contractor/supplier/vendor shall have no claim against us for making such payment. 4. The Bank further agrees that the Guarantee herein contained shall remain in full force and effect for a period of THREE YEARS from the date hereof and also that the Bank will further extend this guarantee year by year automatically till the scrapping/decommissioning of the equipments/products provided. Further, if any claim accrues or arises against the Bank before the expiry of the said one year or an extension thereof till the scrapping/de-commissioning of the equipments/products, the same shall be enforceable against the Bank notwithstanding the fact that the same is enforced after the said period of THREE YEARS or any extension thereof. This guarantee will not be discharged due to the change in the constitution of the Bank or vendor/supplier. 5. We ( Name of the Bank) further agree that the guarantee herein contained shall remain in full force and effect during the period that would be taken for the performance of the said agreement and that it shall continue to be enforceable till the scrapping/de-commissioning of the equipments/products or till it is certified by MTNL that the terms and conditions of the said Agreement have been fully or properly carried out by the said contractor/vendor/supplier agency and accordingly discharge this guarantee after the scrapping/de-commissioning the equipments/products. Unless a demand of claim under this guarantee is made on us in writing till the scrapping/decommissioning of the equipments/products, we shall be discharged from all liabilities under this guarantee thereafter.
6. We (Name of the Bank)..further agree with the MTNL that the MTNL shall have the fullest liberty without our consent and without affecting in any manner our obligations thereunder to vary any of the terms and conditions of the said Agreement or to extend time of performance by the said vendor/supplier from time to time or to postpone for any time or from time to time any of the powers exercisable by the MTNL against the said vendor/supplier and to forbear or enforce any of the terms and conditions relating to the said agreement and we shall not be relieved from our liability by reason of any such variation, or extension being granted to the said vendor/supplier or for any forbearance, act or omission on the part of the MTNL or any indulgence by the MTNL to the said vendor/supplier or by any such matter or thing whatsoever which under the law relating to sureties would, but for this provision, have effect of so relieving us.
7. We (Name of the Bank) . lastly undertake not to revoke this guarantee during its currency i.e. THREE YEARS and automatic extension
57
thereafter till the scrapping/de-commissioning of the equipments/products, except with the previous approval/ consent of the MTNL in writing.
IN THE WITNESS WHEREOF the parties have executed these presents the day and year therein above written.
Signed on the day of . WITNESSES: 1. 2. FOR AND ON BEHALF OF BANK LTD. N.B. The Bank Guarantee shall be from any scheduled Bank of India.
Signature of Tenderer
58

Tender Document

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tender Document

Uploaded by

Copyright:

Available Formats

No.MTNL/20-80(400)/2011-MM/Wi-Fi Hotspot Dated 09.12.

Global EOI No.MTNL/20-80(400)/2011-MM/ Wi-Fi Hotspot Dated 09.12.2011

Thanking you, Yours faithfully,

(Mukesh Kumar) DGM (MM-I) Encl: Bid documents.

SECTION I GLOBAL NOTICE INVITING EOI

5.0 5.1 5.2

(ii) (iii) (iv) (v) b. (i)

(ii) (iii) (iv) c. (i) (ii)

13. 13.1 13.2

15.2 16. 16.1

No payment will be made for goods rejected at the site on testing.

20. 20.1 20.2

WE, THE BANK, DO HEREBY DECLARE AND AGREE that:

ANNUAL MAINTENANE CONTRACT AGREEMENT FOR (----name of work----)

NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:

(c) 13. 13.1

SECURITY BANK GUARANTEE

You might also like