Professional Documents
Culture Documents
For Availing
Technical offers received by the Bank will be opened in the presence of the vendors’
representatives who choose to attend the opening on the date and time specified above. Only
the Vendors who have submitted their offers in response to this tender are permitted to attend
the opening.
The vendors interested in participating in the purchase process under this tender may send
queries on or before 28.09.2013 in writing to the above address and the mail-id
purchase@corpbank.co.in. The Bank will publish changes in terms and conditions, if any, on the
Bank’s website www.corpbank.in before one week of closing date of the tender. In order to
ensure facilitate timely clarification and submission of offer, any queries submitted beyond the
above date specified will not be considered for a response from the Bank. The vendors
interested in participating in the purchase process under this tender may revisit our website
www.corpbank.in for clarifications, if any, issued in respect of this tender.
Earnest Money Deposit (EMD) of Rs. 2.00 lacs must accompany the Technical Offer as specified
in this tender document. Offers received without EMD will be rejected. EMD can be submitted
through a Demand Draft payable at Mangalore or through a Bank Guarantee (as per Format K)
issued by a Public Sector Bank, valid for nine (9) months from the date of issue.
Two copies of the offers (both Technical & commercial) must be submitted at the same time, giving
full particulars in TWO SEPARATE sealed envelopes at the Bank’s address given below, on or before
16.00 hours on 11.10.2013.
Bank’s address
The Deputy General Manager
Corporation Bank,
Information Technology Division
Head Office, Mangala Devi Temple Road
Mangalore – 575001
Offers received after the last date and time specified for such receipt will be rejected. All envelopes should
be securely sealed and stamped.
All the TWO SEPARATE sealed envelopes containing offers must be submitted to the Bank
directly as under :
Each of the above offers must be labeled with the following information:
The Duplicate Offer must be identical in all respects to the Original offer submitted to the Bank, and must
contain all the above information specified.
The Technical offer (T.O) should be complete in all respects and contain all information asked for, except
prices, as per Annexure A. The Technical Offer should not contain any price information. The
Technical offer should be submitted in 2 copies in a closed envelope to the Bank (marked as original and
duplicate). The T.O. should be complete to indicate that all products and services asked for are quoted. For
example, the Technical Offer should mention that Charges for all the services sought in this tender are
included in the Commercial Offer. Further, it should also contain a confirmation by the bidder that has
quoted amount in respect of each row and column without any omission or clubbing, as required in the
commercial offer fully.
EMD DD/BG and Tender cost should be enclosed with the original Technical Offer being
submitted to the Bank. The offers not in line with the above will be summarily rejected without
assigning any reasons.
The Commercial Offer (C.O) should give all relevant price information and should not contradict the T.O. in
any manner. The Commercial offer should be submitted in 2 copies in a closed envelope to the Bank
(marked as original and duplicate)..
Technical and Commercial Offers must be submitted separately, in different envelopes. It may be
noted that if any envelope is found to contain both technical and commercial offers, such offer will be
rejected.
Schedule of Requirements
The Bank intends to strengthen its Information Systems Security by engaging vendors for continuous
review, monitoring, management and mitigation of IT risks, threats and vulnerabilities. The bank is
As a part of this engagement, the selected vendor will be required to deliver the following on a
continuous basis:
Prescribe, manage and implement baseline security levels for infrastructure assets
Security monitoring of assets against attacks
Monitor ATM / Mobile banking / Internet Banking interfaces to Core Banking
Manage security of applications and processes
• Provide total Anti-Phishing services in respect of Bank’s website and Internet Banking websites
• Ensure Malware Scanning / protection
Provide Security Intelligence on continuous basis
Vulnerability assessment ,Intrusion detection and Penetration testing at periodic intervals
Mitigate security risks identified
Implement the best practices / baselined secured configuration of assets
Provide updates on the latest Operating Systems Patches and their relevance to our systems
Monitor the changes in security settings / routing rules in networking devices / Servers
Proactive monitoring of assets against DOS/ DDOS attacks
Review various IT related policies of the Bank in terms of adequacy, appropriateness and
concurrency to the present environment
Recommend enhancement of security with proper justification wherever required.
Preparation, Implementation & certification work related to both preparatory and actual
process of certification in respect of implementation of ISMS and ISO 27001 certification.
Services in respect of implementation of the recommendations of the RBI workgroup on IT
Domains, in the Bank – a one-time exercise.
This document constitutes a formal Request For Proposal (RFP) from Service Providers (SP) for
outsourcing Managed Security Services operations of under scope of work mentioned in Annexure A
Qualification Criteria
Only the Service Providers who meet all the qualifications mentioned in “Qualification
Qualification Criteria”
Criteria of the
tender are eligible to participate in the tender. The bidder should provide sufficient proof /
documents.
Terms and conditions for bidders who participate in this tender are specified in the section named
“Terms
Terms and Conditions”.
Conditions These terms and conditions are binding on all the Service Providers. These
terms and conditions will form part of the Purchase Order [PO] and SLA to be entered into with the
successful bidder.
The Offer should hold good for a period of 180 days from the date of opening of the commercial
offer.
Proposal Ownership
The proposal and all supporting documentation submitted by the Service Provider shall become the
property of the Bank.
Service Providers are not allowed to modify their offers once submitted. However, Service Providers
are allowed to withdraw their offers any time before the last date and time specified for closing of the
tender. No offer can be withdrawn by a Service Provider after the closing date and time for
submission of offers.
Technical Offers received within the prescribed closing date and time will be opened in the presence
of bidder’s representatives who choose to attend the opening of the Offer on the date and time
specified in this tender document. The bidder’s representatives present shall sign a register of
attendance.
Preliminary Scrutiny
The Bank will scrutinize the offers received to determine whether they are complete and as per tender
requirement, whether technical documentation as asked for and required to evaluate the offer has
been submitted, whether the documents have been properly signed and whether items are offered as
per the tender requirements. Offers not meeting the qualification criteria will be rejected.
Clarification of Offers
To assist in the scrutiny, evaluation and comparison of offers, the Bank may, at its discretion, ask
some or all bidders for clarifications on the offer made by them. The request for such clarifications
and the bidder’s response will necessarily be in writing and shall be received by the Bank before the
date for submission of the queries as mentioned in the letter. The clarification submitted by the
vendors will form part of the offer document.
The Bank is under no obligation to accept the lowest or any other offer received in response to this
Tender and reserves its right to reject all the offers including incomplete offers without assigning any
reason whatsoever.
Documentation
Technical information in the form of Brochures/Manuals/CD etc. must be submitted in support of the
Offer made. Annexure B provides a suggested checklist for documentation to be submitted by the
bidder.
It is mandatory to provide the technical details in the exact format (Annexure F) given in this tender.
The offer may not be evaluated and can be rejected by the Bank in case of non-adherence to the
format or partial submission of technical information as per the format given in the offer. The Bank
shall not allow/permit changes in technical specifications after due date for submission of offers.
Failure to submit the required information along with the Technical Offer could result in
disqualification of the offer.
It should be distinctly understood that in case of ambiguity or lack of clarity in the documents
submitted by the bidders towards scoring criteria, the decision of the Bank is final for awarding the
marks against each of the specified items. Hence, it is imperative that the bidder should submit all the
documents / POs/ letters from other Banks with clarity of the services rendered. The Bank is not under
any obligation to seek clarifications from the bidder in this regard, but will proceed to award marks
on the basis of the documents submitted.
The Technical Offer should be made in an organized, structured and neat manner. Brochures/leaflets
etc. should not be submitted in loose form.
1. Index
2. Covering letter. This should be as per Annexure C.
3. Details of the bidder as per Annexure D.
4. Technical Offer as per Specifications as given in Annexure A and in the format provided in
Annexure F,F complete with all the columns filled in.
5. Terms and Conditions Compliance Table in Annexure C1. C1 This annexure must cover bidder’s
response to all the terms and conditions specified in the offer document, as below:
The Commercial offer must not contradict the Technical Offer in any manner. The suggested format
for submission of Commercial Offer is as follows:
Index
Covering letter as per Annexure C.
C
Price Schedule as per Annexure H.
The commercial offer should not contain anything other than specified in the Annexure H –
Commercial version.
version More particularly, statement or request for deviation in either Technical
specifications or Terms & Conditions specified in the Tender should not form part of Commercial
Offer. In case, if any commercial offers contain such requests or submissions the offer will be
summarily rejected without any further process or communication in this regard. Any commercial
offer, which is conditional and /or qualified or subjected to suggestions, will also be summarily
rejected. Further, the amount should be quoted in respect of each row and column without any
omission or clubbing, as required in the commercial offer fully.
The format shall not be modified by the bidder and such changes in the format may lead to rejection
of the bid.
Erasures or Alterations
The Offers containing erasures or alterations will not be considered. There should be no hand-written
material, corrections or alterations in the offer. Technical details must be completely filled in. Correct
technical information of the product being offered must be filled in. Filling up of the information using
terms such as “OK”, “accepted”, “noted”, “as given in brochure/manual” is not acceptable. The Bank
may treat such Offers as not adhering to the tender guidelines and as unacceptable.
Location of Service
The bank is envisaging a model, which will be a combination of onsite and remote services offered
by the vendor. Under this engagement, the prospective vendor is expected to provide the On-site
services by deploying appropriate dedicated resource personnel, with required qualification and
experience, at Bank’s Data Centre on 24x7 basis (3 shifts with minimum of a resource for each of the
shift) located at Bangalore and provide the remote services from their Security Operations Center
(SOC). The scope of the engagement involves monitoring of the infrastructures & operations in our
Data Centre / Reliance Managed Data Centre, Bangalore, DR centre at Mangalore and other IT
Assets at Mumbai.
The Offer must be made in Indian Rupees only, including the following:
1. Charges for all the Service envisaged in this Tender, including any levies, duties& charges etc.
2. The cost quoted should include the dedicated competent & qualified on-site resource personnel
on 24 x 7 basis for exclusive work of Managed Security Services. The team deployed so is towards
providing various services specified and hence the cost of this onsite team should also be included
along with the respective charges for each of the services. There will not be any separate payment
towards onsite support, as it should be included as a part of the respective cost of services.
3. The cost quoted should include the monitoring services rendered through their SOC on 24 x 7
basis.
4. The cost quoted should include all other expenses that may arise on account of any tie-up
required, as no separate charges will be paid.
5. All other incidental expenses of what so ever nature it be for rendering the required services, as
no separate charges will be paid.
6. No other additional cost shall be payable by the Bank on account of any software / tools used by
the Service Provider for rendering the services as required in the Tender. The Service Provider
should make his own arrangement for providing such software / tools used at his own cost. Bank
is only availing services of the Service Provider. The responsibility to ensure that only legal,
authorized, licensed versions of software / tools [provided by the Service Provider and used by its
employees] are used for extending the required services, lies with the Service Provider only.
Fixed Price
The Commercial Offer shall be on a fixed price basis, but exclusive of all taxes.
taxes No price increase is
permitted, other than the variation of applicable tax as announced by the tax authorities. In case of
any variation in tax, the Service Provider should submit the relevant guidelines describing the change
in the tax structure or applicability. Please note that the Bank will not pay any amount towards any
customization towards meeting specifications of services mentioned in Annexure A.
Price Comparison
All the offers will be compared on the basis of the price offered (exclusive
exclusive all the taxes)
taxes and will be
taken-up for techno commercial evaluation.
Negotiation
It is absolutely essential for the Service Providers to quote the lowest price
price at the time of making the
offer in their own interest, as the Bank will not enter into any price negotiations,
negotiations except with the
technically qualified bidder securing highest score in the techno-
techno-commercial evaluation in line with
evaluation methodology specified in this tender.
Short-
Short-listing of Service Providers
The Bank will prepare a short-list of SP on the basis of submission of proof towards eligibility,
suitability of the technical service delivery methodology as compared to the specifications provided in
this tender and acceptance of the terms & conditions. The overall technical evaluation and short-
listing will be based on the following aspects :
submission of proof towards Qualification Criteria specified in the tender
Compliance to Technical specifications / requirements as against Technical requirement specified
suitability of the technical service delivery methodology / implementation Methodology described
in Technical Bid, as compared to the specifications provided in this tender
acceptance of the terms & conditions in full without any deviation
Past experience and past performance of the vendor, as evidenced by the documents and by the
Bank’s experience
The Bank will short list the service providers on the above basis and the commercial offers of only
these short listed Service Providers will be opened. The Bank will intimate the date and time of
opening of Commercial Offers to the Service Providers, whose offers are shortlisted. After opening of
the Commercial Offers of the shortlisted vendors, a techno commercial evaluation (the methodology
is specified in this tender document) will be made to determine the successful bidder.
Technical Bid
Eligibility criterion for the service providers to qualify is clearly mentioned in the Para “Qualification
Criteria” specified in the tender. The Service Providers should submit the documents / PO copies /
credential letters issued by other Banks etc against each of the item 1.1 to 1.10 specified in the Para
“Qualification Criteria”. All the credentials of the service provider necessarily need to be relevant to
the Indian market. The relevant submissions, along with supporting documents are to be submitted
by the Bidder in the Technical Bid. Service providers who meet these criteria would only qualify for
further evaluation in the tender process. The decision of the Bank shall be final and binding on all the
The service provider should submit their offering and compliance to various items listed in the
“Specification of Services” along with the Technical Bid. The submissions / compliance will be
evaluated during the technical bid evaluation stage for short-listing of service providers for the
purpose of further evaluation in the tender. Hence, the service provider has to respond with their
compliance as to clear ‘yes’ or ‘no’.
In case if it is required for the purpose of assisting the technical evaluation, the Bank may call for
presentation at any time before opening commercial bids to satisfy itself about the capabilities of the
SP, their facilities etc. In case, if the SP, when called for, does not come with presentation or not turn
up for presentation, it will be construed that SP is not interested in the proposal and shall stand
disqualified from the process, without assigning any further reasons.
The Service Providers should submit the documents / PO copies / credential letters issued by Banks
etc against each of the item specified in Para “Technical
Technical Bid Scoring Evaluation Criteria”.
Criteria All the
credentials of the service provider necessarily need to be relevant to the Indian market and from the
type of institution specified therein. The relevant submissions, along with supporting documents, to be
submitted by the Bidder in the Technical Bid. It is imperative that the bidder should submit all the
documents / POs/ letters from other Banks with clarity of the services rendered. The Bank is not under
any obligation to seek clarifications from the bidder in this regard, but to proceed to award marks on
the basis of the documents submitted. In case of ambiguity or lack of clarity in the documents
submitted by the service providers towards scoring criteria, the decision of the Bank is final for
awarding the marks against each of the specified items.
The table below highlights the parameters under the technical criteria and methodology for awarding
marks to the Service Provider based on the credentials to be submitted. The vendor to submit
appropriate credentials [other than self-certification] in respect of each of the item
Crit
Crit Evaluation Parameters / Credentials for awarding score Max
eria Credentials / Experience / It should be distinctly understood that in case of Marks
ambiguity or lack of clarity in the documents submitted,
the decision of the Bank is final for awarding the marks
against each of the specified items.
01 Bidder’s Number of years of The marks to be awarded as per the credentials 8
experience in providing SOC submitted in respect of clients serviced:
services 8 marks for 5 years and above
4 marks for 3 years and above
Please provide PO copies for the customers serviced
from the bidder SOC and also proof of establishment of
SOC also.
02 The Bidders experience in The marks to be awarded as per the credentials 8
providing Managed IT security submitted in respect of clients serviced:
services to PSU Banks 8 marks for providing services to more than 3 PSU
Banks
6 marks for providing services to more than 2 PSU
Banks
4 marks for providing services to one PSU Bank
3 marks for providing services only to other
financial organizations
04 Proposed SOC solution of the 6 marks for those bidders who have implemented 6
bidder should be of Gartner the solution present in Gartner leaders quadrant.
leader quadrant 2 marks for others
Please provide the Gartner report of recent years.
05 Anti-phishing Services 10 Marks for Anti-phishing Services provided 10
through Bidder’s SOC deploying their own tools
for detection and monitoring software.
6marks for services in case if they are dependent
on third party vendor for identifying the attacks
and do not have their own capabilities for
detection.
Please provide the credential letters from the Banks
for having implemented
06 Penetration Testing 8 Marks for provided Penetration testing to three or 10
more PSU Banks
6 Marks for provided Penetration testing to two or
more PSU Banks
4 Marks for provided Penetration testing to at least
one PSU Bank
2 Marks if the Credential based Penetration testing
is provided to any PSU Bank
Please provide the credential letters from the Banks
for having implemented
06 Service Provider’s experience in 10 marks for implementation in three PSU Banks 10
implementation of ISMS in PSU 8 marks for implementation in two PSU Banks
Banks / implementation of ISO 5 marks for implementation at least in one PSU
27001 in PSU Banks Bank
3 marks for implementation in other financial
organizations only and not in any PSU Banks.
Please provide the credential letters from the Banks
for having implemented
07 Total number of Technical 6 marks for more than 10 professional 6
Resources having professional 4 marks for more than 5 professional and
certifications of CISA / CISSP, 2marks if less than 5.
Note:
- PSU Banks means Public Sector Banks in India
- Banks include all Commercial Banks, except RRBs and Co-operative Banks
- Terms – Bidder, Service Provider [SP] and Vendor are used interchangeably
- The bidder is required to provide documentary evidence for each of the above criteria.
- The Bank shall verify the credentials submitted with the respective issuer and understand the
credentials claimed for the purpose of evaluation and awarding marks.
Commercial Bid
Commercial bids of only those vendors who have qualified in the technical evaluation will be opened.
The lowest Total Cost of Service (TCS) shall be taken into consideration for evaluation of the
commercial bid. The SP shall not add any conditions / deviations in the commercial bid. Any
statement or request for deviation in either Technical specifications or Terms & Conditions specified in
the Tender should not form part of Commercial Offer. In case if any commercial offers contain such
requests or submissions the offer will be summarily rejected without any further process or
communication in this regard. Any commercial offer, which is conditional and /or qualified or
subjected to suggestions, will also be summarily rejected. Rate per month, rate for 12 months,
applicable taxes for each of the rows must be filled and should not be left blank. Individual amount
to be mentioned in respect of each row / column and clubbing is not permitted. If so, the bid attracts
rejection.
There will be a Techno-commercial evaluation and accordingly the Technical evaluation shall have
70% weight-age and the Commercial evaluation shall have 30% weight-age. This weight-age shall
be taken into consideration for arriving at the Successful Bidder. The bidder getting highest score in
the techno-commercial evaluation will be declared as successful bidder. The evaluation methodology
vis-à-vis the weight-ages are as under:
Score (S) will be calculated for all technically qualified bidders using the following formula:
C stands for TCS quoted in a particular bid; C (low) stands for the lowest TCS value among all the
bids;
bids; T stands for technical score secured;
secured; TCS stands for Total Cost of Services.
Technical (C low / C )*
Bid Price
# Bidder Evaluation (T /100) * 70 30 Score (S)
(`C`)
Marks (T)
1 BID-1 63 81 (63/100)*70 68/81*30 69.28
=44.10 = 25.18
2 BID-2 60 72 (60/100)*70 68/72*30 68.33
=42 = 28.33
3 BID-3 57 68 (57/100)*70 68/68*30 69.90
= 39.90 = 30
The Bank has specified the required services in the Annexure A and also sought the details of the cost
of services in respect each of the services in the Annexure G [Technical] and Annexure H –
Commercial Bid, for the purpose of uniform evaluation of the Bids. However, the Bank reserves the
right to avail or not avail any of the services specified in this Tender document, according to the
actual requirement under the changed circumstances, either at the start of contract or with prior
intimation subsequently. The Service Provider to consider the above and submit the pricing in the
commercial bid accordingly with all the bifurcations, so that each of the activity is properly priced as
an individual component. The Commercial Bid without bifurcation of cost for each of the activity &
for each line item will be summarily rejected.
The tender document is also available for download from the bank’s website www.corpbank.in.
Those who choose to download the tender document from our website are required to pay the price
of tender along with submission of their offer. They are also required to confirm in writing that they
have not modified any part of the tender and abide by the same.
same If any Bidder fails to pay the price
of the tender document, his offer will be rejected.
Bidder should clearly indicate the address of their office to which the Bank has to send the Purchase
Order if the bidder emerges as successful in the tender process.
The successful bidder should execute a Service Level Agreement (SLA) to provide necessary service on
24 x 7 basis covering all Terms & Conditions of this Tender.
Eligibility of
of the Service Provider
1.1 The bidder should be a registered corporate in India registered under the Companies Act,
1956 or A company/statutory body owned by Central/State Government. [Provide
documentary proof in respect of this]
1.2 The bidder should be a CERT IN Empanelled member [Please provide CERT IN empanelment
letter/ credential]
1.3 The bidder should have been providing Managed IT security services in India for minimum of
three years as on 30.06.2013. [Provide PO copies in support of the same]
1.4 The bidder should own and have been managing well established Security Operations Centre
(SOC) in India. Bidder shall provide the details of the SOC owned by them like the location,
infrastructure, tools used, companies served, process and methodology, staff employed,
availability of DR facilities etc. [Provide document in support of having established SOC]
1.5 The SOC should be ISO 27001 certified offering similar services [at least major services listed
in RFP, including Anti-Phishing Services, VA&PT, Web site monitoring etc.] to minimum 3 Indian
financial institutions out of which at least ONE should be a PSU Bank. [Provide PO copies in
support of the same]
1.6 SOC should be operational with at least one PSU Bank as the servicing client in last two years.
[Provide PO copies in support of the same for the last two years]
1.7 The bidder should have executed at least One security project in India, of minimum Rs.25
lakhs per annum which does not include the product cost, but only services cost. [Provide PO
copies in support of the same].
1.8 The Lead Project Manager should have been with the bidding firm for at least two years and
should have prior experience in handling at least one big security services project for a BFSI
customer in India
1.9 The service provider shall not assign or sub-contract the assignment or any part thereof to any
other person/firm.
1.10 The bidder shall submit a letter of undertaking that they have not been blacklisted by any
commercial bank in India.
The eligibility will be seen based on the above criteria and the bank reserves the right to reject
responses not meeting the qualification criteria. The tender participants shall provide documentary
proof for each of the above qualification criteria.. A list with brief details of documents submitted
against each of the above should be submitted along with the covering letter format as per Annexure-
C.
Vendors are required to give EMD by way of a Demand Draft/Bank Guarantee valid for 180 days
from the due date of the tender for Rs 2,00,000/- (Rupees Two Lakhs only) as Earnest
money Deposit (EMD) along with their Offer. Offers made without E.M.D. will be rejected. The
format for the Bank Guarantee is attached to this tender document (Annexure K).
EMD amount of unsuccessful bidders will be returned after completion of tender process. EMD
amount of successful bidder will be returned against a performance Bank Guarantee as specified
in Annexure L of the Tender, after completion of one month of satisfactory services.
1. Payment Terms
[a] The Bank shall make the payments on a monthly basis in arrears based on the Tax Invoice
submitted by the Service Provider for each of the activity undertaken and included under “Annual
Annual
Recurring Charges for MSS” in the commercial bid format of the tender.
[b] The Bank shall make payments as under in respect of the “Charges towards ISMS implementation
and certification”
i. 30% of the amount on preparation of statement of applicability and filing the application and
presentation to the management
ii. 35% of the amount on completion of the audit process for certification
iii. 15% of the amount on completion of the certification
iv. 10% of the amount on completion of the surveillance audit
v. 10% of the amount on completion of the surveillance audit
[c] The Bank shall make payments as under in respect of the “Service support charges towards
implementation of RBI Workgroup recommendations on IT domains/ IT Security”
i. 20% of the amount after arriving at precise action plan in respect of all pending
recommendations and finalization with the Bank’s Project Team.
ii. 80% on the amount after implementation and presentation to the Management.
[d] The Bank shall make payments on a monthly basis in respect of take down of phishing sites at the
rates arrived, as per the actual number of take downs permitted by the Bank and complied with
the same by the SP during the completed calendar month, against submission of necessary
documentary evidence and tax invoice.
The price offered to the Bank must be in Indian Rupees, exclusive all taxes. No price increase is
permitted, other than the variation of applicable tax as announced by the tax authorities. In case of
any variation in tax the Service Provider should submit the relevant guidelines describing the change
in the tax structure or applicability.
3. Contract period
4. Start of Services
The Service Provider shall be responsible for operationalising all the services under the tender in
consultation with Bank within one month from the date of Letter of Intent / Purchase Order. However,
the vendor to deploy resources within 15 days from the date of Letter of Intent / Purchase Order and
start transition process. The responsibility of collecting all the required information pertaining to the
present systems of the bank shall be with the service provider. All tools/software used by the Service
Provider should be authenticated and licensed and there shall not be any license related issue for use
while delivering the service in the Bank and / or to be used in the Bank towards delivering the service
under this engagement. The Bank shall not make any additional investment in this regard, except for
the charges quoted in the commercial offer and accepted by the Bank.
For any delay in operationalisation beyond 2 months, a penalty of 0.5% of yearly order value per
week will be charged. For any delay less than a week, the penalty will be charged proportionately.
6. Liquidated Damages
If the Service Provider fails in operationalising the services as per the terms of this tender or the
vendor is not able to provide the service as per Service Level Agreement (SLA), the Bank shall be
entitled to charge penalty/liquidated damages @ 0.5% of the yearly order value per week or part
thereof, subject to a maximum of 10% of the order value.
The vendor need to execute a Service Level Agreement with the Bank covering all terms and
conditions of this tender. Vendors need to strictly adhere to Service Level Agreements (SLA). Services
delivered by vendor should comply with the SLA mentioned in the table below and in Annexure-A.
SLA will be reviewed on a quarterly basis. SLA violation will attract penalties at the rate of Rs.10,000/-
for every incident of violation, due to the reasons attributable to the vendor. This penalty to be levied
in the year cumulatively shall be subject to a maximum of 15% of the value of the annual recurring
charges payable to the vendor under this assignment.
Sl. Service
Service Area SLA
No.
The bank reserves the right to review the rates & services every year, subject to the ceiling of the
initially agreed rates.
The performance of the agency shall be reviewed after every 3 months. However, the bank reserves
the right to terminate the contract at any point of time after giving 60 days’ notice without assigning
any reasons, in case of any change in the Bank’s plan or due to performance related issues of the
vendor.
The Service Providers shall at the end of each financial year, provide to the Bank the most recent audited
financial statements and annual reports as well as other indicators for evaluating technological expenditure
and the level of investment in Technology for consistent supporting of the Bank’s out sourcing activity
undertaken by the Service Providers.
9. Repeat order
The bank reserves the right to extend the agreement for further period after expiry of the contract
period, in case, it is necessary for any specific reason, at the option of the bank at the same terms
and conditions after negotiating the rates.
10. Periodic
Periodic Review of Services
Following operationalisation of the services, the Bank will conduct review of the services rendered by
the Service Provider at mutually agreed schedules, dates and locations and representatives from both
the Bank and Service Provider should attend such performance review meetings.
Apart from the above review, the Service Provider’s SOC facility would be subject to Bank’s Internal /
Appointed External / Statutory / RBI-AFI audits, as and when required.
The Service Provider shall agree and undertake that they shall not impede or interfere with the
ability of the Bank to effectively oversee and mange its activity or impede the Reserve Bank of India in
carrying out its supervisory functions and objectives. The Bank shall have the right to inspect / audit
the SOC, Tools, Techniques and procedure adopted by the Service Provider for the activity outsourced
by the Bank, independently or through the outsourced experts and call for detailed report without
compromising the Service Provider’s Security.
The document contains information confidential and proprietary to the bank. Additionally, the
selected Service Provider will be exposed by virtue of the contracted activities to the internal business
and operational information of the bank, affiliates, and/or business partners. Disclosure of receipt of
this tender or any part of the aforementioned information to parties not directly involved in providing
the requested services could result in the disqualification of the Service Providers, premature
termination of the contract, or legal action against the Service Provider for breach of trust. The
successful bidder should sign a Non-Disclosure Agreement on awarding of contract by the Bank.
In instances, where service provider acts as an outsourcing agent for multiple Banks, care should be
taken to build strong safeguards so that there is no mixing together of information/ documents,
records and assets. The Service provider should undertake to maintain confidentiality of the Bank’s
information even after the termination / expiry of the contracts.
No news release, public announcement or any other reference to this tender, relating to the
contracted work if allotted with the assignment, or any program hereunder shall be made without
written consent from the bank.
Reproduction of this tender, without prior written consent of the bank by photographic, electronic or
other means is strictly prohibited.
The Service Provider, before claiming the first payment, has to provide Performance Bank Guarantee
from a Public Sector Bank valid for 3 years, for an amount equivalent to the Total Recurring Cost of
Services for Managed Security Services for a period of 12 months. [ Please Refer Annexure -L]
The Bank reserves its right to cancel the Purchase Order at any time, in the event of delay in
operationalising the service beyond the specified period or for any other reason with or without
assigning any reasons, by giving 60 days’ notice, in case of any change in the Bank’s plan or due to
performance related issues of the vendor.
In addition to the cancellation of Purchase order, the Bank reserves the right to invoke the Bank
Guarantee given by the Service Provider to recover the penalty.
In view of the criticality of the services to be rendered under this tender, in order to enable the Bank to
engage any other Service Provider for continuity of services, the selected Service Provider under this
tender process should give a minimum of six months’ notice in writing(clearly specifying a future date)
for terminating the contract, in case if they desire so.
15. Indemnity
The Service Provider shall indemnify, protect and save the Bank against all claims, losses, costs,
damages, expenses, action suits and other proceedings, resulting from any actions of the employees
or agents or deficiency of service of the Service Provider. In respect of the above, under normal
circumstances, the Service Provider shall indemnify upto an amount equivalent to the Service Charges
payable to the Service Provider [exclusive of taxes] for a period of one year under the terms of the
tender.
While submitting the offer and at periodic intervals as required by the Bank, the Service Provider to
submit / spell out their Contingency and BCP in respect of the following areas wherever applicable:
The Service providers Contingency Plans and BCP should address the service provider’s responsibility
for back-up and record protection, including equipment, program and data files to the extent
applicable for the activity outsourced by the Bank. The information to include testing of the plans,
actual testing and the results thereof. The Bank shall consider independencies among service
providers when determining business resumption testing requirements. The Service provider shall
provide the Bank with methodology / procedures relating to Business resumption and contingency
plans of the Service Provider.
17. Publicity
Any publicity by the Service Provider in which the name of the Bank is to be used will be done only
with the explicit written permission of the Bank.
The Service Provider or the bank shall not be liable for default or non-performance of the obligations
under the contract, if such default or non-performance of the obligations under this contract is caused
by any reason or circumstances or occurrences beyond the control of the Service Provider or the
bank, i.e. Force Majeure.
For the purpose of this clause, “Force Majeure” shall mean an event beyond the control of the
parties, due to or as a result of or caused by acts of God, wars, insurrections, riots, earthquake and
fire, events not foreseeable but does not include any fault or negligence or carelessness on the part of
the parties, resulting in such a situation.
In the event of any such intervening Force Majeure, either party shall notify the other in writing of
such circumstances and the cause thereof immediately within five calendar days. Unless otherwise
directed by the Bank, the Service Provider shall continue to perform/render/discharge other
obligations as far as they can reasonably be attended/fulfilled and shall seek all reasonable
alternative means for performance affected by the Event of Force Majeure.
In such a case, the time for performance shall be extended by a period(s) not less than the duration
of such delay. If the duration of delay continues beyond a period of one month, the Bank and the
Service Provider shall hold consultations with each other in an endeavor to find a solution to the
problem. Not withstanding above, the decision of the Bank shall be final and binding on the Service
Provider.
19.
19. Resolution of Disputes
All disputes and differences of any kind whatsoever, arising out of or in connection with this Offer or
in the discharge of any obligation arising under this Offer (whether during the course of execution of
the order or after completion and whether before or after termination, abandonment or breach of the
Agreement) shall be resolved amicably. In case of failure to resolve the disputes and differences
amicably the matter may be referred to a sole arbitrator mutually agreed upon after issue of at least
30 days notice in writing to the other party clearly setting out therein the specific disputes. In the
Continuous
Continuous monitoring of WAN, ATM, Internet banking, ITMS, mobile banking, CAPS
systems & interfaces for security threats [Including components like Servers, Switches,
Routers, Firewalls, IDS etc.]
o 24X7 application log monitoring
o Rapid response to incidents
o Evaluation of incidents
o Forensics to identify the origin of threats, mitigation thereof, initiation of measures to
prevent recurrence
Anti-
Anti-Phishing services
o 24X7 malware scanning of Internet banking and corporate website, WAN and other
networks, point of entries
o Rapid response to incidents
o Evaluation of incidents
o Forensics to identify the origin of threats, mitigation thereof, initiation of measures to
prevent recurrence
o Malware scanning should be provided by the Onsite support team placed at the Bank
Security Intelligence
o Continuous tracking of global threats and vulnerabilities to tackle evolving threats and
vulnerabilities
o Advisories to bank on relevant threats and vulnerabilities
o Benchmark bank’s environment against evolving threats and vulnerabilities
o Review of Policies / Guidelines / Business Continuity Plan / Disaster Recovery Plan / Data
Centre Operations Manual – all pertaining to Information Technology and Information
Security
o Review shall be in terms of adequacy, appropriateness and concurrency to the present IT
environment and suggest necessary changes commensurate with risks
o Provide input to the Bank on the annual review in respect of the above
o Review of observations in various IS Audit Reports and provide the Bank suggestions for
rectification, facilitate rectification, provide work around for certain observations and
provide opinion on certain observations on the feasibility of implementation
o Study and validate the already identified gaps, prepare action plan for implementation
in respect of the gaps, implement the recommendations of the RBI Workgroup on IT
domains/ IT security.
Deliver all of the above as onsite services at bank’s premises by deploying resources at the
Bank’s premises. The vendor has to specify which of the exact services which cannot be
offered at onsite and that they will be offered from vendor’s Security Operations Center
(SOC). The vendor need to bring clarity on this very clearly in the technical bid submission
stage itself for evaluation by the Bank accordingly.
Services like anti-phishing, security intelligence shall be delivered from vendor SOC by
deploying their own tools. In case if they are dependent on third party vendor for identifying
the attacks and do not have their own capabilities for detection, should submit so to the Bank
with clarity and the nature of arrangement.
The other services including baseline security for applications, infrastructure and processes,
log monitoring, Malware scanning etc. shall be taken up at the bank’s premises to yield the
desired results.
Provide at least three resources onsite [to cover 24 x 7] for coordination of mitigation activities
as well as for other services delivered onsite-3 shifts with minimum of a resource for each of
the shift apart from an on-site Project Manager with CISA/CISSP Certification as per details of
resource requirements given below:
Onsite Project Manager: Vendor should provide one resource with minimum 5 years of
experience to work from bank premises during banks business hours.
Resource shall be CISA /CISSP certification and broadly undertake the following activity:
• Track Incident detection and reporting along with closure
• Continuous ISMS management
• Customer Management - Single point of contact for customer escalations
• Identify new alert requirements
• Resource Management
• SLA tracking in adherence
• System Planning
For 24x7 monitoring minimum one resource during three shifts in a day broadly
undertake the following activities:
Analyst Responsibilities
SKILLS
be
Profiles and Proof/ credential of resources personnel to be deployed in the project needs
to be submitted well in advance.
Set up processes, contemporary, state of the art tools and provide skill set for security
management.
Prescribe / Implement the best practices in line with the IS Policy / IS Guidelines / BCP/ DRP
etc. of the bank and those prescribed from time to time by the concerned statutory agencies
like RBI, Ministry, CERT-IN, IBA etc.
Implement the best practices like ISO 27001, RBI work group recommendations etc., and
help the Bank for certification thereof for bank’s information security infrastructure /
compliance. The lead resources should visit the Bank during the implementation and review
phases.
The Bank at its discretion, will visit and analyse the technical capabilities of the Security
Operations Centre [SOC] based on these above criterion. The Service Provider’s SOC facility
would be subject to Bank’s Internal / Appointed External / Statutory / RBI-AFI audit by the Bank,
as and when required.
The general scope & specification based on which the Managed Security Services [MSS] are made
operational as follows:
1. Infrastructure Log Monitoring Services (Please see the details of S/N in Annexure F )
Vendor should provide 24x7 remote monitoring of Operating systems, web servers, databases,
network and security devices. The services have to be provided from within the banks premises.
Sl. No Requirement S/N Remarks
1.1 24*7 monitoring of security events to detect
attacks and raise alerts for any suspicious events
that may lead to security breach in bank’s
environment & block the same.
1.2 Detection of both internal & external attacks
1.3 Vendor should implement tools and processes
for detection and correlation of events from
Vendor should provide 24x7 remote monitoring of security issues on ATM, Internet banking, mobile
banking, WAN channels. Vendor solution should be capable of analyzing ATM, Internet banking, mobile
banking application logs and WAN network logs. The services have to be provided from within the
banks premises.
Vendor should assess, track and mitigate vulnerabilities in IT infrastructure assets. Infrastrucutre assets
would include Operating Systems, web servers, databases, messaging applications, network and security
devices. Please refer to the inventory list in the annexure. The services have to be provided from
within the banks premises.
Vendor should assess, track and mitigate vulnerabilities in business applications. Please refer inventory
list in the annexure. The services have to be provided from within the banks premises.
Sl Requirement S/N Remarks
No.
4.1 An asset database should be available as part of
the solution to capture asset details. Asset in
Vendor should assess, track and mitigate vulnerabilities in IT processes as well as business processes
around IT. The services have to be provided from within the banks premises.
6. Security Intelligence
Vendor should track emerging vulnerabilities and threats relevant to the bank’s assets.
7. Anti-Phishing Services
Vendor should provide 24X7 monitoring of phishing attacks against the bank.
Vendor should provide 24X7 monitoring for malware injection attacks and infection
Vendor should implement a security service desk customized for the services provided at the bank
premises
Sl No. Description S/N Remarks
9.1 The tool should be customized with forms,
fields, workflows corresponding to security
monitoring, incident management, infrastructure
and application baseline security, secure
commissioning of new servers and applications
9.2 The service desk should be configured with
escalation workflows
9.3 Service desk should be a web based portal with
ready access to service requests
9.4 Bank should be able to generate reports on
demand from the service desk portal
9.5 Service desk should support concurrent login
for at least three users
9.6 Service request should contain at least the
request Number, description of request, date &
time of opening, update and closure, asset
details for which the service has been opened,
action taken
The vendor should implement an integrated online security dashboard for services provided to the bank.
Security dashboard should be implemented onsite in the bank’s premises and should be accessible to
identified personnel of the Bank preferably through our Network / Web based access.
Vendor should service deliverables for the security events monitoring, event correlation, analysis,
mitigation both reactive to incidents and proactive to those events anticipated, basic audit and reporting.
Periodic analysis of the security events with the recommendations. Periodic “Service Delivery Review”
with customer and the feedback on the service window & other deliverables.
Vendor shall formulate/ review IS and IT related policies of the Bank at regular intervals
Sl No. Requirement S/N Remarks
12.1 o Review of Policies / Guidelines /
Business Continuity Plan / Disaster
Recovery Plan / Data Centre
Operations Manual – all pertaining
to Information Technology and
Information Security
Vendor should define the objectives for ensuring the integration of the security components
with the other security & Wide area networking components to deliver a framework support
The bidder should implement ISMS standards for the Bank’s IT Inftastructure.
Sl No. Requirement S/N Remarks
14.1 Study of existing policies, business processes,
documents and records maintained (like
contracts, SLAs, MOUs etc), Outsourcing, 3rd
The bidder should implement ISMS standards for the Bank’s IT Inftastructure.
Sl No. Requirement S/N Remarks
15.1 • Bank has already performed Gap
Analysis with respect to RBI Workgroup
Recommendations on IT Domains ( Sri.
GopalaKrishna Committee
Recommendations) guidelines issued
vide RBI Circular no: RBI/2010-11/494
DBS.CO.ITC.BC.No. 6 /31.02.008/2010-
11 April 29, 2011.
Signature: ______________________________________
1. Service Providers are required to provide printed technical documentation for the items listed
in Table below.
2. Availability of adequate, correct and relevant technical documentation is essential for
evaluation of any offer.
3. Service Providers are requested to provide original copies of the documentation. In case the
original copies are not available, Service Providers can provide clear readable photocopies.
4. Mark the column “Documentation Provided” with Tick mark () or Cross (), as appropriate.
5. Service Provider may add any other documentation, which will support their offer.
Signature: ______________________________________
Date:_______2013
To:
The Deputy General Manager
I.T Division, Corporation Bank,
Head Office, Mangala Devi Temple Road
Mangalore - 575001
Dear Sir,
Having examined the tender document including all Annexure the receipt of which is hereby duly
acknowledged, we, the undersigned, offer to undertake all the services for a period of THREE
years [with an option to extend the services as per terms of the Tender] in conformity with the said
tender in accordance with the Schedule of Prices indicated in the commercial offer and made part
of this offer.
If our offer is accepted, we undertake to commence operations within one month calculated from
the date of Letter of Intent or Purchase Order issued on us. However, we undertake to deploy
resources within 15 days from the date of Letter of Intent / Purchase Order issued on us and start
transition process.
We agree to abide by this offer till 180 days from the date of opening of the commercial offer by
the Bank and our offer shall remain binding upon us and may be accepted by the Bank any time
before the expiration of that period.
We confirm that the our Lead Project Manager specified in this offer, is having the requisite
qualification and experience sought in the eligibility criteria of the Tender and we agree to
deploy him in the Bank’s project as per the terms of the Tender and will obtain prior consent from
the Bank moving such resource from the project.
We agree & will abide by the terms of the Tender that we will not assign or sub-contract the
assignment or any part thereof to any other person/firm. We confirm that we have not modified
the tender format published in any manner. We confirm that the duplicate copy of the offer is
exact replica of the original offer in all respects.
We confirm that we have not been blacklisted by any commercial bank in India.
We agree that until a formal contract is prepared and executed, this offer, together with the
Bank’s written acceptance thereof and the Bank’s notification of award, shall constitute a binding
contract between us.
We understand that the Bank is not bound to accept the lowest or any offer the Bank may receive
without assigning any reason whatsoever.
Signature: ______________________________________
The Offer must specify the unconditional willingness to abide by the Terms and Conditions of the Tender. The
Terms and Conditions specified elsewhere in the Tender should be complied along with the compliance / conformity
/ willingness to offer as per the terms of the Tender towards requirements of the Bank as under:
Signature :
In the Capacity of :
Duly Authorised to Sign the Offer and Terms and Conditions on behalf of
(Company)
Details filled in this form must be accompanied by sufficient documentary evidence, in order to
facilitate the Bank to verify the correctness of the information.
Signature: ______________________________________
The Service Provider should provide a response to the requirements, which could be any one
from the following categories – S/N i.e. Standard ( S ),
) or Not Feasible ( N ). Please respond in
accordance with the following guidelines.
….
……
Signature: ______________________________________
Please note that statement or request for deviation in either Technical specifications or Terms &
Conditions specified in the Tender should not form part of Commercial Offer. In case if any commercial
offers contain such requests or submissions the offer will be summarily rejected without any further
process or communication in this regard. Any commercial offer, which is conditional and /or qualified
or subjected to suggestions, will also be summarily rejected.
Rate per month, rate for 12 months, applicable taxes for each of the rows must be filled and
should not be left blank. Individual amount to be mentioned in respect of each row / column
and clubbing is not permitted and if so, offer will be rejected]
Note :
This schedule of services must be attached in Technical Offer with masking of price information and
with commercial offer with full price information. The format will be identical for both Technical and
Commercial Offers, except that the Technical Offer should not contain any price information.
Technical Offers without this price masked schedule of services will be liable for rejection.
Vendor must take care in filling price information in the Commercial Offer, to ensure that there are no
typographical or arithmetic errors. All fields must be filled up correctly.
Sl. Brief Heading of Services offered and onsite Rate per Rate for 12 Months Any Taxes
No. support Month (in Rupees) applicable for
this service as
[More fully described in 1. Service Level (in Rupees) on date
Agreement 2. Annexure-A 3. Service Specify nature
Delivery Methodology 4. Specification of the of tax and rate
services of the Tender Document] in % only
[This column
should be
filled in this
technical bid
also]
(a) Regular Activity towards managing IT Security
1. Security log Monitoring of the IT infrastructure / IT
assets including reporting, action and follow-up for
mitigation (including Wide Area Network
monitoring )
2. Managing and monitoring of security for IT
Applications and Processes including reporting,
action, follow-up for mitigation and continuous
review with application owners.
3. Monitor / Manage / Periodic Review of the baseline
security for IT Infrastructure / IT Assets / IT
Applications
4. Security Intelligence, Advisory services, identify
threats and Monitor / Mitigate findings & threats,
Security Analysis, Mitigation & prompt reporting
5. Vulnerability Assessment
[Black Box and Grey Box]
6. Penetration Testing
[Black Box and Grey Box]
1. We confirm that the above schedule includes the cost of all the services and
deliverables covered in the schedule of requirements and as per the Terms and
Conditions specified in the Tender.
3. We confirm that the above commercial offer is in full & unconditional, and not
subject to any conditions / qualifications / suggestions / deviations.
4. We confirm that the above Pricing is excusive of applicable taxes, and in the
last column the taxes applicable as on date is indicated as a percentage %.
6. We are agreeable to the payment terms specified in the Tender and to provide
the services mentioned in the Tender as per the above rates specified for a
period of 3 years.
Signature: ______________________________________
(In the Capacity of:) ________________________________
NOTE :The Service Provider to submit the pricing in the commercial bid with all the bifurcations.
The Commercial Bid without bifurcation of cost for each of the activity & for each line item will be
summarily rejected
Please note that statement or request for deviation in either Technical specifications or Terms &
Conditions specified in the Tender should not form part of Commercial Offer. In case if any commercial
offers contain such requests or submissions the offer will be summarily rejected without any further
process or communication in this regard. Any commercial offer, which is conditional and /or qualified
or subjected to suggestions, will also be summarily rejected.
Rate per month, rate for 12 months, applicable taxes for each of the rows must be filled and
should not be left blank. Individual amount to be mentioned in respect of each row / column
and clubbing is not permitted and if so, offer will be rejected]
Note :
Vendor must take care in filling price information in the Commercial Offer, to ensure that there are no
typographical or arithmetic errors. All fields must be filled up correctly.
Sl. Brief Heading of Services offered and onsite Rate per Month Rate for 12 Any Taxes
No. support (in Rupees) Months applicable for
this service as
[More fully described in 1. Service Level (in Rupees) on date -
Agreement 2. Annexure-
Annexure-A 3.Service Delivery Specify nature
Methodology 4. Specification of the services of tax and rate
of the Tender Document] in % only
(a) Regular Activity towards managing IT Security
1. Security log Monitoring of the IT infrastructure / IT
assets including reporting, action and follow-up for
mitigation (including Wide Area Network
monitoring )
2. Managing and monitoring of security for IT
Applications and Processes including reporting,
action, follow-up for mitigation and continuous
review with application owners.
3. Monitor / Manage / Periodic Review of the baseline
security for IT Infrastructure / IT Assets / IT
Applications
4. Security Intelligence, Advisory services, identify
threats and Monitor / Mitigate findings & threats,
Security Analysis, Mitigation & prompt reporting
5. Vulnerability Assessment
[Black Box and Grey Box]
6. Penetration Testing
[Black Box and Grey Box]
7. Malware scanning services for IT Assets deploy
tools and techniques for detection, monitor and
provide alerts, follow-up
8. Anti-Phishing services for Bank’s Web domains
including deploy vendor’s own tools and techniques
for detection, monitor and provide alerts, follow-up
9. Regular Review of Policies / Guidelines / Business
Continuity Plan / Disaster Recovery Plan / Data
Centre Operations Manual – all pertaining to
Information Technology and Information Security.
Review of observations in various IS Audit Reports
Total cost of Services towards Managed Security Services per year exclusive of all Taxes per year
is Rs……………… (in figures)
(Rupees………………………………………………………………………………………………………
…………………………Only)
1. We Confirm that the cost towards On-site Support (for Monitoring & Mitigation)
on 24x7 basis with three shifts per day with a minimum of one resources per
shift is included in the respective service charges for each of the services, as
the team is deployed for providing various services only. Separate payment
towards onsite support will not be claimed, as it is included as a part of the
respective cost of services. A phishing site once taken-down, no charges shall
be levied for subsequent take-downs in respect of the same site/URL/IP
consequent to re-activation of attacks till 180 days from date of first take-
down.
3. We confirm that the Bank is not liable to pay any other charges / fees / outflow
of whatsoever nature it be on account of rendering these services.
4. We confirm that the Bank need not pay any amount to the vendor towards any
tools / software utilized for rendering the services, except for the commercial
quoted herein above.
5. We confirm that the above commercial offer is in full & unconditional, and not
subject to any conditions / qualifications / suggestions / deviations.
6. We confirm that the above Pricing is excusive of applicable taxes, and in the
last column the taxes applicable as on date is indicated as a percentage %.
8. We are agreeable to the payment terms specified in the Tender and to provide
the services mentioned in the Tender as per the above rates specified for a
period of 3 years.
Signature: ______________________________________
(In the Capacity of:) ________________________________
NOTE :The Service Provider to submit the pricing in the commercial bid with all the bifurcations.
The Commercial Bid without bifurcation of cost for each of the activity & for each line item will be
summarily rejected
The following table provides the inventory list for infrastructure assets in scope for security monitoring
NB : This inventory could change depending upon installation of new systems and components
based on bank’s requirements, during the course of the period of assignment. The vendor chosen
shall, however, undertake to support / such new additions to the infrastructure also without any
additional commercials.
commercials.
#Cisco Router 17oo series (Access routers) provided to all the branches for WAN connectivity.
Corporation Bank
Head Office,
Information Technology Division
Mangala Devi Temple Road
Mangalore - 575 001.
AND WHEREAS, in terms of the conditions as stipulated in the TENDER, the VENDOR is required to
furnish a Bank Guarantee in lieu of the Earnest Money Deposit (EMD), issued by a scheduled
commercial bank in India in your favour to secure the order under Schedule 1 of the Tender in
accordance with the Tender Document (which guarantee is hereinafter called as “BANK GUARANTEE”)
AND WHEREAS at the request of the VENDOR and in consideration of the proposed TENDER to you,
WE, ..................................................................having
............................................................Office at..........................................................., India
have agreed to issue the BANK GUARANTEE.
1. We....................................., undertake to pay the amounts due and payable under this
Guarantee without any demur, merely on demand from you and undertake to indemnify you
and keep you indemnified from time to time to the extent of Rs........................(Rupees
..............................only) an amount equivalent to the EMD against any loss or damage
caused to or suffered by or that may be caused to or suffered by you on account of any breach
or breaches on the part of the VENDOR of any of the terms and conditions contained in the
Tender and in the event of the VENDOR commits default or defaults in carrying out any of the
work or discharging any obligation in relation thereto under the TENDER or otherwise in the
observance and performance of any of the terms and conditions relating thereto in accordance
with the true intent and meaning thereof, we shall forthwith on demand pay to you such sum
or sums not exceeding the sum of Rs......................(Rupees.........................................
only) as may be claimed by you on account of breach on the part of the VENDOR of their
obligations in terms of the TENDER.
1. Notwithstanding anything to the contrary contained herein or elsewhere, we agree that your
decision as to whether the VENDOR has committed any such default or defaults and the amount
or amounts to which you are entitled by reasons thereof will be binding on us and we shall not be
entitled to ask you to establish your claim or claims under Bank Guarantee but will pay the same
forthwith on your demand without any protest or demur.
2. This Bank Guarantee shall continue and hold good until it is released by you on the application by
the VENDOR after expiry of the relative guarantee period of the Tender and after the VENDOR
had discharged all his obligations under the Tender and produced a certificate of due completion
of work under the said Tender and submitted a “ No Demand Certificate “ provided always that the
guarantee shall in no event remain in force after the day of ...........................without prejudice
to your claim or claims arisen and demanded from or otherwise notified to us in writing before the
expiry of the said date which will be enforceable against us notwithstanding that the same is or
are enforced after the said date.
4. You will have the fullest liberty without affecting Bank Guarantee from time to time to vary any of
the terms and conditions of the Tender or extend the time of performance of the Tender or to
postpone any time or from time to time any of your rights or powers against the VENDOR and
either to enforce or forbear to enforce any of the terms and conditions of the said Tender and we
shall not be released from our liability under Bank Guarantee by exercise of your liberty with
reference to matters aforesaid or by reason of any time being given to the VENDOR or any other
forbearance, act or omission on your part of or any indulgence by you to the VENDOR or by any
variation or modification of the Tender or any other act, matter or things whatsoever which under
law relating to sureties, would but for the provisions hereof have the effect of so releasing us from
our liability hereunder provided always that nothing herein contained will enlarge our liability
hereunder beyond the limit of Rs..................( Rupees....................................only ) as
aforesaid or extend the period of the guarantee beyond the said day of ...................... unless
expressly agreed to by us in writing.
5. The Bank Guarantee shall not in any way be affected by your taking or giving up any securities
from the VENDOR or any other person, firm or company on its behalf or by the winding up,
dissolution, insolvency or death as the case may be of the VENDOR.
6. In order to give full effect to the guarantee herein contained, you shall be entitled to act as if we
were your principal debtors in respect of all your claims against the VENDOR hereby guaranteed
by us as aforesaid and we hereby expressly waive all our rights of surety ship and other rights, if
any, which are in any way inconsistent with any of the provisions of Bank Guarantee.
7. Subject to the maximum limit of our liability as aforesaid, Bank Guarantee will cover all your claim
or claims against the VENDOR from time to time arising out of or in relation to the said Tender
and in respect of which your claim in writing is lodged on us before expiry of Bank Guarantee.
8. Any notice by way of demand or otherwise hereunder may be sent by special courier, telex, fax or
registered post to our local address as aforesaid and if sent accordingly it shall be deemed to
have been given when the same has been posted.
9. The Bank Guarantee and the powers and provisions herein contained are in addition to and not by
way of limitation of or substitution for any other guarantee or guarantees here before given to you
by us ( whether jointly with others or alone ) and now existing un-cancelled and that Bank
Guarantee is not intended to and shall not revoke or limit such guarantee or guarantees.
10. The Bank Guarantee shall not be affected by any change in the constitution of the VENDOR or us
nor shall it be affected by any change in your constitution or by any amalgamation or absorption
thereof or therewith but will ensure to the benefit of and be available to and be enforceable by the
absorbing or amalgamated company or concern.
11. The Bank Guarantee shall come into force from the date of its execution and shall not be revoked
by us any time during its currency without your previous consent in writing.
12. We further agree and undertake to pay you the amount demanded by you in writing irrespective
of any dispute or controversy between you and the VENDOR.
13. Notwithstanding anything contained herein above;
ii) this Bank Guarantee shall be valid upto and including the date ............. ; and
14. We have the power to issue this Bank Guarantee in your favour under the Memorandum and
Articles of Association of our Bank and the undersigned has full power to execute this Bank
Guarantee under the Power of Attorney issued by the Bank.
Branch Manager
Seal
Address
To:
Corporation Bank
Head Office,
Information Technology Division,
Mangalore - 575 001.
AND WHEREAS in terms of the Conditions stipulated in the said Contract, the VENDOR is required to
furnish, performance Bank Guarantee issued by a Scheduled Commercial Bank in your favour to
secure due and satisfactory compliance of the obligations of the VENDOR in accordance with the
Contract ;
THEREFORE, WE, ...........................(Name of the Bank) furnish you this Performance Guarantee in
the manner hereinafter contained and agree with you as follows:
1. We, ..................................Bank do hereby undertake to pay the amounts due and payable
under this Guarantee without any demur, merely on a demand, which has to be served on us
before the expiry of this guarantee, time being essence of the contract, from you stating that
the amount claimed is due by way of loss or damage caused to or would be caused to or
suffered by you by reason of breach by the said vendor of any of the terms and conditions
contained in the Contract or by reason of the vendor’s failure to perform the said contract.
Any such demand made on us within the time stipulated above shall be conclusive as regards
the amount due and payable by us under this guarantee. However, our liability under this
guarantee shall be restricted to an amount not exceeding ` .............. (Rupees -----------
Only).
2. We undertake to pay to you any money so demanded notwithstanding any dispute/s raised by
the vendor in any suit or proceeding before any Court or Tribunal relating thereto, our liability
under these presents being absolute and unequivocal. The payment so made by us under this
guarantee shall be a valid discharge of our liability for payment there under and the vendor
shall have no claim against us for making such payment.
3. We further agree that, if demand. as stated above, is made on us within the stipulated period,
the guarantee herein contained shall remain in full force and effect and that it shall continue to
be enforceable till all your dues under or by virtue of the said contract have been fully paid
and your claims satisfied or discharged or till you certify that the terms and conditions of the
said contract have been fully and properly carried out by the said vendor and accordingly
discharge this guarantee. Provided, however, serving of a written claim / demand in terms
hereof on us for payment under this guarantee on or before the stipulated period , time being
the essence of contract, shall be a condition precedent for accrual of our liability / your rights
under this guarantee.
4. We further agree with you that you shall have the fullest liberty without our consent and without
affecting in any manner our obligations hereunder, to vary any of the terms and conditions of
the said Contract or to extend time for performance by the said vendor from time to time or to
postpone for any time or from time to time any of the powers exercisable by us against the
said VENDOR and to forbear or enforce any of the terms and conditions relating to the said
Contract and we shall not be relieved from our liability by reason of such variation, or
extension being granted to the said Vendor or for any forbearance, act or omission on our part
5. This Guarantee will not be discharged due to the change in the constitution of our Bank or the
Vendor.
6. We lastly undertake not to revoke this guarantee during its currency except with your written
consent.
(i) Our liability under this Guarantee shall not exceed `...............................................
( Rupees.........................................only ) ;
(Ii) This Guarantee shall be valid upto and including the ............(mention date); and
(Iii) We are liable to pay the guaranteed amount or any part thereof under this Bank
Guarantee only and only if you serve upon us a written claim or demand on or before
the expiry of this guarantee.
OFFICER MANAGER
• A more detailed and formal compliance audit, independently testing the ISMS against the
requirements specified in ISO 27001. The auditors will seek evidence to confirm that the
management system has been properly designed and implemented, and is in fact in operation and
will arrive at the gaps and prepare statement of applicability.
Information Security
• Review the IT asset life cycle and provide systematic procedural improvements.
• Vendor shall also review the Bank’s IT & IS policies and suggest additions if any to cover the RBI
guidelines.
• Vendor shall review & design Information Security Governance Framework in line with the Bank’s
IT and Information Security policies and Procedures.
• Provide inputs on the Data Leak Prevention strategy to be adopted by the Bank to safe guard the
sensitive Information. The document shall cover the procedures and template policies to be
implemented with DLP on Network, Web Gateway and Host.
• Provide the strategy document on Virtualization and cloud computing adoption and necessary
security controls to be implemented.
IT Operations
• Vendor shall review the existing IT Strategy policy and define strategy framework to assist IT
operations as required by Business and defined SLA/OLAs. Vendor shall also provide IT Strategy
processes/ guidelines that can be used by the banks to design, develop, and implement IT
Operation not only as an organizational capability but as a strategic asset.
• Shall define Financial Management process as described under IT operations Chapter. Provides
mechanism and techniques to IT operations to quantify in financial terms, value of IT services it
supports, value of assets underlying the provisioning of these services, and qualification of
operational forecasting.
• Service Valuation:
Vendor shall implement Service Valuation mechanism in the Bank to quantify services, which are
available to customers (internal or external) and supported by IT operations in financial terms.
Objective of implementing this mechanism assisting IT Operation functions to showcase the
involvement of function in supporting the bank's core business. The Vendor shall design and
implement Service Valuation mechanism for IT operations with two components: i.e.,
(i) Provisioning Value:
The actual underlying cost of IT, related to provisioning a service, including all fulfillment
elements–tangible and intangible. Input comes from financial systems and consists of payment of
actual resources consumed by the IT in the provisioning of services.
(ii) Service Value Potential:
Is the value-added component based on a customer’s perception of value from the service or
expected marginal utility and warranty from using the services in comparison with what is
• Event Management
Vendor should define Event Management process, which provides the guidelines which can be
used by the banks to define the framework for monitoring all the relevant events that occurs
through the IT infrastructure. It provides the entry point for the execution of many Service
Operations processes and activities.
Event can be defined as any detectable or discernible occurrence that has significance for the
management of the IT infrastructure, or delivery of IT services. "