Bank of India, Head Office, Infosec Cell - RFP For Empanelment of Isasp

BANK OF INDIA, HEAD OFFICE, INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
Noftodia
AitiaiieSyfyw£hiiikiiy
.
REQUEST FOR PROPOSAL (RFP)

For
Empanelment of Information Security and Audit Service Providers [ISASPs]
Particularly for Information Security Cell [ISC] & Information Systems Audit Cell [ISAC]
And
For other departments on need base.
Ref: HO: HO:RMD:ISC:RGP:2022-23:252

Dated: 28.02.2023
The information provided in response to this Request For Proposal (RFP) will
become the property of the bank and will not be returned. The Bank reserves
the right to amend, rescind or reissue this RFP and all amendments will be
advised to the bidders and such amendments will be binding on them. The Bank
also reser/es the right to accept or reject any or all the responses to this RFP
without assigning any reasons whatsoever.
This document is prepared by Bank of India for its Empanelment of Information

Security and Audit Sen/ice Providers [ISASPs]. It should not be reissued or
copied or used either partially or fully in any form.
NOTE: 9 Existin Em anelled vendors as er Annexure -1 need not to

apply again.
^ /B^
^°
^^.\
.
<<
FA^ I
^
y^
fl.<si.
.
I
MD
.
qn. i^-
BANK OF INDIA, HEAD OFFICE,INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
CONTENTS
PART DESCRIPTION PAGE NO.
1. INVITATION TO BID (ITB) 3
2. DISCLAIMER 8
3. INSTRUCTIONSFOR BIDDERS(IFB) 9
4. TERMS & CONDITIONS OF CONTRACT (TCC) 23
5. ADDRESSESFOR NOTICES 28
6. BID FORMS AND OTHER FORMS 29
^'^CTT«T ^
EPH..
.
.
Irttormation^ 5
® Security Cell =
. .n.
\ RMD
"s^r. ^P-
PART 1
INVITATION TO BID [ITB]
1. Back round:-
Bank of India (BOI) is Public Sector Bank with headquarters at Bandra Kurla complex, Mumbai.
Founded in 1906, it has been government-owned since nationalization in 1969. The Bank is listed
at both NSE & BSE.
Bank of India is a major Public Sector Bank having around 5100+ domestic branches in India and
around 60 Branches, Offices, JVs and Subsidiaries abroad. Domestic Branches network is being
administered in three tier administrative structure i. e. Zonal Offices [69], National Banking Groups
[12] and Head Office. Bank of India sponsors three (3) Regional Rural Banks [RRBs] viz.
Aryavart Bank (AGB), Madhya Pradesh Gramin Bank (MPGB) and Vidarbha Konkan Gramin
Bank (VKGB). Bank is offering full range of commercial banking activities including Retail,
wholesale, Foreign Exchange, Treasury Operations, SME, MSME, Large Credit, Infrastructure
Finance, various banking services through other Alternative Channels like ATMs, CMS, Card
Products etc.
2. Ob'ectives:-
The bank has its primary Data Centre [DC] and Near Site in Mumbai and its Disaster Recovery
[DR] site at Bengaluru. The Data Center serves the domestic branches in India, Overseas
Branches, Offices of the Bank and Regional Rural Banks [RRBs] sponsored by Bank of India.
The Data Center houses various other applications and resources. The database environment is
a heterogeneous mix of UNIX, Linux, HP-Unix, AIX, Solaris and Windows platforms, with
databases like Oracle, SQL, PostgreSQL, Networking devices like CISCO, Check Point etc. The
Bank has Integrated Treasury Operations in Mumbai.
With multifarious servers, databases, network devices and applications sen/ing as components of
the critical infrastructure, continuous maintenance, management and monitoring of the resources
are required.
The Bank has empaneled 9 Information Security and Audit Service Providers [ISASPs] through
open RFP dated 20. 08. 2020. The present ISASPs tenure is for five years from 1st January 2021
to 31st December 2025. The empaneled 9 ISASPs are classified into two groups, viz., Group-A
and Group-B based on their degree of capability to handle complex projects including their past
work experiences in India and abroad, total years of experience, number of skilled resources
on their payroll and their Certifications/Accreditations etc. The list of 9 empaneled ISASPs is
provided in Annexure - 1.
Page 3 73
^/B4A
;'^
^
,
^ys
St.
ion
& s^r^ce £
"-f /rt^t^. ra-
RMID
^. 1^°'
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL - RFP FOR EMPANELMENT OF ISASP
Now, Bank would like to enhance empanelment list and invite bids from the competent vendors
through Open Tendering Process. The empanelment tenure of these additional vendors will be
till 31st December 2025, i. e. at par with the existing empaneled ISASPs.
3. General Terms and Conditions in brief:-
Bank of India invites bids through Open Tendering process from the eligible Bidders to
participate in this RFP for empanelment of ISASPs under the following terms and conditions;
a) The already empaneled vendors need not apply again.

b) The empanelment period will befrom April 2023 to December 2025.
c) The prospective bidders meeting the Bank's requirement may submit their Tenders in
physical form only.
d) Fulfillment of eligibility criteria is mentioned below. These are MANDATORY and are to be
included in Technical Bid, without which the Bid is liable to be rejected.
e) Bank reserves the right to change the evaluation process for adherence to CVC guidelines
and / or better transparency and / or for better participation as it deems fit.
f) This RFP is to empanel eligible bidders to provide various services and activities related to
Information Security and Information Systems Audit or any other department ofthe Bank.
g) Bank's decision on admissible and acceptable evidences is binding on the bidder.
h) Bank have two groups of empanelment of ISASPs. Basing on the marks obtained in
Evaluation of Technical Bids, panels of the Groups will be decided by the Bank.
i) Bank will resen/e rights to use services of empaneled ISASPs as per Bank's discretion.
j) The purpose of the grouping is only to form two tiers for management convenience,
criticality of operations to be handled effectively etc.
k) It is the discretion of the Bank to decide which group an ISC / ISAC related exercise /
assignments would be allocated.
I) The Bank will communicate to the empaneled vendors about the objective, scope,
eligibility requirements, deliverables, time lines, any other information that is deemed fit for
smooth execution of the assignment and services as per the requirement of the Bank from
time to time.
m) The vendor would submit their quote regarding deployment of resources, number of man-
days required for the specific assignment.
n) The selected empaneled bidder has to provide the documentation / presentation for the
assignment for PRE and POST implementation of the services during the process of
actual process of assignment. We would also like to inform the bidders that, the Bank has
a complex infrastructure with multiple resources maintained and managed through multiple
vendors. So the bidder has to coordinate with the service providers of different
applications / system integrators [St] of the Bank to carry out assignment/s.
fM
'^pw^w '^
^
g?w.
^' Jnformatôn^ g 1\
^ Security Cell ^
-" . "'. Ci.
RMD _ */
-^. ^T. ^0'
o) Upon empanelment, Bidder is required to enter into an appropriate Service Level

Agreement [SLA], wherein Clause for active Participation in the various Assignments and
Services offered by Bank from time to time during the complete tenure of agreement.
P) Detailed tender documents consisting of Technical Bid is available under the Tender'
section on Bank's website at www. bankofindia. co. in.
4. Non Refundable Bid Amount:-
1 A non-refundable bid amount (Tender Amount) of Rs. 5, 000, - and Bid Security of
Rs. 50, 000/- to be paid by means of a demand draft / pay order of any Scheduled
Commercial Bank (SCB) favouring Bank of India, payable in Mumbai or by way of
RTGS/NEFT in bank's designated account i. e. Account No. "01220SUNCR823", Account
Name - "EMD InfoSec Cell account" having IFSCBKID0000122 (Bank of India, Bandra
Kurla Complex Branch).
2. The Micro & Small Enterprise (MSE) bidders are exempted from depositing the Bid
amount of Rs 5, 000,- subject to the submission of valid and authorized copy of
Registration certificate and exemption certificate (if applicable) from relevant authorities
they are registered with. However, the Micro & Small Enterprise (MSE) registered bidders
to deposit Bid security amount of Rs. 25, 000, -. The MSE registration certificate submitted
must be valid as on bid submission date.
3. The details of remittance to be sent mandatorily, to the bank by the bidder before the last
date/time mentioned in the RFP/Corrigendum. In case of non-receipt of remittance made
by the bidder by last date / time mentioned in the RFP/Corrigendum, the Bid Amount shall
not be considered.
4 After depositing the EMD payment, prospective Bidders are required to send an email in
this regard to email id ( Securit -Information bankofindia. co. in ) stating the transaction
details viz Amount, Date of Transfer, UTR No., Bank, sender's name, RFP Ref. No. etc.
Only upon receipt of details of payment of EMD, cost of bid document and verification of
the same by the Bank, bidder will be considered as authorized to participate in the bid. In
case of failure to submit the payment towards EMD and Cost of Bid document for any
reason, the Bidder will be disqualified for the bidding process and the bid submitted by
such bidder will be rejected at initial stage itself. Please refer to Format 6. 3.
5. Bank reserves the right to change the dates, timings etc. mentioned in the RFP, which will
be communicated by placing the same as corrigendum under e-Tender section. Any
corrigendum, clarification etc. in the subject matter will be published under e-Tender in the
same website only and no separate advertisement will be published.
Pa ofe
^; ^qn^' "^
2
tion
Information^5
urit Cell =
.
"._ .
RWID
^J^-
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL- RFP FOR EMPANELMENT OF ISASP
6. The technical bids not accompanying the cost of Bid document and /or the Bid Security
(EMD) of requisite amount as per the conditions mentioned in the RFP will be rejected and
not processed further.
7. Please note that all the information desired needs to be provided. Incomplete information
may lead to disqualification.
8. The Bank reserves the right to change or relax the eligibility criteria to ensure inclusivity.
9. The Bank reserves the right to verify / evaluate the claims made by the Bidder
independently. Any deliberate misrepresentation will entail rejection of the offer.
10.The Bids should be delivered to the address mentioned below with acknowledgement
due so as to reach before 15:00 hours on or before 15. 03. 2023. If the last day of
submission of bid is a declared holiday under Negotiable Instruments Act by the
Government subsequent to the issuance of RFP, the next working day will be deemed to
be the last date of submission of the Bid. The bids, which are received after the
abovementioned date and time, are liable to be rejected at the discretion of the Bank.
11 . The Bank shall not be liable for non-delivery of documents due to Postal/Courier delay or
lost documents in transit, etc., if any, in submitting the Bid. The Qualifying & Technical Bid
shall be opened in the presence of the representative of bidders on 15. 03. 2023 at 3:30
pm and for commercial bids the date and time will be intimated separately. The bidder's
representative if wish to, need to be present physically at our Office for Bid opening, well in
time along with the authorization letter from the bidder's company.
5. Em anelment Period:-
The empanelment of ISASPs is proposed to be from empanelment date to till 31st

December 2025. This would be subject to annual review. Bank reserves the right to
de-empanel any empanelled ISASP. Empanelment does not confer any rights on the
vendors to necessarily receive assignments / jobs. This allocation of assignments / jobs will
be at the sole discretion of the Bank. Empaneled ISASPs are required to enter into Service
Level Agreement [SLA] and Non-Disclosure Agreement [NDA]. The decision of the Bank in
this regards will be final.
yl Q^
' "'q?RT^«l °^
Information a
^wê ~^,s]
^~:ôy
6. Schedule / Relevant Dates of this RFP:-

Date and Time of commencement of 28. 02. 2023 from Bank's web site
Bid Document
Last Date and Time for Receipt of Bids 15. 03. 2023 on or before 3. 00 pm
at Bank of India
Date & time of Bid opening for technical 15. 03. 2023 @ 3. 30pm
evaluation
Queries regarding bid to be received by 04. 03. 2023 before 4. 00 pm
e-mail onl
Date and Time of Pre-bid meeting 08. 03. 2023@ 3. 00 pm
if re uired
Contact Persons : For any enquiry Shri Rajkumar Pamnani, Chief Manager, ISC
about scope of work and eligibility Email:
criteria Pamnani. Ra'kumar bankofindia. co. in
Contact No. 022- 6668 4784
Shri Vinay Mishra, Chief Manager, I&A
Email: Vina . Mishra bankofindia. co. in
Contact No. 022-6131 9444
Contact Persons: For submission of Shri Nitin I, Officer.
Bids, various timelines etc. Email: NITIN. I bankofindia. co. in
Contact No. 022-6668 4986
Alternate Email:
Securit . Information bankofindia.co.in
Address for Communication The General Manager,
Bank of India, Head Office
Risk Management Department,
Information Security Cell,
3rd Floor East Wing, Star House 1, C-5, G
Block, Bandra Kurla Complex (BKC), Bandra
East,
Mumbai - 400 051
Phone No. : 022-6668 4986
Submission of bid. The Technical Bid has to be physical submitted
in a sealed envelope. The envelop shall be
clearly marked as "Technical Bid" for"Bank of
India - RFP empanelment of ISASPs - RFP
Ref: HO:RMD:ISC:RGP:2022-23:252 dated:
28.02.2023".
Do not open before 15.03.2023, 3:30 pm
Bank reserves the right to change the dates / time mentioned in the RFP if any, which
will be communicated to bidders through Banks' Website as Corrigendum separately.
^ rw <%.
in
Information
"^\
Securit Cell S
EN1D *
^. /^.°- '
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL - RFP FOR EMPANELIVIENTOF ISASP
PART - 2
DISCLAIMER
The information contained in this Request for Proposal (RFP) document or information provided
subsequently to bidder(s) or applicants whether verbally or in documentary form by or on behalf
of Bank of India (BOI - Bank), is provided to the bidder(s) on the terms and conditions set out in
this RFP document and all other terms and conditions subject to which such information is
provided.
This RFP is neither an agreement nor an offer and is only an invitation by BOI [Bank] to the
interested parties for submission of bids. The purpose ofthis RFP is to provide the bidder(s) with
information to assist the formulation of their proposals. This RFP does not claim to contain all the
information each bidder may require. Each bidder should conduct its own investigations and
analysis and should check the accuracy, reliability and completeness of the information in this
RFP and where necessary obtain independent advice. BOI makes no representation or warranty
and shall incur no liability under any law, statute, rules or regulations as to the accuracy, reliability
or completeness of this RFP. BOI may in its absolute discretion, but without being under any
obligation to do so, update, amend or supplement the information in this RFP.
%§^feaf73
/r ^/^
/^ .g^RT^HT-tf^
il?w . s
, p information ^
-, . ^. e.
\<- , '^' *.
'v :. %T. /'rtP--
PART - 3
INSTRUCTIONS FOR BIDDERS (IFB)
TABLE OF CLAUSES
Clause
No. Topic Clause N Topic
A. Introduction D. Submission of Bids
3.1 General Background 3. 15 Preliminary Examination
3.2 Broad Scope of Work 3. 16 Technical Bid Evaluation Table
3.3 Consortium 3. 17 Awarding of Assignment
3.4 Cost of Bidding. 3. 18 Contracting the Bank
3.5 Eligibility Criteria E. Award of Contract
B. Bidding Documents 3. 19 Bank's Rights
3.6 Content of Bidding Documents 3.20 Notification of Award
3.7 Clarification of Bidding Documents 3. 21 Signing of Contract
3.8 Amendment of Bidding Documents
C. Preparation of Bids
3.9 Language of Bid
3. 10 Format / Documents & Signing of the

Bid
3. 11 Documents establishing Bidder's
Eli ibilit and Qualifications
3. 12 Documents establishing eligibility

and conformit
3. 13 Bid Security
3. 14 Period of Validity of Bids
Pa 73
^w/8^
V" '^
,
%". "1
^ z
.
curityCell °,
^'". £/
,. RMD * /
<?^/HP>>
A. Introduction
3. 1 General Background
Bank of India (hereinafter referred to as the "Bank") intends to enhance existing^ list_of
empaneled of reputed Information Security and Audit Service Providers [ISASP],
Information Security [IS] Consulting Organisations, Information Technology [IT] Auditors,
Information Systems [IS] Audit Agencies / Firms [including Chartered Accountant Audit
Firms with CISA qualified Auditors], Cyber Security Auditors and Forensic Consultants etc.
for carrying out various activities, assignments and assistance to Information Security and
IT / IS A'udit related work of Information Security Cell [ISC] in Risk Management
Department and Information Systems Audit Cell [ISAC] in Inspection and Audit
Department of the Bank in particular and to other departments on need base.
The Bank has mixed environment of IT outsourcing and managing in-house. During the
past decade, the Bank has strengthened its IT infrastructure. To embark upon its
ambitious growth plan and meet present and future need of Bank's business, Bank is
under process of undergoing IT up gradation process with latest available technology.
The complexity of bank's IT operations has really increased demanding higher level of IS
skills and Monitoring the IS Operations, as IS Audit requirements as well.
The Bank invites 'Request for Proposal [RFP] from reputed Companies / firms /Service
Providers who have proven experience in the field of work related to Information Security,
IT/IS Audit, Forensic Audit, Cyber Security and related work and fulfil the eligibility criteria
as laid down in this document.
Bank intends to have an Empanelment of Information Security and Audit Service Providers
[ISASPs] for Information Security / IT & IS Audit related work, till 31st December 2025_at
Bank's discretion. This would be subject to annual review. In case the empaneled ISASP
do not respond to the quotation / inquiry by Bank on three occasions or do not
perform / execute the assignment during the validity of the empanelment, they may
be delisted from the Panel by the Bank. The decision of the Bank will be final and
binding to the Empaneled ISASPs.
3. 2 Broad Scope of Work [SoW]
Types of present and future activities and services required by our ISC and ISAC ofjhe
Bank are covered / defined in this RFP is illustrative and indicative but not exhaustive. The
scope may also undergo changes / updates due to implementation of new products,
technology, projects, configuration requirements, business needs, legal and regulatory
requirements etc. Broad SoW is as under;
P -KB.Qf73
' j~s^
"ÊHT^W^
^".. . 's'
Information g
^.;ft *'
^.°>*
1) Services on Information Security & Audit Projects and Security Certifications

2) Assistance in implementation of ISC and or ISAC related Project/s and Tools
3) IT and IS Audits including Outsourced Activities and Third Party Audits.
4) Technological Risk Assessment [TRA], Risk Profiling and Threat Perception of Assets,
GAP Analysis, Third Party Outsourcing Activities etc.
5) Documentation - Policy, Process, Procedure Creation / Review / Modification etc.
6) Immediate Risk Mitigation Measures / suggestive steps
7) Vulnerability Assessment [VA] & Penetration Testing [PT]
8) IT Project / Process / Framework Consultancy
9) Application Security Testing
10) ISC and ISAC related work related Application Development and Services
11) Secured Configuration Documents [SCDs]
12) NetworkAudit and DatabaseAudits
13) Migration audits for ex. CBS / IB Version Migration Audit etc.
14) Cyber Security Audit
15) Application Audits / Website Audit / ATM Network Audit
16) Fraud Investigation
17) Forensics Investigation
18) BCP / DR Preparedness/ Readiness
19) Data Center, Treasury Branch, DR / NR Sites / Data warehouse Audit
20) Assistance in Training and Security Awareness
21) Assurance Services as per Regulatory requirements where Bank has Branches / Offices
22) Advanced Real Time Threat Intelligence including Anti-Phishing, Anti- Trojan, and Anti-
Malware Services, Zero Day Vulnerabilities etc. services for Security Project
Management and Services.
23) Assistance in Compliance for ex. VA/PT compliance/remediation on man-hours rate
contract basis, SOP Preparation for Critical Processes / Applications etc.
24) Assist / suggest ISC / ISAC related changes due to transformative technology like
Mobility, Virtualisation, Cloud, Social Networking, Service-Oriented Architecture (SOA),
Artificial Intelligence (Al) Solutions, Block Chain or due to new / modified regulations like
GDPR / PDPA etc.
25) Assess & Develop IS performance dashboard focused on ROI with a mechanism and
process to convey value of investment on IS infrastructure across the Bank including
Top Management using industry standard Benchmark
26) Assisting in Network Security including Virtualisation, wireless & Mobile Technologies
27) Review/ set up IS Controls, Standards, Metrics their effectiveness and adequacy
28) Consultancy services for technical solution implementation for ex. ITSM, ITAM, IT-GRC,
DLP Implementation Support / Audit,
29) Any other activity as decided by the Bank during the empanelment period.
Page 11of 73
-^s^/^
, ".^
fwh
^^f^rifyc°,
!l^ n, S
w- ^^^/,j
^^MO
3. 3 Consortium
Any type of formation of consortium, sub-contracting and joint assignment will not be allowed /
considered. Such proposal will be disqualified.
3. 4 Cost of Bidding
The Bidder shall bear all costs associated with the preparation and submission of its Bid /
POC / Presentations etc., and the Bank will in no case be responsible or liable for these
costs, regardless of the conduct or outcome of the Bidding process.
3.5 Eligibility Criteria - Pre-Requisite Qualification
The Bid is open to all Bidders who fulfil the following eligibility criteria. Bidders are required to
submit their Bids along with supporting documents. If the Bid is NOT accompanied by ALL the
required documents together with CHECK LIST as per FORMAT - 6. 13 supporting and
confirming eligibility criteria, the same would be REJECTED. No further communication will be
entertained in this regards.
Sr. Eligibility Criteria Enclose - Required To be

No. Documents as Proof Marked as
1 Bidder should be Indian Company / Firm / Certificate of Incorporation EC -1
Organisation, registered in India under / Date of Establishment /
Companies Act 1956 or related Act at least for Registered Organisation.
the past FIVE years i. e. established on or
before01.04.2018.
Bidder should be empaneled with CERT-IN. CERT-IN Certificate EC-2
Bidders should have experience & expertise in 1 > Details of Assignments EC - 3

handling Assignments / Services related to IS / and Experience Certificate
IS-IT Audit in India in BFSI Sectors in last from BFSI Sectors
THREE years i. e. On or after 01. 04. 2019. together with PO/
Engagement Letter as per
They must have carried out Minimum TWO FORMAT- 6.6.
Information Security and or IS Audit related 2> Number of different
Assignments in BFSI during preceding year types of activities carried
i. e. on or after 01. 04. 2021 for a duration of out in Banks in past 3
minimum 15 Man-Days. years i. e. after 01. 04. 2019
FORMAT- 6.7.
y-f-,
f'f's"..%
Irtfor'mation. g
"' r^'. 7' '.v ell S
^ -.KX
.
* 'MD *
^^/^p-
Fair Practice Code by Bidder - No [Black SeIf-Declaration giving EC-6

Listing, Barred, Litigation] by ANY full details of Blacklisting,
Regulator / Statutory Body / Sector. litigations etc. [if any
Present and Past Litigations / Disputes [if please give results /
any], Out come and present status - Self present status with proof
Certificate. as an evidence.]
Bidder should have Minimum TEN staff with Provide details of No. of EC-7
any of the following
qualifications / staff having listed
Certifications. certificates after avoiding
CISA, CISSP, CISM, PCI-DSS, ISO 27001 duplication. Multiple
LA/LI Holder, COBIT Certificate Holder, CEH, Certificate Holders will be
ISO 22301 LA/LI, CCNA, COBIT Certification, counted once only. Total
CRISC, CHFI, GIAC, SSCP 10 Staff.
FORMAT - 6. 8.
Any Other Specialised Products / Domains
related Professional Qualifications /
Certifications [Please Specify].
The Auditor/ Firm/ Company/LLP or its group Self-Declaration EC-8
company / subsidiary company / holding
company /affiliate /associate company /
partner should not be black listed and/ or
banned and /or barred and / or disqualified
and /or prohibited by SEBI and /or RBI and
/or NCLT and/ or NCLAT and / or any court of
law and / or quasi-judicial authority / and or
any other statutory and / or regulatory
authority, in undertaking any work directly or
indirectly which is required to perform as
stated in this RFP and/ or issuance of any
certificate of audit directly or indirectly with
respect to the work sated herein the RFP.
Check List of Enclosures of all related As per the CHECK List. EC-9
documents including Bid Amount of Rs. 5, 000,= FORMAT-6.13.
NOTES on Qualification / Eligibility Criteria:-
1> Assignments done during past three years i.e. on or after 01. 04.2019 should only be
mentioned.
2> While it is desired to empanel vendors of versatile exposure and resources in the
Pa 13 of 73
(ST-
"^.
f^^ ruri))aiioi! z
'''. ^cell . >.
^. srX~" &/
.
IWD_ */
^. /H.O- '/
Information Security and IS / IT Audit related activities for entrusting jobs from time to time
in any of the areas mentioned hereinabove, Bank at its sole and absolute discretion,
may opt for empanelment of firms with well-known specialised expertise in specific areas,
for limited empanelment for some specified activities only, in case of not fully and/or
partly complying with all and/or any of clauses stated above but are able to present
equivalent expertise in their specific areas, for specificjobs on a case to case basis.
3> ALL Documents are to be signed by the Authorised Signatories of the Bidders.
4> Supporting documents shall be copy of Work Order [PO], letters from clients on their letter
head, contacts of clients including Scope of Work [SoW] for all the relevant assignments
carried out during past three years from the date of 1stApril 2019.
5> Brochures / Emails attached shall not be considered for evaluation.
6> Information Security and IT/ IS Audit Services does not include sale of Products.
7> The Eligibility criteria mentioned in the RFP like turnover, staff experience, number of
qualified staff etc., should be maintained by the service provider till the end of the
empanelment period/contract period.
8> CHECK LIST in FORMAT- 6. 13 must be enclosed.
B. The Bidding Documents
3. 6 Content of Bidding Document/s
3. 6. 1 The Solution required, Bidding procedures, and contract terms are prescribed in the
Bidding Documents. The Bidding Documents includes:
(a) PART 1 - Invitation To Bid (ITB)

(b) PART 2 - Disclaimer
(c) PART 3 - Instruction For Bidders (IFB)
(d) PART 4 - Terms and Conditions of Contract (TCC)
(e) PART 5- Addresses for Notice
(f) PART 6 - Bid Forms (BF)
3. 6. 2 The Bidder is expected to examine all instructions, forms, terms and specifications in the
Bidding Document. Failure to furnish all information required by the Bidding Document or
to submit a Bid not substantially responsive to the Bidding Document in every respect will
be at the Bidder's risk and may result in the rejection of the Bid. We repeat to confirm the
CHECK LIST in FORMAT- 6. 13 before submitting the Bid document to the Bank.
3. 7 Clarification of Bidding Document/s

3. 7. 1 Bidder / requiring any clarifications, queries, questions etc. on the Bidding Document
[RFP] may notify the Bank by e-mail only.
^Se^-9i73
; / B/l4^\,
' <?<k\
^>s... -. s\
information 51
^vs- «7
^y
3. 7. 2 Pre-bid meeting is required will be intimated separately by email.
3.8 Amendment of Bidding Documents
3. 8. 1 At any time prior to the deadline for submission of Bids, the Bank, for any reason,
whether, at its own initiative or in response to a clarification requested by a prospective
Bidder, may modify the Bidding Document/s, by amendment.
3. 8. 2 All prospective Bidders will be notified of the amendment, if any, by Bank hosting the same
on the Banks' website which will be final and binding on all the bidders. It will be the
responsibility of the bidders to regularly visit the Banks' website for any amendments from
time to time and respond accordingly. No other intimation will be given by the Bank.
3. 8. 3 In order to allow prospective Bidders reasonable time in which to take the amendment into
account in preparing their Bids, the Bank, at its discretion, may extend the deadline for the
submission of Bids.
C. Preparation of Bids
3. 9 Language of Bid
The Bid prepared by the Bidder, as well as all correspondence and documents relating to
the Bid exchanged by the Bidder and the Bank and supporting documents and printed
literature shall be written in English.
3. 10 Format / Documents & Signing of the Bid
All the documents submitted by bidder shall be duly signed by the authorised
signatory.
3. 10. 1 Each bid shall be in one part i. e. Technical Bid Form (in FORMAT-6. 11)
Bids are liable to be rejected, if it is incomplete.
3. 10. 2 The Bid shall be signed by the Bidder or a person or persons duly authorized to bind
the Bidder to the Contract. The person or persons signing the Bids shall initial all pages
of the Bids, except for un-amended printed literature.
3. 10. 3 Any inter-lineation, erasures or overwriting shall be valid only if they are initialled by the
person signing the Bids. The Bank reserves the right to reject bids not conforming to any
of above.
p ^7.3
^s^,
' '"for^, o. Si
^. ^. -;
WD
.
^. /K.O
3. 10. 4 Documentary evidence establishing that the Bidder is eligible to Bid and is qualified for
ISASP Empanelment as per CHECK LIST of evidences in FORMAT No. 6. 13 of the
Bidding Document if it's Bid is accepted.
3. 10. 5 A Non-disclosure Agreement as per FORMAT - 6.2
3. 10. 6 Service Level Agreement (SLA) as per FORMAT - 6. 14
NDA & SLA to be executed b the short listed bidders at the time of em anelment
Inte rit Pact - After em anelment the ISASPs shall submit the Inte rit Pact IP
to the Bank as a licable to artici ate in the closed biddin RFP rocess
3. 11 Documents Establishing Bidder's Eligibility and Qualifications
3. 11. 1The Bidder shall furnish, as part of its Bid, documents establishing the Bidder's eligibility
to Bid and its qualifications to be empanel as ISASPs, if its Bid is accepted.
3. 11. 2 The documentary evidence of the Bidder's qualifications to empanel as ISASPs if it's Bid
is accepted shall establish to the Bank's satisfaction:
a) That the Bidder has the technical and professional capability necessary to perform the
Contract as per Organization Profile;
b) That adequate, specialized expertise is already available to ensure that the support
services are responsive and the Bidder will assume total responsibility for the operation
and assignment on continuous real time basis.
3. 12 Documents Establishing Eligibility and Conformity to Bidding Documents as per

Evaluation process prescribed by the Bank.
3. 13. Bid Security

Upon empanelment as ISASPs, the Bidder may require to furnish bid security at the time
of actual assignment decided for the respected activity. The Bid security is required to
protect the Bank against the risk of Bidder's conduct, which would warrant the security's
forfeiture. The Bid security shall be denominated in Indian Rupees and shall be in the
form of bank guarantee issued by a scheduled commercial bank.
In case the Bidder is not ready to offer as above, will be rejected by the Bank, as non-
responsive.
of 73
The successful completion of the assignment/s, Bid security will be discharged.
The Bid security may be forfeited:

a) if a Bidder withdraws its Bid during the period of Bid - assignment validity specified by
the Bidder on the Bid Form; or
b) if a Bidder makes any statement or encloses any form which turns out to be false /
incorrect at any time prior to signing of Contract; or
c) in the case of a successful Bidder, if the Bidder fails;
(i) to sign the Contract; OR
(ii) to furnish Performance Security OR
(iii) to furnish NDA & SLA
3. 14 Period of Validity of Bids

Bids shall remain valid for 180 days from the date of opening of the Bid. A Bid valid for a
shorter period shall be rejected by the Bank as non-responsive.
In exceptional circumstances, the Bank may solicit the Bidders' consent to an extension of
the period of validity. The request and the responses thereto shall be made in writing.
D. Submission of Bids
The prospective bidders meeting the Bank's requirement may submit their bids physically
at the following address:
The General Manager,

Bank of India, Head Office
Risk Management Department,
Information Security Cell,
3rd Floor East Wing, Star House 1, C-5, G Block,
Bandra Kurla Complex (BKC), Bandra East,
Mumbai-400051.
The Technical Bid has to be physical submitted in a sealed envelope. The envelop shall be clearly
marked as "Technical Bid" for "Bank of India - RFP empanelment of ISASPs - RFP Ref:
HO:RMD:ISC:RGP:2022-23: dated: 28. 02. 2023". Do not open before 15. 03. 2023, 3:30 pm
The Bank may, at its discretion, extend this deadline for the submission of Bids by
amending the Bid Documents, in which case, all rights and obligations of the Bank and
Bidders previously subject to the deadline will thereafter be subject to the deadline as
extended.
During evaluation of the Bids, the Bank, at its discretion, may ask the Bidder for
clarification of its Bid. The request for clarification and the response shall be in writing.
. fe.3
^
Information §
^ rt.fsr.
.
D *
^. /^.0-
3. 15 Preliminary Examination
The Bank will examine the Bids to determine whether they are complete, required formats
have been furnished, the documents have been properly signed, and the Bids are
generally in order.
The Bank may, at its discretion, waive any minor infirmity, non-conformity, or irregularity in
a Bid, which does not constitute a material deviation.
Prior to the detailed evaluation, the Bank will determine the substantial responsiveness of
each Bid to the Bidding Document. For purposes of these Clauses, a substantially
responsive Bid is one, which confirms to all the terms and conditions of the Bidding
Document without material deviations. Deviations from, or objections or reservations to
critical provisions, such as those concerning Bid Security, Applicable Law, Performance
Security, Qualification Criteria, Insurance, Contract, AMC and Force Majeure will be
deemed to be a material deviation. The Bank's determination of a Bid's responsiveness is
to be based on the contents of the Bid itself, without recourse to extrinsic evidence. The
Bank reserves the right to evaluate the bids on technical & functional parameters including
possible visit to inspect live site/s of the Service providers and witness demos,
presentations or undertake a POC exercise of the system and verify functionalities,
response times, users acceptability etc.
If a Bid is not substantially responsive, it will be rejected by the Bank and may not
subsequently be made responsive by the Bidder by correction of the non-conformity. The
bank may, at its sole discretion, opt for a technical evaluation.
In case of the successful bidder, the Bank will evaluate the capability of the bidder to fulfil
the requirements. If the Bank is not satisfied with the offerings, the Bank may cancel /
remove from empanelment from ISASPs without incurring any liability to anybody
whatsoever.
The Bank's determination of a Bid's responsiveness will be based on the contents of the
Bid itself, without recourse to extrinsic evidence.
Bid Evaluation Weightage - Bank intends to arrive at TWO GROUPS i.e. Group A &
Group B, based on the Highest Scorer list of Bidders.
$8 ôf73
^Tt"'^^'^
^î^
tl^. -^,
^^
.
^^/
BANK OF INDIA, HEAD OFFICE, INFOSEC CELL - RFP FOR EIWPANELMENT OF ISASP
3. 16 Technical BID Evaluation
Sr. Activities / Details Max Marks Scored

No. Marks
Total No of Assignments carried out in BFSI related to IS / ISAC 25

Activities in Indiaas declared in FORMAT-6. 10 to be submitted by
the Bidder. Proof need to be submitted. - One Mark per
Assignment / Purchase Order [Maximum 3 Marks for 3 years for
same / similar activity] for different activities in different
organisations.
Total No of Assignments carried out for IS / ISAC related activities 15

for their Global Clients as per the LISTenclosed as an evidence by
the Bidder. One Mark per Assignment / Purchase Order after
01.08.2019[i.e. during past three years].
Total No. of Skilled Employees / Resources available as per the 15

enclosed LIST of Employees with their Credentials / Certifications
related to IS / ISAC Activities given in the FORMAT- 6. 8.
11 to 25 Employees 05 Marks
26 to 50 10 Marks
Over 51 15 Marks
No. of Years' Existence/Establishment in IS/ISAC related activities 10

in INDIA in BFSI Sector. Evidence of the 1st Assignment to be
enclosed as a proof of Experience (One Mark per year).
Technical Skill Credentials (extra ordinary activities) - Proprietary 10

Tools Developed, R&D Work Done, Papers Published, Forensic
Assignment Carried out. Other Value added Services and
Additional Deliverables, Proprietary Tools, Dashboards, Training,
Knowledge sharing, etc. Attach Evidences as a proof, (each
activity will carry 1 mark)
Certifications/Accreditations relevant to IS/ IS Audit Services Q5

received from Gol, RBI, IDRBT, IBA, Gartner, BFSI Sector or any
other independent Authority. - One Mark per valid current
Certificate
Presentation on Audit Methodologies, with description of Tools, 20

Utilities, Templates Developed / used during execution of previous
assignments.- (To be Submitted by Firm as part of Technical Bid
document - not more than 20 slides)
TOTALmarks -IQQ
ymy^
°^
^^°i\
a?" ..<«»< %.s
.
i"<°^:t^^2
^ -^.vf'- ^
RWtD^
^^-^. ^:0
Bank shall have Technical Evaluation based on following broad criteria/parameters;
1> Only qualifying eligible bidders will be considered for Technical Evaluation.
2> As per inputs and information provided in the bid, Services undertaken, presentations
by bidders, site visits [if required], existing customers feedback, highlights of noteworthy /
superior features of their services. Noticeable State of the Art Services, Capabilities
proposed and demonstrated, Future IS threats, Vision, future requirements NOT
highlighted by the Bank in the RFP, Specialised Services like Forensic Services etc.
offered. Bidder to provide evidences to substantiate their claims. This includes in house
capabilities, Proprietary Tools developed, Additional Support facility provided etc. Broad
base of Technical Evaluation weightage by the Bank Team / Committee will be as under;
a. Variety of Experience
b. Proposed Methodology and Work Plan
c. Professional Staff
d. Execution Capabilities
e. Specialised Services Offered
f. Other like Vision, Tools, Support Offered, Client Opinion etc.
3> To qualify, Bidders must score minimum 55 Technical Score in Technical Evaluation.
4> Bank proposed to shortlist the Firms in TWO groups base on Technical Score as
under;
Group "A" 76 and Above Tech. Score

Group "B" 55 to 75 Tech. Score
Bidders scoring less than 55 Tech. Score will not be considered.

Bank may change / modify captioned criteria / parameters of Evaluation procedure
etc. at its sole discretion. Bank will decide on evaluation and weightage of
marks on the evidences / proof (acceptable to the bank) submitted and
presentation made by the bidder. The decision of the bank will be final. Bank
has right to verify, seek confirmation on the evidences furnished by the
bidders from the respective BFSI / Organisations.
The Bank may use the services ofexternal consultants for bid evaluation, if required.
Allocation / Distribution of activities / assignments to different Group or any other

Empaneled Bidders will be solely at the discretion of the bank.
Empanelment by the Bank does not constitute any right on the vendor to receive
assignments / activities / work orders.
_ 2.0 of 73
(/ ^^
^w^ffl'<^\
â., _ -i\
tnfom'ation a;
BANK OF INDIA, HEAD OFFICE, INFOSECCELL- RFP FOR EIWPANELMENTOF ISASP
3. 17 Awarding of Assignment and Technical Bid Evaluation
This is an empanelment only, the actual job allocation or Scope of Work [SoW] will be a
dynamic time to time activity and in any areas of ISC / ISAC related activities as required by
Bank. A separate close tender will be circulated to the empaneled ISASPs.
Bank can, at its sole and absolute discretion, prefer multiple price models including piece
rates for some activities or techno-commercial bids for any specific activities or
assignments from time to time.
Entire process of Awarding actual assignment and Services is explained by giving an

illustration as under; [However, this process is illustrative. Bank at discretion may adopt /
change the process / parameters with prior intimation to respective empaneled bidders]
3. 18 Contacting the Bank
a> No Bidder shall contact the Bank on any matter relating to its Bid, from the time of
opening of Bid to the time the Contract is awarded.
b> Any effort by a Bidder to influence the Bank in its decisions on Bid evaluation, Bid
comparison or contract award may result in the rejection of the Bidder's Bid.
E. Award of Contract
3. 19 Bank's Right to Accept Any Bid and to reject any or All Bids.
The Bank reserves the right to accept or reject any Bid in part or in full at any time prior to
contract award, without thereby incurring any liability to the affected Bidder or Bidders or
any obligation to inform the affected Bidder or Bidders on the grounds for the Bank's
action.
3. 20 Notification of Award
Prior to expiration of the period of Bid validity, the Bank will notify the successful Bidder in
writing or by fax or by mail, that its Bid has been tentatively accepted. The notification of
award will constitute the formation of the Contract.
î%^
^RT^TW ^
i"for^6ri i I
iecurity Cell g
W1D _ *
^. ^Q-
3. 21 Signing of Contract
At the same time as the Bank notifies the successful Bidder that its Bid has been
accepted, the Bank will send the Bidder the Contract Form as per Format 6. 4,
incorporating all agreements between the parties.
At the same time the Bank would call the bidder to study the requirements and assure
itself that they are capable of fulfilling the requirements.
The successful Bidder shall sign and date the Contract and return it to the Bank.
Note:
Notwithstanding anything said above, the Bank reserves the right to reject / award the
contract to any vendor or cancel the entire RFP process without assigning any reasons
thereto.
**********
4: TERMS AND CONDITIONS OF CONTRACT (TCC)
TABLE OF CLAUSES
Clause Topic Clause Topic
No. No.
4.1 Definitions
4.2 Country of Origin

Use of Contract Documents and
4.3
Information
4.4 Contract
4.5 Payment
4.6 Contract Amendments
Delay in Supplier's
4.7
Performance
4.8 Force Majeure
4.9 Termination for Insolvency
4. 10 Resolution of Disputes
4. 11 Governing Language
4. 12 Applicable Law
4. 13 Taxes and Duties
pa / f;73
J^_/ ^
'^RT^m'<^\
ww -;-:'
o Information Z|
V
4: TERMS AND CONDITIONS OF CONTRACT (TCC)
4. 1. Definitions
In this Contract, the following terms shall be interpreted as indicated:
4. 1. 1 Vendor is the successful Bidder who has been determined to qualify to perform the
Contract / assignment satisfactorily, and whose Bid has been determined to be substantially
responsive.
4. 1. 2 "The Contract" means the agreement entered into between the Bank and the Service
Provider, as recorded in the Contract Form signed by the parties, including all attachments
and appendices thereto and all documents incorporated by reference therein;
4. 1. 3 "The Contract Price" means the price payable to the Service Provider under the Contract for
the full and proper performance of its contractual obligations;
4. 1.4"TCC" means the Terms and Conditions of Contract contained in this section;
4. 1. 5 "System" means a Computer System consisting of all Hardware, Software, etc., which
should work together to provide the services as mentioned in the Bid and to satisfy the
Technical and Functional Specifications.
4. 1. 6 "Software" means Application/System software, Database, Middleware and other third

party utilities which will seamlessly integrate with the environment described in this
document without any hitch or hindrance.
4. 1. 7 In case of a difference of opinion on the part of the Bidder in comprehending and/or

interpreting any Clause / Provision of the Bid Document after submission of the Bid, the
interpretation by the Bank shall be binding and final on the Bidder.
4.2 Country of Origin
All services to be supplied under the Contract shall have their origin in eligible source
countries, as per the prevailing Regulations in India.
^^^f"
^raT^W'<3,\
;PH -:!
Information Z
S urit Cell 5;
t
I. ICi. ^ ,
* .. .. 0 'k.
^. i^^
4. 3 Use of Contract Documents and Information
4. 3. 1 The Service Provider shall not, without the Bank's prior written consent, disclose the
Contract, or any provision thereof, or any specification, plan, sample or information
furnished by or on behalf of the Bank in connection therewith, to any person other than a
person employed by the Service Provider in the performance of the Contract. Disclosure to
any such employed person shall be made in confidence and shall extend only as far as
necessary for purposes of such performance.
4. 3. 2 The Service Provider shall not, without the Bank's prior written consent, make use of any
document or information enumerated in this Bidding Document except for purposes of
performing the Contract.
4. 3. 3 Any document, other than the Contract itself, enumerated in this Bidding Document shall
remain the property of the Bank.
4. 4 Contract
4.4. 1 The empanelment is for 5 years and reviewed on annual basis. The decision of the bank
will be final and binding to all Service Providers.
4.4. 2 Contract Uptime
During the Period of contract, Service Provider will maintain the services as per contract.
4. 5 Payment
4.5. 1 Payment shall be made in Indian Rupees.
4. 5. 2 The price quoted shall be all-inclusive (including VAT if any). Only GST if applicable will be
paid extra.
4. 5. 3 All payments shall be made net of taxes, if any i. e. Less Tax Deduction at Source (TDS).
4. 6 Contract Amendments
No variation in or modification of the terms of the Contract shall be made, except by

written amendment, signed by the parties.
Pa{
?^T/^
^" w^
'"fom . . ^}
ê"^
"^^.y
4. 7 Delay in the Peri'ormance & Liquidated Damages
Bank will decide the penalty clause at the time of actual assignment awarded.
4. 8 Force Majeure
4. 8. 1 Notwithstanding, the provisions of TCC, the Supplier shall not be liable for forfeiture of its
performance security, liquidated damages, or termination for default if and to the extent
that it's delay in performance or other failure to perform its obligations under the Contract
is the result of an event of Force Majeure.
4. 8.2 For purposes of this clause, "Force Majeure" means an event beyond the control of the
Service Provider and not involving the Supplier's fault or negligence and not foreseeable.
Such events may include, but are not restricted to, acts of the Bank in its sovereign
capacity, wars or revolutions, fires, floods, epidemics, quarantine restrictions, and freight
embargoes.
4. 8.3 If a Force Majeure situation arises, the Service Provider shall promptly notify the Bank in
writing of such condition and the cause thereof. Unless otherwise directed by the Bank in
writing, the Supplier shall continue to perform its obligations under the Contract as far as is
reasonably practical, and shall seek all reasonable alternative means for performance not
prevented by the Force Majeure event.
4. 9 Termination for Insolvency
The Bank may, at any time, terminate the Contract by giving written notice to the Service
Provider if the Service Provider becomes bankrupt or otherwise insolvent. In this event,
termination will be without compensation to the Service Provider, provided that such
termination will not prejudice or affect any right of action or remedy which has accrued or
will accrue thereafter to the Bank.
4. 10 Resolution of Disputes
4. 10. 1 The Bank and the Service Provider shall make every effort to resolve amicably by direct
informal negotiation, any disagreement or dispute arising between them under or in
connection with the Contract.
4 10. 2 If, the Bank and the Service Provider have been unable to resolve amicably a Contract
dispute even after a reasonably long period, either party may require that the dispute be
referred for resolution to the formal mechanisms specified herein below. These
mechanisms may include, but are not restricted to, conciliation mediated by a third party
and/or adjudication in an agreed national forum.
Pa 26 of 73
^'B^
'^prnyw^
"-TOt.. s\
;urity_C»ll 5;
^. R.
WD
<F^. ^°>
4 10. 3 The dispute resolution mechanism to be applied shall be as follows:
(a) In case of Dispute or difference arising between the Bank and the Service Provider
relating to any matter arising out of or connected with this agreement, such disputes or
difference shall be settled in accordance with the Arbitration and Conciliation Act, 1996.
The third Arbitrator shall be chosen by mutual discussion between the Bank and the
Service Provider.
(b) Arbitration proceedings shall be held at Mumbai, and the language of the arbitration
proceedings and that of all documents and communications between the parties shall
be English;
(c) The decision of the majority of arbitrators shall be final and binding upon both parties.
The cost and expenses of Arbitration proceedings will be paid as determined by the
arbitral tribunal, hlowever, the expenses incurred by each party in connection with the
preparation, presentation, etc., of its proceedings as also the fees and expenses paid
to the arbitrator appointed by such party or on its behalf shall be borne by each party
itself.
4. 11 Governing Language
The governing language shall be English.
4. 12 Applicable Law
The Contract shall be interpreted in accordance with the laws of the Union of India and the
Bidder shall agree to submit to the courts under whose exclusive jurisdiction the Registered
Office of the Bank falls.
4. 13 Taxes and Duties
4. 13. 1 The Service Provider will be entirely responsible for all applicable taxes, duties, levies,
charges, license fees, road permits, etc. in connection with delivery of Solution at site
including incidental sen/ices and commissioning. Only applicable GST tax would be paid
extra. Applicable TDS would be deducted at the time of actual payment.
4 13. 2 Income / Cor orate Taxes in India:
The Service Provider shall be liable to pay all corporate taxes and income tax that shall be
levied according to the laws and regulations applicablefrom time to time in India and the
price bid by the Service Provider shall include all such taxes in the contract price.
PARTS
Addresses for Notices
The following shall be the address of the Bank.
Bank's address for notice ur oses:
Bank of India, Head Office,

Risk Management Department, Information Security Cell,
Star House 1, 3rd floor, East Wing, C-5, G Block, Bandra Kurla Complex,
Mumbai-400051.
Fax: - 022-668 4786
Email:-securit .information bankofindia.co. in
A notice shall be effective when delivered or on effective date of the notice whichever is
later.
^_.^73
^'gxRT^tHT <^\
f â.. _ ^
information
'rit"'Ceil S
U.tS;. , ";
ID
^^;^.0>
PART 6
BID FORM, AND OTHER FORMATS
INDEX
FORMAT NUMBERS
6.1 Covering Letter

6.2 Non-DisclosureAgreement
6.3 Bank/ Payment Details
6.4 Contract Form
6.5 Organisational Profile
6.6 Details of related Assignment in Banks
6.7 No of assignments / Experience during past three years in Banks
6.8 List of experienced staffworking in the company more than three years
6.9 Bid Covering letter
6. 10 Priority List of Services and assignements by the ISSP in BFSI Sector
6. 11 Technical BID Form
6. 12 Local communication details form
6. 13 Document Verification Check List for Proposal
6. 14 Service Level Agreement (SLA)
NOTE
For Convenience, we have enlisted all Technical & Functional Specifications, FORMATS
which are to be submitted by the Bidders are kept in this PART
P %^ff6^73
^CT^ffi <?«
ts . ^ ^
lnfor, Ce^l °
^.v. .
RNID
^. w. ^p-
FORMAT- 6.1
COVERING LETTER
(To be included in main Bid Envelope)
Date:.
To:
Bank of India,
Risk Management Department, InfoSec Cell,
3rd Floor, East Wing, Star House 1, C-5, G-Block,
Bandra Kurla Complex
Bandra (East), Mumbai-400 051.
Gentlemen:
Re. : Empanelment of Information Security and Audit Service Providers
(Your RFP Ref: dated )
Having examined the Bidding Documents, the receipt of which is hereby duly acknowledged, we,
the undersigned, to Empanelment of Information Security and Audit Service Providers in
conformity with the said Bidding documents.
We undertake, if our Bid is accepted, to enter into and execute at our cost when called upon by
the Bank to do so, the contract in the prescribed form.
We agree to abide by the Bid up to the period prescribed in the Bid, which shall remain
binding upon us.
Until a formal contract is prepared and executed, this Bid, together with your written acceptance
thereof and your notification of award, shall constitute a binding Contract between us.
We undertake that, in competing for (and, if the award is made to us, in executing) the above
contract, we will strictly observe the laws against fraud and corruption in force in India namely
"Prevention of Corruption Act 1988".
We understand that you are not bound to accept the Bid you may receive. You may reject all or
any bidwithout assigning any reason or giving any explanation whatsoever
Dated this day of ............................ 2023.
(Signature) (Name) (In the capacity of)
Duly authorized to sign Bid for and on behalf of
P Oof 73
,
^/B^
TW^«T'<^
I ay , /, _;F«'. '::
p Informati , Z
:urity Cell
ft.ff.'fir:
?MD *,
^. /IA.O>
FORMAT6.2
NON-DISCLOSURE AGREEMENT (NDA)
WHEREAS, we, , having Registered Office at

, hereinafter referred to as the COMPANY, are
agreeable to Empanelment of Information Security And Audit Service Providers for Bank of
India, having its registered office at Star House, C-5, G Block, Bandra Kurla Complex, Mumbai -
400 051, hereinafter referred to as the BANK and,
WHEREAS, the COMPANY understands that the information regarding the Bank's web site
shared by the BANK in their Request for Proposal is confidential and/or proprietary to the BANK,
and
WHEREAS, the COMPANY understands that in the course of submission of the offer to
Empanelment of Information Security and Audit Service Providers and Services and/or in
the aftermath thereof, it may be necessary that the COMPANY may perform certain jobs/duties
on the Bank's properties and/or have access to certain plans, documents, approvals or
information of the BANK;
NOW THEREFORE, in consideration of the foregoing, the COMPANY agrees to all of the
following conditions, in order to induce the BANK to grant the COMPANY specific access to the
BANK'Sproperty/information
The COMPANY will not publish or disclose to others, nor, use in any services that the COMPANY
performs for others, any confidential or proprietary information belonging to the BANK, unless the
COMPANY has first obtained the BANK'S written Authorization to do so;
The COMPANY agrees that notes, specifications, designs, memoranda and other data shared by
the BANK or, prepared or produced by the COMPANY for the purpose of submitting the offer to
the BANK to Empanelment of Information Security And Audit Service Providers, will not be
disclosed to during or subsequent to submission of the offer to the BANK, to anyone outside the
BANK
The COMPANY shall not, without the BANK'S written consent, disclose the contents of this
Request for Proposal (Bid) or any provision thereof, or any specification, plan, pattern, sample or
information (to be) furnished by or on behalf of the BANK in connection therewith, to any
person(s) other than those employed/engaged by the COMPANY for the purpose of submitting
the offer to the BANK and/or for the performance of the Contract in the aftermath. Disclosure to
any employed/engaged person(s) shall be made in confidence and shall extend only so far as
necessaryfor the purposes of such performance.
Authorized Signatory
Designation Name:
Place:
Date:
^d?\3
. f^"'^
W^'<\V!
^<9-^
BANK OF INDIA, HEAD OFFICE,INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
FORMAT 6.3
Bank / Payment Details from Bidder
(Please note to mention RFP Ref. No. / Name in particulars while remitting offunds)
Sr. No.
Bidder's Bank details
1 Name of Bidder's account
2 Account No.
3 Name of Bank
4 Branch
5 IFSC Code
6 Bidder's contact Nos.
7 Bidder' email id:
Details of payment of Cost of Bid Document and EMD
1 EMD Amount Rs. 50, 000,-
2 Date of N EFT
3 NEFT Transaction details (UTR)
4 Sender details
Details of payment of Cost of Bid Document and EMD
1 Cost of Bid Document Rs. 5, 000,-
2 Date of N EFT
3 NEFT Transaction details(UTR)
4 Sender details
In case of transfer of funds from Bank of India account
1 Particulars of Transaction ID
2 Date/
3 Account No.
4 EMD Amount Rs.
5 Cost of Bid documents Rs.
Office Seal:
Signature of Bidder
Place
Date
Page-32 of 73
S-^/S^N
^
^tion ^\
Security^ e g
^^r. ;^0-
FORMAT 6.4
CONTRACT FORM
THIS AGREEMENT made the ....... day of................................... 2023. Between.
(Name of Sen/ice Provider) (hereinafter called "Service Provider") of the one part
and..................... (Name of Service Provider of......................... (City and Country of Service
Provider (hereinafter called " Sen/ice Provider") of the other part:
WHEREAS the Bank invited Bids for Empanelment of Information Security and Audit Service
Providers (ISASPs) and has accepted a Bid,
NOWTHIS AGREEMENTWITNESSETHAS FOLLOWS:
1. In this Agreement words and expressions shall have the same meanings as are respectively
assigned to them in the Conditions of Contract referred to.
2. The following documents of Bid No. : dated shall
be deemed to form and be read and construed as part of this Agreement, viz.:
a) the Bid Form submitted by the Bidder
b) the Technical & Functional Specifications;
c) the Terms and Conditions of Contract;
d) the Service Providers Notification of Award;
e) DELIVERY SCHEDULE:
IN WITNESS whereof the parties hereto have caused this Agreement to be executed in
accordance with their respective laws the day and year first above written.
Signed, Sealed and Delivered by the
said..................................................... (For the Bank)
in the presence of:.
Signed, Sealed and Delivered by the

said..................................................... (For the Service Provider)
in the presence of:.
Pa ., o. o 73
I / B/l^
^^'\
'^. °-' i
^ r^- ^
^.i>'-
FORMAT 6.5
ORGANISATIONALPROFILE
(Include in Main Bid Only - Not to be included in Price Proposal)
CONSTITUTION :
1. Proprietary
2. Partnership
3. Private Ltd.
4. Public Ltd.
Established since
Address of Registered Office
Name Phone Nos. (with STD

Codes)
Names of : 1.
Proprietor/Partners/ Directors
2.
3.
Note: Please support the above facts with documentary evidence. Please also attach:
Income-Tax Clearance Certificate (latest) Referral Letters from Clients mentioned above
Signature of Bidder-
Name:
Business address:
Place Date:
Seal of the Service Provider
^^^^>f73
%pw^w'<^\
' ~" -sss..
^"., - . -S.'
's'
i s^st ^j!
\
^^'^'^/
. ^T. ^/
FORMAT 6. 6
Details of Related Assignments / Contracts

(For past THREE Years from the date of RFP in BFSI)
(Banking Clients should appear at top, followed by other BFSI etc.)
Sr. Details of Particulars of SoW Code No. START & Remarks

No. Name of Assignments - of the ACTUAL Date Repeat Order
Clients - Purchase Assignment As of Completion / Extension of
Companies Order - Date, given in this of Engagement Engagement
[Address, Key Value, Period RFP / Assignment / and related
Persons, Cell of Completion Project/Service information.
Nos. etc. ] of SoWetc. & ACTUAL
Man - Days /
Hours taken.
1
Yours faithfully,
For: [Name of the Company]
(Signature of the Authorised Official)

Name:-
Designation:-
Place:-
Date:-
^
^s... ^ z
information, 5
..V »^.T(.Rt.
wm
^. M0-
BANKOF INDIA, HEAD OFFICE, INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
FORMAT 6.7
No. of Assignments / Experience during Past three years in BANKS
Activities CBS / ATM Internet Mobile Treasury Various TPP /Out Any
[as per Finacle NW / Banking Banking - Operations Certifications Sourced other
SoWcode Switch All Activities activity
No. - Platforms
Format
6. 10]
Note : Mention only no. of assignments under the respective head.
Yours faithfully,
Name:-
Designation:-
Place:-
Date:-
of 73
-d?'
ira^
.
? . ^^\
\^^
^. ^y
FORMAT 6. 8
List of Experienced Staff working in the Company
Sr. Name of Designation Professionals / Date of No. of No. of Activities

No. the Technical / Joining Completed ISC & ISAC [as per
Employee Qualifications / Years as on Projects SoW code
Certifications 31. 12. 2022 Handled No.
Format
6. 10]
Note : a. Employee should be on permanent Pay Roll of the company.

a. Adhoc / Temporary staff or other outsources / organisation should not be
included.
Yours faithfully,

Name:-
Designation:-
Place:-
Date:-
P , .. f73
/ ,1/1^^
^^"^
infoâ^" I
^,, <:
<^:1^^-"
FORMAT 6. 9
BID COVERINGLETTER
(The bidder shall submit together with CHECK LIST& other Bid Documents)
To,
The General Manager,
Bank of India, Head Office,
Risk Management Department, InfoSec Cell,
3rd Floor- East Wing, Star House - I, C-5, "G" Block,
Bandra Kurla Complex, Bandra - East, Mumbai - 400 051 .
Dear Sir,
Sub:- Our Bid for Em anelment of Information Securit And Audit Service Providers
We intend to participate in the RFP process for empanelment of the vendors [ISSPs] to
provide various ISC and ISAC related services required by the Bank. We submit our Bid
Documents along with CHECK LIST. We understand that;
1> You are not bound to accept any bid received by you, and you may reject all or any bid
without assigning any reason or giving any explanation whatsoever.
2> Bank may foflow close or open bidding [RFP] process as per requirement and sole
discretion of the Bank.
3> If our Bid is accepted, we undertake to enter into and execute at our cost, when called
upon by Bank to do so, a contract in the prescribed Form.
4> You may accept or entrust the entire work to one vendor or divide the work to more
than one vendor without assigning any reason or giving any explanation whatsoever.
5> Vendor [ISASPs] means the Bidder (s) who is / are selected by the Bank after the RFP -
bidding process.
6> The name(s) of successful bidder(s) to whom the empanelment is finally awarded after the
completion of bidding process shall be communicated to the successful bidder(s) -
ISSPs. Bank shall NOT entertain any communication in this regards.
7> We have gone through the Technical Bidding process and other Terms and Conditions
as mentioned in the RFP.
8> We understand that this RFP process is ONLY for empanelment of ISASPs.
9> We agree that the lowest price quoted by any empanelled vendor under each job level will
be final and binding on us.
10> We understood the entire bid process of empanelment including the grouping and levels
mentioned within the groups.
11> The number of pages in the document is .................... This has been duly verified,
signed and company's stamp affixed.
Yours faithfully,
Name:-
Designation:-
Place:- Date:-
^?"^\
^^\
ff.qn. l^j
FORMAT 6. 10
Priority List of SERVICES and ASSIGNMENTS by the ISSP in BFSI Sector

SoW Services / Assignments Ca abilit Total No. of
CODE No. YES PRIORITT Assignments
1 is TOP
Priority
ISC-STD-01 Vulnerability Assessment [VA] & Penetration
Testing [PT].
ISC-STD-02 IT Project / Process / Framework Consultancy
ISC-STD-03 Secured Configuration, & Hardening

Documents Review - [Technical Standards
Updation].
ISC-STD-04 Mobile Application Review and Security related
Work.
ISC-STD-05 Risk Assessment, Asset Classification,
Review, Compliance of NDAs, SLA with
Vendors / Third Party Outsourcing Agencies.
ISC-STD-06 SMS and All Middleware Security Review and
related work.
ISC-SPL-07 Network Security, Access Control, Review of
NAP Locations, Switches and Routers and
LAN - WAN NW.
ISC-STD-08 General Controls Review / Audit Review and
related Work.
ISC-STD-09 Anti-Phishing, Anti-Malware and Brand
Monitoring Services etc.
ISC-STD-10 PCI DSS Certification and Compliance related
Work.
ISC-SPL-11 COBIT - Advisory Sen/ices and related Work.
ISC-STD-12 ISO 20000 Certification and related Work.
ISC-STD-13 ISO 22301 Certification, Automated Score
ISMS Score Board and related Work.
ISC-STD-14 ISO 27001 Certification and related Work.
ISAC-STD-15 ISO 27001 Audit and Compliance related
Work.
ISAC-SPL-16 Review, Update Gaps of IS Audit Policies, IS
Audit Manual, IS Audit Procedures, Metrics
and related Work.
\^'B^
^sv^w'^
;RW.. ^'
Information
?1-^-
iMD
.^
^/^-
ISC-SPL-17 Review, Update Gaps of Corporate Information

Security Policy [CISP], Procedures, Metrics,
Controls.
ISAC-SPL-18 IS Audit - Internal Control Guidelines of
Treasury Branch, Dealing Room Activities
Review and related work.
ISAC-STD-19 IS Audit of ATMs of Banes under Section PSS

Act 2007 of RBI and related work.
ISAC-STD-20 IS Audit of ATMs of BOI Network, Gaps and
related Work.
ISAC-SPL-21 Concurrent Audit of Data Center
ISC-SPL-22 Forensic Audit / Analysis / Special Reviews /
Scrutinise / Cyber Crime - Investigations and
related Work.
ISAC-STD-23 Green Process Audit [GPA], Configuration
Audit and related Work.
ISC-SPL-24 Project Management Office [PMO] - Security
Solution Assessment, Identification,
Requirements for Pre-lmplementation of IS
Projects, Production Evolution for Monitoring of
IS Projects and related Work.
ISC-SPL-25 Application [SW] Security Assessment /
Review of Domain / Channel Process Audit
including Associated Infrastructure [Including
WEB]
ISAC-SPL-26 Application Code Audit - Review - Gap
Analysis, Post Compliance Audit and related
Work.
ISC-STD-27 Data Governance, Data Protection Strategy
Framework and Development related Work.
ISAC-SPL-28 GAP Analysis of Requirements of Local
Regulator/s of Foreign Centres including
Threat and Vulnerability Risk Assessment
[TVRA].
4(^f73
^?<IT°i,
^s^}
&^
tf.?n. l^.>'
ISAC-SPL-29 Conducting IS Audit of IT

Infrastructure at DC / DR / NR Site /
Treasury / RRBs / FCBS / Service
Branches - CTS etc. Quality
Assurance, GAPs, Compliance Audit/s
and related Work.
ISC-SPL-30 Conducting GAP Assessment Audits /
Compliance Audit/s of RBI Advisories /
Guidelines / IT Act 2008, Guidelines of
other Foreign Regulators & Gol
Guidelines etc. Automation of
Compliance requirements and related
Work.
ISC-SPL-31 Development and Implementation of
IT Governance, Risk and Compliance
[IT - GRC] Dashboards, s and related
Work.
ISC-SPL-32 Assisting in Selection of suitable tool,
solution for ISC / ISAC related work.
ISC-SPL-33 Review of BCPDR System, strategy
and related Work.
ISC-SPL-34 Review, Development, Selection,
Implementation of various Tools for
Data Privacy, Data Protection Data
Classification, Data Governance
Strategy, and Framework of the Bank
in pursuance of the various Regulatory
and Government Guidelines in vogue
from time to time.
ISC-SPL-35 Develop, Implement, Training IS
Awareness, E-Learning Modules
related to InfoSec related areas and
Issues.
ISC-SPL-36 Review of Post - Implementation of
various IS initiatives and Project/s
ISC-STD-37 Application Migration audits for ex.
CBS / IB Version Migration Audit etc.
ISC-STD-38 Consultancy sen/ices for technical
solution implementation for ex. ITSM,
ITAM, IT-GRC, DLP Implementation
73 Support
^^LTS" \
^^%-'l
^.^- *,
v. ,rfe:/
ISC-SPL-39 Assisting in Log Management -

Revamping and upgradation of our
SOC Operations, Monitoring,
Assessment of SIEM Solution,
Optimisation technical process,
correlation review for existing DLP,
DAM, SIEM, IPS / IDS etc., Identify
and assistance in implementation of
recommend IS Tools such as IAM,
IRM etc. and other related Work.
NOTE on SoW:-
1> In case of capability, experience and expertise vendors shall mention "YES" and give
"Priority of list of services and Assignments" stating 1, 2, 3.. & so on. In case of "Capability"
coloum kept blank, respective SoW item no will be considered as NO.
2> Kindly mention the No. of Assignments carried out in past TEN years from the date of RFP
against respective SoW Code No.
3> In case of ANY other related Activities NOT included in the above list, but related
assignmenVs carried out by the Bidder, may be added and included in the list after
avoiding duplication along with the priority no. of such additional items.
4> The information provided in the list must be supported by documentary evidence. Non
submission or incomplete documentary evidence will be considered as Non-conformity for
particular SoWand itwill not be considered. Bank's decision in this regards will befinal.
5> In case the Bidder has carried out any other assignments over and above list they may
add these assignment together with evidence and PRIORITY for that assignment. The
Bidder should give and list out all their ISC and ISAC related Assignments and Services.
Yours faithfully,

Name:-
Designation:-
Place:-
Date:-
^2%'
^
^f^\
.
s?'
^-
' y
D
FORMAT 6. 11
Technical BID Form
Sr. Activities / Details Max Marks Scored
No. Marks
Total No of Assignments carried out in BFSI related to IS / ISAC 25

Activities in India as declared in FORMAT- 6. 10 to be submitted by
the Bidder. Proof need to be submitted. - One Mark per
Assignment/ PurchaseOrder [Maximum 3 Marks for 3 years for
same / similar activity] for different activities in different
organisations.
Total No of Assignments carried out for IS / ISAC related activities 15
for their Global Clients as per the LISTenclosed as an evidence by
the Bidder. One Mark per Assignment / Purchase Order after
01.08.2019[i.e. during past three years].
Total No. of Skilled Employees / Resources available as per the 15
enclosed LIST of Employees with their Credentials / Certifications
related to IS / ISAC Activities given in the FORMAT- 6. 8.
11 to 25 Employees 05 Marks
26 to 50 10 Marks
Over 51 15 Marks
No. of Years' Existence/Establishment in IS/ISAC related activities 10
in INDIA in BFSI Sector. Evidence of the 1st Assignment to be
enclosed as a proofof Experience(One Mark per year).
Technical Skill Credentials (extra ordinary activities) - Proprietary 10
Tools Developed, R&D Work Done, Papers Published, Forensic
Assignment Carried out. Other Value added Services and
Additional Deliverables, Proprietary Tools, Dashboards, Training,
Knowledge sharing, etc. Attach Evidences as a proof, (each
activity will carry 1 mark)
Certifications/Accreditations relevant to IS/ IS Audit Services 05
received from Gol, RBI, IDRBT, IBA, Gartner, BFSI Sector or any
other independent Authority. - One Mark per valid current
Certificate
Presentation on Audit Methodologies, with description of Tools, 20
Utilities, Templates Developed / used during execution of previous
assignments. (To be Submitted by Audit Firm as part of Technical
Bid document - not more than 20 slides)
TOTAL marks 100
Yours faithfully,
Name:-
Designation:-
Place:- Date:-
^^
^".T^^
t Sî]
.^
.
^. 1^
6. 12 Local cornmunication/corres ondence Details Form
City/ Postal Address, Telephone, Fax, E-Mail Name & Designation of the
Location and Contact Details of Contact Personnel contact person
Yours faithfully,

Name:-
Designation:-
Place:-
Date:-
73
^lr"\
l^>o^'1
SiS,
.
^%^
w<°(?,a,tce^ 5
^. '" *,
1^
FORM-6.13
DOCUMENTVERIFICATIONCHECK LIST FOR PROPOSAL

Sr. Name of the Document Remarks
No.
(i) Covering Letter (6. 1) YES / NO
(ii) Non-Disclosure Agreement (6. 2) YES / NO
(iii) Bank/ Payment Details (6. 3) YES / NO
iv) Contract Form (6.4) YES / NO
v) Organisational Profile (6. 5) YES / NO
vi) Details of related Assignments in BFSI (6. 6) YES / NO
vii) No of Assignments in BANKS (6. 7) YES / NO
viii) List of experienced Staff working in the company (6. 8) YES / NO
ix) Bid Covering Letter (6.9) YES / NO
x) Priority List of Services & Assignments (6. 10) YES / NO
xi) Technical BID Form - Stage -1 (6. 11) YES / NO
xii) Local Communication/Correspondence details Form (6. 12) YES / NO

xiii) Document Verification Checklist Form 6. 13 YES / NO
xiv) Service Level Agreement format (6. 14)
xv) Non-refundable BidAmount Rs.5, 000,- & EMDRs.50, 000/- YES/ No

xvi) Evidence for Eligibility Criteria properly marked as EC-1, YES / NO
EC-2 etc. duly signed and enclosed
NOTE:
All Forms must be filled in by the bidder and necessary supporting evidences must be enclosed
with this checklist.
(Name) (Signature) (in the capacity of)

Date:
Place:
Duly authorized to sign the proposal for and on behalf of
Se
^3
-^
t ^.""^
..^"
FORMAT6. 14
SERVICE LEVEL AGREEMENT

FOR
Empanelment of Information Security and Audit Service Providers

THIS AGREEMENT is executed at Mumbai on this , 2023
BETWEEN
BANK OF INDIA, a body corporate constituted under the Banking Companies (Acquisition and
Transfer of Undertakings) Act, 1970 and having its Head Office at Star House, C - 5, 'G' B\ock,
Bandra-Kurla Complex^ Bandra (East), Mumbai - 400 051, (hereinafter referred to as the "Bank"
which term shall, unless repugnant to the context or meaning hereof, be deemed to mean and
include its successors-in-interest and assigns) of the ONE PART
AND
M/S. registered under the Companies Act, 1956 / 2008,

having its Registered Office at, and
communication address is, (here-in-after
referred to as the "Information Security and Audit Service Provider (ISASP)" which
expression shall, unless repugnant to the context or meaning hereof be deemed to mean and
include its heirs executors, administrators, successors-in-interest and permitted assigns of the
firm and its partners jointly and severally, Liquidators), ofthe OTHER PART.
(The "Bank" and the "ISASP" shall, wherever the context requires, be referred collectively as
"Parties" and individually as "Party" also)
Page 46 of 73
I BA/|/^
^ w\
i?a-oft ^
.
ôt^y ce >
WHEREAS:
A. The Bank is a prominent nationalized bank, having been founded on September 7, 1906 and
having 5000+ branches in India spread over all states / union territories including
specialized branches and _ Extension Counters. Bank has _ Staff Training Centers
[STCs]. These branches are controlled through _ Zonal Offices [ZOs] under __ National
Banking Groups [NBGs]. The Bank has a dominant presence abroad with _ branches /
offices. The Bank is listed at both NSE & BSE. The Bank has ATMs spread over the
Country. The Data Centre (DC) of the Bank is situated at, Bank of India, Administrative Building,
Sector 11, Plot 11, CBD Belapur, Navi Mumbai.
B. The Data Center houses various other applications and resources. The database environment
is a heterogeneous mix of UNIX, Linux, HP-Unix, AIX, Solaris and Windows platforms, with
databases like Oracle, SQL, PostgreSQL, Networking devices like CISCO, Check Point etc. The
Bank has Integrated Treasury Operations in Mumbai. With multifarious servers, databases,
network devices and applications serving as components of the critical infrastructure, continuous
maintenance, management and monitoring of the resources are required.
The Bank wish to have Empanelment of Information Security and Audit Service Provider
(ISASP), who can perform the activities, as and whenever there is a requirement. The list of
activities are highlighted in the RFP document dated
C. For the said purpose, the Bank had invited Bids from Competent Vendors by floating Request
For Proposal (RFP) Ref. No. . In response to the Bank's
said Request For Proposal (RFP) the ISASP had submitted its bid. The ISASP has represented
to the Bank that it has sufficient expertise and competence to perform its obligations under this
Contract as per the scope of work and on mutual terms and conditions as set out in this
Agreement and in the RFP. The ISASP has further represented that the ISASP has appropriate
infrastructure, human and other resources required to execute various tasks of the Contract.
D. Pursuant to issuing the RFP, the Bank has short-listed the ISASP based on the Proposal
submitted and the representations and warranties made by the ISASP. Subsequently, the Bank
has awarded the said Contract to the ISASP subject to the terms and conditions contained in this
Agreement and the RFP.
E The Parties are desirous of recording the terms as agreed between the Parties, as set out
hereunder.
NOW THEREFORE, in consideration of the foregoing and the mutual covenants and promises
contained herein and other terms and conditions mentioned in the RFP, and other goods and
valuable consideration, the receipt, sufficiency and adequacy of which is hereby acknowledged,
the Parties intending to be bound legally, agree as follows:
3J73
^^
'^^ lx
se^;. - ^
^p:
<r.^. 1^
.
BANK OF INDIA,HEAD OFFICE,INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
ARTICLE 1
DEFINITIONSAND CONSTRUCTION
The recitals, Schedules and Annexures to this agreement shall form part of this agreement as if
incorporated in verbatim in the body of this agreement and shall be binding on the ISASP.
InthisAgreement and Annexures each word or phrase listed below hasthe meaning designated
1. 1 Definitions
(a) "Agreement" shall mean this agreement, together with the RFP (together with its annexures,
addendum and clarifications if any) and the Annexures to this Agreement and any mutually
agreed modifications to this Agreement;
(b) "DataCentre" means the data repository ofthe Bank presently situated atCBD Belapur,
"DR Site" means the data repository of the Bank presently situated at Bangalore,
"Near Site" means the data repository of the Bank presently situated at CBD Belapur,
(c) "Confidential Information" shall mean all non-public information, of the Bank and its
Customers including details of the Bank's Critical Assets held by the Bank which is accessible by
or is available to the ISASP directly or indirectly, Customer Data, Banks' Data, whether in writing,
graphic, visual or any other tangible, intangible or electronic form including, without limitation, any
and all information relating to the Bank's Customers, the Software and Hardware Vendors and/or
its client's (whether past, present, or future), financial data, financial results and projections,
employees (past, present or prospective), technologies, technical and business strategies,
computer programs, software tools, source codes, object codes, protocols, product descriptions,
trade secrets or know how, customer information and Intellectual Property Rights as well as any
such information not generally known to third parties, that the ISASP is reasonably expected to
treat as confidential. It is clarified that all non-public data residing on the Bank's existing system
shall be treated as Confidential Information for the purposes of this Agreement.
(d) "Contract" shall mean that the empanelment of ISASPs. The scope of the contract / work is
more particularly stated in the RFP and Schedule I of this Agreement.
PageWof 73
,, BA^^
^Jttff'^\
^ wn %\
&^' <s
(e) "Event of Force Majeure" shall mean act of God including earthquake, invasion, war,
tsunami, rebellion, or other acts generally beyond the control of the Parties and affecting
performance of this Agreement;
(f) "Location" shall mean those locations stated in Schedule II of the Agreement and includes
any amendments/ additions thereto by the Bank from time to time where the Audit shall have to
be conducted by the ISASP.
(g) "RFP" shall mean collectively the Request for Proposal bearing Ref. No.
, Dated issued by the Bank, and all addendum and
clarifications issued pursuant to the said Request For Proposal;
(h) "Deliverables and Services" means all the Deliverables and services that are to be
provided/performed by the ISASP to the Bank under the Contract which are more particularly
stated in this Agreement and in the RFP;
(i) "Taxes" means all taxes, Education Cess, Higher Education Cess, levies, surcharges, Octroi
or withholdings etc. assessed by any Central, State or local authority as a result of the provision
of the Services by ISASP to the Bank.
1.2 INTERPRETATION
(a) Any reference in this Agreement to any Statute or statutory provision shall be construed as
including a reference to that statute or statutory provision as from time to time amended modified
extended or re-enacted whether before or after the date of this Agreement and to all statutory
instruments orders and regulations for the time being made pursuant to it or deriving validity from
it.
(b) The meanings set forth for defined terms in this Article and all pronouns shall be equally
applicable to both the singular and plural masculine, feminine or neuter forms as the context may
require.
(c) All references in this Agreement to Articles are to articles in or to this Agreement unless
otherwise specified therein. The words "hereof," "herein" and "hereunder" and words of similar
import when used in this Agreement shall refer to this Agreement as a whole and not to any
particular provision of this Agreement. The words "include", "including" and "among other things"
shall be deemed to be followed by "without limitation" or "but not limited to" whether or not they
are followed by such phrases or words of like import.
(d) References in this Agreement to any document or agreement shall be deemed to include
references to such document or agreement as amended, varied, restated, supplemented or
replaced from time to time in accordance with the terms thereof and to include any letters of the
parties executed in connection therewith, except as otherwise provided in this Agreement.
(e) The headings of the several Articles and sub clauses of this Agreement are intended for
convenience only and shall not in any way affect the meaning or construction of any provision
therein.
^^ -^
f, :»»»&»" r
^^£- ;/
BANKOF INDIA, HEAD OFFICE,INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
ARTICLE 2
AWARD AND SCOPE OF THE CONTRACT & RESPONSIBILITIES OF ISASP's
2. 1 AWARD OF THE CONTRACT
(a)The Bank hereby Empanel the ISASP for Information Security Cell [ISC] and Information
Systems Audit Cell [ISAC] or any other department ofthe bank if required and the ISASPhereby
accepts the Empanelment by the Bank, on the. terms and conditions more fully mentioned in
these presents as also in the RFP dated 28. 02. 2023.
(b) The ISASP agrees and undertakes to render the services and perform its obligation^ in
accordance with the terms and conditions contained in this agreement and in the RFP. The
ISASP agrees that after completion of the term or upon earlier termination of the agreement, the
ISASP shall, if so required by the Bank, continue to provide the services to the Bank mutually
agreed upon terms for a period up to maximum 1 year.
(c) The ISASP hereby acknowledge, agree and confirm that Empanelment of the ISASP by the
Bank does not confer any rights on the ISASPto necessarily receive assignments / jobs from the
bank. Allocation of assignments / jobs shall be at the sole discretion of the Bank and the ISASP
shall not have any right or claim whatsoever in this regard and shall not have any right to
challenge/dispute the decision of the bank in any court, tribunal and/or other authorities.
(d) The ISASP hereby further acknowledge, agree and undertake that the Bank may request to
incorporate any other terms and conditions notwithstanding anything contained herein, as and
wheri the Bank gives any specific assignment/jobs/task to the ISASP under this agreement and
the Parties shall be bound by such terms and conditions on a mutually agreeable basis and the
Bank shall agree upon enhancement of timelines. Provided, that if post discussions the changes
are unacceptable to the ISASP, the ISASP shall not be penalized in any manner for rejecting the
subsequent changes as proposed by the Bank. The ISASP shall be required to execute a
separate agreement if the Bank desires so while giving such specific assignment / jobs / tasks.
Bank may also issue work orders by detailing the terms and conditions, scope of work etc In the
event the Bank issues such work orders and/or the ISASP executes any such agreements) with
the bank those agreements) work orders shall be deemed as part and parcel of this agreement
and shall be read in conjunction with these presents.
Pa e 50 of 73
^'BA^^
w^
\n'
BANK OF INDIA, HEAD OFFICE, INFOSECCELL- RFP FOR EMPANELIWENTOF ISASP
2. 2 SCOPE AND CONDUCT OF THE CONTRACT:

a) The detailed scope of the Contract and the manner in which the ISASP has to perform are
more particularly stated in the RFP and Schedule I of this Agreement. These services
include, but are not limited to, Project Management, Training, Deployment methodologies
etc.
b) This allocation of assignments/jobs shall be at the sole discretion of the Bank. The criteria for
inviting quotes selectively from the list of approved sen/ice providers and parameters for
evaluation would be decided by the Bank on case to case basis. The Bank may also opt for a
regular RFP process in case it is not satisfied with the response of the empanelled vendors. The
scope given in this agreement may also undergo changes/updates due to implementation of new
products, projects, configuration requirements, business needs, legal and regulatory
requirements etc.
c) The tenure of the empanelment is till 31st December2025 w.e.f. and this would
be subject to annual review. Bank reserves the right to de-panel any empanelled ISASP even
without assigning any reasons. Empanelment does not confer any rights on the vendors to
necessarily receive assignments / jobs. This allocation of assignments / jobs shall be at the sole
discretion of the Bank.
d) The ISASPshall assure that all aspects of the Contract are conducted in a manner so as to be
in tune with the extant policies and guidelines of the Bank, and as per other applicable statutory
and regulatory requirements as well as accepted international best practices.
e) The ISASP shall provide the Bank with a list of its audit team members who shall be carrying
out the Contract along with their photographs, contact numbers and e-mail ids.
f) The ISASP shall ensure that the said team members always carry their identity cards with them
while in the Bank's Premises. To maintain security and continuity of the project, the work force of
the ISASP shall continue till completion of the entire Contract or till the time of earlier termination.
Any change in work force shall be informed to the Bank.
g) The ISASP shall follow all security requirements of the Bank and all relevant clauses of the
Corporate Information Systems Security Policy of the Bank shall be applicable to them. The
implementation team of the ISASP shall work under the Information Security Cell - Risk
Management Department and Inspection and Audit Department, Head Office of the Bank. The
Audit shall be implemented during normal Data Centre/ Banks days/hours. The timings may
however be deviated from, in case of need and on mutual consent.
h) The Bank shall provide the ISASP with the necessary need based infrastructure for the
purpose of the project. ISASP, its officials, employees or agents shall not use their
Laptops/External Hard Disk drives/ Pen Drives/ Bluetooth enable or Wi-Fi enable devices etc.
without prior permission of the Bank. All formats, policies, manuals, documents etc. shall be kept
in the Bank premises. No document/instructions/data are allowed to be carried/sent outside the
Bank's premises except that the ISASP shall be permitted to retain copies of the engagement
documents to remain in compliance with its legal, regulatory, judicial administrative compliance
process. Both the Bank and the ISASP shall identify and designate one coordinating official, who
shall be the single point contact for both the Parties. These identified officials shall be responsible
for managing the smooth implementation ofthe project. In the event any party deciding to change
its co-ordinating official, a prior notice of not less than seven days shall be given to the other
party.
^T%73
^^^ffl"^
ln<0"^^' I
s ,0^:^ *
RMD. n.'
'^^.^
BANK OF INDIA,HEAD OFFICE,INFOSECCELL- RFP FOR EMPANELMENTOF ISASP
i) The ISASP shall provide the list of tools which are going to be used while carrying out the
project. All the Tools/Programme shall be executed from premises of the Bank only. No remote
access shall be provided in this regard. The ISASP shall be fully liable if any damage is caused
to the Bank while carrying out the Contract or while running any of the tool/s. If any of the
Tool/software to be run from outside the Bank's/Data Centre premises, a prior permission shall
be obtained from the Bank.
j) The ISASP shall share / impart the knowledge, methodology to the Bank stafffor carryingj)ut
the activity, whenever the Bank desire. The ISASP shall also brief the findings to Banks' Top
Management on regular basis by way of presentation.
2. 3 Role & Responsibilities of ISASP's:
a) The ISASP is obliged to work closely with Bank's staff and abide by directives issued by the
Bank from time to time.
b) The ISASP is responsible for managing the activities of its personnel and shall hold itself
responsible for any misdemeanors on the part of its personnel.
c) Except as permitted under clause 2. 2 (h), the ISASP shall treat as confidential all data and
information about the Bank & its customer, obtained in the process of executing its
responsibilities, in strict confidence and shall not reveal such information to any other party
without prior written approval ofthe Bank as explained under ' Non-Disclosure Agreement'.
d) The ISASPshall train designated Bankofficialson the configuration, operation /functionalities,

maintenance, support & administration for software / tools / scripts and components used /
supplied by the ISASP and troubleshooting processes.
^ '"B4^
^CT-yW
^«...
Information g
.
^ ^
MID
^.^. l^-
e) The documentation shall be delivered by the ISASP to the Bank for every software / script /
tools provided to the Bank including those relating to any third party software before software /
service become operational, and includes, user manuals, installation manuals, operation
manuals, design documents, process documents, technical manuals, functional specification,
software requirement specification, on-line tutorials / CBTs, system configuration documents,
system / database administrative documents, debugging / diagnostics documents, test
procedures etc.
f) The ISASP shall also provide documents related to Review Records / Test Bug Reports / Root
Cause Analysis Report, list of all product components, list of all dependent / external modules
and list of all documents relating to traceability of the Product as and when applicable.
g) The ISASP shall also provide the MIS reports / Dash Boards as per requirement of the Bank.
h) During the term of this Agreement, if there are any level/version changes and/or clarification or
corrections or modifications in the above mentioned documentation shall be supplied by the
ISASP to the Bank free of cost in timely manner.
i) During the term of this agreement, the ISASP shall ensure that ISASP's key personnel with
relevant skills are always available to the Bank. The skill sets of the ISASP's resources should
be continuously improved by the ISASP. If the internal skill set of ISASP is found deficient the
Bank can permit / ask for outsourcing / subcontracting subject to the conditions herein.
j) The ISASP shall ensure the quality of methodologies for delivering the services and its
adherence to quality standard.
k) During the term of this agreement, the ISASP shall implement patches / Upgrades / updates
for Hardware / Software / OS / Middleware etc. as and when release by the /OEM or as per
requirements of the Bank. In case the infrastructure is provided by the Bank and the ISASP is
managing it, ISASP should bring to notice of the Bank all release /version change. A written
permission from the Bank shall be obtained before applying any of the patches / Upgrades /
updates. The ISASP shall have to use older versions of the software / Hardware / OS /
Middleware etc. in case the Bank chooses not to upgrade to latest version.
1) The ISASP shall use/provide only legally valid software solutions/tools etc. and provide
information on license and / or type of licenses to the Bank. All tools / software developed during
the course of this agreement & for any of the Bank's project, the ISASP is not authorized to
sell/use any specific customized tool utility/software for any other purpose. Such tools/software
will be sole property of the Bank.
?Jô(73
^ô-i\
^.>8.". '^
I.fl.
ARTICLE 3
PAYMENT AND PAYMENT TERMS
3. 1 As stated in para 2. 1 (d) subpra, the ISASP shall be required to execute separate agreement
as and when the Bank gives any assignment/task/job under this agreement in the format
provided by the bank and the parties shall mutually agree upon the charges/fees payable for
such task/job/assignmenVservices and deliverables to be provided by the ISASP. It is hereby
clarified that the ISASP shall not be entitled to get any fees or charges from the Bank on account
of empanelment of ISASP. Bank shall pay the fees/charges as fixed for the individual
task/assignments to the ISASP on the terms and conditions of the work order/agreement to be
executed"by the ISASP in favour of the bank while giving such tasks/jobs/assignment during the
empanelment period of 5 years, which is reviewed on yearly basis.
a The fees shall be subject to deduction of penalties levied on the ISASP by the Bank in
accordance with the provisions of this Agreement or individual agreements of various activities.
All payment shall be made after deducting the taxes if any and payment shall be made in Indian
Rupees only
b. Amounts payable to the ISASP as mentioned above shall not be liable for upward revision
during the term of this Agreement irrespective of reasons whatsoever including, increase or
imposition of new Taxes, duties, levies, octroi, charges etc.
c. All undisputed payments shall be made by the Bank by direct credit to the ISASP's Account
Number (Nature of Account) with
Branch of Bank, RTGS-IFCS Code No. through
NEFT/RTGS payment mode, within 15 working days of the date on which the payments fall due
in respect of an'undisputed invoice or within 15 days of receipt of undisputed invoice, whichever
is later.
d. If for any reasons the contractual period exceeds from the actual tenure for completion of the
works stated herein, no extra cost, fees or other amounts shall be paid to the ISASP by the Bank
due to cost escalation and/or any other reason whatsoever and ISASP shall have to perform all
the assignments within the agreed Fees specified herein,
e. Notwithstanding anything contained in this Agreement or the RFP where the ISASP is liable to
pay any amount to the Bank, on account of penalties under this agreement or on account of
discrepancies in the invoices, invocation of indemnity by the Bank, third party claims, statutory
dues or for any other reason the Bank shall without prejudice to its other rights be witNn its right
to adjust / set off such amounts payable to the ISASPand raise a demand on the ISASPfor the
balance amount if any and the ISASP shall pay such amount to the Bank within 2 working days of
receipt of such demand.
p/Sft/^3
^?ffl'^
".Sss. r
Jir.^. l^
3. 2 Performance Guarantee/Bid Security: The ISASP shall furnish a Performance

Guarantee/bid security for the individual contract separately as decided by the Bank for the
respective activity assigned to the ISASP. The validity of bid security shall be decided by the
bank as per the actual contract tenure for each activity
The Bank shall be within its rights to invoke the performance guarantee without further notice to
the ISASP, if the ISASP fails to perform the assignments within the tenure of the contract, or in
the event of the Bank terminating the contract due to non-performance and / or unsatisfactory
performance.
3.3 Penalty / Liquidated Damages:
Any delay or deviation from the timelines decided by the Bank for individual activities, shall attract
a Liquidated damages at the rate of 1% of the total Fee payable under the agreement, per week
or part thereof of the delay / deviation till the actual completion of the work in accordance with this
agreement and the ISASP shall promptly pay the same to the Bank. The liquidated damages
shall not exceed 25% of the contract price. Bank shall be within its right to deduct such amounts
from the fee payable to the ISASP. In such cases and without prejudice to its other rights the
Bank shall also have the right to terminate the Empanelment / contract in addition to invoking the
performance guarantee at the discretion of Bank. The decision of the Bank shall be final" and
binding on the ISASP
P 5 of 73
îl/B^
"^".Tffl ^
f ration 1
icurity_ ;
r^.s:fst.
RWID^'
^. t^
ARTICLE 4
TAXES AND DUTIES
(a) The ISASP shall be solely responsible for payment of all applicable Taxes, levies, charges,
license fees, octroi, royalties, road tax, road entry tax/fee etc., whatsoever that may be imposed
by State/Central Government or any local bodyfor the said purposes, payable as per the existing
laws, in connection with the Contract. Service tax if applicable shall be reimbursed on submission
of proof. The Bank's liability is restricted to the payment of fees to the ISASPfor the individual
activities.
(b) The ISASP shall also be liable to pay all corporate tax, income tax and any other taxes that
shall be levied on the ISASP according to the laws and regulations applicable from time to time.
(c) Wherever the laws and regulations require deduction of any Taxes at the source of payment,
Bank shall be entitled to effect such deductions from the payment due to the ISASP and make
remittance to the competent authority.
(d) The ISASP's staff, personnel and labour shall be liable to pay personal income taxes in
respect of such of their salaries and wages as are chargeable under the laws and regulations for
the"time being in force, and the ISASP shall perform such duties in regard to such deductions
thereof as may be imposed on the ISASP by such laws and regulations. The ISASP further
undertakes to obtain such licenses, permit etc. renewal from time to time and it shall be solely
responsible in the event of contravention of any Act, Laws or rules in this regard.
(e) The ISASP shall pay all the taxes, rates, charges, levies, claims whatsoever that may be
imposed by State / Central Government or any local body for the said purposes and for
employing such persons for the services and shall provide proofthereof as and when required by
Bank.
-a >6,of 73
^ ^^
?^LTS " ^\
^^-^
^ ^^- ^/
.
0^
v ^^°
ARTICLE 5
OBLIGATIONS OF THE PARTIES
5. 1 Obligations of the ISASP
The ISASP shall perform and undertake the following obligations:
(a) The ISASP shall work dosely with the Bank's staff, act within its own authority and abide by
directives issued by the Bank from time to time in performing its obligations under this
Agreement. The ISASP shall follow industry / international Standards, Guidelines and 'Best
Practices'.
(b) The ISASP shall follow the job safety measures prevalent in India for the contract
and shall free the Bank from all demands or responsibilities arising from accidents or loss of life
to any of its employee/s, agents or representatives. The ISASP shall pay all indemnities to the
Bank arising from such incidents attributable to the ISASPor its men, agents and employees.
(c) The ISASP shall be responsible for managing the activities of its personnel or its
representatives or of the employees engaged by sub-contractors (where ever sub-contracting
has been specifically permitted by Bank in writing), while performing the contractual obligation
under this contract and shall hold itself responsible for any misdemeanour. Bank shall not be
responsible for the conduct of ISASP's employees and/or persons engaged by ISASP and they
shall not be treated as employed by the Bank directly or indirectly under any circumstances.
(d) The ISASP is aware that the assets and data of the Bank is a valuable asset of the Bank and
under no circumstances shall the ISASP and/or its' employees, men or agent disclose, publish,
part with, sell or make the same available to any other third party, except that the ISASP may
disclose it to its own employees who are required to handle this information in the normal course
of their duties. It is obligatory for the ISASPto ensure complete Confidentiality by its employees.
(e) It is agreed that the ISASP shall not outsource any work related to this contract without
specific written consent of the Bank and the Bank may at its discretion refuse to give such
consent.
(f) The ISASP should have a well-defined business continuity policy to ensure that the Contract
under this agreement is smoothly completed.
(g) The ISASP shall use / provide only licensed software / tools for carrying out its obligations
under the agreement.
5.2 REVIEW: The Bank shall be entitled to review the performance of the ISASP from time to
time and shall also be entitled to terminate the contract in the event of the performance of the
ISASP being found to be unsatisfactory or for non-adherence to the terms of this Agreement.
Bank reserve the right to carry out the Quality Assurance Audit/ Second Party Audit either
from In-house Bank Audit tema or from a third party as per Regulatory requirement if any,
any time during the tenure of Empanelment of ISASP.
73
^^_T6 " ^
't :,.ff.%l
^ ^^- ^.
> RNtO
^~. ^0-'
5. 3 REPORTS, MIS AND DOCUMENTATION ISASP shall provide from time to time item-wise
necessary reports and statements, in both electronic and paper format in the prescribed manner
at the option'of the Bank, without any additional cost to the Bank. Bank reserves the right to
modify or add any new format for the reports and satements as may be necessary during the
term of this Agreement.
!.58of73
/^1}
.^
i./<^P"T6 "'^
'A "^. tion %
^s^^. ' ^
ARTICLE 6
REPRESENTATIONSAND WARRANTIES
Representations and Warranties by the ISASP
6. 1 The ISASP represents and warrants that:
(a) The ISASP possesses necessary experience, expertise and ability to undertake and fulfill its
obligations under this Agreement and it shall always perform the Contract/Audit by qualified
auditors. The names of the persons with qualifications who are going to actually perform the audit
and sign the monthly report shall be informed in writing to the Bank before the start of first audit.
Any change in personnel shall also be intimated immediately to the Bank in writing.
(b) The Deliverables & Services shall confirm to and meet the service level standards and time
frames set out in this Agreement to the full satisfaction of the Bank.
(c) The Deliverables &Services provided by the ISASP and/or use of the same by the Bank in
any manner shall not violate (knowingly or unknowingly) or infringe the intellectual properiiy rights
of any third party or the laws or regulations of any governmental or judicial authority.
(d) The ISASP has all necessary rights, title, and interest to provide the Deliverables &Services
and grant other the rights set forth herein to the Bank, free of any claims, encumbrances, liens, or
conflicting rights in favor of any Person;
(e) The Deliverables & Sen/ices shall be provided in a competent manner in accordance with due
professional standards in trade or industry, and shall meet the descriptions, specifications and
the performance standards stated in this Agreement.
(f) It has all the applicable permissions, licenses, authorities whatever required from the
appropriate Government, Statutory/Regulatory authorities to render the Service stated herein to
Bank.
6. 2 The ISASP recognizes that the Bank owns the data in the Banks system and that such data
is confidential to the Bank. The ISASP undertakes to provide adequate levels of security to
protect the non-public data and other technology resources and ensure to maintain it as
confidential.
6.3 The ISASPfurther agrees and recognizes that:
a) The Bank shall have the right to control the authorization and access to Bank's information,
including access rights granted to the ISASP's employees.
b) The Bank, its auditors/ agents and Reserve Bank of India shall have the right to conduct
security reviews and other audit procedures to review controls and test compliance for security
and control provisions.
c) The ISASP shall comply with procedures to deal with deficiencies in the implementation of the
project as noted by auditors, government, regulators and other internal or external agencies and
provide relevant solutions.
d) Bank of India has well defined policies which are self-regulated by a code of conduct. ISASP
agrees to adhere to the code in the right spirit. Any violation of the code by any employee ofthe
ISASP and or any other person(s) which is within the knowledge of the ISASP shall be promptly
brought to the notice of the Bank officials. Information in this regard shall be treated and kept as
confidential,
6. 4 The ISASP shall not affect any change in its constitution which includes reconstitution of the
ISASP, mergers, reverse mergers, acquisition and amalgamations during the currency of the
Contract period without prior written permission of the Bank,
6. 5 The ISASP shall not hold the Bank responsible for any assumptions or judgments made by
the ISASPfor arriving at any type of sizing or costing for the Contract. The Bank at all times shall
benchmark the performance of the ISASP to the expected service levels as mentioned in this
Agreement and the RFP. Inthe event of any deviations in the requirements from the terms ofthis
Agreement, in order to achieve the desired service levels as well as meeting the requirements
contained in this Agreement, the ISASP shall make good the same at no extra costs to the Bank,
6. 6 All terms and conditions, payments schedules, time frame for implementation, expected
service levels etc. shall remain unchanged unless explicitly mutually agreed in writing.
6. 7 The ISASP further Covenants and represents to the Bank that:
a. It is duly incorporated, registered, validly existing and in good standing as per the laws of India.
b. It has the power and authority to enter into this Agreement and perform Ks obligations
hereunder. The execution, delivery and performance of this Agreement by the ISASP and the
performance of its obligations hereunder have been duly authorized and approved by all
necessary actions and no other action on the part the ISASP is necessary to authorize the
execution, delivery and performance of this Agreement.
c. The execution, delivery and performance of this Agreement by the ISASP:
(i) Shall not violate or contravene any provision of its constitutional documents;
(ii) Shall not violate or contravene any law, statute, rule, regulation, licensing requirement, order,
writ, injunction or decree of any court, governmental instrumentality or other regulatory,
governmental or public body, agency or authority by which it is bound or by which any of its
properties or assets are bound;
(iii) Except to the extent that the same have been duly and properly completed or obtained shall
not require any filing with, or permit, consent or approval of or license from, or the giving of any
notice to, any court, governmental instrumentality or other statutory/regulatory, governmental or
public body, agencyor authority, joint venture party, or anyother entity or person whatsoever;
(iv) No representation orwarranty bythe ISASPin thisAgreement, and no document furnished or
to be furnished to the Bank, in connection herewith or with the transactions contemplated hereby,
contains or shall contain any untrue or misleading statement or omits or shall omit any fact
necessary to make the statements contained herein or therein, in light of the circumstances
under which made, not misleading. There have been no events or transactions, or facts or
information which has come to, or upon reasonable diligence, should have come to the attention
of the ISASP and which have not been disclosed herein or in a schedule hereto, having a direct
impact on the transactions contemplated hereunder
Page-60 of 73
^ 1~B^.
^°z%"at.*011 s
&^ ^
'^r^
6. 8 Inspection of Records The Bank and RBI and any Agencies engaged by the Bank and/or
RBI shall be authorized to make inquiries and audit the ISASP's compliance with the provisions
of this agreement and the ISASP agrees to provide the Bank with such information and access
for audit as requested for by the Bank and / or RBI. At all times the Bank and / or RBI shall have
the right to inspect the premises, books and records of the ISASP directly or through its
representatives. All ISASP's records with respect to any matters covered by this agreement and /
or as may be required by RBI and / or the Bank shall be made available to the Bank or its
designees, to audit, examine and make excerpts or transcripts of all relevant data. If the Bank
permits the ISASP to outsource any of the activities under this contract which shall always be in
writing, the ISASP shall ensure that necessary agreement is entered into with the Agency
engaged for such purpose and such agreement shall also contain necessary mandate by the said
outsourced agency interalia agreeing for production of documents called for, inspection and audit
of their premises and books by RBI and / or the Bank and any Agencies engaged by the Bank
and / or by the RBI. Any failure to permit audit as above shall result in RBI imposing fine on the
Bank and/or the ISASP, the same shall be paid by the ISASP.
'',?
S' ln{or'm%ll
inSormati I
^ Security^-61' S
RNID^;"
, ^. '^
ARTICLE 7
INDEMNITY
The ISASP does hereby Indemnify the Bank, and shall keep indemnified and hold the Bank
harmless from and against any and all losses, liabilities, claims, actions, costs and expenses
(including attorneys' fees) relating to, resulting directly or indirectly from or in any way arising out
of any claim, suit or proceeding brought against the Bank as a result of:
(a) Availing the services provided by the ISASP
(b) An act or omission (including misconduct or negligence) of the ISASP, its employees, its
agents, sub contractors in the performance of the obligations of the ISASP under this Agreement
and/ or
(c) Claims against the Bank and/or any legal proceedings made by employees or other persons
who are deployed by the ISASP and/or
(d) Breach of any of the term of this Agreement and/or its Annexures or breach of any
representation or warranty of the ISASP under this Agreement, or
(e) Violation of the Confidentiality obligations by the ISASP and/or its officials/employees or any
other person employed by them in connection with the Contract.
(f) Breach of any of the terms of this agreement by their subcontractors, if subcontracting of any
part of this agreement is permitted by Bank in writing.
(g) Breach of any of intellectual property rights of the bank and/or claims against the Bank in
connection with the breach of any intellectual property rights of any third party(ies).
The aggregate liability of the ISASP under clause (a), (d) and (f) shall be limited to two times of
the contract value. Provided, however that there shall be no cap on the liability of the ISASP for
events set out in (b), (c) (e) and (g) above.
W^73
^"<?^
, /^.
ô?^ 11
". ?^°^
^. 1^
ARTICLE 8
TERM AND TERMINATION
a) This Agreement shall commence from and continue for a period till 31st
December 2025 with an option to the Bank to review the Empanelment on yearly basis and on
mutually agreed terms & conditions unless terminated/extended as provided in this Agreement.
b) The Bank may terminate this Agreement at any time by giving one month prior written notice to
the ISASP in the event of any material breach of obligations under this Agreement by ISASP and
such breach is not cured within the said period of one month after occurrence of such breach;
c) The Bank shall be within its rights to terminate this agreement immediately without notice to
the ISASP in the event the ISASP:
(i) has a winding up proceeding or bankruptcy order made against it; or if
(ii) has a receiver appointed over substantial assets; or if
(iii) is or becomes unable to pay its debts as they become due; or if
(iv) enters into any arrangement or composition with or for the benefit of its creditors; or if
(v) a resolution is passed for its voluntary winding up or dissolution or if it is dissolved or any
analogous occurrence under any other jurisdiction.
(vi) Change its constitution of the ISASP.
(vii) Upon receipt of any regulatory or Government Guidelines, instructions.
d) The Bank shall be entitled to terminate this agreement without assigning any reasons at any
time by giving 1 month prior written notice to the ISASP.
e) Any termination of this Agreement (howsoever occasioned) shall not affect any rights,
obligations or liabilities of ISASP and/or Bank accrued/ accruing before such termination.
f) Immediately upon termination of this Agreement the ISASP shall upon Bank's request
handover all the records, data and Confidential Information of the Bank promptly and shall also
transfer to the Bank and/or such other service provider engaged by the Bank all the information/
data and other documents within 7 days of such termination. If any working papers retained by
the ISASP shall be maintained in confidence as per the terms of this agreement and NDA.
g) The Indemnity and Confidentiality obligations of the ISASP stated in this Agreement shall
survive termination of the Agreement.
^^^73
^^'^
? »-°&c%|.
'^".s.y \p-/
^.^. 1^
ARTICLE 9
CONFIDENTIALITY
a) The ISASP acknowledges that in the course of performing their obligations under this
Agreement, the ISASP shall be exposed to or acquire Confidential Information of the Bank or its
clfents/customers. The ISASP understands and acknowledges that it has been given access to
such Confidential Information solely as a consequence of and pursuant to this Agreement.
b) The ISASP shall , at all times, maintain confidentiality regarding the contents of this
Agreement, Information of Bank including of the Bank's Customer, any business . technical,
financial information / data or any other information disclosed or accessible to the ISASP for this
project whether at the time of disclosure, designated in writing as confidential or not.
c) The ISASP agrees to keep in confidence and not disclose to any third party and all
Confidential Information available to the ISASP and whether such information is given in writing ,
and whether such writing is marked to indicate the claims of ownership and/or secrecy or
otherwise. The ISASP agrees that it shall not use, nor reproduce for use in any way, any
Confidential Information of the Bank except to the extent required to fulfill its obligations under the
Agreement.
The ISASP agrees to protect the Confidential Information of the Bank with at least the same
standard of care and procedures used by to protect its own Confidential Information of similar
importance but at all times using high degree of care.
d) The ISASP shall also ensure that its officials / employees and if ISASP is permitted by the
Bank in writing to assign, delegate or hire another person to assist it in the performance of its
obligations under this Agreement, such person also shall maintain the confidentiality of the
Confidential Information in the same manner as the ISASP is bound to maintain the
confidentiality.
e) If the ISASP hires another person to assist it in the performance of its obligations under this
Agreement, or assigns any portion of its rights or delegates any portion of its responsibilities or
obligations under this Agreement to another person, it shall cause its assignee or delegate to be
bound to retain the confidentiality of the Confidential Information in the same manner as the Firm
is bound to maintain the confidentiality.
f) The provisions of this Article shall survive notwithstanding the expiration or termination of this
Agreement for any reason whatsoever.
P&ge^4. of73
r; SA^^
:^L?ffi"^,
r&'°"^
r^.?' *
%>/
ARTICLE 10
MISCELLANEOUS
10. 1 Notices
(a) Any notice and other communications provided for in this Agreement shall be in writing and
shall be first transmitted by facsimile transmission or by postage prepaid registered post with
acknowledgement due or by a reputed courier service, by e-mail, in the manner as elected by the
Party giving such notice.
In case of notices to Bank:
Department: Bank of India
Head Office, Risk Management Department,
Information Security Cell.
Address : 3rd floor, East Wing,
Star House -1, C-5, G-Block,
Bandra Kurla Complex, Bandra (E), Mumbai 400 051.
Phone Number : (022) 6668 5637
Fax Number : (022)6668 4786
E-mail: security. information@bankofindia.co. in
AND
Department: Bank of India
Head Office,
Inspection & Audit Department, ISAC,
Address : 5th floor, Star House 2, C-4, G-Block,
Bandra Kurla Complex, Bandra (E), Mumbai 400 051.
Phone Number : (022) 6131 9442
Fax Number : (022)6131 4786
E-mail: Headoffice. landA@bankofindia. co. in
For attention of: The General Manager,
Risk Management Department [ISC] &
Inspection & Audit Department [ISAC],
Head Office.
In case of notices to ISASP: M/S
Registered / Head OfficeAddress:
Mumbai Local Address:
Phone Number:
Mobile:
i%73
'^
a;",.. - a
iniormat^^ g
urity i'eii -
^s
.
^.^- ^
MD
^. l^0'-
(b) All notices shall be deemed to have been validly given if sent to the registered /Head office
address as mentioned above and on (i) the business date immediately after the date of
transmission with confirmed answer back, if transmitted by facsimile transmission, or (ii) the
expiry of three days after posting if sent by registered posVcourier, or (iii) the business date of
receipt, if sent by ordinary post.
(c) Any Party may, from time to time, change its address or representative for receipt of notices
provided for in this Agreement by giving to the other not less than fifteen days prior written notice.
10. 2 Dispute Resolution / Arbitration:
(a) If any question of dispute shall at any time arise between the Parties with respect to the
meaning'or effect of any clauses of this Agreement or the rights or obligations of the parties
hereto, the Parties shall make every effort to resolve it amicably by direct informal negotiation.
(b) If, after thirty (30) days from the commencement of such informal negotiations, the Bank and
the ISASP have been unable to resolve amicably the dispute, either party may require that the
dispute be referred for resolution to the formal mechanisms specified herein below.
(c) In case of dispute or difference arising between the Bank and the ISASP relating to any
matter arising out of or connected with the Agreement that have not been resolved through
informal negotiations stated above, such disputes or difference shall be settled in accordance
with the Arbitration and Conciliation Act, 1996 (Act). The arbitration tribunal shall consist of one
arbitrator, who shall be appointed by the Bank and the ISASP with mutual consent. In case of
failure of the Bank and the ISASP to reach upon a consensus in nominating the Arbitrator within
a period of 30 days from the date fixed for this purpose, the matter shall be referred to the Hon.
Chief Justice of High Court of Bombay for nominating the Arbitrator in accordance with the Act
stated above.
(d) Arbitration proceedings shall be held at Mumbai, India, and the language of the arbitration
proceedings and that ofall documents and communications between the parties shall be English.
(e) The cost and expenses of Arbitration proceedings including the fees and the expenses that
shall be paid to the Arbitrator shall be equally shared and paid by the Parties unless otherwise
decided 'by the Arbitrator. The expenses incurred by each party in connection with the
preparation, presentation, etc., including stamp fees of its proceedings shall be borne by the
party concerned.
(f) The decision of the Arbitrator shall be final and binding upon both Parties.
66^7^
.
^pn^ffl
>"<°&'l°;n'%}
curityc®" S,
^y:&- */
RNID
^. ^°'
10. 3. Enforcement
In the event of either Party resorting to legal action to enforce the terms and provisions of this
Agreement, the prevailing Party may recover from the other party the costs of such action
including, without limitation, reasonable attorneys' fees.
10. 4 Entire Agreement
This Agreement together with RFP constitutes the entire understanding between the Parties with
respect to the subject matter hereof and supersedes prior negotiations, representations, or
agreements, either written or oral. Should there be a provision, obligation or a condition
contained in the RFP which are not included in this agreement, such provision, obligation or
condition shall be deemed to be incorporated in this Agreement.
10. 5 Publicity
Any publicity by the ISASP in which the name of the Bank is to be used should be done only with
the explicit prior written permission of the Bank. The Bank shall be entitled to impose such
conditions or restrictions m relation to the manner of use of the name of the Bank in any publicity
material used by the ISASP.
10.6 No Agency
(a) The ISASP shall perform its obligations under this Agreement as an independent contractor.
Neither this Agreement nor the ISASP's performance of obligations under this Agreement shall
create an association, partnership, joint venture, or relationship of principal and agent, master
and servant, or employer and employee, between the Bank and the ISASP or its employees,
subcontractors; and neither Party shall have the right, power or authority (whether expressed or
implied) to enter into or assume any duty or obligation on behalf of the other party.
(b) The ISASP shall solely be responsible for all payments (including any statutory payments) to
its employees and shall ensure that at no time shall its employees, personnel, sub-contractors or
agents hold themselves as employees or agents of the Bank, nor seek to be treated as
employees of the Bank for any purpose, including claims of entitlement to fringe benefits provided
by the Bank, or for any kind of income, taxes or benefits. The ISASP alone shall file all applicable
tax returns for all of its personnel assigned hereunder in a manner consistent with its status as an
independent contractor of services; and the ISASP shall make all required payments and
deposits of taxes in a timely manner.
'of 73
/^F"^ffl'<?<
. '' '" ^sa., - .^
'.
i"for-matl°ri i 2
" curity (;e11 S
'^ f^)^. "-ai-
^D^.'
^. 1^°>
10. 7 Waiver
No failure or delay on the part of the Bank relating to the exercise of any right, power, privilege or
remedy provided underthisAgreement shall operate as a waiverof such right, power privilege or
remedy or as a waiver of any preceding or succeeding breach by the ISASP nor shall any single
or partial exercise of any right, power, privilege or remedy preclude any other or further exercise
of such or any other right, power, privilege or remedy provided in this Agreement All of which,
unless expressly stated otherwise, are several and cumulative and are not exclusive of each
other or of any other rights or remedies otherwise available to the Bank at law or in equity.
10. 8 Violation of terms
The ISASP agrees that the Bank shall be entitled to an injunction, restraining order, right for
recovery, suit for specific performance or such other equitable relief as a court of competent
jurisdiction may deem necessary or appropriate to restrain the ISASP from committing any
violation or enforce the performance of the covenants, obligations and representations contained
in this Agreement. These injunctive remedies are cumulative and are in addition to any other
rights and remedies the Bank may have at law or in equity, including without limitation a rightfor
recovery of the amounts due under this Agreement and related costs and a right for damages.
10. 9 Force Majeure
Should either party be prevented from performing any of its responsibilities (as mentioned in the
agreement) by reasons caused by an act of God or any cause beyond its reasonable control, the
time for performance shall be extended until the operation or such cause has ceased. If a Force
Majeure'situation arises, the ISASP shall promptly notify the Bank in writing of such conditions
and the cause thereof within five (05) calendar days. Unless otherwise directed by the Bank in
writing, the ISASP shall continue to perform its obligations under the Contract as far as it is
reasonably practical, and shall seek all reasonable alternative means for performance not
prevented' by the Force Majeure event. In such a case, the time for performance shall be
extended by a period(s) not less than the duration of such delay. If the duration of delay
continues beyond a period of one (01) month, the Bank shall be within its rightjo terminate the
Contract and" the decision of the Bank shall be final and binding on the ISASP in this regard.
Under such circumstances, the Bank shall be required to pay the ISASP only such amounts as
due to it on account of completed items.
10. 10 Prohibition against Project Outsourcing or Sub contract
(a) Notwithstanding anything contained herein or in the RFP or in any other writing, the ISASP
shall not assign, outsource, or sub-contract to any third party, in whole or in part, its duties and
obligations underthe Contract, except with the Bank's priorwritten consent and if so permitted on
such terms and conditions as may be stipulated by the Bank. The Bank shall be within its
absolute right at its sole discretion to refuse/deny the consent and the same shall not be
challenged by the ISASP.
(b) ISASP shall ensure that outsourcing or Subcontracts if permitted by the Bank shall comply
with the provisions of this Agreement underlying the confidentiality obligation. It is clearly
understood that the ISASP shall be solely and primarily responsible to fulfill its obligations and
adhere to the time limits agreed upon and stated in this Agreement irrespective of whether any
sub-Contracting is permitted by the Bank. It is clarified that the Bank shall not be liable or
answerable to the Sub-Contractors under any circumstances. The Bank and/or the RBI shall be
authorized to make inquiries and audit the Sub-Contractors compliance with its obligations and
the ISASP agrees to provide the Bank with such information and access for audit of the Sub-
Contractors, as requested for by the Bank and/or RBI
P %6ôf73
^ / B/!^^
^?sl"^
v^°" i
. se^. ^
T RMD. n.'
T, <r^;^p'
At all times, the Bank and/or the RBI shall have the right to inspect the premises of the Sub-
Contractors directly or through its representatives. All Sub-Contractor's records with respect to
any matters covered by this Agreement and/or as may be required by RBI and/or the Bank shall
be made available to the Bank or its designees as often as the Bank deems necessary, to audit,
examine, and make excerpts or transcripts of all relevant data. The ISASP shall accordingly
incorporate the necessary clauses to that effect in the agreement with the Sub Contractor.
10. 11 Amendments
No change or modification of this Agreement shall be valid unless the same shall be in writing
and signed by both Parties.
10. 12 Counterparts
This Agreement may be signed in two counterparts, each of which is an original and both of
which, taken together, constitutes one and the same instrument.
10. 13Severability
(a) If any of the provisions of this Agreement may be constructed in more than one way, the
interpretation, which would render the provision legal or otherwise enforceable, shall be
accepted.
(b) In the event any Court or other government authority shall determine any provisions in this
Agreement is not enforceable as written, the Parties agree that the provision shall be amended
so that it is enforceable to the fullest extent permissible under the laws and public policies of the
jurisdiction in which enforcement is sought, and affords the Parties the same basic rights and
obligations and has the same economic effect as prior to amendment.
(c) In the event that any of the provisions of this Agreement shall be found to be void, but would
be valid if some part thereof was deleted or the scope, period or area of application were
reduced, then parties shall on mutual consent in writing agree that such provision shall apply with
the deletion of such words or such reduction of scope, period or area of application as may be
required to make such provisions valid and effective; provided however, that on the revocation.
removal or diminution of the law or provisions, as the case may be, by virtue of which such
provisions contained in this Agreement were limited as provided hereinabove, the original
provisions would stand renewed and be effective to their original extent, as if they had not been
limited by the law or provisions revoked. Notwithstanding the limitation of this provision by any
lawfor the time being in force, the Parties undertake to, at all times observe and be bound by the
spirit of this Agreement.
10. 14 Survival of Terms
Any provision or covenant of this Agreement, which expressly, or by its nature, imposes
obligations beyond the expiration, or termination of this Agreement, shall survive such expiration
or termination.
10. 15 Patent Rights
For any licensed software used by the ISASP for performing services or developing software for
the Bank, the ISASP should have right to use as well right to license for the outsourced services
or third party software development. The bank shall have the right to audit the license usaae of
the ISASP.
The ISASP shall grant to the Bank a fully paid-up, irrevocable, non-exclusive license throughout
the territory of Indiaor abroad to access, replicate and use /scripts/software/tools provided by the
supplier to the Bank, including all inventions, designs and marks embodied therein perpetually.
Lof73
1/1/4>
^(LTSI'^
^. on |\
^ 3^-?- ^
« 0^
^T, ^°;-
10. 16 Powers to Vary or Omit Work
No alterations, amendments, omissions, additions, suspensions or variations of the Services

(hereinafter referred to as variation) under this Agreement shall be made bythe ISASP except as
directed in writing by Bank. The Bank shall have full powers, from time to time during the term of
the Agreement, by notice in writing to instruct the ISASP to make any variation without prejudice
to the'Agreement If any suggested variations would, in the opinion of the ISASP, if_carried out,
would prevent it from fuifilling'any of its obligations under the contract, it shall^notify Bank thereof
in writing with reasons for holding such opinion and Bank shallinstruct the ISASPto make such
other modified variation without prejudice to the Agreement. The ISASP shall carry out such
variation and be bound by the same conditions as far as applicable as though the said variations
have been incorporated herein. Any agreed difference in cost occasioned by such variation shall
be added to or deducted from the contract price as the case may be.
In any case in which the ISASP has received instructions from the Bank as to the requirement of
carrying out the altered or additional substituted work which in the opinion of the ISASP, involves
a claim"for additional payments, such additional payments shall be mutually agreed in line with
the terms and conditions of the order.
If any change in the work is likely to result in reduction in cost the parties shall agree in writing so
as to the extent of change in contract price, before the ISASP proceeds with the change. In all
the above cases, in the event of a disagreement as to the reasonableness of the said sum, the
decision of Bank shall prevail.
1017 Expenses & Stamp Duty
All the expenses including stamp duty, levies and other monies payable in connection with the
execution of this Agreement shall be borne by the ISASP only
1 of 73
^ r».4^
^
/- "'^WTffl
Informati00 \
.^ ec'';^ ;
~^^-
D
^. ^. ^°'
IN WITNESS WHEREOF the Parties hereto have duly executed and delivered this Agreement at
the place and on the day and year first above written.
1) Signed, Sealed and Delivered by the Bank;
Through its Authorized Signatory
Mr.
(General Manager, Risk Management Department)
In the presence of
Mr.
, Risk Management, Department, Information Security Cell)
2) Signed, Sealed and Delivered by the ISASP
Through its Authorized Signatory
Mr.
Title:
In the presence of
Mr.
^^
^LTS " ^
fiS'S'i
Se'curW '
WO
'r.^'. ^-
Schedule II
LIST OF LOCATIONS WHERE THE AUDIT IS REQUIRED TO BE CONDUCTED
Data Centre: Bank of India,
Bank of India Administrative Building,
Sector 11, Plot 11,
CBD Belapur, Navi Mumbai.

Head Office: (i) Information Security Cell- RMD.
3rd floor, West Wing,
Star House -1, C-5, G-Block,
Bandra Kurla Complex,
Bandra (E), Mumbai 400 051.
(ii) Inspection & Audit Departiment,

5th floor, Star House - 2, C-4, G-Block,
Bandra Kurla Complex,

Bandra (E), Mumbai 400 051.
Near Site: Bank of India,
MDI, Sector 11, CBD Belapur, Navi Mumbai- 400614.
DR Site: Bank of India,
HP Digital Park premises, HP. 39 digital park, EC1, Bangalore, Bangalore- 560100, India
Any other location, as per requirement and as decided by the Bank.
if 73
'^"Tffi<^,
^^^ r
\-ff .
n:?' .*
^ ^0.'
. W. I^'J
Annexure -1
List of Existing Empaneled ISASPs
Grou A
1. M/s. KPMG
2. M/s. Deloitte Touche Tohmatsu India Private Limited
3. M/s. PricewaterhouseCoopers Private Limited
4. M/s. Ernst & Young LLP
5. M/s. Grant Thornton Bharat LLP (M/s. Grant Thornton India)
Grou B
6. M/s. AAA Technologies Private Limited
7. M/s. BDO India
8. M/s. AKS IT Services
9. M/s. Digital Age Strategies
-x-x-x- EOD -x-x-x-

^6ag^gf73
^.g^p;/
ff. w. l^

Bank of India, Head Office, Infosec Cell - RFP For Empanelment of Isasp

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bank of India, Head Office, Infosec Cell - RFP For Empanelment of Isasp

Uploaded by

Copyright:

Available Formats

BANK OF INDIA, HEAD OFFICE, INFOSECCELL- RFP FOR EMPANELMENTOF ISASP

REQUEST FOR PROPOSAL (RFP)

Ref: HO: HO:RMD:ISC:RGP:2022-23:252

This document is prepared by Bank of India for its Empanelment of Information

NOTE: 9 Existin Em anelled vendors as er Annexure -1 need not to

PART DESCRIPTION PAGE NO.

1. INVITATION TO BID (ITB) 3

4. TERMS & CONDITIONS OF CONTRACT (TCC) 23

6. BID FORMS AND OTHER FORMS 29

3. General Terms and Conditions in brief:-

a) The already empaneled vendors need not apply again.

o) Upon empanelment, Bidder is required to enter into an appropriate Service Level

4. Non Refundable Bid Amount:-

The empanelment of ISASPs is proposed to be from empanelment date to till 31st

6. Schedule / Relevant Dates of this RFP:-

Do not open before 15.03.2023, 3:30 pm

A. Introduction D. Submission of Bids

3.1 General Background 3. 15 Preliminary Examination

3.2 Broad Scope of Work 3. 16 Technical Bid Evaluation Table

3.3 Consortium 3. 17 Awarding of Assignment

3.4 Cost of Bidding. 3. 18 Contracting the Bank

3.5 Eligibility Criteria E. Award of Contract

B. Bidding Documents 3. 19 Bank's Rights

3.6 Content of Bidding Documents 3.20 Notification of Award

3.7 Clarification of Bidding Documents 3. 21 Signing of Contract

3.8 Amendment of Bidding Documents

3.9 Language of Bid

3. 10 Format / Documents & Signing of the

3. 12 Documents establishing eligibility

3. 14 Period of Validity of Bids

3. 2 Broad Scope of Work [SoW]

1) Services on Information Security & Audit Projects and Security Certifications

3.5 Eligibility Criteria - Pre-Requisite Qualification

Sr. Eligibility Criteria Enclose - Required To be

Bidder should be empaneled with CERT-IN. CERT-IN Certificate EC-2

Bidders should have experience & expertise in 1 > Details of Assignments EC - 3

Fair Practice Code by Bidder - No [Black SeIf-Declaration giving EC-6

NOTES on Qualification / Eligibility Criteria:-

B. The Bidding Documents

3. 6 Content of Bidding Document/s

(a) PART 1 - Invitation To Bid (ITB)

3. 7 Clarification of Bidding Document/s

3. 7. 2 Pre-bid meeting is required will be intimated separately by email.

3.8 Amendment of Bidding Documents

3. 10 Format / Documents & Signing of the Bid

3. 10. 5 A Non-disclosure Agreement as per FORMAT - 6.2

3. 10. 6 Service Level Agreement (SLA) as per FORMAT - 6. 14

3. 11 Documents Establishing Bidder's Eligibility and Qualifications

3. 12 Documents Establishing Eligibility and Conformity to Bidding Documents as per

3. 13. Bid Security

The successful completion of the assignment/s, Bid security will be discharged.

The Bid security may be forfeited:

3. 14 Period of Validity of Bids

The General Manager,

3. 16 Technical BID Evaluation

Sr. Activities / Details Max Marks Scored

Total No of Assignments carried out in BFSI related to IS / ISAC 25

Total No of Assignments carried out for IS / ISAC related activities 15

Total No. of Skilled Employees / Resources available as per the 15

No. of Years' Existence/Establishment in IS/ISAC related activities 10

Technical Skill Credentials (extra ordinary activities) - Proprietary 10

Certifications/Accreditations relevant to IS/ IS Audit Services Q5

Presentation on Audit Methodologies, with description of Tools, 20