REQUEST FOR PROPOSAL (RFP) for Architecture

review of private cloud setup

Tender Notice (For empanelled vendors only )

REQUEST
FOR
PROPOSAL (RFP)
For
Architectural Review of Private Cloud Setup

Ref BOI: HO: IT:INFRA:2039 Dated 02.02.2024

Classification: Confidential
Page 1 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

BANK OF INDIA, HEAD OFFICE

INFORMATION TECHNOLOGY DEPARTMENT
Bank of India, a body corporate, established under the Banking Companies (Acquisition and
Transfer of Undertakings) Act 1970, having its Head Office at Bank of India, Star House, ‘G’
Block, Bandra Kurla Complex, Bandra (East), Mumbai – 400 051, India, invites, from service
providers, sealed Bids for Architectural review of Private Cloud setup as per the
specifications, terms, conditions and scope given in detail in this RFP document.

The brief details of the Scope of this RFP are as follows:

1) Bank of India intends to review the architecture of on-premises Private Cloud setup
deployed at its DC,DR & NDR sites .

2) The interested bidders/vendors from Group A Empaneled Audit Firms empaneled under
RFP Process HO:RMD:ISC:RGP:2022-23:252 Dated 28.02.2023 and RFP dated
20.08.2020 may collect this Request for Proposal (RFP) from the Information Technology
Department, Head Office located at the address as mentioned below after depositing a
non-refundable Demand draft / Pay Order for Rs. 10,000/- (Rupees Ten Thousand only)
favoring Bank of India. The RFP/bidding document /corrigendum/clarifications can also
be downloaded from Bank’s website http://www.bankofindia.co.in under the Tenders
section. However, the bidder shall have to submit a Demand draft/Pay Order as above
along with the bid.

3) Alternatively, bidder may submit cost of Bid online by way of RTGS/NEFT in Bank’s
designated account i.e. “Account No. “01220SUNCR822 Account Name - Collection
Account for Estate” having IFSC- BKID0000122 (Bank of India, Bandra Kurla Complex
Branch).

The details of remittance to be sent mandatorily, to the Bank by the bidder before the last
date/time mentioned in the RFP/Corrigendum.

In case of non-receipt of remittance made by the bidder by last date / time mentioned in
the RFP/Corrigendum, the cost of bid shall not be considered.

4) Bidding in consortium is not permitted. Any bid submitted under consortium will be
summarily rejected. Sub-contracting of contract is also not permitted.

5) In this regard, a two-envelope bidding procedure (Technical Bid and Price Bid) in separate
envelopes will be adopted. The technically complete and commercially competitive bids
shall be submitted in two parts viz. Technical Bid and Price Bid in separate sealed covers.

Page 2 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

6) The Bids should be delivered to the address mentioned below with acknowledgement
due so as to reach before 15:00 hours on or before 16.02.2024. If the last day of
submission of bid is a declared holiday under Negotiable Instruments Act by the
Government subsequent to the issuance of RFP, the next working day will be deemed to
be the last date of submission of the Bid. The bids, which are received after the above-
mentioned date and time, are liable to be rejected at the discretion of the Bank.

7) The Bank shall not be liable for non-delivery of documents due to Postal/Courier delay or
loss of documents in transit, etc., if any, in submitting the Bid. The Bid shall be opened in
the presence of the bidders on 16.02.2024 at 16:00 hours at the below mentioned
premises. The bidder’s representative needs to be present either physically at our Office
or via WebEx during the Bid opening, well in time along with the authorization letter from
the bidder’s company. The important dates / schedules for the above RFP shall be as
following:

Date and Time of commencement of

02.02.2024
inspection / Sale of Bid Document
Last date for any clarification 06.02.2024 16:00 hours

07.02.2024 15:00 hours

Online Pre bid meeting date & time (If
Pre-bid meeting will be conducted online
required)
through WebEX. Details for the same will be
made available in tender section of our
corporate website at a suitable time.

Last Date and Time for Receipt of Bids at

16.02.2024 15:00 hours
Bank of India (Address as given below)
Date and Time of opening of
16.02.2024 16:00 hours
eligibility/Technical Bids
The General Manager,
Bank of India Star House-3,
Address for Communication and
PNB BOI Tower, Bank of India Head Office,
submission of bid
C29, ‘G’ Block, I.T. Department, 10th floor, Bandra
Kurla Complex, Bandra (East), Mumbai – 400 051
Bid document Availability Bidding Document to be downloaded from the
Tender section of our Bank’s web-site
www.bankofindia.co.in

8) For any technical clarification, the contact person is

Shri. Ankur Choudhary
Senior Manager, IT
Page 3 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

Contact No. 02267447324

Email-id – Ankur.Choudhary@bankofindia.co.in
Shri. Deepak Prakash
Chief Manager, IT
Contact No. 022-61289470
Email-id – deepak.prakash@bankofindia.co.in .

9) The Bank reserves the right to change the dates mentioned below or in the RFP, which
will be communicated in Tender section of bank’s website
(https://www.bankofindia.co.in).

10) The bidder is required to comply the all criteria/ related experience etc., as on Bid
Submission date.

Page 4 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

Table of Contents

Contents
1 Introduction 6
2 Scope of Work 6
3 Eligibility Criteria 7
4 Reporting and compliance requirements 7
5 Compliance verification 8
6 Manpower specifications 8
7 Payment terms 8
8 Service level expectations 8
9 Bid submission 9
10 Bid evaluation 9
11 Bid Cost & Ernest money deposit 10
12 Other details 10

Page 5 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

1 Introduction

Bank of India (hereinafter referred as “Bank”), having registered office in Mumbai, is one
of the largest Public sector bank in India.

Bank of India is one of the largest public banks in India with a Branch network of more than
5000 branches in India and more than 50 branches / offices in 21 countries overseas

Presently Bank has overseas presence in 21 foreign countries spread over 5 continents –
more than offices including 4 Subsidiaries, 1 Representative Office and 1 Joint Venture, at
key banking and financial center’s viz., Tokyo, Singapore, Hong Kong, London, Paris, New
York and DIFC Dubai.

2 Scope of Work

Bank intends to conduct the review of architecture of Private Cloud setup through Group
A Empaneled Audit Firms empaneled under RFP Process HO:RMD:ISC:RGP:2022-
23:252 Dated 28.02.2023 and RFP dated 20.08.2020

Below are the scope details of requirements

Sr Scope of Work
No
1 Verify how frequently application architecture is updated.
Verify if application architecture and design decisions are properly documented
2 and supported by justifications or rationale.

Assess the application architecture for the presence of redundancy mechanisms

3 that provide high availability.

Determine if the application architecture has provisions for scalability to handle

4 future growth and accommodate changes.

Review the documented disaster recovery plan for the application architecture
5 and assess its adequacy.

Verify if application architecture and design decisions are properly documented

6 and supported by justifications or rationale.

Check whether the team has formed a self-resilient architecture, especially

management layer should be in High Availability that requires minimal monitoring
7
and support.

Page 6 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

Check whether system is having a centralized architecture with web or Graphical

User Interface (GUI) based dashboard console to monitor, reporting, notification,
8 maintaining and policy push for the registered users centrally. This should be a
single console for service management, infra management and configuration
management.
Check Process of reporting incidents related to architecture, security etc
9 Validation of incident management process in place

Check that proposed Architecture should meet the latest Security aspects,
10 regulatory requirements, resilience to cater the requirements of the Digital
Transactions load in the Banking and High Availability
Verify the architecture of DC,DR and NDR setup
11

3 Eligibility Criteria

a) The Bidder firm is a part of Group- A empaneled Auditors under ISASP empanelment
of Bank (RFP Ref No: HO:RMD:ISC:RGP:2022-23:252 Dated 28.02.2023 and RFP
dated 20.08.2020 )
b) The bidder firm is having valid cert-in empanelment for providing Information Security
Services as on RFP date of bid submission
c) The bidder firm has executed the SLA & NDA agreements with the Bank as a part of
ISASP empanelment of Bank.
d) The Bidder firm has submitted the desired bid cost to the Bank.

4 Reporting and compliance requirements

All reports submitted as deliverables of this RFP requirement should meet following
requirements

a) All the reports should carry logo of the audit firm and signed by authorized signatory
b) Executive summary report
c) Description on methodology of assessment
d) Key observation with criticality rating
e) Risk mitigation recommendations
f) Report in Custom/Bank specific format if required
g) Reports shall be used for regulatory reporting

Page 7 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

5 Compliance verification

a) After Management acceptance of the report, the owner would comply with the
recommendations
b) The audit team shall complete the validation exercise within 10-15 days from such
request by Bank
c) The Bank may seek two iterations for compliance verification exercises within 01 month
of report submission for all activities.

6 Manpower specifications

a) The deployed resources for evaluation must have experience of 5 years for review of
critical Private Cloud architecture.
b) Resources shall visit Bank’s Navi Mumbai office as per Bank’s requirement for
assessment on all Bank working Days.
c) Resources should not be involved in any concurrent assessment / any audit for the
Bank.

7 Payment terms

Sr. Areas Payment Milestone 1 Payment Milestone 2

1 Architecture review of Private 80% after completion of 20% after completion of
Cloud setup Architecture Review compliance of open
and Submission of 1st points and submission of
Observation Report final observation report .

8 Service level expectations

a) Assessment and Reporting needs to be completed within 14 working Days. Bidder

shall deploy sufficient resources for assessment.
b) Bank may seek increase in scope on pro-rata basis at the rate quoted in commercial
bid during contract period.
c) For non-adherence of terms & conditions specified in RFP/ SLA Contract
document, un-satisfactory operation of services, delay in providing the services,
breach of agreed level of service, a penalty of 10% of contract (1 % per week of
delay) amount shall be levied and the Bank may at its discretion simultaneously
terminate the contract.

Page 8 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

d) Bidder is required to deploy resources on all Bank’s working days for all the
activities of RFP.
e) Maximum penalty will be 10% of overall contract value.

9 Bid submission

a) The technical and commercial bids should be in two separate sealed covers clearly
marked as ‘TECHNICAL BID’ and ‘COMMERCIAL BID’
b) .The TECHNICAL BID should include:

i. Signed and stamped copy of RFP & all corrigendum as unconditional acceptance of
RFP terms.
ii. Detailed methodology for various activities including the project plan with POAM
(Plan of action and tentative milestones).
iii. The List of proposed resources with area of expertise and past experience.
iv. Any one reference PO of any public sector bank/BFSI institution on review of
architecture of cloud setup
v. The Cert-in empanelment proof
vi. Confirmation that the proposed resources are on Bidder’s payroll and have due
background / police verifications. The Bank will require the police verification reports
before onsite deployment of resources for longer durations.

vii. One masked copy of Annexure – A to validate that all items are properly understood
& filled by the bidder. The Rates should not be visible in the same.

The indicative commercial bid with price details should be submitted in separate
envelope in format as per Annexure: A.

.
10 Bid evaluation

a) The Bids not meeting the eligibility criteria shall be rejected.

b) The Technical evaluation will be done for firms meeting Eligibility criteria. Bank will
validate the submission of required documents and information as outlined above.

Page 9 of 11
 REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

c) The Bids not meeting technical evaluation requirements shall be rejected. Commercial
Bid shall be opened only for technically successful bids.
d) L1 means the Bidder who has quoted lowest price in the commercial bid.
e) Commercial bids quoted in any other currency than INR will be disqualified.
f) Bank shall enter into project specific SLA agreement with L1 bidders for delivery of
services.

11 Bid Cost & Ernest money deposit

Bidder shall submit the Bid with Non-refundable Bid Cost Amount of Rs.10,000/- (Ten
thousand rupees only) by DD / PO / PS Favoring Bank of India.

Bidder shall submit the Bid with refundable EMD Amount of Rs.20,000/- (Twenty thousand
rupees only) by DD / PO / PS/bank guarantee Favoring Bank of India.

12 Other details

1. The Professional Services are to be carried out as per the compliance requirements
from Reserve Bank of India [RBI], Indian Cyber Law 2013, Guidelines from NCIIPC /
Cert-IN, Overseas Regulators and various standards like ISO 27000, PCI-DSS, ISO
22301 etc.

2. Service Provider shall provide detailed remediation recommendation guidance

including step by step instructions on how to address the threats captured.

3. Imparting effective knowledge transfer to Bank Officials as to how Assessment has

carried out what type of tools were used and how they were used. The knowledge
transfer shall be done at Bank’s site.

4. Selected vendor has to execute Service Level Agreement with the Bank separately
and has to provide Performance Bank Guarantee for 5% of contract value.

5. The Resources deployed for activities should have the relevant prior experience. The
Bank may seek their profiles prior to engagement and may desire for change.

6. Kindly submit your proposals [Bids] in the desired format.

Page 10 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup

Annexure: A
Price / Commercial BID Proposal
(On Bidders letter head)

[TO BE SUBMITTED IN A CLOSED COVER]

BOI Reference No. : Ref BOI: HO: IT:INFRA:2039 Dated 02.02.2024

Project / Assignment: Architecture Review of Private Cloud Setup

1> Detail of Single Point of Contact [SPOC]:-

Name:-
Office Phone:-
Mobile:-
Email Address:-

2> Detail of Project Manager:-

Name:-
Office Phone:-
Mobile:-
Email Address:-

Sr. Areas Activity Unit

Price
(In Rs.)
1 Architecture review of Private Cloud setup One Time

Total Price (In Numbers)

Total Price (In Words) -

[Name and seal of the Company]

__________________
(Signature of the Authorized Official)
Name:-
Date: - Designation:-

Page 11 of 11