Professional Documents
Culture Documents
REQUEST
FOR
PROPOSAL (RFP)
For
Architectural Review of Private Cloud Setup
Classification: Confidential
Page 1 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
1) Bank of India intends to review the architecture of on-premises Private Cloud setup
deployed at its DC,DR & NDR sites .
2) The interested bidders/vendors from Group A Empaneled Audit Firms empaneled under
RFP Process HO:RMD:ISC:RGP:2022-23:252 Dated 28.02.2023 and RFP dated
20.08.2020 may collect this Request for Proposal (RFP) from the Information Technology
Department, Head Office located at the address as mentioned below after depositing a
non-refundable Demand draft / Pay Order for Rs. 10,000/- (Rupees Ten Thousand only)
favoring Bank of India. The RFP/bidding document /corrigendum/clarifications can also
be downloaded from Bank’s website http://www.bankofindia.co.in under the Tenders
section. However, the bidder shall have to submit a Demand draft/Pay Order as above
along with the bid.
3) Alternatively, bidder may submit cost of Bid online by way of RTGS/NEFT in Bank’s
designated account i.e. “Account No. “01220SUNCR822 Account Name - Collection
Account for Estate” having IFSC- BKID0000122 (Bank of India, Bandra Kurla Complex
Branch).
The details of remittance to be sent mandatorily, to the Bank by the bidder before the last
date/time mentioned in the RFP/Corrigendum.
In case of non-receipt of remittance made by the bidder by last date / time mentioned in
the RFP/Corrigendum, the cost of bid shall not be considered.
4) Bidding in consortium is not permitted. Any bid submitted under consortium will be
summarily rejected. Sub-contracting of contract is also not permitted.
5) In this regard, a two-envelope bidding procedure (Technical Bid and Price Bid) in separate
envelopes will be adopted. The technically complete and commercially competitive bids
shall be submitted in two parts viz. Technical Bid and Price Bid in separate sealed covers.
Page 2 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
6) The Bids should be delivered to the address mentioned below with acknowledgement
due so as to reach before 15:00 hours on or before 16.02.2024. If the last day of
submission of bid is a declared holiday under Negotiable Instruments Act by the
Government subsequent to the issuance of RFP, the next working day will be deemed to
be the last date of submission of the Bid. The bids, which are received after the above-
mentioned date and time, are liable to be rejected at the discretion of the Bank.
7) The Bank shall not be liable for non-delivery of documents due to Postal/Courier delay or
loss of documents in transit, etc., if any, in submitting the Bid. The Bid shall be opened in
the presence of the bidders on 16.02.2024 at 16:00 hours at the below mentioned
premises. The bidder’s representative needs to be present either physically at our Office
or via WebEx during the Bid opening, well in time along with the authorization letter from
the bidder’s company. The important dates / schedules for the above RFP shall be as
following:
9) The Bank reserves the right to change the dates mentioned below or in the RFP, which
will be communicated in Tender section of bank’s website
(https://www.bankofindia.co.in).
10) The bidder is required to comply the all criteria/ related experience etc., as on Bid
Submission date.
Page 4 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
Table of Contents
Contents
1 Introduction 6
2 Scope of Work 6
3 Eligibility Criteria 7
4 Reporting and compliance requirements 7
5 Compliance verification 8
6 Manpower specifications 8
7 Payment terms 8
8 Service level expectations 8
9 Bid submission 9
10 Bid evaluation 9
11 Bid Cost & Ernest money deposit 10
12 Other details 10
Page 5 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
1 Introduction
Bank of India (hereinafter referred as “Bank”), having registered office in Mumbai, is one
of the largest Public sector bank in India.
Bank of India is one of the largest public banks in India with a Branch network of more than
5000 branches in India and more than 50 branches / offices in 21 countries overseas
Presently Bank has overseas presence in 21 foreign countries spread over 5 continents –
more than offices including 4 Subsidiaries, 1 Representative Office and 1 Joint Venture, at
key banking and financial center’s viz., Tokyo, Singapore, Hong Kong, London, Paris, New
York and DIFC Dubai.
2 Scope of Work
Bank intends to conduct the review of architecture of Private Cloud setup through Group
A Empaneled Audit Firms empaneled under RFP Process HO:RMD:ISC:RGP:2022-
23:252 Dated 28.02.2023 and RFP dated 20.08.2020
Sr Scope of Work
No
1 Verify how frequently application architecture is updated.
Verify if application architecture and design decisions are properly documented
2 and supported by justifications or rationale.
Review the documented disaster recovery plan for the application architecture
5 and assess its adequacy.
Page 6 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
Check that proposed Architecture should meet the latest Security aspects,
10 regulatory requirements, resilience to cater the requirements of the Digital
Transactions load in the Banking and High Availability
Verify the architecture of DC,DR and NDR setup
11
3 Eligibility Criteria
a) The Bidder firm is a part of Group- A empaneled Auditors under ISASP empanelment
of Bank (RFP Ref No: HO:RMD:ISC:RGP:2022-23:252 Dated 28.02.2023 and RFP
dated 20.08.2020 )
b) The bidder firm is having valid cert-in empanelment for providing Information Security
Services as on RFP date of bid submission
c) The bidder firm has executed the SLA & NDA agreements with the Bank as a part of
ISASP empanelment of Bank.
d) The Bidder firm has submitted the desired bid cost to the Bank.
All reports submitted as deliverables of this RFP requirement should meet following
requirements
a) All the reports should carry logo of the audit firm and signed by authorized signatory
b) Executive summary report
c) Description on methodology of assessment
d) Key observation with criticality rating
e) Risk mitigation recommendations
f) Report in Custom/Bank specific format if required
g) Reports shall be used for regulatory reporting
Page 7 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
5 Compliance verification
a) After Management acceptance of the report, the owner would comply with the
recommendations
b) The audit team shall complete the validation exercise within 10-15 days from such
request by Bank
c) The Bank may seek two iterations for compliance verification exercises within 01 month
of report submission for all activities.
6 Manpower specifications
a) The deployed resources for evaluation must have experience of 5 years for review of
critical Private Cloud architecture.
b) Resources shall visit Bank’s Navi Mumbai office as per Bank’s requirement for
assessment on all Bank working Days.
c) Resources should not be involved in any concurrent assessment / any audit for the
Bank.
7 Payment terms
Page 8 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
d) Bidder is required to deploy resources on all Bank’s working days for all the
activities of RFP.
e) Maximum penalty will be 10% of overall contract value.
9 Bid submission
a) The technical and commercial bids should be in two separate sealed covers clearly
marked as ‘TECHNICAL BID’ and ‘COMMERCIAL BID’
b) .The TECHNICAL BID should include:
i. Signed and stamped copy of RFP & all corrigendum as unconditional acceptance of
RFP terms.
ii. Detailed methodology for various activities including the project plan with POAM
(Plan of action and tentative milestones).
iii. The List of proposed resources with area of expertise and past experience.
iv. Any one reference PO of any public sector bank/BFSI institution on review of
architecture of cloud setup
v. The Cert-in empanelment proof
vi. Confirmation that the proposed resources are on Bidder’s payroll and have due
background / police verifications. The Bank will require the police verification reports
before onsite deployment of resources for longer durations.
vii. One masked copy of Annexure – A to validate that all items are properly understood
& filled by the bidder. The Rates should not be visible in the same.
The indicative commercial bid with price details should be submitted in separate
envelope in format as per Annexure: A.
.
10 Bid evaluation
Page 9 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
c) The Bids not meeting technical evaluation requirements shall be rejected. Commercial
Bid shall be opened only for technically successful bids.
d) L1 means the Bidder who has quoted lowest price in the commercial bid.
e) Commercial bids quoted in any other currency than INR will be disqualified.
f) Bank shall enter into project specific SLA agreement with L1 bidders for delivery of
services.
Bidder shall submit the Bid with Non-refundable Bid Cost Amount of Rs.10,000/- (Ten
thousand rupees only) by DD / PO / PS Favoring Bank of India.
Bidder shall submit the Bid with refundable EMD Amount of Rs.20,000/- (Twenty thousand
rupees only) by DD / PO / PS/bank guarantee Favoring Bank of India.
12 Other details
1. The Professional Services are to be carried out as per the compliance requirements
from Reserve Bank of India [RBI], Indian Cyber Law 2013, Guidelines from NCIIPC /
Cert-IN, Overseas Regulators and various standards like ISO 27000, PCI-DSS, ISO
22301 etc.
4. Selected vendor has to execute Service Level Agreement with the Bank separately
and has to provide Performance Bank Guarantee for 5% of contract value.
5. The Resources deployed for activities should have the relevant prior experience. The
Bank may seek their profiles prior to engagement and may desire for change.
Page 10 of 11
REQUEST FOR PROPOSAL (RFP) for Architecture
review of private cloud setup
Annexure: A
Price / Commercial BID Proposal
(On Bidders letter head)
__________________
(Signature of the Authorized Official)
Name:-
Date: - Designation:-
Page 11 of 11