This action might not be possible to undo. Are you sure you want to continue?
Baroda Corporate Centre, Mumbai
Request for Proposal (RFP) for Selection of Service Provider for Conducting Comprehensive Audit of IT Infrastructure ( Data Centre/Disaster Recovery Centre)
Bank of Baroda Project Office Baroda Corporate Centre Mumbai Nov 03, 2009
RFP Document for Comprehensive audit of IT Systems
Page 1 of 48
Project Office, BCC, Mumbai
Created on 03/11/2009
Bank of Baroda
Baroda Corporate Centre, Mumbai
[A] Important Dates : 1. Issuance of RFP Document by Bank from 2. Last Date of Submission of Response by the Bidder : : 06/11/2009 30/11/2009
[B] Important Clarifications : Following terms are used in the document interchangeably to mean:
1. Bank of Baroda, BOB, BoB, and Bank means “Bank of Baroda”. 2. Recipient, Respondent and Bidder means “Respondent to the RFP Document’. 3. RFP means the “Current RFP Document” 4. SP Means the “Service Provider”
This document is meant for the specific use by the Company / person/s interested to participate in the current tendering process. This document is in its entirety is subject Copyright laws. Bank of Baroda expects the bidders or any person acting on behalf of the bidders to strictly adhere to the instructions given in the document and maintain confidentiality of information. The bidders will be held responsible for any misuse of the information contained in the document and liable to be prosecuted by Bank of Baroda in the event of such a circumstance is brought to the notice of the Bank. By downloading the document, the interested party is subject to confidentiality clauses.
RFP Document for Comprehensive audit of IT Systems
Page 2 of 48
Project Office, BCC, Mumbai
Created on 03/11/2009
Bank of Baroda
Baroda Corporate Centre, Mumbai
Section – I
RFP Document for Comprehensive audit of IT Systems
Page 3 of 48
Project Office, BCC, Mumbai
Created on 03/11/2009
Bank of Baroda
Baroda Corporate Centre, Mumbai
Introduction and Disclaimer
This Request for Proposal document (“RFP”) has been prepared solely to enable Bank of Baroda in the selection of suitable organizations to tender for the provision for conducting Comprehensive Audit of the IT infrastructure installed under the Technology Enabled Business Transformation Project. The RFP document is not a recommendation, offer or invitation to enter into a contract, agreement or other arrangement in respect of the services. The provision of the services is subject to observance of selection process and appropriate documentation being agreed between Bank of Baroda and any successful bidder as identified after completion of the selection process as detailed under Section – III, Para 22. 2. Information Provided
The RFP document contains statements derived from information that is believed to be reliable at the date obtained but does not purport to provide all of the information that may be necessary or desirable to enable an intending contracting party to determine whether or not to enter into a contract or arrangement with Bank of Baroda in relation to the provision of services. Neither Bank of Baroda nor any of its employees, agents, contractors, or advisers gives any representation or warranty, express or implied as to the accuracy or completeness of any information or statement given or made in this RFP document. Neither Bank of Baroda nor any of its employees, agents, contractors, or advisers has carried out or will carry out an independent audit or verification or due diligence exercise in relation to the contents of any part of the RFP document. 3. For Respondent Only
The RFP document is intended solely for the information of the party to whom it is issued and no other person or organisation. 4. Service Provider Eligibility Criteria The SP company is required to meet the following eligibility criteria and provide adequate documentary evidence for each of the criteria stipulated below: 1. SP Must be a Government Organization/PSU/PSE/partnership firm/LLP or limited company. 2. SP Must be in existence for five years as on 31.03.2009 (in case of mergers/acquisition/restructuring or name change, the date of establishment of the earlier/original Partnership Firm/Limited Company can be taken in to account). 3. Must have a minimum turnover of atleast Rs 2 Billion in the past two years out of which, at least, 25% of the revenue must have come from the testing & Consulting Services
RFP Document for Comprehensive audit of IT Systems
Page 4 of 48
Project Office, BCC, Mumbai
Created on 03/11/2009
The Engagement Manager must have at least experience of the Testing Services and Audit Services for 3 years. statements. and submission of responses. Must not be application implementor/Solution providers. 7. Disclaimer Subject to any law to the contrary. Mumbai Created on 03/11/2009 . estimates. Must have the experience in reviewing of IT Infrastructure Systems. agents. Must have on rolls at least one Project Manager and one additional member who has similar experience as that of the (Project Manager) team leader who would have personally involved in at least one similar assignment. Bank of Baroda and its officers. Must have made profits for the past 3 years in succession 5. agent. and advisers disclaim all liability from any loss or damage (whether foreseeable or not) suffered by any person acting on or refraining from acting because of any information. preparation. 7. or projections contained in this RFP document or conduct ancillary to it whether or not the loss or damage arises in connection with any negligence. or made available by the Recipient to any other party. employee. transmitted. director. or advisers. Must not be a direct competitor providing solution/application being provided/ Implemented by Hewlett Packard to the Bank. employees. 8. 6. Confidential RFP Document for Comprehensive audit of IT Systems Page 5 of 48 Project Office. contractors. assistance providers for implementation with an alliance with Hewlett Packard in Bank of Baroda’s Project. The Recipient acknowledges that any such revised or amended document is received subject to the same terms and conditions as this original and subject to the same confidentiality undertaking. suppliers. agents. Costs Borne by Respondents All costs and expenses incurred by Recipients / Respondents in any way associated with the development. Must have never been blacklisted/barred/disqualified by any regulator/statutory body. lack of care or misrepresentation on the part of Bank of Baroda or any of its officers. 6. Bank of Baroda may update or revise the RFP document or any part of it. or agents without the prior written consent of Bank of Baroda. Confidentiality The RFP document is confidential and is not to be reproduced. contractors. BCC. 9. and to the maximum extent permitted by law. or other person associated or affiliated in any way with Bank of Baroda or any of its customers. employees. 5. omission.Bank of Baroda Baroda Corporate Centre. Must have existence in India. Mumbai 4. default. consultant. including forecasts. The RFP document is provided to the Recipient on the basis of the undertaking of confidentiality given by the Recipient to Bank of Baroda. The Recipient will not disclose or discuss the contents of the RFP document with any officer. 10.
Mumbai Created on 03/11/2009 • Confidential RFP Document for Comprehensive audit of IT Systems . 8. intending bidders should pay along with RFP an Earnest Money Deposit of Rs 50. discussions. The earnest money shall be paid by Demand Draft/Bankers Cheque/Pay Order drawn in favour of Bank of Baroda – payable at Mumbai.000/. which may result from. apply whatever criteria it deems appropriate in the selection of Service Provider. or warranty given in this RFP document.Bank of Baroda Baroda Corporate Centre. 9. The Respondent withdraws his tender after processing but before acceptance of “Letter of Selection for Final RFP” issued by Bank. The EMD will be refunded immediately to non-Selected RFP Respondents. 10. The Recipient acknowledges by submitting its response to this RFP document that it has not relied on any information. 11. representation. demonstrations. The RFP document will not be construed as any contract or arrangement. In case of selected respondents the deposit will be adjusted against the Security Deposit payable under the terms of contract. The EMD made by the bidder will be forfeited if : • • • The Respondent withdraws his tender before processing the same. Mumbai including but not limited to attendance at meetings. The Respondent violates any of the provisions of the term and conditions of this tender specification. Recipient’s Obligation to Inform Itself The Recipient must conduct its own investigation and analysis regarding any information contained in the RFP document and the meaning and impact of that information. The Selected Respondent withdraws his tender before furnishing an unconditional and irrevocable Performance Bank Guarantee/Security Deposit.(Rs fifty thousands only). Page 6 of 48 Project Office. etc. will be borne entirely and exclusively by the Recipient / Respondent. No Legal Relationship No binding legal relationship will exist between any of the Recipients / Respondents and Bank of Baroda until execution of a contractual agreement.a Earnest Money Deposit As part of compliance. The earnest money will not carry any interest. Evaluation of Offers Each Recipient acknowledges and accepts that Bank of Baroda may. in its absolute discretion. BCC. not limited to those selection criteria set out in this RFP document. the issue of this RFP document or any investigation or review carried out by a Recipient. and providing any additional information required by Bank of Baroda.
c ) Performance Bank Guarantee :The Selected bidder has to provide an unconditional and irrevocable Performance Bank Guarantee of 10% of the contract value from the Public Sector Bank in India (Other than Bank of Baroda) towards due performance of the contract in accordance with the specifications. be deemed to have accepted the terms as stated above from Para 1 through Para 12. 11. 12. 11. 11.e. Amount of Security Deposit will be rounded off to the nearest thousand. The application money is non-refundable. Confidential RFP Document for Comprehensive audit of IT Systems Page 7 of 48 Project Office. or discrepancy found in this RFP document. Excess amount of EMD (i. b) Security Deposit. The Bank Guarantee shall be kept valid three months . however if the EMD amount is less than the amount equivalent of contract value then the successful bidder has to deposit the difference amount (i.e Execution of SLA/NDA: The SP company must execute (a) a Service Level Agreement. Mumbai 11. within 15 days from the date of letter of indent (LOI). by responding to Bank of Baroda RFP. omission.(rupees Five Thousand only) The application money shall be paid by Demand Draft/Banker’s Cheque/Pay Order drawn in favour of Bank of Baroda payable at Mumbai.Bank of Baroda Baroda Corporate Centre. The SP must execute the SLA and NDA within one month from the date of acceptance of Letter of Appointment. Mumbai Created on 03/11/2009 . within one week from the date of awarding the contract. 13.e 5% of the contract value – EMD amount) by way of Demand Draft/Banker’s Cheque/Pay Order drawn in favor of the Bank of Baroda payable at Mumbai. The EMD amount deposited by the successful bidder will be converted as security Deposit. Acceptance of Terms A Recipient will. Errors and Omissions Each Recipient must notify Bank of Baroda of any error. BCC. The Security deposit will be refunded by the bank after successful completion of the project. beyond the tentative completion period of project.d Application Money The intending bidders should pay along with bids an Application money of Rs 5000/. EMD – 5% of the contract value) of successful bidder will be refunded by the bank with two weeks from the date of acceptance of contract. which would include all the services and terms and conditions of the services to be extended as detailed herein and as may be prescribed by the Bank and (b) Non-disclosure Agreement. terms and conditions of RFP document. Bank Guarantee in lieu of Security Deposit is not acceptable.
Mumbai 14. In case of partnerships / consortium.1). If the submission to this RFP does not include Confidential RFP Document for Comprehensive audit of IT Systems Page 8 of 48 Project Office. Submission is not by Fax transmission. 14. Block – G. Bandra – Kurla Complex. Lodgment of RFP Response (To be read in conjunction with Section – III. Mumbai Created on 03/11/2009 .Operations) Bank of Baroda . Only One Submission Permitted Only one submission of response to RFP by each Vendor / Service Provider will be permitted. and details required. Submission of Response to Bank of Baroda Two (2) paper copies and one (1) electronic copy (Microsoft XP Word and Excel. only one submission is permitted through the lead vendor / service provider.1 RFP Closing Date for submission of response RFP Response may be received by the officials indicated below no later than 4:00 pm (Indian Time – GMT +5:30) 30 Nov 2009.Bank of Baroda Baroda Corporate Centre. Bandra (East) Mumbai – 400051 India For any further clarification you may contact Mr AK Singh Chief manager (Projects & IT Operations) LL 022-66985254 Mr S Salunke 022-66985234 Submission will be valid if : • • • • Copies of the RFP are submitted before the aforementioned closing time. information.4) 14. BCC.2 Registration of RFP Registration will be effected upon Bank of Baroda receiving the RFP response in the above manner (Para 14. Para 2. Response is submitted in two separate sealed envelopes with separate marking “Technical Proposal” & “Commercial Proposal” All separate copies of RFP and attachments must be provided in a sealed envelope or sachet “. on CD ROM) of all submissions must be supplied to Bank of Baroda addressed to General Manager (Projects & IT Operations) at : General Manager (Projects & IT . The RFP must be accompanied with all documents.Baroda Corporate Centre C-26.
Recipients shall be deemed to license. will become the property of Bank of Baroda. 14.5. Bank of Baroda to reproduce the whole or any portion of their submission for the purpose of evaluation. the RFP is liable to be rejected. additional information or material from any Respondents after the RFP closes and all such information and material provided must be taken to form part of that Respondent’s response. BCC. but under no obligation to seek. Mumbai all the information required or is incomplete or submission is through Fax mode. 14. and grant all rights to. through the Nominated Point of Contact person i. All questions relating to the RFP. notwithstanding any copyright or other intellectual property right that may subsist in the submission or accompanying documents. Bank of Baroda may in its absolute discretion seek. including notification of late RFP submission.4 RFP Validity Period RFPs will remain valid and open for evaluation according to their terms for a period of at least six (6) months from the time the RFP submission process. Mumbai Created on 03/11/2009 .Bank of Baroda Baroda Corporate Centre. 14. Bank of Baroda will not answer any communication initiated by Respondents later than five business days prior to the due date for lodgment of RFPs. It should be clearly noted that Bank of Baroda has no obligation to accept or act on any reason for a late submitted response to RFP. Requests for Information Recipients are required to direct all communications related to this RFP. Confidential RFP Document for Comprehensive audit of IT Systems Page 9 of 48 Project Office. must be in writing only to the Nominated Point of Contact. All submissions. Bank of Baroda has no liability to any person who lodges a late RFP for any reason whatsoever. However. technical or otherwise. including RFPs taken to be late only because of another condition of responding.e. General Manager (Projects & IT – Operations). to disclose the contents of the submission to other Recipients who have registered a submission and to disclose and/or use the contents of the submission as the basis for any resulting RFP process.3 Late RFP Policy Respondents are to provide detailed evidence to substantiate the reasons for a late RFP submission. RFPs lodged after the closing date for lodgment of RFPs may be registered by Bank of Baroda and may be considered and evaluated by the evaluation team at the absolute discretion of Bank of Baroda. including any accompanying documents.
Mumbai Created on 03/11/2009 . including whether the Respondent’s RFP response has been accepted or rejected. Bank of Baroda reserves the right to vary this timeframe at its absolute and sole discretion should the need arise. 2009 31 May. BCC. Mumbai Respondents should invariably provide details of their email address(es) as responses to queries will only be provided to the Respondent via email. Timeframe The following is an indicative timeframe for the overall selection process. status etc will be a disqualification. Bank of Baroda is not obliged to provide any reasons for any such acceptance or rejection. then Bank of Baroda reserves the right to communicate such response to all Respondents.Bank of Baroda Baroda Corporate Centre. Notification Bank of Baroda will notify the Respondents in writing as soon as practicable about the outcome of the RFP evaluation process. Disqualification Any form of canvassing/lobbying/influence/query regarding short listing. 2009 30 Nov. 2009 Confidential RFP Document for Comprehensive audit of IT Systems Page 10 of 48 Project Office. 16. RFP Issuance Date RFP Response Due RFP Evaluation Date 05 Nov. If Bank of Baroda in its absolute discretion deems that the enquiring Respondent will gain an advantage by a response to a question. Changes to the timeframe will be relayed to the affected Respondents during the process. Bank of Baroda may in its absolute discretion engage in discussion or negotiation with any Respondent (or simultaneously with more than one Respondent) after the RFP closes to improve or clarify any response. 15. 17.
Mumbai Created on 03/11/2009 . Mumbai Section – II Confidential RFP Document for Comprehensive audit of IT Systems Page 11 of 48 Project Office.Bank of Baroda Baroda Corporate Centre. BCC.
The Bank has undertaken a massive project for modernization of its banking processes to become a national bank of international standard. 3. BCC. The phased deployment of core applications and supporting IT infrastructure to enable the implementation of best-practice in : – Banking and financial services – Corporate operations 2. Mumbai Created on 03/11/2009 .Bank of Baroda Baroda Corporate Centre. To initiate this modernization process. The structured development of enhanced IT capability within Bank of Baroda based on : – Outsourcing of daily IT operations – Developing and retaining key skills in planning. the Bank has conducted a Business Driven IT strategy formulation exercise assisted by Gartners. Bank has over 1500 branches in rural/semi urban areas and with 70 offices / branches in 21 countries overseas. and sourcing management It is projected that the implementation of the IT Strategy will occur over a three to five year period 3. Mumbai 1. Bank of Baroda – the Company Bank of Baroda is the one of the largest Public Sector Banks in India with over 33 million accounts with about 3 to 5 million transactions per day and a Branch network of over 3000 branches in India and other 21 overseas countries. Bank’s Vision for Business Transformation Bank’s vision in going for a technology-enabled transformation is : To become the most preferred Public Sector Bank within three years and to transform into a Universal Financial Services organization offering a full range of financial products to corporate and personal customers Confidential RFP Document for Comprehensive audit of IT Systems Page 12 of 48 Project Office. 2. The development of a Governance of IT model and capability within Bank of Baroda. programme and project management. Business & IT Strategy The aim of Bank of Baroda’s IT Strategy is to conduct a Technology Enabled Business Transformation of current business processes through three key endeavors: 1.
g. Bank has selected Hewlett Packard India Sales Private Ltd. The strategic goals of Bank of Baroda are : The development of a customer centric business. ISDN and other networking needs Domestic and International Branch Roll-out Proposing and Implementing Information Security Management System Training & Transformation Management Programmed Management Designing. System S/W. Servers.centric organization providing financial products and services based on customer needs in all markets it operates To provide products and services in an efficient. follow up and maintenance of network bandwidth/leased lines. (HP) as the System Integrator for the Project. Operate & Transfer Procurement.Bank of Baroda Baroda Corporate Centre. The set up of new Lines of Business through re-organization of existing lines of business along customer requirements. Bank’s current Technology Enabled Business Transformation Project (Project Shikhar). System Integrator (SI) of the Project Towards realizing the above objectives. Application S/W Implementation and maintenance of application software (S/W) Designing of complete network architecture for the Bank Procurement/supply and installation of various networking equipments. Mumbai Created on 03/11/2009 . Desktops. LAN.g.. Broad scope of deliverables under the Project is as under : • • • • Procurement/supply and installation H/W. implementing Branch LAN and enterprise-wide WAN & Network Management for the entire WAN Data Centre & Disaster Recovery Site – Build.. BCC.. Laptops etc. Mumbai To become a customer . 4. effective and responsive manner and on-demand through multiple channels The transformation should be rapid and visible in order to enable the Bank to reap early benefits. developing and implementing System integration All supporting infrastructure & Services (e. Voice) • • • • • • • • • 5. Managed Services) Data communication networks (e. WAN. The set up of global functions by way of establishment of a corporate center An improvement of operational effectiveness. Products / Applications being implemented by HP Confidential RFP Document for Comprehensive audit of IT Systems Page 13 of 48 Project Office. The delivery of product through multi-channel distribution. Data Centre/DRC.
Risk manager.Knowledge Management System Funds and regulatory Functionality Treasury Investment and Brokerage Product Kondor +. interface Treasury to NDS interface Page 14 of 48 Project Office. Consolidated GL. Kondor Credit Var Performance Management Oracle OFSA – Performance Analyser. Support services: Functionality Finance. Campaign management Oracle marketing Online. Mumbai Created on 03/11/2009 Confidential RFP Document for Comprehensive audit of IT Systems . OFSA. HP. BCC. Accounting. Fluous Payroll Risk Management and Decision Finacle Core. Oracle Financial Services applications Budgeting Oracle AP. architecture. Oracle Customer online. Transfer Pricing. Purchasing Oracle HR.Bank of Baroda Baroda Corporate Centre.Risk Manager. Oracle training & administration. support Kondor Global Limits. Activity based Management. Balanced Scorecard Modules Marketing Decision Support Finacle Core. Kvar+. Oracle Financials. General Ledger. Oracle Trading Community MCIF – Customer Segmentation. Mumbai The SI has proposed and has been implementing the following applications for the Bank. RTGS. KTP Opus Trade – front end trading system interfacing to depositories as well as brokers and clearing houses International Banking and Foreign Finacle Core for Basic FX and MM deals Exchange processing Browser support for K+ dealing at international treasury locations where warranted Interactions with Other banks CBS . Oracle Sales online Customer Relationship Manager OFSA – And Oracle CRM Based on Oracle CRM Analytics Logical Data Model TCA+ Oracle Financial data model Enterprise Information systems OFSAPerformance Analyser.Clearing systems. self Service . Finance Sourcing and Procurement Human Resource Management Product Finacle Core.
Electra Payment Gateway.Bank of Baroda Baroda Corporate Centre. Mumbai Created on 03/11/2009 .learning infrastructure Oracle i-learning Oracle Training and Administration Scanners and printers – HP Omni Capture –New Gen Omni docs – New Gen Document Omni Flow for enterprise workflow Omni docs for document Management Base24 ATM Switch Electra payment Gateway Finacle Reporting Tool Oracle Discoverer Access Functionality Confidential RFP Document for Comprehensive audit of IT Systems Product Page 15 of 48 Project Office. Mumbai Interactions with Reserve Bank of CBS – RTGS interface India Treasury – RTGS interface Core Processing Functionality Core banking Deposits Savings and investment Loans Credit Lending Product Management Customer Information System Non Banking financial Products Transaction Payment Systems Product Finacle Core including Trade finance and Remittances Finacle core retail and corporate Finacle Core Retail and Corporate Lending Finacle Core Parameter driven Product management Finacle Core CIF. Opus Cards Finacle core. Base24 Switch Delivery Functionality Personal Productivity Groupware Help Instruction and Training Product and Microsoft Exchange Imaging and Printing Work flow and Management Transaction Processing Reporting Online help from all application Training using existing Training center infrastructure Set up of e. BCC. Oracle TCA Cards – (Interface to existing cards system in phase-I).
Bank of Baroda Baroda Corporate Centre. Mumbai Created on 03/11/2009 . BCC. eCorporate Finacle SMS banking Kiosk Various including Trendmicro Anti Virus. Mumbai Staff Interface Teller Functions/Service Interface Self Service Telephone and Internet Payment Gateway Internet Banking Other Agents and Channels Security Oracle Self Service Fluous Self Service HP Knowledge management Oracle Portal Center Finacle Core Servion IVR Phone banking Electra Payment Gateway Finacle eChannels . Checkpoint Firewall. Cisco pix Confidential RFP Document for Comprehensive audit of IT Systems Page 16 of 48 Project Office.
BCC.III Confidential RFP Document for Comprehensive audit of IT Systems Page 17 of 48 Project Office.Bank of Baroda Baroda Corporate Centre. Mumbai Section . Mumbai Created on 03/11/2009 .
1 Project Objective The Bank wishes to appoint competent Service Provider (SP) for carrying out `Comprehensive Audit of the IT Systems installed at the Data Centre. BCC. The Selected Service Provider is required to conduct the detailed Risk assessment of IT Assets/Resources of the Bank at DC/DR and suggest the control measures for the risk identified. High Availability Testing. 1. based on globally acceptable standards and best practices. at its full discretion. Hyderabad implemented by HP. However. High Availability. Mumbai 1. Mumbai Created on 03/11/2009 . the Bank reserves its right to change the scope of the RFP considering the size and variety of the requirements and the changing business conditions. the Bank is looking for the Comprehensive Audit for all its IT systems installed and systems which will subsequently be installed. Optimisation Testing.Bank of Baroda Baroda Corporate Centre. Subsidiaries etc. The selected service provider is required to provide service of comprehensive audit including the following services: Performance Testing. The SP will be responsible as per the scope and timelines outlined below. Scalability Testing.2 Project Scope A description of the envisaged scope is enumerated as under. Scalability. Current RFP Objectives : 1. the selected SP shall be required to independently arrive at Approach and Methodology. The Bank expressly stipulates that the SP’s selection under this RFP is on the understanding that this RFP contains only the principal provisions for the entire assignment and that delivery of the deliverables and the services in connection Confidential RFP Document for Comprehensive audit of IT Systems Page 18 of 48 Project Office. Investment Protection Bank may. choose to avail of the services for all services or part thereof. Networking and Hardware Sizing & Configuration Testing with reference to the four core architectural principles. after taking into consideration the effort estimate for completion of the same and the resource and the equipment requirements..Performance. Based on the contents of the RFP. suitable for the Bank. Mumbai and Disaster Recovery Centre. Although the Bank has selected an SI for implementation of various systems and is in the process of implementing the complete suit of solutions for its branches and Administrative Offices including overseas offices. Such decision may be advised in course of the project.
Mumbai therewith are only a part of the assignment. Business Continuity Plan & Disaster Recovery Planning 2.1 Review/Audit of 1. IT Infrastructure 2.Bank of Baroda Baroda Corporate Centre.1.1 will be covered under the scope of the Comprehensive Audit of the IT Services Indicative details of services may involve: 2. Managed Services Effectiveness and Service Level Agreement (SLA) Management.1. BCC. best practices. Data Centre and Disaster Recovery Centre 3. SP shall carry out a review to ensure IT Infrastructure compliance with the bill of materials as agreed between the Bank and system integrator with respect to Industry standards. The services as indicated in Para 2.2. Mumbai Created on 03/11/2009 Confidential RFP Document for Comprehensive audit of IT Systems . UPS systems Page 19 of 48 Project Office.(a) IT Infrastructure in Data Centre & Disaster Recovery Centre 1. 4. cables. IT Infrastructure 2. 24 months from the date of contract. render requisite services and make available such resources as may be required for the successful completion of the entire assignment at no additional cost to the Bank. The SP shall be required to undertake to perform all such tasks. An indicative but not exhaustive list of activities are listed below: • • • • • • • • • • Data Centre/Disaster Recovery Centre civil and interiors as per submitted layout Adequacy of server space in view of future requirement Access control facility Fire detection and prevention Fire protection system for server rooms Very Early smoke detection systems for server rooms Water leak detection systems for server rooms Electrical subsystem (main panel. Power Distribution Unit (PDU) and earthing) Review of Electrical Power requirement and availability.2. The SP’s involvement is expected to be spread across a period of at least . requirements and specified by the Bank and are adequate to meet the project and service objectives set out by the Bank .
Storage. Performance monitoring and tuning.Bank of Baroda Baroda Corporate Centre.2. BCC. arms etc) Review of Server hardening IT Organisation Structure – Staffing • • • 2. Mumbai Created on 03/11/2009 . Asset management.1. entry/exit Confidential RFP Document for Comprehensive audit of IT Systems Page 20 of 48 Project Office. Helpdesk • Bank’s team Application Maintenance and support • Evaluate the adequacy of the organizational structure and reporting processes to assure the proper accountability of the data center’s operations. Mumbai • • • • • • • • • • DG sets and Control of fuel Precision (computer room standard) Air-conditioning systems for server room Air-conditioning system for other relevant areas of DC Building management system software/hardware Closed circuit television system (CCTV) area for monitoring entry/exit points and strategic locations within the server room Structured cabling system for functional areas as per layout Environmental threat protection (Air Purifier. backup and restore operations. • To review employee / Service provider’s staff Management. Software etc on entry and exit in DC/DR Review of adequacy of physical Security (Guards.(b) Review in the indicative areas but not exhaustive is suggested below and such other as can be of use to the organisation :• Organizational structure. Disaster recovery. • Job roles for various levels of staffing created as per the organization structure • Planning and management of Data Center Operations • Bank’s Technical Team members skills for handling servers. Operating system and have Database areas • Operations management like regular operations. Humidity Control etc) Review of operator awareness of physical security breaches Review of safeguards to mitigate risks associated with earthquake and water related threats Verification of Physical Security policy and review of authorisation documentation on file for each individual who has card access to the data centre Review of License verification of all Hard ware . governance and delegations of authority and responsibility • Review of the staffing pattern as per the evolved organization structure by taking into account the estimated workload.
Hard coded use of root/administrative. Changes. generic and other Sensitive IDs and password.2. updation of patches. change management is as per IT Security Policy System Software: Setup and maintenance of operative system parameters To Review Setting of various parameters. storage. usage and disposal procedures Server sizing.2 Data Centre and Disaster Recovery Centre Audit The scope of audit will include evaluation of process for (Testing tools have to be arranged by the bidder) 2.2. maintenance. installation.Bank of Baroda Baroda Corporate Centre. 2. Compensatory controls for known vulnerabilities are in place Review of Operating system and Database Hardening and document verification of OS/DB Hardening. Customer Data Privacy & Confidentiallity.(b) Management of System Software Software acquisition. Processing power etc as per requirements Review of procedures to proactively manage the servers.2. updations thereof and actual working of them as intended and accurately. installation. Confidential RFP Document for Comprehensive audit of IT Systems Page 21 of 48 Project Office.(c ) Review of outsource of IT Operation • • • • • • Review the segregation of duties Review of adequacy of staff Review of reporting responsibility and periodicity of report Review of information sharing by bank’s DC/DR team with out source service provider team.2. 2.1.2. Mumbai Created on 03/11/2009 . development.hard disk capacity. Mumbai policy & training etc policy . Review of work authorisation system between out source service provider and bank’s team Access Control. which would alert the administrator as. Up gradation.(a) Management of Hardware Acquisition in DC/DR. Retention. Movement. Vulnerabilities in OS are being taken care off. and when service of the data center reaches the defined threshold before the failure occurs on the servers or devices to ensure uptime of the Data center Preventive maintenance Backup procedures 2. All the security features available in the OS are enabled/ taken advantage of as far as possible Review of Use/Control.2. BCC. RAM.
placement. Syslog.Bank of Baroda Baroda Corporate Centre. File retention logs. Monitoring of syslog traffic from a managed Cisco router Review of procedures adopted for: Secured transmission of data through dialup / leased line/ VPN/VSATs etc. IDS log. ISS log. Proxy. redundancy Network cabling is structured Current network and security posture of the WAN architecture IP addressing schemes and their allocations Physical and logical separation of the networks Network and security products and technologies deployed. fatal logs. Changes in system software are controlled in line with the organization’s change management procedures. Firewall.CDCI Logs. Intrusion. event Log. System log. Modems. Proper record is maintained and authenticated regarding installation.2. security. AIPS Logs. IDS. BCC. DNS Logs. AV Log etc) Legal and Regulatory requirements Selection of Router. file replication service log. Security log.Review of compliance of existing change management process of updating the document after Change Management process has compliance status.2. last log. Evaluate their installation. Bandwidth management Uptime of network. 2.its monitoring as per service level agreement Fault management Capacity planning Performance management etc Monitoring of logs (i. archive logs.(c ) Network Facility and Equipment Management Overall Network management Network design. application log. SU logs. alert log. Network bottlenecks and performance issues Availability and quality of system documentation IP Sec implementation Real-time monitoring of network packets. configuration. routers configuration.Their usage and physical security Review of switches . reinstallation and maintenance.e trace log. access log.provides scalability. Review of change Management Process. scalability and port management. reporting and measuring effectiveness identifying areas of improvements Use of sensitive system software utilities is in controlled manner and its is monitored and logged . policies defined in respective equipment for Confidential RFP Document for Comprehensive audit of IT Systems Page 22 of 48 Project Office. its up gradation. Port Management etc are in consonance with business requirement. Mumbai Created on 03/11/2009 . Mumbai OS patches are updated as and when released by vendor and control over patch management. Prevention system.Switch. which involves packet capture and analysis.
SQL prompt command usage. which ensure the access to data is restricted to. rollback and restart procedures Audit the data base systems security through automated security scans and manual reviews. Confidentiality and privacy requirements are met Authorization.2. authorized users. BCC. Data Manipulation Language Storage of duplicate copy of data definition and DRS at off-site Monitoring of log of changes to the Data definitions Procedures to ensure that all data are classified in terms of sensitivity by a formal and explicit decision by the data owner and necessary safeguards for its confidentiality. Mumbai Created on 03/11/2009 . Logical access controls. Database level logging etc. Recovery . Data Definition Language. Mumbai meeting the security requirement of the LAN and WAN and monitoring of their logs.(d) Database Management System and Data security: Use of Data Repository System.2. evaluate the controls Protection of Sensitive Information during Transmission and Transport Separation of duties Rotation of duties Impact of backend updates Conduct an internal vulnerability assessment for reviewing the database security setting Audit-ability both at client side and server side including sufficiency and accuracy of event logging. which provides first-line support and advice Prioritization of reported problems/calls Timely resolution of reported problems Problems and incidents are resolved. To review table.(e) Help Desk: Helpdesk facility. break in link. In case of direct Updation/modification of database is done by opening the tables in live environment. 2.2. authentication and access control are in place Segregation of duties is ensured for accessing data Purging. Retention and archival of Data Files Review of how the database integrity is ensured in case tables are not properly updated by application software due to various reasons i. 2. and the cause investigated to prevent any recurrence Incident handling Trend analysis and reporting Development of knowledge base Root cause analysis Problem tracking and escalation with proper documentation Confidential RFP Document for Comprehensive audit of IT Systems Page 23 of 48 Project Office.Bank of Baroda Baroda Corporate Centre. integrity and availability are taken as per IT Security Policy. bug in software etc.2. partitioned and indexing etc structures are as per application software requirements.e.
2.2. Mumbai Created on 03/11/2009 .2. and a regular verification programme which confirms their existence IT assets classification Checking for unauthorized software Software storage controls License management Disposal of obsolete inventory Review of insurance 2. Mumbai Audit trails of problems and solutions Management/ operations of Help Desk for monitoring.2. which identify and record all IT assets and their physical location. Servers installed in Data Centre and other locations across the network.Bank of Baroda Baroda Corporate Centre. Application support calls and its resolution 2.(g) Media Storage Responsibilities for media (magnetic tape. configuration. managing and reporting the faults. certificates used for their encryption and authentication Log files for various activities Policy and Procedures for purging of data 2.2.(h) Inventory Maintenance Controls.2. BCC.2. that any discrepancies disclosed by a physical inventory are remedied in a timely fashion and that measures are taken to maintain the integrity of magnetic media stored in the library.(f) Storage Management Retention. purging/archival periods and storage terms are defined for : Documents Data Programs Reports Messages (incoming and outgoing) Keys.(i) Others Confidential RFP Document for Comprehensive audit of IT Systems Page 24 of 48 Project Office.2. Review of media handling process Review of periodic Media testing Review of labeling process of media storage 2. disks and diskettes) library management are assigned to specific members of the IT functionary Housekeeping procedures are designed to protect media library contents Standards are defined for the external identification of magnetic media and the control of their physical movement and storage to support accountability Procedures to assure that contents of its media library containing data are inventoried systematically. cartridge. performance and accounting of the Bank’s Wide Area Network.
Vendor compliance with SLA terms. potential areas for SLAs Suggest changes in the vendor management practices as per the Industry Best-practices Confidential RFP Document for Comprehensive audit of IT Systems Page 25 of 48 Project Office.(j) Process Management Review Review of Installation Procedure Review of Maintenance Procedure Review of Release Procedure Review of User Management procedure Review of Tracking Procedure Root cause analysis Review of Handover procedure 2. Understand the requirements of the SLA Review of configuration of SLA parameters for monitoring Review of Service Desk module Current service provision Identify/assess the key performance areas Review current Service Level Management.3.Shift hand-over process Review of operator log to identify variances between schedules and actual activity Use of Internet/e-mail Review of remote desk top Management/Net meeting/FTP etc Review of anti virus 2.2. BCC.2. existing SLAs and other contracts Review of SLA Management process Understand and assess the SLA computation methodology undertaken by the Bank. applications and operations Review and confirming adequacy of measuring the SLA parameter & Process of SLA Computation Review of SLA Computation/calculation certification process by the bank. Mumbai Created on 03/11/2009 . Evaluate the sufficiency of the vendor performance against the requirements of the master services agreement/SOW.Bank of Baroda Baroda Corporate Centre. Managed Services Effectiveness & Service Level Agreement (SLA) Management Analyze the current SLA and advice by evaluating the following Understand the business strategy and service strategy pertaining to IT operations based on the Bank’s guidance principles/SOW(Statement of work) for deployment of IT infrastructure.2. Review of MIS reporting to assess accuracy and adequacy Identifying the gaps/ conflicting terms / areas of improvement. Mumbai Review of console log activity during system shutdown and hardware/software re-initialization Operational procedure for Data center Day begin and day end process Documentation of all process Personnel scheduling.
vulnerabilities observed Preparation of Final testing Report with areas of improvement Confidential RFP Document for Comprehensive audit of IT Systems Page 26 of 48 Project Office. o Reports will be submitted territory wise in compliance with respective regulators. efficiency. 2. effectiveness. o All reports will be prepared with the following information: Gaps. • Business Impact Analysis including Risk Assessment • Review of DRP Process • Review Business Flows • Review of Resource priority for recovery and recovery time objectives • Review of Business Continuity Strategy • Review of adequacy Disaster Recovery Plan and Business Continuity Plan • Review of BCP/DRP DC/DR complete/mock Drill • Review of achieved vs projected result • Review of process of business continuity objective • Review of submission of test result to board • Identify Individual Point of failure. 2. activation ability and reliability taking into consideration.2. vulnerabilities observed – specific observations should be given with details Risk associated with Gaps. o All observations will be thoroughly discussed with process owners before finalization of report o Reports will be submitted as soft copy in doc and pdf format as well as one signed hard copy.Bank of Baroda Baroda Corporate Centre. BCC. Mumbai Created on 03/11/2009 . deficiencies vulnerabilities observed Category of Risk – High/Medium/Low Recommendations/ Procedures for removing Gaps. deficiencies. Suggest methods to improve the service Audit of follow up action in cases where SLA is not met. deficiencies. Mumbai Evaluate whether performance targets are met and the relative priority of each. the SP will suggest the following in addition to other critical observation/ methods/ improvements as deemed fit from the point of view of the SP professional experience for each of the services mentioned above : o Ways to secure the existing Networks & any new networks being merged / created o Provide re-designed network & security architecture along with technical specifications of network & security solutions based on the operational and business requirements of the Bank.4.3 Deliverables During the course of review. Business Continuity Plan & Disaster Recovery Planning : Service Provider would be required to review Bank’s BCP and DRP to validate BCP/DRP in terms of its adequacy.
The Technical Proposal shall contain the technical proposal to the requirement of the Bank as along with Annexure–A. BCC.4 Submission of Bids (Please refer to Section – I. Technical Proposal and Commercial Proposal. Both Technical and Commercial Proposals shall be submitted in separate sealed envelopes superscribing “TECHNICAL PROPOSAL FOR COMPREHENSIVE AUDIT OF IT SYSTEMS on top of the envelope containing the technical bid and “COMMERCIAL PROPOSAL FOR COMPREHENSIVE AUDIT OF IT SYSTEMS: on top of the envelope containing commercial bid. A copy of the Commercial Proposal masking the prices is to be submitted along with the Technical Proposal. effort estimate. The Commercial Proposal shall be submitted as per Annexure B. C. These two separate sealed envelopes should be put together in the sealed master envelope superscribing “PROPOSAL for COMPREHENSIVE AUDIT OF IT SYSTEMS: The Technical Proposal will be evaluated first for technical suitability. The Bidder shall submit the proposal in suitable capacity of the file such that the papers do not bulge out and tear during scrutiny. The technical proposal shall be organized and submitted as per the following sequence: a) Table of Contents (list of documents enclosed) b) Technical proposal with detailed activities broken down. documentary proofs etc.Bank of Baroda Baroda Corporate Centre. and policies to the Bank 2. handover all reports. manpower estimated to be deployed along with annexure D and annexure E c) Compliance certificate for all the terms and conditions as per Annexure-C d) All copies of certificates. templates. Mumbai Created on 03/11/2009 . D and E. Mumbai On completion of the Business Continuity Plan and development of implementation plan. Para 14) The bids shall be in two parts viz. e) A CD containing soft copy of the proposal f) Annexure A g) Masked Annexure B Confidential RFP Document for Comprehensive audit of IT Systems Page 27 of 48 Project Office. The bidder shall submit the Proposals properly filed so that the papers are not loose. Commercial Proposal shall be opened only for the short-listed bidders who have qualified in the Technical Proposal evaluation.
The bidder will submit an undertaking specifying that the bidder has obtained all necessary statutory and obligatory permission if any to carry out project works. across the entire document. the hard-copy will be given precedence. Bandra (East) Mumbai 400 051 The bids (arranged as mentioned above) are to be submitted at the Secretariat of the General Manager (Projects & IT – Operations). questions etc. It should be noted that in case of any discrepancy in information submitted by the bidder in hard-copy and soft-copy. Bidders should provide their E-mail address in their queries without fail. The e-mail address and phone/fax numbers of the bidder should also be indicated on the sealed cover. if any. BCC. However. if the same is found submitted in the soft-copy. The Bids shall be addressed and submitted to : GENERAL MANAGER (PROJECTS & IT .Operations) BANK OF BARODA Baroda Corporate Centre Bandra Kurla Complex.Bank of Baroda Baroda Corporate Centre. marked with the appropriate label. at the above address before the due date & time as specified. must be in writing only and should be to the nominated point of contact.. Mumbai All the relevant pages of the proposals (except literatures. clarifications. in case of non-submission of any hard copy document. The number should be a unique running serial no. The bidder has to submit a soft copy of the entire proposal in a CD. It may be noted that all queries. Mumbai Created on 03/11/2009 . FORMATS OF BIDS: The bidders should use the formats prescribed by the Bank in the RFP for submitting both technical and commercial bids. The proposal should be prepared in English in MS Word format. Confidential RFP Document for Comprehensive audit of IT Systems Page 28 of 48 Project Office. relating to this RFP. Bank reserves right to accept the same at its discretion. technical or otherwise. The bid submitted anywhere else is liable to be rejected. datasheets and brochures) are to be numbered and be signed by authorized signatory on behalf of the Bidder.
with any other bidder(s) /others. If the Bank is not satisfied with the substitution. the Bank reserves the right to terminate the contract and recover whatever payments made by the Bank to the SP during the course of this assignment besides claiming an amount.Bank of Baroda Baroda Corporate Centre. in any form.5 General Terms and Conditions (Please also refer to Section – I) 2. 2. equal to the contract value as liquidated damages. Bank of Baroda reserves the right to : • • • • • • • • Reject any and all responses received in response to the RFP Waive or Change any formalities.5. In such circumstances.1 Adherence to Terms and Conditions: The bidders who wish to submit responses to this RFP must note that they must abide by all the terms and conditions contained in the RFP. such responses may be disqualified and may not be considered for the selection process. the service provider can do so only with the concurrence of the Bank by providing other staff of same level of qualifications and expertise. Share the information/ clarifications provided in response to RFP by any bidder. Mumbai 2. BCC.2 Other terms and conditions : 1. 3. without assigning any reason whatsoever. the substitution of key staff identified for the assignment will not be allowed unless such substitution becomes unavoidable to overcome the undue delay or that such changes are critical to meet the obligation. Substitution of Project Team Members: During the assignment. Mumbai Created on 03/11/2009 . the Bank reserves the right to Confidential RFP Document for Comprehensive audit of IT Systems Page 29 of 48 Project Office. However.5. or inconsistencies in proposal format delivery To negotiate any aspect of proposal with any bidder and negotiate with more than one bidder at a time Extend the time for submission of all proposals Select the most responsive bidder (in case no bidder satisfies the eligibility criteria in totality) Select the next most responsive bidder if negotiations with the bidder of choice fail to result in an agreement within a specified time frame. If the responses contain any extraneous conditions put in by the respondents. irregularities. Cancel the RFP/Tender at any stage.
inter-alia. SAN. duration.Bank of Baroda Baroda Corporate Centre. The cost of the audit/Consultant shall be borne by the Bank 7. and will have to be cleared by the Bank in advance in writing. The bidder can not change the Project Manager during entire period of execution of the assignment unless consented in written by the Bank. skill profile of each personnel. objective and impartial advice at all times and hold the Bank’s interests paramount and must observe the highest standard of ethics while executing the assignment. BCC. number of personnel involved. 11. 8.. boarding and lodging expenses. Professionalism : The SP must provide professional. However. TERMS OF PAYMENT : The SP’s fees will be paid in the following manner for each item/activity which is described in the Commercial Proposal (Annexure B) on a project to project basis : • 10% of the professional fees on acceptance of testing methodology/strategy document for critical Data Centre and Disaster Recovery site IT Infrastructure in respect of hardware. 4. Core Router and network equipment and security infrastructure Confidential RFP Document for Comprehensive audit of IT Systems Page 30 of 48 Project Office. regulations and guidelines prescribed by various regulatory. etc. traveling. 5. the number of personnel. EXPENSES : It may be noted that Bank will not pay any amount/expenses / charges / fees / traveling expenses / boarding expenses / lodging expenses / conveyance expenses / out of pocket expenses other than the “Agreed Professional Fee”. Settlement of bills in such cases will be at rates mutually agreed and reimbursable against production of tickets and bills. duration etc. Mumbai insist the SP to replace any team member with another (with the qualifications and expertise as required by the Bank) during the course of assignment. Mumbai will be considered as the base station for the purpose of traveling. Mumbai Created on 03/11/2009 . for site visit outside Mumbai for project related work will be discussed with the Bank as to the need. if any. Adherence to Standards : The SP must adhere to laws of land and rules. statutory and Government authorities 6. The bid should contain the resource planning proposed to be deployed for the project which includes. 10. The Bank reserves the right itself or through a consultant to conduct an audit/ongoing audit of the consulting services provided by the SP. The Bank reserves the right to ascertain information from the banks and other institutions to which the bidders have rendered their services for execution of similar projects. 9.
LIQUIDATED DAMAGES (LD) : The Bank will impose a penalty. However the same would not be applicable for reasons attributable to the Bank and Force Majeure. of Rs.(Rupees Fifty thousand only) per week or part thereof. The Bank reserves the right to recover an amount equal to the value of contract by the Bank as Liquidated Damages for non-performance. 50. All invoices will be paid by the Bank within a period of 45 days from the date of receipt of undisputed invoices. If the selected Bidder fails to complete the due performance of the contract in accordance to the specifications and conditions agreed during the final contract negotiation. Mumbai • • • • • • • • 10% of the professional fees on completion of review of IT Infrastructure .Bank of Baroda Baroda Corporate Centre. The bidder shall submit the proof authenticated by the bidder and Bank’s official that the delay is attributed to the Bank and/or Force Majeure along with the bills requesting payment. On-line Trading. Both the above are independent of each other and are applicable separately and concurrently. Internet Banking. However. security and parameter setting for all IT Infrastructure within the Data Centre and Disaster Recovery Site. 12. Performance Acceptance Testing of IT Infrastructure and submission of results and reports 20% of the professional fees on completion of Data center. Bank-wide Network Architecture. the Bank reserves the right either to cancel the contract or to accept performance already made by the bidder. Any dispute regarding the invoice will be communicated to the selected bidder within 15 days from the date of receipt of the invoice. After the dispute is resolved. DR site audit with submission of reports. Mumbai Created on 03/11/2009 . Confidential RFP Document for Comprehensive audit of IT Systems Page 31 of 48 Project Office. ATM.000/. BCC. depository Services and Channel banking and submission of reports. 10% of the professional fees on completion of review of Managed services effectiveness and SLA management with submission of reports 10% of the professional fees on completion of review of Business Continuity Plan & disaster recovery Planning with testing of effectiveness of the DR plan 10 % of professional fees on Completion of Business Application Software (CBS & Other Business application) Balance 10% of the professional fees on rectification /correction/ implementation of suggestions by the SP and submission of the Compliance Verification Final Report to the Bank. it is the responsibility of the bidder to prove that the delay is attributed to the Bank and Force Majeure. Bank shall make payment within 30 days from the date the dispute stands resolved. for delay in not adhering to the time schedules. 20% of the professional fees on completion of review of Periodic Audit of all Customer facing Web based application at 6 months interval up to 18 months (Threat & Vulnerability analysis) on the security and architecture at the Data Centre.
authenticated by Company Secretary. authorizing an official or officials of the company or a Power of Attorney copy to discuss. If deductions on account of penalty exceeds more than 10% of the total contract price. Confidential RFP Document for Comprehensive audit of IT Systems Page 32 of 48 Project Office. The progress regarding execution of the contract. by the bidder. In this event. This clause is applicable. The bidder goes into liquidation voluntarily or otherwise. with regard to the obligations under the contract. the Bank reserves the right to get the balance contract executed by another party of its choice by giving one months notice for the same.CANCELLATION OF CONTRACT AND COMPENSATION : The Bank reserves the right to cancel the contract of the selected bidder and recover expenditure incurred by the Bank on the following circumstances. 15.Indemnity : The bidder shall indemnify Bank and keep indemnified for against any loss or damage by executing an instrument to the effect on a Non-Judicial stamp paper that Bank may sustain on account of violation of patent. sign agreements/contracts with the Bank. if for any reason.Bank of Baroda Baroda Corporate Centre. The selected bidder shall submit at the time of signing the contract. The bidder shall furnish proof of signature identification for above purposes as required by the Bank.Authorized Signatory : The selected bidder shall indicate the authorized signatories who can discuss and correspond with the bank. the selected bidder is bound to make good the additional expenditure. Mumbai 13. An attachment is levied or continues to be levied for a period of 7 days upon effects of the bid. Applicable Law and Jurisdiction of court : The Contract with the selected bidder shall be governed in accordance with the Laws of India for the time being enforced and will be subject to the exclusive jurisdiction of Courts at Mumbai . BCC. trademarks etc. After the award of the contract. 16. 14. a certified copy of the extract of the resolution of their Board. made by the selected bidder is found to be unsatisfactory. Mumbai Created on 03/11/2009 . which the Bank may have to incur to carry out bidding process for the execution of the balance of the contract. the contract is cancelled. if the selected bidder does not perform satisfactorily or delays execution of the contract. The Bank would provide 30 days notice to rectify any breach/ unsatisfactory progress : • • • • • The selected bidder commits a breach of any of the terms and conditions of the bid/contract.
20. termination or invalidity thereof. leased. BCC. controversy or claim cannot be settled and resolved by the parties through discussion and negotiation. the Bank will not pay the professional fees quoted by the SP in the Price Bid against such activity/item. 19. earthquake or similar elements of nature. in whole or in part.Bank of Baroda Baroda Corporate Centre. The affected Party shall notify the other party within reasonable time period of the occurrence of a Force Majeure Event 21. or breach. then the parties shall refer such dispute to arbitration. terrorism. assigned. controversy or claim arises out of or relates to the contract. service or other performance required of the SP under the contract without the prior written consent of the Bank. is not a default or a ground for termination. Subcontracting : The SP shall not subcontract or permit anyone other than its personnel to perform any of the work. rebellions or revolutions. riots. Mumbai Created on 03/11/2009 . The venue of the arbitration shall be Mumbai. including the pending bills and/or invoking Bank Guarantee. 17. The arbitration shall be held in accordance with the Arbitration and Conciliation Act. or acts of God.NON PAYMENT OF PROFESSIONAL FEES : If any of the items/activities as mentioned in the price bid and as mentioned in annexure D are not taken up by the Bank during the course of this assignment. under this contract. Mumbai The Bank reserves the right to recover any dues payable by the selected bidder from the security deposit or any amount outstanding to the credit of the selected bidder. acts of governmental authorities or other events beyond the reasonable control of non-performing Party. by the SP. 1996. The decision of the arbitrator shall be final and binding upon the parties. to the extent due to any failure or delay caused by fire. 18. war. and if such dispute. provided that each party shall at all times be entitled Confidential RFP Document for Comprehensive audit of IT Systems Page 33 of 48 Project Office. if any. The arbitration shall be conducted in English and a written order shall be prepared. civil disorders. without the advance written consent of the Bank and any such attempted sale. Dispute Resolution: If a dispute. or otherwise transferred. Force Majeure: Any failure or delay by SP or Bank in the performance of its obligations.ASSIGNMENT : Neither the contract nor any rights granted under the contract may be sold. lease. assignment or otherwise transfer shall be void and of no effect. Both parties may agree upon a single arbitrator or either party shall appoint one arbitrator and the two appointed arbitrators shall thereupon appoint a third arbitrator. flood.
People and Approach & Methodology.Credentials.Bank of Baroda Baroda Corporate Centre.1 Evaluation Criteria Technical Bid Evaluation Criteria Technical criteria are classified under 3 heads . SP Selection/Evaluation Process : 22. Mumbai Created on 03/11/2009 . The table below highlights the parameters under the technical criteria and scoring methodology. Mumbai to obtain equitable. BCC. Evaluation Parameters Sr No We igh tag e Must possess experience in conducting review of IT Infrastructure of Data Centre / Disaster 20 recovery for at least 2 Public Sector Banks/or Equivalent organisation in the last 3 years Must have extensive experience in audit of Data Centre/ Disaster 20 Recovery for at least 2 Public Sector Banks in the last 3 years Bank-wide Network in Data Centre / Disaster Recovery for at least 2 Public Sector 15 banks in the last 3 years Must have Conducted Managed Services Effectiveness and SLA 10 Calculation & Management Informati ons Provided meets requireme nt( 100%) Information s Provided Partially meets requirement (50%) Information s Provided does not meets requirement (0%) 1 2 3 4 Confidential RFP Document for Comprehensive audit of IT Systems Page 34 of 48 Project Office. injunctive or similar relief from any court having jurisdiction in order to protect its intellectual property and confidential information 22.
Sub-Total 25 Page 35 of 48 Project Office. Mumbai 5 Must have experience in developing and implementation of Business Continuity Plan and Disaster 10 recovery Planning in at least 2 reputed Public Sector banks in the last 3 years Sub-Total 75 Engagement Manager should have handled such projects in the 5 firm for at least four years Overall person responsible should have handled such 5 projects in firm for at least 6 years Proposed team must have experience in executing similar projects in banks out of which at least one 5 should be a public sector bank Sub-Total 6 7 8 15 9 10 Demonstration of indepth understanding of the Bank’s project 5 requirements through the technical proposal Technical Proposal with detailed brokendown activities to be performed. effort 5 estimation. manpower to be deployed on a project-to-project basis. BCC. Mumbai Created on 03/11/2009 Confidential RFP Document for Comprehensive audit of IT Systems .Bank of Baroda Baroda Corporate Centre.
Bank of Baroda Baroda Corporate Centre. T Stands for technical evaluation score and Thigh stands for the score of the technically highest bidder. Confidential RFP Document for Comprehensive audit of IT Systems Page 36 of 48 Project Office. The Procedure is as under : A “Score(S)” will be calculated for all qualified bidders using the following formula: Where C Stands for nominal price quoted. BCC. Mumbai Created on 03/11/2009 . X is equal to 0. 1 2 3 4 Major Activities IT Infrastructure Data Centre / Disaster Recovery Centre Audit Managed service Effectiveness & Service Level Agreement Business Continuity Plan & disaster Recovery Planning NET TOTAL COST Computation Methodology for arriving at “Least Total Cost Price/Least Quote” Bank will give 60% weightage to technical score while comparing the commercial quote.4. Mumbai Total Marks 100 Commercial Evaluation Criterion Sl. Clow stands for the price quote of the lowest nominal bid. No.
becomes the successful Bank reserve the right to negotiate the price with the finally short listed bidder before awarding the contract. ABC . Note : 1.Bank of Baroda Baroda Corporate Centre. till the Least Price bidder declines to accept the offer. Mumbai Created on 03/11/2009 . The SP is required to provide documentary evidence for each of the above criteria and the same would be required on the client’s letter head in case of credentials Confidential RFP Document for Comprehensive audit of IT Systems Page 37 of 48 Project Office. BCC. It may be noted that Bank will not entertain any price negotiations with any other bidder. Mumbai In the above example. with the highest score bidder. Banks exclude RRBs and Cooperative Banks 2.
No. Mumbai 23. Mumbai Created on 03/11/2009 .Staffing Acceptance Test Plan – Perform Acceptance Test for all critical Data Centre and Disaster Recovery Site. IT Infrastructure Assist Bank in signing of Acceptance Test Time Lines (Days) XXX XXX XXX 2 Data Centre / Disaster Management of hardware.Bank of Baroda Baroda Corporate Centre. data security. Major Activities 1 IT Infrastructure Major Milestones (Only indicative. processes and control templates for SLA management Adequacy of MIS Review of SLA computation methodology Establishing best practice for SP management XXX XXX XXX XXX XXX XXX 3 4 Business Continuity Plan & Business Impact Analysis including Risk XXX Confidential RFP Document for Comprehensive audit of IT Systems Page 38 of 48 Project Office. Inventory and Media Process Management Review XXX Managed Effectiveness & Level Agreement service Review of SLA parameters and Key Service performance Areas Evaluation of Performance under Managed services Setting up process. application and database Management of Operating System. network XXX Recovery Centre Audit facilities. software. help desk. Bidder should add more detailed steps / tasks so as strengthen the quality of the response) Data Centre. Disaster Recovery IT organisation structure. Project Timelines: Sl. Business XXX Continuity. Storage. BCC.
Bank of Baroda Baroda Corporate Centre. Mumbai disaster Recovery Planning Assessment Developing Business flows Resource priority for recovery and recovery time objectives Development of Business Continuity Strategy Development and roll out of Disaster recovery Plan and Business Continuity Plan XXX XXX XXX XXX 24. Mumbai Created on 03/11/2009 . BCC. Proposal and other formats ANNEXURE A Technical Proposal format: Particulars to be provided by the bidder in the technical proposal – No 1 2 Particulars Name of the bidder Year of establishment and constitution Certified copy of “Partnership Deed” or “Certificate of Location of Registered office /Corporate office and address Mailing address of the bidder Names and designations of the persons authorized to make commitments to the Bank Telephone and fax numbers of contact persons E-mail addresses persons of contact Details to be furnished by the bidder 3 4 5 6 7 Confidential RFP Document for Comprehensive audit of IT Systems Page 39 of 48 Project Office.
Mumbai Created on 03/11/2009 . time projected for execution of the assignment and documentaryteam leader identified As per annexure E proofs from the Bank Name of the for this assignment and his professional qualifications and experience/expertise Details of similar assignments handled by the said team leader Documentary proofs for all the From Audit 12 13 14 15 Confidential RFP Document for Comprehensive audit of IT Systems Page 40 of 48 Project Office. BCC. furnish details of compliance. ISO17799 standards and if so. Details of experience/knowledge possessed in the areas of Project Planning and management review. BS7799. Resource Planning.Bank of Baroda Baroda Corporate Centre. Role and Responsibility definition. time taken for execution of the assignment and documentary proofs from the Bank are to be furnished) Details of the similar assignments on hand as on date (Name of the Bank. Mumbai 8 9 10 11 Details of: Description of business and business background Service Profile & client profile Domestic & International presence Alliance and joint ventures Whether the consulting process confirms to ISO 9001(2000). Co-ordination across multiple Gross revenue of the bidder (not of Total the group) Year 2007-08 Year 2008-09 Year 2005-06 Net Profit of the bidder (not of the group) Year 2007-08 Year 2008-09 Year 2005-06 Details of the similar assignments executed by the bidder during the last two years (Name of the Bank.
not just limiting to those criteria set out in the RFP. 3.Bank of Baroda Baroda Corporate Centre. Bank of Baroda has the absolute right to reject the proposal and disqualify us from the selection process. in short listing of bidders. infrastructure requirements required by the bidder to execute this assignment. We confirm that this response. 4. is valid for a period of six months. We hereby unconditionally accept that Bank of Baroda can at its absolute discretion apply whatever criteria it deems appropriate. All the details mentioned by us are true and correct and if Bank of Baroda observes any misrepresentation of facts on any matter at any stage. Mumbai Created on 03/11/2009 . BCC. 2. We confirm that we will abide by all the terms and conditions contained in the RFP. for the purpose of short-listing. from the date of expiry of the last date for submission of response to RFP. Mumbai 16 Names of the other team members As per annexure E identified for this assignment and their professional qualifications and experience/expertise Details of similar assignments handled by the said team members Documentary proofs for all the assertions are to be enclosed Estimated work plan and time schedules for providing services for this assignment Effort estimate and elapsed time As per annexure D are to be furnished in annexure D Details of inputs. Details of the bidder’s proposed methodology/approach for providing services to the Bank with specific reference to the scope Details of deliverables the bidder proposes with specific reference to the scope of work. 17 18 19 20 21 Declaration: 1. Confidential RFP Document for Comprehensive audit of IT Systems Page 41 of 48 Project Office.
Mumbai Created on 03/11/2009 Confidential RFP Document for Comprehensive audit of IT Systems . software. Bidder may add more so as to strengthen the quality of the response) Data Centre.Bank of Baroda Baroda Corporate Centre. Mumbai 5. We confirm that we have noted the contents of the RFP and have ensured that there is no deviation in filing our response to the RFP and that the Bank will have the right to disqualify us in case of any such deviations. No. Place: Date : Seal & Signature of the bidder ANNEXURE B Commercial Bid Format Sr. BCC. Disaster Recovery IT organisation Staffing structure- Estimated Effort (In man days) Quoted Price (In Rupees) Acceptance Test Plan – Perform Acceptance Test for all critical Data Centre and Disaster Recovery Site. IT Infrastructure Assist Bank in signing of Acceptance Test 2 Data Centre/DR Audit Management of hardware. Major Activities 1 IT Infrastructure Major Deliverables (Only indicative. application and database Page 42 of 48 Project Office. network facilities.
help desk. Inventory and Media Process Management Review service Review of SLA parameters Service and Key performance Areas Evaluation of Performance under Managed services Setting up process. Average cost per man-day (in Rupees) 3. Rate per man-day for Senior Resource ( in Rupees) 4. Storage. Mumbai Management of Operating System. processes and control templates for SLA management Adequacy of MIS Review of SLA computation methodology Establishing best practice for vendor management Business Continuity Plan Business Impact Analysis & disaster Recovery including Risk Assessment Planning Developing Business flows Resource priority for recovery and recovery time objectives Development of Continuity Strategy Business 3 Managed Effectiveness & Level Agreement 4 Development and roll out of Disaster recovery Plan and Business Continuity Plan Please also furnish the following: 2. Mumbai Created on 03/11/2009 Page 43 of 48 . BCC. Business Continuity.Bank of Baroda Baroda Corporate Centre. Rate per man-day for other Resources ( in Rupees) Confidential RFP Document for Comprehensive audit of IT Systems : : : Project Office. data security.
BCC. we. Mumbai 5. We confirm that this offer is valid for six months from the last date for submission of RFP to the Bank. we undertake to complete the project within the scheduled time lines. Having examined the Request for Proposal (RPF) including all annexures. 4. the receipt of which is hereby duly acknowledged. Ref: 1. 2. Bandra (East) Mumbai 400 051 Dear Sir. 3. floor Baroda Corporate Centre Bandra Kurla Complex. together with your written acceptance thereof and your notification of award. Rate per man-day external site duty ( Composite Rate) : ANNEXURE C Compliance Certificate To. Confidential RFP Document for Comprehensive audit of IT Systems Page 44 of 48 Project Office. If our Bid is accepted. This Bid.Bank of Baroda Baroda Corporate Centre. Date : The General Manager (Projects & IT – Operations) Bank of Baroda 3rd. Mumbai Created on 03/11/2009 . the undersigned offer to provide the desired services for the Comprehensive audit of the IT systems in conformity with the said RPF and in accordance with our proposal and the schedule of Prices indicated in the Price Bid and made part of this bid. shall constitute a binding Contract between us.
Bank of Baroda Baroda Corporate Centre. 6. We undertake that in competing for and if the award is made to us.: Fax: E-mail: ANNEXURE D Estimated Effort and Elapsed Time Sl N o Activities Elapsed Time Effort Number Remark in Man of team s days members who will be deployed 1 IT Infrastructure 2 3 4 Data Centre/DR Audit Managed service Effectiveness & Service Level Agreement Business Continuity Plan & disaster Recovery Planning Place: Date: Confidential RFP Document for Comprehensive audit of IT Systems Seal and Signature of Bidder: Page 45 of 48 Project Office. in executing the subject Contract. 7. We shall observe confidentiality of all the information passed on to us in course of the tendering process and shall not use the information for any other purpose than the current tender. Signed Dated Seal & Signature of the bidder Phone No. 8. BCC. we will strictly observe the laws against fraud and corruption in force in India namely “Prevention of Corruption Act 1988”. We agree that the Bank is not bound to accept the lowest or any Bid that the Bank may receive. We have not been barred/black-listed by any regulatory / statutory authority and hold the necessary approvals/Licenses/permission of statutory/regulatory authorities. Mumbai Created on 03/11/2009 . Mumbai 5.
BCC. Mumbai Created on 03/11/2009 . Mumbai Confidential RFP Document for Comprehensive audit of IT Systems Page 46 of 48 Project Office.Bank of Baroda Baroda Corporate Centre.
Mumbai ANNEXURE E Proposed Team Profile Sl No Name of Proposed Engageme nt Manager /Proposed Team Member Prof.Bank of Baroda Baroda Corporate Centre. Place: Date: Seal and signature of the bidder Confidential RFP Document for Comprehensive audit of IT Systems Page 47 of 48 Project Office. BCC. Quali ficati ons Certificat ions/ Accredita tions IS audit expertise (Mention if he has worked in Banks earlier) In terms of years and areas of expertise IT Expertise In terms of years and areas of expertise Number of similar assignments involved In Public Sector Banks in India Documentary proofs are to be enclosed to substantiate the claims made. Mumbai Created on 03/11/2009 .
BCC. No. Services and Facilities provided: Please provide your comments on the Terms & conditions in this section. Mumbai ANNEXURE F Comments on the Terms & Conditions. You are requested to categorize your comments under appropriate headings such as those pertaining to the Scope of work.] Sr. Mumbai Created on 03/11/2009 . You are also requested to provide a reference of the page number. Personnel schedule.Bank of Baroda Baroda Corporate Centre. Approach. state the clarification point and the comment/ suggestion/ deviation that you propose as shown below. Work plan. 1 2 3 4 5 6 7 8 9 Page # Point / Clarification point as Comment/ Section stated in the tender Deviation # document Suggestion/ End of Document Project Office Bank of Baroda Baroda Corporate Centre Dated : 03/11/ 2009 Confidential RFP Document for Comprehensive audit of IT Systems Page 48 of 48 Project Office. Terms & Conditions etc.