Request for Proposal for Selection of Security System ... · across India. Bank envisages as one of...

Request for Proposal for Selection of Security System Integrator to set up

Security Operation Centre (SOC) for Bank

Tender No:

Head office Information

Bank House, 21, Rajendra Place

of 118


Security Operation Centre (SOC) for Bank

Tender No: PSB/HOIT/RFP/94/2017-18

Dated: 21.08.2017

PUNJAB & SIND BANK

(A Govt. of India Undertaking)

Head office Information Technology Department

Bank House, 21, Rajendra Place

New Delhi-110008

https://www.psbindia.com


of 118

INDEX

S. No. Detail Page No.

From To

1

Introduction

3 3

2

Disclaimer

4 4

3

Key Information

5 5

4

Chapter 1 – Instructions to Bidders

6 12

5

Chapter 2 – Terms and Conditions

13 33

6

Chapter 3 – Scope of Work

34 54

7

Chapter 4 – Service Level Agreement And Penalties

55 61

8

Chapter 5 – Project Team Structure

62 63

9

Chapter 6 – Project Timelines

64 64

10

Chapter 7 – Evaluation Methodology

65 65

11

Annexure and Formats

66 118

of 118

INTRODUCTION

About this Request for Proposal (RFP)

Considering the fast paced threats in the IT environment, Punjab & Sind Bank (therein after referred as

“Bank”) has decided to strengthen its Information Security set up as per the guidelines in the G.

Gopalakrishna Committee Report & Recommendations on Information Security, Electronic Banking,

Technology Risk Management and Cyber Frauds, released in January, 2011 and RBI Circular on Cyber

Security Framework in Banks dated 02 June 2016.

This RFP should not be considered as a statement of intent for procurement unless a Purchase Order or

Letter of Intent is issued by the Bank, as an end result of this RFP process.

This RFP document is meant for the exclusive purpose to set up Security Operation Centre (SOC) at

Punjab & Sind Bank as per the terms, conditions, and specifications indicated in this RFP and shall not

be transferred, reproduced or otherwise used for purposes other than for which it is specifically issued.

About Punjab & Sind Bank

Punjab & Sind Bank, a body constituted under Banking Companies Acquisition and Transfer of

Undertakings Act, 1980 has its Head Office at 21, Bank House, Rajendra Place, New Delhi-110008.

The Bank has three-tier administrative architecture having Head Office (H.O.) at 21, Bank House,

Rajendra Place, New Delhi – 110008, Zonal Offices (ZOs) at 24 locations and more than 1450 branches

across India. Bank envisages as one of the leading commercial Banks in the country. All the branches of

the Bank are CBS enabled. Bank has deployed Finacle as a Core Banking Solution (CBS) for all its

Branches.

Apart from Finacle Core Banking System (CBS), Bank has implementation following delivery channels:

1. ATM – Debit Card

2. Internet Banking – For Retail & Corporate Customers

3. Mobile Banking

4. UPI (Unified Payments Interface)

5. BBPS (Bharat Bill Payment System)

of 118

DISCLAIMER

� The information contained in this RFP document or any information provided subsequently to

Bidder(s) whether verbally or in documentary form by or on behalf of the Bank, is provided to the

Bidder(s) on the terms and conditions set out in this RFP document and all other terms and

conditions subject to which such information is provided.

� This RFP is neither an agreement nor an offer and is only an invitation by Bank to the interested

parties for submission of bids. The purpose of this RFP is to provide the Bidder(s) with information

to assist the formulation of their proposals. This RFP does not claim to contain all the information

each bidder may require. Each Bidder should conduct its own investigations and analysis and should

check the accuracy, reliability and completeness of the information in this RFP and obtain

independent advice, wherever necessary. Bank makes no representation or warranty and shall incur

no liability under any law, statute, rules or regulations as to the accuracy, reliability or completeness

of this RFP. Bank may in its absolute discretion, but without being under any obligation to do so,

update, amend or supplement the information in this RFP.

� This is not an offer by the Bank but only an invitation to bid in the selection process initiated by the

Bank. No contractual obligation whatsoever shall arise from the RFP process until a formal contract

is executed by the duly authorized signatory of the Bank and the Bidder.

of 118

KEY INFORMATION

Particulars Details

Tender Number PSB/HOIT/RFP/94/2017-18

Tender Title Request for Proposal for Selection of Security System

Integrator to set up Security Operation Centre (SOC)

for Bank.

Participation Fee (Non Refundable) Rs. 20,000/- (Rs. Twenty Thousand Only)

Bid Security (EMD) Rs. 25,00,000/- (Rs. Twenty Five Lakhs only)

(In the form of Bank guarantee from Schedule

Commercial Bank)

Bid Validity 180 Days

Date of Publishing the tender on

Bank’s Website 21.08.2017 11:00 Hrs

Last Date for submission of Pre-Bid

Query 28.08.2017

(Queries must be e-mailed to [email protected]

only as per Annexure VIII in MS-Excel format quoting

Tender Number in the subject field of the email.)

Date and Time for Pre Bid Meeting 30.08.2017 15:00 Hrs

Last Date and time for submission of

Bids 15.09.2017 15:00 Hrs

Date and Time of Opening of

Technical Bids 15.09.2017 15:30 Hrs

Date and Time of Commercial Bids

Opening

To be notified later to the qualifying bidders only.

Place of Opening of Bids Punjab & Sind Bank

HO IT Dept., 2nd Floor, 21 Bank House, Rajendra

Place, New Delhi - 110008

Contact Person for any clarifications/

Submission of Bids

Santosh Neeraj – DGM(CISO)

Contact Number 7840053500

If any of the dates given above happens to be Holiday in Delhi, the related activity shall be undertaken

on the next working day at the same time.

of 118

CHAPTER 1 – INSTRUCTIONS TO BIDDERS

1.1 Minimum eligibility Criteria for the Bidders

Bidders are required to provide factually correct responses to this RFP. Adequate justification and

documents for the response (including the technical and other requirements) should be provided as part

of the response. In case the Bank finds any response to be inadequate, the Bank has the right to ask for

additional explanation/ justification/ documentations. In the event of any discrepancy in the response

submitted by the bidder, the Bank reserves the right to disqualify and/or blacklist the bidders.

The Bank reserves the right to verify/ evaluate the claims made by the Bidders independently. Any

deliberate misrepresentation will entail rejection of the bid.

The Minimum Eligibility Criteria for the bidder (the “bidder” herein after called as “Security Integrator”

or “vendor” or “SI”) shall be as under:-

Sr.

No.

Eligibility Clause Documents Required

EC-1 The Bidder should be a Company/ firm in

India registered under the Companies Act,

1956 for a period of minimum five (05)

years.

Certificate of Incorporation &

Commencement of Business (applicable

for Public Ltd. Companies). A certified

copy of the same is required to be

submitted with the Bid.

EC-2 The Bidder should have made an annual

turnover of Rs. 100 Crore per annum in the

last three Financial Years (i.e. FY 2014-15,

2015-16, and 2016-17).

Audited Financial Statements for the last

three Financial Years, viz. 2014-15,

2015-16, and 2016-17 needs to be

furnished. CA certificate needs to be

furnished.

EC-3 The Bidder should have positive net worth in

the last 3 financial years (i.e. FY 2014-15,

2015-16, and 2016-17)


three Financial Years, viz. 2014-15,

2015-16, and 2016-17 needs to be

furnished. CA certificate needs to be

furnished.

EC-4 The Bidder should have an annual turnover

of at least Rs.10 Crores in providing security

services in each of the last three Financial

Years (i.e. FY 2014-15, 2015-16, and 2016-

17.)

CA Certificate/ Customer PO/ CA

Declaration

EC-5 The Bidder should have experience of at

least 1 BFSI (Banking, Financial services

and Insurance) or Govt. Sector client in

implementing/supporting a Security

Operations Centre (SOC) in last 5 years in

India.

Copies of purchase orders showing SOC

experience to clients.

of 118

EC-6 The Bidder should have implemented or

provided/be providing SOC Security

Services, including log monitoring and co-

relation, for minimum 1000 EPS to at least

one (01) BFSI or Govt. Sector client in India.

Letter from client on client letter Head/

commissioning report along with name

and designation and Landline telephone

contact details.

EC-7 The Bidder’s organization should have ISO

27001 certification.

ISO 27001 certification copy.

EC-8 The Bidder should not be existing System

Integrator (for Network Infrastructure/

Facility Management) for the Punjab & Sind

Bank to avoid conflict of interest.

Bidder under taking should be submitted

in this regard.

EC-9 The proposed solutions (i.e. SIEM, WAF,

PIM, and Anti-APT) should be successfully

implemented in any BFSI or Govt. Sector

client(s) in India.

OEM Letter with client name.

EC-10 The Bidder should deploy industry standard

license tools.

Undertaking letter from Bidder

EC-11 The SIEM deployed must be in the Leader or

Challenger Quadrant of latest published

Gartner’s Report for SIEM.

Gartner Report

EC-12 The bidder should not have been put in the

negative list or Blacklist by any Public

Sector Bank/ Government Organization for

breach of applicable laws or violation of

regulatory prescriptions or breach of

agreement for providing the SOC services at

the time of bid submission.

Undertaking letter from the bidder

EC-13 Bidder/OEM should have successfully

implemented SIEM in integration with Core

Banking System (Finacle). In case of OEM’s

experience, the OEM shall own the complete

implementation responsibility of SIEM.

An undertaking letter from OEM.


implemented WAF, PIM, and Anti-APT. In

case of OEM’s experience, the OEM shall

own the complete implementation

responsibility for the solution whose proof

submitted by OEM (WAF, PIM, and Anti-

APT).


EC-15 The proposed solutions should be certified/

benchmarked by an independent third party/

OEM for performance, security.

Enclose certificate/ benchmark report for

security, performance from independent

third party OR OEM letter for

performance, security.

EC-16 The proposed WAF solution must be in the Latest Gartner’s Report

of 118

Leader or Challenger Quadrant of latest

published Gartner’s Report.

Photocopies of relevant documents/ certificates, duly stamped and signed must be submitted as proof in

support of the claims made. The Bank reserves the right to verify/ evaluate the claims made by the

Bidder independently. The decision of the Bank in this regard shall be final, conclusive and binding

upon the Bidder.

1.2 Language of the Bid

The bid as well as all correspondence and documents relating to the bid exchanged by the Bidder and the

Bank shall be in English language only.

1.3 No commitment to accept lowest or any bid

The Bank shall be under no obligation to accept the lowest or any other offer received in response to this

tender notice and shall be entitled to reject any or all offers including those received late or incomplete.

Bank will be under no obligation to have discussions with any bidder, and/or entertain any

representation.

1.4 Right To Accept Any Bid And To Reject Any Or All Bids

PUNJAB & SIND BANK reserves the right to accept or reject in part or full any or all offers without

assigning any reason thereof even after issuance of letter of Intent. Any decision of Punjab & Sind Bank

in this regard shall be final, conclusive and binding upon the bidders. The Bank reserves the right to

accept or reject any Bid in part or in full, and to annul the Bidding process and reject all Bids at any time

prior to contract award, without thereby incurring any liability to the affected Bidder or Bidders or any

obligation to inform the affected Bidder or Bidders of the grounds for Bank’s action. During any stage

of evaluation process, if it is found that the bidder does not meet the eligibility criteria or has submitted

false /incorrect information the bid will be summarily rejected by the Bank and no further

correspondence would be entertained in this regard. Bank further reserves the right to amend, rescind,

reissue or cancel this RFP and all amendments will be advised to the Bidder and such amendments will

be binding upon them. The Bank also reserves its right to accept, reject or cancel any or all responses to

this RFP without assigning any reason whatsoever. Further please note that the bank would be under no

obligation to acquire any or all the items proposed. No contractual obligation whatsoever shall arise

from the RFP process unless and until a formal contract is signed and executed by duly authorized

officials of Punjab & Sind Bank and the bidder.

1.5 Correction of Errors

Bidders are advised to exercise greatest care in entering the pricing figures. No corrigenda or requests

for prices to be corrected will be entertained after the bids are opened. If there are any corrections in the

bid document, the authorized signatory should initial them all, failing which the figures for such item

shall not be considered. Discrepancies in bids will be corrected as follows:

of 118

• Where there is a discrepancy between the amounts in figures and in words, the amount in words

shall prevail.

• Where there is a discrepancy between the unit rate and the line item total resulting from

multiplying the unit rate by the quantity, the unit rate will govern unless, in the opinion of Bank,

there is an obvious error such as a misplacement of a decimal point, in which case the line item

total will prevail

• Where there is a discrepancy between the amount mentioned in the bid and the line item total

present in the schedule of prices, the amount obtained on totaling the line items in the Bill of

Materials will prevail

The amount stated in the correction form, adjusted in accordance with the above procedure, shall be

considered as binding, unless it causes the overall price to rise, in which case the bid price shall prevail.

Based on the Bank’s requirements as listed in this document, the bidder should identify and offer the

best-suited solution / bill of material for the product that would meet the Bank’s requirements and quote

for the same.

1.6 Bid Validity Period

Bids shall remain valid for 180 (one hundred eighty) days from the date of opening of the technical bid.

The Bank holds the rights to reject a bid valid for a period shorter than 180 days as non-responsive,

without any correspondence. In exceptional circumstances, The Bank may solicit the Bidder’s consent to

an extension of the validity period. The request and the response thereto shall be made in writing.

Extension of validity period by the Bidder should be unconditional and irrevocable. The Bid Security

provided shall also be suitably extended.

A Bidder acceding to the request will neither be required nor be permitted to modify its bid. A Bidder

may refuse the request without forfeiting its bid security. In any case the bid security of the Bidders will

be returned after completion of the process.

1.7 Pre-bid meeting

For clarification of doubts of the bidders on issues related to this RFP, the Bank intends to hold a Pre-

Bid Meeting on the date and time as indicated in the RFP in Key-Information.

For any clarification with respect to this RFP, the bidder may send an email to [email protected]

by last date of submission of queries as defined in Key-Information in this document. The format to be

used for seeking clarification is mentioned in Pre-bid Query Format. It may be noted that all queries,

clarifications, questions etc., relating to this RFP, technical or otherwise, must be in writing only and

should be sent to the email-id as stated earlier.

Only two (i.e. maximum) authorized representatives of the bidders will be allowed to attend the meeting.

of 118

1.8 Signing of contract

The successful bidder shall be required to enter into a contract with Bank, within thirty (30) days of the

award of the work or within such extended period, as may be specified by Bank. This contract shall be

based on this RFP document (read with addendums/Corrigendum/Clarifications), LOI, Purchase order

and such other terms and conditions necessary for the due performance of the work, as envisaged herein

and in accordance with the bid.

However the terms and conditions of purchase order and RFP shall constitute a binding contract till such

a contract is executed.

1.9 Cost of Preparation and Submission of Bid

The Bidder shall bear all costs associated with the preparation and submission of its Bid and the Bank

will in no case be responsible or liable for these costs, regardless of the conduct or outcome of the

Bidding process.

1.10 Bid Security - Earnest Money Deposit (EMD)

Non-submission of Earnest Money Deposit as mentioned in Key-Information will lead to outright

rejection of the Offer. The EMD is to be submitted in the shape of Financial Bank Guarantee from any

scheduled commercial Bank valid for minimum 225 Days from the date of Bid Submission Date.

EMD of unsuccessful Bidders will be returned to them on completion of the tender process. The EMD

of successful Bidder will be returned within 30 days on submission of Performance Bank Guarantee.

The Earnest Money Deposit may be forfeited under the following circumstances:

a. If the Bidder withdraws its bid during the period of bid validity (180 days from the date of

opening of the technical bid).

b. If the Bidder makes any statement or encloses any form which turns out to be false, incorrect

and/or misleading at any time prior to signing of contract and/or conceals or suppresses material

information; and / or

c. In case of the successful Bidder, if the Bidder fails:

• To honor submitted bid

• To sign the contract in the form and manner to the satisfaction of the Bank.

• To furnish performance Bank Guarantee in the form and manner to the satisfaction of the

Bank.

1.11 Formation of Technical Bid

The Technical offer/ Technical bid must be made in an organized and structured manner. The Technical

Bid shall contain the following documents and should be properly sealed and marked as “Bid for

of 118

Security Operation Centre”, Tender Reference Number, Bidder’s name and Address in the following

forms:-

1. ANNEXURE - I Tender Covering Letter duly signed & stamped by the authorized signatory

2. ANNEXURE - II Compliance to Minimum Eligibility Criteria

3. ANNEXURE - III Bidder’s Information

4. ANNEXURE - IV Performa for the Bank Guarantee for Earnest Money Deposit

5. ANNEXURE - V Acceptance of Scope of Work

6. ANNEXURE - VI Acceptance/ Compliance Certificate

7. ANNEXURE - VII Format of Performance Guarantee

8. ANNEXURE - VIII Pre-bid Query Format

9. ANNEXURE - IX Technical Requirements/ Specifications

10. ANNEXURE - X Commercial Bill of Materials

11. ANNEXURE - XI Non-Disclosure Agreement

12. ANNEXURE - XII Resource Plan Matrix

13. ANNEXURE - XIII Check – List For Bid Submission

14. FORMAT - 1 Bidder’s Undertaking Letter 1

15. FORMAT - 2 Channel Partner/ Dealership/ Experience letter from OEM

16. FORMAT - 3 Confirmation of Soft Copy

17. FORMAT - 4 Compliance Statement

18. FORMAT - 5 Bidder’s Undertaking Letter 2

19. FORMAT - 6 Undertaking of Authenticity for Solution and Server Supplies

20. Quality/ Performance/ Benchmark Certifications for the products offered

21. Any other documents, forms, letters etc supporting above information.

Note: All Claims made by the Bidder will have to be backed by documentary evidence. The bidder is

expected to examine all instructions, forms, terms and specifications in the RFP. Failure to furnish all

information required or to submit a Bid not substantially responsive to the in every respect will be at the

Bidder’s risk and may result in the rejection of the Bid.

1.12 Evaluation Process of the Bids

The Evaluation will be a two-stage process:

1. Technical Evaluation

a. Compliance to Minimum eligibility Criterion

b. Acceptance to all terms and conditions of RFP

c. Completeness of Bid as per RFP requirement

d. Acceptance to Scope of RFP

e. Technical Evaluation

2. Commercial Evaluation

of 118

The evaluation by the Bank will be undertaken by a committee of internal which would have Bank

officials and may include Consultants. The decision of the committee shall be considered final.

1.13 Preliminary Scrutiny

1. The Bank will examine the Bids to determine whether they are complete, required formats have

been furnished, the documents have been properly signed, and the Bids are generally in order.

2. The Bank may, at its discretion, waive any minor infirmity, non-conformity, or irregularity in a

Bid, which does not constitute a material deviation.

3. The Bank will first examine whether the Bid and the Bidder is eligible in terms of Eligibility

Criteria. The bids not meeting the Minimum Eligibility Criteria shall not be considered for

further evaluation.

4. Prior to technical evaluation, the Bank will determine the responsiveness of each Bid to the

Bidding Document. For purposes of these Clauses, a responsive Bid is one, which conforms to

all the terms and conditions of the Bidding Document without material deviations. Deviations

from, or objections or reservations to critical provisions, such as those concerning Bid Security,

Applicable Law, Bank Guarantee, Eligibility Criteria, will be deemed to be a material deviation.

5. The Bank’s determination of a Bid’s responsiveness will be based on the contents of the Bid

itself, without recourse to extrinsic evidence.

6. If a Bid is not responsive, it will be rejected by the Bank and may not subsequently be made

responsive by the Bidder by correction of the non-conformity.

of 118

CHAPTER 2 - TERMS AND CONDITIONS

2.1 Two Bid System

a) The offer should be submitted in two separate sealed covers, but at the same time, containing

Technical (“Technical Bid” or TB) and Commercial (“Commercial Bid” or CB). Proposals super

scribed with “Technical Offer for RFP for SOC” and “Commercial Bid for RFP for SOC”.

The sealed covers containing the Technical Bid and the Commercial Bid should in turn be put in a

sealed outer envelope to be super-scribed as “Technical and Commercial Bids for RFP for SOC”.

The sealed outer envelope should be submitted in person to the below address before the stipulated

date and time as per the Bid Schedule (Key Information):

Asstt General Manager (IT)

Punjab & Sind Bank, HO IT Dept.

2nd Floor, 21 Bank House, Rajendra Place

New Delhi 110008

The Bids shall be submitted with following documents in the same sequence without which the bid

will be summarily rejected. All the pages in the respective bids should be serially numbered and

signed by the authorized person.

The Technical and Commercial Bids should be submitted in “Hard copy” and “Soft copy”. The soft

copy should be in a CD with the name of the System Integrator and the type (“Technical Bid”,

“Commercial Bid”) clearly indicted on the CD. The CD should be included in the respective sealed

cover.

In case of any discrepancy between the “Hard Copy” and the “Soft Copy” documents, the signed

“Hard Copy” shall be considered as final.

b) The TB should cover all items asked for in the Technical Requirements/ Specifications Annexure IX

and should not contain any price information.

c) The CB should give all relevant price information and should not contradict the Technical Bid (TB)

in any manner and should be submitted in the format given in “Annexure X Commercial Bill of

Material”.

d) Opening of the CB will be subject to the Bidders getting short-listed on the basis of technical

evaluation. (The CB of bidders not short listed will not be opened.)

e) The TB will be opened in the presence of only one authorized representatives of the bidders on the

date specified. The representative of the bidder shall produce an authorization letter from the bidder

to represent them at the time of opening of TB. Irrespective of the presence of such representatives,

the TB will still be opened at the scheduled time at the sole discretion of the Bank, in the presence of

Bank’s Tender Committee Members.

of 118

f) The original bids shall be typed or printed in a clear typeface and signed & stamped by authorized

representatives of the Bidder. The Copies of bids if any submitted may be good quality photocopies

of the original. An accompanying letter is required, signed by an authorized signatory of the Bidder,

committing the bidder to the contents of the original response.

g) The CB should give prices /costs in INR (Indian Rupees) only and bids in currencies other than INR

would be disqualified.

h) All costs should be for door delivery and should be exclusive of all taxes, duties, charges and levies

of State or Central Governments, as applicable and subject to deduction of all statutory deductions

applicable, if any. The benefits realized by Bidder due to lower rates of taxes, duties, charges and

levies shall be passed on to Bank.

i) The Bidder has to submit masked Commercial Bid along with the technical bid document.

2.2 Pro-forma for Technical Details

a) The bank expect point to point reply (For Technical Requirements/ Specifications in Annexure IX)

with clearly stating the response requested by the bank in the column provided and additional

information in Remarks/ Explanation column. If any additional data sheets/ Reports/ Screen shots

are to be attached label them as annexure and refer the number in the remarks column. Please note

that product brochures/ webpage printouts covering broadly the technical requirements/

specifications are not acceptable & liable for rejection.

b) Point wise compliance of the terms and conditions enumerated in Tender Document. Any technical/

commercial deviation with the Tender Document should be clearly stated with the reasons thereof.

c) The detailed specifications, make and versions of various components (H/W, S/W, Network) and

tools proposed by the Bidder to be provided.

d) The Bank reserves the right not to allow/ permit changes in the technical specifications and not to

evaluate the offer in case of non-submission or partial submission of technical details.

e) The Bank may at their discretion waive any minor non-conformity or ask for clarifications in any

offer and the same shall be binding on all bidders and the Bank reserve the right for such waivers or

accepting such clarifications at a later date, before the date of opening of commercial bids.

f) If the Bank is not satisfied with the compliance to technical specifications in the bid and observes

major deviations, the technical bids of such bidders will not be short-listed and the CB of such

bidders will not be opened. No further discussions shall be entertained with such bidders in this

regard /matter.

g) The Bank reserves the right to reject this Tender Notice in part or full, or cancel the entire process at

any stage without assigning any reason. The bank shall not be obliged to inform the affected

bidder(s) of the grounds for the Bank’s rejection.

h) The bank reserves the right to change or relax the eligibility criteria to ensure inclusivity and fair

play.

i) The bank reserves the right to re-tender and the Bank shall not incur any liability to the affected

bidder(s) on account of such rejection. The Bank shall not be obliged to inform the affected bidder(s)

of 118

of the grounds for the Bank’s rejection. The bank reserves the right to modify any technical

requirements specifications within the overall scope of the RFP before accepting the bids from the

bidders and the same will be communicated with the bidder through an Addendum/Corrigendum.

j) The Bank reserves the right to modify any technical requirements specifications within the overall

scope of this Tender and the Bank reserves the right to obtain revised CB from the bidders with

regard to changes in clauses/terms & Conditions or if the Bank is not satisfied with the prices

offered.

k) Notwithstanding anything contained herein above, in case of any dispute, claim and legal action

arising out of this tender, the parties shall be subject to the jurisdiction of courts at New Delhi i.e.

where Bank’s Head Office is located.

2.3 Modification and withdrawal of offers

a) The bidder may modify or withdraw its offer after submission, provided that a written notice of the

modification or withdrawal is received by the Bank prior to the closing date and time prescribed for

submission of offers.

b) No offer can be modified or withdrawn by the bidder subsequent to the closing date and time for

submission of the offers without the risk of the bid security being forfeited.

2.4 Erasure or Alterations

a) The offers should not contain hand written material, erasures, corrections or alterations. Technical

details must be completely filled up. Correct technical information of the product being offered must

be filled in.

b) Filling up of the forms using terms such as “OK”, “complied”, “noted”, “as given in the

brochure/manual”, etc. are not acceptable and needs to be filled with as requested by the Bank and

additional details in Remarks/Explanation columns. If supporting documents screens shots etc. are

attached should be properly labeled and reference should be provided in the remarks/ explanation

column.

c) The Bank may treat the offers as unacceptable if they do not adhere to these guidelines.

2.5 No Commitment to Accept Lowest or Any Tender

a) The bank shall be under no obligation to accept the lowest or any other offer received in respect of

this tender and shall be entitled to reject any or all offers without assigning any reason whatsoever.

b) The bank reserves the right to ‘call off’/ cancel the tender proceedings or cancel the Tender at any

point of time.

2.6 Delivery Locations

of 118

a) The proposed solutions need to be delivered & installed at locations specified in the Scope of Work.

2.7 Bid Price & Bid Security

a) RFP document can be purchased against payment of Participation Fee (Non Refundable), mentioned

in the Key Information section of this RFP, in the form of a Demand Draft issued by a Scheduled

Commercial Bank favoring Punjab & Sind Bank, payable at New Delhi.

b) Alternatively the RFP document can be downloaded from the Bank's website www.psbindia.com.

However, bidder will have to submit the Demand Draft along with the TB in the sealed cover.

c) In the event of non-submission of Participation Fee towards the Tender Document the Technical Bid

will not be considered and the bidder would in effect be disqualified.

d) Bidders are required to give a Bid Security (EMD) as mentioned in the Key Information section in

the form of Bank Guarantee along with Technical Bid. Offers made without the Bid Security (EMD)

will be rejected.

e) The Bid Security will be refunded to the unsuccessful bidders only after completion of the bid

process. No interest will be payable on the Bid Security amount.

f) The Bid security amount will be forfeited if the selected bidder refuses to accept assignment or

having accepted the assignment, fails to carry out his obligations mentioned therein.

2.8 Software drivers & manuals

a) All software and required drivers of the Solution/appliances/Servers are to be delivered along with

the appliance/Server.

2.9 Transport and Insurance Costs

a) The price bid will be inclusive of transportation to locations specified in the Tender, insurance till

installation, supervision of commissioning, and acceptance.

b) Any delay in installation of the hardware for whatsoever reason should not entail in expiry of

insurance and the same should be continued to be extended up to the date of installation,

commissioning, and acceptance of the Hardware by the bank.

2.10 Fixed Price

a) The rates quoted by the bidders in the CB are exclusive of taxes prevailing at the time of submission

of bid. Bank will pay the taxes on actual on production of necessary documents by the bidder to the

Bank.

b) The prices indicated in the CB should address all requirements in the technical bill of material. No

other cost apart from that mentioned in the final commercial bill of material shall be considered.

of 118

c) Where there is a discrepancy between the amounts in figures and in words, the amount in words

shall govern.

d) Where there is a discrepancy between the unit rate and the line item total resulting from multiplying

the unit rate by the quantity, the unit rate will govern unless, in the opinion of the Bank, there is

obviously a gross error such as a misplacement of a decimal point, in which case the line item total

will govern.

e) If any bidder fails to quote or kept ‘blank’ against any of the services or line item in the CB sought

by the Bank, it will be presumed by the Bank, that the cost of such items is included in the overall

cost and will not accept any plea or excuse from the bidders later. Such solution/ services have to be

provided to the Bank without any extra cost along with all other solution/ services. However, for the

purpose of evaluation the highest value quoted for such line item(s) by any of the bidders will be

taken into consideration.

f) The Price offer shall be on a fixed price basis. The rate quoted by the Bidder should necessarily

include the following:

- Cost of the equipment, solution, service

- Warranty for First Three (3) years & AMC for next two (2) years in the case of Hardware being

supplied and Licensing cost of Procuring the software in the first year & Software Technical

support along with product updates/upgrades for the next four (4) years.

- Transportation, forwarding and freight charges to the site.

- Comprehensive Insurance to cover equipment during transit period and until installation,

commissioning, and acceptance of equipment by the Bank.

g) Local entry taxes/octroi, if any, will be paid by the Bank on production of relative payment

receipts/documents.

h) Terms of payment as indicated in the Purchase Contract will be final and binding on the Bidder and

no interest will be payable by the Bank under any circumstances.

2.11 Performance Guarantee

a) The Bank will require the selected Bidder to provide a Performance Bank Guarantee, within 15 days

from the date of acceptance of the order or signing of the contract whichever is earlier, for a value

equivalent to 10% of the total contract value with validity of 63 months (or extended period, if any).

The selected Bidder shall be responsible for extending the validity date and claim period of the

Performance Guarantee as and when it is due. In case the selected Bidder fails to submit

performance guarantee within the time stipulated, The Bank, at its discretion, may cancel the order

placed on the selected Bidder without giving any notice. Bank shall invoke the performance

guarantee in case the selected Bidder fails to discharge their contractual obligations during the period

or Bank incurs any loss due to Bidder’s negligence in carrying out the project implementation as per

the agreed terms & conditions.

b) Until the Performance Guarantee is provided, the validity of Bid Security shall continue.

of 118

2.12 Vicarious Liability

a) The bidder is responsible for managing the activities of its personnel or the personnel of its

consortium partners and will be accountable for both.

b) The bidder shall be vicariously liable for any acts, deeds or things done by their employees, agents,

contractors, subcontractors etc. which is outside the scope of power vested or instructions issued by

the Bank.

c) Bidder shall be the principal employer of the employees, agents, contractors, subcontractors etc.

engaged by BIDDER and shall be vicariously liable for all the acts, deeds or things, whether the

same is within the scope of power or outside the scope of power, vested under the purchase contract

to be issued for this tender.

d) No right of any employment shall accrue or arise, by virtue of engagement of employees, agents,

contractors, subcontractors etc. by the BIDDER, for any assignment under the purchase contract to

be issued for this tender.

e) All remuneration, claims, wages, dues etc. of such employees, agents, contractors, subcontractors

etc. of BIDDER shall be paid by BIDDER alone and the Bank shall not have any direct or indirect

liability or obligation, to pay any charges, claims or wages of any of BIDDER’s employee, agents,

contractors, and subcontractors.

f) The BIDDER agrees to hold the Bank, their successors, Assigns and Administrators fully

indemnified and harmless against loss or liability, claims actions or proceedings, if any, that may

arise from whatsoever nature caused to the Bank through the action of its employees, agents,

contractors, subcontractors etc.

2.13 Delivery, Installation, Commissioning and Completeness

a) The Bidder shall be responsible for delivery, installation, commissioning, and completeness of the

solutions as mentioned in the Scope of the RFP.

b) If the Bidder fails to deliver, install and / or supervise commissioning the solutions within the

stipulated timelines as defined in the section Project Timelines of this RFP, it shall be considered as

a breach of contract. In such cases, Penalties shall be charged as per service levels defined for the

Implementation Phase in the Service Level Agreements Section of this RFP.

c) The project shall be considered as completed only after commissioning of the solutions in scope with

full fledged features mentioned in the Scope of Work/ Technical Requirements. The necessary

customization, integration, policy/ rules development and configuration, report generation, for all

solutions in scope have to be completed.

d) The project period will start from the date of signoff (the date on which the bidder completes entire

installation/configuration/starting of services for all the items under the scope of work.)

of 118

2.14 Payment Terms

a) The SI must accept the payment terms proposed by the Bank. The sealed commercial bid submitted

by the SI must be in conformity with the payment terms proposed by the Bank. Any deviation from

the proposed payment terms would not be accepted. The Bank shall have the right to withhold any

payment due to the SI, in case of delays or defaults on the part of the SI. Such withholding of

payment shall not amount to a default on the part of the Bank.

b) The payment terms for the project are as follows:

Activities and deliverables % of the Total payout for SIEM from

Final Commercial bill of material

Implementation Phase for SIEM

On Delivery of SIEM Solution as per

scope

50%

Installation & Configuration of SIEM

Solution as per scope

20%

Implementation Closure - which includes

integration with devices, servers, and

applications mentioned in the Scope of

the RFP, and also integration with the

other solutions procured in this RFP, i.e.

making the SOC operational (as per

scope of RFP), UAT, and receiving sign

off from the bank

20%

6 months post sign off 10%

Activities and deliverables % of the Total payout for WAF from

Final Commercial Bill of material

Implementation Phase for Web Application firewall (WAF)

On Delivery of WAF Solution as per

scope

50%

Installation & Configuration of WAF


20%


integration with devices/ applications in

scope (including integration with SIEM)

and receiving sign off from Bank

20%


Activities and deliverables % of the Total payout for PIM from

final commercial bill of material

Implementation Phase for PIM Solution

On Delivery of PIM Solution as per

scope

50%

Installation & Configuration of PIM 20%

of 118



integration with devices/ applications in

scope (including integration with SIEM)

and receiving sign off from Bank

20%


Activities and deliverables % of the Total payout for ANTI-APT

Protection from final commercial

material

Implementation Phase for ANTI-APT Protection Solution

On Delivery of ANTI-APT Protection


50%

Installation & Configuration of ANTI-

APT Protection Solution as per scope

20%

Implementation Closure including

integration with existing devices

(including with SIEM) and receiving sign

off from Bank

20%


Payment for SOC Resource Cost, SOC Maintenance Charges, Anti-Phishing Service Charges, &

Risk Assessment Services:-

SOC Resource Cost: Quarterly (at the end of quarter) from the date of sign-off of the project.

SOC Maintenance Charges: Quarterly (at the end of quarter).

Anti-Phishing Service Charges: Quarterly (at the end of quarter) from the date of sign-off of the Anti-

Phishing Service.

Other Implementation Charges (For LED, Racks, Network Cables, & Others): Payment shall be

made after Implementation Closure phase of SIEM.

Other Security Services (As per Sr No 1 of Other Security Services Table of CB): Quarterly at the

end of quarter/ as and when Bank avails the services.

Risk Assessment Services: On completion of the Risk Assessment Activity and submission of report to

the satisfaction of the Bank. The bidder shall provide the rate for the Risk Assessment Services in the

CB and payment shall be made as per the rate.

Payment will be made to the Security System Integrator quarterly in arrears on submission of invoice

and other supporting documents.

of 118

The payments as per the Payment Schedule covered shall be paid by HO IT Department, Punjab & Sind

Bank, 2nd Floor, 21 Bank House, Rajendra Place, New Delhi - 110008.

2.15 Penalty

a) The bidder must strictly adhere to the schedules for completing the assignments. Failure to meet

these delivery dates, unless it is due to reasons entirely attributable to the bank, may constitute a

material breach of the bidder's performance. In the event that the Bank is forced to cancel an

awarded contract (relative to this RFP) due to the bidder's inability to meet the established delivery

dates, the bank may take suitable penal actions as mentioned below.

b) [ As per clause 4.1 ] The bank will consider the inability of the SI to deliver or install or implement

the equipment/ solution within the specified time limit, as a breach of contract and would entail the

payment of Liquidation Damages on the part of the SI. Notwithstanding the Bank’s right to cancel

the order, Liquidated Damages at 1% of the Total Implementation Cost of the delayed solution/

service per week will be charged for every week's delay in the implementation of the proposed

solution/ service beyond the specified delivery/ commissioning/ installation/ implementation period

subject to a maximum of 20% of the value of total Implementation Cost of the delayed solution/

service. The Bank reserves the right to recover these amounts by any mode such as adjusting from

any payments to be made by the Bank to the company and invoking the Bank guarantee.

The liquidation damages represent an estimate of the loss or damage that the Bank may have

suffered due to delay in performance of the obligations (relating to delivery, installation,

Operationalization, implementation, training, acceptance, warranty, maintenance etc. of the Security

Operations Center) by the SI.

Installation will be treated as incomplete in one/all of the following situations:

� Non-delivery of any component or services/solution mentioned in the RFP.

� Non-delivery of supporting documentation

� Delivery/Availability, but no installation of the components and/or software/ solution

� No Integration

� System operational, but unsatisfactory to the Bank

c) Part of week will be treated as a week for this purpose.

d) However, liquidated damages will not be levied in case the delay cannot be attributed to the bidder.

e) Penalties will be calculated as per the SLA section of this RFP.

f) The SI shall provide uninterrupted services for ensuring implementation and maintenance of the

Security Operations Center as per the requirements of the RFP. Inability of the SI to either ensure

deliverables as per specifications within defined timelines or to meet the service levels as specified

in this RFP shall be treated as breach of contract and would invoke the penalty clause.

of 118

g) Notwithstanding anything contained above, no such penalty will be chargeable on the SI for the

inability occasioned, if such inability is due to reasons entirely attributable to the Bank.

h) If at any time during performance of the Contract, the SI should encounter conditions impeding

timely delivery of the Goods and performance of the Services, the SI shall promptly notify the Bank

in writing of the fact of the delay, it’s likely duration and its cause(s). As soon as practicable after

receipt of the SI’s notice, the Bank shall evaluate the situation and may at its discretion extend the

SI’s time for performance, with or without liquidated damages, in which case the extension shall be

ratified by the parties by amendment of the Contract.

i) Any delay by the SI in the performance of its delivery obligations shall render the SI liable to the

imposition of liquidated damages, unless extension of time is agreed upon without the application of

liquidated damages.

j) The maximum total overall penalty levied during entire tenure of the contract shall not exceed 10%

of Total SOC Project Cost of the Contract.

2.16 Contract Cancellation

a) The Bank reserves the right to cancel the contract and invoke the Bank Guarantee in the event of

happening of one or more of the following Conditions:

i. Failure of the successful bidder to accept the contract/ LOI and furnish the Performance

Guarantee within 15 days of receipt of purchase contract.

ii. Delay in delivery beyond the specified period.

iii. Delay in completing installation, implementation, and acceptance tests/checks beyond the

specified period.

iv. Delay in project sign off beyond specified time.

b) In addition to the cancellation of purchase contract, the Bank reserves the right to appropriate the

damages through encashment of Bid Security/ Performance Guarantee or security given by the

Bidder.

2.17 Indemnity

a) Bidder should ensure that the hardware/Solution delivered to the Bank are licensed and legally

obtained with the valid documentation made available to the Bank.

b) Bidder should ensure that the hardware delivered to the Bank including all components and

attachments are brand new.

c) Bidder shall indemnify, protect and save the Bank against all claims, losses, costs, damages,

expenses, action, suits and other proceedings, resulting from infringement of any patent, trademarks,

copyrights etc or such other statutory infringements under the Copy Rights Act, 1957 or IT Act 2000

of 118

and its subsequent amendments in respect of all the hardware, software and network equipments or

other systems supplied by them to the Banks from whatsoever source.

d) The Bidder shall, at their own cost and expenses, defend and indemnify the Bank against all third-

party claims including those of the infringement of Intellectual Property Rights, including patent,

trademark, copyright, trade secret or industrial design rights, arising from use of the Products or any

part thereof in India.

e) The Bidder shall expeditiously meet any such claims and shall have full rights to defend itself there

from. If the Bank is required to pay compensation to a third party resulting from such infringement,

the Bidder shall be fully responsible therefore, including all expenses and court and legal fees.

f) The Bidder shall also be liable to indemnify the Bank, at its own cost and expenses, against all

losses/damages, which the Bank may suffer on account of violation by the Bidder of any or all

national/international trade laws, norms, standards, procedures etc.

g) The bidder shall always keep indemnified and hold the Bank harmless from and against any and all

damages, losses, liabilities, claims, actions, costs and expenses (including attorneys' fees) relating to,

resulting directly or indirectly from or in any way arising out of any claim, suit or proceeding

brought against the Bank by a third party as a result of non-compliance with Laws in force default in

obtaining consents, permissions, approvals, licenses, etc as may be necessary or required for this

project or for the conduct of their own business under any applicable Law, Government

Regulation/Guidelines.

h) In the event of third-party software products being incorporated in or forming part of the Solution,

either as its main engine or under a run-time or other subsidiary license, the bidder(s) shall warrant

that the software has been procured by the bidder(s) under valid licenses from the relevant

intellectual property right owners of such software.

The bidder(s) further warrants that they possess a legal right to use the software under such licenses,

in terms set out under any relevant license or sub-license agreement. The bidder(s) will indemnify

the Bank for any and all costs that may arise out of the use of software, in which it is alleged that any

rights of the owners of such software have been infringed.

2.18 Manufacturer’s Authorization Form

a) The Bidder should furnish a letter from original equipment manufacturer authorizing the bidder to

quote for OEM’s product in response to the RFP.

b) The said letter should also offer to extend the required warranty from the OEM in respect of the

items stipulated in the tender for contract period. The Proforma of the letter is given in Format 3

OEM Letter.

c) The Bidder should furnish undertaking of authenticity as prescribed in Format 6 Solution

Authentication Letter along with Bid documents.

2.19 Publicity

of 118

a) Any publicity by the Bidder in which the name of the Bank is to be associated should not be carried

out without the explicit written approval of the Bank.

b) In case the Bidder desires to show any of the services to their customers at Bank's sites, prior

approval of the Bank will have to be obtained by them.

2.20 Confidentiality of Banks data

a) Bidder agrees that all information gathered during the course of RFP or contract from the Bank

including oral enquires, letters, documents, emails, presentations, interactions, technical

documentation and other information are confidential information of the Bank. Unauthorized

disclosure of any such confidential information will amount to breach of contractual terms and in

such cases Bank may pre-maturely terminate the contract and initiate any legal action as deemed fit.

b) The Bidder will treat as confidential all data and information about the Bank obtained in the process

of execution of their responsibilities, in strict confidence, and will not reveal such information to any

other party without the written approval of the Bank.

2.21 Force Majeure

a) The Bidder shall not be liable to the Bank if, and to the extent, that the undertaking or performance

of any of its activities, duties, obligations or functions under the Agreement is prevented, restricted,

delayed or interfered with, due to circumstances beyond the Bidder’s control which is not involving

the Bidder’s fault and negligence.

b) Such event may include acts of god or public enemy, acts of Government of India in their sovereign

capacity and acts of war.

c) The Bidder claiming an event of force majeure shall promptly notify the bank within fifteen calendar

days in writing of such delay or failure in performance, the reasons there of, the expected duration

thereof and its anticipated effect and also keep the Bank informed of the further developments.

d) The Bidder shall use its best efforts to remedy such a cause of non-performance.

e) Unless otherwise directed by the bank in writing, the Bidder affected by force majeure shall continue

to perform the obligations under this agreement, which are not affected by the force majeure event

and shall take such steps as are reasonably necessary to remove the causes resulting in force majeure

and to mitigate the effect thereof.

f) As soon as the cause of force majeure has been removed, the Bidder shall notify the Bank and

resume the affected activity without delay.

g) Notwithstanding the above, the decision of the bank shall be final and binding on the Bidder in the

event of force majeure.

2.22 Amendments/Supplements to Bidding Documents and Right to alter Quantities

of 118

a) The Bank reserves the right to alter the quantities specified in the tender and to delete/substitute

items/add from the ones specified in the tender.

b) At any time prior to the deadline for submission of bids, the bank may, for any reason, modify the

RFP Document by amendments/ corrigendum at the sole discretion of the bank. All amendments/

corrigendum will be in writing and shall be posted on Bank’s website. In order to provide,

prospective bidders, reasonable time to take the amendment into account in preparing their bid, the

bank may, at its discretion, extend the deadline for submission of bids.

2.23 Technical Inspection and Performance Evaluation

a) Bank may choose to carry out a technical inspection and performance evaluation of the solutions by

the third party.

2.24 Review of the Agreement

a) The bank reserves the right to review the performance of the bidder, which shall be reviewed after

every year and the bank reserves the right to terminate the contract at any point of time after giving 3

month notice without assigning any reasons.

2.25 Mean Time between Failures (MTBF)

a) If during warranty and AMC period, any equipment has a hardware failure on three or more

occasions in a period of less than three months or five times in a period of less than twelve months, it

shall be replaced by equivalent or higher-level new equipment by the Bidder at no cost to the Bank.

b) However, if the new equipment supplied is priced lower than the price at which the original item was

supplied, the differential cost should be refunded to the Bank.

c) Non adherence to the above stipulations will entail in levy of penalty as SLA section of this RFP

2.26 General Instructions

a) Bank is looking for well-proven solutions, which are being used in Banking and Financial

environment. The capabilities, operating characteristics and other technical details on architecture of

the hardware items offered should be furnished together with product brochures, literature and

technical specifications etc.

b) The technical literature explaining the special features of the solution being offered should be

furnished.

c) If the detail of solution offered by the Bidder is available on any website, the address thereof should

be indicated. The review details of the product/solution by third party industry survey agencies like

Gartner, Frost & Sullivan, IDC and Forrester should also be provided.

of 118

d) The Bidder shall be responsible for extending the validity date and claim period of all the bank

guarantees as and when it is due on account of incompletion of work under guarantees.

e) Bank shall invoke the guarantee before expiry of validity if work is not completed and the guarantee

is not extended, accordingly.

f) In case of non-submission or partial submission of details sought in this tender, the Bank reserves

their right not to evaluate the offer.

g) The technical Bid must be submitted in an organized and structured manner. No brochures / leaflets

etc. should be submitted in loose form. Point wise explanation is to be provided in the column

Remarks/explanation. Supporting documents shall be labeled properly and reference of the same is

to be provided under Remarks column.

h) Each page of the tender document issued by the Bank shall be signed and returned by the Bidder.

i) Bank reserves the right to disqualify any or all Bidder’s either on the basis of their responses to all or

some of the response sheets or even any part thereof without assigning any reasons whatsoever

j) Bank reserves the right to issue amendments, seek any details / clarifications from the bidders at any

stage of the RFP.

k) It is absolutely essential for the bidders to quote the lowest price at the time of making the offer in

their own interest. No Bidder shall contact the Bank on any matter relating to its offer from the time

of offer opening to the time the Contract is awarded. Any effort by a bidder to influence the Bank in

its decision on offer evaluation, comparison or contract award decisions may result in the rejection

of the Bidder’s offer.

2.27 Warranty/ AMC

a) Hardware:

The offer must include a minimum comprehensive on-site free warranty of 3 years from the date of

installation and acceptance of the solution by the Bank including all parts and labour. No parts,

accessories of the systems should be excluded from such warranty.

Also the offer includes AMC of 2 years from expiry of the warranty period. During the AMC period,

the services rendered by the bidder should be the same as those extended during the Warranty

period.

All the hardware to be delivered for the SOC Project should be sized at 70% CPU and RAM peak

utilization.

Software:

All software updates/upgrades during the period of contract have to be provided at no cost to the

Bank. All technical support issues related to software like bugs, problems with the product software

causing the service disruptions have to be attended as per the SLA terms mentioned in this RFP. It is

of 118

responsibility of the bidder/ OEM that the software solution shall function at satisfactory level

during the period of contract.

All software supplied will carry warranty including Patches and software/product/solution updates

and upgrades for 5 years.

b) Bidder shall be fully responsible for the manufacturer's warranty in respect of proper design, quality

and workmanship of all equipment, accessories etc. covered by the tender.

c) Bidder must warrant all equipment, accessories, spare parts etc. against any manufacturing defects

during the warranty and AMC period.

d) During the warranty period of contract bidder shall maintain the systems and repair/replace at the

installed site, at no charge to the Bank, all defective components that are brought to the Bidder's

notice.

e) The Bidder shall carry out Preventive Maintenance (PM), including cleaning of interior and exterior,

of all hardware and testing for performance once in a calendar quarter and should maintain proper

records of the same.

f) As far as possible, the equipment should be repaired at site and where the equipment is taken for

repairs outside the Bank, a substitute of the similar or higher configuration/ capacity equipment

should be provided and data should be transferred to the substitute machine besides creating back-

up.

g) The selected bidder shall deploy latest version of all software/ hardware/ licenses/ solutions/ devices

for the SOC Project.

h) The selected bidder shall be liable for not meeting security standards and/or cyber security aspect for

SOC Solutions.

2.28 Resolution of Disputes

a) The Purchaser (Bank) and the supplier (Bidder) shall make every effort to resolve amicably, by

direct informal negotiation any disagreement or dispute arising between them under or in connection

with the contract.

b) If after thirty days from the commencement of such informal negotiations, the Bank and the bidder

are unable to resolve amicably a contract dispute; either party may require that the dispute be

referred for resolution through formal arbitration.

c) All questions, disputes or differences arising under and out of, or in connection with the contract or

carrying out of the work whether during the progress of the work or after the completion and

whether before or after the determination, abandonment or breach of the contract shall be referred to

arbitration by two Arbitrators: one Arbitrator to be nominated by the Purchaser and the other to be

nominated by the Supplier.

d) In the case of the said Arbitrators not agreeing, then the matter will be referred to an umpire to be

appointed by the Arbitrators in writing before proceeding with the reference.

of 118

e) Work under the Contract shall be continued by the selected bidder during the arbitration proceedings

unless otherwise directed in writing by the Bank unless the matter is such that the works cannot

possibly be continued until the decision of the arbitrator or of the umpire, as the case may be is

obtained and save as those which are otherwise explicitly provided in the Contract, no payment due

or payable by the Bank, to the selected bidder shall be withheld on account of the ongoing

proceedings, if any, unless it is the subject matter or one of the subject matter thereof.

2.29 Ownership and Retention of Documents

The Bank shall own the documents, prepared by or for the selected Bidder arising out of or in

connection with the Contract.

Forthwith upon expiry or earlier termination of the Contract and at any other time on demand by The

Bank, the Bidder shall deliver to The Bank all documents provided by or originating from The Bank/

Purchaser and all documents produced by or from or for the Bidder in the course of performing the

Service(s), unless otherwise directed in writing by The Bank at no additional cost.

The selected Bidder shall not, without the prior written consent of The Bank/ Purchaser, store, copy,

distribute or retain any such Documents.

The selected Bidder shall preserve all documents provided by or originating from The Bank / Purchaser

and all documents produced by or from or for the Bidder in the course of performing the Service(s) in

accordance with the legal, statutory, regulatory obligations of The Bank /Purchaser in this regard.

2.30 Conflict of Interest

The Bidder shall disclose to the Bank in writing all actual and potential conflicts of interest that exist,

arise or may arise (either for the Bidder or the Bidder’s team) in the course of performing the

Service(s)as soon as practical after it becomes aware of that conflict.

2.31 Compliance with Laws

The bidder should adhere to laws of land and rules, regulations and guidelines prescribed by various

regulatory, statutory and Government authorities. Bidder is to ensure that all the proposed solutions are

compliant to all existing regulatory guidelines of GOI/RBI and also adheres to requirements of the IT

Act 2000 (including amendments in IT Act 2008) and Payment and Settlement Systems Act 2007 and

amendments thereof. A self-declaration to this effect is to be submitted by the bidder.

The Vendor shall undertake to observe, adhere to, abide by, comply with all applicable laws in force or

as are or as made applicable in future, pertaining to or applicable to them, their business, their

employees or their obligations towards them and all purposes of this Tender and shall indemnify, keep

indemnified, hold harmless, defend and protect the Bank and its employees/ officers/ staff/ personnel/

representatives /agents from any failure or omission resulting from Vendor’s non-compliance to

applicable laws on its part to do so and against all third party claims or demands of liability and all

of 118

consequences that may occur or arise for any default or failure on its part to conform or comply with the

above and all other statutory obligations arising there from.

Compliance in obtaining approvals/permissions/licenses: The Vendor shall promptly and timely obtain

all such consents, permissions, approvals, licenses, etc, as may be necessary or required for any of the

purposes of this project or for the conduct of their own business under any applicable Law, Government

Regulation/Guidelines and shall keep the same valid and in force during the term of the project, and in

the event of any failure or omission resulting from Vendor’s non-compliance to do so, Vendor shall

indemnify, keep indemnified, hold harmless, defend, protect and fully compensate the Bank and its

employees/ officers/ staff/ personnel/ representatives/agents from and against all third party claims or

demands of liability and all consequences that may occur or arise for any default or failure on its part to

conform or comply with the above and all other statutory obligations arising there from and the Bank

will give notice of any such claim or demand of liability within reasonable time to the Vendor.

This indemnification is only a remedy for the Bank. The Vendor is not absolved from its responsibility

of complying with the statutory obligations as specified above. Indemnity would be limited to court and

arbitration awarded damages and shall exclude indirect, consequential and incidental damages. However

indemnity would cover direct damages, loss or liabilities suffered by the Bank arising out of claims

made by its customers and/or regulatory authorities.

2.32 Legal Compliance

The successful bidder hereto agrees that it shall comply with all applicable union, state and local laws,

ordinances, regulations and codes in performing its obligations hereunder, including the procurement of

licenses, permits and certificates and payment of taxes where required. If at any time during the term of

this agreement, the Bank is informed or information comes to the Bank's attention that the Successful

bidder is or may be in violation of any law, ordinance, regulation, or code (or if it is so decreed or

adjudged by any court, tribunal or other authority), the Bank shall be entitled to terminate this agreement

with immediate effect.

The Successful bidder shall maintain all proper records, particularly but without limitation accounting

records, required by any law, code, practice or corporate policy applicable to it from time to time

including records, returns and applicable documents under the Labour Legislation.

The Successful bidder shall ensure payment of minimum wages to persons engaged by it as fixed from

time to time under the Minimum Wages Act, 1948. In case the same is not paid, the liability under the

act shall solely rest with the successful bidder.

2.33 Contract Termination/Order Cancellation

The Bank reserves the right to terminate the contract/ cancel the order placed with a reasonable notice

to the selected Bidder and recover expenditure incurred by the Bank under the following circumstances:-

of 118

a. The selected Bidder commits a breach of any of the terms and conditions of the bid that has

adverse impact on Bank.

b. The Bidder goes into liquidation, voluntarily or otherwise.

c. If the selected Bidder fails to complete the assignment as per the time lines prescribed in the RFP

and the extension if any allowed and maximum amount recoverable under liquidated damage is

reached, it will be a breach of contract. The Bank reserves its right to cancel the order in the

event of delay and forfeit the bid security as liquidated damages for the delay.

d. If deductions of account of liquidated damages exceeds more than 10% of the total contract

value.

e. In case the selected Bidder fails to deliver the services as stipulated in the schedule, The Bank

reserves the right to procure the same or similar product from alternate sources at the risk, cost

and responsibility of the selected Bidder.

f. The Bank reserves the right to recover any dues payable by the selected bidder from any amount

outstanding to the credit of the selected Bidder, including the pending bills and/or invoking The

Bank guarantee under this contract.

g. The Bank reserve its right to cancel the order in the event of one or more of the following

situations, that are not occasioned due to reasons solely and directly attributable to the bidder:

a. Delay in customization/ implementation/ takeover of services beyond the specified period

that is agreed in the contract that will be signed with the successful vendor.

b. Serious discrepancy in the quality of services.

h. The Bank reserve its right to terminate the contract in the event of change in bank policy/

administrative exigency after providing notice period of six months and payment of all

outstanding dues of the services availed by the Bank.

2.34 Exit option and Reverse transition

a) The Bank reserves its right to cancel the order in the event of happening of one or more of the

situations as mentioned in the contract termination/Order Cancellation clause.

b) Notwithstanding the existence of a dispute, and/or the commencement of arbitration

proceedings, the bidder should continue to provide the facilities to the Bank.

c) Reverse transition mechanism would be activated in the event of cancellation of the contract or

exit by the parties or 6 months prior to expiry of the contract. The bidder should perform a

reverse transition mechanism to the Bank or its selected vendor. The reverse transition

mechanism would facilitate an orderly transfer of services to the Bank or to an alternative 3rd

party/ vendor nominated by the Bank. Where the Bank elects to transfer the responsibility for

service delivery to a number of vendor’s, Bank will nominate a service provider who will be

responsible for all dealings with the bidder regarding \the delivery of the reverse transition

services.

d) Knowledge Transfer: The bidder shall provide such necessary information, documentation to

the Bank or its designee, for the effective management and maintenance of the Deliverables

of 118

under this contract. Bidder shall provide documentation (in English) in electronic form

where available or otherwise a single hardcopy of all existing procedures, policies and

programs required to support the Services. Such documentation will be subject to the

limitations imposed by bidder’s Intellectual Property Rights of this Agreement.

e) The parties shall return confidential information, Data and will sign off and

acknowledge the return of such confidential information.

f) The bidder shall provide all other services as may be agreed by the parties in connection with the

reverse transition services. However, in case any other services, in addition to the above are

needed, the same shall be scoped and priced.

g) The bidder recognizes that considering the enormity of the assignment, the transition

services listed herein are only indicative in nature and the bidder agrees to provide all

requisite assistance and services for period of six months required for fully and effectively

transitioning the services provided by the bidder under the scope, upon termination or

expiration thereof, for any reason whatsoever.

h) The cost for reverse transition if any should be part of the commercial offer.

i) During which the existing bidder would transfer all knowledge, knowhow and other things

necessary for the Bank or new bidder to take over and continue to manage the services. The

bidder agrees that the reverse transition mechanism and support during reverse transition will

not be compromised or affected for reasons whatsoever be for cancellation or exist of the

parties.

j) The Bank shall have the sole and absolute discretion to decide whether proper reverse transition

mechanism over a period of 6 months, has been complied with. In the event of the conflict not

being resolved, the conflict will be resolved through Arbitration.

k) The Bank and the bidder shall together prepare the Reverse Transition Plan. However, the

Bank shall have the sole decision to ascertain whether such Plan has been complied with.

l) The bidder agrees that in the event of cancellation or exit or expiry of the contract it would

extend all necessary support to the Bank or its selected vendors as would be required in the event

of the shifting of the site during the six month period of reverse transition.

m) The bidder shall handover the complete data to bank after termination of contract/expiry of

contract.

2.35 Effects of Terminations

a) The bidder agrees that it shall not be relieved of its obligations under the reverse transition

mechanism notwithstanding the termination of the assignment.

b) Same terms (including payment terms) which were applicable during the term of the contract

should be applicable for reverse transition services.

c) The bidder agrees that after completion of the Term or upon earlier termination of the

assignment the bidder shall, if required by the Bank, continue to provide facility to the Bank at

no less favorable terms than those contained in this tender document. In case the bank wants to

of 118

continue with the bidder's facility after the completion of this contract then the bidder shall

offer the same or better terms to the bank. Unless mutually agreed, the rates shall remain

firm.

d) The Bank shall make such prorated payment for services rendered by the bidder and

accepted by the Bank at the sole discretion of the Bank in the event of termination,

provided that the bidder is in compliance with its obligations till such date. However, no

payment for “costs incurred, or irrevocably committed to, up to the effective date of such

termination” will be admissible.

e) Termination shall not absolve the liability of the Bank to make payments of undisputed

amounts to the bidder for services rendered till the effective date of termination.

Termination shall be without prejudice to any other rights or remedies a party may be entitled to

hereunder or at law and shall not affect any accrued rights or liabilities or either party nor the

coming into force or continuation in force of any provision hereof which is expressly

intended to come into force or continue in force on or after such termination.

f) Upon cancellation of contract/completion of period of service, the bidder should handover

the peaceful legal possession of all the assets provided and obtains discharge from the Bank. The

Bank also reserves the right to assign or allot or award the contract to any third party upon

cancellation of the availed services.

2.36 Limitation of Liability

Neither party shall be liable to the other for any special, indirect, incidental, consequential (including

loss of profit or revenue), exemplary or punitive damages whether in contract, tort or other theories of

law, even if such party has been advised of the possibility of such damages.

The total cumulative liability of Bidder arising from or relating to the Agreement shall not exceed the

amount paid to the successful Bidder by the Bank during the preceding six (6) months period (as of the

date the liability arose).

The successful Bidder shall be excused and not be liable or responsible for any delay or failure to

perform the services or failure of the services or a deliverable or plant under the Agreement to the extent

that such delay or failure has arisen as a result of any delay or failure by the Bank or its employees or

agents or third party service providers to perform any of its duties and obligations. In the event that the

successful Bidder is delayed or prevented from performing its obligations due to such failure or delay on

the part of or on behalf of the Bank, then the successful Bidder shall be allowed an additional period of

time to perform its obligations and unless otherwise agreed the additional period shall be equal to the

amount of time for which the successful Bidder is delayed or prevented from performing its obligations

due to such failure or delay on the part of or on behalf of the Bank. Such failures or delays shall be

brought to the notice of the Bank and subject to mutual agreement (including on commercials) with the

Bank, the successful Bidder shall take such actions as may be necessary to correct or remedy the failures

or delays on mutually agreeable terms.”

of 118

2.37 Bidder Employees’ Verification

The selected bidder shall submit employee verification report to the Bank for all employees onboarded

for the project. The bidder shall also submit the Non-disclosure Agreement (NDA) executed by the

bidder with the resources on-boarded for the SOC Project.

2.38 OEM Recommendation for Hardware, Software, Licenses

The bidder shall submit an OEM recommendation letter confirming the sufficiency of all deliverables

like- hardware, software (including licenses), services, and other tools etc. supplied by the bidder for the

project as per the scope of the RFP.

2.39 Security Certificate

The bidders shall submit security certificate of respective proposed solutions from OEM/ third party

auditor.

of 118

CHAPTER 3 - SCOPE OF WORK

3.1 Intended Principles of the SOC

The Architectural principles that form the underlying platform for the SOC implementation at the Bank

are as follows. The solutions and their deployment architecture follow from these principles. The

“bidder” herein after called as “Security Integrator” or “vendor” or “SI”, is expected to adhere to these

principles while submitting their response:

3.1.1 Functional Principles:

The Intent for implementing a SOC in the Bank is covered in the below functional principles:

• Identification & Prevention of Information Security Vulnerabilities: The SOC should be able to

identify information security vulnerabilities in the bank’s environment and prevent these

vulnerabilities through implementation of adequate security solutions.

• Incident Management: Reporting and logging of information security incidents through the use

of appropriate ticketing tools. Track and monitor the closure of these information security

incidents and Escalation of these incidents to appropriate teams/ individuals in the bank if

required.

• Continuous Improvement: Continuously improve SOC operations.

3.1.2 Scalability Principles

The solutions deployed should be modular, scalable and should be able to address the Bank’s

requirements during contract period, with the deployed hardware.

3.1.3 Availability Principles

The solutions and services in scope should be designed with adequate redundancy and fault tolerance to

ensure compliance with SLAs for uptime as outlined in this RFP.

3.1.4 Performance Principles

The solutions should not have any significant impact on the existing infrastructure of the Bank either

during installation/ implementation or during operation of SOC.

of 118

Based on the architectural principles, the following solutions/ services have been identified to enhance

the security posture of the Bank and to enable security operations monitoring:

- Security Operations Center (SOC) with Security Information and Event Management solution

(SIEM).

- Web Application Firewall (WAF)

- Privilege Identity Management Solution (PIM)

- Anti-Advanced Persistent Threat Protection(Anti-APT)

- Anti-Phishing, Anti-Trojan, Anti-Malware, and Anti-rouge (for Mobile App) Services

- Risk Assessment

The Bidder who wishes to take up the project shall be responsible for the following at Bank’s Data

Centre (DC) and Disaster Recovery Site (DR) both:

• Procurement of the necessary solutions and the corresponding hardware, software, database etc

required for implementing the solutions for the Bank.

• Implementation of the respective solutions in Bank including configuration, customization of the

solutions as per the requirement.

• Integration of the solutions to provide a comprehensive single dashboard view of the security

risks/ incidents for the Bank.

• Work/ Liaison with the existing System Integrator(s) and other vendors of the Bank to integrate

the SOC solutions with applications, devices mentioned in the scope of the RFP.

• Providing adequate resources for on-going operations of the Security Operations Center (SOC).

• Development of operating procedures in adherence with the Bank’s policies.

• Adherence to agreed Service Level Agreements (SLA) and periodic monitoring and reporting of

the same to the Bank.

• Providing of appropriate ticketing tools for Reporting and logging of information security

incidents.

• Procurement of secured links (with necessary bandwidth) between Bank’s DC and DR, along

with servers, software, database, storage solution, and networking & security equipments etc.

required for implementation of SOC.

• The integration cost of SIEM with all devices, servers, and applications will be completely borne

by the Bidder. M/s Wipro Ltd is Bank’s system integrator. Similarly, WAF, PIM, Anti-Phishing,

and Anti-APT integration cost with devices, applications, & SIEM will also be borne by the

bidder.

of 118

3.1.5 Compliance to RBI Circular (RBI/2015-16/418 DBS.CO/CSITE/BC.11/33.01.001/2015-16

Date: June 2, 2016 (Reg. Cyber Security Framework in Banks)

The selected bidder is required to fully comply with the RBI Circular RBI/2015-16/418

DBS.CO/CSITE/BC.11/33.01.001/2015-16 Date: June 2, 2016 (Reg. Cyber Security Framework in

Banks). Some of the indicative requirements of the circular are as below:-

• Putting in place an adaptive Incident Response, Management and Recovery framework to deal

with adverse incidents/disruptions.

• Performing Risk Assessment Activity in line with the RBI Circular and also in line with Cyber

Security Policy of the Bank, on half-yearly basis (or as directed by regulatory authority, statutory

authority, or GoI Ministry/Dept/Agency).

• Development and implementation of minimum Baseline Cyber Security and Resilience

Framework, as mentioned in the above mentioned RBI Circular.

• The SOC to be implemented should fully comply with the configuration guidelines as given in

the RBI Circular to ensure continuous surveillance.

• Sharing of information on Cyber Security incidents with RBI, as per template provided in the

RBI Circular.

• Development of Cyber security preparedness indicators.

• Formulation and implementation of Cyber Crisis Management Plan (CCMP) in line with the RBI

Circular and Cyber Security Policy of the Bank.

of 118

3.2 General Scope of Work for Each Solution

3.2.1 Security Information & Event Management (SIEM)

The SIEM solution is expected to collect logs from various security and network devices, servers and

applications. In addition, the logs being generated by the other solutions deployed as part of the SOC

implementation need to be collected by the SIEM. The bidder is expected to perform the following as

part of the SIEM implementation for Bank:

Solution Implementation:

• Implement the SIEM tool to collect logs from the identified devices, applications, databases etc.

• Develop parsing rules for non-standard logs

• Implement correlation rules based on out-of-box functionality of the SIEM solution and also

based on the use-cases to be provided by the vendor.

• The SIEM tool should be integrated to VAPT Tool to provide a comprehensive dashboard for

VAPT reports. (Bank already has VAPT Tool deployed of corporate license.)

• 24X7 log monitoring

• Rapid real-time response to incidents

• Evaluation of incidents

• Forensics to identify the origin of threats, mitigation thereof, initiation of measures to prevent

recurrence.

Training:

• Provide training to the identified bank personnel/ SOC team on the product architecture,

functionality and the solution design – to be provided before the implementation of solution.

• Provide hands-on training to the bank personnel/ SOC team on SIEM policy configuration, alert

monitoring, etc - post implementation.

Ongoing Operations:

• Monitor the SIEM alerts and suggest/ take appropriate action as per the SLA defined in the RFP.

• Perform on-going optimization, performance tuning, and maintenance, configure additional use-

cases, and suggest improvements as a continuous improvement process.

• Perform log backup and archival as per Bank’s policy requirements, and applicable legal/

statutory requirements.

• Ensure that SLA’s are maintained as defined in the RFP.

SOC Monitoring:

The SIEM should be able to collate logs from the devices, applications, and databases etc. mentioned in

the scope, including the other solutions deployed as part of this RFP at the Bank. The configured

of 118

correlation alerts should be displayed on LED display maintained at the SOC. The bidder should also

quote for one 40” LED display screens at the SOC.

Integration:

The SIEM tool should be integrated with incident management/ ticketing tool to generate automated

tickets for the alert events generated by the SIEM tool. All the security devices and solutions being

proposed as part of the current RFP need to be included for monitoring by SIEM solution.

Replication:

The logs collected by the SIEM log collector should be replicated across primary Data Canter and

Disaster Recovery location. The bidder needs to provide an estimate of the bandwidth required for the

replication process after due analysis of the existing setup of the Bank.

Storage:

The SIEM should be able to maintain 3 months of logs online. In addition, the bidder should provide for

near line secondary storage for archiving logs for up to 1 years and offline storage for storage of logs for

up to 9 years. The bidder is responsible for sizing the storage adequately based on the EPS estimate

given for bank in the detailed scope of work.

The bidders should provide details of the calculations used to arrive at the sizing as part of the response.

The bidder is responsible for automated online replication of logs from DC to DR for redundancy.

The solution should be capable of automatically moving the logs from device to archival storage based

on the ageing of the logs. The logs should also be available online to the device for easy correlation and

auditing should provide detailed auditing to easily detect files deletes, add changes as and when asked

by Bank. The complete SIEM Storage Solution should have Write Once Read Many (WORM),

Encryption, Advance Indexing and Searching, Retention and Disposal capabilities in Online, Near Line

and External Storage Types. The storage should have the option to support backup on tape library. The

solution should have Encryption & Data protection capabilities by allowing more than one copy of the

data/ objects using Data/ Object level mirroring or parity.

The storage solution should be tamper proof from outside access/ intrusion and there should not be root

level permission.

The solution should provide Compression and De-duplication functionalities on archival system.

The solution should provide data replication over IP to a different site for disaster recovery and data

protection with support for Unidirectional, Bi-directional, one-to-many and many-to-one replication

topologies, Retention and Disposal functionality, and no single point of failure in the solution. Should

provide industry leading data integrity protection to include proactive self-healing measures.

of 118

The expected storage requirements at a minimum are mentioned below. However, the bidder is expected

to size the storage as per the requirements mentioned in the Scope of Work in this RFP. The bidder’s

response should include the calculations/ logic used to arrive at the sizing.

Minimum Storage Requirements at DC & DR for SEIM

Tier Type Disk RPM RAID* 5,000-10,000 EPS

Tier-I On-device/

SAN/ Object

(3 Months of Data)

15000

SAS

5 At least 2 TB.

Tier-II Near Line

SAN/ Object

(1 Year)

10000

SAS/NL-SAS

5 Minimum of 3TB and

Expandable to 8TB

Tier-III External

NAS/SAN/Object

(9 Years)

7200

NL-SAS

5 Minimum of 10 TB and

Expandable to 70 TB

* Storage solution should be configured in Raid 5 or advanced RAID for zero data loss.

The solution should also be scalable to expand storage based on the peak EPS requirement of Bank.

The Bidder shall deliver minimum Disk size while additional disk may be procured by the bank as per

rate card in the BOM.

Locations in Scope

The locations which the SIEM solution shall cover are mentioned below:

S.

No.

Coverage Log

Correlation

Engine

Log Storage

Server

Storage Log

Collection

Device

SIEM

Management

Console and SOC

Operation/Facility

1 Data Center Yes in HA Yes in HA Yes Yes in HA NA

2 Disaster Recovery

Site

NA Yes Yes Yes in HA NA

3 Core Banking

Cell, Naraina,

New Delhi

NA NA NA NA Yes

Security & Network Devices to be monitored

Security & Network devices to be monitored by SIEM include but are not limited to the following:

S. No Device Type Count

DC DR Project Office,

Naraina

Head Office, New

Delhi

of 118

1 Firewalls 6 6 2 1

2 Routers 6 5 2 2

3 Layer 2 Switches 2 2 5 5

4 Layer 3 Switches 7 6 2 2

5 IPS/ IDS/ NIPS/ HIPS 2 2 - -

6 NAC (Network Access

Control)

8 8 - -

8 Access Control Devices 1 1 - -

9 Antivirus 1 1 - -

10 DB Log Management 1 1 - -

11 Security Solutions for Email 2 1 - -

12 Security Solutions for Web 2 1 - -

13 Integrated Security Manager 1 1 - -

15 LAN Management System 1 1 -

Servers

The following servers need to be monitored by SIEM include but not limited to:

S. No Device Type Count

DC DR CBS HO

1 Load Balancer 4 4 - -

2 Web servers 10 10 - -

3 Application Servers 11 11 - -

4 Database Servers 19 16 - -

Key Applications: Applications to be monitored by SIEM include but not limited to:

S. No Key Applications Vendor

1 Finacle – CBS Infosys

2 Internet Banking Infosys

3 Web Proxy Gateway McAfee

4 Database Activity Monitoring McAfee

5 Biometric Application SmartChip Ltd

6 Integrated Treasury M/s Polaris (Lasersoft)

7 Financial Inclusion Gateway TCS

8 Mobile Banking FSS

9 Email Microsoft

10 Directory Services Microsoft

11 GBM Accel Frontline

12 DAR Veermati

13 ADF – MIS Nelito

14 AML Infrasoft

15 Enterprise Management System IBM Tivoli

of 118

16 HRMS -

17 Risk Management/ ALM BALM Suryasoft

18 Locker Wipro

19 CPSMS Intelliswift

20 SWIFT Globsyn

Sizing

The EPS count for the Bank should be as below:

At the time of delivery

(to be delivered)

5000 sustained and 7000 peak EPS

Scalability Up to 10000 sustained and 12000 peak EPS

Bidder needs to quote additional cost in buckets of 1000 sustained EPS if the Bank wants to upgrade the

SIEM solution.

3.2.2 Web Application Firewall (WAF)

The bidder is required to perform the following activities:


• Deploy the WAF for the in-scope web applications

• Develop and Configure the policies

Training:

• Provide training to the identified Bank personnel/ SOC team on the product architecture,


• Provide hands-on training to the Bank personnel/ SOC team on WAF policy configuration, alert

monitoring, and etc. - post implementation.

Solution Integration:

• Integrate WAF with SIEM solution to provide a single dashboard view of events generated.

Monitoring:

• Monitor events from WAF and suggest/ take appropriate action on an on-going basis.

• Develop new policies and improve the policies configured on an on-going basis to reduce the

occurrence of false positives.

of 118

Below is a list of applications to be covered by the WAF and the deployment locations. The WAF

should be scalable to handle up to 4000 https transactions per second and 100Mbps of performance

throughput.

Sr.

No.

Application Vendor Deployment Locations for

WAF

1. Internet Banking Infosys

DC – Yes in HA Mode

DR – Yes in HA Mode

2. Mobile Banking FSS

3. Email Messaging Microsoft

4. Intranet Portal Wipro

5. Financial Inclusion (FI) Web

Application

TCS

3.2.3 Privilege Identity Management (PIM)

The bidder is expected to perform the following activities:


• Implement the solution for the identified devices/ administrators.

Training:



• Provide hands-on training to the bank personnel/ SOC team on PIM operations – post

implementation.


• Integrate the PIM with SIEM to generate alerts for any PIM violations.

Monitoring:

• Monitor events from PIM and suggest/ take appropriate action on an on-going basis.

• Develop new policies and improve the policies configured on an on-going basis to reduce the

occurrence of false positives.

• The PIM Solution should be deployed in standalone mode at DC and DR. The devices in scope

for PIM solution are same as that mentioned in SIEM Scope section. The total number of

administrators for these devices is around 100. The solution should scalable up to 200

administrators. The bidder should provide cost for per 10 administrators.

of 118

3.2.4 Anti-Phishing, Anti-Trojan, Anti-Malware, and Anti-rouge (for Mobile App) Services

The bidder is required to perform the following activities:

• 24x7 scanning of critical websites (identified by the Bank) for anti-phishing, anti-Trojan, and

anti-malware service.

• Integrate with Bank’s SOC.

• Continuous update to Bank as per SLA section of this RFP.

• Initiate response as per Bank’s request.

• Perform forensics analysis as and when required.

• Takedown of websites and Mobile App as per Bank’s request.

• A dashboard view of the risks and threats identified through the Anti-Phishing and threat

intelligence services is presented to the Bank. The Bank should be provided with online access to

the dashboards.

• Monitoring all major mobile app marketplaces for counterfeit, copycat apps, or apps infringing

trademarks, linking to pirated content, attempting phishing attacks or distributing malware.

• Prompt submission of enforcement notices and for the removal of rogue or infringing apps.

• Forensics to identify the origin of threats, mitigation thereof, initiation of measures to prevent

recurrence.

Below is a list of websites and Mobile App for which the Bank requires anti-phishing, anti-malware and

anti- Trojan services as per the technical requirements:

S No Website/ Mobile App

1 www.psbindia.com

2 www.psbonline.co.in

3 https://psbmobile.com

4 PSB Mobile Banking App

5 PSB UPI App

The vendor shall proactively monitor Bank’s websites for any phishing attempts and advise the Bank

about the incident with details. Services shall include the following:

- To protect Websites from “Phishing” and alert the Bank authorities’ concerned, immediately if

Bank’s Brand/ logo is targeted in Phishing attacks. Upon detection, the vendor shall work to shut

down the phishing site and submit the report.

- Rapid response to phishing attacks

- Track hosting of phishing websites through digital watermark.

- Tracking new Domain Name Registrations to detect any spoofed or similar site being registered,

this will include brand abuses too.

- Monitoring anti-phishing forums.

- Initiating takedown of the phishing sites.

of 118

- Analyzing web server logs and application logs to track the Phisher’s identity.

- Analyzing application logs to identify Phisher-initiated transaction.

- Benchmarking Bank’s website and suggesting controls required to minimize impact from

phishing attacks.

- Assisting the Bank for coordination with law enforcement, regulatory, statutory and other

agencies like CERT-IN, Banking Ombudsman, RBI, NPCI, MoF, IBA, and UIDAI etc.

- Providing alerts on detection of phishing sites, daily status report on the phishing site detected

and the action taken.

- Providing Anti-Rogue services detects and shuts down rogue mobile apps on mobile stores and

internet.

- Online Dashboard to be provided for Anti-phishing and Anti-rogue services.

- Forensics to identify the origin of threats, mitigation thereof, initiation of measures to prevent

recurrence.

Phishing Site Takedown Services

The bidder shall bring down the detected phishing site and deactivate the site at the earliest.

• Keep track of the site brought down for reactivation for at least 2 months. The reactivated sites

are to be brought down without any additional charges during this period of 2 months.

• Provide Reports on the takedown activities and the status of the phishing site on daily basis.

• Report on phishing trend in India and across the globe.

3.2.5 Anti Advanced Persistent Threat System (Anti-APT)

The bidder is expected to perform the following activities:


• Implement the solution for the identified devices.

Training:



• Provide hands-on training to the bank personnel/ SOC team on anti-APT operations – post

implementation.


• Integrate anti-APT with SIEM to generate alerts for any Anti - APT violations.

Monitoring:

of 118

• Monitor events from anti-APT and suggest & take appropriate action on an on-going basis.

• Develop and improve the policies configured on an on-going basis to reduce the occurrence of

false positives.

The solution should be sized for 50Mbps performance throughput. The solution should be deployed in

HA mode at DC and DR. The device should have at least 2 Nos. of GBIC Ports.

3.2.6 Risk Assessment Services

• The vendor shall conduct periodic (annually) IT Risk Assessment and ensure adequate, effective,

and tested controls for people, processes, and technology to enhance Information Security. The

first Risk Assessment should be conducted within 4 months of issuance of Purchase Order.

• The vendor shall conduct IT Risk Assessment of new products and services.

• The vendor shall review the change management requests related to IT Infrastructure Activities/

Access Permission and report to the Bank the resulting threat perception in Bank environment.

• The vendor shall review the information security incidents and activities across the Bank.

• The Risk Assessment services should be undertaken to assess Bank’s security threats and risks.

• Provide risk assessment and recommendations on a periodic basis as required to mitigate risks

and to strengthen the overall security posture of the Bank.

• Provide risk assessment and mitigating measures in respect of-

o integrating various systems & applications in Bank’s environment

o integrating third parties system/ applications through extranets

o outsourcing arrangements

• Design and update Risk Assessment templates on platforms, infrastructure integration,

application security assessment, vulnerability assessment, outsourcing, processes, people etc.

• Vendor should devise Risk Assessment methodology covering Value of Asset, threat, probability

of occurring of threat, impact of the threat etc. in consultation with the Bank.

• Provide Bank with a root cause analysis of downtime due to faults, security events including

preventive measures being taken to prevent future similar incidents and outages.

• Participate in technical and business planning sessions to establish security standards,

Architecture and project initiatives to improvise the design from information security standpoint

and provide recommendations.

• Vendor shall ensure continuous training and best practice updates to Bank Team.

3.2.7 Other Security Services

3.2.7.1 Security Intelligence Services

• The Bidder shall regularly track and advise the Bank about new global security threats and

vulnerabilities. The advisories shall be customized to suit the Bank’s information security

of 118

infrastructure. The Bidder shall advise upgrades/ changes in the security infrastructure of the

Bank against evolving threats and responsibilities. Onsite team shall track impact of new

vulnerabilities and threats on Bank’s assets.

• The Bidder shall advise and coordinate in implementation of controls to mitigate new threats.

• The Bidder shall ensure adequacy, appropriateness and concurrency of various policies and

guidelines in place in the Bank and shall provide Information Security consultancy for newer

technology deployment for new and existing applications and products.

• The Bidder shall guide and recommend the Bank w.r.t. any change required in the existing

infrastructure of the Bank for deployment of new application and services, which can have

security implication to Bank, like- changing of rule in Firewall, Router, IPS, IDS, and

application/ server configurations etc.

• The bidder shall facilitate the Bank to participate in the Cyber Security Mock Drill and Cyber

Security Assessment conducted by Ministry of Finance/ CERT-In as and when required by them,

with no extra cost to the Bank. The Bidder shall provide MOCK drill environment and also

implement the recommendations of such drills/ assessment to improve cyber security posture of

the Bank.

• The Bidder shall identify evolving vulnerabilities and threats to IT infrastructure assets deployed

in the bank. This includes-

o Top global attack sources

o Top global attack targets

o New Vulnerabilities and advisories

o New Attack vectors

o Worms & Virus outbreaks

• The Bidder shall have access to and track leading security databases such as- NIST, OEM sites,

CERT-IN, OWASP, OVAL, CVE, Anti-virus vendors, National Vulnerability Database, and

SANS etc.

• The Bidder shall provide countermeasures/ recommend workarounds to remediate vulnerabilities

as and when they are discovered.

3.2.7.2 Security Advisory Services

• The Bidder shall regularly track and advise the Bank about new global security threats and

vulnerabilities. The advisories should be customized to suit the Bank’s security infrastructure.

Advise upgrades/ changes in the security infrastructure of the Bank against evolving threats and

responsibilities.

• The bidder shall review and update the Bank’s Information Security Policy and all other policies

and procedures on an annual basis in line with ISO27001 standard. The Bank has various

Policies and Plans, like- IT Security Policy, BCP-DR Plan, Cyber Fraud Policy, Digital Evidence

Policy, Migration Policy, Biometric Policy, Hardening Policy, and IS Audit Policy etc.

of 118

• The Bidder shall carry out vulnerability scanning before deployment of an application, module

and prepare a standard check list for compliance.

• The Bidder shall assess the current environment and setup a baseline security level for all

existing applications and new applications; and drive the implementation of the baseline security

level for all applications (existing and new). Ensure that the baseline security level is maintained

on an ongoing basis and hence applications are secured against all risks at any point in time.

• The Bidder shall review of Policies, Guidelines, Business Continuity Plan, Disaster Recovery

Plan, IS Audit Reports:

o Regular review of Information Security Policy and Information Security Guidelines,

Business Continuity Plan, Disaster Recovery Review Plan, and other related documents

like Data Centre Operations Manual and suggesting, vetting, incorporating necessary

changes commensurate with the security, operational, and technology risks.

o Evaluation of Information Security related audit observations of the bank and facilitating

the rectification thereof.

• The Bidder shall impart security awareness training (not certification training) to Bank

nominated staffs once in a quarter. The Bank will arrange the training facility, computers,

stationeries, projectors etc. This training program could be a classroom session and would cover

a pre-circulated training agenda on the security technology. The training can also be through

Video Conferencing and/or Webinar to cover all Branch, Zone, Other Office staffs/ vendors.

• The Bidder shall assist the Bank in planning, execution, and implementation of information

security related initiatives/projects/programs in the Bank.

• The Bidder shall participate in the periodic DR Drill activity of the Bank and suggest & assist in

implementation of enhancements in the DR Drill process.

• For new application rollout by the Bank, the Bidder shall give security advisory to the Bank.

• The bidder shall ensure compliance of ISO27001 Certification for the Bank’s DC and DR.

Bank’s DC and DR sites are ISO27001 certified.

3.2.7.3 Forensic Investigation

• The vendor shall address the challenges and risks of doing business in today's environment and

assist in dealing with complex issues of fraud, regulatory compliance as business disputes can

detract from efforts to achieve Bank’s Potential. Better management of fraud risk and

compliance exposure is a critical business priority.

• The vendor shall provide effective remedial solution of intricacies related to Forensic

Investigation of crime of any type and assist in proper dispensation of justice for at least 12

incidents in a year.

• The bidder shall have skill sets to provide fraud investigation on banks IT infrastructure and

banking related processes.

• Coordinate with IT team and help them Contain attack & restore services.

of 118

• The vendor shall facilitate the Bank in investigation of IT frauds and mitigation measures on the

same.

• The Forensic analysis should comply with the RBI Circulars, Guideline, and Recommendations.

3.2.7.4 Infrastructure Development Guidelines and Minimum Baseline Security Standards

(MBSS)

• A detailed infrastructure guideline should be created for the secure deployment of the bank’s

infrastructure

• The guidelines should be based on international standards like ISO27001, ISO2000, TIA 942 etc.

• The guidelines should cater to all the IT and network infrastructure and all other supporting

infrastructure

• Minimum Baseline Security Standard (MBSS) should be created for all the different types of

assets (IT and Network components etc)

• A MBSS review should be done on regular intervals to ensure all IT and network components

are in compliance to the guidelines

3.2.7.5 Security Architecture Review

The bidder is required to conduct the security architecture review of the bank’s infrastructure on a

quarterly/ half yearly basis (or as directed by regulatory authority, statutory authority, or GoI

Ministry/Dept/Agency). The security architecture review will involve but not limited to:

• Doing an application security assessment of the bank’s applications

• Conducting secure code review

• Conducting a configuration review of the IT and network infrastructure

3.2.7.6 Configuration Review of Servers, Security, and Network Devices

The bidder should ensure that a detailed configuration review of all the servers, network and security

devices are done on a quarterly/ half yearly basis (or as directed by regulatory authority, statutory

authority, or GoI Ministry/ Dept/ Agency). The review should be automated and manual and should

check the following parameters:

• User management

• Account policies

• Parameter files

• System Privileges

• Object Privileges

• Backup/recovery

• Operating System configuration

of 118

• Profiles information

• Operating System data file Information

• Auditing logging

• Rule base and ACL

3.2.7.7 Vulnerability Assessment and Penetration Testing(VAPT)

VA is being conducted by the Bank. The Vendor shall make assessment on the VA report. The vendor

shall follow-up for the closure of the pending observations. The Vendor shall perform risk based

profiling of the IPs to identify critical IPs. The vendor shall conduct PT of all web facing applications of

the Bank on quarterly/ half yearly basis (or as directed by regulatory authority, statutory authority, or

GoI Ministry/ Dept/ Agency)

3.2.7.8 Mobile Application Review

The bidder will perform a detailed application review of the bank’s mobile applications (like- Mobile

Banking App, UPI App, and Bharat Bill Payment App) on a quarterly/ half yearly basis (or as directed

by regulatory authority, statutory authority, or GoI Ministry/ Dept/ Agency). The assessment will

include (but not limited to):

• Prepare test cases based on the mobile application platform

• Vulnerability assessment of the mobile app.

• Automated and manual Penetration testing of the mobile app.

3.2.7.9 Other Requirements

• Monitoring 24x7 logs and audit trails for the security events - To detect known as well as

unknown attacks and raising alerts on any suspicious events that may lead to security breach into

Bank’s environment.

• Monitoring of 24x7 performance and service availability so that the desired state and integrity of

the devices/ solutions and services levels are maintained.

• To provide scalability for any additions/ modifications or integration of applications, services,

devices and networks with the existing architecture of SOC.

• Providing initial review (Level 1) of security incidents and its determination, if escalation to

Level 2, 3 supports is warranted.

• Carrying out event analysis with the statistical events correlation rules. This should include the

correlation of the events from the devices/ solutions under scope.

• Creation and adding custom correlation rules for the Bank’s devices under scope. SOC will

review and fine-tune rules as and when required.

• Providing online secured portal (web-based Dashboard) for viewing real-time monitoring data of

all the security devices/ solutions in scope.

of 118

• To Develop & recommend improvement plans for the SOC monitored Bank’s facilities as needed

to maintain an effective and secure computing environment. The activity to be carried out as

when required by the Bank.

• Monitoring alerts and events reported by devices under the SOC scope; to record the incidents,

classify, and recommend remedial action. All types of incidents will have to be reported

immediately as per the escalation matrix which will be prepared during go live.

• Initiation of prompt corrective countermeasures to stop/ prevent attacks as per predetermined

procedures.

• Complete analysis and correlation of logs from all the devices/solutions/applications under scope.

• Carrying out due forensic activities to identify the origin of threat, mitigation steps and measures

to prevent recurrence.

• Preparation of the daily, weekly, monthly reports to summarize the list of incidents, security

advisories, vulnerability management, and other security recommendations. It should include the

operations trend analysis with the reports correlation of the present and past data.

3.2.7.10 Monitoring, Reporting and Security Dashboard:

The Bidder must provide an application/online portal to maintain an online repository that lists the

existing and emerging risks with respect to IT infrastructure assets of the Bank and should have at least

following features:

• Security dashboard should provide the status of security across the IT infrastructure.

• Security dashboard also contain comprehensive baseline of risks across IT infrastructure

- Security Advisories.

- Proactive alerts and alarms.

- Unified HTTPS portal for Trouble Ticket Management & Escalation Workflow.

- Unified HTTPS portal for the security events reports, device reports and Monthly Analysis

Reports

• Security dashboard should provide various reports such as following which Bank needs to

submit/ report to the regulatory, statutory, and other relevant agencies on periodic basis:-

- Information security events report which occur during the period. An information security

event is an identified occurrence of a system, service or network state, indicating a possible

breach of information security policy or failure of safeguards, or a previously unknown

situation that may be security relevant.

- Frequency of Information Security Incidents:- Total number of information security incidents

during the period. An information security incident is indicated by a single or a series of

unwanted or unexpected information security events that have a significant probability of

compromising business operations and threatening information security.

- Number of information security incidents pertaining to RBI-owned payment and settlement

systems (RTGS, NEFT) during the period. An information security incident is indicated by a

single or a series of unwanted or unexpected information security events that have a

of 118

significant probability of compromising business operations and threatening information

security.

- Number of instances during the period where banks systems were subject to unauthorized

access, including the instances of password sharing, (successful or unsuccessful) by banks

employees and contractors, from within the bank or outside bank premises.

Note: The vendor shall provide new reports and customize existing reports as per RBI, MoF,

NPCI, IBA, UIDAI, GOI, Bank’s etc. requirements, without any cost to the Bank.

Since the bank is looking to obtain many solutions/services, it will be difficult to track the activities

and important alerts and reports from all these solutions/ services. Moreover, since most of these

solutions/ services are interrelated, correlated information will help the bank in taking important

decisions. The Bidder shall provide a unified portal that will meet this requirement.

Service Desk System

Service desk should be configured, maintained and updated to record all agreed upon SLA breaches.

Bank should be able to generate reports to validate the service availability through comprehensive

web-based portal (dashboard). The portal shall be accessed by Bank users with individual login

credentials

3.3 General Responsibilities of the SI

3.3.1 Training

• Pre-Implementation: Provide training to the identified bank personnel/ SOC team on the product

architecture, functionality and the design for each solution under the scope of this RFP.

• Post Implementation: Provide hands-on training to the bank personnel/ SOC team on SIEM

operations, alert monitoring, policy configuration for all solutions etc.

• The bidder and OEM are required to provide training jointly as per the below table for personnel/

team nominated by the bank for each solution specified in the scope of work.

• The bidder is required to provide all trainees with detailed training material. This training

material should cover installation, operation, integration, maintenance, troubleshooting and other

necessary areas for each solution.

Training Requirements

Solution Training Type Days

Pre-implementation Post-implementation

SIEM Yes 2

Yes 5

WAF Yes 1

Yes 2

of 118

PIM Yes 1

Yes 2

Anti-APT Yes 1

Yes 1

3.3.2 Implementation and Integration

• Implementation of the specified solutions as per the technical requirement of the solutions which are

detailed in Annexure –IX (Technical Requirements/ Specifications).

• 10 days before delivery of the solutions, the bidder is required to review the bank environment and

specify any additional requirements that the banks may need to provide for the implementation of

the solutions.

• The bidder is responsible to ensure that the SOC solutions and operations comply with bank’s

information security policies and industry leading standards (such as ISO 27001 etc) and any

applicable laws and regulations.

• In addition, the bidder is responsible for impact assessment and modification of SOC operations at

no extra cost, on account of any changes to applicable information security policies, procedures,

standards, regulations.

• The support for all the solutions proposed should be provided for contract period. Whereas free

upgrade should be provided for all solutions if the end of life occurs within the period of contract.

• Integrate each solution with SIEM solution to provide a single dashboard view of events generated.

• Any interfaces required with existing applications, servers, network & security devices,

infrastructure within the bank should be developed by the bidder (without extra cost to the Bank) for

successful implementation of the SOC as per the defined scope of work.

• Bidder shall be responsible for timely compliance of all Device level audit (DLA) and Vulnerability

Assessment (VA) audit observations as and when shared by the bank.

• The bidder is responsible for integrating any additional logs that the bank may wish to monitor with

the SIEM solution at no additional cost to the bank.

• Development and implementation of processes for management and operation of the SOC including

(but not limited to) the following processes:

o Configuration and Change Management

o Incident and Escalation management processes

o Daily standard operating procedures

o Training procedures and material

o Reporting metrics and continuous improvement procedures

o Data retention and disposal procedures

o BCP and DR plan and procedures for SOC

o Security Patch management procedure

of 118

The technical bid should include an overview of the processes mentioned above.

• Implement necessary security measures for ensuring the information security of the proposed SOC.

• Develop Escalation Matrix in order to handle Information Security Incidents efficiently.

• Provide necessary documentation for the operation, integration, customization, and training of each

of the solutions in scope.

3.3.3 Monitoring

The bidder is required to provide the resource count for the operations of the SOC as a part of the

response to this RFP and specify the same in the Annexure XII Resource plan matrix. The bidder shall

monitor SOC activities and events on a 24x7x365 basis and suggest & take appropriate action on an on-

going basis.

3.3.4 Continuous Improvement

Improve the policies configured on an on-going basis to reduce the occurrence of false positives

3.3.5 Solution Acceptance

The Bank in coordination with the bidder and OEM shall conduct an Acceptance Test wherein the

bidder has to demonstrate the implementation of the solution as per the requirements of the bank. The

bidder shall submit the detailed reports of the test outcomes to the bank (also refer clause 4.3

Responsibility Matrix).

3.3.6 SLA Compliance

The bidder shall ensure compliance with SLAs as defined in the RFP.

3.3.7 Business continuity

The bidder is responsible for defining a DR/ BCP plan for the SOC operations and also ensures that

periodic tests are conducted as per the testing calendar agreed with the bank.

3.3.8 Period of Contract

• Bidder is required to provide the SOC services for a period of 5 years.

• Post completion of the contract or in the event of early termination, the bidder is expected to

provide support for transition of the solutions/ services to the nominated members of the bank

(or) to a third party nominated by the banks.

• The Bidder is required to provide the warranty/ AMC services at Bank’s DC/DR/HOIT and other

locations for which tools are procured or where tools are deployed, directly or through their

OEM representatives at all locations for the bank.

of 118

The bidders are expected to provide technical and commercial proposals in accordance with the terms

and conditions contained herein. Evaluation criteria, evaluation of the responses to the RFP and

subsequent selection of the successful bidder will be based entirely on bank’s discretion. Bank’s

decision shall be final and no correspondence about the decision shall be entertained.

Note: In addition to the above points, during the contract period the vendor shall be responsible for

implementing and complying with future recommendations, guidelines, and directions of regulatory &

statutory, and other bodies (viz. RBI, IBA, NCIIPC, CERT-In, MoF, IDRBT etc.) to an existing

functionality of the deliverables provided under this RFP, without extra cost to the Bank.

3.3.9 IS Audit of SOC Solution

The selected bidder shall conduct the IS Audit of the complete SOC Solution through a CERT-In

empanelled auditor agency within one year of issuance of Purchase Order.

of 118

Chapter 4 – Service Level Agreement And Penalties

4.1 Service Levels during Implementation Phase

• The Bidder is expected to complete the responsibilities that have been assigned as per the

implementation timelines mentioned in Section: Project Timelines (Chapter-6).

• One percent of the total implementation fees would be levied as a penalty for every one week delay

as per implementation timelines per product/service.

• A maximum penalty of 20% of the value of total Implementation Cost of the delayed solution/

service would be levied for implementation delays.

4.2 Service Levels during Operations Phase

The bidder is required to adhere to the Service Level Agreements as mentioned below for the operations

phase.

SLAs for Solution Uptime

Sr

No

Service Area Service Level Penalty

1 SIEM Solution Uptime Uptime % calculated on monthly

basis for SIEM.

In case of any hardware problems,

the SI should ensure that

replacement devices are made

available to meet the SLAs.

Penalty as XX% (as

mentioned below) of

overall quarterly SOC

operation charges

(Quarterly Resource Cost +

Quarterly Maintenance

Cost).

99.9% and above NA

98% to 99.9% 5%

95% to 97.99% 8%

90% to 94.99% 15%

80% to 89.99% 30%

70% to 79.99% 50%

Less than 70% 100%

2 Other Solution Uptime Uptime % calculated on monthly

basis for each solution.

In case of any hardware problems,

the SI should ensure that

replacement devices are made

available to meet the SLAs.

Penalty as XX% (as

mentioned above) of the

individual quarterly

maintenance charges. The

SLA percentage remains

same as above.

of 118

SOC Operations Charges/ Cost includes: AMC, Resource costs for SOC monitoring and maintenance.

Maintenance Charges/ Cost includes: AMC for the specific solution

Service levels during SOC Operations

Sr

No

Service Area Service Level Penalty

1 Event Response 24x7 monitoring of all in-scope

devices

Categorization of events into Critical,

High, Medium and Low priority shall

be carried out in consultation with the

selected bidder during the contracting

phase.

All Critical, High and

Medium priority events

should be logged as

incident tickets and

responded as per below

SLAs:

Events along with action

plan/ mitigation steps

should be alerted to

designated bank personnel

as per the below SLA:

• Critical events within

15 minutes of the event

identification. Update

should be provided

every 15 minutes till

the closure of the

incident

• High priority events

within 30 minutes of

the event identification.

Update should be

provided every 1 hour

till the closure of the

incident

• Medium priority events

within 60 minutes of

the event identification.

Update should be

provided every 4 hours


incident.

SLA is measured on a

monthly basis and the

penalty is as follows:

of 118

Critical Events:

• 95-99%: 10% of the

Operations Cost for the

Month

• 90-95%: 15% of the


Month

• <90%: 20% of the


Month

High Priority Events:

• 95-99%: 5% of the


Month

• 90-95%: 10% of the


Month

• <90%: 15% of the


Month

Medium Priority Events:

• 95-99%: 1% of the


Month

• 90-95%: 2% of the


Month

• <90%: 5% of the


Month

Low Priority/ Operational

Events need to be logged

and maintained for

reference. An incident

ticket need not be raised

for such incidents.

However these need to be

included in the daily

reports.

2 Incident

Resolution

The timelines required for

resolution of Critical, High

and Medium priority

mentioned below:

of 118

• Critical incidents within

60 minutes of the event


should be provided

every 15 minutes till the

closure of the incident

• High priority incidents

within 90 minutes of the

event identification.

Update should be

provided every 1 hour


incident

• Medium priority

incidents within 120

minutes of the event


should be provided

every 4 hours till the

closure of the incident.

The required success rates

for the incident resolution

are outlined below:

Critical Incidents:

• 90-95%: 10% of the


Month

• 85-90%: 15% of the


Month

• <85%: 20% of the


Month

High Priority Incidents:

• 90-95%: 5% of the


Month

• 85-90%: 10% of the


Month

• <85%: 15% of the


Month

of 118

Medium Priority Incidents:

• 90-95%: 1% of the


Month

• 85-90%: 2% of the


Month

• <85%: 5% of the


Month

Low Priority/ Operational

incidents need to be logged

and maintained for

reference. These need to be

included in the daily

reports.

3 Report and

Dashboard

Periodic reports to be provided to

banks as defined in the General

Requirement section of Annexure IX

Technical Requirements/

Specifications

Daily Reports: Critical

reports should be submitted

twice a day. (First report at

10 am and second report at

5pm everyday).

• Delay in reporting for

daily report for more

than 2 hours shall incur

a penalty of 3% of


Month

Weekly Reports: By 10:00

AM, Monday

Monthly Reports: 5th of

each month

• Delay in reporting by

more than 3 days for

both weekly and

monthly reports shall

incur a penalty of 10%

of Operations Cost for

the Month

4 Anti Phishing and

Anti Malware

Service along

with taking down

The SI is expected to provide this

service on a 24/7 basis.

Incidents need to be logged and the

• Take down of malicious

sites within 24 hours of

identification if

confirmed by the bank.

of 118

Phishing sites/

Mobile App

resolution SLA is as per the incident

resolution section. • For a delay of 4 hours in

takedown of such sites a

penalty of 0.5 % of

quarterly cost for the

service will be levied

• For a delay of more than

one week in takedown

of such sites a penalty

of 2% of quarterly costs

will be levied

• For more than one

month delay in

takedown of such site,

the service shall be

discontinued

• In the event that a new

site is identified which

shares the same Home

URL of a site already

taken down, additional

payment for the take

down of such sites shall

not be made.

• Re-occurrence within a

month of a site already

taken down by the SI

shall no be considered

as a new site and no

additional payment shall

be made for the

takedown of such a site.

• Daily report of new

phishing sites , action

taken , instances of

reactivation etc to be

shared with bank

5 Continual

Improvement

The SI is expected to improve the

operations on an on-going basis.

The SI is expected to provide a

quarterly report of the new

improvements suggested, action plans,

and the status of these improvements

to the bank.

• Quarterly reports need

to be provided by the

5th day of each quarter

beginning

• Delay in providing

quarterly reports shall

lead to 2% of the

monthly SOC operation

charges

of 118

Improvement areas could include:

process changes/ training resulting in

efficiency/ SLA improvement, new

correlation rules to identify threat

patterns etc

• Reduction by 2% in the

time for event response,

quarter on quarter.

6 Periodic Review The SOC project sponsor or locational

delegate from the SI is expected to

conduct a monthly review meeting

with Bank officials resulting in a

report covering details about current

SOC SLAs, status of operations, key

threats and new threats identified,

issues and challenges etc.

• Monthly meeting for

next five years to be

conducted on the 25th

(tentatively) of each

month during the

operations phase.

• A delay of more than

three days will incur a

penalty of 1% of SOC

operations cost for that

quarter.

4.3 Responsibility Matrix

• The following table describes the responsibilities of the System Integrator (SI) selected through this

RFP, Bank, and Original Equipment Manufacturer (OEM) for problem management and issue

resolution related to the applications and tools hosted on the hardware and software proposed by the

SI.

• The Bank or consultant appointed by the bank shall conduct the acceptance test for the hardware and

software proposed by the Bidder.

Table: Responsibility Matrix

Sr No Activity Bank Selected

Bidder

OEM

1 SOC Solutions Design S P V and M

2 Installation of the proposed solutions,

hardware and software including

configuration as per the solution

design and scope of work

- P V and M

3 Acceptance of the solutions S P V

4 SOC Operations – Ongoing - P -

5 SOC Operations Review S - P and V

6 SLA Reports S P V

7 Incident Management - P P

“V” - Validated (Responsible for Validating the activity)

“P” - Performed (Primary responsibility for executing the activity)

“S” – Signed Off (Responsible for providing the go-ahead)

“M”- Monitoring (Responsible for continuous monitoring of activity)

of 118

Chapter 5 – Project Team Structure

All team resources included in both the implementation and operation of SOC should be on the payroll

of SI or OEM.

OEMs shall provide on-site resources at each deployment location for their respective solutions during

the implementation phase in case the bidder is not able to resolve bank’s queries/ delays in

implementation or as necessitated by the Bank.

5.1 Implementation Phase

The bidder is required to deploy necessary resources at Bank locations for complete implementation of

various solutions keeping in view meeting the Project Timelines.

5.2 Subcontracting

The bidder shall not subcontract or permit anyone other than its personnel to perform any of the work,

service or other performance required of the bidder under the contract.

5.3 Roles & Responsibilities

5.3.1 SI Project Sponsor

A senior management member from the SI shall be identified as the project sponsor; her or his

responsibilities are outlined below:

• Primarily responsible for successful implementation of the project in bank.

• Act to remove critical project bottlenecks.

• Identification of working team members, project management office members and team leads.

• Single point of contact for bank senior management.

5.3.2 Project Management Office (PMO)

• Ensure implementation timelines are met to achieve desired result.

• Monitor Change management activities.

• Monitor Quality and risk related activities.

• Identify and implement best practices.

• Periodic reporting to banks on the status, issues/ challenges faced and how these are resolved by

the vendor.

5.3.3 Team Lead

• Lead daily implementation effort.

of 118

• Report on progress to bank.

• Seek advice from the PMO on mitigation measures and deploy these at the bank.

5.3.4 Working Team

• Implementation of all device/solutions in scope.

• Customize device/solutions as per requirements.

• Perform acceptance testing for each device/solution.

5.3.5 OEM Team

OEMs shall provide on-site resources at each deployment location for their respective solutions during

the implementation phase for:

• Validation of solution design and architecture

• Continuous monitoring of implementation at each location.

• Provide support to working teams.

• Ensure customization is in line with bank’s requirements.

5.4 Operations Phase

Bidders need to provide approximate number of on-site resources in order to meet the service level

agreements mentioned in this RFP. Bidders should mention number of resources required for managing

the SOC in the format as per Annexure XII Resource Plan Matrix for the Bank.

The proportion in which resources should be deployed in operations phase shall be- L1 : L2 : L3 = 6:2:1.

This deployment should ensure a 24/7 operational SOC.

The cost of the resources as provided in the Final commercial bill of materials shall be considered as

fixed for the term of the project and the bank may procure additional resources at the cost not

necessarily as per the above mentioned ratio.

of 118

Chapter 6 – Project Timelines

Bidders are requested to keep the following timelines in regard to the implementation of solutions in the

Bank.

T denotes the date of release of PO to the Bidder. For example: T+3 represents that the solution needs to

be implemented within 3 months of the release of the PO.

Time

Activity T T+2 months T+3 months T+4 months T+6 months

T+9

months

Purchase order

Anti-Phishing

ANTI-APT

WAF

PIM

SIEM

Delivery Period

The delivery timelines for hardware as per BOM for each solution is as below:

Anti-APT : T+2 Months

WAF : T+3 Months

PIM : T+4 Months

SIEM : T+4 Months

of 118

Chapter 7 – Evaluation Methodology

Bank will open the technical bids on the stipulated day in the presence of authorized representatives of

the bidders. The technical bid will be opened first and evaluated for technical requirements as per the

stipulations.

(a) Technical Evaluation

The Bank will adopt bidder evaluation processes as detailed hereunder:

The technical response to the RFP and bidder’s compliance to the required terms & condition and scope

of specifications as specified in Annexure-IX will be evaluated. The technical response to the RFP need

to be substantiated by necessary documents, proofs, certificate, records etc.

(b) Commercial Evaluation

The Commercial Bid evaluation will be carried out through sealed commercial bidding. Commercial

Bids of only technically qualified bidders will be opened in the presence of the technically qualified

bidder’s representatives on date and time to be communicated to the qualified Bidders.

L1 bidder will be selected on the basis of the lowest Total Cost of Ownership (TCO) criteria.

of 118

ANNEXURE I - TENDER COVERING LETTER

(Duly signed & stamped by the authorized signatory)

The Assistant General Manager - IT

Punjab & Sind Bank,

Bank House, 21, Rajendra Place,

New Delhi -110008

Dear Sir,

Sub: Request for Proposal for “Selection of Security System Integrator to set up Security

Operation Centre (SOC) for Bank” - Tender Ref No.________________________________ dated

_________________

With reference to the above RFP, having examined and understood the instructions including all

annexure, terms and conditions forming part of the Bid, we hereby enclose our offer for RFP for

‘Selection of Security System Integrator to set up Security Operation Centre (SOC) for Bank’ in the

RFP document forming Technical as well as Commercial Bids being parts of the above referred Bid.

In the event of our selection by the Bank for Selection of Security System Integrator to set up Security

Operation Centre (SOC) for Bank, we will submit a Performance Guarantee for a sum equivalent to

10% of the total contract value with validity of 63 months (or extended period, if any) in favour of

Punjab & Sind Bank.

Further we agree to abide by the terms and conditions of this tender and our offer shall remain valid for

180 days from the date of technical bid opening and our offer shall remain binding upon us which may

be accepted by the Bank any time before expiry of 180 days.

Until a formal contract is executed, this tender offer, together with the Bank’s written acceptance thereof

and Bank’s notification of award, shall constitute a binding contract between us.

We understand that The Bank is not bound to accept the lowest or any offer the Bank may receive.

Dated this ____day of __________, 2017

Signature: (In the Capacity of)

of 118

Annexure II - COMPLIANCE TO MINIMUM ELIGIBILITY CRITERIA

Sr. No. Eligibility Clause Compliance (Yes/ No) (Mention Document reference, wherever

applicable)

EC-1 The Bidder should be a Company/ firm

in India registered under the Companies

Act, 1956 for a period of minimum five

(05) years.

Certificate of Incorporation &

Commencement of Business (applicable

for Public Ltd. Companies). A certified

copy of the same is required to be

submitted with the Bid.

EC-2 The Bidder should have made an annual

turnover of Rs. 100 Crore per annum in

the last three Financial Years (i.e. FY

2014-15, 2015-16, and 2016-17).


three Financial Years, viz. 2014-15, 2015-

16, and 2016-17 needs to be furnished.

CA certificate needs to be furnished.

EC-3 The Bidder should have positive net

worth in the last 3 financial years (i.e.

FY 2014-15, 2015-16, and 2016-17)


three Financial Years, viz. 2014-15, 2015-

16, and 2016-17 needs to be furnished.

CA certificate needs to be furnished.

EC-4 The Bidder should have an annual

turnover of at least Rs.10 Crores in

providing security services in each of

the last three Financial Years (i.e. FY

2014-15, 2015-16, and 2016-17.)

CA Certificate/ Customer PO/ CA

Declaration

EC-5 The Bidder should have experience of

at least 1 BFSI (Banking, Financial

services and Insurance) or Govt. Sector

client in implementing/supporting a

Security Operations Centre (SOC) in

last 5 years in India.

Copies of purchase orders showing SOC

experience to clients.

EC-6 The Bidder should have implemented

or provided/be providing SOC Security

Services, including log monitoring and

co-relation, for minimum 1000 EPS to

at least one (01) BFSI or Govt. Sector

client in India.

Letter from client on client letter Head/

commissioning report along with name

and designation and Landline telephone

contact details.

EC-7 The Bidder’s organization should have

ISO 27001 certification.

ISO 27001 certification copy.

EC-8 The Bidder should not be existing

System Integrator (for Network

Infrastructure/ Facility Management)

for the Punjab & Sind Bank to avoid

conflict of interest.

Bidder under taking should be submitted

in this regard.

EC-9 The proposed solutions (i.e. SIEM,

WAF, PIM, and Anti-APT) should be

successfully implemented in any BFSI

or Govt. Sector client(s) in India.

OEM Letter with client name.

of 118

EC-10 The Bidder should deploy industry

standard license tools.

Undertaking letter from Bidder

EC-11 The SIEM deployed must be in the

Leader or Challenger Quadrant of latest

published Gartner’s Report for SIEM.

Gartner Report

EC-12 The bidder should not have been put in

the negative list or Blacklist by any

Public Sector Bank/ Government

Organization for breach of applicable

laws or violation of regulatory

prescriptions or breach of agreement for

providing the SOC services at the time

of bid submission.

Undertaking letter from the bidder


implemented SIEM in integration with

Core Banking System (Finacle). In case

of OEM’s experience, the OEM shall

own the complete implementation

responsibility of SIEM.



implemented WAF, PIM, and Anti-

APT. In case of OEM’s experience, the

OEM shall own the complete

implementation responsibility for the

solution whose proof submitted by

OEM (WAF, PIM, and Anti-APT).


EC-15 The proposed solutions should be

certified/ benchmarked by an

independent third party/ OEM for


Enclose certificate/ benchmark report for

security, performance from independent

third party OR OEM letter for


EC-16 The proposed WAF solution must be in

the Leader or Challenger Quadrant of

latest published Gartner’s Report.

Latest Gartner’s Report

Signature/ Seal of Company


of 118

ANNEXURE III - BIDDER’S INFORMATION

The Assistant General Manager (IT)

Punjab & Sind Bank, HO Information Technology Department,

Bank House, 2nd Floor, 21, Rajendra Place

New Delhi -110008

Sir,

Reg: RFP for Selection of Security System Integrator to set up Security Operation Centre (SOC)

for Bank.

With reference to RFP No _________________________________dated: ________________ (Read

with its Addendums/ Corrigendum/ Amendments), we hereby submit necessary information hereunder:-

1. Name & address of the Company with direct phone

numbers

2. Registration No. and date of establishment

3. Website Address

4. Email Address:

5. Detail of Tender Fee and Earnest Money Deposited:

6. Figures for last 3 years (in Crores with two

decimal):-

Annual Turnover

Annual turnover in providing security services in

2014-15 2015-16 2016-17

7. Income Tax PAN and GSTIN number

DECLARATION

1. I/We hereby declare that the terms and conditions of the tender stated herein and as may be modified/

mutually agreed upon are acceptable and biding to me/us. We understand and agree and undertake that:-

of 118

1. The Bank is not bound to accept the lowest bid or may reject all or any bid at any stage at its sole

discretion without assigning any reason therefore.

2. If our Bid for the above job is accepted, we undertake to enter into and execute at our cost, when

called upon by the Bank to do so, a contract in the prescribed form. Unless and until a formal

contract is prepared and executed, this bid together with your written acceptance thereof shall

constitute a binding contract between us.

3. We have read and understood all the terms and conditions and contents of the RFP and also

undertake that our bid conform to all the terms and conditions and do not contain any deviation and

misrepresentation. We understand that bank reserve the right to reject our bid on account of any

misrepresentation/deviations contained in the bid.

4. Bank may accept or entrust the entire work to one Bidder or divide the work to more than one

bidder without assigning any reason or giving any explanation whatsoever and the Bank’s decision

in this regard shall be final and binding on us.

5. If our bid is accepted, we are to be jointly and severally responsible for the due performance of the

contract.

6. Bidder means the vendor who is decided and declared so after examination of commercial bids.

Name of person Authorized to sign:

Mobile No.

Email:

Date:

Place: SIGNATURE & STAMP OF AUTHORISED SIGNATORY

of 118

ANNEXURE IV – SAMPLE PERFORMA FOR THE BANK GUARANTEE FOR EARNEST

MONEY DEPOSIT

(To be stamped in accordance with stamp act)

Ref: Bank Guarantee # Date: __________

Punjab & Sind Bank

Information Technology Department

21, Rajendra Place, Bank House,

New Delhi 110008

Dear Sir,

In accordance with your bid reference No. ______________________ Dated:

_______________M/s______________________________________ having its registered office at

______________________________________________ (herein after Called bidder) wishes to

participate in the said bid for ‘Selection of Security System Integrator to set up Security Operation

Centre (SOC) for Bank’. An irrevocable Financial Bank Guarantee (issued by a nationalized/ scheduled

commercial Bank) against Earnest Money Deposit amounting to

Rs.____________(Rs._____________________________) valid up to ___________ is required to be

submitted by the bidder, as a condition for participation in the said bid, which amount is liable to be

forfeited on happening of any contingencies mentioned in the bid document.

M/s_________________________________ having its registered office at

__________________________ has undertaken in pursuance of their offer to Punjab & Sind Bank

(hereinafter called as the beneficiary) dated __________ has expressed its intention to participate in the

said bid and in terms thereof has approached us and requested us___________________________

(Name of Bank) ________________________ (Address of Bank) to issue an irrevocable financial Bank

Guarantee against Earnest Money Deposit (EMD) amounting to Rs

___________(Rupees_______________________) valid up to__________. We, the

___________________________ (Name of Bank)________________________ (Address of Bank)

having our Head office at ______________________ therefore Guarantee and undertake to pay

immediately on first written demand by Punjab & Sind, the amount Rs.

________________(Rupees__________________________) without any reservation, protest, demur

and recourse in case the bidder fails to Comply with any condition of the bid or any violation against the

terms of the bid, Without the beneficiary needing to prove or demonstrate reasons for its such demand.

Any Such demand made by said beneficiary shall be conclusive and binding on us irrespective of any

dispute or difference raised by the bidder. This guarantee shall be irrevocable and shall remain valid up

to ____________. If any further extension of this Guarantee is required, the same shall be extended to

such required period on receiving instructions in writing, from Punjab & Sind Bank, on whose behalf

guarantee is issued. "Not withstanding anything contained herein above our liability under this bank

guarantee shall not exceed Rs.____________ (Rupees__________________________).

of 118

This bank guarantee shall be valid up to ___________________. We are liable to pay the guaranteed

amount or any part thereof under this bank guarantee only if you serve upon us a written claim or

demand, on or before _____________ before 14.30 hours (Indian Standard Time) where after it ceases

to be in effect in all respects whether or not the original bank guarantee is returned to us. In witness

whereof the Bank, through its authorized officer has set its hand stamped on this _____________ Day of

______________2017 at __________________

Name of signatory Designation Bank Common Seal

of 118

ANNEXURE - V - Acceptance of Scope of Work

(On Bidder’s letter head duly stamped and signed by Authorized Signatory)

RFP Reference No____________ Date: _______________

The Assistant General Manager-IT

Punjab & Sind Bank, Bank House

21, Rajendra Place

New Delhi - 110008

Dear Sir,

Reg: Request for Proposal for “Selection of Security System Integrator to set up Security

Operation Centre (SOC) for Bank”.

We hereby undertake that we have read and understood the complete scope of work mentioned in the

Section Scope of Work and elsewhere in the said Tender Document (Read with Addendums

/Corrigendum and response to queries).

We further undertake the Cost includes all the cost of solutions/ services mentioned in the document and

bank shall not be liable to pay any other/ additional cost except whatever quoted by us due to any

omission of factoring the cost of any solution/ services whatsoever mentioned in the document.

I further undertake that all desired clarifications, if any, have been obtained by us as to interpretations of

the Scope of work. We undertake to comply with the complete Scope of work mentioned in the tender

document.

Yours faithfully,

(Signatures & Stamp)

Authorized Signatory

of 118

ANNEXURE – VI - ACCEPTANCE/COMPLIANCE CERTIFICATE

All Terms and Conditions including scope of work

We hereby undertake and agree to abide by all the terms and conditions stipulated by the Bank in this

RFP including all addendum, corrigendum etc. Any deviation may result in disqualification of bid.

Signature:

Seal of company:

Deviations in Submitted Bids

We certify that the solutions/ services offered by us for tender conform to all the clauses/ specifications

stipulated by Bank with the following deviations:

List if deviations:

1) _______________________________________________

2) _______________________________________________

3) _______________________________________________

(Any deviations in Bid submission may be subject to rejection. If left blank it will be construed that

there is no deviation from any clauses/ specifications given in RFP.)

Signature:

Seal of company:

of 118

ANNEXURE-VII – Sample Format of Performance Guarantee

Tender Reference No: ______________________ Date _________________

The Assistant General Manager -IT

Punjab & Sind Bank, HO IT Department

21, Rajendra Place

New Delhi – 110008

Dear Sir,

1. WHEREAS pursuant to a Request for Proposal dated…………….. (hereinafter referred to as RFP,

issued by Punjab & Sind Bank, Bank House, 21, Rajendra Place, New Delhi in response of (Vendor /

Service Provider), a Company registered under the Companies Act, 1956 and having its Registered /

Corporate Office at …………………………………has awarded the Contract valued

Rs………………………………….and appointed…………………….as Vendor/ Service Provider for

Selection of Security System Integrator to set up Security Operation Centre (SOC) for Bank vide

Appointment letter / Purchase Order No…………………………………dated……………..on the terms

and conditions as set out inter-alia in the said RFP and in the Appointment Letter / Purchase Order.

2. WHEREAS you have in terms of the said Appointment letter / Purchase Order called upon (Vendor /

Service Provider to furnish a Performance Guarantee, for Rs…………………………….Rupees only),

equivalent to…………………..of the Contract value, to be issued by a Bank in your favour towards due

performance of the Contract in accordance with the specifications, terms and conditions of the said

Appointment letter / Purchase Order and an Agreement entered / to be entered into in this behalf.

3. WHEREAS (Vendor / Service Provider) has approached us for issuing in your favour a performance

Guarantee for the sum of Rs…………………………….. (Rupees…………………………………….).

NOW THEREFORE in consideration of you having awarded the Contract to…..…………….inter-alia

on the terms & conditions that provides a performance guarantee for due performance of the terms and

conditions thereof. We,………………….Bank,…………………… a body corporate constituted under

……………………………………having its Head office

at………………………………………………(give full address) and a branch inter-alia

at………………………………. India at the request of…………do hereby expressly, irrevocably and

unconditionally undertake to pay merely on demand from you and without any demur without referring

to any other source, Rs………………………….(Rupees……………………………only) against any

loss or damage caused to or suffered by or that may be caused to or suffered by you on account of any

breach or breaches on the part of ………………of any of the terms and conditions of the Contract and in

the event of………………committing any default or defaults in carrying out any of the work or

discharging any obligation under the said Contract or otherwise in the observance and performance of

any of the terms and conditions relating thereto including non-execution of the Agreement as may be

of 118

claimed by you on account of breach on the part of …………….of their obligations or default in terms

of the said Appointment letter / Purchase Order.

4. Notwithstanding anything to the contrary contained herein or elsewhere, we agree that your decision

as to whether the ……………..has committed any such breach / default or defaults and the amount or

amounts to which you are entitled by reasons thereof will be binding on us and we shall not be entitled

to ask you to establish its claim or claims under this Guarantee, but will pay the same forthwith on

demand without any protest or demur. Any such demand made by you shall be conclusive as regards the

amount due and payable by us to you.

5. This Guarantee shall be valid up to ……….. plus 3 (three) months of the Claim period from the

expiry of said guarantee period. Without prejudice to your claim or claims arisen and demanded from or

otherwise notified to us in writing before the expiry of the said date which will be enforceable against us

notwithstanding that the same is or are enforced after the said date.

6. You will have the fullest liberty without our consent and without affecting our liabilities under this

Guarantee from time to time to vary any of the terms and conditions of the said appointment letter or the

Contract to be made pursuant thereto or extend the time of performance of the Contract or to postpone

for any time or from time to time any of your rights or powers against the ………and either to enforce or

forbear to enforce any of the terms and conditions of the said appointment letter or the Contract and we

shall not be released from our liability under Guarantee by exercise of your liberty with reference to

matters aforesaid or by reason of anytime being given to or any other forbearance, act or omission on

your part or any indulgence by you or any other act, matter or things whatsoever which under law

relating to sureties, would but for the provisions hereof have the effect of releasing us from our liability

hereunder provided always that nothing herein contained will enlarge our liability hereunder beyond the

limit of Rs…………………….. (Rupees…………………………………only) as aforesaid or extend the

period of the guarantee beyond ………………….(date) unless expressly agreed to by us in writing.

7. This Guarantee shall not in any way be affected by you are taking or giving up any securities from

……………or any other person, firm or company on its behalf or by the winding up, dissolution,

insolvency as the case may be of ……….

8. In order to give full effect to the Guarantee herein contained, you shall be entitled to act as if we were

your principal debtors in respect of all your claims against ……….hereby guaranteed by us as aforesaid

and we hereby expressly waive all our rights of suretyship and other rights, if any, which are in any way

inconsistent with any of the provisions of Guarantee.

9. Subject to the maximum limit of our liability as aforesaid, this Guarantee will cover all your claim or

claims against ………from time to time arising out of or in relation to the said appointment letter /

Contract and in respect of which your claim in writing is lodged on us before expiry of Guarantee.

of 118

10. Any Notice by way of demand or otherwise hereunder may be sent by special courier, telex, fax, e-

mail or registered post to our Head Office / Local address as aforesaid and if sent accordingly it shall be

deemed to have been given when the same has been posted.

11. This Guarantee shall not be affected by any change in the constitution of ___________or nor shall it

be affected by any change in your constitution or by any amalgamation or absorption thereof or

therewith but will ensure to the benefit of and be available to and be enforceable by the absorbing or

amalgamated company or concern.

12. This Guarantee shall come into force from the date of its execution and shall not be revoked by us

any time during its currency without your previous consent in writing.

13. We further agree and undertake to pay you the amount demanded in writing irrespective of any

dispute or controversy between you and ________________ in any suit or proceeding pending before

any court, Tribunal or Arbitrator relating thereto, our liability under these presents being absolute and

unequivocal. The payments so made by us shall be a valid discharge of our liability for payment

hereunder and ____________shall have no claim against us for making such payment.

14. We have the power to issue this Bank Guarantee in your bank’s favour as the undersigned has full

power to execute this Bank Guarantee under the Power of Attorney issued by our Bank.

15. Our authority to issue this guarantee may be verified with our Controlling Office situated at

________________________________(full details of persons to be contacted address and phone

Numbers etc).

16. Notwithstanding anything contained herein above;

i) Our liability under this Guarantee shall not exceed Rs_______________ (Rupees

___________________________________________only)

ii) This Guarantee shall be valid and remain in force up to_________________ plus the Claim period of

6 (Six) months and including the date ______________________ and

iii) We are liable to pay the guaranteed amount or any part thereof under this Guarantee only and only if

you serves upon us a written claim or demand for payment on or before the expiry of this Guarantee.

Dated this the __________________ day of ______________ 2017.

Signature and Seal of Guarantors

Vendor’s Bank

of 118

ANNEXURE-VIII SAMPLE PREBID QUIRY FORMAT

Sr.

No

Page No. Clause Number RFP clause Bidders remark

of 118

ANNEXURE – IX Technical Requirements/ Specifications

<<< Enclosed Separately. >>>

of 118

ANNEXURE - X - Commercial Bill (CB) of Materials - TCO

Total SOC Solutions/ Services Cost for 5 Years as per Scope Total SOC

Project Cost

(for 5 Years)

- TCO SIEM WAF PIM

Anti-

APT

Anti-

Phishing

SOC

Resource

Cost

SOC

Maintenance

Charges

Other

Implementation

Charges

Other

Security

Services

TOTAL Cost

for Bank

(INR)

Note:

* The bidder to quote total price excluding taxes. Taxes shall be payable extra on actual basis

Signature:

Seal of company:


of 118

SIEM Solution Implementation Cost (In INR)

Module Security Information & Event

Management (SIEM)

Data Center Disaster Recovery Center Total Cost

including

DC & DR No of

Units

Unit

Price

in INR

Total

Cost in

INR

No of

Units

Unit

Price

in INR

Total

Cost in

INR

SIEM Solution

Cost (Includes

Hardware +

Software)

Log Collection Device (HA in DC

& HA in DR)

Log Storage Server (HA in DC &

Standalone in DR)

Log Correlation Engine (HA in DC)

SIEM Storage Cost

Tier II Storage - 1 Year Near-Line

Logs (Minimum of 3TB

and Expandable to 8TB)

Tier III Storage - 9 Year Offline

Logs (Minimum of 10

TB and Expandable to 70 TB)

Additional Disk Cost per TB (10000

rpm)

Additional Disk Cost per TB (7200

rpm)

SIEM OS License

(If required)

OS License

(Use additional Rows if required)

SIEM DB License

(If required)

DB License


SIEM tools (Any

other tools if

required)

Other Tools (Mention Tool Details)


of 118

Any other hardware

required

Other Hardware (if required)


Any other Cost

(Specify)

Optional Items

Additional cost per 1000 EPS

TOTAL COST FOR SIEM =

Signature:

Seal of company:


of 118

WAF Implementation Cost (In INR)

Module Web Application

Firewall (WAF)


including

DC &

DRC

No of

Units

Unit

Price

in INR

Total

Cost in

INR

No of

Units

Unit

Price in

INR

Total Cost

in INR

WAF Solution Cost

(Includes Hardware +

Software)

Solution Cost (HA in

DC & HA in DR)

(Use additional Rows if

required)

WAF tools (Any other

tools if required)

Other Tools (Mention

Tool Details)


required)

Any other Cost

(Specify)

TOTAL COST FOR

WAF =

Signature:

Seal of company:


of 118

Privilege Identity Management (PIM) Solution Implementation Cost (INR)

Module Privilege Identity

Management (PIM)

Data Center Disaster Recovery Center Total

Cost

including

DC &

DRC

No of

Units

Unit

Price in

INR

Total

Cost in

INR

No of

Units

Unit

Price in

INR

Total Cost

in INR

PIM Solution Cost

(Includes Hardware +

Software)

Solution Cost (Standalone

Mode at DC and DR)


required)

Optional Items

Additional cost per 10

Administrators


required)

PIM tools (Any other

tools if required)

Other Tools (Mention Tool

Details)


required)

Any other Cost

(Specify)

TOTAL COST FOR

PIM =

Signature:

Seal of company: (Duly signed & stamped by the authorized signatory)

of 118

Anti-Advanced Persistent Threat Protection (Anti-APT) Implementation Cost(INR)

Module

Anti-Advanced Persistent

Threat Protection (Anti-

APT)

Data Center Disaster Recovery Center Total

Cost

including

DC &

DRC

No of

Units

Unit

Price in

INR

Total

Cost in

INR

No of

Units

Unit

Price in

INR

Total Cost

in INR

Anti-APT Solution

Cost (Software +

Hardware)

Solution Cost (HA in DC &

HA in DR)


required)

Other tools (Any

other tools if

required)

Other Tools (Mention Tool

Details)


required)

Any other Cost

(Specify)

TOTAL COST FOR Anti-APT

=

Signature:

Seal of company:


of 118

Anti Phishing Services Implementation Cost(In INR)

Module Anti Phishing Services


including DC &

DRC No of

Units

Unit

Price in

INR

Total Cost

in INR

No of

Units

Unit

Price in

INR

Total

Cost in

INR

Service Fee

Service Fee (For Website/

Mobile App mentioned in

RFP)

5 5


required)

Any other

cost

(specify)


required)

Optional

Items

Additional cost per website 1 1


required)

Optional

Items

Additional cost per Mobile

App 1 1


required)

TOTAL COST FOR ANTI-PHISHING =

of 118

SOC Resource Cost (INR)

Resource

SOC Operations Location

Total Cost for 5 years No of Units for

Bank

Unit Price in INR

(per Annum) Total Cost in INR per Annum

L1 Resource Cost 6

L2 Resource Cost 2

L3 Resource Cost 1

TOTAL SOC Resource Cost =

Signature:

Seal of company:


of 118

SOC Maintenance Charges (INR)

Module

Total Cost Solutions/ Services

Year

1

Year

2 Year 3 Year 4 Year 5

Hardware

SIEM X X X

WAF X X X

PIM X X X

Anti-Phishing NA NA NA NA NA NA

Anti-APT X X X


required) X X X

Software Support

(including licenses)

SIEM X

WAF X

PIM X

Anti-Phishing NA NA NA NA NA NA

Anti-APT X


required) X

TOTAL SOC Maintenance Charges =

Note: In case of Hardware appliance, please place the charges in Software section only.

Signature:

Seal of company:


of 118

Other Implementation Charges (INR)

Module Details At SOC Operations Location

No of Units Unit Price in INR Total Cost in INR

Display Devices LED Screen for SOC Monitoring 1

Others

Racks for deploying the Solutions/

Appliances at DC, DR, CBS Cell, & Other

Locations

Network Cables at DC, DR, CBS Cell, &

Other Locations


TOTAL =

Signature:

Seal of company:


of 118

Other Security Services (in INR)

Sr

No Description of Solution Quantity Total Cost for five years

Cost for one Year Total Cost for 5 years

1

OTHER SECURITY SERVICES

(Like- Security Intelligence Services, Security Advisory

Services, Security Architecture Review, Minimum

Baseline Security Standards (MBSS), Configuration

Review, VAPT, Mobile Applications Review, Other

Requirements, & Monitoring, Reporting, & Security

Dashboard etc. as per the scope in the RFP.)

5 A = A x 5

2 Risk Assessment Services 5 A = A x 5

3 FORENSIC INVESTIGATION (Per man day Cost Rs.

_________) [A] (Optional Item) 200 NA = A x 200

TOTAL =

Note:

(1) The quantity mentioned under FORENSIC INVESTIGATION (200) is taken for the purpose

of calculation of TCO; however actual payment shall be on per incident basis @ unit rate/per

man day cost.

Signature:

Seal of company:


of 118

Annexure – XI – Sample Non-Disclosure Agreement

This Non-Disclosure Agreement made and entered into at ___________ on this XXXX day of XXXXX

______.

BY AND BETWEEN

XXXXXXX, a company incorporated under the _______ Act, XXXX having its registered office at

XXXXXXX (hereinafter referred to as the firm / Company which expression unless repugnant to the

context or meaning thereof be deemed to include its permitted successors) of the ONE PART;

AND

Punjab & Sind Bank, a body corporate, established under the Banking Companies (Acquisition and

Transfer of Undertakings) Act 1970 and having its Head Office at 21, Rajendra Place, New Delhi

110008 (Hereinafter referred to as “Bank” which expression shall unless it be repugnant to the subject,

meaning Or context thereof, be deemed to mean and include its successors and assigns) of the OTHER

PART.

The Firm / Company and Punjab & Sind Bank are hereinafter collectively referred to as “the Parties”

and individually as “the Party”

WHEREAS:

1. Punjab & Sind Bank is engaged in the business of providing financial services to its customers and

intends to engage an independent entity for Managed Security Services for Security Operation Centre

for the Bank.

2. In the course of such assignment, it is anticipated that Punjab & Sind Bank or any of its officers,

employees, officials, representatives or agents may disclose, or deliver, to the Firm / Company some

Confidential Information (as hereinafter defined), to enable the Firm / Company to carry out the

aforesaid professional services assignment ( hereinafter referred to as " the Purpose").

3. The Firm / Company is aware and confirms that all information, data and other documents made

available in the RFP/Bid Documents/Agreement /Contract or in connection with the Services rendered

by the Firm / Company are confidential information and are privileged and strictly confidential and or

proprietary of Punjab & Sind Bank. The firm / Company undertake to safeguard and protect such

confidential information as may be received from Punjab & Sind Bank.

NOW, THEREFORE THIS AGREEMENT WITNESSED THAT in consideration of the above

premises and the Punjab & Sind Bank granting the firm / Company and or his agents, representatives to

have specific access to Punjab & Sind Bank property / information and other data it is hereby agreed by

and between the parties hereto as follows:

1. Confidential Information:

of 118

(i)“Confidential Information” means all information disclosed/furnished by Punjab & Sind Bank to the

firm / Company whether orally, in writing or in electronic, magnetic or other form for the limited

purpose of enabling the Firm / Company to carry out the proposed assignment, and shall mean and

include data, documents and information or any copy, abstract, extract, sample, note or module thereof,

explicitly designated as "Confidential"; Provided the oral information is set forth in writing and marked

"Confidential" within seven (7) days of such oral disclosure.

(ii) The firm / Company may use the Confidential Information solely for and in connection with the

Purpose and shall not use the Confidential Information or any part thereof for any reason other than the

Purpose stated above.

Confidential Information in oral form must be identified as confidential at the time of disclosure and

confirmed as such in writing within seven (7) days of such disclosure. Confidential Information does not

include information which:

(a) Is or subsequently becomes legally and publicly available without breach of this Agreement by either

party,

(b) Was rightfully in the possession of the firm / Company without any obligation of confidentiality

prior to receiving it from Punjab & Sind Bank,

(c) Was rightfully obtained by the firm / Company from a source other than Punjab & Sind Bank

without any obligation of confidentiality,

(d) Was developed by for the firm / Company independently and without reference to any Confidential

Information and such independent development can be shown by documentary evidence, or is/was

disclosed pursuant to an order of a court or governmental agency as so required by such order, provided

that the firm / Company shall, unless prohibited by law or regulation, promptly notify Punjab & Sind

Bank of such order and afford Punjab & Sind Bank the opportunity to seek appropriate protective order

relating to such disclosure.

(e) The recipient knew or had in its possession, prior to disclosure, without limitation on its

confidentiality;

(f) Is released from confidentiality with the prior written consent of the other party.

The recipient shall have the burden of proving hereinabove are applicable to the information in the

possession of the recipient.

Confidential Information shall at all times remain the sole and exclusive property of the disclosing party.

Upon termination of this Agreement, Confidential Information shall be returned to the disclosing party

or destroyed, if incapable of return. The destruction shall be witnessed and so recorded, in writing, by an

authorized representative of each of the parties.

of 118

Nothing contained herein shall in any manner impair or affect rights of Punjab & Sind Bank in respect

of the Confidential Information.

In the event that any of the Parties hereto becomes legally compelled to disclose any Confidential

Information, such Party shall give sufficient notice to the other party to enable the other Party to prevent

or minimize to the extent possible, such disclosure. Neither party shall disclose to a third party any

Confidential Information or the contents of this Agreement without the prior written consent of the other

party. The obligations of this Clause shall be satisfied by handling Confidential Information with the

same degree of care, which the receiving party applies to its own similar confidential information but in

no event less than reasonable care. The obligations of this clause shall survive the expiration,

cancellation or termination of this Agreement

2. Non-disclosure:

The firm / Company shall not commercially use or disclose any Confidential Information or any

materials derived there from to any other person or entity other than persons in the direct employment of

the Firm / Company who have a need to have access to and knowledge of the Confidential Information

solely for the Purpose authorized above. The firm / Company shall take appropriate measures by

instruction and written agreement prior to disclosure to such employees to assure against unauthorized

use or disclosure. The Firm / Company may disclose Confidential Information to others only if the Firm

/ Company has executed a Non-Disclosure Agreement with the other party to whom it is disclosed that

contains terms and conditions that are no less restrictive than these presents and the Firm / Company

agrees to notify Punjab & Sind Bank immediately if it learns of any use or disclosure of the Confidential

Information in violation of terms of this Agreement. Notwithstanding the marking and identification

requirements above, the following categories of Information shall be treated as Confidential Information

under this Agreement irrespective of whether it is marked or identified as confidential:

a) Information regarding Punjab & Sind Bank and any of its Affiliates, customers and their accounts

(“Customer Information”). For purposes of this Agreement, Affiliate means a business entity now or

hereafter controlled by, controlling or under common control. Control exists when an entity owns or

controls more than 10% of the outstanding shares or securities representing the right to vote for the

election of directors or other managing authority of another entity; or

b) Any aspect of Punjab & Sind Bank's business that is protected by patent, copyright, trademark, trade

secret or other similar intellectual property right; or

c) Business processes and procedures; or

d) Current and future business plans; or

e) Personnel information; or

f) Financial information.

of 118

3. Publications:

The Firm / Company shall not make news releases, public announcements, give interviews, issue or

publish advertisements or publicize in any other manner whatsoever in connection with this Agreement,

the contents / provisions thereof, other information relating to this Agreement, the Purpose, the

Confidential Information or other matter of this Agreement, without the prior written approval of Punjab

& Sind Bank.

4. Term:

This Agreement shall be effective from the date hereof and shall continue till expiration of the Purpose

or termination of this Agreement by Punjab & Sind Bank, whichever is earlier. The Firm /Company

hereby agrees and undertakes to Punjab & Sind Bank that immediately on termination of this Agreement

it would forthwith cease using the Confidential Information and further promptly return or destroy,

under information to Punjab & Sind Bank, all information received by it from Punjab & Sind Bank for

the Purpose, whether marked Confidential or otherwise, and whether in written, graphic or other

tangible form and all copies, abstracts, extracts, samples, notes or modules thereof. The Firm /Company

further agree and undertake to Punjab & Sind Bank to certify in writing upon request of Punjab & Sind

Bank that the obligations set forth in this Agreement have been complied with any provisions of this

Agreement which by their nature extend beyond its termination shall continue to be binding and

applicable without limit in point in time except and until such information enters the public domain.

5. Title and Proprietary Rights:

Notwithstanding the disclosure of any Confidential Information by Punjab & Sind Bank to the Firm /

Company, the title and all intellectual property and proprietary rights in the Confidential Information

shall remain with Punjab & Sind Bank.

6. Remedies:

The Firm / Company acknowledges the confidential nature of Confidential Information and that damage

could result to Punjab & Sind Bank if the Firm / Company breaches any provision of this Agreement

and agrees that, if it or any of its directors, officers or employees should engage or cause or permit any

other person to engage in any act in violation of any provision hereof, Punjab & Sind Bank may suffer

immediate irreparable loss for which monetary compensation may not be adequate. Punjab & Sind Bank

shall be entitled, in addition to other remedies for damages & relief as may be available to it, to an

injunction or similar relief prohibiting the Firm / Company, its directors, officers etc. from engaging in

any such act which constitutes or results in breach of any of the covenants of this Agreement.

Any claim for relief to Punjab & Sind Bank shall include Punjab & Sind Bank's costs and expenses of

enforcement (including the attorney's fees).

of 118

7. Entire Agreement, Amendment and Assignment:

This Agreement constitutes the entire agreement between the Parties relating to the matters discussed

herein and supersedes any and all prior oral discussions and / or written correspondence or agreements

between the Parties. This Agreement may be amended or modified only with the mutual written consent

of the Parties. Neither this Agreement nor any right granted hereunder shall be assignable or otherwise

transferable.

8. Governing Law:

The provisions of this Agreement shall be governed by the laws of India and the competent court at

Bangalore shall have exclusive jurisdiction in relation thereto even though other

Courts in India may also have similar jurisdictions.

9. Indemnity:

The Firm/ Company shall defend, indemnify and hold harmless Punjab & Sind Bank, its affiliates,

subsidiaries, successors, assigns, and their respective officers, directors and employees, at all times,

from and against any and all claims, demands, damages, assertions of liability whether civil, criminal,

tortuous or of any nature whatsoever, arising out of or pertaining to or resulting from any breach of

representations and warranties made by the Firm / Company and/or breach of any provisions of this

Agreement, including but not limited to any claim from third party pursuant to any act or omission of

the Firm / Company, in the course of discharge of its obligations under this Agreement.

10. General:

The Firm / Company shall not reverse - engineer, decompile, disassemble or otherwise interfere with

any software disclosed hereunder.

All Confidential Information is provided “as is”. In no event shall the Punjab & Sind Bank be liable for

the inaccuracy or incompleteness of the Confidential Information. None of the Confidential Information

disclosed by Punjab & Sind Bank constitutes any representation, warranty, assurance, guarantee or

inducement with respect to the fitness of such Confidential Information for any particular purpose.

Punjab & Sind Bank discloses the Confidential Information without any representation or warranty,

whether express, implied or otherwise, on truthfulness, accuracy, completeness, lawfulness, and

merchantability, fitness for a particular purpose, title, non-infringement, or anything else.

11. Waiver:

A waiver (whether express or implied) by Punjab & Sind Bank of any of the provisions of this

Agreement, or of any breach or default by the Firm / Company in performing any of the provisions

hereof, shall not constitute a continuing waiver and such waiver shall not prevent Punjab & Sind Bank

of 118

from subsequently enforcing any of the subsequent breach or default by the Firm / Company under any

of the provisions of this Agreement.

In witness whereof, the Parties hereto have executed these presents the day, month and year first herein

above written.

For and on behalf of XXXXX For and on behalf of Punjab & Sind Bank

XXXXXXX _________________________

XXXXX (Designation)

of 118

ANNEXURE - XII Resource Plan Matrix – SOC Operations

Type Role Total

(Yrs)

IT

Security

(Yrs)

Academics Certification

s

Number of

Resources

required for

operating

SOC for the

bank

L1 Monitoring &

Tracking

Incidents/Alert

s 24x7,

Reporting &

Escalation,

Regular SIEM

Administration

2 1 BE/ B.Tech/

MCA

CCNA/

CCNP/ CEH/

any global

security

certifications

and any

SIEM

Technical

certification

L2 Incident

Validation,

Incident

Analysis,

Solution

Recommendati

on, Resolve

Escalations,

VA Tool

admin,

Maintain

Knowledge

base,

Escalation

point for

device issue

resolution,

Patch

implementatio

n, Rule base

Management,

General SOC

Administration

,

Scheduling/Per

forming VA

Scans,

Submission

Scan reports,

3 2 BE/ B.Tech/

MCA

CCNA/

CCNP/ CEH/

any global

security

certifications

and any

SIEM

Technical

certification

of 118

Resolve user

queries.

L3 Security

Advisory,

Overall Design

& analysis,

Exp. In SIEM,

PIM, WAF,

ANTI-APT

tools. Large

scale security

operations

&Thorough

understanding

of TCP/IP,

networking

concepts,

Administration

of Windows,

Linux

platforms,

Incident

Closure,

Ensuring SLAs

are met,

Responsible

for closing

incidents

6 4 BE/ B.Tech/

MCA

CISSP/

CISA/ and

Any SIEM

Technical

certification

Terms & Conditions:

1. In case of absence of a lower level resource, a higher level resource should perform the job of the

absentee but the payment will be made as per the payment structure of lower level resource only.

2. If any resource is absent, standby resources should be available. Bank may reject such manpower

if Bank is not satisfied with his/her performance and payment will be made to bidder as per

actual manpower support provided subject to adherence to SLA conditions.

3. For SIEM Technical Certification, L1/L2/L3 resources may get it within 3 months from entering

into the contract or issue of purchase order (whichever is earlier), if not possessing at the time of

bid submission.

(Signatures & Stamp)

Authorized Signatory

of 118

ANNEXURE XIII - CHECK – LIST FOR BID SUBMISSION

Sr.

No.

Document Attached with

Bid (Y/N)

Page Number

1 Tender Covering Letter as per Annexure –I From To

2 Compliance to Minimum Eligibility Criteria as per

Annexure II (please ensure that all related documents to

Minimum Eligibility criteria have been attached)

3 Bidders Information as per Annexure III

Bid Earnest Money in the form of Demand Draft/ Pay

order/ Bank Guarantee as per Annexure IV.

4 Acceptance of Scope of Work as per Annexure-V

5 Acceptance/ Compliance certificate as per Annexure – VI

6 Acceptance/ Compliance to Technical Requirements/

Specifications of RFP as per Annexure – IX

7 Commercial Bill of Materials as per Annexure – X

8 Resource Plan Matrix as per Annexure – XII

9 Other Formats as mentioned in the RFP.

10 DD/ Pay Order of Rs. 20,000/- payable to Punjab & Sind

Bank toward cost of Tender Document (Please mention

the tender name with year and company name at the back

of DD/Pay order.)

11 Copy of Power of Attorney authorizing official for

signing the Bid

12 Any other document indicating the feature of the product.

13 An undertaking from OEM(s) to carry out its

responsibilities as mentioned in clause 4.3 Responsibility

Matrix of the RFP. (Table: Responsibility Matrix)

14 OEM Recommendation letter for Hardware,

Software, Licenses – as per clause 2.38

15 Use cases for the proposed solutions

16 Security certificate of respective proposed solutions

from OEM/ third party auditor. (as per clause 2.39)

of 118

Annexure XIV - Indicative List of Use Cases

No Type Use Case/ Likely Outcome (Subject to change during UAT)

A Internet Banking(IB)

1 Same username login request from

multiple IP within defined time span. ISP IP address with locations.

2 IB_AMOUNT_DEBITED_BUT_TRA

NSACTION_FAILED

If Amount is debited but transaction fails Alert

will be generated.

3 BENEFICIARY_ADDED_SUBSEQU

ENT_TRANS_12AM_TO_6AM

Within 5 minutes if a user added beneficiary and

then subsequently performed transactions should

be alerted.

4 CONNECTION_FAILED_BETWEEN

_CONNECT24_AND_IB

If any connection failure happens between

Connect24 and IB server, the same should be

alerted to respective Bank Teams (like- Internet

Banking, Security Team, etc.) immediately

5 IB_HOST_COREBANKING_SERVE

R_NOT_RESPONDING

If any connection failure happens between CBS

and IB server as Host not available, same should

be logged/ alerted.

6 INSUFFICENT_FUND

If any transaction is refused due to insufficient

funds, same should be alerted to respective Bank

Teams (like- Internet Banking, Security Team,

etc) immediately.

7 TAX_PAYMENTS_TRANSACTION

_FAILED

If any transaction related to tax payments is

refused or failed, same should be alerted to

respective Bank Teams (like- Internet Banking,

Security Team, etc.) immediately.

8 TRANS_MORE_THAN_50K_2TIME

_SAMEUSER_IN_5M

If a specific user has performed a transaction of

more than Rs. 50000 (parametrised) and within 5

minutes (parameterised) same user is performing

another transaction > 50000 same needs to be

alerted.

9 IB_TRANSACTION_NOT_ALLOWE

D

If Amount is debited but transaction fails Alert

will be generated.

10

Number of Front Page Access requests

within set time from same ip and for

multiple userid

11

Maximum connections from a single

unique IP address over a specific

period of time

12 Report on Distinct Browser access

13 POTENTIAL_PHISHING_ATTACKS

14 WEBPAGE_UNAVAILABILITY

15 Internet Banking Failed Logins

of 118

B Mail Messaging

1 Spam mail

2 Top 'n' Email Accounts Sending

Messages

3 Top 'n' Email Accounts Receiving

Messages

4 Top 'n' Email Accounts Mailing Most

Outside the Organization

5 Email Send with BCC

6 Mail messaging is not sending mails

from last X hours/Service stop

7 Mails with maximum attachment limit

within time span (parameterized).

C Antiv

irus

1 Top 'n' infected Machine

2 McAfee Antivirus Top 'n' Left alone

System

3 McAfee Antivirus Top 'n' Left alone

System in Tabular

4 McAfee_VIRUS_NOT_DELETED

5 McAfee_FAILED_LIVE_UPDATE

6 McAfee Antivirus Top 'n'

Quarantined System

D Database Auditing (Like- Oracle, Sql,

MySql etc.)

1 Audit Details by User - Delete

Activity

Database Delete activity on all DB instances

needs to be alerted.

2 Audit Details by User - Insert

Activity

Database Insert activity on all DB instances

needs to be alerted.

3 Audit Details by User User audit log monitoring for any other activities

than DML.

4 DATABASE_ACTIVITY Database Insert and Delete activity on all DB

instances needs to be alerted.

5 DB_SHUTDOWN Database Instances shutdown, reboot and startup

to be alerted.

E NEFT/RTGS Transactions

1

Fund transferred through

NEFT/RTGS not credited to

beneficiary account but account

debits.

of 118

2 Transaction request for amount

greater than 50000 (parameterized)

3

'n' no of unsuccessful attempt at

Internet Banking followed by add

payee followed by transaction of fund

transfer of 'x' amount.

4

Consecutive greater amount of money

transferred from an account through

NEFT/RTGS within 'x' time

In 'x' minutes if more than 'n' transactions of

amount greater than 'x' are done to same of

different accounts same needs to be alerted. Any

subsequent transaction has to be reported and

highlighted.

5 RTGS_AND_NEFT_DATABASE_A

CTIVITY

Any changes made in DML of RTGS/NEFT DB

needs to be alerted

6 NEFT_AND_RTGS_DB_INSTANC

E_SHUTDOWN DB shutdown for NEFT/ RTGS DB instance

F VSA

T

1 Alert for specific traffic/IP which is

not permitted in VSAT network

2 VSAT router link up and down

G SMS

Alerts

1 Cash withdraw from ATM but SMS

alert not received.

2 Delay in SMS after input from

payment system

3 Load on SMS Gateway hence SMS

are not flowing.

4 Alert when SMS flow above threshold

value

H Payment Aggregator (e.g. Bill Desk, PayU,

Atom, Citrus etc.)

1

Payment Aggregator gateway sends

the request for payment but account

not debited

2 Payment gateway sends the request

for bill account debited but no receipt

Amount debited but confirmation not sent. Any

failures in receipt delivery to be tracked

I Network Connectivity

1 Max bandwidth utilized by source Source utilising the maximum bandwidth

2 Router-Denied Packet Per Hour Denied packet per hour threshold >

1500(parametrised)

3 Router- Top 'n' Denied Packets by

Address

Report showing top 'n' sources utilising

bandwidth

of 118

4 TOP 'n' utilization resources

5 POSSIBLE_SPOOFING_ATTACK_

ACTIVIY_DETECTED

This alert shows any spoofing pattern activity

detected. It may contain activity of duplicate IP's

on a network or other network conflicts

If 'n'% increase in any of the identified event

messages minute baseline is detected in logs alert

will be triggered.

6 ROUTER_LINK_AND_LINEPROT

O_UP

7 ROUTER_LINK_AND_LINEPROT

O_DOWN

J CBS

1

Transactions made from multiple

inoperative accounts to single

operative account

2 ABNORMAL_SESSION

3 INVALID_PASSWORD

4 TRANSACTION_MORE_THAN_1_

CRORE

5 UNSUCCESSFUL_LOGIN

6 CBS_AND_IB_DB_INSTANCE_SH

UTDOWN

7 CBS_AND_IB_DB_ACTIVITY If any DB admin activity like Delete, Insert &

Alter is being issues in CBS DB.

8 High amount transactions to same

account within certain time span.

9

High value Transactions made from

CBS users after raising the privilege

within x time

10

Transaction made in bank facilated

account such as bill payment account

and then followed by transactions in

personal account from CBS user

11 Abnormal user session like SACK

actions to be monitored and reported

K Cisco Firewall (FW)

1 FW DEVICE CONFIGURATION

CHANGES

2 FW_LINK_UP_DOWN FW Link up and Down alert

3 SUCCESSFUL_DENIAL_OF_SERV

ICE_ATTACK

4 HIGH_NUMBER_OF_DOS_ATTAC

of 118

KS_ALERTS

5 FW_LOST_FAILOVER_COMMUNI

CATION

Alert message to monitor the failover

communication

6 FW_DEVICE_CONFIGURATION_

CHANGE

7 EXCESSIVE_INBOUND_CONNEC

TIONS_DENIED_BY_FIREWALLS

8 FW_LINK_UP_DOWN

L IDS/

IPS

1 SUSPICIOUS_BOTNET_TYPE_AC

TIVITY_DETECTED

2 SUCCESSFUL_BACKDOOR_ATT

ACK

3 POSSIBLE_SUCCESSFUL_BRUTE

_FORCE_ATTACK_DETECTED

4

INCREASE_IN_P2P_TRAFFIC_DE

TECTED_WITHIN_ENVIRONMEN

T

5

BACKDOOR_TYPE_ACTIVTY_OB

SERVED_WITHIN_INTERNEL_NE

TWORKS

6 Traffic_from_BlacklistIP

7 POSSIBLE_SPOOFING_ATTACK_

ACTIVIY_DETECTED

8 PORT_SCAN_HAS_BEEN_DETEC

TED_BY_A_DEVICE

9 PORT_SCAN_DETECTED

10 WORM_ACTIVITY_ORIGINATIIN

G_ON_INTERNEL_ACTIVITY

Any activity matching worm pattern will get

detected from IDS logs

M Web Proxy Gateway

1 Maximum used websites with source

2 Internet connectivity down

3 Max bandwidth utilized by any

particular source

4

Maximum number of connections

from outside source destination to

inside within specified time.

5 Alert on specific Proxy errors

N External Traffic Monitoring

1 Brute force attack from outside

of 118

2 Port scanning from particular IP

within x time.

3 Access request from multiple hosts in

minimum defined threshold

O

Web

Serve

r

1 Webserver error event monitoring

2 Webserver Alerts

3 Total Requests per client

4 Top User agents accessing the

Internet banking Web application

P SIEM Config Monitoring

1

DROP_CONNECTIONS_FROM_IN

TEGRATED_DEVICES_TOWARD

S_ENVISION

Network Denied Connections on Firewall

monitoring integrated devices traffic

2 NEWDEVICE_DISCOVERY New device should be discovered in SIEM.

3 HARDWARE_FAILURE_ALL_DE

VICES

Q HRM

S

1

HRMS_FAILED_LOGIN_TO_A_SI

NGLE_HOST_FROM_MULTIPLE_

SOURCE_DETECTED

If several machines are trying to log into one

source with the same username several times in a

row very quickly this could indicate that a local

BotNet is trying to brute force its way into a

targeted machine. Monitor the sources of the

events and potentially block their

communications.

2 HRMS_Server_Hardware_failure

3 HRMS_GROUP_DELETION

4 HRMS_USER_DELETION

5 HRMS_USER_PASSWORD_MODI

FIY

6 HRMS_SERVER_SHUTDOWN_AN

D_REBOOT

R Wind

ows

1 WINDOWS ACCOUNT CREATED

AND DELETED WITHIN 24HRS

2 WINDOWS_DISK_AT_NEAR_CAP

ACITY

3

PASSWORD_CHANGE_ON_A_KN

OWN_PRIVILEGED_USER_ACCO

UNT_DETECTED

Password change on a known Privileged account

observed on a particular event source. If such

changes are not planned or approved, it could be

of 118

an indication of potential unusual or malicious

behavior.

4

FAILED_LOGIN_TO_A_SINGLE_

HOST_FROM_MULTIPLE_SOURC

E_DETECTED

5 WINDOWS_ACCOUNT_ADDED_T

O_PRIVILEGE_LEVEL

S Checkpoint Firewall

1 CHECKPOINT-

FW_CLUSTER_BREAK

2

EXCESSIVE_INBOUND_CONNEC

TIONS_DENIED_BY_FIREWALLS

_FROM_A_SINGLE_IP_ADDRESS

T MISC

1 HARDWARE_FAILURE_ALL_DE

VICES

2

INCREASE_IN_P2P_TRAFFIC_DE

TECTED_WITHIN_ENVIRONMEN

T__WITHIN_THE_PAST_5_MINU

TES

3

LARGE_NUMBER_OF_ATTACK_

EVENTS_FROM_INTERNEL_IP_A

DDRESS_DETECTED_BY_IDS

4

P2P_SOFTWARE_RUNING_AS_A

N_ACTIVE_PROCESS_ON_EVEN

T_SOURCE

5 PORT_SCAN_DETECTED

6 SERVICE_OR_DRIVER_FAILURE

7 SYSLOG_SERVICE_RESTART

U Active Directory

1

user account created with no

accompany account record in the

main account management app logs

2

if a service account was used with an

interactive logon, alert or report on

that action

3 domain accounts used from the

outside over the VPN

4 AD authenticated VPN logins from a

foreign country

of 118

5

user with many logon failures with

wrong password and non working

hours

6 user at vacation and fired user with

unlocked credentials

7 files operations (access, modification,

delete etc) in some sensitive folders

Category Use Case

Business Use Cases

Access/

Authentication

Identity Management Monitor for use of disabled usernames

Password Guessing Possible successful brute force attack

detected on devices/ servers.

Perimeter & Network Security Increase in failed remote login attempts

detected

Enterprise Services Access

Management

Unusual number of failed/ successful

vendor/default user login attempts

Perimeter & Network Security Password change on a known privileged

account detected

Audit Trail System Health Tampering of system audit logs detected

Policy Violation Network Security

Server access from unauthorized IP Address

Internet access by unauthorized server

Policy Violation - Internet access from

authorized server

Reverse Proxy bypass - Application

accessed externally

Insecure application access - non https

Operational/

Functional

System Health

Device Stopped Sending logs

Log source stopped sending logs after

reboot

Disk Array capacity approaching threshold

Possible system instability state detected

System shutdown

Backup and recovery: failed

Backup and recovery: cancelled

Perimeter & Network Security Network performance degradation detected

System Metrics

Operating System service state change

Successful or Failed Installation/ Updating

any package

EPS Warning – EPS approaching limit

Log Source added/deleted

of 118

User added to “remote user group” AD

group

User added as part of “domain

administrator“ & “local administrator”

group

New Operating System service installation

User added to VPN administrative group

Integrity

Integrity Monitoring Changes to databases holding customer data

by unauthorized users

Perimeter & Network Security

Configuration change on network & security

device intercepted

Host checker configuration changed on

VPN device

Privilege Access Enterprise Services Access

Management

Elevation of account privilege followed by

restoration of previous state within a period

of 24 hrs.

Revocation of user privileges detected

Usage Activity

Data transfer Large files transfer to 3rd Party Sites

Perimeter & Network Security

Monitoring over ports not permitted by

policy on Internet-facing firewalls, non-

compliant traffic activity.

Use of clear-text confidential information

detected

Excessive inbound denied connections

Increase in file transfer activity using instant

messaging detected

Active syn flood attack detected by network

& security devices

Possible arp poisoning or spoofing activity

detected

Remote data harvesting

High Volume of TCP Resets

Threat

Intelligence Perimeter & Network Security

Communication between internal hosts and

known malware distribution site

A connection from a server with a known

spam sending host

Malicious

Activity

Monitoring

Perimeter & Network Security Increase in peer to peer traffic detected

Network Security

Unintended download of computer software

from internet

Successful backdoor attack

Worm propagation in the internal network

SQL injection attack detection

of 118

Attack exploiting Microsoft Directory

service vulnerability detected

Streaming Media detected

Possible intruder trying to gain unauthorized

access to network

Successful Connections after Denied

Attempts from same external source

Aggressive database scan

Virus deletions failed on system

System getting infected by same virus

High number of Denial of Service (DoS)

attack detected

Vulnerability correlation alerts

Malicious Activity - VPN access

Malicious Activity - Deviation of network

utilization of resources

Processes/services

Active Directory Active directory schema change

Active directory policy modified

Microsoft Exchange

Increase in the number of non-delivery

report messages collected from Microsoft

Exchange

System Health Patch & update failures

Attack Life Cycle based Use Cases

Initial Recon Port Scan from outside

Horizontal port Scan

Horizontal port scan on well known

vulnerable ports

Horizontal port scan on critical assets

Horizontal port scan on existing vulnerable

ports on critical assets

Vertical Port Scan

Vertical port scan on well known vulnerable

ports

Vertical port scan on critical assets

Vertical port scan on existing vulnerable

ports on critical assets

IDS/IPS port scan on well known vulnerable

ports

IDS/IPS port scan on critical assets

IDS/IPS port scan on well known vulnerable

ports

Vulnerability Scan from outside Vulnerability Scan

of 118

Vulnerability Scan on critical assets

Communication traffic that is from

an unusual geo location source.

Communication traffic observed from an

unusual geo location source.

Communication traffic that is

known to be from bad or blacklisted

source host addresses.

Communication traffic observed from bad

or blacklisted source host addresses.

Slow Scans

Slow Horizontal Scan

Slow Vertical Scan

Slow Box Scan (Combination of horizontal

and Vertical Scan)

Initial

Compromise

Spear phishing Malware downloaded

Weaponized document Malware downloaded

Watering Hole attack Malware downloaded

System Exploit C&C communication attempts

Establish

Foothold

install backdoor malware Malware has been installed

create command and control

infrastructure

C&C communication denied by

firewall/proxy.

Successful C&C communication

install keyloggers Unauthorized software installed - Key

loggers.

Dump password hashes

Privilege escalation alerts

Unauthorized software installed - password

hash dumping tool.

Rootkits Successful Privilege escalation alerts

Rootkits installed

Escalate

Privileges

Retrieve password hashes Password hash transport detected

traffic sniffing Network adaptor going in promiscus mode

(white list for apps like Symantec HIDS)

keylogging Unauthorized software installed - Key

loggers.

Internal Recon Gather system information, network

information, hardware info

Inside - Horizontal port Scan

Inside - Horizontal port scan on well known

vulnerable ports

Inside - Horizontal port scan on critical

assets

Inside - Horizontal port scan on existing

vulnerable ports on critical assets

Inside - Vertical Port Scan

Inside - Vertical port scan on well known

vulnerable ports

Inside - Vertical port scan on critical assets

of 118

Inside - Vertical port scan on existing

vulnerable ports on critical assets

Inside - HIDS/HIPS port scan on well

known vulnerable ports

Inside - HIDS/HIPS port scan on critical

assets

Inside - HIDS/HIPS port scan on well

known vulnerable ports

Inside - Vulnerability Scan

Inside - Vulnerability Scan on critical assets

Inside - ARP broadcast Detected

Looks at files and documents,

explore file shares

Work station to work station communication

User behavior anomaly detected

Move Laterally Use of valid credentials over SMB

or RDP

Anomaly detection using event logs

Desktop to Desktop communication

observed

Maintain

Presence

Backdoor malware Malware has been installed

VPN access

Detailed analysis of host check failure alerts

Anomaly detection for VPN users (user

profiling)

Executable detected in http/https traffic

Password encoded zip or RAR files Password encoded Outbound file transfer

detected

FTP Detected File transfer over FTP (white list

for FTP allowed Ips)

smb Connection established over port SMB ports

(139, 445) towards known bad IP

Note: - An indicative (not exhaustive) list of Use Cases for some applications/ devices/ servers/ software are

given above. Bank during implementation and operation phases shall ask for additional uses cases to be

implemented as per Bank's Business requirements. The solutions should be completely parameterized

w.r.t. Amount, Time, Number, O/S & DB Instances, etc.

of 118

FORMAT - 1

Bidder’s Undertaking Letter 1

Date:

To


HO IT Dept

Punjab & Sind Bank

Rajendra Place, New Delhi

Dear Sir,

We, the undersigned, as prime bidder, confirm the below:

• Neither we nor our Promoters / Directors are defaulters to any financial institution.

• We have not been reported against by any Public Sector Bank or Indian Banks Association for any

malpractice, fraud, poor service, etc.

• We have not been blacklisted by any Government authority or Public Sector Undertaking (PSU) as

on date of submission of the tender

• We have not been put in the negative list or Blacklist by any Public Sector Bank/ Government

Organization for breach of applicable laws or violation of regulatory prescriptions or breach of

agreement for providing the SOC services at the time of bid submission..

Yours faithfully,

(Authorized Signatory)

In the capacity of ______________

Duly authorized to sign the Bid for and on behalf of _________________

Note: This letter should be on the letterhead of the Prime Bidder duly signed by an authorized signatory.

of 118

FORMAT - 2

Sample Channel Partner/ Dealership/ Experience letter from OEM

Place: ____________

Date: ____________

To,


HO IT Dept, Punjab & Sind Bank


Dear Sir,

We hereby certify that M/S …………………………… (Name & Address) is an Authorised Channel

Partner/ Authorised Dealer/ System Integrator (Strike out the not applicable) for Supply, Installation,

Implementation, and Maintenance of ……………. ………………………… (Equipment/ Solution

details) of …………….. (Specify Make) manufactured by our company for the last …… (Specify)

years. Further, we certify that the Authorised Channel Partner/ Authorised Dealership/ System Integrator

agreement with M/S ……………………… is in force and is valid up to …………. (Specify Period).

Further, we hereby certify that M/S …………………… is authorized to participate in the tender process

for “Request for Proposal for Selection of Security System Integrator to set up Security Operation

Centre (SOC) for Bank” on our behalf and submit bids. We undertake that the solution proposed in the

response to this RFP is a licensed version of the product and has enterprise support from our company.

We hereby undertake that the Model offered & empanelled will be available & supplied during the

tenure of contract. We also undertake that none of the proposed solution will open/ contact any

undeclared channel outside the respective bank’s environment. We further certify that application/

software /solution provided by us is free of malware at the time of sale, free of any obvious bugs, and

free of any covert channels in the code (of the version of the application being delivered as well as any

subsequent versions/modifications done). A violation of the above would be considered as a breach of

security and bank may proceed against us as they deem fit.

Also, we confirm that our solution is implemented by M/S _____________ in following organizations

1)

2)

3)

4)

Further, we confirm that the undersigned is authorized to issue this letter. We also undertake that we will

provide software patches for the solutions/ software provided by us for the duration of contract.

Yours Faithfully,

of 118

(Name, Designation, Address, Phone Number of the

Authorised Signatory with Company Seal)

Note: This format has to be issued by Original Equipment Manufacturer on their Letter Head duly

signed by authorized signatory/signatories

of 118

FORMAT - 3

Confirmation of Soft Copy

To


HOIT Dept

Punjab & Sind Bank


Dear Sir,

Sub: Request for Proposal for Selection of Security System Integrator to set up Security

Operation Centre (SOC) for Bank.

Further to our proposal dated XX.XX.XXX, in response to the Request for Proposal (Bank’s tender

No.________________________ hereinafter referred to as “RFP”) issued by Punjab & Sind Bank

(“Bank”) we hereby covenant, warrant and confirm as follows:

The soft-copies of the proposal submitted by us in response to the RFP are identical with the hard-copies

of aforesaid proposal submitted by us, in all respects.

Yours faithfully,

Authorised Signatory

Designation

Bidders’ corporate name

of 118

FORMAT - 4

Compliance Statement

Reg: Request for Proposal for Selection of Security System Integrator to set up Security


We certify that except for the following deviations, we agree to abide by all clauses, terms, conditions

and specifications mentioned in the RFP, along with Addendums and Corrigendum.

Main RFP / Annexure

No.

Clause / Sub Clause No. Deviation Specific Page no. of the

Response

Place:

Date: Signature of Authorised signatory

(With seal)

Note: If there are no deviations the bidder has to give his response by writing ‘NIL’ in the statement.

Any deviations may lead to disqualification.

of 118

FORMAT - 5

Bidder’s Undertaking Letter 2

Date: _________________

To


HOIT Dept, Punjab & Sind Bank


Dear Sir,

We, the undersigned, as prime bidder, having examined the complete RFP document (along with its

annexure & addendums/ corrigendum), do hereby offer to supply, install, configure, implement and

provide maintenance support for all the solutions as per the Scope of Work in full conformity of your

requirements as elaborated in above said RFP for the amounts mentioned by us in the Commercial Bid

or such other sums as may be agreed to between us.

We hereby agree to all the terms and conditions stipulated in the RFP except for the variations and

deviations of requirements as mentioned by us in the Compliance Statement, submitted along with our

Technical Proposal.

We agree to implement the project in bank as per the conditions mentioned in the RFP.

We agree to abide by our Offer for a period of _______ days from the date of opening of the technical

bid and it shall remain binding on us for acceptance at any time before the expiration of this period.

We understand that you are not bound to accept the lowest or any bid you may receive.

We undertake, if our Bid is accepted, to provide Contract Performance Guarantee, ATS/AMC

Performance Guarantee in the form and in the amounts and within the times stipulated in the RFP.

Yours faithfully,

(Authorised Signatory)

In the capacity of ______________

Duly authorized to sign the Bid for and on behalf of _________________

of 118

FORMAT – 6 - Undertaking of Authenticity for Solution and Server Supplies

To


HOIT Dept, Punjab & Sind Bank


Dear Sir,

Sub: Request for Proposal for Selection of Security System Integrator to set up Security


We hereby undertake that all the components/ parts/ assembly/ software used in the appliance/ server/

solution like Hard disk, Monitors, Memory etc. shall be original new components/ parts/ assembly/

software only, from respective OEMs of the products/ solution and that no refurbished/ duplicate second

hand components/ parts/ assembly/ software are being used or shall be used.

We also undertake that in respect of licensed operating system if asked for by you in the purchase order,

the same shall be supplied along with the authorized license certificate (e.g. Product Keys on

Certification of Authenticity in case of Microsoft Windows Operating System) and also that it shall be

sourced from the authorized source (e.g. Authorized Microsoft Channel in case of Microsoft Operating

System).

Should you require, we hereby undertake to produce the certificate from our OEM supplier in support of

above undertaking at the time of delivery/ installation. It will be our responsibility to produce such

letters from our OEM supplier's at the time of delivery or within a reasonable time.

In case of default and we are unable to comply with above at the time of delivery or during installation,

for the IT Hardware/ Software already billed, we agree to take back the appliance/ server/ solution

without demur, if already supplied and return the money if any paid to us by you in this regard.

We (system OEM name) also take full responsibility of both Parts & Service SLA as per the content

even if there is any defect by our authorized Service Centre/ Reseller/SI etc.

Authorised Signatory

Name:

Designation:

Place:

Date:

Essential (E) -

[Any Non-

Compliance of

(E) may lead to

Bid Rejection]

Compliance

Preferable (P) Yes/No

General

1The solution should support log collection, correlation and alerts for the number of devices, servers,

applications etc. mentioned in scope.E

2The solution should be able to conduct agent less collection of logs except for those which cannot publish

native audit logsE

3The solution should have connectors to support the listed devices/ applications, wherever required the

vendor should develop customized connectors at no extra cost.E

Log Collection and Management

4 All logs should be Authenticated (time-stamped), encrypted and compressed befor transmission. E

5The solution should be able to continue to collect log data during database backup, de-fragmentation and

other management scenarios, without any disruption to serviceE

6The solution should support log collection from all operating systems and their versions including but not

limited to Windows, AIX,Unix, Linux, Solaris servers etc.E

7

In case the connectivity with SIEM management system is lost, the collector should be able to store the

data in its own repository. The retention, deletion, synchronization with SIEM database should be

automatic but it should be possible to control the same manually.

P

8 The solution shall allow bandwidth management, rate limiting, at the log collector level. P

9 The solution should ensure that the overall load on the network bandwidth at DC, WAN level is minimal. E

10 The solution should provide store and forward feature at each log collection point. E

11The solution should have the capability to compress the logs by at least 70% for storage optimization.

The compression percentage capability should be parameterized.E

12It should be possible to configure event collectors to also send the event data in its original format to the

central correlation engine.P

13The data archival should be configured to store information in tamper proof format and should comply

with all the relevant regulations.E

14 Traceability of logs shall be maintained from the date of generation to the date of purging. P

15The system shall be able to capture all details in raw log, events and alerts and normalize them into a

standard format for easy comprehension.E

16It should be feasible to extract raw logs from the SIEM and transfer to other systems as and when

required.E

17

Should support the following log collection protocols: Syslog over UDP / TCP, Syslog NG, Secure POP3

/ Secure XML, SDEE, SNMP Version 2 & 3, ODBC, FTP), Windows Event Logging Protocol, XML,

NetBIOS, Netflow at a minimum

E

18 The solution should prevent tampering of any type of logs and log any attempts to tamper logs E

Correlation

S. No SIEM

Remarks. Please provide adequate reference to

product manuls/ documentation to substantiate

how the product confirms to each requirement.

ANNEXURE - IX - Technical Requirements/ Specifications - SIEM

Page 1 of 4

19 SIEM must allow the creation of an unlimited number of new correlation rules E

20

Solution should be able to perform the following correlations (but not limited to): Rule based,

Vulnerability based, Statistical based, Historical based, Heuristics based, Behavioral based etc. The

Solution should also provide User and Entity Bahavior Analysis capabilities.

E

21 The system/solution should have the ability to correlate all the fields in a log E

22 The solution should be able to parse and correlate multi line logs E

23

The Solution should gather information on real time threats and zero day attacks issued by anti-virus or

IDS/ IPS vendors or audit logs and add this information as intelligence feed in to the SIEM solution via

patches

E

24The solution should allow a wizard based interface for rule creation. The solution should support logical

operations and nested rules for creation of complex rulesE

25The central correlation engine database should be updated with real time security intelligence updates

from OEME

Dashboard and Reporting

26

The dashboard should be in the form of a unified portal that can show correlated alerts/ events from

multiple disparate sources such as security devices, network devices, enterprise management systems,

servers, applications, databases, etc

E

27Events should be presented in a manner that is independent of device specific syntax and easy to

understand for all usersE

28The dashboard should show the status of all the tools deployed as part of the SOC, including availability,

bandwidth consumed, system resources consumed (including database usage) E

29It should be possible to categorize events while archiving for example , events for network devices,

antivirus, servers etc.E

30

Any failures of the event collection infrastructure must be detected and operations personnel must be

notified as per SLA. The device Health monitoring must include the ability to validate that original event

sources are still sending events

E

31

The solution should generate the following reports (but not restricted to): User activity reports,

Configuration change reports, Incident tracking report, Attack source reports etc. In addition, the solution

should have a reporting writing tool for development of any ad-hoc reports.

E

32The Dashboard design for the solution should be editable on an ad hoc basis as per the individual user

needP

33The system should display all real time events. The solution should have drill down functionality to view

individual events from the dashboardE

34 The solution should allow applying filters and sorting to query results. E

35The solution should allow creating and saving of ad hoc log queries on archived and retained logs. These

queries should be able to use standard syntax such as wildcards and regular expressions.E

36 The solution should provide event playback for forensic analysis. P

37

The solution should allow for qualification of security events and incidents for reporting purpose. The

solution should be able to generate periodic reports (weekly, monthly basis) for such qualified security

events/ incidents.

E

38 Should provide summary of log stoppage alerts and automatic suppression of alerts. E

39 Should generate e-mail and SMS notifications for all critical/high risk alerts triggered from SIEM E

40The solution should allow users to initiate and track alert related mitigation action items. The portal

should allow reports to be generated on pending mitigation activitiesE

Page 2 of 4

41Solution should be able to provide asset details such as Asset owner, location, events & incidents,

vulnerabilities and issue mitigation tracking mapped to individual assets/usersP

42 Solution should provide knowledge base and best practices for various security vulnerabilities P

43Dashboard should display asset list and capture details including name, location, owner, value, business

unit, IP address, platform detailsP

44

Dashboard should capture the security status of assets and highlight risk level for each asset. This should

be used to capture security status of bank, status of different business units within the bank, status of key

locations etc.

P

45

Dashboard should support reporting for consolidated relevant compliance across all major standards and

regulatory requirements. This includes (but not limited to) ISO 27001, RBI regulations, IT ACT, PCI

DSS standards etc

E

46Dashboard should support different views relevant for different stake holders including top management,

operations team, and Information Security DepartmentE

47Dashboard should support export of data to multiple formats including CSV, XML, Excel, PDF, word

formatsE

48Dashboard views should be customizable as per user rights and access to individual components of the

application.E

49Administrators should be able to view correlated events, real-time raw logs and historical events through

the dashboard. E

50 Senior Management should be able to view compliance to SLA for all SOC operations and solutions E

51The system should permit setting up geographical maps/images on real time dashboards to identify

impacted areas and sources of alerts.E

52The solution should have the capability to identify which queries and indexes have been searched most to

improve the query response timeP

53Solution hould have the ability to perform free text searches for events, incidents, rules and other

parameters.E

Event and Incident Management

54 The system should identify the originating system and user details while capturing event data. E

55 It should be possible to automatically create incidents and track their closure E

56 The event should reach the SOC monitoring team within 30 seconds of the log being captured E

57 Parser should be readily available for Finacle. E

58The solutions should be able to collect and parse logs from Base24 ATM switches and any other ATM

switch logs.E

59 The solution should be able to conduct full packet capture for data E

60

The solution should offer a means of escalating alerts between various users of the solution, such that if

alerts are not acknowledged in a predetermined timeframe, that alert is escalated to ensure it is

investigated.

E

Storage

61

The vendor should provide for adequate storage to meet the EPS and retention requirements of the bank.

SI shall be responsible for upgrade of the storage to meet the bank's requirements as above at no

additional cost. The SI should provide adequate justification for the storage size proposed as part of the

response.

E

62 The solution should be able to store both normalized and RAW logs E

Page 3 of 4

63The platform should provide tiered storage for the online, archival, and backup and restoration of event

log information.E

64The Tier I and II storage should have the capability to authenticate logs on the basis of time, integrity and

OriginE

65 The storage solution should have the capability to encrypt the logs in storage E

66System should have capacity to maintain the logs for 90 days on Tier I storage and older logs should be

archived on Tier II storage and Tier 3 storageE

67Solution should be capable of retrieving the archived logs for analysis, correlation and reporting purpose

automatically.E

68Solution Should be able to part and filter logs before storage on the basis of type of logs; date etc. Also,

the solution should provide custom metadata tagging and search (not only general search).P

69 Solution should be capable to replicate logs in Synchronous as well as Asynchronous mode. E

70

It should be possible to define purging and retention rules for log storage. The storage solution should

provide data authenticity and guards against corruption and tampering. It should implement strict access

control with Microsoft AD, LDAP and third party directory support. Should provide ability to Audit.

E

71 The solution should come with built-in functionality for archiving data. E

Integration

72 Receive database alerts from DAM E

73 Integrate with NBA, IPS, IDS, Firewall, Proxy etc. to identify network security issues E

74 Integrate with DLP solutions to identify misuse of sensitive information. E

75 Integrate with PIM and other Directory solution to relate security events to user activities E

76 Integration with Vulnerability Assessment tools to identify security events E

77 Integrate with GRC solution to capture compliance against security policies E

78 Should be able to integrate with physical access control systems. P

79 Integrate with existing helpdesk/ incident management tools E

80Should be able to integrate with Internet Banking, Core Banking solution, RTGS/NEFT, ATM and credit

card etc. and address the use cases mentioned in the RFP at a minimum.P

81Connector Development tool/SDK availability for developing collection mechanism for home-grown or

any other unsupported applicationsE

82The system should have out of the box rules for listed IDS/IPS, firewalls routers, switches, VPN devices,

antivirus, operating systems, Databases and standard applications etc.E

Availability

83 The SI should prepare a DR plan for switch over in case the DC operations are down E

84

The solution should have high availability feature built in. There should be an automated switch over to

secondary collector in case of failure on the primary collector. No performance degradation is

permissible even in case of collector failure.

E

85 The storage solution should have adequate redundancy for handling disk failures E

Scalability

86 The solution should be scalable as per bank roadmap for expansion E

87 Solution should support integration with big data storage configuration such as Hadoop etc P

Page 4 of 4

Essential (E) -

[Any Non-

Compliance of

(E) may lead to

Bid Rejection]

Compliance


1 The WAF Solution should be deployed in HA Mode in DC and DR. E

2

The Web application firewall should address Open Web Application

Security Project (OWASP) Top Ten security vulnerabilities such as SQL

Injection, Cross-Site Scripting (XSS), Broken Authentication and Session

Management.

E

The solution should prevent the following attacks (but not limited to):

Brute force

Access to predictable resource locations

Unauthorized navigation

Web server reconnaissance

HTTP request format and limitation violations (size, unknown method, etc.)

Use of revoked or expired client certificate

File Upload Violation & scanning for malicious content in Uploads.

4Should have DLP features to identify and block sensitive information such

as credit card numbers, PAN Numbers, Aadhar Numbers E

5 Should support positive and negative security model E

6Should have the ability of caching, compression of web content and SSL

acceleration.P

ANNEXURE - IX - Technical Requirements/ Specifications - WAF

Remarks. Please provide adequate reference to product

manuls/ documentation to substantiate how the product

confirms to each requirement.

S. No Web Application Firewall (WAF)

3 E

Page 1 of 5

7

Should have integrated SSL Offloading capabilities, further the solution

should support SSL and/or TLS termination, or be positioned such that

encrypted transmissions are decrypted before being inspected by the WAF.

E

8 Should have integrated basic server load balancing capabilities P

9

Should meet all applicable PCI DSS requirements pertaining to system

components in the cardholder data environment, should also monitor traffic

carrying personal information

P

10

Should have the ability to inspect web application output and respond

(allow, block, mask and/or alert) based on the active policy or rules, and log

actions taken.

E

12WAF should support dynamic source IP blocking and should be able to

block attacks based on IP sourceP

13

Should inspect Simple Object Access Protocol (SOAP) and extensible

Markup Language (XML), both document- and RPC-oriented models, in

addition to HTTP (HTTP headers, form fields, and the HTTP body).

E

14

Inspect sockets or data construct (proprietary or standardized) that is used to

transmit data to or from a web application, when such protocols or data are

not otherwise inspected at another point in the message flow.

E

15 WAF should support inline bridge or proxy mode of deployment. E

16 WAF should have an option to configure in Reverse proxy mode as well. E

17

Actions taken by WAF to prevent malicious activity should include the

ability to drop requests and responses, block the TCP session, block the

application user, or block the IP address.

E

11

Should inspect both web page content, such as Hypertext Markup Language

(HTML), Dynamic HTML (DHTML), and Cascading Style Sheets (CSS),

and the underlying protocols that deliver content, such as Hypertext

Transport Protocol (HTTP) and Hypertext Transport Protocol over SSL

(HTTPS). (In addition to SSL, HTTPS includes Hypertext Transport

Protocol over TLS.)

E

Page 2 of 5

18Transactions with content matching known attack signatures and heuristics

based should be blocked.E

19The WAF database should include a preconfigured comprehensive and

accurate list of attack signatures.E

20The Web application firewall should allow signatures to be modified or

added by the administrator.E

21

The Web application firewall should support automatic updates (if required)

to the signature database, ensuring complete protection against the latest

application threats.

E

22 WAF should be able to restrict the number of files in a request. P

WAF support the following normalization methods:

URL-decoding (e.g. %XX)

Null byte string termination

Self-referencing paths (i.e. use of /. / and encoded equivalents)

Path back-references (i.e. use of /.../ and encoded equivalents)

Mixed case

Excessive use of whitespace

Comment removal (e.g. convert DELETE/**/FROM to DELETE FROM)

Conversion of (Windows-supported) backslash characters into forward slash

characters.

Conversion of IIS-specific Unicode encoding (%uXXYY)

Decode HTML entities (e.g. c, ", ª)

Escaped characters (e.g. \t, \001, \xAA, \uAABB)

24 WAF should support different policies for different application sections P

25The Web application firewall should automatically learn the Web

application structure and elements.P

26The Web application firewall learning mode should be able to recognize

application changes as and when they are conductedP

27

The WAF should have the ability to perform behavioral learning to examine

traffic and highlight anomalies and provide recommendations that can be

turned into actions such as apply, change and apply, ignore etc.

E

23 E

Page 3 of 5

28The Web application firewall should support line speed throughput and sub-

millisecond latency so as not to impact Web application performance.E

29

For SSL-enabled Web applications, the certificates and private/public key

pairs for the Web servers being protected need to be up loadable to the Web

application firewall.

E

30

The solution should be capable to identify and mitigate automated layer 7

attacks by issuing challenges like- javascript, captcha, etc. to protect from

advanced BOT and L7 DDoS attacks.

E

31 The Web application firewall should have an out-of band management port. E

32The Web application firewall should support web based centralized

management and reporting for multiple appliances.E

33

Bank should be able to deploy the Web application firewall and remove the

Web application firewall from the network with minimal impact on the

existing Web applications or the network architecture.

E

34The Web application firewall should be able to integrate with web

application vulnerability assessment tools (Web application scanners)P

35 WAF should be able to integrate with the existing/ proposed SIEM solution. E

36The Web application firewall should be able to generate custom or pre-

defined graphical reports on demand or scheduled.E

37The Web application firewall should provide a high level dashboard of

system status and Web activity.E

Should be able to generate comprehensive event reports with filters:

a. Date or time ranges

b. IP address ranges

c. Types of incidents

d. Geo Location of attack source

d. Other (please specify).

39The following report formats are deemed of relevance: Word, RTF, HTML,

PDF, XML, etc.E

40

Unique transaction ID should be assigned to every HTTP transaction (a

transaction being a request and response pair), and included with every log

message.

E

38 E

Page 4 of 5

41Access logs can periodically be uploaded to the logging server (e.g. via FTP,

SFTP, WebDAV, or SCP).E

42Web application firewall should provide notifications through Email,

Syslog, SNMP Trap, Notification via HTTP(S) push etc.E

43WAF should be able to log full session data once a suspicious transaction is

detected.E

44 Should be simple to relax automatically-built policies E

45 The solution should provide the admin to manually accept false positives E

46 Should be able to recognize trusted hosts E

47The WAF in passive mode should be able to provide impact of rule changes

as if they were actively enforcedP

48The solution should be capable of performing or integrating with third party

vulnerability scanners to provide virtual patching capabilities E

49Should support clustered deployment of multiple WAFs sharing the same

policy.P

50 The solution should support virtual environments E

51The solution should support all operating systems and their versions

including but not limited to Windows, AIX,Unix, Linux, Solaris, HP UnixE

52

The solution should provide following capabilities:

- URL Encryption

- DDoS Protection

- GeoIP Tracking with Domain and IP reputation also have TOR network

database to block threats.

- Protection from OWASP Top 10 Threats.

- Protection from zero-day attacks.

- Protection from BOT Attacks.

E

Page 5 of 5

Essential (E) - [Any

Non-Compliance of

(E) may lead to Bid

Rejection]

Compliance


1 Should control commands the privileged user is authorized to perform E

2 Should provide the feature of keystroke logging for privileged users E

3 Should support multi factor authentication for privileged users E

4 Solution should be able to conduct session log capture for privileged users E

5 Solution should be able to conduct session video recording for privileged users E

6The video recorded should be of minimal size and the recording should not impact

user work and system performanceE

7 Solution should be able to provide time based sessions for privilege users E

8Support delegation by identity administrator to another person for a specific period

of timeE

9Support for reminders to identity administrators who are required to perform

workflow tasksE

10System should support denial of access protection by blocking repeated password

failures on multiple administrator accounts in the directory. E

11 Should be able to delegate privileged access to commands or applications. E

12 System should enforce segregation of duties as defined by the bank. E

13

System should provide audit information on where privileged accounts are

enabled, which users have access to these and if this access is as per bank policies

including password requirements.

E

14 System should include an encrypted vault for privileged user credentials. E

15System should ensure tamper proof storage of password, credentials, recordings,

and logs.E

16System should be able to develop privileged identity management audit reports for

PCI DSS, RBI guidelines etc.E

ANNEXURE - IX - Technical Requirements/ Specifications - PIM

Remarks. Please provide adequate

reference to product manuls/

documentation to substantiate how the

product confirms to each requirement.

S. No Priviledge Identity Manaement (PIM)

Page 1 of 5

17Should include a software development kit to facilitate integration with home-

grown/ in-house applicationsE

18Should be able to integrate with existing AAA authentication devices, directory

services etc.E

19 Support for database-maintained change log for event triggered updates P

20Solution should identify what information has changed and synchronize only that

informationP

21Solution should have template-based workflows for user account creation,

management, group assignments, de-activation and deletion E

22Changes to template should be configurable to effect changes to all users created

based upon templateE

23Support for event-driven and request driven account de-activation (i.e., not

deletion) with or without workflow approval E

24Support both workflow for disabling and deletion of accounts in separate steps as

per Bank's requirements.E

25Support event-driven and request-driven account re-activation with or without

workflow approvalE

26Support removal of accounts from target system groups upon deletion of user

accountE

27Should have the capability to support retry of failed creation, failure reporting

mechanism, commit and rollback capabilitiesE

28Solution should be able to trigger additional workflows based from a single initial

workflow P

29The system should ensure that the dependencies for a given workflow are satisfied

during the spawning process P

30 System should ensure that workflow access is in congruence with user roles E

31 System should allow user to initiate multiple workflow requests at one time E

32System should ensure that an overriding workflow that can be used to cancel the

effects of a workflowE

33 System should have a web based GUI for designing workflows E

Page 2 of 5

34Automated creation, pending workflow approval(s) of user and group accounts

based on attribute informationP

35 Should be able to handle access to mobile devices and applications E

Should have a set of out-of-the-box reports to satisfy compliance requirements

which should include:(But not limited)

· User logins and account details.

· Periodicity of access to specific accounts

· Periodicity of changes to user details including passwords

37 System should support scheduled report generation E

38 System should support integration with external GRC, SIEM and HRMS E

39 Provide a built-in query tool for ad-hoc reporting E

40Support for password push to selectable target systems (i.e., the user or

administrator is allowed to specify which systems have the same passwordP

41Delegated Administrators (e.g., Help Desk, Data Center, administrators) can

escalate to 2nd level support (e.g., IT Security)P

42

Should control the following: Systems the user can access, methods of access such

as local, remote, SSH, Telnet etc, sources of access such as workstation, IP

address, VPN etc.

E

43Approver should be able to authenticate to the identity management system to

access the workflow inbox and perform the workflow activity E

Should be able to authenticate users on the basis of the following:

User name and password, Digital certificates ,One-time passwords,

Biometrics(such as fingerprints, iris scans etc.), Smart cards and tokens etc.

45Support for bulk password updates or resets based upon administrator-defined

groups of users E

36 E

44 E

Page 3 of 5

46 System should imbibe password controls as per Bank's requirements. E

47System should support user maintenance auditing (identity updates, password

changes, self administration, etc.)P

The following events should be registered for audit purposes(but not limited to ):

· Authentication events

· Authorization events

· Directory object modification

49Should support historical reporting that includes tracking of changes to user

objects over a period of timeE

50The auditing solution within PIM should correlate events to a particular identity

even if the name of the object representing that identity has changedE

51Audit dashboard should list issues such as unauthorized access provisioning,

bypasses of workflows, list of users deactivated post due date etc.E

52System should have a password check-in and check-out feature for privileged

users. This should be based on appropriate workflows.E

53System should enforce automatic change in password on first time sign in to

prevent the admin to reuse the same password again.E

54 System should have the ability to control periodic password changes. E

55System should have the ability to control where a privileged user can access a

device/application on the basis of IP addresses.P

56System should be able to control the number of users who can access

common/shared privileged IDs at any point of time.E

57If the privileged users attempt to block session recordings, system should have the

ability to raise appropriate alerts.E

58

System should be able to automatically change privileged passwords for critical

applications/ databases on a periodic basis. The system should then be able to

provide access to applications that require to connect to these critical systems.

P

59The solution should not act as a single point of failure for privilege access to

systems and it should be possible to recover passwords during outages.E

60

The solution should have capability of Command control on any SSH

connections (Unix Systems, Network Devices, Security devices & any SSH based

target systems)

E

48 E

Page 4 of 5

61The solution should cater for live monitoring of sessions and manual termination

of sessions when necessary. E

62The solution should use built-in FIPS 140-2 validated cryptography for all data

encryption.E

63The solution should have the capability to provide intelligence-driven analytics to

identify suspicious and malicious privileged user & privilege account behaviour.E

64

The solution should detect & Block the credentials theft from computers. Like

Windows credentials theft (SAM, LSASS Harvesting) & Browser credential theft

(IE, Firefox, Chrome) & Third party credentials theft (Win SCP, VNC).

E

65The solution should record all commands along with- Source IP, Login Terminal

details, Timestamp.E

66

The solution should have capability for Targeted Alerting indicating problem such

as mismanaged privileged accounts, out-of-policy passwords, orphaned SSH keys

etc.

E

Page 5 of 5

S. No Anti-Phishing

Essential (E) -

[Any Non-

Compliance of

(E) may lead to

Bid Rejection]

Compliance


1The vendor should have the capability for 24x7x365 monitoring of phishing attacks

targeting the Bank (Logo, URLs, Domain, digital watermark, Mobile App etc.)E

2The vendor should have the ability to detect, monitor and shutdown all kinds of

incidents such as Phishing, Pharming, Brand Abuse, Fraudulent Emails,etc.E

3The vendor should report the activation/reactivation of phishing site and Mobile App

as per SLAs defined in the RFP.E

4The vendor should assist the Bank (as per the SLAs') on remedial measures in case of

identification of phishing sites and Mobile App.E

5 The vendor should monitor and review Web-server referrer logs. P

6The vendor should track new domain name registrations to detect any spoofed site

being registered.E

7

The vendor should review web server logs and application logs to identify phisher

identity and transactions initiated by phisher and time of initiating attack, possible

users/customers impacted.

E

8 The vendor and system should monitor and log all pharming and phishing attempts. E

9Identify email addresses that are being used for sending spoofed emails to the Bank

customers & employees. E

10The vendor should review Bank's websites and Mobile Apps on a periodic basis and

suggest anti phishing measures to be taken.E

11The vendor should assist the Bank for coordination with law enforcement agencies

like CERT-IN, Cyber Crime Cells, RBI, Third Party Auditors etc.E

12 The vendor should support forensic investigation for phishing incidents. E

ANNEXURE - IX - Technical Requirements/ Specifications - Anti-Phishing

Remarks. Please provide adequate reference

to product manuls/ documentation to

substantiate how the product confirms to each

requirement.

Page 1 of 3

Data sources monitored by the Vendor should include (but not be limited to):

- Domain Names Databases

- Monitor Hacker Forums

- Junk E-mail messages

- Abuse Mailbox

- Internet Relay Chat

- Usenet Data

- Web server logs

- Internet Banking Consumer reported sites

14The Vendor should maintain or have direct access to data from Honey-pots or

network of sensors to collect data on TrojansP

15

The vendor should monitor networks known to be source of attacks and/or points of

collection of compromised data, compromised devices, Malicious URL’s, malicious

command and control sites.

P

16The vendor should monitor Trojans that are specifically targeted at the Banking

sector E

17The vendor should identify compromised areas in the Bank's network and inform the

Bank as per defined SLAs.E

18In case of an attack, vendor should identify and report the extent of damage that has

been done to Bank's environment.E

19

The forensic data to be collected for the Trojans should include but not limited to the

following Tools used in attacks, Compromised data, Account Information,

Compromised credit cards/debit cards issued by Bank, Email addresses, Customer

profiles etc.

E

20The vendor should be able to shutting down of Trojans, malware, phishing sites, and

phishing Mobile App irrespective of region of origin or browsers or ISPs.E

21 The vendor should monitor similar domain name registrations. E

22 The vendor should monitor spam traps to detect phishing mails. E

23 The vendor should also support scanning of static as well as dynamic links/pages. P

Vendor should be able to take counter measures including (but not limited to)

A) Bring websites and Mobile App down that are capable of causing phishing

attacks.

B) Baiting

C) Automated Dummy responses to Phishing site.

13 E

24 E

Page 2 of 3

D) Notify various internet browsers about detected sites for blocking these at browser

level.

25The vendor should have a DR set up to ensure continuity of services in case of failure

of main site.E

26Vendor should conduct periodic training for Bank's staff on Best practices to avoid

phishing attacks.E

27Vendor should be able to identify and report to the bank if access to blocked ports on

a webserver is sought by an external userP

28

Monitoring all major mobile app marketplaces for counterfeit, copycat apps, or apps

infringing trademarks, linking to pirated content, attempting phishing attacks or

distributing malware. Prompt submission of enforcement notices and for the removal

of rogue or infringing apps.

E

Page 3 of 3

S. No Anti - Advanced Persistent Threat (Anti-APT)

Essential (E) - [Any

Non-Compliance of

(E) may lead to Bid

Rejection]

Compliance


1

The solution should be able to inspect and block all network sessions

regardless of protocols for suspicious activities or files at various

entry/exit sources to the Bank's network.

E

2

The solution should be able to protect against Advanced Malware, zero-

day web exploits and targeted threats without relying on signature

database.

E

3

The solution should be able to identify malware present in network file

shares and web objects (QuickTime, MP3 and ZIP/RAR/7ZIP/TNEF

archives, 3gp, asf, chm, com, dll,ico, jar, jpeg, jpg, mov.) and able to

quarantine them.

P

4

The solution should be able to identify zero-day malware present in file

and web objects (Adobe Flash File, Java, Microsoft Office Files .doc

.docx .ppt .pptx .xls .xlsx, .pdf, rar, dll, sys, tar, exe, zip, bzip, 7zip, ink,

chm, swf etc.) and should have ability to interrupt malicious

communication.

E

5

The proposed solution should support at least 100+ protocols (e.g.

HTTP, FTP, SMTP, SNMP, IM, IRC, DNS and P2P protocols SMB,

Database protocol MySQL, MSSQL, Oracle, etc.) for inspection and

should block suspicious communications of zero day malware detected

IP, URL and file.

E

6

Solution should identify spear fishing email, zero day malware and

ransomware attacks in email and should quarantine or block suspicious

email messages before reaching user/ mail server.

E

7The solution should support Sandbox test environment which can

analyse threats to various operating systems, browsers, databases etc. E

8 The solution should support both inline and out of the band mode. E

9The solution should be able to detect and prevent bot outbreaks

including identification of infected machinesE

ANNEXURE - IX - Technical Requirements/ Specifications - Anti-APT

Remarks. Please provide adequate reference to

product manuls/ documentation to substantiate

how the product confirms to each requirement.

Page 1 of 3

10

The solution should be appliance based with hardened OS. No

information should be sent to third party sytems for analysis of malware

automatically.

E

11The solution should be able to block the call back tunnel including fast

flux connections.E

12The solution should be able to share malware information/ zero day

attacks knowledge base with deployed appliances.P

13 The solution should be able to capture packets for deep dive analysis. P

13 The solution should be able to pinpoint the origin of attack, Threat

Description and help to understand the severity and stage of each attack.

E

14

In case there is no antivirus signature available for malware, solution

should have the ability to exfiltrate data about the malware and share it

with the antivirus solution providers.

P

15The solution should be able to conduct forensic analysis on historical

data.E

16

Dashboard should have the feature to report Malware type, file type,

CVE ID, Severity level, time of attack, source and target IPs, IP

protocol, Attacked ports, Source hosts etc.

E

17The solution should generate periodic reports on attacked ports, malware

types, types of vulnerabilities exploited etc.E

18The solution should be able to export event data to Bank’s existing

SIEM or Incident Management Systems E

19Solution should be able to monitor encrypted traffic

E

20The management console should be able to provide information about

the health of the appliance such as CPU usage, traffic flow etc.E

21The solution should display the geo-location of the remote command and

control server.P

22The solution should be able to integrate with Active Directory to enforce

user based policies.P

23

The Anti-APT Solution should have minimum 50 Sandboxes and should

be able to handle at least 25000 files in a day. E

24The solution should monitor Inter-VM traffic on a Port Mirror Session.

E

Page 2 of 3

25

Sandboxes must support multiple operating systems and for both 32-bits

and 64-bits OS.

Bank currently has: Solaris, Windows, & Redhat Linux operating

systems.

E

26

The solution should support Windows XP, Windows 7, Windows 8,

Windows 10 Microsoft 2003, Microsoft 2008, Solaris10, Redhat 5 &

above Linux operating environments for Sandboxing, this requirement

should be based on virtual execution and should not be Hardware or chip

based function.

E

27The solution should support open web Services API for 3rd party or

scripting integration. E

28

The solution should support windows XP, Windows 7, Windows 8,

windows 10 Microsoft 2003, Microsoft 2008 (32 bit & 64 bit OS),

Solaris10, and RedHat 5 & above Linux operating environments for

Sandbox file analysis. Solution should have option to upload custom

sandbox image running in Bank’s environment.

E

Page 3 of 3

S. No Other General Requirements

Essential (E) -

[Any Non-

Compliance of

(E) may lead to

Bid Rejection]Compliance

Remarks. Please provide adequate

reference to product manuls/

documentation to substantiate how the

product confirms to each requirement.


Security

1All proposed solutions should be IPv6 compatible from Day 1. The bidder should

migrate to IPv6 as and when the bank decides to migrate to IPv6 for devices in scope.E

2 All solutions should support 256 bit or higher encryption for transfer of information E

3

All solutions should support User Authentication Mechanism such as Directory

Services and AAA as deployed in the banks environment. The systems should be able

to align to the bank's authentication requirements including password policy.

E

4

Any changes to the solutions deployed should be logged including changes to database

such as Update, insert, delete, select etc.(DML), Schema/Object changes(DDL),

Manipulation of accounts, roles and privileges (DCL), Query updates.

E

5The proposed solutions should maintain the audit trail for the management activities of

individual users and administrators accessing and using the applicationE

6

The systems should have a mechanism for protection of unauthorized access on the

Log Database by system administrator and should maintain an auditable chain of

custody.

E

7Solutions should provide for Discretionary Access Control (DAC) and Role-Based

Access Control (RBAC) and provide access based on the least privilege criteriaE

8 All devices should comply with FIPS-140-2 standard for cryptographic modules E

ANNEXURE - IX - Other General Requirements

Page 1 of 3

9All solutions deployed in inline mode should have built in bypass (fail open ) for inline

mode.E

10 All appliances should have dual power supply to ensure redundancy E

11 All devices/appliances should be rack mountable and 1U/2U type only E

12 All the proposed solutions should support external storage such as SAN storage E

13 The solutions should support virtual environments E

Support

14The bidder shall ensure that all deployed devices shall have the latest patches/ security

upgrades.E

The bidder should develop following processes for the operation of the SOC (but not

limited to)

1. Configuration and Change Management

2. Incident and Escalation management processes

3. Daily standard operating procedures

4. Training procedures and material

5. Reporting metrics and continuous improvement procedures

6. Data retention and disposal procedures

7. BCP and DR plan and procedures for SOC

8. Security Patch management procedure

16The bidder should ensure the SLAs are adhered to and should provide the bank with

periodic reports of the performance against the defined SLAsE

17The bidder should provide continuous threat updates from sources such as CERT,

ISAC, NIST, RBI etc.E

18The bidder should assist the bank in performing analysis and optimization of log

collection processE

19Technical Support should be available through OEM or the registered partners of

OEM and as per defined SLAsE

20The bidder should develop, update and maintain log baselines for all platforms at the

BankE

21 The bidder should maintain a knowledge base of alerts, incidents and mitigation steps E

15 E

Page 2 of 3

22Evidence for any security incident should be made available for legal and regulatory

purposesE

23The bidder should have a Comprehensive system documentation, user guides and

online help for devices.E

24The bidder should ensure that events occurring at any of the devices/ applications etc

are logged and displayed at the SIEM within 30 seconds of their occurrence.E

25 All solutions should be scaleable as per Banks fiture requirements. E

Bidder Resources

26

All the resources provided for monitoring of the product & administration of the

solution should be OEM certified. Certificates have to be submitted at the time of

bidding

E

27In case of exigencies even during off business hours / Bank holidays, the resources

may be required to be present onsiteE

28Personnel deployed in the Bank premises shall comply with the Bank’s Information

Security Requirements.E

29The SOC should be supported by 3 shifts for 24/7 operations, and the resources should

be able to support and analyze data receivedE

Page 3 of 3

S. No Requirement

Essential (E) - [Any Non-

Compliance of (E) may lead to

Bid Rejection]

Preferable (P)

Compliance

(Yes/ No) Remarks.

1

The tool should be customized with forms, fields, workflows corresponding to security

monitoring, incident management, infrastructure and application baseline security, secure

commissioning of new servers and applications.

E

2 The service desk should be configured with escalation workflows E

3 Service desk should be a web based portal with ready access to service requests E

4 Bank should be able to generate reports on demand from the service desk portal E

5 Service desk should support concurrent login for at least ten users E

6

Service request should contain at least the request Number, description of request, date & time

of opening, update and closure, asset details for which the service has been opened, action

taken

E

7 Service desk should have provision for escalation of incident by bank officials E

8Service desk should be configured, maintained and updated to record all agreed upon SLA

breachesE

9 Bank should be able to generate reports on demand from the service desk portal E

ANNEXURE - IX - Security Service Desk System

Page 1 of 1

Request for Proposal for Selection of Security System ... · across India. Bank envisages as one of...

Documents

Transcript of Request for Proposal for Selection of Security System ... · across India. Bank envisages as one of...