REQUEST FOR PROPOSAL (RFP) For Audit & Certification of ... · Request for Proposal For Audit &...

Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013

of 22

REQUEST FOR PROPOSAL (RFP) For Audit & Certification of

ISO 22301:2012 & ISO 27001:2013

Ref: HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019

The information provided in response to this Request For Proposal (RFP) will become the property of the bank and will not be returned. The Bank reserves the right to amend, rescind or reissue this RFP and all amendments will be advised to the bidders and such amendments will be binding on them. The Bank also reserves the right to accept or reject any or all the responses to this RFP without assigning any reasons whatsoever. This document is prepared by Bank of India for entering into contract with eligible certification bodies for certification audit of ISO 22301:2012 & ISO 27001:2013. It should not be reissued or copied or used either partially or fully in any form.


of 22

CONTENTS

PART DESCRIPTION PAGE NO.

1. INVITATION TO BID (ITB) 2

2. PROJECT SCOPE 3

3. ELIGIBILITY 4

4. BID PROCESS 5

5. TERMS & CONDITIONS OF CONTRACT 10

6. ANNEXURE FORMAT 17

1. INVITATION TO BID

Bank of India is a major Public Sector Bank having around 5100+ domestic

branches in India and around 60 Branches, Offices, JVs and Subsidiaries abroad.

Domestic Branches network is being administered in three tier Administrative

structure viz. Zonal Offices [54], National Banking Groups [8] and Head Office.

Bank has four Regional Rural Banks [RRBs]. Bank is offering full range of

commercial banking activities including Retail, wholesale, Foreign Exchange,

Treasury Operations, SME, MSME, Large Credit, Infrastructure Finance, various

banking services through other Alternative Channels like ATMs, CMS, Card

Products etc.

The Bank is using multiple applications and has also employed the services of 3rd

party service providers. In few cases, the remote infrastructure of the 3rd party

service providers is also used for routine business activities. The Bank endeavors to

follow the industry level best practices for ensuring business continuity, information

security and risk management within the available infrastructure.

Bank invites eligible bidders to participate in two bid process (Technical Bid and

Commercial Bid) for a period of 3 years of certification to audit and certify Bank of

India for ISO 22301:2012 & ISO 27001:2013.

2. DISCLAIMER

The information contained in this Request for Proposal (RFP) document or

information provided subsequently to bidder(s) or applicants whether verbally or in

documentary form by or on behalf of Bank of India (BOI), is provided to the

bidder(s) on the terms and conditions set out in this RFP document and all other

terms and conditions subject to which such information is provided.

This RFP is neither an agreement nor an offer and is only an invitation by BOI to

the interested parties for submission of bids. The purpose of this RFP is to provide

the bidder(s) with information to assist the formulation of their proposals. This RFP

does not claim to contain all the information each bidder may require. Each bidder

should conduct its own investigations and analysis and should check the accuracy,

reliability and completeness of the information in this RFP and where necessary

obtain independent advice. BOI makes no representation or warranty and shall incur

no liability under any law, statute, rules or regulations as to the accuracy, reliability


of 22

or completeness of this RFP. BOI may in its absolute discretion, but without being

under any obligation to do so, update, amend or supplement the information in this

RFP.

3. Project Overview:

Bank of India is certified with ISO 22301:2012 & ISO 27001:2013. Both these

certifications i.e. ISO 27001 & ISO 22301 are valid at present but are due for

renewal from 09/03/2019 & 21/01/2019 respectively. Bank intends to align

Certification for both these standards under combined audit for next three years.

In view of the above requirement, Bank intends to avail the services of eligible

certification bodies for obtaining ISO 22301:2012 & ISO 27001:2013 certifications

for next 3 years. The certification body shall be fully responsible for delivering the

services as per the scope outlined in the continued sections of this RFP on yearly

basis.

4. Project Scope:

The bidder shall conduct certification audit as per scope given bow for each

certification:

ISO 27001:2013 Scope –

“The Information Security Management system that supports the operation &

management of Domestic core banking applications, Foreign core banking

applications and Regional Rural Banks core banking applications and related

applications at Data Center at Mumbai & DR Site at Bengaluru.”

ISO 22301:2012 Scope –

“Data Center & Treasury Branch of the Bank at Mumbai and DR Site at

Bangalore”

Detail of Employees (Approx.) at each location:

Number of Bank

Employees

Number of Third

Party Employees

Number of

Department

Data Center at

Mumbai 125 380 4

DR Site at

Bengaluru 2 7 1

Treasury at

Mumbai 64 7 1

Deliverable for Activity –

i) ISO 22301 & ISO 27001 Certificate of compliance each year during 3 years

of contract.

The bidder should have valid accreditation from any of IAF member bodies for

undertaking certification audit under ISO 27001 and ISO 22301 standards during

the contract period & provide valid certification to the Bank as per IT Act

requirements.


of 22

5. Eligibility Criteria:

Sr. Criteria Documentary Proof

1 The bidder should be a company registered

in India as per Company Act 1956/2013 or

a partnership firm / a Limited Liability

Partnership company under the Limited

Liability Partnership Act 2008 in India and

should be in existence at least for the last 3

financial years. (2015-16, 2016-17 and

2017-18)

1. Copy of the Certificate of

Incorporation/Registration of the

Bidder.

2. Balance sheet for last 3 years

2 The bidder should have prior experience

with at least two customers in BFSI sector

for each standard where the bidder has

provided certification services under ISO

27001:2013 or ISO 22301:2012 standards

during last three years.

1. Two Purchase Order/Reference

Letter for each ISO standard.

2. Satisfactory Performance report

issued by the two entities.

3 The bidder should have valid accreditation

from any of IAF member bodies for

undertaking certification audit under ISO

27001 and ISO 22301 standards. IAF

Member body should be signatory to

Multilateral Mutual Recognition

Arrangement (MLA).

Valid Accreditation Certificate as

on the last Date of submission of

Bid.

4 The bidder should have minimum 3

resources on pay-roll each for ISO 27001

and ISO 22301 with 5 Years of Audit

Experience.

Necessary documentary evidence.

5 The bidding / OEM company should not

have been blacklisted by any public sector

Bank earlier.

Self-Declaration on Letter Head of

bidder.

6 The bidder should pay bid amount of

Rs.1,000/- in the form of Demand Draft/pay

order payable at Mumbai in favor of “Bank

of India”

7 The bidder should pay bid security as stated

in clause 10 of RFP.


of 22

BID PROCESS 6. Cost of Bidding

The Bidder shall bear all the costs associated with the preparation and submission

of its bid and the bank, will in no case be responsible or liable for these costs,

regardless of the conduct or outcome of the bidding process.

7. Contract Period

The term of the contract will be for a period of 3 years from the date of signing

the contract between the bank and the selected bidder or completion of 3 cycles of

certification whichever is later.

8. Language of Bid

The language of the bid response and any communication with the Bank must be

in written English only. Supporting documents provided with the RFP response

can be in another language so long as it is accompanied by an attested translation

in English, in which case, for purpose of evaluation of the bids, the English

translation will govern.

9. Sub-Contracting

Any type of formation of consortium, sub-contracting and joint assignments will

not be allowed /considered. Such proposals will be disqualified.

10. Bid Security

10.1. The bidder should deposit bid security of Rs.25,000/- (Rupees Twenty

Five Thousand Only) in the form of a demand draft favoring Bank of

India, payable at Mumbai or Bank Guarantee issued from Scheduled

Commercial Bank other than Bank of India.

10.2 In case of bidders registered with NSIC, they are eligible for waiver of

EMD. However, they need to provide valid NSIC Certificate clearly

mentioning that they are registered with NSIC under single point

registration scheme. Other.

10.3 No interest will be payable on the Bid Security amount.

10.4 Unsuccessful Bidders‟ Bid security will be returned after completion of

tender process. Unsuccessful Bidders should submit the Letter for Refund

of EMD/Bid Security for returning of the bid security amount.

10.5 Bid Security will be forfeited in the following cases:

a) If a bidder withdraws its bid during the period of bid validity; or

b) If a Bidder makes any statement or encloses any form which turns out

to be false / incorrect at any time prior to signing of Contract.

c) In case of a successful Bidder, if the Bidder fails:

i) To execute Contract within the stipulated time, or

ii) To furnish Performance Bank Guarantee as mentioned in

Performance Bank Guarantee herein.

10.6 The successful Bidders Bid security will be discharged upon the Bidder

signing the Contract Agreement and against submission of performance

bank guarantee (other than Bank of India) with the claim period of three


of 22

year six months as per the format mentioned in Annexure 7, for 10% of

contract value, valid for contract period.

10.7. Period of Validity of Bids

Bids should remain valid for the period of at least 180 days from the last

date for submission of bid prescribed by the Bank. In case the last date of

submission of bids is extended, the Bidder shall ensure that validity of

bid is reckoned from modified date for submission. Further extension of

the validity of the bid will be decided by the bank in case of need. The

price quoted in Final Commercial Offer will be valid for at least 180 days

from the date of offer.

10.8. Authorization to Bid The proposal/ bid being submitted would be binding on the Bidder. As

such, it is necessary that authorized personnel of the firm or organization

sign the bid documents. The designated personnel should be authorized

by a senior official of the organization having authority.

a) All pages of the bid shall be signed by the person or persons signing

the bid.

b) Bid form shall be signed in full & official seal affixed.

c) Any inter‐ lineation, erasure or overwriting shall be valid only if

they are signed by the person or persons signing the Bid.

d) All such initials shall be supported by a rubber stamp impression of

the Bidder’s firm.

10.9 The Technical Bid should be complete in all respects and contain all

information asked for in this document. It should not contain any price

information.

10.10 The commercial bid must not contradict the Technical offer in any way

and should be submitted in the form of Annexure:2. The bidder should

not offer any options or any conditional offers to the Bank while giving

the price information. The offer should strictly be in conformity with the

items as specified by the Bank. No additions or deletions to the Annexure

are allowed. Any deviations may lead to disqualification of the bid.

10.11 RFP Clarifications

A prospective Bidder requiring any clarification of the Bidding Document may attend Pre bid meeting. All clarifications / queries needed shall be addressed to the contact mentioned in the RFP. The Bank will discuss the queries in the Pre-Bid meeting. Relaxation in any of the terms contained in the Bid, in general, will not be permitted, but if granted, the same will be communicated to all the Bidders through Website.

11. Bid Evaluation 11.1 Opening of Bids by the Bank

11.1.1 The Bidders’ names, Bid modifications or withdrawals and the presence

or absence of requisite Bid Amount & Bid Security and such other details

as the Bank, at its discretion, may consider appropriate, will be


of 22

announced at the Bid opening. No bid shall be rejected on bid opening,

except for late bids or bids without requisite Bid Amount in specified

form, which shall be returned unopened to the Bidder.

11.1.2 Bids (and modifications sent) that are not opened at Bid Opening shall

not be considered further for evaluation, irrespective of the

circumstances. Withdrawn bids will be returned unopened to the

Bidders.

11.2 Clarification of Bids

During evaluation of the Bids, the Bank, at its discretion, may ask the Bidder

for clarification of its Bid. The request for clarification and the response

shall be in writing, and no change in the prices or substance of the Bid shall

be sought, offered, or permitted.

11.3 Preliminary Examination / Technical Evaluation

11.3.1 The Bank will examine the Bids to determine whether they are complete,

required formats have been furnished, the documents have been properly

signed, and the Bids are generally in order. Any deficiencies with respect

to RFP requirements will make the bids liable to be rejected.

However the Bank may, at its discretion, waive any minor infirmity, non-

conformity, or irregularity in a Bid, which does not constitute a material

deviation.

11.3.2 Prior to the detailed evaluation, the Bank will determine the

substantial responsiveness of each Bid to the Bidding Document. For

purposes of these Clauses, a substantially responsive Bid is one, which

confirms to all the terms and conditions of the Bidding Document without

material deviations. Deviations from, or objections or reservations to

critical provisions, such as those concerning Bid Security, Applicable

Law, Performance Security, Qualification Criteria, Contract and Force

Majeure will be deemed to be a material deviation. The Bank’s

determination of a Bid’s responsiveness is to be based on the contents of

the Bid itself, without recourse to extrinsic evidence. The Bank reserves

the right to evaluate the bids on technical & functional parameters

including possible visit to inspect live site/s of the Vendor and witness

demos of the system and verify functionalities, response times, etc.

11.3.3 If a Bid is not substantially responsive, it will be rejected by the Bank and

may not subsequently be made responsive by the Bidder by correction of

the non-conformity. The technical evaluation will take into account the

capability of the bidder to implement the proposed solution.

11.3.4. Only those bidders whose Technical bids have been found substantially

responsive would be intimated by the Bank about their responsiveness

and about the revised/updated Technical & Functional Specification (if

any) arising out of normalization (if any). In case of normalization and/or

revision, they would also be advised to submit fresh “Price Bid” which

should either be equal to or less than the Prices quoted in the Original

Price Bid.


of 22

11.4 Evaluation and Comparison of Price Bids

11.4.1 Only those bids, which are technically qualified, will be considered for

financial bid opening. Bank evolution is based on Price Bid only.

11.4.2 The Bank will evaluate and compare the Price bids, which have been

determined to be substantially responsive.

11.4.4 Arithmetical errors will be rectified on the following basis. If there is a

discrepancy between the unit price and the total price that is obtained by

multiplying the unit price and quantity, the unit price shall prevail, and the

total price shall be corrected. If the Successful Bidder does not accept the

correction of the errors, its Bid will be rejected, and its Bid security may be

forfeited. If there is a discrepancy between words and figures, the amount in

words will prevail.

11.4.5 L1 will be decided on the basis of total cost of certification for contract period

based on price evaluation as quoted in the Price Schedule (Annexure 2).

12. Award of Contract

12.1. Post-qualification

All the Price bids after their evaluation on the parameters mentioned above would be arranged in ascending order and the contract would be awarded to the bidder whose bid has been evaluated to be the lowest.

12.2. Bank’s right to Accept or reject any or all bids. The Bank reserves the right to accept or reject any Bid in part or in full, and to annul the Bidding process and reject all Bids at any time prior to contract award, without thereby incurring any liability to the affected Bidder or Bidders or any obligation to inform the affected Bidder or Bidders of the grounds for the Bank’s action.

12.3. Notification of Award

12.3.1. Prior to expiration of the period of Bid validity, the Bank will notify the successful Bidder in writing or by fax, that its Bid has been accepted.

12.3.2. The notification of award will constitute the formation of the Contract.

12.3.3. Upon the successful Bidder’s furnishing of Performance Security, the Bank will promptly notify each unsuccessful Bidder and will discharge its Bid security.

12.4 Signing of Contract

12.4.1. At the same time as the Bank notifies the successful Bidder that its Bid has been accepted, the Bank will send the Bidder the Contract Form as per Annexure:4, incorporating all agreements between the parties.

12.4.2. Within the period prescribed in Annexure:1, from the date of receipt of the Form of contract, the successful Bidder shall sign and date the Contract and return it to the Bank.


of 22

12.5. Performance Security

12.5.1. Performance Security in the required format to be submitted by

the successful bidder as per Annexure:7. 12.5.2. Failure of the successful Bidder to comply with the requirement

of RFP shall constitute sufficient grounds for the annulment of the award and forfeiture of the Bid security, in which event, the Bank may make the award to the next lowest evaluated Bidder or call for new Bids.

Note: Not withstanding anything said above, the Bank reserves the right to reject / award the contract to any vendor or cancel the entire process without assigning any reasons thereto.


of 22

TERMS & CONDITIONS OF CONTRACT (TCC) 13. PAYMENT TERMS / SCHEDULE

13.1. Payment Terms 1. No advance payment will be made.

2. Payments shall be made as per the deliverables and payment terms as

mentioned below.

3. Consolidated amount be quoted in INR. No separate taxes or expenses would

be paid.

4. Net amount payable would be = Amount quoted + GST Charges applicable –

Tax deducted at source.

13.2. Payment Schedule:-

Payment shall be released as under:

1. 10% against submission of Performance Guarantee.

2. 15% against successful completion of Stage 1 Audit.

3. 25% against successful completion of Stage 2 Audit & E Mail

confirmation of certification.

4. 25% after successful completion of 1st surveillance Audit.

(i.e. 12 months from date of certification)

5. 25% after successful completion of 2nd surveillance Audit

(i.e. 24 months from date of certification)

14. Prices

Prices payable to the service provider as stated in the Contract shall be firm

and not subject to adjustment during performance of the Contract, irrespective of reasons whatsoever, including exchange rate fluctuations, changes in taxes, duties, levies, charges, etc.

15. Liquidated Damages

If the Service provider fails to perform the Services within the time period(s)

specified in the Contract, the Bank shall, without prejudice to its other remedies under the Contract, deduct from the Contract Price, as liquidated damages, a sum equivalent to 0.5 percent per week or part thereof of contract price subject to maximum deduction of 5% of the delivered price of the delayed Solution or unperformed services for each week or part thereof of delay, until actual delivery or performance. Once the maximum deduction is reached, the Bank may consider termination of the Contract.

16. Termination for Default

The Bank, without prejudice to any other remedy for breach of Contract, by a

written notice of default sent to the Service Provider, may terminate the Contract in whole or in part any time during the contract:


of 22

(a) If the Service Provider fails to provide Services within the period(s) specified in the Contract, or within any extension thereof granted by the Bank;

or (b) if the Service Provider fails to perform any other obligation(s) under the

Contract.

17. Force Majeure 17.1. Notwithstanding the provisions of TCC, the service provider shall not be liable

for forfeiture of its performance security, liquidated damages, or termination for default if and to the extent that delay in performance or other failure to perform its obligations under the Contract is the result of an event of Force Majeure.

17.2 For purposes of this clause, “Force Majeure” means an event beyond the

control of the service provider and not involving the service provider’s fault or negligence and not foreseeable. Such events may include, but are not restricted to, acts of the Bank in its sovereign capacity, wars or revolutions, fires, floods, epidemics, quarantine restrictions, and freight embargoes.

17.3 If a Force Majeure situation arises, the service provider shall promptly notify

the Bank in writing of such condition and the cause thereof. Unless otherwise directed by the Bank in writing, the service provider shall continue to perform its obligations under the Contract as far as is reasonably practical, and shall seek all reasonable alternative means for performance not prevented by the Force Majeure event.

18. Termination for Insolvency

The Bank may, at any time, terminate the Contract by giving written notice to

the service provider if the service provider becomes bankrupt or otherwise insolvent. In this event, termination will be without compensation to the service provider, provided that such termination will not prejudice or affect any right of action or remedy which has accrued or will accrue thereafter to the Bank.

19. Termination for Convenience

The Bank, by written notice sent to the service provider, may terminate the Contract, in whole or in part, at any time for its convenience. The notice of termination shall specify that termination is for the Bank’s convenience, the extent to which performance of the service provider under the Contract is terminated, and the date upon which such termination becomes effective.


of 22

20. Resolution of Disputes

20.1 The Bank and the service provider shall make every effort to resolve

amicably by direct informal negotiation, any disagreement or dispute arising between them under or in connection with the Contract.

20.2 If, the Bank and the service provider have been unable to resolve amicably a Contract dispute even after a reasonably long period, either party may require that the dispute be referred for resolution to the formal mechanisms specified herein below. These mechanisms may include, but are not restricted to, conciliation mediated by a third party and/or adjudication in an agreed national forum.

20.3 . The dispute resolution mechanism to be applied shall be as follows:

(a) In case of Dispute or difference arising between the Bank and the service

provider relating to any matter arising out of or connected with this agreement, such disputes or difference shall be settled in accordance with the Arbitration and Conciliation Act, 1996. Where the value of the Contract is above Rs.1.00 Crore, the arbitral tribunal shall consist of 3 arbitrators, one each to be appointed by the Bank and the service provider. The third Arbitrator shall be chosen by mutual discussion between the Bank and the service provider.

(b) Arbitration proceedings shall be held at Mumbai, and the language of the

arbitration proceedings and that of all documents and communications between the parties shall be English;

(c) The decision of the majority of arbitrators shall be final and binding upon

both parties. The cost and expenses of Arbitration proceedings will be paid as determined by the arbitral tribunal. However, the expenses incurred by each party in connection with the preparation, presentation, etc., of its proceedings as also the fees and expenses paid to the arbitrator appointed by such party or on its behalf shall be borne by each party itself; and

(d) Where the value of the contract is Rs.1.00 Crore and below, the disputes

or differences arising shall be referred to the Sole Arbitrator. The Sole Arbitrator should be appointed by agreement between the parties.

21. Applicable Law

The Contract shall be interpreted in accordance with the laws of the Union of

India and the Bidder shall agree to submit to the courts under whose exclusive jurisdiction the Registered Office of the Bank falls.

The Professional Services are to be carried out as per the compliance

requirements from IT Act 2000, NABCB guidelines, Reserve Bank of India

[RBI], Guidelines from NCIIPC / Cert-IN, Overseas Regulators and various

standards like ISO 27000, PCI-DSS, ISO 22301 etc.


of 22

22. Addresses for Notices

The following shall be the address of the Bank and Bidder. Bank’s address for notice purposes:

Bank of India, Risk Management Department, Information Security Cell, Head Office, Star House, 3rd floor, C-5, G Block, Bandra Kurla Complex, Mumbai - 400 051 Bidder’s address for notice purposes (To be filled in by the Bidder) ………………………………………………………………………………… ......................……………………………………………………………………

A notice shall be effective when delivered or on effective date of the notice whichever is later.

23. Taxes, Duties and Charges

The Service Provider will be entirely responsible for all applicable taxes, duties,

levies, charges(halting, travelling), license fees, road permits, etc. in connection with delivery of service at site including incidental services and commissioning. However, Service tax will be paid extra.

23.1 Income / Corporate Taxes in India:

The Service provider shall be liable to pay all corporate taxes and income tax that shall be levied according to the laws and regulations applicable from time to time in India and the price bid by the Service provider shall include all such taxes in the contract price.

23.2 Tax deduction at Source:

Wherever the laws and regulations require deduction of such taxes at the source of payment, the Bank shall effect such deductions from the payment due to the Service provider. The remittance of amounts so deducted and issuance of certificate for such deductions shall be made by the Bank as per the laws and regulations in force. Nothing in the Contract shall relieve the Service provider from his responsibility to pay any tax that may be levied in India on income and profits made by the Service provider in respect of this contract.

23.3 The Service provider’s staff, personnel and labour will be liable to pay

personal income taxes in India in respect of such of their salaries and wages as are chargeable under the laws and regulations for the time being in force, and the Service provider shall perform such duties in


of 22

regard to such deductions thereof as may be imposed on him by such laws and regulations.

24. Integrity

The Service provider is responsible for and obliged to conduct all contracted activities in accordance with the contract using state-of-the-art methods and economic principles and exercising all means available to achieve the performance specified in the Contract.

25. Service provider’s obligations

The Service provider is obliged to work closely with the Bank’s staff, act within its own authority and abide by directives issued by the Bank and implementation activities.

The Service provider will abide by the job safety measures prevalent in India and will free the Bank from all demands or responsibilities arising from accidents or loss of life, the cause of which is the Service provider’s negligence. The Service provider will pay all indemnities arising from such incidents and will not hold the Bank responsible or obligated. The Service provider is responsible for managing the activities of its personnel or sub-contracted personnel and will hold itself responsible for any misdemeanors.

The Service provider will treat as confidential all data and information about the Bank, obtained in the execution of his responsibilities, in strict confidence and will not reveal such information to any other party without the prior written approval of the Bank.

26. Patent Rights/Intellectual Property Rights

In the event of any claim asserted by a third party of infringement of

trademark, trade names, copyright, patent, intellectual property rights or industrial design rights arising from the use of the Solution or any part thereof in India, the Service provider shall act expeditiously to extinguish such claim. If the Service provider fails to comply and the Bank is required to pay compensation to a third party resulting from such infringement, the Service provider shall be responsible for the compensation including all expenses, court costs and lawyer fees. The Bank will give notice to the Service provider of such claim, if it is made, without delay.


of 22

27. Indemnity

The Vendor shall indemnify the Bank, and shall keep indemnified and hold the Bank harmless from and against any and all losses, liabilities, claims, actions, costs and expenses (including attorneys' fees) incurred/may be incurred by the Bank and also those relating to, resulting from or in any way arising out of any claim, suit or proceeding brought against the Bank including by a third party as a result of:

(a) A gross negligent act ,willful omission and/or fraudulent activity

adjudicated by a competent court of jurisdiction/ Arbitrator appointed by the parties under this agreement against the Company, its employees, its agents, sub-contractors in the performance of the obligations of the Company under this Agreement and / or

(b) Claims against the Bank and/or any legal proceedings made by employees or other persons who are deployed by the Vendor and/or by any statutory/regulatory/ govt. authority and/or

(c) Breach of any terms of the Contract and/or the Service level Agreement to be executed by the Vendor and/or breach of any representation or warranty and/or.

(d) Violation of the Confidentiality obligations by the Vendor and/or its officials/employees or any other person employed by them in connection with the Contract and/or.

(e) Breach of any of the terms of the Contract and/or Service level Agreement by the subcontractors, if subcontracting of any part is permitted by Bank and/or

(f) The Software/Deliverables supplied not being properly licensed one and/or (g) Any breach of IPR violations by the Vendor including those of the

Software/Deliverables/Materials supplied to the Bank and/or services rendered by the Vendor.

The aggregate liability of the Company under clauses (c) and (e) shall be limited to two times the contract value. Provided, however that there shall be no cap on the liability of the company for events set out in (a), (b), (d) and (f) above.


of 22

Annexure – 1

RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019

Various Time Lines and Instructions

Sr. Description Date & Time

1. Date of issuance of RFP 11/02/2019

2. Date for receipt of queries on RFP

by Email

13/02/2019

3. Date for pre-bid meeting for

clarification of queries [ONLY IF

REQUIRED]

Will be informed by the bank

4. Date & time for submission of Bid

Proposal

27/02/2019 by 4.00 pm

5. Date & time of Price Bid opening -

Representatives of bidder may be

present during opening of the bid,

however, it would be opened even

in the absence of any or all of the

bidder`s representative.

27/02/2019 by 5.00 pm @ below mentioned

address

6. Bid Amount Rs.1,000/- (One Thousand Only)

7. Bid Security Amount Rs.25000/- (Twenty five thousand Only)

8. Period within which Performance

Security or

Amendment thereto is to be

submitted by the :

Successful Bidder upon

notification of Award

of Contract

Within 7 Days of award of contract

9. Period within which the Successful

Bidder should Sign the Contract

after receipt of the Form of

Contract.

Within 7 Days of award of contract

10. Initiation of Stage 1 Audit Within 7 days of signing the contract

11. Contract Period 3 Certification years

12. Contact Person, Address for

Communication, Telephone

Number and Submission of Bid

Documents

The General Manager,

Risk Management Department,

Information Security Cell,

3rd Floor, East Wing, Star House - I,

C-5, G-Block, Bandra Kurla Complex,

Bandra East, Mumbai – 400 051.

Email: [email protected]

Contact Person - Shri Sanjay Save

[P] 6668 4986

mailto:[email protected]


of 22

Annexure – 2

FORMAT for Commercial Bid Proposal (On letter head)

RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019 Audit & Certification of ISO 22301:2012 & ISO 27001:2013

ESTIMATED TIME AND EFFORTS

SR

No

Activities Expected

Time

Effort in

Man

days

No of team

members

to be

deployed

Total Cost (In Indian Rs.)

1

ISO Certification Cost 1st

Year

2 ISO Certification Cost 2nd

Year

3 ISO Certification Cost 3rd

Year

Total

[Name, Signature and seal of the Company]

__________________

(Signature of the Authorized Official)


of 22

Annexure – 3 Organizational Detail


Organizational Detail

Particulars to be provided by the Bidder in the Technical proposal –

No

Particulars Bidder to furnish details

1 Name of the Bidder

2 Date of establishment and constitution.

3 Location of Registered Office /Corporate Office/

Mumbai office with addresses.

4 Mailing address of the Bidder

5 Names and designations of the persons authorized

to make commitments to the Bank

6 Telephone and fax numbers of contact persons

7 E-mail addresses of contact persons

8

Estimated work plan and time schedules for

providing services for this assignment.

10 Compliance of Eligibility criteria mentioned in

clause 5 of RFP (Yes/No).


of 22

Annexure – 4

NON-DISCLOSURE AGREEMENT RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019

Audit & Certification of ISO 22301:2012 & ISO 27001:2013

WHEREAS, we, ________________________________________, having Registered Office at __________________________________, hereinafter referred to as the

COMPANY, are agreeable to Certification Audit for Bank of India, having its registered office at Star House, C-5, G Block, BandraKurla Complex, Mumbai – 400 051, hereinafter referred to as the BANK and, WHEREAS, the COMPANY understands that the information regarding the Bank’s web site shared by the BANK in their Request for Proposal is confidential and/or proprietary to the BANK, and WHEREAS, the COMPANY understands that in the course of submission of the offer to Services and/or in the aftermath thereof, it may be necessary that the COMPANY may perform certain jobs/duties on the Bank’s properties and/or have access to certain plans, documents, approvals or information of the BANK; NOW THEREFORE, in consideration of the foregoing, the COMPANY agrees to all of the following conditions, in order to induce the BANK to grant the COMPANY specific access to the BANK’s property/information The COMPANY will not publish or disclose to others, nor, use in any services that the COMPANY performs for others, any confidential or proprietary information belonging to the BANK, unless the COMPANY has first obtained the BANK’s written Authorization to do so; The COMPANY agrees that notes, specifications, designs, memoranda and other data shared by the BANK or, prepared or produced by the COMPANY for the purpose of

submitting the offer to the BANK to Certification Audit, will not be disclosed to during or subsequent to submission of the offer to the BANK, to anyone outside the BANK The COMPANY shall not, without the BANK’s written consent, disclose the contents of this Request for Proposal (Bid) or any provision thereof, or any specification, plan, pattern, sample or information (to be) furnished by or on behalf of the BANK in connection therewith, to any person(s) other than those employed/engaged by the COMPANY for the purpose of submitting the offer to the BANK and/or for the performance of the Contract in the aftermath. Disclosure to any employed/engaged person(s) shall be made in confidence and shall extend only so far as necessary for the purposes of such performance. Authorized Signatory Name: Designation: Office Seal: Place : Date:


of 22

Annexure – 5 BID SECURITY FORM


Whereas ...........................(hereinafter called “the Bidder”) has submitted its Bid

dated ...................... (date of submission of Bid) for the certification audit of ISO

22301:2012 & ISO 27001:2013 (hereinafter called “the Bid”).

KNOW ALL PEOPLE by these presents that WE .....................(name of bank) of ..................

(name of country),having our registered office at .................. (address of bank) (hereinafter

called “the Bank”), are bound unto ............................. (name of Purchaser) (hereinafter called

“the Purchaser”) in the sum of _______________________for which payment well and truly

to be made to the said Purchaser, the Bank binds itself, its successors, and assigns by these

presents. Sealed with the Common Seal of the said Bank this ____ day of _________ 2019.

THE CONDITIONS of this obligation are:

1. If the Bidder withdraws its Bid during the period of Bid validity specified by the Bidder on the Bid Form; or

2. If the Bidder, having been notified of the acceptance of its Bid by the Purchaser during

the period of Bid validity:

(a) fails or refuses to execute the Contract Form if required; or (b) fails or refuses to furnish the performance security, in accordance with the

Instruction to Bidders. We undertake to pay the Purchaser up to the above amount upon receipt of its first written demand, without the Purchaser having to substantiate its demand, provided that in its demand the Purchaser will note that the amount claimed by it is due to it, owing to the occurrence of one or both of the two conditions, specifying the occurred condition or conditions. This guarantee will remain in force up to and including Ninety (90) days after the period of the Bid validity, i.e. up to ________, and any demand in respect thereof should reach the Bank not later than the above date.

...................................

(Signature of the Bidder’s Bank) Note: Presence of restrictive clauses in the Bid Security Form such as suit filed

clause/clause requiring the Purchaser to initiate action to enforce the

claim etc., will render the Bid non-responsive.


of 22

Annexure – 6

CONTRACT FORM


THIS AGREEMENT made the .......day of.................................., 20... Between Bank of India(hereinafter called "The Bank") of the one part and ..................... (Name of Service provider) of ......................... (City and Country of Service provider) (hereinafter called "the Service provider") of the other part : WHEREAS the bank invited Bids for certain services viz., .....................................(Brief Description Services) and has accepted a Bid by the Service provider for the supply of the services in the sum of .............................. (Contract Price in Words and Figures) (hereinafter called"the Contract Price"). NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:

1. In this Agreement words and expressions shall have the same meanings as are

respectively assigned to them in the Conditions of Contract referred to. 2. The following documents of RFP No.: ******** shall be deemed to form and be

read and construed as part of this Agreement, viz.:

a) The Bid Form and the Price Schedule submitted by the Bidder; b) The Scope of Work; c) The Terms of Conditions & Contract; d) The Bank's Notification of Award; e) Schedule of Dates, Amounts etc. (Annexure:1)

IN WITNESS whereof the parties hereto have caused this Agreement to be executed in accordance with their respective laws the day and year first above written. Signed, Sealed and Delivered by the said ..................................................... (For the Purchaser) in the presence of:....................................... Signed, Sealed and Delivered by the said ..................................................... (For the Service provider) in the presence of:.......................................


of 22

Annexure – 7

PERFORMANCE SECURITY FORM RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019

Audit & Certification of ISO 22301:2012 & ISO 27001:2013 To: (Name of Purchaser) WHEREAS ................................................................... (Name of Service provider) (hereinafter called "the Service provider") has undertaken, in pursuance of Contract No................. dated,........... 2018. To provide...................... .................................................(Description of Services) (hereinafter called "the Contract"). AND WHEREAS it has been stipulated by you in the said Contract that the Service provider shall furnish you with a Bank Guarantee by a recognized bank for the sum specified therein, as security for compliance with the Service provider's performance obligations in accordance with the Contract. AND WHEREAS we have agreed to give the Service provider a Guarantee: THEREFORE, WE hereby affirm that we are Guarantors and responsible to you, on behalf of the Service provider, up to a total of................................... ........................................ (Amount of the Guarantee in Words and Figures) and we undertake to pay you, upon your first written demand declaring the Service provider to be in default under the Contract and without cavil or argument, any sum or sums within the limit of ................................ (Amount of Guarantee) as aforesaid, without your needing to prove or to show grounds or reasons for your demand or the sum specified therein. This guarantee is valid until the ........day of................... Signature and Seal of Guarantors (Service provider’s Bank) .................................................................... Date.................................................... .................................................................... .................................................................... Address: .................................................................... ....................................................................

**********

REQUEST FOR PROPOSAL (RFP) For Audit & Certification of ... · Request for Proposal For Audit &...

Documents

Transcript of REQUEST FOR PROPOSAL (RFP) For Audit & Certification of ... · Request for Proposal For Audit &...