REQUEST FOR PROPOSAL (RFP) For Audit & Certification of ... · Request for Proposal For Audit &...
Transcript of REQUEST FOR PROPOSAL (RFP) For Audit & Certification of ... · Request for Proposal For Audit &...
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 1 of 22
REQUEST FOR PROPOSAL (RFP) For Audit & Certification of
ISO 22301:2012 & ISO 27001:2013
Ref: HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019
The information provided in response to this Request For Proposal (RFP) will become the property of the bank and will not be returned. The Bank reserves the right to amend, rescind or reissue this RFP and all amendments will be advised to the bidders and such amendments will be binding on them. The Bank also reserves the right to accept or reject any or all the responses to this RFP without assigning any reasons whatsoever. This document is prepared by Bank of India for entering into contract with eligible certification bodies for certification audit of ISO 22301:2012 & ISO 27001:2013. It should not be reissued or copied or used either partially or fully in any form.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 2 of 22
CONTENTS
PART DESCRIPTION PAGE NO.
1. INVITATION TO BID (ITB) 2
2. PROJECT SCOPE 3
3. ELIGIBILITY 4
4. BID PROCESS 5
5. TERMS & CONDITIONS OF CONTRACT 10
6. ANNEXURE FORMAT 17
1. INVITATION TO BID
Bank of India is a major Public Sector Bank having around 5100+ domestic
branches in India and around 60 Branches, Offices, JVs and Subsidiaries abroad.
Domestic Branches network is being administered in three tier Administrative
structure viz. Zonal Offices [54], National Banking Groups [8] and Head Office.
Bank has four Regional Rural Banks [RRBs]. Bank is offering full range of
commercial banking activities including Retail, wholesale, Foreign Exchange,
Treasury Operations, SME, MSME, Large Credit, Infrastructure Finance, various
banking services through other Alternative Channels like ATMs, CMS, Card
Products etc.
The Bank is using multiple applications and has also employed the services of 3rd
party service providers. In few cases, the remote infrastructure of the 3rd party
service providers is also used for routine business activities. The Bank endeavors to
follow the industry level best practices for ensuring business continuity, information
security and risk management within the available infrastructure.
Bank invites eligible bidders to participate in two bid process (Technical Bid and
Commercial Bid) for a period of 3 years of certification to audit and certify Bank of
India for ISO 22301:2012 & ISO 27001:2013.
2. DISCLAIMER
The information contained in this Request for Proposal (RFP) document or
information provided subsequently to bidder(s) or applicants whether verbally or in
documentary form by or on behalf of Bank of India (BOI), is provided to the
bidder(s) on the terms and conditions set out in this RFP document and all other
terms and conditions subject to which such information is provided.
This RFP is neither an agreement nor an offer and is only an invitation by BOI to
the interested parties for submission of bids. The purpose of this RFP is to provide
the bidder(s) with information to assist the formulation of their proposals. This RFP
does not claim to contain all the information each bidder may require. Each bidder
should conduct its own investigations and analysis and should check the accuracy,
reliability and completeness of the information in this RFP and where necessary
obtain independent advice. BOI makes no representation or warranty and shall incur
no liability under any law, statute, rules or regulations as to the accuracy, reliability
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 3 of 22
or completeness of this RFP. BOI may in its absolute discretion, but without being
under any obligation to do so, update, amend or supplement the information in this
RFP.
3. Project Overview:
Bank of India is certified with ISO 22301:2012 & ISO 27001:2013. Both these
certifications i.e. ISO 27001 & ISO 22301 are valid at present but are due for
renewal from 09/03/2019 & 21/01/2019 respectively. Bank intends to align
Certification for both these standards under combined audit for next three years.
In view of the above requirement, Bank intends to avail the services of eligible
certification bodies for obtaining ISO 22301:2012 & ISO 27001:2013 certifications
for next 3 years. The certification body shall be fully responsible for delivering the
services as per the scope outlined in the continued sections of this RFP on yearly
basis.
4. Project Scope:
The bidder shall conduct certification audit as per scope given bow for each
certification:
ISO 27001:2013 Scope –
“The Information Security Management system that supports the operation &
management of Domestic core banking applications, Foreign core banking
applications and Regional Rural Banks core banking applications and related
applications at Data Center at Mumbai & DR Site at Bengaluru.”
ISO 22301:2012 Scope –
“Data Center & Treasury Branch of the Bank at Mumbai and DR Site at
Bangalore”
Detail of Employees (Approx.) at each location:
Number of Bank
Employees
Number of Third
Party Employees
Number of
Department
Data Center at
Mumbai 125 380 4
DR Site at
Bengaluru 2 7 1
Treasury at
Mumbai 64 7 1
Deliverable for Activity –
i) ISO 22301 & ISO 27001 Certificate of compliance each year during 3 years
of contract.
The bidder should have valid accreditation from any of IAF member bodies for
undertaking certification audit under ISO 27001 and ISO 22301 standards during
the contract period & provide valid certification to the Bank as per IT Act
requirements.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 4 of 22
5. Eligibility Criteria:
Sr. Criteria Documentary Proof
1 The bidder should be a company registered
in India as per Company Act 1956/2013 or
a partnership firm / a Limited Liability
Partnership company under the Limited
Liability Partnership Act 2008 in India and
should be in existence at least for the last 3
financial years. (2015-16, 2016-17 and
2017-18)
1. Copy of the Certificate of
Incorporation/Registration of the
Bidder.
2. Balance sheet for last 3 years
2 The bidder should have prior experience
with at least two customers in BFSI sector
for each standard where the bidder has
provided certification services under ISO
27001:2013 or ISO 22301:2012 standards
during last three years.
1. Two Purchase Order/Reference
Letter for each ISO standard.
2. Satisfactory Performance report
issued by the two entities.
3 The bidder should have valid accreditation
from any of IAF member bodies for
undertaking certification audit under ISO
27001 and ISO 22301 standards. IAF
Member body should be signatory to
Multilateral Mutual Recognition
Arrangement (MLA).
Valid Accreditation Certificate as
on the last Date of submission of
Bid.
4 The bidder should have minimum 3
resources on pay-roll each for ISO 27001
and ISO 22301 with 5 Years of Audit
Experience.
Necessary documentary evidence.
5 The bidding / OEM company should not
have been blacklisted by any public sector
Bank earlier.
Self-Declaration on Letter Head of
bidder.
6 The bidder should pay bid amount of
Rs.1,000/- in the form of Demand Draft/pay
order payable at Mumbai in favor of “Bank
of India”
7 The bidder should pay bid security as stated
in clause 10 of RFP.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 5 of 22
BID PROCESS 6. Cost of Bidding
The Bidder shall bear all the costs associated with the preparation and submission
of its bid and the bank, will in no case be responsible or liable for these costs,
regardless of the conduct or outcome of the bidding process.
7. Contract Period
The term of the contract will be for a period of 3 years from the date of signing
the contract between the bank and the selected bidder or completion of 3 cycles of
certification whichever is later.
8. Language of Bid
The language of the bid response and any communication with the Bank must be
in written English only. Supporting documents provided with the RFP response
can be in another language so long as it is accompanied by an attested translation
in English, in which case, for purpose of evaluation of the bids, the English
translation will govern.
9. Sub-Contracting
Any type of formation of consortium, sub-contracting and joint assignments will
not be allowed /considered. Such proposals will be disqualified.
10. Bid Security
10.1. The bidder should deposit bid security of Rs.25,000/- (Rupees Twenty
Five Thousand Only) in the form of a demand draft favoring Bank of
India, payable at Mumbai or Bank Guarantee issued from Scheduled
Commercial Bank other than Bank of India.
10.2 In case of bidders registered with NSIC, they are eligible for waiver of
EMD. However, they need to provide valid NSIC Certificate clearly
mentioning that they are registered with NSIC under single point
registration scheme. Other.
10.3 No interest will be payable on the Bid Security amount.
10.4 Unsuccessful Bidders‟ Bid security will be returned after completion of
tender process. Unsuccessful Bidders should submit the Letter for Refund
of EMD/Bid Security for returning of the bid security amount.
10.5 Bid Security will be forfeited in the following cases:
a) If a bidder withdraws its bid during the period of bid validity; or
b) If a Bidder makes any statement or encloses any form which turns out
to be false / incorrect at any time prior to signing of Contract.
c) In case of a successful Bidder, if the Bidder fails:
i) To execute Contract within the stipulated time, or
ii) To furnish Performance Bank Guarantee as mentioned in
Performance Bank Guarantee herein.
10.6 The successful Bidders Bid security will be discharged upon the Bidder
signing the Contract Agreement and against submission of performance
bank guarantee (other than Bank of India) with the claim period of three
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 6 of 22
year six months as per the format mentioned in Annexure 7, for 10% of
contract value, valid for contract period.
10.7. Period of Validity of Bids
Bids should remain valid for the period of at least 180 days from the last
date for submission of bid prescribed by the Bank. In case the last date of
submission of bids is extended, the Bidder shall ensure that validity of
bid is reckoned from modified date for submission. Further extension of
the validity of the bid will be decided by the bank in case of need. The
price quoted in Final Commercial Offer will be valid for at least 180 days
from the date of offer.
10.8. Authorization to Bid The proposal/ bid being submitted would be binding on the Bidder. As
such, it is necessary that authorized personnel of the firm or organization
sign the bid documents. The designated personnel should be authorized
by a senior official of the organization having authority.
a) All pages of the bid shall be signed by the person or persons signing
the bid.
b) Bid form shall be signed in full & official seal affixed.
c) Any inter‐ lineation, erasure or overwriting shall be valid only if
they are signed by the person or persons signing the Bid.
d) All such initials shall be supported by a rubber stamp impression of
the Bidder’s firm.
10.9 The Technical Bid should be complete in all respects and contain all
information asked for in this document. It should not contain any price
information.
10.10 The commercial bid must not contradict the Technical offer in any way
and should be submitted in the form of Annexure:2. The bidder should
not offer any options or any conditional offers to the Bank while giving
the price information. The offer should strictly be in conformity with the
items as specified by the Bank. No additions or deletions to the Annexure
are allowed. Any deviations may lead to disqualification of the bid.
10.11 RFP Clarifications
A prospective Bidder requiring any clarification of the Bidding Document may attend Pre bid meeting. All clarifications / queries needed shall be addressed to the contact mentioned in the RFP. The Bank will discuss the queries in the Pre-Bid meeting. Relaxation in any of the terms contained in the Bid, in general, will not be permitted, but if granted, the same will be communicated to all the Bidders through Website.
11. Bid Evaluation 11.1 Opening of Bids by the Bank
11.1.1 The Bidders’ names, Bid modifications or withdrawals and the presence
or absence of requisite Bid Amount & Bid Security and such other details
as the Bank, at its discretion, may consider appropriate, will be
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 7 of 22
announced at the Bid opening. No bid shall be rejected on bid opening,
except for late bids or bids without requisite Bid Amount in specified
form, which shall be returned unopened to the Bidder.
11.1.2 Bids (and modifications sent) that are not opened at Bid Opening shall
not be considered further for evaluation, irrespective of the
circumstances. Withdrawn bids will be returned unopened to the
Bidders.
11.2 Clarification of Bids
During evaluation of the Bids, the Bank, at its discretion, may ask the Bidder
for clarification of its Bid. The request for clarification and the response
shall be in writing, and no change in the prices or substance of the Bid shall
be sought, offered, or permitted.
11.3 Preliminary Examination / Technical Evaluation
11.3.1 The Bank will examine the Bids to determine whether they are complete,
required formats have been furnished, the documents have been properly
signed, and the Bids are generally in order. Any deficiencies with respect
to RFP requirements will make the bids liable to be rejected.
However the Bank may, at its discretion, waive any minor infirmity, non-
conformity, or irregularity in a Bid, which does not constitute a material
deviation.
11.3.2 Prior to the detailed evaluation, the Bank will determine the
substantial responsiveness of each Bid to the Bidding Document. For
purposes of these Clauses, a substantially responsive Bid is one, which
confirms to all the terms and conditions of the Bidding Document without
material deviations. Deviations from, or objections or reservations to
critical provisions, such as those concerning Bid Security, Applicable
Law, Performance Security, Qualification Criteria, Contract and Force
Majeure will be deemed to be a material deviation. The Bank’s
determination of a Bid’s responsiveness is to be based on the contents of
the Bid itself, without recourse to extrinsic evidence. The Bank reserves
the right to evaluate the bids on technical & functional parameters
including possible visit to inspect live site/s of the Vendor and witness
demos of the system and verify functionalities, response times, etc.
11.3.3 If a Bid is not substantially responsive, it will be rejected by the Bank and
may not subsequently be made responsive by the Bidder by correction of
the non-conformity. The technical evaluation will take into account the
capability of the bidder to implement the proposed solution.
11.3.4. Only those bidders whose Technical bids have been found substantially
responsive would be intimated by the Bank about their responsiveness
and about the revised/updated Technical & Functional Specification (if
any) arising out of normalization (if any). In case of normalization and/or
revision, they would also be advised to submit fresh “Price Bid” which
should either be equal to or less than the Prices quoted in the Original
Price Bid.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 8 of 22
11.4 Evaluation and Comparison of Price Bids
11.4.1 Only those bids, which are technically qualified, will be considered for
financial bid opening. Bank evolution is based on Price Bid only.
11.4.2 The Bank will evaluate and compare the Price bids, which have been
determined to be substantially responsive.
11.4.4 Arithmetical errors will be rectified on the following basis. If there is a
discrepancy between the unit price and the total price that is obtained by
multiplying the unit price and quantity, the unit price shall prevail, and the
total price shall be corrected. If the Successful Bidder does not accept the
correction of the errors, its Bid will be rejected, and its Bid security may be
forfeited. If there is a discrepancy between words and figures, the amount in
words will prevail.
11.4.5 L1 will be decided on the basis of total cost of certification for contract period
based on price evaluation as quoted in the Price Schedule (Annexure 2).
12. Award of Contract
12.1. Post-qualification
All the Price bids after their evaluation on the parameters mentioned above would be arranged in ascending order and the contract would be awarded to the bidder whose bid has been evaluated to be the lowest.
12.2. Bank’s right to Accept or reject any or all bids. The Bank reserves the right to accept or reject any Bid in part or in full, and to annul the Bidding process and reject all Bids at any time prior to contract award, without thereby incurring any liability to the affected Bidder or Bidders or any obligation to inform the affected Bidder or Bidders of the grounds for the Bank’s action.
12.3. Notification of Award
12.3.1. Prior to expiration of the period of Bid validity, the Bank will notify the successful Bidder in writing or by fax, that its Bid has been accepted.
12.3.2. The notification of award will constitute the formation of the Contract.
12.3.3. Upon the successful Bidder’s furnishing of Performance Security, the Bank will promptly notify each unsuccessful Bidder and will discharge its Bid security.
12.4 Signing of Contract
12.4.1. At the same time as the Bank notifies the successful Bidder that its Bid has been accepted, the Bank will send the Bidder the Contract Form as per Annexure:4, incorporating all agreements between the parties.
12.4.2. Within the period prescribed in Annexure:1, from the date of receipt of the Form of contract, the successful Bidder shall sign and date the Contract and return it to the Bank.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 9 of 22
12.5. Performance Security
12.5.1. Performance Security in the required format to be submitted by
the successful bidder as per Annexure:7. 12.5.2. Failure of the successful Bidder to comply with the requirement
of RFP shall constitute sufficient grounds for the annulment of the award and forfeiture of the Bid security, in which event, the Bank may make the award to the next lowest evaluated Bidder or call for new Bids.
Note: Not withstanding anything said above, the Bank reserves the right to reject / award the contract to any vendor or cancel the entire process without assigning any reasons thereto.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 10 of 22
TERMS & CONDITIONS OF CONTRACT (TCC) 13. PAYMENT TERMS / SCHEDULE
13.1. Payment Terms 1. No advance payment will be made.
2. Payments shall be made as per the deliverables and payment terms as
mentioned below.
3. Consolidated amount be quoted in INR. No separate taxes or expenses would
be paid.
4. Net amount payable would be = Amount quoted + GST Charges applicable –
Tax deducted at source.
13.2. Payment Schedule:-
Payment shall be released as under:
1. 10% against submission of Performance Guarantee.
2. 15% against successful completion of Stage 1 Audit.
3. 25% against successful completion of Stage 2 Audit & E Mail
confirmation of certification.
4. 25% after successful completion of 1st surveillance Audit.
(i.e. 12 months from date of certification)
5. 25% after successful completion of 2nd surveillance Audit
(i.e. 24 months from date of certification)
14. Prices
Prices payable to the service provider as stated in the Contract shall be firm
and not subject to adjustment during performance of the Contract, irrespective of reasons whatsoever, including exchange rate fluctuations, changes in taxes, duties, levies, charges, etc.
15. Liquidated Damages
If the Service provider fails to perform the Services within the time period(s)
specified in the Contract, the Bank shall, without prejudice to its other remedies under the Contract, deduct from the Contract Price, as liquidated damages, a sum equivalent to 0.5 percent per week or part thereof of contract price subject to maximum deduction of 5% of the delivered price of the delayed Solution or unperformed services for each week or part thereof of delay, until actual delivery or performance. Once the maximum deduction is reached, the Bank may consider termination of the Contract.
16. Termination for Default
The Bank, without prejudice to any other remedy for breach of Contract, by a
written notice of default sent to the Service Provider, may terminate the Contract in whole or in part any time during the contract:
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 11 of 22
(a) If the Service Provider fails to provide Services within the period(s) specified in the Contract, or within any extension thereof granted by the Bank;
or (b) if the Service Provider fails to perform any other obligation(s) under the
Contract.
17. Force Majeure 17.1. Notwithstanding the provisions of TCC, the service provider shall not be liable
for forfeiture of its performance security, liquidated damages, or termination for default if and to the extent that delay in performance or other failure to perform its obligations under the Contract is the result of an event of Force Majeure.
17.2 For purposes of this clause, “Force Majeure” means an event beyond the
control of the service provider and not involving the service provider’s fault or negligence and not foreseeable. Such events may include, but are not restricted to, acts of the Bank in its sovereign capacity, wars or revolutions, fires, floods, epidemics, quarantine restrictions, and freight embargoes.
17.3 If a Force Majeure situation arises, the service provider shall promptly notify
the Bank in writing of such condition and the cause thereof. Unless otherwise directed by the Bank in writing, the service provider shall continue to perform its obligations under the Contract as far as is reasonably practical, and shall seek all reasonable alternative means for performance not prevented by the Force Majeure event.
18. Termination for Insolvency
The Bank may, at any time, terminate the Contract by giving written notice to
the service provider if the service provider becomes bankrupt or otherwise insolvent. In this event, termination will be without compensation to the service provider, provided that such termination will not prejudice or affect any right of action or remedy which has accrued or will accrue thereafter to the Bank.
19. Termination for Convenience
The Bank, by written notice sent to the service provider, may terminate the Contract, in whole or in part, at any time for its convenience. The notice of termination shall specify that termination is for the Bank’s convenience, the extent to which performance of the service provider under the Contract is terminated, and the date upon which such termination becomes effective.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 12 of 22
20. Resolution of Disputes
20.1 The Bank and the service provider shall make every effort to resolve
amicably by direct informal negotiation, any disagreement or dispute arising between them under or in connection with the Contract.
20.2 If, the Bank and the service provider have been unable to resolve amicably a Contract dispute even after a reasonably long period, either party may require that the dispute be referred for resolution to the formal mechanisms specified herein below. These mechanisms may include, but are not restricted to, conciliation mediated by a third party and/or adjudication in an agreed national forum.
20.3 . The dispute resolution mechanism to be applied shall be as follows:
(a) In case of Dispute or difference arising between the Bank and the service
provider relating to any matter arising out of or connected with this agreement, such disputes or difference shall be settled in accordance with the Arbitration and Conciliation Act, 1996. Where the value of the Contract is above Rs.1.00 Crore, the arbitral tribunal shall consist of 3 arbitrators, one each to be appointed by the Bank and the service provider. The third Arbitrator shall be chosen by mutual discussion between the Bank and the service provider.
(b) Arbitration proceedings shall be held at Mumbai, and the language of the
arbitration proceedings and that of all documents and communications between the parties shall be English;
(c) The decision of the majority of arbitrators shall be final and binding upon
both parties. The cost and expenses of Arbitration proceedings will be paid as determined by the arbitral tribunal. However, the expenses incurred by each party in connection with the preparation, presentation, etc., of its proceedings as also the fees and expenses paid to the arbitrator appointed by such party or on its behalf shall be borne by each party itself; and
(d) Where the value of the contract is Rs.1.00 Crore and below, the disputes
or differences arising shall be referred to the Sole Arbitrator. The Sole Arbitrator should be appointed by agreement between the parties.
21. Applicable Law
The Contract shall be interpreted in accordance with the laws of the Union of
India and the Bidder shall agree to submit to the courts under whose exclusive jurisdiction the Registered Office of the Bank falls.
The Professional Services are to be carried out as per the compliance
requirements from IT Act 2000, NABCB guidelines, Reserve Bank of India
[RBI], Guidelines from NCIIPC / Cert-IN, Overseas Regulators and various
standards like ISO 27000, PCI-DSS, ISO 22301 etc.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 13 of 22
22. Addresses for Notices
The following shall be the address of the Bank and Bidder. Bank’s address for notice purposes:
Bank of India, Risk Management Department, Information Security Cell, Head Office, Star House, 3rd floor, C-5, G Block, Bandra Kurla Complex, Mumbai - 400 051 Bidder’s address for notice purposes (To be filled in by the Bidder) ………………………………………………………………………………… ......................……………………………………………………………………
A notice shall be effective when delivered or on effective date of the notice whichever is later.
23. Taxes, Duties and Charges
The Service Provider will be entirely responsible for all applicable taxes, duties,
levies, charges(halting, travelling), license fees, road permits, etc. in connection with delivery of service at site including incidental services and commissioning. However, Service tax will be paid extra.
23.1 Income / Corporate Taxes in India:
The Service provider shall be liable to pay all corporate taxes and income tax that shall be levied according to the laws and regulations applicable from time to time in India and the price bid by the Service provider shall include all such taxes in the contract price.
23.2 Tax deduction at Source:
Wherever the laws and regulations require deduction of such taxes at the source of payment, the Bank shall effect such deductions from the payment due to the Service provider. The remittance of amounts so deducted and issuance of certificate for such deductions shall be made by the Bank as per the laws and regulations in force. Nothing in the Contract shall relieve the Service provider from his responsibility to pay any tax that may be levied in India on income and profits made by the Service provider in respect of this contract.
23.3 The Service provider’s staff, personnel and labour will be liable to pay
personal income taxes in India in respect of such of their salaries and wages as are chargeable under the laws and regulations for the time being in force, and the Service provider shall perform such duties in
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 14 of 22
regard to such deductions thereof as may be imposed on him by such laws and regulations.
24. Integrity
The Service provider is responsible for and obliged to conduct all contracted activities in accordance with the contract using state-of-the-art methods and economic principles and exercising all means available to achieve the performance specified in the Contract.
25. Service provider’s obligations
The Service provider is obliged to work closely with the Bank’s staff, act within its own authority and abide by directives issued by the Bank and implementation activities.
The Service provider will abide by the job safety measures prevalent in India and will free the Bank from all demands or responsibilities arising from accidents or loss of life, the cause of which is the Service provider’s negligence. The Service provider will pay all indemnities arising from such incidents and will not hold the Bank responsible or obligated. The Service provider is responsible for managing the activities of its personnel or sub-contracted personnel and will hold itself responsible for any misdemeanors.
The Service provider will treat as confidential all data and information about the Bank, obtained in the execution of his responsibilities, in strict confidence and will not reveal such information to any other party without the prior written approval of the Bank.
26. Patent Rights/Intellectual Property Rights
In the event of any claim asserted by a third party of infringement of
trademark, trade names, copyright, patent, intellectual property rights or industrial design rights arising from the use of the Solution or any part thereof in India, the Service provider shall act expeditiously to extinguish such claim. If the Service provider fails to comply and the Bank is required to pay compensation to a third party resulting from such infringement, the Service provider shall be responsible for the compensation including all expenses, court costs and lawyer fees. The Bank will give notice to the Service provider of such claim, if it is made, without delay.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 15 of 22
27. Indemnity
The Vendor shall indemnify the Bank, and shall keep indemnified and hold the Bank harmless from and against any and all losses, liabilities, claims, actions, costs and expenses (including attorneys' fees) incurred/may be incurred by the Bank and also those relating to, resulting from or in any way arising out of any claim, suit or proceeding brought against the Bank including by a third party as a result of:
(a) A gross negligent act ,willful omission and/or fraudulent activity
adjudicated by a competent court of jurisdiction/ Arbitrator appointed by the parties under this agreement against the Company, its employees, its agents, sub-contractors in the performance of the obligations of the Company under this Agreement and / or
(b) Claims against the Bank and/or any legal proceedings made by employees or other persons who are deployed by the Vendor and/or by any statutory/regulatory/ govt. authority and/or
(c) Breach of any terms of the Contract and/or the Service level Agreement to be executed by the Vendor and/or breach of any representation or warranty and/or.
(d) Violation of the Confidentiality obligations by the Vendor and/or its officials/employees or any other person employed by them in connection with the Contract and/or.
(e) Breach of any of the terms of the Contract and/or Service level Agreement by the subcontractors, if subcontracting of any part is permitted by Bank and/or
(f) The Software/Deliverables supplied not being properly licensed one and/or (g) Any breach of IPR violations by the Vendor including those of the
Software/Deliverables/Materials supplied to the Bank and/or services rendered by the Vendor.
The aggregate liability of the Company under clauses (c) and (e) shall be limited to two times the contract value. Provided, however that there shall be no cap on the liability of the company for events set out in (a), (b), (d) and (f) above.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 16 of 22
Annexure – 1
RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019
Various Time Lines and Instructions
Sr. Description Date & Time
1. Date of issuance of RFP 11/02/2019
2. Date for receipt of queries on RFP
by Email
13/02/2019
3. Date for pre-bid meeting for
clarification of queries [ONLY IF
REQUIRED]
Will be informed by the bank
4. Date & time for submission of Bid
Proposal
27/02/2019 by 4.00 pm
5. Date & time of Price Bid opening -
Representatives of bidder may be
present during opening of the bid,
however, it would be opened even
in the absence of any or all of the
bidder`s representative.
27/02/2019 by 5.00 pm @ below mentioned
address
6. Bid Amount Rs.1,000/- (One Thousand Only)
7. Bid Security Amount Rs.25000/- (Twenty five thousand Only)
8. Period within which Performance
Security or
Amendment thereto is to be
submitted by the :
Successful Bidder upon
notification of Award
of Contract
Within 7 Days of award of contract
9. Period within which the Successful
Bidder should Sign the Contract
after receipt of the Form of
Contract.
Within 7 Days of award of contract
10. Initiation of Stage 1 Audit Within 7 days of signing the contract
11. Contract Period 3 Certification years
12. Contact Person, Address for
Communication, Telephone
Number and Submission of Bid
Documents
The General Manager,
Risk Management Department,
Information Security Cell,
3rd Floor, East Wing, Star House - I,
C-5, G-Block, Bandra Kurla Complex,
Bandra East, Mumbai – 400 051.
Email: [email protected]
Contact Person - Shri Sanjay Save
[P] 6668 4986
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 17 of 22
Annexure – 2
FORMAT for Commercial Bid Proposal (On letter head)
RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019 Audit & Certification of ISO 22301:2012 & ISO 27001:2013
ESTIMATED TIME AND EFFORTS
SR
No
Activities Expected
Time
Effort in
Man
days
No of team
members
to be
deployed
Total Cost (In Indian Rs.)
1
ISO Certification Cost 1st
Year
2 ISO Certification Cost 2nd
Year
3 ISO Certification Cost 3rd
Year
Total
[Name, Signature and seal of the Company]
__________________
(Signature of the Authorized Official)
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 18 of 22
Annexure – 3 Organizational Detail
RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019 Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Organizational Detail
Particulars to be provided by the Bidder in the Technical proposal –
No
Particulars Bidder to furnish details
1 Name of the Bidder
2 Date of establishment and constitution.
3 Location of Registered Office /Corporate Office/
Mumbai office with addresses.
4 Mailing address of the Bidder
5 Names and designations of the persons authorized
to make commitments to the Bank
6 Telephone and fax numbers of contact persons
7 E-mail addresses of contact persons
8
Estimated work plan and time schedules for
providing services for this assignment.
10 Compliance of Eligibility criteria mentioned in
clause 5 of RFP (Yes/No).
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 19 of 22
Annexure – 4
NON-DISCLOSURE AGREEMENT RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019
Audit & Certification of ISO 22301:2012 & ISO 27001:2013
WHEREAS, we, ________________________________________, having Registered Office at __________________________________, hereinafter referred to as the
COMPANY, are agreeable to Certification Audit for Bank of India, having its registered office at Star House, C-5, G Block, BandraKurla Complex, Mumbai – 400 051, hereinafter referred to as the BANK and, WHEREAS, the COMPANY understands that the information regarding the Bank’s web site shared by the BANK in their Request for Proposal is confidential and/or proprietary to the BANK, and WHEREAS, the COMPANY understands that in the course of submission of the offer to Services and/or in the aftermath thereof, it may be necessary that the COMPANY may perform certain jobs/duties on the Bank’s properties and/or have access to certain plans, documents, approvals or information of the BANK; NOW THEREFORE, in consideration of the foregoing, the COMPANY agrees to all of the following conditions, in order to induce the BANK to grant the COMPANY specific access to the BANK’s property/information The COMPANY will not publish or disclose to others, nor, use in any services that the COMPANY performs for others, any confidential or proprietary information belonging to the BANK, unless the COMPANY has first obtained the BANK’s written Authorization to do so; The COMPANY agrees that notes, specifications, designs, memoranda and other data shared by the BANK or, prepared or produced by the COMPANY for the purpose of
submitting the offer to the BANK to Certification Audit, will not be disclosed to during or subsequent to submission of the offer to the BANK, to anyone outside the BANK The COMPANY shall not, without the BANK’s written consent, disclose the contents of this Request for Proposal (Bid) or any provision thereof, or any specification, plan, pattern, sample or information (to be) furnished by or on behalf of the BANK in connection therewith, to any person(s) other than those employed/engaged by the COMPANY for the purpose of submitting the offer to the BANK and/or for the performance of the Contract in the aftermath. Disclosure to any employed/engaged person(s) shall be made in confidence and shall extend only so far as necessary for the purposes of such performance. Authorized Signatory Name: Designation: Office Seal: Place : Date:
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 20 of 22
Annexure – 5 BID SECURITY FORM
RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019 Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Whereas ...........................(hereinafter called “the Bidder”) has submitted its Bid
dated ...................... (date of submission of Bid) for the certification audit of ISO
22301:2012 & ISO 27001:2013 (hereinafter called “the Bid”).
KNOW ALL PEOPLE by these presents that WE .....................(name of bank) of ..................
(name of country),having our registered office at .................. (address of bank) (hereinafter
called “the Bank”), are bound unto ............................. (name of Purchaser) (hereinafter called
“the Purchaser”) in the sum of _______________________for which payment well and truly
to be made to the said Purchaser, the Bank binds itself, its successors, and assigns by these
presents. Sealed with the Common Seal of the said Bank this ____ day of _________ 2019.
THE CONDITIONS of this obligation are:
1. If the Bidder withdraws its Bid during the period of Bid validity specified by the Bidder on the Bid Form; or
2. If the Bidder, having been notified of the acceptance of its Bid by the Purchaser during
the period of Bid validity:
(a) fails or refuses to execute the Contract Form if required; or (b) fails or refuses to furnish the performance security, in accordance with the
Instruction to Bidders. We undertake to pay the Purchaser up to the above amount upon receipt of its first written demand, without the Purchaser having to substantiate its demand, provided that in its demand the Purchaser will note that the amount claimed by it is due to it, owing to the occurrence of one or both of the two conditions, specifying the occurred condition or conditions. This guarantee will remain in force up to and including Ninety (90) days after the period of the Bid validity, i.e. up to ________, and any demand in respect thereof should reach the Bank not later than the above date.
...................................
(Signature of the Bidder’s Bank) Note: Presence of restrictive clauses in the Bid Security Form such as suit filed
clause/clause requiring the Purchaser to initiate action to enforce the
claim etc., will render the Bid non-responsive.
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 21 of 22
Annexure – 6
CONTRACT FORM
RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019 Audit & Certification of ISO 22301:2012 & ISO 27001:2013
THIS AGREEMENT made the .......day of.................................., 20... Between Bank of India(hereinafter called "The Bank") of the one part and ..................... (Name of Service provider) of ......................... (City and Country of Service provider) (hereinafter called "the Service provider") of the other part : WHEREAS the bank invited Bids for certain services viz., .....................................(Brief Description Services) and has accepted a Bid by the Service provider for the supply of the services in the sum of .............................. (Contract Price in Words and Figures) (hereinafter called"the Contract Price"). NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:
1. In this Agreement words and expressions shall have the same meanings as are
respectively assigned to them in the Conditions of Contract referred to. 2. The following documents of RFP No.: ******** shall be deemed to form and be
read and construed as part of this Agreement, viz.:
a) The Bid Form and the Price Schedule submitted by the Bidder; b) The Scope of Work; c) The Terms of Conditions & Contract; d) The Bank's Notification of Award; e) Schedule of Dates, Amounts etc. (Annexure:1)
IN WITNESS whereof the parties hereto have caused this Agreement to be executed in accordance with their respective laws the day and year first above written. Signed, Sealed and Delivered by the said ..................................................... (For the Purchaser) in the presence of:....................................... Signed, Sealed and Delivered by the said ..................................................... (For the Service provider) in the presence of:.......................................
Request for Proposal For Audit & Certification of ISO 22301:2012 & ISO 27001:2013
Page 22 of 22
Annexure – 7
PERFORMANCE SECURITY FORM RFP Ref. No. HO:RMD:ISC:SLS:2018-19:161 dated 08.02.2019
Audit & Certification of ISO 22301:2012 & ISO 27001:2013 To: (Name of Purchaser) WHEREAS ................................................................... (Name of Service provider) (hereinafter called "the Service provider") has undertaken, in pursuance of Contract No................. dated,........... 2018. To provide...................... .................................................(Description of Services) (hereinafter called "the Contract"). AND WHEREAS it has been stipulated by you in the said Contract that the Service provider shall furnish you with a Bank Guarantee by a recognized bank for the sum specified therein, as security for compliance with the Service provider's performance obligations in accordance with the Contract. AND WHEREAS we have agreed to give the Service provider a Guarantee: THEREFORE, WE hereby affirm that we are Guarantors and responsible to you, on behalf of the Service provider, up to a total of................................... ........................................ (Amount of the Guarantee in Words and Figures) and we undertake to pay you, upon your first written demand declaring the Service provider to be in default under the Contract and without cavil or argument, any sum or sums within the limit of ................................ (Amount of Guarantee) as aforesaid, without your needing to prove or to show grounds or reasons for your demand or the sum specified therein. This guarantee is valid until the ........day of................... Signature and Seal of Guarantors (Service provider’s Bank) .................................................................... Date.................................................... .................................................................... .................................................................... Address: .................................................................... ....................................................................
**********