RFPATC 6 Anurag - Patel@mahabank - Co.in

RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation,
and Maintenance of Anti DDoS solutions with facility management support for Bank’s
Data Center (DC) and Disaster Recovery Site (DR)
Bank of Maharashtra
(One Family… One Bank… Mahabank)
Request for Proposal

For
Supply, Installation, Configuration,
Integration, Implementation and
Maintenance of Anti Distributed Denial of
Service (DDoS) solution with facility
management support for Bank’s Data
Center (DC) & Disaster Recovery Site (DR)
RFP28/2023-24
GEM BID NO-GEM/2023/B/4346582
Head Office, ‘LOKMANGAL’

1501, Shivaji Nagar, Pune – 411 005
GeM Bid No. GEM/2023/B/4346582 Page 1 of 126

Important Clarifications:
Following terms are used in the document interchangeably to mean:
1 APT Advanced Persistent Threat

2 AMC Annual Maintenance Contract
3 ATM Automated teller machine
4 ATS Annual Technical Support
5 Bank Bank of Maharashtra
6 BC Business Continuity
7 Bidder The respondent to the RFP document
8 Bidder/ Service signifies those who purchase this tender document and
Provider/ Recipient/ submits Response to it.
Respondent/ Vendor/
Supplier/ Contractor
9 BoM Bill of Materials
10 CB Commercial Bid
11 CBS Core Banking Solution
12 CDDA Combined Dynamic Data Authentication
13 CPU Central Processing Unit
14 DB Database
15 DC Data Centre
16 DDA Dynamic Data Authentication
17 DR Disaster Recovery
18 ECC Electronic Cheques Clearing System
19 EMD Earnest Money Deposit
20 FR Functional Requirements
21 GST Good Services Tax
22 IBA Indian Bank’s association
23 ISO International standards organization
24 IT Information Technology
25 NBFC Non-Banking Financial Company
26 NDS Non-Disclosure Agreement
27 NSIC National Small Industries Corporation Limited
28 OEM Original Equipment Manufacturer
29 OS Operating System
30 Party Bidder and Bank shall be individually referred to as ‘Party’
and collectively as ‘Parties’
31 PBG Performance Bank Guarantee
32 PO Purchase Order
33 POS Point of Sales
34 PSB Public Sector Bank
35 PSU Public Sector Undertaking
36 RBI Reserve Bank of India
37 RFP Request for Proposal
38 RRB Regional Rural Bank
39 RTGS Real Time Gross Settlement
40 RTO Recovery Time objective
41 SCB Scheduled Commercial Bank
42 SDA Simple Data Authentication
43 SIEM Security Information & Event Management
44 SLA Service Level Agreement
45 TB Technical Bid

46 TCO Total Cost of Ownership

47 TR Technical Requirements
48 UAT User Acceptance Testing
49 UIDAI Unique Identification Authority of India
50 UPI Unified Payment Interface
51 GRE Generic Routing Encapsulation
52 L2TP Layer 2 Tunneling Protocol
53 DDoS Distributed Denial of Service
54 STIX Structure Threat Information Expression
55 TAXII Trusted Automated Exchange of Intelligence Information
56 TIP Threat Intelligence Platform
57 SNMP Simple Network Management Protocol
58 LACP Link Aggregation Protocols
59 VLAN Virtual Local Area Network
60 SSL Secure Socket Layer
61 CPS Connections Per Second
The Company / person/s interested to participate in the current tendering process mean this document
for the specific use. This document in its entirety is subject to Copyright Laws. The Bidder or any
person acting on behalf of the Bidder should strictly adhere to the instructions given in the document
and maintain confidentiality of information. The Bidder/s will be held responsible for any misuse of
information contained in the document, and liable to be Prosecuted by the Bank in the event that such
a circumstance is brought to the notice of the Bank. By downloading the document, the interested
party is subject to confidentiality clauses.

1. INTRODUCTION ---------------------------------------------------------------------------------------- 7
2. INVITATION FOR TENDER OFFERS ------------------------------------------------------------ 8
3. INSTRUCTIONS TO BIDDERS ------------------------------------------------------------------ 10
3.1. Two Bid System Tender --------------------------------------------------------------------------------------------------------- 10
3.2. Terms and Conditions ----------------------------------------------------------------------------------------------------------- 11
3.3. Soft Copy of Tender document ---------------------------------------------------------------------------------------------- 11
3.4. Offer validity Period --------------------------------------------------------------------------------------------------------------- 11
3.5. Address of Communication --------------------------------------------------------------------------------------------------- 11
3.6. Pre-Bid Meeting --------------------------------------------------------------------------------------------------------------------- 12
3.7. Rejection of Bids: ------------------------------------------------------------------------------------------------------------------ 12
3.8. Opening of Offers by Bank: --------------------------------------------------------------------------------------------------- 12
3.9. Scrutiny of Offers ------------------------------------------------------------------------------------------------------------------ 12
3.10. Techno-Commercial Evaluation Criteria -------------------------------------------------------------------------------- 14
3.11. Format for Technical bid -------------------------------------------------------------------------------------------------------- 14
3.12. Masked Commercial bid -------------------------------------------------------------------------------------------------------- 15
3.13. Format for Commercial bid ---------------------------------------------------------------------------------------------------- 15
3.14. Erasures or Alterations ---------------------------------------------------------------------------------------------------------- 15
3.15. Location of Project Implementation --------------------------------------------------------------------------------------- 15
3.16. Contract Period---------------------------------------------------------------------------------------------------------------------- 15
3.17. Fixed Price ----------------------------------------------------------------------------------------------------------------------------- 16
3.18. Lowest Price Bid -------------------------------------------------------------------------------------------------------------------- 16
3.19. Adoption of Integrity Pact ------------------------------------------------------------------------------------------------------ 16
3.20. Preference for Public Procurement (Preference to Make in India) ----------------------------------------- 17
3.21. Earnest Money Deposit ---------------------------------------------------------------------------------------------------------- 17
3.22. Commercial --------------------------------------------------------------------------------------------------------------------------- 18
3.23. Costs Borne by Respondents ------------------------------------------------------------------------------------------------ 18
3.24. No Legal relationship ------------------------------------------------------------------------------------------------------------- 19
3.25. Recipient obligation to inform itself --------------------------------------------------------------------------------------- 19
3.26. Evaluation of offers --------------------------------------------------------------------------------------------------------------- 19
3.27. Errors and Omissions ------------------------------------------------------------------------------------------------------------ 19
3.28. Acceptance of terms -------------------------------------------------------------------------------------------------------------- 19
3.29. Information Provided ------------------------------------------------------------------------------------------------------------- 19
3.30. Exchange Rate Variation (ERV) (if applicable) ----------------------------------------------------------------------- 19
3.31. Eligibility Criteria ------------------------------------------------------------------------------------------------------------------- 20
3.32. Authorized Signatory ------------------------------------------------------------------------------------------------------------- 20
3.33. Notices ---------------------------------------------------------------------------------------------------------------------------------- 20
4. SCOPE OF WORK ----------------------------------------------------------------------------------- 21
4.1. Project Objective ------------------------------------------------------------------------------------------------------------------- 21
5. QUALIFICATION CRITERIA ---------------------------------------------------------------------- 21
5.1. Eligibility of the Bidder ---------------------------------------------------------------------------------------------------------- 21
6. TERMS AND CONDITIONS ----------------------------------------------------------------------- 22
6.1. General ---------------------------------------------------------------------------------------------------------------------------------- 22
6.2. Rules for responding to this tender document ---------------------------------------------------------------------- 22
6.3. Price Bids ------------------------------------------------------------------------------------------------------------------------------ 23
6.4. Visitorial Rights --------------------------------------------------------------------------------------------------------------------- 23
6.5. Solicitation of Employees ------------------------------------------------------------------------------------------------------ 23
6.6. Costs & Currency ------------------------------------------------------------------------------------------------------------------ 24
6.7. Right to Alter Scope -------------------------------------------------------------------------------------------------------------- 24
6.8. Compliance with All Applicable Laws ------------------------------------------------------------------------------------ 24
6.9. Performance Bank Guarantee (10%) -------------------------------------------------------------------------------------- 25
6.10. Payment Terms ---------------------------------------------------------------------------------------------------------------------- 25
6.11. Project Timelines ------------------------------------------------------------------------------------------------------------------- 25
6.12. Amalgamation------------------------------------------------------------------------------------------------------------------------ 25
6.13. IT Act ------------------------------------------------------------------------------------------------------------------------------------- 25

6.14. Aadhaar ACT ------------------------------------------------------------------------------------------------------------------------- 25

6.15. Digital Personal Data Protection Act (2023) -------------------------------------------------------------------------- 25
6.16. ISMS Framework -------------------------------------------------------------------------------------------------------------------- 26
6.17. Change Management ------------------------------------------------------------------------------------------------------------- 26
6.18. Supplier BCP ------------------------------------------------------------------------------------------------------------------------- 26
6.19. Assignment --------------------------------------------------------------------------------------------------------------------------- 26
6.20. Subcontracting ---------------------------------------------------------------------------------------------------------------------- 26
6.21. Compliance with Master Directions on outsourcing of IT Services & It Governance ------------- 26
6.22. Protection of Reputation -------------------------------------------------------------------------------------------------------- 27
6.23. Support ---------------------------------------------------------------------------------------------------------------------------------- 27
6.24. Cancellation of Contract and Compensation ------------------------------------------------------------------------- 27
6.25. Exit Option & Contract Re-negotiation----------------------------------------------------------------------------------- 28
6.26. Termination --------------------------------------------------------------------------------------------------------------------------- 29
6.27. Effect of Termination ------------------------------------------------------------------------------------------------------------- 29
6.28. Intellectual Property Rights --------------------------------------------------------------------------------------------------- 30
6.29. Corrupt & Fraudulent Practices --------------------------------------------------------------------------------------------- 30
6.30. Conflict of Interest ----------------------------------------------------------------------------------------------------------------- 30
6.31. Violation of Terms ----------------------------------------------------------------------------------------------------------------- 31
6.32. Service Level Agreement ------------------------------------------------------------------------------------------------------- 31
6.33. Liquidated Damages -------------------------------------------------------------------------------------------------------------- 31
6.34. Indemnity ------------------------------------------------------------------------------------------------------------------------------- 32
6.35. Force Majeure ------------------------------------------------------------------------------------------------------------------------ 33
6.36. Resolution of Disputes ---------------------------------------------------------------------------------------------------------- 33
6.37. Non-Disclosure Agreement---------------------------------------------------------------------------------------------------- 34
6.38. Pre-Contract Integrity Pact ---------------------------------------------------------------------------------------------------- 34
6.39. Limitation of Liability ------------------------------------------------------------------------------------------------------------- 34
6.40. Confidentiality ----------------------------------------------------------------------------------------------------------------------- 35
6.41. Severability ---------------------------------------------------------------------------------------------------------------------------- 37
6.42. Delays in Design, Implementation and Performance Guarantee. ------------------------------------------- 38
6.43. Publicity --------------------------------------------------------------------------------------------------------------------------------- 38
6.44. Privacy and Security Safeguards ------------------------------------------------------------------------------------------- 38
6.45. Adherence to Terms and Conditions ------------------------------------------------------------------------------------- 38
6.46. Other Terms and Conditions-------------------------------------------------------------------------------------------------- 38
6.47. Timeframe ------------------------------------------------------------------------------------------------------------------------------ 39
6.48. Authorized Signatory ------------------------------------------------------------------------------------------------------------- 39
6.49. Applicable Law and Jurisdiction of Court ------------------------------------------------------------------------------ 40
6.50. No Employer-Employee Relationship ------------------------------------------------------------------------------------ 40
6.51. Minimum Wages -------------------------------------------------------------------------------------------------------------------- 40
6.52. Escrow Arrangement:(if applicable) -------------------------------------------------------------------------------------- 40
6.53. Service Continuity ----------------------------------------------------------------------------------------------------------------- 41
6.54. Source Code Audit (if applicable) ------------------------------------------------------------------------------------------ 41
6.55. Audit and Inspection of Codes/Records -------------------------------------------------------------------------------- 42
6.56. Guarantees ---------------------------------------------------------------------------------------------------------------------------- 42
6.57. Solution/Equipment Integration with SIEM, ITSM & NMS ------------------------------------------------------- 42
6.58. Software Licenses ----------------------------------------------------------------------------------------------------------------- 42
6.59. Acceptance Test -------------------------------------------------------------------------------------------------------------------- 42
6.60. Warranty, AMC & ATS ------------------------------------------------------------------------------------------------------------ 43
6.61. Order Cancellation ----------------------------------------------------------------------------------------------------------------- 44
6.62. Future additions of Hardware / Software ------------------------------------------------------------------------------- 44
6.63. Completeness of Installation ------------------------------------------------------------------------------------------------- 45
6.64. Clarification on Offers------------------------------------------------------------------------------------------------------------ 45
6.65. No Commitment to Accept Lowest or Any Tender ----------------------------------------------------------------- 45
6.66. Make, Model & Part numbers of the equipment/solution ------------------------------------------------------- 45
6.67. Disclaimer ------------------------------------------------------------------------------------------------------------------------------ 45
7. ANNEXURES ------------------------------------------------------------------------------------------ 46

7.1. ANNEXURE 1: CERTIFICATE FOR RFP COST WAIVER FOR MSE/NSIC FIRMS --------------------- 46
7.2. ANNEXURE 2: CHECKLIST OF DOCUMENTS TO BE SUBMITTED ---------------------------------------- 47
7.3. ANNEXURE 3: FORMAT FOR PRE BID QUERIES ------------------------------------------------------------------ 48
7.4. ANNEXURE 4: NON DISCLOSURE AGREEMENT ------------------------------------------------------------------- 49
7.5. ANNEXURE 5: TENDER OFFER COVER LETTER ------------------------------------------------------------------ 52
7.6. ANNEXURE 6: DETAILS OF THE BIDDER ------------------------------------------------------------------------------ 53
7.7. ANNEXURE 7: DETAILS OF PAST EXPIRIENCES OF HANDLING SIMMILAR PROJECT
RECORD 54
7.8. ANNEXURE 8: COMPLIANCE CERTIFICATE -------------------------------------------------------------------------- 55
7.9. ANNEXURE 9: UNDERTAKING OF INFORMATION SECURITY ----------------------------------------------- 57
7.10. ANNEXURE 10: PRE CONTRACT INTEGIRITY PACT ------------------------------------------------------------- 58
7.11. ANNEXURE 11: PERFORMANCE BANK GUARANTEE ---------------------------------------------------------- 64
7.12. ANNEXURE 12: LETTER FOR REFUND OF EMD (If Applicable)--------------------------------------------- 66
7.13. ANNEXURE 13 A: RESTRICTIONS UNDER RULE 144 (XI) OF THE GENERAL FINANCIAL
RULES (GFRS), 2017 FOR TENDER PARTICIPATION ---------------------------------------------------------------------------- 67
7.14. ANNEXURE 13 B: MODEL CERTIFICATE FORMAT FOR TENDER PARTICIPATION TO BE
SUBMITTED BY BIDDERS ---------------------------------------------------------------------------------------------------------------------- 69
7.15. ANNEXURE 14: LIST OF DEVIATIONS REQUESTED ------------------------------------------------------------- 70
7.16. ANNEXURE 15: BID FORM ----------------------------------------------------------------------------------------------------- 71
7.17. ANNEXURE 16: UNDERTAKING BY BIDDER FOR NON BLACKLISTING ------------------------------- 73
7.18. ANNEXURE 17: TERMS AND CONDITIONS COMPLIANCE TABLE ---------------------------------------- 74
7.19. ANNEXURE 18: DETAILS OF ADDITIONAL HARDWARE OR OPERATING SYSTEM
REQUIREMENT (IF ANY) ------------------------------------------------------------------------------------------------------------------------ 76
7.20. ANNEXURE 19: MANUFACTURER’S AUTHORIZATION FORM (MAF) ------------------------------------ 77
7.21. ANNEXURE 20: PROPOSED TEAM PROFILE------------------------------------------------------------------------- 77
7.22. ANNEXURE 21: UNDERTAKING FOR NOT BEING NPA --------------------------------------------------------- 79
7.23. ANNEXURE 22: DETAILS OF SERVICE CENTERS/SUPPORT OFFICES/ Scrubbing centers - 80
7.24. ANNEXURE 23: FORMAT FOR LOCAL CONTENT ----------------------------------------------------------------- 81
7.25. ANNEXURE 24: UNDERTAKING FOR REGULATORY GUIDELINES & IT ACT ADHERENCE. - 82
7.26. ANNEXURE 25: BG FORMAT FOR EMD --------------------------------------------------------------------------------- 83
7.27. ANNEXURE A: COMMERCIAL BID FORMAT -------------------------------------------------------------------------- 85
7.28. ANNEXURE B: TECHNICAL EVALUATION CRITERIA ------------------------------------------------------------ 89
7.29. ANNEXURE C: SCOPE OF WORK ------------------------------------------------------------------------------------------ 91
7.30. ANNEXURE D: ELIGIBILITY EVALUATION COMPLIANCE --------------------------------------------------- 103
7.31. ANNEXURE E: PAYMENT TERMS ---------------------------------------------------------------------------------------- 107
7.32. ANNEXURE F: PROJECT TIMELINES ---------------------------------------------------------------------------------- 110
7.33. ANNEXURE G: SERVICE LEVEL REQUIREMENTS -------------------------------------------------------------- 111
7.34. ANNEXURE H: TECHNICAL SPECIFICATIONS -------------------------------------------------------------------- 117

1. INTRODUCTION
About Bank
Bank of Maharashtra is one of the prominent nationalized Bank with a standing of 88 years. It has a
three tier organizational set up consisting of Branches, Zonal Offices, and Head Office. The Bank has
been listed among premier Banks in terms of efficiency ratios, CASA % and Business growth (Y-o-Y)
consistently for the last 16 quarters.
Bank has 2355+ branches/offices across the length and breadth of the country. In the state of
Maharashtra, Bank has approx. 1200+ branch offices, the largest network of branches of any Public
Sector Bank in the state. Bank has set up specialized branch offices to cater to the needs of SMEs,
Corporate, agriculturists, and importers & exporters. All the Branches of the Bank are networked and
under Core Banking Solution. Apart from the above, Bank also established 3 DBUs during FY 2022-
23.
The products and services offered by Bank include demand deposits, time deposits, working capital
finance, term lending, trade finance, retail loans, government business, banc assurance business,
mutual funds, and other services like DEMAT, ASBA, lockers, merchant banking, APY, PPF, NPS,
Social Security Schemes, etc. as permitted in the regulatory guidelines in the country, etc.
Bank is known as a frontrunner in the implementation of technology initiatives, product innovations,
and digital implementations.
CURRENT HIGH-LEVEL TECHNOLOGY ENVIRONMENT
Bank’s vision is to be a vibrant, forward-looking, techno-savvy, customer-centric Bank serving diverse

sections of society, enhancing shareholders' and employees' value while moving towards a global
presence.
Bank has 100% of its branches on Core Banking Solution – B@ncs24 (TCS). Bank has also
implemented or is in the process of implementing a range of customer-centric and other solutions,
which are as follows:
 Full suite of Core Banking Solutions with its latest centralized version, including Deposits,
Advances and Trade Finance
 Payment systems like NEFT, RTGS, SWIFT, CTS, etc.
 Anti-Money Laundering solution
 Alternate delivery channels like ATM, Mobile Banking, UPI, Internet Banking
 Center of Excellence on Database, CBS, Security & Analytics
 Cyber Security Operations Centre
 Automated Data Flow
 Own ATM Switch & 2200+ ATMs & Recyclers
 A Two Factor Authentication Solution ‘Mahasecure’ for Internet Banking
 Mail Messaging system
 Loan Life Cycle Management System
 Early Warning System
 Account Aggregator
 Robotics Process Automation
In addition to the traditional Banking applications, Bank has also implemented many other
technological initiatives like Tab Banking, Fast Tag, Cardless Cash Withdrawal through ATMs,
WhatsApp Banking & Chatbot solution and is in proposes to implement several new IT projects such
as UPI on CAPEX Model, Lifestyle Banking, Customer Relationship Management (CRM), Online
Share Trading solution etc.

2. INVITATION FOR TENDER OFFERS
Bank invites sealed tender offers (Technical and Commercial bid) from eligible, reputed manufacturers
and/or authorized dealers for RFP-28/2023-24 for Supply, Installation, Configuration, Integration,
Implementation, and Maintenance of Anti DDoS solutions with facility management support for
Bank’s Data Center (DC) and Disaster Recovery Site (DR) as specified in Schedules of
Requirement.
A complete set of tender documents may be downloaded from Govt. e-Market place portal URL-
https://gem.gov.in . Bid submission shall be conducted in Online Mode through GeM Portal only.
Bid Collection and Submission Calendar
Tender Reference number 28/2023-24

Date of commencement of sale of 15/12/2023
tender document
Queries to be mailed by 26/12/2023 upto 17:00 hours
Queries to be mailed to tendershoit@mahabank.co.in
Pre-Bid meeting with Bidders 29/12/2023 at 15:00 hours

(Online Mode – Meeting details shall be shared with bidders on
request)
Last Date and Time for receipts of 08/01/2024 up to 17:00 hours
tender offers
Time and Date of Opening of 08/01/2024 at 17:30 hours
technical bids
Place of Opening tender offers Online through GeM Portal https://gem.gov.in
Address of Communication Deputy General Manger IT

Bank of Maharashtra
IT Dept, Head Office, Lokmangal, 1501, Shivajinagar, Pune –
411 005
Earnest Money Deposit 10 Lakh#
Contact Telephone Numbers Phone: 020 – 25614527 , 020 - 25614566
Website https://gem.gov.in ; https://www.bankofmaharashtra.in/tenders
Note: If any of the above dates fall on holiday or are declared holiday due to regulatory or
other reasons beyond the control of the Bank, then the next valid date in such case will be
the next working date of the Bank as applicable in Pune, Maharashtra.
# Exemption for EMD for MSEs shall be as per the policy guidelines issued by GOI from time to time.
In the case of bidders registered with National Small Industries Corporation Limited (NSIC)/Micro &
Small Enterprises (MSE), they are eligible for the waiver of EMD subjected to submission of valid
MSE/NSIC Certificate clearly mentioning that they are registered with NSIC/MSE under single point
registration scheme (Please refer to Annexure 1).

Further, EMD Exception shall be applicable as per General Terms and Conditions on GeM 4.0
(Version 1.12) dt 16th August 2023. It is bidder’s responsibility to comply with GeM terms and
conditions and provide appropriate documents to avail such exception, wherever required.
Earnest Money Deposit must accompany all tender offers as specified in this tender document. EMD
amount/Bank Guarantee in lieu of the same should not be mixed with Technical bid or other
documents. It should be in separate cover to be handed over to the department. In the case of
bidders registered with NSIC/MSE, they are eligible for the waiver of EMD. However, they need to
provide valid NSIC/MSE Certificate clearly mentioning that they are registered with NSIC under
single-point registration scheme. The waiver is subject to Government guidelines prevailing at the
time of tender submission.
The tender document and its annexures describe technical Specifications, Terms and Conditions,
formats, and proforma for submitting the tender offer. Also, all the tender offers will be opened online
mode through GeM Portal only.
Sd/-
General Manager
Information Technology

3. INSTRUCTIONS TO BIDDERS
3.1. Two Bid System Tender
The Technical Bid and Commercial bid must be submitted simultaneously per the norms of GeM.
Important: The eligibility credentials, financial reports & product information brochures shall
be distinctly attached, and the technical bid shall be submitted in an orderly manner failing
which the bids may not be considered acceptable.
Bank’s address
Bank of Maharashtra
Information Technology Department,
Ground Floor,
“Lokmangal”, 1501, Shivajinagar, Pune –
411005
Following officers have been authorized to accept the tender documents
Shri Shashikant Dhengale, Chief Manager-IT, Head Office, Pune

email ID: cmitd@mahabank.co.in Phone : 020-25614566
Shri Keshav M. Metkar, Sr. Manager- Head office Pune

Shri Anurag Patel, Dy. Manager- Head office Pune
email ID: tendershoit@mahabank.co.in , Phone : 020-25614527
The documents/credentials submitted must be super-scribed with the following information:

• Type of Offer (Technical/Commercial)
• Tender Reference Number
• Due Date
• Name of the Bidder
All Schedules, Formats, and Annexure should be stamped and signed by an authorized official of the
bidder’s company. A letter of authorization from a competent authority is submitted along with the
technical proposal.
The bidder will also submit a copy of the RFP duly stamped and signed on each page by the authorized
official of the bidder’s company.
TECHNICAL BID
The Technical bid should be complete in all respects and contain all information asked for except
prices. The TECHNICAL BID should include all items asked for in Annexure 2 of this document.
The Technical bid should not contain any price information. The TECHNICAL BID should be
complete to indicate that all products and services asked for are quoted and should give all required
information. A copy of Commercial Bill of Material with prices duly MASKED be submitted along
with the Technical Bid.
Bank reserves the right to reject any bid submitted without masked commercial.

COMMERCIAL BID:
The Commercial bid should give all relevant price information and should not contradict the
TECHNICAL BID in any manner.
The prices quoted in the commercial bid should be without any conditions. The bidder should submit
an undertaking that there are no deviations to the specifications mentioned in the RFP, either with the
technical or commercial bids submitted.
The Technical bid and Commercial bid should be separately submitted. Please note that Technical
Bid contains any price-related information, the offer may be rejected outright.
Bid Security:
Bidders are required to submit Bid Security/EMD in the form of DD/BG. Micro & Small Enterprises
(MSE) seeking exemption from EMD must submit a valid Exemption Certificate. Further EMD
Exemption shall be applicable as per General Terms & conditions on GeM4.0 dated 16.08.2023, it is
the bidder’s responsibility to comply with GeM terms & Conditions & periodic relevant document for
exception, wherever required.
3.2. Terms and Conditions
Terms and conditions for bidders who participate in the tender are specified in the “Terms and
Conditions” section. As advised through the tender document, these terms and conditions will be
binding on all the bidders. These terms and conditions will also form a part of the purchase order, to
be issued to the successful bidder(s) on the outcome of the tender process and execution of Service
Level Agreements (SLA).
3.3. Soft Copy of Tender document
➢ The soft copy of the Notice Inviting Tender (NIT) document shall be made available additionally
on the Bank’s website. https://bankofmaharashtra.in/tenders
➢ Complete set of RFP document shall be made available to Govt. e-Market Place (GeM) url
https://gem.gov.in .
However, Bank shall not be held responsible in any way for any errors/omissions/mistakes in the
downloaded copy. The bidder is advised to check the contents of the downloaded copy for correctness
against the printed copy of the tender document. The printed copy of the tender document shall be
treated as correct and final in case of any errors in the soft copy.
Important Note:
All the terms, conditions, eligibility criteria, order splitting, delivery and other conditions as
stipulated in this RFP document shall prevail upon the terms, conditions as mentioned
elsewhere. Bidders should consider this RFP document as key document for the said Project.
3.4. Offer validity Period
The offer should hold good for a period of 180 days from the date of opening of the Technical bid.
3.5. Address of Communication
Offers should be addressed to the following office at the address given below:

The Deputy General Manager

Information Technology Dept., Ground Floor
Bank of Maharashtra
Head Office, “Lokmangal”
1501, Shivaji Nagar, Pune – 411005.
Email: dgmitd@mahabank.co.in
tendershoit@mahabank.co.in
Phone: 020-25614527/020-25614498
3.6. Pre-Bid Meeting
For the purpose of clarification of doubts of the bidders on issues related to this RFP, Bank intends to
hold a Pre-Bid Meeting on the date and time as indicated in the RFP preferably through online mode.
The queries of all the bidders should reach us in writing or over e-mail on or before the address as
mentioned above. The queries should be submitted as per format enclosed as Annexure 3 preferably
in excel format. Bank is not liable to respond to the queries of bidders received after the due date
fixed for submission of Pre-Bid Queries.
Email-id for sending the pre-bid queries in the format given as Annexure-3 –
tendershoit@mahabank.co.in
Queries not received in the prescribed format or queries without the relevant details will not
be taken up for a response. Similarly, queries received after the due date shall not be
entertained. The clarifications and replies to the queries offered during the Pre-Bid Meeting will be
made available on the Bank’s Website. Bidders are advised to visit both the Bank’s Website as well
as GeM Portal regularly for the latest update related to this RFP.
Only the authorized representatives of the bidder (maximum 2 persons) will be allowed to attend the
Pre-Bid meeting along with the authorization letter issued by the respective company.
Pre-bid meeting through Virtual/Online Mode: Bank may hold the pre-bid meeting in virtual/online
mode through video conferencing/virtual meeting solutions e.g., Microsoft Teams/Google Meet/Cisco
Webex, etc. The details of the meeting shall be shared only with the bidders who will submit their
queries in the prescribed format through mail to the designated mail ids.
3.7. Rejection of Bids:
Bank reserves the right to reject any or all the bids or scrap the bidding process at any stage without
assigning any reason. The Earnest Money Deposits in such an event will be returned by the Bank.
3.8. Opening of Offers by Bank:
➢ Tender offers received within the prescribed closing date and time will be opened through
Online mode on Govt. E-Market Place (GeM) Portal only on scheduled date & time.
➢ During the bid evaluation, the Bank may, at its discretion, ask the bidders for clarifications with
respect to their bids. The request for clarification and the response shall be in writing, and no
change in the price or substance of the bid shall be sought, offered or permitted. Bank has the
right to disqualify the bidder(s) whose clarifications are found not suitable for the requirement
according to the scope of the work.
3.9. Scrutiny of Offers
Scrutiny of Bids will be in three stages as under:

• Stage 1 – Eligibility criteria Evaluation

• Stage 2 – Technical Bid Evaluation
• Stage 3 – Commercial Bid Evaluation
a) Eligibility Criteria Evaluation:
Eligibility criterion for the Bidder to qualify for this stage is clearly mentioned in Annexure D –
Eligibility Criteria Compliance to this document. The Bidders who meet all these criteria would
only qualify for the second stage of evaluation. The Bidder would need to provide supporting
documents for eligibility proof. All the credentials of the Bidder necessarily need to be relevant
to the Indian market if specified otherwise.
The decision of the Bank shall be final and binding on all the Bidders to this document. The Bank
may accept or reject an offer without assigning any reason whatsoever.
Note: In line with the contents of order No. 6/18/2019-PPD (Public Procurement No. 1) dated
23rd July 2020 issued by the Ministry of Finance, Department of Expenditure, Procurement
Division, inviting attention to OM No. 6/18/2019-PPD dated 23rd July 2020 for the “restrictions
under Rule 144 (xi) of the General Financial (GFRs), 2017, Any bidder from a country which
shares a land border with India will be eligible to bid this tender only if the bidder is registered
with the competent Authority. Committee constituted by the Department for Promotion of
Industry and Internal Trade (DPIIT)). For details, please refer Annexure 13A of this RFP. For
any further reference in this regard, the Compilation of amendments in GFR, 2017, up to
31.07.2022, issued by the Department of Expenditure, Ministry of Finance, and GOI shall be
applicable.
b) Technical Evaluation:
Technical Proposals of only those bidders shall be evaluated who have satisfied the eligibility
criteria. At the next stage, the bid submitted by the bidders shall be evaluated based on
Technical evaluation parameters as defined in Annexure-B of this RFP document. The scoring
methodology used for Technical Bid Evaluation is explained in Annexure B of this RFP. It is
mandatory for bidders to score a Minimum 70% or above score in the Technical Evaluation
Process as above to qualify for further processing i.e., Commercial Bid Evaluation. The proposal
submitted by the bidders shall, therefore, be evaluated as per the Technical Evaluation criteria
are given in Annexure B.
Bank may seek clarifications from any or each bidder as a part of the technical evaluation. All
clarifications received within the stipulated time shall be considered for evaluation. If clarification
is not received within the stipulated time, the respective technical parameter will be treated as
non-compliant, and the decision on their qualification shall be as per tender terms within the
discretion of the Bank.
Also, It is mandatory for eligible bidders to ensure 100% Compliance with the TECHNICAL
requirement mentioned in Annexure-H of this RFP.
c) Commercial Evaluation:
Only the following bidders will be considered eligible for commercial evaluation/ reverse auction
who satisfy following conditions:

1. Bidders found eligible as per eligibility criteria defined by the Bank.
2. Bidders scoring 70% or more marks in technical bid evaluation.
Bank reserves the right to conduct the commercial evaluation of technically qualified bids by
opening the online commercial bids on GeM portal. The Bank also reserves the right to ‘call
off’/ cancel the tender at any point in time.
Bank will notify the name of the Successful Bidder. Commercial bid evaluation shall be
considered as below in case of any kind of discrepancy:
• If there is a discrepancy between words and figures, the amount in words shall prevail
• If there is a discrepancy between percentage and amount, the amount calculated as per
the stipulated percentage basis shall prevail.
• If there is discrepancy between unit price and total price, the unit price shall prevail
• If there is a discrepancy in the total, the correct total shall be arrived at by Bank
• In case the Bidder does not accept the correction of the errors as stated above, the bid
shall be rejected.
3.10. Techno-Commercial Evaluation Criteria
The Final Selection of the Bidder shall be carried out through Techno-Commercial evaluation.
Technical score will carry 70% Weightage, and Commercial score will carry 30% weight.
The Scores will be calculated for all technically qualified bidders using the formula: -
S=( 0.3X C Minimum )+ ( 0.7X T Obtained )

C Quoted T Highest
C Minimum- Commercial Score Minimum Quote

C Quoted - Commercial Score Quoted
T Highest - Technical Score Highest Scored
T Obtained -Technical Score Obtained
Technical will carry 70% Weightage, and Commercial will carry 30% weight.
The Bidder with Highest Techno Commercial Score (S) shall be declared as Successful bidder (H-1
bidder).
In case of tie-up in Techno commercial evaluation score, the bidder scoring highest technical score
will be declared H-1 bidder.
Note: Final Selection of Bidders shall be made on the basis of aggregated Techno-Commercial score,
not only on the basis of the lowest Commercial.
3.11. Format for Technical bid
The Technical bid must be made in an organized &structured manner. Brochures/leaflets etc., should
also accompany wherever required.
The suggested format for submission of the Technical bid is as per Annexure 2:

3.12. Masked Commercial bid
The bidder should submit a copy of the actual price bid being submitted to the Bank by
masking the actual prices as part of the technical bid. This is mandatory. The bid may be
disqualified if it is not submitted duly masked. Please note that the masked bid should not contain
any price-related information in Open text form and should not reveal any commercials. This
may lead to the rejection of bids.
3.13. Format for Commercial bid
The Commercial bid must not contradict the Technical bid in any way. The suggested format for
submission of Commercial bid is as follows:
1. Index
2. Covering letter
3. Commercial Bid (as per Annexure A). This must contain all price information.
4. A statement that the bidder agrees with Payment terms given in the tender.
The bidder must quote for ALL the items mentioned in Commercial Bid Format as per Annexure A
3.14. Erasures or Alterations
The offers containing erasures or alterations will not be considered. There should be no hand-written
material, corrections, or alterations in the offer. Technical details must be completely filled up. Correct
technical information of the product being offered must be filled in. Filling up of the information using
terms such as “OK”, “accepted”, “noted”, “as given in the brochure/manual” is not acceptable. Bank
may treat offers not adhering to these guidelines as unacceptable.
Bank may, at its discretion, waive any minor non-conformity or any minor irregularity in an offer. This
shall be binding on all bidders, and Bank reserves the right for such waivers.
3.15. Location of Project Implementation
This tender is being floated by the Head office of Bank. The Project Implementation location will be
Pune & Hyderabad. However, Bidder may be required to travel outside Pune/Hyderabad as part of
the project. Bank will not be liable to pay any out-of-pocket expenses, traveling expenses, lodging and
boarding expenses etc., additionally for this purpose. Bank reserves the right to make changes in the
locations, as per its requirement.
3.16. Contract Period
The period shall be for 5 years from the date of successful go-live and acceptance by the Bank. After
the completion of initial period of 05 (five) years, based on performance of the bidder, the contract
may be extended / renewed for such further period as would be decided by Bank on the same terms
and conditions as mentioned herein at mutually agreed cost. Till such time for the execution of
renewal, the Bidder and OEM shall continue to provide services to the Bank under service continuity
clause.
The performance of the selected bidder shall be reviewed every quarter, and the Bank reserves the
right to terminate the contract at its sole discretion by giving 30 days prior notice. Any offer falling short
of the contract validity period is liable for rejection.

3.17. Fixed Price
The Commercial bid shall be on a fixed price basis, inclusive of all taxes and levies at the site as
mentioned above, except GST. No price variation relating to increases in customs duty, excise tax,
dollar price variation etc., will be permitted.
3.18. Lowest Price Bid
It is absolutely essential for the bidders to quote the lowest price at the time of making the offer in their
own interest.
3.19. Adoption of Integrity Pact
To ensure transparency, equity, and competitiveness and in compliance with the CVC guidelines, this
tender shall be covered under the Integrity Pact (IP) policy of Bank.
The Integrity Pact envisages a panel of Independent External Monitors (IEMs) to review independently
and objectively whether and to what extent parties have complied with their obligation under the pact.
The IEM has the right to access all the project documents.
Bank, at its sole discretion, reserves the right to change/name another IEM, which shall be notified
latter.
1. The Pact essentially envisages an agreement between the prospective bidders and the Bank,
committing the persons/officials of both sides not to resort to any corrupt practices in any
aspect/stage of the contract.
2. Only those bidders, who commit themselves to the above pact with the Bank, shall be
considered eligible to participate in the bidding process.
3. The Bidders shall submit a signed integrity pact as per Annexure 10 along with Conformity
to Eligibility Criteria. Those Bids which do not contain the above are liable for rejection.
4. Foreign Bidders to disclose the name and address of agents and representatives in India and
Indian Bidders to disclose their foreign principles or associates, wherever applicable.
5. Bidders are to disclose the payments to be made by them to agents/brokers or any other
intermediary. Bidders are to disclose any transgressions with any other company that may
impinge on the anti-corruption principle.
6. Integrity Pact, in respect of this contract, would be operative from the stage of invitation of
the Bids till the final completion of the contract. Any violation of the same would entail
disqualification of the bidders and exclusion from future business dealings.
7. The Integrity Pact Agreement submitted by the bidder during the Bid submission will
automatically form part of the Contract Agreement till the conclusion of the contract i.e. the
final payment or the duration of the Warranty/Guarantee/AMC if contracted whichever is later.
8. In case of joint venture, all the partners of the joint venture should sign the integrity Pact. In
case of sub-contracting, the principal contractor shall take the responsibility of the adoption
of IP by the sub-contractor. It is to be ensured that all sub-contractors also sign the IP.
9. A person/entity signing IP shall not approach the court while representing the matters to IEMs
and he/she will wait for decision of IEMs in the matter.
10. The name and contact details of the Independent External Monitors (IEM) nominated by the
Bank are as under:

Shri. Arun Jha Shri. Umesh Vasant Dhatrak
Flat no. B-2, 602, PWO, Sector-4, 104, Yamunashri Apartment, Sinhgad Road,
Gurgaon Haryana-122109 Parvati, Survey No. 120 A+B, Plot No.4 ,Near
Navshya Maruti Mandir, Pune-411030
Email – arunjha01@gmail.com Email -uvdhatrak@gmail.com
3.20. Preference for Public Procurement (Preference to Make in India)
Guidelines issued as per PPP-MII (Public Procurement (Preference to Make in India), Order 2017
(PPP-MII Order), Order No. P-45021/2/2017-BEII dated 15.06.2017, as amended by Order No. P-
45021/2/2017-BE-II dated 28.05.2018 and Order No. P-45021/2/2017-BE-II dated 29.05.2019 and
revision issued vide letter No. P-45021/2/2017(BE-II) dated 04.06.2020 & vide letter No. P-
45021/2/2017(BE-II) dated 04.06.2020 vide letter No. P-45021/2/2017(BE-II) dated 16.09.2020 by
Government of India will be followed for evaluation of the bids.
Please note that as per Para 2 of the PPP-MII Order, 2017 (as amended on 16.09.2020). Local
content’ means the amount of value added in India which shall, unless otherwise prescribed by the
Nodal Ministry, be the total value of the item procured (excluding net domestic indirect taxes) minus
the value of imported content in the item (including all customs duties) as a proportion of the total
value, in percent.
Also in view of DPIIT OM No. P-45021/102/2019-BE-II-Part (1) (E-50310) dated 04.03.2021, The
cost of transportation, insurance, installation, commissioning, training and after sales service
support like AMC/CMC etc. will not be taken into account for calculating local content in any
item.
3.21. Earnest Money Deposit
Bidders are required to submit the EMD. The following options are available to submit EMD:
1. Demand Draft drawn in favor of Bank of Maharashtra and payable at Pune, for an amount
mentioned in invitation section of this document as Earnest Money Deposit (EMD) along with
their offer.
2. Bank Guarantee
Offers made without E.M.D will be rejected. Bank will not pay any interest on the E.M.D. The Bank
may accept Bank Guarantee in lieu of EMD for an equivalent amount issued by any Public Sector
Bank other than Bank of Maharashtra or by any scheduled commercial Bank acceptable to Bank. In
case of Bank Guarantee being issued from other than Public sector Banks, prior permission of Bank
is required. The BG should be valid for 6 months from the date of submission of the bid. The format
for submitting EMD in the form of BG is enclosed as Annexure 25.
Unsuccessful Bidders‟ Bid security will be returned immediately after completion of tender process.
Unsuccessful Bidders should submit the Letter for Refund of EMD/Bid Security for returning of the bid
security amount as per Annexure 12 - Letter for Refund of EMD
The EMD made by the bidder will be forfeited if:
• The bidder withdraws his tender before processing of the same.

• The bidder withdraws his tender after processing but before acceptance of “Letter of
appointment” issued by Bank.
• The selected bidder withdraws his tender before furnishing an unconditional and irrevocable
Performance Bank Guarantee.
• The bidder violates any of the provisions of the terms and conditions of this tender specification.
• If successful bidder fails to execute the contract/SLA within required time
The EMD will be refunded to
➢ The successful bidder, only after furnishing an unconditional and irrevocable Performance Bank
Guarantee of amount specified in RFP document valid till the end of assignment period with
additional claim period of 6 (Six) months.
➢ The unsuccessful bidders, only after acceptance of the “Letter of Appointment” by the selected
bidder.
After the award of the contract, if the selected bidder does not perform satisfactorily or delays
execution of the contract, the Bank reserves the right to get the balance contract executed by another
party of its choice by giving one month’s notice for the same. In this event, the selected bidder is
bound to make good the additional expenditure, which the Bank may have to incur to carry out bidding
process for the execution of the balance of the contract. This clause is applicable, if for any reason,
the contract is cancelled.
The Bank reserves the right to recover any dues payable by the selected bidder from any amount
outstanding to the credit of the selected bidder, including the pending bills and/or invoking Bank
Guarantee, if any, under this contract or any other contract/order.
3.22. Commercial
If any of the items/activities as mentioned in the price bid and as mentioned in Annexure A are not
taken up by the Bank during the course of this assignment, the Bank will not pay the commercials
quoted by the bidder in the Price Bid against such activity/item. The Bank shall be paying the
commercials, only on actual basis, for which services have been availed or products have been
delivered during the contract period subject to applicable delay penalty, wherever applicable. The
Bank shall also have the right to cancel any of the items which have been mentioned in the Bills of
Materials- Annexure A.
Description of the envisaged scope is enumerated as part of Annexure-C of this RFP; however, the
Bank reserves its right to change the scope of work considering the size and variety of the
requirements and the changing business conditions. The bidder needs to quote as per the Bill of
Materials mentioned in Annexure A.
Considering the enormity of the assignment, any service which forms a part of the Project Scope that
is not explicitly mentioned in scope of work as excluded would form part of this RFP, and the Bidder
is expected to provide the same at no additional cost to the Bank. The Bidder needs to consider and
envisage all services that would be required in the Scope and ensure the same is delivered to the
Bank. The Bank will not accept any plea of the Bidder at a later date for omission of services on the
pretext that the same was not explicitly mentioned in the RFP.
3.23. Costs Borne by Respondents

All costs and expenses (whether in terms of time or money) incurred by the Recipient / Respondent
in any way associated with the development, preparation and submission of responses, including but
not limited to attendance at meetings, discussions, demonstrations, etc. and providing any additional
information required by Bank, will be borne entirely and exclusively by the Recipient / Respondent.
3.24. No Legal relationship
No binding legal relationship will exist between any of the Recipients / Respondents and the Bank
until execution of a contractual agreement to the full satisfaction of the Bank.
3.25. Recipient obligation to inform itself
The Recipient must apply its own care and conduct its own investigation and analysis regarding any
information contained in the RFP document and the meaning and impact of that information.
3.26. Evaluation of offers
Each Recipient acknowledges and accepts that the Bank may, in its sole and absolute discretion,
apply whatever criteria it deems appropriate in the selection of organizations, not limited to those
selection criteria set out in this RFP document.
The issuance of RFP document is merely an invitation to offer and must not be construed as any
agreement or contract or arrangement nor would it be construed as any investigation or review carried
out by a Recipient. The Recipient unconditionally acknowledges by submitting its response to this
RFP document that it has not relied on any idea, information, statement, representation, or warranty
given in this RFP document.
3.27. Errors and Omissions
Each Recipient should notify the Bank of any error, fault, omission, or discrepancy found in this RFP
document but not later than five business days prior to the due date for lodgment of Response to RFP.
3.28. Acceptance of terms
A Recipient will by responding to the Bank’s RFP document, be deemed to have accepted the terms
as stated in this RFP document.
3.29. Information Provided
The RFP document contains statements derived from information that is believed to be true and
reliable at the date obtained but does not purport to provide all of the information that may be
necessary or desirable to enable an intending contracting party to determine whether or not to enter
into a contract or arrangement with Bank in relation to the provision of services. Neither Bank nor any
of its directors, officers, employees, agents, representative, contractors, or advisers gives any
representation or warranty (whether oral or written), express or implied as to the accuracy, updating
or completeness of any writings, information or statement given or made in this RFP document.
Neither Bank nor any of its directors, officers, employees, agents, representative, contractors, or
advisers has carried out or will carry out an independent audit or verification or investigation or due
diligence exercise in relation to the contents of any part of the RFP document.
3.30. Exchange Rate Variation (ERV) (if applicable)
Exchange rate variation clause may be applicable for repeat order only. Prices accepted by Bank shall
be increased or decreased in repeat order if the ERV is more than 5%. (The % will be calculated from

date of submission of commercial offer and repeat order proposal). The price increase or decrease
will be proportionate to difference more than 5%. i.e. if dollar variation is +/- 7% than prices may
increase /decrease by 2%.
3.31. Eligibility Criteria
Only those bidders who fulfil the specified eligibility criteria are eligible to respond to the RFP. Offers
received from the bidders who do not fulfil all or any of the specified eligibility criteria are liable to be
rejected. The selected bidder should be in a position to meet service level commitments in full. The
detailed eligibility criteria are mentioned at Annexure D of this RFP.
3.32. Authorized Signatory
The selected Bidder shall indicate the authorized signatories who can discuss and correspond with
Bank, with regard to the obligations under the contract. The selected Bidder shall submit at the time
of signing the contract a certified copy of the resolution of their board, authenticated by the company
secretary, authorizing an official or officials of the Bidder to discuss, sign agreements/contracts with
Bank, raise invoice and accept payments and also to correspond.
The Bidder shall provide proof of signature identification for the above purposes as required by Bank.
3.33. Notices
Notice or other communications given or required to be given under the contract shall be in writing
and shall be hand-delivered with acknowledgement thereof, or transmitted by pre-paid registered post
or courier or through email.
Any notice or other communications shall be deemed to have been validly given on date of delivery if
hand delivered & if sent by registered post, then on the expiration of seven days from the date of
posting.

4. SCOPE OF WORK
4.1. Project Objective
Bank intends to establish on-premise DDOS solution which will monitor the perimeter
traffic (volumetric and non-volumetric) for various public facing applications of the Bank
and also the traffic originated from within Bank, based on various intelligent feeds and
manual inputs so that it detects, analyze and mitigate the cyber threat at real time. The
solution shall block/ divert the “bad” traffic to scrubbing center and only legitimate traffic
is allowed to enter or leave the perimeter of the Bank.
The detailed Scope of Work is attached as Annexure C – Scope of Work.
5. QUALIFICATION CRITERIA
5.1. Eligibility of the Bidder
5.1.1. The Bank will examine the Eligibility Criteria compliance for the bidder as per the below
tabulated criteria in this RFP. The Bidder(s) who satisfy the eligibility criteria conditions
shall be considered for the next phase of evaluation viz. Technical Evaluation. Bidder is
required to meet all the eligibility criteria applicable to them and provide adequate
documentary evidence for each of the criteria stipulated. In the absence of such
documentary evidences Bid is liable to be rejected. Please refer Annexure D for detailed
Eligibility Evaluation Criteria
5.1.2. Procurements through MSMEs will be as per the policy guidelines issued by Ministry of
Micro, Small and Medium Enterprises (MSME), GOI from time to time. MSMEs registered
under the SPRS (Single Point Registration Scheme) of NSIC and complying with all the
guidelines thereunder as well as those issued by GOI from time to time shall be eligible.
MSMEs meeting all the eligibility criteria laid down in this RFP shall be eligible to bid for
this RFP. Exemptions regarding Tender document fees and EMD shall be available to the
eligible MSMEs.
5.1.3. Note- In line with the contents of Order No. 6/18/2019-PPD (Public Procurement No.1)
dated 23rd July 2020 issued by Ministry of Finance, Department of Expenditure, Public
Procurement Division, inviting attention to OM No. 6/18/2019-PPD dated 23rd July 2020
for the “Restrictions under Rule 144 (xi) of the General Financial Rules (GFRs), 2017, Any
bidder from a country which shares a land border with India will be eligible to bid in this
tender only if the bidder is registered with the competent Authority. (Registration
Committee constituted by the Department for Promotion of Industry and Internal Trade
(DPIIT)). For Details please refer Annexure-13A and Annexure-13B of this RFP
document.

6. TERMS AND CONDITIONS
6.1. General
The Successful Bidder should adhere to the terms of this tender document and would not accept any
deviations to the same. If the Bidders have absolutely genuine issues only then should they provide
their nature of non-compliance to the same in the format provided in Annexure 14. The Bank reserves
its right to not accept such deviations to the tender terms.
The Successful Bidder appointed under the tender document shall have the single point responsibility
for fulfilling all obligations and providing all deliverables and services.
Unless agreed to specifically by the Bank in writing for any changes to the tender document issued,
the successful bidder responses would not be incorporated automatically in the tender document.
Unless expressly overridden by the specific agreement to be entered into between the Bank and the
successful bidder, the tender document shall be the governing document for arrangement between
the Bank and the successful bidder.
6.2. Rules for responding to this tender document
Response document
1. All responses should be in English language. All responses by the Successful Bidder to this
tender document shall be binding on such successful bidder for a period of 180 days after
opening of the technical bids.
2. The technical bid, submitted cannot be withdrawn / modified after the last date for submission
of the bids unless specifically permitted by the Bank. In case, due to unavoidable circumstances,
the Bank does not award the contract within six months from the last date of the submission of
the bids, and there is a possibility to award the same within a short duration, the bidder would
have the choice to maintain the bid security with the Bank or to withdraw the bid and obtain the
security provided. The Bidder may modify or withdraw its offer after submission, provided that,
the Bank, prior to the closing date and time, and receives a written notice of the modification or
withdrawal prescribed for submission of offers. No offer can be modified or withdrawn by the
Bidder subsequent to the closing date and time for submission of the offers.
3. The Bidder is required to quote for all the components/services mentioned in the Annexure C
“Project scope” and Annexure H “Technical Requirements” and all other requirements of this
RFP. In case the Bidder does not quote for any of the components/services, the response would
be deemed to include the quote for such unquoted components/service. It is mandatory to
submit the details in the formats provided along with this document duly filled in, along with the
offer. The Bank reserves the right not to allow / permit changes in the technical specifications.
Bank may not evaluate the offer which is liable to be disqualified in case of non-submission of
the technical details in the required format or partial submission of technical details.
4. In the event the Bidder has not quoted for any mandatory or optional items as required by the
Bank and forming a part of the tender document circulated to the Bidder and responded to by
the Bidder, the same will be deemed to be provided by the Bidder at no extra cost to the Bank
which shall be completely at sole discretion of the Bank.
5. The Bank is not responsible for any assumptions or judgments made by the Bidder for proposing
the offer. The Bank’s interpretation will be final.

6. The Bank ascertains and concludes that everything as mentioned in the tender documents
circulated to the Bidder and responded by the Bidder have been quoted for by the Bidder, and
there will be no extra cost associated with the same in case the Bidder has not quoted for the
same.
7. In the event the Bank has not asked for any quotes for alternative prices, and the Bidder
furnishes the alternative price in the Bidder’s financial bid, the higher of the prices will be taken
for calculating and arriving at the Total Cost of Ownership. However, payment by the Bank will
be made at the lower price. The Bank, in this case may also reject the offer outright.
8. In the event optional prices (if requested in RFP) are not quoted by the Bidder, for items where
such prices are must and required to be quoted for, the highest price quoted by any of the
participating Bidders will be taken as the costs, for such alternatives and also for arriving at the
Total Cost of Ownership for the purpose of evaluation. The same item has to be supplied by the
Bidder free of cost.
6.3. Price Bids
1. The Bidder is requested to quote in Indian Rupees (‘INR’), in the format provided in Annexure
A - Commercial Bill of Material. Bids in currencies other than INR would not be considered.
2. The prices and other terms offered by Bidders must be firm for an acceptance period of 180
days from the date of opening of Technical Bid.
3. The price quoted by the Bidder should be inclusive of all taxes, duties, levies, etc. except GST.
GST will be paid at actuals. There will be no price escalation during the contract period and any
extension thereafter shall be at mutual consent.
4. If the Bidder makes any conditional or vague offers, without conforming to these guidelines, the
Bank will treat the prices quoted as in conformity with these guidelines and proceed accordingly.
5. Terms of payment as indicated in the Purchase Contract which will be issued by the Bank on
the selected Bidder will be final and binding on the Bidder and no interest will be payable by the
Bank on outstanding amounts under any circumstances. If there are any clauses in the Invoice
contrary to the terms of the Purchase Contract, the Bidder should give a declaration on the face
of the Invoice or by a separate letter explicitly stating as follows “Clauses, if any contained in the
Invoice which are contrary to the terms contained in the Purchase Contract will not hold good
against the Bank and that the Invoice would be governed by the terms contained in the Contract
concluded between the Bank and the successful bidder”. Bidder should ensure that the project
should not suffer in terms of cost or time escalation for any reason.
6.4. Visitorial Rights
Bank reserves the right to visit any of the bidder’s premises without prior notice to ensure that any
confidential data /hardware hosted at bidder’s location (if any) is not misused.
6.5. Solicitation of Employees
Both the parties agree not to hire, solicit, or accept solicitation (either directly, indirectly, or through a
third party) for their employees directly involved in this contract during the period of the contract and
one year thereafter, except as the parties may agree on a case-by-case basis. The parties agree that
for the period of the contract and one year thereafter, neither party will cause or permit any of its

directors or employees who have knowledge of the agreement to directly or indirectly solicit for
employment of the key personnel working on the project contemplated in this proposal except with the
written consent of the other party. The above restriction would not apply to either party for hiring such
key personnel who (i) initiate discussions regarding such employment without any direct or indirect
solicitation by the other party (ii) respond to any public advertisement placed by either party or its
affiliates in a publication of general circulation or (iii) has been terminated by a party prior to the
commencement of employment discussions with the other party.
6.6. Costs & Currency
The offer must be made in Indian Rupees only, and price quoted must include the following cost
components.
1. Cost for implementation and maintenance of solutions as per Scope
2. The Price offer shall be on a fixed price basis and should include: All taxes, duties and levies,
Service Tax of whatsoever nature if any; except GST and Services which are required to be
extended by the SP in accordance with the terms and conditions of the contract. GST will be
paid at actuals.
6.7. Right to Alter Scope
Bank reserves the right to alter the proposed scope at any time -during procurement process.
6.8. Compliance with All Applicable Laws
The bidder shall undertake to observe, adhere to, abide by, comply with and notify Bank about all laws
in force or as are or as made applicable in future, pertaining to or applicable to them, their business,
their employees or their obligations towards them and all purposes of this tender and shall indemnify,
keep indemnified, hold harmless, defend and protect Bank and its employees/officers/staff/
personnel/representatives/agents from any failure or omission on its part to do so and against all
claims or demands of liability and all consequences that may occur or arise for any default or failure
on its part to conform or comply with the above and all other statutory obligations arising there from.
Compliance in obtaining approvals/permissions/licenses: The bidder shall promptly and timely obtain
all such consents, permissions, approvals, licenses, etc., as may be necessary or required for any of
the purposes of this project or for the conduct of their own business under any applicable Law,
Government Regulation/Guidelines and shall keep the same valid and in force during the term of the
project, and in the event of any failure or omission to do so, shall indemnify, keep indemnified, hold
harmless, defend, protect and fully compensate the Bank and its employees/ officers/ staff/ personnel/
representatives/agents from and against all claims or demands of liability and all consequences that
may occur or arise for any default or failure on its part to conform or comply with the above and all
other statutory obligations arising there from and the Bank will give notice of any such claim or demand
of liability within reasonable time to the bidder.
This indemnification is only a remedy for Bank. The bidder is not absolved from its responsibility of
complying with the statutory obligations as specified above. Indemnity would be limited to court
awarded damages and shall exclude indirect, consequential and incidental damages. However,
indemnity would cover damages, loss or liabilities suffered by Bank arising out of claims made by its
customers and/or regulatory authorities.

6.9. Performance Bank Guarantee (10%)
The successful bidder should furnish a Performance Bank Guarantee from scheduled commercial
Bank to the extent of 10% (or as applicable during the period of contract as per Govt. guidelines) of
the value of the contract within 30 days of the date of receipt of the purchase order/Indent. The
Performance Bank Guarantee has to be submitted in the format as per Annexure 11. The
performance guarantee would be for the entire period of the Contract plus twelve months.
If the Performance guarantee is not submitted, the Bank reserves the right to cancel the contract. The
Performance Guarantee would be returned to the bidder after the expiry or termination of the contract.
The limit of PBG of 10 % is as per guidelines of Ministry of Finance, Department of Expenditure
Procurement Policy Division (No. F.1/2/2023-PPD) dated 03.04.2023 which are applicable to all
tenders/ contracts
6.10. Payment Terms
The payment terms for the project would be as per Annexure E.
6.11. Project Timelines
The Bidder is expected to adhere the timelines stipulated in Annexure F.
6.12. Amalgamation
If the Bank undergoes an amalgamation, take-over, consolidation, reconstruction, merger, change of

ownership etc., this RFP shall be considered to be assigned to the new entity and such an act shall
not affect the rights and obligations of the Bidder under this RFP.
6.13. IT Act
The Bidder must ensure that the proposed products/services are compliant to all such applicable
existing regulatory guidelines of GOI / RBI and adheres to requirements of the IT Act 2000 and
Payment and Settlement Systems Act 2007 and amendments thereof as applicable. The bidder must
submit a self-declaration to this effect.
The Successful bidder shall indemnify, protect and save the Bank against all claims, losses, costs,
damages, expenses, action, suits and other proceedings, resulting from infringement of any patent,
trademarks, copyrights etc. or such other statutory infringements under the Copyrights Act, 1957 or
IT Act 2000 / Amendment 2008 and subsequent amendment or any Act in force at that time in respect
of all the hardware, software and network equipment or other systems supplied by bidder to the Bank
from any source. Bidder shall also ensure compliance of Data Protection guidelines as & when issued
by the Govt./ regulators.
6.14. Aadhaar ACT
The Bidder must comply with Aadhaar Act 2016 and the subsequent amendments as applicable to
the products/services.
6.15. Digital Personal Data Protection Act (2023)
The Bidder must ensure that the proposed products/services are compliant to all such applicable
existing regulatory guidelines of GOI / RBI and adheres to requirements of the Digital Personal Data

Protection bill and amendments thereof as applicable. The bidder must submit a self-declaration to
this effect.
The bidder must comply with and the subsequent amendments as applicable to the product/services.
6.16. ISMS Framework
The Bidder shall abide by the Information Security Management System (ISMS) framework of the
Bank. The process flow in the system and controls should follow guidelines mentioned in Information
System Security Policy (ISSP) & any other policy and subsequent procedures of the Bank. The details
related to ISMS framework shall be shared with successful bidder based on the project needs.
6.17. Change Management
Changes to business applications, IT components and facilities should be managed by change

management processes to ensure integrity of any changes.
All the IT components proposed under the RFP in the scope of RFP (such as- application software,
middleware etc.) should be periodically patched for all types of patches, such as - security patches,
system patches etc. without any additional cost to the Bank. Emergency patches should also be
applied immediately as per regulatory and other agencies directions etc.
If any software provided by bidder becomes End of support/ End of life during the warranty/ AMC/
ATS period, the same will be replaced by the next version of software without any cost to the Bank.
Also, it shall be ensured that software replacements are done in a planned manner to ensure that no
or minimal downtime is required on this account impacting customer services.
Bidder to ensure that the technology to be deployed needs to be latest, latest version of
solution to be deployed and technology supplied should not be having residual life of less than
5 years from the date of effectiveness of contract.
6.18. Supplier BCP
Bidder shall maintain business continuity, as per agreed business continuity plan.
6.19. Assignment
The scope of work / services mentioned in this RFP or the Bidder shall not assign subsequent
agreement fully or in part to any third party without the prior written consent of Bank. Bank may at any
time in completely or in part, assign or transfer any of its rights benefits and obligations under this
agreement to any third party without consent of Bidder.
6.20. Subcontracting
The bidder shall not subcontract or permit anyone other than its personnel to perform any of the work,
service or other performance required of the bidder under the contract without the prior written consent
of the Bank.
6.21. Compliance with Master Directions on outsourcing of IT Services & It Governance
The bidder shall comply with the extant guidelines issued by RBI for
1) outsourcing of IT services as per RBI Circular No: RBI/2023-
24/102/DOS.CO.CSITEG/Sec.1/31.01.015/2023-24 dated: 10.04.2023 or any subsequent
guidelines issued in this regard.

2) IT Governance, Risk controls & Assurance Practices as per RBI Circular No: RBI/DoS/2023-
24/107 DoS.CO.CSITEG/SEC.7/31.01.015/2023-24 dated 7th November 2023.
6.22. Protection of Reputation
It is agreed between the parties that Bank, being in service industry, its reputation, goodwill and
positive brand image is of prime importance. Bank has a right to impose penalty for the reputational
loss on account of business disruption if bidder fails to perform its obligations in the best possible
manner and/ or fails to maintain quality of service. The Bank in the manner will assess the amount of
penalty as it deems fit and the said amount can be deducted from the amount payable to the bidder
against its services. Bidder undertakes and agrees to indemnify the Bank against such losses
suffered. Reoccurrence of such incidence may lead to termination of contract by the Bank without any
further notice
6.23. Support
a. The bidder should provide the support Facility Management Services as per the facility
management clause in scope of work.
b. Bidder should provide support to all software / hardware provided under RFP deliverables during
the tenure of contract for 5 years.
c. Any components, including the software deliverables / hardware equipment that are reported to
be done on a given date should be repaired / replaced with identical or higher configuration
within 4 hours at the DC/DR/ Near Site at no extra cost to the Bank. The same should be made
operational within 4 hours at the locations mentioned above. The timeliness provided in this
section pertains to replacement of redundant components. However, the bidder has to maintain
the required uptime.
d. Response & Resolution time to be followed as per service levels defined in the Annexure-G of
this RFP document. Bidder must adhere with the Service Level Standards defined in Annexure-
G. Any Deviation/ non adhering with service level standards may attract penalty as per
provisions stipulated in Service Levels mentioned at Annexure-G.
6.24. Cancellation of Contract and Compensation
The Bank reserves the right to cancel the contract of the selected bidder and recover expenditure
incurred by the Bank on the following circumstances:
• The selected bidder commits a breach of any of the terms and conditions of the bid/contract.
• The bidder goes into liquidation voluntarily or otherwise.
• An attachment is levied or continues to be levied for a period of 7 days upon effects of the bid.
• The progress regarding execution of the contract, made by the selected bidder is found to be
unsatisfactory.
• If deductions on account of liquidated Damages exceeds more than 10% of the total contract
price.
After the award of the contract, if the selected bidder does not perform satisfactorily or delays
execution of the contract, the Bank reserves the right to get the balance contract executed by another
party of its choice by giving one month’s notice for the same. In this event, the selected bidder is
bound to make good the additional expenditure, which the Bank may have to incur to carry out bidding
process for the execution of the balance of the contract. This clause is applicable, if for any reason,
the contract is cancelled.

The Bank reserves the right to recover any dues payable by the selected bidder from any amount
outstanding to the credit of the selected bidder, including the pending bills and/or invoking Bank
Guarantee, if any, under this contract or any other contract/order.
6.25. Exit Option & Contract Re-negotiation
1. The Bank reserves the right to cancel the contract in the event of happening one or more of the
following Conditions:
a. Failure of the successful bidder to accept the contract and furnish the performance
Guarantee within 30 days of receipt of purchase order by the Bank;
b. The selected bidder commits a breach of any of the terms and conditions of the contract.
c. The bidder goes into liquidation voluntarily or otherwise.
d. An attachment is levied or continues to be levied for 7 days upon effects of the bid.
e. The progress regarding execution of the contract by the bidder does not comply with the
SLAs proposed in this RFP and the deviations are above the defined threshold limits.
f. Deduction on account of liquidated damages exceeds 10% of the total contract price.
g. Delay in delivery / installation / commissioning of machine and services required under
RFP beyond the specified period for the same as mentioned in the order.
2. In addition to the cancellation of purchase contract, Bank reserves the right to appropriate the
damages through encashment of Bid Security / Performance Guarantee given by the bidder.
3. The Bank will reserve a right to re-negotiate the price and terms of the entire contract with the
bidder at more favorable terms in case such terms are offered in the industry at that time.
4. Notwithstanding the existence of a dispute, and/or the commencement of arbitration
proceedings, the bidder should continue to provide the facilities to the Bank at the site.
5. Knowledge transfer: The Bidder shall provide such necessary information, documentation to the
Bank or its designee, for the effective management and maintenance of the Deliverables under
this Agreement. Bidder shall provide documentation (in English) in electronic form where
available or otherwise a single hardcopy of all existing procedures, policies and programs
required to support the Services. Such documentation will be subject to the limitations imposed
by Bidder’s Intellectual Property Rights of this Agreement.
6. In addition to the cancellation of the contract, the Bank reserves the right to get the balance
contract executed by another party of its choice by giving one month’s notice for the same.
Further the bidder would also be required to compensate the Bank for any direct loss incurred
by the Bank due to the cancellation of the contract and any additional expenditure to be incurred
by the Bank to appoint any other bidder.
7. The reverse transition services to be provided by the Bidder shall include the following:
a. The Bidder shall suitably and adequately train the Bank’s designated team for fully and
effectively operating and maintaining the proposed solution. The Bidder should also
provide extra training without any cost to Bank.
b. Bidder shall provide adequate documentation thereof.
8. The cost for reverse transition if any should be part of the commercial offer.
9. During reverse transition, the existing bidder would transfer all knowledge, knowhow and other
things necessary for the Bank or new Bidder to take over and continue to manage the services.
The bidder agrees that the reverse transition mechanism and support during reverse transition
will not be compromised or affected for reasons whatsoever be for cancellation or exist of the
parties.
10. The Bank and the bidder shall together prepare the Reverse Transition Plan. However, the Bank
shall have the sole and absolute discretion to decide whether proper reverse transition
mechanism has been complied with. In the event of the conflict not being resolved, the conflict
will be resolved through Arbitration.

11. The bidder agrees that in the event of cancellation or exit or expiry of the contract it would extend
all necessary support to the Bank or its selected partner/s as would be required in the event of
the shifting of the site.
12. Reverse transition mechanism would be activated in the event of cancellation of the contract or
exit by the parties or 6 months prior to expiry of the contract. The bidder should perform a reverse
transition mechanism to the Bank or its selected Bidder. The reverse transition mechanism
would be over a period of 6 months post the completion of the 90-day notice period to facilitate
an orderly transfer of services to the Bank or to an alternative 3rd party / Bidder nominated by
the Bank. Where the Bank elects to transfer the responsibility for service delivery to a number
of Bidders Bank will nominate a bidder who will be responsible for all dealings with the bidder
regarding the delivery of the reverse transition services.
6.26. Termination
1 The Bank shall be entitled to terminate the agreement with the bidder at any time by giving Thirty
(30) days prior written notice to the bidder without assigning any reason.
2 The Bank shall be entitled to terminate the agreement at any time by giving notice if:
a. The bidder breaches its obligations under the tender document or the subsequent
agreement and if the breach is not cured within 15 days from the date of notice.
b. The bidder
i. has a winding up order made against it; or
ii. has a receiver appointed over all or substantial assets; or
iii. is or becomes unable to pay its debts as they become due; or
iv. enters into any arrangement or composition with or for the benefit of its creditors; or
v. passes a resolution for its voluntary winding up or dissolution or if it is dissolved.
3 The bidder shall have right to terminate only in the event of winding up of the Bank.
4 The Bank reserves the right for terminate the contract in case of serious discrepancies observed
in the services as mentioned in the RFP.
6.27. Effect of Termination
1. The bidder agrees that after completion of the Term or upon earlier termination of the
assignment, the bidder shall, if required by the Bank, continue to provide facility to the Bank at
no less favorable terms than those contained in this tender document. Unless mutually agreed,
the rates shall remain firm.
2. The Bank shall make such prorated payment for services rendered by the bidder and accepted
by the Bank at the sole discretion of the Bank in the event of termination, provided that the bidder
is in compliance with its obligations till such date. However, no payment for “costs incurred, or
irrevocably committed to, up to the effective date of such termination” will be admissible. There
shall be no termination compensation payable to the bidder.
3. Termination shall not absolve the liability of the Bank to make payments of undisputed amounts
to the bidder for services rendered till the effective date of termination. Termination shall be
without prejudice to any other rights or remedies a party may be entitled to hereunder or at law
and shall not affect any accrued rights or liabilities or either party nor the coming into force or
continuation in force of any provision hereof which is expressly intended to come into force or
continue in force on or after such termination.
4. The bidder agrees that it shall not be relieved of its obligations under the reverse transition
mechanism notwithstanding the termination of the assignment.
Same terms (including payment terms) which were applicable during the term of the contract
should be applicable for reverse transition services

6.28. Intellectual Property Rights
All Intellectual Property Rights in the Deliverables (excluding Pre-existing Material or third party
software, which shall be dealt with in accordance with the terms of any license agreement relating to
that software) shall be owned by Bank. In the event that any of the Deliverables or work product do
not qualify as works made for hire, Bidder hereby assigns to Bank, all rights, title and interest in and
to the Deliverables or work product and all Intellectual Property Rights therein.
Notwithstanding the above, any intellectual property developed by a Party that is a derivative work of
any pre-existing materials will be treated the same as pre-existing material and the developer of the
derivative work will assign all right and title in and to the derivative work to the owner of the pre-existing
material.
Residuals. The term "Residuals" shall mean information and knowledge in intangible form, which is
retained in the memory of personnel who have had access to such information or knowledge while
providing Services, including concepts, know-how, and techniques. There is no restriction on the use
of the residual knowledge by personnel upon completion of their assignment with the Bank.
Other than as agreed hereinabove, nothing herein shall cause or imply any sale, license (except as
expressly provided herein), or transfer of proprietary rights of or in any software or products (including
third party) from one party to the other party with respect to work product, Deliverables or Services
agreed under this Agreement.
Bidder must protect the Bank from any litigations, claims from third parties claiming the deployed
product, services of the vendor to be theirs. Bidder is also required to fight out litigations on their own
without involving the Bank.
6.29. Corrupt & Fraudulent Practices
As per Central Vigilance Commission (CVC) directives, it is required that Bidders / Suppliers /
Contractors observe the highest standard of ethics during the procurement and execution of such
contracts in pursuance of this policy:
“Corrupt Practice” means the offering, giving, receiving or soliciting of anything of values to influence
the action of an official in the procurement process or in contract execution AND
“Fraudulent Practice” means a misrepresentation of facts in order to influence a procurement process

or the execution of contract to the detriment of the Bank and includes collusive practice among Bidders
(prior to or after bid submission) designed to establish bid prices at artificial non-competitive levels
and to deprive the Bank of the benefits of free and open competition.
The Bank reserves the right to reject a proposal for award if it determines that the bidder recommended
for award has engaged in corrupt or fraudulent practices in competing for the contract in question.
The Bank reserves the right to declare a firm ineligible, either indefinitely or for a stated period of time,
to be awarded a contract if at any time it determines that the firm has engaged in corrupt or fraudulent
practices in competing for or in executing the contract.
6.30. Conflict of Interest
Bank requires that bidder provide professional, objective, and impartial advice and at all times hold
Bank’s interest paramount, strictly avoid conflicts with other Assignment(s)/ Job(s) or their own

corporate interests and act without any expectations/ consideration for award of any future
assignment(s) from Bank.
Bidder have an obligation to disclose any situation of actual or potential conflict in assignment/job,
activities and relationships that impacts their capacity to serve the best interest of Bank, or that may
reasonably be perceived as having this effect. If the Bidder fails to disclose said situations and if Bank
comes to know about any such situation at any time, it may lead to the disqualification of the Bidder
during bidding process or the termination of its Contract during execution of assignment.
6.31. Violation of Terms
The Bank clarifies that the Bank shall be entitled to an injunction, restraining order, right for recovery,
suit for specific performance or such other equitable relief as a court of competent jurisdiction may
deem necessary or appropriate to restrain the bidder from committing any violation or enforce the
performance of the covenants, obligations and representations contained in this tender document.
These injunctive remedies are cumulative and are in addition to any other rights and remedies the
Bank may have at law or in equity, including without limitation a right for recovery of any amounts and
related costs and a right for damages.
6.32. Service Level Agreement
1. The selected bidder should execute a Service Level Agreement (SLA), which would include
all the services and terms and conditions of the services to be extended as detailed herein and
as may be prescribed by the Bank. The selected bidder should execute the SLA within 45 days
from the date of acceptance of Purchase Order/Letter of Intent.
2. The bidder needs to strictly adhere to Service Level requirements as per Annexure G.
6.33. Liquidated Damages
The Bank will consider the inability of the bidder to deliver or install the solution within the specified
time limit, as a breach of contract and would entail the payment of Liquidation Damages on the part
of the bidder. The liquidation damages represent an estimate of the loss or damage that the Bank may
have suffered due to delay in performance of the obligations (relating to delivery, installation,
Operationalization, implementation, training, acceptance, warranty, maintenance etc.) by the bidder.
Installation will be treated as incomplete in one/all of the following situations:
 Non-delivery of any component or other services mentioned in the order

 Non-delivery of supporting documentation.
 Delivery/Availability, but no installation of the components and/or software integration.
 System operational, but unsatisfactory to the Bank
If the bidder fails to deliver any or all of the Goods or fails to perform the Services within the time
period(s) specified in the Contract, the Bank shall, without prejudice to its other remedies under the
Contract, deduct from the Contract Price, as liquidated damages, a sum equivalent to 1% of the
complete contract amount until actual delivery or performance, per week or part thereof (3 days will
be treated as a week); and the maximum deduction is 10% of the contract price. Once the maximum
is reached, the Bank may consider termination of the contract.
Bank reserves its right to recover these amounts by any mode such as adjusting from any payments
to be made by the Bank to the bidder. Monday to Saturday will be considered as a week. Part of week

will be treated as a week for this purpose. However, the Bank may, at its discretion, waive the
liquidated damages in case the delay cannot be attributed to the Bidder.
Bank will deduct the amount of liquidated damages from the payment due of the same project from
the Successful bidder. Bank may also withhold the amount to be recovered from the payment due
from other projects held by the same bidder.
Any such recovery or liquidated damages shall not in any way relieve the Successful bidder from any
of its obligations to complete the works / service(s) or from any other obligations and liabilities under
the Contract/Agreement/ Purchase Order.
Cumulative Liquidated Damages imposed for all the sites shall be subject to maximum of 10 percent
of the total contract value. Once the maximum is reached, the Bank may consider termination of the
contract. Further, the Bank also reserves the right to cancel the order and invoke the Bank
Guarantee/Performance Guarantees in case of inordinate delays in the delivery/installation of the
solution.
6.34. Indemnity
Bidder shall indemnify, protect and save the Bank and hold the Bank harmless from and against all
claims, losses, costs, damages, expenses, action suits and other proceedings, (including reasonable
attorney fees), relating to or resulting directly or indirectly from
(i) an act or omission of Bidder, its employees, its agents, or employees of the consortium in the
performance of the services provided by this contract,
(ii) Material breach of any of the terms of this agreement document or breach of any representation
or warranty by Bidder.
(iii) use of the allocated site and or facility provided by Bidder.
(iv) the overall liability for (i), (ii) and (iii) of this clause shall be subject to limit agreed between the
parties under clause 6.38 of the RFP
(v) infringement of any patent, trademarks, copyrights etc. or such other statutory infringements in
respect of all components used to facilitate and to fulfill the scope of the site requirement.
(vi) Bidder shall further indemnify the Bank against any loss or damage arising out of loss of data
subject to the limit agreed between the parties under clause 6.38 of the RFP, claims of
infringement of third-party copyright, patents, or other intellectual property, and third-party claims
on the Bank for malfunctioning of the solution at all points of time, provided however
a) the Bank notifies Bidder in writing immediately on aware of such claim.

b) Bidder has sole control of defense and all related settlement negotiations.
c) Bank provides Bidder with the assistance, information and authority reasonably necessary
to perform the above, and
d) the Bank does not make any statement or comments or representations about the claim
without prior written consent of Bidder, except under due process of law or order of the
court. It is clarified that the bidder shall in no event enter into a settlement, compromise or
make any statement (including failure to take appropriate steps) that may be detrimental to
the Bank’s (and/or its customers, users and Bidder’s) rights, interest and reputation.
The Successful Bidder shall indemnify the Bank and undertake to keep the Bank fully saved and
indemnified against any loss, action or claim arising out of or in respect to software bug, error,
incomplete testing, misconduct, fraud, misbehavior or violations of any laws committed by Bidder or
its employees/ agents/ persons employed by third parties. Bidder shall, at their own expense, defend
and indemnify the Bank against any claims due to loss of data / damage to data arising as a
consequence of any negligence during implementation process.
Successful Bidder shall indemnify the Bank (including its employees, directors or representatives)
from and against claims, losses, and liabilities arising from: death or personal injury caused by the
negligence of the indemnifying party, its personnel or its subcontractors;
1. Except to the extent attributable to a breach of contract by, willful, negligent or unlawful act or
omission of, the successful bidder or a third party which is controlled by the Bidder as governed
by IT Act 2000.
2. The breach by the Bidder of any of its obligations under Confidentiality,
3. Non-compliance of Bidder with Laws / Governmental Requirements
4. IP Infringement
5. Negligence and misconduct of bidder, its employees, and agents
6. Breach of any terms of agreement document or Representation made by Bidder.
7. Act or omission in performance of service.
8. Loss of data due to bidder provided facility.
This indemnification is only a remedy for the Bank. The bidder is not absolved from its responsibility
of complying with the statutory obligations as specified above. Indemnity would be limited to court
awarded damages and shall exclude indirect, consequential and incidental damages. However,
indemnity would cover damages, loss or liabilities suffered by the Bank arising out of claims made by
its customers and/or regulatory authorities.
6.35. Force Majeure
“Neither Party” will be liable for any delay or failure to perform its obligations, if the delay or failure has
resulted from circumstances beyond its reasonable control, including but not limited to, act of God or
governmental act, epidemic, pandemic, flood, fire, explosion, war, and any other occurrence of the
kind listed above, which is not reasonably within the control of the affected party.
Each Party agrees to give to the other a written notice immediately as soon as reasonably possible
on becoming aware of an event of force majeure and such notice shall contain details of the
circumstances giving rise to the event of force majeure.
If the event of force majeure continues for a period of more than Fifteen (15) consecutive days, then
Bank may have the option to terminate the Agreement upon written notice of such termination to the
other party.”
6.36. Resolution of Disputes
All disputes and differences of any kind whatsoever arising out of or in connection shall be settled
amicably by direct informal negotiation between both the parties. In case of non- settlement, the higher
authorities of both the parties will intervene and negotiate amicably. However, in case of non-
settlement of such dispute, the matter shall be referred for Arbitration to Sole Arbitrator. However, in
case of non-consensus on sole arbitrator within 15 days, each party will appoint one Arbitrator. The
two arbitrators appointed by the parties shall appoint a third arbitrator who will act as the chairman of
the proceedings. The Award of the Arbitrator shall be Final and binding on the parties. The Arbitration
and Conciliation Act 1996 or any modification thereof shall apply to the arbitration proceedings. The
venue of the arbitration shall be at Pune. The expenses will be borne by the parties in equal proportion.
Language of the Arbitration shall be in English.

6.37. Non-Disclosure Agreement
The Bidder shall hold all information about this tender and / or information gathered about the Bank
through this process in strict confidence with the same degree of care with which the Bidder protects
its own confidential and proprietary information. The Bidder shall restrict disclosure of the Information
solely to its employees, agents and contractors on a need to know basis and advise those persons of
their obligations hereunder with respect to such Information.
To use the Information only as needed for the purpose solely related to this Project;
Except for the purpose of execution of this Project, not disclose or otherwise provide such information
or knowingly allow anyone else to disclose or otherwise provide such Information.
The Bidder shall not disclose any information to parties not involved in supply of the products and
services forming part of this order and disclosure of information to parties not involved in supply of the
products and services forming part of this order will be treated as breach of trust and invite legal action.
This will also mean termination of the contract and disqualification of the bidder in any future tendering
process of the Bank.
Any information considered sensitive must be protected by the bidder from unauthorized disclosure
or access. Non-Disclosure Agreement to be signed by the authorized signatory at the time of
submission of RFP as per Annexure 4.
6.38. Pre-Contract Integrity Pact
The bidder has to enter into an integrity pact with the Bank to the effect that they will not resort to any
corrupt practices in any aspect / stage of the contract. Only those bidders who wish to enter into such
a contract with the Bank will be considered for participating in the tender process. Pact to be signed
by the authorized signatory at the time of submission of RFP as per Annexure 10.
6.39. Limitation of Liability
Bidder’s aggregate liability in connection with obligations undertaken as a part of the RFP regardless
of the form or nature of the action giving rise to such liability (whether in contract, tort or otherwise),
shall be at actual and limited to the Total Order Value.
Bidder’s liability in case of claims against the Bank resulting from Misconduct or Negligence of bidder,
its employees and Subcontractors or from infringement of patents, trademarks, copyrights or such
other Intellectual Property Rights or breach of confidentiality obligations shall be unlimited.
1. "Misconduct" means any act or omission of a party which is willfully intended to harm the
interests of the other party, provided however, that willful misconduct does not include ordinary
negligence, an error of judgement or mistake of a person.
2. "Negligence" means an indifference to, and a blatant violation of a legal duty with respect to the
rights of the others, being a conscious and voluntary disregard of the need to use reasonable
care, which is likely to cause foreseeable grave injury or harm to persons, property, or both.
Gross negligence involves conduct that is extreme, when compared with ordinary negligence.
A mere failure to exercise reasonable care shall not be a Gross negligence.
Bank shall not be held liable for and is absolved of any responsibility or claim / litigation arising out of
the use of any third party software or modules supplied by bidder as part of procurement under the
RFP.

Under no circumstances Bank shall be liable to the selected bidder for direct, indirect, incidental,
consequential, special or exemplary damages arising from termination of this Agreement, even if Bank
has been advised of the possibility of such damages, such as, but not limited to, loss of revenue or
anticipated profits or lost business.
It is expressly agreed between the Parties that for any event giving rise to a claim, Bank shall have
the right to make a claim (including claims for indemnification under the procurement in this RFP)
against bidder.
6.40. Confidentiality
This document contains information confidential and proprietary to Bank. Additionally, the Bidder will
be exposed by virtue of the contracted activities to internal business information of Bank, affiliates,
and/or business partners. Disclosure of receipt of any part of the aforementioned information to parties
not directly involved in providing the services requested could result in the disqualification of the
Bidder, pre-mature termination of the contract, or legal action against the Bidder for breach of trust.
The information provided / which will be provided is solely for the purpose of undertaking the
consultancy services effectively.
No news release, public announcement, or any other reference to this RFP or any program there
under shall be made without written consent of Bank. Reproduction of this RFP, by photographic,
electronic, or other means is strictly prohibited
The RFP document is confidential and is not to be disclosed, reproduced, transmitted, or made
available by the Recipient to any other person. The RFP document is provided to the Recipient on the
basis of the undertaking of confidentiality given by the Recipient to Bank. Bank may update or revise
the RFP document or any part of it. The Recipient acknowledges that any such revised or amended
document is received subject to the same confidentiality undertaking. The Recipient will not disclose
or discuss the contents of the RFP document with any officer, employee, consultant, director, agent,
or other person associated or affiliated in any way with Bank or any of its customers or suppliers
without the prior written consent of Bank.
This tender document contains information proprietary to Bank. Each recipient is entrusted to maintain
its confidentiality. It should be disclosed only to those employees involved in preparing the requested
responses. The information contained in the tender document may not be reproduced in whole or in
part without the express permission of Bank. Disclosure of any such sensitive information to parties
not involved in the supply of contracted services will be treated as breach of trust and could invite
legal action. This will also mean termination of the contract and disqualification of the said bidder.
Responses received become the property of Bank and cannot be returned. Responses will not be
used and shared with third party for any means. Information provided by each bidder will be held in
confidence, and will be used for the sole purpose of evaluating a potential business relationship with
the bidder.
“Confidential Information” means any and all information that is or has been received by the bidder
(“Receiving Party”) from Bank (“Disclosing Party”) and that:
a. Relates to the Disclosing Party; and

b. is designated by the Disclosing Party as being confidential or is disclosed in circumstances
where the Receiving Party would reasonably understand that the disclosed information would
be confidential or
c. Is prepared or performed by or on behalf of the Disclosing Party by its employees, officers,
directors, agents, representatives or consultants

d. Without limiting the generality of the foregoing, Confidential Information shall mean and include
any information, data, analysis, compilations, notes, extracts, materials, reports, drawings,
designs, specifications, graphs, layouts, plans, charts, studies, memoranda or other documents,
or materials that may be shared by Bank with the bidder.
e. “Confidential Materials” shall mean all tangible materials containing Confidential Information,
including, without limitation, written or printed documents and computer disks or tapes, whether
machine or user readable
f. Information disclosed pursuant to this clause will be subject to confidentiality forever.
1. The Receiving Party shall, at all times regard, preserve, maintain and keep as secret and
confidential all confidential information and confidential materials of the Disclosing Party
howsoever obtained and agrees that it shall not, without obtaining the written consent of the
Disclosing Party:
2. Unless otherwise agreed herein, use any such confidential information and materials for its
own benefit or the benefit of others or do anything prejudicial to the interests of the
Disclosing Party or its customers or their projects.
3. In maintaining confidentiality here under the Receiving Party on receiving the confidential
information and materials agrees and warrants that it shall:
 Take at least the same degree of care in safeguarding such confidential information
and materials as it takes for its own confidential information of like importance and
such degree of care shall be at least, that which is reasonably calculated to prevent
such inadvertent disclosure;
 Keep the confidential information and confidential materials and any copies thereof
secure and in such a way so as to prevent unauthorized access by any third party;
 Limit access to such confidential information and materials to those of its directors,
partners, advisers, agents or employees, sub-contractors and contractors who are
directly involved in the consideration/evaluation of the confidential information and
bind each of its directors, partners, advisers, agents or employees, sub-contractors
and contractors so involved to protect the confidential information and materials in
the manner prescribed in this document; and
 Upon discovery of any unauthorized disclosure or suspected unauthorized
disclosure of confidential information, promptly inform the Disclosing Party of such
disclosure in writing and immediately return to the Disclosing Party all such
Information and materials, in whatsoever form, including any and all copies thereof.
4. The Receiving Party who receives the confidential information and materials agrees that on
receipt of a written demand from the Disclosing Party:
a. Immediately return all written confidential information, confidential materials and all
copies thereof provided to, or produced by it or its advisers, as the case may be,
which is in Receiving Party’s possession or under its custody and control;
b. To the extent practicable, immediately destroy all analyses, compilations, notes,
studies, memoranda or other documents prepared by it or its advisers to the extent
that the same contain, reflect or derive from confidential information relating to the
Disclosing Party;
c. So far as it is practicable to do so immediately expunge any confidential information
relating to the Disclosing Party or its projects from any computer, word processor or
other device in its possession or under its custody and control; and
d. To the extent practicable, immediately furnish a certificate signed by its director or
other responsible representative confirming that to the best of his/her knowledge,

information and belief, having made all proper enquiries the requirements of this
paragraph have been fully complied with.
5. The restrictions in the preceding clause shall not apply to:
a. Any information that is publicly available at the time of its disclosure or becomes
publicly available following disclosure (other than as a result of disclosure by the
Disclosing Party contrary to the terms of this document); or any information which is
independently developed by the Receiving Party or acquired from a third party to the
extent it is acquired with the valid right to disclose the same.
b. Any disclosure required by law or by any court of competent jurisdiction, the rules
and regulations of any recognized stock exchange or any enquiry or investigation by
any governmental, statutory or regulatory body which is lawfully entitled to require
any such disclosure provided that, so far as it is lawful and practical to do so prior to
such disclosure, the Receiving Party shall promptly notify the Disclosing Party of
such requirement with a view to providing the Disclosing Party an opportunity to
obtain a protective order or to contest the disclosure or otherwise agree to the timing
and content of such disclosure.
c. The confidential information and materials and all copies thereof, in whatsoever form
shall at all times remain the property of the Disclosing Party and its disclosure
hereunder shall not confer on the Receiving Party any rights whatsoever beyond
those contained in this document.
d. The confidentiality obligations shall survive forever between the bidder and the
Bank.
Confidentiality to be maintained at all times during currency as well as post severance of the
relationship. Breach attributable to the Bidder is to be compensated to the Bank and any other
claims raised on the Bank by the owner of information, which is compromised.
6.41. Severability
1. If any of the provisions of this RFP is constructed in more than one way, one of which would
render the provision illegal or otherwise voidable or enforceable, such provision shall have the
meaning that renders it valid and enforceable.
2. In the event any court or other government authority shall determine any provisions in this RFP
is so amended so that it is enforceable to the fullest extent permissible under the laws and public
policies of the jurisdiction in which enforcement is sought and affords the parties the same basic
rights and obligations and has the same economic effect as prior to amendment.
3. In the event that any of the provisions of this RFP shall be found to be void, but would be valid
if some part thereof-was deleted or the scope ,period or area of application were reduced, then
such provision shall apply with the deletion of such words or such reduction of scope ,period or
area of application as may be required to make such provisions valid and effective ,provided
however, that on the revocation, removal or diminution of the law or provisions, as the case may
be ,by virtue of which such provisions contained in this RFP were limited as provided
hereinabove, the original provisions would stand renewed and be effective to their original
extent, as if they had not been limited by the law or provisions revoked. Notwithstanding the
limitation of this provision by any law for the time being in force, the Parties undertake to, at all
times observe and be bound by the spirit of this RFP.

6.42. Delays in Design, Implementation and Performance Guarantee.
The final short listed bidder should submit a performance guarantee valid for contract period from the
date of signing the contract with additional claim period of six months after expiry of validity period.
The Bidder must strictly adhere to the project timeline schedule, for each assignment for performance
of the obligations arising out of the contract and any delay will enable the Bank to resort to any or all
of the following at sole discretion of the Bank.
a. Claiming Liquidated Damages
b. Termination of the agreement fully or partly
In addition to the termination of the agreement, Bank reserves the right to appropriate the damages
by invoking the performance guarantee.
6.43. Publicity
Any publicity by the bidder in which the name of Bank is to be used should be done only with the
explicit written permission of Bank.
6.44. Privacy and Security Safeguards
The successful Bidder shall not publish or disclose in any manner, without the Bank's prior written
consent, the details of any security safeguards designed, developed, or implemented by the
successful Bidder under this contract or existing at any Bank location. The successful Bidder shall
develop procedures and implementation plans to ensure that IT resources leaving the control of the
assigned user (such as being reassigned, removed for repair, replaced, or upgraded) are cleared of
all Bank data and sensitive application software. The successful Bidder shall also ensure that all
subcontractors who are involved in providing such security safeguards or part of it shall not publish or
disclose in any manner, without the Bank's prior written consent, the details of any security safeguards
designed, developed, or implemented by the successful Bidder under this contract or existing at any
Bank location.
6.45. Adherence to Terms and Conditions
The bidders who wish to submit responses to this RFP should note that they should abide by all the
terms and conditions contained in the RFP. If the responses contain any extraneous conditions put in
by the respondents, such responses may be disqualified and may not be considered for the selection
process.
6.46. Other Terms and Conditions
1. Bank reserves the right to:

• Reject any and all responses received in response to the RFP
• Waive or Change any formalities, irregularities, or inconsistencies in proposal format delivery
• To negotiate any aspect of proposal with any bidder and negotiate with more than one bidder
at a time
• Extend the time for submission of all proposals
• Share the information/ clarifications provided in response to RFP by any bidder, with any
other bidder(s) /others, in any form.
• Cancel the RFP/Tender at any stage, without assigning any reason whatsoever.
• Interview the personnel being deployed on the project
2. Substitution of Project Team Members: During the assignment, the substitution of key staff
identified for the assignment will not be allowed unless such substitution becomes unavoidable

to overcome the undue delay or that such changes are critical to meet the obligation. In such
circumstances, the bidder can do so only with the concurrence of the Bank by providing other
staff of same level of qualifications and expertise.
3. Professionalism: The bidder should provide professional, objective and impartial advice at all
times and hold the Bank’s interests paramount and should observe the highest standard of
ethics while executing the assignment.
4. Adherence to Standards: The bidder should adhere to laws of land and rules, regulations and
guidelines prescribed by various regulatory, statutory and Government authorities
5. The Bank reserves the right to conduct an audit/ongoing audit of the consulting services
provided by the bidder.
6. The Bank reserves the right to ascertain information from the Banks and other institutions to
which the bidders have rendered their services for execution of similar projects.
7. EXPENSES: It may be noted that Bank will not pay any amount/expenses / charges / fees /
travelling expenses / boarding expenses / lodging expenses / conveyance expenses / out of
pocket expenses other than the “Agreed Professional Fee”.
8. The bidder cannot change the people assigned to a particular piece of work till such work is
complete unless consented in written by the Bank.
9. The bid should contain the resource planning proposed to be deployed for the project which
includes, inter-alia, the number of personnel, skill profile of each personnel, duration etc.
10. The bidder is expected to quote for the prices of the services exclusive of applicable taxes like
GST etc. as on the date of bid submission. The amount of applicable taxes should be given in
the commercial as extra. Any upward / downward revision in the tax rates from the date of the
bid submission will be to the account of the Bank.
6.47. Timeframe
The timeframe for the overall selection process will be as mentioned in this RFP in section 3:” Invitation
to the Tender”
The Bank reserves the right to vary this timeframe at its absolute and sole discretion and without
providing any notice/intimation or reasons thereof. Changes to the timeframe will be relayed to the
affected Respondents during the process.
The time schedule will be strictly followed. Interested parties should adhere to these timelines.
However, the Bank reserves the right to change the aforementioned timelines at its sole discretion.
6.48. Authorized Signatory
The selected bidder shall indicate the authorized signatories who can discuss and correspond with
the Bank, with regard to the obligations under the contract.
The selected bidder shall submit at the time of signing the contract, a certified copy of the extract of
the resolution of their Board, authenticated by Board Secretary, authorizing an official or officials of
the company or a Power of Attorney copy to discuss, sign agreements/contracts with the Bank. The
bidder shall furnish proof of signature identification for above purposes as required by the Bank.

6.49. Applicable Law and Jurisdiction of Court
The Contract with the selected bidder shall be governed in accordance with the Laws of India for the
time being enforced and will be subject to the exclusive jurisdiction of Courts at Pune (with the
exclusion of all other Courts).
6.50. No Employer-Employee Relationship
This agreement is on a Principal to Principal basis and does not relate any employer – employee
relationship. Nothing contained in this Agreement or otherwise shall be deemed to create any
partnership, joint venture, employment or relationship of principal and agent, or master and servant
between the parties hereto or any of their respective employees, affiliates, subsidiaries, related
business entities, agents, contractor or subcontractor or to provide either party with any right, power
or authority, whether express or implied, to create any duty or obligation on behalf of the other party.
6.51. Minimum Wages
The bidder hereby agrees and undertakes that during the subsistence of this agreement it will not
employ any personnel/individual below the Minimum Wages fixed by appropriate Government on this
behalf from time to time, as per the provisions of Minimum Wages Act 1948. In this effect, bidder has
to submit undertaking on their company letterhead signed by authorized signatory.
The successful bidder will ensure strict compliance of all labour laws, insurance, minimum wages to
the staff employed /deployed /engaged for the work assigned and the Bank will not be liable for any
such persons/personnel of successful bidder and shall not be liable for any levies / penalties etc. that
may be imposed by the Authorities concerned for their action/inaction. There shall be no employer
employee relationship whatsoever between the Bank and the successful bidder /their employees and
the bidder or his employees, staff, agents will not be entitled to any employment with Bank.
In the event of any demand/fines/penalty made by any of the authorities on Bank in respect of the
conduct/actions taken by the bidder/their employees/laborers’, the Bank will be entitled to recover the
said amounts from the bills / amount payable or from the performance guarantee and also take
appropriate action against said persons of bidder/bidder for their misconduct, if any.
6.52. Escrow Arrangement:(if applicable)
The Bank and the successful bidder shall agree to appoint an escrow agent to provide escrow
mechanism for the deposit of the source code for the proposed solution supplied/ procured by the
successful bidder to the Bank in order to protect its interests in an eventual situation. The Bank and
the successful bidder shall enter into a tripartite escrow agreement with the designated escrow agent,
which will set out, interalia, the events of the release of the source code and the obligations of the
escrow agent. Costs for the Escrow will be borne by the successful bidder. As a part of the escrow
arrangement, the final successful bidder is also expected to provide a detailed code documentation
of the Audit software solution which has been duly reviewed by an external independent organization/
consultant of the Bank. The successful bidder shall maintain the Software libraries and ensure all
future upgrades and Customizations are effected in the escrow copy maintained as a part of the
escrow arrangement till the Contract Period. The Bidder shall cause the owner of Source Code to
deposit fully documented Source Code for the Software provided under the Deliverables (including in
any stage of completeness, repair, or Acceptance Testing) in escrow. Under such escrow agreement,
the escrow agent shall be required to verify each such deposit by the owner of Source Code. The
successful bidder shall verify or cause the owner of Source Code to periodically (a) verify that all such

deposits are current and complete and (b) promptly provide the Bank with written certifications of such
currency and completeness.
The Escrow arrangement suggested by the successful bidder shall not be binding on the Bank. The
Bank reserves the right to explore alternate escrow mechanisms based on the Bank’s existing
practices. The Bank and the successful bidder may enter into such escrow arrangement that is
mutually agreed upon by the two parties.
The escrow will be released and become the property of the Bank in the event that the agreement is
terminated for either default or insolvency or should the successful bidder cease, or give notice of
intention to cease providing maintenance or technical support service for the software as required by
the agreement.
6.53. Service Continuity
After the completion of initial period of 05 (five) years, the contract may be extended/renewed for such
further period as would be decided by the Bank on the same terms and conditions as mentioned
herein at mutually agreed cost. Till such time for the execution of renewal, the Bidder and OEM shall
continue to provide services to the Bank under service continuity clause.
The bidder recognizes that all the services under this Agreement are vital to the Bank and bidder
agrees to provide continued services rendered by bidder and its OEM partners till the renewal of the
contract after the contract expiration or until any other alternate Service Provider is finalized.
The bidder shall be reimburse juued for the service rendered for the period after the contract expiration
at a fee not to exceed a pro rata portion of the fee under this contract payable in the same manner as
per the contract and in proportion to the period of service extended after the contract.
The bidder agrees that after completion of the Term or upon earlier termination of the assignment the
bidder shall, if required by Bank, continue to provide facility to Bank at no less favorable terms than
those contained in this tender document. Unless mutually agreed, the rates shall remain firm
6.54. Source Code Audit (if applicable)
a) The Bank shall have right to audit of the complete solution proposed by the bidder, and also
inspection by the regulators of the country. The Bank shall also have the right to conduct source
code audit by third party auditor.
b) The Bidder shall provide complete and legal documentation of all subsystems, licensed
operating systems, licensed system software, and licensed utility software and other licensed
software. The Bidder shall also provide licensed software for all software products whether
developed by it or acquired from others. The Bidder shall also indemnify the Bank against any
levies / penalties on account of any default in this regard.
c) In case the Bidder is coming with software which is not its proprietary software, then the Bidder
must submit evidence in the form of agreement it has entered into with the software vendor
which includes support from the software vendor for the proposed software for the full period
required by the Bank.

6.55. Audit and Inspection of Codes/Records
All Bidder records with respect to any matters covered by this tender shall be made available to Bank
or its designees, including RBI Inspectors / auditors at any time during normal business hours, as
often as Bank deems necessary, to audit, examine, and make excerpts or transcripts of all relevant
data. Said records are subject to examination. Bank’s auditors or its designees would execute
confidentiality agreement with the Bidder, provided that the auditors would be permitted to submit their
findings to Bank, which would be used by Bank. The cost of the audit shall be borne by Bank. The
scope of such audit would be limited to Levels being covered under the contract, and financial
information would be excluded from such inspection, which shall be subject to the requirements of
statutory and regulatory authorities.
Bank, its representative, RBI and Government Agencies shall have all the rights to carry out the VAPT
(Vulnerability and penetration testing) or other system Audit for the service offered under this RFP.
The Bidder should comply with the various IS Audit observations raised by the Bank’s Audit Team /
External Auditor / Regulatory Entity etc as per Bank’s policy
Bank shall conduct Pre on boarding & Post on boarding Risk Assessment of the successful bidder.
Bidders are required to cooperate in providing the required support during the process of Pre on
boarding & Post on boarding Risk Assessment.
6.56. Guarantees
Bidder should guarantee that the software supplied to Bank is licensed and legally obtained. All and
software must be supplied with their original and complete printed documentation.
6.57. Solution/Equipment Integration with SIEM, ITSM & NMS
It would be bidder’s responsibility to integrate proposed solution with existing SIEM, ITSM and NMS
solutions deployed by the Bank to generate alerts for any violations including IT Cyber Security related
violations. Bidders are expected to support the Bank to send logs from the proposed configuration in
an acceptable format to the existing SIEM solution or any such alert management solution
implemented by the Bank during contract period of proposed solution without any additional cost.
Bidder would be provided adequate support by Bank’s existing system Integrator for SIEM, ITSM and
NMS system or any other similar solutions for the purpose of integration of proposed solution,
wherever required.
6.58. Software Licenses
The bidder should provide the required licenses for the software supplied, middleware and the related
manuals. Bidder should provide the counts, version number of the various components of software
used in the application provided to the Bank. Bidder should deploy the latest and stable version of the
software.
6.59. Acceptance Test
At the discretion of Bank, acceptance test will be conducted by the bidder at the site in the presence
of the officials of Bank and/or its nominated consultants. The tests will check for trouble-free operation
of the complete system for ten consecutive days apart from physical verification and testing. There
shall not be any additional charges payable by Bank for carrying out this acceptance test. Bank will
take over the system on successful completion of the above acceptance test. OEM must certify that

the project has been implemented as per industry best practices and guidelines and no zero-day
threats or malware is present in the installed devices, appliances and overall solution.
6.60. Warranty, AMC & ATS
a) The Bidder shall provide the maintenance (Warranty, AMC & ATS) for a period of Five (5)years
beginning from the date of acceptance for all the hardware, software, solutions & services within
the scope of work of this RFP. The Warranty period for the new components shall be for the first
3 (Three) years for Hardware and the AMC/ATS shall be factored for the subsequent years for the
tenure of the contract. The Bidder must factor the costs in the Bill of Material accordingly. As part
of warranty, AMC & ATS support the Bidder has to: 1) 1. Tie back with respective OEMs for the
maintenance services (Warranty/AMC/ATS). 2. Warrant all the Hardware equipment and
software against defects arising out of faulty design, materials and media workmanship etc., for
a period of FIVE years from the date of acceptance of the solution by the Bank.
b) Provide for maintenance of Hardware equipment, including repair or replacement activity after a
problem has occurred, If the supplied equipment is to be replaced permanently due to the Bidder’s
inability to provide spares or maintain the equipment, the Bidder shall replace the equipment of
same Make/ Model/configuration or of higher configuration. However, the Bank may accept
different make/model/ configuration at its discretion if the original make/model/configurations are
not available in the market due to obsolescence or technological upgradation.
c) Provide the support services like repair, replacement to resolve the problem as per the Service
levels defined in this RFP under section Service Levels.
d) Defective Hardware equipment shall be replaced by the Bidder at his own cost, including the
cost of transport etc. The Bidder shall not charge the Bank for any extra charges related to this
activity.
e) Provide adequate spares for the critical components of the solution equipment.
f) Provide on-site support during quarterly DR drills or whenever required by the Bank at DC/ DR
without any additional cost.
g) Agree that the Bank will not be liable to pay any additional amounts in respect of any sort of
maintenance covered under the scope of this tender during the tenure of the contract. Free on-
site maintenance services shall be provided by the Bidder during the period of warranty.
h) Undertake system maintenance and replacement or repair of defective Hardware Equipment.
i) In case equipment taken away for repairs, the Bidder shall provide similar standby equipment
so that the equipment can be put to use in the absence of the originals/replacements without
disrupting the Bank’s regular work.
j) If during operation, the down time of any piece of equipment or component thereof does not
prove to be within reasonable period, the Bidder shall replace the unit of component with another
of the same performance and quality or higher, at no cost to the Bank.
k) Further provided that the Bank may, during the contract, shift the goods wholly or in part to other
location(s) within the Country and in such case the Bidder undertakes to continue to warrant or
maintain the goods at the new location without any other additional cost to the Bank.
l) In case the Bank desires to get the services delivered by their appointed service provider or
System Integrator, then the OEM shall transfer such services to that preferred service provider
or System Integrator at no additional cost to the Bank. A declaration to that effect from OEM
shall be submitted by the bidder as per the format provided in Annexure 19 - Manufacturer
Authorization.
m) In case of any issue with Hardware equipment and related software supplied by the Bidder,
Bidder (who has supplied the Hardware equipment/software) shall log a call with OEM. It is the
responsibility of the Bidder to resolve the issue with the assistance of the OEM where ever
deemed necessary.
n) Provide all future software upgrades and patches for all components of the solution and assist
the Bank or its System Integrator to install the same, if Bank desires during period of warranty,
free of cost.

o) The Bidder warrants that the Goods supplied under the Contract are new & unused, of the most
recent or current models and incorporate all recent improvements in design and materials unless
provided otherwise in the RFP.
p) The Bidder further warrants that all the Goods supplied under as part of this RFP shall have no
defect arising from design, materials or workmanship (except when the design and/or material
is required by the Bank’s Specifications) or from any act or omission of the Bidder, that may
develop under normal use of the supplied Goods in the conditions prevailing at the final
destination.
q) The Bank will not be liable to pay any additional amount in respect of any sort of maintenance
covered under the scope of this tender during the tenure of the contract. On-site maintenance
services without any additional cost shall be provided by the successful bidder during the period
of warranty/ATS/AMC
r) Successful bidder shall ensure necessary changes or modifications announced by RBI/IDRBT
any regulatory authority or any other statutory authorities within the timelines or schedule stated
by respective authorities without charging any extra cost to the Bank during the contract period.
No exclusions / exceptions will be permitted in complying to the guidelines of RBI / NPCI/IDRBT
or any other regulatory statutory bodies.
s) Successful bidder shall provide required help during VAPT (External & Internal), IS Audit,
Security Audit, various compliances specially government and regulatory, cyber related, etc. to
the Bank. Also rectify the irregularities pointed out during IS Audit at no cost to the Bank. The
bidder shall rectify the audit observations as per Bank’s policy
t) The successful Bidder should also guarantee that all the software supplied by the Bidder is
licensed and legally obtained. Successful Bidder shall be fully responsible for any IP rights
violation in connection to the supplied software. Only licensed copies of software shall be
supplied and ported. The bidder also warrants that all the licenses/ registrations obtained for
any equipment/ software shall be in the name of the Bank, the bidder shall produce all relevant
proofs.
6.61. Order Cancellation
Bank reserves its right to cancel the order without assigning any reasons in the event of one or more
of the following situations:
a) Non satisfactory performance of the hardware / software

b) Delay in delivery beyond the specified period for delivery.
c) Delay in installation beyond the specified period for installation from the date of purchase order.
d) Serious discrepancy in solution noticed during the pre/post installation.
In addition to the cancellation of purchase order, Bank reserves the right to appropriate the damages
from the earnest money deposit (EMD) given by the bidder or foreclose the Bank Guarantee given in
lieu of EMD and/or foreclose the Bank guarantee given by the supplier against the advance payment.
6.62. Future additions of Hardware / Software
Bank would have the right to:

a) Shift the supplied system to an alternate site of its choice
b) Disconnect/connect/Substitute accessories etc. or device or any equipment/software acquired
from another bidder.
c) Expand the capacity/enhance the features/upgrade the hardware/software supplied either from
the bidder or another bidder or developed in-house.

The warranty or service contract terms would not be considered as violated if any of above takes
place. Should there be a fault in the operations of the system the bidder, would not unreasonably
assume that the cause lie with those components/software not acquired from them.
6.63. Completeness of Installation
The installation will be deemed as incomplete if any component of the hardware, software, etc., or any
documentation/media is not delivered or is delivered but not installed and/or not operational or not
acceptable to Bank after acceptance testing/examination.
In such an event, the supply & installation will be termed as incomplete and it will not be accepted and
warranty period will not commence.
6.64. Clarification on Offers
To assist in the scrutiny, evaluation and comparison of offers, Bank may, at its discretion, ask some
or all bidders for clarification of their offer. The request for such clarifications and the response will
necessarily be in writing.
6.65. No Commitment to Accept Lowest or Any Tender
Bank shall be under no obligation to accept the lowest or any other offer received in response to this
tender notice and shall be entitled to reject any or all offers including those received late or incomplete
offers, without assigning any reason whatsoever. Bank reserves the right to make any changes in the
terms and conditions of purchase. Bank will not be obliged to meet and have discussions with any
bidder, and or to listen to any representations.
6.66. Make, Model & Part numbers of the equipment/solution
It is mandatory to provide the make, model and part/version number of all equipment/software and
their subcomponents as asked for in the technical specification. The offer may not be evaluated and/or
will be liable for rejection in case of non-submission or partial submission of make, model and part
numbers of the items offered. Please note that substituting this information by just brand name is not
enough. (Part no of the sub components may be provided.)
6.67. Disclaimer
The scope of work document is not an offer made by Bank but an invitation for response based on
which the Bank may further evaluate the response or call for alternate or more responses from other
Bidders. The Bank has the right to ask for other competitive quotations and can award any part or
complete work to another Bidders whom so ever they feel eligible for the same taking into
consideration the price and quality.

7. ANNEXURES
7.1. ANNEXURE 1: CERTIFICATE FOR RFP COST WAIVER FOR MSE/NSIC FIRMS
(In Letter head of Chartered Accountant)

Date:
This is to certify that M/s. _________________________________, having registered office at

__________________________________has made an original investment of Rs. __________/- in
_________________, as per Audited Balance Sheet as on 31.03.2023 Further we certify that the
Company is classified under SME as per MSME Act 2006.
We have checked the books of the accounts of the company and certify that the above information is
true and correct.
Chartered Accountant Firm Name
Signature
Name
Reg. No.
Seal of the
VID No. firm

7.2. ANNEXURE 2: CHECKLIST OF DOCUMENTS TO BE SUBMITTED
1. Index
2. Non-Disclosure Agreement on Stamp Paper of Rs.500 as per ANNEXURE-4
3. Technical Bid Covering Letter as per ANNEXURE-5.
4. Details of the Bidder as per ANNEXURE-6
5. Details of the Past Experience as per ANNEXURE-7
6. Compliance Certificate- ANNEXURE-8
7. UNDERTAKING OF INFORMATION SECURITY- ANNEXURE-9
8. PRE CONTRACT INTEGIRITY PACT-ANNEXURE-10
9. MODEL CERTIFICATE FORMAT FOR TENDER PARTICIPATION TO BE SUBMITTED BY
BIDDERS- ANNEXURE-13B
10. LIST OF DEVIATIONS. (If Any)- ANNEXURE-14
11. BID FORM- ANNEXURE-15
12. UNDERTAKING BY BIDDER FOR NON BLACKLISTING-Annexure-16
13. ANNEXURE 17: TERMS & CONDITIONS COMPLIANCE
14. ANNEXURE 18: DETAILS OF HARDWARE, DATABASE AND OPERATING SYSTEM
REQUIREMENT.
15. ANNEXURE 19: MANUFACTURER’S AUTHORIZATION FORM (MAF).
16. ANNEXURE 20: PROPSOED TEAM PROFILE
17. ANNEXURE 21: UNDERTAKING FOR NOT BEING NPA.
18. ANNEXURE 22: DETAILS OF SERVICE CENTRES.
19. ANNEXURE 23: FORMAT FOR LOCAL CONTENT.
20. ANNEXURE 24: UNDERTAKING FOR REGULATORY GUIDELINES & IT ACT
ADHERENCE.
21. Masked Commercial offer
22. EMD / BG / DD
23. ANNEXURE D: ELIGIBILITY EVALUATION COMPLIANCE.
24. ANNEXURE H: COMPLIANCE TO TECHNICAL SPECIFICATIONS.
25. Technical Documentation (Product Brochures, leaflets, manuals etc.). An index of technical
documentation submitted with the offer must be enclosed.
26. Bidder’s Financial Details (audited balance sheets, annual reports etc.) and other supporting
documents, as asked in the tender document
27. All documentary evidence wherever required to be submitted be properly arranged.

7.3. ANNEXURE 3: FORMAT FOR PRE BID QUERIES
A ) Queries Related to RFP-28/2023-24 for Supply, Installation, Configuration, Integration,

Bank’s Data Center (DC) and Disaster Recovery Site (DR)
RFP RFP-28/2023-24 for Supply, Installation, Configuration, Integration,

Implementation, and Maintenance of Anti DDoS solutions with facility
management support for Bank’s Data Center (DC) and Disaster Recovery Site
(DR)
BIDDERS NAME
Sr no Page # Point / Section Main Section Clarification point Comment /
# name as stated in Suggestions
tender document
B) General queries Related to RFP
RFP RFP-28/2023-24 for Supply, Installation, Configuration, Integration,

management support for Bank’s Data Center (DC) and Disaster Recovery Site
(DR)
BIDDERS NAME
Sr. No. General Query related to RFP Comment / Suggestions
Date:
Place:
Signature of Authorized Signatory:
Name of Signatory:
Designation:
Seal of Company:

7.4. ANNEXURE 4: NON DISCLOSURE AGREEMENT

(On stamp paper of Rs. 500)
This Non-Disclosure Agreement is made and entered into at this__ _day of______2023 at
___(Place)______BY AND BETWEEN Bank of Maharashtra, a body corporate constituted under
Banking Companies (Acquisition and transfer of undertakings) Act 1970, & having its Head Office at
1501, ‘Lokmangal’ Shivajinagar, Pune – 411005, (hereinafter referred to as
“Purchaser/Bank/Disclosing Party” which expression shall unless it be repugnant to the subject
thereof, include its successors and assigns) of the FIRST PART and (Name of System Integrator) of
(please specify the registered office of the (System Integrator) (hereinafter called “the System
Integrator/Contractor/receiving party” which expression shall unless it be repugnant to the subject,
context or meaning thereof shall be deemed to mean and include its successors) of the OTHER PART;
The bidder and Bank are hereinafter collectively referred to as “the Parties” and individually as
“the Party”
WHEREAS, Bank called for the bids as per RFP-28/2023-24 for Supply, Installation, Configuration,
Integration, Implementation, and Maintenance of Anti DDoS solutions with facility management
support for Bank’s Data Center (DC) and Disaster Recovery Site (DR). M/s…………………. after
going through the Bid Documents and being interested to act as consultant as per RFP-28/2023-24
for Supply, Installation, Configuration, Integration, Implementation, and Maintenance of Anti
DDoS solutions with facility management support for Bank’s Data Center (DC) and Disaster
Recovery Site (DR), has submitted its Bid.
WHEREAS, the bidder is aware and confirms that the information, data, drawings and designs, and
other documents made available in the Bid Documents / the Contract and thereafter regarding the
Services as furnished by the System Integrator in their Request for Proposal or otherwise and all the
Confidential Information under the Bid Documents/the Contract is privileged and strictly confidential
and/or proprietary to Bank,
NOW, THEREFORE THIS AGREEMENT WITNESSETH THAT in consideration of the above
premises and the Bank granting the contractor and or his agents, representatives to have specific
access to Bank property / information and other data it is hereby agreed by and between the parties
hereto as follows:
(i) maintain and use the Confidential Information only for the purposes of this Contract and only
as permitted herein;
(ii) make copies as specifically authorized by the prior written consent of the other party and with
the same confidential or proprietary notices as may be printed or displayed on the original;
(iii) restrict access and disclosure of confidential information to such of their employees, agents,
vendors, and contractors strictly on a "need to know" basis, to maintain confidentiality of the
Confidential Information disclosed to them in accordance with this clause; and
(iv) Treat Confidential Information as confidential for a period of 7 years from the date of
receipt. In the event of earlier termination of this Contract, Confidentiality shall survive
termination/expiry of the agreement
Confidential Information does not include information which:

1. the recipient knew or had in its possession, prior to disclosure, without limitation on its
confidentiality; is independently developed by the recipient without breach of this Contract;
2. is the public domain
I. is received from a third party not subject to the obligation of confidentiality with respect
to such information

II. is released from confidentiality with the prior written consent of the other party.
The recipient shall have the burden of proving hereinabove are applicable to the information in the
possession of the recipient
Notwithstanding the foregoing, the parties acknowledge that the nature of the Services to be
performed under this Contract may require the bidder’s personnel to be present on premises of Bank
or may require the bidder’s personnel to have access to computer networks or databases or
information of Bank while on or off premises of Bank. It is understood that it would be impractical for
Bank to monitor all information made available to the bidder’s personnel under such circumstances
and to provide notice to the bidders of the confidentiality of all such information. Therefore, the bidder
agrees and undertakes that any technical or business or other information of Bank that the bidder’s
personnel, or agents acquire while on Bank premises, or through access to Bank computer systems
or databases while on or off Bank premises, shall be deemed Confidential Information.
Confidential Information shall at all times remain the sole and exclusive property of the disclosing
party. Upon termination of this Contract, confidential information shall be returned to the disclosing
party or destroyed, if incapable of return. The destruction shall be witnessed and so recorded, in
writing, by an authorized representative of each of the parties. Nothing contained herein shall in any
manner impair or affect rights of Bank in respect of the Confidential Information.
In the event that any of the parties hereto becomes legally compelled to disclose any Confidential
Information, such party shall give sufficient notice to the other party to enable the other party to
prevent or minimize to the extent possible, such disclosure. Neither party shall disclose to a third
party any Confidential Information or the contents of this Contract without the prior written consent
of the other party. The obligations of this Clause shall be satisfied by handling Confidential
Information with the same degree of care, which the receiving party applies to its own similar
confidential information but in no event less than reasonable care. The obligations of this clause
shall survive the expiration, cancellation or termination of this Contract.
Governing Law: The provisions of this Agreement shall be governed by the laws of India and the
competent court at Pune shall have exclusive jurisdiction in relation thereto even though other
Courts in India may also have similar jurisdictions.
Damages: The provisions of this Agreement are necessary for the protection of confidentiality of
data and the business goodwill of the Bank and are considered by the parties to be reasonable for
such purposes. Receiving Party agrees that any breach of this Agreement will cause substantial
and irreparable damages to the Disclosing Party. In the event of such breach, in addition to other
remedies, the disclosing party has a right to receive entire loss and damages on account of such
disclosure. Further, the Receiving Party agrees to indemnify the Disclosing Party against loss
suffered, directly or indirectly, due to breach of contract and undertakes to indemnify for the same
Resolution of Disputes: All disputes and differences of any kind whatsoever arising out of or in
connection shall be settled amicably by direct informal negotiation between both the parties.
However, in case of non-settlement of such dispute, the matter shall be referred to higher authorities.
Even after the interference of higher authorities, the dispute persists, such dispute will be referred
for Arbitration to Sole Arbitrator. However, in case of non-consensus on sole arbitrator within 15
days, each party will appoint one Arbitrator. The two arbitrators appointed by the parties shall appoint
a third arbitrator who will act as the chairman of the proceedings. The Award of the Arbitrator shall
be Final and binding on the parties. The Arbitration and Conciliation Act 1996 or any statutory
modification thereof shall apply to the arbitration proceedings. The venue of the arbitration shall be
at Pune. The expenses will be borne by the parties in equal proportion. Language of the Arbitration
shall be in English.
Return of information: Within seven (7) days of a written request by the Disclosing Party, the
Receiving Party shall return/destroy (as may be requested in writing by the Disclosing Party or upon

expiry and or earlier termination) all originals, copies, reproductions and summaries of Confidential
Information provided to the Receiving Party as Confidential Information. The Receiving Party shall
certify to the Disclosing Party in writing that it has satisfied its obligations under this paragraph.
Waiver Clause: The failure to exercise any right provided in this Agreement shall not be a waiver
of prior, concurrent or subsequent rights unless made in writing and signed by the authorized
representative of both Parties. This agreement and each party’s obligation shall be binding on the
representatives, assigns and successors of such Party.
Relationship between parties: This Agreement is on a Principal to Principal basis and does not
create any employer - employee relationship. Nothing contained in this Agreement or otherwise shall
be deemed to create any partnership, joint venture, employment or relationship of principal and
agent, or master and servant between the parties hereto or any of their respective employees,
affiliates, subsidiaries, related business entities, agents, contractors or subcontractors or to provide
either party with any right, power or authority, whether express or implied, to create any duty or
obligation on behalf of the other party.
Notice Clause: All notices given under this Agreement must be in writing. A notice is effective upon
receipt and shall be sent via one of the following methods: delivery in person, courier service,
registered email, postage or any other mode approved by the court of law addressed to the party to
be notified at the below address as such party may designate upon reasonable notice to the other
party:
Disclosing Party Receiving Party

Representative name: Representative name:
Address: Address:
Email: Email:
Phone number: Phone number:
The provisions hereunder shall survive termination of the Contract.

In witness whereof, the Parties hereto have executed these presents the day, month and year first
herein above written
For and on behalf of ---------- Ltd. For and on behalf of Bank of Maharashtra
( ) ( )
(Designation) ( Designation)

7.5. ANNEXURE 5: TENDER OFFER COVER LETTER

Date: __________________________________2023
Tender Reference No.: RFP-28/2023-24 for Supply, Installation, Configuration, Integration,
To
The Deputy General Manager,
Information Technology,
Bank of Maharashtra,
Head Office,
1501, Lokmangal, Shivaji Nagar,
Pune – 411005
Dear Sir,
Sub: Covering Letter for RFP-28/2023-24 for Supply, Installation, Configuration, Integration,
Having examined the Tender Documents including all Annexures, the receipt of which is hereby
duly acknowledged, we, the undersigned offer to supply, implement and maintain ALL the items
mentioned in the ‘Request for Proposal’ and the other schedules of requirements and services for
your Bank in conformity with the said Tender Documents in accordance with the schedule of Prices
indicated in the Price Bid and made part of this Tender.
We understand that the RFP provides generic specifications about all the items and it has not
been prepared by keeping in view any specific bidder.
If our tender offer is accepted, we undertake to commence delivery within______(Number) days

and to complete activities defined in scope of work as specified in the Contract
within_______(Number) days calculated from the date of receipt of your Notification of
Award/Letter of Intent.
If our tender offer is accepted, we will obtain the guarantee of a Bank for a sum equal to 10% of
the Contract Price for the due performance of the Contract.
We agree to abide by this tender offer till 180 days from the date of technical bid opening and our
offer shall remain binding upon us and may be accepted by the Bank any time before the expiration
of that period.
Until a formal contract is prepared and executed, this tender offer, together with the Bank’s written
acceptance thereof and the Bank’s notification of award, shall constitute a binding contract
between us.
We understand that the Bank is not bound to accept the lowest or any offer the Bank may receive.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.6. ANNEXURE 6: DETAILS OF THE BIDDER

Details filled in this form must be accompanied by sufficient documentary evidence, in order to verify
the correctness of the information.
Sl. Item Details

1. Name of Company
2. Postal Address
3. Telephone/Mobile
4. Constitution of the Company
Name and designation of the person authorized to
5.
make commitments to the Bank of Maharashtra
6. Email Address
7. Year of commencement of Business
Turnover of the company (not of group)
FY2020-21
8.
FY2021-22
FY2022-23
Profit of the company (not of group)
FY2020-21
9.
FY2021-22
FY2022-23
10. Goods And Services Tax Number
11. PAN Number
Names and addresses of the principal bankers with
whom major credit facilities (fund / non-fund) are
12. being enjoyed (Also mention names of the Banks
in consortium, names of the contact officials of the
Bank, phone number & email IDs)
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.7. ANNEXURE 7: DETAILS OF PAST EXPIRIENCES OF HANDLING SIMMILAR PROJECT

RECORD
Name of the Bidder ___________________________________________
Sl. No. Name of the Purchase Date of completion of delivery Contact person Total
Client Order/Indent as per contract as well as Name Amount of
Number & Actual Tel. No. Order
Date As per contract Actual Address
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:
Note – Bidder is required to provide supporting documents such as credential letters, PO and
proof of completion of work, copy of agreement etc.

7.8. ANNEXURE 8: COMPLIANCE CERTIFICATE
We communicate our unconditional acceptance to the following terms and conditions of RFP-28/2023-
24 for Supply, Installation, Configuration, Integration, Implementation, and Maintenance of Anti
DDoS solutions with facility management support for Bank’s Data Center (DC) and Disaster
Recovery Site (DR)
1. We acknowledge that we have received, read, understood and agreed to all terms, guidelines,
industry regulations and audit compliance of RBI/NPCI/UIDAI /Regulatory/Statutory (including
payment terms) in the Tender Document no. RFP-28/2023-24 for Supply, Installation,
Configuration, Integration, Implementation, and Maintenance of Anti DDoS solutions with facility
management support for Bank’s Data Center (DC) and Disaster Recovery Site (DR).
2. We agree that we cannot change Price or Quantity or Quality or Delivery terms or Technology
& Service levels (or any other terms that impact the price) post the bid event without prior
consent of Bank.
3. We agree that we are deemed to have accepted the all rules on participation at the bid. Bank
will make every effort to make the bid process transparent. However, the award decision by
Bank would be final and binding on us.
4. We agree not to divulge either our bids or those of other bidders to any other external party.
5. Bank has implemented ISMS framework; hence we agree to abide by the required integrations
of security policies of the Bank.
6. We agree to non-disclosure of trade information regarding the purchase, part specifications, and
identity of Bank, bid process, bid technology, bid documentation and bid details. Bank
documents remain the property of Bank and all bidders are required to return these documents
to Bank upon request.
7. Bank’s decision will be final and binding on us and would be based on Strategic Sourcing
Evaluation, Current Service Performance and Actual Compliance of Agreed Specifications.
8. Splitting of the award decision over a number of bidders or parts or over time (as in the case of
staggered deliveries) will be at Bank’s discretion.
9. Bids once made cannot be withdrawn or modified under any circumstances. Only blatant typing
errors would be withdrawn from bid. The decision of Bank would be final and binding on all
bidders.
10. Bank has the right to decide to extend, reschedule, cancel the RFP.
11. Please note that Bank may consider debarring a bidder in the event the bidder violates terms
and conditions mentioned in this compliance agreement.
12. We have read the Bank technical specifications & drawings for various products in detail & have
agreed to comply with Quality, Technology & Service expectations.
13. Product specifications offered in technical bid will remain unchanged. No diversification /
substitution of products will be entertained.
14. We confirm that this offer is valid for six months from the date of opening of Technical Bid.
Having examined the Tender Documents including all Annexures, the receipt of which is hereby
duly acknowledged, we, the undersigned offer to provide consultancy in conformity with the said
Tender Documents and in accordance with our proposal and the schedule of Prices indicated in
the Price Bid and made part of this Tender.
15. We hereby agree to comply with all the terms and conditions / stipulations as contained in the
RFP DOCUMENT and the related addendums and other documents including the changes
made to the original RFP documents issued by the Bank which shall form a valid and binding
part of the aforesaid RFP DOCUMENT. The Bank is not bound by any other extraneous matters
or deviations, even if mentioned by us elsewhere either in our proposal or any subsequent
deviations sought by us, whether orally or in writing, and the Bank’s decision not to accept any
such extraneous conditions and deviations will be final and binding on us.

If our Bid is accepted, we undertake to complete the assignments within the scheduled timelines
We confirm that this offer is valid for 180 days from the date of technical bid opening.
If successful, we are agreed to provide uninterrupted service till project completion.
We agree to have read and understood the Compliance Agreement in its entirety and agree to abide
by this Statement.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.9. ANNEXURE 9: UNDERTAKING OF INFORMATION SECURITY
(This letter should be on the letterhead of the bidder as well as the OEM/ Manufacturer duly signed
by an authorized signatory on Information security as per regulatory requirement)
Date: / /
To,
Head Office,
Pune – 411005
Sir,
Sub : RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

Maintenance of Anti DDoS solutions with facility management support for Bank’s Data Center
(DC) and Disaster Recovery Site (DR)
We hereby undertake that the proposed Product/solution / software to be supplied will be free of
malware, free of any obvious bugs and free of any covert channels in the code (of the version of the
application being delivered as well as any subsequent versions/modifications done)
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.10. ANNEXURE 10: PRE CONTRACT INTEGIRITY PACT
General:
”This pre-bid pre-contract Agreement (hereinafter called the Integrity Pact) is made on _____ day
of month of _________ 2023 at_(place)________, between on one hand, Bank of Maharashtra
through authorized official Shri____________, General Manager, Information Technology
Department, Bank of Maharashtra, a body corporate constituted under Banking Companies
(Acquisition and transfer of undertakings) Act 1970, & having its Head Office at 15.1, ‘Lokmangal’
Shivajinagar Pune – 411005, (hereinafter called the “BUYER”, which expression shall u n l e s s i t
b e r e p u g n a n t t o t h e s u b j e c t t h e r e o f , include its successors and assigns) of the First Part
and
M/s__________________ represented by Shri. ___________________ Chief Executive Officer
(herein called the “BIDDER/Seller” which expression shall mean and include unless the context
otherwise requires his successors and permitted assigns) of the Second Part.
WHEREAS the BUYER proposes to procure (Name of the Stores/Equipment/Item/Services) and the
BIDDER/Seller is willing to offer/has offered the stores and__________________.
WHEREAS the BIDDER is a private company / public company / Government undertaking/partnership/

registered export agency/LLP, constituted in accordance with the relevant law in the matter and the
BUYER is Bank of Maharashtra.
NOW, THEREFORE,
To avoid all forms of corruption by following a system that is fair transparent and free from any influence/
prejudiced dealings prior to, during and subsequent to the currency of the contract to be entered into
with a view to: -
Enabling the BUYER to obtain the desired Equipment/product/services at a competitive price

in conformity with the defined specifications by avoiding the high cost and the distortionary impact
of corruption on public procurement, and
Enabling BIDDERs to abstain from bribing or indulging in any corrupt practice in order to secure the
contract by providing assurance to them that their competitors will also abstain from bribing and other
corrupt practices and the BUYER will commit to prevent corruption, in any form by its officials by
following transparent procedures. The parties hereto herby agree to enter into this Integrity Pact and
agree as follows:
1. Commitments of the BUYER:
1.1. The BUYER undertakes that no officials of the BUYER, connected directly or indirectly with
contract will demand, take a promise for or accept directly or through intermediaries any
bribe, consideration gift reward favor or any material or immaterial benefit or any other
advantage from the Bidders either for themselves or for any person, organization or third
party related to the contract in exchange for an advantage in the bidding process, bid evaluation
contracting or implementation process related to the contract.
1.2. The BUYER will, during the pre-contract stage, treat all BIDDERs alike, and will provide to all
BIDDERs the same information and will not provide any such information to any particular

BIDDER which could afford an advantage that particular BIDDER in comparison to other
BIDDERs.
1.3. All the officials of the BUYER will report to the appropriate Government office any attempted
or completed breaches of the above commitments as well as any substantial suspicion of such
a breach.
2. In case any such preceding misconduct on the part of such official(s) is reported by the BIDDER
to the BUYER with full and verifiable facts and the same is prima facie found to be correct by
the BUYER, necessary disciplinary proceedings or any other action as deemed fit, including
criminal proceedings may be initiated by the BUYER and such a person shall be debarred
from further dealings related to the contract process. In such a case while an enquiry is
being conducted by the BUYER the proceedings under the contract would not be stalled.
3. COMMITMENTS of BIDDERs
The BIDDER commits itself to take all measures necessary to prevent corrupt practices,
unfair means and illegal activities during any stage of its bid or during any pre-contract or post
contract stage in order to secure the contract or in furtherance to secure it and in particular
commit itself to the following: -
3.1. The BIDDER will not offer, directly or through intermediaries, any bribe gift consideration
reward favor, any material or immaterial benefit or other advantage, commission fees,
brokerage or inducement to any official of the BUYER, connected directly or indirectly with
bidding process, or to any person organization or third party related to the contract in
exchange for any advantages in the bidding, evaluation contracting and implementation
of the contract.
3.2. The BIDDER further undertakes that it has not given, offered or promised to give, directly
or indirectly any bribe, gift, consideration, reward, favor, any material benefit or other
advantage commission fees brokerage or inducement to any officials of the BUYER or
otherwise in procuring the Contract or forbearing to do or having done any act in relation
to the obtaining or execution of the contract or any other contract with the Government
for showing or forbearing to show favor or disfavor to any person in relation to the contract
or any other contract with Government.
3.3. The BIDDERs shall disclose the name and address of agents and representatives and Indian
BIDDERs shall disclose their foreign principals or associates.
3.4. The BIDDERs shall disclose the payments to be made by them to agents/brokers or any
other intermediary, In connection with bid/contract.
3.5. The BIDDER further confirms and declares to the BUYER that the BIDDER is the original
manufacturer/integrator and not engaged any individual or firm or company whether Indian
or foreign to intercede, facilitate or in any way to recommend to the BUYER or any of
its functionaries whether officially or unofficially to the award of the contract to the BIDDER,
nor has any amount been paid, promised or intended to be paid to any such individual
firm or company in respect of any such intercession facilitation or recommendation.
3.6. The BIDDER, either while presenting the bid or during pre-contract negotiations
or before signing the contract shall disclose any payments he has made is committed to or
intends to make to officials of the BUYER or their family members, agents, brokers o r
any other intermediaries in connection with the contract and the details of services agreed
upon for such payments.
3.7. The BIDDER will not collude with other parties interested in the contract impair the
transparency fairness and progress of the bidding process, bid evaluation contracting and
implementation of the contract.
3.8. The BIDDER will not accept any advantage in exchange for any corrupt practice unfair
means and illegal activities.
3.9. The BIDDER shall not use improperly, for purposes of competition or personal gain, or pass
on to others any information provided by the BUYER as part of business relationship,

regarding plans, technical proposals and business details including information contained
in any electronic data carrier. The BIDDER also undertakes to exercise due and adequate
care lest any such information is divulged.
3.10. The BIDDER commits to refrain from giving any complaint directly or through any other
manner without supporting it with full and verifiable facts.
3.11. The BIDDER shall not instigate or cause to instigate any thi r d person t o commit any of
the actions mentioned above.
3.12. If the BIDDER or any employee of the BIDDER or any person acting on behalf of the BIDDER
either directly or indirectly, is a relative of any of the officers of the BUYER, or alternatively,
if any relative of an officer of the BUYER has financial interest/stake in the BIDDER’s firm,
the same shall be disclosed by the BIDDER at the time of filing of tender.
The term ‘relative; for this purpose, would be as defined in Clause 6 of the Companies
Act 1956/Section 2(77) of the Companies Act, 2013.
3.13. The BIDDER shall not lend to or borrow any money from or enter into any monetary
dealings or transactions, directly or indirectly, with any employee of the BUYER.
4. Previous Transgression
4.1. The BIDDER declares that no previous transgression occurred in the last three years
immediately before signing of this Integrity Pact, with any other company in any country in
respect of any corrupt practices envisaged hereunder or with any Public Sector Enterprise in
India or any Government Department in India that could justify BIDDER’s exclusion from the
tender process.
4.2. The BIDDER agrees that if it makes incorrect statement on this subject, BIDDER can be
disqualified from the tender process or the contract, if already awarded, can be terminated for
such reason.
5. Sanctions for Violations
5.1. Any breach of the aforesaid provisions by the BIDDER or any one employed by its or action on
its behalf (Whether with or without the knowledge of the BIDDER) shall entitled the BUYER to
take all or any one of the following actions, wherever required:
5.1.1. To immediately call of the pre contract negotiations without assigning any reason or
giving any compensation to the BIDDER. However, the proceedings with the other
BIDDER(s) would continue.
5.1.2. The Earnest Money Deposit (in pre-contract stage) and/ or Securit y Deposit /
Performance Bond (after the contract is signed) , i f a n y , shall stand forfeited either
fully or partially, as decided by the BUYER and the BUYER shall not be required to
assigning any reason therefore.
5.1.3. To immediately cancel the contract, if already signed, without giving any compensation
to the BIDDER.
5.1.4. To recover all sums already paid by the BUYER, and in case of an Indian BIDDER with
interest thereon at 2% higher than the prevailing Prime Lending Rate of State Bank
of India, while in case of a BIDDER from country other than India with interest thereon
at 2% higher than the LIBOR. If any outstanding payment is due to the BIDDER from
the Buyer in connection with any other contract for any other project such outstanding
payment could also be utilized to recover the aforesaid sum and interest.
5.1.5. To encash the advance Bank guarantee and performance bond/warranty bond, if

furnishe d by the BIDDER, in order to recover the payments, already made by the
BUYER, along with interest.
5.1.6. To cancel all or any other Contracts with the Bidder. The Bidder shall be liable to pay
compensation for any loss or damage to the BUYER resulting from such
cancellation/rescission and the BUYER shall be entitled to deduct the amount so
payable from the money(s) due to the Bidder.
5.1.7. To debar the BIDDER from participating in future bidding processes of the Bank for a
minimum period of five years, which may be further extended at the discretion of the
BUYER.
5.1.8. To recover all sums paid in violation of this Pact by Bidder(s) to any middleman or
agent or broker with a view to securing the contract.
5.1.9. In cases where irrevocable letter of credit has been received in respect of any contract
signed by the BUYER with the BIDDER, the same shall not be opened
5.1.10. Forfeiture of Performance Bond in case of a decision by the BUYER to forfeit the
same without assigning any reason for imposing sanctions for violation of this Pact.
6. Fail Clause
6.1. The Bidder undertakes that it has not supplied / is not supplying similar products/systems
or subsystems/ services at a price lower than that offered in the present bid in respect of any
other Ministry/department of the Government of India or PSU and if it is found at any stage that
similar products/systems or sub systems was supplied by the Bidder to any other
Ministry/Department of Government of India or a PSU at a lower price, then that very price,
with due allowance for elapsed time, will be applicable to the present case and the difference
in the cost would be refunded by the BIDDER to the BUYER, if the contract has already been
concluded.
7. Independent Monitors
7.1. The BUYER has appointed Independent Monitors (hereinafter referred to as Monitors) for
this Pact in consultation with the Central Vigilance Commission (Names and Address of the
Monitors to be given).
7.2. The task of the Monitors shall be to review independently and objectively whether and to what
extent the parties comply with the obligations under this Pact.
7.3. The Monitors shall not be subject to instructions by the representatives of the parties and
performs their functions neutrally and independently.
7.4. Both the parties accept that the Monitors have the right to access all the documents
relating to the project/procurement, including minutes of meetings.
7.5. As soon as the Monitor notices, or has reason to believe, a violation of this Pact, he will so inform
the Authority designated by the BUYER.
7.6. The BIDDER(s) accepts that the Monitors has the right to access without restriction to
all Project documentation of the BUYER including that provided by the BIDDER. The BIDDER
will also grant the Monitor upon his request and demonstration of a valid interest,
unrestricted and unconditional access to his pocket documentation. The same is applicable
to subcontractors. The Monitor shall be under contractual obligation to treat the information and

documents of the BIDDER/subcontract(s) with confidentiality.

7.7. The BUYER will provide to the Monitor sufficient information about all meetings among the
parties related to the Project provided such meetings could have an impact on the contractual
relations between the parties. The parties will offer to the Monitor the option to participate in
such meetings.
7.8. The Monitor will submit a written report to the designated Authority of BUYER/Secretary
in the Department/within 8 to 10 weeks from the date of reference or intimation to him by
the BUYER/BIDDER and, should the occasion arise, submit proposals for correction
problematic situations.
8. Facilitation of Investigation
In case of any allegation of violation of a provisions of this act or payment of commission

the BUYER or its agencies shall be entitled to examine all the documents including the Books
of Accounts of the BIDDER and the BIDDER shall provide necessary information and
documents in English and shall extend all possible help for the purpose of such examination.
9. Law and Place of Jurisdiction
This pact is subject to Indian Law. The place of performance and jurisdiction is Pune.
10. Other Legal Actions
The actions stipulated in this Integrity Pact are without prejudice to any other legal action that
may follow in accordance with the provisions of the extant law in force relating to any civil or
criminal proceedings
11. Validity
11.1. The validity of this Integrity Pact shall be from date of its signing and extend up to 8 years or
the complete execution of the contract to the satisfaction of both the BUYER and the
BIDDER/Seller, including warranty period whichever is later, in case BIDDER is unsuccessful,
this Integrity Pact shall expire after six months from the date of the signing of the contract.
11.2. Should one or several provisions of this pact turn out to be invalid; the remainder of this
Pact shall remain valid. In this case, the parties will strive to come to an agreement to their
original intentions.
12. Other Provisions:
12.1. The Bidders (s)/ Sellers (s) signing this IP shall not initiate any Legal action or approach any
court of law during the examination of any allegations/complaint by IEM and until the IEM
delivers its report.
13. The parties herby sign this Integrity Pact at ______________ on ________________
BUYER BIDDER
Name of the Officer Chief Executive Officer
Designation (Office Seal)
IT Department
Bank of Maharashtra

(Office Seal)
Place _____________________
Date _____________________
Witness: Witness:
1 _______________________ 1 _______________________
(Name & Address): __________ (Name & Address): __________
2_________________________ 2_________________________
(Name & Address):___________ Name & Address):___________”

7.11. ANNEXURE 11: PERFORMANCE BANK GUARANTEE

(ON A NON-JUDICIAL STAMP PAPER OF RS.500.00)
To,
Digital Banking, Head Office,
1501, Lokmangal,
Shivajinagar,
Pune - 411 005
Bank Guarantee No. : ___________

Amount of Guarantee : Rs. _______/-
Guarantee Valid up to :
Last date of lodgment of claim:
This deed of guarantee is executed on this ________Day of _________20__ by {Name of the

Bank issuing guarantee} a body corporate, constituted under the Banking Companies
(Acquisition and Transfer of Undertakings) Act 1970, having its Head office at (H.O. Address)
and one of the Branch offices at (Branch address) (hereinafter referred to as the ‘Guarantor
Bank’, which expression unless it be repugnant to the context or meaning thereof shall include
its successors and assigns) in favour of Bank of Maharashtra, a New Bank constituted by the
Banking Companies (Acquisition and Transfer of Undertaking) Act 1970, and having its Head
Office at Lokmangal, 1501, Shivajinagar, Pune-411005 (hereinafter referred to as
“Beneficiary Bank”, which expression shall unless it be repugnant to the context or meaning
thereof shall include its successors and assigns), for an amount not exceeding Rs. _______/-
(Rs. _________________ only) at the request of M/s _____________________(with
address).
Whereas engagement letter no. __________PO/LOI________ dated _________20__

(hereinafter called the “Contract”) for Rs.________/- (Rs.
_________________________only) placed by the Beneficiary Bank on M/s
____________________, having its Head Office at ________________________and a
branch office at ________________________________hereinafter referred to as
‘Contractor’) stands accepted by the contractor, and in terms of the said contract the
contractor have to ____(Name of the Project)_____ as per the engagement letter referred
hereinabove.
And whereas to ensure due performance to the satisfaction of the beneficiary Bank, of the
services provided under the said contract and in terms thereof by the contractor as aforesaid,
the Guarantor Bank at the request of the contractor has agreed to give guarantee as
hereinafter provided.
NOW THIS GUARANTEE WITNESSETH AS FOLLOWS:-

In consideration of Bank of Maharashtra, the beneficiary bank, having issued engagement
letter No. __________PO/LOI________ dated _________20__ for Rs.________/- (Rs.
_________________________only) on M/s ____________________, having its Head Office
at ________________________for ____(Name of the Project)_____ as per the engagement
letter referred hereinabove, we, <Issuing Bank Name> do hereby undertake as under:
a) To indemnify and keep indemnified the beneficiary bank for the losses and damages that
may be caused to or suffered by the beneficiary bank in the event of non-performance of
whatever nature on the part of the contractor in discharging their contractual obligations
under the said contract by the contractor against the above referred engagement letter and
undertake this guarantee not exceeding Rs. ______/- (Rs. ________________________

only) without demur and without Beneficiary Bank needing to prove or to assign reasons
for the demand so made for the sum specified therein and mere written claim or demand
of the Beneficiary Bank shall be conclusive and binging on the guarantor Bank as to the
amount specified under these presents.
b) The guarantee herein contained shall remain in full force and effect till discharged by the
beneficiary bank or up to _____ months______, which is earlier.
c) This guarantee shall not in any way be affected by the change in the constitution of the
contractor or of guarantor bank nor shall be affected by the change in the constitution,
amalgamation, absorption or reconstruction of the beneficiary bank or otherwise but shall
ensure for and be available to and enforceable by the absorbing amalgamated or
reconstructed Company of the beneficiary bank.
d) To pay to the beneficiary Bank any money so demanded notwithstanding any dispute or
disputes raised by the contractor in any suit or proceeding before any Court or Tribunal
relating thereto our liability under this present being absolute and unequivocal.
e) We, ______________________________________ (indicate the name of Guarantor
Bank with address) lastly undertake not to revoke this guarantee during its currency except
with the previous consent of the Beneficiary Bank in writing, and the guarantee shall remain
in full force and continuing till all dues claimed are paid
Notwithstanding anything contained herein:
a) The Bank’s Liability …………………not exceed Rs.________ ________. (Rupees

_________________).
b) This Bank Guarantee shall be valid up to _____________________.
c) Bank is liable to pay guaranteed amount or part thereof under this Bank Guarantee
only and only if beneficiary serve upon as a written claim or demand on or before
______________ (date of expiry of the Guarantee).
d) The Bank issuing such guarantee will not be liable under such guarantee to the
beneficiary after the expiry of the claim period of one year, regardless of period
of limitation under the Limitation Act, 1963.
IN WITNESS WHEREOF the Bank has put is seal the day and year first hereinabove written.
Signed, sealed and delivered by Mr…………
For and on behalf of the Guarantor Do so and
to affix the seal of the Bank, in the presence of ……….
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.12. ANNEXURE 12: LETTER FOR REFUND OF EMD (If Applicable)
(To be provided on letter head of the Bidder’s Company)
To,
Head Office,
Pune – 411005
Dear Sir,
SUB: LETTER FOR REFUND OF EMD
REF:RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

(DC) and Disaster Recovery Site (DR) dated_______
We ____________ (Company Name) had participated in the Request for Proposal (RFP) RFP-
28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and Maintenance of
Anti DDoS solutions with facility management support for Bank’s Data Center (DC) and Disaster
Recovery Site (DR) and we are an unsuccessful bidder.
Kindly refund the EMD submitted for participation. Details of EMD submitted are as follows
Sr. No Bidder Name DD/BG Number Drawn on Bank Amount (Rs)

Name
Bank details to which the money needs to be credited via NEFT are as follows
1. Name of the Bank with Branch
2. Account Type
3. Account Title
4. Account Number
5. IFSC Code
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.13. ANNEXURE 13 A: RESTRICTIONS UNDER RULE 144 (XI) OF THE GENERAL FINANCIAL
RULES (GFRS), 2017 FOR TENDER PARTICIPATION
In line with the contents of Order No. 6/18/2019-PPD (Public Procurement No.1) dated 23rd July 2020
issued by Ministry of Finance, Department of Expenditure, Public Procurement Division, inviting
attention to OM No. 6/18/2019-PPD dated 23rd July 2020 for the “Restrictions under Rule 144 (xi) of
the General Financial Rules (GFRs), 2017.
I. Any bidder from a country which shares a land border with India will be eligible to bid in this
tender only if the bidder is registered with the competent Authority. (Registration Committee
constituted by the Department for Promotion of Industry and Internal Trade (DPIIT)).
II. “Bidder” (including the term ‘tenderer’, ’consultant’ or ‘service provider’ in certain contexts)
means any person or firm or company, including any member of a consortium or joint venture
(that is an association of several persons, or firms or companies), every artificial juridical person
not falling in any of the descriptions of bidders stated hereinbefore, including any agency branch
or office controlled by such person, participating in a procurement process.
III. “Bidder from a country which shares a land border with India” for the purpose of this Order
means: -
a) An entity incorporated, established or registered in such a country; or

b) A subsidiary of an entity incorporated, established or registered in such a country; or
c) An entity substantially controlled through entities incorporated, established or registered
in such a country; or
d) An entity whose beneficial owner is situated in such a country; or
e) An Indian (or other) agent of such an entity; or
f) A natural person who is a citizen of such a country; or
g) A consortium or joint venture where any member of the consortium or joint venture falls
under any of the above
IV. The beneficial owner for the purpose of (iii) above will be as under:
1. In case of a company or Limited Liability Partnership, the beneficial owner is the natural
person(s), who. Whether acting alone or together, or through one or more juridical person,
has a controlling ownership interest or who exercises control through other means.
Explanation-
a. “Controlling ownership interest” means ownership of or entitlement to more than

twenty-five percent of shares or capital or profits of the company;
b. “Control” shall include the right to appoint majority of the directors or to control the
management or policy decisions including by virtue of their shareholding or
management rights or shareholder’s agreements or voting agreements;
2. In case of a partnership firm, the beneficial owner is the natural person(s) who, whether
acting alone or together, or through one or more juridical person, has ownership of
entitlement to more than fifteen percent of capital or profits of the partnership;

3. In case of an unincorporated association or body of individuals, the beneficial owner is the

natural person(s), who, whether acting alone or together, or through one or more juridical
person, has ownership of or entitlement to more than fifteen percent of the property or
capital or profits of such association or body of individuals;
4. Where no natural person is identified under (1) or (2) or (3) above, the beneficial owner is
the relevant natural person who holds the position of senior managing official;
5. In case of a trust, the identification of beneficial owner(s) shall include identification of the
author of the trust, the trustee, the beneficiaries with fifteen percent or more interest in the
trust and any other natural person exercising ultimate effective control over the trust
through a chain of control or ownership.
V. An Agent is a person employed to do any act for another, or to represent another in dealings
with third person.
VI. The successful bidder shall not be allowed to sub-contract works to any contractor from a
country, which shares a land border with India unless such contractor is registered with the
Competent Authority.
Notwithstanding anything contained in these rules, Department of Expenditure, Govt. of India may, by
order in writing, impose restrictions, including prior registrations and/or screening, on procurement
from bidders from, or bidders having commercial arrangements with an entity from , a country or
countries, a class of countries on ground of defence of India, or matters directly or indirectly related
thereto including national security; no procurement shall be made in violations of such restrictions.

7.14. ANNEXURE 13 B: MODEL CERTIFICATE FORMAT FOR TENDER PARTICIPATION TO BE

SUBMITTED BY BIDDERS
To,

Head Office,
Pune – 411005
Dear Sir,
SUB: Model Certificate for Restrictions under Rule 144 (xi) of the General Financial Rules (GFRs),
2017 for tender participation
I have read the clause regarding restrictions on procurement from a bidder of a country which shares
a land border with India as mentioned in Annexure- 13A of this RFP document.
I certify that We ______________________(name of the firm) are not from such a country or countries
or a class of countries or, if from such a country, has been registered with the Competent Authority. I
hereby certify that we fulfil all requirements in this regard and is eligible to be considered.
[Evidence of valid registration by the Competent Authority is attached}
Yours faithfully,
Authorized Signatory
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.15. ANNEXURE 14: LIST OF DEVIATIONS REQUESTED

(To be submitted with Technical Bid, if applicable)
To,
Deputy General Manager (IT),
Bank of Maharashtra
Head Office,
Lokmangal, Shivajinagar,
Pune – 411005
Sub: RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

[Please provide your comments on the Terms & Conditions in this section. You are requested to
categorize your comments under appropriate headings such as those pertaining to the Detailed Scope
of work, Service levels, Instruction to Bidders, Experience in related projects, etc. You are also
requested to provide a reference of the page number, state the clarification point and the deviation
that you propose as shown below.]
Sr. No. Page Point / Clarification point as stated Deviations Justification

# Section # in the tender document requested
1
2
3
4
5
6
7
8
Notwithstanding the request for deviations submitted as above, we understand that the Bank shall
have the right to accept or reject the requested deviations without any right to represent to the bidders.
The Decision of the Bank in this regard shall be final and binding on the part of bidder.
Yours faithfully,
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.16. ANNEXURE 15: BID FORM
Ref No…………………
Place:
Date:
To,

Head Office,
Pune – 411005
Dear Sir,
Having examined the Request for Proposal (RFP), Ref No. the
receipt of which is hereby duly acknowledged, we, the undersigned, offer for Supply, Installation,
Configuration and Maintenance of Anti-Money Laundering Solution.
Various requirements in conformity with the said RFP for the sum mentioned in the Price Bid or such
other sums as may be ascertained in accordance with the Schedule of Prices attached and made part
of this Bid.
We undertake, if our Bid is accepted, to deliver the product/solution/ provide the services in
accordance with the Delivery Schedule / implementation schedule specified.
We agree to abide by this bid for a period of 180 days from the date of opening of Technical bid and
shall remain binding upon us and may be accepted at any time before the expiration of that period.
We further confirm that, in case we offer system and/or other software manufactured by another
company, such software operates effectively on the system offered by us and we are willing to accept
responsibility for its successful operations.
Until a formal contract is prepared and executed, this bid, together with your written acceptance
thereof and your Notification of Award, shall constitute a binding Contract between us.
We undertake that, in competing for (and, if the award is made to us, in executing) the above contract,
we will strictly observe the laws against fraud and corruption in force in India namely “Prevention of
Corruption Act 1988”.
Commissions or gratuities, if any paid or to be paid by us to agents relating to this Bid, and to contract
execution if we are awarded the contract, are listed below:
1.
2.
3.
4.

Name & address of agent Amount & currency Purpose of commission or gratuity
*(If none, state none)
We understand that you are not bound to accept the lowest or any bid you may receive.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.17. ANNEXURE 16: UNDERTAKING BY BIDDER FOR NON BLACKLISTING
Place:
Date:
To,
Deputy General Manager (IT),

Bank of Maharashtra
Head Office,
Lokmangal, Shivajinagar,
Pune – 411005
Undertaking (To be submitted by all Bidders’ on their letter head)
We (bidder name), hereby undertake that-
• As on date of submission of tender, we are not blacklisted by the Central Government / any
ofthe State Governments / PSUs in India or any Financial Institution in India.
• We also undertake that; we are not involved in any legal case that may affect the solvency /
existence of our firm or in any other way that may affect capability to provide / continue the
services to Bank.
Yours faithfully,
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.18. ANNEXURE 17: TERMS AND CONDITIONS COMPLIANCE TABLE
Term Short Description of term Complied Detailed explanation about

No (Yes/No) deviation, if not complied
1. Support Personnel
2. Technical Inspection &
Performance Evaluation
3. Performance Bank Guarantee
4. Payment Terms
5. Delivery, Installation and
Commissioning
6. Completeness of Installation
7. Order Cancellation
8. Inter-working of Hardware and
Software.
9. Acceptance Tests
10. Software Drivers, Manuals&
Accessories.
11. All hardware equipment Warranty
12. Annual Maintenance Charges
13. Training
14. Spare Parts (if applicable)
15. Liquidated Damages
16. Penalty
17. Failure
18. Indemnity
19. Publicity
20. Guarantees
21. Force Majeure
22. Resolution of Disputes
23. Non-Disclosure Agreement
24. Adoption of Integrity Pact
25. Visit rights
26. solicitation of employees
27. compliance with all applicable laws
28. Supplier BCP
29. Assignment
30. Subcontracting
31. compliance with master directions
on outsourcing of it services
32. cancellation of contract and
compensation
33. exit option & contract re-
negotiation
34. termination
35. effect of termination
36. intellectual property rights
37. corrupt & fraudulent practices
38. conflict of interest
39. service level agreement
40. indemnity

Term Short Description of term Complied Detailed explanation about

No (Yes/No) deviation, if not complied
41. limitation of liability
42. confidentiality
43. severability
44. delays in design, implementation
and performance guarantee
45. privacy and security safeguards
46. minimum wages
47. escrow arrangement
48. service continuity
49. source code audit
50. audit and inspection of record
51. arbitration
52. guarantees
53. solution integration with SIEM
54. Warranty
55. loading of anti-virus solutions
56. order cancellation
57. future additions of hardware /
software
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:
Note: The response to the terms & conditions will be verified based on above table.

7.19. ANNEXURE 18: DETAILS OF ADDITIONAL HARDWARE OR OPERATING SYSTEM

REQUIREMENT (IF ANY)
Please Annex the details here.

7.20. ANNEXURE 19: MANUFACTURER’S AUTHORIZATION FORM (MAF)

No. Dated:
To,
Bank of Maharashtra
Head Office,Lokmangal,
Shivaji Nagar, Pune – 411005
Dear Sir,
Ref: your RFP for______________ dated________
We ____ who are established and reputable manufacturers of (name & descriptions of goods
offered) having factories at (address of factory)do hereby authorize M/s _____ (Name and
address of Agent) to submit a bid,and sign the contract with you for the goods manufactured by us
against the above Request for Proposal(RFP).
We hereby extend our full guarantee and warranty for the Solution, Products and services offered by
the above firm against this Bid Invitation for a period of 7 years from the date of contract. We also
undertake to provide any or all of the following materials, notifications, and information pertaining o t
the Products manufactured or distributed by the Supplier:
a. Such Products as the Bank may opt to purchase from the Supplier, provided, that this option
shall not relieve the Supplier of any warranty obligations under the Contract; and
b. in the event of termination of production of such Products:
i. advance notification to the Bank of the pending termination, in sufficient time to permit
the Bank to procure needed requirements; and
ii. Following such termination, furnishing at no cost to the Bank, the blueprints, design
documents, operations manuals, standards, source codes and specifications of the
Products, if requested.
We duly authorize the said firm to act on our behalf in fulfilling all installations, Technical supportand
maintenance obligations required by the contract.
We confirm that our company (as a single unit, not the group) has had a turnover exceeding Rs 25
crores of last three financial years (i.e. 2020-21, 2021-22 and 2022-23). We also confirm that we made
profit in ___ years out of last three financial years.
We hereby extend our full comprehensive guarantee and warranty as per Terms & Conditions of
Contract for the goods and services offered for supply by the above firm against this RFP. In
case of M/s_______________ is out of service due to any reason, we will make alternative
arrangement for the service and maintenance of our product on same terms and condition.
Yours faithfully
(Name)
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:
7.21. ANNEXURE 20: PROPOSED TEAM PROFILE

[Map the Projects Team Profile here with Proposed Scope]
SN Name Designation Role in Qualifications Total Relevant Previous

of Team the & Experience experience in similar
Member Project Certifications (years) implementation Assignment
of Network details
Solutions in (Preferably
Large in BFSI
Environments sector)
(Years)
Yours faithfully,
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.22. ANNEXURE 21: UNDERTAKING FOR NOT BEING NPA
(Performa of letter to be given by all the vendors participating in the RFP-28/2023-24 for Supply,
Installation, Configuration, Integration, Implementation, and Maintenance of Anti DDoS solutions with
facility management support for Bank’s Data Center (DC) and Disaster Recovery Site (DR) on their
official letter-head)
Date:
To,

Bank of Maharashtra
Head Office,
Lokmangal,
Dear Sir,
Sub: RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

Undertaking (To be submitted by all Bidder’s on their letter head)
We ___________________________________ (bidder name), hereby undertake that-
• We have not have been declared NPA by any Bank]]in India.

• Further, we do not have any pending case with any organization across the globe which affects
our credibility to service the Bank.
Yours faithfully,
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.23. ANNEXURE 22: DETAILS OF SERVICE CENTERS/SUPPORT OFFICES/ Scrubbing centers
Sl. Place Own or Postal Contact Service Number of Time to Address of

Franchise Address numbers Facilities service report to Web
available engineers the Portal/Email
(Describe) location for logging
Calls
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.24. ANNEXURE 23: FORMAT FOR LOCAL CONTENT
CERTIFICATION FOR LOCAL CONTENT
To,

Bank of Maharashtra
Head Office,
Lokmangal,
Dear Sir,
Ref: RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

Bidder Name:
This is to certify that proposed Product______________ is having the local content of ___________
% as defined in the above-mentioned RFP. ‘
This certificate is submitted in reference to the Public Procurement (Preference to Make in India),
Order 2017 – Revision vide Order No. P45021/2/2017-PP (BE-II) dated June04, 2020.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.25. ANNEXURE 24: UNDERTAKING FOR REGULATORY GUIDELINES & IT ACT ADHERENCE.
RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and

We, ____________________ hereby undertake that the proposed product/solution / software to be

supplied will be compliant to all regulatory guidelines of GOI/RBI/NPCI and also adheres to
requirement of IT Act (including amendments in IT ACT), Payment & Settlement Act.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

7.26. ANNEXURE 25: BG FORMAT FOR EMD
(FORMAT OF BANK GUARANTEE (BG) FOR BID SECURITY.)
(ON A NON-JUDICIAL STAMP PAPER OF Rs.500.00)
Guarantee for Payment of Earnest Money/Security Deposit
Bank Guarantee no.:
Date:
Period of Bank Guarantee: Valid up to
Amount of Bank Guarantee: Rs. /-
To,
IT Department,
1501, Lokmangal,
Shivaji nagar, Pune 411005.
THIS DEED OF GUARANTEE made at …….. this ………..day of ………….. between Bank of
……………………… a banking company having its office at ……………… hereinafter referred to as
‘the Bank’ of the One Part and Bank of Maharashtra a New Bank constituted under the Banking
Companies (Acquisition & Transfer of Undertakings) Act, 1970 having its Head Office at ‘Lokmangal’
, 1501 Shivajinagar, Pune 411 005, hereinafter called the Beneficiary, of the other Part.
Whereas the Beneficiary had invited tenders for XXXXXXXXXXX, vide GeM Bid No: XXXXX dated:
XXXXXX.
One of the terms of the tender is that bidder are required to give a Demand Draft drawn in favour of
beneficiary and payable at Pune, (valid for 180 days) for Rs XXXXXXX/- (Rs. XXXXXXX only) as
Earnest Money Deposit (EMD) along with their offer. The Beneficiary may accept Bank Guarantee in
lieu of EMD for an equivalent amount issued by any Public Sector Bank, valid for 6 months from the
date of issue.
M/s <Bidder Name>. hereinafter referred to as the said ‘Contractors’ have given their offer to supply,
installation, commissioning of Supply, Installation, Configuration, Integration, Implementation and
Maintenance of Anti Distributed Denial of Service (DDoS) solution with facility management support
at given locations to the Beneficiary and the said Contractors are required to deposit the said amount
of earnest money (or security deposit) or to furnish Bank guarantee.
At the request of the said M/s.<Bidder Name>. Ltd. the Bank has agreed to furnish guarantee for
payment of the said amount of earnest money (or security deposit) in the manner hereinafter
appearing:
NOW THIS DEED WITNESSETH that pursuant to the said tender and in consideration of the promises
the Bank doth hereby guarantee to and covenant with the Beneficiary that the Bank shall, whenever
called upon by the Beneficiary in writing and without demur and notwithstanding any objection raised
by the said Contractor/s, pay to the Beneficiary the said amount of Rs. XXXXX/- (Rs. XXXXXXX only)
payable by the said Contractor/s under the said Contract.

AND IT IS AGREED and declared by the Bank that the liability of the Bank to pay the said amount
whenever called upon by the Beneficiary shall be irrevocable and absolute and the Bank will not be
entitled to dispute or inquire into whether the Beneficiary has become entitled to forfeit the said amount
as earnest money (or as security deposit) under the terms of the said contract or not and entitled to
claim the same or not or whether the said contractors have committed any breach of the said contract
or not or whether the Beneficiary is entitled to recover any damages from the said contractors for
breach of terms thereof or not.
Any such demand made by the Beneficiary shall be binding and conclusive as regards amount due
and payable by the Contractor to the Beneficiary. And the Bank undertakes to pay unconditionally on
written demand without demur and the claim of beneficiary shall be conclusive and binding as to the
amount specified therein.
AND it is further agreed and declared by the Bank that any waiver of any breach of any term of the
said contract or any act of forbearance on the part of the Beneficiary or any time given by the
Beneficiary to the contractors for carrying out and completing the work under the said contract or any
modifications made in the terms and conditions of the said contract or any other act or omission on
the part of the Beneficiary which could have in law the effect of discharging a surety, will not discharge
the Bank.
AND it is agreed and declared that this guarantee will remain in force until the time fixed in the said
contract for completion of the said work or until the expiration of any extended time for such completion
and shall be valid for a period of six months from the date hereof i.e. the guarantee shall be valid upto
……
AND it is agreed and declared that this Guarantee will be irrevocable and enforceable even if the
contractor’s company goes into liquidation or there is any change in the constitution of the said
Company or management of the said Company and shall ensure to the benefit of its successors and
assigns and shall be binding on the successors and assigns of the Bank.
Notwithstanding anything contained herein:
The liability of the Bank under this Bank Guarantee shall not exceed Rs. XXXXXX/-. (Rupees XXXXXX
only).
This Bank Guarantee shall be valid up to _____________________.
Bank is liable to pay guaranteed amount or part thereof under this Bank Guarantee only and only if
beneficiary serve upon as a written claim or demand on or before ______________ (date of expiry of
the Guarantee).
IN WITNESS WHEREOF the Bank has put is seal the day and year first hereinabove written.
Signed, sealed and delivered by Mr…………
For and on behalf of the Guarantor Do so and
to affix the seal of the Bank, in the presence of ……….

RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation, and Maintenance of Anti DDoS solutions with facility
management support for Bank’s Data Center (DC) and Disaster Recovery Site (DR)
7.27. ANNEXURE A: COMMERCIAL BID FORMAT
Name of the Bidder:
All prices should be mentioned in Indian Rupees The quoted price should be all-inclusive price (i.e., including Technical
Service Charges, if any, any other applicable duties and taxes, Packing, Freight and Forwarding, Transit Insurance, Local
transportation, Hamali Charges, completing the Road permit formalities, if required, Installation charges, Deliverables and
warranty period but excluding GST which will be reimbursed on actual basis against original document of payment. The
total price shall also include Technical/User Manuals, Driver/ Utility Compact Disk, Operating System CDs etc. mentioned
against deliverables) and shall be applicable uniformly to any part of the country in case Bank prefers to place repeat
orders for different locations. No additional charges/ management fee of any kind will be reimbursed. The Bidder is required to
guarantee that exchange rate fluctuations will not affect the Rupee value of the commercial bid, over the validity period of the bid
and the contract period.
The bidder is required to update the commercials in the following format:
Sr. Description make/ Qty. Unit Y1 Y2 Y3 Y4 Y5 Total

No. model/ Rate
version
1. Appliance Cos with warranty period of 3 4
years
2. License Cost
3. One time Implementation Cost
4. Cloud Mitigation Service upto 2Gbps
5. Incremental Bandwidth for Cloud Mitigation NA
(with incremental bandwidth of 8 Gbps per
year) - (On Demand as per Rate Card)
6. AMC Cost of Appliance for 4th & 5th year NA
7. Facility Management Cost (1 No. L-1 & 1 No. NA
L-2 resource) - Optional
8. Training cost (Pre & Post implementation) NA
TCO
#Training Cost – Will be payable on after completion of both Pre implementation and Post Implementation Training

Rate Card for upgradation of traffic throughput period
Table-2
Incremental
Bandwidth (Gbps) Y1 Y2 Y3 Y4 Y5 Total
4
6
8
10
12
14
16
18
20
22
24
26
28
30
32
34
36
38
40

Sr. Table 3- Facility Management (Optional)

No.
Resource Shift No of 1st Year 2nd Year 3rd Year 4th Year 5th Year Total 5
Resources years FM
cost
Rate Total Rate Total Rate Total Rate Total Rate Total
1 L1 Engineer 8x6 1
2 L2 Engineer 8x6 1
Total
* Above count of resources is indicative only. Bank may increase or decrease the resource requirement during any phase of project.
The Bank reserves the right to:
1. Deploy any category of resource/s i.e. L1 & L2.
2. The FM cost shall be invoiced based on actual requirement by bank to be confirmed post implementation of solution and
assessment on counts for deployment of resources. FM Resources shall be deployed only after implementation sign off of
Solution and after confirmation from Bank in writing. The 5-year period for FM Resource cost shall start from the Go Live
date/after successful implementation & project sign off date. Facility Management charges would be paid on quarterly basis in
arrears on submission of invoice by the bidder based on the actual resources deployed.
Terms & Conditions:

1. For each of the above items provided the bidder is required to provide the cost for every line item where the bidder has considered
the cost.
2. Bank reserves the right to implement or drop any of the above listed items without assigning any reason.
3. If the cost for any line item is indicated as zero, then it will be assumed by the Bank that the said item is provided to the Bank without
any cost.
4. The price quoted for the project should be an all-inclusive price including any taxes, expenses and levies but excluding GST.
5. Bank will deduct applicable TDS, if any, as per the law of the land.
6. The quoted fixed cost against each item shall remain unchanged till the completion of the Project(s).
7. In Case of discrepancy between amount in Figures & Amount in words, the Amount written in words shall prevail.
8. All prices to be valid for a period of 5 years from the date of contract execution / signing.
9. Bidder should factor all your expenses like travelling, boarding, lodging etc. apart from amount specified in Commercials, no other
expenses will be paid by the Bank.
10. The cost quoted is in fixed price and no increase in rate will be admissible by the Bank for whatsoever reasons during the contract
period.
11. The cost quoted also includes the cost of deliverables for all the phases of the Project.

12. Bidder is expected to provide detail bill of material along with the commercial proposal for the proposed solution appliances, wherever
required.
We confirm that above commercials quoted and all the Terms and Conditions of the Contract contained in RFP dated ------------------------ for
Supply, Installation, Configuration and Maintenance of proposed Solution are acceptable to us.
Dated this………...day of ________2023.
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

RFP-28/2023-24 for Supply, Installation, Configuration, Integration,
management support for Bank’s Data Center (DC) and Disaster
Recovery Site (DR)
7.28. ANNEXURE B: TECHNICAL EVALUATION CRITERIA
The proposal submitted by the bidders shall, therefore, be evaluated on the following
parameters:
(Technical Capability marks will be based on the marks obtained as per Technical
Specification Annexure in this RFP. Technical Specification Annexure holds total 300 marks
which will be based on the points mentioned and the demonstration/ relevant documents
shared/ data sheet shared/ certificate shared. It will be based on the bidder’s understanding,
approach, technical expertise and experience, satisfying each point.
SN Description Max Scoring Mechanism Credentials /

Score documents
1 Bidder’s 20 Bidder should have supplied, installed and Credentials
Credential maintained the proposed Anti-DDoS solution Shared by the
in Commercial Banks/ Financial Institutions/ Bidder
PSU/ Govt. Organization in India
(5 Marks for Each experience)
2 Technical 25 SI capabilities in terms of product expertise Technical
capability and experience in implementation. The Presentation
technical specification annexure will be used delivered by
for marking score Bidder
3 Project Plan and 25 Project Plan and implementation schedule Project Plan
Implementation and
Schedule Implementation
Schedule
delivered by
Bidder
4 Customer 25 A Committee of people from Bank would
Feedback / Site carry out Reference Site Visits and/or
Visit Telephonic discussions with the existing
customers/clients of the Bidder. The inputs
that have been received from the
customer/client would be considered by Bank
and this might not need any documentary
evidence. This rating would be purely on the
inputs provided by the Bidders’
customers/clients.
The scoring would be relative among the

bidders.
Bank at its discretion may reject the proposal

of the Bidder without giving any reasons
whatsoever, in case the responses received
from the Site Visits are negative.
5 Make in India 5 Bidder offering product in compliance to Supporting
Make In India notification issued by GOI documented
(Compliance need to be submitted as per submitted by
Annexure) Bidder
Total 100 Min Qualifying marks for Technical Evaluation= 70 Marks
Bank may seek clarifications, ask for documentary evidences, may call the bidders for
arranging an actual demo/technical presentation at location decided by the Bank during any
stage of Technical evaluation from any or each of the bidder as a part of technical evaluation.
GeM Bid No. GEM/2023/B/_________ Page 89 of 126
Recovery Site (DR)
All and any cost associated with demonstration (including technical resources, travel cost,
boarding & lodging cost etc.) will be to the account of the bidder and Bank will not bear any
cost.
All clarifications received within stipulated time shall only be considered for evaluation. In case
a clarification is not received within the stipulated time, then the respective technical parameter
would be treated as non-compliant and decision to qualify/disqualify the bidder shall be
accordingly taken by Bank.
Moreover, it is mandatory for bidders to score Minimum 70% or above score in the
Technical evaluation process as above to qualify for further processing. However, Bank
may at its discretion may revise the qualification criteria basis the number of technically
qualified Bids received.
In the event of no bidders qualifying, Bank at its discretion may choose to award the contract
to the highest scoring bidder or waive criteria to select more than one bidder complied with
most of the eligibility and technical criteria as prescribed by Bank.
Also Bank may, at its sole discretion, decide to seek more information from the bidders in
order to normalize the bids. However, bidders will be notified separately, if such normalization
exercise is resorted to.
Scoring for Site Visit
Bank would carry out reference site visits and/or telephonic feedback with the existing
customers of the bidder/OEM. The inputs that have been received from the customer would
be considered by the Bank and this might not need any documentary evidence. This rating
would be purely on the inputs (like satisfaction of the organization of the product, timeliness of
implementation, promptness of support services etc.) provided by the bidder/OEM’s
customers and score would be assigned to bidder.
The Bank at its discretion may reject the proposal of the bidder without giving any reasons
whatsoever, in case the responses received from the site visits are negative.
The bidder would be required to coordinate for such interactions. However, the bidder would
not be allowed to be party to the discussion between the Bank & the bidder/OEM’s clients.

Recovery Site (DR)
7.29. ANNEXURE C: SCOPE OF WORK
Project Introduction
Bank intends to establish on-premise DDOS solution which will monitor the perimeter traffic
(volumetric and non-volumetric) for various public facing applications of the Bank and also the
traffic originated from within Bank, based on various intelligent feeds and manual inputs so
that it detects, analyze and mitigate the cyber threat at real time. The solution shall block/
divert the “bad” traffic to scrubbing center and only legitimate traffic is allowed to enter or leave
the perimeter of the Bank.
The Bank is looking for Vendors for Supply, Installation, Configuration, Integration,
Implementation, Migration and Maintenance of DDoS solution with facility management
support for Bank’s Data Center (DC), Disaster Recovery Site (DR) as mentioned in the RFP
for a period of 5 years as per Banks’ requirement.
All the solutions/devices should be supplied along with all required accessories and necessary
documentation for Bank’s Data Center (DC) and Disaster Recovery Center (DR).
The successful Bidder shall be responsible for making the required configuration changes and
arrangements for the seamless implementation/ migration, maintenance of the applications/
services/ devices.
a. Scope of Work:
1. The bidder shall be responsible to coordinate with the OEM for any issue, which
requires support/resolution from OEM. It will be the responsibility of the bidder to get
any issue escalated to OEM and get it resolved from OEM within reasonable time as
per nature of the problem. In case the resolution could not be provided in the
mentioned timelines, the bidder shall be responsible to provide a secure workaround
that shall not reduce, in any manner, the security gesture of the affected servers,
databases and applications.
2. The bidder shall also communicate with the Bank’s various teams ensuring
organization security for early closure of any type of security incident. The primary
responsibility of timely closure of any issue identified or handling including any
security incident shall lie with the bidder only.
3. Active-Active cluster at DC & Active-Active cluster at DR so that the solution and

infrastructure can fall back on each other. DC - DR replication should be available as
part of the solution so that in case of switch over, the complete solution should
seamlessly work.
4. The Scrubbing Center may be from Tier-1 or above ISP or OEM Scrubbing Center,
which should be located inside India only.
5. The Bidder and OEM should have a 24x7x365 days support contact Center in order
to log the calls. The contact Center numbers should be provided to the Bank along
with the escalation matrix mentioning the contact person’s name, number, Mail ID
and designation in the company.
6. In case of any new version release (any component of product) by the OEM, the
bidder will have to ensure installation of same version by Bidder in Bank environment
Recovery Site (DR)
within 90 days of release. Before installing new update, the bidder will have to test
the release in test environment with all applicable test scenarios and obtain
necessary approval from the Bank before production deployment. The version should
be most recent and stable
7. The solution must be capable to detect and block TCP/IP based attacks (viz. SYN,
Fwd, TCP Connection/Port exhaustion, TCP reset attacks etc.), Application Layer
attacks (viz. HTTP flood, DNS amplification, Slowloris attacks etc.), Protocol attacks
(viz. ICMP flood, UDP flood, SIP flood etc.).
8. Proposed solution should have capability to build all such advisories as per CSITE,
RBI or other regulatory/ government guidelines.
9. The bidders shall conduct site survey at DC & DR locations and share detailed low-
level design, high-level design and Implementation plan to achieve end-to-end
solution implementation and migration at all sites.
10. The equipment is provisioned for implementation at Data Centre (DC) and DR. Bank
may change the locations at a future date during the warranty and AMC period. In
that case, the selected Bidder should take responsibility for dismantling, shifting to
new location, re-installation at the new location and making the network end to end
operational without any additional cost to Bank. However, Bank will reimburse the
transportation charges, if any, at actual on submission of bills.
11. The appliance/ solution should be able to integrate with all the existing
solutions/interfaces available in the Bank including all the public facing IPs, networks.
.
12. The successful bidder should ensure that the equipment proposed in this RFP should
not be declared as End of Life (EOL), End of Support (EOS) and End of Software
Support (EoSS) by the OEM within the 7 years from the date of delivery of equipment.
In the event of the supplied equipment being declared End of support/ End of Life
during the contract period of 5 years, the bidder must replace the equipment with
equivalent or higher configurations equipment without any additional cost to the Bank.
This replacement must be completed 6 months prior to the date of EoL/EoSS of the
equipment’s/software is already supplied.
13. The Bidder has to ensure that the equipment supplied are not declared as end of sale
for at least 12 months from the date of the delivery of equipment. The Bidder agrees
that all parts & spares for the equipment would be made available during the period of
the contract. It will be the obligation of the Bidder to provide a minimum of 1-year notice
before any equipment is to be declared as end of support or sale.
14. The successful bidder should complete the entire project at DC and DR within 12
weeks from the acceptance of the purchase order.
15. The successful bidder should submit the design document, Test plan, Method of
Procedure, Architecture Design, detailed Project plan, User Acceptance Testing (UAT)
and rollback plan along with the documentation.
16. Bank if intends may request POC (Proof of Concept) of the products before issuance
of Purchase Order and the successful bidder shall arrange the same at no additional
cost to Bank.
Recovery Site (DR)
17. The successful bidder shall arrange to engage the professional services of proposed
OEM for planning, designing and implementation, migrating existing infrastructure, and
auditing the implementation during different phases of the project. Implementation and
migration of applications by OEM (professional services) is part of the TCO. Audit shall
be conducted by OEM post project implementation. Yearly audit should also be
conducted by OEM (Professional Service). The yearly audit report shall highlight any
deviation from OEM recommendations and industry best practices and provide
necessary solutions/recommendations for fixing the same. The report shall also
include recommended software version/ industry best practices for the deployed
solution. Bidder will have to comply with the observations within the timelines as per
the Bank’s policy.
18. Post implementation, OEM must certify that the project has been implemented as per
industry best practices and guidelines and no zero-day threats or malware is present
in the installed devices, appliances and overall solution.
19. The bidder should arrange for sign-off by OEM for each of the critical stages of
Migrations of existing rules, Polices, Upgradation, customization and implementation.
20. The Bank may request, a reasonable level of remote guidance and advice in
connection with efforts to install, configure, and deploy Products. The bidder has to
arrange the same accordingly.
21. The Bank carries out various Information Security Audits on regular basis. The bidder
shall provide required inputs/reports/data as and when asked by the Bank for the
purpose. Also as per the SOP of the Bank, the bidder shall arrange and provide
closure/compliance of the audit findings as reported by the Bank in stipulated time.
22. Bidder shall be submitting reports as per the SLA in the format agreed by the Bank.
Bank Officials concerned shall have complete view of the console available on the
solution server. Drill down to the cause shall be automatically through console.
Escalations rules shall be as adjustable as per the requirement of the Bank. The
bidder shall also be able to use online ticket logging system provided by the Bank.
23. Bidder shall ensure that the solution is complied with all the regulatory guidelines of
GOI/ RBI and also adheres to requirements of IT Act 2000 (including amendments in
IT Act 2008 and IT Act Rules, 2011) and amendments thereof from time-to-time.
24. Bidder shall maintain business continuity, as per agreed business continuity plan.
25. The bidder should provide the infrastructure sizing details to keep the capacity
utilization RFP for Supply, Installation, Configuration, Integration, Maintenance and
Monitoring of Solution Proprietary including memory, CPU, storage below 70% during
the period of contract.
26. Bidder shall ensure that during various phases of implementation, the performance,
security, etc. of the existing setup is not compromised. Vendors shall discuss with the
Bank and the Bank’s Network Integrator in order to finalize the configuration of the
equipment as per the requirement of the Bank.

Recovery Site (DR)
27. After successful implementation and project sign off, it is the responsibility of the bidder
to conduct one DR drill under the supervision of OEM.
28. Bidder should provide solution such that it never crosses threshold of 70% of total
capacity throughout the contract period. If the proposed solution is exceeding the limit
of threshold, the bidder shall upgrade/replace the device with higher model at no cost
to the Bank.
29. The validity of licence & warranty of devices/ appliances shall start from the date of
sign-off for the project.
30. Bidder has to ensure seamless integration and management of the new devices
procured by the Bank for its future requirement without any additional cost to the Bank.
31. Bank will ONLY provide space, power, cooling and rack space. All other requirements
needed for the solution (including links for OEM scrubbing center) shall be provided by
the bidder
32. The bidder shall arrange the required passive components including cables for
installation and arrange to remove any unwanted cables or other peripheral devices, if
any, at the bidder’s own cost at the site locations of the Bank, as required.
33. All minor components like cables etc., shall be supplied by the bidder. The bidder shall
integrate all the bidder supplied switches at Bank locations up to LAN/Firewall devices
34. The entire solution should be integrated with Bank’s authentication and security
solutions such as TACACS, SIEM, PIM solution or any monitoring tools deployed in
Bank.
35. As part of the overall technical architecture of the solution, the bidder shall analyse and
present if any associated risks and corresponding substitution/mitigation strategies for
any of the components to be procured individually and overall, under the solution. The
Bank reserves its right to not avail any of the component or pursue any other alternative
if the associated risk is beyond acceptable threshold levels for the Bank.
36. OEM should have their own Threat Research Team that should provide a Threat
Intelligence feed directly to the solution for auto processing.
37. Integration of the links and supply of on-premises DDoS devices/appliances with
provision for version upgrades/ patches.
38. Installation, integration and implementation of the products/devices as per the security
architecture design.
39. The Bidder/OEM has to act as technical-advisor for Bank for DDoS related security
threats by way of evaluation, demonstration, etc. as and when required by Bank. The
Bidder has to submit findings/reports to Bank and give suggestions/recommendations.
40. Necessary resources have to be deployed by Bidder for technical assistance and
submit the detailed documentations etc.
41. The Bidder should identify security risks, assisting Bank to take appropriate, correction
actions.

Recovery Site (DR)
42. The Bidder should design, implement, and keep record & controls and migration to
IPv6 as and as when required by Bank at no additional cost to Bank.
43. If there is any cost incurred to Bank due to wrong specification/ features etc. of the
proposed solutions at DC and DR location, the same will be recovered from the Bidder.
44. The successful Bidder shall co-ordinate with other Vendors appointed by Bank so that
proposed solution shall function without any disruption and up to satisfaction of Bank.
45. The bidder should provide complete escalation matrix of Bidder as well as OEM which
should be updated on periodic basis and submit to Bank.
46. The Bidder must perform OEM audit of the deployed solution after installation and
provide a detailed report of the hardening and best industry practices that has been
adopted. Further, remediation action of the OEM report has to be undertaken by the
Bidder and ensure compliance as per Bank’s policy
b. Design and Architecture
1. The proposed solution shall cover installation of on premise devices at DC and DR

location and its implementation, integration with the Cloud Scrubbing Center from Tier-
1 ISP or OEM Scrubbing Center, which should be located inside India only.
2.
3. The proposed solution should handle volumetric attack through Cloud based scrubbing
Center
4.
5. The proposed system must be capable of and compatible for Disaster Recovery
Implementation. The successful Bidder should describe the provisions for disaster
recovery and show that the proposed solution facilitates disaster recovery.
6.
7. The Bidder needs to submit the technical architecture relating to data/Configuration
replication between primary and secondary site.
8. The Bidder must study the existing network environment of Bank and design the
proposed solution.
9. The OEM should prepare the proposed HLD and LLD along with the Bank and the
Bidder.
10. The proposed design i.e. HLD and LLD should be dully certified by the OEM.
11. The OEM along with the Bidder should prepare designs and implement the solutions
in line with existing regulatory guidelines as modified from time to time.
12. The Bidder should submit a detailed execution with supported design and architecture
(if any) within 4 weeks from acceptance of the purchase order. The actual execution
will start only approved of plan details by Bank official.
13. The plan must include information related to required downtime, deployment schedule
etc. Installation of the devices shall be done as a planned activity on a date & time
approved by Bank as deployment schedule.
14. The installation will include proper mounting, labeling, tagging of all equipment wherein
Bank shall provide network and power connections.

Recovery Site (DR)
15. The bidder shall be responsible to provide within scope of work all facilities like labor,
transportation, tool kits, testing equipment etc. that is necessary for successful
deployment of solution.
16. Transportation to & from, lodging and boarding of manpower shall be in the scope of
the Bidder.
c. Basic Installation of Hardware and Software
The Bidder must be performing below mentioned jobs
1. Mounting physical devices into racks as per requirements.
2. Powering on the physical devices & running Hardware diagnostics
3. Installing the required OS and Applications on Physical Hardware
4. Enabling of features and functionality on the appliances as per details mentioned in the
technical specification etc.
5. Configuring backup Schedule of appliance, Management, Logging and Reporting

appliance
6. Check for Fail over between appliances
7. Quarterly DDoS life cycle review in the form of executive summary report providing
DDoS threat landscape in Bank’s environment.
8. Review of potential threats and reconfiguring the system as per requirements
d. Governance and Reporting
The reporting would involve the tasks listed below. The list is not exhaustive but only indicative.
The reporting requirements can further evolve and the bidder has to absorb any other cost
while quoting for the bids.
1. The bidder should create out-of-the-box reports and customized reports templates
based on the requirements of the Bank.
2. The Bidder must provide TCP dump report when under DDoS attack for forensic
analysis and other investigation purpose.
3. The Bidder must proactively act on SOC, Cert-IN and other regulatory threat intelligence
and alerts and must take preventive measures.
4. The Bidder should assist of preparing reports for Bank, to be submitted to Regulatory
bodies and others as when required from time to time with respect to DDoS.
5. The Bidder should provide comprehensive dashboard for viewing all governance
related KPI’s, progress, action, status etc. for security and compliance related KPI’s.
6. The Bidder should provide near time reporting dashboard i.e. integrated dashboard
where the operations can be viewed and can be drilled down to the further details. This
should be near real time view as per requirement where the dashboard should display
latest information.

Recovery Site (DR)
e. Acceptance by Bank
1. The materials including hardware and software should meet the technical
specifications envisaged in this tender document should meet the technical
specifications envisaged in the RFP document
2. The Bidder must submit a comprehensive Acceptance Test Plan document, containing
various aspects of the Acceptance Test to demonstrate all the features of the proposed
Solution.
3. The Bidder along with Bank representative shall carry Scenario based Acceptance
Test with various use cases after installation of the proposed solution.
4. Appliances will be considered to have been commissioned when all services as

described in this RFP document are able to run smoothly over the network. Mere
installation of appliances with out-of-the box features will not constitute as
commissioning of the proposed solution.
5. The final acceptance will be provided by Bank after verifying all aspects as mentioned
in the document have been delivered to satisfaction.
f. General Responsibilities of Bidder and OEM
The general responsibilities will be applicable throughout the project during the contract
period.
Responsibilities of Bidder
Sr.No Bidder’s Scope and General Responsibility
1 The successful bidder shall provide all required hardware, software, components and
equipment, which may not be specifically stated herein, but are required to meet the intent
of ensuring completeness, maintainability and reliability of the complete system covered
under this scope. List of such items along with Licenses, if any, shall also be provided
along with the bid and during the execution of the project.
2 The successful bidder has to ensure the seamless integration/ migration of installed
systems, subsystems, equipment and applications with the new equipment and systems
being supplied and commissioned in minimum possible downtime as per this RFP.
Integration with SIEM Solution and SOAR Solution has to be done by the successful bidder
3 Bidder shall apply all software updates / version upgrades released by the respective
OEMs during the contract period.
4 Successful bidder shall ensure implementation of the proposed solutions as per Bank
requirements and maintain the complete security infrastructure provided by Bidder as
supplied for the contract period
5 Bidder shall give on-site comprehensive maintenance for the period of 5 (Five) years from
the ‘Go-Live’ date and sign-off as recorded in the commissioning/installation report and
duly signed by Bank's Officials.
6 An all-inclusive comprehensive on-site support of Five (5) years should be given for all
equipment/appliances and all components.
7 Successful bidder should have back-to back Next Business day (24 hrs max.) support
arrangement with the OEM
8 Bidder would be required to provide service at Bank's location
9 Call resolution must be done within Next Business Day (24 hours max.)on-site

Recovery Site (DR)
Sr.No Bidder’s Scope and General Responsibility

10 The maintenance support has to be rendered by the successful bidder at the installation
site only.
11 The bidder shall be responsible for deploying the device wise latest upgrades, updates,
patches and hot fixes as and when released by respective OEMs
12 Regular check for updates and ensure that no hardware or software solution is running
below N / (N-1) version (till 90 days from release of version N) at any time with latest patch,
where N is the latest stable version made available by the OEM on its update channels.
13 Implementing the change management requests related to IT security activities.
14 Prepare and submit report(s) to Bank's as per mutually agreed format and frequency
15 Prepare a regular backup schedule with encryption and get it approved from the
designated Bank's representative for all the devices and system configurations
16 Regular reporting on health and performance of security devices and systems deployed
17 The successful bidder is required to co‐ordinate with the OEMs (call logging,
troubleshooting, RCA etc.) in case of any hardware or software issue. The successful
bidder has to take the sole responsibility to resolve the issue with OEM. Bank will provide
their support wherever required
18 To identify the performance bottlenecks and take suitable rectification steps in consultation
with OEM TAC Support and Banks, suggest and implement measures for improvement
after due approval process
19 The onsite engineer shall liaison with the OEMs for all Return Material Authorization (RMA)
related activities whenever required for timely replacement of faulty appliances and
systems within the due time frame as per relevant SLA
OEM professional services engaged by the bidder are as follows.
It is the responsibility of the Bidder to procure the services of respective OEMs and required
number of OEM resources shall be deputed to Bank’s DC and DR premises on-site for design,
Implementation of the proposed solution.
Sr.no OEM General Responsibilities

1 Supply, installation, configuration, commissioning, acceptance testing, integration and
handing over of the proposed solutions and services to SI & Bank team.
2 It includes customization, configuration, re-configuration, performance tuning,
documentation, warranty and training of Bank's personnel for the security solution which are
supplied as part of this RFP
3 The training needs to be of a professional level and for pre and post deployment of solutions
provided in the RFP, The training has to be minimum 3 days for both DDoS Detection &
Mitigation Solution.
4 The OEM shall study the existing network security infrastructure setup and submit complete
plan with network diagrams and relevant details for implementation and migration of the
complete solution
5 The OEM shall perform Power On Self-Test on, Rack Mounting of DDoS appliance.
6 Configuration of SNMP, NTP, TACACS+, RADIUS and DNS on DDoS, APIs if required
7 Fine-tuning of the appliances/ configuration to minimise/ eliminate false-positive and false
negative cases
8 Monitor the logs to identify false positives and false negatives
9 Install and configure the management infrastructure for the DDoS detection and mitigation
10 Configuration of policies, rules, whitelist/blacklist as per the requirements of the Bank.
11 Creation and customization of reports, alerts and rules as per the requirements of the Bank.
Recovery Site (DR)
Sr.no OEM General Responsibilities

12 Implementation of Role Based Access for management
13 Integration with SIEM and SOAR Solution
14 Project documents (HLD & LLD)
15 Provide an information knowledge-transfer workshop
16 All the support ID’s from respective OEM’s shall be in the name of Bank's with Bank email
ID designated for logging and resolution of the support case and for any technical
requirement/ queries.
17 OEM(s) shall have dedicated online support portal for raising support tickets for any
technical and license related issues. The resolution of tickets as per the SLA
a. Facilities Management - Warranty/AMC/ATS Support service, People deployment &

OEM Services of proposed solutions
The Bidder shall provide the maintenance (Warranty, AMC & ATS) for a period of Five
years beginning from the date of acceptance of the solution by the Bank. The Warranty
period for the products (Hardware) proposed by the bidders as the part of this RFP
requirement shall be for the three years and for first year for Application software, for
which the cost shall be factored in the respective application product cost. The ATS shall
be factored for the subsequent years for the tenure of the contract. The Bidder must factor
the costs in the Bill of Material accordingly. As part of warranty, ATS support the Bidder
has to:
A. Provide on-site comprehensive support for software components provided as part
of this RFP.
B. The validity of licence & warranty of devices/ appliances shall start from the date
of sign-off for the project.
C. Warranty of the solution/product against any defects arising during the period of 5
years from the date of acceptance of the solutions by the Bank.
D. Provide adequate support for the critical components of the solution.
E. Provide on-site support during quarterly DR drills or whenever required by the
Bank. Agree that the Bank will not be liable to pay any additional amounts in
respect of any sort of maintenance covered under the scope of this tender during
the tenure of the contract. Free on-site maintenance services shall be provided by
the Bidder during the period of warranty.
F. FM (Facility Management) resources shall be deployed only after specific request
for deployment by the Bank and billing shall start only after actual deployment
based on sign-off of the project.
G. In case the Bank desires to get the services delivered by their appointed service
provider or System Integrator, then the OEM shall transfer such services to that
preferred service provider or System Integrator at no additional cost to the Bank.
A declaration to that effect from OEM shall be submitted by the bidder as per the
format provided in Annexure 19 - Manufacturer Authorization.
H. In case of any issue with related software supplied by the Bidder, Bidder (who has
supplied the software) shall log a call with OEM. It is the responsibility of the Bidder
to resolve the issue with the assistance of the OEM wherever deemed necessary.
I. Provide all future software upgrades and patches for all components of the solution
and assist the Bank or its System Integrator to install the same, if Bank desires
during period of warranty at no additional cost to Bank
J. The bidder shall depute OEM certified resources as indicated under People
deployment section of this RFP in the premises of Bank of Maharashtra. The
resources to be deployed at the Bank by bidder, which should be of Bidder Payroll,
only after prior approval by Bank authorities.

Recovery Site (DR)
K. The Bidder warrants that the solution supplied under the Contract are new &
unused, of the most recent or current version and incorporate all recent
improvements in design and function unless provided otherwise in the RFP.
b. Facility Management / People Deployment (Optional)
1. The Bidder is required to deploy onsite people resource to provide support to the proposed
solution during the tenure of the contract. Bank would further decide people deployment
based on Bill of Material submitted by bidder. Bank expects that bidders deploy their
resources at the DC/DR/HO and provide the remote support for any issues reported/logged
by Bank’s any other locations. If the bidder’s resources are unable to resolve the issues
remotely then the bidder must send the resource to the respective location to resolve the
issue/event, at no additional cost to the Bank.
L1 Support Engineer
Skills & Responsibilities
Resource Educational Qualifications

Type
L1 ➢ B. Tech or B.E. from a University /Institute recognized by Government of

India or its Regulatory bodies in Information Technology / Computer
Science / Electronics and Communications / Electronics and Tele-
Communications / Electronics / MCA /MSc/MCS with minimum 2 years’
experience on relevant solution in any of the Central Govt./State
Govt./PSU/BFSI/ Reputed Private Firms/MNCs.
➢ Minimum 2 years’ experience in the respective solution with respective

OEM certifications. These resources will be the specialized resources of
the respective product.
Responsibilities – Technical Support Services
The technical support responsibilities are as under:

➢ Day-to-day maintenance and backup.
➢ SLA Maintenance/ Management, monthly Uptime reports, capacity utilization
reports & interface utilization/reporting of all the devices.
➢ Trouble shooting and debugging of Network and Application access issues
➢ Incident management.
➢ Submission of periodical reports on the performance of the equipment’s and its
review.
➢ SLA maintenance/management, daily, weekly and quarterly interface utilization
report, hardware report etc.
L2 Support Engineer
Skills & Responsibilities:
Resource Type Educational Qualifications

L2 ➢ B. Tech or B.E. from a University /Institute recognized by Government of
India or its Regulatory bodies in Information Technology / Computer
Science / Electronics and Communications / Electronics and Tele-
Communications / Electronics / MCA /MSc/MCS with minimum 5 years’
Recovery Site (DR)
Resource Type Educational Qualifications

experience on relevant solution in any of the Central Govt./State
Govt./PSU/BFSI/ Reputed Private Firms/MNCs. Entry level OEM
Certification is respective network sub-domain is compulsory.
➢ Minimum 5 years’ experience in the respective solution with respective

OEM certifications. These resources will be the specialized resources of
the respective product.
Responsibilities – Technical Support Services
The technical support responsibilities but not limited to under and it may change based on
the requirements:
➢ Ensuring that the Anti-DDOS implementation comply with industry standard
and the guidelines as given by regulatory bodies.
➢ Fine-tuning the DDOS mitigation system and configurations based on ongoing
analysis and learning from attack patterns to enhance the network resilience
against future attacks.
➢ Study the inputs from various sources such as NCIIPC, dark web, Bank’s
network team etc to predict the attack and fine tune the solution accordingly.
(coordination skills)
➢ Reconfigure the solution to adapt to network changes.
➢ Trouble shooting and debugging of problems whenever required.
➢ Closure of audit observation and patch deployment.
➢ SLA maintenance/management, daily, weekly and quarterly interface utilization
report, hardware report etc. (reporting skills)
2. The deployment of resources is optional and at Bank’s discretion. Bank reserves the right
to exclude FM resource component from Commercial bill of Material at its own discretion.
3. The attrition of resources shall be governed by the SLA mentioned in this RFP.
4. The bidder should deploy OEM Certified resource.
5. The Bank will assess the technical competency of the resources provided by the bidder
either on its own. However, background verification and police verification of the resources
shall be the responsibility of the bidder. It is advisable to check the CIBIL scoring of
candidates selected for the project.
6. It is mandatory for the bidder to provide the dedicated onsite resources having the minimum
detailed skill sets and experience as per mentioned in RFP The bidder personnel deployed
in the Bank premises shall comply with the Bank’s Information Security Requirements.
7. In case it is found either at the time of deployment or during the tenure of the project, that
the appointed resource lacks the competency in particular aspect as mentioned above, the
Bank may suggest the bidder for enhancement of skillset for that resource or provide a
replacement of the resource within 3 months from being notified by the Bank or The bidder
will have to ensure that the resource obtain related certification/ knowledge within 3 months
from being notified by the Bank. (Linked to SLA).
8. The Bidder shall provide the people deployment plan & profile of the people
9. For Reporting and Timings, the followings should be ensured.
➢ The onsite team would report to Bank personnel / Bank authorized
representative.
➢ The Team should operate from the Bank’s premises in Pune/Hyderabad during
the hours assigned to engineers as per the shifts
➢ In case of exigencies even during off business hours’ / Bank holidays, the
resources may be required to be present onsite
➢ A replacement shall be given in case the resource proceeds for leave.

Recovery Site (DR)
c. Warranty/AMC/ATS Support service

The Bidder shall provide the maintenance (Warranty, AMC & ATS) for a period of Five years
beginning from the date of acceptance of the solution by the Bank. The Warranty period for the
products (Software) proposed by the bidders as the part of this RFP requirement shall be for the
first Three years for & first year for Application software, for which the cost shall be factored in the
respective & application product cost. The AMC/ATS shall be factored for the subsequent years
for the tenure of the contract. The Bidder must factor the costs in the Bill of Material accordingly.
d. Training
Selected bidder shall provide the training to the Bank’s personnel as described below:
a. The training should include the architecture, hardware, software, integration, and
customization, policy installation, troubleshooting, reporting and other aspects of the
solution.
b. This faculty should be solution certified up to advance level and should provide
courseware with adequate lab facility as well. The training should be provided by the
OEM employee (Certified) and should be of minimum 3 days each for Pre-
implementation and Post- implementation, 8 hours a day for each solution under this
RFP. Training should be provided to number of personnel identified by Bank (minimum
8 Persons) on functional, operational and reporting aspects of the entire security
solution. The training may be conducted through offline channel by the Professional
trainer of the OEM. The location of offline training, shall be Pune only. Pre
implementation training must be provided before project implementation and post
implementation training must be provided after successful implementation. At the end of
training participants shall be given certificate of successful completion by the OEM to
each candidate.

Recovery Site (DR)
7.30. ANNEXURE D: ELIGIBILITY EVALUATION COMPLIANCE
The Bank will examine the Eligibility Criteria compliance for the bidder as per the below tabulated
criteria in this RFP. The Bidder(s) who satisfy the eligibility criteria conditions shall be considered
for the next phase of evaluation viz. Technical Evaluation.
The Bidder is required to meet all the following eligibility criteria applicable to them and provide
adequate documentary evidence for each of the criteria stipulated below in the absence of such
documentary evidences Bid will be rejected without any further correspondence
Sr. Supporting Documents Required

No Eligibility Criteria
Bidder Eligibility Criteria

1 Bidder should be a Government Organization/ Certificate of Incorporation / Certificate
PSU/ or a Limited Company / Private Limited of commencement of business. /
Company under Company Act 1956 /2013 or Registration Certificate for Partnership
a partnership firm / a Limited Liability firm is required
partnership company under the Limited
Liability Partnership Act 2008 in India for last
5 years from the date of RFP. (Certificate of
incorporation/Registration is to be submitted).
2 Bidder should have minimum average annual Audited Financial statements for the
turnover of at least INR 25 crores each in the financial years 2020-21, 2021-22 and
last three financial years (i.e. 2020-21, 2021- 2022-23.
22 and 2022-23). This must be individual In case the audited financials for the
company and not of any group of companies. year 2023 is not available, CA
Certificate should be submitted.
Wholly owned subsidiary would be eligible in (Copies of the audited balance sheet
case the parent company complies with the and Profit/Loss statement of the firm is
prescription subject to the condition that the to be submitted.)
creation of wholly owned subsidiary should be
part of Strategic Management Decision for
realignment of Group Business by parent
company. A declaration shall be submitted in
this regard by the parent company on stamp
paper.
3 Bidder should have positive net worth in any Audited Financial statements for the
two of the preceding three financial years that financial years 2020-21, 2021-22 and
is 2020-21, 2021-22 & 2022-23 as per audited 2022-23.
financial statements. In case the audited financials for the
year 2023 is not available, CA
Wholly owned subsidiary would be eligible in Certificate should be submitted.
case the parent company complies with the (Copies of the audited balance sheet
prescription subject to the condition that the and Profit/Loss statement of the firm is
creation of wholly owned subsidiary should be to be submitted.)
part of Strategic Management Decision for
realignment of Group Business by parent
company. A declaration shall be submitted in
this regard by the parent company on stamp
paper.
4 Bidder should not have been black-listed by Self-declaration on bidder’s Company
any Public Sector Bank, RBI/ NHB, IBA or any letterhead signed by authorized
regulatory authority as on date of RFP signatory of the bidder to be submitted.
submission
Recovery Site (DR)

5 Bidder should have positive operating Profit Audited Financial statements for the
(as EBITDA i.e. Earnings before Interest, Tax, financial years 2020-21, 2021-22, and
Depreciation& Amortization) in each of the last 2022-23.
three Financial Years last three financial years In case the audited financials for the
of 2020-21, 2021-22, and 2022-23. year 2022-23 is not available, CA
Certificate should be submitted.
(Copies of the audited balance sheet
and Profit/Loss statement of the firm is
to be submitted.)
6 Self-declaration certified by Statutory Auditor Self-Declaration duly certified by
stating that the Bidder is not having any legal Statutory Auditor/CFO.
proceedings pending or threatened against
Bidder or any sub Bidder/third party or its team
which adversely affect/may affect performance
under the Contract; and (b) no inquiries or
investigations have been threatened,
commenced or pending against the Bidder or
any sub-Bidder / third party or its team
members by any statutory or regulatory or
investigative agencies. Bidder to submit
declaration in this regard duly certified by
Statutory Auditor.
7 The Bidder/Bidder's parent company should Self-Declaration letter signed by
not have been declared Non-Performing Asset Authorized Signatory to be submitted.
(NPA) and defaulter in repayment of
instalments by any BFSI organization as on
date of submission of the tender, otherwise the
bid will not be considered.
8 Adoption Integrity Pact Submitted Integrity Pact on Rs. 500
Stamp Paper or the applicable Stamp
in the State
9 The bidder/ OEM should have a valid ISO Copy of relevant ISO Certification to
9001/ ISO 27001 certificate for the solution be attached
proposed.
10 The Bidder should have existing Support List of the offices and a self-
centre in India. The Bidder should be able to certification in this regard
provide support and maintenance for the
offered solution. Documentary proof (Office
registration details etc.) to be submitted along
with the bid.
11 The solution proposed by the OEM / bidder Successful completion certificate from
should be implemented in at least 5 the Customer, which should mention
PSU/Private/Scheduled Commercial Banks in that the solution is running
India in last 6 years. Solution implemented satisfactorily and is active as on date
should be live and running successfully as on of RFP.
date of RFP
Or Copy of Purchase Order/ SLA along
with latest Invoice along with
satisfactory performance report from
customer indicating the solution is live
as on date of RFP

Recovery Site (DR)

12 The Bidder should be OEM/OSD or their Manufacturer Authorization Form

authorized partners or Service Provider (SP) (MAF) on OEM’s letter head
or System Integrator (SI) in India with an
authority to do customization/up-gradation
during the period of contract with the Bank.
Bidder needs to provide Manufacturer
Authorization Form (MAF) from OEM stating
that bidder is authorized partner of OEM and
authorized to participate in this tender and in
case the bidder is not able to perform
obligations as per contract during the contract
period, OEM will provide contracted services
within the stipulated time. Both OEM/OSD &
their authorized partner should not submit the
bid simultaneously. In case, both OEM & his
authorized partner participate, the bids will be
evaluated as per the terms of GeM / Govt.
guidelines on procurement
13 If the bidder is an authorized partner/System Certificate of Incorporation /
Integrator of the solution, its OEM should have Supporting document from OEM.
been in existence for a minimum period of 4
years in India as on 31.03.2023
14 The bidder should not have defaulted in Undertaking in this regard on bidder’s
delivery and installation against previous letterhead to be submitted
Purchase Orders issued by Bank of
Maharashtra.
15 The bidder should provide undertaking that any Letter of confirmation (self-certified
of its subsidiary or associate or holding letter signed by authorized official of
company or companies having common the bidder) should be submitted.
director/s or companies in the same group of
promoters/management or partnership
firms/LLPs having common partners has not
participated in the bid process.
All eligibility requirements mentioned above should be complied by the bidders as applicable and
relevant support documents should be submitted for the fulfilment of eligibility criteria failing which
the Bids may be summarily rejected. Non-compliance of any of the criteria can entail rejection of
the offer. Photocopies of relevant documents / certificates should be submitted as proof in support
of the claims made for each of the above-mentioned criteria and as and when the Bank decides,
originals / certified copies should be shown for verification purpose. The Bank reserves the right
to verify / evaluate the claims made by the Bidder independently.
Note:
1) Documentary evidence must be submitted for each criterion.
2) Either the bidder/SI on behalf of the OEM or OEM itself can bid but both should not bid
simultaneously. In case of submission of simultaneous bids by OEM and authorized dealer,
the bid evaluation shall be done as per GeM / procurement guidelines.
3) Bidder/SI can submit the bid with only one OEM solution/product for application. OEM can
authorize different bidders/SI to quote for the same product.
4) Bidder/SI must comply with all the above mentioned criteria. Non-compliance of any of the

Recovery Site (DR)
criteria will entail rejection of the Bid. Copies of the relevant documents / certificates should
be submitted as proof in support of the claims made.
5) Any assumptions made by the bidder's/SI in response to this RFP will be at their own risk
and cost. The Bank will not be liable for any such assumptions / representations made by
the bidder. The Bank's assumptions and decision will be final.

Recovery Site (DR)
7.31. ANNEXURE E: PAYMENT TERMS
The Bidder must accept the payment terms proposed by the Bank. The financial offer
submitted by the Bidder must be in conformity with the payment terms proposed by the Bank.
Any deviation from the proposed payment terms would not be accepted. The Bank shall have
the right to withhold any payment due to the Bidder, in case of delays or defaults on the part
of the Bidder. Such withholding of payment shall not amount to a default on the part of the
Bank.
The scope of work is divided in different areas and the payment would be linked to delivery
and acceptance of each area as explained below:
1. General
All the Payments shall be made in Indian Rupees, as under:
a) Bank will make payment on a quarterly basis after deducting penalty if any as per this
RFP within 30 days of submission of the undisputed invoices (with all required
supporting documents) or receipt of written clarifications on the invoice sought by the
Bank whichever is later, after duly complying all the guidelines of this RFP and
subsequent agreement.
b) The Bank will only pay for services availed by the Bank. The Bank will not pay or is not
bound to pay for services not procured/ availed by the Bank.
c) Bidder shall not be entitled to charge any additional costs on account of any items or
services or by way of any out of pocket expenses, including travel, boarding and lodging
etc.
d) Please note Payment shall be released only after execution of Service Level Agreement
(SLA) and submission of PBG.
2. Payment Milestone
Milestone Payment
Hardware Cost 50 % on delivery of Hardware
30 % after project implementation and project sign off by the Bank.
20% after conduction of successful DR drill
Software Licenses 70% of License fees to be released only after implementation of software
licenses, UAT & Training
30% of license fees post Implementation and go live of all deliverables as
per scope & successful DR drill post complete migration.
The Subscription License fees will be paid in advance every year from one-
year post date of project sign-off.
Hardware AMC Quarterly in arrears
Installation & 50% on successful installation & acceptance by the Bank

Implementation Cost 30% on UAT Sign off
20% on Go live , Project Sign off & successful DR drill
FM resource Cost Quarterly in arrears upon submission of invoice and after calculating the
applicable penalties (subjected to actual deployment of FM resources with
prior permission of the Bank and sign-off for the solutions)
Training Cost Training Cost (including Pre implementation training) is payable only after
completion of Post implementation training.
3. Subscription Costs:
Recovery Site (DR)
Subscription cost of Solution Licenses will be paid on submission of proof of subscription of

licenses in the name of the Bank. Subscription cost of each year till end of contract shall be
paid on yearly basis in advance after raising of invoices by the bidder.
4. FM Costs:
Facility Management charges would be paid on quarterly basis in arrears on submission of

invoice by the bidder based on the actual resources deployed. FM Resources shall be
deployed with mutual consent of Bidder & the Bank.
Bidder’s failure to deliver all required components of a fully functional system (pertaining to
the scope of the project) within the stipulated time schedule or by the date extended by the
Bank, shall be a breach of contract unless such failure is due to reasons entirely attributable
to the Bank, in such case, the Bank would be entitled to charge a penalty.
Considering the enormity of the assignment, any service which forms a part of the Project
Scope that is not explicitly mentioned in scope of work as excluded would form part of this
RFP, and the Bidder is expected to provide the same at no additional cost to the Bank. The
Bidder needs to consider and envisage all services that would be required in the Scope and
ensure the same is delivered to the Bank. The Bank will not accept any plea of the Bidder at
a later date for omission of services on the pretext that the same was not explicitly mentioned
in the RFP.
All the payments to the Successful Bidder shall be subject to the performance/ delivery of the
Services to the satisfaction of Bank for this purpose. Penalties / liquidated damages, if any,
shall be deducted from the invoice value/ Contract value.
The Successful Bidder shall be solely liable for the payment of all the past, present and future
central, state and local levies, direct/indirect taxes, fines and penalties (including without
limitation GST if any) by whatever name called, as may become due and payable in relation
to the Services.
Notwithstanding anything contained in this RFP/ the Contract or in any other document(s)
1. Under no circumstances Bank shall be liable to the Successful Bidder and/or its
employees/personnel/representatives/agent etc. for direct, indirect, incidental,
consequential, special or exemplary damages arising from termination of the Contract;
2. Bank shall not have any liability whatsoever in case of any third party claims, demands,
suit, actions or other proceedings against the Successful Bidder or any other person
engaged by the Successful Bidder in the course of performance of the Service.
3. Bank reserves the rights to dispute/deduct payment/withhold payments/further payment

due to the Successful Bidder under the Contract, if the Successful.
Bidder has not performed or rendered the Services in accordance with the provisions of
the Contract, which the Bank at its sole discretion adjudge.
4. Successful Bidder shall permit Bank to hold or deduct the amount from invoices, for non-
performance or part performance or failure to discharge obligations under the Contract.
5. It is clarified that the any payments of the charges made to and received by authorized
Successful Bidder personnel shall be considered as a full discharge of Bank’s
obligations for payment under the Agreement.

Recovery Site (DR)
The invoices should contain full details of all the items contracted by the Bank, as reflected
in Bill of Material and should not contain any clauses contrary to the terms of the contract and
if any such clause exists in the Invoice/any other documents, the same will not be valid and
cannot be held against the Bank.
The Bank shall deduct appropriate Tax as applicable at source from the payment against the
services and corresponding TDS certificate will be issued at the end of the respective quarter.
Bidders PAN number, GST no. and Sales Tax no. to be furnished. Photo copies of PAN card,
GST certificate has to be submitted as required by the Account department for verification.
The Bank will pay of undisputed invoices. Any objection / dispute to the amounts invoiced in
the bill shall be raised by the Bank within reasonable time from the date of receipt of the
invoice. Upon settlement of disputes with respect to any disputed invoice(s), the Bank will
make payment within reasonable time of the settlement of such disputes. All out of pocket
expenses, travelling, boarding and lodging expenses for the entire Term of this RFP and
subsequent agreement is included in the amounts and the bidder shall not be entitled to
charge any additional costs on account of any items or services or by way of any out of pocket
expenses, including travel, boarding and lodging etc.
Bidder’s failure to deliver all required components of a fully functional system (pertaining to
the scope of the project) within the stipulated time schedule or by the date extended by the
Bank, shall be a breach of contract unless such failure is due to reasons entirely attributable
to the Bank, in such case, the Bank would be entitled to charge a penalty, as specified in
Annexure G of SERVICE LEVEL AVAILABILITY AND MONITORING

Recovery Site (DR)
7.32. ANNEXURE F: PROJECT TIMELINES
The Bidder is expected to adhere to the timelines stipulated below. Non-compliance to these
timelines by the Bidder would lead to Liquidated Damages as stated in this RFP.
The maximum total timeline for Delivery, Supply, Installation, Configuration, Anti DDoS
solution for Bank’s Data Center (DC) and Disaster Recovery Site (DR) shall be 12 weeks
from the date of the acceptance of Purchase Order issued by the Bank.
Note:
► Bank, at its discretion, shall have the right to alter the delivery/implementation
schedule based on the implementation plan. This will be communicated formally to
the Bidder during the implementation, if a need arises.
► The Bidder is required to provide a detailed implementation plan/strategy to Bank;
the activities mentioned above are indicative but the timelines for project
implementation should be strictly maintained. if the Bidder has a faster and more
effective implementation of the solution, the same may be discussed and agreed by
Bank.
Sr.No Description Delivery Timeline

1 Project Kickoff , HLD and LLD finalization 4 Weeks from the date of the acceptance of PO
2 Hardware delivery to all locations 8 weeks from the date of the acceptance of PO
3 Implementation at DR 9 weeks from the date of the acceptance of PO
4 Implementation at DC 10 weeks from the date of the acceptance of PO
5 Project Sign-off & SOP’s Documentation 12 weeks from the date of the acceptance of PO
Date:
Place:
Name of Signatory:
Designation:
Seal of Company:

Recovery Site (DR)
7.33. ANNEXURE G: SERVICE LEVEL REQUIREMENTS
Liquidated Damages for Delay in implementation of solution:
Penalty for delay in the Service(s) rendered for each week of delay beyond the scheduled
timeline or part thereof will be a sum equivalent to 1% of the cost of the deliverables for the
respective implementation phase for delay of one week or part thereof (more than 3 days shall
be considered as a week), subject to maximum of 10 % (Ten percent) of the total PO value.
In case of undue delay beyond a period of 15 days after attaining the maximum penalty of
10% of total project cost/TCO during implementation, Bank may consider termination of the
contract or purchase order.
If the selected bidder fails to complete the due performance as per this RFP, Bank reserves
the right to terminate the contract and recover Liquidated Damages of 10% of contract value.
Any deliverable has not been implemented or not operational on account of which the
implementation is delayed, will be deemed/treated as non-delivery thereby excluding the Bank
from all payment obligations under the terms of this contract.
The overall LD during implementation will be to a maximum of 10% of the total cost of the
project.
1. Service Criteria
The SLA specifies the expected levels of service to be provided by the Bidder to Bank. This
expected level is also called the baseline. Any degradation in the performance of the solution
and services is subject to levying penalties. Payments to the Bidder are linked to the
compliance with the SLA metrics. During the contract period, it is envisaged that there could
be changes to the SLAs, in terms of addition, alteration or deletion of certain parameters,
based on mutual consent of both the parties i.e. Bank and Bidder.
The Bidder shall monitor and maintain the stated service levels to provide quality service.
The bidder also agrees to be liable to pay any penalties/ fines/ levies imposed by RBI or other
statutory bodies for non-compliance/ non-observance of any applicable laws, rules and
regulations in this regards.
Bidder to use automated tools like device generated reports to provide the SLA Reports.
Bidder to provide access to Bank or its designated personnel to the tools used for SLA
monitoring.
2. Uptime:
a) The bidder shall guarantee a 24x7x365 availability with quarterly uptime of 99.99%
for the solution (including availability of services from scrubbing center) as specified
in Scope of Work, during the period of the Contract and also during AMC/ FM, if
contracted, which shall be calculated on quarterly basis.
b) The "Uptime" is, for calculation purposes, equals to the Total contracted minutes in a
month less Downtime. The "Downtime" is the time between the Time of Failure and
Time of Restoration within the contracted minutes. "Failure" is the condition that
renders the Bank unable to perform any of the defined functions on the Solution.
"Restoration" is the condition when the selected bidder demonstrates that the solution
is in working order and the Bank acknowledges the same. The bidder’s solution
should be able to identify failure of any part of the solution and ahouls provide
required alert. The Bidder should also log call as per instructions received from the
Bank either over email or orally.
c) If the Bidder is not able to attend the troubleshooting calls on solution working due to
closure of the office/non-availability of access to the solution, the response,
Recovery Site (DR)
time/uptime will be taken from the opening of the office for the purpose of uptime
calculation. The Bidder shall provide the quarterly uptime reports.
d) The Downtime calculated shall not include any failure due to Bank, third party and
Force Majeure.
e) The Bidder shall rectify any defects, faults and failures in the equipment and shall
repair/replace worn out or defective parts of the equipment within 24 hours of being
informed. For this purpose, the Bidder shall keep sufficient stock of spares locally.
f) The Bidder shall ensure that any faults and failures due to software intimated by Bank
as above are set right within 24 hours of being informed of the same.
g) The Bank shall maintain a register at its site in which, the Bank’s operator / supervisor
shall record each event of failure and / or malfunction of the equipment. The Bidder’s
engineer shall enter the details of the action taken in such register. Additionally, every
time a preventive or corrective maintenance is carried out, the Bidder’s engineer shall
make, effect in duplicate, a field call report which shall be signed by him and thereafter
countersigned by the Bank’s official. The original of the field call report shall be
handed over to the Bank’s official.
h) The percentage uptime is calculated on monthly basis as follows:
Total contracted - Downtime minutes within

( minutes in a Quarter contracted minutes
Total contracted minutes in a Quarter
) x 100 = Total Uptime %
Contracted minutes of a Quarter = No. of days in that Qtr X 24 X 60.

i) The number of downtime/ part downtime incidences in a quarter shall not be more
than one (1). Else such a solution shall be considered as underperforming and the
bidder/ OEM shall be required to work upon to resolve the issue so that such
incidence does not occur. If there is any incidence of downtime/ part downtime of
solution in subsequent quarter, the bidder shall replace the faulty part and provide
same/ improved part for smooth functioning at no extra cost to the Bank.
3. Penalty Due to Downtime:
The Bank expects Uptime requirement as 99.99% on quarterly basis. In case the uptime is not
maintained as stipulated, Bank shall charge the penalties as under:
Uptime % in a quarter Penalty

Up to 99.99% and above No Penalty
Between 99.99% to 99.98% 1% cost of the (Product Cost + AMC Cost+ ATS Cost if any)/ 20
Device Misbehavior causing 5% cost of the (Product Cost + AMC Cost+ ATS Cost if any)/ 20
delay or affecting
CBS/Critical services for
more than 15 mins to 60
mins.

Recovery Site (DR)
Uptime % in a quarter Penalty

Device Misbehavior causing 10% cost of the (Product Cost + AMC Cost+ ATS Cost if any)/ 20
delay or affecting
CBS/Critical services for
more than 60 mins.
CPU / Memory utilization 5% cost of the (Product Cost + AMC Cost+ ATS Cost if any)/ 20
crosses 70% due to
misconfiguration of any
equipment for more than 15
mins to 60 mins.
CPU / Memory utilization 10% cost of the (Product Cost + AMC Cost+ ATS Cost if any)/ 20
crosses 70% due to
misconfiguration of any
equipment for more than 60
mins.
The Penalty will continue to be levied in this progression until cap is reached.
4. RMA (Return Merchandise Authorization):
Central Site (DC and DR) Equipment’s/Devices: Replacement for faulty equipment’s has to
be done by bidder and follow up with OEM has to be done by bidder only. RMA of Faulty
equipment’s should be received within 24 hours from the time of call lodge in case, if the
successful bidder fails to provide the replacement of the faulty device as mentioned in the
above paragraph, the penalty of Rs 10,000/- would be levied on the Successful bidder for
every 4 hours or part thereof for delay in providing replacement. However maximum cap of
penalty will be 10% of Cost of the device.
In case of the equipment declared EoL or EoSS or EoS, the equipment needs to be replaced
6 months before date of EoL/ EoSS/ Eos. If it is not replaced within time, a penalty of
Rs.10000/- will be levied on the successful bidder each day, till the equipment is replaced.
However maximum cap of penalty will be 10% of TCO.
5. Shifting/ re-location of Network equipment
Central Site (DC and DR) Equipment’s/Devices: Support from bidder for un-mounting and
mounting of network equipment’s and other components from the rack in the event of
reallocation/shifting of racks based on Bank requirements. Failure to do same, penalty of 0.5%
cost of that particular hardware per day will be levied.
6. Performance Measurement
S.N Service Area Expected Service Level Deliverables/Penalty
1 Report and Periodic reports to be provided to Bank Daily Reports: Critical reports
Dashboard should be submitted as and
when required. Timings will be
mutually decided.
Weekly Reports: To be decided
mutually
Monthly Reports: Before 5th of
each month

Recovery Site (DR)
S.N Service Area Expected Service Level Deliverables/Penalty
2 Continual The Bidder is expected to improve the Quarterly reports need to be

Improvement operations on an on-going basis. The provided within 5 days of the end
Bidder is expected to provide a quarterly of the quarter
report of the new improvements
suggested, action plans, and the status
of these Improvements to the Bank.
Improvement areas could include:
process changes/ training resulting in
efficiency/SLA improvement, new
correlation rules to identify threat
patterns etc.
3 Periodic The project sponsor or locational Monthly meeting for next five
Review delegate from the Bidder is expected to years to be conducted within 7
conduct a monthly review meeting with days’ post submission of report
Bank officials resulting in a report for each month during the
covering details about current SLAs, operations phase.
status of operations, key issues and new
challenges etc.
4 Solution Bidder to inform Bank team and ensure Bidder to submit firmware
management that entire stack of – firmware, software, version report (deployed and
– Version / middleware, etc. are updated with latest current version) every month.
Release/Upg firmware, patches, upgrades, release, Along with this Bidder shall also
rades / version, etc. as per the Bank policy. submit Plan of Action (PoA) for
patches version upgrade, if any
5 Audit of Network infrastructure may be subjected Penalty of 1% of Monthly
Network to audit from Bank and/or third party. recurring charges for each week
Infrastructure VA/PT exercises conducted by Bank’s of delay in implementation of
internal teams will also be considered resolution for critical and
under this point Audit and VA/PT important observations.
observations to be closed as per Bank’s Total penalty will be restricted to
policy 3% of monthly recurring charges.
6 Manpower Bidder to provide experienced and After deducting pro-rata charge
services certified manpower at Bank premises as for absence of resource,
per RFP. Any gap will attract penalty, additional penalty of 2500/- Per
absent resource per day will be
The bidder is expected to provide deducted. In case bidder
reports dashboards on ad-hoc basis as provides alternate adequately
and when required by Bank. qualified resource for absent
resource, no penalty shall be
deducted. The penalty will be
restricted up to 10% of monthly
FM Charges
7 Governance Bidder must provide a written/email- Bidder failing to respond back
Risk and based response to the requested with details of dashboard/report
Compliance dashboard/report mentioning the time of availability shall be levied penalty
delivery of report/dashboard Service of 3% of the monthly recurring
uptime SLA shall apply after the time of charges.
delivery as declared by the bidder.
7. Problem Management and Escalation Procedures
An escalation matrix would be applicable for the issues reported. Bidder has to propose an
escalation matrix as a part of the Technical Proposal.
Recovery Site (DR)
8. Penalties
These are critical performance parameters that shall be tracked on a regular basis to
evaluate the solution performance. Performance measurements report (system
generated) on a monthly basis or at a frequency as desired by Bank shall be provided by the
successful bidder. Bidder will assist Bank or Bank appointed third party agency for
performing Availability & Performance measurements and / or checking the correctness of
the said report. Penalty would be levied if the cumulative additional time / over utilization / delay
etc. under each specified measurement category, in a particular month crosses the minimum
service level.
Penalties if any, as defined by SLAs, shall be adjusted in the payment of a quarter.
Balance penalties, if any, shall be levied in the payment for the subsequent quarter.
a. The Bank expects the Bidder to complete the scope of the project as mentioned in
Annexure C - scope of work of this document within the timeframe specified in
Annexure F Project Timelines of this document. Inability of the Bidder to either provide
the requirements as per the scope or to meet the timelines as specified would be treated
as breach of contract and would invoke the penalty clause.
b. For example, if the Bidder is not able to supply a Proposed solution equipment or the
supplied equipment requires some more parts for its functioning or there is a delay in
installation of any equipment then the penalty levied will be 1% of the cost of “That
Proposed solution component” per week of delay. For example, there is delay of two
weeks in delivery / installation of an equipment; then the penalty will be charged 2% of
the cost of that equipment.
c. The proposed rate of penalty would be 1% of the of value of affected service or product
per week of non-compliance to, the service levels for every percentage below the
expected levels of service, for that particular service (service also means the expected
outcome from the solution as per technical specification/ demanded by the Bank).
Overall cap for penalties will be 10% of the contract value. Thereafter, the contract may
be cancelled and amount paid if any, will be recovered with 1.25% interest per month.
The Bank also has the right to invoke the performance guarantee. Refer to Annexure –
A Commercial Bid for cost of the product and services; also refer to Annexure – F for
project timelines.
d. Inability of the Bidder to provide services at the service levels defined would result in
breach of contract and would invoke the penalty clause. Refer to Annexure – G Service
Level Requirements
e. Notwithstanding anything contained above, no such penalty will be chargeable on the
Bidder for the inability occasioned, if such inability is due to reasons entirely attributable
to the Bank.
f. Notwithstanding what is mentioned hereinabove or anywhere else in the tender, the
maximum amount that may be levied by way of penalty shall on no account exceed 10
% of the Total Contract value and the contract value will be determined at the time of
contract finalization.
9. Penalties for delayed implementation
a. The successful bidder must strictly adhere to the delivery dates or lead times
identified in its proposal. Failure to meet these delivery dates, unless it is due to reasons
entirely attributable to Bank, may constitute a material breach of the bidder’s
performance. As a deterrent for delays during implementation, Bank may levy penalties
for implementation delays attributable to the successful bidder.
b. A cap of 10% of effected Product / Service line item value would be applicable as
penalties for delays in meeting milestones

Recovery Site (DR)
c. Service Level shall be measured after a stabilization period/Go Live Date of 1 2 weeks
from effective date of contractual obligation and continuously improved during the
interim period till implementation of the services is over. The penalties shall be
applicable on these service levels post 60 days of the completion of the implementation
period for first pilot location.
d. Service Levels shall be reviewed at least once every month during the period of
contract and may be added/ deleted/ changed by Bank as a result of such review or any
new business/ IT Services requirements
For a delay of more than 12 weeks in implementation, Bank will have the option of looking
at more severe options like invoking the EMD/ PBG or cancelling the awarded contract.
10. Cap on Penalties
Overall cap for penalties including liquidated damages will be 10% of effected Product /
Service line item value. Thereafter, the contract may be cancelled and amount paid, if any,
will be recovered. Penalties on delay will be applicable when the delay is not attributable to
Bank.
11. Interpretation & General Instructions
a. Typical Resolution time will be applicable if systems are not available to the users.
b. The SLA parameters shall be monitored on a quarterly basis as per the individual SLA
parameter requirements. The Bidder is expected to provide the service levels as
mentioned in Annexure -In case the service levels defined in the tables cannot be
achieved, it shall result in a breach of contract and invoke the penalty clause.
c. A Service Level violation will occur if the Bidder fails to meet Minimum Service Levels
on a quarterly basis for a particular Service Level.
d. Overall Availability and Performance Measurements will be on a quarterly basis for the
purpose of Service Level reporting. Month wise “Availability and Performance Report”
will be provided by the Bidder in the Bank’s suggested format and a review shall be
conducted based on this report. Availability and Performance Report provided to Bank
shall contain the summary of all incidents reported and associated performance
measurement for that period.
e. The primary intent of Penalties is to ensure that the system performs in accordance with
the defined service levels. Penalties are not meant to be punitive or, conversely, a
vehicle for cutting fee
Note: The successful bidder shall not be penalized for those service level breaches that occur
due to any reason beyond the control of the successful bidder. Bank will leverage the effort
of the existing System Integrator for the EMS tool configuration for the bidder’s proposed
solution and its SLA measurement. The existing System Integrator of Bank will configure the
operational parameters in the tool and define the threshold for Service level as defined in this
document for reporting purpose. The basis of availability will solely be determined by the
reports output from the EMS tool. All the SLA will be measured considering dependency
of any other third party assets, w h i c h has contributed to the breach.
Bank shall reserve the right to perform root cause analysis (RCA) by its internal team(s) or
engage external parties to perform the same. The successful bidder shall cooperate with
the team performing the procedures. Decision taken by Bank for RCA performed shall be
final.

Recovery Site (DR)
7.34. ANNEXURE H: TECHNICAL SPECIFICATIONS
Interested Bidders who are experienced in providing solution and meeting the technical
specification as mentioned below may respond to this RFP in terms of availability of
specifications. Please note that 100% compliance of Technical Specifications mentioned
below is mandatory for the bidders in order to be technically qualified. These features
will be part of scope of work. For each technical specification necessary evidence must be
submitted. The technical, functional/features requirements of solution include all but not limited
to the Technical specs mentioned under this Annexure.
Sr. Complied
Technical Specification for Anti-DDoS Solution
No (Yes/No)
Proposed solution should have two appliances in DC and two

1 appliances in DR and should support Active - Active and Active –
Passive (High Availability in both cases) deployment
Appliance should have sufficient port to cater current and future

requirements. However proposed solution will have minimum ports as:
2
8x10G ports (SR/LR Fiber) or (SFP + Fiber port) and 2x25G/2x40G
(SR/LR Fiber)
System will have throughput license approach as below:

A. For On Prim Appliance: -
For Legitimate Traffic: 1 Gbps and should be scalable up to 20
Gbps without additional Hardware,
3 B. For DDoS Cloud Mitigation:
For Legitimate Traffic: 2 Gbps from day 1 and scalable upto 10
Gbps on demand basis.
For Malicious Traffic Mitigation: There should be no limitation,
scrubbing should provide mitigation for unlimited traffic.
Proposed product/solution should be stateless Technology not having

4 any kind of state limitation e.g. TCP connections OR Proposed DDoS
product/solution should be stateless in nature
The proposed solution must be purpose built DDoS prevention

dedicated appliance based solution. Not a part of Router, UTM,
5
Application Delivery Controller, Proxy based architecture or any
Stateful Device
The proposed DDoS Solution should support cloud signalling to signal
to upstream ISPs or managed service provider who is providing anti-
DDoS cloud service for Volumetric DDoS attack mitigation and for any
other attack that can be mitigated through cloud services. The on
6 premise DDoS appliance should integrated Tier 1 ISP's Scrubbing
Center solution in India , or OEM'S Scrubbing Center solution in India.
Appropriate proof needs to be submitted. There should be no manual
intervention for starting the volumetric mitigation, it should be
automatically with less than 1 min.

Recovery Site (DR)
The Anti-DDOS Appliance should support inbuilt Threat intelligence

Gateway (TIG) feature for inbound and outbound threat blocking.
Feasible to support third party threat feeds in industry standard STIX &
TAXII protocol and proposed solution should support integration with
an external Threat Intelligence Platform (TIP) like Anomali, Cyware,
etc. OEM have to have their own Threat Research Team that should
provide a Threat Intelligence feed as part of the solution. Inbuilt
7 mechanism to inspect traffic with external threat feed & manual addition
of IOC'S and shall support at least 2 Million IOC's for inline blocking
(URL, domain and IP address subnet etc.). IP Reputation to detect and
block requests from Malicious Sources (SPAM / BOTNETS /
Anonymous Proxies / TOR etc.). Manual addition of blocking IPs should
support bulk file upload utility such as .xls/.csv/ .txt etc. and there
should be no limitation, but overall should be 2 Million of blocking of
IOC’s.
The proposed appliance must be latest but stable solution and must
not be END OF LIFE/END OF SUPPORT/END OF SOFTWARE
8 SUPPORT / END OF ENGINEERING SUPPORT (which includes all
kind of support viz. Hardware, Software etc.) till next Five years from
the contract start date or till the contract validity.
If Proposed hardware appliance becomes End of Life during said
9 contract period, OEM should replace the same with latest model (within
3 months at no additional cost to Bank ) (6 months before EOL)
The OEM should not be currently blacklisted by any Central/State Govt.
dept. /Public Sector/NPCI/IBA/RBI/SEBI or any other regulatory bodies
10 Unit. (Certificate from the Chief Executive / Authorized Officer of
Company). OEM should also provide minimum 3 references of Public
sector BFSI where technology is deployed in production in last 6 years.
The solution must have comprehensive dashboard and reporting
template readily available.The proposed solution should have GUI
based monitoring, configuration management, diagnostics and
11
reporting. The system must support configuration via standard up to
date web browsers. The proposed solution must support Web Based
GUI Management.
System should Protect from multiple attack vectors on different layers
12 at the same time with combination OS, Network, Application and Server
side attacks
Solution should be transparent bridge to pass 802.1q tagged frames

13
and other control protocols VLAN, L2TP and GRE traffic
The proposed system must have built-in hardware bypass for all
interface types. Work in fail open and fail close mode in all the ports
14 and should support software bypass capability or may be achieved
through additional external switch populated with same interfaces
capacity. The proposed switch should be of OEM itself.
Solution should detect misuse of application protocols in the network

15
like HTTP/DNS/VoIP/Mail/VPN/File/Rlogin

Recovery Site (DR)
The system should support, In-Line, Out-of-Path deployments modes

16 and both should work at the same time and on same hardware from
day 1.
The system should support deployment on a "logical link bundle"

17
interfaces through Link aggregation protocols like LACP
The DDoS Mitigation System should support Symmetric and

18
Asymmetric Traffic flows
The device should be fully integrated with an organization’s existing

19
security stack using REST API, SNMP, Syslog and STIX/TAXII
The system should have High Performance Stateless Architecture with

20 purpose built-in hardware to ensure that attack mitigation does not
affect normal traffic processing.
The proposed appliance should support minimum of 30 Million packet

21 per seconds on the same appliance. This performance figure must be
mentioned in public facing datasheet.
The proposed solution should support latency less than 80

22
microseconds and should be documented in datasheet.
The proposed solution should support dual redundant Hot-Swappable

AC power supplies from day one, and The proposed solution must be
23
rack-mountable in standard 42U Rack. The proposed solution should
support with High availability/Redundancy architectur
The proposed system should support Bypass Capable NIC in

24 combination of 1G (Copper/Fiber - SX/LX), 10G (SR/LR), 25G(SR/LR)/
40G(SR/LR)
The proposed solution have ready REST API for integration / Anti-
25
DDoS system for attack mitigation in custom portal
The proposed solution shall be integrated with RADIUS and TACACS+.

26 The proposed solution should support Role/User Based Access
Control and reporting functionality

Recovery Site (DR)
27 The proposed solution must support REST API management
28 The proposed solution should support SNMP v2/v3 MIB and Traps
DDoS solution should integrate with Network performance &

29
monitoring solution.
The proposed solution shall support Integration with SOAR and xSOAR
30
like Palo Alto xSOAR
The system must have a dedicated management port for Out-of-Band

management; Management interfaces must be separated from traffic
31 interfaces. System management must not be possible on traffic
interfaces, management interfaces must not switch traffic. Device
management interface must be firewalled internally.
The system must have supporting of tools for central monitoring.

32 System must support option for Centralized management of multiple
devices.
The proposed solution should support configuration and login audit

33
trails
The proposed solution should support Role/User Based Access

34
Control and reporting functionality.
System should have mechanism to upgrade the firmware and

35
application
OEM must have Technical support in India and able to raise TAC
36
support via partner in 24*7*365 basis
Bidder/OEM shall provide support in real-time to Bank during malware

37
outbreak, DDoS attacks to identify and mitigate attack
The bidder shall meet ISO/IEC 27001:2013 (Information Security

38 Management Systems), ISO/IEC 27032:2012 (Security Techniques --
Guidelines for Cybersecurity) compliance

Recovery Site (DR)
The proposed solution should provide DDoS attacks log backup and
39
Filterable/Exportable Attack Log
The proposed solution shall provide Email alerts and comprehensive

40
reporting including on-demand, on-schedule in multiple formats
The proposed solution should be able to offer granular drill down

41
reports based on hosts, sources, applications etc.
The proposed solution should provide the traffic statistics related to

42
Application / Protocols (Per Resource Group)
The proposed solution shall provide real time dashboard displaying

statistics on data such as total traffic, passed/blocked, top
IPs/services/domains, attack types, top sources by IP location (Geo IP)
and blocked sources, etc.
Traffic statistics – Attack vs. clean traffic; on-premises vs.
scrubbing center traffic
Attack alerts and information – Including attack vector, source,
target, bandwidth, and so on.
43 Attack distribution – By source/destination/vector
Attack status – Under attack/peacetime/diverted/cool-down
Collection, aggregation and visualization of attack data from on-
premises and Cloud equipment.
Automatic customizable periodical reports
Extended customization of SMTP mail alert settings for service
providers
• Should support integration with ticketing tool.
The proposed DDoS appliance must not have any limitations in
handling the number of concurrent session for DDoS attack traffic -
44
knowing nature of solution and should be clearly mentioned in public
facing datasheet
The proposed solution should support behavioural-based application-

45
layer HTTP and HTTPS DDoS protection
The proposed solution should support user customizable/user defined

46
signature or filters or payload/header based regular expressions
47 System should allow to write manual ACL's to block IP's

Recovery Site (DR)
Solution must support searching for IPs which have matched

48 IOCs/Blocked Hosts within last 10 days to understand if organisation
was targeted
System must have an In-Built updated IP reputation feed that has IOC
for Active DDoS vectors, Botnets, etc. that are actively propagating
49 DDoS attack vectors anywhere in the world. It should be automatically
updated at a configurable interval of 60 minutes to block and protect
network against active attackers
50 System should have options for Blacklist and White list IP Address
System should restrict the IP address from specific segment like from
51
TOR network
The proposed appliance should be able to block traffic based on Geo

52
location feed that is updated automatically at configurable intervals
The system should be capable to detect and mitigate both inbound and
53 outbound attacks. It should support blocking inbound and outbound
scanning and known brute force attempts
Anti-DDoS Appliance should support automated AI Analytics Engine,

Behavioural Analysis, Challenge-response methods or Auto-Signature
to detect and mitigate Zero day DoS, DDoS attacks. —protecting
54
against unknown DDoS attacks without manual intervention. The
system should not depend only on signatures for mitigation of DDoS
attacks.
The proposed solution must support Machine Learning based Adaptive

DDoS Protection that adapts to dynamically changing DDoS attacks by
55
automatically detecting new attack techniques and providing targeted
mitigation
The proposed system must be able to block invalid packets (including

checks for Malformed IP Header, Incomplete Fragment, Bad IP
Checksum, Duplicate Fragment, Fragment Too Long, Short Packet,
56 Short TCP Packet, Short UDP Packet, Short ICMP Packet, Bad TCP /
UDP Checksum, Invalid TCP Flags, Invalid ACK Number) and provide
statistics for the packets dropped. Solution should also support packet
Anomaly Protection.
57 The proposed system should protect from TCP Out-Of-State attacks

Recovery Site (DR)
The proposed system should Protect from multiple attack vectors on

58 different layers at the same time with combination OS, Network,
Application, and Server side attacks
The proposed system should support suspension/dynamic suspension

of traffic from offending source based on a signature detection, host
59
behavioural analysis, malformed packets, payload expression
matching
The proposed system must support connection limit option to limit
number of new connection on per source basis or in range or
60
equivalent. The proposed system must limit number of simultaneous
TCP connections on a per-client basis
The proposed system must allow Network Security policies to be

61 changed while the policy is in active blocking/running mode and should
not affect running network protection.
The proposed solution must detect and Mitigate attacks at Layer 3 to

62
Layer 7.
The proposed system must be able to detect and mitigate Spoofed

SYN Flood attacks and should support various different mechanisms
like but not limited to these.
a) TCP Authentication
63 b) TCP Out of Sequence Authentication
c) HTTP Authentication - Redirect
d) HTTP Authentication - soft reset
e) HTTP Authentication – JavaScript
The proposed system must be able to detect and block from Flood
based attacks on Network and Applications like - TCP, UDP, ICMP,
64 DNS, HTTP and various other Flood based attacks. Solution should
support deployment for all DNS flood detection and mitigation
(especially for random sub-domain attack)
The proposed system must be able to detect and block HTTP and
HTTPS GET/POST Flood and should support various mechanisms
like but not limited to these.
65 a) HTTP and HTTPS Header Regular Expressions
b) HTTP and HTTPS Rate Limiting
c) Rate-based Blocking
The proposed system should Protect from Brute

66
Force/reflection/dictionary & amplification attacks or equivalent
Centralized Console should also give both GUI and CLI access to the
67 DDoS scrubbing solution. The proposed solution should support CLI
access over console port and SSH

Recovery Site (DR)
Centralized Console should give Attack Analysis detection and

68 possible attack traffic should provide recommendations for mitigating
any attacks that it detects.
Centralized console should give consolidated DDoS historical and

69
trending reports from all the managed scrubbers
The proposed system should detect and mitigate different categories

of Network Attacks viz. Volume, Protocol, Application based attacks
etc. It should provide protection against non-volumetric attacks such as
70
but not limited to spoofed source attack, low and slow attack,
application attack, DNS poisoning, black nurse, SSL based DDOS
attack, fragmentation attack, shrew attack etc.
The proposed solution should support mitigation of Burst Attacks using

71 behavioural mechanisms, Signature or equivalent and various other
standard mechanisms.
The proposed solution should support Automatic adaptive thresholds

72
estimation for critical L3, L4 and L7 parameters
73 The proposed system must be able to detect and block Zombie Floods
The proposed system must support the dropping of idle TCP sessions
if client does not send a user-configurable amount of data within a
74
configurable initial time period and should dynamically blacklist the
offending sources.
The proposed solution should support IOC Types - IP Address/Fully

75
Qualified Domain Names/ URLs.
The proposed system must protect from DDoS attacks behind a CDN
76
by surgically blocking the real source IP address
The proposed solution should support SSL renegotiation & Cipher

77
Anomalies Attack Mitigation
The proposed solution must mitigate encrypted attacks and should

78
support minimum 35,000 SSL/ TLS CPS measured with 2048-bit key.

Recovery Site (DR)
The proposed system should protect against SSL/TLS Encrypted DoS

79
and DDoS threats both at the SSL/TLS Layer and HTTPS layer
The proposed solution should provide protection from known attack

80 tools that attack vulnerabilities in the SSL layer itself with a separate
SSL Decryption module on device or out of path
The proposed solution should have capability to identify malicious SSL/

TLS traffic based on behaviour analysis, payload inspection and must
81
protect against attacks that exploit SSL or TLS on application servers
such as Web, Mail, or secure VPN servers
The proposed solution shall detect SSL/ TLS encrypted attacks at Key
82
size 2K without any hardware changes.
In inline mode system must not modify MAC or IP addresses of passed

83
frames
The proposed solution should comply with IPv4 & IPv6 requirement
84 with required compliance and IPv6 label on appliance. It should detect
and mitigate IPV4 & IPv6 Attacks
85 The proposed system must prevent malware propagation attacks
The proposed system should support multiple segment protection for

86
minimum 6 segments
The device operating system should be hardened and the responsibility

87
shall fall on OEM to ensure and comply the same
The proposed DDoS solution should adhere with the strict SLA defined
as below:
• Time to Detect:
Non-Volumetric- Immediate, performed by on-premises DDoS
hardware
88 Volumetric- Detection is performed by the Service based on
Utilization Measurement Period. 5 minutes for a Link Utilization
Threshold of 90% (or more).
• Time to Alerts/Notify: 2 Minutes (SMS/E-mail Notification), 15
Minutes (Phone Call Notification)
• Time to Divert: 1 Minutes (Automatic Diversion), 15 Minutes
(Manual Diversion)

Recovery Site (DR)
• Time to Mitigate: 15 Minutes (Including GET/POST Attacks)

Consistency of Mitigation: Minimum 95%.
The hybrid DDoS Service should have GRE load balancing capability
89 in case of Multiple routers or Multiple service provider at Data centre.
GRE tunnel should not be limited to 1 Gbps traffic only.
The hybrid DDoS service should have protection against SSL/ TLS-
90 based attacks without requiring customers to provide full SSL/ TLS
certificates with private key and without adding latency in peacetime.
The proposed system should support Challenge-response (Layers 4 to

7) mechanisms without Scripts. System should support HTTP as well
91 as HTTPs Challenge Response authentication without Scripts. And
System should support DNS Challenge Response authentication:
Passive Challenge, Active challenge Both without scripts.
The proposed system should support for below methodology for
handling SSL/ TLS or encrypted traffic
Ability to detect SSL flood attacks without need to use any SSL
Certificate and rate-limit suspected source
Ability to challenge only first request of suspected SSL attack
92 source as well as all Sources and bypass authenticated or legit sources
from DDoS appliance to limit latency on SSL traffic for legit users
Ability to inspect with vulnerability for only suspected DDoS attack
traffic with SSL decryption
Ability to conduct full SSL inspection for all sources for complete traffic
inspection
The proposed Cloud scrubbing center should be located in India and
93 all traffic must be processed in India only. The proposed Cloud
scrubbing centre must have capacity of minimum 200Gbps
OEM Anti-DDoS solution should be deployed and used by at Tier 1
(class A) Internet service providers (ISPs) in India to protect their own
94
Core infrastructure from DDoS attacks and MSSP in India for Cloud-
based mitigation. (to be included in OEM eligibility)
Note-
➢ It is mandatory to submit the Technical & function compliance only in the prescribed
format above. Bank may ask the bidder to furnish the support documents in support of
any specification complied as available. Bank also reserves the right to validate the
responses through product demonstration / against valid documents supporting the
responses. Any non-compliance of Technical specs mentioned below may leads to
disqualification of bidders.
➢ Bidder to ensure that the technology to be deployed needs to be latest, latest version
of solution to be deployed and technology supplied should not be having residual life
of less than 5 years from the date of effectiveness of contract.
➢ Based on the response submitted by the bidders for above Weighted Score as part of
overall Technical Evaluation as mentioned in Annexure - B of this RFP document.

RFPATC 6 Anurag - Patel@mahabank - Co.in

Uploaded by

Copyright:

Available Formats

RFPATC 6 Anurag - Patel@mahabank - Co.in

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

RFPATC 6 Anurag - Patel@mahabank - Co.in

Uploaded by

Copyright:

Available Formats

RFP-28/2023-24 for Supply, Installation, Configuration, Integration, Implementation,

Request for Proposal

GEM BID NO-GEM/2023/B/4346582

Head Office, ‘LOKMANGAL’

GeM Bid No. GEM/2023/B/4346582 Page 1 of 126

Following terms are used in the document interchangeably to mean:

1 APT Advanced Persistent Threat

GeM Bid No. GEM/2023/B/4346582 Page 2 of 126

46 TCO Total Cost of Ownership

GeM Bid No. GEM/2023/B/4346582 Page 3 of 126

GeM Bid No. GEM/2023/B/4346582 Page 4 of 126

6.14. Aadhaar ACT ------------------------------------------------------------------------------------------------------------------------- 25

GeM Bid No. GEM/2023/B/4346582 Page 5 of 126

GeM Bid No. GEM/2023/B/4346582 Page 6 of 126

CURRENT HIGH-LEVEL TECHNOLOGY ENVIRONMENT

Bank’s vision is to be a vibrant, forward-looking, techno-savvy, customer-centric Bank serving diverse

GeM Bid No. GEM/2023/B/4346582 Page 7 of 126

2. INVITATION FOR TENDER OFFERS

Bid Collection and Submission Calendar

Tender Reference number 28/2023-24

Pre-Bid meeting with Bidders 29/12/2023 at 15:00 hours

Address of Communication Deputy General Manger IT

Website https://gem.gov.in ; https://www.bankofmaharashtra.in/tenders

GeM Bid No. GEM/2023/B/4346582 Page 8 of 126

GeM Bid No. GEM/2023/B/4346582 Page 9 of 126

3.1. Two Bid System Tender

Following officers have been authorized to accept the tender documents

Shri Shashikant Dhengale, Chief Manager-IT, Head Office, Pune

Shri Keshav M. Metkar, Sr. Manager- Head office Pune

The documents/credentials submitted must be super-scribed with the following information:

GeM Bid No. GEM/2023/B/4346582 Page 10 of 126

3.2. Terms and Conditions

3.3. Soft Copy of Tender document

3.4. Offer validity Period

3.5. Address of Communication

GeM Bid No. GEM/2023/B/4346582 Page 11 of 126

The Deputy General Manager

3.7. Rejection of Bids:

3.8. Opening of Offers by Bank:

3.9. Scrutiny of Offers

Scrutiny of Bids will be in three stages as under:

GeM Bid No. GEM/2023/B/4346582 Page 12 of 126

• Stage 1 – Eligibility criteria Evaluation

a) Eligibility Criteria Evaluation:

GeM Bid No. GEM/2023/B/4346582 Page 13 of 126

1. Bidders found eligible as per eligibility criteria defined by the Bank.

2. Bidders scoring 70% or more marks in technical bid evaluation.

3.10. Techno-Commercial Evaluation Criteria

S=( 0.3X C Minimum )+ ( 0.7X T Obtained )

C Minimum- Commercial Score Minimum Quote

3.11. Format for Technical bid

GeM Bid No. GEM/2023/B/4346582 Page 14 of 126

3.12. Masked Commercial bid

3.13. Format for Commercial bid

3.14. Erasures or Alterations

3.15. Location of Project Implementation

3.16. Contract Period

GeM Bid No. GEM/2023/B/4346582 Page 15 of 126

3.17. Fixed Price