request for proposal (rfp) for selection of system integrator for … · 2020. 11. 21. · request...

Request for Proposal (RFP) for Selection of System Integrator

for Supply, Installation and Maintenance of Network Access

Control Solution for Bank’s Network

Union Bank of India, Department of Information Technology

1/1A, Adi Shankaracharya Marg,

Opp. Powai Lake, Powai, Andheri East, Mumbai – 400072

RFP for Selection of System Integrator for NAC Solution

Page 2 of 135

Disclaimer

The information contained in this Request for Proposal (RFP) is provided to the Bidder(s)

on the terms and conditions set out in this RFP document. The RFP document contains

statements derived from information that is believed to be true and reliable at the date

obtained but does not purport to provide all of the information that may be necessary

or desirable to enable an intending contracting party to determine whether or not to

enter into a contract or arrangement with Bank in relation to the provision of services.

The RFP document is not a recommendation, offer or invitation to enter into a contract,

agreement or any other arrangement, in respect of the services. The provision of the

services is subject to observance of selection process and appropriate documentation

being agreed between the Bank and any successful Bidder as identified by the Bank,

after completion of the selection process as detailed in this document. No contractual

obligation whatsoever shall arise from the RFP process unless and until a formal

contract is signed and executed by duly authorized officers of Union Bank of India with

the Bidder. The purpose of this RFP is to provide the Bidder(s) with information to assist

the formulation of their proposals. This RFP does not claim to contain all the

information each Bidder may require. Each Bidder should conduct their own

investigations and analysis and should check the accuracy, reliability and completeness

of the information in this RFP and where necessary obtain independent advice. Union

Bank of India makes no representation or warranty and shall incur no liability under any

law, statute, rules or regulations as to the accuracy, reliability or completeness of this

RFP. Union Bank of India may in its absolute discretion, but without being under any

obligation to do so, update, amend or supplement the information in this RFP.


Page 3 of 135

GENERAL INSTRUCTIONS TO BIDDERS All bidders must note that this being E-tender, bids received only through online on E-tendering portal https://ubi.abcprocure.comshall be considered as an offer. Any bid submitted in physical form will not be received or opened and shall be summarily rejected.

Procedure for submission of E-tender by bidder:

Interested bidders who wish to participate should visit website https://ubi.abcprocure.com which is the ONLY website for bidding their offer. Further, the procedure is as follows:

1. Register your company in website https://ubi.abcprocure.com for obtaining a Login ID and Password.

2. Using the login ID, password and digital signature, login in to the tender portal

to download the tender document. It is mandatory for the Bidders to have a valid

Digital Signature Certificate – Signing and Encryption (Class – II or Class – III)

issued by any of the valid Certifying Authority approved by Govt. of India as per

IT Act, 2000. DSC on Organization name is required, if bidder want to participate

on behalf of his/her Company.

3. Pay Earnest Money Deposit (i.e., EMD) through Demand Draft (i.e. DD)/Bank

Guarantee (i.e. BG) and upload the scan copy in Website.

4. Upload supporting documents by clicking “Mapped Documents”. Then submit the

tender. Take a print screen of “Bid successfully submitted” message for

reference.

5. Primary Contact Numbers:-+91-9081000427, 9904407997

a. Imtiyaz Tajani 079 – 6813 6831 [email protected] b. Ekta Maharaj 079 – 6813 6852 [email protected] c. Salina Motani 079 – 6813 6843 [email protected] d. Sujith Nair 079 – 6813 6857 [email protected] e. Deepak Narekar 079 – 6813 6863 [email protected] f. Jainam Belani 079 – 6813 6820 [email protected] g. Devang Patel 079 – 6813 6859 [email protected]

6. Alternate Contact No.:- Mr. Anshul Juneja:- 079-68136809/6815/6824,

M:9879996111, [email protected].

7. System requirement for online bid submission:

a. Computer / Laptop (Notebook) with internet connection of minimum 256

kbps speed.

b. Operating system - Windows XP Service pack -3 / VISTA/ Windows 7 or above.

8. Bidder must submit the offer before online closing date & time. The website will

automatically stop accepting the offer after online closing date and time.

NOTE: Submission of any bid document through offline mode will not be accepted except Cost of RFP, Bid Security (EMD) and Pre-Contract Integrity Pact (on plain paper) signed by authorized signatory and should be submitted on or before last date & time of bid

submission.

https://ubi.abcprocure.com/http://www.tenderwizard.com/MMRCmailto:[email protected]


Page 4 of 135

Abbreviations The long form of some abbreviations commonly used in the document is given below:

S.No Abbreviations Description

1. 1 AD Active Directory.

2. AMC Annual Maintenance Contract or AMC is the annual cost incurred on maintenance of proposed solutions.

3. ATM Automatic Teller Machine

4. ATS Annual Technical Support

5. AV Antivirus.

6. Bank/ Purchaser/ Union Bank

Reference to the “the Bank”, “Bank” and “Purchaser” Shall be determined in context and may mean without limitation “Union Bank of India, i.e. amalgamated entity consisting of Union Bank of India, erstwhile Corporation Bank (eCB) and erstwhile Andhra Bank (eAB) combined and it’s Foreign Offices, Foreign Subsidiaries and Domestic Subsidiaries”.

7. BFSI Banking, Financial Services and Insurance

8. BG Bank Guarantee

9. Bidder/ Service Provider/ System Integrator

An eligible entity/ firm submitting a Proposal/ Bid in response to this RFP.

10. DC Data Center

11. DIT Department of Information Technology, UBI

12. DR Disaster Recovery

13. e-AB Erstwhile Andhra Bank

14. e-CB Erstwhile Corporation Bank

15. EMD Earnest Money Deposit

16. Endpoints Any IP/ MAC enabled device viz. PCs, laptops, printers, ATMs, CCTV cameras, Video Conferencing devices, networking devices, security devices and IOT devices.

17. IP Internet Protocol

18. ISDN Integrated Services Digital Network

19. MAF Manufacturer Authorization Form

20. MPLS Multiprotocol Label Switching

21. MSME Micro, Small & Medium Enterprises

22. NAC Network Access Control.

23. NDA Non-Disclosure Agreement

24. NSIC National Small Industries Corporation

25. OEM Original Equipment Manufacturer or OEM is the organization which have developed/ created the product/ software and hence is entitled to distribute the same.

26. PBG Performance Bank Guarantee

27. PDF Portable Document Format


Page 5 of 135

S.No Abbreviations Description

28. PO Purchase Order

29. Project Cost Project cost would be Licensing Cost/ Initial cost/ Onetime cost/ Fees/ Development Cost/ Installation cost/ Implementation and Commissioning cost/ Integration cost with Existing systems/ Customization cost/ Training cost/ Technical assistance.

30. Proposal/ Bid The Bidder’s written reply or submission in response to this RFP.

31. PSB Public Sector Bank

32. PSU Public Sector Undertaking

33. RCC Regional Computer Cell

34. RFP The request for proposal (this document) in its entirety, inclusive of any addenda that may be issued by the Bank.

35. RO Regional Office

36. SLA Service Level Agreement

37. Solution/ Services/ Work/ System

“Solution” or “Services” or “Work” or “System” or “IT System” means all services, scope of work and deliverables to be provided by a Bidder as described in the RFP and include services ancillary to the development of the solution, such as installation, commissioning, integration with existing systems, provision of technical assistance, training, certifications, auditing and other obligation of the Supplier covered under the RFP.

38. Supplier/ Contractor/ Vendor

Selected Bidder/ Service Provider/ System Integrator under this RFP.

39. TCO Total Cost of Ownership

40. The Bank Amalgamated entity i.e. consolidated entity consisting of Union Bank of India, erstwhile Andhra Bank (e-AB) and erstwhile Corporation Bank (e-CB) combined.

41. TO Technical Offer

42. UBI Union Bank of India

43. Union Bank Pre-amalgamated Union Bank of India

44. VSAT Very Small Aperture Terminal

45. ZCC Zonal Computer Cell

46. ZO Zonal Office


Page 6 of 135

Schedule of Events & Bid Details Ref. No. UBI/DIT/2020-21/NAC/17

Start Date& Time of issue of RFP/ Document Download

21.11.2020 at 11:00 Hours

Last date and time for submission of query

27.11.2020 by 17:00 Hours

Last date and time of Downloading of RFP

18.12.2020 by 15:00 Hours

Last date and time for submission Of Bidding Document

18.12.2020 by 16:00 Hours

Date and Time of Technical Bid Opening

18.12.2020 by 16:15 Hours

Place of opening of Bids (Online)

Union Bank of India, Department of Information Technology (5thFloor), 1/1 A, Technology Centre, Adi Shankaracharya Marg, Opp. Powai Lake, Andheri (East), Mumbai-400072.

Address & Contact Numbers As above Tel:(022) 25710507/528

Cost of RFP (Non-Refundable) Rs.2,500/- (Rupees Two Thousand Five Hundred only)

Security Deposit/Earnest Money Deposit (EMD)

Rs.40,00,000/- (Rupees Forty Lac only) in the form of Demand Draft in favor of Union Bank of India, payable at Mumbai. EMD can also be paid in the form of Bank Guarantee (BG) of any scheduled commercial Bank other than Union bank of India, e-Andhra Bank and e-Corporation Bank and should be valid for 6 months from the date of submission with a claim period of 45 days.

Contact details Interested Bidders are requested to send the email to: [email protected], [email protected], [email protected] containing below mentioned information, so that in case of any clarification same may be issued: Name of company, contact person, Mailing address with Pin Code, Telephone No., Mobile No., email address etc.

Note: Bids once submitted will be treated as final and no further correspondence will be entertained on this. No bid will be modified after submission of bids. No bidder shall be allowed to withdraw the bid.

mailto:[email protected]:[email protected]


Page 7 of 135

Table of Contents

Sl. No. Items Page No.

1. Introduction ......................................................................................................................... 10

2. Integrity Pact (IP) ............................................................................................................... 10

3. Objectives of the RFP ........................................................................................................ 10

4. Definitions ............................................................................................................................ 11

5. Present Technical Environment ....................................................................................... 11

6. Invitation of Tender Bids ................................................................................................... 13

7. Eligibility Criteria ............................................................................................................... 13

8. Broad Scope of Work .......................................................................................................... 16

9. Project Plan for Implementation ..................................................................................... 29

10. Proof of Concept (POC) ..................................................................................................... 31

11. Project Validity ................................................................................................................... 31

12. Cost of Bidding .................................................................................................................... 31

13. Language of Bid .................................................................................................................. 31

14. Instructions for Bid Submission ........................................................................................ 32

15 Price Composition............................................................................................................... 46

16 Taxes and Duties ................................................................................................................. 47

17 Rejection of Bid .................................................................................................................. 47

18 Modification and Withdrawals of Bid .............................................................................. 48

19 RFP Response....................................................................................................................... 48

20 Patent Rights ....................................................................................................................... 49

21 Payment Terms ................................................................................................................... 49

22 Order Cancellation ............................................................................................................. 50

23 Adherence to Cyber Security Systems ............................................................................ 51

24 System Maintenance Standard ......................................................................................... 52

25 Annual Maintenance Contract/ Annual Technical Support ......................................... 52

26 Warranty .............................................................................................................................. 53

27 OEM Authorization .............................................................................................................. 54

28 Liquidated Damages (LD) .................................................................................................. 54

29 Service Level Agreement .................................................................................................. 55

30 Authorized Signatory .......................................................................................................... 59

31 Confidentiality .................................................................................................................... 60

32 Indemnity& Limitation of Liability .................................................................................. 60

33 Intellectual Property Rights.............................................................................................. 63

34 Non-Transferable Offer ..................................................................................................... 63

35 Responsibility for Completeness ...................................................................................... 63


Page 8 of 135

36 Force Majeure ..................................................................................................................... 63

37 Exit Clause ........................................................................................................................... 64

38 Termination of Contract ................................................................................................... 64

39 Audit ..................................................................................................................................... 65

40 Contract Period ................................................................................................................... 66

41 Normalization of Bids......................................................................................................... 66

42 Conflict of Interest ............................................................................................................. 67

43 Repeat Order ....................................................................................................................... 67

44 Insurance .............................................................................................................................. 67

45 RFP Ownership .................................................................................................................... 68

46 Proposal Ownership ............................................................................................................ 68

47 Tender/RFP Cancellation .................................................................................................. 68

48 Publicity ............................................................................................................................... 68

49 Arbitration ........................................................................................................................... 68

50 Jurisdiction .......................................................................................................................... 68

51 Submission of Bids .............................................................................................................. 69

52 Annexure A – Letter of Acceptance ................................................................................. 70

53 Annexure B– Bidder’s Profile Format .............................................................................. 72

54 Annexure C– Eligibility Criteria ........................................................................................ 73

55 Annexure D – Functional Requirement ........................................................................... 77

56 Annexure E – Compliance to RFP Terms & Conditions ................................................. 85

57 Annexure F – Un-priced Commercial Bid ........................................................................ 87

58 Annexure G – Indicative Commercial Bid ....................................................................... 91

59 Annexure H– Declaration for Compliance ...................................................................... 95

60 Annexure I - Undertaking by Bidder ................................................................................ 96

61 Annexure J– Confidentiality / Non-Disclosure Agreement .......................................... 97

62 Annexure K – Reference Site Details ............................................................................. 103

63 Annexure L - Business Rules for Reverse Auction ....................................................... 104

64 Annexure L (A) - Compliance Statement – Reverse Auction ..................................... 112

65 Annexure L (B) - Letter of Authority for Participation in Reverse Auction ........... 113

66 Annexure L (C) - Undertaking of Process Compliance Statement for R A .............. 114

67 Annexure M – Format for Performance Bank Guarantee ........................................... 116

68 Annexure N – Pre-Contract Integrity Pact .................................................................... 119

69 Annexure O- Letter for Refund of EMD ......................................................................... 126

70 Annexure P – Bid Query Format ..................................................................................... 127

71 Annexure Q - Bank Guarantee for EMD ......................................................................... 128

72 Annexure R – Know Your Employee (KYE) Clause ....................................................... 130

73 Annexure S – Certificate for EMD Waiver for MSME/NSIC Firms ............................... 131


Page 9 of 135

74 Annexure T – Certificate of Local Content .................................................................. 132

75 Annexure U – Restriction on Procurement due to National Security ...................... 133

76 Annexure V - Undertaking of Information Security .................................................... 134

77 Annexure W – Hardware and Software Specifications ............................................... 135


Page 10 of 135

Union Bank of India

1. Introduction

1.1. Union Bank of India (hereinafter referred to as The Bank), is one of the leading Nationalized banks in India having a network of over 9500 branches, 125 Regional Offices, 18 Zonal Offices and 15000 ATMs spread across the country, with its business mix of over Rs.15.4 Lac Crore as of 30thJune 2020. Bank also provides services to its customers through alternate channels such as Internet Banking, Debit Cards, and Mobile Banking, etc.

1.2. The Bank is requesting proposal for “Supply, Installation and Maintenance of

Network Access Control Solution for Bank’s Network”. 1.3. The Data Center (DC) of the Bank is located at Mumbai and Disaster Recovery

(DR) Site at Bengaluru. 1.4. The Bank has connected its Offices/Branches through dedicated Leased Line,

MPLS, VSAT, ISDN, 3G, 4G, etc. 1.5. The Bank may increase the number of endpoints as per business requirements

on time to time basis.

2. Integrity Pact (IP)

Venders/bidders/sellers, only those who commit themselves to Integrity Pact (IP)

with the Bank, would be considered competent to participate in the bidding

process. In other words, entering into this pact would be the preliminary

qualification. IP shall cover all phases of contract i.e. from the stage of Notice

Inviting Tenders (NIT)/Request for Proposals (RFP) till the conclusion of the

contract i.e. final payment or the duration of warrantee/guarantee. Format of IP

is attached as Annexure N for strict compliance.

The following Independent External Monitors (IEMs) have been appointed by the

Bank, who will review independently and objectively, whether and to what extent

parties have complied with their obligation under the pact.

a. Mr. B Ravichandran, IRS (C&CE) (Retd.),

E-mail- [email protected]

b. Mr. Ashwani Kumar,

E-mail- [email protected]

3. Objectives of the RFP

Union Bank of India requires to secure its endpoint and network environment by

enforcing compliance check before allowing entry to its network. The bank also

needs to continuously check compliance of all endpoints admitted to its network.

The bank wishes to use Network Admission/ Access Control to obtain above

mentioned objective.

mailto:[email protected]:[email protected]


Page 11 of 135

4. Definitions

4.1. ‘Bank’ means unless excluded by and repugnant context or the meaning

thereof, shall mean ‘Union Bank of India’, described in more detail in paragraph

1 above and which has invited bids under this Request for Proposal and shall be

deemed to include it successors and permitted assigns.

4.2. ‘RFP’ means this Request for Proposal prepared by Union Bank of India for

Selection of System Integrator for Supply, Installation and Maintenance of

Network Access Control Solution for Bank’s Network.

4.3. ‘Bidder’ means a vendor submitting the proposal in response to this RFP.

4.4. ‘Contract’ means the agreement signed by successful bidder and the Bank at

the conclusion of bidding process, wherever required.

4.5. ‘Proposal’ means that Technical/Financial proposal including any documents

submitted by the bidder as per the formats prescribed in the RFP.

4.6. ‘Solution’ means Selection of System Integrator for Supply, Installation and

Maintenance of Network Access Control Solution for Bank’s Network.

5. Present Technical Environment

5.1. NAC solution implementation in Union Bank of India: 5.1.1. Presently, Union Bank is having Aruba NAC implemented in its environment.

Erstwhile Andhra Bank (e-AB) and erstwhile Corporation Bank (e-CB) are using Pulse secure and Forescout NAC solutions respectively.

5.1.2. Union bank has implemented HP Aruba NAC (agentless) solution for 35000 endpoints and existing infrastructure was procured in OPEX model.

5.1.3. Network Access Control (NAC) solution of e-Corporation Bank has been

implemented and their existing infrastructure has the capability to cater requirement of approximately 40,000 nodes.

5.1.4. eAB has implemented Pulse secure NAC in their environment.

5.1.5. The existing count of licenses is given below in the ‘Table 1’.

Table 1: Details of available licenses

Product/ Solution No. of Licenses Nature of licenses Subscription expiry date

HP Aruba CPPM (Union Bank)

35000 Subscription June 2021

Pulse secure (e-AB) 20000 Subscription November 2022

Forescout (e-CB) 22000 Perpetual September 2025


Page 12 of 135

5.1.6. If the selected bidder proposes using existing NAC solution, then it has to

renew and upgrade existing NAC licenses of proposed solution for the contract period and provide additional licenses as required. Incase bidder propose any other NAC solution, the new solution must have equal or better feature than existing one.

5.2. Geographical Spread:-

5.2.1. Data Center (DC): Powai, Mumbai 5.2.2. Disaster Recovery (DR) site: Bengaluru 5.2.3. Field General Managers Offices (FGMO): 18 5.2.4. Regional Offices (RO): 125 5.2.5. Branch Offices (BO): 9500+ (Across India) 5.2.6. Overseas representative office and subsidiaries: 4 5.2.7. Training Centers/ College: 15

5.3. Network Infrastructure in Branches

5.4.1. More than 95% of the branches are having MPLS connections of 1MBPS or

higher bandwidth with sufficient redundancy. Bank is in process of implementing Software Defined Wide Area Network (SDWAN) in all its branches enabling aggregation of bandwidth, enabling enhanced link performance.

5.4.2. Bandwidth wise breakup of branches is given in ‘Table 2’ below:

Table 2: Details of Network Bandwidth

Bandwidth e-CB e-AB Union bank Total

>2 MBPS 74 42 88 204

1 MBPS – 2 MBPS 2433 2557 4195 9185

512 KBPS – 1 MBPS 36 235 6 277

< 512 KBPS 6 75 0 81

VSAT 14 50 22 86

Total 9833

5.4.3. Bank’s DC and DR are interconnected with MPLS as well as point-to-point links. Bandwidth of these links gets revised based on business requirement and consolidated traffic flow across the three sites and branches/ offices.

5.4.4. The Bank is having a heterogeneous mix of network devices deployed

across its geographical location to enable network connection between branches/ offices. Bank is using Switches and Routers of Cisco, Huawei, HP, etc. in its network.

5.4. Desktop Configuration at Branches/Offices

5.4.1. The Bank is having approximately 80000 endpoints including Desktops,

Laptops, Servers, Virtual environments, etc. Roughly, 75000 endpoints are being used by end users and 5000 are servers and/ or used in DC or DR


Page 13 of 135

location of the Bank.

5.4.2. Bank may in near future go for Virtual Desktop Infrastructure (VDI). In such case the number of endpoints covered in the solution may reduce in future. Bank will have the rights to reduce the number of endpoints covered in the solution.

6. Invitation of Tender Bids This RFP is an invitation for bidder’s responses. No contractual obligation on

behalf of the Bank whatsoever shall arise from the RFP process unless and until

a formal contract is signed & executed by duly authorized officers of the Bank

and the successful bidder. However, until a formal contract is prepared and

executed, this offer together with Bank’s written acceptance & notification of

award shall constitute a binding contract with the successful bidder.

Bidders are expected to examine all instructions, forms, terms, specifications,

and other information in the RFP document. Failure to furnish any information

required by the RFP document or to submit a bid not substantially responsive

to the RFP document in every respect will be at the Bidder’s risk and shall result

in the rejection of its bid. The procedure and terms & conditions for submission

of bid are enumerated in this RFP.

All offers of the bidders shall be unconditional and once accepted whether with or

without modifications by the Bank shall be binding between the Bank and such

Bidder.

The RFP Document can be downloaded from Bank’s Website

www.unionbankofindia.co.in or from Government portal eprocure.gov.in or e-

Procurement Portal ubi.abcprocure.com. The response should be uploaded

online at the e-procurement Portal https://ubi.abcprocure.com.

7. Eligibility Criteria

Only those Bidders who fulfill the following criteria are eligible to respond to the

RFP. Document/s in support of eligibility criteria are required to be submitted

along with the Technical Bid. Offers received from the bidders who do not fulfill

any of the following eligibility criteria are liable to be rejected.

7.1. The bidder has to submit Integrity Pact (IP) signed by authorized signatory as

prescribed format mentioned in Annexure N on plain paper in advance (not prior

to issuance of RFP) or at the time of bid submission. Bidder shall be liable for

rejection in case of non-submission of the same.(Integrity Pact (IP) as per

Annexure N on plain paper is to be submitted).

7.2. The bidder should be a company registered in India as per Company Act 1956

http://www.tenderwizard.com/UBOIhttp://www.tenderwizard.com/UBOI


Page 14 of 135

/2013 or a partnership firm / a Limited Liability Partnership company under the

Limited Liability Partnership Act 2008 in India and should be in existence for last

5 years from the date of issuance of RFP. (Certificate of incorporation/certificate

for commencement of business/other relevant documentary proof is to be

submitted).

7.3. The bidder should have minimum annual turnover of Rs.75.00 Crore in each of the

last three financial years i.e. 2017-18, 2018-19 and 2019-20 as per the audited

balance sheet available at the time of submission of tender. In case the audited

financials for the year 2019-20 is not finalized, Provisional Balance Sheet of 2019-

20 should be submitted. This must be the individual company turnover and not

that of any group of companies. (Copies of the audited balance sheet and Profit

& Loss Statement of the company showing the same is to be submitted.)

7.4. Bidder should have positive operating Profit (as EBITDA i.e. Earnings Before

Interest, Tax, Depreciation & Amortization) in the last three financial years i.e.

2017-18, 2018-19 and 2019-20. In case the audited financials for the year 2019-

20 is not finalized, Provisional Balance Sheet of 2019-20 should be submitted.

(Copies of the audited balance sheet and Profit/Loss statement of the company

is to be submitted.)

7.5. The proposed OEM solution must have at least 3 deployments in BFSI/Government

organization/ Public Sector in India totaling to minimum 1,00,000 IP devices

during last 5 financial years (i.e. 2015-16, 2016-17, 2017-18, 2018-19 and 2019-

20) from the date of issuance of the RFP. (Purchase Order and Project Sign-off

for satisfactory implementation to be furnished from the organization)

7.6. The Bidder must have already executed and should have successfully

implemented proposed NAC solution in minimum one BFSI/ PSB/ PSU/

Government Organization in India totaling to minimum 10000 endpoints during

last 5 financial years (i.e. 2015-16, 2016-17, 2017-18, 2018-19 and 2019-20) from

the date of issuance of the RFP. (Purchase Order and Project Sign-off for

satisfactory implementation to be furnished from the organization)

7.7. Bidder should have experience of minimum 2 years in providing support or

Service Desk support for Network Access Control (NAC), to similar kind of project

as System Integrator for large deployment i.e. more than 15000 endpoints during

last 3 financial years (i.e. 2017-18, 2018-19 and 2019-20) from the date of

issuance of the RFP. (Supporting document- Bidder (SI) should provide Copy of

the Purchase order and/ or Certificate of completion of the work.)

7.8. Bidder should be either an Original Equipment Manufacturer (OEM) of

devices/software solutions or authorized partner of OEM. In case the bidder is

an Authorized partner of the OEM, Bidder needs to provide Manufacturer

Authorization Form (MAF) from OEM stating that bidder is authorized partner of

OEM and authorized to participate in this tender and in case the bidder is not


Page 15 of 135

able to perform obligations as per contract during the contract period,

contracted services will be provided by OEM. OEM can quote directly or through

authorized partners. However, both i.e. OEM & their authorized partner cannot

participate in the RFP. In case, both (OEM & his authorized partner) participate,

only bid of the OEM will be considered. (Supporting document- Authorization

letter from OEM.)

7.9. The Bidder should have at least 20 technically skilled Engineers in their rolls who

are direct employees of the Bidder and who are having minimum 3 years of

experience in configuring and maintaining NAC solution from the date of issuance

of the RFP. Bidder should have minimum 4 engineers having OEM certification on

proposed solution. (Supporting document- undertaking to be submitted

containing name, employee number, qualification, OEM Certification and

experience (in years) in bidder’s letter head).

7.10. The Bidder should have support offices at Mumbai and Bengaluru. (Undertaking

to be submitted in bidders letter head, with address and contact details).

7.11. OEM should have full-fledged office or Technical support center in India.

(Undertaking to be submitted in OEM’s letter head, with address and contact

details)

7.12. The companies or firms, bidding for the above tender, should have not been black

listed by any of Government Authority or Public Sector Undertaking (PSUs). The

bidder shall give an undertaking (on their letter head) that they have not been

black listed by any of the Govt. Authority or PSUs. In case, in the past, the name

of their Company was black listed by any of the Govt. Authority or PSUs, the same

must have been removed from the black list as on date of submission of the

tender, otherwise the bid will not be considered. (An undertaking to this effect

must be submitted in their letter head as per Annexure I).

Note: Vendor must comply with the above-mentioned criteria. Non-compliance

to any of the criteria can entail rejection of the offer. Photocopies of relevant

documents/certificates should be submitted as proof in support of the claims

made for each of the above-mentioned criteria. The Bank reserves the right to

verify/evaluate the claims made by the vendor independently. Any

misrepresentation will entail rejection of the offer.

The participating bidders are required to submit unambiguous documentary

evidences, in support of their meeting the above eligibility criteria. The bidder

must comply with all above mentioned criteria. Non-compliance of any criteria

will entail rejection of the bid summarily.

Bank reserves the right to verify/evaluate the claims made by the bidder

independently. Any decision of the Bank in this regard shall be final, conclusive


Page 16 of 135

and binding upon the bidder. The Bank may accept or reject an offer without

assigning any reason what so ever.

All documentary evidence/certificates confirming compliance criteria should be

part of eligibility criteria.

8. Broad Scope of Work

8.1 Network Access/ Admission Control (NAC) solution should control access to the network with policies, including pre-admission endpoint security policy checks and post-admission controls over where users and devices can access the Bank’s network. The management of the solution should be done centrally through a Central Manager to be delivered by the successful bidder.

8.2 Successful Bidder will provide detailed solution architecture, design, traffic flow and plan of implementation before final deployment of the NAC solution. The Successful bidder should submit the required technical details, brochure of all the products offered duly supported by schematic diagrams, solution document and technical specifications of each component offered should be furnished as part of the Technical Bid. All documents must be verified & certified by the OEM.

8.3 Bidder must submit, along with the technical bid, the deployment plan with

hardware sizing as per Bank‘s environment, all the pre-requisites required for solution deployment which may include the list of ports, services and configuration changes required to be made available on the network equipment like Firewall, Router, Switches etc. at all the locations for implementing the solution.

8.4 Bidder must ensure integration of proposed solution with Bank’s Active

Directory, SIEM, Antivirus & Endpoint Detection and Response, Patch Management for context exchange and auto-remediation.

8.5 The successful bidder needs to coordinate with the respective Branches/

Regional Offices/ Zonal Offices/ Central Office with respect to implementation and troubleshooting, etc. of the proposed solution.

8.6 The successful bidder has to provide detailed SOP and checklist for

implementation at Branches/ Regional Offices/ Zonal Offices/ Central Office.

8.7 The successful bidder needs to ensure that all IP devices viz. Desktops, Laptops, ATMs, Kiosks (Passbook Printers, etc.), Printers, Scanners, Video Conferencing Devices, IP Phones, Cash Deposit Machine, Cash Recycler machines, IP Cameras, etc. are brought into purview of NAC.

8.8 Successful bidder’s technical/ implementation team will be onsite till complete

installation, implementation and project signoff. Project shall be supervised by the OEM and Signoff will be given upon successful implementation of the proposed solution to Bank’s satisfaction.


Page 17 of 135

8.9 Bidder is responsible to ensure timely delivery of requisite hardware/ appliance, software and licenses to the Bank at sites identified by the Bank. If any of the items are not delivered/not as per the specification/ are damaged etc., the bidder will take immediate steps and ensure all the items are delivered so that the installation is not hampered/ delayed. The Bidder shall have to arrange equipment and tools required for installation, maintenance, and also arrange the vehicle for transport at no additional cost to the Bank.

8.10 During the implementation, the performance or security of the existing network setup should not be compromised.

8.11 The successful bidder shall handle all matters including the configuration,

implementation, operation, monitoring, management and maintenance of the NAC devices. All necessary connecting cables and other accessories need to be provided by the bidder at their own cost.

8.12 The bidder shall also be responsible for other related activities such as operation,

inspection, etc. Integration involves changes need to be made in configuration of the supplied equipment to enable all the functional features to work in tandem with the existing devices.

8.13 Changes shall be made in the existing infrastructure of the Bank only after taking

approval from the Bank.

8.14 The deployment should support a zero touch deployment approach. Deployment should be done with no downtime and must not impact to the working of Bank’s branches/ offices.

8.15 The Bank reserves the right to shift the hardware/ appliance provided by the

Bidder to suitable location(s) as per Bank’s requirement during the contract period. The bidder will arrange for such decommissioning, relocation and subsequent installation, configuration and integration with no additional cost to the Bank. However, shifting cost if any will be borne by the Bank.

8.16 The processing requirements, house-keeping requirements, operational

requirements and future capabilities, implementation requirements, interfaces with other systems and issues relating to Security and Controls have to be comprehensively taken care of and provided for, in the proposed solution.

8.17 The Successful bidder should be able to extend local support at towns where

Bank’s regional offices and zonal offices are located and Toll free number for troubleshooting/ complaint logging.

8.18 The Successful bidder to work closely with the existing Network Integrator and

System integrator of the Bank to achieve minimum downtime during entire contract period.

8.19 In case existing device which reaches threshold value of 70% resource utilization,

bidder has to replace existing model with higher capacity model or need to upgrade the existing model as to take care any future load without any extra cost to the Bank.


Page 18 of 135

8.20 General Scope

The validity of this project including procurement of hardware, software, licenses, implementation and maintenance is of 5 years. Duration of validity of the project will be calculated starting from the date of obtaining sign-off from the Bank after successful implementation of technologies/ solutions specified in this document to Bank’s satisfaction. Hence, Bidder must keep following in consideration during supply and installation of Hardware/ Software and licenses required for the proposed solutions:

8.20.1 As mentioned in ‘Table 1: Detail of available licenses’ Bank owns 22000 licenses of Forescout NAC and 20000 licenses of Pulse secure NAC. Bidder shall refer to ‘Table 3’ for license sizing requirement of the Bank.

Table 3: Scope of NAC

Solution Item Count

Network Access Control solution with Hybrid model

Licenses with 5 years support (for end points)

80000

Licenses with 5 years support (for Network devices, printers etc)

60000

Total 140000

Hardware for Management, Policy Enforcement and Reporting through NAC solution

8.20.2 While quoting solution, the Bidder shall account for existing licenses available with the Bank and hence quote for balance licenses. Similarly, Bidder shall also account for existing appliances/ hardware available with the Bank. Re-installation, re-configuration and movement of the hardware/appliances to appropriate location as desired by the Bank will be done by the bidder at no extra cost to the Bank.

8.20.3 The hardware should conform to best practices to ensure minimum 99.5% service availability.

8.20.4 Hardware/ Software configuration for all solutions must be as mentioned

below, unless specified otherwise in subsequent subsection of solution itself.

A. Hardware/ Software configuration for all solutions must be in failover mode i.e. Active-Active in Primary site/ Data Center (DC) and Secondary site/ Disaster Recovery (DR).

B. Appliance/ Hardware must be made available in N+1 redundancy in Primary site and secondary site to achieve the high availability.

C. Management/ Policy manager server must be available in HA in DC and

standalone in DR.

D. All hardware must come with 3 years of warranty and 2 years of AMC post completion of warranty period. There should be provision of extension of AMC for a further period upto 2 years.

E. Seamless synchronization of policies and data between the two sites must

be ensured at all time with maximum permissible delay of 15 minutes.


Page 19 of 135

F. Hardware proposed should be enterprise grade.

G. The hardware and software supplied by the vendor should be of latest versions and should reach end of support/ end of life only after 07 years from the date of supply. The technology providers, including OEM will be required to submit a written undertaking, explicitly stating their commitment to provide spares, full technical, operational and maintenance support to Bank during the warranty and AMC period. In case any solution/hardware/ software delivered as part of this RFP goes end of support/end of life during the contract period, the bidder has to upgrade/replace same without any cost to the Bank.

H. Sizing of hardware must be done to accommodate actual load and

additional 50% load from day one.

I. Bidder must have valid licenses and ATS contract with the OEM for all the Software used to implement the proposed solution viz. OS, virtualization platform, etc. valid till the project duration and bidder need to submit the proof in this regards while raising the invoice.

J. Proposed NAC solution should be scalable by adding additional hardware.

8.20.5 The successful bidder shall handle all matters including the configuration,

implementation, operation, monitoring, management and maintenance of the proposed solutions. All necessary connecting cables and other accessories need to be provided by the bidder at their own cost.

8.20.6 The bidder should submit the future roadmap for at least 5 years of the respective OEM regarding development and support of proposed solution/ product.

8.20.7 The proposed solution should offer near zero Recovery Point Objective (RPO)

and maximum 2 hours Recovery Time Objective (RTO). There should be failover and load balancing at all levels like Services, Servers, Database and Storage, etc. as mentioned in the specifications of particular solution.

8.20.8 The Bidder should have premium support arrangements with the respective

OEM. The successful bidder should have back to back agreement with the OEM for Hardware related issues (RMA), troubleshooting, patching, support through call center or customer web portal and any other services which Bank is entitled to obtain from the OEM. The Bidder and Bank should be able to log a call with the OEM directly.

8.20.9 During the installation, the bidder shall check physical availability of items

as per the packing list. If any of the items are not delivered or are not as per the specification or are damaged etc., the Bidder shall take immediate steps and ensure all the items are delivered so that the installation is not hampered.

8.20.10 Supplied hardware should include;

a) Rack Mounting kits


Page 20 of 135

b) KVM management system including adequate number of KVM switch(es),

pointing device(s) and monitor(s), etc.

c) Network devices e.g. switches with sufficient number of 10 GigE ports,

cables, etc. bank will only provide the uplink to the switch.

8.20.11 The Bidder is responsible to arrange equipment and tools required for

installation, maintenance, and also arrange the vehicle for transport at no additional cost to the Bank.

8.20.12 In case of relocation of devices, the scope of bidder would be uninstalling the same from current location and re-installation and commissioning at new location at no extra cost to the Bank. However, shifting cost if any will be borne by the Bank.

8.20.13 Software and software licenses should be supplied for Solutions having basic

capabilities, Additional Services if required, Operating Systems, and any other software and software licenses required for implementing the solution to Bank's requirement as mentioned in subsequent sections.

8.20.14 Sizing of Licenses, Appliances/ Hardware and Software must be done

considering number of users, devices, OUs, etc. covered in the proposed solution, which must be complaint with licensing policy of OEM.

8.20.15 Bidder must ensure that performance and security of the existing network

setup must not be degraded/ compromised during implementation of proposed solution.

8.20.16 Implementing operating system security, performance tuning and hardening

as per security standards and guidelines of Bank and other Banking regulators.

8.20.17 All Software supplied should be of latest version. Commercial bid should

contain bill/ list of software with quantity and cost and a separate list without cost with version, end of support and life date, should be part of Technical bid.

8.20.18 Bidder should provide updates, patches, rollups for all software supplied

including operating system and should update the same immediately after its release. Back to back OEM support for all Software and updates to current version is required to be provided. OEM authorization, partner status and back to back support document is to be submitted as part of eligibility bid.

8.20.19 The Successful bidder should be able to extend local support (at towns where

Bank’s Regional offices and Zonal offices are located) and Toll free number for troubleshooting/ complaint logging.

8.20.20 The successful bidder needs to coordinate with the respective branches/

Regional Office/ Zonal Office in respect of installation and operations of the solution under the scope of this RFP. The successful bidder has to provide


Page 21 of 135

detailed SOP and checklist for implementation at branches/ Regional office/ Zonal office/Central Office.

The Bidder is responsible to ensure the following as part of this RFP.

8.20.21 Bank’s policy as regards to Authentication, Authorization and Auditing (AAA) of users and administrators, Antivirus and Patch update at all nodes/ endpoints is fully adhered to.

8.20.22 The proposed solutions should support plug-in modules designed to add new security features without having to redeploy the entire solution thereby reducing effort and time needed to deploy new security capabilities to clients and servers across the banks network.

8.20.23 A single dashboard containing insights from the proposed solution allowing

visibility of security posture of the Bank. Views and reports generated there in must be fully customizable to the Bank’s requirement.

8.20.24 Allow role based access to management console/ dashboard access must be

restricted even for administrators to allow users/ administrator to see only what they need to see (need to know basis). Read only access of management dashboard to be made accessible to all RCCs and ZCCs.

8.20.25 Solution quoted by the bidder should have Self-remediation/ orchestration

capability to initiate remedial action with and without input from user and/ or administrator, based on the process defined by the Bank in consultation with the Bidder/ OEM to meet various regulatory compliance as well as Bank’s set standards.

8.20.26 IPv6 Compliance: The proposed solution covering all Software, Operating

System and other related software must be IPv6 compliant and must have capability to secure IPv6 networks and also secure against IPv6 networks. Compliance in this regard should be submitted along with the technical specifications in the technical bid documents. The complete solution in all respect should be either IPv6 Compliant or should be IPv6 supported. It should support dual stack (dual IP), tunneling techniques, and translation techniques for transition to IPv6.

8.20.27 The proposed solution for Network Access Control should support the

Virtualization/Cloud based solutions.

8.20.28 The Bank requires that all endpoints which are already connected or as and when gets connected, comply with Bank’s Information Security Policy. In case of non-compliance, those endpoints will be denied access to the corporate network and a self-remediation process will be defined to correct the posture and then gain connection to the corporate network resources. In order to enable this, proposed solution must have the capacity to seamlessly integrate with Active Directory, Antivirus, Patch Management solution, etc. which are available in the Bank.

8.20.29 There must be no endpoint in the Bank lacking any of the above and all

endpoints must comply with Bank’s set policy in this regard and entire network of the Bank is secure from Virus/ Spyware/ Malware etc. end to end.


Page 22 of 135

8.20.30 Solutions proposed by the bidder must be able to connect/ interface with

solutions implemented in Bank’s existing Cyber Security Operations Center (CSOC) viz. ArcSight for SIEM, Gemalto for MFA, ARCON for PIM, in-house NTP etc.

8.20.31 The Bidder is required to get prior approval of all the project plans and process from Bank before commencement of the project. Bidder must follow change request management system put in place by the Bank before making any changes in the environment.

8.20.32 The Bidder should provide a detailed process activity chart with project plan

in terms of activity & phase wise timelines (no. of days required) for executing the project with the details of deliverables and milestones including the delivery of components for the solution.

8.20.33 The bidder is responsible for timely closure of observations related to

internal audits, external and third-party audits, vulnerability assessment, etc.

8.20.34 The Bidder is responsible to notify to the Bank about any updates, patches,

signature updates and upgrades for the solution as and when released by the OEM. Bidder has to ensure installation of updates, patches, signatures, version upgrades and any other upgrades for the solution as and when released by the OEM during the contract period with no additional cost to the Bank. If the Bank suffers any kind of material/financial loss due to non-compliance of this clause, the successful bidder will be penalized @5 % of PO (Purchase Order) value for reputational/ material loss and equivalent amount in INR in case of financial loss.

8.20.35 The Bidder is responsible to ensure that the OEM provides 24x7 technical

support through phone and Web with respect to Product Updates, Patches, and Signatures. Access to Technical Library of OEM and Documentation of the proposed solutions shall be made available to the Bank at no additional cost.

8.20.36 The proposed solution should be as per RBI Working Group Report dated 29-

04-2011 and RBI’s Cyber security Framework in Banks dated 02.06.2016.

8.20.37 The Successful bidder should conduct, participate and provide necessary support for DC-DR Drill, during real disaster, Threat hunting exercise and any other exercise as desired by the Bank.

8.20.38 The Bidder shall provide the following documents as part of the deliverables

of the project as given below in ‘Table 4’.

Table 4: List of deliverables

SN Deliverables*

1 Original manuals & licenses of all proposed Hardware/ Software/ Applications with Product description


Page 23 of 135

SN Deliverables*

2 Functional and operational requirements

3 Project design/ plan, Network & Security Design Documents

4 Executive summary report for the project to the management

5 Installation/ Implementation guidelines and best practices

6 Secure Configuration Documents and hardening best practices

7 Modularized Standard Operating Procedures, encompassing user and admin roles

8 Training materials and Troubleshooting Manuals

9 User acceptance test plan, if any

10 Annual health check-up report by OEM

*Note: Bank follows a Document Management and Version control system thus, approval to be obtained from competent authority of the Bank for all documents enlisted above except for Original manuals provided by the OEM.

8.21 Helpdesk requirement

A helpdesk of 4 members is to be set up at Central Location i.e. Department of IT, Powai, Mumbai operating during Bank’s basis.

8.21.1 Bidder is responsible for providing 2 L-1, 1 L-2 and 1 L3 support resource onsite for continuous management of the proposed solution and deployment of policies as and when required by the Bank.

8.21.2 The helpdesk will be made available on premise from 08:00 hours to 20:00 hours on all working days of the week as well as beyond office hours or on holidays, whenever asked, at no extra cost to the Bank during the contract period.

8.21.3 In case of absence of any of the resource person, standby manpower shall be

provided by the vendor. If Bank is not satisfied with the performance of the standby personnel, Bank may not accept such standby manpower and in such cases, charges on actual basis of manpower support will be deducted from the vendor subject to adherence of SLA conditions. The above details are only indicative figures and may undergo change as per the requirement of the Bank from time to time.

8.21.4 Per Man day charges (for the purpose of deduction on account of absence) =

Charges per man quarter / (3 x Number of working days in a month).

8.21.5 The helpdesk will be made available for an unlimited number of incidents in order to provide a practical solution to resolve the issue. The technical support in resolving the problem which will include assistance in the usage of covered software including identification of systems for diagnosis of software/ hardware problems and downloading of software updates.]

8.21.6 The support should be provided in person and to the branches/ remote

location over phone, e-mail web based, if required. All level 1 and level 2 escalations will be attended/ responded-promptly no later than 1 hour of reporting of the issue.


Page 24 of 135

8.21.7 The helpdesk members will be made available exclusively for this project and

cannot be shared by the bidder for any other purpose during contract period. Granting leave/ absence to the engineers posted at our site, should be with prior intimation to the Bank and suitable replacement should be arranged in his/her absence without fail.

8.21.8 Engineers must report to designated Bank official’s daily morning as soon as

attending office and before leaving the office & invariably must daily submit work done report by email.

8.21.9 Interim Response of all issue/ Incidents should be provided to the Bank within

12 hours and Root Cause Analysis (RCA) to be provided to the Bank within 48 hours if Bank seeks so.

8.21.10 OEM/Vendor should be responsible for providing Technical support with

respect to new signatures, software upgrades, to the Bank/ Bidder through Email, Telephonic, web based etc.

8.22 Human Resource requirement

8.22.1 The successful bidder should form a Project Implementation team consisting one OEM certified solution expert (L2/ L3) and one L2/ L3 resource for proposed solution i.e. 2 resources in addition to the Helpdesk as mentioned above.

8.22.2 The Project Implementation team will be headed by a Technical Project Manager (L3). This team will be responsible for designing, planning the implementation of the whole project. The team will prepare and submit a detailed Project Management chart in consultation with the Bank within 2 weeks of receiving Purchase-cum-Work Order and will remain onsite till successful implementation and obtaining sign-off from the Bank.

8.22.3 During implementation, if required, sufficient number of field engineers

should visit each Branch/ Office of the Bank to complete the work within due time as stipulated in ‘Project Plan for Implementation’ in this RFP.

8.22.4 Field engineers have to visit various Branches / Offices of the bank for

maintenance and support purpose in case need arises without any additional cost to the Bank.

8.22.5 The onsite resources to be deputed shall be interviewed by Bank/Bank’s

designated officials to assess their knowledge level by way of personal interaction or written paper for ensuring the quality of onsite technical support.

8.22.6 The skill set of the Bidders Project Personnel should be the following ‘Table

5’.


Page 25 of 135

Table 5: Qualification of Human Resource

Role Desired qualification

Technical Project Manager (L3)

Minimum educational qualification: Graduation in engineering, or equivalent.

Minimum 7 years of experience in the field of endpoint security and networking.

Should be network and OEM Certified professional

Should have minimum 3 years of experience in the field of endpoint protection and Network Access Control (NAC)

Should have handled at least one large project which has an heterogeneous deployment of various Security products such as firewalls, IDS, Anti-Virus Solution, OS Patch Management, policy enforcement (Network Admission/Access Control) solutions etc.

Level 2 engineer (L2)

Minimum educational qualification: Graduation in engineering or equivalent and Minimum 4 years of experience in the field of network and security

OR Minimum educational qualification: Graduate or Diploma or equivalent and Minimum 5 years of experience in the field of network and security

Should be proficient in network technology and should have valid OEM certification.

Should have worked in implementation of NAC with auto/ self-remediation using proposed solution

Should be proficient with Firewalls, Windows Active directory, Enterprise Anti-Virus Solution, Patch Management Solution and Network Access Control.

Level 1 engineer (L1)

Minimum educational qualification: Graduate or Diploma or equivalent

Minimum 2 years of experience in the field of Information Security

Should be proficient with Windows Operating Systems and Networking

Should be proficient with basic troubleshooting of proposed Network Access Control

8.23 MIS Reports Generation Requirement

Proper reporting tools must be available for the proposed solution. Reports shall be available online via web interface, automatically deliver reports via email or any other medium specified by the Bank. Reports shall be made available in the following formats: CSV, XLSX, PDF, RTF, etc. Hence, Bidder is responsible to ensure that following reports are generated automatically, with minimum to no manual effort/ intervention, and are submitted in soft/ hard copies to identified Bank personnel:

8.23.1 Monthly reports.

A. SLA reports be submitted for review before 5th of every month

B. Report on service requests on the basis of incidents logged through service portal.


Page 26 of 135

C. Report on information asset inventory containing mandatory details of

Hardware and software used/ owned / by the Bank fields viz. IP addresses, host name, department/ functional group, approximate geo-location, etc. sorted category-wise (Desktop/ Servers/ Mobile devices/Printers/IP Phones/ Networking devices), etc.

8.23.2 Weekly / Daily Reports

A. Server health check report.

B. Report on non-complaint endpoints sorted Branch wise/ Region wise /

Zone wise/ Country wise containing both number and details of such non-compliance in the endpoints.

C. Report on information asset inventory.

8.23.3 Solution must have the ability to customize report(s) or generate any

additional report as required by the Bank, out of the box with minimum to no intervention of Administrator/ user.

8.23.4 Bidder should be able to integrate existing ticket management portal for lodging the issues. The portal should be made available to all branches/ offices of the Bank. Bidder should provide reports to the Bank as and when required by the Bank.

8.23.5 The solution should provide Branch wise/ Region & Zone wise/ Country wise,

as well as consolidated dashboard which provides position in the Bank.

8.23.6 The bidder is responsible for working with the Bank to plan the implementation management and support of all the proposed solution across all branches/ offices of the Bank.

8.24 Other Feature Requirements for the solution proposed

8.24.1 The solution should allow communication between client and server to

happen over a single or two configurable ports. The solution should reduce the reliance on proprietary technology by Servers/Distribution points communicating to clients through standard Internet technologies such as Hypertext Transfer Protocol (HTTP – on different port other than port 80) and Extensible Markup Language (XML).

8.24.2 Client communication must support secure communication with servers:

A. The Solution must be able to integrate with AD Security Infrastructure. The Software should have ability to eliminate ‘service accounts’ with Administrative privileges for Both Server and Client to ensure that security is never compromised

B. Authentication between servers to server must be secured using machine authentication rather than using user password.


Page 27 of 135

8.24.3 Authentication between Clients to Servers must be able to use Secure Key

Exchange Encryption.

8.24.4 Proven Scalability: The offered tool should have a very highly scalable yet flexible hierarchical architecture that has been extensively proven by the largest deployments across the globe.

8.24.5 The selected vendor must see to it that auto-remediation is put in place to

ensure all the systems of the Bank are updated with latest AV version/pattern files and also with latest patches of OS.

8.24.6 Any software required for the project shall be at the cost of vendor and the

Bank shall not entertain any claim on it. Such software must be licensed and the vendor should indemnify the Bank on its proper usage.

8.24.7 The proposed solution should work seamlessly in the case of VSAT/MPLS/Leased Lines/GSM/RF etc.

8.24.8 There should be console at DIT, Powai, Mumbai to monitor the branches and

all the nodes should be manageable from the central location (i.e. Powai, Mumbai) including appliances located in DR site.

8.24.9 Facility Management: Onsite support should be provided for proposed solution

across all offices as and when required without any additional cost to the Bank.

8.25 Pre-execution activities

8.25.1 Field engineers have to visit various Branches / Offices of the bank for

maintenance and support purpose in case any need arises without any additional cost to the Bank.

8.25.2 The successful bidder must ensure that the above-mentioned number of engineers posted at the bank’s Central office (CO) is exclusively involved in the maintenance of the solution.

8.25.3 Email/ Online Chat/ Remote Support using secure methods.

8.25.4 The successful bidder as an organization should sign a Non-Disclosure

Agreement and Service Level Agreement with the bank before starting the Project.

8.26 The activities that are required to be carried out by the successful bidder at

each location but not necessarily in the same order and not limited to the following:

8.26.1. Deliver the hardware, software, client agent for all of the solutions mentioned in this RFP and all the other related equipment and software as required by the solution

8.26.2. Coordination with existing IT Security Management (ITSM), Cyber Security Operations Center (CSOC), Network System Integrator (NSI), and other teams


Page 28 of 135

of which involvement required for successful implementation of the solutions mentioned in this RFP.

8.26.3. Physical installation of the all the equipment.

8.26.4. Setting of the support center/ helpdesk/ Project Implementation Team at Central Office, Powai

8.26.5. Checking and reconfiguring the existing security software deployed in the PCs. And start remedial action on non-compliant endpoints either remotely or by visiting onsite.

8.26.6. Integration of the policy compliance and enforcement solution with all the remediation and authentication servers

8.26.7. Deploy/configure Agent on all the endpoints as required by the Bank.

In addition to the above,

8.26.8. At Branches and other Offices

A. Identifying each and every PC which connects to the switch and documenting the same. All extra hubs and switches outside the inventory provided should be documented and handed over to the bank personnel

B. Coordinate with Union Bank Team/network system integrator for allocating necessary IP address, VLAN, on the switches

C. Coordinate with the Union Bank team at central Office/ Network system integrator for reconfiguring network equipment as per the requirement of the solution. An outline of the same is as below:

I. Configuring the router in coordination with existing NSI(Network System Integrator) to accommodate the new VLANs configured on the switches

II. Reconfiguring the DHCP schemes if any, access lists on the routers

III. Inspecting the IOS of the routers and upgrade the same if required to suit the changes required

IV. Deciding on any new IP scheme that might be required to segregate

authenticated and unauthenticated traffic. This might also require coordination with Union Bank Team and Network system integrator

D. Checking and reconfiguring/ replacing the existing security software deployed at the.

E. Deploy/configure agent on all the desktops.

8.27 Training

8.27.1. The Bidder is responsible for providing detailed training on the solution

covering product architecture, installation, administration and

troubleshooting by OEM or its Certified Training partner to the personnel

identified by the Bank during and after implementation and one training

every year (follow-up training) during the period of project validity.

A. Initial training and follow-up training will be provided to 10 identified


Page 29 of 135

personnel from DIT by OEM including certification on the proposed solution.

B. One day training on know-how of each solutions and its console will be provided to 2 identified personnel from each RCC/ ZCC by the Bidder/ OEM certified resource (L3).

C. Follow up training shall be provided by Bidder/ OEM certified resource

(L3) every year after initial training.

8.27.2. Bidder is responsible for providing reading material and adequate hands-on

during the training. The number of participants and timing for the training

will be determined by the Bank. In addition to training, Bidder should

provide on-site personnel for necessary knowledge transfer after

implementation, for a defined time period to be discussed and finalized with

the Bank.

9. Project Plan for Implementation

9.1. Delivery and installation of necessary hardware, software and licenses must be

done within 8 weeks of issue of the confirm purchase order to the successful

Bidder.

9.2. The Vendor should note that the Project implementation period for carrying out

installation of Network Access Control and integrating it with existing solutions

is 22 weeks from the date of acceptance of purchase order/ work order.

9.3. The Vendor should develop the detailed Project implementation architecture

for the Network Access Control solution and its integration with existing

solutions, including the components that are presently installed and the

components that need to be installed. It should include the following details:

a) Network Diagram

b) Hardware Specifications for the solution components to be installed, for

carrying out the above project scope

c) Software Specifications required for carrying out the above project scope

d) Implementation plan that comprises of the following:

i. Project Implementation timelines

ii. Project Team Composition

iii. Escalation Matrix

iv. Mutually agreeable Acceptance Criteria

9.4. The vendor should provide post implementation support plan to capture the

details of the support framework that Vendor is proposing to meet the desired

objectives and the SLA Matrix.

9.5. The vendor should give detailed administrators’ training contents and Schedule


Page 30 of 135

for training as mentioned in the scope for training.

9.6. The solution proposed (agent) by the vendor should work smoothly on the

desktop without any up-gradation. Up-gradation if any required will be done by

the vendor without any cost to the Bank.

9.7. Bidder/ SI shall deploy & manage proposed solutions in Bank’s premises to

improve security posture of Bank. SI shall perform the following tasks as part of

deployment, as mentioned below:

Phase Activities Deliverables

Phase I-

Planning

• Conduct Kick-off meeting

• Identify project point(s) of contact

• Identify Bank resources required to assist in

deployment, policy walkthrough, testing,

and installation.

• Identify business requirements

• Identify technical requirements

• Project Planning

• Plan the schedule

• Project Plan and

Gap Analysis

Phase II-

Design

• OEM should be involved in this phase, and

proposed design, architecture and plan

must be verified and certified by OEM.

• Develop and/ or review and validate

solution design/ architecture documents

which will include:

➢ Solution overview and conceptual

design

➢ Detailed design and connectivity

parameters

• Create a User Acceptance Test Document

• Design &

Architecture

Document

• Prerequisite

Document

• User Acceptance

Test Plan

Phase III-

Installation

and

Configuration

• Deploy solution

• Complete initial configuration

• Completed Integration with applicable

applications

• Documentation of installation and

configuration

• Successful

deployment

solution

• Installation and

Configuration

Document

• Gap Assessment

Phase IV-

Optimize/

Fine tuning

• Fine-tuning of solution

• Monitor and resolve issues

• Provide an information knowledge-transfer

workshop

• Tuning policies.

• Policies override

SOP

• Transfer of

Information

session


Page 31 of 135

Phase Activities Deliverables

Phase V-

Deployment

Validation

• This phase will comprise of deployment

validation to be conducted by OEM.

• In case OEM is not satisfied with the

installation and configuration of product,

they will submit their recommendation in

form of a report to UBI accordingly.

• Validation

Report by OEM

Phase VI-

Monitoring,

Management

& Sustenance

• Post-deployment (after sign-off) bidder

will manage & monitor proposed solution

• Facilitation & operation for all change

management, upgradation, updates, etc.

during contract period

• Reports and

Dashboards as

per defined SLAs

• Go Live

Operations

10. Proof of Concept (POC)

The Bank at its discretion may ask for the Proof-of-Concept/Value (POC/POV) of the proposed solution in the production set up with the bidders whose bids are technically qualified.

10.1. The Bank will provide a week’s time for conducting POC/ POV at Bank’s production environment for the solution proposed in the tender.

10.2. The Bank may raise certain clarifications during evaluation and the respective bidder should provide the response as per timelines stipulated from time to time without which the bid will be treated as incomplete and may be rejected.

10.3. Failing to comply with the requirements of the Bank as mentioned in the Tender document or if the solution does not fit into the Bank’s production setup due to any third party dependencies etc. then the bid will be treated as incomplete and may be rejected.

11. Project Validity

The validity of this project including procurement of hardware, software, licenses, implementation and maintenance is of 5 years. Duration of validity of the project will be calculated starting from the date of obtaining sign-off from the Bank after successful implementation of technologies/ solutions specified in this document to Bank’s satisfaction and verification of the same by OEM.

12. Cost of Bidding

The Bidder shall bear all the costs associated with the preparation and submission

of its bid and the bank, will in no case be responsible or liable for these costs,

regardless of the conduct or outcome of the bidding process.

13. Language of Bid

The language of the bid response and any communication with the Bank must be

in written English only. Supporting documents provided with the RFP response can

be in another language so long as it is accompanied by an attested translation in


Page 32 of 135

English, in which case, for purpose of evaluation of the bids, the English

translation will govern.

14. Instructions for Bid Submission

14.1. Cost of RFP

14.17.1. RFP document can be purchased against payment of Rs.2,500/- (non-

refundable) in the form of a demand draft issued by a scheduled

commercial bank favoring Union Bank of India payable at Mumbai. In case

of bidders registered with the National Small Industries Corporation

(NSIC)/MSME, they are eligible for waiver of RFP document cost. However,

they need to provide valid MSME/NSIC Certificate clearly mentioning that

they are registered with NSIC/MSME under single point registration scheme.

In addition, bidder has to submit Annexure S in physical form (Hard copy)

duly signed by Chartered Accountant before last date and time of

submission of bid.

14.17.2. RFP document can also be downloaded from the Bank's website

www.unionbankofindia.co.in or from Government tender portal

www.eprocure.gov.in or from E-procurement site ubi.abcprocure.com.

14.17.3. In the event of non-payment of the fee of Rs.2,500/- towards the RFP form,

the offer will be rejected.

14.17.4. All costs and expenses (whether in terms of time or material or money)

incurred by the Recipient/Bidder in any way associated with the

development, preparation and submission of responses, including but not

limited to attendance at meetings, discussions, demonstrations, etc. and

providing any additional information required by the Bank, will be borne

entirely and exclusively by the Bidder.

14.2. Bid Security/ EMD (Refundable)

14.2.1. The bidder should deposit bid security of Rs.40,00,000/-(Rupees Forty Lac

Only) in the form of a demand draft favoring Union Bank of India, payable

at Mumbai or Bank Guarantee issued from Scheduled Commercial Bank

other than Union Bank of India, Andhra Bank and Corporation Bank. Bank

Guarantee should be valid for minimum 6 months from the date of

submission of bids with claim period of 45 days.

14.2.2. In case of bidders registered with NSIC/MSME, they are eligible for waiver

of EMD. However, they need to provide valid NSIC/MSME Certificate

clearly mentioning that they are registered with NSIC under single point

registration scheme. In addition, bidder has to submit Annexure S in

physical form (Hard copy) duly signed by Chartered Accountant before last

date and time of submission of bid.

https://ubi.abcprocure.com/


Page 33 of 135

14.2.3. Other terms & conditions relating to Bid security is as under:

14.2.3.1.No interest will be payable on the Bid Security amount.

14.2.3.2.Unsuccessful Bidders’ Bid security will be returned after

completion of tender process. Unsuccessful Bidders should submit

the Letter for Refund of EMD/Bid Security for returning of the bid

security amount as per Annexure O.

14.2.4. Bid Security will be forfeited in the following cases:

14.2.4.1.If a bidder withdraws its bid during the period of bid validity; or

14.2.4.2.If a Bidder makes any statement or encloses any form which turns

out to be false / incorrect at any time prior to signing of Contract.

14.2.4.3.In case of shortlisted bidder does not participate in the reverse

auction at least by way of logging in.

14.2.4.4.In case of a successful Bidder, if the Bidder fails:

14.2.4.4.1. To execute Contract within the stipulated time or

14.2.4.4.2. To furnish Performance Bank Guarantee as mentioned in

Performance Bank Guarantee herein.

14.2.5. The successful Bidders Bid security will be discharged upon the Bidder

signing the Contract Agreement and against submission of performance

bank guarantee (other than Union Bank of India, e-Andhra Bank & e-

Corporation bank) with the claim period of 60 days as per the format

mentioned in Annexure M, for 10% of TCO, valid for the entire contract

period.

14.3. Performance Bank Guarantee

The successful bidder shall provide a Performance Bank Guarantee within 30

days from the date of receipt of the order or signing of the contract whichever

is earlier in the format as provided in Annexure M, for 10 % of TCO for the entire

period of the contract i.e. 5 years, with a claim period of 60 days and such

other extended period as the Bank may decide for due performance of the

project obligations. The PBG should be of that of scheduled commercial Bank,

other than Union Bank of India, e-Andhra Bank and e-Corporation Bank. In the event of non-performance of obligation or failure to meet terms of this

tender the Bank shall be entitled to invoke the performance guarantee without

notice or right of demur to the successful bidder. Any amount pending for


Page 34 of 135

payment due to non-achieving of milestone/s set under the agreement or any

other reason solely attributable to the successful bidder should be included in

the remaining amount of the contract value. The Bank reserves the right to recover any dues payable by the selected bidder

from any amount outstanding to the credit of the selected bidder, including the

pending bills and/or invoking Performance Guarantee, if any, under this

contract. If the Performance bank guarantee is not submitted within the stipulated time,

the Bank reserves the right to cancel the order / contract and the earnest

money deposit taken from the successful bidder, will be forfeited

14.4. Period of Validity of Bids

Bids should remain valid for the period of at least 180 days from the last date

for submission of bid prescribed by the Bank. In case the last date of submission

of bids is extended, the Bidder shall ensure that validity of bid is reckoned from

modified date for submission. Further extension of the validity of the bid will

be decided by the bank in case of need. The price quoted in Final Commercial

Offer will be valid for at least 180 days from the date of offer.

14.5. Amendment of Bidding Documents

Prior to the last date for bid‐submission, Bank may, for any reason, whether at

its own initiative or in response to clarification(s) sought from the prospective

Bidders, modify the RFP contents/ covenants by amendment. Clarification

/amendment, if any, will be notified on Bank