request for proposal - ocacapps.ocac.in/uploaddocuments/tender/tender_20150927_223759.pdf · with...

Orissa Computer Application Centre

Request For Proposal Comprehensive Antivirus Solution for Odisha

Secretariat

Enquiry No. OCAC-TE-22/2010(P-I)-15040

RFP for Antivirus Security Solutions

Index

Sl. Content Page Ref.

General Part

1 Introduction 3

2 Antivirus Security Solution 3

3 Solution Focus and Scope 4

4 Eligible Participants 4

5 Service Level Requirements and Qualifications 4

6 Product Warrantee & Ongoing Support 5

7 Signatory Authority 7

8 Conflict of Interest 7

9 Organization and Format 7

10 RFP Development Process 8

11 Pre-Bid Conference and Requests for Clarification 8

12 Fees to be submitted at the time of submission & Deadline 9

13 Bid Evaluation 9

14 General Part Evaluation 11

15 Performance Bank Guarantee, Buyer’s right 12 16 Corrupt and fraudulent practices & Contract Terms 12

17 Incurring Costs 12

18 Method of operation 12

Technical Part

19 Current Installations 13

20 Functional Specifications of Antivirus & Software 14

21 Operational Requirements 14

22 Central Site Management 15

23 Gateway Protection 16

24 File Server Protection 16

25 Desktop Protection 17

26 Reporting and Analysis 18

27 Documentation Requirement 18 27 Training 18

28 IT Security 18

29 Overall Responsibility 19

30 Technical Evaluation 19

Financial Part

31 Financial Evaluation 24

32 Pricing 23

33 Terms of Payment 24

34 Penalty clauses 24

35 Financial stability 25

36 Certification of independent price determination 25


GENERAL PART

INTRODUCTION

Orissa Computer Application Centre is requesting proposals from Software Manufacturers or their

authorized business partners (here after called as Service Provider) for establishing a Comprehensive

Enterprise Antivirus Security for the secretariat Computing and Network infrastructure. At a minimum

this solution shall offer competitive price agreement with qualified Service Provider who shall provide

Software licenses, Day-to-day Support Services, training and related materials and services in accordance

with the specifications of this request for proposal on a turn key basis.

Secretariat LAN : Secretariat LAN has been established within the Secretariat with the following objectives.

The LAN is managed centrally at IT Centre located within the Secretariat, Odisha. At present there are about

3000 network users, which will likely to increase by 10%-15%. Therefore total number of network users

will be around 3500 in future.

1. To provide seamless Internet connectivity with zero downtime to the Departments for day to day

office work and implementation of various critical e-Governance project within the Secretariat.

2. Facilitate Video Conferencing Access to OSWAN.

3. Facilitate website service of State Government and other Departmental portals

4. Facilitate Intranet services for the applications like OSWAS, and e-PASS.

This RFP is issued by OCAC, which is the sole point of contact during selection process. The Officer

responsible for entire process is General Manager (Admin).

The purpose of RFP is to provide interested Service Providers with information to enable them to prepare

and submit a proposal to provide a comprehensive enterprise Antivirus security solution for the Secretariat

network infrastructure on turnkey basis

ANTIVIRUS SECURITY SOLUTION

OCAC is looking to develop and commission an Enterprise Antivirus Security Solution that will protect the

entire Odisha Secretariat network including Internet Gateway, Servers, Desktops, Laptops, Hand held

devices like RFID Readers, Barcode Readers etc.. In addition to the applicable Software, any proposal

solution needs to include the installation, configuration, tuning, maintenance, on site technical support and

training necessary to allow the Departmental Users to fully utilize the software Licensed on turn key basis.

Because Departments may have differing security needs, the solution must be flexible enough to meet those

varying needs. Among different Departments even within a single department, differences in security

concerns and requirements exist. Therefore, the solution should allow adaption to specific needs and

circumstances of each user.

Depending upon the responses received and the solutions presented, OCAC may select a Service Provider

to work in developing and implementing an Antivirus Security solution on a turnkey basis.


SOLUTION FOCUS AND SCOPE

OCAC is looking to develop a comprehensive enterprise Anti-virus security solution that, at a minimum,

includes server protection, desktop, laptop, hand-held and tablet protection, as per the policy defined by

OCAC from time to time, maintenance, technical support and training on turnkey basis. Responding Service

Providers must offer product solution from single manufacturer to meet each of these.

Responding Service Providers may also offer additional solutions or products that will enhance the anti-

virus security solution. The successful respondent will be responsible for delivery of all software and/or

services requested in this proposal. OCAC will consider the respondent to be the sole point of contact with

regard to contractual matters, including pricing structure, delivery, warranty, and payment of any and all

charges resulting from the purchase of products specified in this proposal.

ELIGIBLE PARTICIPANTS

Software Manufacturers of Antivirus solutions with experience of minimum 5 years in managing security

solutions of corporate having at least 3000 users.

SERVICE LEVEL REQUIREMENTS AND QUALIFICATIONS

1. The successful firm shall provide the enterprise anti-virus security software products, maintenance,

installation, training and service solution as described in this RFP. Respondents shall completely review

the requirements specified in this proposal. It shall be the respondent’s responsibility to make certain

that all software and support are included in their proposal to guarantee a fully functional enterprise anti-

virus (comprehensive virus protection for every network tier) security. It shall be the service provider’s

responsibility to verify that the software proposed will work as specified with all network tiers,

including desktops, laptops, servers, hand-held, and tablet computers.

2. The successful service provider must guarantee all anti-virus software and ensure that this product works

to its maximum capacity for a period of thirty six (36) months after final acceptance by OCAC. The

successful Service Provider must provide at their expense all support necessary to ensure proper

operation within that period of three years.

3. The successful service provider must agree that additional anti-virus security products relative to

obtaining the enterprise solution not covered herein may be added by OCAC to this contract without

voiding provisions of the existing contract. The successful Service Provider with additional

consideration may be allowed to furnish additional security products and services to OCAC for

Secretariat LAN.

4. The Solution Provider's order fulfillment process shall be considered an important process with regards

to the existing business practices of OCAC.

5. The successful service provider performance will be closely monitored by a Technical Committee of

OCAC throughout the contract period. If deliveries prove to be unsatisfactory, or other problems arise,

OCAC reserves the right to delete product or services from the agreement and/or cancel agreement for

cause, and may award to the next acceptable "low respondent", or cancel and request new proposals.

Similarly, if deliveries prove to be unsatisfactory or other problems arise under the agreement for

OCAC, the OCAC retains all of its remedies for a default. Failure of the OCAC to exercise its rights of

termination for cause or other remedies for default due to a respondent's failure to perform as required in

any instance shall not constitute a waiver of termination rights or other default remedies in any other

instance.

6. Delivery of purchases will be made within 30 calendar days after receipt of purchase order. Service

provider agrees to notify OCAC within five working days after receipt of software order if they are

unable to meet this requirement. Failure of the Service Provider to adhere to delivery schedules as

specified or to promptly replace defective software shall render the Service Provider liable for all costs

in excess of the contract price when alternate procurement is necessary. Excess costs shall include the

administrative expenses.


7. Service provider must not substitute any item(s) that has been ordered by OCAC using this contract

without the prior written approval by the appropriate purchasing officer of OCAC. The substitute item

must be at the same or better technology level than the original product ordered, and pricing at the same

or lower price. Failure to comply may result in return of merchandise at service provider 's expense.

8. Successful service provider must offer a "total satisfaction" return policy. The Service Provider must

provide a thirty (30) day no-questions-asked return option, from the date of delivery to OCAC or

installation at site.

9. The successful service provider shall be responsible for replacing at no cost to OCAC any damaged

software products received under this contract within 7 days from notification by OCAC. This includes

all shipping costs for returning non-functional items to the Service Provider for replacement.

10. Any price reductions from software manufacturer from the time of proposal submission to time of

purchase order must be passed on to OCAC.

11. The service provider shall retain and maintain all records and documents relating to this Contract for six

years after final payment by OCAC hereunder or any applicable statute of limitations, whichever is

longer, and shall make them available for inspection and audit by authorized representatives of OCAC,

including the procurement officer or designee, at all reasonable times.

12. OCAC reserves the right, but is not obligated, to request that each respondent provide a formal

presentation of its proposal at a date and time to be determined. If required by the OCAC Technical

Committee, it is anticipated that such presentation will not exceed one (1) hour. No respondent will be

entitled to be present during, or otherwise receive any information regarding, any other presentation of

any other respondent.

13. The successful service provider must provide an account executive/team for OCAC. This team must

establish and maintain fundamental familiarity/understanding with OCAC. Account team must be able

to recommend appropriate solution in real time.

14. PRODUCT WARRANTY AND ON-GOING SUPPORT-- The successful Service Provider shall

provide an option for on-going warranty support beyond the warranty period as well as a minimum of

three (3) years product warranty shall be included in the purchase price. Warranty and on-going support

requirements are outlined below.

The Solution provider needs to deploy experienced professionals (3 Nos.) at IT Centre for addressing the

issues related to virus. One of them should be designated as project head and others project assistant..

a. The service provider shall engage 3 experienced professionals out of which one shall be

designated as Project Head and other two professionals shall be designated as project assistant at

IT Centre to address the onsite issues. The Project Head should have BE/BTech/MTech

qualification with minimum 3 years of experience in relevant field and should have managed at

least 5 projects of minimum 3000 users. The project assistants should have MCA qualification

with minimum 3 years of experience in relevant field. The professionals should be available in

the IT Centre from 8 AM to 10 PM regularly and in case of emergency atleast one professional

should be made available from 10 PM to 8AM. It is expected that these professional shall be

made available through out the warrantee period. During warrantee period normally change of

personnel is not allowed. However in case of unavoidable circumstances maximum one person

at time can be allowed to be changed after six months of his/her service in the project. All the

professionals are not allowed to be changed at a time. At best one professional may be allowed

to be changed at a time

b. The warranty period shall begin upon successful installation and OCAC’s acceptance of

installation of the anti-virus software acquired from respondent on servers and workstations

covered by the purchase.

c. Warranty shall include 24 hours per day, 7 days per week, 365 days per year.

d. The OEM shall perform the health check up of the Software at site in every 6 months and

submit a report before the authority for evaluation.


e. The Network virus infection can be ascertained primarily from the following symptoms.

• Congestion on local area networks (ARP flood as consequence of network scan).

• Web sites related to antivirus software or the Windows Update service becoming

inaccessible.

• Certain Microsoft Windows services such as Automatic Updates, Background Intelligent

Transfer Service (BITS), Windows Defender and Windows Error Reporting disabled.

• Domain controllers responding slowly to client requests.

• Account lockout policies being reset automatically.

• User accounts locked out.

e. The successful service provider must guarantee fixes to virus infections within maximum 2

hours after being made aware of the virus. The problems must be fixed as per the timeline

described for severity levels indicated below. Service provider should describe the processes for

accomplishing this. Failure to provide fixes within 2 hours result in an extension on current

warranty period with penalty. Complete network failure shall be ascertained from the NMS

report. If NMS reports no network fault both at Core Switch/Router level and end points and

end points are accessed from the Core Switch/router, it means there is a congestion in the

network, which could be spurious packet flooding or ARP flooding.

i. Severity Level-1 : Complete Network failure due to virus infection or application

failure due to virus infection shall be treated as critical and must be attended within

30 minutes.

ii. Severity Level-2 : Failure of a node or group of nodes to access the Internet or

Intranet application because of virus infection shall be treated as moderately critical

and must be attended within one hour time.

iii. Severity Level-3: Decrease in Internet and or Intranet access speed due to

congestion caused by Virus infection in the network shall be treated as less critical

and must be attended within two hours time.

f. Reporting mechanism: - The Solution provider shall provide two email-IDs to which the

complaint can be posted (to any one or both IDs). Similarly two e-mail ID shall be identified by

the IT Centre from which complaints can be registered (from any one ID). The complaint

registration shall be through e-Mail only.

g. Support shall include free software updates, during the warranty period, of all software

purchased as a part of this proposal.

h. OCAC has the right to require on-site assistance when software is not operating as designed

with its equipment or network. The on-site warranty service shall be provided within two (2)

hours time period. Any cost associated with this requirement shall be borne by the successful

service provider.

i. Respondents shall provide the name, address and toll free telephone number of the nearest

authorized manufacturer’s services center and the technical persons deployed in the IT Centre

by the respondent.

j. The successful Service Provider shall be responsible for providing a minimum of eight hours of

onsite software product training at no additional cost to technical staff at OCAC .

k. The successful Service Provider may propose delivery, unpacking, assembly and set-up of software. Software installation must be conducted by personnel employed by company

authorized by the software manufacturer to conduct such activity. Dynamic deployment will

allow remote installation of anti-virus software for servers and workstations; the Service

Provider shall be responsible for verifying successful installation on covered servers and

workstations at all locations of the Secretariat and offices covered under Secretariat LAN.


OCAC purchasing software shall be responsible for providing the appropriate host server(s) and

network access.

l. Respondents shall furnish a copy of Manufacturer’s Extended Warranty/Maintenance

Agreement with their proposal that includes warranty/maintenance for the post warranty period

that would be available. Information should include:

1. Annual cost of on-site software support.

2. Annual cost of telephone software support.

3. Annual cost of on-site and telephone software support.

4. The number of years extended warranty/maintenance would be made available to OCAC

5. Name, address and telephone number of the manufacturer’s authorized service center(s)

located in or nearest to Odisha Secretariat.

SIGNATORY AUTHORITY

Each person signing this proposal certifies that:

1. The signer is the person in the Service Provider’s firm responsible for the decision to offer the

proposal; or

2. The signer is not the person in the Service Provider’s firm responsible within that firm for the

decision to offer, but has been authorized in writing to act as agent to quote for the persons

responsible for such decisions.

CONFLICT OF INTEREST

In submitting a response to the RFP, the Provider certifies that no relationship exists between the Provider

and OCAC or its officials that interferes with fair competition or is a conflict of interest, and that no

relationship exists between the Provider, and other persons or a firm that constitutes a conflict of interest that

is adverse to the OCAC.

ORGANIZATION AND FORMAT

Proposals should be typed in MS Word or PDF format. One sealed bid proposal should be submitted along

with three (3) CD copies. Proposals should be organized and presented in a manner that addresses all of the

RFP provisions and requirements.


RFP DEVELOPMENT PROCESS

1. Schedule of Events

The following schedule lists meetings and deadlines related to this Request For Proposal (RFP) on the

development of a Agreement for the OCAC Anti-Virus Security Solution. Deadline dates are as indicated

unless otherwise changed by OCAC. In the event that the OCAC finds it necessary to change any of the

dates or activities listed in this calendar, it will do so by issuing an amendment to the RFP to prospective Providers.

Sl Event Target Completion Date

1 Formal issuance of RFP 27-09-2015

2 Last day for submitting written queries about RFP 05-10-2015 up to 2:00 P.M.

3 Pre-proposal conference 06-10-2015 at 11:30 A.M.

4 Publication of corrigendum 09-10-2015

5 Proposals due from Prospective bidders 17-10-2015 up to 12:30 P.M

6 Opening of General (Pre qualification) bids 17-10-2015 at 03:30 P.M

7 Opening of Technical Bids of Qualified bidders 29-10-2015 at 3:30 P.M.

8 Opening of Financial bids of Technically qualified bidder 03-11-2015

9 Award of Work 07-11-2015

PRE-BID CONFERENCE AND REQUESTS FOR CLARIFICATION

1. Prospective Providers are cordially invited to participate in a pre-proposal conference call on 06-10-

2015 at 11:30 A.M.

2. Information about this RFP will be discussed. Requests for clarification, revisions to requirements or

technical questions concerning the RFP may be submitted to the General Manager (Admin) at the

OCAC office.

3. Participation in the pre-proposal conference call is voluntary. However, in order to participate in the call,

Prospective Providers must notify OCAC of its intention to participate in the pre-proposal conference

call by no later than 05-10-2015. Prospective Providers should notify OCAC of its intentions to

participate in the pre-proposal conference call by contacting the General Manager (Admin) at (0674)

2567280 or by e-mail at [email protected].

4. After receiving the notification of intent, OCAC will forward to Prospective Providers the call

information. Those unable to participate in the pre-proposal conference call may submit requests for

clarification, revisions to requirements, or technical questions concerning this RFP in writing. All

written requests should be submitted by 05-10-2015 at 2:00 P.M..

5. If a Prospective Provider discovers a significant ambiguity, error, conflict, discrepancy, omission, or

other deficiency in the RFP, the Provider should immediately notify the General Manager (Admin) of

such error and request modification or clarification of the RFP document. Only information supplied by

OCAC in writing through the General Manager (Admin) or this RFP or amended RFP should be used as

a basis for the preparation of Provider responses.


FEES TO BE SUBMITTED AT THE TIME OF SUBMISSION & DEADLINE

RFP Document fee: Rs. 1,000.00 as RFP document fee must be submitted along with the proposal. The RFP

document fee must be in favour of Orissa Computer Application Centre drawn on any nationalized bank and

payable at Bhubaneswar.

Ernest Monet Deposit (EMD): Rs. 50,000.00 as EMD must be submitted along with the proposal. The EMD

must be in favour of Orissa Computer Application Centre drawn on any nationalized bank and payable at

Bhubaneswar.\

Deadline: The deadline for submission of proposals and related information is 12:30 p.m. on 17-10-2015.

One (1) sealed bound original and three (3) identical CD copies of the response should be forwarded to the

following address prior to the deadline:

The General Manager (Admn.),

Orissa Computer Application Centre,

Plot No. N/1-7-D, Nayapalli, near Acharya Vihar Square

Bhubaneswar-751013, Odisha

BID EVALUATION

The OCAC will select and notify the finalists offer on 29-10-2015. Only finalists will be invited to

participate in the subsequent steps of the procurement.

Following initial evaluations, Finalists will be selected. The Technical Committee will evaluate each

response based on the extent to which the proposal:

1. Meets the requirements of this RFP

2. Shows a willingness to explore solutions beyond a standard purchase agreement

3. displays innovation

Upon completion of the evaluation process, the Committee will recommend one Providers, and OCAC will

establish an agreement with the recommended Provider. The Committee reserves the right to not recommend

any Prospective Providers, and OCAC reserves the right not to enter into an agreement with a recommended

Provider at its own discretion.

After the Agreement is executed, all proposals and documents pertaining to the proposals will be open to the

public. If the Prospective Provider submits information in response to this RFP that it believes to be trade

secret materials as defined by the laws, the Prospective Provider must:

• clearly mark all trade secret materials in its response at the time the response is submitted

• include a statement with its response justifying the trade secret designation for each item, and

• Defend any action seeking release of the materials it believes to be a trade secret, and indemnify and

hold harmless OCAC, its Commissioners, agents and employees, from any judgments awarded

against OCAC in favor of the party requesting the materials, and any and all costs connected with

the defense. This indemnification survives OCAC’s award of a contract. In submitting a response to this RFP, the Prospective Provider agrees that this indemnification survives as long as the trade

secret materials are in possession of OCAC.

In the event a request is made for information which the Prospective Provider has identified as trade secret, OCAC agrees to notify Prospective Provider of said request and provide its determination as to whether

disclosure is legally required, in addition to anticipated disclosure dates, if any, and to allow the Prospective

Provider an opportunity, in its discretion and at its sole expense, to seek a protective order or otherwise

protect the confidentially of the information.

As previously stated, the objective of this RFP is to develop an anti-virus and solution that protects the entire

network including the internet, gateway, servers and desktops, laptops, handheld and tablet computers. In


addition to the applicable software, any proposed solution needs to include the maintenance, technical

support and training necessary to allow OCAC to fully utilize the software licensed.

The Technical Committee will analyze all responses to this RFP. The analysis will be based upon the criteria

set forth in this RFP. The findings and recommendations of the Committee will be submitted to the OCAC

for approval.

Where the words “shall” or “must” are used, they signify a required minimum function of system capacity that will heavily impact the Bidder’s final response rating.

Where the words “may” or “desired” are used, they signify that the feature or capacity is desirable but not

mandatory; therefore, the specifications in question will possess minimal impact on the Bidder’s final response rating.

The method by which the proposed method of performance is written will be left to the discretion of the

Service Provider. However, the Service Provider should address each specific paragraph and subparagraph of the Specifications by paragraph and page number as an item for discussion. Immediately below these

numbers, write descriptions of how, when, by whom, with what, to what degree, why, where, etc, the

requirements will be satisfied.

Evaluation Criteria

All tender responses will be evaluated in three phases

a. General Part Evaluation : Preliminary evaluation that will determine administrative

compliance and eligibility for further evaluation (Detailed in General Part of RFP)

b. Technical Part Evaluation: Detailed evaluation to determine technical compliance and support responsiveness of the Service Provider. (Detailed in Technical Part of RFP)

c. Financial Part Evaluation: Financial evaluation to consider pricing competitiveness and the financial capability of the Service Providers (Detailed in Financial Part of RFP)

The Service provider needs to score minimum 80% mark in Technical evaluation to qualify for the

Financial Evaluation.


General Part Evaluation

The following mandatory documents must be provided in the bid response. Bids that do not have all the

following documents may, at the discretion of OCAC, not be assessed any further

d. The Certificate of compliance (Annexure-1) fully signed and stamped

e. Certificate of incorporation or registration

f. Complete address (Physical, postal, telephone, facsimile and e-mail) for the head office and all

other registered offices in India

g. List of directors and principal officers of the company. Please indicate occupation and job title

of each person

h. A letter to the effect that the principal Service Provider agrees to this requirement must be

captured upfront in the bids and will form part of the preliminary phase evaluation.

i. Copies of VAT Registration Certificate, PAN Card, Service Tax Registration Certificate.

j. Attached copies of relevant technical/CVs certificates of staff (including Technical

professionals)

k. Copies of Audit books of accounts for the last 3 years (1 mark per year per audited account. For

un- audited accounts 0 marks per year)

Sample Preliminary phase evaluation form (Attach all relevant document of this form in a single

bunch and keep it in a separate envelop superscribing “GENERAL BID DOCUMENT” )

Ite

m

No.

Item Description/Required Requirements Notes from Service

Provider’s Bid (Tick if

submitted fully, cross X if not

submitted or partial submission) 1 Certificate of compliance (attached) Must submit

2 Certificate of incorporation or

registration

Must submit

3 Copies of VAT, PAN, Service Tax

Registation

Must submit all

4 Attached copies of relevant

technical/CVs certificates of staff

Must submit relevant

to this project

5 Copies of Audit books of accounts

for the last 3 years

Must submit

6 Complete address (Physical, postal,

telephone, facsimile and e-mail) for

the head office and all other

registered offices in India

Must submit

7 Letter of accreditation by the

principles

Must submit

8 List of directors and principal

officers of the company

Must submit List of

directors and

shareholding ratio

9 Letter of no Objection from the

Service Providers and or reference

sites given

Must Submit

10 RFP Document fee of Rs.1,000/- Must Submit

11 1.a.1 EMD of Rs.50,000/- Must Submit

Does Service Provider qualify to

proceed? ( Yes/No)

Failure to submit any of

the above disqualifies

Service Provider from

further evaluation


PERFORMANCE BANK GUARANTEE

OCAC requires that the Service Provider execute a Performance Bank Guarantee (PBG) with a nationalized

bank in favour of Orissa Computer Application Centre. The performance bond amount will be ten percent

(10%) of the total bid price. The performance Bank Guarantee will be valid for a period of three years. The

PBG can be for one year and extended in each year before expiry of the same. The PBG must be provided

before release of first (40%) payment after successful commissioning of the system.

BUYERS RIGHTS

Orissa Computer Application Centre reserves the right to reject any or all bids without giving any reasons

and OCAC has no obligation to accept any offer made. OCAC also reserves the right to keep its selection

and selection criteria confidential or amend such criteria, which has been made known to the bidder without

further reference. Bids not strictly adhering to Request for proposal conditions may not be considered by OCAC whose decision on the matter shall be final. The Supplier’s terms and conditions will not form part of

any contract with OCAC in relation to this tender. Canvassing in any form is prohibited and will lead to

automatic disqualification.

CORRUPT OR FRAUDULENT PRACTICES

OCAC requires that the Service Providers under this tender observe the highest standards of ethics during

the procurement and execution of such contracts. In pursuance of this policy, the Purchaser (i.e. OCAC)

defines the terms set forth as follows:-

• “Corrupt Practice” means the offering, giving, receiving or soliciting of any thing of value to influence

the action of the public official in the procurement process or in contract execution; and

• “Fraudulent Practice” means a misrepresentation of facts, in order to influence a procurement process or

execution of a contract to the detriment of the Purchaser, and includes collusive practice among Service

Providers (prior to or after bid submission), designed to establish bid prices at artificial non-competitive

levels and to deprive the Purchaser of the benefits of the free and open competition;

• The Purchaser will reject a proposal for award if it determines that the Service Provider recommended

for award has engaged in corrupt or fraudulent practices in competing for the contract in question.

• The Purchaser will declare a Service Provider ineligible, either indefinitely or for a stated period of time,

to be awarded a contract if at any time it is determined that the Service Provider has engaged in corrupt

and fraudulent practices in competing for or in execution of the contract.

CONTRACT TERM

The OCAC Agreement shall be effective on the date that the party to the Agreement signs the Agreement. It

shall remain in effect for three years from that date with options by mutual agreement (of the parties to the

Agreement) to renew for one (1) or two (2) additional years period.

INCURRING COSTS

OCAC is not liable for any cost incurred by Prospective Providers in replying to this RFP.

METHOD OF OPERATION

OCAC will negotiate the pricing structures, terms and conditions and related services provided under the

Agreement. Any terms and conditions which may be the subject of negotiation, will be discussed only

between OCAC and the selected Provider and shall not be deemed an opportunity to amend the Provider’s

proposal. OCAC reserves the right to terminate negotiations and select the next response providing the best

value for OCAC, prepare and release a new RFP, or take such other actions as OCAC deems appropriate if

negotiations fail to result in a successful contract. Once a Agreement is formally established, Eligible

Participant will be responsible for procurement and payment of charges associated with the anti-virus and

software and related services provided to them. OCAC will appoint a Technical Committee to oversee the

solution and assure that it operates in an effective and efficient manner. The Technical Committee will

periodically review and evaluate the performance of the solution and submit its recommendations to OCAC.


TECHNICAL PART

CURRENT INSTALLATIONS

The Odisha Secretariat infrastructure consists of Desktops, Servers, Printers, Laptops, Switches, Firewal

with IPS, hand held devices installed in Secretariat, Rajiv Bhawan, HOD Building, Secha Sadan, Office of

CEO, I & PR Department, State Guest House & OCAC Building. Around 2700 Desktops are connected

through a high speed LAN OFC backbone. 60 Mbps lease (1:1) Internet Connectivity has been provided

through BSNL. The network nerve centre is located in the IT Centre within the Secretariat. Some critical

Applications like OSWAS, e-Pass and e-Dispatch are operational in the Secretariat Intranet. More intranet

applications will be added in future.

Technical Environment

Operating System environment:

• Windows: various flavours of the Windows Operating System both at the client side

Windows 98/2000/XP/Vista/ Windows 7/Windows8/Windows10 and the server

(Windows 2000/2003/2008/2012)

• Unix / Linux environment – Redhat Linux, Suse Linux, AIX

• MAC OS X

Database / Programming Environments

• MS SQL Server 2000/2005 /2008/2012

• MySQL

• DB2

• Oracle; various flavours of the database including but not limited to versions 8i /9i /10g/11i

• Applications developed in Visual studio/ .Net ,PHP,JAVA

• Web server Applications : Apachi, IIS

Hardware Specifications and numbers

• Most hardware are at least Intel PIV, 1.4 GHz CPU, 256MB RAM and above.

• There are approximately Windows Desktops – 3000

• Windows Servers - 11

• Redhat Linux Server– 2

• AIX Server – 8

Network Communications Infrastructure.

• The Secretariat LAN runs on TCP/IP protocol, on a converged network that carries voice

and data. Local Area Network is on 10/100/1000 Ethernet. Secretariat LAN is based on a

layered network design.

• The links used by Secretariat LAN include 60 Mbps (1:1) lease connectivity

• The network infrastructure is based on almost all CISCO environment. The Secretariat LAN

has also implemented CISCO-based IP Telephony to all Secretaries and Ministers.


FUNCTIONAL SPECIFICATIONS OF ANTI-VIRUS SOFTWARE

1. Operational Requirements

a. Must not conflict with any of the Applications, database and development environments

stipulated above. Where a work-around is needed this should be clearly stated.

b. Should incorporate at a minimum:

i. Enterprise class antivirus solution to combat viruses, worms, and trojans

ii. Antispyware

iii. Antirootkit

iv. Personal firewall

c. Support ‘on-access’ protection

d. Support on-demand scanning

e. Support for scheduled scanning

f. Provide for various ways to deal with infection attempts including the ability to clean,

quarantine (in a specified central location) or delete as necessary

g. Ability to restore quarantine files for false-positives.

h. Support for memory scanning to eliminate memory-resident viruses

i. Support advanced Heuristics detecting new unknown viruses that can proactively detect

new/unknown malware and thus help protect or mitigate against zero-day attacks

j. Protection from Web 2.0/3.0 threats such as Cross Site Scripting attacks

k. Provide for prevention of browser settings modifications by malware (internet explorer 6.x

and above and Firefox 3.X and above)

l. Be able to scan inside the archives, self-extracting files and run-time compressed files. The

ability to configure the level of recursive scans inside zipped files is desirable

m. Have a small installable size and low impact on system resources

n. Be able to define and customize a list of undesirable file types by name and /or extensions

o. Have the ability to exclude specified files /folders from being scanned either in the on-

access mode or during on-demand scans

p. Ability to create bootable rescue packs (on CD or USB) for removal of especially boot

sector and memory-resident viruses

q. The proposed antivirus solution must be a partner of Cisco initiative of Network Admission

Control and be able to work with Cisco infrastructure to achieve this concept

r. Be able to specify and selectively block programs and ports from being executed/accessed.

s. Support for smart phones/Tablets/PDAs/Handheld device will be added advantage.

t. Data Loss prevention solution should be part of end point antivirus solution with

single agent at the host and manageable from end point AV management console

u. The Antivirus product should also have capability of repairing the infected files

rather than just quarantining or removal in real time.

v. The Antivirus product should also have the capability to perform the scanning

process randomly and updates schedules to prevent resource utilization related matters.


w. The Antivirus product should also have the capability to identify phishing attacks and

inform to end user.

2. The software should provide centrally managed anti-virus protection for Secretariat network. This

This includes virus protection at the following points:

a. At the Web (HTTP) gateway

b. All workstation and network file servers at all locations of Odisha Secretariat and offices

covered under Secretariat LAN.

c. All computers installed on Secretariat network

3. The desktop software and the server software , where applicable, should be compatible with all

versions including latest version of:

a. Supported Microsoft operating systems, Tablet PC and hand-held devices.

b. MAC operating systems

c. LINUX operating systems

d. UNIX operating systems

e. AIX Operating System

f. VMWARE

4. Respondents should include information on their solutions for any other operating systems.

5. Respondents should describe the process for new operating systems and options in the future.

6. CENTRAL SITE MANAGEMENT

a. The software shall be managed centrally at IT Centre, Odisha Secretariat using a web-based console that allows system monitoring, software updates, client configuration, and event

reporting. The central site administrator should have the ability to manage the software at all

levels of the network and have the ability to remotely deploy product updates and

modifications to all users. Automatic software updates must be deployable every time

network login occurs at any network workstation.

b. The software should be capable of automatic (dynamic) deployment to client workstations,

as well as, removal of any existing anti-virus software. Simultaneous deployment can be

accomplished through any of the following methods: hard disk imaging, Microsoft

Windows NT-based remote installation, silent installation via Microsoft Systems

Management Server, and Active X embedded web pages for remote offices. Dynamic

deployment should be able to occur when the end user workstation is in a standard user

mode and must be transparent to the end user.

c. The software should be capable of Detection of ‘rogue’ PCs and servers that are plugged

into the IP network. This event should be logged or trigger an alert to the systems

administrator

d. The software should have ability to auto-deploy the product to discovered PCs and servers

that are not compliant.

e. Support for mobile user for better mobile user antivirus protection. For example the

proposed solution should allow for creating and sending of remote installation packages and

auto update features the moment a computer (laptop) that has been off joins the TCPIP

network.

f. Ability for the mobile computers (laptops) to search for the closest Product distribution

point and auto reconfigure itself to update from that location will be a great added

advantage. Service Providers should specify how this can be achieved


g. Ability for the administrator to pinpoint at a glance those PCs that do not have an antivirus

agent /software at a glance. A graphical presentation of this is preferred although it can also

be given as a report

h. Automatic virus signature database update over the internet and distribution to the hierarchy

in the network. To minimize on traffic, preference will be given to those systems that

implement incremental virus signature database update

i. Automatic logging and log management. The antivirus should be able to log events into a

relational database for report generation

j. Configuration/ Policy management: the system should allow for global setting of the antivirus configurations, and the same should be automatically enforced by the management

server

k. The ability to password protect settings to avoid interference from end users is necessary

l. Virus incident alerting: the proposed system should be configurable to alert the designated

administrators of virus incidences at the very minimum using LAN messages and e-mail

messages. SMS (short messaging service) alerting for critical occurrences (configurable) is

an added advantage

m. The central site management system must be capable of providing a report of found viruses,

including locations and provide a report of incomplete or failed workstation updates. These

reports must be accessible by the network administrator as well as any central network

location.

n. The Software should have ability to detect Forward Proxy, Reverse Proxy and Transparent

bridge mode and protect access through these methods.

o. Customise captive portal for user authentication during access to internet.

7. GATEWAY PROTECTION

1. Software provided must be designed to scan for viruses at the network gateway. This protection

must be present for email, Web and file transfer traffic. Additionally, the software must have the

following features:

a. Provide real-time detection and elimination or isolation of viruses

b. Allow administrator configurable response levels to viruses including isolating the infected

file and automatic deletion of infected files.

c. Provide an automatic alert to the system administrator of multiple virus detections.

d. Provide an option for automatic virus pattern file updates from the software manufacturer to

occur as scheduled by the user.

e. Configuration of Internet gateway virus protection software must be configurable by the

user administrator using a local Windows interface as well as a remote Web browser.

f. Software provided must provide full feature operation and compatibility when being used

with common firewall protection hardware.

g. Gateway virus protection software must be configurable from the larger site central

management system that controls all software involved in the total anti-virus system.

8. FILE SERVER PROTECTION

1. Software provided must scan servers (including Database, Application servers), detecting and

removing viruses from files, including compressed files, in real time and before reaching the end

user’s computer. The file server virus protection software must also have the following features:

a. Network administrator must be able to manage the server virus protection software through

the use of a Windows-based console. This shall include management of virus outbreaks


within the server network, virus scanning, virus pattern updates, notifications and remote

installation of program solutions and updates to all network servers.

b. The administrator must be able to monitor the status of all network servers in realtime to

determine connection status, infection status, pattern file and program solution versions.

c. The software manufacturer must be able to send notifications of a virus outbreak to the

designated network administrator through message box, pager, Internet email, SNMP trap or Window(s) event log.

d. The server protection software must provide automated maintenance tasks to include:

pattern and program solution file updating, compiling virus logs, and setting parameters for real-time scanning.

e. The software must support Microsoft Windows Server(s) , Novell, LINUX, UNIX, AIX or

other servers. Respondent must supply information on version supported.

f. The server virus protection software must, at a minimum, be Microsoft Windows Server(s)

Certified. Respondent must describe additional certifications that its solution provides.

g. The software must provide the network administrator detailed reporting of server status to

include: pattern file and program solution versions, infection status, and connection status.

h. The file server protection software must perform kernel-level scanning for viruses and

malicious codes. Additionally, the software must employ rules band and pattern-recognition

scanning technology for virus protection.

i. The scan engine, utilized by the server protection software, must be certified by the

International Computer Security Association (ICSA).The scan engine must be capable of

multi-thread scanning.

9. DESKTOP PROTECTION

1. Software provided must provide transparent virus scanning and virus removal on networked desktop

and mobile clients. Additionally, the software must have the following features:

a. The desktop virus protection software must provide centralized management features,

allowing administrators to fully manage and enforce anti virus policies across the entire

network. Additionally, the administrator must have the ability

b. To deliver dynamically virus protection updates to each network desktop. This includes

virus pattern files and scan engine updates.

c. The software must have the ability to remove virus and other malicious codes from desktops

as well as repair damage repair of the computer.

d. The desktop virus protection software must automatically and transparently remove all

existing desktop anti virus software.

e. Installation and deployment methods must include hard disk imaging, Microsoft Windows

remote installation, silent installation via Microsoft Systems Management Server, and

ActiveX embedded Web page for remote users. Respondent may include information on any

additional installation and deployment methods for their proposed solution.

f. The software must protect network desktop, laptop, wireless, smart phones, tablets, hand

held device and PDA clients from viruses, Trojans, worms and other malicious codes. This

protection must extend to virus attacks via email, web downloads, and file sharing.

g. The detection and cleaning technology of this software must be certified by the International

Computer Security Association (ICSA).

h. The Antivirus solution product must be certified by NSS Lab.


10. Reporting and Analysis

The proposed system should produce the following reports as a minimum

a. Dashboard summary reports on the state of the implementation (e.g. Percentage protected,

unprotected, out of date, etc)

b. Infections history (all, or occurring between given dates). The report(s) should drill down

per machine and per user

c. First reported incidence of virus activity showing origin (user, time, infected file source)

d. Files infections summary detailing the most infected files

e. Infections by virus and/or malicious code type

f. Infections by virus; name, number of incidences, etc

g. Action summary reports; what actions did the antivirus take per incidence (e.g. deleted,

renamed, cleaned, etc). Graphical presentations of such data is ‘a nice to have’ though it may not constitute an advantage.

h. The following will constitute an added advantage

i. Queries or reports showing system data (user, space utilization on the hard drive, OS version

and service pack levels, etc)

j. The ability to run queries off the database which can be used for external reporting and data

analysis (e.g. from a spreadsheet)

11. Documentation Requirement

a. All documentation and training materials (both in hard copy as well as a soft copy in PDF

format) must be available in order to complete the process, business, technical/system,

operations and support acceptance activities.

b. Service Provider’s suggestions for documentation and training materials to support the

implementation, use and maintenance of the antivirus solution and any supporting

technology components that will be provided as part of this project are to be included in the

Service Provider’s proposal.

c. Documentation must be in English.

12. Training

a. It is expected that formal training will be given to administrators of the solution. However,

the solution must be intuitive and help text must be available and presented in a manner that

encourages users to try to find information. Training of technical support team will be to

such an extent that they will be reasonably able to handle their duties competently. Where appropriate, the Service Provider will be expected to discuss the technical aspects of the

system so as to enable, for example, creation of ad-hoc reports and integration to other

systems

b. Training will be provided in the English language at the OCACs premises or a convenient

mutually agreed location within Bhubaneswar, Odisha. If additional expenses will be

incurred for offsite training, this will be borne by the Service Provider.

13. IT Security

a. The proposed system is expected to be compliant with BS7799 / ISO 17799 best security

practices. Where the system materially diverts from these standards, the Service Provider in

their proposal shall disclose such deviation. The underlying database management system

should ideally be encrypted if possible. Passwords must be stored in encrypted form.

b. The proposed solution should follow a Role-Based Access model; i.e. menu structures and

functions should only be available to those with the right security level to carry them out.


Delegation of administrative functionality or the ability to define categories of

administrative ‘users’ is desirable

14. OVERALL RESPONSIBILITY

a. The Solution Provider is obliged to work closely with the OCAC staff, act within its own

authority, and abide by directives issued by OCAC that are consistent with the terms of the

Contract.

b. The Solution Provider will abide by the job safety measures and will indemnify the OCAC

from all demands or responsibilities arising from accidents or loss of life, the cause of which

is the Solution Provider's negligence. The Solution Provider will pay all indemnities arising from such incidents and will not hold the OCAC responsible or obligated.

c. The Solution Provider is responsible for managing the activities of its personnel, or

subcontracted personnel, and will hold itself responsible for any misdemeanors.

d. The Solution Provider shall appoint an experienced counterpart resource to handle this

requirement for the duration of the Contract. The OCAC may also demand a replacement of

the manager if it is not satisfied with the manager’s work or for any other reason.

e. The Solution Provider shall take the lead role and be jointly responsible with the OCAC for

producing a finalised project plan and schedule, including identification of all major

milestones and specific resources that the OCAC is required to provide.

f. The Solution Provider will not disclose the OCAC's information it has access to, during the

course of the Consultancy, to any other third parties without the prior written authorisation

of the OCAC. This clause shall survive the expiry or earlier termination of the contract.

15. HARDWARE REQUIREMENT

a. The Solution providers also indicate the Hardware requirement for implementation of the

proposed System.

TECHNICAL EVALUATION

a. Experience and reliability of the Service Provider’s organization are considered objectively

in the evaluation process. Therefore, the Service Provider is advised to submit any

information, which documents successful and reliable experience in past performances,

especially those performances related to the requirements of this RFP.

b. The Service Provider should provide the following information related to previous and

current services/contracts performed by the Service Provider’s organization which are

similar to the requirements of this RFP

i. Name, address, and telephone number of client/contracting agency and a

representative of that client/agency who may be contacted for verification of all

information submitted;

ii. Dates and locations of the service/contract; and

iii. A brief, written description of the specific prior services performed and

requirements thereof.

c. Proposals will be objectively evaluated based on the Service Provider’s distinctive plan for

performing the requirements of the RFP. Therefore, the Service Provider should present a

written narrative, which demonstrates the method or manner in which the Service Provider

proposes to satisfy these requirements. The language of the narrative should be

straightforward and limited to facts, solutions to problems, and plans of action including

future plan.


Technical Evaluation FORM

Sl Antivirus Solution

Evaluation criteria

Description Max

Point

weightage Score

by the SP

1 Ability to produce new

virus signatures. Status

Reporting should be

done in every 30

minutes

The period between when a

virus is discovered “in the

wild” and when a signature or

pattern file is available for

clients is extremely critical in

our environment. The longer it

takes us to get and distribute

new pattern files, the more

likely we are to have clients

getting infected

20 • < 30 minutes : 20 points

• >=30 minutes and < 45

minutes : 15 Points


minutes : 10 Points


minutes : 10 Points


minutes : 05 Points

2 Unified Client Features The ability for client software

to provide antivirus, anti-spyware, SPAM filtering, and

firewall support in a single

package was very high on the

list of requirements. Packaging

all of these features together

under a single client not only

reduces desktop and system

tray clutter but typically takes

up fewer system resources in

terms of CPU and memory.

10 • Single package : 10 Points

3 Client transparency How the client itself performed

while a system was under

heavy usage. Real-time scanning and monitoring

needed to be as modest as

possible. This also meant that

any error messages or warnings

that popped up as viruses were

found needed to be easy to

understand and answer. It is

very important that the client be

as transparent and easy to use

as possible to the users.

05 • Easy understanding : 5 Points

4 Support for all

Windows and Linux

O/S

There is a great deal of variety

among systems within the

Secretariat. Therefore, it is

important that any solution

support the full range of

Windows operating systems

from Windows -7, Vista, XP

and 2003 all the way back to

Windows 98. In addition,

adding support for protecting

the number of Linux desktops

and servers was also desired.

10 • Support for all flavors of

Windows & Linux : 10 Points

• Support for latest flavor of

Windows Windows XP

onwards and all flavors of

Linux : 07 Points

• Support for latest flavor of

Windows Windows XP

onwards and not for Linux :

05 Points

• Support for all flavors of

Windows

• Support for all flavors of

Linux only : 02 Points

5 Web based

Management console

Enterprise management tools

needed to be web-based for

ubiquitous access.

05 • 05Points



Evaluation criteria

Description Max

Point

weightage Score

by the

SP

6 Company Strength and

AV strategy

How strong the company itself

is. Fiscally weak or unsound

companies tend to get bought

out by larger corporations who

may then change the levels of service a product provides even

during a contract. Companies

also needed to have a strong

strategy and focus on antivirus

and system security as part of

our evaluation

05 • 05 Points

7 Ability to integrate

with other solutions

such as CISCO NAC

Network security is another

area of focus when selecting an

antivirus solution. The ability

of a solution to integrate with

third party solutions such as

Cisco’s Network Admission

Control is an important feature.

Because the vast majority of the

network at Secretariat is

controlled by Cisco equipment,

it is vital that any possible

solution be able to integrate

with the existing network

infrastructure.

05 • 05 Points

8 Proactive notification

on potential outbreak

and/or problems

Limited human resources

prevent from watching any

system 24x7x365. Therefore, it

is critical that any solution be

able to watch systems and automatically notify system

administrators of possible

outbreaks or issues on the

network. The ability to email or

SMS the administrator when

there appears to be an anomaly

on the network is determined to

be vital in our requirements.

10 • 05 Points

9 Ability to clean up

Viruses and/or

spyware have infected

a system

The factor that must be

considered when evaluating

antivirus solutions is how well

the product is able to clean a system after an infection. If a

solution simply detects a virus

but doesn’t clean it up well, it

doesn’t really save any time or

effort. The solution should be

able to successfully clean a

majority of infections without

having to rebuild the system.

10 • Cleaning 90% cases and

deleting 10 % cases :

05Points

• Cleaning 80% cases and deleting 20 % cases :

03Points

• Cleaning 70% cases and

deleting 30 % cases :

02Points



Evaluation criteria

Description Max

Point

weightage Score

by the

SP

10 Ability to quickly

prevent outbreaks

while new virus

signatures are not yet

available

The ability to prevent an

outbreak from occurring when

there is no virus signature or

pattern file available is

extremely important. Hundreds of systems could potentially

become infected in the time it

takes a virus to be detected “in

the wild” to the time a new

pattern is available. A feature

we considered key is the ability

for software to keep systems

protected even though they

were unable to detect the virus.

10 • Protection from undetected

virus before pattern file is

made available: 10 Points

11 Deployment of

Experts at site

The Solution provider needs to

deploy experienced

professionals (3 Nos.) at IT

Centre for addressing the issues

related to virus. One of them

should be designated as project

head and others project

assistant. The project should

have BE/BTech/MTech

qualification with minimum 3

years of experience in relevant

field and should have managed

at least 5 projects of minimum

3000 users. The project

assistants should have MCA qualification with minimum 3

years of experience in relevant

field

10 • Incase Project Head

qualification is MTech with 3

years of experience in

relevant field or qualification is BTech/BE with 5 years of

experience in relevant field :

10 Points

• Incase Project Head

qualification is BTech/BE

with 3 years of experience in

relevant field: 07 Points


FINANCIAL PART

FINANCIAL EVALUATION

Technological advances are anticipated over the term of this contract. Costs (Rupees inclusive VAT and

other applicable taxes where necessary) and Man/Day estimates, where appropriate, broken down by:

a) General Service Provider Costs

(1) Per workstation/user for a minimum of 3000 workstations (and incremental bundles

thereof)

(2) Per operating system where applicable

(3) Per application where applicable

Respondents are encouraged to provide a contract mechanism for their current eligible customers to roll into

this agreement at anytime after the inception of the contract. All pricing on future software products offered under this proposal must, at a minimum, reflect the same percentage discounts or better as established with

this contract award. Greater discounts are permissible and encouraged. Any price reductions from Service

Providers from the time of proposal submission to time of purchase order must be passed on to the OCACs.

Respondents must identify any and all associated costs, fees or charges for which the OCAC may be billed.

Costs not indicated in your proposal will not be paid.

1. Pricing

The Service Provider shall provide a firm, fixed price for the Original Contract Period. All costs

associated with the required services/equipment shall be included in the prices. All deliveries shall be made FOR Destination with freight charges fully included and prepaid. The Service Provider pays and

bears the freight charges.

Enterprise Antivirus solution pricing format

Description Unit Price in Rs. Unit Price in Rs.

Renewal (1 Year)

Unit Price in Rs.

Renewal (2 Years)

Workstations/Windows Server OS

Redhat Linux Server/ AIX Server

(30 users)

Apps *

Other

(Price quoted should be inclusive of Taxes)

* - These include specific protection on server OS, database, messaging, internet proxy, and other applications

where applicable (if not bundled). Repeat this row for each application as necessary.

Additional Cost to Complete. Provide an itemized list of any items not included above by the OCAC and

related costs that Service Provider deems necessary to provide the information to meet the requirements

specified in proposal. Failure to provide said list shall not relieve the Service Provider from providing such

items as necessary to meeting the entire requirement.


Terms of payment

• 60% payment after complete installation and operationalisation against submission of 10%

bank guarantee (BG) that will be valid for three years. The BG can be for one year and

extended in each year before expiry and release of subsequent payment.

• 10% payment shall be released after completion of 1st year of service.

• 10% payment shall be released after completion of 2nd

year of service.

• 20% payment shall be released after completion of 3rd year of service.

Penalty clauses

• Severity Level-1: Rs.500.00 shall be imposed for each 30 minutes delay in resolving the

problem after permissible time of 30 minutes to attend the problem.

• Severity Level-2: Rs. 15/- per node shall be imposed for each 1 hour delay in resolving the

problem after permissible time of one hour to attend the problem.

• Severity Level-3: Rs. 15/- per node shall be imposed for each 2 hours delay in resolving

the problem after permissible time of two hours to attend the problem.

• More than 2 times failure in a day to address the issue Rs.1500/- per failure shall be charged

as additional penalty. Maximum failure allowed in a day will be 3 times above which

penalty of Rs.10000/- per failure shall be charged and current warranty period shall

automatically increased by one week

• More than 2 times failure in a week to address the issue Rs.1000/- per failure shall be

charged as additional penalty. Maximum failure allowed in a week will be 15 times above

which penalty of Rs.10000/- per failure shall be charged and current warranty period shall

automatically increase by one month.

Sl Severity

Level

How to define How to measure Penalty

1 Severity Level-1

Complete Network failure due to virus

infection or application

failure due to virus

infection shall be treated

as critical and must be

attended within 30

minutes.

Complete network failure shall be ascertained from the NMS report. If NMS reports no

network fault both at Core Switch/Router level

and end points and end points are accessed

from the Core Switch/router, it means there is a

congestion in the network, which could be

spurious packet flooding or ARP flooding.

Rs.500.00 shall be imposed for each 30

minutes delay in

resolving the problem

after permissible time

of 30 minutes to attend

the problem

2 Severity

Level-2

Failure of a node or

group of nodes to access

the Internet or Intranet

application because of virus infection shall be

treated as moderately

critical and must be

attended within one hour

time.

Node or group of nodes failure shall be

ascertained from the NMS report. If NMS

reports no fault at node or group of nodes and

end points are accessed from the Core Switch/router, it means there is a virus

infection at end point. Also the reporting tool

of Antivirus solution shall indicate the virus

attack at the end points

Rs. 15/- per node shall

be imposed for each 1

hour delay in

resolving the problem after permissible time

of one hour to attend

the problem

3 Severity

Level-3

Decrease in Internet and

or Intranet access speed

due to congestion caused

by Virus infection in the

network shall be treated

as less critical and must be attended within two

hours time.

The reporting tool of Antivirus solution shall

indicate the virus attack at the end points.

Hence the reason for Network slow access can

be determined exactly. If the monitoring tool

does not show any virus/spyware infection in

the end point, the slowness may be due to other reasons like add-on programs, the amount of

memory the computer has, hard disk space and

condition, and the programs that are running

Rs. 10/- per node shall

be imposed for each 2

hours delay in

resolving the problem

after permissible time

of two hours to attend the problem .


Penalty amount shall be deducted from payable or dues of Service Provider by OCAC.

2. Financial stability

This will involve an assessment of key standard financial ratios and trends for the last 3 years such

as profitability, leverage, debt ratio, gross margins and sales turnover.

3. Certification of Independent Price Determination

By submitting a proposal, the Service Provider certifies that in connection with this proposal:

1. The proposal has been arrived at independently, without consultation, communication or

agreement with any competitor for the purpose of restricting competition, and;

2. Unless otherwise required by law, the offer cited in this proposal has not been and will not be

knowingly disclosed by the Service Provider prior to opening directly or indirectly to any other

Service Provider; and

3. No attempt has been made nor will be made by the Service Provider to induce another person or

firm to submit or not to submit a proposal for the purpose of restricting competition.


Annexure-1

CERTIFICATE OF COMPLIANCE

All Service Providers should sign the certificate of compliance below and return it

together with a copy of this tender document and their quotation.

We___________________________ have read this tender document and agree with

the terms and conditions stipulated therein.

Signature of Tenderer -------------------------------------------

Date………………………………………………………….

Company Stamp/Seal.

request for proposal - ocacapps.ocac.in/uploaddocuments/tender/tender_20150927_223759.pdf · with...

Documents