request for proposal - ocacapps.ocac.in/uploaddocuments/tender/tender_20150927_223759.pdf · with...
TRANSCRIPT
Orissa Computer Application Centre
Request For Proposal Comprehensive Antivirus Solution for Odisha
Secretariat
Enquiry No. OCAC-TE-22/2010(P-I)-15040
RFP for Antivirus Security Solutions
Page 2
Index
Sl. Content Page Ref.
General Part
1 Introduction 3
2 Antivirus Security Solution 3
3 Solution Focus and Scope 4
4 Eligible Participants 4
5 Service Level Requirements and Qualifications 4
6 Product Warrantee & Ongoing Support 5
7 Signatory Authority 7
8 Conflict of Interest 7
9 Organization and Format 7
10 RFP Development Process 8
11 Pre-Bid Conference and Requests for Clarification 8
12 Fees to be submitted at the time of submission & Deadline 9
13 Bid Evaluation 9
14 General Part Evaluation 11
15 Performance Bank Guarantee, Buyer’s right 12 16 Corrupt and fraudulent practices & Contract Terms 12
17 Incurring Costs 12
18 Method of operation 12
Technical Part
19 Current Installations 13
20 Functional Specifications of Antivirus & Software 14
21 Operational Requirements 14
22 Central Site Management 15
23 Gateway Protection 16
24 File Server Protection 16
25 Desktop Protection 17
26 Reporting and Analysis 18
27 Documentation Requirement 18 27 Training 18
28 IT Security 18
29 Overall Responsibility 19
30 Technical Evaluation 19
Financial Part
31 Financial Evaluation 24
32 Pricing 23
33 Terms of Payment 24
34 Penalty clauses 24
35 Financial stability 25
36 Certification of independent price determination 25
RFP for Antivirus Security Solutions
Page 3
GENERAL PART
INTRODUCTION
Orissa Computer Application Centre is requesting proposals from Software Manufacturers or their
authorized business partners (here after called as Service Provider) for establishing a Comprehensive
Enterprise Antivirus Security for the secretariat Computing and Network infrastructure. At a minimum
this solution shall offer competitive price agreement with qualified Service Provider who shall provide
Software licenses, Day-to-day Support Services, training and related materials and services in accordance
with the specifications of this request for proposal on a turn key basis.
Secretariat LAN : Secretariat LAN has been established within the Secretariat with the following objectives.
The LAN is managed centrally at IT Centre located within the Secretariat, Odisha. At present there are about
3000 network users, which will likely to increase by 10%-15%. Therefore total number of network users
will be around 3500 in future.
1. To provide seamless Internet connectivity with zero downtime to the Departments for day to day
office work and implementation of various critical e-Governance project within the Secretariat.
2. Facilitate Video Conferencing Access to OSWAN.
3. Facilitate website service of State Government and other Departmental portals
4. Facilitate Intranet services for the applications like OSWAS, and e-PASS.
This RFP is issued by OCAC, which is the sole point of contact during selection process. The Officer
responsible for entire process is General Manager (Admin).
The purpose of RFP is to provide interested Service Providers with information to enable them to prepare
and submit a proposal to provide a comprehensive enterprise Antivirus security solution for the Secretariat
network infrastructure on turnkey basis
ANTIVIRUS SECURITY SOLUTION
OCAC is looking to develop and commission an Enterprise Antivirus Security Solution that will protect the
entire Odisha Secretariat network including Internet Gateway, Servers, Desktops, Laptops, Hand held
devices like RFID Readers, Barcode Readers etc.. In addition to the applicable Software, any proposal
solution needs to include the installation, configuration, tuning, maintenance, on site technical support and
training necessary to allow the Departmental Users to fully utilize the software Licensed on turn key basis.
Because Departments may have differing security needs, the solution must be flexible enough to meet those
varying needs. Among different Departments even within a single department, differences in security
concerns and requirements exist. Therefore, the solution should allow adaption to specific needs and
circumstances of each user.
Depending upon the responses received and the solutions presented, OCAC may select a Service Provider
to work in developing and implementing an Antivirus Security solution on a turnkey basis.
RFP for Antivirus Security Solutions
Page 4
SOLUTION FOCUS AND SCOPE
OCAC is looking to develop a comprehensive enterprise Anti-virus security solution that, at a minimum,
includes server protection, desktop, laptop, hand-held and tablet protection, as per the policy defined by
OCAC from time to time, maintenance, technical support and training on turnkey basis. Responding Service
Providers must offer product solution from single manufacturer to meet each of these.
Responding Service Providers may also offer additional solutions or products that will enhance the anti-
virus security solution. The successful respondent will be responsible for delivery of all software and/or
services requested in this proposal. OCAC will consider the respondent to be the sole point of contact with
regard to contractual matters, including pricing structure, delivery, warranty, and payment of any and all
charges resulting from the purchase of products specified in this proposal.
ELIGIBLE PARTICIPANTS
Software Manufacturers of Antivirus solutions with experience of minimum 5 years in managing security
solutions of corporate having at least 3000 users.
SERVICE LEVEL REQUIREMENTS AND QUALIFICATIONS
1. The successful firm shall provide the enterprise anti-virus security software products, maintenance,
installation, training and service solution as described in this RFP. Respondents shall completely review
the requirements specified in this proposal. It shall be the respondent’s responsibility to make certain
that all software and support are included in their proposal to guarantee a fully functional enterprise anti-
virus (comprehensive virus protection for every network tier) security. It shall be the service provider’s
responsibility to verify that the software proposed will work as specified with all network tiers,
including desktops, laptops, servers, hand-held, and tablet computers.
2. The successful service provider must guarantee all anti-virus software and ensure that this product works
to its maximum capacity for a period of thirty six (36) months after final acceptance by OCAC. The
successful Service Provider must provide at their expense all support necessary to ensure proper
operation within that period of three years.
3. The successful service provider must agree that additional anti-virus security products relative to
obtaining the enterprise solution not covered herein may be added by OCAC to this contract without
voiding provisions of the existing contract. The successful Service Provider with additional
consideration may be allowed to furnish additional security products and services to OCAC for
Secretariat LAN.
4. The Solution Provider's order fulfillment process shall be considered an important process with regards
to the existing business practices of OCAC.
5. The successful service provider performance will be closely monitored by a Technical Committee of
OCAC throughout the contract period. If deliveries prove to be unsatisfactory, or other problems arise,
OCAC reserves the right to delete product or services from the agreement and/or cancel agreement for
cause, and may award to the next acceptable "low respondent", or cancel and request new proposals.
Similarly, if deliveries prove to be unsatisfactory or other problems arise under the agreement for
OCAC, the OCAC retains all of its remedies for a default. Failure of the OCAC to exercise its rights of
termination for cause or other remedies for default due to a respondent's failure to perform as required in
any instance shall not constitute a waiver of termination rights or other default remedies in any other
instance.
6. Delivery of purchases will be made within 30 calendar days after receipt of purchase order. Service
provider agrees to notify OCAC within five working days after receipt of software order if they are
unable to meet this requirement. Failure of the Service Provider to adhere to delivery schedules as
specified or to promptly replace defective software shall render the Service Provider liable for all costs
in excess of the contract price when alternate procurement is necessary. Excess costs shall include the
administrative expenses.
RFP for Antivirus Security Solutions
Page 5
7. Service provider must not substitute any item(s) that has been ordered by OCAC using this contract
without the prior written approval by the appropriate purchasing officer of OCAC. The substitute item
must be at the same or better technology level than the original product ordered, and pricing at the same
or lower price. Failure to comply may result in return of merchandise at service provider 's expense.
8. Successful service provider must offer a "total satisfaction" return policy. The Service Provider must
provide a thirty (30) day no-questions-asked return option, from the date of delivery to OCAC or
installation at site.
9. The successful service provider shall be responsible for replacing at no cost to OCAC any damaged
software products received under this contract within 7 days from notification by OCAC. This includes
all shipping costs for returning non-functional items to the Service Provider for replacement.
10. Any price reductions from software manufacturer from the time of proposal submission to time of
purchase order must be passed on to OCAC.
11. The service provider shall retain and maintain all records and documents relating to this Contract for six
years after final payment by OCAC hereunder or any applicable statute of limitations, whichever is
longer, and shall make them available for inspection and audit by authorized representatives of OCAC,
including the procurement officer or designee, at all reasonable times.
12. OCAC reserves the right, but is not obligated, to request that each respondent provide a formal
presentation of its proposal at a date and time to be determined. If required by the OCAC Technical
Committee, it is anticipated that such presentation will not exceed one (1) hour. No respondent will be
entitled to be present during, or otherwise receive any information regarding, any other presentation of
any other respondent.
13. The successful service provider must provide an account executive/team for OCAC. This team must
establish and maintain fundamental familiarity/understanding with OCAC. Account team must be able
to recommend appropriate solution in real time.
14. PRODUCT WARRANTY AND ON-GOING SUPPORT-- The successful Service Provider shall
provide an option for on-going warranty support beyond the warranty period as well as a minimum of
three (3) years product warranty shall be included in the purchase price. Warranty and on-going support
requirements are outlined below.
The Solution provider needs to deploy experienced professionals (3 Nos.) at IT Centre for addressing the
issues related to virus. One of them should be designated as project head and others project assistant..
a. The service provider shall engage 3 experienced professionals out of which one shall be
designated as Project Head and other two professionals shall be designated as project assistant at
IT Centre to address the onsite issues. The Project Head should have BE/BTech/MTech
qualification with minimum 3 years of experience in relevant field and should have managed at
least 5 projects of minimum 3000 users. The project assistants should have MCA qualification
with minimum 3 years of experience in relevant field. The professionals should be available in
the IT Centre from 8 AM to 10 PM regularly and in case of emergency atleast one professional
should be made available from 10 PM to 8AM. It is expected that these professional shall be
made available through out the warrantee period. During warrantee period normally change of
personnel is not allowed. However in case of unavoidable circumstances maximum one person
at time can be allowed to be changed after six months of his/her service in the project. All the
professionals are not allowed to be changed at a time. At best one professional may be allowed
to be changed at a time
b. The warranty period shall begin upon successful installation and OCAC’s acceptance of
installation of the anti-virus software acquired from respondent on servers and workstations
covered by the purchase.
c. Warranty shall include 24 hours per day, 7 days per week, 365 days per year.
d. The OEM shall perform the health check up of the Software at site in every 6 months and
submit a report before the authority for evaluation.
RFP for Antivirus Security Solutions
Page 6
e. The Network virus infection can be ascertained primarily from the following symptoms.
• Congestion on local area networks (ARP flood as consequence of network scan).
• Web sites related to antivirus software or the Windows Update service becoming
inaccessible.
• Certain Microsoft Windows services such as Automatic Updates, Background Intelligent
Transfer Service (BITS), Windows Defender and Windows Error Reporting disabled.
• Domain controllers responding slowly to client requests.
• Account lockout policies being reset automatically.
• User accounts locked out.
e. The successful service provider must guarantee fixes to virus infections within maximum 2
hours after being made aware of the virus. The problems must be fixed as per the timeline
described for severity levels indicated below. Service provider should describe the processes for
accomplishing this. Failure to provide fixes within 2 hours result in an extension on current
warranty period with penalty. Complete network failure shall be ascertained from the NMS
report. If NMS reports no network fault both at Core Switch/Router level and end points and
end points are accessed from the Core Switch/router, it means there is a congestion in the
network, which could be spurious packet flooding or ARP flooding.
i. Severity Level-1 : Complete Network failure due to virus infection or application
failure due to virus infection shall be treated as critical and must be attended within
30 minutes.
ii. Severity Level-2 : Failure of a node or group of nodes to access the Internet or
Intranet application because of virus infection shall be treated as moderately critical
and must be attended within one hour time.
iii. Severity Level-3: Decrease in Internet and or Intranet access speed due to
congestion caused by Virus infection in the network shall be treated as less critical
and must be attended within two hours time.
f. Reporting mechanism: - The Solution provider shall provide two email-IDs to which the
complaint can be posted (to any one or both IDs). Similarly two e-mail ID shall be identified by
the IT Centre from which complaints can be registered (from any one ID). The complaint
registration shall be through e-Mail only.
g. Support shall include free software updates, during the warranty period, of all software
purchased as a part of this proposal.
h. OCAC has the right to require on-site assistance when software is not operating as designed
with its equipment or network. The on-site warranty service shall be provided within two (2)
hours time period. Any cost associated with this requirement shall be borne by the successful
service provider.
i. Respondents shall provide the name, address and toll free telephone number of the nearest
authorized manufacturer’s services center and the technical persons deployed in the IT Centre
by the respondent.
j. The successful Service Provider shall be responsible for providing a minimum of eight hours of
onsite software product training at no additional cost to technical staff at OCAC .
k. The successful Service Provider may propose delivery, unpacking, assembly and set-up of software. Software installation must be conducted by personnel employed by company
authorized by the software manufacturer to conduct such activity. Dynamic deployment will
allow remote installation of anti-virus software for servers and workstations; the Service
Provider shall be responsible for verifying successful installation on covered servers and
workstations at all locations of the Secretariat and offices covered under Secretariat LAN.
RFP for Antivirus Security Solutions
Page 7
OCAC purchasing software shall be responsible for providing the appropriate host server(s) and
network access.
l. Respondents shall furnish a copy of Manufacturer’s Extended Warranty/Maintenance
Agreement with their proposal that includes warranty/maintenance for the post warranty period
that would be available. Information should include:
1. Annual cost of on-site software support.
2. Annual cost of telephone software support.
3. Annual cost of on-site and telephone software support.
4. The number of years extended warranty/maintenance would be made available to OCAC
5. Name, address and telephone number of the manufacturer’s authorized service center(s)
located in or nearest to Odisha Secretariat.
SIGNATORY AUTHORITY
Each person signing this proposal certifies that:
1. The signer is the person in the Service Provider’s firm responsible for the decision to offer the
proposal; or
2. The signer is not the person in the Service Provider’s firm responsible within that firm for the
decision to offer, but has been authorized in writing to act as agent to quote for the persons
responsible for such decisions.
CONFLICT OF INTEREST
In submitting a response to the RFP, the Provider certifies that no relationship exists between the Provider
and OCAC or its officials that interferes with fair competition or is a conflict of interest, and that no
relationship exists between the Provider, and other persons or a firm that constitutes a conflict of interest that
is adverse to the OCAC.
ORGANIZATION AND FORMAT
Proposals should be typed in MS Word or PDF format. One sealed bid proposal should be submitted along
with three (3) CD copies. Proposals should be organized and presented in a manner that addresses all of the
RFP provisions and requirements.
RFP for Antivirus Security Solutions
Page 8
RFP DEVELOPMENT PROCESS
1. Schedule of Events
The following schedule lists meetings and deadlines related to this Request For Proposal (RFP) on the
development of a Agreement for the OCAC Anti-Virus Security Solution. Deadline dates are as indicated
unless otherwise changed by OCAC. In the event that the OCAC finds it necessary to change any of the
dates or activities listed in this calendar, it will do so by issuing an amendment to the RFP to prospective Providers.
Sl Event Target Completion Date
1 Formal issuance of RFP 27-09-2015
2 Last day for submitting written queries about RFP 05-10-2015 up to 2:00 P.M.
3 Pre-proposal conference 06-10-2015 at 11:30 A.M.
4 Publication of corrigendum 09-10-2015
5 Proposals due from Prospective bidders 17-10-2015 up to 12:30 P.M
6 Opening of General (Pre qualification) bids 17-10-2015 at 03:30 P.M
7 Opening of Technical Bids of Qualified bidders 29-10-2015 at 3:30 P.M.
8 Opening of Financial bids of Technically qualified bidder 03-11-2015
9 Award of Work 07-11-2015
PRE-BID CONFERENCE AND REQUESTS FOR CLARIFICATION
1. Prospective Providers are cordially invited to participate in a pre-proposal conference call on 06-10-
2015 at 11:30 A.M.
2. Information about this RFP will be discussed. Requests for clarification, revisions to requirements or
technical questions concerning the RFP may be submitted to the General Manager (Admin) at the
OCAC office.
3. Participation in the pre-proposal conference call is voluntary. However, in order to participate in the call,
Prospective Providers must notify OCAC of its intention to participate in the pre-proposal conference
call by no later than 05-10-2015. Prospective Providers should notify OCAC of its intentions to
participate in the pre-proposal conference call by contacting the General Manager (Admin) at (0674)
2567280 or by e-mail at [email protected].
4. After receiving the notification of intent, OCAC will forward to Prospective Providers the call
information. Those unable to participate in the pre-proposal conference call may submit requests for
clarification, revisions to requirements, or technical questions concerning this RFP in writing. All
written requests should be submitted by 05-10-2015 at 2:00 P.M..
5. If a Prospective Provider discovers a significant ambiguity, error, conflict, discrepancy, omission, or
other deficiency in the RFP, the Provider should immediately notify the General Manager (Admin) of
such error and request modification or clarification of the RFP document. Only information supplied by
OCAC in writing through the General Manager (Admin) or this RFP or amended RFP should be used as
a basis for the preparation of Provider responses.
RFP for Antivirus Security Solutions
Page 9
FEES TO BE SUBMITTED AT THE TIME OF SUBMISSION & DEADLINE
RFP Document fee: Rs. 1,000.00 as RFP document fee must be submitted along with the proposal. The RFP
document fee must be in favour of Orissa Computer Application Centre drawn on any nationalized bank and
payable at Bhubaneswar.
Ernest Monet Deposit (EMD): Rs. 50,000.00 as EMD must be submitted along with the proposal. The EMD
must be in favour of Orissa Computer Application Centre drawn on any nationalized bank and payable at
Bhubaneswar.\
Deadline: The deadline for submission of proposals and related information is 12:30 p.m. on 17-10-2015.
One (1) sealed bound original and three (3) identical CD copies of the response should be forwarded to the
following address prior to the deadline:
The General Manager (Admn.),
Orissa Computer Application Centre,
Plot No. N/1-7-D, Nayapalli, near Acharya Vihar Square
Bhubaneswar-751013, Odisha
BID EVALUATION
The OCAC will select and notify the finalists offer on 29-10-2015. Only finalists will be invited to
participate in the subsequent steps of the procurement.
Following initial evaluations, Finalists will be selected. The Technical Committee will evaluate each
response based on the extent to which the proposal:
1. Meets the requirements of this RFP
2. Shows a willingness to explore solutions beyond a standard purchase agreement
3. displays innovation
Upon completion of the evaluation process, the Committee will recommend one Providers, and OCAC will
establish an agreement with the recommended Provider. The Committee reserves the right to not recommend
any Prospective Providers, and OCAC reserves the right not to enter into an agreement with a recommended
Provider at its own discretion.
After the Agreement is executed, all proposals and documents pertaining to the proposals will be open to the
public. If the Prospective Provider submits information in response to this RFP that it believes to be trade
secret materials as defined by the laws, the Prospective Provider must:
• clearly mark all trade secret materials in its response at the time the response is submitted
• include a statement with its response justifying the trade secret designation for each item, and
• Defend any action seeking release of the materials it believes to be a trade secret, and indemnify and
hold harmless OCAC, its Commissioners, agents and employees, from any judgments awarded
against OCAC in favor of the party requesting the materials, and any and all costs connected with
the defense. This indemnification survives OCAC’s award of a contract. In submitting a response to this RFP, the Prospective Provider agrees that this indemnification survives as long as the trade
secret materials are in possession of OCAC.
In the event a request is made for information which the Prospective Provider has identified as trade secret, OCAC agrees to notify Prospective Provider of said request and provide its determination as to whether
disclosure is legally required, in addition to anticipated disclosure dates, if any, and to allow the Prospective
Provider an opportunity, in its discretion and at its sole expense, to seek a protective order or otherwise
protect the confidentially of the information.
As previously stated, the objective of this RFP is to develop an anti-virus and solution that protects the entire
network including the internet, gateway, servers and desktops, laptops, handheld and tablet computers. In
RFP for Antivirus Security Solutions
Page 10
addition to the applicable software, any proposed solution needs to include the maintenance, technical
support and training necessary to allow OCAC to fully utilize the software licensed.
The Technical Committee will analyze all responses to this RFP. The analysis will be based upon the criteria
set forth in this RFP. The findings and recommendations of the Committee will be submitted to the OCAC
for approval.
Where the words “shall” or “must” are used, they signify a required minimum function of system capacity that will heavily impact the Bidder’s final response rating.
Where the words “may” or “desired” are used, they signify that the feature or capacity is desirable but not
mandatory; therefore, the specifications in question will possess minimal impact on the Bidder’s final response rating.
The method by which the proposed method of performance is written will be left to the discretion of the
Service Provider. However, the Service Provider should address each specific paragraph and subparagraph of the Specifications by paragraph and page number as an item for discussion. Immediately below these
numbers, write descriptions of how, when, by whom, with what, to what degree, why, where, etc, the
requirements will be satisfied.
Evaluation Criteria
All tender responses will be evaluated in three phases
a. General Part Evaluation : Preliminary evaluation that will determine administrative
compliance and eligibility for further evaluation (Detailed in General Part of RFP)
b. Technical Part Evaluation: Detailed evaluation to determine technical compliance and support responsiveness of the Service Provider. (Detailed in Technical Part of RFP)
c. Financial Part Evaluation: Financial evaluation to consider pricing competitiveness and the financial capability of the Service Providers (Detailed in Financial Part of RFP)
The Service provider needs to score minimum 80% mark in Technical evaluation to qualify for the
Financial Evaluation.
RFP for Antivirus Security Solutions
Page 11
General Part Evaluation
The following mandatory documents must be provided in the bid response. Bids that do not have all the
following documents may, at the discretion of OCAC, not be assessed any further
d. The Certificate of compliance (Annexure-1) fully signed and stamped
e. Certificate of incorporation or registration
f. Complete address (Physical, postal, telephone, facsimile and e-mail) for the head office and all
other registered offices in India
g. List of directors and principal officers of the company. Please indicate occupation and job title
of each person
h. A letter to the effect that the principal Service Provider agrees to this requirement must be
captured upfront in the bids and will form part of the preliminary phase evaluation.
i. Copies of VAT Registration Certificate, PAN Card, Service Tax Registration Certificate.
j. Attached copies of relevant technical/CVs certificates of staff (including Technical
professionals)
k. Copies of Audit books of accounts for the last 3 years (1 mark per year per audited account. For
un- audited accounts 0 marks per year)
Sample Preliminary phase evaluation form (Attach all relevant document of this form in a single
bunch and keep it in a separate envelop superscribing “GENERAL BID DOCUMENT” )
Ite
m
No.
Item Description/Required Requirements Notes from Service
Provider’s Bid (Tick if
submitted fully, cross X if not
submitted or partial submission) 1 Certificate of compliance (attached) Must submit
2 Certificate of incorporation or
registration
Must submit
3 Copies of VAT, PAN, Service Tax
Registation
Must submit all
4 Attached copies of relevant
technical/CVs certificates of staff
Must submit relevant
to this project
5 Copies of Audit books of accounts
for the last 3 years
Must submit
6 Complete address (Physical, postal,
telephone, facsimile and e-mail) for
the head office and all other
registered offices in India
Must submit
7 Letter of accreditation by the
principles
Must submit
8 List of directors and principal
officers of the company
Must submit List of
directors and
shareholding ratio
9 Letter of no Objection from the
Service Providers and or reference
sites given
Must Submit
10 RFP Document fee of Rs.1,000/- Must Submit
11 1.a.1 EMD of Rs.50,000/- Must Submit
Does Service Provider qualify to
proceed? ( Yes/No)
Failure to submit any of
the above disqualifies
Service Provider from
further evaluation
RFP for Antivirus Security Solutions
Page 12
PERFORMANCE BANK GUARANTEE
OCAC requires that the Service Provider execute a Performance Bank Guarantee (PBG) with a nationalized
bank in favour of Orissa Computer Application Centre. The performance bond amount will be ten percent
(10%) of the total bid price. The performance Bank Guarantee will be valid for a period of three years. The
PBG can be for one year and extended in each year before expiry of the same. The PBG must be provided
before release of first (40%) payment after successful commissioning of the system.
BUYERS RIGHTS
Orissa Computer Application Centre reserves the right to reject any or all bids without giving any reasons
and OCAC has no obligation to accept any offer made. OCAC also reserves the right to keep its selection
and selection criteria confidential or amend such criteria, which has been made known to the bidder without
further reference. Bids not strictly adhering to Request for proposal conditions may not be considered by OCAC whose decision on the matter shall be final. The Supplier’s terms and conditions will not form part of
any contract with OCAC in relation to this tender. Canvassing in any form is prohibited and will lead to
automatic disqualification.
CORRUPT OR FRAUDULENT PRACTICES
OCAC requires that the Service Providers under this tender observe the highest standards of ethics during
the procurement and execution of such contracts. In pursuance of this policy, the Purchaser (i.e. OCAC)
defines the terms set forth as follows:-
• “Corrupt Practice” means the offering, giving, receiving or soliciting of any thing of value to influence
the action of the public official in the procurement process or in contract execution; and
• “Fraudulent Practice” means a misrepresentation of facts, in order to influence a procurement process or
execution of a contract to the detriment of the Purchaser, and includes collusive practice among Service
Providers (prior to or after bid submission), designed to establish bid prices at artificial non-competitive
levels and to deprive the Purchaser of the benefits of the free and open competition;
• The Purchaser will reject a proposal for award if it determines that the Service Provider recommended
for award has engaged in corrupt or fraudulent practices in competing for the contract in question.
• The Purchaser will declare a Service Provider ineligible, either indefinitely or for a stated period of time,
to be awarded a contract if at any time it is determined that the Service Provider has engaged in corrupt
and fraudulent practices in competing for or in execution of the contract.
CONTRACT TERM
The OCAC Agreement shall be effective on the date that the party to the Agreement signs the Agreement. It
shall remain in effect for three years from that date with options by mutual agreement (of the parties to the
Agreement) to renew for one (1) or two (2) additional years period.
INCURRING COSTS
OCAC is not liable for any cost incurred by Prospective Providers in replying to this RFP.
METHOD OF OPERATION
OCAC will negotiate the pricing structures, terms and conditions and related services provided under the
Agreement. Any terms and conditions which may be the subject of negotiation, will be discussed only
between OCAC and the selected Provider and shall not be deemed an opportunity to amend the Provider’s
proposal. OCAC reserves the right to terminate negotiations and select the next response providing the best
value for OCAC, prepare and release a new RFP, or take such other actions as OCAC deems appropriate if
negotiations fail to result in a successful contract. Once a Agreement is formally established, Eligible
Participant will be responsible for procurement and payment of charges associated with the anti-virus and
software and related services provided to them. OCAC will appoint a Technical Committee to oversee the
solution and assure that it operates in an effective and efficient manner. The Technical Committee will
periodically review and evaluate the performance of the solution and submit its recommendations to OCAC.
RFP for Antivirus Security Solutions
Page 13
TECHNICAL PART
CURRENT INSTALLATIONS
The Odisha Secretariat infrastructure consists of Desktops, Servers, Printers, Laptops, Switches, Firewal
with IPS, hand held devices installed in Secretariat, Rajiv Bhawan, HOD Building, Secha Sadan, Office of
CEO, I & PR Department, State Guest House & OCAC Building. Around 2700 Desktops are connected
through a high speed LAN OFC backbone. 60 Mbps lease (1:1) Internet Connectivity has been provided
through BSNL. The network nerve centre is located in the IT Centre within the Secretariat. Some critical
Applications like OSWAS, e-Pass and e-Dispatch are operational in the Secretariat Intranet. More intranet
applications will be added in future.
Technical Environment
Operating System environment:
• Windows: various flavours of the Windows Operating System both at the client side
Windows 98/2000/XP/Vista/ Windows 7/Windows8/Windows10 and the server
(Windows 2000/2003/2008/2012)
• Unix / Linux environment – Redhat Linux, Suse Linux, AIX
• MAC OS X
Database / Programming Environments
• MS SQL Server 2000/2005 /2008/2012
• MySQL
• DB2
• Oracle; various flavours of the database including but not limited to versions 8i /9i /10g/11i
• Applications developed in Visual studio/ .Net ,PHP,JAVA
• Web server Applications : Apachi, IIS
Hardware Specifications and numbers
• Most hardware are at least Intel PIV, 1.4 GHz CPU, 256MB RAM and above.
• There are approximately Windows Desktops – 3000
• Windows Servers - 11
• Redhat Linux Server– 2
• AIX Server – 8
Network Communications Infrastructure.
• The Secretariat LAN runs on TCP/IP protocol, on a converged network that carries voice
and data. Local Area Network is on 10/100/1000 Ethernet. Secretariat LAN is based on a
layered network design.
• The links used by Secretariat LAN include 60 Mbps (1:1) lease connectivity
• The network infrastructure is based on almost all CISCO environment. The Secretariat LAN
has also implemented CISCO-based IP Telephony to all Secretaries and Ministers.
RFP for Antivirus Security Solutions
Page 14
FUNCTIONAL SPECIFICATIONS OF ANTI-VIRUS SOFTWARE
1. Operational Requirements
a. Must not conflict with any of the Applications, database and development environments
stipulated above. Where a work-around is needed this should be clearly stated.
b. Should incorporate at a minimum:
i. Enterprise class antivirus solution to combat viruses, worms, and trojans
ii. Antispyware
iii. Antirootkit
iv. Personal firewall
c. Support ‘on-access’ protection
d. Support on-demand scanning
e. Support for scheduled scanning
f. Provide for various ways to deal with infection attempts including the ability to clean,
quarantine (in a specified central location) or delete as necessary
g. Ability to restore quarantine files for false-positives.
h. Support for memory scanning to eliminate memory-resident viruses
i. Support advanced Heuristics detecting new unknown viruses that can proactively detect
new/unknown malware and thus help protect or mitigate against zero-day attacks
j. Protection from Web 2.0/3.0 threats such as Cross Site Scripting attacks
k. Provide for prevention of browser settings modifications by malware (internet explorer 6.x
and above and Firefox 3.X and above)
l. Be able to scan inside the archives, self-extracting files and run-time compressed files. The
ability to configure the level of recursive scans inside zipped files is desirable
m. Have a small installable size and low impact on system resources
n. Be able to define and customize a list of undesirable file types by name and /or extensions
o. Have the ability to exclude specified files /folders from being scanned either in the on-
access mode or during on-demand scans
p. Ability to create bootable rescue packs (on CD or USB) for removal of especially boot
sector and memory-resident viruses
q. The proposed antivirus solution must be a partner of Cisco initiative of Network Admission
Control and be able to work with Cisco infrastructure to achieve this concept
r. Be able to specify and selectively block programs and ports from being executed/accessed.
s. Support for smart phones/Tablets/PDAs/Handheld device will be added advantage.
t. Data Loss prevention solution should be part of end point antivirus solution with
single agent at the host and manageable from end point AV management console
u. The Antivirus product should also have capability of repairing the infected files
rather than just quarantining or removal in real time.
v. The Antivirus product should also have the capability to perform the scanning
process randomly and updates schedules to prevent resource utilization related matters.
RFP for Antivirus Security Solutions
Page 15
w. The Antivirus product should also have the capability to identify phishing attacks and
inform to end user.
2. The software should provide centrally managed anti-virus protection for Secretariat network. This
This includes virus protection at the following points:
a. At the Web (HTTP) gateway
b. All workstation and network file servers at all locations of Odisha Secretariat and offices
covered under Secretariat LAN.
c. All computers installed on Secretariat network
3. The desktop software and the server software , where applicable, should be compatible with all
versions including latest version of:
a. Supported Microsoft operating systems, Tablet PC and hand-held devices.
b. MAC operating systems
c. LINUX operating systems
d. UNIX operating systems
e. AIX Operating System
f. VMWARE
4. Respondents should include information on their solutions for any other operating systems.
5. Respondents should describe the process for new operating systems and options in the future.
6. CENTRAL SITE MANAGEMENT
a. The software shall be managed centrally at IT Centre, Odisha Secretariat using a web-based console that allows system monitoring, software updates, client configuration, and event
reporting. The central site administrator should have the ability to manage the software at all
levels of the network and have the ability to remotely deploy product updates and
modifications to all users. Automatic software updates must be deployable every time
network login occurs at any network workstation.
b. The software should be capable of automatic (dynamic) deployment to client workstations,
as well as, removal of any existing anti-virus software. Simultaneous deployment can be
accomplished through any of the following methods: hard disk imaging, Microsoft
Windows NT-based remote installation, silent installation via Microsoft Systems
Management Server, and Active X embedded web pages for remote offices. Dynamic
deployment should be able to occur when the end user workstation is in a standard user
mode and must be transparent to the end user.
c. The software should be capable of Detection of ‘rogue’ PCs and servers that are plugged
into the IP network. This event should be logged or trigger an alert to the systems
administrator
d. The software should have ability to auto-deploy the product to discovered PCs and servers
that are not compliant.
e. Support for mobile user for better mobile user antivirus protection. For example the
proposed solution should allow for creating and sending of remote installation packages and
auto update features the moment a computer (laptop) that has been off joins the TCPIP
network.
f. Ability for the mobile computers (laptops) to search for the closest Product distribution
point and auto reconfigure itself to update from that location will be a great added
advantage. Service Providers should specify how this can be achieved
RFP for Antivirus Security Solutions
Page 16
g. Ability for the administrator to pinpoint at a glance those PCs that do not have an antivirus
agent /software at a glance. A graphical presentation of this is preferred although it can also
be given as a report
h. Automatic virus signature database update over the internet and distribution to the hierarchy
in the network. To minimize on traffic, preference will be given to those systems that
implement incremental virus signature database update
i. Automatic logging and log management. The antivirus should be able to log events into a
relational database for report generation
j. Configuration/ Policy management: the system should allow for global setting of the antivirus configurations, and the same should be automatically enforced by the management
server
k. The ability to password protect settings to avoid interference from end users is necessary
l. Virus incident alerting: the proposed system should be configurable to alert the designated
administrators of virus incidences at the very minimum using LAN messages and e-mail
messages. SMS (short messaging service) alerting for critical occurrences (configurable) is
an added advantage
m. The central site management system must be capable of providing a report of found viruses,
including locations and provide a report of incomplete or failed workstation updates. These
reports must be accessible by the network administrator as well as any central network
location.
n. The Software should have ability to detect Forward Proxy, Reverse Proxy and Transparent
bridge mode and protect access through these methods.
o. Customise captive portal for user authentication during access to internet.
7. GATEWAY PROTECTION
1. Software provided must be designed to scan for viruses at the network gateway. This protection
must be present for email, Web and file transfer traffic. Additionally, the software must have the
following features:
a. Provide real-time detection and elimination or isolation of viruses
b. Allow administrator configurable response levels to viruses including isolating the infected
file and automatic deletion of infected files.
c. Provide an automatic alert to the system administrator of multiple virus detections.
d. Provide an option for automatic virus pattern file updates from the software manufacturer to
occur as scheduled by the user.
e. Configuration of Internet gateway virus protection software must be configurable by the
user administrator using a local Windows interface as well as a remote Web browser.
f. Software provided must provide full feature operation and compatibility when being used
with common firewall protection hardware.
g. Gateway virus protection software must be configurable from the larger site central
management system that controls all software involved in the total anti-virus system.
8. FILE SERVER PROTECTION
1. Software provided must scan servers (including Database, Application servers), detecting and
removing viruses from files, including compressed files, in real time and before reaching the end
user’s computer. The file server virus protection software must also have the following features:
a. Network administrator must be able to manage the server virus protection software through
the use of a Windows-based console. This shall include management of virus outbreaks
RFP for Antivirus Security Solutions
Page 17
within the server network, virus scanning, virus pattern updates, notifications and remote
installation of program solutions and updates to all network servers.
b. The administrator must be able to monitor the status of all network servers in realtime to
determine connection status, infection status, pattern file and program solution versions.
c. The software manufacturer must be able to send notifications of a virus outbreak to the
designated network administrator through message box, pager, Internet email, SNMP trap or Window(s) event log.
d. The server protection software must provide automated maintenance tasks to include:
pattern and program solution file updating, compiling virus logs, and setting parameters for real-time scanning.
e. The software must support Microsoft Windows Server(s) , Novell, LINUX, UNIX, AIX or
other servers. Respondent must supply information on version supported.
f. The server virus protection software must, at a minimum, be Microsoft Windows Server(s)
Certified. Respondent must describe additional certifications that its solution provides.
g. The software must provide the network administrator detailed reporting of server status to
include: pattern file and program solution versions, infection status, and connection status.
h. The file server protection software must perform kernel-level scanning for viruses and
malicious codes. Additionally, the software must employ rules band and pattern-recognition
scanning technology for virus protection.
i. The scan engine, utilized by the server protection software, must be certified by the
International Computer Security Association (ICSA).The scan engine must be capable of
multi-thread scanning.
9. DESKTOP PROTECTION
1. Software provided must provide transparent virus scanning and virus removal on networked desktop
and mobile clients. Additionally, the software must have the following features:
a. The desktop virus protection software must provide centralized management features,
allowing administrators to fully manage and enforce anti virus policies across the entire
network. Additionally, the administrator must have the ability
b. To deliver dynamically virus protection updates to each network desktop. This includes
virus pattern files and scan engine updates.
c. The software must have the ability to remove virus and other malicious codes from desktops
as well as repair damage repair of the computer.
d. The desktop virus protection software must automatically and transparently remove all
existing desktop anti virus software.
e. Installation and deployment methods must include hard disk imaging, Microsoft Windows
remote installation, silent installation via Microsoft Systems Management Server, and
ActiveX embedded Web page for remote users. Respondent may include information on any
additional installation and deployment methods for their proposed solution.
f. The software must protect network desktop, laptop, wireless, smart phones, tablets, hand
held device and PDA clients from viruses, Trojans, worms and other malicious codes. This
protection must extend to virus attacks via email, web downloads, and file sharing.
g. The detection and cleaning technology of this software must be certified by the International
Computer Security Association (ICSA).
h. The Antivirus solution product must be certified by NSS Lab.
RFP for Antivirus Security Solutions
Page 18
10. Reporting and Analysis
The proposed system should produce the following reports as a minimum
a. Dashboard summary reports on the state of the implementation (e.g. Percentage protected,
unprotected, out of date, etc)
b. Infections history (all, or occurring between given dates). The report(s) should drill down
per machine and per user
c. First reported incidence of virus activity showing origin (user, time, infected file source)
d. Files infections summary detailing the most infected files
e. Infections by virus and/or malicious code type
f. Infections by virus; name, number of incidences, etc
g. Action summary reports; what actions did the antivirus take per incidence (e.g. deleted,
renamed, cleaned, etc). Graphical presentations of such data is ‘a nice to have’ though it may not constitute an advantage.
h. The following will constitute an added advantage
i. Queries or reports showing system data (user, space utilization on the hard drive, OS version
and service pack levels, etc)
j. The ability to run queries off the database which can be used for external reporting and data
analysis (e.g. from a spreadsheet)
11. Documentation Requirement
a. All documentation and training materials (both in hard copy as well as a soft copy in PDF
format) must be available in order to complete the process, business, technical/system,
operations and support acceptance activities.
b. Service Provider’s suggestions for documentation and training materials to support the
implementation, use and maintenance of the antivirus solution and any supporting
technology components that will be provided as part of this project are to be included in the
Service Provider’s proposal.
c. Documentation must be in English.
12. Training
a. It is expected that formal training will be given to administrators of the solution. However,
the solution must be intuitive and help text must be available and presented in a manner that
encourages users to try to find information. Training of technical support team will be to
such an extent that they will be reasonably able to handle their duties competently. Where appropriate, the Service Provider will be expected to discuss the technical aspects of the
system so as to enable, for example, creation of ad-hoc reports and integration to other
systems
b. Training will be provided in the English language at the OCACs premises or a convenient
mutually agreed location within Bhubaneswar, Odisha. If additional expenses will be
incurred for offsite training, this will be borne by the Service Provider.
13. IT Security
a. The proposed system is expected to be compliant with BS7799 / ISO 17799 best security
practices. Where the system materially diverts from these standards, the Service Provider in
their proposal shall disclose such deviation. The underlying database management system
should ideally be encrypted if possible. Passwords must be stored in encrypted form.
b. The proposed solution should follow a Role-Based Access model; i.e. menu structures and
functions should only be available to those with the right security level to carry them out.
RFP for Antivirus Security Solutions
Page 19
Delegation of administrative functionality or the ability to define categories of
administrative ‘users’ is desirable
14. OVERALL RESPONSIBILITY
a. The Solution Provider is obliged to work closely with the OCAC staff, act within its own
authority, and abide by directives issued by OCAC that are consistent with the terms of the
Contract.
b. The Solution Provider will abide by the job safety measures and will indemnify the OCAC
from all demands or responsibilities arising from accidents or loss of life, the cause of which
is the Solution Provider's negligence. The Solution Provider will pay all indemnities arising from such incidents and will not hold the OCAC responsible or obligated.
c. The Solution Provider is responsible for managing the activities of its personnel, or
subcontracted personnel, and will hold itself responsible for any misdemeanors.
d. The Solution Provider shall appoint an experienced counterpart resource to handle this
requirement for the duration of the Contract. The OCAC may also demand a replacement of
the manager if it is not satisfied with the manager’s work or for any other reason.
e. The Solution Provider shall take the lead role and be jointly responsible with the OCAC for
producing a finalised project plan and schedule, including identification of all major
milestones and specific resources that the OCAC is required to provide.
f. The Solution Provider will not disclose the OCAC's information it has access to, during the
course of the Consultancy, to any other third parties without the prior written authorisation
of the OCAC. This clause shall survive the expiry or earlier termination of the contract.
15. HARDWARE REQUIREMENT
a. The Solution providers also indicate the Hardware requirement for implementation of the
proposed System.
TECHNICAL EVALUATION
a. Experience and reliability of the Service Provider’s organization are considered objectively
in the evaluation process. Therefore, the Service Provider is advised to submit any
information, which documents successful and reliable experience in past performances,
especially those performances related to the requirements of this RFP.
b. The Service Provider should provide the following information related to previous and
current services/contracts performed by the Service Provider’s organization which are
similar to the requirements of this RFP
i. Name, address, and telephone number of client/contracting agency and a
representative of that client/agency who may be contacted for verification of all
information submitted;
ii. Dates and locations of the service/contract; and
iii. A brief, written description of the specific prior services performed and
requirements thereof.
c. Proposals will be objectively evaluated based on the Service Provider’s distinctive plan for
performing the requirements of the RFP. Therefore, the Service Provider should present a
written narrative, which demonstrates the method or manner in which the Service Provider
proposes to satisfy these requirements. The language of the narrative should be
straightforward and limited to facts, solutions to problems, and plans of action including
future plan.
RFP for Antivirus Security Solutions
Page 20
Technical Evaluation FORM
Sl Antivirus Solution
Evaluation criteria
Description Max
Point
weightage Score
by the SP
1 Ability to produce new
virus signatures. Status
Reporting should be
done in every 30
minutes
The period between when a
virus is discovered “in the
wild” and when a signature or
pattern file is available for
clients is extremely critical in
our environment. The longer it
takes us to get and distribute
new pattern files, the more
likely we are to have clients
getting infected
20 • < 30 minutes : 20 points
• >=30 minutes and < 45
minutes : 15 Points
• >=45 minutes and < 60
minutes : 10 Points
• >=60 minutes and < 75
minutes : 10 Points
• >=75 minutes and < 90
minutes : 05 Points
2 Unified Client Features The ability for client software
to provide antivirus, anti-spyware, SPAM filtering, and
firewall support in a single
package was very high on the
list of requirements. Packaging
all of these features together
under a single client not only
reduces desktop and system
tray clutter but typically takes
up fewer system resources in
terms of CPU and memory.
10 • Single package : 10 Points
3 Client transparency How the client itself performed
while a system was under
heavy usage. Real-time scanning and monitoring
needed to be as modest as
possible. This also meant that
any error messages or warnings
that popped up as viruses were
found needed to be easy to
understand and answer. It is
very important that the client be
as transparent and easy to use
as possible to the users.
05 • Easy understanding : 5 Points
4 Support for all
Windows and Linux
O/S
There is a great deal of variety
among systems within the
Secretariat. Therefore, it is
important that any solution
support the full range of
Windows operating systems
from Windows -7, Vista, XP
and 2003 all the way back to
Windows 98. In addition,
adding support for protecting
the number of Linux desktops
and servers was also desired.
10 • Support for all flavors of
Windows & Linux : 10 Points
• Support for latest flavor of
Windows Windows XP
onwards and all flavors of
Linux : 07 Points
• Support for latest flavor of
Windows Windows XP
onwards and not for Linux :
05 Points
• Support for all flavors of
Windows
• Support for all flavors of
Linux only : 02 Points
5 Web based
Management console
Enterprise management tools
needed to be web-based for
ubiquitous access.
05 • 05Points
RFP for Antivirus Security Solutions
Page 21
Sl Antivirus Solution
Evaluation criteria
Description Max
Point
weightage Score
by the
SP
6 Company Strength and
AV strategy
How strong the company itself
is. Fiscally weak or unsound
companies tend to get bought
out by larger corporations who
may then change the levels of service a product provides even
during a contract. Companies
also needed to have a strong
strategy and focus on antivirus
and system security as part of
our evaluation
05 • 05 Points
7 Ability to integrate
with other solutions
such as CISCO NAC
Network security is another
area of focus when selecting an
antivirus solution. The ability
of a solution to integrate with
third party solutions such as
Cisco’s Network Admission
Control is an important feature.
Because the vast majority of the
network at Secretariat is
controlled by Cisco equipment,
it is vital that any possible
solution be able to integrate
with the existing network
infrastructure.
05 • 05 Points
8 Proactive notification
on potential outbreak
and/or problems
Limited human resources
prevent from watching any
system 24x7x365. Therefore, it
is critical that any solution be
able to watch systems and automatically notify system
administrators of possible
outbreaks or issues on the
network. The ability to email or
SMS the administrator when
there appears to be an anomaly
on the network is determined to
be vital in our requirements.
10 • 05 Points
9 Ability to clean up
Viruses and/or
spyware have infected
a system
The factor that must be
considered when evaluating
antivirus solutions is how well
the product is able to clean a system after an infection. If a
solution simply detects a virus
but doesn’t clean it up well, it
doesn’t really save any time or
effort. The solution should be
able to successfully clean a
majority of infections without
having to rebuild the system.
10 • Cleaning 90% cases and
deleting 10 % cases :
05Points
• Cleaning 80% cases and deleting 20 % cases :
03Points
• Cleaning 70% cases and
deleting 30 % cases :
02Points
RFP for Antivirus Security Solutions
Page 22
Sl Antivirus Solution
Evaluation criteria
Description Max
Point
weightage Score
by the
SP
10 Ability to quickly
prevent outbreaks
while new virus
signatures are not yet
available
The ability to prevent an
outbreak from occurring when
there is no virus signature or
pattern file available is
extremely important. Hundreds of systems could potentially
become infected in the time it
takes a virus to be detected “in
the wild” to the time a new
pattern is available. A feature
we considered key is the ability
for software to keep systems
protected even though they
were unable to detect the virus.
10 • Protection from undetected
virus before pattern file is
made available: 10 Points
11 Deployment of
Experts at site
The Solution provider needs to
deploy experienced
professionals (3 Nos.) at IT
Centre for addressing the issues
related to virus. One of them
should be designated as project
head and others project
assistant. The project should
have BE/BTech/MTech
qualification with minimum 3
years of experience in relevant
field and should have managed
at least 5 projects of minimum
3000 users. The project
assistants should have MCA qualification with minimum 3
years of experience in relevant
field
10 • Incase Project Head
qualification is MTech with 3
years of experience in
relevant field or qualification is BTech/BE with 5 years of
experience in relevant field :
10 Points
• Incase Project Head
qualification is BTech/BE
with 3 years of experience in
relevant field: 07 Points
RFP for Antivirus Security Solutions
Page 23
FINANCIAL PART
FINANCIAL EVALUATION
Technological advances are anticipated over the term of this contract. Costs (Rupees inclusive VAT and
other applicable taxes where necessary) and Man/Day estimates, where appropriate, broken down by:
a) General Service Provider Costs
(1) Per workstation/user for a minimum of 3000 workstations (and incremental bundles
thereof)
(2) Per operating system where applicable
(3) Per application where applicable
Respondents are encouraged to provide a contract mechanism for their current eligible customers to roll into
this agreement at anytime after the inception of the contract. All pricing on future software products offered under this proposal must, at a minimum, reflect the same percentage discounts or better as established with
this contract award. Greater discounts are permissible and encouraged. Any price reductions from Service
Providers from the time of proposal submission to time of purchase order must be passed on to the OCACs.
Respondents must identify any and all associated costs, fees or charges for which the OCAC may be billed.
Costs not indicated in your proposal will not be paid.
1. Pricing
The Service Provider shall provide a firm, fixed price for the Original Contract Period. All costs
associated with the required services/equipment shall be included in the prices. All deliveries shall be made FOR Destination with freight charges fully included and prepaid. The Service Provider pays and
bears the freight charges.
Enterprise Antivirus solution pricing format
Description Unit Price in Rs. Unit Price in Rs.
Renewal (1 Year)
Unit Price in Rs.
Renewal (2 Years)
Workstations/Windows Server OS
Redhat Linux Server/ AIX Server
(30 users)
Apps *
Other
(Price quoted should be inclusive of Taxes)
* - These include specific protection on server OS, database, messaging, internet proxy, and other applications
where applicable (if not bundled). Repeat this row for each application as necessary.
Additional Cost to Complete. Provide an itemized list of any items not included above by the OCAC and
related costs that Service Provider deems necessary to provide the information to meet the requirements
specified in proposal. Failure to provide said list shall not relieve the Service Provider from providing such
items as necessary to meeting the entire requirement.
RFP for Antivirus Security Solutions
Page 24
Terms of payment
• 60% payment after complete installation and operationalisation against submission of 10%
bank guarantee (BG) that will be valid for three years. The BG can be for one year and
extended in each year before expiry and release of subsequent payment.
• 10% payment shall be released after completion of 1st year of service.
• 10% payment shall be released after completion of 2nd
year of service.
• 20% payment shall be released after completion of 3rd year of service.
Penalty clauses
• Severity Level-1: Rs.500.00 shall be imposed for each 30 minutes delay in resolving the
problem after permissible time of 30 minutes to attend the problem.
• Severity Level-2: Rs. 15/- per node shall be imposed for each 1 hour delay in resolving the
problem after permissible time of one hour to attend the problem.
• Severity Level-3: Rs. 15/- per node shall be imposed for each 2 hours delay in resolving
the problem after permissible time of two hours to attend the problem.
• More than 2 times failure in a day to address the issue Rs.1500/- per failure shall be charged
as additional penalty. Maximum failure allowed in a day will be 3 times above which
penalty of Rs.10000/- per failure shall be charged and current warranty period shall
automatically increased by one week
• More than 2 times failure in a week to address the issue Rs.1000/- per failure shall be
charged as additional penalty. Maximum failure allowed in a week will be 15 times above
which penalty of Rs.10000/- per failure shall be charged and current warranty period shall
automatically increase by one month.
Sl Severity
Level
How to define How to measure Penalty
1 Severity Level-1
Complete Network failure due to virus
infection or application
failure due to virus
infection shall be treated
as critical and must be
attended within 30
minutes.
Complete network failure shall be ascertained from the NMS report. If NMS reports no
network fault both at Core Switch/Router level
and end points and end points are accessed
from the Core Switch/router, it means there is a
congestion in the network, which could be
spurious packet flooding or ARP flooding.
Rs.500.00 shall be imposed for each 30
minutes delay in
resolving the problem
after permissible time
of 30 minutes to attend
the problem
2 Severity
Level-2
Failure of a node or
group of nodes to access
the Internet or Intranet
application because of virus infection shall be
treated as moderately
critical and must be
attended within one hour
time.
Node or group of nodes failure shall be
ascertained from the NMS report. If NMS
reports no fault at node or group of nodes and
end points are accessed from the Core Switch/router, it means there is a virus
infection at end point. Also the reporting tool
of Antivirus solution shall indicate the virus
attack at the end points
Rs. 15/- per node shall
be imposed for each 1
hour delay in
resolving the problem after permissible time
of one hour to attend
the problem
3 Severity
Level-3
Decrease in Internet and
or Intranet access speed
due to congestion caused
by Virus infection in the
network shall be treated
as less critical and must be attended within two
hours time.
The reporting tool of Antivirus solution shall
indicate the virus attack at the end points.
Hence the reason for Network slow access can
be determined exactly. If the monitoring tool
does not show any virus/spyware infection in
the end point, the slowness may be due to other reasons like add-on programs, the amount of
memory the computer has, hard disk space and
condition, and the programs that are running
Rs. 10/- per node shall
be imposed for each 2
hours delay in
resolving the problem
after permissible time
of two hours to attend the problem .
RFP for Antivirus Security Solutions
Page 25
Penalty amount shall be deducted from payable or dues of Service Provider by OCAC.
2. Financial stability
This will involve an assessment of key standard financial ratios and trends for the last 3 years such
as profitability, leverage, debt ratio, gross margins and sales turnover.
3. Certification of Independent Price Determination
By submitting a proposal, the Service Provider certifies that in connection with this proposal:
1. The proposal has been arrived at independently, without consultation, communication or
agreement with any competitor for the purpose of restricting competition, and;
2. Unless otherwise required by law, the offer cited in this proposal has not been and will not be
knowingly disclosed by the Service Provider prior to opening directly or indirectly to any other
Service Provider; and
3. No attempt has been made nor will be made by the Service Provider to induce another person or
firm to submit or not to submit a proposal for the purpose of restricting competition.
RFP for Antivirus Security Solutions
Page 26
Annexure-1
CERTIFICATE OF COMPLIANCE
All Service Providers should sign the certificate of compliance below and return it
together with a copy of this tender document and their quotation.
We___________________________ have read this tender document and agree with
the terms and conditions stipulated therein.
Signature of Tenderer -------------------------------------------
Date………………………………………………………….
Company Stamp/Seal.