[Abstract]

BIDDING DOCUMENT

Services for Assessment, Designing and Implementation of ITGovernance Framework

June, 2018

__________________________________________________________________General Services Department, House Building Finance Company Limited)

3rd Floor, FTC Building, Shahrah-e-Faisal, Karachi Tel: 021-35641739

Ref: HBFCL/HOK/GSD/2018 Dated: June 20, 2018

Invitation for Bids

Services for Assessment, Designing and Implementation of IT Governance Framework

House Building Finance Company Limited (HBFCL), Pakistan’s leading housing finance institution, invitesExpression of Interest (EOI) from reputed firms/companies registered with Tax Authorities and appear onActive Taxpayer List (ATL) of FBR, to provide services for assessment, designing and implementation of ITGovernance Framework.

Expression of Interest documents containing scope of work, technical requirement, documents required,checklist / format of response to EOI can be obtained from the undersigned during office hours or can bedownloaded from websites: www.hbfcl.com.

The expression of interest (EOI) prepared in accordance with the instructions provided in the EOI documentsmust reach at HBFCL Head Office, 3rd Floor, Finance & Trade Centre, Shahrah-e-Faisal, Karachi on or before13.07.2018 at 11.00 a.m. The bids will be evaluated in terms of Rule-36(b) of Public Procurement Rules 2004i.e. “Single Stage – Two Envelope Procedure.” Conditional / late expression will not be accepted. The EoI willbe opened on the same day at 11.30 a.m., in the presence of consultant/firm’s designated representatives,who may choose to attend. This advertisement is also available on PPRA website at www.ppra.org.pk.

HBFCL reserves the right to accept or reject any or all EOI in compliance with the relevant clause of PPRARules.

Head – General Services DepartmentHouse Building Finance Company Limited

3rd Floor, FTC Building, Shahrah-e-Faisal, KarachiTel: 021-35641741 Email: hafeez.rehman@hbfcl.com

A. General

1. Scope of Bid House Building Finance Company Limited , having its Head Office at 3rd Floor,FTC Building, Shahrah-e-Faisal, Karachi, invites sealed bids from tax registeredeligible companies/consulting firms for “Services for Assessment, Designingand Implementation of IT Governance Framework

2. Cost of Bidding The Bidder shall bear all costs associated with the preparation and submissionof its bid, and the HBFCL will in no case be responsible or liable for those costs.

B. Bidding Documents

3. Content ofBidding

Documents

y formsi Bidders are expected to examine all instructions, forms, terms, specificationsand other information in the Bidding Documents. Failure to furnish allinformation required by the Bidding Documents or to submit a bid notsubstantially responsive to the Bidding Documents in every respect will be at theBidder’s risk and may result in the rejection of its bid.

4. Amendment ofBiddingDocuments

i) At any time prior to the deadline for submission of bids, the Companymay, for any reason, whether at its own initiative or in response to aclarification requested by a prospective Bidder, amend the BiddingDocuments. Later amendments on the same subject modify or replaceearlier ones.

ii) Amendments will be provided in the form of Addenda to the BiddingDocuments, which will be sent in writing to all prospective Bidders thatreceived the Bidding Documents from the Company. Addenda will bebinding on Bidders. Bidders are required to immediately acknowledgereceipt of any such Addenda. It will be assumed that the amendmentscontained in such Addenda will have been taken into account by theBidder in its bid.

iii) In order to afford prospective Bidders reasonable time in which to takethe amendment into account in preparing their bids, the Company may, atits discretion, extend the deadline for the submission of bids consistentwith provision of Rule 27 of PPR 2004

C. Preparation of Bids

5. Bid Prices The prices quoted would be inclusive of all charges/Taxes livable by thelocal Authority/Provincial/Federal Governments including loading/un-loading, lifting & transportation charges to the place of work.

D – Submission of Bids

6. Deadline forSubmission ofBids

i) Bids must be received at the address specified in Bid Data Sheet nolater than the time and date specified in the Bid Data Sheet.

ii) The Company may extend the deadline for submission of bids byissuing an amendment in accordance with Clause 9, in which case allrights and obligations of the Company and the bidders previouslysubject to the original deadline will then be subject to the newdeadline.

7. Late Bids Any Bid received by the Company after the deadline prescribed in Clause 18will be returned unopened to the Bidder.

E – Bids Opening and Evaluation

8. Bid Opening The Company will open all bids, including withdrawals and modifications,in public, in the presence of Bidders’ representatives who choose toattend, at the time, on the date and at the place specified in the BDS.Bidders’ representatives shall sign a register as proof of their attendance

8. Evaluation andComparison ofBids

The technical proposals of the only qualified bids after preliminaryevaluation shall be evaluated in detail. The Financial Proposals of the onlytechnically accepted proposals will be opened and the bid found to be thelowest evaluated bid shall be accepted.

9. Bid Security Bidders will be required to provide bid security in the form and amountindicated in the BDS.

The successful bidder will be required to provide performance security inthe form and amount indicated in the BDS.

F - Award of Contract

10. Award Criteria The contract will be awarded to the successful Bidder whose bid has beenfound technically & commercially compliant and has offered the lowestevaluated cost, emerged as lowest evaluated bid. Provided further that theBidder is determined to perform the contract satisfactorily.

11. Company’s Rightto Reject all theBids

The Company reserves the right to annul the bidding process and reject allbids at any time prior to award of contract.

12. Overriding Effectof PPR-2004

Whenever in conflict with these documents the stipulation of PPR-2004 asinternally adopted by Company shall prevail.

G. Bid Data Sheet

1. Services for Assessment, Designing and Implementation of IT Governance Framework

2. The bidders must be registered with Tax Authorities and appear on Active Taxpayers List (ATL)of FBR.

3. No tender shall be considered as valid unless it is accompanied by The Earnest Money equalto 2% of the total value of contract in the form of a Bank Pay Order in favor of HouseBuilding Finance Company Limited from a scheduled Bank at Karachi. No other form ofpayment of Earnest Money shall be acceptable. The earnest money shall be liable forforfeiture, in case the tenderer withdraws his tender during the period the tenders areopened for acceptance. The Earnest Money of unsuccessful Tenderers will be returned tothem after expiry of the validity of the tender/offer.

4. The Bids will be evaluated in terms of PPRA’s rule 36(b) “Single Stage – Two EnvelopeProcedure”.

5. The deadline for submission of bids shall be 13.07.2018 at 11:00 a.m.

6. Bids will be opened on same day at 11:30 am at the following address:

HBFCL, Head Office, 3rd Floor, FTC Building, Shahrah-e-Faisal, Karachi.

7. Bidders have to submit bids for COMPLETE REQUIREMENTS, partial and incomplete bids willbe rejected. Bids submitted without signed Bid Form by authorized nominee of the bidderwill be rejected. Bids with material deviation, exception, objection, conditionality orreservation will be rejected. Bids submitted late will be rejected.

8. The successful tenderer shall furnish a Bank Pay Order equal to 3% of the total value ofcontract in the form of a Bank Pay Order in favor of House Building Finance Company Limitedfrom a scheduled Bank within (3) three days from the date of acceptance of the tender. Nointerest shall be payable by the House Building Finance Company Limited on these deposits.In the event of breach of any terms of the contract, apart from forfeiture of the earnestmoney & security. Earnest money & Security Deposit shall be refundable on completion ofsupplies and satisfactory performance of all the terms of the contract.

Schedule of Tender:-

Sr.# Item (Detail & specification ) Qty Unit CostIncluding all

Taxes &Charges

Total CostIncluding all

Taxes &Charges

1.

2.3.

4.

5.

6.

7.

8.

SIGNATURE OF THE TENDERER

NAME OF THE FIRM:_____________ADDRESS:______________________TELEPHONE NOS:-_______________OFFICIAL STAMP:-

EXPRESSION OF INTEREST

SERVICES FOR ASSESSMENT, DESIGNING &

IMPLEMENTATION OF ITGOVERNANCE

FRAMEWORK

BIDDING PROCEDURE

Page 1

Table of Contents

Introduction _____________________________________________________________________________________________ 2

Need for IT Governance ____________________________________________________________________________________________________ 2

Bidding Procedure ______________________________________________________________________________________ 3

A. Objective _______________________________________________________________________________________________________________ 3

B. scope of work / Techinal Requirement ____________________________________________________________________________ 3

C. Required Documents, but not limited to the following:- ________________________________________________________ 4

D. Checklist / Format of response to EOI _____________________________________________________________________________ 6

BIDDING PROCEDURE

Page 2

Introduction

NEED FOR IT GOVERNANCE

House Building Finance Company Limited (HBFCL) would like to initiate a project with respect to

ensure HBFCL strategic alignment of IT and the business, value delivery to businesses, risk

management, resource management (including project management) and performance

management and to ensure that HBFCL stands fully compliant with the SBP Enterprise Technology

Governance & Risk Management Framework.

BIDDING PROCEDURE

Page 3

Bidding Procedure

A. OBJECTIVE

In order to execute the project, it has been decided to appoint a well reputed vendor, with required

competence and proven track record on similar work/projects. The vendor shall assist our entity in assessment;

designing and implementation of IT Governance as per Enterprise Technology Governance & Risk Management

Framework issued vide SBP’s circular no.5 of 2017.

B. SCOPE OF WORK / TECHINAL REQUIREMENT

High level scope of work of desired consultancy services is given below. However, detailed one will be assessed

and required from vendor for the evaluation of EOI Proposals. Following is the list of Policies in line with SBP

BPRD Circular No 5 of 2017 Governance Framework that are required by the Bank to be developed/updated as

per requirement:

1. Assess current state and perform gap analysis

2. Develop IT Governance Framework

3. Assist in the implementation of overall governance which includes at least following:

Develop / Update IT/IS policies & procedures

Develop / Update SOPs of the DFI

Develop / Update templates/forms (where required)

4. Monitor changes to environmental and business drivers

5. Develop Program Management Framework

6. Security and gap assessment of network and infrastructure which includes:

Network Devices: Routers, Switches, Next Generation Firewall, IPS & IDS, Proxy (Content filtering),

NMS & etc.

Data Centre Operations and DR-Site

Database Administration: Grid control model of DB, licensing, Backups (real time and offsite).

Web Application;

BIDDING PROCEDURE

Page 4

7. Assessment of Email server including back end and front end assessment

8. SMTP/POP Assessment, email spoofing & Web based email assessment

9. Assessment of Host (not exceed to 10) against malware & intruders

C. REQUIRED DOCUMENTS, BUT NOT LIMITED TO THE FOLLOWING:-

1. Technology Governance Framework

2. IT Strategy Plan

3. Digital Strategy Plan

4. TORs of Board of Directors & Senior Management

5. Technology Policy Framework (IS, Services Delivery & Operations Management, Project Management,

Acquisition, Development & Implementation of Technology Solution/Systems, Business Continuity and

Disaster Recovery)

6. BOD MIS to oversee the Implementation of IT Strategy, Business Plan and Exception from board- approved

IT Polices and progress on Major IT Projects

7. Management MIS to monitor the implementation of IT Governance and Risk Management

8. IT Training Policy, Program which includes framework, processes and procedures

9. Risk Assessment & Treatment Process

10. Disposal and Destruction Policy & Process

11. Information Classification Strategy & Guidelines

12. User Access Request Process & Procedures (Remote, Local host data and systems

13. Cyber Security Awareness Program

14. Vendor Access Request Procedure

15. Cyber Security Incident MIS

16. Vulnerability Management Program

17. IT Service Management Framework

18. IT Problem Management Policy, Process & Procedure

19. Patch Management Process & Procedure

20. IT Capacity Management Plan

BIDDING PROCEDURE

Page 5

21. IT Data Center structure & Operations Procedures

22. IT Project Management Framework (Methodology, Team Roles & Responsibilities)

23. System Development and Acquisition Framework (Secure System Development Life Cycle

Methodology)

24. Project Management Standards

25. IT Procurement Policy

26. Change Management Process & Procedure

27. Cloud Service Provider Policy

28. Data Leakage & Protection (USB and other Storage device) Policy

29. IT Helpdesk Policy

30. IT Hiring Policy

31. IT Audit Program

32. Audit Document Maintenance and Retention Policy

33. All Technology related IT / IS Procedures and SOPs

34. Review & Update of IT / IS Organizations Structure / TORs (Board IT Committee, IT Steering Committee)

35. Review & Update of BCP Plan & Process

36. Review & Update of DR Plan

37. Review & Update of IT Assets and Configuration Management Policy

38. Review & Update of Network Management Policy

39. Review & Update of Email Policy

40. Review & Update of Internet and Intranet Usage Policy

41. Review of Third-Party and Outsource Policy

42. Review & Update of Data Management and Backup Policy

43. Review & Update of Vulnerability Assessment & Penetration Testing Framework

44. Review & Update of Cyber Security Framework & Action Plan

45. Review & Update of IT Risk Management Policy, IS Risk Management Framework

46. Review & Update of Cyber Security Incident Management Plan, Policy, Process & Procedures

BIDDING PROCEDURE

Page 6

D. CHECKLIST / FORMAT OF RESPONSE TO EOI

Qualified and interested vendors having requisite technical expertise and experience may submit their response

to EOI containing following details. Following checklist, duly filled, must be provided in the beginning of

response to EOI along with vendor proposal.

S.No Required Documents / Information Attached

(Yes / No)

Reference

(Page No / Annexure No)

1

Title Page:

Interested vendors may please mention at-least following information on title page of their response to EOI:

Title: “IT Governance Transformation”.

Name of the Bidding firm.

Name of authorized contact person along with his designation, Cell No, email address, Land line No and contact address.

Date of Submission of response to EOI.

2

Company Profile:

Please provide at-least following information:

Company Name

List of Current Directors / Partners

List of Offices (Street Address, Land Line No, Contact Person)

Years of local and international experience in financial sector

Management structure (Senior Management, Managers)

3 Company Credentials:

Similar credentials of financial sector

Similar credentials of other sector

4

Proposed Methodology, Processes:

Please describe the proposed methodology, processes, and specific considerations etc. for assessment, design and implementation of IT Governance

BIDDING PROCEDURE

Page 7

S.No Required Documents / Information Attached

(Yes / No)

Reference

(Page No / Annexure No)

5

Project Resources:

Details of relevant / key resource:

Please provide at-least following information in respect of each relevant proposed resource in this project:

Name of Employee

Title/ Designation of Employee

Qualification of Employee

Experience/Skills of the Employee

Name of Projects in which the resource participated along with performed role

List of all certifications resource hold

6 The bidder must have legal presence in Pakistan. The firm must submit List of Offices across Pakistan.

7 Any other information relevant to this project that you deem necessary for selection of vendor.