Transcription
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENTNATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENTMUMBAIRequest for Proposalfor“Vulnerability Assessment and Penetration Testing (VAPT)”This document, containing 85 pages, is the property of National Bank for Agriculture and RuralDevelopment (NABARD). The use of the contents of this document, even by the Authorized personnelor agencies for any purpose other than the purpose specified herein, is strictly prohibited as it shallamount to copyright violation and thus shall be punishable under the Indian Law.Ref No. NB.DIT/ 780 /DIT-012-15 /2016-17 dated 01 December 2016P a g e 1 85
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENTGeneral Information1. The RFP is posted on NABARD’s website www.nabard.org. NABARD reserves the right to changethe requirements. Any changes m a de s ubse quent ly will be posted only on the web site. Hencebefore submitting bids, bidder must ensure that such clarifications/changes have been consideredby them. NABARD will not have any responsibility in case some omission is done by any bidder.2. Bidders are advised to study the tender document carefully and submit the bids. The submissionshall be deemed to have been done after careful study and examination of the tender documentwith full understanding of its implications.3. Each page of the technical as well as commercial bid and any supplementary document attached,if any, should have the signature and the seal of an authorized person.4. The participating bidders are required to submit documentary evidence in support of all theeligibility criteria.5. All the information/documents s oug ht t hroug h t he RF P should be provided. Incompleteinformation/documents may lead to rejection.6. In case of any clarification required to assist in the examination, evaluation and comparison ofbids, NABARD may, at its discretion, ask the bidder for such clarification. The response / clarificationshall be in writing and no change in the price or substance of the bid shall be sought, offered orpermitted.7. Any clarifications sought by the NABARD or the bidders will be published on website or sharedby email, if NABARD thinks it fit to do so.8. Bids once submitted will be treated as final unless clarifications are sought by NABARD.9. NABARD reserves the right to impose a penalty, if the successful bidder choses to withdraw the bid.10. NABARD shall not be responsible for non-receipt/non-delivery of bid documents due to any reason.11. The Last date of Submission of bid is 23 December 2016 at 1500 Hrs.12. The response to the RFP should be in English only.13. All prices should be quoted in Indian Rupees only.14. Notwithstanding anything contained herein above, in case of any dispute, claim and legal actionarising out of this RFP, the parties shall be subject to the jurisdiction of courts at Mumbai,Maharashtra, India only.15. Neither the contract nor any rights granted under the contract may be sold, leased, assigned, orotherwise transferred, in whole or in part, by the selected Bidder without advance written consentof the Bank and any such sale, lease, assignment or transfer otherwise made by the selected Biddershall be void and of no effect.16. After the selection process, the successful bidder should be prepared to revise the proposal, if needbe, to fit the stated objectives of NABARD. At the end of these discussions, NABARD will notify theaward of contract and forward format of Service Level Agreement (SLA) with NDA clause to theselected bidder.17. The successful Bidder should submit the SLA with NDA clause on the stamp paper of adequate valueand return it to the NABARD within 30 days of receipt of notification.18. The SLA shall be written in English. All correspondence and other documents pertaining to the SLA,which are exchanged by the parties, shall also be written in English.19. NABARD has the right to reject any or all bids received without assigning any reasonwhatsoever.Ref No. NB.DIT/ 780 /DIT-012-15 /2016-17 dated 01 December 2016P a g e 2 85
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENTSchedule of events:1 Purpose2345678991011The purpose of this RFP is to invite techno-commercial bids fromPrivate/Public Ltd Companies/Public undertaking/partnershipVendors, for the scope of work fulfilling the functionalities asoutlined in the Scope of Work & Annexure I of this document.Cost of TenderNon –refundable 5,000/- (Rupees Five Thousand only) in theform of Demand Draft.EMDAn amount of 1,00,000/- (Rupees One Lakh only) is to besubmitted as Bank Guarantee/Pay Order/ Demand Draftdrawn on Commercial bank in favour of NABARDNo. of Envelopes (Non window & Two (2) Envelopessealed) to be submittedEnvelope 1 containing:1. Technical Bids as per applicable Annexures I to XVI & XIX.(Submit 1 hard copy and 1 soft copy in CD)2. DD towards cost of tender & DD/BG/Pay Order for EMD.Envelope 2 containing:Commercial Bid as per Annexures XVII & XVIII (Only one bid to bekept).(Submit 1 hard copy and 1 soft copy in CD)Last Date of Submission of Bids23 December 2016, 15:00 hrsDate, Time and Venue of opening of 23 December 2016, 15:30 hrsBids, except Commercial Bids.Department of Information Technology, Fifth Floor, C Wing,NABARD, Head Office, C-24, G-block, Bandra- Kurla Complex,Bandra – (East), Mumbai 400051Last Date of query Submission 13 December 2016, 11:00 hrsPre-bid meeting15 December 2016, 11:00 hrsResponse to clarification / pre bid 17 December 2016, 17:30 hrsmeeting to be put on web siteBid Validity180 days from the last date of submission.Address for submission of BidsChief General Manager,Department of Information Technology,Fifth Floor, C Wing, NABARD, Head Office,C-24, G-block, Bandra - Kurla ComplexBandra (East), Mumbai 400051Contact Persons : Ms. Sujatha Sudhindran, DGM, DIT, NABARDShri Sudhir M. Sule, AGM,DIT,NABARDShri Satish Kumar Singh, Mgr, DIT, NABARDRef No. NB.DIT/ 780 /DIT-012-15 /2016-17 dated 01 December 2016P a g e 3 85
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENTContentsSchedule of events:. 3Contents . 41.Introduction . 82.Purpose of RFP . 83.4.2.1.Information Provided. 82.2.Disclaimer . 82.3.Costs to be borne by bidder . 82.4.No Legal Relationship . 92.5.Bidder’s Obligation to Inform Itself . 92.6.Evaluation of Offers . 92.7.Errors and omissions . 92.8.Acceptance of Terms & Conditions. 92.9.Additional Order . 92.10.Lodgment of RFP . 92.10.1.RFP submission: . 92.10.2.Right to reject the bids . 112.10.3.RFP Validity Period . 112.10.4.Queries regarding “Request for Proposal” . 112.11.Notification. 122.12.Disqualification . 122.13.Definition . 122.14.Bid Currency . 14Background . 143.1.About NABARD . 143.2.Present IT set up . 14Scope of Work . 154.1.Project Objective . 154.2.Project’s Scope . 154.2.1.Spell . 16Ref No. NB.DIT/ 780 /DIT-012-15 /2016-17 dated 01 December 2016P a g e 4 85
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENT4.2.2.Cycle . 164.2.3.Phase . 174.2.3.1.Planning & technical Assessment . 174.2.3.1.1.SRS Preparation. 174.2.3.1.2.Sign-off . 174.2.3.1.3.Approach document . 174.2.3.1.4.Kick-off . 184.2.3.1.5.Technical security assessment. 184.2.3.2.Execution . 184.2.3.2.1.Rule of Engagement . 184.2.3.2.2.Vulnerability Assessment . 194.2.3.2.3.Website/Web – Application Assessment . 234.2.3.2.4.Penetration Testing . 254.2.3.2.4.1.Black Box Testing . 254.2.3.2.4.2.White Box Testing . 254.2.3.2.4.3.Gray Box Testing . 254.2.3.2.5.Standard to adhere . 254.2.3.3.Interim Reports & Post Execution Activities . 264.2.3.3.1.Severity Scoring . 264.2.3.4.Documentation of Identified vulnerability . 274.2.4.Recommendations . 284.2.5.Retest after the interim report . 284.2.6.Final Report . 284.2.7.Completion of activity. 294.3.Tools & Resources . 294.4.Training & Awareness programme . 294.4.1.IT Security . 294.4.2.Professional Training . 304.4.3.User Level Training . 304.5.Others . 305.Pricing . 306.Payment . 317.Eligibility Criteria . 317.1.General . 317.1.1.Assessment . 317.1.2.Testing . 32Ref No. NB.DIT/ 780 /DIT-012-15 /2016-17 dated 01 December 2016P a g e 5 85
NATIONAL BANK FOR AGRICULTURE AND RURAL DEVELOPMENT7.1.3.Audit . 327.1.4.Cyber Security Related . 327.1.5.Training & Awareness program . 337.2.Technical . 337.3.Financial . 348.Signatory . 349.Pre-Bid Meeting. 3510.Opening of Quotation . 3511.Earnest Money Deposit (EMD) . 3511.1.The EMD shall be forfeited if . 3612.Indemnity . 3613.Security deposit by way of Performance Bank Guarantee . 3714.Integrity Pact . 3815.Price Composition. 3816.No Price Variations . 3917.Import Obligations. 3918.Term of execution of work . 3919.Sub-contracting . 3920.Substitution . 4021.Employee – Employer relation . 4022.Confidentiality . 4023.Settlement of disputes by Arbitration: . 4124.Order cancellation . 4225.Right to Accept or Reject the Quotation . 4326.Right to alter quantities/components. 4327.Force Majeure. 4328.Evaluation Process . 4428.1.Technical Evaluation .
Request for Proposal for “Vulnerability Assessment and Penetration Testing (VAPT)” This document, containing 85 pages, is the property of National Bank for Agriculture and Rural Development (NABARD). The use of the co
