INDIAN OVERSEAS BANK · INDIAN OVERSEAS BANK Information Technology Department Central Office, 763, Anna Salai, CHENNAI – 600 002 RFP Ref No. RFP Ref No. RFP/ITD/005/18-19 dated

INDIAN OVERSEAS BANK

Information Technology Department

Central Office, 763, Anna Salai,

CHENNAI – 600 002

RFP Ref No. RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018

FOR SUPPLY, INSTALLATION AND MAINTENANCE OF NETWORK ACCESS CONTROL (NAC)

SOLUTION

AMENDMENT NO.6 13.12.2018

All other terms and conditions given in various clauses / sub-clauses / Annexure in the above

referred RFP to the extent not modified below, shall remain

Unchanged and continue to be applicable.

___________________________________________________________________________________________________

Page 1 of 27

Sl. No RFP Clause Existing RFP Terms Amended RFP Terms

1 1.3.a.2 The proposed NAC solution of the OEM

must be in Gartner's Leaders Magic

Quadrant for NAC Solution in 2 out of

last 3 years. Documentary Proof to be

submitted.

The proposed NAC solution of the

OEM must be in Gartner's Leaders

Magic Quadrant for NAC Solution

in 2 out of last 5 published reports

(from 2010 to 2014) for Network

Access Control. Documentary

Proof to be submitted.

2 1.3.a.3 The proposed NAC solution from the

OEM should be functional in any two

organizations (Bank

/Insurance/Government) with a

minimum of 10000 endpoints each, in

India on the date of the RFP.

(Documentary proof to be submitted).

The proposed NAC solution from

the OEM should be functional in

atleast one of any organizations

(Bank/Insurance/Government)

with a minimum of 10000

endpoints each, in India on the

date of the RFP. (Documentary

proof to be submitted).

3 1.3.a.4 Proposed Managed Switches & NAC

Solution should be from the same OEM.

The proposed solution (NAC &

Managed Switches) should be of the

latest model and should not be

declared End of Service Life for the

duration of the contract period (7

years for NAC & 7 years for Managed

Switches). Proposed solution should not

have been declared EOL as on the

date of submission of bids.

Documentary Proof (Annexure IV) to

be attached.

The proposed solution (NAC &

Managed Switches) should be of

the latest model and should not

be declared End of Service Life

for the duration of the contract

period (7 years for NAC & 7 years

for Managed Switches).

Proposed solution should not

have been declared EOL as on

the date of submission of bids.

Documentary Proof (Annexure IV)

to be attached.

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Page 2 of 27

4 1.3.b.4 The Bidder should be Original

Equipment Manufacturer of the NAC

Solution or the premium partner of

OEM. The Bidder must be in position to

provide support / maintenance / up

gradation during the period of

contract with the Bank and must be

having back-to-back support from

OEM. Bidder, be it OEM or premium

partner, to submit a letter of

authorization / Manufacturer

Authorization Form (MAF) as per format

provided in Annexure IV of this RFP.

Either OEM or only one of its premium

partner in India shall participate in this

RFP.

The Bidder should be Original

Equipment Manufacturer of the

NAC Solution or the premium

partner of OEM. The Bidder must

be in position to provide support /

maintenance / up gradation

during the period of contract with

the Bank and must be having

back-to-back support from OEM.

Bidder, be it OEM or premium

partner, to submit a letter of

authorization / Manufacturer

Authorization Form (MAF) as per

format provided in Annexure IV of

this RFP. Either OEM or its premium

partner in India shall participate in

this RFP.

5 1.5 DELIVERY SCHEDULES The clause has been amended

and is attached as Annexure-A to

this document. The references to

the other clauses of the RFP as

contained in the clause remain

unchanged.

6 1.6 INSTALLATION AND IMPLEMENTATION: The clause has been amended





unchanged.

7 1.7.2 Managed Switches (8/24/48 Ports): 3

years from the date of installation or

37 months from the date of delivery

whichever is earlier.

Managed Switches (24/48

Ports): 3 years from the date of

installation or 37 months from

the date of delivery whichever is

earlier.

8 1.9.1 Within 15 (Fifteen) days (exclusive of

holidays) of the date of acceptance

of the Purchase Order, the successful

Bidder shall furnish a bank guarantee

(for delivery and installation) for a

period of 6 months with a claim

period of twelve months for an

amount equivalent to 10% of the total

order value (PO Value), in the format

as per Annexure VIII of the RFP.

Within 15 (Fifteen) days

(exclusive of holidays) of the

date of acceptance of the

Purchase Order, the successful

Bidder shall furnish a bank

guarantee (for delivery and

installation) for a period of 12

months with a claim period of

twelve months for an amount

equivalent to 10% of the total

order value (PO Value), in the

format as per Annexure VIII of

the RFP.

9 1.10 PAYMENT TERMS The clause has been amended





Page 3 of 27


unchanged.

10 1.11.1 Prices should be quoted as per

Commercial Bid in Annexure ‘III’

Prices should be quoted as per

Indicative Commercial Bid in

Annexure ‘III’

11 1.12.b Indicative Commercial bids of only

the technically qualified short-listed

bidders (qualified as per 1.12 (a)

above) will be evaluated for the

purpose of arriving at Start Price of

Reverse Auction.

Indicative Commercial bids of

all the participating bidders

shall be opened but however

indicative commercial bids of

only the technically qualified

short-listed bidders (qualified as

per 1.12 (a) above) will be

evaluated for the purpose of

arriving at Start Price of Reverse

Auction.

12 1.12.c.1 The L1 bidder will be determined

based on the lowest Total Price

Quoted for (Grand Total) under

SL.NO. F (Table VI) of ANNEXURE III).

The L1 bidder will be determined

based on the lowest Total Price

Quoted for (Grand Total) under

SL.NO. H (Table VIII) of

ANNEXURE III).

13 1.13 PROCUREMENT OF ADDITIONAL

SWITCHES

PROCUREMENT OF ADDITIONAL

SWITCHES/END POINT LICENSES

14 1.13 Bank reserves its right to procure

additional Managed Switches

(8/24/48 Port) over and above the

quantities mentioned in this RFP from

the awardee of the contract at the

contracted / predetermined price for

supply to its Central Office, Regional

offices, Branches and other offices

located across the Country as per the

additional terms and conditions

stipulated below:

Bank reserves its right to procure

additional Managed Switches

(24/48 Port) & End Point Licenses

over and above the quantities

mentioned in this RFP from the

awardee of the contract at the

price for supply to its Central

Office, Regional offices,

Branches and other offices

located across the Country as

per the additional terms and

conditions stipulated below:

15 1.13.2 The Bank may exercise this option for

a period of 1 (one) year from the GO

Live of the Solution at the pre-

determined price. The rates will be

valid for a period of 1 (one) Year from

the date of acceptance of purchase

order, if not revised earlier. The

successful bidder shall supply the

additional Routers at the pre-

determined price with similar

technical specifications and models

specified in this RFP) at the time of

release of purchase order.

The Bank may exercise this

option for a period of 1 (one)

year from the GO Live of the

Solution at the pre-determined

price. The rates will be valid for

a period of 1 (one) Year from

the date of acceptance of

purchase order, if not revised

earlier. The successful bidder

shall supply the additional

Appliances/Switches/Licenses

at the pre-determined price

with similar technical

specifications and models

specified in this RFP) at the time

of release of purchase order.


Page 4 of 27

16 1.13.6 Comprehensive onsite Warranty and

Annual Maintenance Contract for

such additional Switches will also be

as per clause 1.7 & 1.8 of this RFP.

Comprehensive onsite Warranty

and Annual Maintenance

Contract for such additional

procurement will also be as per

clause 1.7 & 1.8 of this RFP.

17 2.21.3 In case the bidder fails to meet the

agreed uptime as mentioned above,

penalty shall be levied @ Rs. 2,000 per

0.1% downtime or part thereof

subject to a maximum of 10% of the

cost of NAC Appliances (Annexure III

– Table I Serial No 1.a).

In case the bidder fails to meet

the agreed uptime as

mentioned above, penalty shall

be levied @ Rs. 500 per 0.05%

downtime or part thereof

subject to a maximum of 20% of

the cost of NAC Appliances

(Annexure III – Table I Serial No

1.a).

18 Clause

2.25.7

During comprehensive on-site

warranty/ comprehensive annual

maintenance contract of the solution,

the bidder will accomplish preventive

and breakdown maintenance once in

a half year for the NAC Solution at DC

& DR and once in a quarter for all

Managed Switches, to ensure that all

hardware functions without defect or

interruption. Prior clearance from the

Bank should be obtained and records

for having done the preventive

maintenance have to be furnished to

Network Division, IT Department of the

Bank while submitting the invoice for

AMC/ATS.



maintenance contract of the

solution, the bidder will

accomplish preventive and

breakdown maintenance once

in a half year for the NAC Solution

at DC & DR and for all Managed

Switches, to ensure that all

hardware functions without

defect or interruption. Prior

clearance from the Bank should

be obtained and records for

having done the preventive

maintenance have to be

furnished to Network Division, IT

Department of the Bank while

submitting the invoice for

AMC/ATS.

19 ANNEXURE –

I

SCOPE OF

WORK –

Serial No 1

Providing the solution would cover

supply, installation and

operationalization of the hardware, all

necessary application software and

maintenance of the equipment

supplied for a period of one-year

warranty and four years AMC

(hardware, system and application

software etc.) with back to back

support from the OEM. The new

systems provided should integrate well

with the existing facility.

Providing the solution would

cover supply, installation and

operationalization of the

hardware, all necessary

application software, licenses

and maintenance of the

equipment supplied for a period

of one-year warranty and four

years AMC (hardware, system

and application software etc.)

with back to back support from

the OEM. The new systems

provided should integrate well

with the existing facility.

20 ANNEXURE –

I

The Successful bidder has to ensure the

availability of two no. of resident

engineer sat main site i.e. IOB, Central

Office, Chennai for setting up and

The Successful bidder has to

ensure the availability of an onsite

Project Manager for the project till

the GO live of the Project. The


Page 5 of 27

SCOPE OF

WORK –

Serial No 21

administration of the solution during

office hours (9 am to 6 pm) on all

working days as well as beyond office

hours or on holidays, if required.

Resident engineers should have 2

years’ experience in administration of

the Solution. Certificate from that

organisation to be submitted as a

proof of experience at the time of

payment request for onsite engineer

charges.

project manager should have a

minimum of 5+ years’ experience

in IT Infra project management.

The Successful bidder should also

ensure the availability of two no.

of onsite resident engineers at

main site i.e. IOB, Central Office,

Chennai for setting up and

administration of the solution

during office hours (9 am to 6 pm)

on all working days as well as

beyond office hours or on

holidays, if required. Resident

engineers should have 2 years’

experience in administration of

the Solution. Certificate from that

organization to be submitted as a

proof of experience at the time of

payment request for onsite

engineer charges.

21 ANNEXURE –

I

SCOPE OF

WORK –

Serial No 24

(11)

Install any patch including but not

limited to latest patch of Windows,

Anti-virus, Microsoft Office and for any

other software that is part of bank’s

checklist for profiling and posture

assessment of the device for allowing

access into bank’s network via NAC

solution. The patches will be provided

by the bank and to be carried and

installed by the field engineers of the

successful bidder.

Install any patch including but not

limited to latest patch of

Windows, Anti-virus and for any

other software that is part of

bank’s checklist for profiling and

posture assessment of the device

for allowing access into bank’s

network via NAC solution. The

patches will be provided by the

bank and to be carried and

installed by the field engineers of

the successful bidder.

22 Annexure I-

A

Technical Specifications: Network

Access Control Solution

The technical specifications for

the NAC solution have been

amended as detailed in

Annexure B to this amendment.

23 Annexure I-

B

Technical Specifications- 8 Port

Managed Switches

The requirement for 8 Port

Managed Switches has been

removed from the RFP. Bank shall

procure only 24 & 48 Port

Switches. Annexure I-B stands

deleted.

24 Annexure I -

C

Technical Specifications- 24 & 48 Port

Managed Switch.

The technical specifications for

the 24 & 48 Port Managed

Switches have been amended as

detailed in Annexure B to this

amendment.

25 Annexure III FORMAT FOR INDICATIVE

COMMERCIAL BID

The annexure has been amended

to remove references to 8 port

Managed Switches. Also the

quantity mentioned for NAC


Page 6 of 27

Appliances has been removed

and shall be quoted by bidders as

per their solution architecture.

26 Clause

2.25.7



maintenance contract of the solution,

the bidder will accomplish preventive

and breakdown maintenance once in

a half year for the NAC Solution at DC

& DR and once in a quarter for all

Managed Switches, to ensure that all

hardware functions without defect or

interruption. Prior clearance from the

Bank should be obtained and records

for having done the preventive

maintenance have to be furnished to

Network Division, IT Department of the

Bank while submitting the invoice for

AMC/ATS.



maintenance contract of the

solution, the bidder will

accomplish preventive and

breakdown maintenance once

in a half year for the NAC Solution

at DC & DR and for all Managed

Switches, to ensure that all

hardware functions without

defect or interruption. Prior

clearance from the Bank should

be obtained and records for

having done the preventive

maintenance have to be

furnished to Network Division, IT

Department of the Bank while

submitting the invoice for

AMC/ATS.

NEW CLAUSES

27 New Clause

1.3.a.5

The OEM of the proposed managed switch must be listed in Gartner's

Leaders Magic Quadrant for “Wired and Wireless Access Infrastructure” in

2 out of last 3 years (2016 to 2018). Documentary Proof to be submitted.

28 ANNEXURE –

I

SCOPE OF

WORK –

Serial No 25

Design and implementation have to be done by the onsite team of experts

from OEM along with bidders skilled team including project manager at

both DC and DRS.

29 ANNEXURE –

I

SCOPE OF

WORK –

Serial No

24.12

Installation of Network switches in Network racks wherever available and

making the switch operational.

30 ANNEXURE –

I

SCOPE OF

WORK –

Serial No

24.13

The above responsibilities of the Engineer visiting the branches shall ipso

facto apply to the site visits for additional procurement defined in clause

1.13 of this RFP. Bank shall pay site visit charges for the one time

implementation of additional procurement only and no other payment in

lieu of engineer visit for maintenance of the solution (initial or additional) as

per scope of work shall accrue to the Bank.

31 ANNEXURE –

I

SCOPE OF

WORK –

Serial No 26

Training – Bidder has to provide OEM training to minimum of 5 Bank officials

which should cover operational administration and troubleshooting

feature of the solution. Training to be arranged in Chennai. Bidder has to

provide user manual and technical documentation both in hard copies

and soft copies to the Bank.


Page 7 of 27

Annexure A

CLAUSE 1.5 DELIVERY SCHEDULE

1. Delivery of NAC Solution at Banks Primary Data Centre - The solution including the

required hardware, software and licenses should be delivered at Banks PDC within 6

(Six) weeks from the date of the acceptance of Purchase Order. (Proof of document

should be submitted along with the invoice). The address of location for delivery &

implementation of the solution is as given below: -

Indian Overseas Bank, Data Centre

STT GDC

4, Swami Sivananda Salai

600002, Chennai

Tamil Nadu, India

2. Delivery of NAC Solution at Banks DRS - The solution including the required hardware,

software and licenses should be delivered at Banks DRS within 6 (Six) weeks from the

date of acceptance of the Purchase Order. (Proof of document should be submitted

along with the invoice). The address of location for delivery & implementation of the

solution is as given below:-

Indian Overseas Bank

Disaster Recovery Site, Hyderabad

C/o: Ctrl-S Data centers Ltd,

1st floor, Pioneer Towers,

Plot No: 16, Software Units Layout,

Hi-tech City, Madhapur,

Hyderabad-500081

Bank reserves the right to change the delivery locations for the NAC Solution as stated

above at its discretion before issue of Purchase Order. Delivery for the above purpose is

deemed to be complete when the items specified in the Purchase Order are delivered

and date of delivery is the date on which the item is delivered in full in CO and in DR

(location wise).

3. Delivery of Managed Switches at Bank’s Locations (Branches/ATMs): Managed Switches

(24/48 Port) should be delivered at all locations (Will be shared with Purchase Order)

within 8 weeks from the date of acceptance of Purchase Order. Successful Bidder shall

complete centralised staging and configuration of these Switches within the schedule

mentioned.

4. Extension of delivery schedule: If, at any time during performance of the Contract, the

Bidder should encounter conditions impeding timely delivery, the Bidder shall promptly

notify the Bank in writing of the fact of the delay, its likely duration and its cause(s). As

soon as practicable after receipt of the Bidder's notice, the Bank shall evaluate the

situation and may at its discretion extend the Bidder's time for performance against

suitable extension of the performance guarantee for delivery.


Page 8 of 27

5. Penalty for Delayed Delivery: Delivery for the above purpose is deemed to be complete

only when all the items specified in Purchase Order are completely delivered (Location

wise & item wise) and date of delivery is the date on which the last item is delivered. If

the delivery schedule is not maintained as stated in clause 1.5 (1), (2) & (3) or to such

extended period as per clause 1.5 (4) of this RFP, a penalty of One Percent (1%) of the

item cost (location wise & component wise), for each week or part thereof of the delay

subject to a maximum of 10% of the cost of the component will be levied from the expiry

of due date of delivery. Any Bank dependency in delay of delivery of the solution

components, to the limit as decided by the bank, at its own discretion, shall not be

considered for calculation of the penalty.

6. Non-delivery: Failure of the successful bidder to comply with the above delivery

schedule, as stipulated in clause 1.5 (1), (2) (3) & (4), shall constitute sufficient

grounds for the annulment of the award of contract and invocation of bank

guarantee (delivery). In such an event, the Bank will call for new bids and forfeit

the EMD/Bank Guarantee.

CLAUSE 1.6. IMPLEMENTATION AND COMMISSIONING & DELAYS IN THE BIDDER'S PERFORMANCE:

1. INSTALLATION OF NAC APPLIANCES: The successful bidder (SB) shall complete the

installation & commissioning of the NAC Appliances along with software/licenses

etc. at the locations detailed in clause 1.5 of this RFP or so detailed in the Purchase

Order, within 4 weeks from the date of actual delivery or due date of delivery of the

appliances, whichever is later. Installation of the NAC Appliances & associated

software/hardware shall be deemed completed on submission of proof of

document of installation and commissioning countersigned by the Bank official .If

the schedule mentioned above is not maintained, a penalty of 1% of the cost of

NAC Appliances (Serial No 1 Table I of Annexure III) shall be levied on delay of per

week or part thereof subject to a maximum of 10% of the cost of NAC Appliances.

2. INSTALLATION OF MANAGED SWITCHES: SB shall complete the installation &

commissioning of Managed Switches at the locations detailed in the Purchase

Order, within 12 weeks from the date of actual delivery or due date of delivery of

the switches, whichever is later. Installation of the Switches shall be deemed

completed on submission of proof of document of installation and commissioning.

If the schedule mentioned above is not maintained, a penalty of 1% of the cost of

Managed Switch (Location Wise & Component Wise) shall be levied on delay of per

week or part thereof subject to a maximum of 10% of the cost of the Managed

Switches.

3. OPERATIONALISATION OF NAC SOLUTION: SB shall operationalize (Go Live) the NAC

Solution as per the Scope of Work detailed in Annexure I of the RFP within 20 weeks

of the date of Acceptance of Purchase Order. Operationalisation of the solution shall

be deemed completed on submission of GO Live Signoff signed by authorized

official of the bank. If this schedule is not maintained a penalty of 1% of the Total

Order Value (PO Value) shall be levied on delay of per week or part thereof subject

to a maximum of 5% of the Total Order Value.


Page 9 of 27

4. In case the delivery, installation & implementation of the solution is not completed

within a maximum of 24 weeks from the date of acceptance of the Purchase order,

it shall constitute sufficient grounds for the annulment of the award of contract and

invocation of bank guarantee (EMD/Delivery/Performance).

5. Delivery, Installation and Implementation of Solution & Managed Switches for Additional

Procurement as per Clause 1.13:

• Bank will issue separate purchase order/intimation for additional requirement as

detailed in clause 1.13.

• For this requirement, Successful Bidder shall deliver the switches and complete

the installation of the Solution at such sites as per the Scope of Work detailed in

Annexure I.

• For such implementation only cost of Endpoint License, Managed Switch and

cost of Engineer Visit shall be paid by the bank and no extra cost for

implementation shall be applicable.

• Such implementation should be completed within 6 weeks from the date of

intimation from the bank.

• If the schedule is not maintained a penalty of 1% of the Total Order Value (PO

Value location wise) shall be levied on delay of per week or part thereof subject

to a maximum of 5% of the Total Order Value.

CLAUSE 1.10. PAYMENT TERMS

1. Successful Bidder shall submit the following documents along with request for payment:

a. Backlining Proofs & Warranty Certificates from the OEM.

b. Service Level Agreement

c. Non-Disclosure Agreement

d. Bank Guarantee for Delivery/Performance, as per the following clauses.

e. Any other documents as specified in the following clauses.

2. Payment for NAC Appliances (Serial No 1.a of Table I of Annexure III):

a. 60% of the cost of NAC Appliances shall be released on delivery of NAC

appliances at the locations specified in the purchase order as per details

mentioned in clause 1.5.1 & 1.5.2 of the RFP. Payment shall be released by

Information Technology Department on receipt of invoices, proof of delivery

(Delivery Challan duly signed by authorized official/ POD copy of Courier

Service Provider etc.) after deducting applicable penalty.

b. 20% of the cost of NAC Appliances shall be released on installation of NAC

appliances as per details mentioned in clause 1.6.1 of the RFP. Payment shall

be released by Information Technology Department on receipt of installation

certificate after deducting applicable penalty.

c. 20% of the cost of NAC Appliances shall be released 3 months post Go Live

as per details mentioned in clause 1.6.3 of the RFP. Payment shall be released

by Information Technology Department on submission of Go Live Certificate

after deducting applicable penalty.


Page 10 of 27

3. Payment for Managed Switches (Serial No 1.b & 1.c of Table I of Annexure III):

a. 50% of the cost of Managed Switches shall be released on delivery of Switches

at the locations specified in the purchase order as per details mentioned in

clause 1.5.3 of the RFP. Payment shall be released by Information Technology

Department on receipt of invoices, proof of delivery (Delivery Challan duly

signed by authorized official/ POD copy of Courier Service Provider etc.) after

deducting applicable penalty.

b. 20% of the cost of Managed Switches shall be released on installation of

Managed Switches as per details mentioned in clause 1.6.2 of the RFP.

Payment shall be released by Information Technology Department on

submission of installation proof after deducting applicable penalty.

c. 10% of the cost of Managed Switches shall be released on GO live of the NAC

Solution as per details mentioned in clause 1.6.3 of the RFP. Payment shall be

released by Information Technology Department on submission of Go Live

Certificate after deducting applicable penalty.

d. 20% of the cost of Managed Switches shall be released 3 months post GO live

of the NAC Solution as per details mentioned in clause 1.6.3 of the RFP.

Payment shall be released by Information Technology Department after

deducting applicable penalty.

4. Payment for the managed switches as per clause 1.10.3 (a, b, c & d) may be released

in lots of minimum 1000 switches, if such a request is received from the successful bidder

and on the discretion of the bank.

5. Implementation charges (Serial No 2- Table II- Annexure III) – 100 % Implementation

charges shall be made on satisfactory customization, implementation and deployment

of the solution duly supported by Go Live Signoff duly countersigned by Bank official

and Tax invoice.

6. AMC charges for the NAC Appliance (Serial No 2 – Table III – Annexure III) for the period

starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis in

advance after deducting applicable penalty & NEFT Charges, on submission of

preventive maintenance reports.

7. AMC charges for the Managed Switches (Serial No 2 – Table IV – Annexure III) for the

period starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis

in advance on submission of preventive maintenance reports after deducting

applicable penalty & NEFT Charges,

8. ATS charges for Endpoint Licenses for the period starting from Fourth (4th) year to

Seventh (7th) year shall be paid on yearly basis in advance after deducting applicable

penalty & NEFT Charges.


Page 11 of 27

9. Cost Onsite Support: Onsite Support Charges (Serial No 2 – Table V- Annexure III) shall

be made quarterly in arrears on submission of satisfactory performance report, invoices

after deducting applicable penalty & NEFT Charges.

10. Payment for Additional Procurement: Payment for additional procurement of

Switches and Engineer visit for such implementation shall be released on submission

of invoices, proof of delivery (Delivery Challan duly signed by authorized official/

POD copy of Courier Service Provider etc.), proof of installation and confirmation of

complete implementation of NAC for such procurement.


Page 12 of 27

ANNXURE B

Technical Specifications: Network Access Control Solution

Sr. No Product Specifications (NAC)

Bidders

Compliance

(Yes / No)

Bidders

Remarks, if

any

1

Solution should integrate seamlessly with Bank's existing IT

infrastructure comprising of routers, switches, firewalls, IPS,

various types of WAN links and computers, devices,

printers, scanners, Kiosks, IP phones, Operating Systems,

VC equipment, CCTVs etc.

2

Solution should be capable to Implement authentication

and authorisation system for accessing and administering

applications, operating systems, databases, network and

security devices/systems, point of connectivity

(local/remote, etc.) including enforcement of strong

password policy, two-factor/multi-factor authentication

depending on risk assessment and following the principle

of least privileges and separation of duties. The

enforcement, authentication and admission control

should be enabled centralised as well as right at the point

access to bank's network including that at branch local

area network. i.e. The entire traffic, from any network/

computing terminal trying to access the bank's network,

should not flow to the Data centre/ Central location for

the purpose of authentication and admission and access

control.

3 Access control Solution should be through a central

policy engine across bank.

4

Network Access Control solution (NAC/NAC

Solution/Solution) should do exactly what the name

implies—control access to the network with policies,

including pre-admission endpoint security policy checks

and post-admission controls over where users and

devices can go on a network and what they can do.

5

The Network Access Control (NAC) solution should be an

automated security control platform that can monitor

and control everything on the network—all devices, all

operating systems, all users. The solution shall let

employees and guests remain productive on the network

while critical network resources and sensitive data remain

protected.

6

Solution should Maintain an up-to-date/centralized

inventory of authorized devices connected to bank’s

network (within/outside bank’s premises) and authorized

devices enabling the bank’s network.

7

Solution should provide a highly powerful and flexible

attribute-based access control solution that combines

authentication, authorization and accounting (AAA),


Page 13 of 27

NAC, BYOD, posture, profiling, guest management

services and conditional elements on a single platform.

8

It should allow to authenticate and authorize users and

endpoints via wired, wireless and VPN with consistent

policy throughout the Bank and should support variety of

authentication methods (802.1X, MAC auth, Web auth

etc) and ensure endpoint compliance is met

9

The proposed solution should have the capability for

defining role based policies, implement, monitor

continuously for policy violation. In case of violation SOC

should be alerted and given a provision of automated

remediation.

10

Solution should ensure that the high privilege accounts

(administrator level) are not used except to access

specific resources

11

Solution should be designed and deployed to work with

the existing network and devices and should not require

re-architecting the network

12

Solutions must support agent and dissolvable agent

method for performing endpoint profiling, base-lining,

health check, isolate and initiate remediation process

and must check the end device compliance before

permitting access to the network

13

The NAC solution should be able to handle minimum

60,000 devices/endpoints and scalable up to 1,00,000

devices/endpoints. The solution should perform

discovery, profiling, posturing, remediation for minimum

60,000 devices/endpoints from day 1.

14

Solution should have equipment & component level

redundancy(HA) , fault tolerance and site level

redundancy with automatic-seamless-stateful failover

between DC & DR.

15

Solution should have centralized management at both

sites. Both sites and each site can be independently

managed by the centralized management

16 All devices should have redundant power supply and

network connectivity

17 Solution should support multilocation load sharing and

failover facility

18

Components/devices should have ability to be clustered

in any combination via local and remote network

connections providing unlimited scale, redundancy, and

access load balancing.

19

Bidder has to provide equipment and peripherals with

rack mounting kit to accommodate all components in

the rack space provided in Banks data centres.

20 Solution should do Authorization, Authentication and

Accounting of network connections


Page 14 of 27

21

Supports a wide range of authentication protocols,

including PAP, MS-CHAP, Extensible Authentication

Protocol (EAP)-MD5, Protected EAP (PEAP), and EAP-

Transport Layer Security (TLS).

22

Enable administrators to centrally configure and manage

profiler, posture, guest, authentication, and authorization

services in a single web-based GUI console, greatly

simplifying administration by providing consistency in

managing all these services.

23

Solution should provision for differentiated authorization

based on specific device. For eg. When User 1 (who is a

Network Admin) logs in from PC A he is authorized to

access Internet etc. and he cannot login to any Network

device from PC1, but the same User 1 logs in to a System

Admin PC kept in Firewall's Management Zone, then the

user will be able to login to Network devices but cannot

access Internet.

24

Solution should support RADIUS, AD server for client

device authentication and TACACS+, RADIUS for network

device authentication and logging. Overlay component

may be added to achieve both functionality.

25

All external facing interfaces are programmable, which

means APIs are available to extend the system to support

different authentication protocols, identity stores, health

evaluation engines, port and vulnerability scanning

engines, SIEM, Firewall, IDS/IPS, APT, NBAD solutions etc.

Bidder has to provide the APIs and should be integrated

to these solutions without any additional cost. All licenses

to be factored for integration

26 Role-based controls of user, device, application or

controls based on post authentication security posture

27

Solution should have capability to assign services based

on the assigned user role, group, and associated policy

(job role, location, device type, and so on).

28

Identity and access management. Solution should have

capability to establish user identity, location, and access

history, which can be used for compliance and reporting.

29 Solution needs to detect unsuccessful logins and restrict

the device to limited access

30 Solution shall detect and disconnect the idle end

devices after expiry Authentication time-out

31

Solution should facilitate provisioning of assets provided

by the Bank and should deny access to non-complaint

devices

32

Solution should provision 2factor or multifactor

authentication for allowing access to the network

resources

33 Policy simulation engine for testing policy integrity

34 Real-time policy assessment, Context aware policy


Page 15 of 27

35 Dynamic role-based enforcement

36 Workflow for user and device registration

37 Access control lists – both statically defined filter-ID based

enforcement, as well as dynamically downloaded ACLs.

38 Solution must support Non 802.1x technology on assigned

ports and 802.1x technology on open use ports

39

Solution should support Mac Address Bypass (MAB) and

can further utilize identity of the endpoint to apply the

proper rules for access. Mac Address Bypass is typically

used for devices, which do not support 802.1x

40

Solution should offer comprehensive visibility of the

network by automatically discovering, classifying, and

controlling endpoints connected to the network to

enable the appropriate services per endpoint

41

Solution should have capability to get finer granularity

while identifying devices on the network with Active

Endpoint Scanning

42

Solution should support network-based profiling by

targeting specific endpoints (based on policy) for

specific attribute device scans, resulting in higher

accuracy and comprehensive visibility of the network

43

Solution should manage endpoint access to the network

with the feature/service, which enables administrators to

specify an endpoint and select an action - for example,

move to a new VLAN, return to the original VLAN, or

isolate the endpoint from the network entirely, push

dynamic ACL to the port to restrict access etc. all in a

simple interface

44

Solution should offer a rules-based, attribute-driven policy

model for creating flexible and business-relevant access

control policies. Provides the ability to create fine-

grained policies by pulling attributes from predefined

dictionaries that include information about user and

endpoint identity, posture validation, authentication

protocols, profiling identity, or other external attribute

sources. Attributes can also be created dynamically and

saved for later use

45

It should allow Administrators to create their own device

templates. These templates can be used to

automatically detect, classify, and associate

administrative-defined identities when endpoints

connect to the network. Administrators can also

associate endpoint-specific authorization policies based

on device type.


Page 16 of 27

46

Verifies endpoint posture assessment for PCs connecting

to the network. Works via either a persistent client-based

agent or a temporal web agent to validate that an

endpoint is conforming to a company's posture policies.

Provides the ability to create powerful policies that

include but are not limited to checks for the latest OS

patches, antivirus and antispyware software packages

with current definition file variables (version, date, etc.),

registries (key, value, etc), and applications. Solution

should support auto-remediation of PC clients as well as

periodic reassessment to make sure the endpoint is not in

violation of company policies

47

Solution should classify a client machine, and should

support client provisioning resource policies to ensure

that the client machine is set up with an appropriate

agent version, up-to-date compliance modules for

antivirus and antispyware vendor support, and correct

agent customization packages and profiles, if necessary

48 Solution should have automatic switch port provisions for

end device based on pre-defined rule

49

Solution should support Security compliance policy –

Security validations the solution is capable of such as

antivirus, patch update, o/s, etc.

50

Solution should support automated remediation and

integration with all major OEM Antivirus, patch update

,O/S systems, AD, etc.

51 Solution should support URL redirection for remediation or

other purposes

52

Solution should have ability to meet each of the follow

features:

a. Base lining for endpoints determines the status of a

large variety of endpoint devices, including differing

device type, operating system, etc.

b. Profiling for endpoints identifies all connected devices,

including advanced mobile identification.

c. Guest management is performed from a central,

“single pane” viewpoint allowing full visibility into current

guest provisioning.

53

Solution should support integration with leading helpdesk

ticketing system. It should support self remediation

through end user self support and automatic remediation

including guided remediation, quarantine, manual

remediation etc.

54

Solution should be capable of Integration with firewall,

IPS, Router, Switch, Wireless Access Points, Active

Directory, LDAP, MDM solutions etc of major OEMs. Bank

may go for bidirectional integration as per future

requirements.


Page 17 of 27

55

Solution should support granular level policy

enforcement and provide information about users

beyond that obtained in a login system

56

Solution should detect network threats by itself or by

integrating with other Security defences and should be

prevented from spreading and notifications to be sent to

end user and administrator concerning the network

threat activity via e-mail and http notification

57

NAC solution should take feedback from external systems

like Syslog servers, IDS/IPS, Firewalls etc and block a user if

compromised on the network.

58

Solution should deliver customizable self service portals

and web pages for device onboarding, registration etc.

for standard PC and mobile computing platforms.

59

Should support full guest lifecycle management,

whereby guest users can access the network for a limited

time, either through administrator sponsorship or by self-

signing via a guest portal. Allows administrators to

customize portals and policies based on specific needs

of the enterprise

60

Solution should have profiling capabilities integrated into

the solution in order to detect headless host. The profiling

features leverage the existing infrastructure for device

discovery. Should support the use of attributes from the

following sources or sensors: profiling using MAC OUIs,

profiling using DHCP information, profiling using RADIUS

information, profiling using HTTP information, profiling

using DNS information, profiling using Net Flow/JFlow etc.,

profiling using SPAN, profiling using SNMP etc.

61

Solution should support threat monitoring, containment,

and remediation, extending beyond rogue detection

and authentication

62

Support for importing endpoints from LDAP/AD server.

Should allow to import MAC addresses and the

associated profiles of endpoints securely from an

LDAP/AD server

63

Must incorporate a complete set of tools for reporting

(Audit trailing, customizable reporting and data export

capabilities), analysis, and troubleshooting. Data from

access transactions can be organized by customizable

data elements and used to generate graphs, tables, and

reports. Must correlate and organize user, authentication,

and device information together

64 Monitor an endpoint after it has gained access to the

network

65 Endpoint audit via NESSUS or NMAP scanning

66 The system should provide standard based external

facing APIs to extend support and integration with


Page 18 of 27

external applications like SIEM, Firewall, IDS/IPS solutions

etc

67

Solution should support troubleshooting authentication

issues by triggering session re-authentication to follow up

with an attempt to re-authenticate again

68

Must support complex PKI deployment where TLS

authentication requires validating client certificate from

multiple CA trust chain. Must also support AAA server

certificate being signed by external CA whilst validating

internal PKI signed client certificates.

69

Must be able to issue certificates using an inbuilt

Certificate Authority as well as external certificate as per

the bank's need.

70

Encryption of traffic to the wireless and wired network

using protocols for 802.1X such as EAP-TLS, EAP-PEAP or

EAP-MSCHAP.

71

Quarantine (A quarantine network is a restricted IP

network that provides users with routed access only to

certain hosts and applications). Non Complied

devices/endpoints should be quarantined by moving the

switch port to a different VLAN or by pushing

dynamic/static ACL to the switch port to restrict the

access to limited resources.

72

Captive portals (A captive portal intercepts HTTP access

to web pages, redirecting users to a web application that

provides instructions and tools for updating their

computer. Until their computer passes automated

inspection, no network usage besides the captive portal

is allowed)

73

Solution should enforce security policies by blocking,

isolating, and repairing noncompliant machines in a

quarantine area without requiring administrator

attention. Allow administrators to quickly take corrective

action (Quarantine, Un-Quarantine, or Shutdown) on risk-

compromised endpoints within the network.

74

Solution should support automated remediation system

including starting process, killing process, setting registry

keys, starting antivirus, update anti-virus, starting windows

updates and running custom scripts. The same should

also be user customisable.

75

When endpoints are discovered on the network, they

can be profiled dynamically based on the configured

endpoint profiling policies, and assigned to the matching

endpoint identity groups depending on their profiles.

76

Provides a wide range of access control mechanisms,

including downloadable access control lists (dACLs),

VLAN assignments, URL redirect, and Security Group

Access (SGA) tagging.


Page 19 of 27

77

The Solution should have capability to see endpoints

attribute data via passive network telemetry or

alternatively from the infrastructure via device sensors on

switches at Core, Distribution and Access Layer.

78

Solution should have capability which allows users /

administrators to add a device on a portal, where the

device goes through a registration process for network

access. Should allow users / administrator to mark as

lost any device that you have registered in the

network, and blacklist the device on the network,

which prevents others from unauthorized network

access when using the blacklisted device. Should

have capability to reinstate a blacklisted device to its

previous status in Device Portal, and regain network

access without having to register the device again in

the Devices Portal. Should also support removing any

device in the enterprise network temporarily, then

register the device for network access again later.

Solution should be able to provide seamless user

experience.

79

Site Specification Requirements: The bidders should

submit, as a part of Technical bid the dimensions and

weight of each piece of equipment with necessary

power and wiring requirements. The Rack space required

at DC and DRS to be stated while providing the

requirements.

80 The solution should not add another point of failure and

by-pass for business continuity

81

The Solution should have enterprise license without any

restriction to use the features mentioned in the RFP from

day one. If during the contract, solution is not performing

as per specifications in this RFP, bidder has to upgrade /

enhance the devices or place additional devices and

reconfigure the system without any cost to Bank till the

required performance is achieved.

82

The solution should detect all applications / softwares

/services installed or running in the endpoint and allow

administrators to implement policies governing those

applications /softwares / services.

83

For non 802.1X devices, network access to be provided

with MAC address Bypass (MAB) with device profiling. If

the MAC is not matching with the device profiled record,

it has to be immediately blocked (to prevent MAC

spoofing)

84

Solution should have the capability to alert and detect

the underlying device profiling if any switch port is

detected to be connected with more than 2 MAC IDs. It

should have the capability to automatically shift the

switch port to quarantine VLAN or implement dynamic

ACL to the port to restrict access.


Page 20 of 27

85

The Solution should be capable of working with various

Operating Systems like Windows, Linux. For Linux, the

solution should atleast support 802.1 X Auth.

86

The bank has Static IP address schema of /24 and /27 IP

address segment at its locations. The solution proposed by

the bidder should not involve any change in the IP

address schema at the locations.

87

Bidder shall submit Bill of Materials for the Solution (with

make & model) along with the technical bid.

88

Solution should integrate with Enterprise level SIEM

solutions and Syslog server. The Solution should be

able to share information to leading SIEM vendors

using standard protocols (Syslog, CEF).

89

Vendor shall provide documented security use

cases for proposed solution.

90

Solution should have the technical specifications

defined and documented with security baselines for

implementation.

Authorized Signatory Name and Designation Office Seal

Place:


Page 21 of 27

Annexure I (C) Technical Specifications: 24 & 48 Port Managed Switch

Sr. No Product Specifications(Managed Switches)

Bidders

Compliance

(Yes / No)

Bidders

Remarks, if

any

Type II & III Managed Switch (24 Port & 48 Port

Respectively)

1

Minimum of 24 port 10/100/1000Mbps Gigabit Ethernet

auto sensing ports for Type II Switches and Minimum of

48 port 10/100/1000Mbps Gigabit Ethernet auto sensing

ports for Type III Switches

2

Should have at least 2 Gigabit Ethernet port 1000Mbps

SFP

interface for uplink connectivity

3

Switch should be supplied with console cable, power

cable (suitable for 5 Amps socket) and rack mounting

kits.

4 Full-Duplex operation on Fast Ethernet & Gigabit

Ethernet

5 Multiple Load Sharing Trunks

6 Minimum of 512MB DRAM and 256MB Flash Memory

7 Support for minimum 16000 MAC addresses

8 IEEE 802.1Q VLAN support – Port based VLANs

9 RADIUS Support

10 High MTBF support

11

The Switch must be able to generate Syslog Messages

with timestamp and Severity codes, which can be

exported to a syslog server

12

HTTP/HTTPS access to the Switch to monitor and

configure most of the functionalities in addition to

command line interface

13

Support for Address Resolution (ARP) to work in

conjunction with Private VLAN Edge to minimize

broadcasts and maximize available bandwidth

14

The proposed Switch should be IPV6 compliant. The

device should be IPV6 Tested device and IPV6 should

support from the day one

15 Support 100 Base-TX and L2 switching

16 Multi-Link Trunking

17 Support for Spanning-Tree protocol (IEEE 802.1D)

18 STP Fast calculation features as RSTP for faster

convergence

19

Per-port broadcast, multicast and storm control to

prevent faulty end stations from degrading overall

system performance

20 Support for classification and scheduling based on

802.1 P/Q


Page 22 of 27

21

Support for 802.1P class-of-service (CoS), Ability to

Mark/Override

802.1P Cos per port

22 Configurable Tail Drop should be supported for

congestion avoidance

23

Multicast must be supported in hardware so that

performance is not

affected by multiple multicast instances

24 L2 Multicast support – IGMP Snooping

25 Should support both IPV4 and IPV6 addresses in a

multicast group

26 Support for external RADIUS for console access

restriction and authentication

27

Multi-Level access security on switch consoled to

prevent

unauthorized users

28

Support for 802.1X port based authentication. Radius

change of Authorization (CoA) for Network Access

Control, URL redirection for posture, VLAN and ACL

assignment.

29

The proposed Switch must support below IEEE 802.1X

based security requirements and available from day

one

• IEEE 802.1X

• 802.1X with VLAN assignment

• 802.1X with Guest VLAN

• 802.1X with guest VLAN enhancements

• 802.1X with Auth Fail VLAN

• 802.1X with Auth fail Open

• 802.1X with Mac Auth Bypass

• 802.1X with Mac Auth bypass for Voice VLAN

• 802.1X with ACL’s

• 802.1X with port security

• 802.1X with accounting

• NAC-L2 IEEE 802.1X

• NAC-L2 IP

• NAC-L2 IP Auth Fail open

• Web authentication for non 802.1X clients

• Multi-Domain Authentication (802.1X for IP Phone + 1

Host Behind phone)

• Switch should support concurrent deployment of

802.1X and MAB Authentication.

30

Port Based Access Control List (ACL) for Layer 2

interfaces to allow Security policies to be applied on

individual Switch ports using Layer 2, Layer 3 and Layer

4 parameters.

31 Configuration change tracking

32 System Event Logging

33 Network Time Protocol (NTP) / Simple Network time

protocol (SNTP) with authentication


Page 23 of 27

34 Switch should support SNMP Version 3

35 Support to DHCP is desirable, support DHCP to manage

IP networks and supports DHCP client and server

36

Support for Secured Ports which restrict a port to a user-

defined group of authorized stations, when secure

addresses are assigned to a secure port. The switch

should not forward any packets with source addresses

outside the defined group of addresses

37 Switch should prevent DHCP Snooping

38 IP Root Guard

39 Broadcast and Multicast storm control to avoid

degradation in overall systems performance

40

Downloadable ACL (dACL) assigned dynamically per

port & Port Security

1. Switches should support dACLs per port.

2. Should support downloading of dACLs created

on a central NAC server

3. Each dACL rule should support specification of

multiple ports/IP address.

4. Switch should support display of number of

times dACL rules gets matched.

41 Should able to integrate with SIEM solution

42 The Switch should seamlessly integrate with existing

Network equipment’s

43 Support for Per-port broadcast, multicast and unicast

storm control

44 Should support DNS

45 Should support BPDU guard to avoid topology loop

46 Unicast MAC filtering, unknown unicast and multicast

port blocking

47

Support for MAC address notification allows

administrators to be notified of users added to or

removed from the network

48

Support Bidirectional data support on the SPAN port

allows Intrusion Prevention System (IPS) to take action

when an intruder is detected

49 Provision for Dynamic policies at Layer 2-4 for QoS and

Security

50 Embedded support for web based management using

standard secured web browser.

51 Support for SNMP V3 with encryption

52 support for TFTP based software download

53 Support for port mirroring measurement using a

network analyzer or RMON probe.


Page 24 of 27

54 Switch must be remotely managed via one telnet

session for all module configuration.

55 Should have functionality to add new features like OS/

firmware upgrades from central location.

56

Support for dynamic VLAN assignment either through

IEEE 802.1x for implementation of VLAN membership

policy server client functions to provide flexibility in

assigning ports to VLANs. Dynamic VLAN helps enable

fast assignment of IP addresses.

57 Real time multi port statistics.

58 Device and port groupings for navigation and policy

management.

59 TACACS + server support

60 Enterprise MIB

61 Admin access right

62 Traffic volume/ error/ congestion monitoring

63 The Switch should support IEEE 802.1Q VLANS, 802.1P,

802.1D, 802.3U, 802.1X, 802.3ab, 802.3ad, 802.1s.

64 Should support RFC 768, 783, 791, 792, 826, 854, RFC 951.

65 The quoted model should be complied for

EAL3/NDPP from day one


Page 25 of 27

ANNEXURE – III

FORMAT FOR INDICATIVE COMMERCIAL BID

1. Name of Bidder :

2. Address of Corporate Office :

TABLE I – COST OF NETWORK ACCESS CONTROL SOLUTION:

Sl.No Description Qty

(a)

Unit

Price

(Rs.)

(b)

Total price

(Rs.)

(a*b)

1.a Network Access Control Appliance* with 3

year comprehensive onsite warranty for DC

& DR as per Annexure – I (A).

1.b Licenses for endpoints / devices as per

Annexure – I (A) endpoints / devices with 3

year warranty

60000

1.c 24 Port Managed Switch with 3-year

comprehensive onsite warranty. 4590

1.d 48 Port Managed Switch with 3-year

comprehensive onsite warranty. 197

2. Total (I.a to 1.d) *quantity to be quoted by bidder as per Bill of Materials

TABLE II – COST OF IMPLEMENTATION:

Sl.No Description Total Cost

(Rs.)

1 Total Cost of Installation and Implementation of Network Access

Control Solution at Bank’s DC, DR, Branches, ATMs & Other

locations.

2 Total Implementation Cost

TABLE III – AMC FOR NAC APPLIANCE (4th to 7th Year):

Sl.No Description Qty Unit

Price(Rs.) Total price

(Rs.)

1.a AMC for Network Access Control

Appliance for 4th year

1.b AMC for Network Access Control


1.c AMC for Network Access Control


1.d AMC for Network Access Control


2. Total cost of AMC (1.a to 1.d)


Page 26 of 27

TABLE IV – AMC FOR MANAGED SWITCHES (4th to 7th Year):



(Rs.)

1.a AMC for 24 Port Managed Switch for 4th

year

4590

1.b AMC for 24 Port Managed Switch for 5th

year

4590

1.c AMC for 24 Port Managed Switch for 6th

year

4590

1.d AMC for 24 Port Managed Switch for 7th

year

4590

1.e AMC for 48 Port Managed Switch for 4th

year

197

1.f AMC for 48 Port Managed Switch for 5th

year

197

1.g AMC for 48 Port Managed Switch for 6th

year

197

1.h AMC for 48 Port Managed Switch for 7th

year

197

2 Total cost of AMC (1.a to 1.i)

TABLE V – COST OF ONSITE SUPPORT (1ST year to 7th year)

Sl.No Description Qty Unit Cost (Rs.) Cost of Support (Rs.)

1.a Cost of Onsite Support for 1st year 2

1.b Cost of Onsite Support for 2nd year 2

1.c Cost of Onsite Support for 3rd year 2

1.d Cost of Onsite Support for 4th year 2

1.e Cost of Onsite Support for 5th year 2

1.f Cost of Onsite Support for 6th year 2

1.g Cost of Onsite Support for 7th year 2

2. Total Cost of Onsite Support

TABLE VI – ATS FOR END POINT LICENSES (4th to 7th Year):



(Rs.)

1.a ATS for End Point Licenses for 4th year 60000 1.b ATS for End Point Licenses for 5th year 60000 1.c ATS for End Point Licenses for 6th year 60000 1.d ATS for End Point Licenses for 7th year 60000

2. Total cost of ATS (1.a to 1.d)


Page 27 of 27

TABLE VII- SITE VISIT CHARGES FOR ADDITIONAL PROCUREMENT ONLY



(Rs.)

1 Cost of Engineer Visit for implementation of

NAC and installation of Managed Switch

for additional procurement as per clause

1.13

100

2. Total cost of Visit

TABLE VIII – TOTAL COST OF OWNERSHIP (TCO):

Sl.No Description TABLE Total Price (Rs.)

A Total amount under Serial No. 2 TABLE I B Total amount under Serial No. 2 TABLE II C Total amount under Serial No. 2 TABLE III D Total amount under Serial No. 2 TABLE IV E Total amount under Serial No. 2 TABLE V F Total amount under Serial No. 2 TABLE VI G Total amount under Serial No. 2 TABLE VII

H GRAND TOTAL

Note:

1. L1 will be determined based on the total cost of ownership (TCO) quoted by any of the

technically short-listed bidder, whose commercial bid is opened, under Table VIII Serial

No. H (Grand Total).

2. Quantities mentioned for Managed Switches, End Point Licenses and Site Visits for

Additional Procurement are indicative in nature and should not be construed as

commitment from the Bank. Actual count may differ as per the discretion of the Bank.

We certify that the items quoted above meet all the Technical specifications as per Annexure

I of the RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018 and prices quoted are all in

compliance with the terms indicated in clause 1.10 of the RFP Ref No. RFP/ITD/005/18-19 dated

05.10.2018. We also confirm that we agree to all the terms and conditions mentioned in this

RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018.

Authorised Signatory:

Name and Designation:

Office Seal with date

Documents

INDIAN OVERSEAS BANK · INDIAN OVERSEAS BANK Information Technology Department Central Office, 763, Anna Salai, CHENNAI – 600 002 RFP Ref No. RFP Ref No. RFP/ITD/005/18-19 dated