REQUEST FOR PROPOSAL FOR ENGAGEMENT OF NETWORK … · 2020. 8. 18. · request for proposal for engagement of network integrator (ni) and setting up of next gen network operations

REQUEST FOR PROPOSAL

FOR

ENGAGEMENT OF NETWORK INTEGRATOR (NI)

AND

SETTING UP OF NEXT GEN NETWORK OPERATIONS CENTRES (NOCS)

REF: SBI/GITC/NW&C/20-21/706 DATED 18.08.2020

DEPUTY GENERAL MANAGER,

NETWORKING & COMMUNICATION DEPARTMENT,

GLOBAL IT CENTRE, GITC,

SECTOR -11, CBD BELAPUR,

NAVI MUMBAI – 400614

RFP for Engagement of Network Integrator (NI)

&

Setting up of Next Gen Network Operations Centre (NOC)

Page 2 of 329 Confidential & Proprietary

Schedule of Events

Sl

No

Particulars Remarks

1 Contact details of issuing

department

(Name, Designation, Email address

for sending any kind of

correspondence regarding this

RFP)

Deputy General Manager,

Networking & Communication Dept.,

State Bank Global IT Centre,

First Floor, D Wing, Sector 11,

CBD Belapur, Navi Mumbai-400614

[email protected];

[email protected]

[email protected]

2 Bid Document Availability

including changes/amendments, if

any to be issued

RFP may be downloaded from Bank’s

website https://www.sbi.co.in procurement

news from 18.08.2020.

3 Last date for requesting

clarification

Up to 6.00 pm on 02.09.2020

All communications regarding

points/queries requiring clarifications shall

be provided in the format specified in the

RFP through e-mail.

4 Pre-bid meeting at

From 3.00 pm to 6.00 pm on 07.09.2020 at

GITC Belapur or through VC depending

upon the COVID-19 Lockdown position at

the discretion of the Bank.

5 Clarifications to queries raised at

the pre-bid meeting will be

provided by the Bank.

On 15.09.2020

6 Last date and time for Bid

submission

Up to 3.00 PM on 30.09.2020

7 Address for submission of Bids Deputy General Manager,

Networking & Communication Dept. State

Bank Global IT Centre,



8 Date and Time of Opening of

Technical Bids

30.09.2020 at 4:00 PM

9 Opening of Indicative Price Bids Indicative price bid of technically qualified

bidders only will be opened on a subsequent

date (will be advised later)

10 Reverse Auction On a subsequent date (will be advised later)

mailto:[email protected]

http://www.sbi.co.in/


&



11 Tender Fee Rs.25,000/-

The amount should be deposited in

A/c No. 37608352111,

IFSC - SBIN0011343

Account Name: Sys. Sus. Br. Parking

Account

The tender fee will be non-refundable.

12 Earnest Money Deposit

Rs.2 Crore

The amount should be deposited in

A/c No. 37608352111,

IFSC - SBIN0011343

Account Name: Sys. Sus. Br. Parking

Account

Or

EMD should be in the form of a Bank

guarantee. EMD shall be valid up to 180

days from the bid submission date.

Bidder should deposit EMD and Tender

Fee separately.

13 Bank Guarantee 10% of the

total value

of the

Contract

Performance Security in the

form of BG should be valid

for 5 year(s) and three

months from the effective

date of the Contract.

14 Contact details of the agency

appointed for e-procurement

M/s E-Procurement Technologies Ltd,

Ahmedabad

Website: https://etender.sbi/SBI/

Contact details:

Shri Imtiyaz Tajani- Mob: 7968136831

Email: [email protected]

Shri Nisarg Thakkar-Mob: 7968136822

Email: [email protected]

https://etender.sbi/SBI/


&



Part-I

S.N. INDEX

1 INVITATION TO BID

2 DISCLAIMER

3 DEFINITIONS

4 SCOPE OF WORK

5 ELIGIBILITY AND TECHNICAL CRITERIA

6 COST OF BID DOCUMENT

7 CLARIFICATIONS AND AMENDMENTS ON RFP/PRE-BID MEETING

8 CONTENTS OF BID DOCUMENTS

9 EARNEST MONEY DEPOSIT (EMD)

10 BID PREPARATION AND SUBMISSION

11 DEADLINE FOR ONLINE SUBMISSION OF BIDS

12 MODIFICATION AND WITHDRAWAL OF BIDS

13 PERIOD OF BID VALIDITY AND VALIDITY OF PRICE QUOTED IN

REVERSE AUCTION (RA)

14 BID INTEGRITY

15 BIDDING PROCESS OF TECHNICAL BIDS

16 TECHNICAL EVALUATION

17 EVALUATION OF INDICATIVE PRICE BIDS AND FINALIZATION

18 CONTACTING THE BANK

19 AWARD CRITERIA AND AWARD OF CONTRACT

20 POWERS TO VARY OR OMIT WORK

21 WAIVER OF RIGHTS

22 CHANGE IN ORDERS

23 CONTRACT AMENDMENT

24 BANK’S RIGHT TO ACCEPT ANY BID AND TO REJECT ANY OR ALL

BIDS

25 BANK GUARANTEE

26 COUNTRY OF ORIGIN/ELIGIBILITY OF PRODUCTS & SERVICES

27 DELIVERY, INSTALLATION AND COMMISSIONING

28 SYSTEM INTEGRATION TESTING AND USER ACCEPTANCE

TESTING

29 SERVICES (HARDWARE)

30 SERVICES (OTHER THAN HARDWARE)

31 WARRANTY AND ANNUAL MAINTENANCE CONTRACT FOR

HARDWARE

32 WARRANTY AND ANNUAL MAINTENANCE CONTRACT (OTHER

THAN HARDWARE)


&



33 PENALTIES

34 RIGHT TO VERIFICATION

35 INSPECTION AND TESTING FOR HARDWARE

36 INSPECTION AND TESTING (OTHER THAN HARDWARE)

37 RIGHT TO AUDIT

38 SUB-CONTRACTING

39 INSURANCE

40 VALIDITY OF AGREEMENT

41 LIMITATION OF LIABILITY

42 CONFIDENTIALITY

43 DELAY IN SERVICE PROVIDER’S PERFORMANCE

44 SERVICE PROVIDER’S OBLIGATIONS

45 TECHNICAL DOCUMENTATION (FOR HARDWARE)

46 TECHNICAL DOCUMENTATION (OTHER THAN HARDWARE)

47 INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP

48 LIQUIDATED DAMAGES

49 CONFLICT OF INTEREST

50 CODE OF INTEGRITY AND DEBARMENT/BANNING

51 TERMINATION FOR DEFAULT

52 FORCE MAJEURE

53 TERMINATION FOR INSOLVENCY

54 TERMINATION FOR CONVENIENCE

55 DISPUTES/ARBITRATION (APPLICABLE IN CASE OF SUCCESSFUL

BIDDER ONLY)

56 GOVERNING LANGUAGES

57 APPLICABLE LAW

58 TAXES AND DUTIES

59 TAX DEDUCTION AT SOURCES

60 TENDER FEE

61 EXEMPTION OF EMD AND TENDER FEE

62 NOTICES

Part-II

APPENDIX INDEX

A BID FORM

B BIDDER’S ELIGIBILITY CRITERIA

C TECHNICAL & FUNCTIONAL SPECIFICATIONS

D BIDDER DETAILS

E SCOPE OF WORK AND PAYMENT SCHEDULE


&



F INDICATIVE PRICE BID

G CERTIFICATE OF LOCAL CONTENT

H BANK GUARANTEE FORMAT

I PROFORMA OF CERTIFICATE TO BE ISSUED BY THE BANK

AFTER SUCCESSFUL COMMISSIONING AND ACCEPTANCE OF

THE SERVICES AND SOLUTIONS (HARDWARE & SOFTWARE)

J PENALTIES

K SERVICE LEVEL AGREEMENT

L NON-DISCLOSURE AGREEMENT

M PRE-BID QUERY FORMAT

N FORMAT FOR SUBMISSION OF CLIENT REFERENCES

O PRE-CONTRACT INTEGRITY PACT

P FORMAT FOR EMD BANK GUARANTEE

Q MINIMUM RESOURCE REQUIREMENTS

R UNDERTAKING OF AUTHENTICITY

S MANUFACTURERS' AUTHORIZATION FORM


&



1. INVITATION TO BID:

i. State Bank of India (hereinafter referred to as ‘SBI/the Bank’), having its

Corporate Centre at Mumbai, various other offices (LHOs, Administrative Offices,

Regional Business Offices (RBOs), Global IT Centre, Foreign Offices (FOs),

Branches, etc.) of State Bank of India, Subsidiaries and Joint Ventures available at

various locations and managed by the Bank (collectively referred to as State Bank

Group or ‘SBG’ hereinafter). This Request for Proposal (RFP) has been issued by

the Bank on behalf of SBG for the Engagement of Network Integrator and

setting up of Next Gen Network Operations Centers (NOCs).

ii. To meet the Services and Solutions (hardware & software) requirements, the Bank

proposes to invite online Bids from eligible Bidders as per details/scope of work

mentioned in Appendix-E of this RFP document.

iii. Bidder shall mean any entity (i.e. juristic person) who meets the eligibility criteria

given in Appendix-B of this RFP and willing to provide the Solutions and Services

as required in this RFP. The interested Bidders who agree to all the terms and

conditions contained in this RFP may submit their Bids with the information desired

in this RFP. Consortium bidding is not permitted under this RFP.

iv. Address for submission of online Bids, contact details including email addresses for

sending communications are given in Schedule of Events of this RFP.

v. The purpose of SBI behind this RFP is to seek a detailed technical and commercial

proposal for the procurement of the Solutions and Services as desired in this RFP.

The proposed Solutions and Services must integrate with the Bank’s existing

infrastructure seamlessly.

vi. This RFP document shall not be transferred, reproduced, or otherwise used for a

purpose other than for which it is specifically issued.

vii. Interested Bidders are advised to go through the entire RFP before submission of

online Bids to avoid any chance of elimination. The eligible Bidders desirous of

taking up the project for supply of proposed Services and Solutions (hardware &

software) for SBI are invited to submit their technical and commercial proposal in

response to this RFP. The criteria and the actual process of evaluation of the

responses to this RFP and subsequent selection of the successful Bidder will be

entirely at Bank’s discretion. This RFP seeks proposals from Bidders who have the

necessary experience, capability & expertise to provide SBI the proposed Services


&



and Solutions (hardware & software) adhering to Bank’s requirements outlined in

this RFP.

2. DISCLAIMER:

i. The information contained in this RFP or information provided subsequently to

Bidder(s) whether verbally or in documentary form/email by or on behalf of SBI, is

subject to the terms and conditions set out in this RFP.

ii. This RFP is not an offer by the State Bank of India, but an invitation to receive

responses from the eligible Bidders.

iii. The purpose of this RFP is to provide the Bidder(s) with information to assist the

preparation of their Bid proposals. This RFP does not claim to contain all the

information each Bidder may require. Each Bidder should conduct its own

investigations and analysis and should check the accuracy, reliability and

completeness of the information contained in this RFP and where necessary obtain

independent advice/clarifications. Bank may in its absolute discretion, but without

being under any obligation to do so, update, amend, or supplement the information

in this RFP.

iv. The Bank, its employees, and advisors make no representation or warranty and shall

have no liability to any person, including any Bidder under any law, statute, rules

or regulations or tort, principles of restitution or unjust enrichment or otherwise for

any loss, damages, cost or expense which may arise from or be incurred or suffered

on account of anything contained in this RFP or otherwise, including the accuracy,

adequacy, correctness, completeness or reliability of the RFP and any assessment,

assumption, statement or information contained therein or deemed to form or

arising in any way for participation in this bidding process.

v. The Bank also accepts no liability of any nature whether resulting from negligence

or otherwise, howsoever caused arising from a reliance of any Bidder upon the

statements contained in this RFP.

vi. The Bidder is expected to examine all instructions, forms, terms and specifications

in this RFP. Failure to furnish all information required under this RFP or to submit

a Bid not substantially responsive to this RFP in all respect will be at the Bidder’s

risk and may result in rejection of the Bid.

vii. The issue of this RFP does not imply that the Bank is bound to select a Bidder or to

award the contract to the Selected Bidder, as the case may be, for the Project and

the Bank reserves the right to reject all or any of the Bids or Bidders without

assigning any reason whatsoever before issuance of a purchase order and/or its


&



acceptance thereof by the successful Bidder as defined in Award Criteria and Award

of Contract in this RFP.

3. DEFINITIONS:

In this connection, the following terms shall be interpreted as indicated below:

i. “The Bank” ‘means the State Bank of India (including domestic branches and

foreign offices), Subsidiaries and Joint Ventures, where the Bank has ownership of

more than 50% of voting securities or the power to direct the management and

policies of such Subsidiaries and Joint Ventures.

ii. “Networking & Communication department or NW&C” is presently the owner

of this RFP, in future if the department splits/change in name etc. the scope of the

selected NI shall remain same

iii. “Bidder/Channel Partner” means an eligible entity/firm submitting the Bid in

response to this RFP.

iv. “Bid” means the written reply or online submission of the response to this RFP.

v. “Network” means the Bank’s network spread across the globe (i.e. branches and

offices in India and abroad).

vi. “Management” means the five functional areas as defined by ISO, i.e. Fault,

Configuration, Administration, Performance, and Security Management (FCAPS).

vii. “Solution” means application along with the associated hardware and software

infrastructure to achieve the common goal.

viii. “Network Integrator (NI)” means bidder who shall be providing Network

Integration services and solution management services.

ix. “The Contract” means the agreement entered into between the Bank and Service

Provider, as recorded in the Contract Form signed by the parties, including all

attachments and appendices thereto and all documents incorporated by reference

therein.

x. “Total Contract Price/Project Cost/TCO” means the price payable to Service

Provider over the entire period of Contract for the full and proper performance of

its contractual obligations.


&



xi. “Vendor/Service Provider” is the successful Bidder found eligible as per

eligibility criteria set out in this RFP, whose technical Bid has been accepted and

who has emerged as L1 (lowest in the reverse auction) Bidder as per the selection

criteria set out in the RFP and to whom a notification of award has been given by

the Bank.

xii. “The Equipment/Product” means all the hardware, it’s all components, associated

software/firmware/operating software which the Vendor is required to supply to the

Bank under the Contract.

xiii. “Solutions/ Services / System” means all Software products and its associated

hardware infrastructure, services, the scope of work and deliverables to be provided

by a Bidder as described in the RFP and include services ancillary to the

development of the solution, such as installation, commissioning, integration with

existing systems, provision of technical assistance, training, certifications, auditing

and other obligation of Service Provider covered under the RFP.

xiv. Annual Maintenance Contract (AMC) - It would be the annual cost of

maintenance/upkeep/updation of Product, Solutions and Service.

xv. “Site(s)” means Branches/Offices, Data Centres (DC), Offshore Development

Centre (ODC), War site, or any other location decided by the Bank (depending on

the context where the term “site” has been referred to).

xvi. “Device” means all the devices physical/virtual managed under Networking &

Communication department.

4. SCOPE OF WORK:

As given in Appendix-E of this document.

The Bank may, at its sole discretion, provide remote access to its Information

Technology (IT) system to IT Service Provider through a secured Virtual Private

Network (VPN) in order to facilitate the performance of IT Services. Such remote

access to the Bank’s information technology system shall be subject to the

following:

i. Service Provider shall ensure that the remote access to the Bank’s VPN is

performed through a laptop/desktop (“Device”) specially allotted for that

purpose by the Service Provider and not through any other private or public

Device.

ii. Service Provider shall ensure that only its authorized

employees/representatives access the Device.


&



iii. Service Provider shall be required to get the Device hardened/configured as

per the Bank’s prevailing standards and policy.

iv. Service Provider and/or its employee/representative shall be required to

furnish an undertaking and/or information security declaration on the

Bank’s prescribed format before such remote access is provided by the

Bank.

v. Service Provider shall ensure that services are performed in a physically

protected and secure environment which ensures confidentiality and

integrity of the Bank’s data and artefacts, including but not limited to

information (on customer, account, transactions, users, usage, staff, etc.),

architecture (information, data, network, application, security, etc.),

programming codes, access configurations, parameter settings, executable

files, etc., which the Bank representative may inspect. Service Provider shall

facilitate and/ or handover the Device to the Bank or its authorized

representative for investigation and/or forensic audit.

vi. Service Provider shall be responsible for protecting its network and

subnetworks, from which remote access to the Bank’s network is performed,

effectively against unauthorized access, malware, malicious code and other

threats in order to ensure the Bank’s Information Technology system is not

compromised in the course of using remote access facility.

5. ELIGIBILITY AND TECHNICAL CRITERIA:

i. Bid is open to all Bidders who meet the eligibility and technical criteria as given in

Appendix-B & Appendix-C of this document. The Bidder has to submit the

documents substantiating eligibility criteria as mentioned in this RFP document.

(a) If any Bidder submits Bid on behalf of Principal/OEM, the same Bidder shall

not submit a Bid on behalf of another Principal/OEM under the RFP. Bid

submitted with option of multiple OEMs shall also be considered bid submitted

on behalf of multiple OEM.

(b) Either the Bidder on behalf of Principal/OEM or Principal/OEM itself is

allowed to Bid, however both cannot Bid simultaneously.

ii. The Bidder shall also submit PRE-CONTRACT INTEGRITY PACT along with

technical Bid as prescribed in Appendix-O duly signed by the Bidder on each page

and witnessed by two persons. The Pre-Contract Integrity Pact shall be stamped

as applicable in the State where it is executed. Bid submitted without Pre-Contract

Integrity Pact, as per the format provided in the RFP, shall not be considered.


&



6. COST OF BID DOCUMENT:

The participating Bidders shall bear all the costs associated with or relating to the

preparation and submission of their Bids including but not limited to preparation,

copying, postage, delivery fees, expenses associated with any demonstration or

presentations which may be required by the Bank or any other costs incurred in

connection with or relating to their Bid. The Bank shall not be liable in any manner

whatsoever for the same or for any other costs or other expenses incurred by a

Bidder regardless of the conduct or outcome of the bidding process.

7. CLARIFICATION AND AMENDMENTS ON RFP/PRE-BID MEETING:

i. Bidder requiring any clarification on RFP may notify the Bank in writing strictly as

per the format given in Appendix-M by e-mail within the date/time mentioned in

the Schedule of Events.

ii. A pre-Bid meeting will be held in person or online on the date and time specified

in the Schedule of Events which may be attended by the authorized representative

of the Bidders interested to respond to this RFP, through Microsoft Teams or any

other online mode.

iii. The queries received (without identifying source of query) and response of the Bank

thereof will be posted on the Bank’s website or conveyed to the Bidders.

iv. The Bank reserves the right to amend, rescind, or reissue the RFP, at any time prior

to the deadline for submission of Bids. The Bank, for any reason, whether, on its

own initiative or in response to a clarification requested by a prospective Bidder,

may modify the RFP, by an amendment which will be made available to the Bidders

by way of corrigendum/addendum. The interested parties/Bidders are advised to

check the Bank’s website regularly till the date of submission of Bid document

specified in the Schedule of Events/email and ensure that clarifications/amendments

issued by the Bank, if any, have been taken into consideration before submitting the

Bid. Such amendments/clarifications, if any, issued by the Bank will be binding on

the participating Bidders. Bank will not take any responsibility for any such

omissions by the Bidder. The Bank, at its own discretion, may extend the deadline

for submission of Bids in order to allow prospective Bidders a reasonable time to

prepare the Bid, for taking the amendment into account. Nothing in this RFP or any

addenda/corrigenda or clarifications issued in connection thereto is intended to

relieve Bidders from forming their own opinions and conclusions in respect of the

matters addressed in this RFP or any addenda/corrigenda or clarifications issued in

connection thereto.


&



v. No request for a change in commercial/legal terms and conditions, other than what

has been mentioned in this RFP or any addenda/corrigenda or clarifications issued

in connection thereto, will be entertained and queries in this regard, therefore will

not be entertained.

vi. Queries received after the scheduled date and time will not be responded/acted

upon.

8. CONTENTS OF BID DOCUMENT:

i. The Bidder must thoroughly study/analyze and properly understand the contents of

this RFP, its meaning and impact of the information contained therein.

ii. Failure to furnish all information required in this RFP or submission of Bid not

responsive to this RFP in any respect will be at the Bidder’s risk and responsibility

and the same may finally result in rejection of its Bid. The Bank has made

considerable effort to ensure that accurate information is contained in this RFP and

is supplied solely as guidelines for Bidders.

iii. The Bid prepared by the Bidder, as well as all correspondence and documents

relating to the Bid exchanged by the Bidder and the Bank and supporting documents

and literature shall be submitted in English.

iv. The information provided by the Bidders in response to this RFP will become the

property of the Bank and will not be returned. Incomplete information in the Bid

document may lead to a non-consideration of the proposal.

9. EARNEST MONEY DEPOSIT (EMD):

i. The Bidder shall furnish EMD for the amount and validity period mentioned in

Schedule of Events of this RFP.

ii. EMD is required to protect the Bank against the risk of Bidder’s conduct. The EMD

should be directly credited to the designated account or it should be in form of Bank

Guarantee (as prescribed in Appendix-P) issued in favour of State Bank of India

by any Scheduled Commercial Bank in India. In case, SBI is the sole Banker of the

Bidder, a Letter of Comfort from SBI would be acceptable. If EMD is directly

credited to designated account, proof of remittance of EMD in the designated

account should be enclosed with the technical bid. However, if EMD is in form of

Bank Guarantee, scanned copy of original EMD Bank Guarantee should be

uploaded on portal of e-Procurement agency along with technical bid. Original


&



EMD Bank Guarantee should be posted/couriered/given in person to the Bank at

the address specified in Schedule of Event Sl. No. 1, within the bid submission date

and time for the RFP.

iii. Any Bid not accompanied by EMD for the specified amount and not submitted to

the Bank as mentioned in this RFP will be rejected as non-responsive.

iv. The EMD of the unsuccessful Bidder(s) would be refunded/returned by the Bank

within 2 weeks of the Bidder being notified as being unsuccessful.

v. The EMD of successful Bidder will be discharged upon the Bidder signing the

Contract and furnishing the Bank Guarantee for the amount and validity as

mentioned in this RFP, which should be strictly on the lines of format placed at

Appendix-H.

vi. No interest is payable on EMD.

vii. The EMD may be forfeited:-

(a) if a Bidder withdraws his Bid during the period of Bid validity specified in this

RFP; or

(b) if a technically qualified Bidder does not participate in the auction by not

logging in, in the reverse auction tool; or

(c) if a Bidder makes any statement or encloses any form which turns out to be

false/incorrect at any time prior to the signing of Contract; or

(d) if the successful Bidder fails to accept Purchase Order and/or sign the Contract

with the Bank or furnish Bank Guarantee, within the specified time period in

the RFP.

viii. If EMD is forfeited for any reasons mentioned above, the concerned Bidder may be

debarred from participating in the RFPs floated by the Bank/this department, in the

future, as per sole discretion of the Bank.

10. BID PREPARATION AND SUBMISSION:

i. Online submission of Bids: The Bid is to be submitted separately for technical and

Indicative price through e-tendering. TECHNICAL PROPOSAL FOR

ENGAGEMENT OF NETWORK INTEGRATOR (NI) & SETTING UP OF

NEXT GEN NETWORK OPERATIONS CENTRES (NOC) Ref:


&



SBI/GITC/NW&C/20-21/706 Dated 18.08.2020 is to be uploaded in the e-

Tendering application of M/s E-Procurement Technologies Ltd.

(a) Index of all the documents, letters, bid forms, etc. submitted in response to RFP

along with page numbers.

(b) Bid covering letter/Bid form on the lines of Appendix-A on Bidder’s letterhead.

Proof of remittance of EMD (if directly credited in designated account) and

Tender Fee as specified in this document. In case, EMD is submitted in the form

of BG, scanned copy of original BG should be uploaded subject to compliance

of requirement mentioned in clause no 11(ii).

(c) Proof of remittance of EMD (if directly credited in designated account) and

Tender Fee as specified in this document. In case, EMD is submitted in the form

of BG, the original BG should be enclosed.

(d) Specific response with supporting documents in respect of Eligibility Criteria

as mentioned in Appendix-B and technical eligibility criteria on the lines of

Appendix-C.

(e) Bidder’s details as per Appendix-D on Bidder’s letterhead.

(f) Bidder should provide licensing details of Software / Database / Middleware /

Operating System / Third-Party Software etc.

(g) Audited financial statement and profit and loss account statement as mentioned

in Part-II.

(h) A copy of board resolution along with a copy of Power of Attorney (POA

wherever applicable) showing that the signatory has been duly authorized to

sign the Bid document.

(i) A detailed explanation of the functioning of Solutions.

(j) Undertaking of Authenticity as per Appendix-R.

(k) Format for Manufacturer’s Authorization Form as per Appendix-S.

Note: A copy of board resolution along with a copy of Power of Attorney (POA

wherever applicable) showing that the signatory has been duly authorized to sign

the Bid document. In addition to the uploading of board resolution along with a

copy of POA (wherever applicable) in e-tender application, a duly signed POA on

stamp paper shall be submitted to the Bank immediately once the lockdown period

declared due to Covid-19 is lifted.

ii. Online submission of Bids: The Bid is to be submitted separately for technical and

Indicative price through e-tendering INDICATIVE PRICE BID FOR

ENGAGEMENT OF NETWORK INTEGRATOR (NI) & SETTING UP OF

NEXT GEN NETWORK OPERATIONS CENTRES (NOC) Ref:

SBI/GITC/NW&C/20-21/706 Dated 18.08.2020 is to be uploaded in the e-

Tendering application of M/s E-Procurement Technologies Ltd.

iii. Bidders may please note:


&



(a) The Bidder should quote for the entire package on a single responsibility basis

for Services and Solutions (hardware & software) it proposes to supply.

(b) While submitting the Technical Bid, the literature on the Services and Solutions

(hardware & software) should be segregated and kept together in one section.

(c) Care should be taken that the Technical Bid shall not contain any price

information. Such a proposal, if received, will be rejected.

(d) Bids are liable to be rejected if only one Bid (i.e. Technical Bid or Indicative

Price Bid) is received.

(e) If deemed necessary the Bank may seek clarifications on any aspect from the

Bidder. However, that would not entitle the Bidder to change or cause any

change in the substances of the Bid already submitted or the price quoted.

(f) The Bidder may also be asked to give a presentation for the purpose of

clarification of the Bid post submission.

(g) The Bidder must provide specific and factual replies to the points raised in the

RFP.

(h) Any inter-lineation, erasures or overwriting shall be valid only if they are

initialed by the person signing the Bids.

(i) The Bank reserves the right to reject Bids not conforming to above.

(j) Digitally signed Technical Bid, the literature on the hardware and its associated

operating Software should be uploaded in the e-Tendering application of M/s

E-Procurement Technologies Ltd.

(k) The Bid document shall be complete in accordance with various clauses of the

RFP document or any addenda/corrigenda or clarifications issued in connection

thereto, and digitally signed by the authorized representative of the Bidder

Board resolution authorizing the representative to Bid and make commitments

on behalf of the Bidder is to be uploaded in the e-Tendering application of M/s

E-Procurement Technologies Ltd.

(l) The Bid shall be printed, typed or written in indelible ink and shall be digitally

signed by the Bidder or a person or persons duly authorized to bind the Bidder

to the Contract and uploaded in the e-Tendering application of M/s E-

Procurement Technologies Ltd.

(m) All the digitally signed enclosures (Bid submission) shall have a serially

numbered file naming system according to the index and uploaded in the e-

Tendering application of M/s E-Procurement Technologies Ltd in respective

attachment tabs.

11. DEADLINE FOR ONLINE SUBMISSION OF BIDS:

i. Bids must be submitted online on portal of e-Procurement agency by the date and

time mentioned in the “Schedule of Events”.

ii. Wherever applicable, the Bidder shall submit the original EMD Bank Guarantee


&



and Pre- Contract Integrity Pact together with their respective enclosures and seal

it in an envelope and mark the envelope as “Technical Bid”. The said envelope shall

clearly bear the name of the project and name and address of the Bidder. In addition,

the last date for bid submission should be indicated on the right and corner of the

envelope. The original documents should be submitted within the bid submission

date and time for the RFP at the address mentioned in Sl No 1 of Schedule of Events.

iii. In the event of the specified date for submission of Bids being declared a holiday

for the Bank, the Bids will be received up to the appointed time on the next working

day.

iv. In case the Bank extends the scheduled date of submission of Bid document, the

Bids shall be submitted by the time and date rescheduled. All rights and obligations

of the Bank and Bidders will remain the same.

v. Any Bid received after the deadline will not be accepted.

12. MODIFICATION AND WITHDRAWAL OF BIDS:

i. The Bidder may modify or withdraw its Bid after the Bid’s submission, provided

that written notice of the modification, including substitution or withdrawal of the

Bids, is received by the Bank, prior to the deadline prescribed for submission of

Bids.

ii. A withdrawal notice may also be sent by the authorised representatives of the

company through email, but followed by a signed confirmation copy, not later than

the deadline for submission of Bids.

iii. No modification in the Bid shall be allowed, after the deadline for submission of

Bids.

iv. No Bid shall be withdrawn in the interval between the deadline for submission of

Bids and the expiration of the period of Bid validity specified in this RFP.

Withdrawal of a Bid during this interval may result in the forfeiture of EMD

submitted by the Bidder.

v. Withdrawn Bids, if any, will be returned unopened to the Bidders.

13. PERIOD OF BID VALIDITY AND VALIDITY OF PRICE QUOTED IN

REVERSE AUCTION (RA):

i. The bid shall remain valid for a duration of 6 calendar months from Bid submission

date.

ii. Price quoted by the Bidder in Reverse auction shall remain valid for 6 calendar

months from the date of the conclusion of RA.

iii. In exceptional circumstances, the Bank may solicit the Bidders’ consent to an

extension of the period of validity. The request and the responses thereto shall be

made in writing. A Bidder is free to refuse the request. However, in such a case, the


&



Bank will not forfeit its EMD. However, any extension of the validity of Bids or

price will not entitle the Bidder to revise/modify the Bid document.

iv. Once Purchase Order or Letter of Intent is issued by the Bank, the said price will

remain fixed for the entire Contract period and shall not be subjected to a variation

on any account, including exchange rate fluctuations and custom duty. A Bid

submitted with an adjustable price quotation will be treated as non-responsive and

will be rejected.

14. BID INTEGRITY:

Wilful misrepresentation of any fact within the Bid will lead to the cancellation of

the contract without prejudice to other actions that the Bank may take. All the

submissions, including any accompanying documents, will become the property of

the Bank. The Bidders shall be deemed to license and grant all rights to the Bank,

to reproduce the whole or any portion of their Bid document for the purpose of

evaluation and to disclose the contents of submission for regulatory and legal

requirements.

15. BIDDING PROCESS OF TECHNICAL BIDS:

i. All the technical Bids received up to the specified time and date will be opened for

initial evaluation on the time and date mentioned in the Schedule of Events of this

document. The technical Bids will be opened online in the presence of

representatives of the Bidders who choose to attend the same on portal of e-

Procurement agency. However, Bids may be opened even in the absence of

representatives of one or more of the Bidders.

ii. In the first stage, only technical Bid will be opened and evaluated. Bids of such

Bidders satisfying eligibility criteria and agree to comply with all the terms and

conditions specified in the RFP will be evaluated for technical

criteria/specifications/eligibility. Only those Bids complied with technical criteria

shall become eligible for indicative price Bid opening and further RFP evaluation

process.

iii. The Bank will examine the Bids to determine whether they are complete, required

formats have been furnished, the documents have been properly signed, EMD and

Tender Fee for the desired amount and validity period is available and the Bids are

generally in order. The Bank may, at its discretion waive any minor non-conformity

or irregularity in a Bid that does not constitute a material deviation.

iv. Prior to the detailed evaluation, the Bank will determine the responsiveness of each

Bid to the RFP. For purposes of these Clauses, a responsive Bid is one, which

conforms to all the terms and conditions of the RFP in toto, without any deviation.


&



v. The Bank’s determination of a Bid’s responsiveness will be based on the contents

of the Bid itself, without recourse to extrinsic evidence.

vi. After the opening of the technical Bids and preliminary evaluation, some or all the

Bidders may be asked to make presentations on the Solutions/Services proposed to

be offered by them.

vii. If a Bid is not responsive, it will be rejected by the Bank and will not subsequently

be made responsive by the Bidder by correction of the non-conformity.

16. TECHNICAL EVALUATION:

i. Technical evaluation will include technical information submitted as per technical

Bid format, demonstration of proposed Solutions/services, reference calls and site

visits, wherever required. The Bidder may highlight the noteworthy/superior

features of their Services and Solutions (hardware & software). The Bidder will

demonstrate/substantiate all claims made in the technical Bid along with supporting

documents to the Bank, the capability of the Services and Solutions (hardware &

software) to support all the required functionalities at their cost in their lab or those

at other organizations where similar Services and Solutions (hardware & software)

is in use.

ii. During evaluation and comparison of Bids, the Bank may, at its discretion ask the

Bidders for clarification on the Bids received. The request for clarification shall be

in writing and no change in prices or substance of the Bid shall be sought, offered

or permitted. No clarification at the initiative of the Bidder shall be entertained after

bid submission date.

17. EVALUATION OF INDICATIVE PRICE BIDS AND FINALIZATION:

i. The folder containing the indicative price Bid(s) of only those Bidders, who are

short-listed after technical evaluation, would be opened.

ii. All the Bidders who qualify in the evaluation process shall have to participate in the

online reverse auction to be conducted by Bank’s authorized M/s E-Procurement

Technologies Ltd.

iii. Shortlisted Bidders who shall be willing to participate in the reverse auction process

must have a valid digital signature certificate. Such Bidders will be trained by M/s

E-Procurement Technologies Ltd for this purpose. Bidders shall also be willing to

abide by the e-business rules for reverse auction framed by M/s E-Procurement

Technologies Ltd. The details of e-business rules, processes and procedures will be

provided to the short-listed Bidders.

iv. The Bidder will be selected as L1 on the basis of net total of the price evaluation as

quoted in the Reverse Auction.


&



v. The successful Bidder is required to provide price confirmation and price breakup

strictly on the lines of Appendix-F within 48 hours of the conclusion of the Reverse

Auction, failing which Bank may take appropriate action.

vi. Errors, if any, in the price breakup format will be rectified as under:

(a) If there is a discrepancy between the unit price and total price which is obtained

by multiplying the unit price with quantity, the unit price shall prevail and the

total price shall be corrected unless it is a lower figure. If the Bidder does not

accept the correction of errors, the Bid will be rejected.

(b) If there is a discrepancy in the unit price quoted in figures and words, the unit

price in figures or in words, as the case may be, which corresponds to the total

Bid price for the Bid shall be taken as correct.

(c) If the Bidder has not worked out the total Bid price or the total Bid price does not

correspond to the unit price quoted either in words or figures, the unit price quoted

in words shall be taken as correct.

(d) The Bidder should quote for all the items/services desired in this RFP. In case,

prices are not quoted by any Bidder for any specific product and / or service, for

the purpose of evaluation, the highest of the prices quoted by other Bidders

participating in the bidding process will be reckoned as the notional price for that

service, for that Bidder. However, if selected, at the time of award of Contract,

the lowest of the price(s) quoted by other Bidders (whose Price Bids are also

opened) for that service will be reckoned. This shall be binding on all the Bidders.

However, the Bank reserves the right to reject all such incomplete Bids.

18. CONTACTING THE BANK:

i. No Bidder shall contact the Bank on any matter relating to its Bid, from the time of

opening of indicative price Bid to the time, the Contract is awarded.

ii. Any effort by a Bidder to influence the Bank in its decisions on Bid evaluation, Bid

comparison or contract award may result in the rejection of the Bid.

19. AWARD CRITERIA AND AWARD OF CONTRACT:

i. Applicability of Preference to Make in India, Order 2017 (PPP-MII Order)

Guidelines on Public Procurement (Preference to Make in India), Order 2017 (PPP-

MII Order) and any revision thereto will be applicable for this RFP and allotment will

be done in terms of said Order as under:

(a) Among all qualified bids, the lowest bid (as quoted in the reverse auction) will

be termed as L1. If L1 is from a local supplier, the contract will be awarded to L1.


&



(b) If L1 is not from a local supplier, the lowest bidder among the local suppliers

will be invited to match the L1 price subject to local supplier’s quoted price falling

with the margin of purchase preference, and the contract shall be awarded to such

local supplier subject to matching the L1 price.

(c) In case such lowest eligible local supplier fails to match the L1 price, the local

supplier with the next higher bid within the margin of purchase preference shall be

invited to match the L1 price and so on and contract shall be awarded accordingly.

In case none of the local suppliers within the margin of purchase preference matches

the L1 price, then the contract will be awarded to the L1 bidder.

For the purpose of Preference to Make in India, Order 2017 (PPP-MII Order):

“Local content” means the amount of value-added in India which shall be the total

value of the item procured (excluding net domestic indirect taxes) minus the value

of imported content in the item (including all customs duties) as a proportion of the

total value, in percent.

“Local supplier” means a supplier or service provider whose product or service

offered for procurement meets the minimum 50% local content.

“Margin of purchase preference” means the maximum extent to which the price

quoted by a local supplier may be above the L1 for the purpose of purchase

preference. The margin of purchase preference shall be 20%.

ii. Verification of local content

The local supplier at the time of submission of bid shall be required to provide a

certificate as per Appendix-G from the statutory auditor or cost auditor of the

company (in the case of companies) or from a practicing cost accountant or

practicing chartered accountant (in respect of suppliers other than companies)

giving the percentage of local content.

iii. The total cost of Solutions along with the cost of all items specified in Appendix-

F would be the Total Cost of Ownership (TCO)/Total Project Cost and should be

quoted by the Bidder(s) in indicative price bid and reverse auction.

iv. Bank will notify successful Bidder in writing by way of issuance of the purchase

order through letter or fax/email that its Bid has been accepted. The selected Bidder

has to return the duplicate copy of the same to the Bank within 7 working days,

duly Accepted, Stamped and Signed by Authorized Signatory in token of

acceptance.

v. The successful Bidder will have to submit a Non-disclosure Agreement, Bank

Guarantee for the amount and validity as desired in this RFP and strictly on the lines


&



of format given in the Appendix-L of this RFP together with the acceptance of all

terms and conditions of RFP.

vi. Copy of board resolution and Power of Attorney (POA wherever applicable)

showing that the signatory has been duly authorized to sign the acceptance letter,

contract and NDA should be submitted.

vii. The successful Bidder shall be required to enter into a Contract with the Bank and

submit the Bank Guarantee, within 30 days from the issuance of Purchase Order or

within such extended period as may be decided by the Bank.

viii. Till execution of a formal contract, the RFP, along with the Bank’s notification of

award by way of issuance of the purchase order and Service Provider’s acceptance

thereof, would be binding contractual obligation between the Bank and the

successful Bidder.

ix. The Bank reserves the right to stipulate, at the time of finalization of the Contract,

any other document(s) to be enclosed as a part of the final Contract.

x. Failure of the successful Bidder to comply with the requirements/terms and

conditions of this RFP shall constitute sufficient grounds for the annulment of the

award and forfeiture of the EMD and/or BG.

xi. Upon notification of award to the successful Bidder, the Bank will promptly notify

the award of the contract to the successful Bidder on the Bank’s website. The EMD

of each unsuccessful Bidder will be discharged and returned.

20. POWERS TO VARY OR OMIT WORK:

i. No alterations, amendments, omissions, additions, suspensions, or variations of the

work (hereinafter referred to as variation) under the contract shall be made by the

successful Bidder except as directed in writing by Bank. The Bank shall have full

powers, subject to the provision herein after contained, from time to time during the

execution of the contract, by notice in writing to instruct the successful Bidder to

make any variation without prejudice to the contract. The finally selected Bidder

shall carry out such variation and be bound by the same conditions as far as

applicable as though the said variations occurred in the contract documents. If any,

suggested variations would, in the opinion of the finally selected Bidder, if carried

out, prevent him from fulfilling any of his obligations under the contract, he shall

notify Bank thereof in writing with reasons for holding such opinion and Bank shall

instruct the successful Bidder to make such other modified variation without

prejudice to the contract. The finally selected Bidder shall carry out such variation

and be bound by the same conditions as far as applicable as though the said

variations occurred in the contract documents. If the Bank confirms its instructions,

the successful Bidder’s obligations shall be modified to such an extent as may be

mutually agreed, if such variation involves extra cost. Any agreed difference in cost

occasioned by such variation shall be added to or deducted from the contract price

as the case may be.


&



ii. In any case in which the successful Bidder has received instructions from the Bank

as to the requirements for carrying out the altered or additional substituted work

which either then or later on, will in the opinion of the finally selected Bidders,

involve a claim for additional payments, such additional payments shall be mutually

agreed in line with the terms and conditions of the order.

iii. If any change in the work is likely to result in a reduction in cost, the parties shall

agree in writing so as to the extent of change in contract price, before the finally

selected Bidder(s) proceeds with the change.

21. WAIVER OF RIGHTS:

Each Party agrees that any delay or omission on the part of the other Party to

exercise any right, power or remedy under this RFP will not automatically operate

as a waiver of such right, power or remedy or any other right, power or remedy,

and no waiver will be effective unless it is in writing and signed by the waiving

Party. Further, the waiver or the single or partial exercise of any right, power, or

remedy by either Party hereunder on one occasion will not be construed as a bar to

a waiver of any successive or other rights, power, or remedy on any other

occasion.

22. CHANGE IN ORDERS:

i. The Bank may, at any time, by a written order given to Service Provider, make

changes within the general scope of the Contract in any one or more of the

following:

(a) Method of shipment or packing;

(b) Place of delivery;

(c) Quantities to be supplied subject to 25% above or below the originally

declared quantities.

ii. If any such change causes an increase or decrease in the cost of, or the time required

for Service Provider’s performance of any provisions under the Contract, an

equitable adjustment shall be made in the Contract Price or delivery schedule, or

both, and the Contract shall accordingly be amended. Any claims by Service

Provider for adjustment under this clause must be asserted within 15 days from the

date of Service Provider’s receipt of Bank’s change order.

23. CONTRACT AMENDMENT:

No variation in or modification of the terms of the Contract shall be made, except

by written amendment, signed by the parties.


&



24. BANK’S RIGHT TO ACCEPT ANY BID AND TO REJECT ANY OR ALL

BIDS:

The Bank reserves the right to accept or reject any Bid in part or in full or to cancel

the bidding process and reject all Bids at any time prior to contract award as specified

in Award Criteria and Award of Contract, without incurring any liability to the

affected Bidder or Bidders or any obligation to inform the affected Bidder or Bidders

of the grounds for the Bank’s action.

25. BANK GUARANTEE:

i. Performance security in form of Bank Guarantee [BG] for the amount with validity

period as specified in this RFP strictly on the format at Appendix-H is to be

submitted by the finally selected Bidder (s). The BG has to be issued by a Scheduled

Commercial Bank other than SBI and needs to be submitted within the specified

time of receipt of formal communication from the Bank about their Bid finally

selected. In case, SBI is the sole Banker for the Bidder, a Letter of Comfort from

SBI may be accepted.

ii. The Bank Guarantee is required to protect the interest of the Bank against delay in

supply/installation and/or the risk of non-performance of the successful Bidder in

respect successful implementation of the project, or performance of the material or

services sold, or breach of any terms and conditions of the Agreement, which may

warrant invoking of Bank Guarantee.

26. COUNTRY OF ORIGIN / ELIGIBILITY OF PRODUCTS & SERVICES:

i. All Products and components thereof to be supplied under the Contract shall have

their origin in eligible source countries, as per the prevailing import trade control

regulations in India.

ii. For purposes of this clause, “origin” means the place where the Products are mined,

grown, or manufactured or produced, or the place from which the related product is

supplied. Products are produced when, through manufacturing, processing or

substantial and major assembly of components, a commercially-recognized product

results that is substantially different in basic characteristics or in purpose or utility

from its components.

27. DELIVERY, INSTALLATION AND COMMISSIONING:

i. Service Provider shall provide such packing of the Products as is required to prevent

its damage or deterioration during transit thereof to the location given by the Bank.


&



The packing shall be sufficient to withstand, without limitation, rough handling

during transit and exposure to extreme temperature, salt and precipitation during

transit and open storage. Size and weight of packing cases shall take into

consideration, where appropriate, the remoteness of the Products final destination

and the absence of heavy handling facilities at all transit points.

ii. Service Provider will have to supply the Product(s) in ‘Factory Sealed Boxes’ with

System OEM seal.

iii. Delivery, installation and commissioning of the Products shall be made by Service

Provider in accordance with the system approved / ordered and within the time

schedule given in the Scope of work given in Appendix-E of this document.

iv. The delivery will be deemed complete when the Products/ components/ associated

software/firmware are received in good working condition at the designated

locations, mentioned in this RFP.

v. The installation will be deemed to be completed, when the Product including all the

hardware, accessories/components, firmware/system software, and other associated

software have been supplied, installed and operationalised as per the technical

specifications and all the features as per the technical specifications are

demonstrated and implemented as required, on the systems, to the satisfaction of

the Bank. Service Provider has to resolve any problem faced during installation and

operationalisation.

vi. In addition, Service Provider will supply all associated documentation relating to

the Products/hardware, system software/firmware, etc. The Product(s) are

considered accepted (commissioned and operationalised) after signing the

acceptance test plan document jointly by the representative of the Bank and the

engineer from Service Provider on the lines of format/certificate on the lines of

Appendix-I of this RFP. The component level checking for individual item may be

included during the acceptance test. The acceptance test plan document shall be

deemed to form a part of the agreement, to be signed between Service Provider and

the Bank. On the evaluation of the acceptance test results, if required, in view of the

performance of the Products (including hardware equipment/ components/

software), as observed during the acceptance test, Service Provider shall take

remedial measures including upgradation of any of the components thereunder,

including replacement thereof, at no additional cost to the Bank within a fortnight

from the date of notification of the same to Service Provider. Service Provider

should ensure that the Product meets the requirements of the Bank as envisaged in

the RFP.


&



vii. The details of the documents to be furnished by Service Provider are specified

hereunder:-

(a) 2 copies of Vendor’s Invoice showing contract number, products description,

quantity, unit price and total amount.

(b) Delivery Note or acknowledgement of receipt of Products from the consignee or

in case of products from abroad, original and two copies of the negotiable clean

Airway Bill.

(c) 2 copies of packing list identifying contents of each of the package.

(d) Insurance Certificate.

(e) Manufacturer’s warranty certificate.

viii. The above documents shall be received by the Bank before arrival of Products

(except where it is handed over to the Consignee with all documents). If these

documents are not received, Service Provider will be responsible for any

consequent expenses.

ix. For the system & other software/firmware required with the hardware ordered for,

the following will apply:-

(a) Service Provider shall supply standard software/firmware package published by

third parties in or out of India in their original publisher-packed status only, and

should have procured the same either directly from the publishers or from the

publisher's sole authorized representatives only.

(b) Service Provider shall provide complete and legal documentation of all sub

systems, licensed operating systems, licensed system software/firmware, licensed

utility software and other licensed software. Service Provider shall also provide

licensed software for all software/firmware whether developed by them or

acquired from others.

(c) In case Service Provider is providing software/firmware which is not its

proprietary software then Service Provider should have valid agreements with the

software/firmware vendor for providing such software/firmware to the Bank,

which includes support from the software/firmware vendor for the proposed

software for the entire period required by the Bank.

(d) The ownership of the supplied hardware shall be that of the Bank from the date

of delivery of the same. In other words, wherever the ownership of the hardware

is indicated, the name “State Bank of India” must appear to indicate that the Bank

is the perpetual owner of the hardware including use of software license


&



embedded to the hardware in perpetuity. Evidence to this effect must be submitted

before the payment can be released.

28. SYSTEM INTEGRATION TESTING & USER ACCEPTANCE TESTING:

Service Provider should integrate the Solutions with the existing systems as per the

requirement of the Bank and carry out thorough system integration testing.

System integration testing will be followed by user acceptance testing, plan for

which has to be submitted by Service Provider to the Bank. The UAT includes

functional tests, resilience tests, benchmark comparisons, operational tests, load

tests, etc. SBI staff / third Party vendor designated by the Bank will carry out the

functional testing. This staff / third party vendor will need necessary on-site training

for the purpose and should be provided by Service Provider. Service Provider

should carry out other testing like resiliency/benchmarking/load etc. Service

Provider should submit a result log for all testing to the Bank.

On satisfactory completion of the aforementioned tests, the User Acceptance Test

(UAT) letter will be issued to Service Provider by the competent authority on the

line of Appendix-I.

29. SERVICES (Hardware):

i. Service Provider shall ensure that key personnel with relevant skill-sets are

available at designated locations for installation and commissioning of the Product.

ii. Service Provider shall ensure that the quality of methodologies for delivering the

Products/Services, adhere to quality standards/timelines stipulated thereof.

iii. Service Provider shall be willing to transfer skills to relevant personnel of the Bank,

by means of training and documentation.

iv. Service Provider shall provide and implement patches/ upgrades/ updates for

Products (software/ firmware/ OS) as and when released by Service Provider/ OEM

free of cost. Service Provider should bring to notice of the Bank all releases/ version

changes.

v. Service Provider shall obtain a written permission from the Bank before applying

any of the patches/ upgrades/ updates. Service Provider has to support older

versions of the OS/firmware/middleware etc in case the Bank chooses not to

upgrade to latest version.


&



vi. Service Provider shall provide maintenance support for the Product including

embedded software/ OS/ middleware etc over the entire period of Contract.

vii. All product updates, upgrades & patches shall be provided by Service Provider free

of cost during warranty and AMC/ ATS/ S&S period.

viii. Service Provider shall provide legally valid firmware/software. The detailed

information on license count and type of license should also be provided to the

Bank.

ix. Service Provider shall keep the Bank explicitly informed the end of support dates

on related Products including embedded software/ OS/ middleware etc should

ensure support during warranty and AMC/ATS/S&S.

30. SERVICES (other than Hardware):

i. All professional services necessary to successfully implement the proposed

Solutions will be part of the RFP/Contract.

ii. The Bidder should also submit as part of technical Bid an overview of Project

Management approach of the proposed product.

iii. Bidder should ensure that key personnel with relevant skill-sets are available to the

Bank.

iv. Bidder should ensure that the quality of methodologies for delivering the services

adhere to quality standards/timelines stipulated therefor.

v. Bidder shall be willing to transfer skills to relevant personnel from the Bank, by

means of training and documentation.

vi. Bidder shall provide and implement patches/ upgrades/ updates for hardware/

software/ Operating Systems / Middleware etc. as and when released by Service

Provider/ OEM or as per requirements of the Bank. Bidder should bring to notice

of the Bank all releases/ version changes.

vii. Bidder shall obtain written permission from the Bank before applying any of the

patches/ upgrades/ updates. The Bidder has to support older versions of the

hardware/ software/ Operating System /Middleware etc. in case the Bank chooses

not to upgrade to the latest version.

viii. Bidder shall provide maintenance support for Hardware/ Software/ Operating

System/ Middleware over the entire period of contract.

ix. All product updates, upgrades & patches shall be provided by the Bidder/ Service

Provider free of cost during warranty and AMC/ ATS/ S&S period.

x. Bidder shall provide legally valid Solutions. The detailed information on license

count and type of license shall also be provided to the Bank.


&



xi. The Bidder shall keep the Bank explicitly informed the end of support dates on

related products/hardware/firmware and should ensure support during warranty and

AMC/ATS/S&S.

31. WARRANTY AND ANNUAL MAINTENANCE CONTRACT FOR

HARDWARE:

i. Service Provider shall support the Product and its associated items/components

including OS/firmware during the period of warranty and AMC (if included in the

RFP) as specified in Scope of Work in this RFP.

ii. During the warranty and AMC period (if included in the RFP), Service Provider

will have to undertake comprehensive support of the entire Product

(hardware/components/ operating software/firmware) supplied by them at no

additional cost to the Bank. During the support period (warranty and AMC), Service

Provider shall maintain the Product (hardware/ software, etc.) to comply with

parameters defined for acceptance criteria and Service Provider shall be responsible

for all costs relating to labour, spares, maintenance (preventive and corrective),

compliance of security requirements and transport charges from and to the

designated site(s) in connection with the repair/ replacement of the Product

(hardware/ equipment/ components/ software or any component/ part thereunder),

which, under normal and proper use and maintenance thereof, proves defective in

design, material or workmanship or fails to conform to the specifications, as

specified.

iii. During the support period (warranty and AMC), Service Provider shall ensure that

services of professionally qualified personnel are available for providing

comprehensive on-site maintenance of the Product and its components as per the

Bank’s requirements. Comprehensive maintenance shall include, among other

things, day to day maintenance of the system as per the RFP, reloading of

firmware/software, compliance to security requirements, etc. when required or in

the event of system crash/malfunctioning, arranging and configuring facility as per

the RFP, fine tuning, system monitoring, log maintenance, etc. Service Provider

shall provide services of an expert engineer at SBI GITC, Belapur or at any other

locations wherever required, whenever it is essential. In case of failure of Product

(hardware, system software or any of its components), Service Provider shall ensure

that Product is made operational to the full satisfaction of the Bank within the given

timelines. Service Provider shall provide preventive maintenance schedules as per

periodicity defined in RFP.

iv. On site comprehensive warranty for the Product would include free replacement of

spares, parts, kits, resolution of problem, if any, in Product.


&



v. Warranty/ AMC (if included in the RFP) for the system software/ off-the shelf

software will be provided to the Bank as per the general conditions of sale of such

software.

vi. Support (Warranty/ AMC, if included in the RFP) would be on-site and

comprehensive in nature and must have back to back support from the OEM/Service

Provider. Undertaking on the lines of Appendix-H of this RFP document is

required to be submitted by Service Provider, duly endorsed by the OEM that in

case Service Provider fails to provide Services then OEM shall provide the same at

no extra cost, to the satisfaction of the Bank. Service Provider warrants Products

against defect arising out of faulty design, materials, etc. during the specified

support period. Service Provider will provide support for operating systems and

other pre-installed software components/system software during the specified

period of the hardware on which these software and operating system will be

installed. Service Provider shall repair or replace worn out or defective parts

including all plastic parts of the Equipment at his own cost including the cost of

transport.

vii. In the event of system break down or failures at any stage, protection available,

which would include the following, shall be specified.

(a) Diagnostics for identification of systems failures

(b) Protection of data/ Configuration

(c) Recovery/ restart facility

(d) Backup of system software/ Configuration

viii. Prompt support shall be made available as desired in this RFP during the support

period at the locations as and when required by the Bank.

ix. Service Provider shall be agreeable for on-call/on-site support during peak weeks

(last and first week of each month) and at the time of switching over from PR to DR

and vice-versa. No extra charge shall be paid by the Bank for such needs, if any,

during the support period.

x. Service Provider support staff should be well trained to effectively handle queries

raised by the employee(s) or authorized user(s) of the Bank.

xi. Updated escalation matrix shall be made available to the Bank once in each quarter

and each time the matrix gets changed.


&



32. WARRANTY AND ANNUAL MAINTENANCE CONTRACT (Other than

Hardware):

i. The selected Bidder shall support the Solutions during the period of warranty and

AMC as specified in Scope of work in this RFP from the date of acceptance of the

Solutions by State Bank of India.

ii. During the warranty and AMC period, the Bidder will have to undertake

comprehensive support of the Solutions supplied by the Bidder and all new

versions, releases, and updates for all standard Software to be supplied to the Bank

at no additional cost. During the support period, the Bidder shall maintain the

Solutions to comply with parameters defined for acceptance criteria and the Bidder

shall be responsible for all costs relating to labour, spares, maintenance (preventive

and corrective), compliance of security requirements and transport charges from

and to the Site (s) in connection with the repair/ replacement of the Solutions, which,

under normal and proper use and the maintenance thereof, proves defective in

design, material or workmanship or fails to conform to the specifications, as

specified.

iii. During the support period (warranty and AMC), Service Provider shall ensure that

services of professionally qualified personnel are available for providing

comprehensive on-site maintenance of the Solutions and its components as per the

Bank’s requirements. Comprehensive maintenance shall include, among other

things, day to day maintenance of the Solutions as per the Bank’s policy, reloading

of firmware/software, compliance to security requirements, etc. when required or

in the event of system crash/malfunctioning, arranging and configuring facility as

per the requirements of the Bank, fine tuning, system monitoring, log maintenance,

etc. The Bidder shall provide services of an expert engineer at SBI GITC, Belapur

or at other locations wherever required, whenever it is essential. In case of failure

of Solutions, the Bidder shall ensure that Solutions are made operational to the full

satisfaction of the Bank within the given timelines.

iv. Warranty/ AMC for the system software/ off-the shelf Software will be provided to

the Bank as per the general conditions of sale of such software.

v. Support (Warranty/ AMC) would be on-site and comprehensive in nature and must

have back to back support from the OEM/Service Provider. Service Provider will

warrant products against defects arising out of faulty design etc. during the specified

support period.

vi. In the event of a system break down or failures at any stage, protection available,

which would include the following, shall be specified.

(a) Diagnostics for identification of systems failures

(b) Protection of data/ Configuration

(c) Recovery/ restart facility

(d) Backup of system software/ Configuration


&



vii. Prompt support shall be made available as desired in this RFP during the support

period at the locations as and when required by the Bank.

viii. The Bidder shall be agreeable for on-call/on-site support during peak weeks (last

and first week of each month) and at the time of switching over from PR to DR and

vice-versa. No extra charge shall be paid by the Bank for such needs, if any, during

the support period.

ix. Bidder support staff should be well trained to effectively handle queries raised by

the customers/employees of the Bank.

x. Updated escalation matrix shall be made available to the Bank once in each

quarter and each time the matrix gets changed.

33. PENALTIES:

As mentioned in Appendix-J of this RFP.

34. RIGHT TO VERIFICATION:

The Bank reserves the right to verify any or all of the statements made by the Bidder

in the Bid document and to inspect the Bidder’s facility, if necessary, to establish

to its satisfaction about the Bidder’s capacity/capabilities to perform the job.

35. INSPECTION AND TESTING FOR HARDWARE:

i. The Bank reserves the right to carry out pre-shipment inspection or demand a

demonstration of the Product on a representative model at Service Provider’s

location.

ii. The inspection and tests prior to dispatch of Products / at the time of final

acceptance would be as follows:

(a) Service Provider shall intimate the Bank before dispatching Products for

conducting inspection and testing.

(b) Inspection / pre-shipment acceptance testing of Products as per quality control

formats including functional testing and burn-in tests at full load, quality control

tests etc., as per the standards / specifications and may be done at factory site of

Service Provider by the Bank or its authorized agency before dispatch of Products.

In case of failure by Service Provider to provide necessary facility / equipment at

his premises, all the cost of such inspection like travel, boarding, lodging and

other incidental expenses of the Bank’s representatives to be borne by Service

Provider.


&



(c) Successful conduct and conclusion of inspection and testing shall be the sole

responsibility of Service Provider. However, the Bank may at its sole discretion,

waive inspection of Products.

(d) In the event of Product failing to pass the inspection and tests, as per the

specifications given, Service Provider shall rectify and deliver the product after

re-inspection within the timeline mentioned in the RFP.

(e) The inspection and tests may also be conducted at the point of delivery and / or at

the Products’ final destination. Reasonable facilities and assistance, including

access to drawings and production data, shall be furnished, at no charge to the

Bank.

(f) Nothing stated herein above shall in any way release Service Provider from any

warranty or other obligations under this RFP.

iii. The Bank’s right to inspect, test and where necessary reject the Products after the

Products arrival at the destination shall in no way be limited or waived by reason of

the Products having previously being inspected, tested and passed by the Bank or

its representative prior to the Products shipment from the place of origin by the

Bank or its representative prior to the installation and commissioning.

Nothing stated hereinabove shall in any way release Service Provider from any

warranty or other obligations under this RFP

36. INSPECTION AND TESTING (Other than Hardware):

i. The Bank reserves the right to carry out a pre-shipment inspection or demand a

demonstration of the product on a representative model at Service Provider’s

location.

ii. The inspection and test prior to dispatch of the product/at the time of final

acceptance would be as follows:

(a) Service Provider shall intimate the Bank before dispatching products for

conducting inspection and testing.

(b) The inspection and acceptance test may also be conducted at the point of delivery

and / or at the products’ final destination. Reasonable facilities and assistance,

including access to drawings and production data, shall be furnished to the

inspectors, at no charge to the Bank. In case of failure by Service Provider to

provide necessary facility / equipment at its premises, all the cost of such

inspection like travel, boarding, lodging & other incidental expenses of the

Bank’s representatives to be borne by Service Provider.


&



iii. The Bank’s right to inspect, test the product/ Solution after delivery of the same to

the Bank and where necessary reject the products/solution which does not meet the

specification provided by the Bank. This shall in no way be limited or waived by

reason of the products/ Solution having previously being inspected, tested and

passed by the Bank or its representative prior to the products/ Solution shipment

from the place of origin by the Bank or its representative prior to the installation

and commissioning.

iv. Nothing stated hereinabove shall in any way release Service Provider from any

warranty or other obligations under this contract.

v. System integration testing and User Acceptance testing will be carried out as per

requirement of the Bank.

37. RIGHT TO AUDIT:

i. The Selected Bidder (Service Provider) shall be subject to annual audit by internal/

external Auditors appointed by the Bank/ inspecting official from the Reserve Bank

of India or any regulatory authority, covering the risk parameters finalized by the

Bank/ such auditors in the areas of products (IT hardware/ Software) and services

etc. provided to the Bank and Service Provider is required to submit such

certification by such Auditors to the Bank. Service Provider and or his / their

outsourced agents / sub – contractors shall facilitate the same. The Bank can make

its expert assessment on the efficiency and effectiveness of the security, control,

risk management, governance system and process created by the Service Provider.

The Service Provider shall, whenever required by the Auditors, furnish all relevant

information, records/data to them. All costs for such audit shall be borne by the

Bank. Except for the audit done by Reserve Bank of India or any

statutory/regulatory authority, the Bank shall provide reasonable notice not less than

7 (seven) days to Service Provider before such audit and same shall be conducted

during normal business hours.

ii. Where any deficiency has been observed during audit of the Service Provider on

the risk parameters finalized by the Bank or in the certification submitted by the

Auditors, the Service Provider shall correct/resolve the same at the earliest and shall

provide all necessary documents related to resolution thereof and the auditor shall

further certify in respect of resolution of the deficiencies. The resolution provided

by the Service Provider shall require to be certified by the Auditors covering the

respective risk parameters against which such deficiencies have been observed.


&



iii. Service Provider further agrees that whenever required by the Bank, it will furnish

all relevant information, records/data to such auditors and/or inspecting officials of

the Bank/Reserve Bank of India and/or any regulatory authority(ies). The Bank

reserves the right to call for and/or retain any relevant information /audit reports on

financial and security review with their findings undertaken by the Service

Provider. However, Service Provider shall not be obligated to provide records/data

not related to Services under the Agreement (e.g. internal cost breakup etc.).

38. SUBCONTRACTING:

As per the scope of this Agreement sub-contracting is not permitted, unless

otherwise permitted elsewhere in the RFP.

39. INSURANCE:

i. The insurance shall be for an amount equal to 100 percent of the value of the

Products from place of dispatch to final destination on “All Risks” basis, valid for

a period of one month after delivery of Products at the defined destination.

ii. Should any loss or damage occur, Service Provider shall:

(a) initiate and pursue claim till settlement and

(b) promptly make arrangements for repair and / or replacement of any damaged item

to the satisfaction of the Bank, irrespective of settlement of claim by the

underwriters.

40. VALIDITY OF AGREEMENT:

The Agreement/ SLA will be valid for the period of 5 year(s). The Bank reserves

the right to terminate the Agreement as per the terms of RFP/ Agreement.

41. LIMITATION OF LIABILITY:

i. The maximum aggregate liability of Service Provider, subject to clause 34 (iii), in

respect of any claims, losses, costs or damages arising out of or in connection with

this RFP/Agreement shall not exceed the total Project Cost.

ii. Under no circumstances shall either Party be liable for any indirect, consequential

or incidental losses, damages or claims including loss of profit, loss of business or

revenue.


&



iii. The limitations set forth herein shall not apply with respect to:

a) claims that are the subject of indemnification pursuant to infringement of third

party Intellectual Property Right;

b) damage(s) occasioned by the Gross Negligence or Wilful Misconduct of Service

Provider,

c) damage(s) occasioned by Service Provider for breach of Confidentiality

Obligations,

d) Regulatory or statutory fines imposed by a Government or Regulatory agency

for non-compliance of statutory or regulatory guidelines applicable to the Bank,

provided such guidelines were brought to the notice of Service Provider.

For the purpose of clause 34(iii)(b) “Gross Negligence” means any act or failure

to act by a party which was in reckless disregard of or gross indifference to the

obligation of the party under this Agreement and which causes injury, damage to

life, personal safety, real property, harmful consequences to the other party, which

such party knew, or would have known if it was acting as a reasonable person,

would result from such act or failure to act for which such Party is legally liable.

Notwithstanding the forgoing, Gross Negligence shall not include any action taken

in good faith.

“Wilful Misconduct” means any act or failure to act with an intentional disregard

of any provision of this Agreement, which a party knew or should have known if it

was acting as a reasonable person, which would result in injury, damage to life,

personal safety, real property, harmful consequences to the other party, but shall not

include any error of judgment or mistake made in good faith.

42. CONFIDENTIALITY:

Confidentiality obligation shall be as per Non-Disclosure Agreement (Appendix-

L) and clause 15 of Service Level Agreement placed as Appendix-K to this RFP.

43. DELAY IN SERVICE PROVIDER’S PERFORMANCE:

i. Delivery, installation, commissioning of the Solutions and performance of Services

shall be made by Service Provider within the timelines prescribed in Part II of this

RFP.

ii. If at any time during performance of the Contract, Service Provider should

encounter conditions impeding timely delivery of the Solutions and performance of

Services, Service Provider shall promptly notify the Bank in writing of the fact of

the delay, its likely duration and cause(s). As soon as practicable after receipt of


&



Service Provider’s notice, the Bank shall evaluate the situation and may, at its

discretion, extend Service Providers’ time for performance, in which case, the

extension shall be ratified by the parties by amendment of the Contract.

iii. Any delay in performing the obligation/ defect in performance by Service Provider

may result in imposition of penalty, liquidated damages, invocation of Bank

Guarantee and/or termination of Contract (as laid down elsewhere in this RFP

document).

44. SERVICE PROVIDER’S OBLIGATIONS:

i. Service Provider is responsible for and obliged to conduct all contracted activities

in accordance with the Contract using state-of-the-art methods and economic

principles and exercising all means available to achieve the performance specified

in the Contract.

ii. Service Provider is obliged to work closely with the Bank’s staff, act within its own

authority and abide by directives issued by the Bank from time to time and complete

implementation activities.

iii. Service Provider will abide by the job safety measures prevalent in India and will

free the Bank from all demands or responsibilities arising from accidents or loss of

life, the cause of which is Service Provider’s negligence. Service Provider will pay

all indemnities arising from such incidents and will not hold the Bank responsible

or obligated.

iv. Service Provider is responsible for activities of its personnel or sub-contracted

personnel (where permitted) and will hold itself responsible for any misdemeanors.

v. Service Provider shall treat as confidential all data and information about the Bank,

obtained in the process of executing its responsibilities, in strict confidence and will

not reveal such information to any other party without prior written approval of the

Bank as explained under ‘Non-Disclosure Agreement’ in Appendix-L of this RFP.

45. TECHNICAL DOCUMENTATION (For Hardware):

i. Service Provider shall deliver the following documents to the Bank for every

hardware / firmware / software including third party software before software/

service become operational, which includes, user manuals, installation manuals,

operation manuals, design documents, process documents, technical manuals,

functional specification, software requirement specification, on-line tutorials/

computer based tests, system configuration documents, system/database


&



administrative documents, debugging/diagnostics documents, test procedures etc.

ii. Service Provider shall provide documents related to review records/ Test Bug

Reports/ Root Cause Analysis Report, list of all Product components, list of all

dependent/external modules and list of all documents relating to traceability of

service level failure as and when applicable.

iii. Service Provider shall also provide the MIS reports as per requirements of the Bank.

Any level/ version changes and/or clarification or corrections or modifications in

the above mentioned documentation should be supplied by Service Provider to the

Bank, free of cost in timely manner.

46. TECHNICAL DOCUMENTATION (Other than Hardware):

i. Service Provider shall deliver the following documents to the Bank for every

Software including third party Software before software/ service become

operational, which includes, user manuals, installation manuals, operation manuals,

design documents, process documents, technical manuals, functional specification,

Software requirement specification, on-line tutorials/ CBTs, system configuration

documents, system/database administrative documents, debugging/diagnostics

documents, test procedures etc.

ii. Service Provider shall also provide documents related to Review Records/ Test Bug

Reports/ Root Cause Analysis Report, list of all Product components, list of all

dependent/external modules and list of all documents relating to traceability of the

Solutions as and when applicable.

iii. Service Provider shall also provide the MIS reports, data flow documents, data

register and data dictionary as per requirements of the Bank. Any level/ version

changes and/or clarification or corrections or modifications in the above-mentioned

documentation should be supplied by Service Provider to the Bank, free of cost in

timely manner.

47. INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP:

i. For any technology / Software / Solution developed/used/supplied by Service

Provider for performing Services or licensing and implementing Software and

Solution for the Bank as part of this RFP, Service Provider shall have right to use

as well right to license for the outsourced services or third party product. The Bank

shall not be liable for any license or IPR violation on the part of Service provider.


&



ii. Without the Bank’s prior written approval, Service provider will not, in performing

the Services, use or incorporate, link to or call or depend in any way upon, any

Software or other intellectual property that is subject to an Open Source or Copy-

left license or any other agreement that may give rise to any third-party claims or to

limit the Bank’s rights under this RFP.

iii. Subject to clause 39 (iv) and 39 (v) of this RFP, Service Provider shall, at its own

expenses without any limitation, indemnify and keep fully and effectively

indemnified the Bank against all cost, claims, damages, demands, expenses and

liabilities whatsoever nature arising out of or in connection with all claims of

infringement of Intellectual Property Right, including patent, trademark, copyright,

trade secret or industrial design rights of any third party arising from use of the

technology / Software / products or any part thereof in India or abroad, for Software

licensed/developed as part of this engagement. In case of violation/ infringement of

patent/ trademark/ copyright/ trade secret or industrial design or any other

Intellectual Property Right of third party, Service Provider shall, after due

inspection and testing, without any additional cost (a) procure for the Bank the right

to continue to using the Software supplied; or (b) replace or modify the Software to

make it non-infringing so long as the replacement to or modification of Software

provide substantially equivalent functional, performance and operational features

as the infringing Software which is being replaced or modified; or (c) to the extent

that the activities under clauses (a) and (b) above are not commercially reasonable,

refund to the Bank all amounts paid by the Bank to Service Provider under this

RFP/Agreement.

iv. The Bank will give (a) notice to Service provider of any such claim without

delay/provide reasonable assistance to Service provider in disposing of the claim;

(b) sole authority to defend and settle such claim and; (c) will at no time admit to

any liability for or express any intent to settle the claim provided that (i) Service

Provider shall not partially settle any such claim without the written consent of the

Bank, unless such settlement releases the Bank fully from such claim, (ii) Service

Provider shall promptly provide the Bank with copies of all pleadings or similar

documents relating to any such claim, (iii) Service Provider shall consult with the

Bank with respect to the defense and settlement of any such claim, and (iv) in any

litigation to which the Bank is also a party, the Bank shall be entitled to be

separately represented at its own expenses by counsel of its own selection.

v. Service Provider shall have no obligations with respect to any infringement claims

to the extent that the infringement claim arises or results from: (i) Service Provider’s

compliance with the Bank’s specific technical designs or instructions (except where

Service Provider knew or should have known that such compliance was likely to

result in an infringement claim and Service Provider did not inform the Bank of the


&



same); (ii) any unauthorized modification or alteration of the Software by the Bank

or its employee; (iii) failure to implement an update to the licensed Software that

would have avoided the infringement, provided Service Provider has notified the

Bank in writing that use of the update would have avoided the claim.

vi. Service Provider shall grant the Bank a fully paid-up, irrevocable, exclusive,

unlimited, perpetual license throughout the territory of India or abroad to access,

replicate and use Software provided by Service Provider, including all inventions,

designs and marks embodied therein perpetually. The source code /object code

/executable code and compilation procedures of the Solutions made under this

agreement are the proprietary property of the Bank and as such Service Provider

shall make them available to the Bank after successful User Acceptance Testing.

Service Provider agrees that the Bank owns the entire right, title and interest to any

inventions, designs, discoveries, writings and works of authorship, including all

Intellectual Property Rights, copyrights. Any work made under this agreement shall

be deemed to be ‘work made for hire’ under any Indian/U.S. or any other applicable

copyright laws.

48. LIQUIDATED DAMAGES:

If the Service Provider fails to deliver product and/or perform any or all the Services

within the stipulated time, schedule as specified in this RFP/Agreement, the Bank

may, without prejudice to its other remedies under the RFP/Agreement, and unless

otherwise extension of time is agreed upon without the application of liquidated

damages, deduct from the Project Cost, as liquidated damages as specified in

Appendix-J. Once the maximum deduction is reached, the Bank may consider

termination of the Agreement.

49. CONFLICT OF INTEREST:

i. Bidder shall not have a conflict of interest (the “Conflict of Interest”) that affects

the bidding Process. Any Bidder found to have a Conflict of Interest shall be

disqualified. In the event of disqualification, the Bank shall be entitled to forfeit and

appropriate the Bid Security and/or Performance Security (Bank Guarantee), as the

case may be, as mutually agreed upon genuine estimated loss and damage likely to

be suffered and incurred by the Bank and not by way of penalty for, inter alia, the

time, cost and effort of the Bank, including consideration of such Bidder’s proposal

(the “Damages”), without prejudice to any other right or remedy that may be

available to the Bank under the bidding Documents and/ or the Agreement or

otherwise.


&



ii. Without limiting the generality of the above, a Bidder shall be deemed to have a

Conflict of Interest affecting the bidding Process, if:

(a) the Bidder, its Member or Associate (or any constituent thereof) and any other

Bidder, its Member or any Associate thereof (or any constituent thereof) have

common controlling shareholders or other ownership interest; provided that this

disqualification shall not apply in cases where the direct or indirect shareholding

of a Bidder, its Member or an Associate thereof (or any shareholder thereof

having a shareholding of more than 5% (five per cent) of the paid up and

subscribed share capital of such Bidder, Member or Associate, as the case may

be) in the other Bidder, its Member or Associate, has less than 5% (five per cent)

of the subscribed and paid up equity share capital thereof; provided further that

this disqualification shall not apply to any ownership by a bank, insurance

company, pension fund or a public financial institution referred to in section

2(72) of the Companies Act, 2013. For the purposes of this Clause, indirect

shareholding held through one or more intermediate persons shall be computed

as follows: (aa) where any intermediary is controlled by a person through

management control or otherwise, the entire shareholding held by such

controlled intermediary in any other person (the “Subject Person”) shall be taken

into account for computing the shareholding of such controlling person in the

Subject Person; and (bb) subject always to sub-clause (aa) above, where a person

does not exercise control over an intermediary, which has shareholding in the

Subject Person, the computation of indirect shareholding of such person in the

Subject Person shall be undertaken on a proportionate basis; provided, however,

that no such shareholding shall be reckoned under this sub-clause (bb) if the

shareholding of such person in the intermediary is less than 26% of the

subscribed and paid up equity shareholding of such intermediary; or

(b) a constituent of such Bidder is also a constituent of another Bidder; or

(c) such Bidder, its Member or any Associate thereof receives or has received any

direct or indirect subsidy, grant, concessional loan or subordinated debt from any

other Bidder, its Member or Associate, or has provided any such subsidy, grant,

concessional loan or subordinated debt to any other Bidder, its Member or any

Associate thereof; or

(d) such Bidder has the same legal representative for purposes of this Bid as any

other Bidder; or

(e) such Bidder, or any Associate thereof, has a relationship with another Bidder, or

any Associate thereof, directly or through common third party/ parties, that puts

either or both of them in a position to have access to each other’s information

about, or to influence the Bid of either or each other; or


&



(f) such Bidder or any of its affiliates thereof has participated as a consultant to the

Bank in the preparation of any documents, design or technical specifications of

the RFP.

iii. For the purposes of this RFP, Associate means, in relation to the Bidder, a person

who controls, is controlled by, or is under the common control with such Bidder

(the “Associate”). As used in this definition, the expression “control” means, with

respect to a person which is a company or corporation, the ownership, directly or

indirectly, of more than 50% (fifty per cent) of the voting shares of such person,

and with respect to a person which is not a company or corporation, the power to

direct the management and policies of such person by operation of law or by

contract.

50. CODE OF INTEGRITY AND DEBARMENT/BANNING:

i. The Bidder and their respective officers, employees, agents and advisers shall

observe the highest standard of ethics during the bidding Process. Notwithstanding

anything to the contrary contained herein, the Bank shall reject Bid without being

liable in any manner whatsoever to the Bidder if it determines that the Bidder has,

directly or indirectly or through an agent, engaged in

corrupt/fraudulent/coercive/undesirable or restrictive practices in the bidding

Process.

ii. Bidders are obliged under code of integrity to Suo-moto proactively declare any

conflicts of interest (pre-existing or as and as soon as these arise at any stage) in

RFP process or execution of contract. Failure to do so would amount to violation of

this code of integrity.

iii. Any Bidder needs to declare any previous transgressions of such a code of integrity

with any entity in any country during the last three years or of being debarred by

any other procuring entity. Failure to do so would amount to violation of this code

of integrity.

iv. For the purposes of this clause, the following terms shall have the meaning

hereinafter, respectively assigned to them:

(a) “corrupt practice” means making offers, solicitation or acceptance of bribe,

rewards or gifts or any material benefit, in exchange for an unfair advantage

in the procurement process or to otherwise influence the procurement process

or contract execution;

(b) “Fraudulent practice” means any omission or misrepresentation that may

mislead or attempt to mislead so that financial or other benefits may be


&



obtained or an obligation avoided. This includes making false declaration or

providing false information for participation in an RFP process or to secure a

contract or in execution of the contract;

(c) “Coercive practice” means harming or threatening to harm, persons or their

property to influence their participation in the procurement process or affect

the execution of a contract;

(d) “Anti-competitive practice” means any collusion, bid-rigging or anti-

competitive arrangement, or any other practice coming under the purview of

the Competition Act, 2002, between two or more bidders, with or without the

knowledge of the Bank, that may impair the transparency, fairness and the

progress of the procurement process or to establish bid prices at artificial, non-

competitive levels;

(e) “Obstructive practice” means materially impede the Bank’s or Government

agencies investigation into allegations of one or more of the above mentioned

prohibited practices either by deliberately destroying, falsifying, altering; or

by concealing of evidence material to the investigation; or by making false

statements to investigators and/or by threatening, harassing or intimidating

any party to prevent it from disclosing its knowledge of matters relevant to

the investigation or from pursuing the investigation; or by impeding the

Bank’s rights of auditor access to information;

v. Debarment/Banning

Empanelment/participation of Bidders and their eligibility to participate in the

Bank’s procurements is subject to compliance with the code of integrity and

performance in contracts as per the terms and conditions of contracts. Following

grades of debarment from empanelment/participation in the Bank’s procurement

process shall be considered against delinquent Vendors/Bidders:

(a) Holiday Listing (Temporary Debarment - suspension):

Whenever a Vendor is found lacking in performance, in case of less frequent and

less serious misdemeanors, the vendors may be put on a holiday listing (temporary

debarment) for a period of up to 12 (twelve) months. When a Vendor is on the

holiday listing, he is neither invited to bid nor are his bids considered for evaluation

during the period of the holiday. The Vendor is, however, not removed from the list

of empanelled vendors, if any. Performance issues which may justify holiday listing

of the Vendor are:


&



• Vendors who have not responded to requests for quotation/tenders consecutively

three times without furnishing valid reasons, if mandated in the empanelment

contract (if applicable);

• Repeated non-performance or performance below specified standards (including

after-sales services and maintenance services etc.);

• Vendors undergoing process for removal from empanelment/participation in the

procurement process or banning/debarment may also be put on a holiday listing

during such proceedings.

(b) Debarment from participation including removal from empanelled list

Debarment of a delinquent Vendor (including their related entities) for a period (one

to two years) from the Bank’s procurements including removal from empanelment,

wherever such Vendor is empanelled, due to severe deficiencies in performance or

other serious transgressions. Reasons which may justify debarment and/or removal

of the Vendor from the list of empanelled vendors are:

• Without prejudice to the rights of the Bank under Clause 42(i) hereinabove, if a

Bidder is found by the Bank to have directly or indirectly or through an agent,

engaged or indulged in any corrupt/fraudulent/coercive/undesirable or restrictive

practices during the Bidding Process, such Bidder shall not be eligible to

participate in any EOI/RFP issued by the Bank during a period of 2 (two) years

from the date of debarment.

• Vendor fails to abide by the terms and conditions or to maintain the required

technical/operational staff/equipment or there is a change in its

production/service line affecting its performance adversely, or fails to cooperate

or qualify in the review for empanelment;

• If Vendor ceases to exist or ceases to operate in the category of requirements for

which it is empanelled;

• Bankruptcy or insolvency on the part of the vendor as declared by a court of law;

or

• Banning by the Ministry/Department or any other Government agency;

• Other than in situations of force majeure, technically qualified Bidder withdraws

from the procurement process or after being declared as successful bidder: (i)

withdraws from the process; (ii) fails to enter into a Contract; or (iii) fails to

provide performance guarantee or any other document or security required in

terms of the RFP documents;


&



• If the Central Bureau of Investigation/CVC/C&AG or Vigilance Department of

the Bank or any other investigating agency recommends such a course in respect

of a case under investigation;

• Employs a Government servant or the Bank’s Officer within two years of his

retirement, who has had business dealings with him in an official capacity before

retirement; or

• Any other ground, based on which the Bank considers, that continuation of

Contract is not in the public interest.

• If there is a strong justification for believing that the

partners/directors/proprietor/agents of the firm/company have been guilty of a

violation of the code of integrity or Integrity Pact (wherever applicable), evasion

or habitual default in payment of any tax levied by law; etc.

(c) Banning from Ministry/Country-wide procurements

For the serious transgression of code of integrity, a delinquent Vendor (including

their related entities) may be banned/debarred from participation in a procurement

process of the Bank including procurement process of any procuring entity of

Government of India for a period not exceeding three years commencing from the

date of debarment.

51. TERMINATION FOR DEFAULT:

i. The Bank may, without prejudice to any other remedy for breach of Agreement,

written notice of not less than 30 (thirty) days, terminate the Agreement in whole

or in part:

(a) If the Service Provider fails to deliver any or all the obligations within the time

period specified in the RFP/Agreement, or any extension thereof granted by

the Bank;

(b) If the Service Provider fails to perform any other obligation(s) under the

RFP/Agreement;

(c) Violations of any terms and conditions stipulated in the RFP;

(d) On the happening of any termination event mentioned in the RFP/Agreement.

Prior to providing written notice of termination to Service Provider under clause 43

(i) (a) to 43 (i) (c), the Bank shall provide Service Provider with a written notice of

30 (thirty) days to cure such breach of the Agreement. If the breach continues or

remains unrectified after the expiry of the cure period, the Bank shall have the right

to initiate action in accordance with the above clause.


&



ii. In the event the Bank terminates the Contract in whole or in part for the breaches

attributable to Service Provider, the Bank may procure, upon such terms and in such

manner as it deems appropriate, Software and Services similar to those undelivered,

and subject to the limitation of liability clause of this RFP Service Provider shall be

liable to the Bank for any increase in cost for such similar Solutions and/or Services.

However, Service Provider shall continue the performance of the Contract to the

extent not terminated.

iii. If the Contract is terminated under any termination clause, Service Provider shall

handover all documents/ executable/ Bank’s data or any other relevant information

to the Bank in a timely manner and in proper format as per the scope of this RFP

and shall also support the orderly transition to another vendor or to the Bank.

iv. During the transition, Service Provider shall also support the Bank on technical

queries/support on process implementation or in case of Software provision for

future upgrades.

v. The Bank’s right to terminate the Contract will be in addition to the penalties /

liquidated damages and other actions as specified in this RFP.

vi. In the event of failure of the Service Provider to render the Services or in the event

of termination of Agreement or expiry of the term or otherwise, without prejudice

to any other right, the Bank at its sole discretion may make alternate arrangements

for getting the Services contracted with another vendor. In such a case, the Bank

shall give prior notice to the existing Service Provider. The existing Service

Provider shall continue to provide services as per the terms of the Agreement until

a ‘New Service Provider’ completely takes over the work. During the transition

phase, the existing Service Provider shall render all reasonable assistance to the new

Service Provider within such period prescribed by the Bank, at no extra cost to the

Bank, for ensuring smooth switch over and continuity of services, provided where

transition services are required by the Bank or New Service Provider beyond the

term of this Agreement, reasons for which are not attributable to Service Provider,

payment shall be made to Service Provider for such additional period on the same

rates and payment terms as specified in this Agreement. If existing Service Provider

breaches this obligation, they shall be liable for paying a penalty of 10% of the total

Project Cost on demand to the Bank, which may be settled from the payment of

invoices or Bank Guarantee for the contracted period or by an invocation of Bank

Guarantee.

52. FORCE MAJEURE:


&



i. Notwithstanding the provisions of terms and conditions contained in this RFP,

neither party shall be liable for any delay in performing its obligations herein if and

to the extent that such delay is the result of an event of Force Majeure.

ii. For the purposes of this clause, 'Force Majeure' means and includes wars,

insurrections, revolution, civil disturbance, riots, terrorist acts, public strikes, hartal,

bundh, fires, floods, epidemic, quarantine restrictions, freight embargoes, declared

general strikes in relevant industries, Vis Major, acts of Government in their

sovereign capacity, impeding the reasonable performance of Service Provider

and/or Sub-Contractor but does not include any foreseeable events, commercial

considerations or those involving fault or negligence on the part of the party

claiming Force Majeure.

iii. If a Force Majeure situation arises, Service Provider shall promptly notify the Bank

in writing of such condition and the cause thereof. Unless otherwise directed by the

Bank in writing, Service Provider shall continue to perform its obligations under

the Contract as far as is reasonably practical and shall seek all reasonable alternative

means for performance not prevented by the Force Majeure event.

iv. If the Force Majeure situation continues beyond 30 (thirty) days, either party shall

have the right to terminate the Agreement by giving notice to the other party.

Neither party shall have any penal liability to the other in respect of the termination

of the Agreement as a result of an event of Force Majeure. However, Service

Provider shall be entitled to receive payments for all services actually rendered up

to the date of the termination of the Agreement.

53. TERMINATION FOR INSOLVENCY:

The Bank may, at any time, terminate the Contract by giving written notice to

Service Provider, if Service Provider becomes Bankrupt or insolvent or any

application for bankruptcy, insolvency or winding up has been filed against it by

any person. In this event, the termination will be without compensation to Service

Provider, provided that such termination will not prejudice or affect any right of

action or remedy, which has accrued or will accrue thereafter to the Bank.

54. TERMINATION FOR CONVENIENCE:

i. The Bank, by written notice of not less than 90 (ninety) days, may terminate the

Contract, in whole or in part, for its convenience, provided same shall not be

invoked by the Bank before completion of half of the total Contract period

(including the notice period).


&



ii. In the event of termination of the Agreement for the Bank’s convenience, Service

Provider shall be entitled to receive payment for the Services rendered (delivered)

up to the effective date of termination.

55. DISPUTES / ARBITRATION (APPLICABLE IN CASE OF SUCCESSFUL

BIDDER ONLY):

i. All disputes or differences whatsoever arising between the parties out of or in

connection with the Contract (including dispute concerning interpretation) or in

discharge of any obligation arising out of the Contract (whether during the progress

of work or after completion of such work and whether before or after the termination

of the Contract, abandonment or breach of the Contract), shall be settled amicably.

If however, the parties are not able to solve them amicably within 30 (thirty) days

after dispute occurs as evidenced through the first written communication from any

Party notifying the other regarding the disputes, either party (SBI or Service

Provider), give written notice to other party clearly setting out there in specific

dispute(s) and/or difference(s) and shall be referred to a sole arbitrator mutually

agreed upon, and the award made in pursuance thereof shall be binding on the

parties. In the absence of consensus about the single arbitrator, the dispute may be

referred to an arbitration panel; one to be nominated by each party and the said

arbitrators shall nominate a presiding arbitrator, before commencing the arbitration

proceedings. The arbitration shall be settled in accordance with the applicable

Indian Laws and arbitration proceeding shall be conducted in accordance with

Arbitration and Conciliation Act 1996 and any amendment thereto. Any appeal will

be subject to the exclusive jurisdiction of courts at Mumbai.

ii. Service Provider shall continue work under the Contract during the arbitration

proceedings unless otherwise directed by the Bank or unless the matter is such that

the work cannot possibly be continued until the decision of the arbitrator is

obtained.

iii. Arbitration proceeding shall be held at Mumbai, India, and the language of the

arbitration proceedings and that of all documents and communications between the

parties shall be in English.

56. GOVERNING LANGUAGE:

The governing language shall be English.


&



57. APPLICABLE LAW:

The Contract shall be interpreted in accordance with the laws of the Union of India

and shall be subjected to the exclusive jurisdiction of courts at Mumbai.

58. TAXES AND DUTIES:

i. Service Provider shall be liable to pay all corporate taxes and income tax that shall

be levied according to the laws and regulations applicable from time to time in India

and the price Bid by Service Provider shall include all such taxes in the quoted price.

ii. Prices quoted should be exclusive of all Central / State Government taxes/duties

and levies but inclusive of all corporate taxes and Custom duty as also cost of

incidental services such as transportation, road permits, insurance etc. The quoted

prices and taxes/duties and statutory levies such as GST etc. should be specified in

the separate sheet (Appendix-F).

iii. Custom duty as also cost of incidental services such as transportation, road permits,

insurance, etc. in connection with the delivery of products at the site including any

incidental services and commissioning, if any, which may be levied, shall be borne

by Service Provider and the Bank shall not be liable for the same. Only specified

taxes/ levies and duties in the Appendix-F will be payable by the Bank on actuals

upon production of the original receipt wherever required. If any specified taxes/

levies and duties in Appendix-F are replaced by the new legislation of Government,

the same shall be borne by the Bank. The Bank shall not be liable for payment of

those Central / State Government taxes, levies, duties or any tax/ duties imposed by

local bodies/ authorities, which are not specified by the Bidder in Appendix-F

iv. Prices payable to Service Provider as stated in the Contract shall be firm and not

subject to adjustment during the performance of the Contract, irrespective of

reasons whatsoever, including exchange rate fluctuations, any upward revision in

Custom duty.

v. Income / Corporate Taxes in India: The Bidder shall be liable to pay all corporate

taxes and income tax that shall be levied according to the laws and regulations

applicable from time to time in India and the price Bid by the Bidder shall include

all such taxes in the contract price.

vi. All expenses, stamp duty, and other charges/ expenses in connection with the

execution of the Agreement as a result of this RFP process shall be borne by Service

Provider. The Agreement/ Contract would be stamped as per Maharashtra Stamp

Act, 1958 and any amendment thereto.


&



59. TAX DEDUCTION AT SOURCE:

i. Wherever the laws and regulations require deduction of such taxes at the source of

payment, the Bank shall effect such deductions from the payment due to Service

Provider. The remittance of amounts so deducted and issuance of a certificate for

such deductions shall be made by the Bank as per the laws and regulations for the

time being in force. Nothing in the Contract shall relieve Service Provider from his

responsibility to pay any tax that may be levied in India on income and profits made

by Service Provider in respect of this Contract.

ii. Service Provider’s staff, personnel and labour will be liable to pay personal income

taxes in India in respect of such of their salaries and wages as are chargeable under

the laws and regulations for the time being in force, and Service Provider shall

perform such duties in regard to such deductions thereof as may be imposed on him

by such laws and regulations.

60. TENDER FEE:

Non-refundable Tender Fee should be directly credited to the designated account as

mentioned in Schedule of Events. Proof of remittance of Tender Fee in the

designated account should be enclosed with the technical bid. The Bids without

tender fee will not be considered valid.

61. EXEMPTION OF EMD AND TENDER FEE:

Micro & Small Enterprises (MSE) units and Start-ups* are exempted from payment

of EMD and tender fee provided the products and/or services they are offering, are

manufactured and/or services rendered by them. Exemption as stated above is not

applicable for selling products and/or services, manufactured/ rendered by other

companies.

Bidder should submit supporting documents issued by competent Govt. bodies to

become eligible for the above exemption.

Bidders may please note:

i. NSIC certificate/ Udyog Aadhar Memorandum should cover the items tendered to

get EMD/tender fee exemptions. Certificate/ Memorandum should be valid as on

due date / extended due date for Bid submission.

ii. “Start-up” company should enclose the valid Certificate of Recognition issued by


&



the Department for Promotion of Industry and Internal Trade (DPIIT), (erstwhile

Department of Industrial Policy and Promotion), Ministry of Commerce & Industry,

Govt. of India with the technical bid.

iii. *Start-ups that are not under the category of MSE shall not be eligible for exemption

of tender fee.

iv. The bidder who solely on its own, fulfills each eligibility criteria condition as per

the RFP terms and conditions and who are having MSE or Start-up company status,

can claim an exemption for EMD/ tender fee.

v. If all these conditions are not fulfilled or supporting documents are not submitted

with the technical Bid, then all those Bids without tender fees /EMD will be

summarily rejected and no queries will be entertained.

62. NOTICES:

Any notice given by one party to the other pursuant to this Contract shall be sent to

other party in writing or by Fax and confirmed in writing to other Party’s address.

The notice shall be effective when delivered or on the notice’s effective date

whichever is later.


&



Part-II


&



Appendix-A

BID FORM (TECHNICAL BID)

[On Company’s letter head]

(To be included in Technical Bid Folder)

Date: ______________

To:

DEPUTY GENERAL MANAGER,

NETWORKING & COMMUNICATION DEPARTMENT,

GLOBAL IT CENTRE, GITC,

SECTOR -11, CBD BELAPUR,

NAVI MUMBAI – 400614

Dear Sir,

Ref: SBI/GITC/NW&C/20-21/706 Dated 18.08.2020

Engagement of Network Integrator and Setting up of Next Gen Network Operations

Centers (NOCs)

We have examined the above RFP, the receipt of which is hereby duly acknowledged and

subsequent pre-bid clarifications/modifications/revisions if any, furnished by the Bank and

we offer to provide NI (Network Integrator) Services, Setting up of Next Gen Network

Operations Centres and to Design, Supply, Delivery, Implementation, Commission &

Management of desired Solutions as detailed in this RFP. We shall abide by the terms

and conditions spelled out in the RFP. We shall participate and submit the commercial Bid

through online auction to be conducted by the M/s E-Procurement Technologies Ltd, on

the date advised to us.

i. While submitting this Bid, we certify that:

▪ The undersigned is authorized to sign on behalf of the Bidder and the necessary

support document delegating this authority is enclosed to this letter.

▪ We declare that we are not in contravention of conflict of interest obligation

mentioned in this RFP.

▪ Indicative prices submitted by us have been arrived at without agreement with any

other Bidder of this RFP for the purpose of restricting competition.

▪ The indicative prices submitted by us have not been disclosed and will not be

disclosed to any other Bidder responding to this RFP.

▪ We have not induced or attempted to induce any other Bidder to submit or not to

submit a Bid for restricting competition.


&



▪ We have quoted for all the products/services mentioned in this RFP in our indicative

price Bid.

▪ The rate quoted in the indicative price Bids are as per the RFP and subsequent pre-

Bid clarifications/ modifications/ revisions furnished by the Bank, without any

exception.

▪ The product costs mentioned in the price bid include all the implementation-related

costs including but not limited to installation, integration, customization, testing,

operationalization, UAT, closure of vulnerabilities in various security reviews &

audits, etc.

▪ The Indicative commercial bid includes prices for personnel resources (onsite and

backend), cost of development of processes & methodologies, tools used,

deliverables as per Bank’s requirements, and other terms and conditions of the RFP.

▪ All components required for each technology Solution should be provided. If any

such item is left out and if it is found necessary at any stage, the bidder shall procure

it at their own cost.

▪ The Bank reserves the right to procure or not to procure any or all items, including

upgrades depending on the Bank’s requirements. All components of the NGNOC

must be separately given and not bundled.

▪ The warranty period of three years of each item procured shall start from the date

of product go live as mentioned in RFP or 3 months from the date of complete

delivery of BOM in all respect, whichever is earlier, provided such delay is

attributable to the Bank.

▪ The Bank reserves the right to enter into AMC for part or full project/items. The

Bank may avail AMC / ATS even after Contract period of the project duration. Such

an AMC rate for Hardware shall be 10% p.a. of the cost of Hardware / Appliances

and for Software shall be 15% p.a. of the cost for Software & Customized

Applications.

▪ The Contract Cost and Contract Cost granular breakup totals should work out to the

same annual/total cost of the contract

▪ The bidder should maintain the same ratio of cost as indicated in the indicative

commercial bid. The per-branch / per item cost will be worked out after the price

discovery and the payment will be made for the actual number of branches/items.

▪ The bidder should quote the prices exclusive of all taxes.

ii. We undertake that, in competing for (and, if the award is made to us, in executing) the

above contract, we will strictly observe the laws against fraud and corruption in force in

India namely “Prevention of Corruption Act 1988”.


&



iii. We undertake that we will not offer, directly or through intermediaries, any bribe, gift,

consideration, reward, favor, any material or immaterial benefit or another advantage,

commission, fees, brokerage or inducement to any official of the Bank, connected directly or

indirectly with the bidding process, or to any person, organization or third party related to the

contract in exchange for any advantage in the bidding, evaluation, contracting and

implementation of the contract.

iv. We undertake that we will not resort to canvassing with any official of the Bank, connected

directly or indirectly with the bidding process to derive any undue advantage. We also

understand that any violation in this regard will result in the disqualification of bidders

from the further bidding process.

v. It is further certified that the contents of our Bid are factually correct. We have not sought

any deviation from the terms and conditions of the RFP. We also accept that in the event

of any information/data/particulars proving to be incorrect, the Bank will have the right

to disqualify us from the RFP without prejudice to any other rights available to the Bank.

vi. We certify that while submitting our Bid document, we have not made any changes in the

contents of the RFP document, read with its amendments/clarifications provided by the

Bank.

vii. We agree to abide by all the RFP terms and conditions, contents of Service Level

Agreement as per template available at Appendix-K of this RFP, and the rates quoted

therein for the orders awarded by the Bank up to the period prescribed in the RFP, which

shall remain binding upon us.

viii. On acceptance of our technical bid, we undertake to participate in Reverse Auction by

way of login in Reverse auction tool. In case of declaration as a successful Vendor on

completion of the Reverse Auction process, we undertake to complete the formalities as

specified in this RFP.

ix. The commercial bidding process will be through the Reverse Auction process to be

conducted by the M/s E-Procurement Technologies Ltd. We understand that our

authorized representative who would participate in the reverse auction process would be

possessing a valid digital certificate for the purpose.

x. Till execution of a formal contract, the RFP, along with the Bank’s notification of award

by way of issuance of the purchase order and our acceptance thereof, would be a binding

contractual obligation on the Bank and us.


&



xi. We understand that you are not bound to accept the lowest or any Bid you may receive

and you may reject all or any Bid without assigning any reason or giving any explanation

whatsoever.

xii. We hereby certify that neither we nor any of our sister concern company is under the

debarment/blacklist period for breach of contract/fraud/corrupt practices by any

Scheduled Commercial Bank/ Public Sector Undertaking / State or Central Government

or their agencies/ departments or any Law Enforcement Authority for breach of any

Regulations or Laws on the date of online submission of the bid for this RFP.

xiii. We hereby certify that we (participating in RFP as OEM)/ our OEM have a support center

and level 3 escalation (highest) located in India.

xiv. We hereby certify that on the date of online submission of Bid, we do not have any

Service Level Agreement pending to be signed with the Bank for more than 6 months

from the date of the issue of the purchase order.

xv. We hereby certify that we have read the clauses contained in O.M. No. 6/18/2019-PPD,

dated 23.07.2020 order (Public Procurement No. 1), order (Public Procurement No. 2)

dated 23.07.2020 and order (Public Procurement No. 3) dated 24.07.2020 regarding

restrictions on procurement from a bidder of a country which shares a land border with

India. We further certify that we are not from such a country or if from a country, has

been registered with competent authority. We certify that we fulfil all the requirements

in this regard and is eligible to participate in this RFP

xvi. We hereby certify that neither we nor any of our sister concern company serves as any of

the following – (a) Service/System Integrator for the Bank’s Security Operations Centre

(SOC), and (b) Information Systems Security Partners (ISSPs) empanelled with SBI.

xvii. If our Bid is accepted, we undertake to enter into and execute at our cost, when called

upon by the Bank to do so, a contract in the prescribed form and we shall be solely

responsible for the due performance of the contract.

xviii. We, further, hereby undertake and agree to abide by all the terms and conditions

stipulated by the Bank in the RFP document.

Dated this ....... day of ............................ 2020

______________________________________________________________

(Signature) (Name)

(In the capacity of)

Duly authorised to sign Bid for and on behalf of


&



______________________________________

Seal of the company.


&



Appendix-B

Bidder’s Eligibility Criteria

Bidders meeting the following criteria are eligible to submit their Bids along with

supporting documents. If the Bid is not accompanied by all the required documents

supporting eligibility criteria, the same would be rejected:

S.

No. Eligibility Criteria

Compliance

(Yes/No) Documents to be submitted

1.

The Bidder must be an Indian

firm/company/ organization

registered under the Companies Act

2013 and should be in existence for

more than 3 years in India.

Copy of the Partnership deed / Bye-

Law / Certificate of Incorporation

issued by Registrar of Companies

and full address of the registered

office along with Memorandum &

Articles of Association/ Partnership

Deed.

2.

The Bidder must comply with the

requirements contained in O.M. No.

6/18/2019-PPD, dated 23.07.2020

order (Public Procurement No. 1),

order (Public Procurement No. 2)

dated 23.07.2020 and order (Public

Procurement No. 3) dated 24.07.2020

Bidder should specifically certify in

Appendix A in this regard and

provide copy of registration

certificate issued by competent

authority wherever applicable.

3.

The Bidder must have a minimum

annual IT turnover of Rs.300 crore in

each of the last three financial years

(FY 2017-18, 2018-19, 2019-20)

Copy of the audited Balance Sheet

and P&L statement of the bidder for

the last three financial years: 2017-

18, 2018-19, 2019-20 and certificate

from Chartered Accountant.

4.

Bidder should have experience of

minimum 5 years in providing the

Network Management & Support

Services.

Copy of the order and / or

Certificate of completion of the

work. The Bidder should also

furnish the user acceptance report.

5.

Client references and contact details

(email/ landline/ mobile) of

customers for whom the Bidder has

executed Network Management &

Support Services in India.

(Start and End Date of the Project to

be mentioned) in the past (At least 3

client references are required)

Bidder should specifically confirm

on their letterhead in this regard as

per Appendix-N


&



6.

Bidder should be a profitable

organization based on Profit Before

Tax (PBT) for at least two out of three

financial years (2017-18, 2018-19,

2019-20).

Copy of the audited Balance Sheet

and P&L statement of the bidder for

the last three financial years: 2017-

18, 2018-19, 2019-20 and certificate

from Chartered Accountant.

7.

Past/present litigations, disputes, if

any (Adverse litigations could result

in disqualification, at the sole

discretion of the Bank)

Brief details of litigations, disputes,

if any are to be given on the

Company’s letterhead.

8.

Bidders or any of its sister concern

company should not be under the

debarment/blacklist period for breach

of contract/fraud/corrupt practices by

any Scheduled Commercial Bank/

Public Sector Undertaking / State or

Central Government or their

agencies/ departments or any Law

Enforcement Authority for breach of

any Regulations or Laws on the date

of submission of the bid for this RFP.


Appendix A in this regard.

9.

The bidder, if participating as

Channel Partner of any OEM, then

OEM should have a support centre

and level 3 escalation (highest)

located in India.

For OEMs, directly participating, the

conditions mentioned above for the

support centre remain applicable.



10.

The Bidder should not have any

Service Level Agreement pending to

be signed with the Bank for more than

6 months from the date of issue of the

purchase order.



11.

The Bidder does not appear in any

“Caution” list of RBI / IBA or any

other regulatory body for outsourcing

activity on the date of submission of

the bid for this RFP.



12.

To avoid conflict of interest the

bidder or sister concern company

should not be any of the following –




&



a. Service/System Integrator for the

Bank’s Security Operations Centre

(SOC)

b. Information Systems Security

Partners (ISSPs) empanelled with

SBI.

13.

Bidder should have experience in

Implementing Network Operations

Centre (NOC) for at least one of their

clients in the last 5 years. The NOC

implemented shall be capable of

monitoring & managing at least

5,000 remote network devices

(such as routers, switches, etc.) per

project.

Deployment certificate issued by

client to bidder / OEM / Verifiable

proof – attach copy obtained from

each such client.

14.

The Bidder should have experience

in Maintaining Network Operations

Centre (NOC) for at least one of their

clients in the last 5 years for

managing and monitoring their

network consisting of at least 15,000

remote network devices (such as

routers, switches, etc.) per project.

The minimum maintenance period

shall be 6 months continuously.

Deployment certificate issued by

client to bidder / OEM / Verifiable

proof – attach copy obtained from

each such client.

15.

The NOC tools (i.e. Network

Management, Monitoring &

Operations tools) proposed by the

Bidder (for installation in the Bank’s

NOC) should have been deployed in

at least 3 organization’s NOC in

BFSI sector.

Certificate from the OEM on the

OEM’s letterhead certifying the

criteria specified, along with the

mention of the name and contact

details of the client. The certificate

has to be arranged by the Bidder.

16.

The OEM of the Log Management

Solution (LMS), as per the definition

provided in Appendix-C, proposed

by the Bidder should have a client

with at least 100 network devices

(deployed in DC) integrated with the

LMS including at least 5

firewalls/IPS in HA for log

collection.

Certificate from the OEM on the

OEM’s letterhead certifying the

criteria specified, along with the

mention of the name and contact

details of the client. The certificate

has to be arranged by the Bidder.


&



17.

The Bidder should have

implemented the LMS (as per the

definition provided in Appendix-C)

in the last 5 years for at least 1 client.

Only those references shall be

considered which are running

successfully for at least 2 years.

Certificate from the referenced

client on the Client’s letterhead

certifying the fulfillment of the

criteria

18.

The Bidder must have management

experience of a minimum of 2 years

for the following two solutions:

a. Network Access Control (NAC)

b. Centralized Internet Proxy

Solution

Certificate from the referenced

client on the Client’s letterhead

certifying the fulfillment of the

criteria

Documentary evidence must be furnished against each of the above criteria along with an index.

All documents must be signed by the authorized signatory of the Bidder. Relevant portions, in

the documents submitted in pursuance of eligibility criteria, should be highlighted.

Eligibility criteria mentioned at Sl No 2 to 5 in the table above are relaxed for Start-ups

subject to their meeting of quality and technical specifications. Bidder to note the

followings:

i. “Start-up” company should enclose the valid Certificate of Recognition issued by the

Department for Promotion of Industry and Internal Trade (DPIIT), (erstwhile

Department of Industrial Policy and Promotion), Ministry of Commerce & Industry,

Govt. of India with the technical bid.

ii. The bidder who solely on its own, fulfills each eligibility criteria condition as per the

RFP terms and conditions and who are having Start-up company status, can claim an

exemption for eligibility criteria mentioned at Sl No 2 to 5 in the table above.

iii. If all these conditions are not fulfilled or supporting documents are not submitted with

the technical Bid, then all those Bids will be summarily rejected, and no queries will

be entertained.

Name & Signature of authorised signatory

Seal of Company

Date:


&



Appendix-C

Technical & Functional Specifications

1. All specifications provided in this Appendix are mandatory. Non-compliance with

any of the specifications will render the Bidder disqualified.

2. All customizations and integrations required shall be completed by the Bidder

through respective OEMs within 6 months from the date of issuance of the Purchase

Order.

3. Compliance with all the specifications mentioned in this Appendix must be

supported by relevant and verifiable documents. All such supporting documents

must be submitted along with the technical bid.

New Solution-1: Log Management Solution (LMS)

S.

No

.

Minimum Technical/Functional

Specifications

Compli

ance

(Y/N)

Available

as part of

the solution

(Y/N)

Marks in

score

chart: 3

marks

Provided

as 3rd

Party

Sol*

(Y/N)

Marks in

score

chart: 2

marks

Customizat

ion

require*

(Y/N)

Marks in

score

chart: 1

mark

Definition:

A Log Management Solution (LMS)

is a Software system that aggregates

and stores log files from multiple

network endpoints and systems into a

single location. LMS applications are

used to centralize all of the log data

from disparate systems into a single

place where they can be viewed and

correlated by an IT security analyst.

Broadly, the LMS shall have the

following capabilities & features:

1. Log Collection

• Log collection needs to be

non-intrusive (i.e. collection

of logs without requiring any

special change in application/


&



Software running on the

device under reference).

• Logs need to be collected

from a diverse set of devices,

servers, and applications

available in the network.

• The Solution should not

require the use of agents on

the monitored assets, except

if the asset being monitored

does not provide any means

of native log shipping.

2.Secure Log Storage

• The log data needs to be

stored in an archive for

forensic analysis and

regulatory compliance

requirements.

• The log data storage should

be secure (i.e. encrypted) and

tamper-proof

• The retention duration should

be flexible

• The storage location, media

also should be flexible (read-

only media, mass storage

system, etc.)

3. Log Normalization

The logs from heterogeneous sources

should be normalized to have a

common format facilitating analysis

and correlation

4. Log Analysis

• The logs need to be analysed

to get a full picture of the

network security events

• The logs correlation across

multiple devices

5. Report and Alert Generation

• There should be

customizable, custom, and

scheduled reports in different


&



formats and should be

distributable.

• The alerts should be notified

in real-time. There should be

more notification

mechanisms and even other

programs should be executed

to carry out remedial

measures.

Detailed requirements have been

defined below.

A General

1

The proposed LMS must be a

purpose-built hardware Appliance.

For any additional hardware, OS,

Database and storage, and any other

license to support the Solution

including scalability, the bidder

should factor them with no additional

cost to the Bank (other than quoted in

the RA).

2

The LMS should be on-premises and

appliance-based having a Hardened

Operating System with a clear

physical separation of the collection

engine, the logging engine, and the

co-relation engine. The Solution

should have a scalable architecture,

catering to multi-tier support, and

distributed deployments. The

collection engine should be available

in all DCs and the rest of the

components are to be deployed in two

DCs (either in active-active or active-

passive mode depending on the

Bank’s decision).

3

The Solution should offer Single

Global View of all the log data

received from devices deployed

across sites/geographies

4

The Solution should be deployed to

collect and correlate data from

multiple and heterogeneous devices

spread across the Bank’s network.


&



5

The Solution shall provide both

agent-based and agent-less

architecture to collect the security

logs across various hardware &

software resources and assets running

various operating systems. During the

contract period, if a new OS is

introduced, the agent should support

the same for achieving the objective

specified above, at no extra cost to the

Bank.

6

The Solution should not require the

use of agents on the monitored assets,

except if the asset being monitored

does not provide any means of native

log shipping. The installation of the

agent on all applicable devices shall

be the responsibility of the selected

Bidder.

7

The Solution should be able to handle

up to 60,000 Sustained EPS. The

proposed Solution should take into

account upgrades of hardware,

software, licenses as applicable over

the contract period at no additional

cost to the Bank. The Solution should

be scalable up to 1,00,000 Sustained

EPS during the currency of the

contract period.

8

The Solution should support the

collection of logs from at least 1 Lakh

devices from day one and should be

scalable to support a maximum of 2

Lakh devices (data sources) during

the contract period.

9

The Solution should be able to

perform single-site & multi-site

correlation across the Network.

10

For assets not natively supported, the

Solution should provide the collection

of events through customization of

connectors or similar integration.


&



11

The Solution must supply API and

graphical tools for creating new

connectors or similar parsing

solution. The Solution should

provide ease of use of regular

expression based ability to create

custom parsers.

12

The Solution receiver or log

collection component must store the

data locally if communication with

centralized correlators is unavailable.

The minimum holding period shall be

of 72 hours.

13

The Solution should provide the

capacity to maintain the Normalized

logs online for six months. Further,

logs should be kept in an archive for

the entire duration of the contract. The

Solution should have the facility to

retrieve the archive logs as and when

required by the Bank without

degrading the performance.

Note: Average Event Size considered

is 500 Bytes per Event.

14

Must allow correlating events and

alerts to existing data in lists

(watchlist), also allows the creation of

new and editing existing lists, both as

an automated and manual mode. Must

allow the creation of static or dynamic

Lists.

15

The Solution should support

integration with RADIUS,

TACACS+, Active Directory, and

other similar external servers for

performing AAA functionalities.

16

The solution should provide a single

pane of glass to manage all the LMS

components and view for all events

and incidents across the organization

and should provide Real-Time

Analysis and Reporting.

17

The Solution should be capable of

retrieving the archived logs for

analysis, correlation, reporting, and

forensic purposes.


&



18

The Solution should be able to collect

data from new devices added into the

environment, without any disruption

to the ongoing data collection.

19

The solution shall have the following

provisions for log storage:

(a) Raw Logs: On Log Collectors

(for 72 hours) and Archival

Servers (for the entire

duration of the contract)

(b) Normalized Logs: On Log

Manager (online for 6 months

at any given point of time)

20

The Solution's log receiver/collector

component should be able to work in

high availability (HA) mode.

21

The Solution should be able to ingest

Indicators of Compromise (IoCs) to

compare with log data stored on them

and generate alerts in case of a match

with the bad entities (e.g., IP

addresses, domains, URLs, file

hashes) that could be signs of an

attacker or breach activity in the

Bank's network.

22

The Solution should be licensed based

on the EPS count (and not licensed by

the number of users, device types,

and/or the number of network or end

systems devices that are subject to

logging).

23

The Solution should have

comprehensive coverage of various

local & global regulatory &

compliance mandates out of the box

at no extra cost particularly relevant

to the BFSI sector. For example,

PCI, ISO27000 & others

24

The proposed Solution should have

the facility for retrieval of logs in a

fast manner without impacting (like

device hang, high CPU and Memory

utilization, console access

termination, etc.).

25 Intercommunication between

different components of LMS should


&



happen as per the Bank's security

policy.

26

The Solution should have the

flexibility to define a set of rules for

analyzing the incident/ events.

27


clustering of the management server

to support linear scaling, increased

throughput & to ensure data

integrity.

28 The Solution shall be integrated with

the Bank's SIEM solutions.

B Log Collection & Management

29

The Solution shall be integrated with

the existing Firewalls, IPS, Servers,

Gateways routers, switches, etc.

30

The Solution architecture shall factor

for log collection and storage at

intermediate points to optimize the

use of system and network resource

31

The Log Management & Analytic

Solution should be able to collect logs

via several ways including SYSLOG,

OPSec, WMI, SDEE (Security

Device Event Exchange), Calls to

MS-SQL Systems via ODBC, FTP,

SCP (Secure Copy Protocol), SNARE

(System intrusion Analysis and

Reporting Environment), Adiscon,

etc.

32

The Solution should provide the

capability to integrate with an

external storage solution (to be

arranged by the bidder) to store events

for historical reporting and analysis.

33

The Solution should provide a data

aggregation technique to summarize

and reduce the number of events

stored in the master database.


&



34


capability to audit any tampering of

collected log.

35


capability such that the data collected

from the receiver or the log collector

can be forwarded to its own storage

component of the Solution and

external SIEM Solution of the Bank,

in a secure manner (encryption).

36

The proposed Solution should

provide a minimum log compression

of 75% for ensuring log compression

to reduce overall log storage space for

the raw log format.

37

The Solution must be able to

compress data available on or off the

system for archiving purposes for

ensuring efficient consumption of

storage space.

38

The Solution should support flexible

and reliable distributed & centralized

log collection & processing

architecture. It should minimize the

consumption of bandwidth to the

extent possible.

39

The Solution must be fault-tolerant

(ability to continue logging/alerting in

the event of failure of a few Solution

components).

40

The Solution architecture should be

implemented in such a manner that

there shall be no loss of data/logs

during the execution of maintenance

activities and failure of one or more

Solution components and other

similar reasons (like DR drills etc.)

41

The Solution must be flexible,

configurable, and provide automatic

learning of data sources, collect &

store event logs.

42

The Solution must have a toolkit & /or

interfaces to allow for creation

/integration with unsupported legacy

or custom event sources.

43 The Solution must provide support for

various methods that can be used to


&



alert concerned officials about

important and critical events (e.g.,

SMTP, SNMP, SMS, etc.)

44

The Solution must be customizable

allowing integration and automation

with other solutions such as IPS,

SIEM, Ticketing Systems,

Automation & Orchestration, & other

3rd party products & relevant

technologies.

45

The Solution must allow for rule-

based & risk-based rules to detect

specific conditions/events.

46

The Solution should create Alerts/

notifications in several ways, i.e. from

the dashboards, configuration

settings, or when one or more number

of events occurs with configurable

conditions, thresholds being

met/exceeded and more.

47


support the following actions based

on configurable condition defined:

Log Event, Create a Case, Execute a

Script, Send Message, Generate

Reports, modify a watch list, Trigger

an automatic IPS block, etc.

48

The Solution should support the use

of open & scalable data bus

specifically built for high-volume

data processing.

49


forwarding of raw logs to multiple

destinations at the same time.

50


sending of raw logs to third party

products without sending them to

local log storage.

51

The Solution should have a diagnostic

tool to identify and fix/troubleshoot

various issues on log collection,

processing, parsing, data source,

retrieval of data, the performance of

the Solution and its various

components, etc.


&



52

The Solution must be flexible and

configurable to arrange & organize

logs based on various physical and

logical types of source devices

integrated with the solution.

53

The Solution must provide

discretionary access controls to view,

analyze, report, and alert on the event

data.

C Reporting

54

The Solution should provide

customizable and custom reports

templates.

55 The Solution should allow scheduling

of creation and distribution of reports

56

The Solution must provide fully

customizable queries and report

libraries to define reports and alert

combinations.

57


automated scheduled archiving

functionality into the log storage

component of the solution.

58 The proposed Solution should

provide a segregated dashboard.

59

The proposed Solution should support

several different formats of the

reports including PDF, CSV, etc.

D Correlation

60

The Solution should provide both

rule-based and rule-less (RISK

SCORE BASED) correlations against

data collected from multiple devices

across the network.

61

The Solution should support real-time

threat intelligence from the OEM or

other trusted third party feed vendors.

62

The Solution should have pre-defined

correlation rules out of the box, to

provide correlation on the fly.

63

The Solution shall provide a user-

friendly graphical user interface to

create/edit/delete correlation rules.


&



64

The filtering options should support

Boolean operations including "OR,

"NOT" and "AND" logic operations.

65

The Solution must support the ability

to integrate with at least one cloud

intelligence system with information

from global risks and use the

information collected in this system in

the correlation of events.

66

The Solution should employ AI

(Artificial Intelligence) and ML

(Machine Learning) enabled tool

(either internal or external) that can

automatically parse and analyse all of

the network devices’ logs and learn

the baseline of the Bank’s network

environment, and generate alerts on

both previously known and unknown

issues.

67


flexibility to the Administrator for

controlling the replication and should

also perform incremental

synchronization between components

of the Solution deployed across

different locations.

New Solution-2: Network Performance Monitoring & Diagnostics (NPMD)

General Specification

Feasible

(Y/N)

Compliance

(Y/N) &

Supporting

Docs

Available

as part of

Solution

(Y/N)

Marks

in score

chart: 3

marks

Provide

d as 3rd

Party

Sol*

(Y/N)

Marks

in

score

chart:

2 mark

Cust.

Require

d*

(Y/N)

Marks

in

score

chart:

1 mark

Definition:

NPMD tools allow for IT operations to

understand the performance of

applications, the network and

infrastructure components via network

instrumentation. Additionally, these

tools provide insight into the quality of


&



end user experience. The goal of NPMD

products is not only to monitor the

network components to facilitate outage

and degradation resolution, but also to

identify performance optimization

opportunities. This is conducted via

diagnostics, analytics and debugging

capabilities to complement additional

monitoring of today’s complex IT

environment.

1 Solution should be available on

on-premises

2

Solution should support capture

of application data flowing in the

Data Center network for analysis.

It should be a passive deployment

of the Solution without need for

any agents to be deployed on the

applications.

3

Solution should provide data

collection and intelligence to help

baseline performance, alert on

deviations and aid in root cause

analysis for performance issues

with applications, servers or

network.

4

Solution should support

scalability with an extremely

small footprint to provide long-

term historical trending with

trace-level diagnostics

5

Solution should provide complete

visibility into the Bank's entire

enterprise network, while

presenting integrated data from

multiple environments into a

common unified dashboard.

6


network path monitoring along

with latency between each hop.

7

Solution should provide alerting

view on Business dashboard in

with different colour (to indicate

severity) showing the EURT (End

User Response Time) metric for

Business applications


&



8

The Business Critical Application

dashboard should clearly give the

detail metrics associated with

HIGH end user response time

which includes Server response

time, Network round Trip Time

and Data transfer time.

9

Solution Should also give

business critical network

dashboard to understand the

Traffic, latency and Bandwidth

utilization per

location/site/branches/application

10

Solution should propose

automated /manual baseline for

end user response time and

provide visual alert if any

deviation on baseline happens

11

Solution should capture packets

automatically, in case abnormal

values are observed on critical

servers. These packets are

presented for later analysis as

PCAP files, which can be

downloaded through the web

graphical interface at the

conversation level.

12

Solution should provide single

pane of glass for complete

network and application visibility

13

Solution should support easy

integration with other data

sources and monitoring tools

using Open APIs.

14

The Solution MUST include a

comprehensive logging capability

to log all the system events

15 Solution should support NTP, for

Time Synchronization

16

Solution should offer a 100%

Web-based user interface for

centralized monitoring,

configuration and reporting

purposes.

Network Performance Monitoring


&



17

It should be able to

collect/capture Real time

NetFlow and other flow

technologies, such as sFlow,

jFlow, other flow variants

(Xflow), IPFIX and SNMP for

network monitoring and analysis.

Additionally, it should also

provide Deep Packet Inspection

(DPI) for packet analysis. It

should also be capable of using

packet-captured data into

analytics to identify and isolate

problem areas.

18

The Solution should, not only

capture and analyze packet data,

but also correlate the collated

traffic data from different

sources, and then produce it to the

user in a web-based interface for

monitoring and analysing

network traffics. It should

categorize traffic according to

elements like source or

destination IP address, port usage,

application type, and volume. It

should provide the visibility on

how traffic flows over a specific

network link or to servers or

applications.

19


perform multiple concurrent

captures of jobs without

impacting the performance.

20

Network analyser Solution

should be capable of performing

Real-time packet capture, 24x7

network monitoring, advanced

protocol analysis, in-depth packet

decoding, and automatic expert

diagnosis. The Solution must

provide comprehensive high-

level view of entire network,

thereby giving quick insight to

resolve problems.


&



21

The Solution should must provide

flow and packet analysis of both

real-time and historic playback

data. It should be capable of

monitoring all conversations and

able to reconstruct packet stream.

22


capturing the performance

metrics such as, but not limited to:

A Packet loss, Retransmission rate,

Retransmission delay

B Round trip Timer

C Throughput, traffic volume

D Number of connections

E Data transfer time, server

response time

F Timeouts

G One way delay, jitter

H Loss bursts, reorder packet

I Packet delay variance

23


provide complete visibility of

network activities, end user

experience, device status,

application and network

performance. It must also

provide summarized analysis,

breaking down application

response time into at least the

following components:

A Client and Server response

B Network bandwidth

C Network latency

D Network congestion

E Network protocol (e g TCP)

24

It should be able to provide

insight into network bandwidth

usage and traffic patterns with

real-time visibility about those

which are consuming network

bandwidth. It should be further

able to provide bandwidth use

usage by application/URL, details

https://www.solarwinds.com/netflow-traffic-analyzer/use-cases/network-bandwidth-monitoring


&



of protocols, IP addresses and

users

25


analytics to identify and narrow

down on issues to determine

whether end-user experience of

slowness in accessing of the

information is on account of

Network issue or end-user

machine issue or an Application

issue. It should be able to

calculate response times for all

relevant applications and

determine the impact on user

experience. The analytics should

reveal information to

troubleshoot slow network,

prolonged website response,

computational response of

ERP/CRM transactions and file

downloading, patch management

instances etc.

26


detect and alert on network

congestion incidents with drill

down of it up to client, server,

application or user level to

identify the root cause of the

problem. It should be further able

to measure traffic by user or

application, identify bandwidth

hogs and provide information

about sites/URLs which are

consuming bandwidth. The

Solution must be able to identify

the root cause of the problem by

pinpointing on the entity.

27

The Solution should alert on the

abnormal behaviour like, whether

application traffic suddenly

increases, decreases, drops in

response time or disappears

completely etc.



&



28

It should provide analysis of

network traffic patterns over

months, days, or minutes by

drilling down

29

Suspicious hosts should be

identified and diagnosed enabling

user to pinpoint network

problems in seconds

30

Solution should be able to map

the traffic, IP address, and MAC

of each host on the network,

allowing for easy identification of

each host and the traffic in the

network. The Solution should

further be able to provide network

packet flow diagram to illustrate

network communication between

multiple application tiers

31

Should be able monitor QoS

performance on a per-class basis

and set up alerts based on severity

level for proactive notifications of

application issue

32

Should be able to capture, and

analyze VoIP and video calls.

33

The network visualization and

analytics should be able to

identify network optimization

issues and improve application

performance of voice, video, etc.

34

It should integrate with Active

Directory to enable reporting and

troubleshooting by user name

35 It must support both IPv4 and

IPv6 Protocols

36

The Solution must be able to cater

on Network Traffic Monitoring

and Forensics. It should be able

to furnish summarized Executive

Dashboard & detail Traffic

Analysis Dashboard which gives

comprehensive & customizable

view of network traffic on a

single pane, allowing us to spot

potential problems quickly with

top views of network traffic data.







&



It should give the root cause of

bandwidth issues with an intuitive

point-and-click interface. The

Solution should enable us to drill

down into any element’s traffic

using multiple views to get the

right perspective that will help to

investigate and isolate excessive

network bandwidth utilization

and unexpected application

traffic

37

The Solution must contain

reporting tool or feature thereby

providing both standard &

customizable reports for Network

Operations team, Executives, and

towards Capacity Planning. The

Solution must enable us to create

in-depth network traffic reports

with a few clicks, or schedule

automatic delivery on given

periodicity

(Weekly/Monthly/Yearly)

38

The visual analytics and reporting

should provide network traffic

and bandwidth usage by the

applications and users to identify

trouble areas and thereby improve

network performance

39

The Solution should provide AI

and ML capabilities to help in

preventing of Network problems

before they occur The Solution

should include unsupervised

learning module to gather real-

time network data and which

learns the behavior of devices,

applications, and users on the

network It should be capable to

bring together and correlate

network and application data to

predict anomaly and performance

issues

40

The vendor should build

minimum three use cases for

predictive analytics and machine

learning to:




&



A Predict Application bandwidth

usage

B Predict network and application

failure/performance issues

C Detect network anomalies like

unusual network access

41

The Solution should offer an

integrated alert viewer to look at

alerts generated based on real

time monitoring where thresholds

are exceeded for service

parameters.

42

Solution should offer ability to

filter alerts by baseline,

availability, threshold etc. and

support grouping by alert

type/device

43

Solution should support visibility

into east-west traffic in VMware

NSX environments for

application and user experience

service assurance

44


analyzing protocol-specific

details for DNS, LDAP, DHCP,

and RADIUS

45

Also Solution should allow to

create/define custom application

based on various parameter

including but not limited to IP

Address, Port Number etc.

46

Solution should support inbuilt

decryption of SSL/TLS traffic if

decryption keys are available

47

Solution should support multi-

segment analysis to troubleshoot

issues by capturing similar traffic

before and after each capture

points (firewall/load balancers

etc.) to understand packet loss or

latency

48

Solution shall display the status of

all SSL certificates being used

across the monitored network


&



49

Solution should provide session

views of SSL/TLS certificates

approaching expiration dates, the

issuer of the certificate, the

hostnames of the servers to which

certificates were issued, and

whether the certificates are self-

signed

End-user monitoring using NPMD

50

Solution should monitor all the

business-critical applications

including standard and custom

applications and provide real-

time transaction level monitoring

51

Performance monitoring of all

application operations (web,

database, file sharing etc.)

52

All application errors are traced

and categorized based on their

origin and severity

53

Identify slowdowns, pinpoint

their origin and instantly

understand their scope (which

users for which transactions)

54

Solution should be able to sort

data by multiple criteria: number

of queries, individual response

codes, error statuses, processing

times, network data, transfer

times, etc.

55

Evaluate the impact of

deployments and migrations on

network resources and end-user

experience

56

Solution should be able to

monitor the application

transactions decoded in real time

57

Web applications

(HTTP/HTTPS), SQL databases

transactions (MS-SQL, Oracle,

MySQL, PostgreSQL), Name

resolution and other common

network services, Storage and file

transfer (CIFS, SMB v1, v2, v3)

and VoIP calls (RTP, SIP)


&



58

Solution should provide Web

transactions metrics like page Hit

response time, Page load time,

error counts, page count

59

Solution should provide search

function that allows users to

search for IP addresses, server

names, server aliases,

applications etc.

60

Solution should measure end-user

experience against Service Level

Agreements

61

Solution should offer a host

analysis to view performance for

a specific user.

62

Solution should be able to provide

full visibility into all the activities

from End Point to the Data center,

(To analyse user data in real-time

to identify and classify End-User

Network issues , detect struggles

and proactively predict and

influence next steps in their

digital journey).

63


give full visibility of customer

experience across the digital

transactions from the frontend to

the backend including various

interfaces for the transactions.

64

The proposed Solution should be

able to monitor user journey

within a visit/session and tracing

it back to backend systems.

65


monitor End-User device traffic

usage as well as network

performance.

66


automatically discover and

monitor various Network Traffic

(like Web, Mail, client server,

remote access terminal services,

fileserver, Voice, Video,

collaboration, database, etc.)


&



67


performing prediction- based

anomaly detection to identify

unusual or unexpected events and

measurements within the

monitored environment.

68


automatically baseline

metrics/KPIs in the monitored

environment. Any deviations to

this baseline should be

automatically alert can be raised

to the respective team.

69


able to integrate with ITSM tools

like BMC Remedy, Service Now,

etc.

70


able to provide online auto

analysis to identify which

component or tier is contributing

to slowness of the monitored

transaction.

71

It should have capability to

monitor network interfaces, like

N/W bandwidth, etc.

72

It should support traffic analysis

all major Network Protocol like

http, https, NTP,

AD/LDAP,SecurePOP3, Secure

SMTP, DNS, DHCP, FTP,

SFTP,SMB v1,v2,

SNMPv1,v2,v3 Voice SIP,H232,

RTSP, ICMP, Remote Desktop:

Microsoft Remote Desktop,

Citrix ICA, Middle ware &

Database: MQ(Message Queue),

Oracle Db, MS SQL, Syslog,

SNMP, OSPF, BGP

73

Provide Dependency topology in

the data center for critical

Network & Application tire.

74

Solution should have capability to

monitor Network Traffic within

the Virtual Infrastructure or at OS

level


&



75

Solution should be capable of

decrypting SSL& TLS traffic

with provided Certificates &

Private Keys

76

The Solution should consider

relevant log messages that are

associated with problems for

root-cause analysis

77


advanced analytics capability to

ensure predictability

78

The authentication process

should support Active Directory

and LDAP

79

The proposed Solution must be

able to integrate with the various

tools of the Bank, including

ITSM.

80


monitor 24X7 transactions right

from web server to back end

systems without causing

application performance

overhead (Max. resource

utilization should not exceed 5%)

and without missing out

transactions which breach

normalcy

81

The Solution must have an early

warning system mechanism.

During peak hours or month ends

or while running campaigns, the

Solution should auto-detect

problems before they can impact

the customers. The Solution must

be capable of identifying

performance issues and prioritize

it, to indicate the severity of the

problem (business impact of the

problem) and its impact on the

user experience

82


have an Analytical capability for

assisting in identifying the root

cause through multitude of

dashboards and reports. (The


&



proposed Solution should

simplify the operations

monitoring process significantly

by narrowing down to the correct

team to address the problem. e.g.

network, application, server,

middleware or database teams.

The objective is to reduce Mean

Time to Identify (MTTI) and

Mean Time to Resolve (MTTR)

83 The Solution should be able to

monitor itself

84

Proposed Solution should be able

to measure count and response

time for every network

transaction captured in the data

center.

85


automatically detect and alert on

unexpected low or high traffic

problem

86


support integration Bank's Email,

Bank's SMS Gateway

87

The Solution should allow to test

new features by running periodic

synthetic transactions on the

target within the Bank intranet

(i.e. branch locations to data

center & private cloud

environment)

88


capability to store at least 12

months data of performance data,

issues & events

89

The Solution must integrate with

various systems / applications in

the Bank including but not limited

to SOC, PIMS, NOC, Command

Centre, ITAM, Service Desk,

ADS, SSO, ITSM, CRM,

Complaint management, etc.

90

The Solution should able to

capture log using syslog from

across multiple hosts


&



91 Solution should support SNMP

based monitoring

92

The Solution must have Synthetic

Monitoring Capabilities with

reports and Dashboards for

analysis

93


to monitor traffic before & after

Load-balancers and WAF to

provide pre & post analytics.

94

Solution should provide

connectivity Percentage of

properly established TCP

connections compared to TCP

connection that were refused or

timed-out

95


to provide easy to use interface to

chart the usage on multiple

dimensions such as Network,

Application, Voice &Video

96


allow measuring of customer

adoption of the services or

campaigns e.g. number of

session, from location, total

traffic, network & application

errors and network & application

response times to create

baselines.

97

The Solution must monitor, in

real-time, everything coming to

and from the data center. In

addition to uptime and the

Solution must use response times,

usage patterns, and failed

transactions as key metrics. These

will help to identify

communication issues between

modern applications and core

banking systems and isolate the

source of any transaction

slowdowns or failed consumer

interactions

98 Proposed Solution should

highlight


&



Network/application/underlying

virtual infrastructure as part of

incident management and RCA

Reporting and Dashboard

99

Solution should be able to create

reports of application, service and

network conditions that can be

shared.

100

Solution should offer Daily /

Weekly / Monthly trend-based

reporting. The reports should be

customized as per the

requirements of the Bank from

time-to-time during the entire

contract period.

101

Solution should offer role based

access for report which include

create, schedule, and view reports

102

Solution should offer integrated

application and network

performance dashboard views.

These should be customizable

based on applications and

network elements/subnet being

monitored and the metrics of

interest.

103

Drill-down from the performance

dashboard view should be

available to jump into detailed

performance for the specific

application/network metrics

104

Dashboards should be single view

which should be completely

configurable and must provide

dynamic view in order to

radically improve early

diagnostics and impact analysis.

105


dashboard which should provide

drill down option from the

general view to detailed analysis

and problem resolution views.

106

The dashboard should provide

status of alerts based on per

application/per location.


&



107

Solution should offer an

integrated reporting module to

generate reports in multiple

formats as per the requirements of

the Bank in multiple formats (pdf,

csv, rtf etc.) for performance of

application, network, and

voice/video applications.

108


customized scheduling of reports.

Solution should have scheduled

report be sent in an email as a

PDF, RTF, or CSV file

attachment

Sizing Details

109

The NI must offer a scalable

monitoring Solution that could

handle current demands, while

providing seamless

expansion/instrumentation.

110

Solution should have sufficient

storage and should support

optimization on data storage

which can help improve storage

for key KPI based metrics

111

The Synthetic transaction and

business transaction testing

required for 100

branches/locations and shall be

scalable to all branches/locations.

The selected NI should be able to

use these licenses for synthetic

testing for any branch based on

the requirement. The license

should not be tied to any

particular system or location and

should be used in a rotational way

as and when any issue is observed

by any user of any branch / office.

112 The packet capture Solution

should be deployed at all DCs

113


monitoring of at least 1L

network devices


&



114

The Solution should measure and

store Network bursts up to 1-

second peaks, the highest 1-

second value seen for each of

three metrics for each 15-minute

time period. The time at which the

1-second peak occurred is also

stored. The user can view the 1-

second peak values in Burst

views. For each peak, the three

available metrics that can be

displayed in these Burst views are

utilization, byte rate, and bit rate.

Detailed historical data of a week.

115


Traffic capture on Microsoft

Hyper-V, Vmware ESX, NSX-V

& NSX-T, and Open Stack

Platforms.

116

SNMP and flow capture will be

required from around 24000

branches/offices for capturing

link and device health details in

addition to transaction

monitoring details for network

devices at branches

Miscellaneous Requirements

117


capability to filter undesired, non-

security logs at collection,

processing and visualisation

layer.

118


capability to filter blacklist,

whitelist single or group of IP,

User, URL, etc. in rules reports

dashboard.

119 Have capability to selectively

filter PII, SPDI information and

Bank’s classified information.

120

Provide complete control over

traffic capture filters providing

the ability to filter network traffic

either during capture or when

replaying capture traffic later,

inclusively or exclusively.


&



Sizing Requirements for identifying number of capture points and throughput

requirements for NPMD Solution:

Throughput Requirement

Data Center

Internet

(Capture

Points)

MPLS

(Capture

Points)

TPC

(Capture

Points)

Replication

(Capture

Points)

Core

(Capture

Points)

Total

Capture

Point

Data Centre 1 1Gbps

(4)

5Gbps

(2)

4 Gbps

(6)

7 Gbps

(2)

20 Gbps

(2) 16

Data Centre 2 10Gbps

(16)

10Gbps

(2)

2 Gbps

(6)

20 Gbps

(2)

60 Gbps

(10) 36


(12)

10Gbps

(2)

2 Gbps

(6)

20 Gbps

(2)

40 Gbps

(8) 30


(16)

10Gbps

(2)

4 Gbps

(6)

20 Gbps

(2)

60 Gbps

(10) 36

Note: Details regarding sources of capture points have been specified in the clause labelled

“Data Sources” under Scope of Work of NPMD in Appendix-E. Packet capture in raw

format to be stored for 7 days.

NOC TOOLS:

S.

No. Functional Details

Feasible

(Y/N)

Complia

nce

(Y/N) &

Supporti

ng Docs

Availa

ble as

part of

Solutio

n

(Y/N)

Marks

in

score

chart:

3

marks

Provide

d as

3rd

Party

Sol*

(Y/N)

Marks

in score

chart:

2 mark

Cust.

Required

* (Y/N)

Marks in

score

chart: 1

mark

Service desk

1

Service desk support to be

established at NOC-1 and

NOC-2 and the calls have to be

distributed between the 2

NOCs.

2 Omnichannel/Integrate social

media, chat bots, email, along

with voice & SMS.


&



3

Inbound Communication/Auto

call distribution and intelligent

routing support for

communications.

4 Interactive voice response

5 Ticket Management/Auto

ticketing.

6 Manual ticketing.

7 Ticket escalation

8 Warm Call transfer/Facility to

transfer calls after talking to

forwarding agent.

9 Call scripting/To aid agents to

provide consistent and uniform

response to callers.

10

Digital Agents/Chat

Bots/Machine learning to

handle more routine or simpler

customer requests

11

AI assistance/To provide

predictive suggestions for live

agents based on customer

history and real-time

interaction.

12

Out bound

communication/Automated

dialers, voice broadcast & IVR

Surveys for outbound calling

13 Click to call/One-click calling

for agents

14 Voice over IP/For internal

communications.

15 Soft phone/For internal voice

communications.

16

ITSM Integration/Provide 360°

view of client context. Eg. On

screen display of the

customer/existing ticket

information.

17

Mobile app/User

interaction/push

notification/self-help through

mobile apps. -Android

18 Mobile app/User

interaction/push


&



notification/self-help through

mobile apps. -iOS

19 Agent dashboard/Visibility of

call queue, call abonnement.

20 Quality monitoring/Monitoring

conversation content

21

Analytics/KPIs such as average

time in the queue, average call

abandonment rate, and average

handle time.

22 Integrated customer analytics

for multichannel interactions.

23 Reporting/Historic reporting

24 Real-time reporting

25 Administration/Customised

SMS & Email templates, IVR

Studio, define service levels.

26 On-premises platform Should

be installed in SBI environment

27 Operating system./OS used.

28 Database used.

29 IP phone/soft phone systems.

30 Licensing./Enterprise Grade.

FCAPS Tools

31

SNMP V3 protocol-based

polling and receiving SNMP

traps.

32

Capability to configure

different polling speeds for

different devices.

33

Ability to check availability of

a remote connectivity resource

– infra devices or URLs

through heartbeat.

34

Ability to monitor Branches

LAN/ WAN link and enrich

with geo-location, branch id,

business hours to Service

Provider (SP) link types

35

Auto ticketing for incidents

from network or Event

Management systems.

36

Auto ticketing for non-

reachability, drops in the

network and high latency.


&



37

Event correlation engine which

can correlate the events on the

basis of event pairing, event

sequencing etc.

38

Capability to ‘filter-out’

symptom alarms and deduce

the root cause of failure in the

infrastructure automatically.

39

Capability to consolidate

alarms from non-IT systems

such as sensor/SNMP enabled

UPS, DG sets etc. to provide a

view of the operations

environment that supports the

branch level IT assets

40

Out of the box storyboards for

Isolated Links, Links on

Primary, Secondary etc.

41 Integration with service desk

for ticket management.

Alarm Reduction

42 Parent and Child Incident

Mapping.

43

Ability to suppress/aggregate

the alerts based on the CI

relationships maintained in

CMDB.

44

Rule based

updation/suppression of

subsequent events of an

incident.

45

Auto resolution of child

incident upon resolution of

Parent incident.

46

Auto assigning of incident

tickets to support agents for

actions.

47 Support manual ticket creation

and service desk integration.

48 Severity based categorisation

and prioritisation of the tickets.

49 Client-based monitoring

console.

50 GUI-based monitoring console.

51 Service desk integration for

incident management.


&



52 API integration to Telecom

Service providers.

Incident Notification

53 Sending incident triggered auto

emails to stakeholders.

54

Automated SMS notification of

major incidents to stake holders

based on escalation matrix.

55 Automated SMS notification of

critical link incidents to TSPs

56

Capability to integrate with

Banks SMS gateway and email

system for sending

notifications.

57

Performance of automated first

level trouble shooting and

providing quick notes to the

agent before assigning tickets.

Incident troubleshooting

58

Mobility device interface to

field agents to attend to and

update on the tickets assigned

to them.

59 Ability to store attachments

(e.g. Screenshots).

60 Auto escalation of incidents.

61

Auto escalation of link

incidents/ link down cases to

service providers based on the

escalation matrix after

predefined trigger points.

62

Restriction to change the

incident ticket status to

"resolved" with out clearance

of the incident in the network or

resolution updated by Network

Management System.

63 Auto generation of daily

incident report.

64

Auto generation of Incident

reports:

i) Hourly

ii) Daily

iii) Weekly

iv) Monthly

v) Custom period


&



65 Auto generation of monthly

incident analytical report.

Problem Management

66

Support Problem Tickets

lifecycle steps – New, Assess,

Root Cause Analysis, Fix In-

Progress, Resolved and Closed.

67

Auto creation of problem

management tickets based on

business rules for consecutive

incidents.

68

Creation of Problem

Management ticket for repeated

incident tickets within a pre-

defined period.

69 Manual ticket creation for

Problem Management.

70

Review and approval process

for Problem Ticket corrective

action.

71

Options to accept risks for

specific Problem Management

tickets.

Root Cause Analysis (RCA)

72

Capability to capture detailed

RCA with corrective actions in

the incident management

system.

73

Out of the box root cause

analysis with multiple root

cause algorithms inbuilt for

root cause analysis.

74

Use advanced root-cause

analysis techniques and policy-

based condition correlation

technology for comprehensive

analysis of infrastructure faults.

Performance Management

75 Monitor network / link latency

on real-time.

76

Monitor and display response

time, availability, and

performance of network

devices.


&



77

Network health monitoring,

Capability to check various

parameters on router like CPU

Utilization, Memory

Utilization, Errors and

Discards, Voltage,

Temperature, CRC error,

Collisions, Buffer statistics

(Hits, misses and failures) etc.

78

Network traffic analysis, which

show how exactly the

bandwidth is being utilized

through interface-specific

reports on which user, source

and destination IP address,

conversation, type of traffic

(HTTP / HTTPS / SFTP /

TCP/IP , UDP, application

specific etc.) and other

parameters / overheads etc. is

occupying bandwidth etc.

79

Capability to auto escalate

breach of bandwidth utilization

beyond predefined cut-off point

within 30 minutes.

80

Provide reports on utilization

trends of elements like

memory, CPU etc. for all

devices.

81

Provide reports on downtimes,

uptimes, packet loss, latency,

jitter etc. for all links.

82

Provide near-real time network

monitoring and measurement

of network performance &

availability.

83 Network performance trends

and predictive analysis

84 Predictive analysis report to

identify potential problems.

85 Monthly bandwidth

optimization report.


&



86

Provide out-of-the-box

performance reports on:

→ Executive Summary report

that gives an overall view of a

group of elements, showing

volume and other important

metrics.

→ Capacity Planning report

which provides a view of under

and over-utilized elements.

→ Service Level report

detailing elements that breach

availability/response time

SLAs.

87

Capability to provide

performance data & threshold-

based alerts for real time

performance monitoring,

reporting and historical

trending.

88

Ability to provide Service

provider wise link performance

reports with details of circuit

ID, bandwidth, down time, up

since etc.

89

Provide Service provider

performance rank report using

statistical data model.

90 Support SNMP V3, Syslog,

NetFlow, API integration.

91

Support Command line-based

response analysis as data

sources.

92

Support custom scripts for

monitoring and alerting upon

crossing set thresholds.

93

Ability to create correlation

between sudden increase in

network traffic and Slashdot

effect, with users, systems and

applications usage to create

correlated compound alert.

94

Capability to integrate with

other systems and overlay and

predict business volume vs

network usage.


&



95

Provide user experience alerts

regarding issues affecting

customer’s experience using

the anomalies discovered based

on Machine Learned data

model from user experience

golden signals.

96

Capability to use automated

data slicing, Natural Language

Generation (NLG) and user

feedback based fine tuning of

insights control to create

automated insights.

97

Dynamic auto base lining of

alerts for utilization, bandwidth

usage, packet errors, latencies

etc.

98

Support Anomalies related to

rare events, sudden spikes in

usage and abnormal variations

in patterns.

99

Perform Operational

performance index (OPI) for

better prediction of incidents

across each touch point and

across business flows.

100

Provide SP indexing with

following functionalities:  

→ Indicate robustness of

current operations and SLA via

measuring customer experience

index.

→ Performance Scoring.

→ Should use Monte Carlo

probabilistic methods.

→ Uses proxy signals like

Branch peak hours, ISP link

outages and other data

enrichments to make the index

dynamics and more specific.

→ Capacity planning and

assess trade off choices in

choosing the best ISP across

geo locations.

101 out-of-the-box, customizable

dashboards, alerts, and reports


&



102

Capability to ingest logs,

metrics, flows, and events into

efficient key-value databases

where they are stored to later be

accessed and analysed.

103

The Asset management system

with configuration

management database [CMDB]

of all assets with details of all

configuration Items (CI) as per

ITIL definition.

Configuration Management

104 Maintenance of complete

lifecycle of all assets.

105 Customisable asset database.

106

Capability to capture details

like Sites/branches, physical

and logical assets like Licenses,

IP Subnets, Link details, AMC

contracts etc.

107

Auto discovery of manageable

elements connected to the

infrastructure:

i) Seed router-based discovery

– Using route tables and SNMP

MIBs

ii) IP discovery

iii) Import data - from pre-

formatted files (IPs, ranges,

strings or ports)

iv) Trap-Based Discovery –

whenever new devices are

added with capability to

exclude specific devices based

on IP addresses / IP Address

range.

108

Discovery & inventory of

heterogeneous physical

network devices with providing

information of make, models

and their category.

109 Auto mapping of connectivity

between managed elements.


&



110

Mapping capability grouped

by:

i) Network topology.

ii) Geographic locations of the

equipment.

iii) User group/departments.

iv) Manual selection of fields to

view customized topology and

devices groups.

111

Asset management system shall

have the capability to discover

assets, track changes of

attributes and maintain the

history within its database.

112 Provide location wise details of

spare devices.

113

Maintain relationship details of

all CIs of a particular asset in

the CMDB to facilitate

suppression/aggregation of

alerts, to identification of

affected entities etc.

114

Auto discover IOS Software

against an application's

knowledgebase.

115

Mechanism for adding

proprietary and legacy of

network products.

116 Provide details of

decommissioned assets.

117

Detect in real time the

configuration and asset

information changes made

across a multi-vendor device

network.

118

Detect and track any

configuration changes and

generate real-time alerts.

119

Detect, compare & alert on

changes based on which

decision could be made for

rollback or implementation of

changes.

120

Support configuration

deployment/rollback using

policies, configuration


&



templates and ad-hoc

commands.

121

Provide options to take

incremental, scheduled and full

configuration backup.

122

Capability to perform

Configuration backups

/Policies/OS images/rollback to

multiple devices at a time.

123

Task Scheduling for specific

date, weekly, monthly,

quarterly etc.

124

Capability to automate all

repetitive & time-consuming

tasks related to network device

configuration & change

processes.

125

Deploy and monitor IOS

operating system images,

network security patches from

a centralized network

management system.

126

Push standard templates for

existing network devices and

new deployments.

127

Support multi-protocol device

communications (Telnet, SSH,

TFTP, FTP etc.).

128

Capability to integrating other

management systems and

ITSM tools through Rest API’s

for change management and

custom workflows.

129

Support standard, emergency,

and normal service changes as

per ITIL framework.

130

Support various roles for

requester, approver,

reviewer/CAB etc.

131 Support post-facto approvals.

132

Support risk assessment of the

change, scheduling of change,

record impacted assets and

associated CIs.


&



133

Ability to detect change

conflicts, integrate with

Incident and problem

management processes to drive

an Integrated Change.

134 Provide Change management

reports and analytics.

135

Manage network compliance

by comparing devices to

Custom defined, best-practice

standards, Gold Standard, etc.

136

Capability of automated

remediation to bring devices

back to policy compliance or to

a default configuration status.

137 Records of device usage and

frequency of usage.

138 Automatically discovers and

maps network devices

139 Automatic deployment of

devices within 1 hr.

140

Provide GUI based reports &

topological maps of network

devices by location and

impact.

141

Provide a single dashboard to

track the infrastructure devices

of Data Centres with drill down

facility.

142

Capability to forecast the

capacity requirements on the

Network devices based on the

utilization analysis using

Machine Learned Data Model.

143

Univariate forecasting of

bandwidth usage and capacity,

enabling better planning of

bandwidth and ISP SLA terms.

144


able to provide bandwidth

consumption information for IP

to IP communication or IP to

Geo location communication or

IP to IPs communications.


&



145

Automated SLA compliance

calculation and SLA breach

warning alerts.

146

Automated web-based SLA

report generation and

distribution

147 SLA compliance historical

reporting with trend analysis

148 Provide report generation

utilities.

149 OEM wise asset report

detailing ports and interfaces.

150

Provide browser based

customizable Executive

dashboards widget/page

showing Device Statistics &

their Compliance.

151

Generate scheduled custom

report on all aspects of network

device statistics and their

compliance.

152

Operational Level Agreement

(OLA) compliance monitoring

with service desk integrations

153

Capability to identify

vulnerabilities based on

security advisories and take

necessary corrective actions.

154 Capability to Integration with

Banks AAA system.

155 Capability to integrate with

Banks security solutions

156 Enterprise Grade License.

157 On premises deployment.

158 Support for multi-locational

deployment.

Robotic Process Automation (RPA)

159 Graphical User Interface

160 Intelligent process automation

using AI

161 Multi-environment support.

162 NLP (Natural Language

Processing) based chatbots

163 ML based Task Bots

164 Automate tasks in real-time


&



165 Drag and drop interface.

166 Recording Macros.

167 Self-learning Bots

168 Feature rich analytics suite.

169 Real-time reports and analytics

170 Auto-login features to run the

bots

171 Capture desktop insights

172 Provide a contextual assistance

173 Deploy, maintain and execute

bots from a centralized server

174 OCR support

175

Ability to automate the

operational activities which are

carried out on a day to day

basis.

176

Capability for automating, but

not limited to, the following

NOC activities:

Reports.

→ SLA Compliance.

→ Events Detection and

Monitoring including Network

Performance issues.

→ Incidents Recording and

Monitoring.

→ Service requests.

→ Change Management

requests.

→ Moving Average

Convergence Divergence

(MACD) Histogram.

→ Approval process.

→ Assets’ Profiling.

→ Configuration

Changes/Upgrades,

verification of configuration

parameters.

→ Penalty Calculations.

177 Support on premises,

multilocational deployment.


Banks security solutions

Mobile Apps


&



Mobile App for field agents to

receive and update tickets

assigned to them.

Mobile App for branch users

to view health status of their

links, to perform branch link

helth test and register

complaint, view complaint

status etc.

Enterprise Data backup solution

179 Backup and Recovery

180 Real Time Synchronization.

181 Automated replication in two

or more locations.

182 On premises deployment.

183 Backup Scheduling.

184 Incremental Backup.

185 Secure Data Storage.

186 Multiple System/Platform

Support.

187 Audit Trail.

188

100 TB Data Storage

infrastructure to retain NOC

operation data for a minimum

of 5 years.

189 Support on premises,

multilocational deployment.


Banks security solutions.

Access Control and Attendance System

191 Face recognition, contactless

(4 units)

192 Two-factor authentication.

193

Capability to create access

groups to access restricted

areas.

194 Capacity to handle minimum

of 500 people.

195 Push to exit buttons (2 units)

196 Multi locational attendance

software.

197

Capability to generate

Daily/monthly attendance

reports containing Name,

Time in, Time out, Number of

hours inside the premises in a


&



24X7 operation environment

with multiple shifts

198 Data storage capacity for 5

years.

199 Access Cards for secondary

authentication (200 units)

Video Surveillance System (Only for NOC-2)

200

32 channel NVR supporting 8

miga pixel resolution and 30

frams per second with

relevent software.

201 4 mega pixel IP Dom cameras

(Day&Night). (25 units)

202 PoE

203

4 mega pixel IP Bullet

cameras (Day&Night). (2

Units)

204 4X4 TB storage with relevent

software.

Video Wall Display

205

Commercial grade, narrow

bezel video wall display

units. (6 numbers)

206 Minimum 3840x2160

resolution.

207 Minimum 55” size.

208 Swivel wall mounts (6 units)

209 HDMI cables. (6 numbers)

210 Video wall content distributer

Software license (10 users)

VoIP phone

211 IP phones (180 units)

212 LCD display

213 Dial pad

214 PoE

215 Speaker phone.

216 Call conferencing.

217 Base stand

218 Headsets with mic.

219 Necessary license

220 Soft phone License (180

users)

NOTE:

A. The services being provided under NOC should be automated as under:


&



B. 10% of the services to be automated by end of First year

C. 30% of the services to be automated by end of Second year

D. 50% of the services to be automated by end of Third year


&



TECHNICAL EVALUATION PROCESS & SCORE CHART

1. The objective of technical evaluation and shortlisting of the bidders is to facilitate the selection

of the most optimal Solution(s) that appropriately meet the requirements of the Bank. All bids

shall be evaluated by an evaluation committee set up for this purpose by the Bank. The Bank

will evaluate the technical offers of the bidders complying with Eligibility Criteria mentioned

in the Appendix-B and the proposals meeting the said criteria will only be taken up for further

technical evaluation.

2. As part of the technical bid, the bidder shall have to submit all the specified

documents/information covering all the clauses specified in the RFP. The Bidders shall be

required to deliver an exclusive presentation (full day) detailing the proposed architecture for

NOC and various applications/Solutions (to be implemented by the selected NI),

implementation approach, rollout strategy, etc.

Note: Under the COVID-19 crisis, the bidder may be requested to present their proposal

through the Video Conferencing platform. The details of the VC shall be shared with the

bidders at an appropriate time.

3. The bidders are expected to submit the soft copy of the presentation to the Bank along

with their technical and commercial bids.

4. A bidder shall qualify the technical evaluation stage by scoring a minimum of 75% of total

marks. Based on the scores, qualified bidders shall be shortlisted for further participation in

the RFP process. The decision of the Bank in regard to evaluation would be final and binding

on all the Bidders to this document.

5. The technical offer submitted by the Bidders shall be evaluated as per the various components

mentioned below:

a) Technical requirements of Solution

b) Past experience/Implementation Experience

c) Site Visit to the Bidder’s Network Operation Center (NOC)

d) Client (referenced) site visit

e) Bidder Presentation – Approach Methodology, Proposed Team for

Implementation

Note: NOC visit or visiting the offices of the referenced organization’s office shall be decided

by the Bank during the evaluation process. The Bank may or may not visit the sites for one or

more bidders depending on the various factors, including Covid situation.


&



6. The presentations would be delivered to a competent panel chosen appropriately by the Bank

for the purpose of technical evaluation. The evaluation process for shortlisting of the bidder

will be based on the evaluation matrix given below:

SCORE CHART

S.

No. Criteria Max Mark Scoring

1

The number of projects executed by the

Bidder in the last 5 years in Implementing

Network Operations Center (NOC) for

their clients capable of monitoring &

managing at least 5,000 remote network

devices (such as routers, switches, etc.)

per project.

6

3 or more projects – 6 marks

2 projects – 4 marks

1 project – 2 Marks

2

The number of projects executed by the

Bidder in the last 5 years in Maintaining

Network Operations Center (NOC) for

their clients for managing and monitoring

the network consisting of at least 15,000

remote network devices (such as routers,

switches, etc.) per project. The minimum

maintenance period shall be 6 months.

6

3 or more projects – 6 marks

2 projects – 4 marks

1 project – 2 Marks

3 No. of years of experience of the Bidder in

operating Own/ Captive NOC. 6

Number of years:

Above 10 years: 6

8-10 years: 4

5-8 years: 2

4

The number of L3 resources (as defined in

Appendix-Q) available with Bidder in the

network management domain in India,

excluding the resources involved in

Compliance, Governance, and non-NOC

related domain.

6

Number of L3 Resources (as

per the definition specified in

Appendix-Q of this RFP)

100+: 6 marks

51 – 100 : 4 Marks

Up to 50 : 2 Marks

5

a. The OEM of the NOC tools

(other than NPMD and

LMS) proposed by the

Bidder shall have a

deployment with at least

10,000 networked devices

e. 5

f. 5

j. Implementation

Experience:

➢ Above 30000 network

devices – 5 marks

➢ 20000 to 30000 network

devices – 4 marks


&



in the BFSI (Banking,

Financial Services, and

Insurance) sector in India.

b. The number of clients for

whom the Solution has

been implemented by the

Bidder with at least 10,000

networked devices in the

BFSI sector in India.

c. The OEM of the NOC

tools (other than NPMD

and LMS) proposed by the

Bidder should be managing

devices deployed in at least

2,500 branches/offices in

the BFSI sector in India.

d. The number of clients, with

at least 2500

branches/offices, for whom

the NOC tools have been

implemented by the

Bidder.

e. Compliance to technical and functional

specifications mentioned for NOC tools in

Appendix-C (Table-3)

g. 5

h. 5

i. 50

➢ 10000 to 20000 network

devices – 3 marks

k. References:

➢ 3 or more references – 5

marks

➢ 2 references – 4 marks

➢ 1 reference – 3 marks

l. Implementation

Experience:

➢ Above 7500

branches/offices – 5 marks

➢ 5000 to 7500


➢ 2500 to 5000


m. References:


marks



e. The score derived against

Appendix-C will be normalized

to 50 marks

6

n. The OEM of the NPMD

Solution proposed by the

Bidder should have a client

with at least 3 applications

integrated with the NPMD

Solution. An application

shall be considered if its

application infrastructure

has been deployed in two

different DCs (primary and

secondary). Also, one of

the applications should

have an average TPS of at

least 7000 in an

a. 5

p. 5

c. 20

a. Implementation

experience:

➢ 5 or more Integrated

applications – 5 marks

➢ 4 Integrated applications –

4 marks

➢ 3 Integrated applications –

3 marks

q. References:


marks




&



organization in the BFSI

sector.

o. The number of clients for

whom NPMD Solution has

been implemented by the

Bidder. Only those

references shall be

considered which are

running successfully for

at least 2 years.

c. Compliance to technical and functional

specifications mentioned for NPMD

Solution in Appendix-C

c. The score derived against


to 20 marks

7

r. The OEM of the LMS

proposed by the Bidder

should have a client with at

least 100 network devices

deployed in at least one DC

that should include at least

5 firewalls/IPS in HA for

log collection.

s. The number of clients for

whom LMS has been

implemented by the

Bidder. Only those

references shall be

considered which are

running successfully for

at least 2 years.

c. Compliance to technical and functional

specifications mentioned for LMS in

Appendix-C

a. 5

t. 5

c. 30

a. Implementation

experience:

➢ More than 500 network

devices – 5 marks

➢ 251 – 500 network devices

– 4 marks

➢ 100 – 250 network devices

– 3 marks

u. References:


marks



c. The score derived against


to 30 marks

8

Experience in the management of the

following Solutions (including

provisioning of L3 support) for at least 2

years:

a. Network Access Control (NAC)

b. Network Security Policy

Management (NSPM) –

c. Time Servers (Network Time

Protocol)

6 Evaluation by the Committee


&



d. Centralized Video Conferencing

Solution management

e. VPN Solution for remote access

through the Internet

f. Proxy Solution

9

Presentation:

Detailed explanation on the transition plan

for taking over from the existing NI within

the stipulated time in the RFP (in terms of

management of all DCs, branches/offices,

link management, existing applications,

and provisioning of the dashboard and all

MIS reports as defined in the RFP)

The transition plan for handing over to

another NI while exiting should also be

presented.


10

Presentation:

NOC architecture, NOC infrastructure

(name of OEM of the set of tools,

hardware configuration, licenses, physical

access control, etc.) proposed for

monitoring & management of the Bank’s

network as per the specifications in the

RFP.

Obtention of two certificates, namely ISO

27001:2013, ISO 9001:2015.

Incident management life cycle (from

identification to its closure depending on

the severity of the incident). Data import

from the existing tools. Also, the display

of sample MIS reports.


11

Presentation:

The proposed architecture, Solution

components (make, model, qty. and

Gartner or Forrester reports for the

respective Solution components), their

deployment sites, traffic flow, Active-

Active/Passive mode and functioning of the

Solution (in normal and disaster situations)

for each of the following new Solutions:

a. NPMD

b. LMS

c. NOC Tools



&



Note: The bidder should present 10 top use

cases useful in the Bank for each of the

following:

a) Artificial Intelligence and Machine

Learning

b) Robotic Process Automation

c) Workflow Automation

12

Presentation:

How the Bidder proposes to take over the

management of LAN (in accordance with

the requirements mentioned in the RFP

document) at Branches/Offices, Corporate

Centers and Data Centers including all sites

in the Bank’s foreign offices/Hubs.


13

Presentation:

A three-year plan for providing

professional training, developing the

required expertise and skill set so that the

in-house team could manage the network

independently. Professional training to be

imparted should be specific to the network

& Solutions deployed & configured for the

Bank.


14

Presentation:

SLA compliance including (but not limited

to):

a. Uptime/downtime for links and devices

b. Link reliability and load

c. Response times, depending on the

severity of the issue, etc.


15 Quality of response 7 Evaluation by the Committee

Total 225

Note: Compliance with all the specifications mentioned above must be supported by relevant

and verifiable documents. All such supporting documents must be submitted along with the

technical bid.

Name & Signature of authorized signatory

Seal of Company


&



Appendix-D

Bidder Details

Details of the Bidder

S. No. Particulars Details

1. Name

2. Date of Incorporation and/or commencement

of business

3. Certificate of incorporation

4. Brief description of the Bidder including

details of its main line of business

5. Company website URL

6. Company PAN Number

7. Company GSTIN Number

8. Particulars of the Authorized Signatory of the

Bidder

a) Name

b) Designation

c) Address

d) Phone Number (Landline)

e) Mobile Number

f) Fax Number

g) Email Address

9 Details for EMD Refund (applicable only if

EMD is directly credited in designated

account):-

a) Account No.

b) Name of the account holder

c) Name of Bank

d) IFSC Code

Name & Signature of authorized signatory

Seal of Company


&



Appendix-E

Scope of Work and Payment Schedule

Note: For the purpose of this document, the term “network” would imply the Bank’s network

spread across the globe (i.e. branches and offices in India and abroad) and the term

“management” would imply the five functional areas as defined by ISO, i.e. Fault,

Configuration, Administration, Performance, and Security Management (FCAPS). Any

clarification/ interpretation in any of the clauses will be decided mutually else Bank’s

decision will be final and binding on the selected NI.

1. The selected Network Integrator (NI) shall be responsible for the management of the

Bank’s entire network spanned across the globe. The scope of management shall

include existing and upcoming network devices, communication links, LAN (including

branches and offices of the Bank), WAN, and various Solutions as specified in this RFP

document.

2. It may be noted that the selected NI shall be accountable for the management of the

following three categories of Solutions, namely (a) Existing Solutions as mentioned

under Category 1, (b) network related new Solutions that shall be procured by the Bank

during the NI contract period, other than solutions covered under this RFP, and (c) new

Solutions being procured through this RFP. Thus, the selected NI shall have to provide

services related to network management as well as for coordination with the existing SI’s

for the management of Solutions. The following table summarizes points to be

considered by the selected NI for the management of all the three categories of Solutions

mentioned above:

Category of Solution Broad Role of the selected NI

Category-1: Existing

Solutions under the

purview of NW&C

department

The selected NI shall have to manage the following existing

Solutions as per the Scope and SLA provided under

Appendix-E and J respectively

a) Network Access Control (NAC) by HPE/Aruba

b) Secure Web Gateway (SWG) Solution by Symantec

c) Domain Name System (DNS) by F5

d) Network Security Policy Management (NSPM)

by Algosec

e) Time Servers (Network Time Protocol) by Spectrum

f) VPN Solution by Palo Alto

g) Centralized Video conferencing by Polycom

Note: During the currency of the NI contract, an existing

application with another department may be transferred to the

NW&C department. In such cases, the selected NI will be

required to manage that Solution also, if Banks desires so.


&



The additional resources required would be taken at

discovered rates.

Category-2: New

Solutions that shall be

procured by NW&C

department during the

contract period with

the selected NI

The selected NI shall be responsible for providing

Consultancy for drafting Technical Scope of Work, Technical

and Functional Specifications, Bill of Quantity (BOQ)/Bill

Of Material (BOM) and Service Level Agreement (SLA),

wherever desired by the Bank and will also be responsible for

Management of the Solution. The selected NI will be paid a

consultancy fee and management fee for each such

requirement as detailed in Appendix-F. Requirements for

additional resources, if any, will be mutually discussed and

arrived at. The cost of such additional resources will be paid

as per the rates discovered through this RFP.

Note: The Scope of Work finalized by the selected NI may be

modified by the Bank and the Bank’s decision in this regard

shall be final and binding on the selected NI.

Category-3: New

Solutions being

procured through this

RFP

New Solutions as part of this RFP: Design, supply,

implementation, and management of the below mentioned

Solutions as part of this RFP:

a) Network Management, Monitoring & Operations tools

(hereinafter referred to as “NOC tools”)

b) Log Management Solution (LMS)

c) Network Performance Monitoring & Diagnostics

(NPMD)

Note: The technical and functional specifications of the

above-mentioned solutions have been described in Appendix-

C of this document.

3. It is to be noted that the Bank may issue the PO/LoI for the above-mentioned Solutions

(existing solutions under category-1 and new solutions under category-3), individually,

within the price validity period. The Bank also reserves the right to procure one or more

of the above-mentioned Solutions and as such, the cost discovered for such Solutions, if

not procured, and the associated services (including manpower) shall not be payable by

the Bank to the selected NI. The required Bank Guarantee shall be submitted by the

selected NI as per the individual PO/ LOI.

4. The selected NI shall not be eligible for participation in any of the procurement processes

conducted by the Networking & Communication Department during the entire contract

period. However, this restriction shall not apply for the RFP floated by the Bank for

selection of Network Integrator.

5. The period of contract for availing all the services mentioned above shall be of 5 years

and would be extendable by another 5 years, at the discretion of the Bank.


&



6. The selected NI shall be responsible for providing professional training to the Bank’s

designated in-house team and gradual knowledge transfer, help them develop necessary

skills and expertise for managing the Bank’s network by the completion of the initial

three years. As such several teams shall be formed by the Bank in consultation with

the selected NI such that the members of these teams shall be shadowing the

members of the selected NI’s team members from day one.

7. It may also be noted that after the completion of first 3 years of the contract, the critical

services undertaken by the L2 and L3 resources of the NI may be taken over by the Bank

and the amount corresponding to those services shall not be payable by the Bank

(including the cost of L2/L3 NI resources that shall be engaged for those services).

Taking over the services can be done at any stage of the contract after the initial 3 years.

The services, not taken-over shall have to be performed by the selected NI

uninterruptedly throughout the period of contract. The decision to taking-over of the

services shall be announced by the Bank in not less than 3 months in advance. A written

sign-off shall be provided to the selected NI after the successful hand-over of the

services. However, until the said signoff is provided by the Bank, the selected NI shall

have to continue to provide the services as per the terms of the RFP. It may be noted that

the Bank may decide to hand-over the already taken-over services back to the selected

NI in which case the selected NI shall have to provide the services as usual.

8. The selected NI shall be responsible for the establishment of two Network Operations

Centre (NOC) at Bank’s premises. The entire NOC infrastructure shall be owned by the

Bank and the selected NI shall have to manage the Bank’s network through these NOCs.

9. Any Solution (including category-3) to be provided by the selected NI under this RFP,

the following points must adhere:

a. All solutions and its sub-components should be deployed on the premises of

the Bank.

b. All components of the solutions to be deployed in the Bank’s DCs must have

dual power supplies and rack-mountable (in standard racks). It should come

with a rack mounting kit.

c. Standard racks (19″/42U with perforated front and rear doors) shall also be

provided by the selected NI along with the Power Distribution Units for all

new solutions being procured through this RFP. However, the Bank may

decide to install the Solution components in Bank’s provided racks. In such

cases, the rack cost shall not be payable to the selected NI.


&



d. All components of the solutions must be Ipv6 compatible.

e. UAT setups are to be provided for testing configurational changes,

application of patches, OS & firmware upgrades, etc. before

installing/applying the same on production devices/solutions.

f. There shall be no data loss while performing upgrades or any other

maintenance activities that may require downtime.

g. The Bidder to ensure implementation of all Solutions from Professional

Services of respective OEMs having necessary certifications, adequate

implementation experience and on the payroll of the OEM for designing,

installing, and commissioning of the Solutions onsite. The resource shall be

required to continue for a period of 6 months from the go-live date (i.e. after

the system is brought into production with operational traffic/load meant for

its intended use).

h. All solutions/tools to be procured through this RFP shall be part of NOC

and must be compatible with each other in terms of integration and

interoperability. A unified dashboard shall have to be provided so that a

single URL shall be used for viewing all the desired information generated

by various tools including NOC tools, LMS, NPMD etc.

The following sections shall describe the SoW in detail:


&



Section A: Transition

Subsection A1: Taking-over network operations by Selected NI from its Predecessor

1. It shall be the responsibility of the selected NI to take over the entire network operations

from the current NI within 180 days from the date of issuance of Letter of

Intent (LoI)/Purchase Order (PO). This shall include the takeover of the management of

all branches/offices of the Bank, existing devices and links, all Data Centres and Hub

locations in India & abroad, existing applications, Setting up of two NOC Centres,

procurement of tools and other Solutions for NOCs etc.

2. The selected NI shall provide the exhaustive list of documents and information required

from the current NI within 10 days and draft transition plan within 15 days from the date

of issuance of LoI/PO based on which the selected NI shall plan the transition from the

current NI. However, each prospective bidder shall be required to provide along with

their technical bids, the list of essential documents with a brief description of the contents

of the documents that are typically required for taking over network operations by a new

NI from an existing NI. This shall apply to the existing NI as well.

3. It shall be the responsibility of the selected NI to document, collect, maintain and

update all essential information about the Bank’s global network including IP

Addressing Schema, Data Centre LAN Architecture (including all network segments such

as the Internet, Intranet, Extranet, Replication segments, etc.), overall WAN architecture,

NOC architecture, interconnectivity between the DCs, inventory of all network devices

and their configurations, all communication links, etc. It may be noted that the documents

readily available with the current NI shall be provided by the Bank to the selected NI.

4. The selected NI shall develop a consolidated Standard Operating Procedure (SOP) for day

to day operations for management and monitoring of the Bank’s network. The SOP shall

serve as a step by step illustrative guide with the required screenshot for carrying out any

operations for intended users/administrators of the respective solutions. The initial draft

of all such SOPs shall have to be provided by the selected NI within 3 months from the

date of issuance of PO/LoI. The illustrative list of SOPs is as under:

SNO SOP name SOP description

1 Information Security

Management systems

(ISMS Framework)

The purpose of this document is to provide guidance

for external and internal auditors, Networking and

Communication Department (managers, employees

and vendors) for understanding and implementing

the activities related to Information Security

Management Systems (ISMS). This Framework is

created using accepted structure of the ISO/IEC

27001. The ISMS framework is labelled using the

ISO/IEC 27001:20013 nomenclatures


&



2 ISMS Scope Document State Bank of India is India’s largest Bank with a

network of over 23000+ branches spread across

India. Bank also has presence in 32 countries across

the globe. The Bank offers wide range of products

and services to both Corporate and Retail Customers.

The Bank also has one of the largest networks of

56000+ ATMs spread across geographical locations.

Bank provides services to its customers through

alternate channels such as Internet Banking, Debit

Cards, and Mobile Banking etc.

To expand further reach, Bank is forging ahead with

cutting edge technologies and innovative new

banking models.

3 Statement of

Applicability

This document details the applicability and

justification for all ISO/IEC 27001:2013 controls for

Networking and Communication Department and

operations within the scope as mentioned in ISMS

Scope.

4 IP Allocations IP addresses are used to uniquely identify systems.

This document will provide guideline on IP

allocation process followed by Networking and

Communication Department.

5 TACAS ID Management TACACS is used as an interface to login to all

networking devices. This document will provide

guidelines on user access creation, modification,

deletion process for TACACS, followed by

Networking and Communication Department.

6 Link Procurement,

Decommission/Surrender

The purpose of this document is to provide guidelines

for Link procurement, Decommission/Surrender

process followed by Networking and

Communication Department

7 VPN configuration The objective of this document is to define a common

configuration deployed on SBI branch routers for

encrypting traffic via a VPN (Virtual Private

Network) tunnels using Internet Protocol security

(IPSEC) suite. The termination of the tunnels will be

at the VPN concentrators located at the SBI data

center.

VPN Configuration based on best practices –

(Security for VPNs with IPsec Configuration Guide,

Cisco Release) is used as a reference to aid the

preparation of the document.


&



8 Document Control The Purpose of this document is to provide

guidelines for Networking and Communication

Department on how to create and maintain

documents.

This procedure should be followed by all the

personnel at Networking and Communications

Department as and when they create

documents.Network Integrators / Vendors are

responsible comply with this procedure for their

respective processes

9 Password Management All users should have unique individual user IDs for

logging and accessing all the networking devices,

and tools. Shared IDs may be permitted for specific

business requirements after approval from the DGM

of Networking and Communication Department.

All appropriate IT assets (IT systems and data) that

require authentication using passwords should have

appropriate password controls in place to prevent

unauthorized or illegal access.

Password controls should be automated using system

features and parameters wherever feasible on all IT

assets.

10 Patch Management This document establishes a procedure to identify

and to patch technical vulnerabilities for network

devices managed by Networking & Communication

Department.


&



11 Incident Management The purpose of this document is to illustrate the

processes and activities involved in incident

management process to restore normal operations

following an incident, for Networking and

Communication Department at SBI.

The activities and associated sub activities for

Incident Management defined in this document are:

Incident Detection: Detect/Report Incident, Take

Ownership, Incident Verification, Obtain Incident

Details, Log Incident Details

Incident Classification: Define & Assign Type,

Category and Priority, Provide Initial Support,

Allocate Incident

Investigation and Diagnosis: Take Technical

Ownership, Ensure Correct Assignment, Initial

Client Contact, Match Incident, Investigate Incident

& Diagnose Incident, Update Incident Details,

Functional Escalation

Resolution and Recovery: Implement

solution/workaround, Ensure Recovery, Record

solution

Incident Closure: Confirm Closure, Admin and

Quality, Close Incident

Objective of the incident management

process is to:

i. Establish a structured, formulated process whereby

the incident moves from incident lifecycle stage

within specified time limits to ensure resolution in

accordance with the service level targets.

ii. Record and to establish ownership for each

incident to ensure resolution of the incident within

the specified service level targets.

iii. Maintain relationships with other processes to

ensure that configuration management database,

known error database, are updated.

12 Operational Security

Procedure

This document establishes procedure to ensure

correct and secure operations of Networking and

Communications Department.

This procedure is applicable to Networking and

Communications Department.


&



13 User Access

Management

The purpose of this document is to outline the

procedure in which user access accounts are created,

changed and terminated for Networking and

Communication Department. The goal of access

process is to ensure standardization across all

information technology systems and ensure the

appropriate data owners are contacted, informed and

approve each user access request. All user access

requests must be documented using procedures

outlined in this process. Implementation of this

procedure minimizes unauthorized access to

proprietary information and technology. This

procedure should be followed to request and approve

access to applications, create user accounts including

passwords, and provide ongoing maintenance of user

accounts.

Networking and Communications Department

controls logical access to all network infrastructure

for SBI. The overall goal of logical access is to

enforce and track the level of access to technology

equipment’s, preserving both data integrity and data

confidentially. Several ‘Controls’ for network tools

equipment’s security are essential to achieve this

goal. Logical access controls are protection

mechanisms that limit users' access to information

and restrict their forms of access on the system to

only what is appropriate for them.

14 Backup Management The purpose of this document is to provide a

guideline for adequate backup to be taken ensuring

that data is not lost and can be recovered in the event

of an equipment failure, intentional destruction of

data, or disaster.The purpose of this document is to

provide a guideline for adequate backup to be taken

ensuring that data is not lost and can be recovered in

the event of an equipment failure, intentional

destruction of data, or disaster.

Network Integrator (NI) should be responsible for

periodic backups of all the networking devices,

secure storage of the backups, and device recovery in

cases of failed backup.Networking and

Communication Department should ensure that the

timely backups are taken by the NI. Also, Network

Integrator should conduct restoration drills once in

every year, and report the results to DGM of

Networking and Communication Department, to

ensure that the device backups are operational and


&



functional as per requirement. This activity should

help in restoring the backup in situations if the device

fails.

Networking and Communication Department should

ensure that the timely backups are taken by the NI.

Also, Network Integrator should conduct restoration

drills once in every year, and report the results to

DGM of Networking and Communication

Department, to ensure that the device backups are

operational and functional as per requirement. This

activity should help in restoring the backup in

situations if the device fails.

15 Disposal of Information

and System procedure

The purpose of this document is to define a procedure

for disposing information assets used by Networking

and Communication Department.

16 Risk assessment and

Treatment Procedure

The objective of this document is to provide

procedure and methodology for assessing the risks to

Networking and Communications Department.

The purpose of Risk Assessment and Risk Treatment

Methodology is to quantify numerically the risk

against the identified threats and vulnerabilities for

the identified critical information assets through the

application of existing and additional controls.

Risk Assessment and Risk Treatment Methodology

should enable identification and mitigation of

identified risks affecting the identified Information

assets, Intellectual property, which may result in any

adverse impact on the business operations.

This procedure is applicable to all the information

assets, intellectual property (that should have a

business impact when compromised); comprising of

documents in digital or non-digital format, and or

residing on different storage media, but not restricted

to, such as CDs, DVDs, tapes, hard disks etc. Other

assets including network infrastructure equipment,

software, tools, services and supporting utilities like

electrical supply, UPS systems, air-conditioning and

power substations identified and available in its

premises and those outside its premises with the

external parties of the company. External parties are

those who have signed the third party agreement with

Networking and Communications Department.


&



17 Network Security The purpose of this document is to provide procedure

for development and implementation of network

security procedure for Networking and

Communication Department.

SBI’s network must be used for valid business

purpose only. Networking and Communication

Department is responsible for protecting information

that passes through the network.

Network security resources such as Firewall, IDS,

etc. assist to protect all business data, and application

systems from unauthorized access.

Networking and Communication Department should

ensure security of information in networks and

protection of connected services from unauthorized

access.

18 Asset Management The purpose of this document is to provide a

guideline on appropriate classification, protection of

assets, for Networking & Communication

Department. All information assets should be

classified and protected in accordance with their

criticality and sensitivity.

19 Capacity Management The purpose and objective of this document is to

provide guidance on performing capacity analysis for

network devices.

20 NSPM firewall rule

implementation

The objective of this document is to define guideline

that should be followed by Application Departments,

Dependent Departments, Networking &

Communication Department, Information Security

Department (ISD) and Network Integrator for

firewall rule implementation.

21 Governance Structure

Procedure

The purpose and objective of this document is to

define Networking & Communication Department

Information Security Governance Structure & roles

and responsibilities of respective team.

Benefits of Information security governance

includes, effective management, mitigation of risks

and reduction of potential impacts on information

resources to an acceptable level.

22 Information Security

Awareness and training

procedure

The purpose of the document is to provide guideline

on implementing security control requirement for

Information Security Awareness and Training, as

identified in ISO 27001.


&



5. Above set up of the SOP documents need to be reviewed by the selected NI every quarter

from its approval by the Bank.

6. Based on the information collected by the selected NI, a detailed transition plan shall be

prepared and presented to the Bank (within 30 days from the date of issuance of

LoI/PO) explaining the important milestones with timelines and the sub-activities

involved to achieve each milestone. Any dependency on the current NI should be

highlighted by the selected NI at the initial stage and also during the transition period well

in advance so that the information could be provided by the current NI to the selected NI

and hence avoid delays in the project.

7. The selected NI shall appoint an onsite dedicated team consisting of at least a

professional Project Manager and an adequately sized technical team, having relevant

certifications and experience that shall be responsible for taking care of the entire

transition. It may be noted that the Bank reserves the right to change one or more transition

team members at any stage during the transition in case it is found that the identified team

members are not performing to the satisfaction of the Bank. The Bank also reserves the

right to interview the team members individually and give its decision on the inclusion or

exclusion of the team members. The Bank may also require augmentation of the team if it

is felt by the Bank that the team is not adequately sized. The selected NI shall have to

honour the request of the Bank without seeking additional cost, whatsoever.

8. The selected NI shall have to appoint a Single Point of Contact (SpoC) who shall be

supervising the entire process of transition from the current NI to the selected NI and shall

be stationed at the IT-NW&C department. The SpoC shall be responsible for addressing

the concerns raised by the Bank effectively and efficiently.

9. The selected NI shall have to form teams parallel to the team structure of the current NI

so that the corresponding team may interact with each other and make all efforts to

complete the project as per the approved transition plan.

10. The selected NI shall submit on the first working day of every week the progress

concerning the number and other details of branches/offices of the Bank for which the

management has been taken over by the selected NI. This weekly progress report should

also mention the issues (if any) being faced by the selected NI in carrying out the transition

smoothly. The progress should adhere to the approved transition plan.

11. As and when the transition in the management of a given LHO (including all other

offices/corporate offices and branches located under the geographic area) is completed by

the selected NI, a sign-off shall have to be provided by the respective LHOs. Similarly,


&



transition in the management of the network of a given FO shall be provided by the

respective FO. For remaining locations such as DCs, State Bank Bhavan, GITC and other

corporate establishments located in Mumbai and Navi Mumbai shall be provided by the

IT-Networking & Communication Dept. Once it has been declared by the selected NI that

a branch/office of the Bank has been migrated, from that point onwards it shall become

the responsibility of the NI for the management of that branch/office, i.e. all issues in the

network are to be reported to the selected NI who shall be responsible for the rectification

of the issue as per the SLA defined in this RFP. The format of sign-off shall be finalized

by the Bank in consultation with the selected NI.

12. The selected NI shall have to maintain the database of all the branches such that all

essential details of the branches are stored and updated as and when there is any change.

The essential information that the selected NI shall have to obtain and store includes

branch code, branch name, branch complete postal address with the PIN, IP address

segment(s) assigned, GPS coordinates (latitude & longitude), Network IT assets (live or

spare) with serial number wherever possible, power backup (UPS, generators, etc.),

network links it has along with the associated details like link provider, bandwidth, last-

mile technology, etc. This database may be linked to the Links DB and Devices DB

(explained elsewhere in this RFP).

13. The selected NI shall have to provide the Escalation matrix along with the contact person

name, designation, email-ids, contact numbers, complete postal address (for sending letter

correspondence, if any). As and when there is any change in the Escalation matrix, the

selected NI shall update the same and provide the latest copy to the Bank.

14. The NI should ensure effective and efficient management of the existing network and

application infrastructure including management of existing branches, offices, devices,

links, Data Centres, the existing set of applications, etc.

15. While designing the network, the technical feasibility of using both the links (Primary link

and backup/alternate link) in active-active mode with load balancing as 1st preference,

load-sharing as 2nd preference shall be studied and implemented. The last preference of

the Bank shall be active-passive mode. However, regardless of active-active or active-

passive modes of utilizing the link bandwidth, the configuration should be such that when

one link goes down, the other link shall take an entire load of carrying the branch traffic

automatically and seamlessly to ensure there shall be no isolation/disruption in

connectivity.

16. The selected NI shall also be responsible for the implementation of the specialized

Solutions, that are in the process of being implemented and those that shall be procured

during the tenure of the contract. Any issue that may prevent the successful commissioning

of the Solution, shall be resolved jointly by the selected NI and the SI. However, if the


&



issue pertains to the networking infrastructure, the sole responsibility of resolving the issue

shall rest on the selected NI.

Subsection A2: Handing-over network operations by Selected NI to its Successor

17. Each prospective bidder shall be required to provide along with their technical bids, the

list of essential documents with a brief description of the contents of the documents that

are typically required for handing over network operations by a current NI to its successor.

This shall apply to the existing NI as well.

Section B: Next Gen Network Operations Center (NOCs)

18. The selected NI shall be required to establish/build two NOCs (NOC-1 and NOC-2) at two

different locations in India. NOC-2 shall be a replica of NOC-1 except for UAT set up

which will only be in NOC-1. It may be noted that the NOCs that the selected NI shall

establish should comply with each clause specified in this RFP elsewhere including

scalability.

19. The selected NI shall be responsible for Design, Supply, Implementation, Customization,

Integration, Operationalization, and Maintenance of the Bank’s own Network Operation

Centres (NOC-1 and NOC-2) with all necessary tools and IT infrastructure including wall-

mounted screens, desktops (specifications provided below), etc. The operationalization of

NOC-1 should be completed by the selected NI in 150 days from the date of issuance

of the Letter of Intent (LoI)/Purchase Order (PO). The timelines to be followed for the

establishment of the Bank’s NOC are provided below:

Minimum Desktop Specifications for operations in NOCs: CPU i7 processor, 8 GB

RAM, 1TB HDD and dual connection monitor capability, Windows 10 (64 bit), alongwith

with keyboard, mouse, mouse-pad, and compatible monitors (minimum 15 inches).

Desktop quantity 200 (with suitable number of monitors).

S. No. Description

Timelines

(from the date of issuance

of PO/LoI)

1

Provisioning of (a) onsite Program

Manager, (b) onsite team of technical

resources from the selected NI and the

OEM for the commissioning of the

Solutions, (c) Escalation Matrix

7 days

2 Site survey where the NOC tools, NPMD

and LMS are required to be built. 21 days

3

Online submission of complete Solution

design and implementation approach

document. The selected NI shall discuss

30 days


&



the approach in detail with the Bank. The

approach shall be finalized by the

selected NI in consultation with the Bank.

The Bank may make suitable changes in

the approach which shall be final and

binding on the selected NI at no

additional cost to the Bank.

4

Hardware Delivery (including all the

components of the solution) at the

intended site of NOC tools, NPMD and

LMS deployment.

60 days

5

Installation, Configuration,

Commissioning, & Operationalization of

the NOC-1, NPMD and LMS

150 days

6


Commissioning, Customization &

Operationalization of the NOC-2

180 days

20. The NOCs so established by the selected NI shall be compliant to the specifications as

mandated by the following certifications:

20.1 ISO 27001:2013 (for ensuring that international standards are being followed for

maintaining confidentiality, integrity, and availability of customer data, systems,

and infrastructure)

20.2 ISO 9001:2015 (focused on meeting customer expectations and delivering

customer satisfaction)

21. It shall be the responsibility of the selected NI to obtain the above-specified

certifications within 365 days from the date of issuance of the PO/LoI for the

establishment of the Bank’s own NOC. The prospective bidders shall have to submit

along with the technical bids the NOC establishment plan (along with the specific

milestones and the corresponding timelines) including obtention of the above-mentioned

certifications on behalf of the Bank.

22. Banks NOC facility including tools and associated infrastructure must be set up in the

Bank identified premises/location. The implementation of NOC-2 shall be carried out after

the successful operationalization of NOC-1.

23. The selected NI shall be responsible to ensure that the NOC architecture, tool

configuration, and NOC operations comply with the Bank’s information security policies

and industry-leading standards and applicable laws and regulations. The illustrative list of

security and other guidelines has been enumerated below:


&



23.1 The NOC must be physically secured and must have separate entry and exit gates

for NOC personnel with two-factor access control with one factor should be a

biometric feature (preferably face recognition). The NI must not allow

unauthorized entry and should have the facility to track and report on the

same. Similar access control to be provided for network/server rooms wherever

required.

23.2 The NOC including server/ network room must have security measures for high-

quality video surveillance of this facility with complete coverage of NOC area with

clear legible images. Minimum 180 days complete surveillance image archival

facility for audit and forensic purposes.

23.3 The NOC must have state of the art telephony systems (i.e. use of

automation/advanced features for electronic transmission of voice and data to

improve NOC operational efficiency in terms of overall user experience) which

are IVR based for call receiving and dispatch to the right teams.

23.4 NOC telephony systems should support Inbound /outbound international /domestic

voice calls through a toll-free number.

23.5 NOC telephony systems should have redundancy and high availability.

23.6 The system must be redundant with the ability for reporting and capability for

integration with the Bank’s Email and other solutions.

23.7 The telephony system must have the ability for the supervisor to barge in, listening,

and coaching.

23.8 There should also be a system for call recording and reporting, for call quality,

auditing, and training.

23.9 The telephony system must be compliant with all relevant TRAI regulations and

have the necessary clearances by the competent authority.

23.10 NOC service desk should able to handle a minimum of 2000 calls per day.

23.11 NOC service desk team should be equipped and trained to assign the tickets/calls

to the respective team of engineers (like NAC, proxy, etc.) with the criticality level.

23.12 Branches and other users should be able to register their complaints through

various modes like Voice calls, missed calls, emails, SMS, mobile apps.

23.13 Service Desk system should generate auto tickets to avoid any missing complaints.

23.14 NOC telephony should prompt callers to self-direct through the main menu and

call tree with IVR/ voice bot. Ability to provide customized messages, menus, and

treatments based on the purpose of calling.

23.15 NOC service desk system should display customer information to the agents as the

call arrives. It should also support integration with ITSM tools for intelligent call

routing.

23.16 NOC service desk should have the ability to automatically distribute emails to the

best-fit agent based on content analysis and keywords.


&



23.17 The service desk system should be capable of providing reports to measure the

required metrics and data for analysis of performance at all stages of

complaints/requests.

23.18 NOC infrastructure should have the ability to send automated and agent-assisted

communication through multiple channels like voice, email, SMS, and mobile

apps.

23.19 The tools deployed in the NOC must be enterprise-grade licensed Software and

hardware, which must be recorded in an asset base and must be auditable.

23.20 The tools must be capable of SNMP V3 protocol-based polling and receiving

SNMP traps

23.21 The tools must be capable of monitoring of all network devices and links on the

Bank’s network.

23.22 The tools must be able to deliver all the service outcomes with the ability to grow

for future scale without any disruption to the ongoing operations.

23.23 The tools must be integrated for all service operations, from the service desk to

monitoring incident management to problem management, change management,

configuration management, etc.

23.24 The tools shall have the features to provide dashboards for operational and business

views.

23.25 Asset tracking and reporting- Ability to have a comprehensive asset Database of

all monitored assets with all Configuration Items (CI) details as per ITIL definition

and report generation utilities.

23.26 The NOC tools must be able to monitor all managed elements (including links) on

the network in a secured manner while providing an authentication mechanism for

all authorized users and logs for the same.

23.27 The NI shall be responsible for the integration of a third-party network into the SBI

network. The selected NI should also have database of the all the third party

network owners, IP addresses used and the applications being used with the

owners, for overseeing any kind of network-related work done by other vendors /

third party apart from NI and make sure that the implementation is compatible with

the Bank’s current LAN and WAN architecture.

23.28 The selected NI Shall be responsible for any acts of third party/ OEM/ Vendor

engaged by them on behalf of the Bank.

23.29 The NOC tools shall be integrated with the Bank’s endpoint security solutions such

as Active Directory (AD), Anti-virus (AV), Patch Management System (PMS),

Data Leakage Prevention (DLP), etc.

24. The bidders shall provide the details of the proposed NOCs (NOC-1 & NOC-2) containing

at least the following information meeting with Bank’s Security policies:

24.1 NOC Architecture diagram (LLD and HLD) including security segments (like

firewall/ IPS etc.)


&



24.2 Bill of Material (BoM) – Name of the software/hardware model, Qty, Purpose,

other technical details.

24.3 Traffic/Data flow between the components of NOC systems.

24.4 Business Continuity Plan (BCP) – clearly stating different scenarios considered.

24.5 A short write-up on each Software tool and explanation to describe the purpose

and dependency of such tools.

24.6 Hardware configuration of each physical component.

24.7 List of Software and utilities used for NOC operation.

Note: The information stated in point number 23 should be provided by the Bidders

during their technical online bid submission.

25. The selected NI shall be responsible for monitoring all the network devices and

communication links from the NOC and for providing a unified portal so that the same

may be used for the following:

25.1 To view the current health status of the entire network of the Bank in a single high-

level view.

25.2 Starting from a country/location, it should be possible to drill down further up to

the branch having a network health issue.

25.3 Device/link uptime.

25.4 Devices resources (CPU, Memory, etc.) utilization.

25.5 Link utilization and up/down status (for both primary and secondary links).

25.6 Voice call flow monitoring.

25.7 Ticket monitoring (status of tickets, resolution time and method, etc.).

25.8 SLA Reporting in the format provided by the Bank. All SLA reports should be

available on the portal which can be downloaded as and when required by the

Bank.

Note: Multiple portals/URLs for viewing different information will not be acceptable to

the Bank. Also, the features/capabilities listed above is for illustration purpose only and,

thus, should not be treated as an exhaustive list of features. The format of reports shall be

finalized by the Bank after discussing the same with the selected NI.

26. The portal/dashboard should be accessible by different users from different locations.

Dashboard/ portal and all tools must have user access control and should provide logs for

the same, it should also provide role-based access.

27. The selected NI shall have to monitor the sites pro-actively and should take necessary

actions to restore the link without waiting for the down call from Bank.


&



28. The selected NI shall be responsible for impact assessment and modification of NOC

operations at no extra cost, on account of any changes to applicable information security

policies/procedures/standards/ regulations, etc.

29. The selected NI shall be responsible for monitoring network from NOC location and

maintaining network uptime by ensuring that faults are effectively resolved

within the defined timelines. The NI shall also be responsible for directing and

coordinating with the field team to carry out corrective/ change activities on-site in case

field support is required.

30. The selected NI shall be responsible for integrating each device with the NOC monitoring

and management systems so that every critical parameter/element/resource can be

monitored and managed proactively. The NI must ensure that the NOC tools should be

capable of handling 1,50,000 network devices and 1,00,000 communication links in

the Bank’s network, from day one and scalable up to 2,50,000 network devices and

1,50,000 communication links.

31. The selected NI shall also be responsible for providing NOC tools that should be both

horizontally and vertically scalable.

32. The selected NI shall be responsible for the development and implementation of following

processes for monitoring, management and operation of the NOC including, but not

limited to:

32.1 Capacity Planning.

32.2 Configuration and Change Management.

32.3 Incident and Escalation management processes.

32.4 Daily standard operating procedures.

32.5 Training procedures and material.

32.6 Reporting metrics and continuous improvement procedures.

32.7 The DR plan for the entire network must be developed by the selected NI.

32.8 Security Patch management procedure.

32.9 Integration of NOC tools with the Banks’ other applications/ tools.

Note: The technical bid should contain an overview of the processes mentioned above.

33. Each bidder shall have to provide distribution of the network engineers that according to

them would suffice for the management of the network and solutions as described in this

document. The bidder, to provide this information, may seek relevant information in the

form of queries that may be raised through pre-bid queries. The Bank shall provide the

required information that shall not constitute a violation/breach of sharing confidential


&



information or for any other legitimate reasons. The format to be used by each bidder is

provided below:

Location:

S.No. Role

Designation

(operations

manager, project

manager, technical

resource etc.)

Level

(SD, Field

Engineers, L1,

L2, L3 etc.)

Specialization

(project

management,

security, routing

& switching,

architect ,

system admin,

etc.)

Count

Type of resource

(dedicated/shared,

offsite/onsite)

             

Note: The above information is required to be provided for each of the following locations

separately: GITC, PR NOC, DR NOC, 17 LHOs, inside 5 DCs of the Bank. Bank’s

proposal on the same is provided in Appendix-Q.

34. The selected NI shall have to ensure the capability to receive and respond to calls and

emails on a 24/7 basis from the Bank and its vendors.

35. NOC Tools: The following table describes the minimum set of features that the NOC tools

shall have:

Sr. Tool Type Functionality

1 Event

Monitoring &

Detection

• The network monitoring tool must provide the information

necessary for network management (i.e. ISO FCAPS

model).

• The tool should collect useful information from various

parts of the network so that the network can be managed

and controlled.

• The tool should be able to find network performance trends

and do predictive analysis.

• Network incidents should be detected, monitored, and

resolved.

• The monitoring tool should keep a record of what devices

of the network are used by users and how often they are

used.

• This tool must also be able to generate bandwidth

optimization reports.

• Must be capable of SNMP V3 (or any updated version

released during the contract period) protocol-based polling

and receiving SNMP traps.

• monitoring of all device and links on the network


&



• The proposed Solution must automatically discover

manageable elements connected to the infrastructure and

map the connectivity between them.

• The proposed system must support multiple types of

discovery including the following:

• Seed router-based discovery – Using route tables and

SNMP MIBs

• IP discovery

• Import data – from pre-formatted files (Ips, ranges,

strings or ports)

• Trap-Based Discovery – whenever new devices are added

with the capability to exclude specific devices based on

IP addresses / IP Address range

• The system should provide discovery & inventory of

heterogeneous physical network devices with providing

information about the make, models, and their category.

• The system should support maps grouped by network

topology, geographic locations of the equipment, and user

group/departments. These should help in understanding

physical Networks, virtual Network services, and the

relationships between them. It should also support the

manual selection of fields to view customized topology

and device groups.

• The proposed Solution must provide a detailed asset

report, organized by vendor name and device, listing all

ports for all devices.

• Network Fault Management should support both client-

based and GUI-based monitoring console.

• The proposed Solution should provide out of the box root

cause analysis with multiple root cause algorithms inbuilt

for root cause analysis.

• The system must use advanced root-cause analysis

techniques and policy-based condition correlation

technology for a comprehensive analysis of infrastructure

faults.

• It should have a strong event correlation engine that can

correlate the events based on event pairing, event

sequencing, etc.

• The system must be able to ‘filter-out’ symptom alarms

and deduce the root cause of failure in the infrastructure

automatically

• The system should be able to consolidate alarms from

non-IT systems such as sensor/SNMP enabled UPS, DG

sets, etc to provide a view of the operations environment

that supports the branch level IT assets.

• The tool must use AI-based ML for the following:

➢ Elicit patterns and real-time correlations to

cluster relevant events and reduce event clutter


&



➢ Identify anomalous conditions to address

problems before they affect customers

➢ Baseline normal operational patterns and adapt

thresholds to changing behavior in real-time

2 Incident

management

• All networks level alerts from Network and Event

Management Systems shall be ticketed in ITSM Tool

automatically or through administrator-defined rules.

• The tool should be able to escalate incident/ link down

cases to the service providers based on the escalation

matrix after predefined trigger points.

• Incident Management to support Parent and Child Incident

Mapping.

• Based on the rules defined, all subsequent events of the

same Incident to be updated or suppressed under an

existing Incident.

• The tool should leverage the relationship between Cis in a

CMDB (configuration management database) for

identification of the root cause of the incident.

• Resolving Parent Incident should automatically resolve all

child Incidents.

• The selected NI shall have to monitor the sites pro-

actively through the NOC and should take the necessary

action to restore the link without waiting for the down

call from Bank.

• The tool should be able to auto-assign incidents to support

personnel for actions to fix, confirmation, test, etc.

• When an Incident is raised and before assignment to an

agent, the System shall perform initial Level

troubleshooting and automated checks to provide a quick

update of the Incident in the notes.

• The System shall only allow the Network Incidents to get

resolved, only when the network event is cleared in the

Network or detected by Network Management System.

• The tool should be able to generate reports on

statistics/metrics about incidents (e.g. average time open,

number of incidents with each status total number raised,

open or closed).

• The tool should be able to store the information about the

attributes of incidents (e.g. severity)

• The tool should be able to store attachments (e.g.

screenshots).

• The tool should be able to prioritize incidents.

• This tool must be able to send incident triggered SMS and

email to all the stakeholders of the Bank and NI. Since the

Bank has its SMS Gateway, the selected NI shall have to

integrate the NOC tool and the Bank’s SMS Gateway for

sending the SMS messages.


&



• SMS and email must be based on policies defined by the

Bank under need to know basis. The tool should provide

incident reports – hourly, daily, weekly, monthly, yearly,

and for a specified period.

• Integration of Incident management systems with the Bank

vendors and partners through relevant APIs.

• Auto escalation processes to be supported.

• Problem Tickets in ITSM tool shall follow the lifecycle of

Problem Management – New, Assess, Root Cause

Analysis, Fix In-Progress, Resolved, Closed, etc.

• Problem Management tickets shall be created

automatically and by the system based on business rules

on consecutive incidents.

• Repeated Incidents within a predefined interval shall

qualify for automated problem management tickets.

• The incident management system shall capture detailed

RCA with corrective actions.

• Corrective actions as indicated in the Problem Ticket shall

be reviewed and approved in the ITSM tool.

• ITSM tool shall also provide options to accept risks for

specific Problem Management tickets.

• NI is responsible for providing ticketing tool access to the

network service providers for effective incident

monitoring and resolution.

• The selected NI shall also be responsible to integrate their

ticketing tool with the ticketing tools of other service

providers (external solutions) or ticketing tools being used

by the Bank (internal solutions).

3 SLA

Compliance

• Automated SLA compliance calculation and SLA breach

warning alerts.

• Automated web-based SLA report generation and

distribution

• SLA compliance historical reporting with trend analysis

• Operational Level Agreement (OLA) compliance

monitoring with service desk integrations

• It should be uniquely positioned for ITIL, Six Sigma and

other quality improvement initiatives

4 Network

performance

& capacity

management.

• Speeds troubleshooting, resolves network outages and

reduces downtime

• Monitors and displays response time, availability, and

performance of network devices.

• Improves operational efficiency with out-of-the-box,

customizable dashboards, alerts, and reports

• Automatically discovers and maps network devices and

typically deploys in less than an hour.

• Network health monitoring, which for example checks

various parameters on the router like CPU Utilization,

Memory Utilization, Errors and Discards, Voltage,


&



Temperature, CRC error, Collisions, Buffer statistics (Hits,

misses and failures), etc.

• Network traffic analysis, which shows how exactly the

bandwidth is being utilized through interface-specific reports

on which user, source and destination IP address,

conversation, type of traffic (HTTP / HTTPS / SFTP / TCP/IP,

UDP, application-specific, etc.) and other

parameters/overheads, etc. is occupying bandwidth, etc.

• This tool must monitor network/link latency in real-time.

• This tool must be able to auto escalate regarding the breach

of max utilization of bandwidth and also able to report

regarding breach of x% growth in traffic within 30 minutes.

• Trends of the utilization of all assets. It could be a memory,

CPU, bandwidth, downtimes, uptimes, packet loss, latency,

jitter, etc.

• The Solution should provide near-real-time network

monitoring and Measurement of end-to-end Network

performance & availability to define service levels and

further improve upon them.

• The proposed Solution should provide the following

performance reports out-of-the-box:

o An executive summary report that gives an overall

view of a group of elements, showing volume and

other important metrics for the technology being

viewed.

o Capacity Planning report which provides a view

of under and over-utilized elements.

o Service Level report that shows the elements with

the worst availability and worst response time.

• The tool should have the capability to configure different

polling speeds for different devices in the managed

infrastructure with the capability to poll critical devices.

• The Solution should be able to provide performance data

& threshold-based alerts for real-time performance

monitoring, reporting, and historical trending.

• The tools should use AI-based machine learning that

provides capacity predictions for link up-gradation, down-

gradation, network device augmentation etc.

• Ability to monitor Branches LAN/ WAN link and enrich

with geo-location, branch id, business hours to Service

Provider (SP) link types and create SP performance rank

report using a statistical data model.

• The monitoring Solution needs to be able to ingest logs,

metrics, flows, and events into efficient key-value databases

where they are stored to later be accessed and analyzed.

• The system should have the ability to check the

availability of a remote connectivity resource – infra devices

or URLs through the heartbeat.


&



• The proposed Solution should support, SNMP V3,

Syslog, NetFlow, API integration where applicable, and

Command line-based response analysis as data sources.

• The Solution should be able to monitor custom scripts

and alerting the same when it crosses the set thresholds.

• The proposed Solution should be capable of generating

reports and to notify the concerned team through Email/SMS

• Ability to create a correlation between a sudden increase

in network traffic and Slashdot effect, with users, systems,

and applications used to create a correlated compound alert.

• The proposed Solution should be capable to provide GUI

based reports & topological maps of network devices by

location and impact.

• The Solution should have the ability to integrate with

other systems and overlay and predict business volume vs

network usage.

• The proposed Solution should provide a single dashboard

to track the infrastructure devices of DC and DR with a drill-

down facility.

• User experience alerts- use the anomalies discovered

using Machine Learned data model from user experience

golden signals to create custom alerts regarding issues

affecting customer experience.

• The Solution should use automated data slicing, Natural

Language Generation (NLG), and user feedback based fine-

tuning of insights control to create automated insights.

• The system should have a dynamic auto baselining of

alerts for utilization, bandwidth usage, packet errors,

latencies, etc.

• The system should support Anomalies related to rare

events, sudden spikes in usage, and abnormal variations in

patterns.

• The Solution should have univariate forecasting of

bandwidth usage, capacity enabling better planning of

bandwidth, and telecom and Internet service providers SLA

terms.

• The Solution should perform Operational performance

index (OPI) involves a better prediction of incidents across

each touchpoint and business flows.

• The Solution should have SP indexing with the following

functionalities: 

o Indicate robustness of current operations and SLA

via measuring customer experience index.

o Performance Scoring.

o It should use Monte Carlo probabilistic methods.

o Uses proxy signals like Branch peak hours, ISP

link outages, and other data enrichments to make the

index dynamics and more specific.


&



o Capacity planning and assess trade-off choices in

choosing the best ISP across geo-locations.

• Out of the box storyboards for Isolated Links, Links on

Primary, Secondary, etc.

• The proposed Solution should able to provide bandwidth

consumption information for IP to IP communication or IP to

Geolocation communication or IP to Ips communications.

5 Asset

profiling and

management

• Following entities shall be part of the Asset database

[CMDB]

Sites/Branches, Physical Assets including non-IT assets

that support IT assets, Logical Assets – Licenses, IP

Subnets, Links, etc.

• The asset DB shall maintain the lifecycle of each Asset in

the database

• The asset management system shall have the capability to

discover assets, track changes of attributes, and maintain

the history within its database.

• In addition to used/live devices proposed tool should also

capture the spare and free devices with their location so

that the same information can be used in mobilization.

• The tool should help maintain AMC contracts of each asset

in the SBI network.

• Ability to have a comprehensive asset Database of all

monitored assets with all Configuration Items (CI) details

as per ITIL definition and report generation utilities.

• The Asset management system should also support a

Configuration management database [CMDB] of all

assets.

• CMDB shall maintain relationships of all Cis of a

particular asset in the database

• Incident Management Process shall use the relationships to

suppress/aggregate the alerts based on the relationships

maintained by CMDB.

• Change Management Process shall use the relationships to

identify the affected entities based on the relationships

maintained by CMDB.

• The tool should be automated and should accelerate the

process of asset identification of all SBI’s network

devices.

• Advanced auto-discovery that checks IOS Software

against an application’s knowledgebase.

• Monthly asset knowledgebase updates.

• A fast, convenient mechanism for adding proprietary and

legacy of network products.

• This tool must be capable enough to highlight those

devices which are with decommissioned branches.

• For physical universe – To provide a dedicated IT asset

life-cycle management suite which will have a separate


&



ITAM module where the dynamic real-time inventory will

be available on the fly. This ITAM module should be part

of ITSM, which will be used for Bank’s network

management.

6 Configuration

management

• In real-time, the Solution should detect configuration and

asset information changes made across a multi-vendor device

network.

• The Solution should capable to detect, compare & alert on

changes based on which decision could be made for rollback

or implementation of changes.

• The Solution should be able to identify vulnerabilities

based on security advisories and take necessary corrective

actions.

• The Solution should support configuration

deployment/rollback using policies, configuration templates,

and ad-hoc commands.

• The Solution should provide options to take incremental,

scheduled, and full configuration backup.

• The Solution should capable of performing Configuration

backups /Policies/OS images/rollback to multiple devices at a

time

• The Solution should have provision to Schedule the Task

for a specific date, weekly, monthly, quarterly, etc.

• The Solution should capable to automate all repetitive &

time-consuming tasks related to network device configuration

& change processes.

• The Solution should be able to track and detect any

configuration changes and alert accordingly.

• Deploy and monitor IOS operating system images,

network security patches from a centralized network

management system.

• The Solution should be able to push standard templates for

existing network devices and new deployments.

• The Solution should support the device communications

protocols (for example, Telnet, SSH, TFTP, FTP etc…)

• The Solution should manage network compliance by

comparing devices to Custom defined, best-practice standards,

Gold Standard, etc…

• Should maintain policy compliance using continuous

configuration auditing and remediation.

• The Solution should capable of automated remediation to

bring devices back to policy compliance or to a default

configuration status.

• It should manage device access and authorization through

a centralized control model.

• The Solution should provide a browser-based

customizable Executive dashboards widget/page showing

Device Statistics & their Compliance.


&



• Schedule and generate custom reports on all aspects of

network device statistics and their compliance.

• The Solution should capable of integrating other

management systems and ITSM tools through Rest APIs for

change management and custom workflows.

• For logical universe – IPAM tool for mitigating challenges

related to IP distribution, IP usage, central dashboard.

7 Change

Management

• The system should support all the three types of service

changes ITIL describes — standard, emergency, and normal. 

• Support various roles for the requester, approver,

reviewer/CAB, etc.

• Should support risk assessment of the change, scheduling

of change, record impacted assets, and associated Cis.

• Ability to detect change conflicts, integrate with Incident

and problem management processes to drive an Integrated

Change.

• Must support Change management reports and analytics.

• Should support post-facto approval.

8 Dashboard &

Reporting

• NI is responsible for providing different operational and

business dashboards as per Banks requirements

• NI must set up a minimum of 6 wall displays of

minimum 55” size for displaying various screens (which

are critically required) for the dashboard in the NOC.

• Call/ticket monitoring (status of open and closed tickets,

resolution time and method, etc.)

• The dashboard must have a drill-down approach to the

branch level, incident ticket updates, and log of times from

when the incident has occurred and what actions are taken

till resolution.

• The tool should have the ability to filter views by problem

type, by Circle, by Branch Code, by down-since, and other

such various filters. The tool should also support regular

expression for specifying the search criteria.

• The tool must be capable of providing different views

based on login credentials, by Bank Circles, Regions, and

Countries, etc.

• The entire dashboard should be as real-time as possible

with capability for back in time and calendar filters.

• The Dashboard should be GUI based (e.g. Country map

showing all branches, color coding on branches based on

the health of the network of branches, etc.) automated user-

friendly tool that will give an integrated picture of

the health of all the Bank branches and Foreign Offices.

• SLA Reporting (including links health details) in the

format provided by the Bank. All SLA reports should be

available on the portal which can be downloaded as and

when required by the Bank.


&



• Operational reports as per the format defined by the

Bank.

• The selected NI shall provide a WEB based Business

dashboard for the Bank and its vendors (if required),

that shall provide for the following (but not limited to):

• A complete view of the network health across

India and overseas

• Colour coded view of outages in the network

• The bandwidth of the branches

• Link status. If down, it shall display the downtime

details and ETR and the reason for the outage. The

link status should display for both Primary and

secondary links at branches. The incident ticket

should be generated for both the links if both links

down. Manually generated incident tickets should

reflect in Dashboard immediately after ticket

generation.

• Near real-time bandwidth utilization, etc.

• Categorization of the incidents shall be discussed

and finalized with the selected NI

• country map displaying all important locations such as

LHOs, Corporate offices, and other important and critical

sites in India and branches/offices in foreign countries

• Mobile dashboard (android, iOS, and Windows

compatible): The selected NI shall also be responsible to

extend their “desktop” dashboard reporting service to the

mobile dashboard wherein all the stakeholders of the Bank

will be able to see outputs on the mobile dashboard. The

mobile dashboard should be implemented as a mobile

application. The selected NI shall have to provide the

mobile dashboard within 90 days from the start of the

contract.

• The tool to provide a Web and mobile-based business

dashboard for the Bank and its vendors (if required), that

provide for the following (but not limited to):

• A complete view of the network health across the

country and overseas.

• Color-coded view of outages in the network.

• Information regarding all the network devices

deployed on the entire SBI LAN and WAN

network as well as information about the OS

version installed on these devices.

• The number of ports available.

• Bandwidth details of primary link and secondary

link

• Link status up and down with colour codes (Y/N).


&



• The bandwidth of the branches and its utilization

for both links.

• Link down status including the downtime details.

• Details of expected time of restotation (ETR)

• Reliability of links, packets loss, latency, jitters

etc.

• Real-time bandwidth utilization etc.

• Application-wise bandwidth utilization such as

bandwidth utilized for CBS, LLMS etc.

• Various incidents, problems, service and change

requests, and their status.

• Capacity trends and forecasts.

• Status and health of non-IT assets such as UPS etc. that are

used to support the routers and other IT assets in the

branch.

• Fully customizable dashboard according to the

requirement of the Bank.

• It should have full compatibility with web and mobile-

based (android and iOS).

• The selected NI shall have to build a workflow for link

management staring from the proposal for link

procurement, conducting feasibility, issue of the purchase

order, link delivery, its deployment, BW

upgrade/downgrade, and surrender/termination.

• All the reports should made available online,

downloadable, and print-friendly in excel and pdf.

• The dashboard should meet all security parameters as per

the Bank’s IS policy.

• The dashboard should support major browsers such as

Microsoft Internet Explorer, Google Chrome, Mozilla

Firefox.

• Dashboard sign-off will be provided only after the

closure of all security observations pertaining to the

dashboard.

Note : The Mobile dashboard to be provided by the

selected NI for monitoring purpose/for

Branches/Controllers as stated above should provide the

following informations on their Mobiles-(android, iOS,

and Windows compatible):

• Complete view of the network health across the

country and overseas through drop down Circle-

wise, Adminstative Office-wise, Regional

Business Office-wise and Branche-wise.

• Color-coded view of outages in the network.

• Status of network devices deployed on LAN and

WAN network.


&



• Bandwidth details of primary link and secondary

link

• Link status up and down with colour codes (Y/N).

• The bandwidth of the branch and its utilization for

both links.

• Link downtime details and expected time of

restotation (ETR)

• Reliability of links, packets loss, latency, jitters

etc.

• Real-time bandwidth utilization etc.

• Application-wise bandwidth utilization such as

bandwidth utilized for CBS, LLMS etc.

• Centralised portal for management of physical and

logical universe.

Note: Specific details regarding the Dashboard tool shall be

discussed with the selected NI. The decision of the Bank shall

be final and binding on the selected NI.

9 Process

Automation • NI must provide tools capable of automating, but not

limited to, the following NOC activities:

o Reports.

o SLA Compliance.

o Events Detection and Monitoring including

Network Performance issues.

o Incidents Recording and Monitoring.

o Service requests.

o Change Management requests.

o Moving Average Convergence Divergence

(MACD) Histogram.

o Approval process.

o Assets’ Profiling.

o Configuration Changes/Upgrades, verification of

configuration parameters.

o Penalty Calculations.

o Patch Management

• The NI should be able to automate the operational

activities which are carried out on a day to day basis.

• A dashboard for all the mentioned tools should be provided

by the NI.

• The tool should able to reduce human efforts at routine

activities by automating the tasks on the above service

operation areas.

• The automation capability should complement the NI

technical skills by reducing the incident resolution times.

• The tool must also have the ability to learn new actions via

the recording of the NOC operator activities, to be

automated for the next occurrence of this activity.


&



• The NI must have an established CSI capability to

continually improve the Network availability, by

leveraging the automation tool capability and process

excellence.

• The automation tool capability must be installed and

operated as a part of the NOC services.

Data to be collected and stored for the entire contract period in a structured

retrievable format:

• Branch wise band width utilisation.

• Application wise bandwidth utilisation for all locations.

• Branch wise band width utilisation at various points of time.

• Data of all incidents with complete action points and time lines.

• Ticket life cycle with data point likes, ticket generation time, various action points

with timelines.

• Request data with complete action points and time lines.

• Call statistics as per the SLA.

• Service desk statistics for various modes of inward communications with data

points like, complainant branch/department, called purpose, action taken, various

action details with timelines.

• Team wise operational statistics with action timelines.

• IT assets life cycle management data.

• Device data.

• Device/ link stats – Bandwidth, CPU, Memory utilization…

• Branch /region /AO /LHO wise link deployed data.

• TSP wise link life cycle data.

• Change request data.

• Knowledge base.

Note: This list is not exhaustive and NI should collect and preserve all data

relevant to network and NOC operations management.

Note:

a. The data required for the period before the commencement of the contract (starting

from 01.01.2016) shall have to be obtained from the existing NI during the

transition phase and shall have to be imported into the Dashboard and other relevant

tools.

b. Multiple portals/URLs for viewing different information will not be acceptable to

the Bank.

c. NI is responsible for obtaining any statutory approvals/ licenses to operate Banks

NOC.


&



36. NOC Reports:

36.1 The selected NI shall provide the periodic or on-demand reports as requested by

the Bank.

36.2 The details of the reports, the frequency of the reports, and the format of the reports

will be decided by the Bank.

36.3 All the required reports should be available and preserved in the dashboard and

should be downloadable in pdf and excel format as per the Bank’s requirement.

36.4 The selected NI must discuss all the reports with the Bank and their exact online

submission time etc. and then take a call for all the three levels mentioned in SLA

compliance.

36.5 The NI may be required to provide some/all the following reports or more.

However, the required report frequency and the exhaustive list shall be finalized

with the selected NI. Also, the selected NI must make available the reports from

01.01.2016.

The sample list of reports:

Sl.

No.

Report Requirement Frequency

1 Call Statistics (daily, weekly, monthly) Daily/Weekly/Monthly

2 Daily Reporting with uptime /downtime &

reason

Daily

3 Escalation Report On request

4 MTBF Analysis Report calculated quarterly Quarterly

5 MTTR Analysis Report (Monthly) Monthly

6 Frequent Problem Analysis Report Monthly

7 Vendor wise Analysis / Performance

Report (downtime status)

Online

8 Online Link Up/Down Report Online

9 Group-wise Link up/down, utilization, SLA

Report

Online

10 Location wise links up/down report Online

11 Application-level BW utilization on-

demand Link analysis such as

up/down/utilization history

Online

12 BW utilization on crossing threshold limit

etc.

Monthly

13 Top 10 Link (high / low uptime) Online

14 Last 3 call history for a location Online

15 CRC Errors Reports On request

16 Router CPU Utilization Reports Daily

17 Router Free Memory Reports Daily

18 Network Uptime Report Online

19 Application Response Time Reports Online


&



20 Updated network diagram/topology

information

Online

21 BGP/OSPF/any other IGP uptime report. On request

22 Incident Reports/Alerts Online

23 Root Cause Analysis (RCA) report for

critical incident

Online

24 Updated port wise hardware information Online

25 Update on all the activities conducted in the

network.

Weekly

26 Change Management Report for each

change

Monthly

27 Isolated branches report 11:00 AM & 5:30 PM,

Daily

28 Link down incidents report 11:00 AM & 4:30 PM,

Daily

29 Isolated branches 11:00 AM dashboard data

updated report.

4:00 PM, Daily

30 >72 Hrs isolated branch down BSNL

category incidents reports

10:30 AM, Daily

31 Greater than 24Hrs down branches report. 2.30 PM, Daily

32 Daily Top 10 Bw utilization, CPU/Memory

utilization report

11:00 AM,

Daily

33 Backup Link testing report 6:00 PM, Weekly

34 Branch Downtime Report –

Telco/DD/Bank category 10am to 6pm

4:00 PM,

Daily

35 ORM Report – Branch network downtime

report 10 am to 6 pm

Monthly

36 Major Incident Report on

daily/weekly/monthly basis

Daily/Weekly/Monthly

37 NOC Staff attendance report Daily/ Monthly

38 Overall deployed branch and link details

report

Monthly

39 FAR Implementation status report 01:00 PM Daily

40 L1, L2 & L3 Pending tickets status report 01:00 PM Daily

41 AAA User management report Monthly

42 Updated network diagram/topology

information

On-demand

43 Update on all the activities conducted in the

network.

Weekly

44 Proof Of Concept (POC) result/report On-demand

45 Change Management Report for each

change

On-demand

46 Asset Reports On-demand

47 Weekly stock report Weekly

48 Monthly shifting of links/sites report Monthly

49 Manpower deployment-cum-attendance

report

Daily


&



50 SLA and Penalty report (with calculation

formula)

Daily

51 Others (as per requirement stated in RFP) On-demand

37. The following are the tentative expectations with respect to OEM involvement during the

contract period, that the selected NI shall have to ensure:

37.1 Review of Technical Requirements Specification document, considering all

quantitative and qualitative aspects related to the configuration of the Solution

from an industry-leading practice and in tune with regulatory guidelines.

37.2 Review of Solution architecture to assess the extent to which the same will support

business requirements and review gaps/ customizations if any.

37.3 Review of information requirements and supporting processes w.r.t completeness

and quality

37.4 Review of functional configuration by duly benchmarking against defined scope

and business requirements

37.5 Review of test strategy, scenarios and test cases developed for supporting the

configuration for conducting UAT of the Solution configured.

37.6 Review of UAT environment, plans, mapping of test cases, triggering of use cases

developed and functional requirement specification and tracking mechanism for

resolution of issues.

37.7 OEM certificate Go-live of the respective component.

Section C: Site Survey, LAN Implementation & its Management

38. The selected NI shall be responsible for:

38.1 Surveying new site(s) and conducting Preventive Maintenance (PM) at the sites

such as branches, offices, Data Centres (DC), Offshore Development Centre

(ODC), War site, or any other site decided by the Bank. The scope of the

survey/PM, inter alia, shall also involve checking of proper cabling-and-tagging

and as well as rectification of any anomalies/deficiencies observed.

38.2 Reviewing and designing the LAN architecture for the existing and upcoming sites,

respectively.

38.3 To ensure proper cabling (copper/fiber) in the Data Centres and Offices through a

reputed data cable vendor including all passive materials on need basis. The actual

cost of the cables and associated passive materials (like connectors, patch panel,

LIU.etc.) shall be borne by the Bank

38.4 Installation and configuration of all active network devices (existing or new).

38.5 Replacement of devices that have reached End-of-life (EoL) or End-of-Software

Support or faulty devices (Switches and Routers shall be provided by the Bank as

per the recommendation of the selected NI).


&



38.6 Providing a certificate for successful cabling by the cabling vendor to the Branch

wherein the concerned engineer of the selected NI would also certify that the

cabling has been done properly and as per the requirement of the Bank.

38.7 Certification includes the quality of cables and material (branded) used for cabling.

38.8 LAN troubleshooting. NI is responsible for monitoring up to the I/O point. NI may

recommend the replacement of cables/patch cords as required.

38.9 Preventive Maintenance (every quarter) – The selected NI shall have to provide

a facility in the unified dashboard for the Bank using which the Bank officials may

track the progress of the Preventive Maintenance (PM) activities and can follow-

up with the concerned teams of the NI. The selected NI shall have to make

available an online tool/application for reporting network related issues by

branches and offices, entry of field visit reports by field personnel, closure remarks

with visit performance evaluation by Bank’s officials concerned like grading, etc.

Additionally, all PM reports shall have to be uploaded and maintained on the

dashboard, throughout the contract period, so that any PM report can be fetched

online and reviewed as and when required by the Bank. An illustrative list of

activities that shall have to be performed as part of a scheduled plan, rather than as

a response to a breakdown, has been provided below:

a) Inspect all cabling for breaks

b) Make sure that cables are labeled correctly, and labels are not coming off

c) Replace any worn or unreadable labels.

d) Check that cable supports are properly installed and that no attachment

points are coming loose.

e) Proper termination of data cables between Switch/Router and LAN I/O

ports at the user end and between Switches and Routers.

f) Identifying components or parts of network devices that are wearing out or

making unusual sounds and requires repair or replacement. Such identified

components/devices (if any) must be replaced before they fail to prevent

unnecessary network downtime. The estimated date and time of

replacement should also be mentioned in the PM report.

g) Demonstrate to network users how to properly connect and disconnect

cables, as well as how to move them if necessary.

h) Proper termination of data cables between Switch/Router and LAN I/O

ports at the user end and between Switches and Routers.

i) To check the condition of network devices and other network equipment to

make sure that they are kept clean and are in good working order.

j) All network devices are installed within the closed network racks and that

only authorized users can open the racks for maintenance and other

important activities.

k) To prepare the inventory of network devices (live and those that are kept

as spares) recording the details such as make and model of the device,

number of ports connected and free, whether there are free slots available

for expansion, etc.

l) To record the versions of Software and firmware running on the devices.


&



m) To check proper functioning of UPS, batteries, and Earthing

n) To check if the batteries of UPS are weak or providing insufficient power

backup. If the same requires replacement, it should be brought to the

notice of the concerned officials of the Bank. The list of such officials

shall be provided by the Bank to the selected NI.

o) To ensure proper maintenance of UPS are being carried out by the

UPS/AMC vendor and that periodic inspections are being conducted by

the said vendors. In case of any issue while dealing with the vendors the

matter may be brought to the notice of the concerned officials of the Bank.

p) To check the expiry of AMC and if in case the same is going to be expired

soon, it should be informed to the concerned officials of the Bank.

q) To record the date and time when the last PM was carried out including the

name of the NI personnel who carried out the same and whether the

findings of the previous PM report has been closed/addressed.

39. The selected NI shall be responsible for:

39.1 Keeping up to date Branch network architecture in a central repository

39.2 Network device replacement

39.3 New device deployment (including configuration & making it live)

39.4 LAN troubleshooting

39.5 Ensure proper:

a) Earthing

b) UPS Power

c) UPS maintenance

d) Network Rack Security

39.6 LAN Management Cost will be calculated based on the number of deployed

switches in the Bank’s network (including domestic and foreign offices but excluding

Data Center switches) per year

39.7 For example, if there are ‘N’ number of switches deployed in the Bank’s network

as on the last date of a given calendar quarter, the LAN management cost payable

shall be as under:

‘X’/30,000 * ‘N’

Where ‘X’ is the rate discovered for 30,000 deployed switches (weight), and ‘N’ is the

number of deployed switches arrived at by fetching the data directly from the

monitoring tool.

Note:

a. A supporting document/evidence must be attached with the PM report.

b. Format of the PM report shall be finalised in discussion with the selected NI.

Under the PM report. The list of checks may increase or decrease over the


&



contract period and shall be binding on the selected NI with no additional cost

to the Bank, whatsoever. The decision of the Bank shall be final in this regard.

40. In case the Bank plans to migrate to wireless, LAN replacing the current wired LAN,

selected NI shall be responsible for designing, configuring, implementing, managing, and

troubleshooting the same.

41. In case the Bank opts for Geo-tagging, the selected NI will be responsible to migrate from

manual devices tagging to Geotagging.

42. Existing Sites: It shall be the responsibility of the selected NI to perform a site survey

for every branch and offices of the Bank. However, to begin with, a list

of approximately 5000 critical branches/offices of the Bank including Foreign

offices shall be provided to the selected NI for carrying out site surveys. After conducting

the site survey, the selected NI shall have to submit the list of deficiencies observed by

them (if any) and the recommendations to remove those identified deficiencies. The

selected NI shall have to complete the above-mentioned task within 6 months from the

date of issuance of the list of the branches/offices. The deficiency may be in terms of

unstructured cabling, presence of unmanaged switches/hubs, network racks not adequate

in size and/or not under lock and key protection, unavailability of enough UPS power,

backup UPS, proper Earthing, availability of alternate links, load balancing vs

sharing, ineffective implementation of Quality of Services (QoS), improper configuration

of the devices installed at the sites, etc. The Bank reserves the right to accept/reject the

recommendations made by the selected NI. However, if the Bank provides approval for

the implementation of the recommendations, the selected NI shall have to oblige for

the implementation of the same. It is to be noted that ensuring complete implementation

of recommendations at all the sites shall be the responsibility of the selected NI that may

require a repeated visit(s) to the site. The utilization of the links, quality of the links,

statistics like the number of times the links went down, number of hours impacted in

working hours, to be gathered along with the above-mentioned details.

43. Commissioning of New Links, Shifting of existing links and surrender of existing

links: At sites where the Bank shall be opening a new branch/office or is shifting an

existing branch/office, the selected NI shall have to perform the site survey and to assess

the site readiness and once the site survey is done, detailed site readiness report will have

to be submitted by the selected NI to the Bank in a mutually agreed format. It shall be the

responsibility of the selected NI to coordinate with the TSPs and to carry-out

all other associated tasks/activities required for making the site Live including the

shifting of the network devices and communication links from the existing to the new

site within 2 weeks (after the date of site-readiness declaration) for BSNL / MTNL

links and 6 weeks for links from Alternate Service Providers. However, the Bank shall

facilitate the selected NI to carry-out the activities to the extent possible. It shall be the

responsibility of the selected NI to coordinate with the TSPs and to carry-out

all other associated tasks/activities required for surrendering an existing link including

decommissioning of the links in the NOC tools within 4 weeks for all links.


&



44. For the opening of a new branch/office, the selected NI shall have to assess the hardware

and link requirements of that office/branch and should provide the Bill of Material /

Bill of Quantity to the Bank with proper justification of the hardware requirements so

assessed. Once the required hardware is provided to the NI, the NI shall verify the same

against the BoM / BoQ and shall provide acceptance of the same. The LAN at the new

location shall also have to be designed, implemented, and managed by the selected NI.

45. The selected NI shall have to maintain rack mounting facilities for network

equipment at all sites, ensure standard Earthing and power backup should be

maintained at all sites, physical security of all devices at all locations.

46. For smooth operation, management of existing network, integration with other networks,

and further expansion of the network, NI must submit the network hardware/ related

software, etc. requirements along with proper justification of bill of material and quantity.

Section D: Communication Link Management

47. The selected NI shall have to design the nomenclature for naming the links so that each

link can be identified uniquely. This will help in remote troubleshooting or for first-level

troubleshooting.

48. The selected NI shall have to create and manage the database of all links in-use by the

Bank. This database should have information such as link provider, link technology

(Wired(copper/fiber), RF, WiMax, 3G/4G, VSAT, etc.), date of link commissioning/de-

commissioning/shifting/upgrade, bandwidth, primary/secondary, branch/office address

where the link has been terminated, etc. It is to be noted that once a record/information is

created/inserted into the database, the same should never be deleted. It should be possible

to view the history of links that have undergone shifting, upgrades, etc. This database may

be linked to the Branch DB and Devices DB (explained elsewhere in this document).

49. The selected NI shall have to monitor all the links regardless of the service provider,

primary/secondary/tertiary, technology, etc. and provide the link uptime/downtime

reports at the frequency defined in this document. The NI shall also carry-out link failure

testing exercises periodically. This is to ensure that the secondary link is always in a

ready state to carry the application traffic the moment the primary link fails.

50. NI shall be responsible for branch BCP activity as per the schedule prescribed by the

Circles. The selected NI shall conduct functional testing of ASP links once in a quarter.

NI shall conduct scenario-based testing of DC links once in a month.

51. The alternate path from the branches / Data Centers shall be designed and implemented

and tested periodically with 6 months interval.


&



52. The selected NI shall have to design and plan for shifting of the network (i.e. network

devices, links, racks, LAN cables, etc.) of the identified branches of the Bank including

Foreign offices from one location to another as and when required by the Bank. The

selected NI will be responsible for deploying all the network devices at the re-

located sites. Before deploying, proper permissions shall have to be obtained by the

selected NI from the Bank. The deployment reports should be shared by the selected NI

with the Bank mentioning the old and new location address, date of decommissioning

at the old location and date of commissioning of links at the new location, etc. All the

relevant databases must be updated after the successful shifting.

53. As a part of link capacity planning and management, the selected NI shall

be responsible to monitor utilization of links (deployed across the Bank’s network) and,

if required, shall identify the bandwidth by which the link shall have to be upgraded, based

on a scientific study conducted by the selected NI(to be shared with the Bank along with

recommendation), to keep the link utilization under normal level. The selected NI shall

have to assess the feasibility of link up-gradation based on the device resources on which

the upgraded link shall have to be terminated 154pproxe recommending the up-

gradation to the Bank. The up gradation of the link by coordinating with the TSPs shall be

the responsibility of the selected NI. This exercise needs to be carried out on a proactive

basis.

54. The selected NI should employ an appropriate Solution to maintain the entire link lifecycle

which includes but not limited to the feasibility study, issuing PO, live link, bandwidth

detail, circuit id, bandwidth up-gradation and degradation, termination of link with a

proper workflow and dashboards.

55. The Bank regularly carries out up-gradation of the link bandwidth at branches and other

offices of the Bank as a part of network capacity planning on the recommendations of the

NI. The selected NI shall be responsible for the above-mentioned task. For the same, the

NI will need to carry out the installation of all necessary hardware and tools (that may be

at layer 1 of OSI reference model) including modems at branch and exchange end, the

configuration of routers, redeployment of the change in the NOC and coordination in

configuration changes at TSPs end (NOC level and Point of Presence), and project manage

the same. NI will be responsible for managing and monitoring all current and future

communication links regardless of the TSP and communication technology.

56. The selected NI is required to carry out bandwidth assessment, keeping in view the traffic

patterns and application deployment including bandwidth assessment for new application

and recommend bandwidth up-gradation accordingly. The selected NI shall have to

ensure technical feasibility before issuing such recommendations. If the bandwidth must

be increased and the current hardware/setup is not having the capability, the selected NI

shall have to provide the best technical Solution (including financial aspect) for addressing

the same.


&



57. The bandwidth utilization per application per user has to be properly assessed which can

be used to scale up the application in branches.

58. Change of link/telecom service providers, as and when required by the Bank, at any / all

locations including Foreign Offices. The selected NI is required to coordinate with the

existing and new service providers and carry out necessary configuration changes (at no

extra cost to the Bank) for ensuring smooth, seamless, and timely migration. All such

requirements shall be discussed with the selected NI so that a proper Scope of Work may

be prepared while procuring such services by the Bank. In case of any dispute regarding

the role/scope of the selected NI and the System Integrators (SI), the bank’s decision shall

be final and binding to the selected NI.

59. The selected NI shall also be responsible for the migration of all existing VSAT locations

to Wired/RF/WiMAX connectivity or any other last-mile technology including 4G/5G

links/networks or any upcoming technology as advised by the Bank.

60. A proper POC and security review should be conducted for new technologies being

introduced from time to time by the Bank in coordination with the TSP / ISP. This is also

applicable for introducing new technology/devices/service providers or solutions as

required by the Bank.

61. The selected NI shall have to prepare a Disaster Recovery Plan (for the network including

links, equipment) that shall specify at least the following: a step-by-step procedure for

moving to an alternate site, rollback, RTO/RPO, MTTR, dependencies, etc. The

document should update periodically and put up to the Bank for approvals.

62. A dashboard to be developed/prepared or incorporate in existing dashboard the following

details with drill down up to RBO and Branch level with provision for export to

spreadsheets:

62.1 Summary of available links details with Bank level, Circle, Network, AO and RBO

level drill down for all the following three categories

62.2 Summary of links service provider wise breakup

62.3 Summary of links with bandwidth categorization like below 2 Mbps, above 2 Mbps

and 2 Mbps

62.4 Summary of links with last mile break up like fiber, copper, RF, 4G, etc.


&



63. Detailed links wise dashboard for branches on a portal. A branch code or branch name as

an input parameter and the detailed history of the incidents should be visible on the portal.

Like details of the links primary and secondary links, service provider, bandwidth, etc and

the details like how many times the links were down and when it came up with detailed

report provision for export to spreadsheets.

64. The dashboards should also be made available on Mobile/Tab with a proper App. Asstated

above.

65. The downtime reports should be made available on the above dashboards and Mobile/Tab

apps with following details:

65.1 The downtime dashboards should be drill down from Bank level, Circle level,

Network level, AO level, and RBO level.

65.2 The downtime dashboards for history also should be available for yearly, monthly,

quarterly, and half-yearly reports for bank-level to Circle and RBO level drill

down.

66. Following QOS shall be configured by the selected NI:

Sr.

No.

Type of Application Allocation of

bandwidth

1 Core-Data: Critical applications like CBS, ATM,

INB, etc.

60 %

2 Intranet-Apps: SBI Times, AD, AV, NAC, etc. 15 %

3 Infra-support: Management and monitoring of the

devices, etc.

15 %

4 Default Class/ Default category/Video Remaining

Note: The QoS is to be implemented in such a manner that if there is no lower-class

traffic, then the higher class traffic should be able to use the available bandwidth. It

should be reviewed once in a calendar year. This is only illustrative, and the Bank shall

advise suitably to the selected NI from time-to-time during the entire contract period.

The selected NI will be responsible to make the required configurations without any extra

cost to the Bank.

Section E: Device Management

67. The selected NI shall have to design the nomenclature for naming the network

devices so that each device can be identified uniquely.

68. The selected NI shall have to create and manage the database of all network devices

that comes under the purview of the Networking & Communication department (and

hence to be managed by the selected NI). This database should have information such

as device name, device type, device model, serial number, device interface type,

free/occupied, the current version of the device OS and firmware, branch/office address

where the device has been deployed, etc. It is to be noted that once a record/information


&



is created/inserted into the database, the same should never be deleted. This database may

be linked to the Links DB and Branch DB (explained elsewhere in this document).

69. The selected NI shall have to ensure that all security advisories are tracked and

implemented after obtaining the written approval from the Bank. Besides, the

selected NI shall also keep track of all the security patches released by the OEMs of the

devices that are being used in the Bank’s network and accordingly patch/upgrade the

device OS and/or the device firmware (as the case may be). However,

the patches/upgrades shall have to be tested first before applying the same on

production devices. For all other updates/patches/upgrades released by the OEM, the

selected NI shall keep track of the same and must record whether or not the

updates/patches/upgrades were applied on the relevant devices. If the action was taken by

the selected NI, the approval from the Bank and the date on which the action was executed

by the selected NI must be recorded. If no action was taken by the selected NI, the reason

for the same and the Bank’s approval for the same should be maintained so that the same

may be produced to the Bank, whenever required.

70. The selected NI shall have to ensure that a device must be hardened as per the

configuration document provided by the Bank’s security/ risk department before

deploying the device in the production environment. Whenever a new configuration

document is released by the Bank, the selected NI shall have to apply the same on all the

devices including the devices that were hardened previously using the previous version of

the Bank’s document.

71. The selected NI is responsible for configuration and Secure Configuration Document

(SCD) implementation of devices with a TAT of T+2. NI is also responsible to check

the impact of such configuration and promptly advise the Bank.

72. The remote access management must be performed by the selected NI only using secure

channels such as SSH version 2 and above.

73. The access to the devices must only be provided after successful authentication of the

user and the user must be permitted to execute commands as per his/her authorization

level. All the activities of the user must be recorded and must be reviewed by the selected

NI and report to the Bank in case any abnormality is observed by them. It must be noted

that the administrative access of devices should not be through a generic user ID.

74. The selected NI shall have to ensure that all devices (network and systems) under the

purview of the NW&C department and that are being managed by them are integrated

with the Bank’s Time server (NTP based Solution).


&



75. The selected NI shall have to ensure that all devices under the purview of the NW&C

department and that are being managed by them are integrated with the Bank’s IT

Assets Management System (ITAM Solution).

76. The selected NI shall have to ensure the physical security of all the network

devices being managed by them.

77. The Bank and/or its appointed Auditors shall have the right to audit/review the

selected NI’s entire infrastructure and may also seek relevant documents that may

help the auditors to carry out the auditing in an effective and meaningful way. The Bank

shall, however, provide at least 7 days prior notice to the selected NI so that necessary

arrangements shall be made by them. The cost of transportation, boarding, and lodging

shall be borne by the Bank for the Bank’s appointed team of auditors and shall bear

no other cost related to auditing.

78. The selected NI shall prepare and maintain an updated Escalation Matrix right from

the first level to topmost official (CEO/ Chairman/ Global Head, etc.). The selected NI

shall provide this document to the concerned officials in the Bank.

79. As a part of device capacity planning and management, the selected NI shall

be responsible to monitor utilization of resources (such as RAM, hard disk space,

etc.) of network devices and Solution/application hardware components (deployed

across the Bank’s network and under the purview of NW&C department) and, if required,

the selected NI shall identify the hardware components that need to be upgraded to keep

the resource utilization under normal level. The selected NI shall recommend the

requirement for carrying out the up-gradation and shall have to implement the same.

This exercise needs to be carried out on a proactive basis (and not on a reactive basis).

80. The selected NI must complete the process of deployment of new devices/links and un-

deployment of decommissioned devices and links with a TAT of T+3 days.

81. The selected NI shall be responsible for the verification of the Bill of Material (BoM)

and Bill of Quantity (BoQ) for any procurement done by the Networking &

Communication dept. during the tenure of the contract.

82. The selected NI shall have to submit periodic reports at half-yearly intervals (i.e. 30th April

and 31st October) containing at least the following information:

82.1 Network devices including switch, modem, routers which are under warranty

82.2 Network devices which are not under warranty


&



82.3 Network devices which are under “End of service/ End of Life” category

82.4 Network devices which are under “End of sale” category

82.5 Interim arrangement for supporting network device which will be nearing the end

of life or that have already reached the end of life but still in use on the Bank’s

network, as the replacement may take time longer than EoL date.

83. The selected NI shall be responsible for the replacement of devices with a new device

across all the branches and offices of the Bank without any additional cost to the Bank.

Reasons for replacement shall include existing devices reaching the end of life/Software

support, faulty devices, etc.

84. Bank procures various devices that are required to be sent to its destinations. In the interim,

the Bank has to keep those devices in a warehouse in Mumbai. Such an arrangement has

to be made by the selected NI to keep the devices under proper conditions. The selected

NI will provide details of the devices kept in the warehouse at regular intervals to the

Bank. The Bank will visit the warehouse at irregular intervals to verify the correctness of

the stock and other things.

85. The selected NI shall be responsible to migrate network/network elements of the Bank to

Ipv6 addressing scheme for the Bank as per National Ipv6 Deployment Roadmap

Guidelines issued by Government of India/Regulatory Authority/Requirement of the Bank

from time to time. The NI must present a detailed document of the project idea along with

the utilization of these addresses. The NI will be responsible to provide inventory of

network devices that are non-Ipv6 compliant and deployed in the Bank’s network. The NI

will be responsible for the overall management of Ipv4 and Ipv6 IP addresses including

assignment, allocation, configuration, and inventory of IP addresses. Ipv6 migration shall

include migration of all network devices and networking solutions deployed in the Bank’s

Intranet and the entire responsibility for the same shall rest on the NI. Further, the

NI shall coordinate/assist the Bank in migration of all endpoints on the network to

Ipv6 following the Bank’s policy. In this regard, the NI has to compile and provide all the

reports/plans/data related to Ipv6 Migration as per the regulatory requirements.

86. The selected NI shall be responsible for integrating all the network devices with AAA

Solution procured by the Bank and the AAA Solution shall be managed as per the Bank’s

security policy.

87. The selected NI shall be responsible for taking AMC/warranty for the devices which are

being used in the network beyond the already taken AMC/warranty till the replacement of

such devices are not arranged by the Bank.

88. The selected NI shall be responsible to replace the Faulty Hardware component within the

next business day from the notification date.


&



Section F: Configuration Management

89. The selected NI shall have to perform following illustrative list of activities on

the Configuration management:

89.1 Monitor network and system configuration information so that the effects on

network operation of various versions of hardware and Software elements can be

tracked and managed

89.2 Naming conventions for network devices, starting from device name to individual

interface, should be planned and implemented as part of the configuration

standard. The naming convention for devices may use geographical location,

building name, floor, and so forth. For the interface naming convention, it can

include the segment to which a port is connected, the name of connecting hub, and

so forth.

89.3 While adding new configuration commands on existing network devices, the same

must be verified for integrity before actual implementation takes place. An

improperly configured network device can have a disastrous effect on network

connectivity and performance. Configuration command parameters must be

checked to avoid mismatches or incompatibility issues. While making

configuration changes on critical devices the changes shall be tested or simulated

before the changes are made.

89.4 Backing up configuration files on a separate server automatically each time

configuration changes are made.

89.5 Restoration of the configuration file.

89.6 Maintaining change audit log to track changes and the username/user-ids (along

with the timestamps) of individuals issuing changes. This audit log should be

maintained for some time as specified in the Bank’s IS policy  

89.7 Provide a dynamic listing of devices found in the network as part of inventory

management. Discovery engines such as those implemented in network

management platforms should be utilized.

89.8 Schedule and automate Software upgrades after business hours on a day and

time specified by the Bank to have no/minimal business impact.

89.9 The patches once released by its OEM as per the severity/criticality under four

categories namely critical, high, medium, and low. The patches under the category

must be implemented in the respective devices within the mentioned time period

as under:

Implementation timelines

Critical: within 48 hours

High: within 72 hours

Medium: within 7 days

Low: within 30 days


&



89.10 For every change request, there should be a maker and checker of the

configuration from the selected NI’s team. All changes must be documented and

signed by the selected NI official confirming that not only the configuration is done

on a device are correct and complete but also that the testing of the configuration

has also been performed.

89.11 The Change Request shall not be closed until confirmation for acceptance is

obtained from the Application Owner (originator of the Change Request). It may

be noted that the Firewall Rule Implementation is one kind of Change Request.

90. The selected NI shall be responsible for the implementation and management of network

configuration management tools.

91. The selected NI shall provide documentation related to every activity of the NOC

operations. (as per the scope of work) like network design/expansion, equipment

configuration, layout plan, and any changes made to, or deviations from design,

configuration, baseline configuration, etc.

92. The selected NI should maintain relevant updated SOPs for all the activities performed at

the NOC. NI is also responsible for maintaining and updating network diagrams (HLD

and LLD) of the Bank.

93. The selected NI shall be responsible for the translation of configuration information

extracted from one device to a form that can be applied on a similar device but from a

different OEM. For example, if a Cisco L3-Switch needs to be replaced by a Juniper L3-

Switch, it shall be the responsibility of the selected NI to convert the Cisco Switch

configuration into Juniper Switch configuration. This shall apply to other categories of

devices also including, but not limited to firewalls, routers, L3 switches, IDS/IPS, etc.

94. The selected NI shall be responsible for maintaining, validating, and managing all

the IP addresses already allocated and those that shall be allocated during the

period of contract. The IP Addresses must be managed by using specialized

Software tools meant for IP address management (IPAM) which will form part of

NOC tools. The IP addresses shall include private and public IP addresses. The NI

shall be responsible for the allocation of LAN, WAN, management IP addresses, etc.

The NI shall have to keep a record of each IP address allocated to various servers

and network devices along with the purpose of the IP address (management IP, data

IP), date of allocation, requestor details, department, and application name. The details

of any IP address should be readily available for reference as and when required. It

shall be the responsibility of the selected NI to reclaim the IP addresses of discontinued

applications and the same should be reflected in the IPAM tool. The tool should have

the facility to extend its accessibility to other users to get the details of a particular IP

or set of Ips addresses allocated to the user/application with its location and ownership.


&



95. The selected NI should provide the following illustrative list of services related to IP

address management:

95.1 Planning, tracking, and managing Internet Protocol (v4 and v6) address space used

in the Bank’s network

95.2 Provide centralized inventory reporting showing which device is assigned to which

IP address within the network at any time. This centralized inventory should provide

quick search capabilities for finding following information (including but not limited

to) for any given IP address:

a) IP Address

b) Last Alive Time

c) Status (Used / Unused)

d) Location Name

e) Mac Address

f) Device Type

g) Device Name

h) Port Number

95.3 The NI shall investigate thoroughly the cases on IP address conflicts and identify

the machine/user who had used the IP address under reference that resulted in IP conflict

issues. The generation of IP conflict issues especially in a server segment is of grave

concern and the NI shall have to put in place a suitable mechanism for the detection and

resolution of the IP conflict issue.

96. The selected NI shall be responsible for ensuring compliance with all the security

policies shared by the Bank with them. The NI shall have to provide to the Bank,

Compliance certificate periodically.

97. The selected NI shall configure the devices to ensure data Confidentiality ©, Integrity

(I), and Availability (A) of the data to the clients/end-users/servers/devices. The selected

NI shall be responsible for implementing an L2 extension between two locations,

whenever it is required to be implemented by the Bank, ensuring the CIA.

98. The selected NI shall have to streamline the change management processes that are to

be followed before making any change to the state of the network. The SOP to be prepared

by the NI must capture step-by-step all aspects of the change management processes. It

should be noted that there must be a provision for making changes in emergencies and

priority to be given to critical changes.

99. The selected NI shall be responsible to enable/configure network device security

features (including MAC binding, port mapping, etc.) following the Bank’s Access

control policies.


&



100. For all the new configurations or configuration update related activities (that may

require downtime or not) on the network devices must be carried out during the time

window specified by the Bank with the object of having no / minimal business impact.

101. The selected NI has to provide a centralized tool from where configuration to

device/devices can be done. The tool should have:

101.1 Capability to track the devices where the configuration is not applied and provision

to provide reports.

101.2 Capability to do incremental configuration in network device/ devices.

101.3 Capability to track all the changes done by the user with details.

101.4 Functionality to save the previous configuration of devices.

101.5 Functionality to take a scheduled or periodic backup of devices and display the

report of success.

101.6 Feature to compare the current and backup configuration of device/ devices.

102. Device/ devices configuration from tool should happen over secure protocols meeting

Bank’s security policy.

103. The selected NI must provide inputs on the audit report recommendations of various Audit

reports, like IS Audit, SSAE16, Network Security Review audit, Management Audit, and

any other Regulatory audit, etc. NI should also implement the audit report

recommendations on the instruction of the Bank in prescribed Turnaround Time (TAT).

104. The selected NI will work closely with the Bank’s security team/department/agency for

finalizing the network design or any other work-related to Bank’s LAN & WAN. The

selected NI will have to co-ordinate with the Bank’s security Team for secure management

of the network. All the security processes should comply with SBI’s current security

policy.

105. The selected NI is also responsible for cabling in the Bank’s Data Centres, branches, and

offices. During the cabling, NI has to coordinate with different team members/departments

as and when required.

106. The selected NI shall take over all the firewalls and other network devices deployed in the

Bank’s network (including foreign offices).

107. The selected NI shall be responsible for the provisioning of a dedicated team in the NOC

that shall be implementing the firewall rules within T+2 days from the time the team

receives the approved rules for implementation. The team should be divided into two sub-


&



teams so that one team shall implement and the other team reviews the implemented rules.

Any troubleshooting involved concerning the implemented rules, this dedicated team shall

be involved. Detailed discussions shall be held with the selected NI.

108. The selected NI shall be responsible for carrying out network revamp activity at all foreign

offices hub locations as and when directed by the Bank.

109. The selected NI shall be responsible for the migration of foreign office network to Hub-

and-Spoke network architecture as and when required by the Bank.

Section G: Fault Management

110. The selected NI shall have to ensure the implementation of the below-mentioned flow of

fault management activity:

110.1 Collect messages from network components;

110.2 Generate alarms by filtering the messages;

110.3 Diagnose the faults that caused the messages by correlating the alarms;

110.4 Determine a plan for correction of faults;

110.5 Correct the fault; and

110.6 Verify that the network problem is eliminated.

111. The selected NI shall manage the spares parts and stock at strategic locations identified

/Regional Business Office / District Sales Hub /Financial Inclusion and Micro-

Marketing Centers. This arrangement shall be a stop-gap arrangement until the Return

Merchandise Authorisation (RMA) is received and installed. The purpose of this is to

ensure that the functioning of a branch/office is least affected on account of a device

failure by replacing the faulty device on the same business day (maximum next

business day) as per the details mentioned in the SLA. It may be noted that the selected

NI shall be responsible for the transportation of spare equipment/parts from the

strategic location to the impacted branch/ office (including all permissions, insurance,

etc.) at no extra cost to the Bank.

112. The selected NI should be able to analyze the problems identified in the network,

perform a root cause analysis for the problem, and troubleshoot the network issue. The

selected NI shall also analyze whether the application slowness is on account of

abnormality in the network parameters (High Latency, Bandwidth utilization,

CPU utilization of Network devices). If the issue is found to be on account of the

network issue, the NI shall take all necessary measures to resolve

the inaccessibility/slowness issue immediately.


&



113. It shall be the responsibility of the selected NI to ensure that same or similar issues do

not occur repeatedly. This shall have to be achieved by conducting proper root cause

analysis and identification of preventive measures and its execution. Additionally, the

selected NI shall have to build a central knowledge base containing the incident and

corresponding Solution in detail which should be accessible to the respective user

group

114. The selected NI shall be responsible for the customization of the dashboard tool to have

features that may grow or shrink over time during the currency of the contract. No

additional cost shall be payable to the NI for such changes.

115. The selected NI should provide reports of incidents and its recurrences in the past. The

selected NI should correlate the incidents and take proactive measures to prevent

recurrences of incidents. The selected NI should use AI and ML to analyze the faults and

incidents.

116. The selected NI is responsible for SMS and email notification of incidents as per the

escalation matrix provided by the Bank.

117. The selected NI shall submit incident closure report for all the Incidents. Major incidents

shall include any issue reported at Data Centres, Corporate Centre Offices, Critical

Branches/Offices, or cluster of branches within one hour of the closure of the incident.

118. The selected NI is responsible for submitting detailed RCA of the incident within 72 hours

after the incident resolution

119. The selected NI should conduct a monthly meeting with the Bank’s designated team in the

first week of every month.

120. Knowledgebase should be created for each incident, along with RCA. The knowledgebase

shall be updated with the details of the incident within a week of final RCA submission.

Section H: Performance Management

121. The selected NI shall be responsible for improving the reliability and availability of assets

while minimizing risk and operating costs including but not limited to condition

monitoring, predictive maintenance, asset integrity management, reliability-centered

maintenance using technologies such as asset health data collection, visualization, and

analysis.


&



122. Performance Optimization Assessment Report: The selected NI shall be responsible to

identify and document areas where the existing/prevailing network management processes

can be optimized in terms of performance and efficiency of the network and execution of

network-related operations. This exercise shall be carried out at least once every 6 months

in a given calendar year (report should be submitted by June & December). Based on the

approval of the Bank, the NI shall be obliged to optimize the network management

processes as per the Bank’s recommendations.

123. The selected NI shall be responsible for the provisioning of interfaces/hardware/Software

components to meet the objective of the Bank as described in this document at no


124. The NI shall be responsible for integrating with the Bank’s SIEM Solution, provide any

additional logs that the Bank may wish to monitor, at no additional cost to the Bank. NI

shall be responsible for timely compliance of all Device-level audits (DLA), Vulnerability

Assessment (VA) audit observations, Penetration testing observations, CERT alerts, and

SOC alerts, etc.

125. The selected NI shall have to track problems in the Bank’s network that may be hindering

the performance of a set of applications or end-user efficiency and shall

also recommend practically feasible Solutions to reduce/eliminate the same.

126. The selected NI shall have to establish the basis for system/network expansion, by

determining the present status of the network and provide suggestions/recommendations.

However, even if the Bank does/does not consider and/or implement any or all of NI’s

suggestions/recommendations, the NI shall not be released from any of its contractual

obligations under this RFP.

127. Network device performance metrics provide information about the system resources on

each device. These metrics should be critically analyzed by the selected NI to ascertain

whether a resource overuse problem is a central cause for a reduction in performance. The

selected NI shall have to specify a clear recommendation of replacing/augmenting the

capacity of the device in question and how the same may be achieved. The responsibility

shall lie on the NI till the recommendations are not closed or the problem is not fixed. If

there are feasible solutions that may be exercised until the time the issue is closed, the

selected NI shall have to implement the same.

128. The selected NI shall provide a way for the end-user to view the link performance at any

given point of time and ascertain the UP and Down status of the links. In case the link is

Down, the end-user should also be in a position to know the current status of the action

taken by the NI and there should be an explicit mention of the reason for the link going

down and ETR (Estimated time to Restore).


&



129. The NI is expected to improve the operations on an ongoing basis. The NI is expected to

provide a quarterly report of the new improvements suggested, action plans, and the status

of these improvements to the Bank. Implementation area could include process changes/

training resulting in efficiency/ SLA improvement etc.

Section I: Business Continuity & Disaster Recovery

130. The selected NI shall be responsible for creating Business Continuity Plan (BCP) and

Disaster Recovery Plan (DRP) documents considering several scenarios. For example,

unavailability of one DC at a time considering all DCs of the Bank (i.e. all DCs are up

except DC1, all DCs are up and running except DC2 and so forth), unavailability of one

or more segments (i.e. Intranet, Extranet, Internet, Replication, etc.). The NI shall be

responsible for the review and updation of the BCP and DRP as per the Bank’s

Policy regularly.

131. The selected NI shall design and maintain identical network logical architecture in all the

Data Centre to the extent possible.

132. The selected NI shall have to identify issues in the DR sites of respective applications if

there may be any challenge during Integrated Business Continuity Exercise (IBCE). The

NI is expected to do this exercise proactively without waiting for the declaration of IBCE.

On identification of the issue/limitation/challenge, the selected NI shall have to

recommend options for the Bank using which the issue may be resolved. On receiving the

approval from the Bank on the best option (with amendments, if any), it shall be the

responsibility of the NI to implement the same. NI quality control team will oversee the

DR Drills and submit a comprehensive report to the Bank thereafter.

133. After the completion of the IBCE, the NI shall submit a report to the Bank within a week,

detailing the issues that were reported by the application teams and resolution thereof by

the NOC team. Report shall also contain preventive measures taken for non-recurrence.

134. The selected NI shall be responsible for carrying out testing of redundancy built at device

and link-level at regular intervals covering all the setups deployed in the network. The test

report shall also be submitted to the Bank. However, the NI shall provide a detailed plan

for failover testing indicating how the same shall be carried out by the NI and the measures

taken by NI to ensure no negative impact on the normal functioning of the Bank is

observed. Only after the prior approval of the Bank, the NI shall carryout out the testing.

135. The selected NI shall be responsible for testing of Primary as well as backup link in terms

of availability and reliability. NI must also conduct monthly functional testing on these

links. Also, NI must conduct failover testing for network elements every quarter.


&



Section J: Training – Bank’s Technical & Non-technical Staff

136. The selected NI shall be responsible for the preparation and distribution of basic

troubleshooting guide as well as basic training to the Bank’s staff with the technical

and non-technical background that shall serve at least two main purposes: (a) enable

the Bank’s staff to carry out the troubleshooting by themselves and need not escalate

every issue with the NI, and (b) facilitate the Bank’s staff to escalate the issue to the right

team with relevant information so that the issue may be addressed quickly. The basic

training exercise shall be carried out at least twice in a given Calendar year. The

selected NI shall have to maintain a gap at least 3 months between 2 successive trainings.

137. The selected NI shall provide advanced training to the Bank’s employees to enable them

to manage the network independently, considering the following points

137.1 The training should be given in batches each comprising maximum of 20

officials. The number of batches will depend upon the requirement as desired by

the Bank.

137.2 The training shall have to be provided by professional trainers with hands-on

experience for 3 years:

137.3 The training shall be specific to the setup established for the Bank by the NI.

137.4 The training shall be provided in the presence of L3 engineers of the NI who are

actively involved in the monitoring of the network and implementation of the

Bank’s NOC. The Bank may or may not relax this requirement either on a

temporary or permanent basis.

137.5 The Bank shall interview the trainers and may accept and reject the proposed

trainers.

137.6 The contents that shall be covered by the trainers shall have to be provided to the

Bank’s designated team at least one week in advance

137.7 The reading material shall have to be prepared/compiled by the trainers as

reference material for the Bank’s team so that the same may be referred at any

given point of time, if necessary. It is to be noted that the trainers shall use the

same material for providing the training.

137.8 The entire plan of training the Bank’s in-house team to meet the Bank’s

expectation shall have to be shared with the Bank before commencing the

training.

137.9 The scope of the training shall be all the aspects covered in this RFP (i.e. the Bank’s

network and applications/solutions management) which according to the Bank are

critical.


&



Section K: Solutions Management

138. Broadly, the selected NI shall be responsible for design/implementation/management and

day to day operation of the following categories of Solutions:

138.1 Category–1 – Management of following existing applications/Solutions:

a) Network Access Control (NAC) by HPE/Aruba

b) Centralized Proxy Solution by Symantec

c) Domain Name System (DNS) by F5

d) Network Security Policy Management (NSPM) by Algosec

e) Time Servers (Network Time Protocol) by Spectrum

f) VPN Solution by Palo Alto

g) Centralized Video conferencing by Polycom

Note: The above list of applications/Solutions represents major Solutions that are

worth mentioning. There may be few more applications that are still under the

control of the NW&C department that the selected NI shall have to manage for the

entire duration of the contract.

138.2 Category–2 – New Solutions to be procured during the tenure of the NI

contract: The selected NI shall be responsible for providing Consultancy for drafting

Technical Scope of Work, Technical and Functional Specifications, Bill of Quantity

(BOQ)/Bill Of Material (BOM) and Service Level Agreement (SLA), wherever

desired by the Bank and will also be responsible for Management of the Solution. The

selected NI will be paid a consultancy fee and management fee for each such

requirement as detailed in Appendix-F. Requirements for additional resources, if any,

will be mutually discussed and arrived at. The cost of such additional resources will

be paid as per the rates discovered through this RFP.

Note: The Scope of Work finalized by the selected NI may be modified by the Bank and

the Bank’s decision in this regard shall be final and binding on the selected NI.

138.3 Category 3 – New Solutions as part of this RFP: Design, supply, and

implementation and management of the below mentioned Solutions as part of this RFP:

a) Set of Network Management and Monitoring tools

b) Log Management Solution (LMS)

c) Network Performance Monitoring & Diagnostics (NPMD)

139. The selected NI shall have to manage the existing Solutions as per the Scope and SLA

provided under Appendix-E and J respectively. The management of such existing

applications shall be taken over completely by the selected NI within 60 days from

the date of issuance of PO/LoI for the respective Solution. The selected NI shall also

have to identify any technical feature that has not been implemented but is required by the

Bank. All such identified features shall then be implemented by the selected NI in

consultation with the respective Sis. The selected NI shall also be responsible for

providing a dedicated team for the management of such Solutions. Additionally, the

migration of such applications to Ipv6 shall also be the responsibility of the selected NI

140. A dedicated support team for each Solution shall be available for 24/7 *365 days support.


&



141. Dedicated program managers shall be provided by the selected NI to oversee and manage

the solutions deployed in the bank.

142. For category-2 applications/Solutions (as mentioned above), the selected NI shall be

responsible for carrying out the below-mentioned activities

142.1 To conduct Proof-of-Concept (PoC), wherever required by the Bank.

142.2 Responding to the queries raised by the bidders regarding SoW and Tech Specs.

The cost payable for this activity has been provided as under:

Description Cost Payable

Consultancy fees upon acceptance

of the proposal of NI by the Bank

after the discovery of rates.

1% of the TCO discovered for the new solution, subject to

a maximum of Rs. 5,00,000/-.

In case of consultancy work is undertaken by the selected

NI as per the Bank’s requirement and completed as per

Scope provided by the Bank, the Bank shall pay a fixed

cost of Rs. 1,00,000/- to the selected NI, even though the

TCO could not be finalized due to any reason, irrespective

of the number of attempts in completing the RFP.

Management fees upon acceptance

of the proposal of NI by the Bank.

3% of the TCO discovered for the new solution. The

payment shall be made on a pro-rata basis, for the

remaining contract period of NI RFP.

Additional Resources As per rate discovered under this RFP, on an actual basis.

142.3 Technical evaluation and compliance of the RFP requirements by the bidders.

142.4 After the delivery of the hardware and Software components, verification of the

BoM and BoQ as per the commitment made by the selected bidder in its technical

bids.

142.5 Implementation of the Solution with the involvement of the selected bidder and the

OEM of the Solution as specified in the SoW of the respective RFP

142.6 To facilitate security review of the implemented Solution. The review is generally

conducted by the Bank’s security department/agencies

142.7 Timely closure of security observations

142.8 Commissioning of the Solution

142.9 Management of the new Solution as explained in this document during the

remaining duration of the NI contract.


&



143. For category-3 applications/Solutions (as specified above), it shall be the responsibility

of the selected NI to design, supply, deliver, build/implement, commission, and manage

the Solution. All components of the Solution including third party OEM shall have to be

managed by the selected NI only. Additionally, the migration of such applications to Ipv6

shall also be the responsibility of the selected NI at any stage during the currency of the

contract period.

The Solution shall be deemed commissioned when all the below mentioned conditions

are met:

i. All DC components of the Solution are integrated among themselves and with

the intended external Solutions of the Bank.

ii. Issuance of security clearance certificate/confirmation from the Bank’s

Security team/consultants/departments.

iii. Issuance of completion certificate by the selected NI for every

Technical/Functional requirement.

iv. Issuance of compliance certificate from the Bank (this shall be issued by the

Bank after demonstration of the compliance of each Technical/Functional

requirement by the selected NI to the satisfaction of the Bank).

144. The selected NI shall ensure that each Solution shall be implemented by directly involving

the technical team of experts from the OEM in consultation with the Bank. The Bidder, at

the time of online submission of bid documents, shall be required to submit a

confirmation/undertaking in this regard on the OEM’s letterhead.

145. The Bidder to involve at least one onsite L3 resource (from Professional Services) having

necessary certifications from the OEM and having adequate experience in implementation

of a given Solution and who is/are on the payroll of the OEM for designing, installing and

commissioning of the Solution onsite (for central components).

146. While implementing the Solutions, the selected NI shall use open standard

protocols/technologies to the extent possible. In case there exists a feature that can be

implemented either using the availab“e “open-standard proto”ol” or using“a “proprietary

proto”ol”, the selected NI shall have to use the open-standard protocol. However, if for

some technical reasons the use of the open standard is not preferred / feasible by the

selected NI, the reason for the same needs to be documented and submitted to the Bank

on their letterhead.

147. The NI shall also be responsible for the integration of solutions being managed by other

departments of the Bank with the Bank’s network and shall perform all tasks jointly till

the commissioning of the Solution. As such the NI shall be responsible for the analysis

and troubleshooting of the solutions from network reachability and performance

perspective.

148. The selected NI shall have to make available an engineer on the site, if warranted, from

the pool of resources mentioned at Appendix-Q. The travelling and boarding cost will be


&



borne by the Bank on actual basis, which should not be more than the eligibility of Bank’s

MMGS-III officials.

149. It shall be the responsibility of the selected NI to liaison with

all the concerned stakeholders including telecom/Internet service providers, application

vendor(s), and network device/Software vendor with the sole intent of resolving the

issue or expediting any task/project rollout. The NI shall also extend all technical and

other support as per the directions issued by the Bank.

150. The NI shall be responsible for escalating unresolved problems/issues to higher

authorities/engineers and get it rectified within the stipulated period and ensure uptime as

defined in this bid document. The NI shall have to provide the call escalation matrix to

every location. The same shall have to be made visible in prominent areas within an

office/branch.

151. The selected NI shall have to provide field engineers at any of the Bank’s

branches/offices/location, in India or abroad, for carrying out a physical inspection at and

for facilitating hands-and-feet support for remote teams located elsewhere at any time/day

approved by the Bank (including holidays). The same engineer may require visiting the

site multiple times until the closure of the issue. At foreign offices, the NI shall have to

take the consent from the concerned Bank official in the respective foreign offices before

designating a person so identified by the selected NI for the job. The engineer so selected

should speak English and the local language fluently and should also have basic

networking knowledge so that intended support may be extended by him/her for

accomplishing the task. No additional cost shall be payable by the Bank for the above-

stated task. It is to be noted that the Bank official at foreign offices may help in providing

necessary permissions for entrance and exit and nothing other than this should be assumed

by the selected NI. However, wherever possible, the Bank’s technical staff at the site under

reference shall provide all technical support to the extent possible.

152. The selected NI shall be responsible for the provisioning of the technical staff and the

helpdesk to provide the required support on a 24x7x365 basis for each solution. The onsite

team of network engineers should also be made available at prominent locations including

NOC(s), at all LHOs, DCs of the Bank, GITC (Global IT Center located in CBD Belapur,

Navi Mumbai), SBB (State Bank Bhavan at Nariman Point, Mumbai), etc.

153. The selected NI shall be responsible to attend any issue that shall be reported by the

Bank, within the minimum time as mentioned as part of the SLA in this document. The

reporting mechanism may be anyone of the following:

153.1 Standard Ticketing tool

153.2 SMS


&



153.3 Telephone/Mobile call

153.4 E-mail

Note: Except for the first option, for the rest of the options, the selected NI shall implement

a process wherein the complaint/issue reported shall be reflected in the ticketing tool and

the corresponding complaint number may be issued to the requestor. This way the

ticketing tool shall contain all the issues reported regardless of the channel used to register

the same.

154. For all modes of escalations (as described above), the selected NI must maintain track of

reporting time, resolution time, and sequence of events up to resolution

time. The NI shall be responsible to update the progress/status to the designated officials

of the Bank, on a regular basis, till the time the incident/issue gets resolved.

155. The selected NI Team will be responsible to maintain the records of the issue reported and

their resolution as a reference in the future along with the closure of any incident in a

timely manner. The root cause analysis (RCA) report also must be submitted to the Bank

in case of any incident or issue and the same shall be maintained by the selected NI

156. The servers/applications Patch or upgrade along with the upgrade of all the components

of Solution shall be taken care by the selected NI as per the bank’s guideline. DR drill or

production movement from one DC to another DC will be performed by the selected NI

for all the Solutions under the Bank’s guideline and policy.

157. The selected NI shall be responsible to report to the Bank at least 12 months prior to the

set of devices going End of Life (EoL)/End of Software Support (EoSS). At the same time

the NI shall have to design the device replacement plan in addition to the sharing of

technical specifications of the devices required and the Scope of Work (SoW) for the

prospective Systems Integrator (SI). It has to be ensured that no equipment in the Bank’s

network shall be EoL/EoSS at any given point of time. However, for the devices that have

already reached EoL/EoSS before the selected NI taking the charge, the NI shall have to

only design and plan the replacement strategy. In either case, the selected NI shall be

involved in planning the replacement and also implementation of the replacement plan.

158. The selected NI shall provide a way for the end-user to view the link performance at any

given point of time and ascertain the Up and Down status of the links. In case the link is

Down, the end-user should also be in a position to know the current status of the action

taken by the NI and there should be an explicit mention of the reason for the link going

down and ETR (Estimated time to Restore).

159. The selected NI shall be responsible to migrate network/network elements of the Bank to

Ipv6 addressing scheme for the Bank as per National Ipv6 Deployment Roadmap

Guidelines issued by Government of India/Regulatory Authority/Requirement of the Bank


&



from time to time. The NI must present detailed document of the project idea along with

the utilization of these addresses. The NI will be responsible to provide inventory of

network devices which are non Ipv6 compliant and deployed in the Bank’s network. The

NI will be responsible for the overall management of Ipv4 and Ipv6 IP addresses including

assignment, allocation, configuration, and inventory of IP addresses. Ipv6 migration shall

include migration of all network devices and networking Solutions deployed in the Bank’s

Intranet and the entire responsibility for the same shall rest on the NI. Further, the

NI shall coordinate/assist the Bank in migration of all end points on the network to Ipv6 in

accordance with the Bank’s policy. In this regard, the NI has to compile and provide all

the reports/plans/data related to Ipv6 Migration as per the regulatory requirements.

Section L – Log Management Solution (LMS)

160. The selected NI should supply, install, commission, integrate and operate the Log

Management Solution (LMS) with all required accessories hardware and software. The

equipment which will be quoted should not be in the list of End of Life/Support

declarations by the OEMs for at least 7 years from the date of issuance of LoI/PO.

161. The selected NI shall have to provide product support for active components from the

OEM and maintain the “Total Solution” for the entire contract period. If the selected NI

is not able to provide support for the said period then the NI shall upgrade the component/

sub-components with an alternative that is acceptable to the Bank at no additional cost and

without causing any performance degradation and/or project delays. An undertaking shall

have to be provided by the selected NI from the OEM on their letterhead.

162. The selected NI should bid for latest model with latest specifications as per requirements

stated in the RFP document provided at Appendix-C.

163. The selected NI should consider the Bank’s requirement, operational needs, existing

Security Portfolio, customization while implementing a robust, scalable Solution with all

industry best practices incorporated in the Solution.

164. The selected NI should be able to integrate all existing and proposed future IT

infrastructure setup including Security Solutions switches, routers, firewalls, IDS/IPS, and

existing and new Solutions that shall be under the purview of the Networking &

Communications dept. during the tenure of the contract. The selected NI should provide a

detailed Plan of action (POA) for integrating the LMS with all the above IT infrastructure

and Solutions. The POA shall include the approach, risk, benefits and downtimes (if any).

Post approval of POA, the NI shall work with the Bank’s internal/in-house IT team and

application owners to complete the integration of infrastructure and security controls.

165. The selected NI shall have to perform necessary configuration of all the

equipment/Solution, enable log generation from the devices, collection, normalize logs,


&



enhance logs with Threat Intelligence, correlate logs, create & test use cases (especially

correlation rules) customized to the Bank’s requirement

166. The selected NI should continuously improve & recommend/create new correlation rules

based on new threats and incidents.

167. The selected NI should suggest the appropriate OS/firmware for all the supplied devices;

the OS/firmware should be of N-1 version. All critical/major vulnerabilities known till the

time of implementation should be remediated for the provided version.

168. The Bank shall perform its own VAPT (Vulnerability Assessment & Penetration Testing)

& Risk Assessment (RA) on the entire Solution before going live and the NI needs to fix

all the vulnerabilities/risks highlighted in the reports.

169. All the devices to be hosted should support both Ipv4 and Ipv6.

170. The selected NI shall provide all the necessary Software licenses, implement, customize,

and train the Bank’s inhouse team.

171. The selected NI shall have to ensure that the OEM of the Solution would subsequently

provide first, second and third level of support through bug fixes, updates and upgrades.

172. The selected NI will deploy and validate all the features in the Solution including (but not

limiting to) co-relation, use cases, Threat Intelligence Integration, Dashboard setup and

Report Customization, etc.

173. The selected NI should provide the cost of procuring blocks of additional 1000 EPS so

that the same may be procured in case it is required during the duration of the contract.

174. The selected NI is expected to utilize the information presented in this RFP and submit a

proposal(s) that may include variations of hardware and Software where allowed but that

meets all requirements specified and yet will fulfil future expectations as articulated. This

includes all hardware and Software required for implementing the proposed LMS its

remote Management and Operations. However, in case the bidders require more

information than has been presented in the RFP document, the same may be raised through

pre-bid queries and the information so requested shall be discussed during the pre-bid

meeting.


&



175. The selected NI shall arrange and facilitate the audit of the Solution by the regulators

and/or by the team appointed/identified by the Bank. The Bank shall, however, inform the

selected NI well in advance.

176. The Bank’s decision to extend, renew, transfer, reduce, terminate or change scope of the

Solution would be final and cannot be challenged by the bidder under any circumstances.

The decision will be based on the past performance of the Solution Operation and

Management services meeting all the Bank’s requirements.

177. The selected NI shall have to provide full documentation of the project and shall have to

update the document as and when there is any change in the Solution implemented for the

Bank. The Bank may provide a format for documentation to the successful bidder, if

required. The said documentation should include the following but may not be limited to:

177.1 Architecture & design document including Traffic flow document between the

devices.

177.2 Infrastructure build document

177.3 IP address allocations to various components.

177.4 Project Plan with milestones, resourcing and deliverables.

177.5 Inventory list consisting hostnames, make, model, serial number

177.6 Contract number for raising RMA with OEM in case of hardware failure

177.7 Testing cases and test results documented before and after implementation.

177.8 Standard Operating Procedures

177.9 Industry Best Practiced Use cases and customization for the Bank

177.10 Vendor support details and escalation matrix

177.11 OEM support details and escalation matrix

178. The selected NI shall assign project manager and associated support personnel for this

project. The number of resources provided along with their skillsets (example L1, L2, L3

implementation or Operations) will need to be shared with the Bank as part of the final

project plan.

179. The selected NI shall furnish teaming agreement with OEM for the above scope of work

and submit the same as part of the bid. This teaming agreement should include but not

limited to the ownership of the activities, timelines and resources associated to the

activities.

180. The selected NI shall further provide the deliverables and sign off for each of the

deliverables at various stages of customization and implementation. Further, the Bidder


&



should arrange for sign-off by OEM for each of the critical stages of customization and

implementation.

181. The selected NI would ensure his personnel involved in the implementation and

management of the Solution have undergone background verification / police verification,

signed NDA’s & other HR related checks. The Bank may seek documents confirming

police verification of one or more employees of the NI at any stage of the contract. The

selected NI shall have to provide such documents to the Bank as and when required by the

Bank.

182. The OEM/OEMs should be committed to the success of the project by being involved in

implementation of the project till its completion. The selected NI shall ensure that OEM’s

should be involved in the overall implementation, support, sustenance, etc. for each of the

proposed Solution by the bidder as per the scope of work defined in RFP. The selected NI

shall ensure that the product OEM is involved in the implementation of the project till its

completion. A letter from the product OEM confirming the same must be submitted in the

technical bid.

183. The selected NI shall have to obtain from the OEM a certificate to the Bank post

implementation, confirming that the implementation of the Solution has been carried out

with best industry practices and the standards and no zero day threats or malware in the

installed device or appliance exists.




quantitative and qualitative aspects related to configuration of the Solution from

an industry leading practices perspective and in tune with regulatory guidelines.

184.2 Review of Solution architecture to assess the extent to which same will support

business requirements and review gaps/ customizations, if any.


and quality








184.7 OEM certificate Go live of respective component.


&



Section M – Network Performance Monitoring & Diagnostics (NPMD)

185. Bank’s vision is to have a “Network Performance Monitoring and Diagnostic” Solution

at The Bank’s Data centers located in Mumbai and Hyderabad and across Bank’s branches

/ offices. Vendor should supply all necessary hardware and Software for the required

Solution, along with necessary licenses. Further objective expected of Solution is to

capture data from continuous streams of network traffic, application servers, databases,

web servers, web services, ERP packages, virtual systems, cloud resources and end-user

systems (client machines) and convert those raw data into easy-to interpret charts and

tables that quantify exactly how the corporate infrastructure (including application, end-

user and network) is being used, by whom, and for what purpose.

186. It is to be noted that the prospective bidders shall have to provide the details of the Solution

vendor plus what all components are being provided by the third party vendors that are

considered by the bidder for identifying the OEM for the supply of the component and

sub-components.

187. The selected NI shall be responsible to document reports that need to be generated for

fault, performance and analysis of the network performance as per the Bank’s requirement.

188. The selected NI shall be responsible to supply necessary documents such as Installation

Guide, Administration Guide, Manuals and Data Sheet etc. The NI shall also provide the

Solution architecture document (HLD and LLD) that shall be scrutinized by the Bank’s

security departments. It shall be the responsibility of the selected NI to close all the open

observations that may be raised by the Information Security Department of the Bank.

189. The central devices will have to be installed on all Data Centres of the Bank and should

be sized as per the details mentioned in technical specifications.

190. The Data Centre devices should be in High availability across DC and DR. All central

components of the Solution should be in High Availability within the DC and also across

DC and DR.

191. All central components to be placed in DC site should have dual power supply.

192. The offered NPMD Solution should support at least the following. The detailed technical

specifications are mentioned in this RFP document. All the proposed Components for

NPMD Solution should be from single vendor. Solution should have following:


&



192.1 Solutions should have capability for network and application visibility,

monitoring, analytics, reporting, and troubleshooting.

192.2 Provides insight into the performance of all infrastructure and application

components involved in service delivery.

192.3 Supports Unified Communications & Collaboration service features including call

setup / teardown and call quality analysis.

192.4 Dashboard, Service and Traffic Monitors with contextual Session Analysis and

Packet Analysis drill downs.

192.5 Real-time proactive alerting notifies of problems before they become service

impacting, user affecting events. Customizable reporting module provides day-

today business and operational reports which can be scheduled for daily, weekly

and monthly delivery.

192.6 Scalable, enterprise-class architecture supports large scale geographically

distributed deployments in physical, virtualized, hybrid, or private cloud-based

environments with single pane of glass.

192.7 The offered NPMD Solution should be scalable, secure, robust, advanced, flexible,

easy to deploy, reliable, built in redundancy and should support distributed

architecture along with the 3rd party integrations.

193. Supply, installation, Implementation, Operations and Maintenance of Network

Performance Monitoring and Diagnostic Solution at the Bank’s Data Centers located in

Mumbai and Hyderabad and across Bank’s branches / offices.

194. Solution tools include the ability to combine data from disparate monitoring silos and

correlate them through log files, hardware statistics and network usage reports collected

through both synthetic and real methods, and provide advanced analytics/AI/ML features

to improve end user experience for the services provided by the Bank’s IT.

195. The information is to be displayed in a dashboard that makes it easier for IT professionals

to read data logs, which saves them from having to perform memory dependent and error

prone manual correlation and analysis.

196. Bank needs the Solution, with total visibility – including the underlying physical as well

as virtual infrastructure including network devices / components. Three sets of

performance metrics are required to be closely monitored:

196.1 Performance experienced by end users (both front end and back end) of the

application.

196.2 Performance metrics to measure the computational resources used by the

application for the load, indicating whether there is adequate capacity to support

the load, as well as possible points/locations of a performance bottleneck.


&



196.3 Flow based (NetFlow, Jflow, IPFIX etc) capture, having potential to capture real-

time packets with Deep Packet Inspection (DPI) capability. Analysis of traffic

captured at multiple segments using centralized management console with

Predictive analytics and anomaly detection using AI/ML.

197. The Solution shall be able to monitor the health and performance on the End-user system,

Servers and underlying network infrastructure while also providing functional dimensions

of digital experience monitoring (DEM).

198. The Solution shall apply data-driven analytics and ML technology to enhance the

effectiveness of monitoring.

199. The Solution shall discover network quality which can further help in optimizing the

performance and availability of networks.

200. The Solution should help the Bank monitor all the components at all layers for an optimal,

application and network delivery and helps to improve the end user experience. The

Solution strives to detect and diagnose complex application and network performance

problems to maintain an expected level of service.

201. To provide robust NPMD Solution with scalability to meet future needs for monitoring

network and application performance, a platform which provides analytics for issue

tracking, auto ticketing and predicting issues and integrate with various platforms /

application systems in the Bank.

202. Data Sources: The Solution should be an end-to-end monitoring Solution that shall have

the capability to monitor all the components involved in the application flow, including

end-points, network devices at branches and Data Centres and servers (WEB/APP/DB).

This shall be achieved by monitoring the following elements at different layers by:

202.1 End Points: The Solution shall monitor the different applications and processes

running in the end point, health of the end-point and monitoring performance of

critical transactions of critical applications with respect to the end-point. The

information captured shall enable the centralized monitoring team of the selected

NI to identify if the slowness experienced by the end-user is due to the poor

performance or over-utilization of the end-point itself.

202.2 Network devices at branches: The Solution shall monitor the health of the

networking devices and network links at branches, in addition to capturing the top

talkers (flows utilizing max bandwidth) at individual branches. Further, the

Solution shall provide this capability without having the need to capture packets

from the networking devices at the branches. The Solution should be able to


&



provide this functionality with the use of flows and/or SNMP data from networking

devices at branches only.

202.3 Network devices at Data Centres: The Solution shall have the capability to

capture packets from identified locations with respect to the application flow for

critical applications to enable the user to extract in-depth information regarding the

performance of the transactions. The Solution should provide a mechanism to

collect packet capture from multiple sources, aggregating the collected packets and

share with their analytics tool for further processing. The Solution should provide

mechanism to create baseline with respect to the performance of critical

transactions of Bank’s applications and also provide customized dashboards to

proactively monitor the performance of these transactions. Bank may, during the

contract period for which the cost is valid go for additional procurement of devices

as per the rate specified in the RFP.

202.4 Monitor health of Network Devices: The Solution shall provide a mechanism to

capture the health of the network devices, including the CPU utilization, memory

utilization, up/down status, etc. using SNMP data from network devices.

202.5 Application Monitoring: The Solution shall provide a mechanism to monitor the

performance of the application server. This shall include monitoring the CPU and

memory utilization of the application servers and their respective resource

utilization, monitoring the time taken to process individual transactions / DB

queries / modules / piece of codes.

202.6 Central Dashboard: The Solution shall have a central component that shall enable

the users of the Solution to have an end-to-end visibility of all the components of

their IT infrastructure and also co-relate the information provided by the different

components of the Solution. The central dashboard will be in Active-Passive setup

across DC-DR.

203. The team managing the Solution shall include resources who will have to gain knowledge

about both the network architecture and application architecture.

204. Submit architecture diagram of entire setup with network and Information security

requirements (HLD and LLD) while deploying the setup in High Availability in Bank’s

Data Centres.

205. Solution should be capable of seamless DC-DR replication without any lag.

206. The MIS being generated through the Solution should also provide: i. Break-up of critical

issues per application ii. Categorization of RCA

207. The Solution must integrate with various systems / applications in the Bank including but

not limited to SOC, PIMS, NOC, Command Centre, ITAM, Service Desk, ADS, SSO,

ITSM, Complaint management.


&



208. The Product should be compliant with guidelines issued by applicable regulatory

authorities such as RBI, UIDAI etc, if any.

209. If the Bank desires to have, the Bidder should be able to setup a MOC (Monitoring

Operations Center) Lab for Synthetic Monitoring which is to be managed 24*7 along with

the support. The selected NI needs to verify all alerts for authenticity, considering the

Bank’s IT environment, before escalating to the Bank’s team.

210. The Solution should have automated capability to monitor End-to-End Transaction in

synthetic testing. This should also include the Journey involving 3rd party integrations and

merchants.

211. Provide end-to-end deployment methodology in the Bank’s environment.

212. Bank will conduct security audit for the entire Solution, from time-to-time and also before

commissioning of the Solution. The selected NI will be responsible for closing all the

security observations made by the Bank during the entire contract period. For the first

time, the Solution will only be allowed to be deployed by the Bank once all the security

observations made by the Bank are closed or an exception is received from the Bank. The

selected NI will be responsible for closure of all security observations and then

deployment of the Solution at all 24000 locations 182pprox.. (including DCs, DRs and

other branches and offices) of the Bank as per timelines specified above.

213. The bidder should upfront provide all the relevant pre-requisites which are expected from

Bank’s side in their deployment methodology document.

214. Attach Solution document and deployment methodology containing detailed bill of

material (make, model, OS details: version, date of release product development path, etc.)

explaining the bidder’s approach regarding implementation and commissioning of the

Solution.

215. The selected NI should arrange a certification from OEM that the proposed Solution is

Enterprise grade and that it will work for an enterprise. The proposed Solution should have

enterprise license without any restrictions to use the features mentioned in the RFP from

day one.

216. The selected NI is required to deliver all the required equipment meant for a

branch/office/DCs i.e. appliances, servers, serial-to-ethernet converter, racks, cables, etc.


&



in a single shipment. Bank will not accept the partial delivery of the equipment. The partial

delivery or installation will not be considered as installed.

217. The selected NI is required to configure the commissioned network equipment and the

Central Management servers and NOC portal for Management and monitoring/SLA. The

Solution will be considered deployed for a branch only after the deployment of the site on

the NOC portal.

218. The selected NI is responsible for taking backup of all in-scope Solution/device. The

backup shall include but not limited to configuration backup, Log backup and same needs

to be stored for contract period on the Log management Solution covered as detailed in

this RFP.

219. The proposed and deployed Solution should identify the time taken by individual

component/application to process the traffic.

220. Intercommunication between different components of NPMD (if any) should happen as

per the Bank’s security policy.

221. The selected NI should arrange Hands-on LAB training on the product with the OEM in

OEM LAB for the Bank officials.




quantitative and qualitative aspects related to configuration of the Solution from

an industry leading practices perspective and in tune with regulatory guidelines.

222.2 Review of Solution architecture to assess the extent to which same will support

business requirements and review gaps/ customizations, if any.


and quality









&



222.7 OEM certificate Go live of respective component.

Section N – Category-1/Existing Solution Management

223. Network Access Control (NAC)

223.1 The selected NI shall be responsible for the implementation, management and day

to day operations 24*7*365 with regard to NAC solution.

223.2 The selected NI shall be responsible to implement NAC related configuration on

all the switches (existing as well new) as per the Bank’s requirement from the

device deployment date itself. The most common place where implementation may

require are the branches, offices, Data Centres (DC), Offsite Data Centres (ODC)

and foreign locations of the Bank’s entities etc.

223.3 The selected NI shall be responsible to do appropriate changes at the NAC servers

to make switch configuration effective as per the Bank’s requirement.

223.4 The selected NI shall be responsible to test the appropriate scenarios with respect

to NAC related configuration on network devices and NAC solution and make

them effective without disrupting the existing operations or deteriorating user

experience.

223.5 The selected NI shall be responsible to keep proper record with sanctity of the

NAC deployed switches, ports, devices, end-points etc. The selected NI shall also

be responsible to do periodic review of such configuration data and submit report

to the Bank.

223.6 The selected NI shall be responsible to provide the data, report in specified format

as and when required for audit and review or any other purpose to the Bank. Bank

has the right to change the format and selected NI shall be abided to provide the

information in the format.

223.7 The selected NI shall be responsible to deploy proper mechanism to ensure 100%

implementation of the NAC.

223.8 The selected NI shall be responsible for complete management and administration

of the NAC solution in the Bank. The selected NI shall also be responsible to

manage NAC related configuration on network devices as per the Bank’s

guidelines.

223.9 The selected NI shall be responsible for the redeployment of the solution in case

of any need to relocation the device

223.10 The selected NI shall be responsible for monitoring of all possible physical and

logical parameters of the NAC solution including relevant components (for

example NAC servers, racks, switches load balancers etc.). The parameters are for

example utilisation of the server network interface, Hard disk, RAM and CPU.

223.11 The selected NI shall be responsible to resolve any issue in performance of the

solution or operation due to abnormality observed in physical or logical parameters

in consultation with the OEMs.


&



223.12 The selected NI shall be responsible to coordinate with solution SI or OEM as and

when needed for resolution of any issue in the NAC solution.

223.13 The selected NI shall be responsible to coordinate among different stakeholders

(like Active-Directory owners, Anti-virus owners, etc) for additional

functionalities/configurational features, integration and till the resolution of any

issue.

223.14 The selected NI shall be responsible for policy and other parameter configuration

in NAC infrastructure as per the Bank’s guideline and policy. The selected NI shall

also ensure clean-up of unused and unwanted policies configuration from the NAC

solution. Configuration clean-up shall be done under the supervision of Bank’s

designated officials and as per Bank policy.

223.15 The selected NI shall be responsible to resolve the NAC related day to day

operational issues. The selected NI shall also be responsible to create

knowledgebase for such operation issues and corrective steps taken for resolution.

223.16 The selected NI shall be responsible to upgrade the NAC solution software which

include OS, patch, end-point agents etc. The upgrade must be done with proper

testing and documentation as per the Bank’s guideline and policy.

223.17 The selected NI shall be responsible for creation and maintenance of all document

related to solution implementation/management and day to day operation. The

documents may include Solution document, standard operating procedure (SOP)

documents, asset register, incident documents, change request (CRF) documents,

Architecture and flow diagram document, user access management document etc.

223.18 The selected NI shall be responsible for timely closure of the security audit

observation and incidents as per the Bank guidelines and policy.

223.19 The selected NI shall be responsible to perform feasibility study to check existing

or new functionality of the solution based on modification in existing requirement

or new requirement as advised by the Bank.

223.20 The selected NI shall be responsible to provide the training to the Bank’s

designated officials across all the Circles.

223.21 The selected NI shall be responsible to perform the Disaster recovery drill and

production movement as and when Bank will announce the Integrated Business

Continuity Exercise (IBCE). The DR drill will also be conducted in case of issue

in solution Production setup at primary data centre. The selected NI shall also share

the documentation and report for such activity as per Bank’s requirement.

223.22 The selected NI shall be responsible to attend any reported issue within the

minimum time as mentioned as part of the SLA in this document. The reporting

mechanism may be anyone of the following:

a. Standard Ticketing tool

b. SMS

c. Telephone/Mobile call

d. E-mail


&



223.23 The selected NI shall be responsible to provide hand and feet support to the

concerned officials for resolution of NAC related issues. The selected NI shall also

be responsible to provide support over remote session of desktops for analysis and

troubleshooting of issue causing abnormal blocking of network access on the end

machine.

223.24 The selected NI shall be responsible to track all the reported issue till resolution.

The selected NI shall also be responsible to update the progress / status to the

designated officials of the Bank, on regular basis, till the time the incident / issue

gets resolved.

224. Virtual Private Network (VPN)

224.1 The selected NI shall be responsible to monitor and manage the existing VPN

solution in high availability (including DC and DR).


of any need to relocation.

224.3 The selected NI shall be responsible to implement new feature or solution (as and

when required to the Bank) as per the Bank’s policy. New feature and services

responsibility include following but not limited to:

a. Enable access of services and applications inside the organisation network

from internet or intranet trusted machine in a secured manner.

b. No direct communication from the external users to the internal private

network bypassing the Secure Remote Desktop Gateway.

c. Ensure superior visibility, precise control, and threat prevention at the

application level.

d. Ensure controlled application access with user-based policies

e. Automated security deployment and policy updates

f. Two factor authentications for users on boarding.

g. Provide real time statistics on connected users, IP address, TCP connections,

and system utilization.

h. Integration of existing VPN solution with Bank’s infrastructures.

i. Upgrade of software, patches and closure of security

vulnerabilities/observation.

j. Coordination among different stakeholders.

k. Tracking and resolution of issues reported for the VPN.

l. Carry out quarterly review of the system performance.

224.4 The selected NI shall be responsible to check all release /version change of patches/

upgrades/updates of Hardware/software/OS/Middleware etc. as and when released

for the platform. The selected NI shall ensure implementation of upgrades and

changes as per the Bank’s policy.

224.5 The selected NI shall inform the Bank well in advance for end of support dates on

related products/ licences.


&



224.6 The NI shall be responsible to submit Root Cause Analysis reports (wherever

applicable within 3 working days from the date of incident or from the date of

reporting by the Bank, whichever is earlier)

225. Video Conferencing (VC)

225.1 The selected NI shall be responsible to monitor and manage the Bank’s Video

Conferencing solution deployed across the Bank (including abroad).


of any need to relocation the device

225.3 The selected NI shall be responsible to track, troubleshoot and resolve the reported

issue by end users.

225.4 The selected NI shall be responsible to carry out quarterly review of the system

performance and accordingly perform the following maintenance and support

activities (but not limited to):

a. Diagnostic check of the performance of the entire solution as well as

individual components and hardware configurations.

b. Operating system component check (for updates and vulnerabilities).

c. All necessary services & configurations for successful functioning of the

solution as per the features specified in the RFP.

d. Preventive maintenance (to be performed quarterly with supporting reports)

e. Troubleshooting and resolution of issues

225.5 The selected NI shall be responsible for the submission of various reports

mentioned below but not limited to:

a. Uptime report

b. Number of Conference calls and their details for e.g. start time, call duration,

call drop (if any)

c. Number of participants in specified call (with joining and end time etc.)

d. System performance report

e. Number of Calls by specified room-based end point and total duration of the

calls in a specified period.

f. Call Quality Report.

g. Preventive maintenance report etc.

h. Any other report as and when desired by the Bank.

225.6 The selected NI shall ensure Software updates for equipment are up to date at any

point of time, without impacting services

225.7 Timely closure of all security vulnerabilities

225.8 Integration with other solutions of the Bank.

226. Secure Web Gateway (SWG)


&




of any need to relocation the device.

226.2 The selected NI shall be responsible for the deployment and maintenance of

additional hardware if procured by bank

226.3 The selected NI shall be responsible for timely updating of related technical

documents pertaining to Proxy and its related components.

226.4 The selected NI shall be responsible for deployment of proxy solution at foreign

offices of SBI.

226.5 The selected NI shall provide proactive monitoring and management of all the

appliances which are part of the solution at DC and DR site.

226.6 The selected NI shall be responsible to coordinate with different stakeholders

(including OEM) for resolving reported issues or implementing new features.

226.7 The selected NI shall track and monitor all the cases till resolution.

226.8 The selected NI shall be responsible for implementing Bank approved internet

access guidelines. The operations should always adhere to the guideline.

226.9 The selected NI shall be responsible to closure of security and audit observation.

226.10 The selected NI shall be responsible to track all the upgrade release by the OEM

for the platform and implement suitable release as per Bank’s policy.

226.11 The selected NI shall be responsible to provide periodic reports as requested by the

Bank in specified format.

226.12 The selected NI shall be responsible to provide reports on service request logged

by end-users, support calls logged with OEM in the below given format:

a. Call logged date

b. logged by (details of end-user/OEM)

c. Action Taken

d. Status

e. Call Closed Date

226.13 The selected NI shall notify all malware, spyware, viruses, phishing & other web-

based threats incidents to the Bank immediately and resolve within 4 hours. To

provide incident root cause analysis reports within 3 working days of the incident

containing details of:

a. Description of the incident

b. Cause of incident

c. Damage observed impact in terms of download/data loss/any other damage

d. Supporting evidence

e. Recovery Time

f. Steps to be taken to avoid the same in future

g. Remedial steps taken- both corrective & preventive.


&



226.14 The selected NI shall be responsible to fine-tune the solution, providing

suggestions/recommendations for various issues reported to them or for adoption

of best practices in the industry etc.

226.15 The selected NI shall be responsible to monitor the health of all devices on

proactive basis.

226.16 The selected NI shall conduct DR drill as and when required and submit the report

in the necessary format.

226.17 The selected NI shall review all the pending issues and should discuss with the

Bank on weekly basis.

226.18 The selected NI shall be responsible for configuration backup. Restoration and

testing of restored data.

226.19 The selected NI shall follow Bank’s approved Change request Management

process.

226.20 The selected NI shall keep proper tracking of all activities and user access on proxy

or routed through proxy.

226.21 The selected NI shall be responsible to track the end of support dates on related

products/ hardware as soon as they are declared by their respective OEMs and

informed to the Bank well in advance.

226.22 The selected NI shall be responsible to implement and manage any additional

hardware and software procured by the Bank, at any stage during the contract

period. Additional software/hardware/licences procured at a later stage shall also

be managed centrally using the existing central managers commissioned.


performance (including preventive maintenance) and carry out maintenance and

support activities including (but not limited to) the following:


individual components and hardware configurations

b. Operating system component check (for updates and vulnerabilities).

c. All necessary services & configuration for successful functioning of the

solution

d. Cleaning and removal of dust and dirt from the interior and exterior of the

equipment and necessary repair of the equipment

226.24 The selected NI shall be responsible to provide Root Cause Analysis reports

(wherever applicable, within 3 working days from the date of incident or from the

date of reporting by the Bank, whichever is later).

226.25 The selected NI shall be responsible to ensure integration of the Solution with other

solutions of the bank (existing or future) such as Active Directory (AD), Data Loss

Prevention (DLP), Privileged Identity Management System (PIMS), SIEM etc. as

and when the need arises during the entire duration of the contract without



&



226.26 The selected NI shall be responsible for the submission of various reports (such as

uptime report, system performance report, preventive maintenance report etc.)

periodically and on-demand by the bank. The frequency and various other types of

the reports shall be discussed with the selected NI.

226.27 The selected NI shall be responsible to perform following activities but not limited

to:

a. User Management – User creation/deletion/modification (after receiving

appropriate authorization from Bank) for internet access responding to

queries of end-user, user access policy management etc.

b. Fault Management – Detecting, isolating and correcting problems,

reporting problems of end-users and managers, tracking trends related to the

problem.

c. Incident Management – The Helpdesk team will provide for an incident

management process to seamlessly facilitate a fault/call from initial

identification, notification, logging, diagnosing, and closing the issue.

d. Log Management – Retention of all logs (including user access logs,

security logs, audit trail etc.) for a period as per the Bank’s requirement

e. URL whitelisting – URL addition and deletion as per bank requirement.

f. Managed Appliance Database – Appliance Database would be maintained

by the Help Desk. Managed appliances information must include (but not

limited to) Make, Model, Serial number, Installation location, rack, IP

addresses, physical connectivity (port to port), Software version, Firmware

version, License Details etc.

g. MIS Report Generation requirement and Preparation of Disaster Recovery

(DR) Plan, Business Incident Analysis (BIA), Call Tree report, Risk

Assessment (RA) reports, all type of Audit compliance, responses &

resolution of audit queries as per the Bank’s requirement in compliance with

the Bank’s internal policies

h. Preparation and submission of user-defined reports including Top URLs

visited, Top bandwidth users, Policy violations, URL Categories, Appliance

performance, Appliances usage, Project Plan, DR Plan, Business Continuity

Plan and other report as required by Bank.

227. Domain Name System (DNS)

227.1 The selected NI shall have to manage the Domain Name Service (DNS) Solution

for day to day operation on 24*7 support basis. The selected NI has to assign One

dedicated engineer L2 or L3 having expertise in F5 DNS or other DNS Solution

procured by Bank during the NI contract. The dedicated engineer will manage,

maintain the DNS Solution along with DNS related documents preparation, apply

patches and OS/ firmware fixes as an when released by OEM or required by Bank

along with closure of security incidents if any raised by Bank or advisories. Timely

submission of the root cause analysis of any incident related to DNS.


&



227.2 The selected NI shall also perform the DC and DR switching of the DNS as per

the IS policy of the Bank.

227.3 The selected NI shall be responsible to redeploy the solution in case of relocation

of the device are needed to the Bank.




documents pertaining to DNS and its related components.

227.6 The selected NI shall be responsible for maintaining the uptime of the solution.

227.7 The selected NI shall be responsible for Record creation, Record modification,

Record monitoring in DNS and automatic sync of the DNS records across the

solution.

227.8 The selected NI shall be responsible to conduct daily health check, fault

identification, isolation, resolution and submission of the report to the Bank.

227.9 The selected NI shall be responsible to conduct preventive maintenance of the

solution in every quarter and submit report to the Bank.

227.10 The selected NI shall be responsible for conducting and coordinating DR Drills of

DNS solution.

227.11 The selected NI shall be responsible to track the software upgrade and release for

the platform and implement appropriate upgrade in the solution.

227.12 The selected NI shall be responsible for timely closure of security and audit

observation.

227.13 The selected NI shall be responsible for following activities (but not limited to)

a. Log Management

b. User management

c. Asset Management

d. Integration with Bank’s other solutions.

e. Backup, Restoration, and testing.

f. Monthly reporting of issues and cases raised with OEM etc.

g. Generic reports as required

227.14 The selected NI shall be responsible to carry out quarterly review (including

preventive maintenance) of the system performance and perform following

maintenance and support activities (but not limited to):



b. Operating system component check (for updates and vulnerabilities)

c. All necessary services & configuration for successful functioning of

application

d. Trouble shooting and resolution issues


&



228. Time Servers (Network Time Protocol)

228.1 NI has to manage and maintain the Network Time Protocol (NTP) overall infra as

per Bank policy, manage, maintain the NTP appliances, upgrade of OS/firmware,

closure of security incidents, preparation of various documents related with NTP.


of relocation of the device.



228.4 The selected NI shall be responsible for timely updating of technical documents

pertaining to NTP and its related components.

228.5 The selected NI should be responsible for maintaining uptime of the devices.

228.6 The selected NI shall be responsible for Record creation, Record modification,

Record monitoring in NTP

228.7 The selected NI shall be responsible to conduct daily health check of the solution.

228.8 The selected NI shall be responsible for fault identification, isolation, and

resolution of the issues.


NTP solution including documentation.

228.10 The selected NI shall be responsible to ensure that the NTP solution is in Sync with

all sites at real time.

228.11 The selected NI shall be responsible for closure of security and audit observation.

228.12 The selected NI shall be responsible for following activities (but not limited to):

a. Log Management

b. User management

c. Asset Management

d. Integration with SBI security solutions.


f. Monthly reporting to project manager with issues, cases raised with OEM

etc.

g. Generic reports as required


performance and perform following maintenance and support activities (but not

limited to):





application

d. Preventive maintenance.

e. Trouble shooting and resolution issues


&



f. RCA Documents

228.14 The selected NI shall be responsible to provide the report as and when required by

the Bank for uptime, number of devices and their details which are taking the time

directly from the NTP solution, system performance.

228.15 The selected NI shall be responsible to track and resolve the reported issue and

integrate the solution with Bank’s infrastructure. The selected NI shall also be

responsible for ensuring the time dissemination to each device in the network.

228.16 The selected NI shall be responsible to track all the release updates/upgrades for

the platform and implement appropriate upgrade as per Bank’s policy.

229. Network Security Policy Management (NSPM)

229.1 NSPM Solution shall be handled by selected NI for day to day task,

implementation of the FARs, changes in the workflow if required by Bank, Regular

OS and patches updates according to the security policy of the Bank and as well as

the closure of security-related incidents raised by an auditor, advisory or by Bank,

Preparation of the documents and reports related to the NSPM Solution as and

when required by Bank. Selected NI shall assign a dedicated team to perform day

to day operations and OEM certified expert engineers in NSPM Solution for the

administration of the same.

229.2 The selected NI shall be responsible for redeployment of the solution in case of

relocation of the device.




documents pertaining to NSPM and its related components.

229.5 The selected NI shall be responsible for maintaining uptime of the solution.

229.6 The selected NI shall be responsible to manage the development and deployment

of firewall automation workflow as per Banks requirement. The selected NI should

make modifications in the workflow as and when required by the Bank without


229.7 The selected NI shall be responsible for NSPM system administration and

management.

229.8 The selected NI shall be responsible Record creation, Record modification, Record

monitoring in NSPM and ensure sync between the devices.

229.9 The selected NI shall be responsible to conduct daily health check and submit a

report.

229.10 The selected NI shall be responsible to track and resolve the reported issue and

integrate the solution with Bank’s infrastructure.


&



229.11 The selected NI shall be responsible to track all the release updates/upgrades for

the platform and implement appropriate upgrade as per Bank’s policy.

229.12 The selected NI shall be responsible for closure of all security and audit

observation.

229.13 The selected NI shall be responsible for fault identification, isolation, and

resolution of the issues.


NSPM solution including documentation.

229.15 The selected NI shall be responsible for following activities (but not limited to):

a. Log Management

b. User management

c. Asset Management

d. Integration with Bank’s other infrastructure.


f. Monthly reporting to project manager with issues, cases raised with OEM

etc.

g. Specific reports as and when required


performance and perform following maintenance and support activities (but not

limited to):





application

d. Preventive maintenance.

e. Trouble shooting and resolution issues

f. RCA Documents

229.17 The selected NI shall be responsible for the submission of various reports (such as

uptime, request raised in the system by whom and when, time taken to process the

requests by each layer for review and approve etc) as and when required by the

Bank.


&



PAYMENT SCHEDULE:

Sr.

No. Category Payment Terms

1 Delivery of Hardware & Software for

NOC-1 and NOC-2, LMS and NPMD

30% of the respective component value

2

Installation of Hardware &

customization of Software of NOC-1,

LMS and NPMD


3 UAT & Production & Go Live of

NOC-1 LMS and NPMD


4



DR setup of LMS and NPMD


5 Production & Go Live of NOC-2 10% of the respective component value

6 Human/ Personnel Resources Quarterly arrear basis. Pro-rata basis as per

“cost per resource” for the respective role

7 Annual Maintenance Contract (AMC)

/ Annual Technical Support (ATS) Quarterly in Arrears

8 LAN Management Quarterly in Arrears

9 NOC/Network Certification charges/

Trainings & Certifications On completion of Task

10 Rate Contract for incremental items After delivery and sign off

11 Miscellaneous Recurring Charges Quarterly in arrears for the services rendered and

pro-rata wherever applicable

12 Cost for Storage (per pallet)/ Cost of

Insurance/ Courier Charges On production of relevant proofs


&



Appendix-F

Indicative Price Bid

The indicative Price Bid needs to contain the information listed hereunder in a sealed

envelope bearing the identification–“Indicative Price Bid for Procurement of

______________________”.

Name of the Bidder – M/s

(Rs. In Lakh excluding all applicable taxes)

S.

No Description Qty Amount

Proportion to

Total Cost of (in

%age)

I One-time Costs

1 Hardware / Appliances (Table A)

2 Software & customized applications

(Table B)

3

NOC set-up (installation in DCs, UAT

etc.) including Software installation and

customizations, if any

4 Integration of entire IT infra of the

Bank with each NOC technology as per

scope of work

5 Transition from existing NOC to

New NOC

Total Cost of I (1+2+3+4+5)

II Recurring Costs

1 LAN Management (Table C)

2 Personnel Resources (Table D)

3 Rate Contract for incremental items

(Table E)

4 Trainings & Certifications (Table F)

5 NOC/Network Certification charges

(Table G)

6 Miscellaneous Recurring Charges

(Table H)

Total Cost of II (1+2+3+4+5+6)

*TCO for Contract period (I + II)


&



Add rows in above table for additional items, if any.

*This will be the Total Cost of Ownership (TCO)/Total Project Cost and should be quoted in

the reverse auction.

Note:

These are the indicative commercials for services provided by the bidder for setting

up NGNOC including installation of hardware, software, applications etc. as per Bill

of Material submitted in the technical bid for NGNOC

Table A: Hardware/ Appliances


S.N Hardware

Description Quantity

Cost

including

three years

warranty

(A)

Post

warranty

AMC for

two years

(B)

Cost for

Contract

period

C=(A+B)

Proportion

to Total

cost of (in

%age)

A1. DCs Location Setup

1.

NOC-1 setup

(Each tool /

Solution /sub-

component to be

mentioned as a

separate line-

item, including

racks)

2. NOC-2 setup (Each

tool / Solution /sub-

component to be

mentioned as a

separate line-item,

including racks)

3. LMS (Each tool /

Solution /sub-

component to be

mentioned as a

separate line-item,

including racks)

4. NPMD (Each tool /

Solution /sub-


&



component to be

mentioned as a

separate line-item,

including racks)

Total cost

A2. UAT Environment

1.

NOC-1 setup (Each


component to be

mentioned as a

separate line-item,

including racks)

2. LMS (Each tool /

Solution /sub-

component to be

mentioned as a

separate line-item,

including racks)


Solution /sub-

component to be

mentioned as a

separate line-item,

including racks)

Total cost

Total cost of Table A (A1 + A2)


Note –

• Bidder must propose hardware which require optimized space, power

consumption and cooling. Preference will be given to greener technologies.

• Comprehensive annual maintenance for Hardware / Appliances mentioned above

for 2 years, after the end of comprehensive warranty should be 10 % p.a. of the

cost for Hardware / Appliances.


&



Table B: Software & customized applications

Software cost in below table is not applicable to technologies based on proprietary

appliance having specific throughput as per data sheet provided in the technical bid. As

such, it is assumed that the Software cost is loaded in appliance cost in table B above.


S.N Description Quantity

Cost

including

three years

warranty

(A)

Post

warranty

AMC for

two years

(B)

Cost for

Contract

period

C=(A+B)

Proportion

to Total

cost of (in

%age)

B1. DCs Location Setup

1.

NOC-1 setup

(Each tool /

Solution /sub-

component to be

mentioned as a

separate line-

item including

perpetual license

cost)

2. NOC-2 setup (Each


component to be

mentioned as a

separate line-item

including perpetual

license cost)

3. LMS (Each tool /

Solution /sub-

component to be

mentioned as a

separate line-item

including perpetual

license cost)


Solution /sub-

component to be

mentioned as a

separate line-item


&



including perpetual

license cost)

Total cost

B2. UAT Environment

1.

NOC-1 setup (Each


component to be

mentioned as a

separate line-item

including perpetual

license cost)

2. LMS (Each tool /

Solution /sub-

component to be

mentioned as a

separate line-item

including perpetual

license cost)


Solution /sub-

component to be

mentioned as a

separate line-item

including perpetual

license cost)

Total cost

Total cost of Table B (B1 + B2)


Note:

• It is the responsibility of the Bidder & OEM to envisage Software / applications

required for smooth running of the GCSOC for Contract period without any extra

procurement than above. If any required at latter stage bidder has to bear the cost.

• Comprehensive annual maintenance for Software & Customized Applications

mentioned above for 2 years, after the end of comprehensive warranty should be

15% p.a. of the cost for Software & Customized Applications.


&



Table-C : LAN Management Cost

Description

Switch

Weight

[A]

Unit

Cost

per

year

(in

Rs.)

[B]

Total

Cost

(per

year)

[C] =

[A] x

[B]

Total

Cost

for 5

Years

[D] =

5 x

[C]

Proportion

to Total

cost of (in

%age)

*Data Center/ offices LAN

Management scope as described in

section ‘C’ of Scope of Work.

4,500

LAN Management Cost Bank’s

Branches/offices network excluding

Data Center switches) per year

30,000

Total of Table C

Note-1: LAN Management Cost will be calculated based on the number of deployed

switches in the Bank’s network (including domestic and foreign offices but excluding Data

Center switches) per year. For example, if there are ‘N’ number of switches deployed in

the Bank’s network as on the last date of a given calendar quarter, the LAN management

cost payable shall be as under: ‘X’/30,000 * ‘N’

Where ‘X’ is the rate discovered for 30,000 deployed switches (weight), and ‘N’ is the

number of deployed switches arrived at by fetching the data directly from the monitoring

tool.

Note-2: Data Center LAN Management includes cabling between two network devices

and/ or network device and server/solution component within the Data Center. LAN

Management Cost will be calculated based on the number of Racks per year. The payment

will be made based on actual number of deployed racks at the end of each quarter.

For example, if there are ‘N’ number of Racks (as defined above) deployed in given Data

Center as on the last date of a given calendar of a quarter, the LAN management cost

payable for that Data Center shall be as under:

‘Y’/4,500 * ‘N’

Where ‘Y’ is the rate discovered for 4,500 racks (weight)


&



Table-D:

Table D.1: Human Resource (dedicated) Cost

Role Description

(minimum working

hour for each resource

is 8 hours per day)

Weight

[A]

Individual

Resource

Cost per

month (in

Rs.)

[B]

Total

Resource

Cost

(per

month)

[C] = [A]

x [B]

Total

Resource

Cost for

5 Years

[D] = 60

x [C]

Proportion

to Total

cost of (in

%age)

Service Desk Engineer 42

Field engineer 749

L1 Engineer 85

L2 Engineer 51

L3 Engineer (Routing &

Switching) / Security /

Others (NW, D&C, QA

etc.)

58

Manager Operation / Data

Center / Asset

Management / TSP

Management

35

Manager project 4

Manager Engagement 3

System Engineer/

Administrator

4

Total 1031


&



Table D.2: Human Resource (non-dedicated) Cost

Such resources shall be required in FO locations

Country Branch Name Non-

dedicated

Engineers

Required

[A]

Individ

ual

Resourc

e Cost

per day

(in Rs.)

[B]

Total

Resour

ce Cost

(per

day)

[C] =

[A] x

[B]

Cost

for 60

days

[D] =

[C] x

60

Proportio

n to

Total

cost of

(in

%age)

Australia

Sydney_Branch

1

BCP_Sydney

Melbourne

Bahrain

Bahrain Manama

Branch 1

FCB-Bahrain_Branch

Bahrain_Branch

Banglades

h

Khulna

1

Dhaka_Branch

Gulshan_Branch

Chittagong_Branch

Country Office

Belgium Antwerpen_Branch

1

Belgium_BCP

Botswana Botswana_Branch

1

Gaborone_BCP

Canada

Surrey_Branch

2

Totonto_HQ_Branch

Brampton_Branch

Vancouver_Branch

Missisauge_HO

Scarborough_Branch

Mississauga_Branch

China Shanghai_Branch

1

Shanghai BCP

Germany Frankfurt_Branch

1

Frakfurt BCP

HongKon

g

Cameron Road_BCP 1

Queensroad_Branch

Israel Tel-aviv-israel_Branch

1

Israel_BCP

Japan Osaka_Branch 2


&



Tokyo_Branch

OSAKA BCP

Tokyo BCP

South

Korea

Seoul Branch 1

Seoul BCP

Maldives

Male, IGMH_Branch

2

SinooHithadoo_Branc

h

ADKHospital_Branch

Maldives_BCP

Attol_Branch

Mamingli

Hulumale

Maldives_HO

Mauritius

Port Louis

4

Super Unic

Supermarket

Bagatelle Mall ATM

Rose Belle Branch

Vacoas_Branch

Goodlands_Branch

China_Town_Branch

Central-flacq_Branch

Rodrigues_Branch

Mahebourg_Branch

Triolet_Branch

Curepipe_Branch

Rose-hill_Branch

Quatre-bornes_Branch

Mte-blanche_Branch

SBIIntouch_Mauritius

Ebene_Branch

Myanmar Myanmar_BCP

1

Yangon_Branch

Nepal Khatmandu_Branch 1

Oman Oman_Branch

1

Oman_BCP Branch

Singapore

Ananda Bhavan ATM

5

SuntecCity ATM

Changi Business Park

Changi T1

ATM(Changi Airport

Terminal 1)

Changi T2 ATM

Dhoby Ghaut ATM


&



Farrer Park ATM

Hougang Mall ATM

Jurong Bird Park ATM

Little India Arcade

ATM

Marina Bay Sands

ATM

NTU ATM

Singapore_917

Toa Payoh Branch

Zoo ATM(MANDAI

ZOO)

SBIFO-SNG-2960-

AMOKO

Marine Parade Branch

Little India Branch

Jurong East Branch

Ang Mo Kio Branch

Clementi Branch

Jurong East Branch

Singapore

Headquarters (Celcil

Street)

South

Africa

Lenasia_Branch

1

Durban_Branch

Johannesburg_Branch

Sri Lanka

Colombo Main Branch

1

BCP_Branch

Kandy_Branch

Mawatha_Branch

UAE

Dubai_Main Branch

1

Dubai BCP Branch

Dubai_RH Office

Branch

United

Kingdom

London main Branch 2

4

Coventry Branch

Wolverhampton

Branch

Manchester Branch

Leicester Branch

Birmingham Branch

Bisposgate

Golders Green Branch

Southall Branch

EastHam Branch


&



Harrow Branch

Ilford Branch

Hounslow Branch

Harrow (DR)

United

states

Losangels-

Agency_Branch

4

Newyork_Branch

Chicago_Branch

Losangels_Branch

SanJose_Branch

New York BCP

Turkey Istanbul_RO 1

Number of Non-dedicated

Resources 40

Grand Total

Total of Table D

Important points: Requirement of non-dedicated resource at FO

a. Non-dedicated resource shall be L1 engineer.

b. Per day working hours shall be 8 hours and payment will be made pro-rata based

on the certificate from the concerned officials.

c. The above table is only for discovery of resource cost per person per day, but the

cost shall be payable only when services are availed from the resources for a given

location.

d. The resource should be able to speak fluent English and the local language.

e. The rate quoted will remain firm over the period of contract.

f. For TCO, one visit per month has been assumed.

g. The above is only for discovery of resource cost per person per day, however the

cost shall be payable only when services are availed from the resources for a given

location.

Table-E: Rate Contract for incremental Software/ hardware/ Appliances / Systems

S. No. Description Quantity Cost

Payable

1. LMS-additional license cost Per 5 Thousand

EPS

2. LMS-additional online storage cost Per TB

3. NPMD-additional capacity augmentation

cost

Per 5 GB

Throughput

Requirement

4. NPMD-additional online storage cost Per TB

5 Storage for NOC operation data Per 5 TB



&



Note:

• Bidder should include rate Contract for each incremental software/ hardware /

system of individual NGNOC technology setup in individual row, required on case

to case basis.

• Table E should include all applicable charges including but not limited to logical

computing, processing, storage, networking Software and hardware units per such

incremental setup, supply, installation, deployment, integration of the incremental

systems procured with NGNOC setup cohesively.

• The rates mentioned in the Table E and all other commercials shall remain static

for the entire contract period

• This will be considered for TCO only, need basis order may be placed during the

Contract period.

• The rate quoted in the rate Contract table must not be more than 5% in variation

to the pro-rata cost mentioned in table A & B.

Table-F: Trainings and Certifications

S.

No.

Description of Training Timelines Cost

Payable

Proportion

to Total

cost of (in

%age)

1 Basic Training to LHOs, and

other administrative offices.

Half-yearly

during entire

contract

period

2 Advanced training and

certification to Bank’s

designated in-house team from

date of issuance of PO/LOI per

batch. (Cost will be paid per

batch-wise).

Within 2.5

years

Total cost of the Table F

Table-G: NOC/Network Certification charges

ISO 27001:2013, ISO9001:2015 within 365 days from date of issuance of PO/LoI.

S. No. Obtention of Certifications Cost Payable

1 ISO 27001:2013

2 ISO9001:2015

Total of Table G

Note: The charges payable for the certification will be on actual basis on production of

invoices from the certifying agencies.


&



Table-H: Miscellaneous Recurring Charges

Description Per year

per unit

cost

One Year

Cost

Five

Year

Cost

H.1 New Branches and shifting of branches

Establishing new Branches onetime (domestic) NA NA

Establishing new Branches onetime (Foreign) NA NA

Shifting charges onetime domestic NA NA

Shifting charges onetime foreign NA NA

Installation, configuration of per router NA NA

Installation, configuration of per switch NA NA

Installation of Modem NA NA

Installation, configuration of SDWAN NA NA

Total Contract Value for 5 years

H.2 Insurance, warehouse storage, transportation charges

Cost for Storage (per pallet) On actual basis

Cost of Insurance On actual basis

Courier Charges On actual basis

Assumptions:

1. As on date approximate domestic 24000 branches and 91 Foreign Offices

branches

2. Approximate opening of new domestic branches 700 per year and 5 foreign

offices branches per year

3. Approximate shifting of domestic branches 200 per year and 5 in foreign

offices.

4. Total DC and DR are 5 in number as on date

We, M/s ___________________, hereby confirm that all the items including

Hardware, Software and Services as required for complying with the Scope of

Work as also making the systems and services operational for Contract period as

per the requirement of the Bank have been included in the above Commercial Bid.

We undertake that no additional charges shall be levied by us on the Bank.

Breakup of Taxes and Duties

Sr.

No.

Name of activity/Services Tax 1 Tax 2 Tax 3

Mention Name of Tax


&



GST%

1.

2.

3.

Grand Total


Seal of Company


&



Illustration


Particulars Indicative

Price Bid

Quote

(INR)

Proportion

to Total

Cost ‘G’

(in %age)

of

indicative

price bid

Final

Price

(INR)

in

reverse

auction

Minimum

final price

should

not be

below

(INR)

Maximum

final price

should not

exceed

(INR)

A B

C

D* E

(95% of

D)

F

(95% of

D)

Item 1 25 13.16 9.87 9.38 10.36

Item 2 50 26.32 19.74 18.75 20.72

Item 3 75 39.47 29.60 28.13 31.09

Item 4 40 21.05 15.79 15.00 16.58

Grand Total

(1 + 2 + 3 +

4)= G

190 100 75

* Ideal final price breakup based on final price of Rs. 75 quoted in the reverse auction.


&



Appendix -G

Certificate of Local Content

<Certificate from the statutory auditor or cost auditor of the company (in case of

companies) or from a practicing cost accountant or practicing chartered accountant (in

respect of suppliers other than companies) giving the percentage of local content, on their

letter head with Registration Number with seal.>

Date:

To

Dear Sir,

Ref.: RFP No. SBI/GITC/NW&C/20-21/706 Dated 18.08.2020

This is to certify that proposed ______________ <product details> is having the local

content of ___________ % as defined in the above mentioned RFP2. This certificate is

submitted in reference to the Public Procurement (Preference to Make in India), Order 2017

including revision thereto.

Signature of Statutory Auditor/Cost Auditor

Registration Number:

Seal

Counter-signed:

Bidder OEM

< Certified copy of board resolution for appointment of statutory/cost auditor should also

be enclosed with the certificate of local content.>


&



Appendix -H

BANK GUARANTEE FORMAT

(TO BE STAMPED AS AN AGREEMENT)

THIS Bank GUARANTEE AGREEMENT executed at _________this _________day

of _________201 by _________ (Name of the Bank) _________ having its Registered

Office at _________and its Branch at _________ (hereinafter referred to “s “the

Guaran”or”, which expression shall, unless it be repugnant to the subject, meaning or

context thereof, be deemed to mean and include its successors and permitted assigns) IN

FAVOUR OF State Bank of India, a Statutory Corporation constituted under the State

Bank of India Act, 1955 having its Corporate Centre at State Bank Bhavan, Nariman Point,

Mumbai and one of its offices at____________(procuring office address), hereinafter

referred to “SBI” which expression shall, unless repugnant to the subject, context or

meaning thereof, be deemed to mean and include its successors and assigns).

WHEREAS M/s__________________________________________, incorporated under

__________________________________ Act having its registered office at

__________________________________ and principal place of business at

__________________________________ (hereinafter referred to as “Service Provider/

Vendor” which expression shall unless repugnant to the context or meaning thereof shall

include its successor, executor & assigns) has agreed to develop, implement and support

_________ (name of Solutions and service) (hereinafter referred to as “Services”) to SBI

in accordance with the Request for Proposal (RFP) Ref.: RFP No: SBI/GITC/NW&C/20-

21/706 Dated 18.08.2020 (RFP For Engagement of Network Integrator and setting up

of Next Gen Network Operations Centers (NOCs).

WHEREAS, SBI has agreed to avail the Services from the Service Provider for a period of

______ year(s) subject to the terms and conditions mentioned in the RFP.

WHEREAS, in accordance with terms and conditions of the RFP/Purchase

order/Agreement dated_________, Service Provider is required to furnish a Bank

Guarantee for a sum of Rs.__________/- (Rupees _________ only) for due performance

of the obligations of the Service Provider in providing the Services, in accordance with the

RFP/Purchase order/Agreement guaranteeing payment of the said amount of

Rs.__________/- (Rupees __________ only) to SBI, if Service Provider fails to fulfill its

obligations as agreed in RFP/Agreement.


&



WHEREAS, the Bank Guarantee is required to be valid for a total period of _____ months

and in the event of failure, on the part of Service Provider, to fulfill any of its commitments

/ obligations under the RFP/Agreement, SBI shall be entitled to invoke the Guarantee.

AND WHEREAS, the Guarantor, at the request of Service Provider, agreed to issue, on

behalf of Service Provider, Guarantee as above, for an amount of Rs.___________/-

(Rupees ___________ only).

NOW THIS GUARANTEE WITNESSETH THAT

1. In consideration of SBI having agreed to entrust the Service Provider for rendering

Services as mentioned in the RFP, we, the Guarantors, hereby unconditionally and

irrevocably guarantee that Service Provider shall fulfil its commitments and obligations

in respect of providing the Services as mentioned in the RFP/Agreement and in the

event of Service Provider failing to perform / fulfil its commitments / obligations in

respect of providing Services as mentioned in the RFP/Agreement, we (the Guarantor)

shall on demand(s), from time to time from SBI, without protest or demur or without

reference to Service Provider and not withstanding any contestation or existence of any

dispute whatsoever between Service Provider and SBI, pay SBI forthwith the sums so

demanded by SBI not exceeding Rs.__________/- (Rupees ____________only).

Any notice / communication / demand from SBI to the effect that Service Provider

has failed to fulfil its commitments / obligations in respect of rendering the

Services as mentioned in the Agreement, shall be conclusive, final & binding on

the Guarantor and shall not be questioned by the Guarantor in or outside the court,

tribunal, authority or arbitration as the case may be and all such demands shall be

honoured by the Guarantor without any delay.

2. We (the Guarantor) confirm that our obligation to the SBI, under this guarantee shall

be independent of the agreement or other understandings, whatsoever, between the SBI

and the Service Provider.

3. This Guarantee shall not be revoked by us (the Guarantor) without prior consent in

writing of the SBI

WE (THE GUARANTOR) HEREBY FURTHER AGREE & DECLARE THAT-

i. Any neglect or forbearance on the part of SBI to Service Provider or any indulgence

of any kind shown by SBI to Service Provider or any change in the terms and

conditions of the Agreement or the Services shall not, in any way, release or discharge

the Bank from its liabilities under this Guarantee.

ii. This Guarantee herein contained shall be distinct and independent and shall be

enforceable against the Guarantor, notwithstanding any Guarantee or Security now or

hereinafter held by SBI at its discretion.


&



iii. This Guarantee shall not be affected by any infirmity or absence or irregularity in the

execution of this Guarantee by and / or on behalf of the Guarantor or by merger or

amalgamation or any change in the Constitution or name of the Guarantor.

iv. This Guarantee shall not be affected by any change in the constitution of SBI or

Service Provider or winding up / liquidation of Service Provider, whether voluntary

or otherwise

v. This Guarantee shall be a continuing guarantee during its validity period.

vi. This Guarantee shall remain in full force and effect for a period of __ year(s)

____month(s) from the date of the issuance i.e. up to _________. Unless a claim

under this Guarantee is made against us on or before ____, all your rights under this

Guarantee shall be forfeited and we shall be relieved and discharged from all

liabilities there under.

vii. This Guarantee shall be governed by Indian Laws and the Courts in Mumbai, India

alone shall have the jurisdiction to try & entertain any dispute arising out of this

Guarantee.

Notwithstanding anything contained herein above:

i. Our liability under this Bank Guarantee shall not exceed Rs__________________/-

(Rs. ________________only)

ii. This Bank Guarantee shall be valid up to________________

iii. We are liable to pay the guaranteed amount or any part thereof under this Bank

Guarantee only and only if SBI serve upon us a written claim or demand on or before

________________

Yours faithfully,

For and on behalf of bank.

__________________________

Authorised official


&



Appendix -I

PROFORMA OF CERTIFICATE TO BE ISSUED BY THE BANK

AFTER SUCCESSFUL COMMISSIONING AND ACCEPTANCE

OF THE SERVICES AND SOLUTIONS (HARDWARE & SOFTWARE)

Date:

M/s.______________

d) Sub: Certificate of delivery, installation and commissioning

This is to certify that the Solutions as detailed below has/have been successfully installed

and commissioned (subject to remarks in Para No. 2) in accordance with the

Contract/specifications.

a) PO No._________________ dated _________________________

b) Description of the Solution _______________________________

c) Quantity ____________________________________________ _

d) Date of installation______________________________________

e) Date of acceptance test __________________________________

f) Date of commissioning ___________________________________

e) Details of specifications of Solutions not yet commissioned and recoveries to be

made on that account:

f) S. No. Description Amount to be recovere3. The

installation and commissioning have been done to our entire satisfaction and staff

have been trained to operate the Solutions4. Service Provider has

fulfilled his contractual obligations satisfactorily


&



or

Service Provider has failed to fulfil his contractual obligations with regard to the

following:

(a)

(b)

g) (c5. The amount of recovery on account of non-supply of

Solutions/Services is given under Para No. 2 above.

Signature _______________________

Name _______________________

Designation with stamp __________________

______________________________________


&



Appendix-J

Liquidated Damages and Penalties

Table of Liquidated Damages (LD):

S.

No. Description

Timelines

(from the

date of

issuance

of

PO/LoI)

LD penalties (in %)

1

Provisioning of (a) onsite Program

Manager, (b) onsite team of

technical resources from the

selected NI (10) and the OEM, (c)

Escalation Matrix

7 days

0.5% of the total Quarterly

Operating Cost for delay of

each day or part thereof

maximum up to 5% of total

Quarterly Operating Cost.

2

Submission of complete Solution

design and implementation

approach document.

30 days






3

Hardware Delivery (including all

the components NOC-1, NOC-2,

NPMD and LMS) at the site of

installation.

60 days

0.5% of the total Hardware

Cost (including warranty cost)

for delay of each week or part

thereof maximum up to 5% of

total Hardware Cost

(including warranty cost).

4

Stages:

➢ Stage 1: 25 % of proposed team

strength (excluding NOC-2

strength) within 45 days from

the date of issuance of LoI/PO

➢ Stage 2: 50 % of proposed team




➢ Stage 3: 75% of proposed team




➢ Stage 4: 100% of proposed

team strength (excluding NOC-

2 strength) within 90 days from


➢ Stage 5: 100% of proposed

team strength for NOC-2 after






The penalty will be applicable

for each stage separately.


&



150 days to 180 days from the

date of issuance of LoI/PO

5


Commissioning &

Operationalization of the NOC-1

and its UAT.

150 days


(including warranty cost) of

NOC-1 and its UAT. Cost for

delay of each week or part


total Hardware (including

warranty cost) and NOC-1

and its UAT cost.

6


Commissioning &

Operationalization of the NOC-2.

180 days



NOC-2. Cost for delay of each

week or part thereof


Hardware (including warranty

cost) and NOC-2 cost.

7


Commissioning &

Operationalization of the NPMD

including customization and

integration.

150 days



NPMD solution. Cost for

delay of each week or part


total Hardware (including

warranty cost) and NPMD

Solution cost.

8


Commissioning &

Operationalization of LMS

including customization and

integration.

150 days



LMS solution. Cost for delay

of each week or part thereof


Hardware (including warranty

cost) and LMS Solution cost.

(All these LDs will run concurrently)

Operating Cost will include the following charges:

• LAN Management Cost

• Personnel Resources charges

Note: At any stage of the contract period, if it is observed that one or more solution(s) have

not been implemented as per the functional and technical specifications (defined in

Appendix-C, Appendix-E or elsewhere in this document), the selected NI shall have to


&



rectify the deficiencies at no additional cost to the Bank. However, the Bank reserves right

to return the entire Solution after recovering the cost of devices / equipment out of the

future payable amount.

Table A – Transition (Takeover):

S.

No.

Milestone SLA Terms Penalty for delay (in

INR)

1 Submission of weekly

progress report till

completion of

handover

To be submitted on the

first working day of every

week

Rs.2,00,000 per day for

delay

2 Transition completion

and complete takeover

Within 180 days from

the date of issuance

of Letter of

Intent (LoI)/Purchase

Order (PO).

Rs.5,00,000 per day for

delay

3 a) A toll-free number

and email IDs for

attending to

issues/escalations

raised by the domestic

Branches

b) A toll-free number

and email IDs for

attending to

issues/escalations

raised by

the foreign offices

c) TRAI approval

a) 3 months from date of

issuance of PO/LoI

v. 3 months

from date

of issuance

of PO/LoI

c) Within 150 days from

date of issuance of

PO/LoI

a) Rs. 2,00,000/-

per week of delay

w. Rs.

2,00,000/-

per week of delay) Rs.

2,00,000/-

per week of delay

4 Survey of existing

branches/offices/Data

Centers

Within 6 months from the

date of sharing the list

➢ Rs.10,000 per

branch/office for

delay for each week

➢ Rs 50,000 per Data

Center for delay for

each week

5 Submission of all

Standard Operating

Procedures (SOPs)

related to all

services/operations.

Within 150 days from

date of issuance of

PO/LoI

Rs. 5000/- per SOP per

week of delay or part

thereof

Table B – Network Operations Center (NOC)

S.

No.

Milestone SLA Terms Penalty for delay (in

INR)


&



1 Helpdesk response

time (monthly basis):

x. Average

call not

responded/

technically

dropped

rate should

be < 3%

y. Average

call

waiting

time

should be

<15

seconds

c. Average speed of

answer the call <8

seconds.

For the corresponding

month of breach:

z. Rs. 10,000

per

percentage

or part

thereof.

aa. Rs. 10,000

for each

additional

5 seconds

slot or part

thereof.

c. Rs. 10,000 for each

additional 5 seconds slot

or part thereof.

2 Ticket Handling Creation and Assignment

of the ticket/incident,

including engineer

assignment

➢ Issue reported over

SMS/Mail/App/Web:

automatic ticket and /

or;

➢ Issue reported over

call: 5 minutes after

end of the call

Rs.1,000 per instance for

delay of each 5 minutes or

part thereof.

3 NOC premises and

processes

Certifications

ISO 27001:2013,

ISO9001:2015 & within

365 days from date of

issuance of PO/LoI.

Rs.10,000/- per week or

part thereof per certificate

4 Automation of NOC ➢ 10% of the services to

be automated by end

of first year

➢ 30% of the services to

be automated by end

of second year

➢ 50% of the services to

be automated by end

of third year

10% of the quarterly

payment

Table C – Resource Availability (Leave/Replacement management)


&



S.

No.

Expected output SLA Terms Penalty in Rs.

1 Shortage of resources on a daily

basis

As per requirement

specified in Appendix-

Q

One and a half times

per day discovered

rate of respective

category per

resource.

Table D - Site Survey, LAN Implementation & Its Management

Category Frequency Activities involved SLA Terms Penalty

Data

Centers

Monthly Health check-up &

cleaning of all

devices,

repair/replacement

of faulty devices,

verification of

adherence to best

practices

Report to be

submitted in the

first week of the

following month.

Rs.1,00,000 per

month per

defaulting Data

Center

Branches/

offices in

India

Quarterly Preventive

Maintenance

Report to be

submitted in the

first week of the

following quarter.

Rs.10,000 per

month per branch

/ office for delay

Foreign

Offices

On need

basis

As advised by the

Bank.

Within a week of

the visit.

Rs.10,000 per

month per branch

for delay

Branches/

offices

- Completion of site

survey for 5000

critical branches

Six-months Rs.10,000 per day

for delay

Table E - Communication Link Management

E.1. Link failure leading to isolation of locations:

Location Quarterly

Uptime

Requirement

(%)

SLA Terms Penalty (in INR) per

incident

Data Center 99.999 Response time

= 1 minute

Downtime from 1 to 5

min - Rs.5000/-.

Downtime beyond 5 min -

Rs. 5000/- for every 1

minutes or part thereof.

GITC and its annex

buildings, State Bank

Bhavan and annex

building, LHOs and

99.995 Response time

= 2 minutes


min - Rs.5000/-.


&



Foreign

Offices/branches

Downtime beyond 10 min

- Rs. 5000/- for every 1


Critical

Branches/offices

99.99 (during

7 am to 9 pm)

Response time

= 5 minutes


min - Rs.2000/-




Other than Rural

branches/offices

99.9 (during 7

am to 9 pm)

Response time

= 10 minutes


min - Rs.1000/-




Rural

Branches/Offices

99.9 (during 7

am to 9 pm)

Response time

= 10 minutes


min - Rs.1000/-




Note: For the branches/offices categorized under Critical, Other than Rural and

Rural, the penalty calculation will be based on working days.

E.2. Link Failure not leading to isolation:

Location Quarterly

Uptime

Requirement

(%)

SLA Terms Penalty (in INR) per

incident

Data Center 99.999 Response time

= 1 minute


min - Rs.2500/-.

Downtime beyond 5 min -

Rs. 2500/- for every 1


GITC and its annex

buildings, State Bank

Bhavan and annex

building, LHOs and

Foreign

Offices/branches

99.995 Response time

= 2 minutes,

Cumulative

Resolution time

= 6 mins 30

seconds


min - Rs.2500/-.




Critical Branches 99.99 (during

7 am to 9 pm)

Response time

= 5 minutes,

Cumulative

Resolution time

= 13 minutes 6

seconds


min - Rs.1000/-





&



Other than Rural

branches/offices

99.9 (7 am to

9 pm)

Response time

= 5 minutes,

Cumulative

Resolution time

= 120 minutes


min - Rs.500/-




Rural

Branches/Offices

99.86 (7 am to

9 pm)

Response time

= 5 minutes,

Cumulative

Resolution time

= 180 minutes


min - Rs.500/-




Note: The NI to ensure seamless 24*7 connectivity. However, the business hours for the

purpose of SLA every day on all working days:

• All domestic branches/ offices: 7 AM to 9 PM.

• Foreign Offices it will be 24x7.

E.3. Commissioning, Shifting and Deployment of Links for new / Existing Branches

S. No. Milestone SLA Terms Penalty for delay

(in INR)

1 Commissioning of new

Link / Shifting of

existing links for

branches

2 weeks for BSNL / MTNL

links

6 weeks for ASP links

Rs.10,000 for each

week and part

thereof per link

2 Commissioning of new

Link / Shifting of

existing links for

administrative offices

and other location


links


Rs.20,000 for each

week and part

thereof per link

3 Deployment of new

Link / Shifting of

existing links in

database


links


Rs.20,000 for each

week and part

thereof per link

4 Deployment of new

Link / Shifting of

existing links for

monitoring

3 days for all links Rs.20,000 for each

week and part

thereof per link

5 Delay in the

surrendering of the links

4 weeks Rs.10,000 for each

week and part

thereof per link

6 Delay in upgradation of

links

2 weeks Rs.10,000 for each

week and part

thereof per link

Table F: Network Performance Parameters:


&



Failure to implement and annual review QOS within 2

weeks after Bank’s communication

Rs.10,00,000 per instance

Failure to provide a Performance Optimization Assessment

Report and its implementation in June and December each

year.

Rs.25,000/- per breach

Table G - Device Management

S.

No.

SLA Terms Penalty per incident (in INR)

1

Data Center

Failure of set of Devices

(Hardware/Software component)

within a given Data Center leading

to the disruption of any services

performed by the said devices.

➢ Restored within 10 minutes from the

incident: Rs.1,00,000





➢ Restored beyond 60 minutes from the

incident Rs.10,00,000 per hour or part

thereof

2 GITC and its annex buildings,

State Bank Bhavan and annex

building, LHOs and Foreign

Offices/branches

Failure of Devices


within a given location leading to

the disruption of any services



incident: Rs.50,000




incident Rs.2,00,000 per hour or part

thereof

3 Critical Branches

Failure of Devices






incident: Rs.20,000


incident: Rs.50,000


incident Rs.50,000 per hour or part

thereof

4 Other than Rural

branches/offices


incident: Rs.10,000


incident: Rs.25,000


&



Failure of Devices







thereof

5 Rural Branches/Offices

Failure of Devices






incident: Rs.5,000


incident: Rs.15,000



thereof

Note: SLA requirement for devices deployed in HA shall be 100% uptime.

Table H - Configuration Management (including device shifting wherever applicable)

Table H.1

Parameter Timelines

Penalty in INR

Configuration backup of all

devices at both NOC-1 and

NOC-2

As and when there is a

change in configuration

and additionally complete

backup for all devices on a

monthly basis

(configuration backup for

at least last 3 months to be

retained)

➢ Rs.10,000 for Data

Centre devices for each

day for the delay

➢ Rs.1,000 for branches

and other offices for

each day for the delay.

Delay in allocation of IP

address

T+1 Rs.10,000 for each instance

IP Address Management Any IP conflict situation

reported due to wrong IP

allocated by selected NI

Rs.10,000 for each instance

Delay in Firewall Rule

Implementation.

T+2 Rs.10,000 per firewall rule

implementation request.

Misconfiguration of

network devices affecting

the availability of services

Rs.10,000 for each instance

Table H.2: Patch management, Hardening of Devices as per SCDs

S.

No.

Parameter SLA Terms Penalty in

INR


&



1 The security features like

firmware upgradation and

hardening of devices

related to all devices must

be done.

a) Within One week from release

date for noncritical

b) Within 24 hours from release date

for critical

c) For SCDs, TAT will be T+2 days

from the approved date

INR 10,000

per day

beyond TAT

2 Implementation of

Patches from its release

Critical: beyond 48 hours 10,000 per

hour

High: beyond 72 hours 5,000 per

hour

Medium: beyond 7 days 5,000 per

day

Low: beyond 30 days 5,000 per

day

Table I - Fault Management

Milestone SLA Terms Penalty for delay

(in INR)

Creation of

Knowledgebase

Knowledgebase should be created for each

incident, along with RCA. The knowledgebase

shall be updated with the details of the incident

within a week of final RCA submission.

Rs.10,000 per week

for the delay or part

thereof from the

date of incident

Table J – Performance Management

Milestone SLA Target Penalties

Performance

and capacity

Any degradation in performance of any

application on account of issue related to

performance or capacity of network up to 5

minutes.

Rs.10,000 for every 5

minutes per instance or part

thereof beyond initial 5

minutes.

Performance

optimization

Identification, documentation and

optimization in the area of day to day

network operation at every 6 months

interval.

Rs.1,00,000 per month for

the delay or part thereof.

Table K – Training:

S.

No.

Milestone SLA

Terms

Penalty for delay (in INR)

1 Basic Training to LHOs, and other

administrative offices.

Half-

yearly

Rs.10,000 per month for the

delay as per calendar year.

2 Advanced training and certification

to Bank’s designated in-house team

from date of issuance of PO/LOI

Within

2.5 years

Rs.10,00,000 per month for

the delay.


&



Table L – Submission of incidents and RCA:

SLA Terms Penalty

Delay in submission in incident report

beyond one hour of closure of the incident

Rs. 5000 per hour

Delay in submission of RCA beyond three

days of the incident

Rs. 5000 per day

Submission of report which include steps

taken to resolve issues during the IBCE and

its preventive actions in future IBCEs.

Beyond one week of completion of IBCE

Rs. 5000 per week or part thereof.

Table M – Audit/VAPT observation:

S.

No.

Milestone SLA Terms Penalty

1 NI shall provide information / documents

desired by branches / offices / Foreign Offices /

Auditors / Regulators etc.

Within 2

working days

Rs. 10,000 per

day

2 NI shall provide inputs on the audit report

recommendations

a) IS Audit

b) SSAE16

c) Management Audit

d) The Monetary Authority of Singapore

(MAS) Audit

e) RBI

f) Overseas Regulators

g) For any other audit

1 week Rs. 10,000 per

day

3 NI shall provide inputs on the audit report

recommendations for Network Security Review

Audit

30 days Rs. 10,000 per

day

4 Delay in closure of Audit observations:

Critical:

High:

Medium:

Low:

Penalty (per unique observation) for low has

been mentioned in column 4. Medium will be

twice the penalty mentioned for low, medium

will be 3 times and critical will be 4 times.

Up to 2 day 2,000 per day

2 to 5 days 5,000 per day

6 days to 10

days

10,000/- per

day

after 10 days 20,000 for each

week or part

thereof

Table N – Dashboard and Reporting:


&



Delay in providing the dashboard (“desktop” and “mobile”) as per the features specified

in this RFP, shall attract penalty as described below:

SLA Penalty

150 days from the date of LOI/PO Nil/-

Beyond 90 days from the date of LOI/PO Rs.5,00,000/- per week or part

thereof

Table O: Non-submission of reports at different levels:

S.

No.

Milestone SLA Target Penalty

1 Daily Report By 12:00 noon next

day

Rs.10,000 per hour or part thereof

2 Weekly

Report

By next working day Rs.10,000 per day

3 Monthly

Report

By 5th of following

month

Rs.50,000 per day

4 Quarterly

Report

By 5th of following

month

Rs.50,000 per day

5 Half-yearly

Report

By 5th of following

month

Rs.50,000 per day

6 Yearly Report By 5th of following

month

Rs.50,000 per day

Table P: SLA for Category-1 solutions:

P.1 Uptime requirement

Sr. No. Description Penalty for the breach

1 Uptime of the solution is 100% and for

each instance is 99.9% on a monthly

basis. Scheduled downtime (Only, If

approved by bank) will not be reckoned

for downtime calculation. Uptime of the

solution means no disruption or

degradation in service even if some

instance/site is down/not working.

As per the table titled

“UPTIME PENALTY” for the

incidents as given below.

2 Fixing the security vulnerabilities, taking

prompt action on the advisories sent by

the Bank's Security Consultant or by the

Bank officials within three working days.

Rs.5, 000/- per day after due

date.

P.2 Uptime penalty

Sr. No. Uptime


&



(Solution-combined for both

sites i.e. DC DR)

Penalty

1 100% or If uptime is <100% and

up to 99.99%

Nil

2 If uptime is <99.99% and up to

99.5%

Rs. 1,00,000/-


99.0%

Rs. 2,00,000/-


98.00%

Rs. 5, 00,000/- + Rs. 50,000/- for

every additional downtime of 0.5%.

Bank may also forfeit the PBG and/or

terminate the contract and/or take any

other suitable action.

5. Disruption on any application

service due to DNS/NTP Issue.

Rs. 20,000 per application for every

30 minutes of downtime

P.3 Service SLA (other than above components) for Proxy Solution

Severity Level-1

Respon

se

Level-2

Respons

e

Level-3

Response

Status

Update Severity

Level

Description Max

Resolution

Time

S-1:

Critical

At central or

any given FO

location:

Business has

stopped-i.e.

Internet is

inaccessible

by the users.

However,

ISPlinks are

up &

functional.

30 Min Immedi

ate

Immedia

te

15 min Continuou

s

Phone

Bridge

S-1:

Critical

Production

impact for an

application

due to internet

access issue

using proxy

caused due to

human or

technical

mistakes.

However, the

other

30 Min Immedi

ate

Immedia

te

15 min Continuou

s

Phone

Bridge


&



applications

are working

as expected

with no

impact or

issues.

S-2:

Serious

Any fault in

the solution

resulting in

the

degradation or

unavailability

of services

(such as slow

Internet

access,

disabling of

one or more

services

temporarily

etc.).

1 Hour Immedi

ate

Immedia

te

30 min 30 Min

updates

over

phone &

Email

S-3:

Import

ant

User account

creation/deleti

on

/modification

and other

product

features such

as reporting,

real time

monitoring,

policy

management

etc. are not

functioning.

4 Hours Immedi

ate

Immedia

te

2 Hours Hourly

updates

over

phone &

emails

S-4:

Non-

critical

This shall

include any

other fault not

covered by

S1, S2 and S3

and shall be

informed by

the Bank to

the Bidder.

24 Hours Immedi

ate

Immedia

te

12 Hours Emails


&



Severity Level Time Ranges for restoration of

service/ resolution of problem

Per incident penalties

S-1: Critical

<=30 min NIL

>30 Min-1 hr Rs.50,000/-

>1 hr-6 hrs Rs.1,00,000/-

After 6 hrs, every delay of 1 hrs Rs. 2,00,000/-

S-2: Serious

<=1 Hr NIL

>1 Hr-4Hrs Rs. 50,000/-

>4 Hrs-12 Hrs Rs. 75,000/-

After 12 hrs, every delay of 1 hr Rs. 1,00,000/-

S-3: Important

<= 4 hrs NIL

>4 Hrs to 12 Hrs RS. 25,000/-

>12 Hrs-24 Hrs Rs.50,000/-

After 24 Hrs, Every delay of 1 Hr Rs. 75,000/-

S-4: Non-critical

<=24 hrs NIL

>24 hrs to 48 hrs Rs. 10,000/-

>48 hrs to 72 hrs Rs. 20,000/-

After 72 hrs, every delay of 2hrs Rs. 30,000/-

Note:

Bank will impose a maximum penalty of 20% of the overall quarterly charges

payable to the selected NI.


&



Appendix-K

Service Level Agreement

BETWEEN

STATE BANK OF INDIA

AND

___________________

Commencement Date:

Date of Expiry:


&



Table of Contents

1. DEFINITIONS & INTERPRETATION ........................................................ 235

2. SCOPE OF WORK .......................................................................................... 239

3. FEES /COMPENSATION ............................................................................... 239

4. LIABILITIES/OBLIGATION ........................................................................ 243

5. REPRESENTATIONS &WARRANTIES ..................................................... 244

6. GENERAL INDEMNITY ................................................................................ 246

7. CONTINGENCY PLANS ................................................................................ 247

8. TRANSITION REQUIREMENT .................................................................. 247

9. LIQUIDATED DAMAGES ............................................................................. 248

10. RELATIONSHIP BETWEEN THE PARTIES ......................................... 248

11. SUB CONTRACTING ................................................................................. 249

12. INTELLECTUAL PROPERTY RIGHTS ................................................. 249

13. INSTALLATION .......................................................................................... 251

14. INSPECTION AND AUDIT ........................................................................ 251

15. CONFIDENTIALITY .................................................................................. 252

16. OWNERSHIP ................................................................................................ 255

16---- SOURCE CODE ESCROW AGREEMENT .............................................. 257

17. TERMINATION ........................................................................................... 258

18. DISPUTE REDRESSAL MACHANISM & GOVERNING LAW .......... 260

19. POWERS TO VARY OR OMIT WORK................................................... 261

20. WAIVER OF RIGHTS ............................................................................... 262

21. LIMITATION OF LIABILITY .................................................................. 262

22. FORCE MAJEURE ...................................................................................... 263

23. NOTICES ...................................................................................................... 264

24. GENERAL TERMS & CONDITIONS ...................................................... 265

ANNEXURE-A ......................................................................................................... 268

ANNEXURE-B ......................................................................................................... 272

ANNEXURE-C ......................................................................................................... 274

ANNEXURE-D ......................................................................................................... 276

ANNEXURE-E ......................................................................................................... 278

ANNEXURE-F ......................................................................................................... 279

ANNEXURE G ......................................................................................................... 281


&



This agreement (“Agreement”) is made at_________ (Place) on this __________day of

_______ 201_.

BETWEEN

State Bank of India, constituted under the State Bank of India Act, 1955 having its

Corporate Centre and Central Office at State Bank Bhavan, Madame Cama Road, Nariman

Point, Mumbai-21 and its Global IT Centre at Sector-11, CBD Belapur, Navi Mumbai-

400614 through its ______________Department,1 hereinafter referred to as “the Bank”

which expression shall, unless it be repugnant to the context or meaning thereof, be deemed

to mean and include its successors in title and assigns of the First Part:

AND

________________________2 a private/public limited company/LLP/Firm <strike off

whichever is not applicable> incorporated under the provisions of the Companies Act,

1956/ Limited Liability Partnership Act 2008/ Indian Partnership Act 1932 <strike off

whichever is not applicable>, having its registered office at ……………………………..

hereinafter referred to as “Service Provider/ Vendor”, which expression shall mean to

include its successors in title and permitted assigns of the Second Part:

WHEREAS

A. “The Bank” is carrying on business in banking in India and overseas and desirous to

avail services for ____________3, and

____________4, and

B. Service Provider in the business of providing ____________5, and has agreed to

supply __________ (Software) and/or providing the Services as mentioned in

Request for Proposal (RFP) No. ____________ dated ____________issued by the

Bank along with its clarifications/ corrigenda, referred hereinafter as a “RFP” and

same shall be part of this Agreement.

1Name & Complete Address of the Dept. 2Name & Complete Address ( REGISTERED OFFICE) of Service Provider, 3Purpose of the Agreement 4Any other connected purpose or details of RFP floated by the Bank 5Brief mentioning of service providers experience in providing the services required by the Bank.


&



NOW THEREFORE, in consideration of the mutual covenants, undertakings and

conditions set forth below, and for other valid consideration the acceptability and

sufficiency of which are hereby acknowledged, the Parties hereby agree to the following

terms and conditions hereinafter contained:-

1. DEFINITIONS & INTERPRETATION

1.1 Definition

Certain terms used in this Agreement are defined hereunder. Other terms used in this

Agreement are defined where they are used and have the meanings there indicated. Unless

otherwise specifically defined, those terms, acronyms and phrases in this Agreement that

are utilized in the information technology services industry or other pertinent business

context shall be interpreted in accordance with their generally understood meaning in such

industry or business context, unless the context otherwise requires/mentions, the following

definitions shall apply:

1.1.1 ‘The Bank’ shall mean the State Bank of India (including domestic branches

and foreign offices) Subsidiaries and Joint Ventures, where the Bank has

ownership of more than 50% of voting securities or the power to direct the

management and policies of such Subsidiaries and Joint Ventures. < Strike of

whichever is inapplicable>

1.1.2 “Code” shall mean computer programming code contained in the Software. If

not otherwise specified, Code shall include both Object Code and Source

Code which means programming languages, including all comments and

procedural code, and all related development documents (e.g., flow charts,

schematics, statements of principles of operations, end-user manuals,

architecture standards, and any other specifications that are used to create or

that comprise the Code). Code shall include Maintenance Modifications and

Enhancements in the Software.

1.1.3 “Confidential Information” shall have the meaning set forth in Clause 15.


&



1.1.4 “Deficiencies” shall mean defects arising from non-conformity with the

mutually agreed specifications and/or failure or non-conformity in the Scope

of Services.

1.1.5 “Documentation” will describe in detail and in a completely self-contained

manner how the user may access and use the ……………. (name of the

Software/ maintenance services) <Strike off whichever is Inapplicable>,6 such

that any reader of the Documentation can access, use and maintain all of the

functionalities of the Software, without the need for any further instructions.

‘Documentation’ includes, user manuals, installation manuals, operation

manuals, design documents, process documents, technical manuals,

functional specification, Software requirement specification, on-line

tutorials/CBTs, system configuration documents, system/database

administrative documents, debugging/diagnostics documents, test procedures,

Review Records/ Test Bug Reports/ Root Cause Analysis Report, list of all

Product components, list of all dependent/external modules and list of all

documents relating to traceability of the Product as and when applicable etc.

1.1.6 “Intellectual Property Rights” shall mean, on a worldwide basis, any and all:

(a) rights associated with works of authorship, including copyrights &moral

rights; (b) Trade Marks; (c) trade secret rights; (d) patents, designs, algorithms

and other industrial property rights; (e) other intellectual and industrial

property rights of every kind and nature, however designated, whether arising

by operation of law, contract, license or otherwise; and (f) registrations, initial

applications, renewals, extensions, continuations, divisions or reissues thereof

now or hereafter in force (including any rights in any of the foregoing).

1.1.7 “Open Source or Copyleft license” shall mean a license of a computer

program in which the source code is available to the general public for use

and/or modification from its original design.

6 Name of Software


&



1.1.8 “Project Cost” means the price payable to Service Provider over the entire

period of Agreement (i.e. Rs.___________<in words>) for the full and proper

performance of its contractual obligations.

1.1.9 “Project Documents” shall mean all the plans, drawings and specifications

used while bidding and all other documents necessary to complete all work.

1.1.10 “Request for Proposal (RFP)” shall mean RFP NO. _____________ dated

_____________ along with its clarifications/ corrigenda issued by the Bank

time to time.

1.1.11 “Revision control procedure”shall mean the procedure for management of

changes to documents, Software programs, and other collections of

information made during this engagement.

1.1.12 “Root Cause Analysis Report” shall mean a report addressing a problem or

non-conformance, in order to get to the ‘root cause’ of the problem, which

thereby assists in correcting or eliminating the cause, and prevent the problem

from recurring.

1.1.13 ‘Services’ shall mean and include the Services offered by Service Provider

more particularly described in Clause 2 of this Agreement. ‘Services’ shall

also include the implementation services, training services and maintenance

Services <Strike off whichever is Inapplicable> and other obligation of

Service Provider to be provided under this Agreement.

1.1.14 “Software” shall mean (a) the Software product(s) described in this

Agreement; (b) all maintenance, modifications and enhancements that are

provided to the Bank; (c) the Code contained in or otherwise related to each

of the foregoing; and (d) the Documentation.

1.1.15 “Test Bug Reports” shall mean a report providing the details as to the

efficiency of Software in relation with reporting and resolution of any bug.

1.2 Interpretations:


&



1.2.1 Reference to a person includes any individual, firm, body corporate,

association (whether incorporated or not) and authority or agency (whether

government, semi government or local).

1.2.2 The singular includes the plural and vice versa.

1.2.3 Reference to any gender includes each other gender.

1.2.4 The provisions of the contents table, headings, clause numbers, italics, bold

print and underlining is for ease of reference only and shall not affect the

interpretation of this Agreement.

1.2.5 The Schedules, Annexures and Appendices to this Agreement shall form part

of this Agreement.

1.2.6 A reference to any documents or agreements (and, where applicable, any of

their respective provisions) means those documents or agreements as

amended, supplemented or replaced from time to time provided they are

amended, supplemented or replaced in the manner envisaged in the relevant

documents or agreements.

1.2.7 A reference to any statute, regulation, rule or other legislative provision

includes any amendment to the statutory modification or re-enactment or,

legislative provisions substituted for, and any statutory instrument issued

under that statute, regulation, rule or other legislative provision.

1.2.8 Any agreement, notice, consent, approval, disclosure or communication under

or pursuant to this Agreement is to be in writing.

1.2.9 The terms not defined in this agreement shall be given the same meaning as

given to them in the RFP. If no such meaning is given technical words shall

be understood in technical sense in accordance with the industrial practices.

1.3 Commencement, Term & Change in Terms

1.3.1 This Agreement shall commence from its date of execution mentioned above/

be deemed to have commenced from _______ (Effective Date).


&



1.3.2 This Agreement shall be in force for a period of ______ year(s) from Effective

Date, unless terminated by the Bank by notice in writing in accordance with

the termination clauses of this Agreement.

1.3.3 The Bank shall have the right at its discretion to renew this Agreement in

writing, for a further term of _____ years on the mutually agreed terms &

conditions.

1.3.4 Either Party can propose changes to the scope, nature or time schedule of

services being performed under this Service Level Agreement. Such changes

can be made upon mutually accepted terms & conditions maintaining the spirit

(Purpose) of this Service Level Agreement.

2. SCOPE OF WORK

The scope and nature of the work which Service Provider has to provide to the

Bank (Services) is described in Annexure-A.

3. FEES /COMPENSATION

3.1 Professional fees

3.1.1 Service Provider shall be paid fees and charges in the manner detailed in

hereunder, the same shall be subject to deduction of income tax thereon

wherever required under the provisions of the Income Tax Act by the Bank.

The remittance of amounts so deducted and issuance of certificate for such

deductions shall be made by the Bank as per the laws and regulations for the

time being in force. Nothing in the Agreement shall relieve Service Provider

from his responsibility to pay any tax that may be levied in India on income

and profits made by Service Provider in respect of this Agreement.

3.1.2 ______________

3.1.3 ______________

3.2 All duties and taxes (excluding7____________ or any other tax imposed by the

Government in lieu of same), if any, which may be levied, shall be borne by

Service Provider and Bank shall not be liable for the same. All expenses, stamp

duty and other charges/ expenses in connection with execution of this

7 Please determine the applicability of the taxes.


&



Agreement shall be borne by Service Provider. ___________ <insert tax

payable by the Bank> or any other tax imposed by the Government in lieu of

same shall be borne by the Bank on actual upon production of original receipt

wherever required.

3.3 Service Provider shall provide a clear description quantifying the service

element and goods element in the invoices generated by them.

3.4 Payments

3.4.1 The Bank will pay properly submitted valid invoices within reasonable

period but not exceeding 30 (thirty) days after its receipt thereof. All

payments shall be made in Indian Rupees.

3.4.2 The Bank may withhold payment of any product/services that it disputes in

good faith, and may set-off penalty amount or any other amount which

Service Provider owes to the Bank against amount payable to Service

Provider under this Agreement. However, before levying penalty or

recovery of any damages, the Bank shall provide a written notice to Service

Provider indicating the reasons for such penalty or recovery of damages.

Service Provider shall have the liberty to present its case in writing together

with documentary evidences, if any, within 21 (twenty one) days. Penalty

or damages, if any, recoverable from Service Provider shall be recovered by

the Bank through a credit note or revised invoices. In case Service Provider

fails to issue credit note/ revised invoice, the Bank shall have right to

withhold the payment or set-off penal amount from current invoices.

3.5 Payment terms for NI services and Setting up of Next Gen NOCs:

3.5.1 Payment (in Indian Rupees only) will be made strictly in accordance with

the following schedule by the Networking & Communication Department,

GITC, Belapur.

3.5.2 Payments:100% of the quarterly value of the total contract value or the

quarterly value calculable will be paid in arrears subject to execution of SLA

agreement and submission of PBG. In any case, the payment made will be

after deduction of SLA penalties, TDS, Withholding Tax. The quarter will


&



mean calendar quarter(s) and the first such payment accordingly may be for

a part of the calendar quarter.

3.5.3 No representation will be entertained for releasing ad-hoc payments, of any

nature.

3.5.4 Prices: Prices payable to the NI as stated in the Contract shall be firm and

not subject to adjustment during performance of the Contract, irrespective

of reasons whatsoever, including exchange rate fluctuations, changes in

present levied taxes, any new taxes, duties, levies, charges, etc. (other than

GST and VAT wherever applicable). In other words, the rate agreed to by

the shortlisted bidders will be non-negotiable for a period of 5 years. The

Bidder shall indicate on the bid form, the prices of the services under the

Contract in Indian National Rupee (INR). Prices indicated on the price

Schedule shall be entered separately in the following manner:

3.5.5 Price will be quoted including all costs except GST and VAT wherever

applicable which will be paid at actuals.

3.5.6 Fixed Price - A bid submitted with an adjustable price quotation will be

treated as nonresponsive and rejected.

3.5.7 The various payments will be made as per table below:

PAYMENT SCHEDULE:

Sr.

No. Category Payment Terms

1 Delivery of Hardware & Software for

NOC-1 and NOC-2, LMS and NPMD


2



LMS and NPMD


3 UAT & Production & Go Live of

NOC-1 LMS and NPMD


4



DR setup of LMS and NPMD


5 Production & Go Live of NOC-2 10% of the respective component value

6 Human/ Personnel Resources Quarterly arrear basis. Pro-rata basis as per

“cost per resource” for the respective role


&



7 Annual Maintenance Contract (AMC)

/ Annual Technical Support (ATS) Quarterly in Arrears

8 LAN Management Quarterly in Arrears

9 NOC/Network Certification charges/

Trainings & Certifications On completion of Task

10 Rate Contract for incremental items After delivery and sign off

11 Miscellaneous Recurring Charges Quarterly in arrears for the services rendered and

pro-rata wherever applicable

12 Cost for Storage (per pallet)/ Cost of

Insurance/ Courier Charges On production of relevant proofs

3.6 Bank Guarantee and Penalties

3.6.1 Service Provider shall furnish performance security in the form of Bank

Guarantee for an amount of Rs. ________ valid for a period of _____year(s)

____month(s) from a Scheduled Commercial Bank other than State Bank of

India in a format provided/ approved by the Bank.

3.6.2 The Bank Guarantee is required to protect the interest of the Bank against

delay in supply/installation and/or the risk of non-performance of Service

Provider in respect of successful implementation of the project; or

performance of the material or services sold; or breach of any terms and

conditions of the Agreement, which may warrant invoking of Bank

Guarantee.

3.6.3 If at any time during performance of the Contract, Service Provider shall

encounter unexpected conditions impeding timely completion of the

Services under the Agreement and performance of the services, Service

Provider shall promptly notify the Bank in writing of the fact of the delay,

it’s likely duration and its cause(s). As soon as practicable, after receipt of

Service Provider’s notice, the Bank shall evaluate the situation and may at

its discretion extend Service Provider’s time for performance, in which case

the extension shall be ratified by the Parties by amendment of the

Agreement.


&



3.6.4 Performance of the obligations under the Agreement shall be made by

Service Provider in accordance with the time schedule8 specified in this

Agreement.

3.6.5 Service Provider shall be liable to pay penalty at the rate mentioned in

Annexure ‘F’ in respect of any delay beyond the permitted period in

providing the Services.

3.6.6 Subject to Clause 17 of this Agreement, any unexcused delay by Service

Provider in the performance of its Contract obligations shall render this

Agreement to be terminated.

3.6.7 No penalty shall be levied in case of delay(s) in deliverables or performance

of the contract for the reasons solely and directly attributable to the Bank.

On reaching the maximum of penalties specified the Bank reserves the right

to terminate the Agreement.

4. LIABILITIES/OBLIGATION

4.1 The Bank’s Duties /Responsibility(if any)

(i) Processing and authorising invoices

(ii) Approval of Information

(iii) ____________

4.2 Service Provider Duties

(i) Service Delivery responsibilities

(a) To adhere to the service levels documented in this Agreement.

(b) Solutions provided and/or maintained by Service Provider shall be free

from OWASP Top 10 vulnerabilities (latest) during the term of

Agreement.

(c) Service provider shall ensure to filter all phishing / spamming / overflow

attacks in order to ensure availability and integrity on continuous basis.

(d) Service Provider shall without any additional cost, rectify the

vulnerabilities observed by the Bank during security review of Code. The

8 Please ensure that the time scheduled is suitably incorporated in the Agreement.


&



Code shall be comprehensively reviewed periodically by the Bank or its

authorized representative.

(e) Service Provider shall ensure that Service Provider’s personnel and its

sub-contractors (if allowed) will abide by all reasonable directives issued

by the Bank, including those set forth in the Bank’s then-current

standards, policies and procedures (to the extent applicable), all on-site

rules of behaviour, work schedules, security procedures and other

standards, policies and procedures as established by the Bank from time

to time.

(f) Service Provider agrees and declares that it shall be the sole responsibility

of Service Provider to comply with the provisions of all the applicable

laws, concerning or in relation to rendering of Services by Service

Provider as envisaged under this Agreement.

(g) ____________<the concerned dept. may add duties depending on the

nature of agreement>

(ii) Security Responsibility

(a) To maintain the confidentiality of the Bank's resources and other intellectual

property rights.

(b) ____________

5. REPRESENTATIONS &WARRANTIES

5.1 Service Provider warrants that the technical quality and performance of the

Services provided will be consistent with the mutually agreed standards.

Warranty shall be for a period of ____________ (Term) from the date of

acceptance.

5.2 Any defect found will be evaluated mutually to establish the exact cause of the

defect. Bank may have direct and separate agreement with Service Provider to

provide technical support to the Bank for related deficiencies.

5.3 Service Provider warrants that at the time of delivery the Software/Equipment

or its component is free from malware, free from any obvious bugs, and free

from any covert channels in the code (of the versions of the


&



applications/Software being delivered as well as any subsequent

versions/modifications delivered).

5.4 Service Provider represents and warrants that its personnel shall be present at

the Bank premises or any other place as the Bank may direct, only for the

Services and follow all the instructions provided by the Bank; Act diligently,

professionally and shall maintain the decorum and environment of the Bank;

Comply with all occupational, health or safety policies of the Bank.

5.5 Service Provider warrants that it shall be solely liable and responsible for

compliance of applicable Labour Laws in respect of its employee, agents,

representatives and sub-contractors (if allowed) and in particular laws relating

to terminal benefits such as pension, gratuity, provided fund, bonus or other

benefits to which they may be entitled and the laws relating to contract labour,

minimum wages, etc., and the Bank shall have no liability in this regard.

5.6 Each Party represents and warrants that it has all requisite power and

authorization to enter into and perform this Agreement and that nothing

contained herein or required in the performance hereof conflict or will conflict

with or give rise to a breach or default under, or permit any person or entity to

terminate, any contract or instrument to which the party is bound.

5.7 Service Provider warrants that it has full right, title and interest in and to all

software, copyrights, trade names, trademarks, service marks, logos symbols

and other proprietary marks (collectively ‘IPR’) owned by it (including

appropriate limited right of use of those owned by any of its vendors, affiliates

or subcontractors) which it provides to the Bank, for use related to the Services

to be provided under this Agreement.

5.8 Service Provider shall perform the Services and carry out its obligations under

the Agreement with due diligence, efficiency and economy, in accordance with

generally accepted techniques and practices used in the industry and with

professional standards recognized by international professional bodies and

shall observe sound management practices. It shall employ appropriate

advanced technology and safe and effective equipment, machinery, material

and methods.


&



5.9 Service Provider has the requisite technical and other competence, sufficient,

suitable, qualified and experienced manpower/personnel and expertise in

providing the Services to the Bank.

5.10 Service Provider shall duly intimate to the Bank immediately, the changes, if

any in the constitution of Service Provider.

5.11 Service Provider warrants that to the best of its knowledge, as on the Effective

Date of this Agreement, the Software/Equipment does not violate or infringe

any patent, copyright, trademarks, trade secrets or other Intellectual Property

Rights of any third party.

5.12 Service Provider shall ensure that all persons, employees, workers and other

individuals engaged by or sub-contracted (if allowed) by Service Provider in

rendering the Services under this Agreement have undergone proper

background check, police verification and other necessary due diligence checks

to examine their antecedence and ensure their suitability for such engagement.

No person shall be engaged by Service Provider unless such person is found to

be suitable in such verification and Service Provider shall retain the records of

such verification and shall produce the same to the Bank as when requested.

5.13 During the Warranty Period if any Software/Equipment or any component

thereof is supplied by Service Provider is inoperable or suffers degraded

performance not due to causes external to the Software/Equipment, Service

provider shall, at the Bank’s request, promptly replace the Software/Equipment

or specified component with new Software/Equipment of the same type and

quality. Such replacement shall be accomplished without any adverse impact

on the Bank’s operations within agreed time frame.

5.14 ____________<any other additional warranty can be incorporated>

6. GENERAL INDEMNITY

6.1 Service provider agrees and hereby keeps the Bank indemnified against all

claims, actions, loss, damages, costs, expenses, charges, including legal

expenses (Attorney, Advocates fees included) which the Bank may suffer or

incur on account of (i) Service Provider’s breach of its warranties, covenants,

responsibilities or obligations; or (ii) breach of confidentiality obligations


&



mentioned in this Agreement; or (iii) any wilful misconduct and gross negligent

acts on the part of employees, agents, representatives or sub-contractors (if

allowed) of Service Provider. Service provider agrees to make good the loss

suffered by the Bank.

6.2 Service provider hereby undertakes the responsibility to take all possible

measures, at no cost, to avoid or rectify any issues which thereby results in non-

performance of Software/Equipment within reasonable time. The Bank shall

report as far as possible all material defects to Service provider without undue

delay. Service provider also undertakes to co-operate with other service

providers thereby ensuring expected performance covered under scope of work.

7. CONTINGENCY PLANS

Service provider shall arrange and ensure proper data recovery mechanism,

attrition plan and other contingency plans to meet any unexpected obstruction to

Service Provider or any employees or sub-contractors (if allowed) of Service

Provider in rendering the Services or any part of the same under this Agreement

to the Bank. Service Provider at Banks discretion shall co-operate with the Bank

in case on any contingency.

8. TRANSITION REQUIREMENT

In the event of failure of Service Provider to render the Services or in the event of

termination of Agreement or expiry of term or otherwise, without prejudice to any

other right, the Bank at its sole discretion may make alternate arrangement for getting

the Services contracted with another vendor. In such case, the Bank shall give prior

notice to the existing Service Provider. The existing Service Provider shall continue

to provide services as per the terms of the Agreement until a ‘New Service Provider’

completely takes over the work. During the transition phase, the existing Service

Provider shall render all reasonable assistance to the new Service Provider within

such period prescribed by the Bank, at no extra cost to the Bank, for ensuring smooth

switch over and continuity of Services, provided where transition services are

required by the Bank or New Service Provider beyond the term of this Agreement,

reasons for which are not attributable to Service Provider, payment shall be made to


&



Service Provider for such additional period on the same rates and payment terms as

specified in this Agreement. If existing vendor is breach of this obligation, they shall

be liable for paying a penalty of Rs.___________ on demand to the Bank, which

may be settled from the payment of invoices or Bank guarantee for the contracted

period. Transition & Knowledge Transfer plan is mentioned in Annexure G.

9. LIQUIDATED DAMAGES

If Service Provider fails to deliver product and/or perform any or all the Services

within the stipulated time, schedule as specified in this Agreement, the Bank may,

without prejudice to its other remedies under the Agreement, and unless otherwise

extension of time is agreed upon without the application of liquidated damages,

deduct from the Project Cost, as liquidated damages as specified in Annexure-F.

Once the maximum deduction is reached, the Bank may consider termination of the

Agreement.

10. RELATIONSHIP BETWEEN THE PARTIES

10.1 It is specifically agreed that Service Provider shall act as independent service

provider and shall not be deemed to be the Agent of the Bank except in respect

of the transactions/services which give rise to Principal - Agent relationship by

express agreement between the Parties.

10.2 Neither Service Provider nor its employees, agents, representatives, Sub-

Contractors shall hold out or represent as agents of the Bank.

10.3 None of the employees, representatives or agents of Service Provider shall be

entitled to claim any absorption or any other claim or benefit against the Bank.

10.4 This Agreement shall not be construed as joint venture. Each Party shall be

responsible for all its obligations towards its respective employees. No

employee of any of the two Parties shall claim to be employee of other Party.

10.5 All the obligations towards the employee(s) of a Party on account of personal

accidents while working in the premises of the other Party shall remain with

the respective employer and not on the Party in whose premises the accident

occurred unless such accidents occurred due to gross negligent act of the Party

in whose premises the accident occurred.


&



10.6 For redressal of complaints of sexual harassment at workplace, Parties agree to

comply with the policy framed by the Bank (including any amendment thereto)

in pursuant to the Sexual Harassment of Women at Workplace (Prevention,

Prohibition and Redressal) Act, 2013 including any amendment thereto.

11. SUB CONTRACTING

As per the scope of this Agreement sub-contracting is not permitted.

12. INTELLECTUAL PROPERTY RIGHTS

12.1 For any technology / Software / Solution developed/used/supplied by Service

provider for performing Services or licensing and implementing Software and

Solution for the Bank as part of this Agreement, Service Provider shall have

right to use as well right to license for the outsourced services or third party

product. The Bank shall not be liable for any license or IPR violation on the

part of Service Provider.

12.2 Without the Bank’s prior written approval, Service provider will not, in

performing the Services, use or incorporate, link to or call or depend in any way

upon, any Software or other intellectual property that is subject to an Open

Source or Copy-left license or any other agreement that may give rise to any

third-party claims or to limit the Bank’s rights under this Agreement.

12.3 Subject to clause 12.4 and 12.5 of this Agreement, Service Provider shall, at its

own expenses without any limitation, indemnify and keep fully and effectively

indemnified the Bank against all cost, claims, damages, demands, expenses and

liabilities whatsoever nature arising out of or in connection with all claims of

infringement of Intellectual Property Right, including patent, trademark,

copyright, trade secret or industrial design rights of any third party arising from

use of the technology / Software/Equipment or any part thereof in India or

abroad, for Equipment supplied/Software licensed/developed as part of this

engagement. In case of violation/ infringement of patent/ trademark/ copyright/

trade secret or industrial design or any other Intellectual Property Right of third

party, Service Provider shall, after due inspection and testing, without any


&



additional cost (a) procure for the Bank the right to continue to using the

Software/Equipment supplied; or (b) replace or modify the

Software/Equipment to make it non-infringing so long as the replacement to or

modification of Software provide substantially equivalent functional,

performance and operational features as the infringing Software/Equipment

which is being replaced or modified; or (c) to the extent that the activities under

clauses (a) and (b) above are not commercially reasonable, refund to the Bank

all amounts paid by the Bank to Service Provider under this Agreement.

12.4 The Bank will give (a) notice to Service provider of any such claim without

delay/provide reasonable assistance to Service provider in disposing of the

claim; (b) sole authority to defend and settle such claim and; (c) will at no time

admit to any liability for or express any intent to settle the claim provided that

(i) Service Provider shall not partially settle any such claim without the written

consent of the Bank, unless such settlement releases the Bank fully from such

claim, (ii) Service Provider shall promptly provide the Bank with copies of all

pleadings or similar documents relating to any such claim, (iii) Service Provider

shall consult with the Bank with respect to the defense and settlement of any

such claim, and (iv) in any litigation to which the Bank is also a party, the Bank

shall be entitled to be separately represented at its own expenses by counsel of

its own selection..

12.5 Service Provider shall have no obligations with respect to any infringement

claims to the extent that the infringement claim arises or results from: (i)

Service Provider’s compliance with the Bank’s specific technical designs or

instructions (except where Service Provider knew or should have known that

such compliance was likely to result in an Infringement Claim and Service

Provider did not inform the Bank of the same); (ii) any unauthorized

modification or alteration of the Software/Equipment by the Bank; or (iii)

failure to implement an update to the licensed Software that would have

avoided the infringement, provided Service Provider has notified the Bank in

writing that use of the update would have avoided the claim.

12.6 Service provider hereby grants the Bank a fully paid-up, irrevocable, unlimited,

perpetual, non-exclusive/exclusive license throughout the territory of India or


&



abroad to access, replicate, modify and use Software licensed/developed

including its upgraded versions available during the term of this Agreement by

Service provider as part of this engagement, including all inventions, designs

and trademarks embodied therein perpetually.

12.7 Software licensed/developed as part of this Agreement can be put to use in all

offices of the Bank.

13. INSTALLATION

Service provider will install the software/support the Bank in installation of the

Software developed into the Bank’s production, disaster recovery, testing and

training environment, if required.

14. INSPECTION AND AUDIT

14.1 It is agreed by and between the parties that Service Provider shall be subject to

annual audit by internal/external Auditors appointed by the Bank/ inspecting

official from the Reserve Bank of India or any regulatory authority, covering

the risk parameters finalized by the Bank/ such auditors in the areas of products

(IT Equipment / Software) and services etc. provided to the Bank and Service

Provider shall submit such certification by such Auditors to the Bank. Service

Provider and or his / their outsourced agents /sub – contractors (if allowed by

the Bank) shall facilitate the same. The Bank can make its expert assessment

on the efficiency and effectiveness of the security, control, risk management,

governance system and process created by Service Provider. Service Provider

shall, whenever required by such Auditors, furnish all relevant information,

records/data to them. All costs for such audit shall be borne by the Bank. Except

for the audit done by Reserve Bank of India or any statutory/regulatory

authority, the Bank shall provide reasonable notice not less than 7 (seven) days

to Service Provider before such audit and same shall be conducted during

normal business hours.

14.2 Where any Deficiency has been observed during audit of Service Provider on

the risk parameters finalized by the Bank or in the certification submitted by

the Auditors, it is agreed upon by Service Provider that it shall correct/ resolve


&



the same at the earliest and shall provide all necessary documents related to

resolution thereof and the auditor shall further certify in respect of resolution

of the Deficiencies. It is also agreed that Service Provider shall provide

certification of the auditor to the Bank regarding compliance of the

observations made by the auditors covering the respective risk parameters

against which such Deficiencies observed.

14.3 Service Provider further agrees that whenever required by the Bank, it will

furnish all relevant information, records/data to such auditors and/or inspecting

officials of the Bank/ Reserve Bank of India and/or any regulatory authority

(ies). The Bank reserves the right to call for and/or retain any relevant

information/ audit reports on financial and security review with their findings

undertaken by Service Provider. However, Service Provider shall not be

obligated to provide records/data not related to Services under the Agreement

(e.g. internal cost break-ups etc.).

15. CONFIDENTIALITY

15.1 “Confidential Information” mean all information which is material to the

business operations of either party or its affiliated companies, designated as

being confidential or which, under the circumstances surrounding disclosure

out to be treated as confidential, in any form including, but not limited to,

proprietary information and trade secrets, whether or not protected under any

patent, copy right or other intellectual property laws, in any oral, photographic

or electronic form, whether contained on computer hard disks or floppy

diskettes or otherwise without any limitation whatsoever. Without prejudice to

the generality of the foregoing, the Confidential Information shall include all

information about the party and its customers, costing and technical data,

studies, consultants reports, financial information, computer models and

programs, Software Code, contracts, drawings, blue prints, specifications,

operating techniques, processes, models, diagrams, data sheets, reports and

other information with respect to any of the foregoing matters. All and every


&



information received by the parties and marked confidential hereto shall be

assumed to be confidential information unless otherwise proved. It is further

agreed that the information relating to the Bank and its customers is deemed

confidential whether marked confidential or not.

15.2 All information relating to the accounts of the Bank’s customers shall be

confidential information, whether labeled as such or otherwise.

15.3 All information relating to the infrastructure and Applications (including

designs and processes) shall be deemed to be Confidential Information whether

labeled as such or not. Service provider personnel/resources responsible for the

project are expected to take care that their representatives, where necessary,

have executed a Non-Disclosure Agreement to comply with the confidential

obligations under this Agreement.

15.4 Each party agrees that it will not disclose any Confidential Information received

from the other to any third parties under any circumstances without the prior

written consent of the other party unless such disclosure of Confidential

Information is required by law, legal process or any order of any government

authority. Service provider, in this connection, agrees to abide by the laws

especially applicable to confidentiality of information relating to customers of

Banks and the banks per-se, even when the disclosure is required under the law.

In such event, the Party must notify the other Party that such disclosure has

been made in accordance with law; legal process or order of a government

authority.

15.5 Each party, including its personnel, shall use the Confidential Information only

for the purposes of achieving objectives set out in this Agreement. Use of the

Confidential Information for any other purpose shall constitute breach of trust

of the same.

15.6 Each party may disclose the Confidential Information to its personnel solely

for the purpose of undertaking work directly related to the Agreement. The

extent of Confidential Information disclosed shall be strictly limited to what is

necessary for those particular personnel to perform his/her duties in connection

with the Agreement. Further each Party shall ensure that each personnel


&



representing the respective party agree to be bound by obligations of

confidentiality no less restrictive than the terms of this Agreement.

15.7 The non-disclosure obligations herein contained shall not be applicable only

under the following circumstances:

(i) Where Confidential Information comes into the public domain during

or after the date of this Agreement otherwise than by disclosure by

receiving party in breach of the terms hereof.

(ii) Where any Confidential Information was disclosed after receiving the

written consent of disclosing party.

(iii)Where receiving party is requested or required by law or by any Court

or governmental agency or authority to disclose any of the Confidential

Information, then receiving party will provide the other Party with

prompt notice of such request or requirement prior to such disclosure.

(iv) Where any Confidential Information was received by the receiving

party from a third party which does not have any obligations of

confidentiality to the other Party.

(v) Where Confidential Information is independently developed by

receiving party without any reference to or use of disclosing party’s

Confidential Information.

15.8 Receiving party undertakes to promptly notify disclosing party in writing any

breach of obligation of the Agreement by its employees or representatives

including confidentiality obligations. Receiving party acknowledges that

monetary damages may not be the only and / or a sufficient remedy for

unauthorized disclosure of Confidential Information and that disclosing party

shall be entitled, without waiving any other rights or remedies, to injunctive or

equitable relief as may be deemed proper by a Court of competent jurisdiction.

15.9 Service Provider shall not, without the Bank’s prior written consent, make use

of any document or information received from the Bank except for purposes of

performing the services and obligations under this Agreement.

15.10 Any document received from the Bank shall remain the property of the Bank

and shall be returned (in all copies) to the Bank on completion of Service

Provider’s performance under the Agreement.


&



15.11 Upon expiration or termination of the Agreement, all the Bank’s proprietary

documents, customized programs partially or wholly completed and associated

documentation, or the Bank’s materials which are directly related to any project

under the Agreement shall be delivered to the Bank or at the Bank’s written

instruction destroyed, and no copies shall be retained Service provider without

the Bank’s written consent.

15.12 The foregoing obligations (collectively referred to as “Confidentiality

Obligations”) set out in this Agreement shall survive the term of this Agreement

and for a period of five (5) years thereafter provided Confidentiality

Obligations with respect to individually identifiable information, customer’s

data of Parties or Software in human-readable form (e.g., source code) shall

survive in perpetuity.

16. OWNERSHIP

16.1 Service Provider will provide Source Code for every version of Software

customized/developed specifically for the Bank, without any cost to the Bank,

and it will be treated as the property of the Bank.

16.2 The Source Code /Object Code /executable code and compilation procedures

of the Solutions made under this Agreement are the proprietary property of the

Bank and as such Service provider shall make them available to the Bank after

successful User Acceptance Testing.

16.3 Service Provider agrees that the Bank owns the entire right, title and interest to

any inventions, designs, discoveries, writings and works of authorship,

including all Intellectual Property Rights, copyrights. Any work made under

this Agreement shall be deemed to be ‘work made for hire’ under any

Indian/U.S. or any other applicable copyright laws.

16.4 Service Provider shall ensure proper change management process covering

impact assessment, requirement and Solution documents detailing changes

made to the Software for any work order, in addition to enabling the

programmers identify and track the changes made to the source code. The

Source Code will be delivered in appropriate version control tool maintained at

the Bank’s on site location.


&



16.5 Service Provider shall adhere to revision control procedure of the Bank to

maintain required documentation and configuration files as well as Source

Code. Necessary backup and restoration of the revision control Software related

information will be handled by the service team as per the approved backup

policy of the Bank.

16.6 For each application developed by Service Provider on Software, including

third party Software before the platform become operational, Service Provider

shall deliver all documents to the Bank, which include coding standards, user

manuals, installation manuals, operation manuals, design documents, process

documents, technical manuals, and other documents, if any, as per work order.

16.7 Service Provider shall also provide documents related to Review Records/ Test

Bug Reports/ Root Cause Analysis Report, details and documentation of all

product components, details and documentation of all dependent/ external

modules and all documents relating to traceability of the Software supplied/

customized under this Agreement before its production release.

16.8 All Software programs supplied/developed, program documentation, system

documentation and testing methodologies along with all other information and

documents (other than tools being proprietary to Service Provider) and used for

customized Software development shall be the exclusive property of the Bank.

16.9 The Intellectual Property Rights on the Software Code, copyright and source

code for various applications/ interfaces developed under this Agreement, and

any other component/ framework/ middleware used/ developed as pre-built

Software assets to deliver the Solution, shall belong to the Bank and the Bank

shall have complete and unrestricted rights on such property. However, Service

Provider shall hold All Intellectual Property rights in any pre-built Software

per se, except for those which have been assigned under this Agreement.

16.10 All information processed by Service Provider during Software development/

customization, implementation& maintenance belongs to the Bank. Service

Provider shall not acquire any other right in respect of the information for the

license to the rights owned by the Bank. Service Provider will implement

mutually agreed controls to protect the information. Service Provider also

agrees that it will protect the information appropriately.


&



16---- SOURCE CODE ESCROW AGREEMENT9

16.1 Service Provider shall deposit the source code of the Software and everything

required to independently maintain the Software, to the source code escrow

account and agrees to everything mentioned in source code escrow agreement.

16.2 Service provider shall deposit the latest version of source code in escrow account

at regular intervals as mentioned in source code escrow agreement.

16.3 The Bank shall have the right to get the source code released and will receive no

opposition/hindrances from the escrow agent and Service provider under the

following conditions:-

(i) In the event wherein Service provider files a voluntary petition in

bankruptcy or insolvency or has been otherwise declared

Insolvent/Bankrupt; or

(ii) In the event wherein Service provider has declared its expressed/written

unwillingness to fulfill his contractual obligations under this Agreement;

or

(iii) Service Provider is wound up, or ordered wound up, or has a winding up

petition ordered against it, or assigns all or a substantial part of its business

or assets for the benefit of creditors, or permits the appointment of a

receiver for the whole or substantial part of its business or assets, or

otherwise ceases to conduct its business in the normal course; or

(iv) Service Provider discontinues business because of insolvency or

bankruptcy, and no successor assumes Service Provider’s Software

maintenance obligations or obligations mentioned in the Agreement; or

(v) Service Provider dissolves or ceases to function as a going concern or to

conduct its operation in the normal course of business or intends and

conveys its intention to do so; or

(vi) Any other release condition as specified in source code escrow agreement.

16.4 Service provider agrees to bear the payment of fees due to the escrow agent.

9 This agreement is to be made wherein ownership over the Software is not provided. The user

department has to delete inapplicable para from clause 16 (Ownership and Escrow Agreement).


&



16.5 The escrow agreement shall ipso-facto would get terminated on delivery of source

code to either of the parties upon the terms & conditions mentioned in source

code escrow agreement.

17. TERMINATION

17.1 The Bank may, without prejudice to any other remedy for breach of Agreement,

by written notice of not less than 30 (thirty) days, terminate the Agreement in

whole or in part:

17.1.1 If Service Provider fails to deliver any or all the obligations within the

time period specified in the Agreement, or any extension thereof

granted by the Bank;

17.1.2 If Service Provider fails to perform any other obligation(s) under the

Agreement;

17.1.3 Violations of any terms and conditions stipulated in the RFP;

17.1.4 On happening of any termination event mentioned herein above in this

Agreement.

Prior to providing a written notice of termination to Service Provider

under clause 17.1 (i) to 17.1 (iii), the Bank shall provide Service

Provider with a written notice of 30 (thirty) days to cure such breach of

the Agreement. If the breach continues or remains unrectified after

expiry of cure period, the Bank shall have right to initiate action in

accordance with above clause.

17.2 The Bank, by written notice of not less than 90 (ninety) days, may terminate

the Agreement, in whole or in part, for its convenience, provided same shall

not be invoked by the Bank before completion of half of the total Contract

period (including the notice period). In the event of termination of the

Agreement for the Bank’s convenience, Service Provider shall be entitled to

receive payment for the Services rendered (delivered) up to the effective date

of termination.

17.3 In the event the Bank terminates the Agreement in whole or in part for the

breaches attributable to Service Provider, the Bank may procure, upon such


&



terms and in such manner, as it deems appropriate, Software/Equipment or

services similar to those undelivered and subject to clause 21 Service Provider

shall be liable to the Bank for any excess costs for such similar

Software/Equipment or services. However, Service provider, in case of part

termination, shall continue the performance of the Agreement to the extent not

terminated.

17.4 The Bank shall have a right to terminate the Agreement immediately by giving

a notice in writing to Service Provider in the following eventualities:

(i) If any Receiver/Liquidator is appointed in connection with the business of

Service Provider or Service Provider transfers substantial assets in favour of

its creditors or any orders / directions are issued by any Authority / Regulator

which has the effect of suspension of the business of Service Provider.

(ii) If Service Provider applies to the Court or passes a resolution for voluntary

winding up of or any other creditor / person files a petition for winding up or

dissolution of Service Provider.

(iii) If any acts of commission or omission on the part of Service Provider or its

agents, employees, sub-contractors or representatives, in the reasonable

opinion of the Bank tantamount to fraud or prejudicial to the interest of the

Bank or its employees.

(iv) Any document, information, data or statement submitted by Service Provider

in response to RFP, based on which Service Provider was considered eligible

or successful, is found to be false, incorrect or misleading.

17.5 In the event of the termination of the Agreement Service Provider shall be liable

and responsible to return to the Bank all records, documents, data and

information including Confidential Information pertains to or relating to the

Bank in its possession.

17.6 In the event of termination of the Agreement for material breach, Bank shall

have the right to report such incident in accordance with the mandatory

reporting obligations under the applicable law or regulations.

17.7 Upon termination or expiration of this Agreement, all rights and obligations of

the Parties hereunder shall cease, except such rights and obligations as may

have accrued on the date of termination or expiration; the obligation of


&



indemnity; obligation of payment ;confidentiality obligation; Governing Law

clause; Dispute resolution clause; and any right which a Party may have under

the applicable Law.

18. DISPUTE REDRESSAL MACHANISM & GOVERNING LAW

18.1 All disputes or differences whatsoever arising between the parties out of or in

connection with this Agreement (including dispute concerning interpretation)

or in discharge of any obligation arising out of the Agreement (whether during

the progress of work or after completion of such work and whether before or

after the termination of this Agreement, abandonment or breach of this

Agreement), shall be settled amicably.

18.2 If the parties are not able to solve them amicably within 30 (thirty) days after

dispute occurs as evidenced through the first written communication from any

Party notifying the other regarding the disputes, either Party [the Bank or

Service Provider] shall give written notice to other party clearly setting out

there in, specific dispute(s) and/or difference(s), and shall be referred to a sole

arbitrator mutually agreed upon, and the award made in pursuance thereof shall

be binding on the Parties.

18.3 In the absence of consensus about the single arbitrator, the dispute may be

referred to an arbitration panel; one to be nominated by each Party and the said

arbitrators shall nominate a presiding arbitrator, before commencing the

arbitration proceedings. The arbitration shall be settled in accordance with the

applicable Indian Laws and the arbitration shall be conducted in accordance

with the Arbitration and Conciliation Act, 1996.

18.4 Service Provider shall continue work under the Agreement during the

arbitration proceedings, unless otherwise directed by the Bank or unless the

matter is such that the work cannot possibly be continued until the decision of

the arbitrator is obtained.

18.5 Arbitration proceeding shall be held at Mumbai, India, and the language of the

arbitration proceedings and that of all documents and communications between

the parties shall be in English.


&



18.6 This Agreement shall be governed by laws in force in India. Subject to the

arbitration clause above, all disputes arising out of or in relation to this

Agreement, shall be subject to the exclusive jurisdiction of the courts at

Mumbai only.

18.7 In case of any change in applicable laws that has an effect on the terms of this

Agreement, the Parties agree that the Agreement may be reviewed, and if

deemed necessary by the Parties, make necessary amendments to the

Agreement by mutual agreement in good faith, in case of disagreement

obligations mentioned in this clause shall be observed.

19. POWERS TO VARY OR OMIT WORK

19.1 No alterations, amendments, omissions, additions, suspensions or variations of

the work (hereinafter referred to as variation) under the Agreement shall be

made by Service provider except as directed in writing by Bank. The Bank shall

have full powers, subject to the provision herein after contained, from time to

time during the execution of the Agreement, by notice in writing to instruct

Service Provider to make any variation without prejudice to the Agreement.

Service Provider shall carry out such variations and be bound by the same

conditions, though the said variations occurred in the Agreement documents. If

any suggested variations would, in the opinion of Service Provider, if carried

out, prevent them from fulfilling any of their obligations under the Agreement,

they shall notify the Bank, thereof, in writing with reasons for holding such

opinion and Bank shall instruct Service Provider to make such other modified

variation without prejudice to the Agreement. Service Provider shall carry out

such variations and be bound by the same conditions, though the said variations

occurred in the Agreement documents. If Bank confirms their instructions

Service Provider’s obligations will be modified to such an extent as may be

mutually agreed. If such variation involves extra cost, any agreed difference in

cost occasioned by such variation shall be mutually agreed between the parties.

In any case in which Service Provider has received instructions from the Bank

as to the requirement of carrying out the altered or additional substituted work,

which either then or later on, will in the opinion of Service Provider, involve a


&



claim for additional payments, such additional payments shall be mutually

agreed in line with the terms and conditions of the order.

19.2 If any change in the work is likely to result in reduction in cost, the parties shall

agree in writing so as to the extent of reduction in payment to be made to

Service Provider, before Service provider proceeding with the change.

20. WAIVER OF RIGHTS

Each Party agrees that any delay or omission on the part of the other Party to

exercise any right, power or remedy under this Agreement will not

automatically operate as a waiver of such right, power or remedy or any other

right, power or remedy and no waiver will be effective unless it is in writing

and signed by the waiving Party. Further the waiver or the single or partial

exercise of any right, power or remedy by either Party hereunder on one

occasion will not be construed as a bar to a waiver of any successive or other

right, power or remedy on any other occasion.

21. LIMITATION OF LIABILITY

21.1 The maximum aggregate liability of Service Provider, subject to clause 21.3,

in respect of any claims, losses, costs or damages arising out of or in connection

with this Agreement shall not exceed the total Project Cost.

21.2 Under no circumstances shall either Party be liable for any indirect,

consequential or incidental losses, damages or claims including loss of profit,

loss of business or revenue.

21.3 The limitations set forth in Clause 21.1 shall not apply with respect to:

(i) claims that are the subject of indemnification pursuant to Clause 1210

(infringement of third party Intellectual Property Right);

(ii) damage(s) occasioned by the Gross Negligence or Willful

Misconduct of Service Provider;

(iii) damage(s) occasioned by Service Provider for breach of

Confidentiality Obligations ;

10 Please see Clause 12 ‘IPR Indemnification’


&



(iv) Regulatory or statutory fines imposed by a Government or

Regulatory agency for non-compliance of statutory or regulatory

guidelines applicable to the Bank, provided such guidelines were

brought to the notice of Service Provider.

For the purpose of clause 21.3(ii) “Gross Negligence” means any act

or failure to act by a party which was in reckless disregard of or gross

indifference to the obligation of the party under this Agreement and

which causes injury, damage to life, personal safety, real property,

harmful consequences to the other party, which such party knew, or

would have known if it was acting as a reasonable person, would

result from such act or failure to act for which such Party is legally

liable. Notwithstanding the forgoing, Gross Negligence shall not

include any action taken in good faith.

“Willful Misconduct” means any act or failure to act with an

intentional disregard of any provision of this Agreement, which a

party knew or should have known if it was acting as a reasonable

person, which would result in injury, damage to life, personal safety,

real property, harmful consequences to the other party, but shall not

include any error of judgment or mistake made in good faith.

22. FORCE MAJEURE

22.1 Notwithstanding anything else contained in the Agreement, neither Party shall

be liable for any delay in performing its obligations herein if and to the extent

that such delay is the result of an event of Force Majeure.

22.2 For the purposes of this clause, 'Force Majeure' means and includes wars,

insurrections, revolution, civil disturbance, riots, terrorist acts, public strikes,

hartal, bundh, fires, floods, epidemic, quarantine restrictions, freight

embargoes, declared general strikes in relevant industries, Vis Major, acts of

Government in their sovereign capacity, impeding reasonable performance of

Service Provider and /or sub-contractor but does not include any foreseeable


&



events, commercial considerations or those involving fault or negligence on the

part of the party claiming Force Majeure.

22.3 If Force Majeure situation arises, the non-performing Party shall promptly

notify to the other Party in writing of such conditions and the cause(s) thereof.

Unless otherwise agreed in writing, the non-performing Party shall continue to

perform its obligations under the Agreement as far as is reasonably practical,

and shall seek all reasonable alternative means for performance not prevented

by the Force Majeure event.

22.4 If the Force Majeure situation continues beyond 30 (thirty) days, either Party

shall have the right to terminate the Agreement by giving a notice to the other

Party. Neither Party shall have any penal liability to the other in respect of the

termination of this Agreement as a result of an event of Force Majeure.

However, Service Provider shall be entitled to receive payments for all services

actually rendered up to the date of the termination of this Agreement.

23. NOTICES

23.1 Any notice or any other communication required to be given under this

Agreement shall be in writing and may be given by delivering the same by hand

or sending the same by prepaid registered mail, postage prepaid, telegram or

facsimile to the relevant address set forth below or such other address as each

Party may notify in writing to the other Party from time to time. Any such notice

given as aforesaid shall be deemed to be served or received at the time upon

delivery (if delivered by hand) or upon actual receipt (if given by postage

prepaid, telegram or facsimile).

23.2 A notice shall be effective when it is delivered or on the effective date of the

notice, whichever is later.

23.3 The addresses for Communications to the Parties are as under.

(a) In the case of the Bank

___________________

___________________

___________________

(b) In case of Service Provider


&



___________________

___________________

___________________

23.4 In case there is any change in the address of one Party, it shall be promptly

communicated in writing to the other Party.

24. GENERAL TERMS & CONDITIONS

24.1 TRAINING: Service Provider shall train designated Bank officials on the

configuration, operation/ functionalities, maintenance, support &

administration for Software, application architecture and components,

installation, troubleshooting processes of the proposed Services as mentioned

in this Agreement.

24.2 PUBLICITY: Service Provider may make a reference of the Services rendered

to the Bank covered under this Agreement on Service provider’s Web Site or

in their sales presentations, promotional materials, business plans or news

releases etc., only after prior written approval from the Bank.

24.3 SUCCESSORS AND ASSIGNS: This Agreement shall bind and inure to the

benefit of the Parties, and their respective successors and permitted assigns.

24.4 NON-HIRE AND NON-SOLICITATION: During the term of this Agreement

and for a period of one year thereafter, neither Party shall (either directly or

indirectly through a third party) employ, solicit to employ, cause to be solicited

for the purpose of employment or offer employment to any employee(s) of the

other Party, or aid any third person to do so, without the specific written consent

of the other Party. However, nothing in this clause shall affect the Bank’s

regular recruitments as per its recruitment policy and not targeted to the

employees of Service provider.

24.5 SEVERABILITY: The invalidity or unenforceability of any provision of this

Agreement shall not in any way effect, impair or render unenforceable this

Agreement or any other provision contained herein, which shall remain in full

force and effect.


&



24.6 MODIFICATION: This Agreement may not be modified or amended except in

writing signed by duly authorized representatives of each Party with express

mention thereto of this Agreement.

24.7 ENTIRE AGREEMENT: The following documents along with all addenda

issued thereto shall be deemed to form and be read and construed as integral

part of this Agreement and in case of any contradiction between or among them

the priority in which a document would prevail over another would be as laid

down below beginning from the highest priority to the lowest priority:

(i) This Agreement;

(ii) Annexure of Agreement;

(iii) Purchase Order No._______ dated ________; and

(iv) RFP

24.8 PRIVITY: Neither this Agreement nor any provision hereof is intended to

confer upon any person/s other than the Parties to this Agreement any rights or

remedies hereunder.

24.9 DUE AUTHORISATION: Each of the undersigned hereby represents to the

other that she/ he is authorized to enter into this Agreement and bind the

respective parties to this Agreement.

24.10 COUNTERPART: This Agreement may be executed in duplicate and each

copy is treated as original for all legal purposes.

IN WITNESS WHEREOF, the Parties hereto have caused this Agreement to be

executed by their duly authorized representatives as of the date and day first

mentioned above.

State Bank of India _____________Service Provider

By: By:

Name: Name:

Designation: Designation:

Date: Date:

WITNESS:

1. 1.


&



2. 2.


&



ANNEXURE-A

DELIVERABLES/SCOPE OF WORK

1. Description of Deliverables:

[Identify each individual component of the Deliverables, including equipment

and software, by name and version.]

2. Specifications, Performance Standards, and Functional Requirements:

[Include here all of the specifications, performance standards, and functional

requirements for the Deliverables that are important to the Bank. Be certain

to include run and operator response times (if applicable) which are part of

the Acceptance criteria discussed in this agreement.]

2.1 Service Provider undertakes and warrants to provide technical support with

resolution time frame as per the matrix given below:

Severity Description Response Time Resolution

time

Critical

High/Major

Medium/

Low/Minor

Very Low/Cosmetic

3. Documentation:

[Identify here all user manuals and other documentation concerning the

Software.]

4. Place of Service11

1. _______________

2. _______________

11Brief description of place of service


&



5. Standard Services

Standard services to be delivered under this agreement are illustratively

listed below:-

The details of services, their responsibilities and availability to be

described----

1……

2…….

6. Maintenance/ Upgrades

6.1 Service Provider shall maintain and upgrade the Software during the

warranty and support period so that the Software shall, at all times during the

warranty and support period, meet or exceed the specifications in the Project

Documents and the performance requirements as set forth in this Agreement.

Service provider shall, at no cost to the Bank, promptly correct any and all

errors, Deficiencies and defects in the Software.

6.2 Service Provider shall have the operational maintenance obligations (e.g.,

telephone support, problem resolution, on-site services) as mentioned in

Annexure A. <kindly add operational maintenance obligation with

deliverables>

7. Correction of Deficiencies in Deliverables

7.1 If Service provider is unable to correct all Deficiencies preventing

acceptance of a deliverable or meet the performance requirments, for which

Service provider is responsible within the timelines as mentioned in this

Agreemnet, the Bank may at its discretion:

a) Without prejudiced to the Bank’s other rights under this Agreement, allow

Service provider to continue its efforts to make corrections; or

b) Accept the deliverable with its Deficiencies and reach agreement with

Service provider on an equitable reduction to Service provider’s charges for

developing such deliverable to reflect the uncorrected Deficiencies; or


&



c) Terminate this Agreement for cause in accordance with Clause 17 (except

that the Bank is under no obligation to provide Service provider any further

opportunity to cure) and recover its damages as set forth in this Agreement.

8. Service Milestones12

Milestones13 related to in-scope services and/or components includes

<Strike off whichever is not applicable>:-

Service Category Milestone Duration (in

months/weeks/days/hours)

Development

<Strike off if not

applicable>

<Brief description of

milestone>

<mention the duration >

Delivery


milestone>


Installation


milestone>


Configuration


milestone>


User

Acceptance

Testing


milestone>


Documentation


milestone>


Training


milestone>


Live in

Production


milestone>


9. Risk Management

a. Service Provider shall identify and document the risk in delivering the

Services. Service Provider shall identify the methodology to monitor and

12 The Purpose of this clause is identify any assumption made for this agreement. 13Assumptions may include items including how the services will be used in future, projected

growth rates that may impact how services are to be delivered and future changes that were

considered but not included in the agreement


&



prevent the risk, and shall also document the steps taken to manage the

impact of the risks.

b. Service Request14

14The purpose of this clause is to document the process and timeframe for responding to the

service requests.


&



ANNEXURE-B

INFRASTUCTURE MANAGEMENT METRICS<strike off which ever in not

applicable>

(a) Service metric for Recovery Time objective (RTO)<strike off if not

applicable>

SL

no.

Service level

category

Service level object Measurement range/criteria

1. RTO during

disaster for

shifting to

<Place>DC

<……………….

(requirement to be filled by

the concerned dept.)/ 4

hours><strike off which ever

in not applicable>

<…………………><to be filled in by

the concerned dept. depending on the

criticality of service>

(b) SLA for Recovery Point Objective<strike off if not applicable>

SL

no.

Service level

category


1. RPO during

disaster for

shifting to

<Place>

<……………….(requirement

to be filled by the concerned

dept.)/ 99.999% of PR site

data recovery><strike off

which ever in not applicable>

<…………………><to be filled in by

the concerned dept. depending on the


(c) INFRASTUCTURE SUPPORT METRICS<strike off if not applicable>

Activities Severity Response

Time (mins)

Resolution

Time

(mins)

Measur

ement

Criteria Operational

Task

Details

<to be filled

in by the

…………… Level 1 ……….. ………….

. <……

………


&



Activities Severity Response

Time (mins)

Resolution

Time

(mins)

Measur

ement

Criteria Operational

Task

Details

concerned

dept.

depending on

the criticality

of service>

……………. Level 2 ……………

.

……… ……><

to be

filled in

by the

concern

ed dept.

dependi

ng on

the

criticali

ty of

service

>

……………. Level ….n ………….. …………

<to be filled

in by the

concerned

dept.

depending on

the criticality

of service>

………………

…..

Level 1 ………… ……….

………………

……

Level 2 ………… ………….

………………

……..

Level…..n ………… ………….

..


&



ANNEXURE-C

APPLICATION DEVELOPMENT & MAINTENANCE METRIC.

Impact Level Description/Measure Response Time Resolution Time

Level 1 Low impact <to be filled in by the

concerned dept.

depending on the


<to be filled in by the

concerned dept.

depending on the


Level 2 Medium impact <to be filled in by the

concerned dept.

depending on the



concerned dept.

depending on the


........... ........

Level..... Highest impact <to be filled in by the

concerned dept.

depending on the



concerned dept.

depending on the


Urgency Level Description/Measure Response time Resolution time

Level 1 <to be filled in by the

concerned dept.

depending on the



concerned dept.

depending on the


Level 2 <to be filled in by the

concerned dept.

depending on the



concerned dept.

depending on the


...........

Level..... To be performed on top

priority


concerned dept.

depending on the



concerned dept.

depending on the



&



<Priorities are to be filled in by the concerned dept. depending on the criticality of

service>

IMPACT

Urgency Level

Level 1 Level 2 Level n

Level 1 Priority A Priority A Priority C

Level 2 Priority A Priority B Priority D

.... Priority J Priority K Priority L

Level..... Priority L Priority M Priority N Priority O


&



ANNEXURE-D

SERVICE DESK SUPPORT METRIC<strike off if not applicable>

SL

no.

Service level

category


1. Call type

level 1, <strike

off which ever

in not

applicable>

<……………….(requirement)/

call escalated by sbi service

desk to ……………service

provider’s team><strike off


<…………………><to be filled in

by the concerned dept. depending on

the criticality of service>

Call type

level 12,

<strike off

which ever in

not applicable>

<……………….(requirement)/

call escalated by sbi service

desk to ……………service

provider’s team><strike off


<…………………><to be filled in

by the concerned dept. depending on

the criticality of service>

SERVICE LEVEL REPORTING/ FREQUENCY15<strike off if not applicable>

<Describe the service level reporting frequency and methodology>

15The purpose of this section is to document reports used to measure service levels. These reports must

align with the service measurement and should support these measurements.

Report Name Interval Recipient Responsible


&



SERVICE REVIEW MEETING16<strike off if not applicable>

Service Review meeting shall be held annually/ half yearly. The

following comprise of the Service Review Board:

▪ President,

▪ Members…………….

16The purpose of this section to describe the frequency of meeting and composition of service review board.


&



ANNEXURE-E

ESCALATION MATRICS17<strike off if not applicable>

17 To ensure that the service beneficiary receives senior management attention on

unresolved issues, Service Provider operates a problem escalation procedure in order that

any unresolved problems are notified to Service Provider management personnel on a

priority basis dependent upon the impact and urgency of the problem.

Service level

Category

Response/Resolution

Time

Escalation thresholds

Escalation Level 1 Escalation.........

Escalation

to

Escalation

Mode

Escalation

to

Escalation

Mode

Production

Support

<Name,

designation

contact

no.>

Service

Milestones

<Name,

designation

contact

no.>

Infrastructure

Management

<Name,

designation

contact

no.>

Application

Development

&

Maintenance

<Name,

designation

contact

no.>

Service Desk

Support

<Name,

designation

contact

no.>


&



ANNEXURE-F

<Under mentioned are proposed penalty metrics, they are required to be customized by

the concerned dept.><strike off whichever is not applicable>

S.

No. Description

Timelines

(from the

date of

issuance

of

PO/LoI)

LD penalties (in %)

1 <specify the milestone/ activity/

task>

<timelines

in minutes

/ hours

/days><

to be

provided

by the

dept.>

<specify the liquidated

damages as certain

percentage of quarterly

operating cost>

PENALTY FOR NON PERFORMANCE OF SLA

Service level

category

SLA Measure Penalty

Calculation

Application

Uptime/Downtime/

RTO/RPO <strike

off whichever is

not applicable>

<delay in minutes / hours /days>< to be provided

by the dept.>

Delivery Schedule <Delay ( in working days)>< to be provided>

Installation <delay in minutes / hours /days>< to be provided

by the dept.>

User Acceptance

Testing

<delay in minutes / hours /days>< to be provided

by the dept.>

Live in Production <delay in minutes / hours /days>< to be provided

by the dept.>


&



PENALTY FOR EVERY ITEMS, Penalty at the rates given below:

Category of

defect

Service Area Penalty

Minor

Medium

Major

Critical

PENALTY FOR NON PERFORMANCE AT HELP DESK

Periodical training <Delay ( in working days)>< to be provided>

………<For

each resource

not trained>

Source Code <Delay ( in working days)>< to be provided>

Non-availability of

staff

Reports/

Service

Area

SLA

measurement

Penalty % on ___________

<to be provided by the dept.,>

Calculate penalty on

0 % ______% (for

every 1%

shortfall from

the stipulated

service level

Help

Desk

Time taken

for resolution

of calls

(99.9% of the

calls should

More than

or equal to

99.9 % of

service

level

Less than 99.9 %

of service level <to be provided by the dept.,>


&



ANNEXURE G

Transition & Knowledge Transfer Plan

1. Introduction

1.1 This Annexure describes the duties and responsibilities of Service Provider and the

Bank to ensure proper transition of services and to ensure complete knowledge

transfer.

2. Objectives

2.1 The objectives of this annexure are to:

(1) ensure a smooth transition of Services from Service Provider to a

New/Replacement SERVICE PROVIDER or back to the Bank at the

termination or expiry of this Agreement;

(2) ensure that the responsibilities of both parties to this Agreement are clearly

defined in the event of exit and transfer; and

(3) ensure that all relevant Assets are transferred.

3. General

3.1 Where the Bank intends to continue equivalent or substantially similar services to

the Services provided by Service Provider after termination or expiry the

Agreement, either by performing them itself or by means of a New/Replacement

SERVICE PROVIDER, Service Provider shall ensure the smooth transition to the

Replacement SERVICE PROVIDER and shall co-operate with the Bank or the

Replacement SERVICE PROVIDER as required in order to fulfil the obligations

under this annexure.

be resolved

within the

stipulated

response

time)


&



3.2 Service Provider shall co-operate fully with the Bank and any potential

Replacement SERVICE PROVIDERs tendering for any Services, including the

transfer of responsibility for the provision of the Services previously performed

by Service Provider to be achieved with the minimum of disruption. In particular:

3.2.1 during any procurement process initiated by the Bank and in anticipation of the

expiry or termination of the Agreement and irrespective of the identity of any

potential or actual Replacement SERVICE PROVIDER, Service Provider shall

comply with all reasonable requests by the Bank to provide information relating

to the operation of the Services, including but not limited to, hardware and

Software used, inter-working, coordinating with other application owners, access

to and provision of all performance reports, agreed procedures, and any other

relevant information (including the configurations set up for the Bank and

procedures used by Service Provider for handling Data) reasonably necessary to

achieve an effective transition, provided that:

3.2.1.1 Service Provider shall not be obliged to provide any information concerning the

costs of delivery of the Services or any part thereof or disclose the financial

records of Service Provider to any such party;

3.2.1.2 Service Provider shall not be obliged to disclose any such information for use by

an actual or potential Replacement SERVICE PROVIDER unless such a party

shall have entered into a confidentiality agreement; and

3.2.1.3 whilst supplying information as contemplated in this paragraph 3.2.1 Service

Provider shall provide sufficient information to comply with the reasonable

requests of the Bank to enable an effective tendering process to take place but

shall not be required to provide information or material which Service Provider

may not disclose as a matter of law.

3.3 In assisting the Bank and/or the Replacement SERVICE PROVIDER to transfer

the Services the following commercial approach shall apply:

(1) where Service Provider does not have to utilise resources in addition to those

normally used to deliver the Services prior to termination or expiry, Service

Provider shall make no additional Charges. The Bank may reasonably

request that support and materials already in place to provide the Services

may be redeployed onto work required to effect the transition provided


&



always that where the Bank agrees in advance that such redeployment will

prevent Service Provider from meeting any Service Levels, achieving any

other key dates or from providing any specific deliverables to the Bank, the

Bank shall not be entitled to claim any penalty or liquidated damages for the

same.

(2) where any support and materials necessary to undertake the transfer work or

any costs incurred by Service Provider are additional to those in place as part

of the proper provision of the Services the Bank shall pay Service Provider

for staff time agreed in advance at the rates agreed between the parties and

for materials and other costs at a reasonable price which shall be agreed with

the Bank.

3.4 If so required by the Bank, on the provision of no less than 15 (fifteen) days’

notice in writing, Service Provider shall continue to provide the Services or an

agreed part of the Services for a period not exceeding 6 (Six) months beyond the

date of termination or expiry of the Agreement. In such event the Bank shall

reimburse Service Provider for such elements of the Services as are provided

beyond the date of termination or expiry date of the Agreement on the basis that:

(1) Services for which rates already specified in the Agreement shall be provided on

such rates;

(2) materials and other costs, if any, will be charged at a reasonable price which shall

be mutually agreed between the Parties.

3.5 Service Provider shall provide to the Bank an analysis of the Services to the extent

reasonably necessary to enable the Bank to plan migration of such workload to a

Replacement SERVICE PROVIDER provided always that this analysis involves

providing performance data already delivered to the Bank as part of the

performance monitoring regime.

3.6 Service Provider shall provide such information as the Bank reasonably considers

to be necessary for the actual Replacement SERVICE PROVIDER, or any

potential Replacement SERVICE PROVIDER during any procurement process,

to define the tasks which would need to be undertaken in order to ensure the

smooth transition of all or any part of the Services.


&



3.7 Service Provider shall make available such Key Personnel who have been

involved in the provision of the Services as the Parties may agree to assist the

Bank or a Replacement SERVICE PROVIDER (as appropriate) in the continued

support of the Services beyond the expiry or termination of the Agreement, in

which event the Bank shall pay for the services of such Key Personnel on a time

and materials basis at the rates agreed between the parties.

3.8 Service Provider shall co-operate with the Bank during the handover to a

Replacement SERVICE PROVIDER and such co-operation shall extend to, but

shall not be limited to, inter-working, co-ordinating and access to and provision

of all operational and performance documents, reports, summaries produced by

Service Provider for the Bank, including the configurations set up for the Bank

and any and all information to be provided by Service Provider to the Bank under

any other term of this Agreement necessary to achieve an effective transition

without disruption to routine operational requirements.

4. Replacement SERVICE PROVIDER

4.1 In the event that the Services are to be transferred to a Replacement SERVICE

PROVIDER, the Bank will use reasonable endeavors to ensure that the

Replacement SERVICE PROVIDER co-operates with Service Provider during

the handover of the Services.

5. Subcontractors

5.1 Service Provider agrees to provide the Bank with details of the Subcontracts (if

permitted by the Bank) used in the provision of the Services. Service Provider

will not restrain or hinder its Subcontractors from entering into agreements with

other prospective service providers for the delivery of supplies or services to the

Replacement SERVICE PROVIDER.

6. Transfer of Configuration Management Database

6.1 6 (six) months prior to expiry or within 2 (two) week of notice of termination of

this Agreement Service Provider shall deliver to the Bank a full, accurate and up

to date cut of content from the Configuration Management Database (or


&



equivalent) used to store details of Configurable Items and Configuration

Management data for all products used to support delivery of the Services.

7. Transfer of Assets


the Agreement Service Provider shall deliver to the Bank the Asset Register

comprising:

(1) a list of all Assets eligible for transfer to the Bank; and

(2) a list identifying all other Assets, (including human resources, skillset

requirement and know-how), that are ineligible for transfer but which are

essential to the delivery of the Services. The purpose of each component and

the reason for ineligibility for transfer shall be included in the list.

7.2 Within 1 (one) month of receiving the Asset Register as described above, the Bank

shall notify Service Provider of the Assets it requires to be transferred, (the

“Required Assets”), and the Bank and Service Provider shall provide for the

approval of the Bank a draft plan for the Asset transfer.

7.3 In the event that the Required Assets are not located on Bank premises:

(1) Service Provider shall be responsible for the dismantling and packing of the

Required Assets and to ensure their availability for collection by the Bank or

its authorised representative by the date agreed for this;

(2) any charges levied by Service Provider for the Required Assets not owned

by the Bank shall be fair and reasonable in relation to the condition of the

Assets and the then fair market value; and

(3) for the avoidance of doubt, the Bank will not be responsible for the Assets.

7.4 Service Provider warrants that the Required Assets and any components thereof

transferred to the Bank or Replacement SERVICE PROVIDER benefit from any

remaining manufacturer’s warranty relating to the Required Assets at that time,

always provided such warranties are transferable to a third party.


&



8. Transfer of Software Licenses


this Agreement Service Provider shall deliver to the Bank all licenses for Software

used in the provision of Services which were purchased by the Bank.

8.2 On notice of termination of this Agreement Service Provider shall, within 2 (two)

week of such notice, deliver to the Bank details of all licenses for SERVICE

PROVIDER Software and SERVICE PROVIDER Third Party Software used in

the provision of the Services, including the terms of the Software license

agreements. For the avoidance of doubt, the Bank shall be responsible for any

costs incurred in the transfer of licenses from Service Provider to the Bank or to

a Replacement SERVICE PROVIDER provided such costs shall be agreed in

advance. Where transfer is not possible or not economically viable the Parties will

discuss alternative licensing arrangements.

8.3 Within 1 (one) month of receiving the Software license information as described

above, the Bank shall notify Service Provider of the licenses it wishes to be

transferred, and Service Provider shall provide for the approval of the Bank a draft

plan for license transfer, covering novation of agreements with relevant Software

providers, as required. Where novation is not possible or not economically viable

the Parties will discuss alternative licensing arrangements.

9. Transfer of Software

9.1 Wherein State Bank of India is the owner of the software, 6 (six) months prior to

expiry or within 2 (two) weeks of notice of termination of this Agreement Service

Provider shall deliver, or otherwise certify in writing that it has delivered, to the

Bank a full, accurate and up to date version of the Software including up to date

versions and latest releases of, but not limited to:

(a) Source Code (with source tree) and associated documentation;

(b) application architecture documentation and diagrams;

(c) release documentation for functional, technical and interface specifications;

(d) a plan with allocated resources to handover code and design to new

development and test teams (this should include architectural design and

code ‘walk-through’);


&



(e) Source Code and supporting documentation for testing framework tool and

performance tool;

(f) test director database;

(g) test results for the latest full runs of the testing framework tool and

performance tool on each environment; and

10. Transfer of Documentation

10.1 6 (six) months prior to expiry or within 2 (two) weeks of notice of termination of

this Agreement Service Provider shall deliver to the Bank a full, accurate and up-

to date set of Documentation that relates to any element of the Services as defined

in Annexure A.

11. Transfer of Service Management Process

11.1 6 (six) months prior to expiry or within 2 (two) weeks of notice of termination of

this Agreement Service Provider shall deliver to the Bank:

(a) a plan for the handover and continuous delivery of the Service Desk function

and allocate the required resources;

(b) full and up to date, both historical and outstanding Service Desk ticket data

including, but not limited to:

(1) Incidents;

(2) Problems;

(3) Service Requests;

(4) Changes;

(5) Service Level reporting data;

(c) a list and topology of all tools and products associated with the provision of

the Software and the Services;

(d) full content of Software builds and server configuration details for Software

deployment and management; and

(e) monitoring Software tools and configuration.

12. Transfer of Knowledge Base


&





to date cut of content from the knowledge base (or equivalent) used to

troubleshoot issues arising with the Services but shall not be required to provide

information or material which Service Provider may not disclose as a matter of

law.

13. Transfer of Service Structure

13.1 6 (six) months prior to expiry or within 2 (two) weeks’ notice of termination of


to date version of the following, as a minimum:

(a) archive of records including:

(1) Questionnaire Packs;

(2) project plans and sign off;

(3) Acceptance Criteria; and

(4) Post Implementation Reviews.

(b) programme plan of all work in progress currently accepted and those in

progress;

(c) latest version of documentation set;

(d) Source Code (if appropriate) and all documentation to support the services

build tool with any documentation for ‘workarounds’ that have taken place;

(e) Source Code, application architecture documentation/diagram and other

documentation;

(f) Source Code, application architecture documentation/diagram and other

documentation for Helpdesk; and

(g) project plan and resource required to hand Service Structure capability over

to the new team.

14. Transfer of Data

14.1 In the event of expiry or termination of this Agreement Service Provider shall

cease to use the Bank’s Data and, at the request of the Bank, shall destroy all


&



such copies of the Bank’s Data then in its possession to the extent specified by

the Bank.

14.2 Except where, pursuant to paragraph 14.1 above, the Bank has instructed Service

Provider to destroy such Bank’s Data as is held and controlled by Service

Provider, 1 (one) months prior to expiry or within 1 (one) month of termination

of this Agreement, Service Provider shall deliver to the Bank:

(1) An inventory of the Bank’s Data held and controlled by Service Provider,

plus any other data required to support the Services; and/or

(2) a draft plan for the transfer of the Bank’s Data held and controlled by

Service Provider and any other available data to be transferred.

15. Training Services on Transfer

15.1 Service Provider shall comply with the Bank’s reasonable request to assist in the

identification and specification of any training requirements following expiry or

termination. The purpose of such training shall be to enable the Bank or a

Replacement SERVICE PROVIDER to adopt, integrate and utilize the Data and

Assets transferred and to deliver an equivalent service to that previously

provided by Service Provider.

15.2 The provision of any training services and/or deliverables and the charges for

such services and/or deliverables shall be agreed between the parties.

15.3 Subject to paragraph 15.2 above, Service Provider shall produce for the Bank’s

consideration and approval 6 (six) months prior to expiry or within 10 (ten)

working days of issue of notice of termination:

(1) A training strategy, which details the required courses and their objectives;

(2) Training materials (including assessment criteria); and

(3) a training plan of the required training events.

15.4 Subject to paragraph 15.2 above, Service Provider shall schedule all necessary

resources to fulfil the training plan, and deliver the training as agreed with the

Bank.

15.5 SERVICE PROVIDER shall provide training courses on operation of licensed

/open source Software product at Bank’s ________Premises, at such times,

during business hours as Bank may reasonably request. Each training course will


&



last for ________hours. Bank may enroll up to ________ of its staff or ________

employees of the new/replacement service provider in any training course, and

Service Provider shall provide a hard copy of the Product (licensed or open

sourced) standard training manual for each enrollee. Each training course will be

taught by a technical expert with no fewer than _______ years of experience in

operating _______Software system. SERVICE PROVIDER shall provide the

_______ training without any additional charges.

16. Transfer Support Activities

16.1 6 (six) months prior to expiry or within 10 (ten) Working Days of issue of notice

of termination, Service Provider shall assist the Bank or Replacement SERVICE

PROVIDER to develop a viable exit transition plan which shall contain details

of the tasks and responsibilities required to enable the transition from the

Services provided under this Agreement to the Replacement SERVICE

PROVIDER or the Bank, as the case may be.

16.2 The exit transition plan shall be in a format to be agreed with the Bank and shall

include, but not be limited to:

(1) a timetable of events;

(2) resources;

(3) assumptions;

(4) activities;

(5) responsibilities; and

(6) risks.

16.3 Service Provider shall supply to the Bank or a Replacement SERVICE

PROVIDER specific materials including but not limited to:

(a) Change Request log;

(b) entire back-up history; and

(c) dump of database contents including the Asset Register, problem

management system and operating procedures. For the avoidance of doubt

this shall not include proprietary Software tools of Service Provider which

are used for project management purposes generally within Service

Provider's business.


&



16.4 Service Provider shall supply to the Bank or a Replacement SERVICE

PROVIDER proposals for the retention of Key Personnel for the duration of the

transition period.

16.5 On the date of expiry Service Provider shall provide to the Bank refreshed

versions of the materials required under paragraph 16.3 above which shall

reflect the position as at the date of expiry.

16.6 Service Provider shall provide to the Bank or to any Replacement SERVICE

PROVIDER within 14 (fourteen) Working Days of expiry or termination a full

and complete copy of the Incident log book and all associated documentation

recorded by Service Provider till the date of expiry or termination.

16.7 Service Provider shall provide for the approval of the Bank a draft plan to

transfer or complete work-in-progress at the date of expiry or termination.

17. Use of Bank Premises

17.1 Prior to expiry or on notice of termination of this Agreement, Service Provider

shall provide for the approval of the Bank a draft plan specifying the necessary

steps to be taken by both Service Provider and the Bank to ensure that the

Bank’s Premises are vacated by Service Provider.

17.2 Unless otherwise agreed, Service Provider shall be responsible for all costs

associated with Service Provider’s vacation of the Bank’s Premises, removal of

equipment and furnishings, redeployment of SERVICE PROVIDER Personnel,

termination of arrangements with Subcontractors and service contractors and

restoration of the Bank Premises to their original condition (subject to a

reasonable allowance for wear and tear).

____________________________XXXXX____________________________


&



Appendix -L

NON-DISCLOSURE AGREEMENT

THIS RECIPROCAL NON-DISCLOSURE AGREEMENT (the “Agreement”) is made at

___________ between:

State Bank of India constituted under the State Bank of India Act, 1955 having its Corporate

Centre and Central Office at State Bank Bhavan, Madame Cama Road, Nariman Point,

Mumbai-21 and its Global IT Centre at Sector-11, CBD Belapur, Navi Mumbai- 400614

through its _________________ Department (hereinafter referred to as “Bank” which

expression includes its successors and assigns) of the ONE PART;

And

____________________________________ a private/public limited company/LLP/Firm

<strike off whichever is not applicable> incorporated under the provisions of the

Companies Act, 1956/ Limited Liability Partnership Act 2008/ Indian Partnership Act 1932

<strike off whichever is not applicable>, having its registered office at

_________________ (hereinafter referred to as “_________” which expression shall

unless repugnant to the subject or context thereof, shall mean and include its successors

and permitted assigns) of the OTHER PART;

And Whereas

1. _________________________________________ is carrying on business of providing

_________________________________, has agreed to __________________________

for the Bank and other related tasks.

2. For purposes of advancing their business relationship, the parties would need to

disclose certain valuable confidential information to each other (the Party receiving the

information being referred to as the “Receiving Party” and the Party disclosing the

information being referred to as the “Disclosing Party. Therefore, in consideration of

covenants and agreements contained herein for the mutual disclosure of confidential

information to each other, and intending to be legally bound, the parties agree to terms and

conditions as set out hereunder.


&



NOW IT IS HEREBY AGREED BY AND BETWEEN THE PARTIES AS UNDER

1. Confidential Information and Confidential Materials:

(a) “Confidential Information” means non-public information that Disclosing Party

designates as being confidential or which, under the circumstances surrounding

disclosure ought to be treated as confidential. “Confidential Information” includes,

without limitation, information relating to developed, installed or purchased

Disclosing Party Software or hardware products, the information relating to general

architecture of Disclosing Party’s network, information relating to nature and

content of data stored within network or in any other storage media, Disclosing

Party’s business policies, practices, methodology, policy design delivery, and

information received from others that Disclosing Party is obligated to treat as

confidential. Confidential Information disclosed to Receiving Party by any

Disclosing Party Subsidiary and/ or agents is covered by this agreement

(b) Confidential Information shall not include any information that: (i) is or

subsequently becomes publicly available without Receiving Party’s breach of any

obligation owed to Disclosing party; (ii) becomes known to Receiving Party free

from any confidentiality obligations prior to Disclosing Party’s disclosure of such

information to Receiving Party; (iii) became known to Receiving Party from a source

other than Disclosing Party other than by the breach of an obligation of

confidentiality owed to Disclosing Party and without confidentiality restrictions on

use and disclosure; or (iv) is independently developed by Receiving Party.

(c) “Confidential Materials” shall mean all tangible materials containing Confidential

Information, including without limitation written or printed documents and computer

disks or tapes, whether machine or user readable.

2. Restrictions

(a) Each party shall treat as confidential the Contract and any and all information

(“confidential information”) obtained from the other pursuant to the Contract and

shall not divulge such information to any person (except to such party’s “Covered

Person” which term shall mean employees, contingent workers and professional

advisers of a party who need to know the same) without the other party’s written

consent provided that this clause shall not extend to information which was rightfully

in the possession of such party prior to the commencement of the negotiations

leading to the Contract, which is already public knowledge or becomes so at a future

date (otherwise than as a result of a breach of this clause). Receiving Party will have

executed or shall execute appropriate written agreements with Covered Person,

sufficient to enable it to comply with all the provisions of this Agreement. If the

Service Provider appoints any Sub-Contractor (if allowed) then the Service Provider

may disclose confidential information to such Sub-Contractor subject to such Sub


&



Contractor giving the Bank an undertaking in similar terms to the provisions of this

clause. Any breach of this Agreement by Receiving Party’s Covered Person or Sub-

Contractor shall also be constructed a breach of this Agreement by Receiving Party.

(b) Receiving Party may disclose Confidential Information in accordance with judicial

or other governmental order to the intended recipients (as detailed in this clause),

provided Receiving Party shall give Disclosing Party reasonable notice (provided

not restricted by applicable laws) prior to such disclosure and shall comply with any

applicable protective order or equivalent. The intended recipients for this purpose

are:

i. the statutory auditors of the either party and

ii. government or regulatory authorities regulating the affairs of the parties and

inspectors and supervisory bodies thereof

(c) Confidential Information and Confidential Material may be disclosed, reproduced,

summarized or distributed only in pursuance of Receiving Party’s business

relationship with Disclosing Party, and only as otherwise provided hereunder.

Receiving Party agrees to segregate all such Confidential Material from the

confidential material of others in order to prevent mixing.

3. Rights and Remedies

(a) Receiving Party shall notify Disclosing Party immediately upon discovery of any

unauthorized used or disclosure of Confidential Information and/ or Confidential

Materials, or any other breach of this Agreement by Receiving Party, and will

cooperate with Disclosing Party in every reasonable way to help Disclosing Party

regain possession of the Confidential Information and/ or Confidential Materials and

prevent its further unauthorized use.

(b) Receiving Party shall return all originals, copies, reproductions and summaries of

Confidential Information or Confidential Materials at Disclosing Party’s request, or

at Disclosing Party’s option, certify destruction of the same.

(c) Receiving Party acknowledges that monetary damages may not be the only and / or

a sufficient remedy for unauthorized disclosure of Confidential Information and that

disclosing party shall be entitled, without waiving any other rights or remedies

(including but not limited to as listed below), to injunctive or equitable relief as may

be deemed proper by a Court of competent jurisdiction.

i. Suspension of access privileges

ii. Change of personnel assigned to the job


&



iii. Termination of contract

(d) Disclosing Party may visit Receiving Party’s premises, with reasonable prior notice

and during normal business hours, to review Receiving Party’s compliance with the

term of this Agreement.

4. Miscellaneous

(a) All Confidential Information and Confidential Materials are and shall remain the

sole and of Disclosing Party. By disclosing information to Receiving Party,

Disclosing Party does not grant any expressed or implied right to Receiving Party to

disclose information under the Disclosing Party’s patents, copyrights, trademarks, or

trade secret information.

(b) Confidential Information made available is provided “As Is,” and disclosing party

disclaims all representations, conditions and warranties, express or implied,

including, without limitation, representations, conditions or warranties of accuracy,

completeness, performance, fitness for a particular purpose, satisfactory quality and

merchantability provided same shall not be construed to include fraud or wilful

default of disclosing party.

(c) Neither party grants to the other party any license, by implication or otherwise, to

use the Confidential Information, other than for the limited purpose of evaluating or

advancing a business relationship between the parties, or any license rights

whatsoever in any patent, copyright or other intellectual property rights pertaining

to the Confidential Information.

(d) The terms of Confidentiality under this Agreement shall not be construed to limit

either party’s right to independently develop or acquire product without use of the

other party’s Confidential Information. Further, either party shall be free to use for

any purpose the residuals resulting from access to or work with such Confidential

Information, provided that such party shall maintain the confidentiality of the

Confidential Information as provided herein. The term “residuals” means

information in non-tangible form, which may be retained by person who has had

access to the Confidential Information, including ideas, concepts, know-how or

techniques contained therein. Neither party shall have any obligation to limit or

restrict the assignment of such persons or to pay royalties for any work resulting

from the use of residuals. However, the foregoing shall not be deemed to grant to

either party a license under the other party’s copyrights or patents.

(e) This Agreement constitutes the entire agreement between the parties with respect to

the subject matter hereof. It shall not be modified except by a written agreement

dated subsequently to the date of this Agreement and signed by both parties. None

of the provisions of this Agreement shall be deemed to have been waived by any act

or acquiescence on the part of Disclosing Party, its agents, or employees, except by


&



an instrument in writing signed by an authorized officer of Disclosing Party. No

waiver of any provision of this Agreement shall constitute a waiver of any other

provision(s) or of the same provision on another occasion.

(f) In case of any dispute, both the parties agree for neutral third party arbitration. Such

arbitrator will be jointly selected by the two parties and he/she may be an auditor,

lawyer, consultant or any other person of trust. The said proceedings shall be

conducted in English language at Mumbai and in accordance with the provisions of

Indian Arbitration and Conciliation Act 1996 or any Amendments or Re-enactments

thereto. Nothing in this clause prevents a party from having recourse to a court of

competent jurisdiction for the sole purpose of seeking a preliminary injunction or

any other provisional judicial relief it considers necessary to avoid irreparable

damage. This Agreement shall be governed by and construed in accordance with the

laws of Republic of India. Each Party hereby irrevocably submits to the exclusive

jurisdiction of the courts of Mumbai.

(g) Subject to the limitations set forth in this Agreement, this Agreement will inure to

the benefit of and be binding upon the parties, their successors and assigns.

(h) If any provision of this Agreement shall be held by a court of competent jurisdiction

to be illegal, invalid or unenforceable, the remaining provisions shall remain in full

force and effect.

(i) The Agreement shall be effective from _______ ("Effective Date”) and shall be valid

for a period of ________ year(s) thereafter (the "Agreement Term"). The foregoing

obligations as to confidentiality shall survive the term of this Agreement and for a

period of five (5) years thereafter provided confidentiality obligations with respect

to individually identifiable information, customer’s data of Parties or Software in

human-readable form (e.g., source code) shall survive in perpetuity.

5. Suggestions and Feedback

Either party from time to time may provide suggestions, comments or other

feedback to the other party with respect to Confidential Information provided

originally by the other party (hereinafter “feedback”). Both party agree that all

Feedback is and shall be entirely voluntary and shall not in absence of separate

agreement, create any confidentially obligation for the receiving party. However,

the Receiving Party shall not disclose the source of any feedback without the

providing party’s consent. Feedback shall be clearly designated as such and, except

as otherwise provided herein, each party shall be free to disclose and use such

Feedback as it sees fit, entirely without obligation of any kind to other party. The

foregoing shall not, however, affect either party’s obligations hereunder with

respect to Confidential Information of other party.


&



Dated this __________ day of _______ (Month) 20__ at __________(place)

For and on behalf of ___________________________

Name

Designation

Place

Signature

For and on behalf of ___________________________

Name

Designation

Place

Signature


&



Appendix-M

Pre-Bid Query Format

(To be provide strictly in Excel format)

Vendor

Name

Sl.

No

RFP

Page No

RFP

Clause

No.

Existing

Clause

Query Suggested

clause


&



Appendix-N

Format for Submission of Client References

To whosoever it may concern

Particulars Details

Client Information

Client Name

Client address

Name of the contact person and designation

Phone number of the contact person

Official e-mail address of the contact person

Project Details

Name of the Project

Start Date

End Date

Current Status (In Progress / Completed)

Size of Project

Value of Work Order (In Lakh) (only single work

order)


Seal of Company


&



Appendix-O

PRE CONTRACT INTEGRITY PACT

(TO BE STAMPED AS AN AGREEMENT)

General

This pre-Bid pre-contract Agreement (hereinafter called the Integrity Pact) is made

on _____ day of the month of 201 , between, on the one hand, the State

Bank of India a body corporate incorporated under the State Bank of India Act, 1955

having its Corporate Centre at State Bank Bhavan, Nariman Point, Mumbai through its

________ ____________________ Department / Office at Global IT Center at CBD

Belapur, 400614,

(hereinafter called the "BUYER", which expression shall mean and include, unless the

context otherwise requires, its successors) of the First Part

And

M/s____________________ represented by Shri________________, Chief Executive

Officer/ Authorised signatory (hereinafter called the "BIDDER/Seller which expression

shall mean and include, unless the context otherwise requires, its / his successors and

permitted assigns of the Second Part.

WHEREAS the BUYER proposes to procure (Name of the Stores/Equipment/Item) and

the BIDDER/Seller is willing to offer/has offered the stores and

WHEREAS the BIDDER is a private company/public company/Government

undertaking/partnership/registered export agency, constituted in accordance with the

relevant law in the matter and the BUYER is an Office / Department of State Bank of

India performing its functions on behalf of State Bank of India.

NOW, THEREFORE,

To avoid all forms of corruption by following a system that is fair, transparent and free

from any influence/prejudiced dealings prior to, during and subsequent to the currency

of the contract to be entered into with a view to :

➢ Enabling the BUYER to obtain the desired service / product at a competitive price

in conformity with the defined specifications by avoiding the high cost and the

distortionary impact of corruption on public procurement; and


&



➢ Enabling BIDDERs to abstain from bribing or indulging in any corrupt practice

in order to secure the contract by providing assurance to them that their competitors

will also abstain from bribing and other corrupt practices and the BUYER will

commit to prevent corruption, in any farm, by its officials by following

transparent procedures.

The parties hereto hereby agree to enter into this Integrity Pact and agree as follows:

1. Commitments of the BUYER

1.1 The BUYER undertakes that no official of the BUYER, connected directly or

indirectly with the contract, will demand, take a promise for or accept, directly

or through intermediaries, any bribe, consideration, gift, reward, favour or any

material or immaterial benefit or any other advantage from the BIDDER, either

for themselves or for any person, organisation or third party related to the contract

in exchange for an advantage in the bidding process, Bid evaluation, contracting

or implementation process related to the contract.

1.2 The BUYER will, during the pre-contract stage, treat all BIDDERs alike, and

will provide to all BIDDERs the same information and will not provide any such

information to any particular BIDDER which could afford an advantage to that

particular BIDDER in comparison to other B1DDERs.

1.3 All the officials of the BUYER will report to the appropriate authority any

attempted or completed breaches of the above commitments as well as any

substantial suspicion of such a breach.

1.4 In case any such preceding misconduct on the part of such official(s) is

reported by the BIDDER to the BUYER with full and verifiable facts and the

same is prima facie found to be correct by the BUYER, necessary disciplinary

proceedings, or any other action as deemed fit, including criminal proceedings

may be initiated by the BUYER and such a person shall be debarred from further

dealings related to the contract process. In such a case while an enquiry is being

conducted by the BUYER the proceedings under the contract would not be

stalled.

2. Commitments of BIDDERs

2.1 The BIDDER commits itself to take all measures necessary to prevent corrupt

practices, unfair means and illegal activities during any stage of its Bid or during

any pre-contract or post-contract stage in order to secure the contract or in

furtherance to secure it and in particular commit itself to the following:

2. 2 The BIDDER will not offer, directly or through intermediaries, any bribe, gift,

consideration, reward, favour, any material or immaterial benefit or other

advantage, commission, fees, brokerage or inducement to any official of the

BUYER, connected directly or indirectly with the bidding process, or to any

person, organisation or third party related to the contract in exchange for any


&



advantage in the bidding, evaluation, contracting and implementation of the

contract.

2.3 The BIDDER further undertakes that it has not given, offered or promised to give,

directly or indirectly any bribe, gift, consideration, reward, favour, any material or

immaterial benefit or other advantage, commission, fees, brokerage or inducement

to any official of the BUYER or otherwise in procuring the Contract or forbearing

to do or having done any act in relation to the obtaining or execution of the contract

or any other contract with State Bank of India for showing or forbearing to show

favour or disfavour to any person in relation to the contract or any other contract

with State Bank of India.

2.4 Wherever applicable, the BIDDER shall disclose the name and address of agents

and representatives permitted by the Bid documents and Indian BIDDERs shall

disclose their foreign principals or associates, if any.

2.5 The BIDDER confirms and declares that they have not made any payments to any

agents/brokers or any other intermediary, in connection with this Bid/contract.

2.6 The BIDDER further confirms and declares to the BUYER that the BIDDER is the

original vendors or service providers in respect of product / service covered in the

Bid documents and the BIDDER has not engaged any individual or firm or

company whether Indian or foreign to intercede, facilitate or in any way to

recommend to the BUYER or any of its functionaries, whether officially or

unofficially to the award of the contract to the BIDDER, nor has any amount been

paid, promised or intended to be paid to any such individual, firm or company in

respect of any such intercession, facilitation or recommendation.

2.7 The BIDDER, at the earliest available opportunity, i.e. either while presenting the

Bid or during pre-contract negotiations and in any case before opening the

financial Bid and before signing the contract, shall disclose any payments he has

made, is committed to or intends to make to officials of the BUYER or their family

members, agents, brokers or any other intermediaries in connection with the

contract and the details of services agreed upon for such payments.

2.8 The BIDDER will not collude with other parties interested in the contract to

impair the transparency, fairness and progress of the bidding process, Bid

evaluation, contracting and implementation of the contract.

2.9 The BIDDER will not accept any advantage in exchange for any corrupt

practice, unfair means and illegal activities.

2.10 The BIDDER shall not use improperly, for purposes of competition or personal

gain, or pass. on 'to° others, any -information provided by the BUYER as part of

the business relationship, regarding plans, technical proposals and business

details, including information contained in any electronic data carrier. The

BIDDER also undertakes to exercise due and adequate care lest any such

information is divulged.

2.11 The BIDDER commits to refrain from giving any complaint directly or through any

other manner without supporting it with full and verifiable facts.


&



2.12 The BIDDER shall not instigate or cause to instigate any third person to commit

any of the actions mentioned above.

2.13 If the BIDDER or any employee of the BIDDER or any person acting on behalf of

the BIDDER, either directly or indirectly, is a relative of any of the officers of the

BUYER, or alternatively, if any relative of an officer of the BUYER has financial

Interest/stake in the BIDDER's firm, the same shall be disclosed by the BIDDER

at the time of filing of tender. The term 'relative' for this purpose would be as

defined in Section 6 of the Companies Act 1956.

2.14 The BIDDER shall not lend to or borrow any money from or enter into any

monetary dealings or transactions, directly or indirectly, with any employee of the

BUYER.

3. Previous Transgression

3.1 The BIDDER declares that no previous transgression occurred in the last three

years immediately before signing of this Integrity Pact, with any other company

in any country in respect of any corrupt practices envisaged hereunder or with

any Public Sector Enterprise / Public Sector Banks in India or any Government

Department in India or RBI that could justify BIDDER's exclusion from the

tender process.

3.2 The BIDDER agrees that if it makes incorrect statement on this subject, BIDDER

can be disqualified from the tender process or the contract, if already awarded,

can be terminated for such reason.

4. Earnest Money (Security Deposit)

4.1 While submitting commercial Bid, the BIDDER shall deposit an amount

(specified in RFP) as Earnest Money/Security Deposit, with the BUYER through

any of the mode mentioned in the RFP / Bid document and no such mode is

specified, by a Bank Draft or a Pay Order in favour of State Bank of India from

any Bank including SBI . However payment of any such amount by way of Bank

Guarantee, if so permitted as per Bid documents / RFP should be from any

Scheduled Commercial Bank other than SBI and promising payment of the

guaranteed sum to the BUYER on demand within three working days without

any demur whatsoever and without seeking any reasons whatsoever. The demand

for payment by the BUYER shall be treated as conclusive proof for making such

payment to the BUYER.

4.2 Unless otherwise stipulated in the Bid document / RFP, the Earnest Money/Security

Deposit shall be valid upto a period of five years or the complete conclusion of the

contractual obligations to the complete satisfaction of both the BIDDER and the

BUYER, including warranty period, whichever is later.

4.3 In case of the successful BIDDER a clause would also be incorporated in the

Article pertaining to Performance Bond in the Purchase Contract that the

provisions of Sanctions for Violation shall be applicable for forfeiture of


&



Performance Bond in case of a decision by the BUYER to forfeit the same-

without assigning any reason for imposing sanction for violation of this Pact.

4.4 No interest shall be payable by the BUYER to the BIDDER on Earnest

Money/Security Deposit for the period of its currency.

5. Sanctions for Violations

5.1 Any breach of the aforesaid provisions by the BIDDER or any one employed by

it or acting on its behalf (whether with or without the knowledge of the BIDDER)

shall entitle the BUYER to take all or any one of the following actions, wherever

required:

(i) To immediately call off the pre contract negotiations without assigning any

reason and without giving any compensation to the BIDDER. However, the

proceedings with the other BIDDER(s) would continue, unless the BUYER

desires to drop the entire process.

(ii) The Earnest Money Deposit (in pre-contract stage) and/or Security

Deposit/Performance Bond (after the contract is signed) shall stand forfeited

either fully or partially, as decided by the BUYER and the BUYER shall not be

required to assign any reason therefore.

(iii) To immediately cancel the contract, if already signed, without

giving any compensation to the BIDDER.

(iv) To recover all sums already paid by the BUYER, and in case of an Indian

BIDDER with interest thereon at 2% higher than the prevailing Base Rate of State

Bank of India, while in case of a BIDDER from a country other than India with

interest thereon at 2% higher than the LIBOR. If any outstanding payment is due

to the BIDDER from the BUYER in connection with any other contract for any

other stores, such outstanding could also be utilized to recover the aforesaid sum

and interest.

(v) To encash the advance Bank guarantee and performance bond/warranty bond, if

furnished by the BIDDER, in order to recover the payments, already made by the

BUYER, along with interest.

(vi) To cancel all or any other Contracts with the BIDDER. The BIDDER shall be

liable to pay compensation for any loss or damage to the BUYER resulting from

such cancellation/rescission and the BUYER shall be entitled to deduct the

amount so payable from the money(s) due to the BIDDER.

(vii) To debar the BIDDER from participating in future bidding processes of the

BUYER or any of its Subsidiaries for a minimum period of five years, which may

be further extended at the discretion of the BUYER.

(viii) To recover all sums paid, in violation of this Pact, by BIDDER(s) to any

middleman or agent or broker with a view to securing the contract.

(ix) Forfeiture of Performance Bond in case of a decision by the BUYER to forfeit

the same without assigning any reason for imposing sanction for violation of this


&



Pact.

(x) Intimate to the CVC, IBA, RBI, as the BUYER deemed fit the details of such

events for appropriate action by such authorities.

5.2 The BUYER will be entitled to take all or any of the actions mentioned at para

5.1(i) to (x) of this Pact also on the Commission by the BIDDER or any one

employed by it or acting on its behalf (whether with or without the knowledge of

the BIDDER), of an offence as defined in Chapter IX of the Indian Penal code,

1860 or Prevention of Corruption Act, 1988 or any other statute enacted for

prevention of corruption.

5.3 The decision of the BUYER to the effect that a breach of the provisions of this

Pact has been committed by the BIDDER shall be final and conclusive on the

BIDDER. However, the BIDDER can approach the Independent Monitor(s)

appointed for the purposes of this Pact.

6. Fall Clause

The BIDDER undertakes that it has not supplied/is not supplying similar

product/systems or subsystems at a price lower than that offered in the present

Bid in respect of any other Ministry/Department of the Government of India or

PSU or any other Bank and if it is found at any stage that similar product/systems

or sub systems was supplied by the BIDDER to any other Ministry/Department

of the Government of India or a PSU or a Bank at a lower price, then that very

price, with due allowance for elapsed time, will be applicable to the present case

and the difference in the cost would be refunded by the BIDDER to the BUYER,

if the contract has already been concluded.

7. Independent Monitors

7.1 The BUYER has appointed Independent Monitors (hereinafter referred to as

Monitors) for this Pact in consultation with the Central Vigilance Commission

(Names and Addresses of the Monitors to be given).

NAME SHRI K. CHANDRAHAS DR. PARVEZ HAYAT

CADRE IRS (Retd) IPS (Retd)

ADDRESS G-1, Reliance Homes,

8-2-547/R, Road No. 7,

Banjara Hills,

Hyderabad - 500034

B-4/69-A

Safdarjung Enclave,

New Delhi- 110029

e-mail ID [email protected] [email protected]

mailto:[email protected]


&



7.2 The task of the Monitors shall be to review independently and objectively,

whether and to what extent the parties comply with the obligations under this Pact.

7.3 The Monitors shall not be subjected to instructions by the representatives of the

parties and perform their functions neutrally and independently.

7.4 Both the parties accept that the Monitors have the right to access all the

documents relating to the project/procurement, including minutes of meetings.

Parties signing this Pact shall not approach the Courts while representing the

matters to Independent External Monitors and he/she will await their decision in

the matter.

7.5 As soon as the Monitor notices, or has reason to believe, a violation of

this Pact, he will so inform the Authority designated by the BUYER.

7.6 The BIDDER(s) accepts that the Monitor has the right to access without

restriction to all Project documentation of the BUYER including that provided

by the BIDDER. The BIDDER will also grant the Monitor, upon his request and

demonstration of a valid interest, unrestricted and unconditional access to his

project documentation. The same is applicable to Subcontractors. The Monitor

shall be under contractual obligation to treat the information and documents of

the BIDDER/Subcontractor(s) with confidentiality.

7.7 The BUYER will provide to the Monitor sufficient information about all

meetings among the parties related to the Project provided such meetings could

have an impact on the contractual relations between the parties. The parties will

offer to the Monitor the option to participate in such meetings.

7.8 The Monitor will submit a written report to the designated Authority of

BUYER/Secretary in the Department/ within 8 to 10 weeks from the date of

reference or intimation to him by the BUYER / BIDDER and, should the occasion

arise, submit proposals for correcting problematic situations.

8. Facilitation of Investigation

In case of any allegation of violation of any provisions of this Pact or payment of

commission, the BUYER or its agencies shall be entitled to examine all the

documents including the Books of Accounts of the BIDDER and the BIDDER

shall provide necessary information and documents in English and shall extend

all possible help for the purpose of such examination.

9. Law and Place of Jurisdiction

This Pact is subject to Indian Law. The place of performance and jurisdiction is

the seat of the BUYER.


&



10. Other Legal Actions

The actions stipulated in this Integrity Pact are without prejudice to any other

legal action that may follow in accordance with the provisions of the extant law

in force relating to any civil or criminal proceedings.

11. Validity

11.1 The validity of this Integrity Pact shall be from date of its signing and extend

upto 5 years or the complete execution of the contract to the satisfaction of both

the BUYER and the BIDDER/Seller, including warranty period, whichever is

later. In case BIDDER is unsuccessful, this Integrity Pact shall expire after six

months from the date of the signing of the contract, with the successful Bidder

by the BUYER.

11.2 Should one or several provisions of this Pact turn out to be invalid; the remainder

of this Pact shall remain valid. In this case, the parties will strive to come to an

agreement to their original intentions.

12. The parties hereby sign this Integrity Pact at _____ on ___________

For BUYER For BIDDER

Name of the Officer. Chief Executive Officer/

Designation Authorised Signatory

Office / Department / Branch Designation

State Bank of India.

Witness Witness

1

1.

2

2.

Note: This agreement will require stamp duty as applicable in the State where it is

executed or stamp duty payable as per Maharashtra Stamp Act, whichever is

higher.


&



Appendix-P

FORMAT FOR EMD BANK GUARANTEE

To:

Deputy General Manager,

Networking & Communication Dept.,

State Bank Global IT Centre,



EMD BANK GUARANTEE FOR

ENGAGEMENT OF NETWORK INTEGRATOR (NI) & SETTING UP OF NEXT

GENERATION NETWORK OPERATIONS CENTRE (NOC) TO STATE BANK

OF INDIA TO MEET SUCH REQUIRMENT AND PROVIDE SUCH SERVICES

AND SOLUTIONS (HARDWARE & SOFTWARE) AS ARE SET OUT IN THE

RFP NO.SBI:xx:xx DATED dd/mm/yyyy

WHEREAS State Bank of India (SBI), having its Corporate Office at Nariman Point,

Mumbai, and Regional offices at other State capital cities in India has invited Request for

Proposal to develop, implement and support ________________(name of Solutions and

service) as are set out in the Request for Proposal SBI:xx:xx dated dd/mm/yyyy.

2. It is one of the terms of said Request for Proposal that the Bidder shall furnish a Bank

Guarantee for a sum of Rs._________/-(Rupees _____________________ only)

as Earnest Money Deposit.

3. M/s. ________________________, (hereinafter called as Bidder, who are our

constituents intends to submit their Bid for the said work and have requested us to furnish

guarantee in respect of the said sum of Rs.__________/-(Rupees _____________________

only)

4. NOW THIS GUARANTEE WITNESSETH THAT

We _____________________________ (Bank) do hereby agree with and undertake to the

State Bank of India, their Successors, assigns that in the event of the SBI coming to the

conclusion that the Bidder has not performed their obligations under the said conditions of

the RFP or have committed a breach thereof, which conclusion shall be binding on us as

well as the said Bidder, we shall on demand by the SBI, pay without demur to the SBI, a

sum of Rs.__________/- (Rupees _____________________ Only) that may be demanded

by SBI. Our guarantee shall be treated as equivalent to the Earnest Money Deposit for the

due performance of the obligations of the Bidder under the said conditions, provided,

however, that our liability against such sum shall not exceed the sum of Rs.__________/-

(Rupees _____________________ Only).


&



5. We also agree to undertake to and confirm that the sum not exceeding Rs.__________/-

(Rupees _____________________ Only) as aforesaid shall be paid by us without any

demur or protest, merely on demand from the SBI on receipt of a notice in writing stating

the amount is due to them and we shall not ask for any further proof or evidence and the

notice from the SBI shall be conclusive and binding on us and shall not be questioned by

us in any respect or manner whatsoever. We undertake to pay the amount claimed by the

SBI, without protest or demur or without reference to Bidder and not-withstanding any

contestation or existence of any dispute whatsoever between Bidder and SBI, pay SBI

forthwith from the date of receipt of the notice as aforesaid. We confirm that our obligation

to the SBI under this guarantee shall be independent of the agreement or agreements or

other understandings between the SBI and the Bidder. This guarantee shall not be revoked

by us without prior consent in writing of the SBI.

6. We hereby further agree that –

a) Any forbearance or commission on the part of the SBI in enforcing the conditions

of the said agreement or in compliance with any of the terms and conditions

stipulated in the said Bid and/or hereunder or granting of any time or showing of

any indulgence by the SBI to the Bidder or any other matter in connection

therewith shall not discharge us in any way our obligation under this guarantee.

This guarantee shall be discharged only by the performance of the Bidder of their

obligations and in the event of their failure to do so, by payment by us of the sum

not exceeding Rs.__________/- (Rupees _____________________ Only)

b) Our liability under these presents shall not exceed the sum of Rs.__________/-

(Rupees _____________________ Only)

c) Our liability under this agreement shall not be affected by any infirmity or

irregularity on the part of our said constituents in tendering for the said work or

their obligations there under or by disSolution or change in the constitution of our

said constituents.

d) This guarantee shall remain in force upto 180 days provided that if so desired by

the SBI, this guarantee shall be renewed for a further period as may be indicated

by them on the same terms and conditions as contained herein.

e) Our liability under this presents will terminate unless these presents are renewed

as provided herein upto 180 days or on the day when our said constituents comply

with their obligations, as to which a certificate in writing by the SBI alone is the

conclusive proof, whichever date is earlier.

f) Unless a claim or suit or action is filed against us on or before____(date to be

filled by BG issuing bank), all the rights of the SBI against us under this guarantee

shall be forfeited and we shall be released and discharged from all our obligations

and liabilities hereunder.


&



g) This guarantee shall be governed by Indian Laws and the Courts in Mumbai, India

alone shall have the jurisdiction to try & entertain any dispute arising out of this

guarantee.

Notwithstanding anything contained hereinabove:

(a) Our liability under this Bank Guarantee shall not exceed Rs……….………/-

(Rupees …………………….only)

(b) This Bank Guarantee shall be valid upto ……………………….

(c) We are liable to pay the guaranteed amount or any part thereof under this Bank

Guarantee only and only if you serve upon us a written claim or demand on or before

……………………

Yours faithfully,

For and on behalf of

_______________________________

Authorized official of the bank

(Note: This guarantee will require stamp duty as applicable in the State where it is executed

and shall be signed by the official(s) whose signature and authority shall be verified)


&



Appendix-Q

MINIMUM RESOURCE REQUIREMENT

Table-1:

The breakup of resources between operational delivery streams is indicated below:

Role NOC 1 +

NOC 2

All

DCs NW&C LHOs AO

RBO+

Imp Brs Total

Service Desk 42 - - - - - 42

Field Engg. - - - 85 90 574 749

L1 Engineers 30 22 33 - - - 85

L2 Engineers 36 - 15 - - - 51

L3 (R&S)

42 - 16 - - - 58 L3 Security

***L3 Others (NW,

D&C, QA)

$$ Mgr-Ops, DC,

AM, TSP Mgmt 4 - 14 17 - - 35

Project Manager - - 4 - - - 4

Engagement

Managers 2 - 1 - - - 3

System Engineer/

Administrator 4 4

TOTAL 160 22 83 102 90 574 1031

(***Network Design, Compliance & Quality Assurance) $$ Manager-Operations, Data

Centre, Asset Management, TSP Management).

Note: The number of resources mentioned against each location is tentative. The resources

can be readjusted anywhere as per Bank’s requirement.

Above number of resources also includes:

Category L1 L2 L3 Manager

Proxy 12 3 1

1

DNS 3 1 1

NTP 3 1 -

NSPM 3 2 1

NAC** 12 4 1

Other existing Solution

in the RFP 6 3 -

Security and

Compliance 1 1

Note:

➢ There shall be at least one NI resource representing as a Single Point of

Contact (SPOC) at each of the LHO.


&



➢ All the resources mentioned above are “dedicated” resources and shall work

only for SBI under this RFP/project.

➢ In addition to the above mentioned dedicated resources, the Bank shall also

require 40 non-dedicated resources for foreign offices to provide technical

support to the central team in troubleshooting or implementation of any new

Solution or revamping of the existing network architecture or for similar other

purposes. The payment in lieu of services availed by them shall be paid on a

per day basis (where one day shall be equivalent to 8-man hours). The cost of

same shall have to be specified by the bidders in the table provided in

Appendix-F.

TABLE-2: RESOURCE PROFILE DESCRIPTION

Sr No Designation Job Description

1 Engagement

Manager

1) Responsible for setting up direction for Program

management team, operation management team and

technical delivery team to carry out activities

2) Responsible for handling high level escalations

3) Responsible for smooth working of operations at all

the levels (NOC, GITC, DCs, LHOs, Zonal Offices,

Branches & Foreign Offices).

4)Primarily accountable for successful implementation

of the project, Act to remove critical project bottlenecks

5) Identification of working team members, project

management office members and team leads

6) Single point of contact for banks senior management

7) Be a part of steering committees set up by the Bank

for rollout of IT Projects, if so required by the Bank.

8) responsible to implement all requirement mentioned

in this RFP.

2 Project

Manager

1) Responsible for doing timely SLA Review and

meeting with the SBI stakeholders.

2) Responsible for Change management request

approvals

3) This team must be acting as consultants for SBI for

new technology adoption, effective use of technology

resources available at SBI.

4) Report on progress to PMO and the Bank.

5) Identify and report any risks to PMO and the Bank.

6) Seek advice from the PMO on mitigation measures

and deploy these at the respective SBI branches.

7) Must be responsible for carrying out regular service

improvement plans.

8) This team comprises of Network Design Team,

Implementation Team, and Integration Team which


&



includes technical specialists, network engineers, team

leaders etc.

9) Responsible for establishing new or enhancement of

Data Centres.

10) Product implementation, which includes

deployment of new product into the network, solving

compatibility issues and configuring it.

11) Responsible for conducting proof of concept for

new technologies/devices to be implemented in the

Bank

3 Managers-

TSP

1) Follow up with service providers and other

stakeholders for provisioning, upgradation, degradation

and termination of the Link.

2) Responsible to coordinate with NOC to deploy the

link and update the link database.

3) Lifecycle Management of all the links in SBI network

including third party link owners and their users.

4) Decommissioning of links.

5)Invoice management from BSNL, MTNL and all

other TSP‟s.

6) Verification and Escalation for any payment related

discrepancy in relation to link database and SLA tools

with respective services provider.

4

Operations

Manager -

Data Center

1) Responsible for management of Devices & Link

Uptime.

2)Reviewing and ensuring monthly Preventative

Maintenance.

3) Responsible for Managing Escalation and resolving

issues on time with coordination of GSC and

application owners.

4) Coordination with different stakeholders and

execution of any change in the Data Centre(s), GITC

and its annex building Locations.

5) Data Centre link Upgradation and New deliveries.

6) Execution of task highlighted in Audit compliance.

7) Building LAN Management.

8) Coordination with client and Application team for

Major change activity in Data Centre for smooth DC

operation.

9) Responsible for implementation of standard cabling,

tagging etc in Data Centres.

10) Responsible to follow up with OEM, SI for RMA

and other activities.

11) Rendering support to Project Team to execute

operational project at Data Centres.

12) Ensuring no ticket remains unattended for more

than 15 minutes by NOC engineers.


&



5 Managers -

Compliance

1) Responsible for implementation of security

measures and achieving compliance for the Bank’s

Network. They will also responsible for timely closure

of IT audit observation and submission of reports and

periodic interval.

2) Responsible for gathering all the evidences required

for audits faced by the Bank

3) Responsible for Setting overall QA test strategy that

includes all various types of testing being performed

by the QA team

4) Responsible for resolving escalated issues and risks

with firm mitigation plans and escalate outstanding

issues if required

5) Responsible for identifying needs for implementing

new processes and analyse project trends to improve

and optimize existing processes. Ensure both new and

existing processes are being followed

6) Responsible for participating in the Business

Requirements Document (BRD) review and Functional

Design Document review meetings.

7) Responsible for performing any necessary follow-up

on requirements analysis, estimates, including re-

estimates, attendance at kick-off meetings, etc.

8) Responsible for ensuring testing commitments to

ensure the quality and compliance as stipulated in IT &

IT Policy, Procedure documents.

9) Play the role of verifier of

configuration/architectural changes by other teams

6 Managers-

Monitoring

1) Daily review with Field Team for the branches

isolated for more than 24 hrs.

2) Ensuring and reporting Quarterly PM of All

Branches

3) All the backlogs of ITSM Tickets to be cleared

4) Follow-up with field team to reduce BSNL isolated

cases

5) Follow-up with field team for the branches running

on backup

6) Follow-up with field team for the branches isolated

for more than 72 hours

7) Continue to removed merged and closed branches

from Monitoring.

8) PAN India follow-up to be continued to nullify the

pending remedy tickets.

9) Follow-up with Team to keep the incident tickets as

minimum as possible.

10) Follow-up with stake holder for faulty hardware

replacement.

11) Escalation handling


&



12) Rendering support to Project Team to execute

operational project at LHOs and Branches

7 Managers -

Assets

1) Preparing and maintaining the network asset

inventory.

2) Responsible for sharing the asset inventory with the

Bank as and when updated or asked by the Bank.

3) Transportation of products from vendor/bidder’s

warehouse to the branch location.

4) Movement and transportation of devices from one

location to another.

5) Responsible for getting permission, insurance and

other requirement for asset movement and

transportation.

6) Responsible for sharing support details of devices

on periodic basis with the Bank.

7) Responsible to update the support details of devices

in asset inventory tool.

8 L3 Engineers

(NDC & QA)

1) Responsible to close all the IT audit observation and

submit evidences.

2) Responsible for gathering all the evidences required

for audits faced by the Bank

3) Responsible for Set the overall QA test strategy that

includes all the various types of testing being

performed by the QA team

4) Responsible for resolving escalated issues and risks

with firm mitigation plans and escalate outstanding

issues if required

5) Responsible for identifying needs for implementing

new processes and analyse project trends to improve

and optimize existing processes. Ensure both new and

existing processes are being followed

6) Responsible for participating in the Business

Requirements Document (BRD) review and Functional

Design Document review meetings.

7) Responsible for performing any necessary follow-up

on requirements analysis, estimates, including re-

estimates, attendance at kick-off meetings, etc.

8) Responsible for ensuring testing commitments

Ensure the quality and compliance as stipulated in IT

& IT Policy, Procedure documents

9) Play the role of verifier of

configuration/architectural changes by other teams

10) Responsible for implementation of security and

compliance recommendation as per Bank’s policies.


&



9 L3 Engineers

(IT Security)

1) Ensuring that all the audits findings are closed

within given time and providing proofs (that can be

shown to the auditor) to the Bank

2) Assisting the design team while designing the

architecture for new branches such that all the security

best practices are in place from day one.

3) Ensuring that all the network devices are configured

as per the Bank’s security policy, best practices to

ensure Secured Network Architecture.

4) Configure and manage Firewalls & IPS across the

network

5) Work on the vulnerabilities pointed out by various

agencies such as OEM, CERT, SOC, ISD, network

department / other departments, government agencies,

etc.

6) Providing selective resource access by configuring

suitable access list on router. This includes hardening

the perimeter security by configuring appropriate IP

addresses and communication ports on router.

7) Masking private IP addresses by configuring NAT

on routers. This can be made static or dynamic based

on client’s policies.

8) User Account Management: Configuring user

authentication through TACACS or RADIUS servers

9)Configuring authentication protocols that are

available in Network/server devices OS (like PAP,

CHAP and AAA)

10)Implementing encrypted password management

mechanisms on all supported devices Implementing

privilege rights based on user rights for controlled

access. All requests for user creation, modification and

deletion will be authorized by SBI concerned people in

a prescribed format.

11) Ensuring security against asynchronous terminals,

such as console terminals and from integrated modem

line.

12) Disabling reverse telnet by default and enable only

on need base

13) Prompt resolution of tickets raised by application

owners.


&



10 L3 Engineers

(R&S)

1) Escalation point for Help Desk (HD) engineers

2)This position serves as the subject matter expert and

is responsible for the architecture, design and

development of secure network infrastructures

3)Create basis of design, HLD (high level design),

LLD (low level design), implementation plan and

NRFU (network ready for use) for large scale Network

Infrastructure Security Projects that involves firewalls,

IPS, VPN, SSL Offload, Device hardening, DDoS

protection techniques, Identity Management suites,

Link Encryption, Data Protection, Web and Email

security devices.

4) Developing requirements for Data Centre LANs,

WANs, virtual private networks (VPNs)

5) Must be able to lead projects throughout the full

lifecycle of project delivery including the requirement

gathering, planning, design, implementation, testing,

optimization and hand-over phases

11 L2 Engineers

1) Responsible for coordinating with Field Engineers

to troubleshoot issues related to Critical

branches/offices.

2)Ownership of change request and incidents to

determine root cause

3) Identification and mitigate various security threats

Maintaining internal IT System in adherence with SBI

policies and standards

4) Assisting Senior support tiers with project based

configuration and deployment work

5) Offsite technical implementation, installation, and

configuration of hardware when required

6) All the escalations done by L1relating to other

branches are handled by L2 Engineers.

12 L1 Engineers

- Data Centre

1) 24x7 hands and feet support for L2& L3 for Project

related activity

2) Follow up with Service Providers for Link

restoration

3) Investigate first line support in Data Centres during

failures

4) Onsite support for GSC and GITC technical team

during operation/project failures

5) Onsite assistance during IOS upgrade

6) carrying out Preventive Maintenance for Data

Centre

7) Network device installation/de-installation, network

cable connectivity/ removal/ replacement as an when

required

8) Managing LAN Network. (GITC, Nerul, Juinagar,


&



Kapas Bhavan, Balaji Bhavan, MTNL Building,

Station Building, SBB- Corp Centre and Chennai DR)

13

L1 Engineer

(other than

field)

Major Job Duties and Responsibilities:

• Handling end-user LAN related issues including

troubleshooting of NAC

• Responsible to handle issues raised by branches

and application departments.

• Escalating issues to L2, L3 and other NOC support

engineer.

• Daily and scheduled backup of devices through

centralized tool.

14

NAC

Administrator


• NAC implementation, administration, and

maintenance (including all components such as

load balancers, switches, etc.)

• NAC server management including Software

updates, upgrades. configurational changes, policy

creation/modification, VA/PT observations

closure, making new entries, removal/purging of

old/invalid entries, synchronization between local

and remote sites servers, provisioning of access to

remote users, etc.

• Implementation of industry standard/best practices

security in a time bound manner

• Extraction and dissemination of various reports in

prescribed formats

• NAC issue troubleshooting (at server and client

level) including handling escalation calls from

end-users, resolution of issues as per the defined

SLA, coordination with other teams handling

NAC dependent Solution components (such as

AD, AV, patch management, etc.). the team may

require taking remote access of the end-user

devices for troubleshooting


&



15

DNS

Administrator


• Management of DNS devices deployed in the

Bank

• Perform data entry work on the Domain Name

Services (DNS) portal adding, deleting, and

updating object records for IP management.

• Resolving discrepancies, perform standard tests

(ping, lookups, SSH) to validate data source prior

to applying changes.

• Update, open or close tickets or reply to requestor.

• Collaborate with support team members to

identify and resolve issues and discrepancies.

• Work with multiple applications and documents to

achieve the desired results.

• Documentation and other DNS operation related

activity

Closure of security, audit and SOC observation

16

Proxy Major Job Duties and Responsibilities:

• Management of proxy devices deployed in the

Bank

• Providing internet access to user/application on

need basis as per approval of the Bank

• Handling internet related issues for user desktops

and applications server

• Tracking of all the access provided to end

user/application

Closure of security, audit and SOC observation

17

System

Engineer


• Management of Tools deployed in NOC

• Designing and implementing functionality as per

the Bank’s requirement.

• Customisation of tools.

• Keeping all the tools up-to-date and accessible to

set of desired users

• Closure of security, audit and SOC observation.

• Automation of NOC operation processes.

• Data back and management.

Note: The job description provided above for each role is illustrative in nature.


&



TABLE-3: EDUCATIONAL/PROFESSIONAL QUALIFICATION AND

CERTIFICATION AND EXPERIENCE CRITERIA FOR NI RESOURCES

S.No. Position Proposed Skill Sets

1 Field Engineer

Qualification:

• Diploma in Computer Science / Electronics

and/ or Telecommunications

Engineering / Information Technology

OR

• Bachelor’s degree in any stream

Certification:

• Certification in CCNA or any other certification

in the computer network field such as JNCIA,

CompTIA Network+.

Experience:

• Minimum 1 year of experience in network

configuration

Skills:

• Person should have adequate knowledge of net

working devices.

• Sound analytical and troubleshooting skills

• Good Team Management and coordination ski

lls

2 Level L1

Qualification:

• Diploma in Computer Science / Electronics

and/ or Telecommunications

Engineering / Information Technology

OR

• Bachelor’s degree in any stream

Certification:

CCNA or any other certification in the computer

network field such as JNCIA, CompTIA Network+.

Experience:

Minimum 2 years of experience in network

configuration is recommended.

Skills:


&



• Person should have adequate knowledge of net

working devices.



lls

3

Level L2

(Routing &

Switching)

Qualification:

Bachelor’s degree in any stream

Certifications:

Any one of the certifications mentioned below (or

equivalent):

Cisco CCNP

JNCIS-ENT

JNCIS-SP

Experience:

Candidates who have 5 years of hands-on experience

in managing network of any reputed organization

with at least 3 years in any one of the following :

a. Level-2 resource in an organization in the business

of providing Network Services,

OR

b. As TAC resource of an OEM (in the field of

network security devices such as firewall, IPS etc.)

OR

c. Experience in managing network operation and

management for any organization in BFSI sector

4 Level L2

(Security)

Qualification:

Bachelor’s degree in any stream.

Certifications:

Any one of the certifications mentioned below:

Cisco CCNP Security

JNCIS-SEC

Check Point Certified Security Administrator

(CCSA) R80.x

Palo Alto Networks Certified Cybersecurity

Associate (PCCSA)

Certified McAfee Security Specialist

Fortinet NSE 1

Fortinet NSE 2

Fortinet NSE 3

Experience:


&



Candidates who have 3 years of hands-on experience

in managing network of any reputed organization

with at least 1.5 years in any one of the following:

a. Level-2 resource in an organization in the business

of providing Network Services,

OR


network security devices such as firewall, IPS etc.)

OR

c. Experience in managing network security for any

organization in BFSI sector

5 Helpdesk

(HD)

Qualification:

Diploma / Bachelor’s degree in any stream

Certification:

• CCNA or any other Certification in CCNA or

any other certification in the computer network

field is preferred.

Experience:

• Minimum 1 year of experience in network

service desk operations.

Skills:

• Person should have adequate knowledge

of networking devices.



lls

• Fluent in English and Hindi

6

Level -

L3 (Routing

and

Switching)

Qualification:


Certifications:


Cisco CCDP

Cisco CCDE

Cisco CCIE Data Center

Cisco CCIE Routing and Switching

Cisco CCIE Service Provider

Juniper JNCIE-DC

Juniper JNCIE-SP

Citrix Certified Professional – Networking

Aruba Certified ClearPass Professional (ACCP) (For

NAC L3 Resource)


&



Aruba Certified ClearPass Expert (ACCX) (For

NAC L3 Resource)

Experience:

Candidates who have 6 years of hands-on

experience in managing network of any reputed

organization with at least 3 years in any one of the

following:

a. Level-3 resource in an organization in the

business of providing Network Services,

OR


network routing and switching etc.)

OR

c. Experience in managing network security for

any organization in BFSI sector

Skills:

1. Should have expert level knowledge of IT

Security, routing and switching protocol and

networking devices.

2. Sound analytical and troubleshooting skills

3. Good Team Management and coordination

skills

4. Fluent in at least Hindi and English languages

7 Level L3 (IT

Security)

Qualification:


Certifications:


Cisco CCIE Security

Juniper JNCIE-SEC

Palo Alto Networks Certified Network Security

Administrator (PCNSA)

Palo Alto Networks Certified Network Security

Engineer (PCNSE)

Fortinet NSE 4

Fortinet NSE 5

Fortinet NSE 6

Fortinet NSE 7

Fortinet NSE 8

Certified McAfee Security Specialist

TippingPoint (Trend Micro) Certified Professional

Check Point Certified Security Expert (CCSE)

R80.x,


&



Check Point Certified Security Master (CCSM)

R80.x

Experience:

Candidates who have 6 years of hands-on

experience in managing network of any reputed

organization with at least 3 years in any one of the

following:

a. Level-3 resource in an organization in the

business of providing Network Services,

OR


network security devices such as firewall, IPS

etc.)

OR

c. Experience in managing network security for

any organization in BFSI sector

Skills:

1. Should have expert level knowledge of IT

Security, routing and switching protocol and

networking devices.

2. Sound analytical and troubleshooting skills

3. Good Team Management and coordination

skills

4. Fluent in at least Hindi and English

languages

8 Manager

Qualification:

Graduate/ Postgraduate in any stream

Certifications:

PMP/ ITIL (Intermediate or Expert) or

equivalent certification

Experience:

Minimum 5 years of experience in dealing with

telecommunication company as manager.

Person should have minimum 2 years of

experience in handling

team of network operations.

Skills:

Good analytical, reasoning, problem solving,

reporting and follow-up skills

Microsoft Office Certifications for Microsoft

Word, excel and PowerPoint

Good Team Management and coordination skills


&



Fluent in English and Hindi

9 Project

Manager

Qualification:

Graduate/Postgraduate in any stream.

Certifications:

PMP or equivalent certification

Experience:

Minimum 8 years of experience in handling

deployment of large-scale IT projects as project

manager. Person should have minimum 3 years

of experience in network project handling.

Skills:

Excellent knowledge in Microsoft Word, excel

and PowerPoint, SharePoint.

Good Team Management and coordination skills.


10 Engagement

Manager

Qualification:

Graduate/Post-graduate in any stream.

Certifications:

CCIE or equivalent certification and PMP / ITIL

(Intermediate or Expert) equivalent certification

Experience:

Minimum 10 years of experience in handling

Bank’s WAN or a similar network.

Out of which 5+ years of experience in

networking project handling.

Skills:

Good and quick Decision maker.

Leadership qualities to lead multiple team

efficiently with conflict resolution.

Good Team Management and coordination skills.


Note:

a. Experience certificates to be provided by the selected NI for all its employees engaged

with the Bank’s network & Solution management as a supporting document that its

resources are having requisite experience as defined in the RFP. If a portion of the

experience is from the previous employer, the NI shall have to obtain the experience


&



certificate from the previous employer on the letterhead of all of their previous

employers.

b. Each and every resource proposed by the selected NI that shall be engaged by the Bank

under this RFP, shall be interviewed by a panel of interviewers appointed by the Bank

and on the recommendation/acceptance of the panel the resource shall be engaged for

working for the Bank. Also, elevation of any resource one level to another (L1 to L2,

L2 to L3 etc.), the same panel shall conduct the interview and based on the panel’s

decision, the NI resource/personnel may be elevated.

c. At any given point of time during the NI contract period, there shall be at least two L3

resources having expert knowledge about the products and solutions coming under the

purview of selected NI for management. Such team of experts should cover all OEM

products being used by the Bank in its network. The same shall be applicable for all

new products and solutions procured by the NW&C department during the NI contract

period.


&



Appendix–R

Undertaking of Authenticity

To:

(Name and address of Procuring Office)

Sub: Undertaking of Authenticity for supplied Product(s)

Ref RFP No: SBI/GITC/NW&C/20-21/706 Dated 18.08.2020 (RFP For Engagement

of Network Integrator and setting up of Next Gen Network Operations Centers

(NOCs).

With reference to the Product being quoted to you vide our Bid No:___________ dated

___________, we hereby undertake that all the components /parts /assembly / software etc.

used in the Product to be supplied shall be original new components / parts / assembly /

software only, from respective Original Equipment Manufacturers (OEMs) of the Products

and that no refurbished / duplicate / second hand components /parts/ assembly / software

shall be supplied or shall be used or no malicious code are built-in in the Product being

supplied.

1. We also undertake that in respect of licensed operating systems and other software

utilities to be supplied, the same will be sourced from authorized sources and supplied with

Authorized License Certificate (i.e. Product keys on Certification of Authenticity in case

of Microsoft Windows Operating System).

2. Should you require, we hereby undertake to produce the certificate from our OEM

supplier in support of above undertaking at the time of delivery/installation. It will be our

responsibility to produce such letters from our OEM supplier’s at the time of delivery or

within a reasonable time.

3. In case of default and/or the Bank finds that the above conditions are not complied with,

we agree to take back the Product(s) supplied and return the money paid by you, in full

within seven days of intimation of the same by the Bank, without demur or any reference

to a third party and without prejudice to any remedies the Bank may deem fit.

4. We also take full responsibility of both Product(s) & Service(s) as per the content of the

RFP even if there is any defect by our authorized Service Centre / Reseller / SI etc.

Dated this ....... day of ............................ 202

______________________________________________________________

(Signature) (Name) (In the capacity of)

Duly authorised to sign Bid for and on behalf of

_____________________________________


&



Appendix- S

MANUFACTURERS' AUTHORIZATION FORM

No. Date:

To:

(Name and address of Procuring Office)

Dear Sir:

Ref RFP No: SBI/GITC/NW&C/20-21/706 Dated 18.08.2020 (RFP For Engagement

of Network Integrator and setting up of Next Gen Network Operations Centers

(NOCs).

We, who are established and reputable manufacturers / producers of

________________________ having factories / development facilities at

___________________________________________ (address of factory / facility) do

hereby authorise M/s ___________________ (Name and address of Authorised Business

Partner (ABP)) to submit a Bid, and sign the contract with you against the above RFP.

2. We hereby extend our full warranty for the Products and services offered by the above

ABP against the above RFP.

3. We also undertake to provide any or all of the following materials, notifications, and

information pertaining to the Products supplied by the ABP:

(a) Such Products as the Bank may opt to purchase from the ABP, provided, that

this option shall not relieve the ABP of any warranty obligations under the RFP;

and

(b) In the event of termination of production of such Products:

i. advance notification to the Bank of the pending termination, in sufficient time

to permit the Bank to procure needed requirements; and

ii. following such termination, furnishing at no cost to the Bank, operations

manuals, standards and specifications of the Products, if requested.

4. We duly authorise the said ABP to act on our behalf in fulfilling all installations,

Technical support and maintenance obligations required by the contract.

Yours faithfully,

(Name of Manufacturer / Producer)


&



Note: This letter of authority should be on the letterhead of the manufacturer and should be

signed by a person competent and having the power of attorney to bind the

manufacturer. The Bidder in its Bid should include it.