S. RFP RFP Rule No. Rule Details Query/Suggestion/Clarification … · 2017-03-18 · Replies to the Pre-Bid Queries for Selection of Third Party Auditor (TPA) for ity Surveillance

Replies to the Pre-Bid Queries for Selection of Third Party Auditor (TPA) for City Surveillance Project under Seven divisional HQ’s (NIT No. F4.9(408)/RISL/Tech/Misc./5159 dated 29-09-2016)

Page 1 of 18

S. No.

RFP Page No.

RFP Rule No. Rule Details Query/Suggestion/Clarification Reply to Pre-bid queries

1 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1) Details of work (SoW)

'The audit report prepared by TPA shall form the basis for payments to the System Integrator(s) during the operations phase''

Do the TPA have to give recommendation for release of payment or TPA scope would only be limited to reports submission without any recommendation for release of payment ; If TPA has to give recommendation for release of payment to SI it is suggested that a additional resource with MBA and 3 years of experience should be added to the resource requirement.

As per RFP

2 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,2(a). Infrastructure Audit ;

TPA shall undertake audit for physical and IT infrastructure including rectification of completeness of inventory and asset as per bill of material for the CCC.

May we request you to kindly confirm whether all I.T assets are configured in EMS tool. And we also request to share details of complete BoM as per

Please refer Page no. 4 of RFP (ABBREVIATIONS & DEFINITIONS-SI)

3 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,2(c). Infrastructure Audit; Page No. 11

TPA shall appraise the RISL/DoIT&C about the health of the components through reports indicating the capacity utilization and corresponding scalability requirements.

May we request you to kindly share the details of deployed EMS tool.

Details will be provided to successful bidder

4 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,2(c). Infrastructure Audit ; Page No. 11

TPA shall audit the consumables within the CCC such as Tape Media, Electricity, Diesel, Bandwidth cost etc.

May we request you to kindly provide the below mention details: (a) Tools deployed to measure utilization of bandwidth (b) We understood that electricity consumption is being measured by electricity meter and RISL is paying electricity bill ( c) Details of Tape Media

Details will be provided to successful bidder

5 Page No. 12

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,4(b). SLA Monitoring Audit

TPA shall also review the configuration/deployment parameters of the EMS against the configuration report submitted earlier to the RISL/DoIT&C and examine the process followed to generate the reports.

May we request you to kindly share the EMS details. Details will be provided to successful bidder


Page 2 of 18

S. No.

RFP Page No.


6 Page No. 12

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,4(e). SLA Monitoring Audit ; Page No. 12

TPA audit would also verify the parameters of the SLA, which cannot be monitored using EMS.

TPA would verify the parameters of the SLA, which cannot be monitored using EMS on sample basis i.e. @ 20% Annually

As per RFP

7 Page No. 13

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,5(b) Security and Compliance Audit ;

TPA would review the security measures followed by the SI to ensure that the applications are free of vulnerabilities at the time of hosting.

We understood that all applications which are currently hosted must have "Security Certificate" issued by Third Party Agency and TPA would only review the security process followed by S.I in order to keep network and system free from vulnerability.

As per RFP

8 Page No. 13

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,5(b) Security and Compliance Audit ;

TPA would review the security measures followed by the SI to ensure that the applications are free of vulnerabilities at the time of hosting.

Request you to please share details of applications hosted under city Surveillance Project and also request to clarify that TPA would review only applications of city surveillance project for the security measures followed by the SI to ensure that the applications are free of vulnerabilities at the time of hosting

As per RFP

9 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; 1,A,5(d) Security and Compliance Audit ;

TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001 and conduct internal audits for Security.

TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001:2013 standard

As per revised RFP

10 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; A. Audit Work for Command and Control Center (CCC) -1. Audit Framework Design

Prepare various templates required to be filled in by the various stakeholders involved in the audit process.

Please provide list of stakeholders involved in this project. Please refer Page no. 15,16 of RFP


Page 3 of 18

S. No.

RFP Page No.


11 Page No. 11

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; B. Audit Work for Edge Equipment's ; Page No. 11

Audit Work for Edge Equipment's May we request you to kindly share the list of edge equipment's


12 Page No. 13

4. SCOPE OF WORK, DELIVERABLES & TIMELINES . B. Audit Work for Edge Equipment's (2) Infrastructure Audit ; Page No. 13 "

f. TPA shall be part of the committee for conducting Final Acceptance Test of the Edge Equipment's. "

Could you please share the details of current implementation status and being part of FAT committee please clarify specific role of TPA and the details of activities need to be performed by TPA for the FAT.

As per revised RFP

13 Page No. 12

4. SCOPE OF WORK, DELIVERABLES & TIMELINES B. Audit Work for Edge Equipment's (1) 3. Operations and Management Process and Control Audit ;

a. The TPA would audit the overall Physical and IT infrastructure management processes as per ISO 20000 framework including Monitoring, Maintenance and Management of the entire CCC, along with providing Helpdesk services and provide recommendations to the RISL/DoIT&C.

Request you to share relevant portion of SI RFP or contact which outlines the work to be done as per ISO 20000 framework.


14 Page No. 12 -13

4. SCOPE OF WORK, DELIVERABLES & TIMELINES ; B. Audit Work for Edge Equipment's (1) 5. Security and Compliance Audit ;

d. TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001 and conduct internal audits for Security. ; Audit Assessment parameters based on ISO 20000, ISO 27000, ITIL Standards, State policies and guidelines.

Request you to share relevant portion of SI RFP or contact which outlines the work to be done as per ISO 27001 framework.



Page 4 of 18

S. No.

RFP Page No.


15 Page 45 7. SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT ; 1) Payment Terms and Schedule ;

If the services of STQC are hired, then the payment to the TPA shall be subject to satisfactory assessment done by STQC for the TPA activities else the payment shall be made on satisfactory acceptance of deliverables by RISL/DoIT&C.'

IT is requested to share the mechanism / parameters on which the deliverables will be assessed for release of TPA payment. It is also requested to consider following for TPA payment : TPA deliverables / reports will be accessed / reviewed by RISL/DoIT&C / STQC within 15 days of submission of deliverable by TPA in case RISL/DoIT&C/ STQC does not revert with in 15 days then TPA deliverable would be treated as accepted and full amount for the period will be released with in 30 days of submission of invoice by TPA.

As per RFP

16 Page 45 7. SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT ; 2) Service Level Standards/ Requirements/ Agreement

A. Performance based service level : (In case of non-satisfactory performance, a penalty of 2.5 % of the annual fee shall be deducted from the quarterly payment )

It is requested to share parameters on which TPA performance would be accessed

As per RFP

17 Page no. 46

7. SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT ; 2) Service Level Standards/ Requirements/ Agreement - B. Manpower Availability Service Levels

Minimum manpower resources (Penalty on non-availability of resource per day )

Apart from 12 no. of leaves in a year, we would request RISL to allow deployed resources to attend any training sessions during which penalty would not be applicable to non-availability of the resources

As per revised RFP

18 Page no. 46


Manpower Availability Service Levels we understand that deployment of manpower is from 10 am to 6 pm on any government working day.

As per RFP


Page 5 of 18

S. No.

RFP Page No.


19 Page no. 46


Note : The above resources should be on payroll of the TPA and minimum one resource is to be deployed at each of the seven divisional HQ’s i.e. (Ajmer, Bharatpur, Bikaner, Jaipur, Jodhpur, Kota and Udaipur).

May we request you to specify the location where Senior Consultant will be stationed.

As per revised RFP

20 Page No. 23

5. INSTRUCTION TO BIDDERS (ITB) ; 12) Selection Method:

a) The selection method is Least Cost Based Selection (LCBS or L1).

Keeping in view the quality to be delivered for deliverables such as security audit, etc. therefore we request RISL to consider QCBS method for selection process so that the relative weight to be given to the quality to be delivered during project execution.

As per RFP

21 Page 58 BANK GUARANTEE FORMAT – ERFORMANCE SECURITY (PBG)

BANK GUARANTEE FORMAT – PERFORMANCE SECURITY (PBG)

Request you to please clarify that TPA has to submit PBG after issuance of LOI for contract signing or before during bid submission.

After LOI

22 Page No. 16-17

3. Project Deliverables, Milestones & Time Schedule A. Audit Work for Command and Control Center (CCC) ; 5. Security and Compliance

Internal ISMS Audit in compliance to ISO 27001 Standard

May we request you to kindly rephrase this as " Internal ISMS Audit in compliance to ISO 270001:2013 standards or updated version of ISO 27001:2013".

As per revised RFP

23 Page No. 17

3. Project Deliverables, Milestones & Time Schedule A. Audit Work for Command and Control Center (CCC) ; 6. Network Audit

Comprehensive report detailing overall health and design of network

May we request you to kindly share the EMS/ NMS details. Details will be provided to successful bidder


Page 6 of 18

S. No.

RFP Page No.


24 Page No. 9

3. PRE-QUALIFICATION/ ELIGIBILITY CRITERIA 1) A bidder participating in the procurement process shall possess the following minimum pre- qualification/ eligibility criteria. ; Sr. No 4 Technical Capability

The bidder must have successfully completed/ongoing at least two projects of IT Auditing each with audit fees of not less than R. 30 lakhs in any of the financial years i.e., from 2012-2013, 2013-2014, 2014-2015, 2015-2016 and 2016-2017. (Work order date shall be on or after 1st April 2012) Note: 1. Projects executed with in the agency’s own company, group of companies, Joint Venture companies shall not be considered

The empanelment for TPA project and some of major TPA SDC projects were initiated form 2011 therefore we request you to consider and add audit projects for technical capability form year 2011 onwards . i.e. 2011 -2012, 2012-2013, 2013-2014, 2014-2015, 2015-2016 and 2016-2017. Also we would like to request to consider similar projects or TPA surveillance projects for evaluation and marks for the same may be added in technical presentation.

As per revised RFP

25 Page No. 46

2) Service Level Standards/ Requirements/ Agreement (B) Manpower Availability Service Levels ; Sr. No. 1 & 2 Minimum Manpower Resources:

Senior Consultant : a. B.E./B. Tech/Masters in Computer or IT + MBA/PGDBM, 5 Years relevant experience of IT Audit/IT Infrastructure/Data Center /IT/ Systems/ Consulting /Project Management /SLA Monitoring and Mgmt. c. Should have worked and have experience of at least two years of IT audit/similar assignment as per scope of work of this RFP. Consultant : a. B.E./B. Tech/Masters in Computer or IT (Preferably MBA/PGDBM), 3 Years relevant experience of IT Audit/IT Infrastructure/Data Center /IT / Systems /Consulting /Project Management /SLA Monitoring and Mgmt. c. Should have worked and have experience of at least one year of IT audit/similar assignment as per scope of work of this RFP.

Please clarify : As per our understanding senior consultant should have minimum working experience of 5 years and out of which 2 years mandatory working experience should be in IT Audit / similar assignment ; and similarly consultant should have minimum 3 years of working experience out of which 1 year of mandatory experience should be in IT Audit / similar assignment

As per revised RFP


Page 7 of 18

S. No.

RFP Page No.


26 Page No. 46

7) SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT 2) Service Level Standards/ Requirements/ Agreement ; B. Manpower Availability Service Levels

b. At least one of the professional certification from following: - Lead Auditor for ISO 27001 -CISA - CISSP

As the listed scope for the project seems to have requirement of forensic experience too therefore we would like to suggest to add following certifications for the proposed resources : -Lead Auditor for ISO 27001 -CISA/CISSP -CEH - CHFI

As per revised RFP

27 Page No. 45

7) SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT (1) Payment Terms and Schedule ; a) Payment schedule - Payments to the bidder, after successful completion of the target milestones

………………...If the services of STQC are hired, then the payment to the TPA shall be subject to satisfactory assessment done by STQC for the TPA activities else the payment shall be made on satisfactory acceptance of deliverables by RISL/DoIT&C…………………....,.

As per our working experience with many states we have observes that due to official and other reason STQC visits for project assessment may get delayed therefore we would like to request that if the services of STQC are hired and there is delay in STQC response , 90 % of TPA payment shall be released and remaining 10 % may be released after report submission by STQC.

As per RFP

28 Page no.64

ANNEXURE-10: TECHNICAL EVALUATION ; Technical Evaluation Criteria;

Technical Presentation : 100 Understanding of Scope : 40 Detailed Approach and Methodology : 40 Work Plan for the State, staffing and schedule for audit management : 20

It has been observed that there is no marks allocated for technical capabilities for similar or TPA projects completed / in progress of the bidder therefore we would like to suggest and request that there should be marks allocated to Technical Capabilities for similar project and any other TPA project in progress of completed by the bidder. Marks ranging form similar projects to other TPA projects. Also we would like to request to add marks for TPA surveillance projects done by bidder.

As per revised RFP

29 Page No. 23

5. INSTRUCTION TO BIDDERS (ITB) ; 12) Selection Method ;

a) The selection method is Least Cost Based Selection (LCBS or L1).

As the project is technical in nature and quality is priority for such project therefore we would like to request to consider QCBS for selection of TPA.

As per RFP


Page 8 of 18

S. No.

RFP Page No.


30 General Project Period May we request you to kindly share the details of Total project period of SI and TPA.


31 Suggestion/ Request to add

All invoices and bills raised by TPA will become due for payment within 30 days of presentation. All payments are to be made by demand draft/cheque. Delayed payment will be given topmost priority for release of payment to TPA and TPA is free to take its course of action if the payment is not released within 60 days of submission of bills

As per RFP

32 Suggestion/ Request to add

1. Confidentiality- Pl add this in Clause -"Except as otherwise permitted by this Agreement, neither of the parties may disclose to third parties the contents of this Agreement or any information provided by or on behalf of the other that ought reasonably to be treated as confidential and/or proprietary. Parties may, however, disclose such confidential information to the extent that it: (a) is or becomes public other than through a breach of this Agreement, (b) is subsequently received by the receiving party from a third party who, to the receiving party’s knowledge, owes no obligation of confidentiality to the disclosing party with respect to that information, (c) was known to the receiving party at the time of disclosure or is thereafter created independently, (d) is disclosed as necessary to enforce the receiving party’s rights under this Agreement, or (e) must be disclosed under applicable law, legal process or professional regulations. These obligations shall be valid for a period of 3 years from the date of termination of this Agreement."

As per RFP


Page 9 of 18

S. No.

RFP Page No.


33 10 3 Pre-Qualification/Eligibility Criteria: Manpower Strength-II: The bidder must have at least certified 5 resources for each certification mentioned below: 1.CISA 2.CISSP 3.Lead Auditor for ISO 27001 4. Lead Auditor for ISO 20000/ ITIL

We would like to request the department for relaxing of one of the certifications for better bidding competition and request for amendments to the clause as " The bidder must have at least certified 5 resources for any 3 of the certification mentioned below: 1.CISA 2.CISSP 3.Lead Auditor for ISO 27001 4. Lead Auditor for ISO 20000/ITIL

As per RFP

34 13 5.d Security and Compliance Audit: TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001 and conduct internal audits for Security.

We would like to request for clarifications on the scope of work of TPA for internal security audits required for ISMS as per ISO 27001 guidelines. The ISMS and ISO 27001 certification of the CCC is under the scope of the selected system integrators for Command & Control Centre in all 7 Divisional HQs, so whether the TPA shall be auditing their audit procedure and methodologies of ISMS or shall be responsible for ISO 27001 audits for CCC.

As per revised RFP

35 9 3 Average Annual Turnover of the bidder from IT/ ITeS during last three financial years, i.e., from 2013-2014, 2014-2015,2015-2016 as per the last published audited balance sheets), should be at least Rs. 25 Crores and an aggregated turnover of last three financial years i.e. 2013-2014, 2014-2015, 2015-2016 should be atleast Rs. 10 Crores from IT Audit Services .

Request if the given rule be amended to the following, Average Annual Turnover of the bidder from IT/ ITeS/IT Consulting/ IT Auditing during last three financial years, i.e., from 2013-2014, 2014-2015,2015-2016 as per the last published audited balance sheets), should be at least Rs. 25 Crores and an aggregated turnover of last three financial years i.e. 2013-2014, 2014-2015, 2015-2016 should be atleast Rs. 10 Crores from IT Audit Services.

Turn over from IT Consulting / IT Auditing services shall be considered under IT/ITeS turn over.

36 11,13 4.1.A.2.d and 4.1.B.2.d TPA shall audit the consumables within the CCC such as Tape Media, Electricity, Diesel, Bandwidth cost etc.

Request you to consider droping this from the scope of TPA as assessment the list of consumables is not well defined and measuring some of the same such as diesel levels will not be feasible, unless its only log based.

As per RFP


Page 10 of 18

S. No.

RFP Page No.


37 12 4.1.A.3.a The TPA would audit the overall Physical and IT infrastructure management processes as per ISO 20000 framework including Monitoring, Maintenance and Management of the entire CCC, along with providing Helpdesk services and provide recommendations to the RISL/DoIT&C.

Please elaborate on the scope of providing Helpdesk Services. Is the TPA expected to set up a Helpdesk for his servies ?

TPA is expected to audit as per ISO 20000 framework of the Helpdesk services setup by SI.

38 12 4.1.A.4.e TPA audit would also verify the parameters of the SLA, which cannot be monitored using EMS.

Request you to please elaborate and share the list of such SLA parameters.


39 13 4.1.B.2.a TPA shall undertake audit for physical, IT infrastructure and all edge equipments for surveillance & related services maintained by SI like cameras, poles, sensors, NVR, Access Switches, Radios etc including verification of completeness of inventory and asset as per bill of material for all Divisional HQ’s

Will the of scope require audit of all edge equipment deployed in the city or this can be done on a random sampling basis from year 2 onwards ?

As per RFP

40 General Request you to consider payment against all work related travel and Out of pocket expenses to be reimbursed on actuals.

As per RFP

41 7 Section 2 - Project Profile and background information

Third Party Audit of System Integrator for CCC operations in each of the seven Divisional HQ’s under City Surveillance Project

We understand that TPA have to conduct separate audits for SI of CCC at seven Divisional HQs. Please clarify whether TPA need to prepare report separately for all seven Divisional HQs for CCC or a consolidated report need to be shared to RISL for all CCCs.

As per revised RFP

42 7 Section 2 - Project Profile and background information

Third Party Audit of System Integrator’s for FMS of Edge Equipments under City Surveillance Project

We understand that TPA also needs to conduct separate audits for each SI for FMS of edge equipments. Please clarify whether TPA need to prepare report separately for each SI for FMS of edge equipments or a consolidated report need to be shared to RISL/DoIT&C for all SIs for FMS of edge equipments.

As per revised RFP


Page 11 of 18

S. No.

RFP Page No.


43 9 PRE-QUALIFICATION/ ELIGIBILITY CRITERIA

Financial Turnover Average Annual Turnover of the bidder from IT/ ITeS during last three financial years, i.e., from 2013-2014, 2014-2015,2015-2016 as per the last published audited balance sheets), should be at least Rs. 25 Crores and an aggregated turnover of last three financial years i.e. 2013-2014, 2014-2015, 2015-2016 should be atleast Rs. 10 Crores from IT Audit Services .

Our financial statements for 2015-16 have not been published yet. Request to kindly provide relaxation for 2015-16. We suggest that annual turnover for the three years 2012-2013, 2013-2014 and 2014-2015 may be considered.

As per revised RFP

44 9 PRE-QUALIFICATION/ ELIGIBILITY CRITERIA

Financial Net Worth The net worth of the bidder, as on 31st March 2016, should be Positive.

Our financial statements for 2015-16 have not been published yet. Request to kindly modify the clause as under: The net worth of the bidder, as on 31st March 2015, should be Positive.

As per revised RFP

45 12 4. Scope of Work, Deliverables & Timelines Infrastructure Audit

TPA shall also cover obsolescence of the physical & IT infrastructure as per the policy defined by the RISL/DoIT&C/State. The audit report shall provide details of the infrastructure components that are due for obsolescence and provide recommendations for upgrade / refresh of infrastructure components and plan for disposal of obsolete infrastructure components

To conduct this activity it is required to have the policy defined by the state for obsolescence. Request you to please confirm if an obsolescence policy has been formulated and approved in state. In case of non-existence of an approved policy, we request you to remove the clause.

As per RFP

46 12 A. Audit Work for Command and Control Center (CCC)

Infrastructure Audit TPA shall be part of the committee for conducting Final Acceptance Test of the command and control center.

Kindly clarify the role and expectations of TPA in the committee

As per revised RFP

47 13 4. Scope of Work, Deliverables & Timelines Security & Compliance Audit

TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001 and conduct internal audits for Security.

Internal audit is an integral part of ISO 27001 and its normally conducted by internal teams or cross functional team of the organization. Request to modify the clause as per below: TPA shall review the internal audit report generated by RSDC ISMS team and report any significant gaps in the internal audit process.

As per revised RFP


Page 12 of 18

S. No.

RFP Page No.


48 16 3.A Project Deliverables, Milestones & Time Schedule

Security Audit Security Audit reports including but not limited to following checkpoints/controls: ……..

We request to modify the clause as per below: Security Audit reports as per the following checkpoints/controls: ……..

As per RFP

49 16 3.Project Deliverables, Milestones & Time Schedule

Generic In case of delay in commissioning/go-live of any of the CCC, what activities would be performed by TPA during the period between deployment of TPA resource and commissioning/go-live of the CCC TPA payments should not be affected due to such delay

As per RFP

50 16 3.Project Deliverables, Milestones & Time Schedule

Generic In case of delay in commissioning of O&M phase of FMS for edge equipments, what activities would be performed by TPA during the period between deployment of TPA resource and start of O&M of FMS for edge equipments. TPA payments should not be affected due to such delay

As per RFP

51 23 Evaluation & Tabulation of Technical Bids a) Determination of Responsiveness

a. A responsive Bid is one that meets the requirements of the bidding document without any material deviation, reservation, or omission where: -

Whether changes if any suggested by the bidder in the legal terms will be considered as a non-response bid.

As per RFP

52 28 Performance Security Forfeiture of Security Deposit: Security amount in full or part may be forfeited, including interest, if any, in the following cases:- a. When any terms and condition of the contract is breached.

We request to modify the clause as per below: RISL shall have the right to forfeit the security deposit if bidder fails to cure the breach within 30 days from the date of receipt of written notification from the client. <mention the name of client here> will forfeit the security deposit equal to the amount suffered by the client due to breach attributable to the bidder.

As per RFP

53 34 Section 6 GENERAL TERMS AND CONDITIONS OF TENDER & CONTRACT

i) “Related Services” means the services incidental to the supply of the goods, such as insurance, installation, training and initial maintenance and other similar obligations of the successful/ selected bidder under the Contract.

As TPA is providing only services, the clause may be modified accordingly

As per RFP


Page 13 of 18

S. No.

RFP Page No.



Rejection a) The manpower deputed by the supplier shall be reviewed by the purchaser in terms of its qualifications, experience, efficiency, cooperation, discipline and performance and services. The purchaser, upon finding any deficiency in any of the parameter, may reject any of the manpower by giving 15 days’ time, as decided by the purchaser, which the selected bidder has to replace within the given time frame.

Request you to modify the clause as below: a) The manpower deputed by the supplier shall be reviewed by the purchaser in terms of its qualifications, experience, efficiency, cooperation, discipline and performance and services. The purchaser, upon finding any deficiency in any of the parameter, may reject any of the manpower by giving 45 days’ time, as decided by the purchaser, which the selected bidder has to replace within the given time frame.

As per RFP


Rejection b) If, however, due to exigencies of CCC work, such replacement either in whole or in part, is not considered feasible, the Purchaser Officer after giving an opportunity to the selected bidder of being heard shall for reasons to be recorded, deduct penalty equals to twice the amount as mentioned in column number “5” of the table ”Minimum Manpower Resources” given under clause 2- B i.e “Manpower availability service levels” of chapter 7: “SPECIAL TERMS AND CONDITIONS OF CONTRACT” from the quarterly payment. The deduction so made shall be final.

We understand that the bidder shall not be responsible if the purchaser consider it not feasible to replace the resource due to the fact that selection of manpower is post receipt of approval from the bidder.

As per RFP

56 40 Limitation of Liability Generic We request to add the following clause: Bidder will not be liable for losses arising out of the client’s use of deliverables or its advice for any purpose

As per RFP

57 41 23) Termination d. If the supplier/ selected bidder commits breach of any condition of the contract.

We suggest that the clause may be modified as under: d. If the supplier/ selected bidder commits breach of any condition of the contract which cannot be remedied within 30 days from the date of written intimation by the purchaser to the bidder.

As per RFP


Page 14 of 18

S. No.

RFP Page No.


58 44 25. Settlement of Disputes

a) The Arbitration and Conciliation Act 1996, the rules there under and any statutory modification or re-enactment’s thereof, shall apply to the arbitration proceedings. The Tendering authority may terminate this contract, by giving a written notice of termination of minimum 30 days, to the Implementation Agency , if the successful bidder fails to comply with any decision reached consequent upon arbitration proceedings.

Kindly clarity the term “Implementation Agency” As per revised RFP

59 45 7. Special terms and conditions of Tender and Contract

STQC may be hired to assess the processes and practices adopted by the TPA in the State at an interval of 6 Months to ensure that various required & proposed audit parameters & frameworks are being adhered, regularly monitored and are satisfactory. If the services of STQC are hired, then the payment to the TPA shall be subject to satisfactory assessment done by STQC for the TPA activities else the payment shall be made on satisfactory acceptance of deliverables by RISL/DoIT&C. A pre-receipted bill in triplicate (for the audit and independent monitoring) shall be submitted as per the following schedule:

Request you to please specify the criteria’s that would be considered for "Satisfactory acceptance of deliverables by RISL/DoIT&C

As per RFP


Page 15 of 18

S. No.

RFP Page No.



STQC may be hired to assess the processes and practices adopted by the TPA in the State at an interval of 6 Months to ensure that various required & proposed audit parameters & frameworks are being adhered, regularly monitored and are satisfactory. If the services of STQC are hired, then the payment to the TPA shall be subject to satisfactory assessment done by STQC for the TPA activities else the payment shall be made on satisfactory acceptance of deliverables by RISL/DoIT&C. A pre-receipted bill in triplicate (for the audit and independent monitoring) shall be submitted as per the following schedule:

Since TPA payment is to be made on quarterly basis, request you to change audit interval of STQC to quarterly, in case STQC is hired. Further, any delay in STQC audit should not have an impact on TPA payment. We suggest that TPA payment should not be linked with engagement and audit of STQC.

As per RFP


A. Performance Based Service Level Penalty End of Each Quarter upon satisfactory acceptance of deliverables by the RISL/DoIT&C

Request you to please specify the criteria’s that would be considered for Satisfactory acceptance of deliverables by RISL/DoIT&C

As per RFP


d) Due payments shall be made promptly by the purchaser, generally within sixty (60) days after submission of an invoice or request for payment by the supplier/ selected bidder, and the purchaser has accepted it.

We suggest that the clause may be modified as under: d) Due payments shall be made promptly by the purchaser, generally within thirty (30) days after submission of an invoice or request for payment by the supplier/ selected bidder, and the purchaser has accepted it.

As per RFP


Manpower Availability Service Levels Min. Qualification, Relevant Experience & Certification Sr. No.2 Consultant At least one of the professional certification from following: .Lead Auditor for ISO 27001 .CISA

Since the scope of work requires the verification based on ISO 20000 and ITIL practices, may we request you to please add following to list of professional certification:- ITIL, ISO 20000 and CISM Request you to modify the said clause as per below: At least one of the professional certification from following:- Lead Auditor for ISO 27001 CISA

As per revised RFP


Page 16 of 18

S. No.

RFP Page No.


.CISSP CISSP ITIL ISO 20000 CISM


Minimum Manpower Resources: Penalty on non-availability of resource per day.

Role of TPA is to conduct independent and periodic audits of CCC, and submit deliverables to SIA. Non availability of TPA does not have any major impact on services and availability of CCC, hence we request Penalty for non-availability of resource per day to be reduced to 2000/- per day for Senior consultant and Rs. 1000/- per day for consultant.

As per RFP


Minimum Manpower Resources: Min. Qualification, Relevant Experience & Certification Sr. No.1 Senior Consultant B.E/B.Tech./Masters in Computer or IT + MBA/PGDBM, 5 years…..

We request qualification of senior consultant to be revised as follows: B.E/B.Tech./Masters in Computer or IT + (Preferably MBA/PGDBM), 5 years... MBA should not be a mandate for this role, as this is not a management but more of auditor profile.

As per revised RFP


Manpower Change We request to remove penalty clause in case a resource request for movement / replacement on health or family grounds in addition to resource resigning from the organization.

As per RFP


Penalty Capping Total Penalties defined in (A):” Performance based Service Level” and (B):” Manpower Availability Service levels” shall not be higher than 10% of annual fee to be paid to Third party Auditor in a quarter.

The maximum penalty limited set for total penalty to be imposed on bidder is extremely high for this kind of project. We suggest to limit the total penalty for a quarter to maximum of 10% of the quarterly fee payable to the bidder.

As per RFP


Page 17 of 18

S. No.

RFP Page No.


68 60 ANNEXURE-7: DRAFT AGREEMENT FORMAT {to be mutually signed by selected bidder and procuring entity}

4. The timelines for the prescribed Scope of Work, requirement of services and deployment of technical resources shall be effected from the date of work order i.e. ____________ and completed by supplier within the period as specified in the RFP document.

As deployment of resources takes time owing to transition from existing deployment, we suggest that the selected bidder should be given 60 days time from issue of work order for deployment of resources

As per RFP

69 61 18) Extension in delivery period and Liquidated Damages (LD)

Generic Most of the points under this section refer to delivery of Goods, Installation or commissioning activities. Whereas the given scope of TPA doesn't include any of these activities / services. Kindly consider removing this section, as this is not relevant to the nature of services defined under this RFP.

As per RFP

70 9 of 68 2. Eligibility Criteria: Financial Turnover

Average Annual Turnover of the bidder from IT/ ITeS during last three financial years, i.e., from 2013-2014, 2014-2015,2015-2016 as per the last published audited balance sheets), should be at least Rs. 25 Crores.

As per standard practice 1.5 times of procurement cost is set as minimum average annual turnover. It is suggested that the Average Annual Turnover may be relaxed up to 7.5 crores for last three years.

As per revised RFP


Aggregated turnover of last three financial years i.e. 2013-2014, 2014-2015, 2015-2016 should be at least Rs. 10 Crores from IT Audit Services.

The conditions may be amended as "Aggregated turnover of last three financial years i.e. 2013-2014, 2014-2015, 2015-2016 should be at least Rs. 10 Crores from IT/IT related works."

As per revised RFP


The bidder must have successfully completed/ongoing at least two projects of IT Auditing each with audit fees of not less than Rs. 30 lakhs in any of the financial years i.e., from 2012-2013, 2013-2014, 2014-2015, 2015-2016 and 2016-2017.

RITES being a Consultancy Organization has provide PMC services in IT & ITeS field. Activities related to TPA is subset in PMC job in which no separate certificate for Audit is provided. It is suggested to amend the condition as "The bidder must have successfully completed/ongoing at least two projects of IT Auditing or PMC in IT/ITeS field each with fees of not less than Rs. 30 lakhs in any of the financial years i.e., from 2012-2013, 2013-2014, 2014-2015, 2015-2016 and 2016-2017."

As per revised RFP


Page 18 of 18

S. No.

RFP Page No.


73 10 of 68 Eligibility Criteria: Manpower Strength-I

The bidder must have at least 50 full time technically qualified personnel on its payroll in the area of Information technology specifically in the areas of IT Audit/Data Center Audit/IT Infrastructure SLA Audit & Monitoring for IT related projects including IT Infrastructure, IT Security etc. as on date of bid submission.

Looking into the minimum required Man-Power at page 46 of 68, it is suggested to amend the condition as "The bidder must have at least 7 full time technically qualified personnel on its payroll in the area of Information technology specifically in the areas of IT Audit/Data Center Audit/IT Infrastructure SLA Audit & Monitoring for IT related projects including IT Infrastructure, IT Security etc. as on date of bid submission."

As per RFP

74 10 to 68 Eligibility Criteria: Manpower Strength-I

"Technically Qualified" Please provide technical qualification As per RFP

75 10 to 68 Eligibility Criteria: Manpower Strength-I & II

50 full time technically qualified personnel on Payroll and 5 resources for each certification

Can these personnel be outsourced ? As per RFP

76 10 of 68 Eligibility Criteria: Manpower Strength-II

The bidder must have at least certified 5 resources for each certification mentioned below: 1. CISA 2. CISSP 3. Lead Auditor for ISO 27001 4. Lead Auditor for ISO 20000/ ITIL

Looking into the minimum required Man-Power at page 46 of 68, it is suggested to amend the condition as "The bidder must have at least certified 7 resources in any of the following certification mentioned below: 1. CISA 2. CISSP 3. Lead Auditor for ISO 27001 4. Lead Auditor for ISO 20000/ ITIL “

As per RFP

Documents

S. RFP RFP Rule No. Rule Details Query/Suggestion/Clarification … · 2017-03-18 · Replies to the Pre-Bid Queries for Selection of Third Party Auditor (TPA) for ity Surveillance