E - Tender

For

IS-Audit

Tender Reference No: IT/EXIM/RFP/2016-17/033

Ph: 022-22172410

E-Mail: dharmendra@eximbankindia.in

At

Export-Import Bank of India

WTC, 21st floor, Centre One Building, Cuffe Parade, Mumbai

400 005.

INDEX

Contents 1.BID Schedule and Address......................................................................................................................3

2.QUOTATION BID NOTICE..........................................................................................................................5

3.NOTICE INVITING TENDER .......................................................................................................................6

4. Mandatory Information ...........................................................................................................................7

5. TENDER FORM ............................................................................................................................................8

6. E-Tendering Process Compliance Statement .................................................................................9

7. Eligibility Criteria .................................................................................................................................... 10

8. Scope of Work....................................................................................................................................... 11

Pre-requisite .............................................................................................................................................. 11

Scope ........................................................................................................................................................... 11

Two Stage Bidding Process: ................................................................................................................ 13

Payment Terms ........................................................................................................................................ 13

9. General Information to Bidders ........................................................................................................ 14

10. OPENING OF TENDER ......................................................................................................................... 15

11. DOCUMENTS REQUIRED TO BE ATTACHED WITH THE TECHNICAL BID: ......................... 16

Annexure A Bid Offer Form (without Price) .................................................................................... 17

OFFER LETTER .......................................................................................................................................... 17

Annexure B Eligibility Criteria (Technical Bid) ............................................................................... 19

Annexure C Commercial Bid Format : ............................................................................................ 21

Annexure D Bidder’s Experience ......................................................................................................... 22

Annexure E - Client Details .................................................................................................................. 23

Annexure F - Confidentiality & Non-Disclosure Agreement ...................................................... 24

1.BID Schedule and Address

INTRODUCTION

Export-Import Bank of India (Exim Bank) was set up for the purpose of financing,

facilitating and promoting foreign trade in India. It is the principal financial institution in

the country for coordinating working of institutions engaged in financing exports and

imports. Exim Bank completed 34 years of operations in March 2016. Set up by an Act of

Parliament in September 1981, the Bank commenced operations in March 1982 and is

wholly owned by the Government of India. Over the last 10 years, Exim Bank has taken

several initiatives to help Indian Companies globalize their operations. Exim Bank’s

current vision is to develop commercially viable relationships with a target set of

externally oriented companies by offering them a comprehensive range of products and

services aimed at enhancing their internationalization efforts. Exim Bank has been

pursuing its mission of enhancing Indian competitiveness by adopting a strategy that

addresses the needs of Indian exporters through advisory services and research. Finance

is increasingly supplemented with export-related services. Financing programmes are

supplemented with advisory services based on Exim Bank’s extensive access to business

information worldwide and are backed by research and analysis. The Eximius Centre for

learning with state-of-the-art facilities offers focused programmes to support institution-

building efforts of companies. For further information, visit our web-site

www.eximbankindia.in

Sr. No.

Description Detailed Information

1 Name of Project General IS Audit (As per ISMS 27001)

2 Tender Document Cost ` 3000/-

3 Last Date for acceptance of Tender Document Fee

20-Jan-2017 - 05:00 Pm.

4 EMD Amount Not Applicable

5 Date of Online Notice 10-Jan-2017 - 05:00 Pm.

6 Document Downloading start Date 10-Jan-2017 - 05:30 Pm.

7 Document Downloading END Date 24-Jan-2017 - 03:00 Pm.

8 Tender Reference Number IT/EXIM/RFP/2016-17/033

9 Last date and time for Bid

Submission 25-Jan-2017 4:00 PM

10 Date and Time of Technical Bid Opening

25-Jan-2017 5:00 PM

11 Date and Time of Commercial Bid Opening

25-Jan-2017 5:00 PM

12 Place for Technical / commercial Bid Opening

Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai 400 005.

13 Name and Address for communication

Mr. Dharmendra Sachan Dy General Manager-IT Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai 400 005.

PLACE OF RECEIPT OF TENDER :https://eximbankindiatenders.procuretiger.com

e-Tendering / Electronic Tendering / Web Tendering / Online Tendering is the simulation of the manual tendering process on the internet. i.e., The eligible bidders / contractors can log on to the internet site specified using unique user name & password and place their Technical & Commercial bids. The eligible bidders will be trained by M/s. ABC Procures Technologies Ltd. personnel on the methodology of submitting the bids online using a special digital signature/electronic key / password at the date and time specified. The bids placed by the contractors are confidential and will be opened by the authorized EXIM Bank officials. No other person can gain access to the information regarding the bids, which is confidential in nature.

Closed online bid: The bidders are requested to note that the submission shall be done only online, can be downloaded only after the tender fees are paid to Exim Bank. The bidders are requested to feed the required information for technical bid and the bidders who are eligible shall upload individual item rates online during the stipulated timeframe.

Minimum requirement: 1. Computer/Laptop with internet connection2. Operating system – Windows XP Service pack -3 / VISTA/ WINDOWS 73. Digital certificate -Class II or III, Singing + Encryption, and it should be organizationalcertificate.

2.QUOTATION BID NOTICE

The quotation bid is invited for General IS Audit of EXIM Banks’s IT Infrastructure At

Export-Import Bank of India WTC, 21st floor, Centre One Building, Cuffe Parade, Mumbai

400 005..

CONTACT INFORMATION FOR E-TENDER PROCESS

Vendor registration can be done online by opening Website:

https://eximbankindiatenders.procuretiger.com

Click on “New Bidder Registration” link, create User Id and Password and attach your

Digital certificate.

For any clarification kindly contact.

e-Procurement Technologies Limited

A- 801 – Wall Street - II,

Opposite Orient Club,

Nr. Gujarat College, Ellis Bridge,

Ahmedabad – 380 006.

Gujarat State, India

Phone: +91 (79) 41072510/12/13/14/15/16/17/18/19/20/21

Fax: +91 (79) 40230847

3. NOTICE INVITING TENDER

Export-Import Bank of India (EXIM BANK) invites e-tender in two bid system from the

reputed and experienced firm for “IS-Audit for EXIM Bank’s IT-Infrastructure”

1. The e-tender document will be available on Exim Bank’s website

www.eximbankindia.in/tenders

2. The tender documents should be submitted on or before 4.00 p.m. on 25/01/2017 on

the given website for e-tendering (https://eximbankindiatenders.procuretiger.com) and

will be evaluated on the techno-commercial basis.

4. Exim Bank reserves the right to cancel the tender.

5. The acceptance of a e-tender by EXIM BANK, which does not bind itself to accept the

lowest tender and EXIM BANK reserves itself the authority to reject any or all of the

tenders. All tenders in whom any of the prescribed conditions are not fulfilled or are

incomplete in any respects are liable to be rejected.

6. Canvassing in any form in connection with e-tender is strictly prohibited and the

tenders submitted by the contractors who resort to canvassing will be liable to

rejection.

7. All rates should be quoted on the proper form in the e-tender as provided.

8. On acceptance of the e-tender, the name of the accredited representative (s) of the

contractor who would be responsible as an authorized signatory, for taking instructions

from EXIM BANK shall be communicated to EXIM BANK.

9. The tender shall be valid for 3 months from the date of opening of tenders.

10. It will be obligatory on the part of the tenderer to sign the e-tender documents on

each page.

4. Mandatory Information

Required for Prequalification of the Tenderer

Sr. No.

Particulars Details

1. * Name of the Company

2. * Name of the Proprietor, Partners/Directors

3. Office Telephone Nos.

4. * Address

5. Email Address

6. * Year of Establishment

7. Registration No. Date of Registration

8. Status Of Firm. (Proprietor/Partnership/Co. etc.)

9. Name of Bankers

10. * PAN Card No.

11. Sales Tax No.

12. VAT No.

13. * Service Tax No.

I/We confirm that to the best of our knowledge this information is authentic and accept that any deliberate concealment will amount to disqualification at any stage. Seal and Signature of the Bidder/s not required since the document is Digitally Signed.

Date: Place:

Note: Please upload scanned copies of the above mentioned documents with sr. nos. marked(*) on it.

5. TENDER FORM

To, Dharmendra Sachan, Deputy General Manager Export Import Bank of India Center One Building, Floor 21 World Trade Centre Complex (WTC) Cuffe Parade, Mumbai-400 005.

Dear Sir,

Ref: IS Audit in Exim Bank, Cuffe Parade, Mumbai.

E-tender Ref No: IT/EXIM/RFP/2016-17/033

Having examined the tender details, terms and conditions, prepared by you, I/we hereby offer to execute the above works at the respective rates, which I/we have quoted for the items in the Schedule of Quantities as per your terms & conditions mentioned in the tender.

In the event of this tender being accepted, I/we agree to enter into and execute the necessary contract required by you. I/we agree to pay all applicable taxes prevailing and be levied from time to time on such items for which the same are leviable.

I/we understand that you are not bound to accept the lowest tender or bound to assign any reasons for rejecting our tender. We unconditionally agree Exim Bank’s preconditions a stipulated in the tender documents. I/We agree that in case of my/our failure to execute work in accordance with the Scope of Work provided, Exim Bank reserves the right to terminate my. Further, I may also be barred from e-tendering in future for the Exim Bank .

I/we agree to keep our tender open for 90 days from the date of opening.

Yours truly,

Place: Name:

Date: Designation:

Seal:

6. E-Tendering Process Compliance Statement

The following terms and conditions are deemed as accepted by you for participation in the bid event:

1. The price once submitted cannot be changed.

2. Technical and other non-commercial queries (not impacting price) can be routed tothe respective contact personnel of EXIM Bank indicated in the tender document. Bidding process related queries could be addressed to M/s e Procurement Technologies Ltd personnel indicated in the tender document.

3. Inability to bid due to telephone line glitch, Internet response issues, software orhardware hangs will not be the responsibility of M/s e-Procurement Technologies Ltd or the EXIM Bank. However M/s e-Procurement Technologies Ltd, shall make every effort to ensure availability of technology resources to enable continuous bidding.

4. M/s e-Procurement Technologies Ltd does not take responsibility beyond the bidevent. Order finalization and post order activities would be transacted directly between bidder and the EXIM bank.

5. Bids once made cannot be withdrawn or modified under any circumstances.

6. EXIM Bank can decide to extend or reschedule or cancel an e-tendering.

7. The bidders are advised to visit https://eximbankindiatenders.procuretiger.com forany corrigendum etc., I / We have read, understood and agree to abide by the eTendering process compliance Statement.

Date

Organization

Name Designation :

Seal and Signature of the Bidder/s not required since the document is Digitally Signed.

7. Eligibility Criteria

The invitation to bid is open to all Bidders who qualify the Eligibility Criteria as given

below, Failure to provide the desired information and documents may lead to

disqualification of the Bidder.

1. The Bidder should be an Information Security audit firm and Cert-In Empanelled.

Proof is required for CERT-In empanelment.

2. The bidder should have conducted IS-Audit in Data Centers of at least 2 banking

or financial institutions (Please attach documentary evidence like work order,

evidencing for having completed the assignment in last 3 years.)

3. Audit should be carried out by CERT-In empanelled audit firm by persons having

CISA/ CISSP / CISM/ ISO27001 qualifications with at least five years of IS audit

experience. The Core Audit Team proposed by the Service Provider should be

employers on the rolls of the Service Provider. No part of the engagement shall

be outsourced by the selected Service Provider to third party vendor.

4. The firm should submit Non-Disclosure Agreement.

5. All the above Eligibility criteria are mandatory. Exim Bank has the right to

Technically disqualify any bidder, if they are not meeting the above requirement.

8. Scope of Work

EXIM BANK invites e-tender from eligible bidders for I S A u d i t . The criteria and the

actual process of evaluation of the responses to this e-tender and subsequent selection

of the successful bidder will be entirely at Bank’s discretion.

Pre-requisite

The Bidder should possess the requisite experience, resources and capabilities in

providing the services necessary to meet the requirements, as described in the

tender document hereof. The Bidder should have impeccable reputation and good will,

based on consistent delivery of professional services with the highest technical and

ethical standard. Bidders not meeting the Eligibility Criteria will not be considered

for further evaluation.

Scope

1. Place of IS Audit (Centralized from Head Office, Mumbai): IS audit of Head office and

regional offices (9 locations) will be carried out from Head-Office, Mumbai.

Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai 400 005.

2. IT-Infra in Scope:

Device Type Quantity Platforms

Servers 37 Windows, Aix

Database 20 Oracle, SQL Server, MySQL

Desktops 416 Windows

Applications 03 IIS / Active Directory

Network Devices 34 NA

Security Devices 19 NA

Data Centre 02 Head Office (Primary DC) and DR Site Hyderabad

Please note that the Application & Database servers are counted in

both sections Servers section & Database/Applications section.

1. Bidder should provide the following document:-

1. Approach and Project Schedule (Mandatory)

2. Methodology

3. Deliverables (Security Assessment Report etc.)

a. Management Summary with overall severity graph.b. Separate reports for IS-Audit (Head-Office and Regional Office)

confirming with IS policies.

c. Detailed results for vulnerabilities discovered, exploited vulnerabilities

and proof of concepts/screenshots.

d. Detailed explanations of the implications of findings, business impacts,

and risks for each of the identified exposures.

e. Remediation recommendations to the gaps identified.

f. Detailed steps (wherever applicable) to be followed while mitigating thereported

g. Vulnerabilities Report would be delivered in a password

protected Adobe Acrobat (PDF) document format.

4. Roles and Responsibilities of bidders would be as follows as below but not

limited to:-

1. IS audit against Bank’s approved IS policies.

2. Attempting to guess passwords using password-cracking tools.

3. Attempting penetration through perceivable network

equipment/addressing and other vulnerabilities.

4. Check if any Vulnerability exists in the Servers, Desktops, Database,

Applications, Network and Security devices in scope without disturbing

operations.

5. Sniffing Data or information.

6. To check whether there is any vulnerability present in all IT assets in

scope.

7. Vulnerabilities of unnecessary utilities residing on Application server.

8. Effectiveness of Tools being used for monitoring systems and

network against intrusions and attacks.

9. If any cases of unauthorized access through hacking, denial of

service due to technological failure is possible.

10. Any other items relevant in the case of security.

11. The assessment should include following sections for testing:-

a. Trusted & DMZ Zone

b. Remote Access

c. Network Security Assessment

d. Network Security Components

e. Network Operational Readiness

12. One or more full-time Security Consultant(s) as required for delivery of

the services.

13. Expertise from Security Consultants for the purposes of review and

quality assurance.

14. Consultant(s) coordinate access to the required project materials and

personnel.

15. Respond schedule update regarding the project.

16. Provide documents / diagrams detailing the project information in a

timely manner.

17. Compliance Audit after 1 month of submission of Audit reports.

18. Creation / Updation of Secure Configuration document, as per Scope of

Work.

Two Stage Bidding Process:

1. For the purpose of selection of the Service Provider, a two-stage bidding

process will be followed.

2. The bidders will submit their bids as “Technical Bid‟ and “Commercial Bid‟

respectively. The “Technical Bid‟ will contain exhaustive and comprehensive

details, IS Audit approach documents etc.

3. The “Commercial Bid‟ will contain only the pricing information.

4. In the first stage, only the “Technical Bids‟ will be opened and evaluated.

Those bidders whose technical bids satisfy the RFP eligibility criteria and

terms and conditions as determined by EXIM BANK shall only be short-listed

for commercial bid evaluation.

5. Under the second stage, the Commercial Bids of bidders who have been short-

listed as stated in para 4 above, will be taken up for opening.

6. Kindly note that the EXIM BANK’s decision in the selection process will be

final and, further, EXIM BANK reserves the right to proceed with or cancel the

bid processing at any stage of the bid -processing, if it considers such a

cancellation is necessary.

Payment Terms

1. The Payment Terms shall be as follows and subject to the deliverables.

2. 100% payment shall be paid on delivery of IS-Audit,

3. Bidders have to make their own arrangement for their travel and stay at the

above said locations during the assessment at their own cost.

9. General Information to Bidders

(a) E-Tender(s) which does not comply with this instruction shall be summarily rejected.

(b) All credentials, documents and copies of certificate/information called for would be

submitted with the e-tender format.

(c) Necessary clarification if any required by EXIM BANK shall be furnished by the

tenderer through e-mail within the time given by EXIM BANK for the same. EXIM BANK is

at liberty to verify any or all documents Submitted by the tenderer, even by referring to

third parties.

(d) It should be clearly understood by the tenderer that no further opportunity shall be

given to them to modify or withdraw any stipulation at any stages of the contract.

(e) The e-tender form shall be filled clearly, neatly and accurately. Any wrong

information/ mistakes will render the e-tender invalid. Alteration neatly carried out and

attested over the full signature of tenderer, however, is permitted.

Important:

The Professional fees should include travelling, boarding and lodging and all

incidental costs. The fees quoted should be all inclusive cost.

Please state the number of man-days required for completion of the General IS Audit

(a)Information about Tenderer:- The tenderer must furnish full, precise and accurate

details in respects of information asked for.

(b) Signing of Tenders:-

(i) The tenderer should have digital signature on his/their firm name. Digitally signing

the e-tender shall state in what capacity he is or they are signing the tender e.g. as sole

proprietor to a firm or a Secretary /Manager/Managing Director, etc. of a limited

company.

10. OPENING OF TENDER

The e-tender will be opened in EXIM BANK, 21st floor, WTC, Mumbai at the time and on

the date indicated above. The tenderer will be at liberty to be present either in person or

through an authorized representative at the time of opening of the tenders.

The financial bid of only those tenderer will be opened whose technical bids are found to

be acceptable

11. DOCUMENTS REQUIRED TO BE ATTACHED WITH THETECHNICAL BID:

A) Self attested copies of the following documents are to be annexed:-

Document-I CERT-In Empanelled letter for current year.

Document-II Income Tax Pan No. of Firm.

Document-III Attested copies of partnership deed/copy of Memorandum and articles of

association, as the case may be.

Document-IV Name and address of all partners/Directors/proprietors as the case may

be.

Document-V Attested copies of Experience letter/Registration certificate of

consultantsworking on assignment.

Document-VI All other Document mentioned in Tender, e-Tender documents its

annexure, schedules.

Document – VII The Bidder should sign and stamp each page of e-tender document for

acceptance of all terms and conditions and the same should be enclosed in the technical

bid.

Document-VII Documentary evidence of Work Order for at least 2 Banks or Financial

Institutes in last 3 years.

Annexure A Bid Offer Form (without Price)

(Bidder’s Letter Head)

OFFER LETTER

Date:

To:

The Dy General Manager Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai 400 005. Dear Sir,

Subject: Regarding E-Tender No. IT/EXIM/ RFP/2016/17/33: dated 10th Jan 2017 for

“IS-Audit”

We have examined the above referred e-Tender document. As per the terms and

conditions specified in the e-Tender document, and in accordance with the schedule

of prices indicated in the commercial bid and made part of this offer.

We acknowledge having received the following addenda / corrigenda to the e-Tender document.

Addendum No. / Corrigendum No. Dated

While submitting this bid, we certify that:

1. Prices have been quoted in INR.

2. The prices in the bid have not been disclosed and will not be disclosed to any

other bidder of this e-Tender.

3. We have not induced nor attempted to induce any other bidder to submit or not

submit a bid for restricting competition.

4. We agree that the rates / quotes, terms and conditions furnished in this tenderare for EXIM BANK.

If our offer is accepted, we undertake, to start the assignment under the scope

immediately after receipt of your order. We also note that EXIM BANK reserves the

right to cancel the order and order cancellation clause as per terms and condition

would be applicable.

We agree to abide by this offer till 180 days from the last date stipulated by EXIM BANK

for submission of bid, and our offer shall remain binding upon us and may be accepted

by EXIM BANK any time before the expiry of that period.

Until a formal contract is prepared and executed with the selected bidder, this offer

will be binding on us. We also certify that the information/data/particulars furnished in

our bid are factually correct. We also accept that in the event of any information /

data / particulars are found to be incorrect, EXIM BANK will have the right to disqualify

/blacklist us and forfeit bid security.

We undertake to comply with the terms and conditions of the bid document. We

understand that EXIM BANK may reject any or all of the offers without assigning any

reason whatsoever.

Yours sincerely,

Authorized Signature [In full and initials]:

Name and Title of Signatory:

Name of Company/Firm: Address

Annexure B Eligibility Criteria (Technical Bid)

S.NO. MINIMUM ELIGIBILITY

CRITERIA

RESPONSE OF THE BIDDER DOCUMENTS

ATTACHED

1*. The Bidder should

be an Information

Security consulting

firm and

empanelled vendor

of Cert-In.

YES/NO

5 Marks

Please attach document

2*. The bidder should

have conducted I S

A u d i t of Data

Centers of at least

2 banking or

financial institutions

(Please attach

documentary

evidence like work

order, evidencing

for having

completed the

assignment.)

YES/NO 10 marks Please attach documentary evidence like work order evidencing the completion of the assignment.

Name of assignment

Place Approx order value

3*. The consultants

conducting the IS

Audit, should be a

Certified

professional. And

must have minimum

of 5 years in

Information Security

Field.

YES/NO 15 marks

Please attach their current certificate and experience letters.

4. Number of IS-Audit’s

executed by Firm in

FY 2013-14,2014-15

5 to <= 10 =10

Marks

11 to <20= 20

20 to <40 = 30

>40=40

Maximum 40 Marks Declaration Letter is required.

5 Number of CISA

,CISM,CISSP, ISO

27001 Certified

Resources

<5 = 10 Marks

5 to 10 = 15 Marks

11 to 20 = 20 Marks

>20= 30 Marks

Maximum 30 Marks Declaration Letter is required.

60 Marks required for Technical Qualification.

Please note bidders who fulfil the above criteria are only allowed.

Signature: .Name: -

Designation:- Date: _, Place

Annexure C Commercial Bid Format (Fill Online Only):

S. No. Device Type Quantity Platforms Total Price

1 Servers 37 Windows, AIX

2 Database 20 Oracle, SQL

Server, MSQL

3 Desktops 416 Windows

4 Applications 03 IIS /

ActiveDir

e

ddddDir

Directory

5 Network Devices

25 NA

6 Security Devices

34 NA

7 Data Centers 2 HO & DR

Total Price

Annexure D Bidder’s Experience

A - Bidder’s Organization

[Provide here a brief description of the background and organization of your

firm/company. The brief description should include ownership details, date and place

of incorporation of the company/firm, objectives of the company/firm etc.

B - Bidder’s Experience

[Using the format below for each Project for which your company/firm was legally

contracted for IS Audit.

S. No. Particulars Details

1. Name of the Project

2. Approximate cost of contract/Project cost

3. Bank/FI Name

4. Duration of Project (months)

Note: Please provide documentary evidence from the client wherever

applicable. This Annexure has to fill separately for each of the subcontractors.

Signature: .

Name:

Designation:

Date: _, Place

Annexure E - Client Details

Provide details the client details wherever available:

S. No. Name of

Institution Contact Person

Name and

Designation

Contact

Details with e-

mail

Preferable

time to

contact

Signature: .

Name: -

Designation:

Date: _, Place

Date: _, Place

Annexure F - Confidentiality & Non-Disclosure Agreement *

Stamped for Rs. 100

To be executed by successful bidder post issue of Purchase Order by Exim Bank.

This agreement is made on this the----- day of --------, 2017 between

Export-Import Bank of India (EXIM BANK) a company incorporated in India under the

provisions of The Companies Act, 1956 (Section 25) and having its registered office at

Floor 21 , World Trade Center, Cuffe Parade,Mumbai-400 005 (Hereinafter referred to

as “EXIM BANK”) which expression shall mean and include unless repugnant to the

context, its successors and permitted assigns);

AND

(Name of Information Security Consulting firm) and having its registered office at which expression shall mean and include unless repugnant to the context, its successors and permitted assigns).

WHEREAS: EXIM BANK had floated a Request for Proposal for IS Aud i t of their Information

system & IT infrastructure and whereas

(Name of Information Security Consulting firm)

has been, through an RFP process, selected as the successful Bidder and has been

awarded this work.

During the course of I S - A u d i t (Name of Information

Security Consulting firm) and EXIM BANK may disclose to each other certain information

which may be proprietary and/or of confidential nature.

NOW THEREFORE

In consideration of the mutual protection of Information herein by the parties hereto and

such additional promises and understandings as are hereinafter set forth, the parties

agree as follows:

1. For purposes of this Agreement, "Confidential Information" means, with respect to

either party, any and all information in written, representational, electronic, verbal

or other form relating directly or indirectly to the present or potential business,

operation or financial condition of or relating to the disclosing party (including,

but not limited to, information identified as being proprietary and/or confidential

or pertaining to, pricing, marketing plans or strategy, volumes, services

rendered, customers and suppliers lists, financial or technical or service matters

or data, employee/agent/ consultant/officer/director related personal or sensitive

data and any information which might reasonably be presumed to be proprietary

or confidential in nature) excluding any such information which (i) is known to the

public (through no act or omission of the receiving party in violation of this

Agreement); (ii) is lawfully acquired by the receiving party from an independent

source having no obligation to maintain the confidentiality of such information;

(iii) was known to the receiving party

prior to its disclosure under this Agreement; (iv) was or is independently developed

by the receiving party without breach of this Agreement; or (v) is required to be

disclosed by governmental or judicial order, in which case the party so required

shall give the other party prompt written notice, where possible, and use

reasonable efforts to ensure that such disclosure is accorded confidential

treatment and also to enable such other party to seek a protective order or other

appropriate remedy at such other party's sole costs.

2. This Agreement does not obligate either party to disclose any particular

proprietary information; to purchase, sell, license, transfer, or otherwise dispose

of any technology, services, or products; or to enter into any other form of

business, contract or arrangement. Furthermore, nothing contained hereunder

shall be construed as creating, conveying, transferring, granting or conferring

by one party on the other party any rights, license or authority in or to the

information provided.

3. Each party agrees and undertakes that it shall not, without first obtaining the

written consent of the other, disclose or make available to any person, reproduce

or transmit in any manner, or use (directly or indirectly) for its own benefit or

the benefit of others, any Confidential Information save and except both parties

may disclose any Confidential Information to their Affiliates, directors, officers,

employees or advisors of their own or of Affiliates on a "need to know" basis to

enable them to evaluate such Confidential Information in connection with the

negotiation of the possible business relationship; provided that such persons have

been informed of, and agree to be bound by obligations which are at least as strict

as the recipient’s obligations hereunder. For the purpose of this Agreement,

Affiliates shall mean, with respect to any party, any other person directly or

indirectly Controlling, Controlled by, or under direct or indirect common Control

with, such party. "Control", "Controlled" or "Controlling" shall mean, with respect

to any person, any circumstance in which such person is controlled by another

person by virtue of the latter person controlling the composition of the Board of

Directors or owning the largest or controlling percentage of the voting securities

of such person or by way of contractual relationship or otherwise.

4. The receiving party shall use the same degree of care and protection to protect

the Confidential Information received by it from the disclosing party as it uses

to protect its own Confidential Information of a like nature, and in no event such

degree of care and protection shall be of less than a reasonable degree of care.

5. The disclosing party shall not be in any way responsible for any decisions or

commitments made by receiving party in relying on the disclosing party's

Confidential Information.

6. The parties agree that upon termination/expiry of this Agreement or at any time

during its currency, at the request of the disclosing party, the receiving party shall

promptly deliver to the disclosing party the Confidential Information and copies

thereof in its possession or under its direct or indirect control, and shall destroy all

memoranda, notes and other writings prepared by the receiving party or its

Affiliates or directors, officers, employees or advisors based on the Confidential

Information and promptly certify such destruction.

7. Both parties acknowledge that the Confidential Information coming to the

knowledge of the other may relate to and/or have implications regarding the

future strategies, plans, business activities, methods, processes and or

information of the parties, which afford them certain competitive and strategic

advantage. Accordingly neither party shall use the Confidential Information in a

manner that will jeopardise or adversely affect in any manner such future

strategies, plans, business activities, methods, processes, information, and/or

competitive and strategic advantage of the disclosing party.

8. The parties hereto acknowledge and agree that in the event of a breach or

threatened breach by the other of the provisions of this Agreement, the party not

in breach will have no adequate remedy in money or damages and accordingly

the party not in breach shall be entitled to injunctive relief against such breach

or threatened breach by the party in breach.

9. No failure or delay by either party in exercising or enforcing any right, remedy or

power hereunder shall operate as a waiver thereof, nor shall any single or partial

exercise or enforcement of any right, remedy or power preclude any further

exercise or enforcement thereof or the exercise of enforcement of any other

right, remedy or power.

10. If any dispute arises between the parties hereto during the subsistence or

thereafter, in connection with or arising out of this Agreement, the dispute shall

be referred to arbitration under the Indian Arbitration and Conciliation Act, 1996

by a panel of three arbitrators. Each party will appoint one arbitrator and the

two arbitrators so appointed will appoint the third or the presiding arbitrator.

Arbitration shall be held in Mumbai, India. The proceedings of arbitration shall

be in the English language. The arbitrator’s award shall be final and binding on

the parties.

11. This Agreement will be governed exclusively by the laws of India jurisdiction

shall be vested exclusively in the courts at Mumbai.

12. This Agreement shall not be amended, assigned or transferred by either party

without the written consent of the other party.

13. Nothing in this Agreement is intended to confer any rights/remedies under or

by reason of this Agreement on any third party.

14. This Agreement supersedes all prior discussions and writings with respect to

the Confidential Information and constitutes the entire Agreement between the

parties with respect to the subject matter hereof. If any term or provision of this

Agreement is determined to be illegal, unenforceable, or invalid in whole or in

part for any reason, such illegal, unenforceable, or invalid provisions or part(s)

thereof shall be stricken from this Agreement.

IN WITNESS WHEREOF the parties hereto have duly executed this Agreement as of the

date and year written above.

Export-Import Bank of India

(Name of Information Security Consulting

firm)

Name: Name:

Designation: Designation: