request for proposal for information system audit of data ... · information system audit of data...
TRANSCRIPT
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 1 of 50
Request for proposal for Information System Audit of Data Centre, Critical Applications, IT Processes etc. of the Bank
Tender No: PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
PUNJAB & SIND BANK
Head office Information Technology Department 2nd Floor, Bank House, 21-Rajendra Place
New Delhi-110008
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 2 of 50
Contents
Sr.
No.
Particulars Page
No.
1. INTRODUCTION 4
2. ELIGIBILITY CRITERIA 5
3. SCOPE OF WORK 6
4. OTHER IMPORTANT TERMS & CONDITIONS 8
5. TERMS & CONDITION 9
6. RESOLUTION OF DISPUTE 14
7. CORRUPT or FRADULANT PRACTICES 15
8. INDEMNITY 16
9. BIDDER`s OBLIGATION 16
10. PATENT RIGHT 16
11. SIGNING OF CONTRACT 17
12. PUBLICITY 17
13. ANNEXURE A 18-24
14. ANNEXURE B 25-45
15. ANNEXURE C 46-48
16. ANNEXURE D 49-50
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 3 of 50
KEY INFORMATION
Particulars Details
Tender Number PSB/HOIT /RFP/106/2017-18
Tender Title Request for Proposal for Information
System Audit of Data Centre, Critical
Applications, IT Processes etc. of the
Bank
Participation Fee (Non Refundable) Rs. 1,000/- In form of DD favoring
Punjab & Sind Bank payable at New
Delhi
Bid Security (EMD) Rs. 1,00,000.00/- (In form of Bank
guarantee valid for 12 months)
Bid Validity 180 days
Performance Bank Guarantee Rs. 1,00,000.00/- In form of Bank
guarantee valid for 12 months
Date of Publishing the tender on Bank’s
Website 21.12.2017
Last Date for submission of Pre-Bid
Query 28.12.2017 by 3:00 pm (queries must be mailed to
[email protected] only in MS-
excel format quoting tender reference
number in the subject)
Date and Time for Pre Bid Meeting 29.12.2017 03:00 pm
Last Date and time for submission of
Bids 11.01.2018 03:00 pm
Date and Time of Opening of Technical
Bids 11.01.2018 03:30 pm
Date and Time of opening of
Commercial Bids
To be notified later to the qualifying
bidders only.
Place of submission and Opening of
Bids
Punjab & Sind Bank
Head Office, 2nd Floor, Information
Technology Department, Bank House,
21, Rajendra Place, New Delhi 110008
Contact Persons for any clarifications/
Submission of Bids
AGM (IT)
Contact Numbers Manoj Kumar (AGM IT) - 9811728292
Arun Ahlawat (Officer) -8396049100
* If any of the dates given above happens to be Holiday in Delhi, the related activity
shall be undertaken on the next working day at the same time.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 4 of 50
1. INTRODUCTION
1.1 About the Bank
PUNJAB & SIND BANK, a leading Public Sector Bank having its Head Office at New
Delhi is implementing many key technology solutions like Core Banking (CBS), Internet
Banking (e-banking),Tele Banking, Mobile Banking, onsite / offsite ATMs, Integrated
Treasury Systems, RTGS, SFMS, NEFT etc. The Bank has chosen FINACLE Software of
M/s. INFOSYS Ltd., as the Core Banking Solution and implanted CBS in 100% branches
and offices.
1.2 Present Status of the Bank
The Bank is using the financial software Finacle (7.0.25) for carrying out the Banking
operations. The bank has a widespread network of 1500 plus branches, 24 Zonal Offices, 25
Departments in Head Office, 9 Regional Clearing Centers, 2 Training Centers and 9 Currency
Chests all networked under Centralized Banking Solution. It also has a network of more than
1250 ATMs spread across the country including onsite and offsite ATMs. The Bank’s CBS
Project Office and HO Information Technology Department is located in New Delhi. The
Bank’s Data Center (DC) is located in Vashi Mumbai and Disaster Recovery Center at Greater
Noida and both are managed by Bank’s CBS System Integrator M/s Wipro. The DC is
connected to the branches, Zonal Office and Head Office through Bank-wide Wide Area
Network. The entire network uses Leased Lines, RF, VSAT and Backup connectivity through
ISDN lines & RF etc. The ATMs, Mail Messaging System and other applications also use the
WAN. The Disaster Recovery Center of Bank has similar setup as that of Data Centre of
financial software setup.
1.3 Purpose of RFP:
This RFP seeks to engage a Service Provider who has the capability and experience for
Conducting Information Systems (IS) Audit including Application audit of Core Banking
Solution, other applications and to make appropriate recommendations, as covered under the
Scope of Work. Carrying out risk analysis of all IT assets of the Bank and preparation of Risk
Matrix based on Guidelines issued by RBI and Govt. of India.
The aim of the RFP is to solicit proposals from qualified bidders for undertaking above detailed
assignments. Interested eligible bidders may download the RFP from Punjab & Sind Bank
website www.psbindia.com or from Govt. of India web site www.tenders.gov.in.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 5 of 50
2. ELIGIBILITY CRITERIA
Sr.
No.
Eligibility Criteria Support Documents to be
submitted
1
The bidder should be a
Company/Firm/ Organization
registered in India.
Certificate of Incorporation &
Commencement of Business
(whichever applicable) should be
submitted
2
The bidder should have a minimum
turnover of Rs. 50 lacs per year
during last three financial years
(i.e., 2014-15, 2015-16 and 2016-
17).
Audited Balance Sheet for last
three Financial Years 2014-15,
2015-16 and 2016-17 to be
submitted.
CA certificate with regard to
turnover is required to be submitted
by the bidder.
3
The bidder should be in business of
Information System auditing in
India at least for last three years as
on 31.03.2017.
Documentary proof duly signed by
authorized person is required to be
submitted.
4
The Bidder must have positive net
worth in last 3 financial years (i.e.
FY 2014-15, 2015-16 and 2016-
17).
Audited Financial Statements (and
Annual Reports, if applicable) for
the last three financial years, viz.
2014-15, 2015-16 and 2016-17 are
to be furnished. CA certificate
regarding Positive net worth needs
to be furnished.
5
The Bidder must have conducted at
least one Information System audits
of data center and other IT
Infrastructure of Scheduled
Commercial Banks in India
(including all the following aspects),
connected with a minimum 1000
branches, during last four years
(2014, 2015, 2016, 2017):
a) Vulnerability Assessment/
Penetration Testing of
servers/security equipment/
network equipment etc.;
b) Core Banking System and
interfacing applications
Letters from the organizations for
which the bidder had conducted
Information Systems audit (the
scope of the assignment should
have been clearly mentioned).
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 6 of 50
6
The Bidder should have a valid
CERT-In empanelment as on the last
date of submission of bid.
Cert-in empanelment document.
7
The Bidder has a minimum 5
professionals with CISA/ CISM/
CISSP or similar qualifications and
should be on permanent roll of the
organization.
Copies of the CVs of the
Information Systems Audit
professionals (CISA, CISM, CISSP
etc.,) including copies of their
relevant certifications as per the
prescribed format.
8 The Bidder should deploy auditing
team having “auditing experience”
of minimum 3 years, after the date
of related qualification including at
least one CISA professional
throughout the audit period.
Copies of the CVs of the
Information Systems Audit
professionals (CISA, CISM, CISSP
etc.,) including copies of their
relevant certifications as per the
prescribed format.
9 The Bidder should not be
banned/blacklisted/ debarred by any
Bank/PSU/GOI Department/ Indian
Financial Institutions as on date of
submission of bid.
An undertaking letter to be enclosed
by the Bidder clearly stating that
they are not banned/blacklisted/
debarred by any Bank, PSU/ GOI
Departments/ Indian Financial
Institutions as on date of submission
of bid.
Note: The bidder must comply with all the above mentioned criteria. Non-compliance of any
of the criteria will entail rejection of the bid summarily. Photocopies of relevant
documents/certificates should be submitted as proof in support of the claims made. The Bank
reserves the right to verify/evaluate the claims made by the bidder independently.
3. SCOPE OF WORK:
3.1 Scope of Work Related to IS (Information Systems) Audit:
a. The Scope of work mainly relates to conducting of Information System and Security Audit
including Cyber Security Audit of different Information systems/applications/ Databases /
Operating Systems / Security devices, appliances and Solutions / Network Equipments/
Information Technology (IT) Process like sharing information through web services, host to
host etc. in use by the Bank, as listed in Annexure-C, including those systems used by other
agencies for providing services in respect of activities which are outsourced. The scope also
includes the VAPT of all systems as listed in Annexure-C and Annexure- D.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 7 of 50
3.2 The IS Audit should be performed:
a. According to ISO 27001:2013 standard.
b. The guidelines issued by RBI, Govt. of India, NPCI, UIDAI, Cert-In etc.
c. Punjab & Sind Bank IS Audit Policy, Punjab & Sind Bank’s IT security Policies &
Procedures and Punjab & Sind Bank Cyber Security Policy.
d. IT Act. 2000/2008.
3.3 IS Audit of each of the systems should broadly cover the following aspects:
− Physical and Environmental controls
− Logical access Controls
− Operating System/database review including Vulnerability Assessment
− Application Review
− Business process Review
− Network and Security Review including VA and Penetration test
− Backup procedure Review
− Business Continuity/Disaster Recovery plans/practices
− Review of Outsourced Activities
− Virus protection and Patch management.
− Capacity utilization of servers and applications
− Review of Basic minimum Configuration applicable for each system as per
best practice i.e. Baseline Secure Configuration review.
− Application Security Life Cycle (ASLC) review.
− Secure Code Practice Review.
3.4 Vulnerability Assessment and Penetration Tests (VAPT)
The scope also includes conducting Vulnerability Assessment and Penetration Tests (VAPT)
covering operating systems, database, networking and Security Infrastructure and various on-
line applications facing customers as listed in Annexure-C and all other assets listed in
Annexure-D.
3.5. Execution of work:
3.5.1 The successful bidder should submit a detailed plan clearly indicating the tentative dates
and estimated time for IS Audit of all the systems.
3.5.2 During the course of audit, if the bidder/ service provider observes any major
deficiencies, they should immediately bring such observations, deficiencies, areas of
improvement and suggestions for improvement to the notice of the concerned persons. The
service provider should also discuss with, guide/help the Bank staff in implementation of the
critical and important suggestions.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 8 of 50
3.5.3 At the end of IS Audit, the service provider should submit a detailed report containing all
the observations, deficiencies, areas of improvement and suggestions for improvement, for
each system separately. An executive summary should also form a part of the Final Report.
3.5.4 Since it will take some time setting right the deficiencies, on the Bank intimating them to
do so, the service provider should conduct a compliance audit, to confirm setting right of the
deficiencies and implementation of the suggestions. The service provider should submit a
detailed report after compliance audit.
3.5.5 The assignment will be for conducting IS Audit for one time only. Bank, at its option,
will review and entrust the assignment either in full or in part subsequently.
4. OTHER IMPORTANT TERMS & CONDITIONS:
Sr.
No.
Phase Objectives Timeline Deliverables Payment
Schedules
1. Phase-I Conduct of IS Audit
as per scope,
evaluation, discussion
on the findings and
submission of final
reports
6 weeks ISA Report :-
1.Executive summary
2. ISA Report Core
findings along with
Risk Analysis
3. ISA Report Detailed
findings / Checklists
4. ISA Report :-
Analysis of reports
/Corrective Measures
& Suggestions along
with Risk Analysis.
1. 70% after
completion of
PHASE-I.
2. Phase-II Compliance Audit,
Review &
Certification
2 weeks Compliance Report:-
1. Compliance Audit
report.
2. To provide the
BANK an ISA
compliance certificate
including certificate
as per RBI guidelines
for Internet Banking.
2. 30% after
completion of
PHASE-II.
Note: The detail of Phase, deliverables, payment schedule is described in Annexure-A.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 9 of 50
5. TERMS AND CONDITIONS:
5.1. Bid Price:
a. The RFP document can be downloaded from the Bank's website. However, the bidder will
have to pay, along with submission of their bid, a non-refundable fee of Rs. 1,000.00 in the
form of a demand draft issued by a scheduled commercial bank favoring Punjab & Sind Bank,
payable at New Delhi.
b. In the event of non-payment of the fee of Rs. 1,000.00 towards the RFP along with the
submission of the bid documents, the bid will not be considered.
5.2. Bid Security:
a. Bidder will have to provide a Bid security of Rs. 1.00 lakh (Rupees One lakh only) by way of
Bank Guarantee issued by a Scheduled Commercial Bank in favour of Punjab & Sind Bank,
valid for a period of one year from the last date of submission of bid.
b. The Bank reserves its right to reject the bid, in the event of non-submission of the bid-
security of Rs. 1.00 lakh.
c. No interest will be payable on the Bid Security amount.
d. The bid security amount will be forfeited if the bidder refuses to accept purchase order or
having accepted the purchase order, fails to carry out his obligations mentioned therein.
e. The Bid Security will be refunded to the unsuccessful bidders only after completion of the bid
process.
f. The Bid security of the successful bidder would be refunded after the signing of the contract
and furnishing of the Performance Security of Rs. One lacs.
5.3. Clarifications on the RFP
a. Queries/clarifications would not be entertained over phone.
b. All the queries and clarifications must be sought in writing to the email id:
c. Bidders are also requested to collate queries and submit them together seeking
clarifications/responses from the Bank. It should be ensured that all the queries and
clarifications are communicated in writing on or before pre-bid meeting. Queries received
thereafter will not be entertained.
d. Bank will publish the clarifications/amendment (if any) on the bank’s website.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 10 of 50
5.4. Two Part Bid:
a. One hard copy of the Technical Bid and One Copy of the Commercial Bid must be submitted
at the same time, giving full particulars in separate sealed envelopes at the Bank‟s address given
below on or before the schedule given above. The bidder should submit a soft copy of the
technical bid on a CD/Pen drive. Bid (Technical & Commercial) must be submitted at the same
time, giving full particulars in separate sealed envelopes addressed to
The Asstt. General Manager (IT)
Punjab & Sind Bank,
HO IT Department,
Bank House, 21, Rajendra Place,
New Delhi-110008
b. All the envelopes must be super-scribed with the following information –
Type of Bid – Conducting IS Audit of Data Centre, Critical Applications, IT Processes etc.
(Technical Bid)
Type of Bid - Conducting IS Audit of Data Centre, Critical Applications, IT Processes etc.
(Commercial Bid)
Due Date :
Name of Bidder :
Name of the Authorized Person :
Contact Number :
c. All schedules, Formats and Annexure should be stamped and signed by an authorized official
of the bidder`s company.
d. The bid should be delivered preferably by hand or by post/ courier at the given address on or
before the bid submission date and time. Bids sent by fax, e-mail, will not be considered for
evaluation. e. Bids will be opened in the presence of the bidder representatives who choose to attend the
opening of tender on the specified date, time and place of bid opening. All bidders are advised
to be present at the time of bid opening. No separate intimation will be given in this regard.
5.5. No Erasures or Alterations:
a. The original bid (Technical Bid and Commercial Bid) shall be prepared in indelible ink.
b. Technical details must be completely filled up. All the hand-written details in the bid must be
initialed by the persons or person who sign(s) the bids.
c. All the pages of the bid must be initialed by an authorized representative with a round stamp
of the bidding firm.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 11 of 50
5.6. Validity :
a. The bid should remain valid for a period of 180 days from the last date of submission of the
bid.
b. At the option of the Bank, the bidder should extend the validity of bid for such required
period (s), as the Bank may require during the evaluation process.
5.7. Technical Bid:
a. The Technical Bid should be complete in all respects and contain all the information asked
for in this RFP document in an organized and structured manner. All the details sought must be
submitted in the prescribed pro-forma only (as per the attached formats). Additional/ supporting
documents, write-ups, etc., if any, should be furnished separately.
b. The Technical Bid should be submitted in separate sealed envelope, super scribed as
“Conducting IS Audit of Data Centre, Critical Applications, IT Processes etc. (Technical Bid)”
c. The Technical Bid should not contain any price information.
d. The Bank, at its discretion, may not evaluate a bid in case of non-submission or partial
submission of details sought.
e. The Technical Bid should comprise of following (as per the formats):
Sr.
No.
ANNEXURE No. SUBJECT PAGE No.
1 ANNEXURE – I PROFILE OF THE BIDDER 26
2 ANNEXURE – II ORGANISATIONAL STRUCTURE 27
3 ANNEXURE – III FINANCIAL INFORMATION 28
4 ANNEXURE – IV DECLARATION BY BIDDER 29
5 ANNEXURE – V MANPOWER DETAILS 30
6 ANNEXURE – VI EXPERIENCE & EXPERTISE 31
7 ANNEXURE – VII PERFORMANCE STATEMENT 32
8 ANNEXURE – VIII TEAM PROFILE 33
9 ANNEXURE – IX CVs OF TEAM LEADS & OTHERS 34
10 ANNEXURE – XI BID FORM 36
11 ANNEXURE – XII BID SECURITY FORM 37
12 ANNEXURE – XV TECHNICAL DEVIATION 43
13 ANNEXURE – XVII LETTER OF CONFIRMATION 45
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 12 of 50
5.8. Commercial Bid:
a. The Commercial Bid should be submitted in separate sealed envelope, super scribed as
“Conducting IS Audit of Data Centre, Critical Applications, IT Processes etc. (Commercial
Bid)”.
b. The Commercial Bid should provide all relevant price information in Indian Rupees only.
c. The responses should be strictly as per the terms and conditions of this RFP. Bidders are
advised not to attach or specify any terms and conditions. The Bank reserves its right to reject
the bids received with any additional terms and conditions specified by the Bidder.
d. The Commercial Bid should comprise of Annexure-X (Format for Commercial BID-Page
35) & Annexure- XVI (Commercial Deviation-Page 44).
e. The prices mentioned in the commercial bid should strictly be in conformity with the price
composition specified in Annexure-A clause 4.5.
f. The Commercial Bid should include all taxes, duties, fees, and other charges as may be
levied under the applicable law as on the date of submission of the bid. However, the tax
component of the prices should be shown separately.
g. The total cost must be quoted in WORDS AND FIGURES. In case of discrepancy between
the words and figures, lower of the two would be considered as the price quoted and the same
will be binding on the bidder.
h. Commercial Bid of only those bidders, who qualify in Technical Bid evaluation, will be
opened.
5.9 Evaluation Procedure:
a. The evaluation of technical bids will be done by a team of officials, which may include:
i. Scrutiny of eligibility criteria to determine the eligibility of bidders;
ii. Scrutiny of the bids to verify whether the same is in accordance with the RFP terms.
b. In the process of scrutiny of the bids, Bank may seek additional inputs and clarifications as
may be needed. The request for such clarifications and the response will necessarily be in
writing.
c. Bid found to be meeting the Bank`s requirements based on the technical evaluation only will
be considered for commercial evaluation. Cost comparison will be on the basis of TCO (total
cost of ownership).
5.10 Right to Alter Quantities
a. The Bank reserves the right to alter quantities, revise/modify all or any of the specifications,
delete some items specified in this bid, when finalizing its requirements or declare the RFP
void, without assigning any reason, before or after receiving the responses. That is, the Bank
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 13 of 50
reserves its right to add or remove the Information systems in respect of which the IS Audit is
to be conducted.
5.11 No Commitment to Accept Lowest or Any Tender
The Bank shall be under no obligation to accept the lowest or any other bid received in
response to this tender notice and shall be entitled to reject any or all tenders without assigning
any reason whatsoever.
5.12 Rotation of Audit Team
If the selected Bidder has already carried out IS Audit of our bank, the Bidder should change
the entire team and to depute a fresh team.
5.13 Price freezing and Contract Period
a. The final prices stated above, shall remain frozen for a minimum period up to two years
from the date of the purchase order.
b. The Contract would be valid for one time IS Audit exercise only
5.14 Cancellation of the assignment:
The Bank reserves its right to cancel the assignment in the event of one or more of the
following conditions:
a. Delay in commencement of the IS Audit beyond four weeks after the assignment order or
beyond the date given by the bank in the purchase order.
b. Delay in completion of all the phases of the IS Audits beyond the time specified in the
assignment letter.
5.15 Liquidated Damages:
5.15.1 Notwithstanding the Bank's right to cancel the assignment, 0.5% of the order value per
week or part thereof would be payable to the Bank for delay in the execution of this assignment
order beyond specified schedule, subject to a maximum of 5% of the value of the said phase.
5.15.2 Bank reserves it's right to recover these amounts by any mode such as adjusting from
any payments to be made by the Bank to the bidder.
5.15.3 The Bank however may review and consider waiving imposing of liquidated damages
for delays beyond the control of the Bidder.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 14 of 50
5.16 RFP Ownership:
The RFP and all supporting documentation are the sole property of Punjab & Sind Bank and
should not be redistributed without prior written consent of Punjab & Sind Bank. Violation of
this would be a breach of trust and may, inter-alia cause the bidders to be irrevocably
disqualified. The aforementioned material must be returned to Punjab & Sind Bank while
submitting the bid, or upon request. However, bidders can retain one copy for reference.
5.17 Bid Ownership:
The bid and all supporting documentation submitted by the bidders shall become the property
of the Bank. The bid and documentation may be retained, returned or destroyed as the Bank
decides.
5.18 Confidentiality:
5.18.1 This document contains information confidential and proprietary to the Bank.
Additionally, the bidders will be exposed by virtue of the contracted activities to the internal
business information of the Bank. Disclosures of receipt of this RFP or any part of the
aforementioned information to parties not directly involved in providing the services requested
could result in the disqualification of the bidders, premature termination of the contract, or
legal action against the bidders for breach of trust.
5.18.2 Selected bidder will have to sign a legal non-disclosure agreement with the Bank before
starting the project.
5.19 Non Transferable Tender:
This tender document is not transferable. Only the bidder, who has purchased this tender in its
name or submitted the necessary RFP price (for downloaded RFP) will be eligible for
participation in the evaluation process.
5.20 Language of BID:
The bid prepared by the Bidder, all correspondence and documents relating to the bid
exchanged by the Bidder & the Purchaser shall be written in English.
6. RESOLUTION OF DISPUTES:
6.1 The Purchaser and the bidder shall make every effort to resolve amicably by direct informal
negotiation any disagreement or dispute arising out of or in connection with the Contract.
6.2 If, after thirty (30) days from the commencement of such informal negotiations, the
Purchaser and the bidder have been unable to resolve amicably a Contract dispute, either party
may require that the dispute be referred for resolution to the formal mechanisms. Such
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 15 of 50
disputes or differences shall be settled in accordance with the Arbitration and Conciliation Act,
1996. Where the value of contract is above Rs.1 crore, the arbitral tribunal shall consist of 3
arbitrators, one each to be appointed by the Bank and the Bidder. The third arbitrator shall be
chosen by mutual discussion between the Bank and the Bidder.
6.3 The arbitration proceedings shall be held at New Delhi, India, and the language of the
arbitration proceedings shall be English.
6.4 The decision of majority of arbitrators shall be final and binding upon both parties. The
cost and expenses of Arbitration Proceedings will be paid as determined by arbitral tribunal.
However, expenses incurred by each party in connection with the preparation, presentation,
etc., of its proceedings as also the fees and expenses paid to the arbitrator appointed by such
party or on its behalf shall be borne by each party; and
6.5 Where the value of the contract is Rs.1 crore and below, the disputes or differences arising
shall be referred to the sole arbitrator. The sole Arbitrator shall be appointed by agreement
between the parties.
7. CORRUPT OR FRAUDULENT PRACTICES:
7.1 As per CVC directives it is required that Bidders/Suppliers/Contractors observes the
highest standard of ethics during the procurement and execution of such contracts. In
pursuance of this policy;
i) “ Corrupt practice” means the offering, giving, receiving or soliciting of anything of
value to influence the action of a public official in the procurement process or in
contract execution; And
ii) “ Fraudulent practice” means a misrepresentation of facts in order to influence a
procurement process or the execution of contract to the detriment of the Purchaser and
includes collusive practice among Bidders (prior to or after bid submission) designed to
establish bid prices at artificial non-competitive levels and to deprive the Purchaser of the
benefits of free and open competition;
7.2 The Purchaser will reject a bid for award if it determines that the Bidder
recommended for award has engaged in corrupt or fraudulent practices in competing for
the contract in question;
7.3 The Purchaser will declare a firm ineligible, either indefinitely or for a stated period
of time, to be awarded a contract if at any time it determines that the firm has engaged
in corrupt or fraudulent practices in competing for, or in executing a contract.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 16 of 50
8. INDEMNITY:
8.1 The bidder (Contractor) will indemnify the Bank against all actions, proceedings,
claims, suits, damages and any other expenses for causes attributable to the bidder.
8.2 The total liability of the selected bidder under the contract will not exceed the total cost of
the project.
9. BIDDER’S OBLIGATIONS:
9.1 The bidder is obliged to work closely with the Purchaser s staff, act within its own
authority and abide by directives issued by the Purchaser during the IS AUDIT
activities.
9.2 The bidder is responsible for managing the activities of its personnel and will hold itself
responsible for any misdemeanors.
9.3 The bidder is under obligation to provide IS AUDIT services as per the contract to
various Offices of the Bank.
9.4 The bidder will treat as confidential all data and information about the Purchaser, obtained
in the execution of his responsibilities, in strict confidence and will not reveal such
information to any other party without the prior written approval of the Purchaser
10. PATENT RIGHT:
10.1 The Bidders shall indemnify the Purchaser against all third party claims of
infringement of patent, trademark or industrial design rights arising from use of the
Software package or any part thereof in India and abroad.
10.2 In the event of any claim asserted by the third party of infringement of copyright,
patent, trademark or industrial design rights arising from the use of the solution or any part
thereof in India and abroad, the Bidder shall act expeditiously to extinguish such claims.
If the Bidder fails to comply and the Purchaser is required to pay compensation to a third party
resulting from such infringement, the Bidder shall be responsible for the compensation
including all expenses, court costs and lawyer fees. The Purchaser will give notice to
the Bidder of such claims, if it is made, without delay.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 17 of 50
11. SIGNING OF CONTRACT:
11.1 At the time when the Purchaser notifies the Bidder that its bid has been accepted,
the Purchaser will send the Bidder the Contract Form (Annexure-XIV) provided in the
RFP, incorporating all agreements between the parties.
11.2 Within 21(Twenty One) days of receipt of Contract Form, the bidders shall sign and date
the contract and return it to the Purchaser along with the required Performance Security.
11.3 Bank reserves the right to select the next ranked bidder if the selected bidder
withdraws his bid after selection or at the time of finalization of the contract or disqualified
on detection of wrong or misleading information in the bid.
11.4 In case the bidder fails to comply with the Clause 11.1 and 11.2 or in case the
bidder withdraws his bid after selection as per Clause 11.3 the bid security of the bidder will be
forfeited.
11.5 Contract Amendment: No variation in or modification of the terms of the Contract
shall be made except by written amendment signed by the parties.
11.6 The bidder shall not assign, in whole or in part, its obligations to perform under
the Contract, except with the Purchaser s prior written consent.
12. PUBLICITY:
Any publicity by the bidder in which the name of the Purchaser is to be used should be done
only with the explicit written permission of the Purchaser.
Disclaimer
Subject to any law to the contrary, and to the maximum extent permitted by law, Punjab &
Sind Bank and its officers, employees, contractors, agents, and advisers disclaim all liability
from any loss or damage (whether foreseeable or not) suffered by any person acting on or
refraining from acting because of any information including forecasts, statements, estimates, or
projections contained in this RFP document or conduct ancillary to it whether or not the loss or
damage arises in connection with any negligence, omission, default, lack of care or
misrepresentation on the part of Punjab & Sind Bank or any of its officers, employees,
contractors, agents, or advisers.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 18 of 50
Annexure-A
OTHER IMPORTANT TERMS & CONDITIONS
The bidder has to undertake IS audit in a phased manner as described below:-
PHASE I – CONDUCT OF IS AUDIT AS PER SCOPE, EVALUATION, DISCUSSION ON THE
FINDINGS AND SUBMISSION OF FINAL REPORTS
PHASE II – COMPLIANCE AUDIT, REVIEW & CERTIFICATION
The activities covered under each Phase are appended below:
1. PHASE I
1.1 Conduct of Information Systems Audit as per the SCOPE OF WORK as defined in Clause 3.
1.2 The Bank will call upon the bidder, on placement of the order , to carry out
demonstration and/or walkthrough, and/or presentation and demonstration of all or specific
aspects of the IS AUDIT at the Bank s desired location or, for a walkthrough, at a
mutually agreed location. All the expenses for the above will be borne by the concerned bidder.
1.3 Audit schedule to be provided 7 working days prior to the start of audit along with the name of
the auditors who will be conducting the audit. Resumes of the auditors as assigned above for the
project to be provided to the Bank beforehand and they should be deputed to the assignment only
after Bank s Consent.
1.4 Commencement of IS Audit of IT Setups / branches as per the scope of Work.
1.5 Execute Vulnerability Assessment/Penetration testing of the entire network including Internet
Banking, Mobile Banking, Tele Banking and Corporate Website as per the scope of work and
Annexure- C & D on the written permission of the Bank and in the presence of Bank`s Officials,
Analysis of the findings and Guidance for Resolution of the same.
1.6 Detailing the Security Gaps
1.7 Document the security gaps i.e. vulnerability, security flaws, loopholes, etc. observed during the
course of the review of the CBS & other IT infrastructure of the Bank as per the scope of Audit.
1.8 Document recommendations for addressing these security gaps and categorize the
identified security gaps based on their criticality, resource/effort requirement to address them.
1.9 Chart a roadmap for the Bank to ensure compliance and address these Security gaps.
1.10 Addressing the Security Gaps
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 19 of 50
1.11 Help in Fixing/ addressing the Security flaws, gaps, loopholes, shortfalls
Vulnerabilities in deployment of applications / systems which can be fixed immediately. If
recommendations for Risk Mitigation / Removal could not be implemented as suggested , alternate
solutions to be provided.
1.12 Recommend fixes for systems vulnerabilities in design or otherwise for application
systems and network infrastructure.
1.13 Suggest changes/modifications in the Security Policies and Security Architecture including
Network and Applications of PUNJAB & SIND BANK to address the same.
1.14 Final Reports of ISA Findings :- Bidder has to discuss the preliminary report findings /
observations recommendations /suggestions with the Bank and subject to the acceptance of the
preliminary report by the bank, the bidder has to submit the Final report.
1.15 The final reports of the ISA findings will be submitted in parts as detailed under Deliverables
Section:-
ISA Report :- Executive summary
ISA Report Core findings along with Risk Analysis
ISA Report Detailed findings / Checklists
ISA Report :-Analysis of reports /Corrective Measures & Suggestions along with Risk Analysis
1.16 Acceptance of the Final Report .
2. PHASE II .
2.1 Compliance Review An exercise to review the compliance with the findings and recommendations of ISA had to be
undertaken by the bidder. This exercise would be undertaken preferably within 30 days from
the date of completion of Phase I. However , the final date for the start of Compliance
Audit will be intimated by the bank suitably. This exercise would encompass evaluation of the
general/overall level of compliance undertaken by the Bank against the shortcomings reported in the
ISA Reports .
2.2 Certification for compliance with the findings of the ISA & Final Sign Off On completion of the
compliance review and before final sign off, the bidder has to provide the BANK an ISA
compliance certificate including certificate as per RBI guidelines for Internet Banking.
2.3 Provide Certification for the ISA at the end of IS Audit process , the bidder has to provide Bank
certification for IS Audit including a certificate as per RBI guidelines for Internet Banking.
2.4 Documentation Format:-All documents will be handed over in three copies, signed, legible,
neatly and robustly bound on A-4 size, good-quality paper Soft copies of all the documents,
properly encrypted in MS Word /MS Excel /PDF format also to be submitted in CDs/DVDs along
with the hard copies All documents will be in plain English .
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 20 of 50
3. DELIVERY SCHEDULE:
3.1 The delivery of the Reports of Phase I should be effected within 8 weeks of placement of
purchase order.
4. TERMS OF PAYMENT:
4.1 The Bidder s request(s) for payment shall be made to the Purchaser in writing,
accompanied by an invoice describing, as appropriate and services performed and by documents
submitted and upon fulfillment of other obligations stipulated in the Contract.
4.2 Payments shall be made promptly by the Purchaser on submission of an invoice/claim
supported by all required documents by the Bidder.
4.3 Payment will be made to the Bidder in Indian Rupees only.
4.4 Payment Schedule: -
Payment will be made on completion of following milestones:
70% after completion of PHASE-I
30% after completion of PHASE-II
** TDS would be deducted at source for any payment made by the BANK as per the
prevailing Rules of Government of India.
4.5 Price Composition: The price quoted should be inclusive of following:
a) Professional Charges
b) Travel and Halting expenses, including local conveyance
c) Out of pocket expenses
d) Excluding GST
4.6 Work Contract tax, if any, applicable should be borne by the Bidder.
4.7 The commercial bid shall be on a fixed price basis and in Indian Rupees. No price variation
should be asked for relating to increases in customs duty, any taxes, foreign currency price variation
etc. except GST,
4.8 All costs and expenses incurred by bidder in any way associated with the development,
preparation, and submission of responses, including the attendance at meetings, discussions,
demonstrations, reference site visits etc. and providing any additional information required by
Punjab & Sind Bank, will be borne entirely and exclusively by the bidder.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 21 of 50
5.0 TAXES & DUTIES:
5.1 The bidder will be entirely responsible to pay all taxes including corporate tax, income
tax, license fees, duties etc. except GST in connection with delivery of the services at site.
5.2 Wherever the laws and regulations require deduction of such taxes at the source of payment,
the Bank/ purchaser shall effect such deductions from the payment due to the bidder. The
remittance of amount so deducted and issue of certificate for such deductions shall be made
by the Purchaser as per the laws and regulations in force.
5.3 GST if any, which will be applicable should be clearly mentioned separately which will be paid
by the Bank on actual basis on production of proof.
5.4 Nothing in the contract shall relieve the bidder from his responsibility to pay any tax that
may be levied in India on income and profits made by the bidder in respect of this contract.
5.5 Payment of Other Expenses:
a. The selected bidder will have to visit various offices of the Bank, at various locations like
Mumbai, Chennai, Delhi, Noida etc. during the course of IS Audit. The Bank will not pay any
expenses towards travelling, lodging and boarding of the members of IS Audit team of the selected
bidder. They will have to make their own travel and stay arrangements.
b. The bidder may perform a site inspection at its own cost to verify the appropriateness of the
sites/facilities before start of the Audit.
6. PROJECT SCHEDULE:
The selected bidder has to depute its officials at Information Systems Audit Cell, HO Inspection
Department, New Delhi within 10 days from the date of signing of the contract, for holding
a formal meeting During the said meeting the bidder has to give a brief technical overview /
presentation regarding the technical methodology being adopted by them to conduct the said audit.
The bidder has to maintain the schedule time frame as mentioned below:-
The timeframe for completion for Phase I of the project would be maximum 6 weeks
The time frame for completion for Phase II would be maximum 2 weeks
An exercise to review the compliance with the findings and recommendations of IS Audit had to be
undertaken by the bidder (Phase-II). This exercise would be undertaken preferably within 180 days
from the date of completion of phase I. However, Final date for the start of compliance Audit
will be informed by the Bank in due course of time.
The Final ISA certificate is to be issued within a week of Audit Compliance Review.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 22 of 50
7. DELIVERABLES:-
The major deliverables in this project are noted below:-
7.1 Information Systems Audit as per the Scope of Work.
7.2 Vulnerability Assessment/Penetration testing of the entire network including Internet Banking as
per the scope of work and Annexure C & D, Analysis of the findings and Guidance for Resolution
of the same.
7.4 ISA Report (Type - Documentation)
7.4.1 Audit Report :-
Broadly the Audit Report should contain keeping the undernoted points in view :-
Gaps, Deficiencies, Vulnerabilities observed in audit. Specific observations will be given
indicating name and important address of equipment Risk associated with Gaps, deficiencies,
vulnerabilities observed Analysis of vulnerabilities and issues of concern.
Recommendations for corrective action.
Category of Risk. Very High/ High/Medium/ Low.
Summary of audit findings including identification tests, tools used and results of test performed
during IS Audit. Report on audit covering compliance status of the IS Audit. All observations will
be thoroughly discussed with process owners before finalization of report. Audit report should be
submitted in the following order:
Location, Domain/Module, Hardware, Operating Systems.
Detailed report of network audit including VAPT with recommendations and suggestions.
Detailed report of VAPT.
Audit report shall incorporate a certificate that the report covers every area specified in the
scope of the BID.
The IS Audit Reports have to be submitted at the end of Phase I and the sets of reports would
comprise of the following sub reports:-
7.4.2 ISA Report :- Executive Summary :-
An executive summary should form a part of the FINAL REPORT.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 23 of 50
7.4.3 ISA Report: Core Findings along with Risk Analysis:
The bidder will submit a report bringing out the core findings of the IS Audit exercise in the
existing practices along with Risk Analysis of individual items, with reference to the best
practices &standards.
7.4.4 ISA Report: Detailed Findings/Checklists :
The detailed findings of the ISA would be brought out in this report which will cover in details all
aspects viz. identification of flaws / gaps /vulnerabilities in the systems ( specific to
equipments/resources –indicating name and IP address of the equipment with Office and
Department name ) ,identifications of threat sources, identification of Risk , Identification of
inherent weaknesses ,Servers/Resources affected with IP Addresses etc. Report should classify
the observations into Critical /Non Critical category and asses the category of Risk
Implication as VERY HIGH/HIGH/MEDIUM/LOW RISK based on the impact. The various
checklist formats, designed and used for conducting the IS Audit as per the scope, should
also be included in the report separately for Servers (different for different OS), RDBMS,
Network equipments , security equipments etc , so that they provide minimum domain wise
baseline security standard /practices to achieve a reasonably secure IT environment for
technologies deployed by Punjab & Sind Bank. The Reports should be substantiated with the
help of snap shots/evidences /documents etc. from where the observations were made.
7.4.5 ISA Report :- In Depth Analysis of findings /Corrective Measures &Suggestions along
with Risk Analysis :- The findings of the entire IS Audit Process should be critically analyzed
and controls should be suggested as corrective /preventive measures for strengthening /
safeguarding the IT assets of the Bank against existing and future threats in the short /long
term. Report should contain suggestions/recommendations for improvement in the systems
wherever required. If recommendations for Risk Mitigation /Removal could not be
implemented as suggested , alternate solutions to be provided. Also, if the formal procedures are not
in place for any activity, evaluate the process & the associated risks and give
recommendations for improvement as per the best practices.
7.4.6 Provide Certification for the ISA (Type - Documentation & Service At the end of IS Audit
process, the bidder has to provide Bank certification for IS Audit including a certificate as per RBI
guidelines for Internet Banking.
7.4.7 Documentation Format:-All documents will be handed over in three copies, signed, legible,
neatly and robustly bound on A-4 size, good-quality paper Soft copies of all the documents,
properly encrypted in MS Word /MS Excel /PDF format also to be submitted in CDs/DVDs along
with the hard copies All documents will be in plain English .
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 24 of 50
7.4.8 LIST OF COUNT OF SERVERS/DEVICES IN DIFFERENT AUDITEE LOCATIONS (It
may vary in actual scenario) is enclosed as Annexure ‘D’.
Note:- The list may vary in actual scenario. Any new addition/ up gradation in hardware, software,
new deliverables, change in architecture during the contract period at Data Center, DRS etc
will also be covered in the audit. Exact details of the devices /equipments at the various
auditee locations will be provided to the final shortlisted bidder at the time of placing of order.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 25 of 50
ANNEXURE B: SCHEDULE OF REQUIREMENTS
I N D E X
Sr. No. ANNEXURE No. SUBJECT PAGE No.
1 ANNEXURE – I PROFILE OF THE BIDDER 26
2 ANNEXURE – II ORGANISATIONAL STRUCTURE 27
3 ANNEXURE – III FINANCIAL INFORMATION 28
4 ANNEXURE – IV DECLARATION BY BIDDER 29
5 ANNEXURE – V MANPOWER DETAILS 30
6 ANNEXURE – VI EXPERIENCE & EXPERTISE 31
7 ANNEXURE – VII PERFORMANCE STATEMENT 32
8 ANNEXURE – VIII TEAM PROFILE 33
9 ANNEXURE – IX CVs OF TEAM LEADS & OTHERS 34
10 ANNEXURE – X FORMAT FOR COMMERCIAL BID 35
11 ANNEXURE – XI BID FORM 36
12 ANNEXURE – XII BID SECURITY FORM 37
13 ANNEXURE – XIII PERFORMANCE SECURITY FORM 39
14 ANNEXURE – XIV CONTRACT FORM 41
15 ANNEXURE – XV TECHNICAL DEVIATION 43
16 ANNEXURE – XVI COMMERCIAL DEVIATION 44
17 ANNEXURE – XVII LETTER OF CONFIRMATION 45
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 26 of 50
ANNEXURE –I (TECHNICAL BID) :- PROFILE OF THE BIDDER
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
DESCRIPTION DETAILS
Registered address of the Bidder
Address:
Address for Correspondence of the Bidder
STD- Phone:
e-mail Id:
FAX No:
Contact name of the official who
can commit on the contractual terms
and the name of an alternate official
who may be contacted in the
absence of the former
Primary Contact:
Name:
Designation:
STD- Phone No:
Mobile Phone :
e-mail ID :
Alternate Contact:
Name :
Designation:
STD- Phone No:
Mobile Phone :
e-mail ID :
Contact addresses if different from
above
Official Website Web Site URL :
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 27 of 50
ANNEXURE –II (TECHNICAL BID) :- ORGANISATIONAL STRUCTURE
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
DESRCRIPTION DETAILS
Business Structure of the Bidder –Government
organization / PSU /Partnership Firm /Limited
Co. / LLP/ Private Ltd. Co. (Enclose relevant
registration details)
Registered Office
Bidder’s Organization’s date of
inception/Commencement of Business
No. of completed years in existence as on the last
date of bid submission
Constitution
Names of Directors
Core Business of Bidder
Bidder is engaged in Information Systems
Audits since (month & year) & total experience (in
years/months) in IS Audit Services
Whether Information Systems Audit is a core
function of the bidder?
Empanelment with CERT-In as IS Audit
Organization – current status ( Enclose
Empanelment details)
Empanelment valid from :-
Empanelment valid up to :-
Whether submitting the Bid as a part of any
consortium (Yes/No)
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 28 of 50
ANNEXURE – III (TECHNICAL BID) :- FINANCIAL INFORMATION
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
DESRCRIPTION DETAILS
Total Turnover over the past three years
from operations in India
2014-15 Rs.
2015-16 Rs.
2016-17 Rs.
Authenticated proof of Audited Balance-
Sheet etc for the last 2 years(Enclosed
Relevant documents are ):
1)
2)
3)
Net Profit of the Organization for last 3
years
2014-15 Rs.
2015-16 Rs.
2016-17 Rs.
Authenticated proof of Audited Balance-
Sheet etc for the last 3 years(Enclosed
Relevant documents are ):
1)
2)
3)
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 29 of 50
ANNEXURE –IV (TECHNICAL BID) :- DECLARATIONS BY BIDDER
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
DESRCRIPTION DETAILS
Bidder warrants financial solvency i.e.
ability to meet all debts as and when they
fall due
(substantiate)
Bidder confirms that it has not been
blacklisted by any Govt. Department
/PSU/PSE or Banks or the bidder/firm
is otherwise not involved in any such
incident with any concern whatsoever
(substantiate)
Bidder confirms that it has not been a
Bidder /consultant for supply of
Hardware/Software components of the
bank or involved in implementing
Security & Network Infrastructure or
providing services excluding IS Audit
Services , either directly, or indirectly
through a consortium, in the past three
years to PUNJAB & SIND BANK
(Enclose a relevant declaration
/confirmation to this effect – Annexure
XVII)
(substantiate)
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 30 of 50
ANNEXURE –V (TECHNICAL BID) :- MANPOWER DETAILS
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
DESRCRIPTION DETAILS
Number of Professional Manpower
available for IS Audits in the
organization (Mention count for the
Permanent employees only )
S.N. PROFESSIONAL
1. CISA / CISM
2. CISSP
3. BS 7799/ISO27001LA
4. CCNA / CCNE
5. DISA / ISA
6. OCP / OCM
7. OTHERS
8. TOTAL
Details Of Teams Leads / Project
leads/Key Personnel who have led
prior IS audit assignments of DC/DRS etc.
in a Bank or other organization.
(Enclose Individual Curriculum Vitae of
Team Leads / Project Leads and other
key personnel assigned for the project
as per Annexure VIII & IX).
CISA :
CISSP :
BS7799/ISO 27001 LA :
Any Other :
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 31 of 50
ANNEXURE –VI (TECHNICAL BID) :- EXPERTISE & EXPERIENCE
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
DESRCRIPTION DETAILS
Details of the Assignments where the
bidder has performed IS audit of Data
Centre / DRS & Related Infrastructure in
a Bank/Other organization during the last
two years
Tools used for IS Audit of DC,DRS, PG
etc.
Methodology adopted for IS Audit of DC,
DRS etc.
Bidder’s experience & Expertise in IS
Audit of CBS Data Centre / DRS , VAPT
of the entire CBS Infrastructure including
Internet Banking, IS Audit of ATM
Switch, IS Audit of Payment gateway, IS
Experience & Expertise in Vulnerability
Assessments in Audit of specialized CBS
branches like Service Branch (Enclose
Relevant documents) Experience &
Expertise in Penetration Testing of CBS
n/w .
(Enclose Relevant documents)
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 32 of 50
Annexure VII :-( Technical Bid)
PERFORMANCE STATEMENT OF THE BIDDER (We expect minimum three
references)
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017
DESRCRIPTION DETAILS
Name of the Bank / organization
Address of the Bank / organization
Project Name(Mention only IS Audit of DC
/DRS/VAPT & allied Infrastructure related projects in
Banks/other organizations)
Sites covered under the Project
IS Audit start date
Current status of the Project
Duration of the Project
Modules covered in IS audit
Infrastructure/Facilities covered in IS Audit
Contact person details from the Bank
1)Name:-
2) Designation :-
3)Phone No. :-
4)Email Id :-
Names of project staff/ professionals involved
Nature of audit work that was outsourced (if any)
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 33 of 50
Annexure VIII :- (Technical Bid) PROFILE OF THE PROPOSED CORE AUDIT
TEAM TO BE ASSIGNED FOR THE PROJECT
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
S.N. NAME DESIG. PART
TIME/
FULL
TIME
ROLE IN
IS AUDIT
(TASK/
MODULE)
PROFESSIONAL
QUALIFICATION
YEARS
OF IS
AUDIT
EXP.
1
2
3
4
5
6
7
8
9
10
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 34 of 50
Annexure IX (Technical Bid) INDIVIDUAL CV’s FOR TEAM LEAD & OTHER
MEMBERS OF THE CORE AUDIT TEAM TO BE ASSIGNED FOR THE
PROJECT
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
(To be furnished on separate sheet for each member of the audit team ) DESRCRIPTION DETAILS
Name of the member
Role of the Member
Employee of the audit firm / company
since:
Designation:
Educational Qualification:
Other Certifications/accreditations:
Employment History
Total Banking Experience (no. of years,
areas of experience)
Experience in similar IS Audit projects in the past three
years(including client details, role of member, activities performed,
duration of experience)
S.NO. Client Organization
Details Of
assignment done
& Role Assigned
Experience in
Months & years
Authorized Signatory with Seal
Date:
Place:
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 35 of 50
Annexure X :- (Commercial bid)
FORMAT FOR COMMERCIAL BID
RFP Ref. No: PSB/HOIT/RFP/106/2017-18 Dated: 21.12.2017 PARTICULARS BASE AMOUNT (IN
RS) INCLUDING ALL
TAXES AS PER THE
CURRENT RATE
EXCLUDING GST
(A)
GST AS PER THE
CURRENT RATE
APPLICABLE
(B)
TOTAL
AMOUNT
(A+B=C)
Cost of IS Audit as
per the scope of
work defined in the
RFP (Inclusive of all
fees & expenses)
TOTAL COST OF
IS AUDIT
(Total Base Amount (As per column A) in Words: - Rupees )
Authorized Signatory with Seal
Date:
Place:
Note:-
The Commercial Bid should contain the Total Project cost, on a
fixed cost Basis. Punjab & Sind will neither provide nor reimburse any
expenditure towards any type of Accommodation, Travel Ticket, Airfares,
Train fares, Halting expenses, Transport, Lodging , Boarding etc.
The prices quoted above should be inclusive of all taxes & Duties
as applicable except GST. The commercial bid will be evaluated based on
column (A) i.e. Base Amount including all taxes as per the current rate excluding
GST.
GST should be mentioned in the separate column as provided in the format
Providing commercial bid other than this format may lead to rejection of
the bid.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 36 of 50
Annexure XI :- (Technical Bid)
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
BID FORM
To Date:
PUNJAB & SIND BANK,
H.O. IT Department,
2nd floor, Bank House,
21, Rajendra Place,
New Delhi – 110008
Having examined the RFP including all Annexures, the receipt of which is hereby
duly acknowledged, we the undersigned, offer to provide IS Audit services in
conformity with the said RFP in accordance with the Price Composition indicated in
the Commercial Bid and made part of the Bid.
We undertake, if our bid is accepted, to deliver the services in accordance with the
delivery schedule specified in Annexure A.
We agree to abide by this bid for the period of 180 days from the last date of submission
of the bid and it shall remain binding upon us and may be extended at any time before the
expiration of that period.
We undertake that, in competing for (and, if the award is made to us, in
executing) the above contract, we will strictly observe the laws against fraud and
corruption in force in India namely “Prevention of Corruption Act 1988”.
We understand that the Bank is not bound to accept the lowest of any bid the
Bank may receive.
Dated this ________________ day of _____________ 20 .
(Signature) (In the Capacity of)
Duly authorized to sign bid for and on behalf of
(Name & Address of Bidder) ________________________________
Business_________________________ Address________________
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 37 of 50
Annexure XII :- (Technical Bid)
BID SECURITY FORM
(SAMPLE FORMAT OF BANK GUARANTEE (BG) FOR BID SECURITY)
(ON A NON-JUDICIAL STAMP PAPER OF RS. 100.00) TO:
PUNJAB & SIND BANK,
H.O. IT Department,
2nd floor, Bank House,
21, Rajendra Place,
New Delhi – 110008
WHEREAS ____________________ (hereinafter called “the Bidder”) has submitted
its bid dated _________ (date of submission of bid) for providing services of IS
Audit ) (hereinafter called “the ________________________ ( name and/or description
of goods/Services Bid”).
KNOW ALL PEOPLE by these presents that WE __________ ( name of bank) of
________ (name of country)having our registered office at ____________________
(address of bank) (hereinafter called “the Bank”) are bound unto PUNJAB & SIND
BANK (hereinafter called “the Purchaser”) in the sum of ________________ for which
payment well and truly to be made to the said Purchaser, the Bank binds itself, its
successors and assigns by these presents. Sealed with the common seal of the said Bank
this _______ day of __________, 20___.
THE CONDITONS of this obligation are:
If the Bidder withdraws its Bid during the period of bid validity specified by the
Bidder on the Bid Form; or
If the Bidder, having been notified of the acceptance of its bid by the Purchaser
during the period of bid validity fails or refuses to execute the Contract Form if
required;
We undertake to pay the Purchaser up to the above amount upon receipt of its first
written demand, without the Purchaser having to substantiate its demand, provided
that in its demand the Purchaser will note that the amount claimed by it is due to
it owing to the occurrence of one or both of the two conditions, specifying the
occurred condition or conditions.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 38 of 50
This guarantee will remain in force up to the last date of submission of the bid i.e.
_________, and any demand in respect thereof should reach the Bank not later than the
above date.
Place:
SEAL Code No. SIGNATURE
NOTE: 1 BIDDER SHOULD ENSURE THAT THE SEAL & CODENO. OF THE
SIGNATORY IS PUT BY THE BANKERS, BEFORE SUBMISSION OF BG.
2 STAMP PAPER IS REQUIRED FOR THE BG ISSUED BY THE BANKS
LOCATED IN INDIA.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 39 of 50
Annexure XIII: - PERFORMANCE SECURITY FORM
(SAMPLE FORMAT OF BANK GUARANTEE (BG) FOR EMPANELMENT SECURITY)
(ON A NON-JUDICIAL STAMP PAPER OF RS. 100.00)
TO:
PUNJAB & SIND BANK,
H.O. IT Department,
2nd floor, Bank House,
21, Rajendra Place,
New Delhi – 110008
WHEREAS ____________________ (hereinafter called “the Bidder”) has submitted
its bid dated _________ (date of submission of bid ) for providing services of IS
Audit ________________________ ( name and/or description of goods ) (hereinafter
called “the Bid”).
KNOW ALL PEOPLE by these presents that WE __________ ( name of bank ) of
________ (name of country) having our registered office at ____________________
(address of bank) (hereinafter called “the Bank”) are bound unto PUNJAB & SIND
BANK (hereinafter called “the Purchaser”) in the sum of ________________ for which
payment well and truly to be made to the said Purchaser, the Bank binds itself, its
successors and assigns by these presents. Sealed with the common seal of the said Bank
this _______ day of __________, 20___.
THE CONDITONS of this obligation are:
1. If the Bidder, having been notified as selected for providing IS AUDIT SERVICES to
the Purchaser, during the period of contract fails to perform obligations as bidder and fulfill
requirements as specified in the contract up to the desired level.
We undertake to pay the Purchaser up to the above amount upon receipt of its first
written demand, without the Purchaser having to substantiate its demand, provided
that in its demand the Purchaser will note that the amount claimed by it is due to
it owing to the occurrence of one or both of the two conditions, specifying the
occurred condition or conditions.
This guarantee will remain valid for a period of 12 months from the date of signing
of the contract i.e. from _________ to _________, and any demand in respect thereof
should reach the Bank not later than the above date.
Place:
SEAL Code No. SIGNATURE
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 40 of 50
NOTE:
1. THE BIDDER SHOULD ENSURE THAT THE SEAL & CODENO. OF THE
SIGNATORY IS PUT BY THE BANKERS, BEFORE SUBMISSION OF BG.
2. STAMP PAPER IS REQUIRED FOR THE BG ISSUED BY THE BANKS
LOCATED IN INDIA.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 41 of 50
Annexure XIV: - CONTRACT FORM (SAMPLE)
(Non-Judicial Stamp Paper of appropriate value)
RFP REF. NO.
CONTRACT NUMBER:
THIS AGREEMENT made the _________ day of ______, 20___ Between PUNJAB
& SIND BANK (hereinafter “the Purchaser”) of one part and __________ (Name of
Selected Bidder) of ____________ (City and Country of Bidder) (hereinafter “the Bidder”)
of the other part:
WHEREAS the Purchaser is desirous that certain services should be provided by
the Bidder, viz. ________________ ________________ (Brief description of Services)
and has accepted a bid by the Bidder for supply of software and services to meet
its requirement from time to time.
NOW THIS AGREEMENT WITNESSETH AS FOLLOWS:
1. In this Agreement words and expressions shall have the same meanings as are
respectively assigned to them in the Conditions of Contract referred to.
2. The following documents shall be deemed to form and be read and construed as part
of this Agreement, viz. :
(a) RFP No. PSB/HOIT/RFP/106/2017-18 dated 21.12.2017 and all its
addendums/modifications.
(b) The Bid form and price schedule submitted by the bidder and subsequent
amendments made into it as accepted by the bank.
(c) the Scope of works, deliverables
(d) all terms & conditions as per RFP, Annexure-A & Annexure-B
3. In consideration of the payments to be made by the Purchaser to the Bidder in terms of
Purchase Order for IS AUDIT services placed by Head Office of the Purchaser, the
bidder hereby covenants with the Purchaser to provide the services therein in
conformity in all respects with the provisions of the contract.
4. The Purchaser hereby covenants to pay the bidder in consideration of the provision
of services , the Purchase order Price or such other sum as may become payable under the
provisions of the Contract at the times and in the manner prescribed by the Contract.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 42 of 50
IN WITNESS whereof the parties hereto have caused this Agreement to be executed
in accordance with their respective laws the day and year first above written.
Signed, sealed and Delivered by the Said ________________________ (For the Bidder) in
presence of _______________________
Signed, sealed and Delivered by the Said ________________________ (For the Purchaser)
in presence of ______________________
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 43 of 50
Annexure XV :- (Technical Bid)
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
TECHNICAL DEVIATION STATEMENT
The following are the particulars of deviations from the requirements of the tender/ bid:-
CLAUSE DEVIATION REMARKS
(Including justification)
Whether it has any
commercial implications
(Reply in yes*/ no)
The eligibility criterion & offered IS AUDIT services furnished in the bidding document
shall prevail over those of any other documents forming a part of our bid except only to the
extent of deviations furnished in this statement.
Dated ________________ Signature and seal of the Bidder
Note: Where there is no deviation, the statement should be returned duly signed with
an endorsement indicating “No Deviations”.
* If reply is yes, it must be specified in Annexure- XVI (Commercial Deviation
Statement Form), else the commercial implication will be treated as NIL.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 44 of 50
Annexure XVI :- (Commercial Bid)
RFP REF No:- PSB/HOIT/RFP/106/2017-18 Dt. 21.12.2017
COMMERCIAL DEVIATION STATEMENT FORM
The following are the particulars of deviations from the requirements of the tender/ bid:
CLAUSE DEVIATION REMARKS
(Including justification)
The cost of offered IS AUDIT services furnished in the bidding document (Annexure- X)
shall prevail over those of any others document forming a part of our bid except only to the
extent of deviations furnished in this statement.
Dated ________________ Signature and seal of the Bidder
NOTE: Where there is no deviation, the statement should be returned duly signed
with an endorsement indicating “No Deviations”.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 45 of 50
Annexure XVII (Technical Bid)
LETTER OF CONFIRMATION
The Asstt. General Manager,
PUNJAB & SIND BANK,
H.O. IT Department,
2nd floor, Bank House,
21, Rajendra Place,
New Delhi – 110008
Dear Sir,
We confirm that we will abide by the conditions mentioned in the Tender Document
(RFP and annexure) in full and without any deviation subject to Annexure- XV
& XVI. We shall observe confidentiality of all the information passed on to us in
course of the IS Audit process and shall not use the information for any other purpose
than the current tender.
We confirm that we have not been blacklisted by any Govt. Department /PSU / PSE
or Banks or otherwise not involved in any such incident with any concern
whatsoever, where the job undertaken / performed and conduct has been
questioned by any authority, which may lead to legal action.
We also confirm that we are not a bidder /consultant to the bank involved in
either supply/installation of Hardware/Software, implementation of
Security/Network Infrastructure of the Bank or providing services excluding IS
Audit services, in the past three years directly or indirectly through a consortium.
Place :
Date:
(Authorized Signatory)
SEAL
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 46 of 50
ANNEXURE “C”
A. Systems/ Applications and its Locations (tentative)
1.1 Information Systems Audit should cover entire Information Systems
Infrastructure which includes Servers & other hardware items, Operating Systems,
Databases, Application Systems, Technologies, Networks, Facilities, Process & People
of the under noted locations :
Sr.
No.
Particulars DC DR NLDC
1. CBS Servers,
Interfaces, Network &
Other Devices
Navi Mumbai Greater
Noida
Navi Mumbai
2. ATM Switch & Back
Office
Chennai Mumbai N.A.
3. Financial Inclusion,
Centralized FI gateway
Application solution
Navi Mumbai -- N.A.
4. E-KYC (Biometrics) Navi Mumbai -- N.A.
5. Internet Banking
Application
Navi Mumbai Greater
Noida
Navi Mumbai
6. Mobile Banking
Application
Navi Mumbai Greater
Noida
Navi Mumbai
7. Mail Messaging
Solution
Navi Mumbai Greater
Noida
Navi Mumbai
8. Intranet of the bank Navi Mumbai Greater
Noida
Navi Mumbai
9. SMS Alert System Mumbai pune
10. RTGS/NEFT etc. HO.IT Deptt.
Rajendra Place
Greater
Noida
11. Cheque Truncation
System (CTS) -
Northern Grid
RCC,Delhi,C.P. (Soon wil shift to Ranjit
Nagar)
Greater
Noida
12. Cheque Truncation
System (CTS) -
Southern Grid
RCC,Mumbai
(Opex Model)
13. Cheque Truncation
System (CTS) -
Western Grid
RCC Chennai
(Opex Model)
14. Treasury Solution Navi Mumbai Greater
Noida
N.A.
15. UPI Mumbai New Delhi N.A.
16. BBPS Mumbai Chennai --
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 47 of 50
17. POS Mumbai Banglore --
18. Bharat QR Code Mumbai Banglore --
19. Aadhar Enable
Payment System
(AEPS)
20. Merchant Aadhar
Payment System
21. Accumen Pro Connect
(Liquidity
Management System)
HO.IT Deptt.
Rajendra Place
Greater
Noida
22. Call Centre Noida Noida
23. GST Navi Mumbai Greater
Noida
24. SWIFT Navi Mumbai HO.Fex
Deptt.
N.D.
(To be soon
shifted to
Greater
Noida)
--
25. Card Management Chennai Pune --
26. CCIL Server HO.IT Deptt.
Rajendra Place
Greater
Noida
--
27. ALM Greater Noida Vashi
Mumbai
--
28. AML Navi Mumbai Greater
Noida
--
29. Data Archival
Retrieval (DAR)
Navi Mumbai Greater
Noida
--
B. IS AUDIT OF INTERNET BANKING (WWW.PSBONLINE.CO.IN),
MOBILE BANKING
(HTTPS://WWW.PSBMOBILE.COM/MPAYPSBWAP/PSB),
INTRANET.PSB.CO.IN, WEBMAIL.PSB.CO.IN, UPI, BHIM, FI AND
CORPORATE WEBSITE (WWW.PSBINDIA.COM) OF THE BANK
While conducting the IS Audit, the guidelines/ recommendations issued by CERT-In
and Reserve Bank of India should be strictly complied with. C. Vulnerability Assessment & Penetration Testing (Internal and External) The Bidder is expected to conduct a VA/PT of the deployed solution at the Data
Centre and the Disaster Recovery Site and ensure compliance of the security gaps. A
list of a minimum set of activities to be performed as detailed in scope of work.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 48 of 50
D. Application Review and Testing The bidder is to carry out an application review covering the functionality, security,
and controls within the applications. A list of a minimum set of activities to be
performed as detailed in scope of work.
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 49 of 50
ANNEXURE ‘D’
LIST OF SERVERS/DEVICES IN DIFFERENT AUDITEE LOCATIONS
(It may vary in actual scenario)
Sr.
no. Purpose Model
Quantity
DC DR NLDC
Servers , Storage & Tape Library
1
CBS Servers
(Database +
Application)
Oracle T4-4 2 2 NA
2
CBS Servers
(Database +
Application)
Oracle T4-1 6 6 NA
3 SASCL Server Oracle T3-1 1 NA NA
4 Storage EMC VNX 5500 in DC & DR and
EMC VNX 5300 in near site 1 1 1
5 Storage EMC VNXe 3100 1 NA NA
6 SAN Switch Cisco SAN Switch 2 2 2
7 Tape Drive Tandberg T40+ Tape library 1 1 NA
8 Blade Chassis Cisco UCS chassis 6 4 NA
9 Windows
Servers Cisco UCS Blade server 42 28 NA
Networks equipment
1 MPLS Routers ASR1002-10G-SEC/K9 2 2 2
2 IPSec Routers ASR1002-10G-VPN/K9 2 2 NA
3 Routers CISCO2921-SEC/K9 4 2 NA
4 Routers CISCO2921-SEC/K9 2 1 NA
5 Core Switches N7K-C7009-BUN2-R 2 2 NA
6 Server Farm WS-C3750X-24T-S 3 2 2
7 Uplink Switches WS-C3750X-24T-S 4 4 NA
8 DMZ Switches WS-C2960G-24TC-L 2 2 NA
9 Web Zone ACE-4710-04-K9 4 4 NA
10 ISE SLB ACE-4710-04-K9 4 4 NA
11 Internet Section APV 2600 2 2 NA
12 Replication APV 2600 2 2
NA
INFORMATION SYSTEM AUDIT OF DATA CENTRE, CRITICAL APPLICATIONS, IT
PROCESSES ETC. OF PUNJAB & SIND BANK
RFP REF. NO.: HO/HO IT/RFP/106/ 17-18 DATED: 21.12.2017 Page 50 of 50
Sr. no. Purpose Model Quantity
DC DR NLDC
Security Equipments
1 Intranet
Firewall ASA5585-S20P20XK9 2 2 NA
2 RA VPN
Firewall ASA5545-K9 2 2 NA
3 Internet
Firewall CP4200 2 2 NA
4 CP Security
Mgmt Smart-1 1 NA NA
5 CP Smart
Event SM503-EVNT 1 NA NA
6 Access Control CSACS-1121-K9 1 1 NA
7 Admission
Control ISE-3395-K9 8 8 NA
8 Web Gateway MFE Web Gateway 5500
Appl-B 2 1 NA
9 Email Gateway MFE Email Gateway 5500
Appl-C 2 1 NA
Sr. no. Purpose Model Quantity
DC DR NLDC
Other
1 Network
Monitoring LMS-4.1-2.5K-K9 1 1 NA
2 Security
Monitoring L-CSMPR250-4.2-K9 1 1 NA
3 NAC Cisco L-ISE-ADV5Y-5K= 4 3 NA