INDIAN OVERSEAS BANK
Information Technology Department
Central Office, 763, Anna Salai,
CHENNAI – 600 002
RFP Ref No. RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018
FOR SUPPLY, INSTALLATION AND MAINTENANCE OF NETWORK ACCESS CONTROL (NAC)
SOLUTION
AMENDMENT NO.6 13.12.2018
All other terms and conditions given in various clauses / sub-clauses / Annexure in the above
referred RFP to the extent not modified below, shall remain
Unchanged and continue to be applicable.
___________________________________________________________________________________________________
Page 1 of 27
Sl. No RFP Clause Existing RFP Terms Amended RFP Terms
1 1.3.a.2 The proposed NAC solution of the OEM
must be in Gartner's Leaders Magic
Quadrant for NAC Solution in 2 out of
last 3 years. Documentary Proof to be
submitted.
The proposed NAC solution of the
OEM must be in Gartner's Leaders
Magic Quadrant for NAC Solution
in 2 out of last 5 published reports
(from 2010 to 2014) for Network
Access Control. Documentary
Proof to be submitted.
2 1.3.a.3 The proposed NAC solution from the
OEM should be functional in any two
organizations (Bank
/Insurance/Government) with a
minimum of 10000 endpoints each, in
India on the date of the RFP.
(Documentary proof to be submitted).
The proposed NAC solution from
the OEM should be functional in
atleast one of any organizations
(Bank/Insurance/Government)
with a minimum of 10000
endpoints each, in India on the
date of the RFP. (Documentary
proof to be submitted).
3 1.3.a.4 Proposed Managed Switches & NAC
Solution should be from the same OEM.
The proposed solution (NAC &
Managed Switches) should be of the
latest model and should not be
declared End of Service Life for the
duration of the contract period (7
years for NAC & 7 years for Managed
Switches). Proposed solution should not
have been declared EOL as on the
date of submission of bids.
Documentary Proof (Annexure IV) to
be attached.
The proposed solution (NAC &
Managed Switches) should be of
the latest model and should not
be declared End of Service Life
for the duration of the contract
period (7 years for NAC & 7 years
for Managed Switches).
Proposed solution should not
have been declared EOL as on
the date of submission of bids.
Documentary Proof (Annexure IV)
to be attached.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 2 of 27
4 1.3.b.4 The Bidder should be Original
Equipment Manufacturer of the NAC
Solution or the premium partner of
OEM. The Bidder must be in position to
provide support / maintenance / up
gradation during the period of
contract with the Bank and must be
having back-to-back support from
OEM. Bidder, be it OEM or premium
partner, to submit a letter of
authorization / Manufacturer
Authorization Form (MAF) as per format
provided in Annexure IV of this RFP.
Either OEM or only one of its premium
partner in India shall participate in this
RFP.
The Bidder should be Original
Equipment Manufacturer of the
NAC Solution or the premium
partner of OEM. The Bidder must
be in position to provide support /
maintenance / up gradation
during the period of contract with
the Bank and must be having
back-to-back support from OEM.
Bidder, be it OEM or premium
partner, to submit a letter of
authorization / Manufacturer
Authorization Form (MAF) as per
format provided in Annexure IV of
this RFP. Either OEM or its premium
partner in India shall participate in
this RFP.
5 1.5 DELIVERY SCHEDULES The clause has been amended
and is attached as Annexure-A to
this document. The references to
the other clauses of the RFP as
contained in the clause remain
unchanged.
6 1.6 INSTALLATION AND IMPLEMENTATION: The clause has been amended
and is attached as Annexure-A to
this document. The references to
the other clauses of the RFP as
contained in the clause remain
unchanged.
7 1.7.2 Managed Switches (8/24/48 Ports): 3
years from the date of installation or
37 months from the date of delivery
whichever is earlier.
Managed Switches (24/48
Ports): 3 years from the date of
installation or 37 months from
the date of delivery whichever is
earlier.
8 1.9.1 Within 15 (Fifteen) days (exclusive of
holidays) of the date of acceptance
of the Purchase Order, the successful
Bidder shall furnish a bank guarantee
(for delivery and installation) for a
period of 6 months with a claim
period of twelve months for an
amount equivalent to 10% of the total
order value (PO Value), in the format
as per Annexure VIII of the RFP.
Within 15 (Fifteen) days
(exclusive of holidays) of the
date of acceptance of the
Purchase Order, the successful
Bidder shall furnish a bank
guarantee (for delivery and
installation) for a period of 12
months with a claim period of
twelve months for an amount
equivalent to 10% of the total
order value (PO Value), in the
format as per Annexure VIII of
the RFP.
9 1.10 PAYMENT TERMS The clause has been amended
and is attached as Annexure-A to
this document. The references to
the other clauses of the RFP as
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 3 of 27
contained in the clause remain
unchanged.
10 1.11.1 Prices should be quoted as per
Commercial Bid in Annexure ‘III’
Prices should be quoted as per
Indicative Commercial Bid in
Annexure ‘III’
11 1.12.b Indicative Commercial bids of only
the technically qualified short-listed
bidders (qualified as per 1.12 (a)
above) will be evaluated for the
purpose of arriving at Start Price of
Reverse Auction.
Indicative Commercial bids of
all the participating bidders
shall be opened but however
indicative commercial bids of
only the technically qualified
short-listed bidders (qualified as
per 1.12 (a) above) will be
evaluated for the purpose of
arriving at Start Price of Reverse
Auction.
12 1.12.c.1 The L1 bidder will be determined
based on the lowest Total Price
Quoted for (Grand Total) under
SL.NO. F (Table VI) of ANNEXURE III).
The L1 bidder will be determined
based on the lowest Total Price
Quoted for (Grand Total) under
SL.NO. H (Table VIII) of
ANNEXURE III).
13 1.13 PROCUREMENT OF ADDITIONAL
SWITCHES
PROCUREMENT OF ADDITIONAL
SWITCHES/END POINT LICENSES
14 1.13 Bank reserves its right to procure
additional Managed Switches
(8/24/48 Port) over and above the
quantities mentioned in this RFP from
the awardee of the contract at the
contracted / predetermined price for
supply to its Central Office, Regional
offices, Branches and other offices
located across the Country as per the
additional terms and conditions
stipulated below:
Bank reserves its right to procure
additional Managed Switches
(24/48 Port) & End Point Licenses
over and above the quantities
mentioned in this RFP from the
awardee of the contract at the
price for supply to its Central
Office, Regional offices,
Branches and other offices
located across the Country as
per the additional terms and
conditions stipulated below:
15 1.13.2 The Bank may exercise this option for
a period of 1 (one) year from the GO
Live of the Solution at the pre-
determined price. The rates will be
valid for a period of 1 (one) Year from
the date of acceptance of purchase
order, if not revised earlier. The
successful bidder shall supply the
additional Routers at the pre-
determined price with similar
technical specifications and models
specified in this RFP) at the time of
release of purchase order.
The Bank may exercise this
option for a period of 1 (one)
year from the GO Live of the
Solution at the pre-determined
price. The rates will be valid for
a period of 1 (one) Year from
the date of acceptance of
purchase order, if not revised
earlier. The successful bidder
shall supply the additional
Appliances/Switches/Licenses
at the pre-determined price
with similar technical
specifications and models
specified in this RFP) at the time
of release of purchase order.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 4 of 27
16 1.13.6 Comprehensive onsite Warranty and
Annual Maintenance Contract for
such additional Switches will also be
as per clause 1.7 & 1.8 of this RFP.
Comprehensive onsite Warranty
and Annual Maintenance
Contract for such additional
procurement will also be as per
clause 1.7 & 1.8 of this RFP.
17 2.21.3 In case the bidder fails to meet the
agreed uptime as mentioned above,
penalty shall be levied @ Rs. 2,000 per
0.1% downtime or part thereof
subject to a maximum of 10% of the
cost of NAC Appliances (Annexure III
– Table I Serial No 1.a).
In case the bidder fails to meet
the agreed uptime as
mentioned above, penalty shall
be levied @ Rs. 500 per 0.05%
downtime or part thereof
subject to a maximum of 20% of
the cost of NAC Appliances
(Annexure III – Table I Serial No
1.a).
18 Clause
2.25.7
During comprehensive on-site
warranty/ comprehensive annual
maintenance contract of the solution,
the bidder will accomplish preventive
and breakdown maintenance once in
a half year for the NAC Solution at DC
& DR and once in a quarter for all
Managed Switches, to ensure that all
hardware functions without defect or
interruption. Prior clearance from the
Bank should be obtained and records
for having done the preventive
maintenance have to be furnished to
Network Division, IT Department of the
Bank while submitting the invoice for
AMC/ATS.
During comprehensive on-site
warranty/ comprehensive annual
maintenance contract of the
solution, the bidder will
accomplish preventive and
breakdown maintenance once
in a half year for the NAC Solution
at DC & DR and for all Managed
Switches, to ensure that all
hardware functions without
defect or interruption. Prior
clearance from the Bank should
be obtained and records for
having done the preventive
maintenance have to be
furnished to Network Division, IT
Department of the Bank while
submitting the invoice for
AMC/ATS.
19 ANNEXURE –
I
SCOPE OF
WORK –
Serial No 1
Providing the solution would cover
supply, installation and
operationalization of the hardware, all
necessary application software and
maintenance of the equipment
supplied for a period of one-year
warranty and four years AMC
(hardware, system and application
software etc.) with back to back
support from the OEM. The new
systems provided should integrate well
with the existing facility.
Providing the solution would
cover supply, installation and
operationalization of the
hardware, all necessary
application software, licenses
and maintenance of the
equipment supplied for a period
of one-year warranty and four
years AMC (hardware, system
and application software etc.)
with back to back support from
the OEM. The new systems
provided should integrate well
with the existing facility.
20 ANNEXURE –
I
The Successful bidder has to ensure the
availability of two no. of resident
engineer sat main site i.e. IOB, Central
Office, Chennai for setting up and
The Successful bidder has to
ensure the availability of an onsite
Project Manager for the project till
the GO live of the Project. The
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 5 of 27
SCOPE OF
WORK –
Serial No 21
administration of the solution during
office hours (9 am to 6 pm) on all
working days as well as beyond office
hours or on holidays, if required.
Resident engineers should have 2
years’ experience in administration of
the Solution. Certificate from that
organisation to be submitted as a
proof of experience at the time of
payment request for onsite engineer
charges.
project manager should have a
minimum of 5+ years’ experience
in IT Infra project management.
The Successful bidder should also
ensure the availability of two no.
of onsite resident engineers at
main site i.e. IOB, Central Office,
Chennai for setting up and
administration of the solution
during office hours (9 am to 6 pm)
on all working days as well as
beyond office hours or on
holidays, if required. Resident
engineers should have 2 years’
experience in administration of
the Solution. Certificate from that
organization to be submitted as a
proof of experience at the time of
payment request for onsite
engineer charges.
21 ANNEXURE –
I
SCOPE OF
WORK –
Serial No 24
(11)
Install any patch including but not
limited to latest patch of Windows,
Anti-virus, Microsoft Office and for any
other software that is part of bank’s
checklist for profiling and posture
assessment of the device for allowing
access into bank’s network via NAC
solution. The patches will be provided
by the bank and to be carried and
installed by the field engineers of the
successful bidder.
Install any patch including but not
limited to latest patch of
Windows, Anti-virus and for any
other software that is part of
bank’s checklist for profiling and
posture assessment of the device
for allowing access into bank’s
network via NAC solution. The
patches will be provided by the
bank and to be carried and
installed by the field engineers of
the successful bidder.
22 Annexure I-
A
Technical Specifications: Network
Access Control Solution
The technical specifications for
the NAC solution have been
amended as detailed in
Annexure B to this amendment.
23 Annexure I-
B
Technical Specifications- 8 Port
Managed Switches
The requirement for 8 Port
Managed Switches has been
removed from the RFP. Bank shall
procure only 24 & 48 Port
Switches. Annexure I-B stands
deleted.
24 Annexure I -
C
Technical Specifications- 24 & 48 Port
Managed Switch.
The technical specifications for
the 24 & 48 Port Managed
Switches have been amended as
detailed in Annexure B to this
amendment.
25 Annexure III FORMAT FOR INDICATIVE
COMMERCIAL BID
The annexure has been amended
to remove references to 8 port
Managed Switches. Also the
quantity mentioned for NAC
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 6 of 27
Appliances has been removed
and shall be quoted by bidders as
per their solution architecture.
26 Clause
2.25.7
During comprehensive on-site
warranty/ comprehensive annual
maintenance contract of the solution,
the bidder will accomplish preventive
and breakdown maintenance once in
a half year for the NAC Solution at DC
& DR and once in a quarter for all
Managed Switches, to ensure that all
hardware functions without defect or
interruption. Prior clearance from the
Bank should be obtained and records
for having done the preventive
maintenance have to be furnished to
Network Division, IT Department of the
Bank while submitting the invoice for
AMC/ATS.
During comprehensive on-site
warranty/ comprehensive annual
maintenance contract of the
solution, the bidder will
accomplish preventive and
breakdown maintenance once
in a half year for the NAC Solution
at DC & DR and for all Managed
Switches, to ensure that all
hardware functions without
defect or interruption. Prior
clearance from the Bank should
be obtained and records for
having done the preventive
maintenance have to be
furnished to Network Division, IT
Department of the Bank while
submitting the invoice for
AMC/ATS.
NEW CLAUSES
27 New Clause
1.3.a.5
The OEM of the proposed managed switch must be listed in Gartner's
Leaders Magic Quadrant for “Wired and Wireless Access Infrastructure” in
2 out of last 3 years (2016 to 2018). Documentary Proof to be submitted.
28 ANNEXURE –
I
SCOPE OF
WORK –
Serial No 25
Design and implementation have to be done by the onsite team of experts
from OEM along with bidders skilled team including project manager at
both DC and DRS.
29 ANNEXURE –
I
SCOPE OF
WORK –
Serial No
24.12
Installation of Network switches in Network racks wherever available and
making the switch operational.
30 ANNEXURE –
I
SCOPE OF
WORK –
Serial No
24.13
The above responsibilities of the Engineer visiting the branches shall ipso
facto apply to the site visits for additional procurement defined in clause
1.13 of this RFP. Bank shall pay site visit charges for the one time
implementation of additional procurement only and no other payment in
lieu of engineer visit for maintenance of the solution (initial or additional) as
per scope of work shall accrue to the Bank.
31 ANNEXURE –
I
SCOPE OF
WORK –
Serial No 26
Training – Bidder has to provide OEM training to minimum of 5 Bank officials
which should cover operational administration and troubleshooting
feature of the solution. Training to be arranged in Chennai. Bidder has to
provide user manual and technical documentation both in hard copies
and soft copies to the Bank.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 7 of 27
Annexure A
CLAUSE 1.5 DELIVERY SCHEDULE
1. Delivery of NAC Solution at Banks Primary Data Centre - The solution including the
required hardware, software and licenses should be delivered at Banks PDC within 6
(Six) weeks from the date of the acceptance of Purchase Order. (Proof of document
should be submitted along with the invoice). The address of location for delivery &
implementation of the solution is as given below: -
Indian Overseas Bank, Data Centre
STT GDC
4, Swami Sivananda Salai
600002, Chennai
Tamil Nadu, India
2. Delivery of NAC Solution at Banks DRS - The solution including the required hardware,
software and licenses should be delivered at Banks DRS within 6 (Six) weeks from the
date of acceptance of the Purchase Order. (Proof of document should be submitted
along with the invoice). The address of location for delivery & implementation of the
solution is as given below:-
Indian Overseas Bank
Disaster Recovery Site, Hyderabad
C/o: Ctrl-S Data centers Ltd,
1st floor, Pioneer Towers,
Plot No: 16, Software Units Layout,
Hi-tech City, Madhapur,
Hyderabad-500081
Bank reserves the right to change the delivery locations for the NAC Solution as stated
above at its discretion before issue of Purchase Order. Delivery for the above purpose is
deemed to be complete when the items specified in the Purchase Order are delivered
and date of delivery is the date on which the item is delivered in full in CO and in DR
(location wise).
3. Delivery of Managed Switches at Bank’s Locations (Branches/ATMs): Managed Switches
(24/48 Port) should be delivered at all locations (Will be shared with Purchase Order)
within 8 weeks from the date of acceptance of Purchase Order. Successful Bidder shall
complete centralised staging and configuration of these Switches within the schedule
mentioned.
4. Extension of delivery schedule: If, at any time during performance of the Contract, the
Bidder should encounter conditions impeding timely delivery, the Bidder shall promptly
notify the Bank in writing of the fact of the delay, its likely duration and its cause(s). As
soon as practicable after receipt of the Bidder's notice, the Bank shall evaluate the
situation and may at its discretion extend the Bidder's time for performance against
suitable extension of the performance guarantee for delivery.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 8 of 27
5. Penalty for Delayed Delivery: Delivery for the above purpose is deemed to be complete
only when all the items specified in Purchase Order are completely delivered (Location
wise & item wise) and date of delivery is the date on which the last item is delivered. If
the delivery schedule is not maintained as stated in clause 1.5 (1), (2) & (3) or to such
extended period as per clause 1.5 (4) of this RFP, a penalty of One Percent (1%) of the
item cost (location wise & component wise), for each week or part thereof of the delay
subject to a maximum of 10% of the cost of the component will be levied from the expiry
of due date of delivery. Any Bank dependency in delay of delivery of the solution
components, to the limit as decided by the bank, at its own discretion, shall not be
considered for calculation of the penalty.
6. Non-delivery: Failure of the successful bidder to comply with the above delivery
schedule, as stipulated in clause 1.5 (1), (2) (3) & (4), shall constitute sufficient
grounds for the annulment of the award of contract and invocation of bank
guarantee (delivery). In such an event, the Bank will call for new bids and forfeit
the EMD/Bank Guarantee.
CLAUSE 1.6. IMPLEMENTATION AND COMMISSIONING & DELAYS IN THE BIDDER'S PERFORMANCE:
1. INSTALLATION OF NAC APPLIANCES: The successful bidder (SB) shall complete the
installation & commissioning of the NAC Appliances along with software/licenses
etc. at the locations detailed in clause 1.5 of this RFP or so detailed in the Purchase
Order, within 4 weeks from the date of actual delivery or due date of delivery of the
appliances, whichever is later. Installation of the NAC Appliances & associated
software/hardware shall be deemed completed on submission of proof of
document of installation and commissioning countersigned by the Bank official .If
the schedule mentioned above is not maintained, a penalty of 1% of the cost of
NAC Appliances (Serial No 1 Table I of Annexure III) shall be levied on delay of per
week or part thereof subject to a maximum of 10% of the cost of NAC Appliances.
2. INSTALLATION OF MANAGED SWITCHES: SB shall complete the installation &
commissioning of Managed Switches at the locations detailed in the Purchase
Order, within 12 weeks from the date of actual delivery or due date of delivery of
the switches, whichever is later. Installation of the Switches shall be deemed
completed on submission of proof of document of installation and commissioning.
If the schedule mentioned above is not maintained, a penalty of 1% of the cost of
Managed Switch (Location Wise & Component Wise) shall be levied on delay of per
week or part thereof subject to a maximum of 10% of the cost of the Managed
Switches.
3. OPERATIONALISATION OF NAC SOLUTION: SB shall operationalize (Go Live) the NAC
Solution as per the Scope of Work detailed in Annexure I of the RFP within 20 weeks
of the date of Acceptance of Purchase Order. Operationalisation of the solution shall
be deemed completed on submission of GO Live Signoff signed by authorized
official of the bank. If this schedule is not maintained a penalty of 1% of the Total
Order Value (PO Value) shall be levied on delay of per week or part thereof subject
to a maximum of 5% of the Total Order Value.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 9 of 27
4. In case the delivery, installation & implementation of the solution is not completed
within a maximum of 24 weeks from the date of acceptance of the Purchase order,
it shall constitute sufficient grounds for the annulment of the award of contract and
invocation of bank guarantee (EMD/Delivery/Performance).
5. Delivery, Installation and Implementation of Solution & Managed Switches for Additional
Procurement as per Clause 1.13:
• Bank will issue separate purchase order/intimation for additional requirement as
detailed in clause 1.13.
• For this requirement, Successful Bidder shall deliver the switches and complete
the installation of the Solution at such sites as per the Scope of Work detailed in
Annexure I.
• For such implementation only cost of Endpoint License, Managed Switch and
cost of Engineer Visit shall be paid by the bank and no extra cost for
implementation shall be applicable.
• Such implementation should be completed within 6 weeks from the date of
intimation from the bank.
• If the schedule is not maintained a penalty of 1% of the Total Order Value (PO
Value location wise) shall be levied on delay of per week or part thereof subject
to a maximum of 5% of the Total Order Value.
CLAUSE 1.10. PAYMENT TERMS
1. Successful Bidder shall submit the following documents along with request for payment:
a. Backlining Proofs & Warranty Certificates from the OEM.
b. Service Level Agreement
c. Non-Disclosure Agreement
d. Bank Guarantee for Delivery/Performance, as per the following clauses.
e. Any other documents as specified in the following clauses.
2. Payment for NAC Appliances (Serial No 1.a of Table I of Annexure III):
a. 60% of the cost of NAC Appliances shall be released on delivery of NAC
appliances at the locations specified in the purchase order as per details
mentioned in clause 1.5.1 & 1.5.2 of the RFP. Payment shall be released by
Information Technology Department on receipt of invoices, proof of delivery
(Delivery Challan duly signed by authorized official/ POD copy of Courier
Service Provider etc.) after deducting applicable penalty.
b. 20% of the cost of NAC Appliances shall be released on installation of NAC
appliances as per details mentioned in clause 1.6.1 of the RFP. Payment shall
be released by Information Technology Department on receipt of installation
certificate after deducting applicable penalty.
c. 20% of the cost of NAC Appliances shall be released 3 months post Go Live
as per details mentioned in clause 1.6.3 of the RFP. Payment shall be released
by Information Technology Department on submission of Go Live Certificate
after deducting applicable penalty.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 10 of 27
3. Payment for Managed Switches (Serial No 1.b & 1.c of Table I of Annexure III):
a. 50% of the cost of Managed Switches shall be released on delivery of Switches
at the locations specified in the purchase order as per details mentioned in
clause 1.5.3 of the RFP. Payment shall be released by Information Technology
Department on receipt of invoices, proof of delivery (Delivery Challan duly
signed by authorized official/ POD copy of Courier Service Provider etc.) after
deducting applicable penalty.
b. 20% of the cost of Managed Switches shall be released on installation of
Managed Switches as per details mentioned in clause 1.6.2 of the RFP.
Payment shall be released by Information Technology Department on
submission of installation proof after deducting applicable penalty.
c. 10% of the cost of Managed Switches shall be released on GO live of the NAC
Solution as per details mentioned in clause 1.6.3 of the RFP. Payment shall be
released by Information Technology Department on submission of Go Live
Certificate after deducting applicable penalty.
d. 20% of the cost of Managed Switches shall be released 3 months post GO live
of the NAC Solution as per details mentioned in clause 1.6.3 of the RFP.
Payment shall be released by Information Technology Department after
deducting applicable penalty.
4. Payment for the managed switches as per clause 1.10.3 (a, b, c & d) may be released
in lots of minimum 1000 switches, if such a request is received from the successful bidder
and on the discretion of the bank.
5. Implementation charges (Serial No 2- Table II- Annexure III) – 100 % Implementation
charges shall be made on satisfactory customization, implementation and deployment
of the solution duly supported by Go Live Signoff duly countersigned by Bank official
and Tax invoice.
6. AMC charges for the NAC Appliance (Serial No 2 – Table III – Annexure III) for the period
starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis in
advance after deducting applicable penalty & NEFT Charges, on submission of
preventive maintenance reports.
7. AMC charges for the Managed Switches (Serial No 2 – Table IV – Annexure III) for the
period starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis
in advance on submission of preventive maintenance reports after deducting
applicable penalty & NEFT Charges,
8. ATS charges for Endpoint Licenses for the period starting from Fourth (4th) year to
Seventh (7th) year shall be paid on yearly basis in advance after deducting applicable
penalty & NEFT Charges.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 11 of 27
9. Cost Onsite Support: Onsite Support Charges (Serial No 2 – Table V- Annexure III) shall
be made quarterly in arrears on submission of satisfactory performance report, invoices
after deducting applicable penalty & NEFT Charges.
10. Payment for Additional Procurement: Payment for additional procurement of
Switches and Engineer visit for such implementation shall be released on submission
of invoices, proof of delivery (Delivery Challan duly signed by authorized official/
POD copy of Courier Service Provider etc.), proof of installation and confirmation of
complete implementation of NAC for such procurement.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 12 of 27
ANNXURE B
Technical Specifications: Network Access Control Solution
Sr. No Product Specifications (NAC)
Bidders
Compliance
(Yes / No)
Bidders
Remarks, if
any
1
Solution should integrate seamlessly with Bank's existing IT
infrastructure comprising of routers, switches, firewalls, IPS,
various types of WAN links and computers, devices,
printers, scanners, Kiosks, IP phones, Operating Systems,
VC equipment, CCTVs etc.
2
Solution should be capable to Implement authentication
and authorisation system for accessing and administering
applications, operating systems, databases, network and
security devices/systems, point of connectivity
(local/remote, etc.) including enforcement of strong
password policy, two-factor/multi-factor authentication
depending on risk assessment and following the principle
of least privileges and separation of duties. The
enforcement, authentication and admission control
should be enabled centralised as well as right at the point
access to bank's network including that at branch local
area network. i.e. The entire traffic, from any network/
computing terminal trying to access the bank's network,
should not flow to the Data centre/ Central location for
the purpose of authentication and admission and access
control.
3 Access control Solution should be through a central
policy engine across bank.
4
Network Access Control solution (NAC/NAC
Solution/Solution) should do exactly what the name
implies—control access to the network with policies,
including pre-admission endpoint security policy checks
and post-admission controls over where users and
devices can go on a network and what they can do.
5
The Network Access Control (NAC) solution should be an
automated security control platform that can monitor
and control everything on the network—all devices, all
operating systems, all users. The solution shall let
employees and guests remain productive on the network
while critical network resources and sensitive data remain
protected.
6
Solution should Maintain an up-to-date/centralized
inventory of authorized devices connected to bank’s
network (within/outside bank’s premises) and authorized
devices enabling the bank’s network.
7
Solution should provide a highly powerful and flexible
attribute-based access control solution that combines
authentication, authorization and accounting (AAA),
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 13 of 27
NAC, BYOD, posture, profiling, guest management
services and conditional elements on a single platform.
8
It should allow to authenticate and authorize users and
endpoints via wired, wireless and VPN with consistent
policy throughout the Bank and should support variety of
authentication methods (802.1X, MAC auth, Web auth
etc) and ensure endpoint compliance is met
9
The proposed solution should have the capability for
defining role based policies, implement, monitor
continuously for policy violation. In case of violation SOC
should be alerted and given a provision of automated
remediation.
10
Solution should ensure that the high privilege accounts
(administrator level) are not used except to access
specific resources
11
Solution should be designed and deployed to work with
the existing network and devices and should not require
re-architecting the network
12
Solutions must support agent and dissolvable agent
method for performing endpoint profiling, base-lining,
health check, isolate and initiate remediation process
and must check the end device compliance before
permitting access to the network
13
The NAC solution should be able to handle minimum
60,000 devices/endpoints and scalable up to 1,00,000
devices/endpoints. The solution should perform
discovery, profiling, posturing, remediation for minimum
60,000 devices/endpoints from day 1.
14
Solution should have equipment & component level
redundancy(HA) , fault tolerance and site level
redundancy with automatic-seamless-stateful failover
between DC & DR.
15
Solution should have centralized management at both
sites. Both sites and each site can be independently
managed by the centralized management
16 All devices should have redundant power supply and
network connectivity
17 Solution should support multilocation load sharing and
failover facility
18
Components/devices should have ability to be clustered
in any combination via local and remote network
connections providing unlimited scale, redundancy, and
access load balancing.
19
Bidder has to provide equipment and peripherals with
rack mounting kit to accommodate all components in
the rack space provided in Banks data centres.
20 Solution should do Authorization, Authentication and
Accounting of network connections
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 14 of 27
21
Supports a wide range of authentication protocols,
including PAP, MS-CHAP, Extensible Authentication
Protocol (EAP)-MD5, Protected EAP (PEAP), and EAP-
Transport Layer Security (TLS).
22
Enable administrators to centrally configure and manage
profiler, posture, guest, authentication, and authorization
services in a single web-based GUI console, greatly
simplifying administration by providing consistency in
managing all these services.
23
Solution should provision for differentiated authorization
based on specific device. For eg. When User 1 (who is a
Network Admin) logs in from PC A he is authorized to
access Internet etc. and he cannot login to any Network
device from PC1, but the same User 1 logs in to a System
Admin PC kept in Firewall's Management Zone, then the
user will be able to login to Network devices but cannot
access Internet.
24
Solution should support RADIUS, AD server for client
device authentication and TACACS+, RADIUS for network
device authentication and logging. Overlay component
may be added to achieve both functionality.
25
All external facing interfaces are programmable, which
means APIs are available to extend the system to support
different authentication protocols, identity stores, health
evaluation engines, port and vulnerability scanning
engines, SIEM, Firewall, IDS/IPS, APT, NBAD solutions etc.
Bidder has to provide the APIs and should be integrated
to these solutions without any additional cost. All licenses
to be factored for integration
26 Role-based controls of user, device, application or
controls based on post authentication security posture
27
Solution should have capability to assign services based
on the assigned user role, group, and associated policy
(job role, location, device type, and so on).
28
Identity and access management. Solution should have
capability to establish user identity, location, and access
history, which can be used for compliance and reporting.
29 Solution needs to detect unsuccessful logins and restrict
the device to limited access
30 Solution shall detect and disconnect the idle end
devices after expiry Authentication time-out
31
Solution should facilitate provisioning of assets provided
by the Bank and should deny access to non-complaint
devices
32
Solution should provision 2factor or multifactor
authentication for allowing access to the network
resources
33 Policy simulation engine for testing policy integrity
34 Real-time policy assessment, Context aware policy
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 15 of 27
35 Dynamic role-based enforcement
36 Workflow for user and device registration
37 Access control lists – both statically defined filter-ID based
enforcement, as well as dynamically downloaded ACLs.
38 Solution must support Non 802.1x technology on assigned
ports and 802.1x technology on open use ports
39
Solution should support Mac Address Bypass (MAB) and
can further utilize identity of the endpoint to apply the
proper rules for access. Mac Address Bypass is typically
used for devices, which do not support 802.1x
40
Solution should offer comprehensive visibility of the
network by automatically discovering, classifying, and
controlling endpoints connected to the network to
enable the appropriate services per endpoint
41
Solution should have capability to get finer granularity
while identifying devices on the network with Active
Endpoint Scanning
42
Solution should support network-based profiling by
targeting specific endpoints (based on policy) for
specific attribute device scans, resulting in higher
accuracy and comprehensive visibility of the network
43
Solution should manage endpoint access to the network
with the feature/service, which enables administrators to
specify an endpoint and select an action - for example,
move to a new VLAN, return to the original VLAN, or
isolate the endpoint from the network entirely, push
dynamic ACL to the port to restrict access etc. all in a
simple interface
44
Solution should offer a rules-based, attribute-driven policy
model for creating flexible and business-relevant access
control policies. Provides the ability to create fine-
grained policies by pulling attributes from predefined
dictionaries that include information about user and
endpoint identity, posture validation, authentication
protocols, profiling identity, or other external attribute
sources. Attributes can also be created dynamically and
saved for later use
45
It should allow Administrators to create their own device
templates. These templates can be used to
automatically detect, classify, and associate
administrative-defined identities when endpoints
connect to the network. Administrators can also
associate endpoint-specific authorization policies based
on device type.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 16 of 27
46
Verifies endpoint posture assessment for PCs connecting
to the network. Works via either a persistent client-based
agent or a temporal web agent to validate that an
endpoint is conforming to a company's posture policies.
Provides the ability to create powerful policies that
include but are not limited to checks for the latest OS
patches, antivirus and antispyware software packages
with current definition file variables (version, date, etc.),
registries (key, value, etc), and applications. Solution
should support auto-remediation of PC clients as well as
periodic reassessment to make sure the endpoint is not in
violation of company policies
47
Solution should classify a client machine, and should
support client provisioning resource policies to ensure
that the client machine is set up with an appropriate
agent version, up-to-date compliance modules for
antivirus and antispyware vendor support, and correct
agent customization packages and profiles, if necessary
48 Solution should have automatic switch port provisions for
end device based on pre-defined rule
49
Solution should support Security compliance policy –
Security validations the solution is capable of such as
antivirus, patch update, o/s, etc.
50
Solution should support automated remediation and
integration with all major OEM Antivirus, patch update
,O/S systems, AD, etc.
51 Solution should support URL redirection for remediation or
other purposes
52
Solution should have ability to meet each of the follow
features:
a. Base lining for endpoints determines the status of a
large variety of endpoint devices, including differing
device type, operating system, etc.
b. Profiling for endpoints identifies all connected devices,
including advanced mobile identification.
c. Guest management is performed from a central,
“single pane” viewpoint allowing full visibility into current
guest provisioning.
53
Solution should support integration with leading helpdesk
ticketing system. It should support self remediation
through end user self support and automatic remediation
including guided remediation, quarantine, manual
remediation etc.
54
Solution should be capable of Integration with firewall,
IPS, Router, Switch, Wireless Access Points, Active
Directory, LDAP, MDM solutions etc of major OEMs. Bank
may go for bidirectional integration as per future
requirements.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 17 of 27
55
Solution should support granular level policy
enforcement and provide information about users
beyond that obtained in a login system
56
Solution should detect network threats by itself or by
integrating with other Security defences and should be
prevented from spreading and notifications to be sent to
end user and administrator concerning the network
threat activity via e-mail and http notification
57
NAC solution should take feedback from external systems
like Syslog servers, IDS/IPS, Firewalls etc and block a user if
compromised on the network.
58
Solution should deliver customizable self service portals
and web pages for device onboarding, registration etc.
for standard PC and mobile computing platforms.
59
Should support full guest lifecycle management,
whereby guest users can access the network for a limited
time, either through administrator sponsorship or by self-
signing via a guest portal. Allows administrators to
customize portals and policies based on specific needs
of the enterprise
60
Solution should have profiling capabilities integrated into
the solution in order to detect headless host. The profiling
features leverage the existing infrastructure for device
discovery. Should support the use of attributes from the
following sources or sensors: profiling using MAC OUIs,
profiling using DHCP information, profiling using RADIUS
information, profiling using HTTP information, profiling
using DNS information, profiling using Net Flow/JFlow etc.,
profiling using SPAN, profiling using SNMP etc.
61
Solution should support threat monitoring, containment,
and remediation, extending beyond rogue detection
and authentication
62
Support for importing endpoints from LDAP/AD server.
Should allow to import MAC addresses and the
associated profiles of endpoints securely from an
LDAP/AD server
63
Must incorporate a complete set of tools for reporting
(Audit trailing, customizable reporting and data export
capabilities), analysis, and troubleshooting. Data from
access transactions can be organized by customizable
data elements and used to generate graphs, tables, and
reports. Must correlate and organize user, authentication,
and device information together
64 Monitor an endpoint after it has gained access to the
network
65 Endpoint audit via NESSUS or NMAP scanning
66 The system should provide standard based external
facing APIs to extend support and integration with
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 18 of 27
external applications like SIEM, Firewall, IDS/IPS solutions
etc
67
Solution should support troubleshooting authentication
issues by triggering session re-authentication to follow up
with an attempt to re-authenticate again
68
Must support complex PKI deployment where TLS
authentication requires validating client certificate from
multiple CA trust chain. Must also support AAA server
certificate being signed by external CA whilst validating
internal PKI signed client certificates.
69
Must be able to issue certificates using an inbuilt
Certificate Authority as well as external certificate as per
the bank's need.
70
Encryption of traffic to the wireless and wired network
using protocols for 802.1X such as EAP-TLS, EAP-PEAP or
EAP-MSCHAP.
71
Quarantine (A quarantine network is a restricted IP
network that provides users with routed access only to
certain hosts and applications). Non Complied
devices/endpoints should be quarantined by moving the
switch port to a different VLAN or by pushing
dynamic/static ACL to the switch port to restrict the
access to limited resources.
72
Captive portals (A captive portal intercepts HTTP access
to web pages, redirecting users to a web application that
provides instructions and tools for updating their
computer. Until their computer passes automated
inspection, no network usage besides the captive portal
is allowed)
73
Solution should enforce security policies by blocking,
isolating, and repairing noncompliant machines in a
quarantine area without requiring administrator
attention. Allow administrators to quickly take corrective
action (Quarantine, Un-Quarantine, or Shutdown) on risk-
compromised endpoints within the network.
74
Solution should support automated remediation system
including starting process, killing process, setting registry
keys, starting antivirus, update anti-virus, starting windows
updates and running custom scripts. The same should
also be user customisable.
75
When endpoints are discovered on the network, they
can be profiled dynamically based on the configured
endpoint profiling policies, and assigned to the matching
endpoint identity groups depending on their profiles.
76
Provides a wide range of access control mechanisms,
including downloadable access control lists (dACLs),
VLAN assignments, URL redirect, and Security Group
Access (SGA) tagging.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 19 of 27
77
The Solution should have capability to see endpoints
attribute data via passive network telemetry or
alternatively from the infrastructure via device sensors on
switches at Core, Distribution and Access Layer.
78
Solution should have capability which allows users /
administrators to add a device on a portal, where the
device goes through a registration process for network
access. Should allow users / administrator to mark as
lost any device that you have registered in the
network, and blacklist the device on the network,
which prevents others from unauthorized network
access when using the blacklisted device. Should
have capability to reinstate a blacklisted device to its
previous status in Device Portal, and regain network
access without having to register the device again in
the Devices Portal. Should also support removing any
device in the enterprise network temporarily, then
register the device for network access again later.
Solution should be able to provide seamless user
experience.
79
Site Specification Requirements: The bidders should
submit, as a part of Technical bid the dimensions and
weight of each piece of equipment with necessary
power and wiring requirements. The Rack space required
at DC and DRS to be stated while providing the
requirements.
80 The solution should not add another point of failure and
by-pass for business continuity
81
The Solution should have enterprise license without any
restriction to use the features mentioned in the RFP from
day one. If during the contract, solution is not performing
as per specifications in this RFP, bidder has to upgrade /
enhance the devices or place additional devices and
reconfigure the system without any cost to Bank till the
required performance is achieved.
82
The solution should detect all applications / softwares
/services installed or running in the endpoint and allow
administrators to implement policies governing those
applications /softwares / services.
83
For non 802.1X devices, network access to be provided
with MAC address Bypass (MAB) with device profiling. If
the MAC is not matching with the device profiled record,
it has to be immediately blocked (to prevent MAC
spoofing)
84
Solution should have the capability to alert and detect
the underlying device profiling if any switch port is
detected to be connected with more than 2 MAC IDs. It
should have the capability to automatically shift the
switch port to quarantine VLAN or implement dynamic
ACL to the port to restrict access.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 20 of 27
85
The Solution should be capable of working with various
Operating Systems like Windows, Linux. For Linux, the
solution should atleast support 802.1 X Auth.
86
The bank has Static IP address schema of /24 and /27 IP
address segment at its locations. The solution proposed by
the bidder should not involve any change in the IP
address schema at the locations.
87
Bidder shall submit Bill of Materials for the Solution (with
make & model) along with the technical bid.
88
Solution should integrate with Enterprise level SIEM
solutions and Syslog server. The Solution should be
able to share information to leading SIEM vendors
using standard protocols (Syslog, CEF).
89
Vendor shall provide documented security use
cases for proposed solution.
90
Solution should have the technical specifications
defined and documented with security baselines for
implementation.
Authorized Signatory Name and Designation Office Seal
Place:
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 21 of 27
Annexure I (C) Technical Specifications: 24 & 48 Port Managed Switch
Sr. No Product Specifications(Managed Switches)
Bidders
Compliance
(Yes / No)
Bidders
Remarks, if
any
Type II & III Managed Switch (24 Port & 48 Port
Respectively)
1
Minimum of 24 port 10/100/1000Mbps Gigabit Ethernet
auto sensing ports for Type II Switches and Minimum of
48 port 10/100/1000Mbps Gigabit Ethernet auto sensing
ports for Type III Switches
2
Should have at least 2 Gigabit Ethernet port 1000Mbps
SFP
interface for uplink connectivity
3
Switch should be supplied with console cable, power
cable (suitable for 5 Amps socket) and rack mounting
kits.
4 Full-Duplex operation on Fast Ethernet & Gigabit
Ethernet
5 Multiple Load Sharing Trunks
6 Minimum of 512MB DRAM and 256MB Flash Memory
7 Support for minimum 16000 MAC addresses
8 IEEE 802.1Q VLAN support – Port based VLANs
9 RADIUS Support
10 High MTBF support
11
The Switch must be able to generate Syslog Messages
with timestamp and Severity codes, which can be
exported to a syslog server
12
HTTP/HTTPS access to the Switch to monitor and
configure most of the functionalities in addition to
command line interface
13
Support for Address Resolution (ARP) to work in
conjunction with Private VLAN Edge to minimize
broadcasts and maximize available bandwidth
14
The proposed Switch should be IPV6 compliant. The
device should be IPV6 Tested device and IPV6 should
support from the day one
15 Support 100 Base-TX and L2 switching
16 Multi-Link Trunking
17 Support for Spanning-Tree protocol (IEEE 802.1D)
18 STP Fast calculation features as RSTP for faster
convergence
19
Per-port broadcast, multicast and storm control to
prevent faulty end stations from degrading overall
system performance
20 Support for classification and scheduling based on
802.1 P/Q
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 22 of 27
21
Support for 802.1P class-of-service (CoS), Ability to
Mark/Override
802.1P Cos per port
22 Configurable Tail Drop should be supported for
congestion avoidance
23
Multicast must be supported in hardware so that
performance is not
affected by multiple multicast instances
24 L2 Multicast support – IGMP Snooping
25 Should support both IPV4 and IPV6 addresses in a
multicast group
26 Support for external RADIUS for console access
restriction and authentication
27
Multi-Level access security on switch consoled to
prevent
unauthorized users
28
Support for 802.1X port based authentication. Radius
change of Authorization (CoA) for Network Access
Control, URL redirection for posture, VLAN and ACL
assignment.
29
The proposed Switch must support below IEEE 802.1X
based security requirements and available from day
one
• IEEE 802.1X
• 802.1X with VLAN assignment
• 802.1X with Guest VLAN
• 802.1X with guest VLAN enhancements
• 802.1X with Auth Fail VLAN
• 802.1X with Auth fail Open
• 802.1X with Mac Auth Bypass
• 802.1X with Mac Auth bypass for Voice VLAN
• 802.1X with ACL’s
• 802.1X with port security
• 802.1X with accounting
• NAC-L2 IEEE 802.1X
• NAC-L2 IP
• NAC-L2 IP Auth Fail open
• Web authentication for non 802.1X clients
• Multi-Domain Authentication (802.1X for IP Phone + 1
Host Behind phone)
• Switch should support concurrent deployment of
802.1X and MAB Authentication.
30
Port Based Access Control List (ACL) for Layer 2
interfaces to allow Security policies to be applied on
individual Switch ports using Layer 2, Layer 3 and Layer
4 parameters.
31 Configuration change tracking
32 System Event Logging
33 Network Time Protocol (NTP) / Simple Network time
protocol (SNTP) with authentication
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 23 of 27
34 Switch should support SNMP Version 3
35 Support to DHCP is desirable, support DHCP to manage
IP networks and supports DHCP client and server
36
Support for Secured Ports which restrict a port to a user-
defined group of authorized stations, when secure
addresses are assigned to a secure port. The switch
should not forward any packets with source addresses
outside the defined group of addresses
37 Switch should prevent DHCP Snooping
38 IP Root Guard
39 Broadcast and Multicast storm control to avoid
degradation in overall systems performance
40
Downloadable ACL (dACL) assigned dynamically per
port & Port Security
1. Switches should support dACLs per port.
2. Should support downloading of dACLs created
on a central NAC server
3. Each dACL rule should support specification of
multiple ports/IP address.
4. Switch should support display of number of
times dACL rules gets matched.
41 Should able to integrate with SIEM solution
42 The Switch should seamlessly integrate with existing
Network equipment’s
43 Support for Per-port broadcast, multicast and unicast
storm control
44 Should support DNS
45 Should support BPDU guard to avoid topology loop
46 Unicast MAC filtering, unknown unicast and multicast
port blocking
47
Support for MAC address notification allows
administrators to be notified of users added to or
removed from the network
48
Support Bidirectional data support on the SPAN port
allows Intrusion Prevention System (IPS) to take action
when an intruder is detected
49 Provision for Dynamic policies at Layer 2-4 for QoS and
Security
50 Embedded support for web based management using
standard secured web browser.
51 Support for SNMP V3 with encryption
52 support for TFTP based software download
53 Support for port mirroring measurement using a
network analyzer or RMON probe.
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 24 of 27
54 Switch must be remotely managed via one telnet
session for all module configuration.
55 Should have functionality to add new features like OS/
firmware upgrades from central location.
56
Support for dynamic VLAN assignment either through
IEEE 802.1x for implementation of VLAN membership
policy server client functions to provide flexibility in
assigning ports to VLANs. Dynamic VLAN helps enable
fast assignment of IP addresses.
57 Real time multi port statistics.
58 Device and port groupings for navigation and policy
management.
59 TACACS + server support
60 Enterprise MIB
61 Admin access right
62 Traffic volume/ error/ congestion monitoring
63 The Switch should support IEEE 802.1Q VLANS, 802.1P,
802.1D, 802.3U, 802.1X, 802.3ab, 802.3ad, 802.1s.
64 Should support RFC 768, 783, 791, 792, 826, 854, RFC 951.
65 The quoted model should be complied for
EAL3/NDPP from day one
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 25 of 27
ANNEXURE – III
FORMAT FOR INDICATIVE COMMERCIAL BID
1. Name of Bidder :
2. Address of Corporate Office :
TABLE I – COST OF NETWORK ACCESS CONTROL SOLUTION:
Sl.No Description Qty
(a)
Unit
Price
(Rs.)
(b)
Total price
(Rs.)
(a*b)
1.a Network Access Control Appliance* with 3
year comprehensive onsite warranty for DC
& DR as per Annexure – I (A).
1.b Licenses for endpoints / devices as per
Annexure – I (A) endpoints / devices with 3
year warranty
60000
1.c 24 Port Managed Switch with 3-year
comprehensive onsite warranty. 4590
1.d 48 Port Managed Switch with 3-year
comprehensive onsite warranty. 197
2. Total (I.a to 1.d) *quantity to be quoted by bidder as per Bill of Materials
TABLE II – COST OF IMPLEMENTATION:
Sl.No Description Total Cost
(Rs.)
1 Total Cost of Installation and Implementation of Network Access
Control Solution at Bank’s DC, DR, Branches, ATMs & Other
locations.
2 Total Implementation Cost
TABLE III – AMC FOR NAC APPLIANCE (4th to 7th Year):
Sl.No Description Qty Unit
Price(Rs.) Total price
(Rs.)
1.a AMC for Network Access Control
Appliance for 4th year
1.b AMC for Network Access Control
Appliance for 5th year
1.c AMC for Network Access Control
Appliance for 6th year
1.d AMC for Network Access Control
Appliance for 7th year
2. Total cost of AMC (1.a to 1.d)
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 26 of 27
TABLE IV – AMC FOR MANAGED SWITCHES (4th to 7th Year):
Sl.No Description Qty Unit
Price(Rs.) Total price
(Rs.)
1.a AMC for 24 Port Managed Switch for 4th
year
4590
1.b AMC for 24 Port Managed Switch for 5th
year
4590
1.c AMC for 24 Port Managed Switch for 6th
year
4590
1.d AMC for 24 Port Managed Switch for 7th
year
4590
1.e AMC for 48 Port Managed Switch for 4th
year
197
1.f AMC for 48 Port Managed Switch for 5th
year
197
1.g AMC for 48 Port Managed Switch for 6th
year
197
1.h AMC for 48 Port Managed Switch for 7th
year
197
2 Total cost of AMC (1.a to 1.i)
TABLE V – COST OF ONSITE SUPPORT (1ST year to 7th year)
Sl.No Description Qty Unit Cost (Rs.) Cost of Support (Rs.)
1.a Cost of Onsite Support for 1st year 2
1.b Cost of Onsite Support for 2nd year 2
1.c Cost of Onsite Support for 3rd year 2
1.d Cost of Onsite Support for 4th year 2
1.e Cost of Onsite Support for 5th year 2
1.f Cost of Onsite Support for 6th year 2
1.g Cost of Onsite Support for 7th year 2
2. Total Cost of Onsite Support
TABLE VI – ATS FOR END POINT LICENSES (4th to 7th Year):
Sl.No Description Qty Unit
Price(Rs.) Total price
(Rs.)
1.a ATS for End Point Licenses for 4th year 60000 1.b ATS for End Point Licenses for 5th year 60000 1.c ATS for End Point Licenses for 6th year 60000 1.d ATS for End Point Licenses for 7th year 60000
2. Total cost of ATS (1.a to 1.d)
Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018
Page 27 of 27
TABLE VII- SITE VISIT CHARGES FOR ADDITIONAL PROCUREMENT ONLY
Sl.No Description Qty Unit
Price(Rs.) Total price
(Rs.)
1 Cost of Engineer Visit for implementation of
NAC and installation of Managed Switch
for additional procurement as per clause
1.13
100
2. Total cost of Visit
TABLE VIII – TOTAL COST OF OWNERSHIP (TCO):
Sl.No Description TABLE Total Price (Rs.)
A Total amount under Serial No. 2 TABLE I B Total amount under Serial No. 2 TABLE II C Total amount under Serial No. 2 TABLE III D Total amount under Serial No. 2 TABLE IV E Total amount under Serial No. 2 TABLE V F Total amount under Serial No. 2 TABLE VI G Total amount under Serial No. 2 TABLE VII
H GRAND TOTAL
Note:
1. L1 will be determined based on the total cost of ownership (TCO) quoted by any of the
technically short-listed bidder, whose commercial bid is opened, under Table VIII Serial
No. H (Grand Total).
2. Quantities mentioned for Managed Switches, End Point Licenses and Site Visits for
Additional Procurement are indicative in nature and should not be construed as
commitment from the Bank. Actual count may differ as per the discretion of the Bank.
We certify that the items quoted above meet all the Technical specifications as per Annexure
I of the RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018 and prices quoted are all in
compliance with the terms indicated in clause 1.10 of the RFP Ref No. RFP/ITD/005/18-19 dated
05.10.2018. We also confirm that we agree to all the terms and conditions mentioned in this
RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018.
Authorised Signatory:
Name and Designation:
Office Seal with date
Top Related