Limited Tender Through E‐procurement For Procurement ... · Identity Management (PIM) ......
Transcript of Limited Tender Through E‐procurement For Procurement ... · Identity Management (PIM) ......
1
IS (Procurement & Contracts) Bharat Petroleum Corporation Limited
CPO Building, 1st floor, “A “ Installation , Post Box No.6382
Sewree (E), Mumbai 400 015
Limited Tender Through E‐procurement For
Procurement & Implementation of Privilege Identity Management (PIM)
Pre Bid Meeting Date: 08.01.2018 at 10.30
A.M.
Address: Eraksha, 2nd Floor, ERP CC Building, Bharat Petroleum Corporation Ltd, “A” Installation Gate, Fort Road Sewree (E) Mumbai ‐ 400015
CRFQ NO. 1000296534
DUE ON: 16.01.2018 AT 3:00 p.m.
2
Subject: Invitation of tender for procurement of Privilege Identity Management Solution (PIM) solution in BPCL (CRFQ no. 1000296534 due on 16.01.2018 at 3.00 p.m.) You are invited to submit your offer in a two-part bid for the subject job as per the technical specifications and on the terms & conditions contained in this tender document. 2. Bidder should submit a valid Manufactures Authorization Form (MAF) on OEM’s letterhead duly signed and stamped by OEM’s authorized signatory as well as acknowledged by the concerned SI/BP towards their acceptance of the same. It will be responsibility of the SI/BP to keep the authorization of OEM valid till execution of the supply, Installation and support period in BPCL. 3. Please visit the website https://bpcleproc.in for participating in the tender and submitting your bid online. 4. Bidders are required to submit their bids in two part bids consisting of the following, through this E-Tender.
i) Techno-Commercial Bid & ii) Price Bids.
i) Techno-Commercial Bid: This should contain all technical details, Literature, Leaflets etc. confirmation of
Commercial terms and conditions of the tender, a letter from Bidder on his letter head confirming the following:
a) The support, subscription and service charges during warranty & AMC quoted against this tender is equal to OR more than 15% per annum of the total software cost line item 10 of commercial bid Annexure‐IV (excluding taxes). b) In case there is a deviation with respect to clauses mentioned above i.e. not meeting the threshold limits (both during warranty and AMC period), the commercial bids will be evaluated based on the threshold limits quoted by the bidder or minimum threshold limits specified by BPCL whichever is higher for each of such items. d) Should the bidder become Lowest bidder, bidder will be required to adhere to the specified threshold limits as mentioned above, without any change in the overall quoted bid value (inclusive of all taxes and duties).
ii) Price bids: This should contain Prices/Taxes against the Bill of materials. 5. On opening Bids in the system on the Tender due Date and Time, First Techno-commercial bids will be opened and evaluated. 6. Commercial bids of only those bidders, who qualify the techno-commercial criterion, will be opened and evaluated further.
3
7. “The tenderers shall submit an interest free Earnest Money Deposit of Rs.1.00 lakh (Rupees one lakh only) by Bank Guarantee or crossed account payee Demand draft drawn on any nationalized/scheduled bank in favour of "Bharat Petroleum Corporation Ltd." payable at Mumbai. (Applicable only to unregistered vendors with BPCL.). EMD is exempted for MSE vendors and NSIC vendors subject to submission of the details of MSE Registration with Directorate of Industries or any other competent authorities and NSIC registration as applicable along with the technical bid.
EMD of the unsuccessful bidder will be returned within due course after the evaluation of the price bid.
EMD of the successful bidder will be returned only after successful execution of job against the Outline agreement / Purchase Order and submission of PBG (if applicable)”
EMD shall be forfeited in case bidder backs out during tender processing or refuses to execute the LOI/Contract/PO, after bidder becomes L1.
8. You should submit your Techno-commercial & price bid through online mode to the BPCL e-tendering site. However, the instrument i.e. EMD in the form of Demand Draft and Integrity Pack (in original) to be submitted in physical form on or before the due date and time of this tender. 9. BPCL does not take any responsibility for any delay in submission of online bid due to connectivity problem or non-availability of site and/or receipt of instrument i.e. DD to be submitted in physical form due to postal delay. No claims on this account shall be entertained. 10. Incomplete tenders shall be liable for rejection without seeking any further clarification. We also reserve the right to reject any or all tenders without assigning any reasons whatsoever. Thanking you, Yours faithfully, For Bharat Petroleum Corporation Ltd. DGM IS (Procurement & Contracts)
4
Contents
Procurement & Implementation of Privilege Identity Management (PIM) .................................................. 1
General Instructions to Tenderers for E-Tendering .............................................................................................. 5
Background ..................................................................................................................................................... 8
1. Important Notes to Bidders .................................................................................................................. 9
2. Bidder Types .......................................................................................................................................... 9
3. Techno‐Commercial Evaluation .......................................................................................................... 10
4. Commercial Bid Evaluation/Order Award Criteria .............................................................................. 10
Scope of Work ............................................................................................................................................. 11
Commercial Terms & Conditions ................................................................................................................ 12
Technical Bid Format .................................................................................................................................. 17
Annexure‐I: Technical Specification for PIM solution ............................................................................ 18
Annexure‐II: Bill of Material with Part code ........................................................................................... 24
Annexure‐III: Project Services for PIM implementation ......................................................................... 25
Annexure‐IV: Commercial Bid Format .................................................................................................... 27
Annexure – V: OEM and SI support ........................................................................................................ 28
Annexure – VI: Manufacturer’s Authorization Form ............................................................................. 29
Annexure – VII: NDA .............................................................................................................................. 30
5
General Instructions to Tenderers for E-Tendering
1. Interested parties may download the tender from BPCL website (http://www.bharatpetroleum.in) or the CPP portal (http://eprocure.gov.in) or from the e-tendering website (https://bpcleproc.in) and participate in the tender as per the instructions given therein, on or before the due date of the tender. The tender available on the BPCL website and the CPP portal can be downloaded for reading purpose only. For participation in the tender, please fill up the tender online on the e-tender system. You can submit the bid only on https://bpcleproc.in. Prior to submission of bid, you need to register in the portal.
2. For registration on the e-tender site https://bpcleproc.in, you can be guided by the “Instructions to Vendors” available under the download section of the homepage of the website. As the first step, bidder shall have to click the “Register” link and fill in the requisite information in the “Bidder Registration Form”. Kindly remember your e-mail id (which will also act as the login ID) and the password entered therein. Once you complete this process correctly, you shall get a system generated mail. Login in to the portal using your credentials. When you log in for the first time, system will ask you to add your Digital Signature. Once you have added the Digital Signature, please inform by mail to the vendor administrator [email protected] with a copy to [email protected] for approval. Once approved, bidders can login in to the system as and when required.
3. As a pre-requisite for participation in the tender, vendors are required to obtain a valid Digital Certificate of Class II-B and above (having both signing and encryption certificates) as per Indian IT Act from the licensed Certifying Authorities operating under the Root Certifying Authority of India (RCIA), Controller of Certifying Authorities (CCA). The cost of obtaining the digital certificate shall be borne by the vendor.
In case any vendor so desires, he may contact our e-procurement service provider M/s. E-Procurement Technologies Ltd., Ahmedabad (Contact no. Tel: .+91-79-40270573 and & Tel: +91 22 2417 6419 ) for obtaining the digital signature certificate.
4. Corrigendum/amendment, if any, shall be notified on the site https://bpcleproc.in. In case any corrigendum/amendment is issued after the submission of the bid, then such vendors who have submitted their bids, shall be intimated about the corrigendum/amendment by a system-generated email. It shall be assumed that the information contained therein has been taken into account by the vendor. They have the choice of making changes if needed in their bid before the due date and time.
Bidders are required to complete the following process online on or before the due date/time of closing of the tender:
Techno-commercial Bid (Part-I) Priced Bid (Part-II)
5. Directions for submitting online offers, electronically, against e-procurement tenders directly through
internet:
Vendors are advised to log on to the website (https://bpcleproc.in) and arrange to register themselves at the earliest, if not done earlier.
The system time (IST) that will be displayed on e-Procurement web page shall be the time considered for determining the expiry of due date and time of the tender and no other time shall be taken into cognizance.
6
Vendors are advised in their own interest to ensure that their bids are submitted in e-Procurement system well before the closing date and time of bid. If the vendor intends to change/revise the bid already submitted, they shall have to withdraw their bid already submitted, change / revise the bid and submit once again. In case vendor is not able to complete the submission of the changed/revised bid within due date & time, the system would consider it as no bid has been received from the vendor against the tender and consequently the vendor will be out from tendering process. The process of change / revise could be done any number of times till the due date and time of submission deadline. However, no bid can be modified after the bids submission deadline.
Once the entire process of submission of online bid is complete, they will get an auto mail from the system stating you have successfully submitted your bid in the following tender with tender details.
Bids / Offers shall not be permitted in e-procurement system after the due date / time of tender. Hence, no bid can be submitted after the due date and time of submission has elapsed.
No manual bids/offers along with electronic bids/offers shall be permitted.
6. For tenders whose estimated procurement value is more than Rs. 10 lakhs, vendors can see the rates quoted by all the participating bidders once the price bids are opened. For this purpose, vendors shall have to log in to the portal under their user ID and password, click on the “dash board” link against that tender and choose the “Results” tab.
7. No responsibility will be taken by BPCL and/or the e-procurement service provider for any delay due to connectivity and availability of website. They shall not have any liability to vendors for any interruption or delay in access to the site irrespective of the cause. It is advisable that vendors who are not well conversant with e-tendering procedures, start filling up the tenders much before the due date /time so that there is sufficient time available with him/her to acquaint with all the steps and seek help if they so require. Even for those who are conversant with this type of e-tendering, it is suggested to complete all the activities ahead of time. It should be noted that the individual bid becomes viewable only after the opening of the bid on/after the due date and time. Please be reassured that your bid will be viewable only to you and nobody else till the due date/ time of the tender opening. The non-availability of viewing before due date and time is true for e-tendering service provider as well as BPCL officials.
8. BPCL and/or the e-procurement service provider shall not be responsible for any direct or indirect loss or damages and or consequential damages, arising out of the bidding process including but not limited to systems problems, inability to use the system, loss of electronic information etc.
In case of any clarification pertaining to e-procurement process, the vendor may contact the following agencies / personnel:
For system related issues:
M/s. E-Procurement Technologies Ltd at contact no. Tel: +91 22 2417 6419 | 6535 4113 | 6559 5111 & Tel: +91-79-40270573) followed with an e-mail to id [email protected].
For tender related queries:
a. Mr. Shyam Sawant of BPCL at contact no. 022‐24176396 followed by an email to ID [email protected]
b. Himanshu shah of BPCL at contact no. 022-24176123 /24152723 followed with an email to ID [email protected]
7
For Technical related queries:
Mr. Shyam kumar shinde of BPCL at contact No. 022-24176256 followed with an email to ID [email protected]
Mr. Shubbhrangshu Bhattacharjee of BPCL at contact No. 022‐24176261 followed by an email to
8
Background
A state of the art IT systems have been implemented in BPCL across its Data Centers in Mumbai (Primary)
and G.NOIDA (DR). In order to protect these assets from unauthorized and malicious administrative
access, BPCL has planned to implement Privilege identity Management solution (PIM). BPCL would like to
implement virtual appliance or software based PIM solution with HA at both data centers. BPCL would
also deploy DC‐ DR functionality (i.e. In case DC PIM is not available then administrators would be able to
access their respective systems using PIM solution of DR). The proposed architecture for PIM solution
would be as under.
Proposed PIM architecture at BPCL Bidder should provide PIM solutions at both DC and DR in HA mode and also with DC‐DR functionality. 1) The users at DC should access the targeted devices primarily through PIM solution at DC. 2) In case primary PIM virtual appliance at DC fails, the users at DC should seamlessly able to access the
targeted systems through secondary PIM virtual appliance (HA) at DC. 3) The users at DR should access the targeted systems through PIM virtual appliance at DC but the
subsequent sessions should be maintained by DR site. 4) In case PIM solution at DC fails, the users at DR should be seamlessly able to access the targeted
devices through secondary PIM virtual appliance at DC and the subsequent sessions should be maintained by DR site.
5) In case both PIM virtual appliances at DC fails then all users should be seamlessly able to access the targeted systems through PIM virtual appliance at DR.
BPCL would like to integrate the PIM solution with Two Factor Authentication (2FA). The 2FA Solution
would be part of the deliverable either as inbuilt component of the PIM solution or as an additional
module.
9
Prologue
1.ImportantNotestoBidders While preparing this document, BPCL tried to cover all relevant information. However, vendor
should examine this document for technical feasibility and bring out any omissions in a separate chapter under “Deviation Statement”, in their “Techno‐Commercial Bid” with relevant write‐up and any such inclusions must be factored‐in in their commercial bids. Once the bid is technically acceptable & commercially evaluated, it is the responsibility of the vendor to complete the Project, as per the Scope, without any further commercial impact to BPCL.
It is the Vendor’s responsibility to carefully review this document and understand the scope of
work while quoting for the bid. This Project is to be completed on Turn‐Key Basis as defined in the Scope of work. Any hardware, software required for executing the project & not listed in this RFP, will be on vendor’s account and bidder must take into account all such costing while submitting bids.
Jobs awarded under this contract cannot be sub‐contracted without the consent of BPCL.
A Pre‐bid meeting would be scheduled on 09.01.2018. Venue & time will be informed
subsequently.
All queries regarding pre‐bid meeting of this tender need to be submitted by 08.01.2018 to below mentioned. Further queries/clarifications on this tender may not be entertained after pre‐bid meeting.
Contact Person for Technical Clarification Shyam Kumar Shinde Bharat Petroleum Corporation Limited, A – Installation, ERP Competency Center, Sewree Fort Road, Sewree East, Mumbai ‐ 400015. Phone : 022‐24176256 email : [email protected]
2.BidderTypes
Sr. No.
Quote & Supply of S/W Remarks
1 System Integrator (SI) • SI should submit an undertaking from respective OEM on their letterhead that the OEM will enter into back to back agreement with SI for supply of Software, Subscription and Support. The undertaking should also mention that the support for 6 years shall be provided at the quoted rate in the bid. This should be submitted along with the Technical bid.
10
3.Techno‐CommercialEvaluation Techno‐commercial bid will be accepted only if they are in the prescribed format in e‐tender, with
complete information and technical conditions have been complied with.
4.CommercialBidEvaluation/OrderAwardCriteria The entire Bill of Material against this tender would be evaluated as a ‘single lot’ on Lowest Total
Cost of Ownership (TCO) on L1 basis. Price bids of Techno‐Commercially Qualified bidders will be evaluated using criteria of ‘Lowest
Quote’ of Total Cost of Ownership (TCO). The ‘Lowest Quote’ will be established based on the following:
a) GST CREDIT will be taken in to account while commercially evaluating the offers.
b) Techno‐Commercially Qualified Bids under this tender would be evaluated based on Total Cost of Ownership (TCO) [i.e. Considering the Basic price of software, Subscription & support during warranty, Implementation, AMC etc., applicable Taxes and Duties.
c) Any Taxes, Duties, Levies etc. borne by BPCL shall be loaded as applicable during commercial evaluation.
Owners (BPCL) reserve its right to allow Micro and Small Enterprises (MSEs) and MSEs owned by Scheduled Caste (SC) or the Scheduled tribe (ST) entrepreneurs, purchase preference as admissible/applicable from time to time under the existing Govt. policy. Purchase preference to a MSE and a MSE owned by SC/ST entrepreneurs shall be decided based on the price quoted by the said MSEs as compared to L1 Vendor at the time of evaluation of the price bid.
Further, in case of non‐divisible tender, an MSE quoting in the price band of L1+15 per cent shall be awarded for full/complete supply of tendered value subject to bringing down of price to L1 by the concerned MSE. In case of more than one such MSEs are in the price band of L1+15%, then L1 MSE will be offered first and if matches the L1 price, MSE shall be allowed to supply total tendered quantity. If L1 MSE does not match L1 price, other MSE falling in range of L1+15% price band will be offered in order of L2 MSE, L3 MSE etc. until they match L1 price. No separate preference shall be given to MSE owned by SC/ST entrepreneurs over MSE owned by general person.
MSME vendors need to provide the details of MSE Registration with Directorate of Industries or
any other competent authorities along with the technical bid.
11
ScopeofWork
This RFP is meant for following Product & Services:
Sr. No
Product/Services Details
A Supply of Software with 1 year comprehensive warranty
Enterprise Privilege Identity Management (PIM) software with HA at DC and DR.
Inbuilt or separate two factor solution (2FA) with HA for 200 users.
PIM Solution including all necessary software & licenses as per technical specification mentioned in Annexure – I.
B Project Services – Implementation
Preparation of architecture design, project
plan for implementation of PIM solution Installation of the supplied associated
Software on virtual infrastructure. Configuration of PIM features for servers,
database, network & security. Integration of application, service accounts
and accounts embedded in various applications.
PIM solution’s integration with 2FA solution (with HA) for 200 users
Instructor led Training to BPCL teams Documentation of Design and
Implementation work Refer Annexure III for details.
C Services – Support during warranty
24/7 remote OEM support, 24/7 on‐demand
SI support (L1/L2/L3) during warranty on offered solution for 1st Year.
Software Subscription, Updates & Upgrades during warranty on offered solution for 1st Year.
Refer Annexure V for details.
D Services – Support during Post Warranty (AMC)
24/7 remote OEM support, 24/7 on‐demand SI support during AMC on offered solution for 2nd, 3rd, 4th, 5th and 6th Year.
Software Subscription, Updates & Upgrades during AMC support on offered solution for 2nd, 3rd, 4th, 5th and 6th Year.
Refer Annexure V for details.
The Successful Bidder will be required to supply, install and commission all the required deliverables of project at the identified locations. Benchmark specifications for various types of components to be supplied & operationalized as part of this project are given in Annexure I. Bidders are required to ensure that components proposed are capable to meet these benchmark specifications and are also able to adhere to the functional requirements specified in RFP.
OEM should use the industry best practices for implementation of PIM Solution in BPCL.
12
CommercialTerms&Conditions
Pricing Type
a. The quoted rates shall be valid for acceptance for the period of 90 days from the date of opening commercial bid.
b. It is mandatory to quote yearly support charges during warranty & AMC with minimum 15% per annum of the total software cost of Annexure – IV commercial bid line item no.10 (excluding taxes).
c. The Vendor should quote separately for Basic price, HSN / SA Code, Billing state as applicable in the Price Bid.
d. Variation in the rates for Statutory levies/ taxes / duties during the tenure of the contract for supplies within delivery schedule will be allowed only on the submission of documentary evidence from Govt. / Statutory Authorities and its acceptance by BPCL
2. Delivery Schedule
• All Schedules will be calculated from the Zero Date i.e. Date of issue of Purchase Order. • Delivery of the Software shall be made within 4 weeks from the date of PO. • Part delivery will not be considered. Even if it is delivered partly, the last shipment as per the purchase order will be considered as delivered date. • Road permits / Entry permits shall be made available to the vendor by the respective location. However, the same should be communicated to BPCL within 7 days in advance. • Vendor should indicate the Nodal point for deliveries/logistics and to whom Road permits are to be sent. • Delivery as per the purchase order has to be made before submitting the invoice for payment. Part payment of the equipment will not be made other than payment terms. • Vendor to provide complete bill of materials with part numbers which will be required to identify proper delivery. Delayed Delivery:
Penalty @0.5% of total cost of PIM software (along with the Two Factor Authentication solution) per week or part thereof, maximum up to 5% of the total software value shall be deducted for delayed delivery at the time of making first payment.
Vendor shall supply and install the Hardware as per the address given below:
Sr. No Description Delivery Address
1
Delivery of Enterprise “Privilege Identity Management (PIM)” Solution (either as software‐based or virtual appliance based) along with Integrated inbuilt or additional two factor authentication solution (software only).
HA and DR functionality
Mr. Shubhrangshu Bhattacharjee Corporate Data Centre, Bharat Petroleum Corporation Ltd “A” Installation, Sewree Fort Road, Sewree (East), Mumbai, Maharashtra ‐ 400015.
13
3. Project Execution
• The solution configuration & integration of the total system / solution as defined in the Annexure – III and final acceptance by BPCL should be completed within 12 weeks from the date of delivery. • The vendor will provide Project Services as specified in Annexure ‐ III. • The vendor is required to execute the order as a turn‐key project and BPCL shall not be responsible
for any omission/deletion of any component and no additional cost shall be paid to vendor by BPCL towards the same. Such component / accessories shall be provided by Vendor at its own cost.
Delay in project execution
Delay in project execution shall attract penalty calculated @1.0% of Project Implementation Cost (Annexure‐ IV commercial bid Line Item 20 ) per day of delay (Maximum delay of 30 calendar days), beyond which BPCL reserves the right to get project completed by third party at the cost & expenses of the successful bidder.
4. Payment Term
Sr. No. Product / Services Terms
A. Supply of enterprise PIM virtual Software with 1 year on‐site comprehensive warranty
100% payment shall be made against completion of
implementation as per Annexure‐III
B. Implementation Charges 100% payment of Implementation (refer line item #20 of Annexure‐IV) will be paid after completion of project as per Annexure‐ III.
D. Software Subscription, OEM and SI support (AMC period during 2nd , 3rd , 4th , 5th & 6th Year)
• Creation of AMC PO by BPCL and to be accepted and signed by Vendor. • Quarterly AMC Payment after the completion of quarter within 30 days from the date of submission of invoice duly authorized by BPCL officer.
Vendor/System Implementer will have to ensure that all invoices and other documents are signed, stamped with date by the location In‐charge/BPCL officer and submitted at respective departments for payment.
Payment would be made through National Electronic Fund Transfer (NEFT). Hence, please ensure that a bank detail submitted by you is correct or submit the latest bank details in the format available with us.
If the delivered Solution is shifted to any other location in India by BPCL during the Warranty / AMC period, then vendor has to provide support under warranty/AMC period at the location.
5. Warranty, AMC & SLA a) Software subscription and services
1. 1st year warranty shall start from the date of installation, configuration and acceptance by BPCL. Subsequent to the 1st year Warranty, BPCL shall issue PO for AMC to SI for further period of 5 years on satisfactory performance on yearly basis as per tender.
14
2. Upgrades, Updates, Patches & Support from SI/OEM for the contract period of six years shall not attract any additional cost to BPCL.
b) Service Level Agreement (SLA): Mandatory & Non‐negotiable
1. Successful bidder must ensure “24 hrs every day x 7 days in every week x 365 days in every year” remote support by OEM for all software related issue and it will be the responsibility of the bidder to ensure that BPCL gets all necessary support from the OEM TAC team to address technical issues for timely resolution. This clause is applicable to both OEMs providing PIM and 2FA solution in case 2FA solution is different (not inbuilt in the PIM product).
2. Successful bidder shall ensure onsite availability of its support engineer whenever such presence is warranted in the event of software issue.
3. Successful bidder shall ensure response time within 2 hours from the time ticket is logged on OEM support portal. This clause is applicable to both OEMs providing PIM and 2FA solution in case 2FA solution is different (not inbuilt in the PIM product.
6. Penalty
a) During Warranty and AMC ‐ Violation of Response Time clause
For every additional hour or part thereof response time beyond specified hours of CTR (Call to Reponses) penalty will be calculated based on following table
Sr. No Type of Penalty Measuring Point CTR Penalty Terms beyond CTR
1 Delay in response on TAC
case Time of logging
the call 2 hrs.
0.5% per hour or part thereof up to 5% of Yearly AMC
b) Maximum Penalty
The penalty clause is to ensure that OEM vendor is putting best efforts to honor
SLAs committed to BPCL.
The penalty clause is to ensure that vendor is putting best efforts to honor SLAs committed to BPCL. Maximum penalty of 5% of total Warranty/AMC value of that particular year.
c) Other Conditions
Penalty will be adjusted against support and services payment done at the end of quarter(s) or by invoking BG submitted, in case required.
BPCL reserves the right to terminate the contract on reaching the maximum penalty by serving 30 days’ notice.
7. Non‐Compliance of SLAs
Bidders must take a note that the Max limits of penalties are upper tolerance and BPCL reserves right to terminate the contract at any point of time for breach of SLAs without reaching the Max limit of penalties and initiate legal action to claim business losses from the bidder.
15
8. Exit Clause
BPCL intend to use PIM Solution for 6 years and bidder shall enter into a six years contract with BPCL, however in case of change in technology of PIM, change in associated software or launch of more advanced solutions making the offerings of this product less effective BPCL reserve the right to terminate the contract at any point of time after completion of 3 years without any explanation given to bidder, serving three months’ notice.
9. Other Contractual Stipulations
a) Risk Purchase: This clause may be invoked during the period of project implementation as well as maintenance period with effect from the date of signing of the contract. In case of non‐performance of contract by the bidder, or if bidders fails to supply requisite items, within stipulated timelines as per Contract and SLAs defined therein, BPCL shall reserve the right to invoke Risk Purchase Clause by serving 15 days’ notice. This clause shall apply over and above LD and other penalty clauses in respect of SLAs for the items in question. BPCL may procure such items and get the work done by any other party at the risk and cost of the bidder for carrying out the balance / affected work. The liability of bidder in case of risk purchase will be to the extent of immediate next higher financial quote (total bid value for that item) or 125% of financial bid of bidder for that item, whichever is higher. The extra amount towards the same shall be recovered from PBG submitted or any running bill.
b) We reserve the right to reject the tender without assigning any reason whatsoever.
c) Right to Audit: BPCL reserves the right to audit or inspect work performed by the vendor. BPCL
may participate directly or through an appointed representative, e.g., Mutually Agreeable external auditor, in order to verify that the tasks related to this project have been performed in accordance to the procedures indicated.
d) Liability Clause: In case where it is necessary for employees or representatives of the Vendor to go upon the premises of owner, vendor agrees to assume the responsibility for the proper conduct of such employees/representatives while on said premises and to comply with all applicable Workmen’s Compensation Law and other applicable Government Regulations and Ordinances and all plant rules and regulations particularly in regard to safety precautions and fire hazards. If this order requires vendor to furnish labour at site, such vendor’s workmen or employees shall under no circumstances be deemed to be in owner’s employment and vendor shall hold himself responsible for any claim or claims which they or their heirs, dependent or personal representatives, may have or make for damages or compensation for anything done or committed to be done, in the course of carrying out the work covered by the purchase order, whether arising at owner’s premises or elsewhere and agrees to indemnify the owner against any such claims, if made against the owner and all cost of proceedings, suit or actions which owner may incur or sustain in respect of the same.
e) NDA Clause: The successful bidder has to sign the 'Non‐Disclosure Agreement(NDA)' on Rs. 100/‐
stamp paper (Non Judicial) from their competent authority as a compliance for the 'Non‐ Disclosure Agreement' in line with BPCL's IS Security Policy (please refer Annexure‐VIII for details). Purchase orders will not be placed without entering into above NDA. If NDA has already been submitted, please ignore this clause.
16
f) IP (Intellectual Property)
• Organization retains all rights to its pre‐existing intellectual property and any intellectual property it creates in connection with the agreement; and
• The vendor assigns to organization all rights in any work product developed pursuant to the agreement and acknowledges that all materials created by the vendor pursuant to the agreement shall be deemed to be owned by the organization. If the vendor does not agree to an assignment, then the vendor should, at a minimum, grant organization a perpetual, irrevocable, worldwide, royalty‐free license to use the work product developed pursuant to the agreement.
g) Force Majeure Clause:
The parties to this agreement cannot be responsible for any failure of performance or delay in performance of their obligations there under if such failure or delay shall be the result of any Government Directive relevant to this agreement or due to war, hostilities, act of public enemy, riots or civil commotion’s, strikes, lock out, fire, floods, epidemics or act of God, arrests and restraints or rulers and people, political or administrative acts of recognized or defacto Government Import or Export restrictions, compliance with any Government or local authority or any other cause or cause beyond the control of the parties herein.
h) Arbitration clause:
• In case of any disputes or differences between the Parties the same shall be mutually resolved first, however if the Parties fail to mutually resolve any dispute or difference the same shall be resolved by a Sole Arbitrator who shall be mutually appointed by both the parties within a period of 1 (one month). In case the parties have failed to appoint any arbitrator by mutual consent, then the aggrieved Party may take steps for appointment of arbitrator as per the Arbitration and Conciliation Act, 1996 and subsequent amendments thereof. The venue of Arbitration shall be Mumbai and conducted in English language. The arbitration proceedings shall be governed by Arbitration and Conciliation Act, 1996 or any statutory modification or re-enactment thereof and the rules made there under. The decision of the arbitrator shall be final & binding to both the Parties. Judgments or award from Arbitration proceedings any application or other proceedings in respect of anything arising under this Agreement shall be enforced exclusively in the Courts at Mumbai.
• This Agreement shall be construed in accordance with the laws of India. • The parties hereby agree that the Courts in the city of Mumbai alone shall have jurisdiction to
entertain any application or other proceedings in respect of anything arising under this agreement and any award or awards made by the Sole Arbitrator hereunder shall be filed (if so required) in the concerned Courts in the city of Mumbai.
Limitation of liability will be restricted to Total Contract Value. ALL ABOVE TERMS & CONDITIONS ARE ACCEPTABLE TO US. SIGNATURE & NAME OF THE PERSON COMPANY SEAL
17
TechnicalBidFormat Please provide the following information as part of your RFP bid. All information required herein must be provided. If the information provided is found to be incomplete, incorrect or unsatisfactory, the bid is liable to be rejected. Please provide following:
a) List of Deviations, if any, else submit NIL deviation statement.
b) Technical write‐up on the proposed solution for BPCL (Provide full technical write‐up on the solution offered to BPCL, including but not limited to Technical Brochure of the solution products and related components/subcomponents thereof.
c) Detailed project execution plan with major milestones & deliverables at each milestone.
d) Provide technical compliance sheet as per Annexure – I (Technical Specification for PIM solution).
e) Provide Bill of material along with the part number of each of the line items with quantity as per Commercial bid format given in Annexure ‐II
f) Blank Commercial Bid with declaration on it that “The Commercial bid is as per the format requested & prices submitted are in the units specified in the tender without any condition attached” under the signature of the authorized signatories. In case there is any condition mentioned in commercial bid or is not in the required format, which is not mentioned in Technical bid under “Deviation Statement”, the bid is likely to be rejected.
g) An undertaking from respective OEM on their letterhead that the OEM will enter into back to back agreement with SI for supply of Software, Subscription and Support. The undertaking should also mention that the support for 6 years shall be provided at the quoted rate in the bid. This should be submitted along with the Technical bid. In case the Two factor authentication solution is different (not inbuilt in the PIM solution), aforementioned Undertaking must be submitted from the respective OEM too.
h) Manufactures Authorization Form (MAF) on OEM’s letterhead duly signed and stamped by OEM’s authorized signatory as per Annexure‐VI. In case the Two factor authentication solution is different (not inbuilt in the PIM solution), aforementioned MAF must be submitted from the respective OEM too.
i) Confirmation that bidder has quoted minimum 15% AMC charges (total of line item 10) in line items 30 to 70.
j) Duly signed by ‘Authorized signatory’ an Integrity Pact (IP).
18
Annexure‐I:TechnicalSpecificationforPIMsolution
S. No. Technical Specifications Compliance (Yes/No)
Comments
A. GENERAL
1
The proposed solution shall support following functionality a) Secure and manage privileged password b) Strong authentication and Single Sign on (SSO) c) Application to Application password management d) Access and Command control e) Audit trail and Session Recording f) Work flow management
2
The proposed solution should be from any of the following OEMs only :
M/s ARCON
M/s CyberArk
M/s BeyondTrust
M/s Centrify
M/s Thycotic
3 The solution should be able to be implemented in virtual environment. BPCL will provide virtual machine both at DC and DR site
4
BPCL will provide MS‐SQL licenses for database (if required). If back‐end database is other than MS‐SQL, then solution should be fully self‐managed and should not require a database administrator(DBA) for production deployment, backup/recovery or database hardening
B High Availability and DR functionality
1 The solution should have High Availability at DC (Sewree, Mumbai) and DR (Greater NOIDA) separately.
2 The proposed solution shall support for high redundancy or DR architecture even when deployed on different network segments or locations.
3
The password vault must be highly reliable, the switch over to HA/DR should be seamless without manual intervention, and provisions should be available to recover credentials securely in case of catastrophic failures.
4 Data replication between different network segments shall be performed natively without the need for external solution or infrastructure
C Security
1
PIM solution as a whole and specially the password vault, should be installed on a highly secure/ hardened system with minimal services running. The platform should be highly secured, tamper‐proof for the solution and for the storage.
19
2 The solution should provide a secured process for encrypted storing and backups.
3
The solution should keep the passwords in very strong encrypted form. The solution should also provide for strong encryption inside the system components/processes, between its distributed modules, and between the web application and user machines, to protect passwords and other sensitive information.
4 The proposed solution should be 100% agentless that includes password storage, password management and session recording features.
D PERFORMANCE AND SCALABILITY
1 Solution should have licenses for minimum 1500 devices from day ‐1 and scalable to 5000 devices.
2 Solution should have licenses for minimum 200 named users from day ‐1 and scalable to 500 users.
3 Solution should have licenses for minimum 200 concurrent sessions from day ‐1 and scalable to 500 session.
4 Solution should have licenses for minimum 200 service account from day ‐1 and scalable to 500 service account.
E System Accounts management and support
1
The solution should be capable to dynamically and automatically detect new resources locations like servers / operating systems / services / scheduled tasks / IIS service accounts/network devices/hyper visors in virtual systems etc., throughout the environment and provision them to the product and automatically discover privileged accounts and enforce the right password policy.
2
The proposed solution shall support the ability to manage passwords and perform session recording for the privileged accounts on the following platforms: a. OS : Windows, HP Unix, Ubuntu, Suse, Solaris, RHEL b. Databases : Oracle, MS SQL Server, DB2, MySQL c. Web Applications : IIS, Apache, JBOSS, Websphere, Sharepointd. Microsoft AD and Microsoft Exchange Server e. Virtual platform : VMWare ESx, Microsoft Hypervisor
3
The proposed solution shall support the ability to manage passwords and perform session recording for the privileged accounts on the following a. Network devices : Routers and Switches b. Network appliances : Link Load Balancers, Application Delivery
Controllers, Network Bandwidth Management and WAN optimization appliances
c. Security devices :Firewalls & UTMs, Secure Web Gateways, SPAM Gateways, SSL / IPSECVPN devices
4
Solution should support open API / provide API's to add "connectors" to manage devices that are not currently supported 'out‐of‐the‐box'. It should also be capable of connecting to legacy applications
20
5 Solution should be able to seamlessly connect to Active Directory and LDAP‐Compliant directory services accounts, TACACS/TACACS+ and RADIUS.
6
The product must be able to manage remote target systems through a firewall (e.g. servers in a DMZ, remote locations etc.) through secure built‐in connectivity (without requirement of additional security; such as third party VPN).
F Password Management / Credential management
1 The solution should have a strong inbuilt password vault/management system with single‐sign‐on feature.
2
Password vault should be replicated over a secured channel and off‐site data backup, data restoration capabilities should be offered.
3
Should be able to create flexible password management policies for assets. A policy can be applied to an object/a group of objects or a group of policies can be applied to an asset/group of assets/objects.
4
After dynamically discovering resources /services/ processes, the solution should be able to propagate password changes to relevant targets across the network to avoid the potential for service disruptions and lockouts whenever changes are made.
5
Product should allow bulk operations to be performed on managed accounts (such as force password change immediately, reconcile password, verify password). Solution must support scheduled password changes.
6
Solution must protect password change process against race conditions like a failed attempt to update password on target system (password in vault should not be updated) or inability/ delay in determining if the password has successfully been updated on target systems or application configuration files (old password shouldn't be removed from the vault).
7
The solution should have the capability to reset individual passwords or groups of passwords on‐demand, and to schedule automated checks to ensure that each password stored in the database correctly matches the current login for each target account.
8
Solution should be able to change password on demand, on the basis of a specific criteria or policy, automatically or manually, support password verification, reconciliation and reporting, set password parameters like constitution, history, and change timings.
9
The solution should be able to manage passwords stored as plain or encrypted, hardcoded in system files or user‐defined files, database tables, network devices etc. including within application configuration files, code or scripts.
10 The solution should restrict the solution administrators from accessing or viewing passwords or approving password requests.
11 The proposed solution shall have support password policies Ability to set a minimum password length and complexity for super‐user accounts across all systems in a single master policy
21
12 The solution should have provisions to provide credentials for authenticating applications/scripts during run‐time.
13
100% availability of business applications ‐ The product should support non‐connectivity scenarios e.g. network outages, so that the password will still be available to the application, although there is no connection to the secure storage where the password is stored.
14
Ability to automatically rotate application’s passwords and SSH Keys based on configured policy without impact to application performance or downtime at the point of time when the data source password is changed.
G 2 FA Integration with PIM
1 The proposed solution should have either in‐built 2FA functionality OR If not, the Vendor should provide additional 2FA software in HA at DC and DR site. Solution must be software or virtual appliance based.
2 If separate 2FA Solution is proposed then same should be provided with High availability within the primary and DR site and replication between primary site to DR site.
3 If separate 2FA Solution is proposed then vendor should provide two customers reference for 2FA Solution implementation
4 Solution must counter phishing, pharming, man in the middle, man in the browser and man in the machine attack.
5 The 2FA solution should provide unlimited scalability, ease of use and low latency to avoid degrading application or network performance. 2FA Solution should provide minimum 200 users licenses from day‐1
6 Solution must provide a mobile App for generation of OTP for 2 FA authentication. Mobile App must support Android, Ios, Windows platforms.
7 The mobile App should be available on play store (both Android and Apple) without any additional cost
8 The solution shall support authentication mechanisms such as PKI based token, User ID/ Password, OTP, RADIUS, out‐of‐band OTP, any other custom authentication scheme.
9 The 2FA solution must support Integration with proposed PIM solution for Authentication of users.
10 The 2FA solution must support alternate mechanism of token retrieval in a secured manner at the instance of emergency such as loss of mobile phone by users etc.
H Access Management
1 The solution should provide web‐based interface for easy access and management.
2 The solution should be able to automatically and dynamically provision users in real time with trusted Windows domains, popular directories such as AD/ LDAP /TACACS+/RADIUS servers in accordance to the user entitlements and access privileges granted (based on least privileges principle).
22
3 The solution should be able to support granular command filtering or context‐sensitive entitlements on various platforms for super‐user privileged management. Solution should also be able to detect and support concurrent login to managed systems as a privileged user
4 The solution should be capable of organizing / grouping target server / device accounts into logical groups and apply granular/fine‐grained access control to access the individual accounts or the groups of accounts.
5 The solution must support full Segregation of Duties ‐ e.g. roles are clearly and unambiguously defined with no overlapping. In addition to user access roles and entitlements, solution should also support role based administrative access in order to provide Segregation of Duties for administrative management and control.
6 It should be capable of having dual control systems (maker‐checker) for approval and authorization of critical operations.
7 The user permission should be only as per his original privilege even he ‘SU’es after logging in to the OS. Using root user credentials does not provide root privileges. Capability to restrict users to use RDP or SSH to other end‐points.
8 The solution should have login security by limiting user login by parameters like originating IP address, terminal ID, type of login program or time of the day or geographical location etc. and limited concurrent login sessions by user.
9 The solution should be capable of maintaining details of shared/pooled accounts by mapping it to the individual users.
10 The solution should be capable to have command level restrictions, i.e. of assigning specific commands to be run by specific users/groups, from specific nodes etc. The solution should be able to block commands from command line and also in queries as configured for users/groups/target resources.
11 The solution must be able to integrate with vulnerability management solutions for deep, authenticated scans (e.g. Nexpose by Rapid7) i.e. should be able to provide credentials to these scanning applications during run‐time.
I Workflows, Auditing/Reporting
1 The solution should have ability to enforce approval workflow
2 The solution should support a workflow approval process that is flexible to assign multiple approvers based on product or model (I.e. require 2 or more approvals before access is allowed).
3 The Solution should be able to provide delegation of management tasks like approval / review etc. Should support easy customization of approval workflows according to business needs (without requiring code changes). Solution should also be able to support emergency/ break glass scenarios.
23
4 The solution should provide a central live Dashboard covering features like management of devices, events and password policies, user activities, event logs etc.
5 The system should have all regular pre‐configured report templates like entitlements reports, user activities, privileged accounts inventory, applications inventory, compliance reports etc., capability to create custom reports based on users, events, activities, target systems, password uses and status etc., distribute the reports to intended users through e‐mail, the ability to run all reports by frequency, on‐demand and schedule them.
6 The reports generation should support CSV, Excel or PDF. This report extraction should not have any performance impact & feature for report extraction should be available on demand & scheduled. The solution should support customizable reports.
7 The solution should record access to the Web console for password requests, approvals and check‐out, delegation changes, reporting and other activities, access to its management console for configuration and reporting, and all password change job activity.
8 The solution should be able to record sessions, take videos recording of screen shots, key strokes / commands and output, replay sessions for forensic purposes. And provide optimized search capabilities on different parameters like users, events, time, target resources etc.
9 The solution should have real‐time session monitoring support and full audit‐trail for user activities in the solution itself.
10 The solution should be configurable so that events can trigger email / SMS alerts, run specific programs
11 The solution should be capable of alerting on actions such as password requests and check‐outs, password changes, failed password change jobs, console and web application activities etc. and attempts of access violations (running elevated/ higher privilege commands, modifying password/ user files, adding users to privileged groups etc.).
12 Solution must support Integration with ArcSight SIEM solution.
24
Annexure‐II:BillofMaterialwithPartcode
Sr.
No Item Unit
Part
Code
Quoted/Not
Quoted
10
Enterprise “Privilege Identity Management (PIM)” Solution (either as software‐based or virtual appliance based) along with Integrated inbuilt or additional two factor authentication solution (software only). Including a) High Availability module (Software) b) Disaster Recovery module (Software) c) Support services during fist year warranty period as per annexure‐ V The Solution shall comprise of below functionality and support on
1) Solution with two factor authentication for minimum 200 named users from day‐1. The PIM solution should support integration with BPCL Microsoft Active Directory as primary authentication and mobile app based authentication as second factor. The mobile App should be available on play store without any additional cost
2) Solution should have support and required licenses for 1500 devices, 200 named users & 200 service accounts from day‐1.
3) Solution should have below PIM functionalities a) Password vault b) Session Recording c) Command filtering d) Password recovery
4) PIM solution must be implemented in local HA mode at both DC and DR.
5) In case 2FA solution is not inbuilt in the PIM, then it must be implemented in local HA mode both at DC and DR.
20 Project Implementation ‐ Implementation and training
30 2nd year subscription and support cost For PIM solution
40 3rd year subscription and support cost For PIM solution
50 4th year subscription and support cost For PIM solution
60 5th year subscription and support cost For PIM solution
70 6th year subscription and support cost For PIM solution
25
Annexure‐III:ProjectServicesforPIMimplementation Sr No# Services during Project
Implementation Specifications in Brief
1 End to end Project Management
1) Offline Study of existing infrastructure, Prepare plan for
implementation along with all required features mentioned in technical specification
2) Design the architecture for PIM solution. All Design & configurations should be as per industry best practice of PIM.
3) Should take approval from OEM as well as BPCL officer for design and configuration/feature before implementation
4) Installation of PIM software at DC and DR with HA and redundancy functionality.
5) Latest stable version should be applied to the solution 6) Configuration and implementation PIM solution for accessing
network, Security and server infrastructure and also managing service account.
7) Submission of complete documentation on implementation & configuration, operational & Maintenance, troubleshooting guide.
8) Certification by OEM post completion of the Implementation as per best practice.
9) Get final sign off from BPCL security team after completion of minimum following.
a) On‐boarding of at least 300 Windows servers for Remote‐desktop session with at least 30 users with successful session recording and logging.
b) On‐boarding of at least 200 Unix/Linux Servers for SSH session with at least 20 users with successful session recording and logging.
c) On‐boarding of at least 20 Service accounts including accounts used as hardcoded credentials in various applications such as “web.config” file in IIS web servers.
d) On‐boarding of at least 15 network devices (routers/switches/link load balancer etc.) for SSH or Web session or thick‐client session for at least 10 users with successful session recording and logging.
e) On‐boarding of at least 15 security devices for SSH or Web or thick‐client based session (including checkpoint Smart dashboard) for at least 5 users with successful session recording and logging.
f) On‐boarding of at least 20 Linux/Unix servers for X‐manager session for at least 10 users with successful session recording and logging.
g) On‐boarding of at least 10 MS‐SQL servers to be integrated for SQL management studio for at least 10 SQL admin accounts (either local account or Windows
26
integrated account, sa account) with successful session recording and logging.
h) Integration with at least 2 VMWARE v‐Center Web and thick client console for at least 10 users with successful session recording and logging.
i) Successful Enforcement of Command level restriction on Linux/Unix Servers (as integrated above) through SSH and X‐Manager session.
j) Successful Enforcement of process or command level
restriction on Windows Servers (such as restricting mstsc.exe process etc.)
k) Successful completion of vaulting and changing of
passwords against local administrator and root accounts of all the Windows (300 Nos), Linux/Unix (200 Nos), Network and Security devices as integrated above.
l) Successful completion & demonstration of local account discovery across all Windows, Unix/Linux, network & security devices. Also successful demonstration of manual password change process, notification/alert on manual account creation etc.
m) Successful Integration of Rapid7 Nexpose Vulnerability manager, ManageEngine Device Expert solution with PIM.
n) Successful completion and demonstration of workflow / Approval process for new account creation, assigning a new user, password retrieval process etc for all servers as integrated above.
o) Submission of complete documentation on implementation & configuration procedure, operational & Maintenance, troubleshooting & Escalation Matrix.
a) Certification by OEM post completion of the Implementation as per best practice.
2
Instructor led Training
2 Days certified Instructor led training (with training material) for BPCL employees on PIM solution at BPCL Sewree Mumbai.
27
Annexure‐IV:CommercialBidFormat
Sr.
No. Item Unit QTY
Type
(HW/SW/SER)
Location
10
Enterprise “Privilege Identity Management (PIM)” Solution (either as software‐based or virtual appliance based) along with
Integrated inbuilt or additional two factor authentication solution (software only).
Local HA and DR functionality for both PIM as well as 2FA solution.
Including Support services during fist year warranty period as per Annexure‐ V
EA 1 SW
CDC (Sewree,
Mumbai)
20 Project Implementation ‐ Implementation and training LS 1 SER
30 2nd year subscription and support cost For PIM solution YR 1 SER
40 3rd year subscription and support cost For PIM solution YR 1 SER
50 4th year subscription and support cost For PIM solution YR 1 SER
60 5th year subscription and support cost For PIM solution YR 1 SER
70 6th year subscription and support cost For PIM solution YR 1 SER
28
Annexure–V:OEMandSIsupport
SI Support during Warranty & AMC Period at BPCL
SI shall provide support and services as detailed below during the contract period –
Account Manager: Successful Bidder/SI shall appoint an Account Manager who will be single point of contact for BPCL in relation to any technical, commercial, contractual or service related issues during the entire contract period of four years.
Project Manager: Successful Bidder/SI shall appoint a Project Manager who will coordinate project related activities and will be responsible for the successful implementation of Deep security solution in BPCL.
Successful Bidder/SI shall provide on‐site and remote support as required by BPCL in case of issues related to configuration, integration, operations, bugs etc. during the warranty and AMC period.
Support for integration of pending / new devices / servers with PIM
Support by OEM during Warranty & AMC Period at BPCL
OEM should provide direct remote support for following –
Resolution of any Software installation, configuration or integration issue
RCA of Software performance related issues
The OEM should have a facility to log a call using web interface wherein all the support contract details should be linked. This interface should provide the incident number for monitoring the progress of the call/support ticket. The OEM should have flexibility to log the calls using either email/ telephone also.
The OEM should proactively notify BPCL about any new releases of patches and firmware for the products covered in the contract at least on a quarterly basis
Software updates, Signature Updates, Version updates of all relevant components requiring upgrade/update should be delivered at no additional cost during both warranty and AMC period.
29
Annexure–VI:Manufacturer’sAuthorizationForm Ref: Date: To, D.G.M. IS (P & C) M/s Bharat Petroleum Corporation Limited IS Department , 1st floor, CPO Building “A” Installation Gate, Fort Road Sewree (E), Mumbai ‐ 400015 Subject: Manufacturer Authorization for Tender No CRFQ _____________ Sir, We, <OEM/ Manufacturer name> having our registered office at <OEM/ Manufacturer address>, are an established and reputed manufacturer of Computer Systems/System integrator. We confirm that <Bidder Name> having its registered office at <Bidder Address> is our authorized partner for ________________________. We hereby authorize <Bidder Name> to quote and execute the order for the subject tender on behalf of <OEM/ Manufacturer name>. Our full support is extended to them in all respects for supply, warranty and maintenance of our products. We also ensure to provide the service support for the supplied equipments/software during the entire warranty period from the date of supply/installation of the equipments/software as per tender terms. We also undertake that in case of default in execution of this tender by the <Bidder Name>, the <OEM/Company Name> will take all necessary steps for successful execution of this project as per tender requirements. We further confirm that, <Bidder Name> is financially sound and has commensurate annual turnover with positive cash flows and has adequate Line of Credit arrangement, with us, to undertake this contract as per terms and conditions within stipulated time lines. In case nominated Business Partner fails to meet contractual obligations / time lines, we will arrange to take all necessary steps for successful execution of this project as per tender requirements. Thanking You, For <OEM/ Manufacturer name> <(Authorized Signatory)> Name : Designation : Note: This letter of authority should be on the letterhead of the manufacturer and should be signed & stamped by Legal Officer/HR Head/Company Secretary of OEM Company.
30
Annexure – VII: NDA
Non‐Disclosure Agreement
This Agreement is made as of the ‐‐‐‐‐‐‐‐‐‐‐‐‐ 2008 between BHARAT PETROLEUM CORPORATION LTD.
(BPCL) a Government of India Enterprise, having its registered office and Corporate office at Bharat
Bhavan , 4&6 , Currimbhoy Road , Ballard Estate , Mumbai ‐400001 hereinafter referred as First Part
which expression shall unless repugnant to the subject or the context mean and included its successors,
nominees or assigns and M/s ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ a company
incorporated under the Indian Companies Act, 1956, and having its registered office at ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ herein after called “‐Second Part ” which expression
shall unless repugnant to the subject or the context mean and include its successors, nominees or assigns.
Whereas in order to pursue the business purpose of this particular project as specified in Annexure A
(the “Business Purpose”), M/s‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
recognize that there is a need to disclose certain information, as defined in para 1 below, to be used only
for the Business Purpose and to protect such confidential information from unauthorized use and
disclosure.
In consideration of First Part’s disclosure of such information, Second Part agrees as follows:
1. This Agreement will apply to all confidential and proprietary information disclosed by First part to Second part , including information which the disclosing party identifies in writing or otherwise as Confidential before or within thirty days after disclosure to the receiving party (“Confidential Information”).
Confidential Information consists of certain specifications, designs, plans, drawings, software,
prototypes and/or technical information, and all copies and derivatives containing such
Information, that may be disclosed to other part by first part for and during the Purpose, which
disclosing party considers proprietary or confidential (“Information”). Confidential Information
may be in any form or medium, tangible or intangible, and may be communicated/disclosed in
writing, orally, or through visual observation or by any other means by other part (hereinafter
referred to as the receiving party) by the First Part (hereinafter referred to as one disclosing
party). Information shall be subject to this Agreement, if it is in tangible form, only if clearly
marked as proprietary or confidential as the case may be, when disclosed to the receiving party
or, if not in tangible form, its proprietary nature must first be announced, and it must be reduced
to writing and furnished to the receiving party within thirty (30) days of the initial disclosure.
31
2. M/s ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ i.e. Second Part ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐hereby agreed that during the Confidentiality Period:
a) The receiving party shall use Information only for the Purpose, shall hold Information in
confidence using the same degree of care as it normally exercises to protect its own proprietary
information, but not less than reasonable care, taking into account the nature of the Information,
and shall grant access to Information only to its employees who have a need to know, but only to
the extent necessary to carry out the business purpose of this project as defined in exhibit A, shall
cause its employees to comply with the provisions of this Agreement applicable to the receiving
party, shall reproduce Information only to the extent essential to fulfilling the Purpose, and shall
prevent disclosure of Information to third parties. The receiving party may, however, disclose the
Information to its consultants and contractors with a need to know; provided that by doing so,
the receiving party agrees to bind those consultants and contractors to terms at least as restrictive
as those stated herein, advise them of their obligations, and indemnify the disclosing party for
any breach of those obligations.
b) Upon the disclosing party's request, the receiving party shall either return to the disclosing
party all Information or shall certify to the disclosing party that all media containing Information
have been destroyed.
3. The foregoing restrictions on each party's use or disclosure of Information shall not apply to Information that the receiving party can demonstrate:
a) Was independently developed by or for the receiving party without reference to the
Information, or was received without restrictions; or
b) Has become generally available to the public without breach of confidentiality obligations of
the receiving party. The information shall not be deemed to be available to the general public
merely because it is embraced by more general information in the prior possession of Recipient
or of others, or merely because it is expressed in public literature in general terms not specifically
in accordance with the Confidential Information; or
c) Was in the receiving party's possession without restriction or was known by the receiving party
without restriction at the time of disclosure and receiving party declare of possession of such
confidential information within a day upon such disclosure by disclosing party ; or
d) Pursuant to a court order or is otherwise required by law to be disclosed', provided that
Recipient has notified the disclosing party immediately upon learning of the possibility of any such
court order or legal requirement and has given the disclosing party a reasonable opportunity and
co‐operate with disclosing party to contest or limit the scope of such required disclosure including
application for a protective order.
e) Is disclosed with the prior consent of the disclosing party; or
32
f) The receiving party obtains or has available from a source other than the disclosing party
without breach by the receiving party or such source of any obligation of confidentiality or non‐
use towards the disclosing party.
4. Receiving party agrees not to remove any of the other party’s Confidential Information from the premises of the disclosing party without the disclosing party’s prior written approval and exercise extreme care in protecting the confidentiality of any Confidential Information which is removed, only with the disclosing party’s prior written approval, from the disclosing party’s premises. Receiving party agrees to comply with any and all terms and conditions the disclosing party may impose upon any such approved removal, such as conditions that the removed Confidential Information and all copies must be returned by a certain date, and that no copies are to be make off of the premises.
5. Upon the disclosing party’s request, the receiving party will promptly return to the disclosing party all tangible items containing or consisting of the disclosing party’s Confidential Information all copies thereof.
6. Receiving party recognizes and agrees that all of the disclosing party’s Confidential Information is owned solely by the disclosing party (or its licensors) and that the unauthorized disclosure or use of such Confidential Information would cause irreparable harm and significant injury, the degree of which may be difficult to ascertain. Accordingly, receiving party agrees that the disclosing party will have the right to obtain an immediate injunction enjoining any breach of this Agreement, as well as the right to pursue any and all other rights and remedies available at law or in equity for such a breach.
7. As between the parties, all Information shall remain the property of the disclosing party. By disclosing Information or executing this Agreement, the disclosing party does not grant any license, explicitly or implicitly, under any trademark, patent, copyright, mask work protection right, trade secret or any other intellectual property right. The disclosing party disclaims all warranties regarding the information, including all warranties with respect to infringement of intellectual property rights and all warranties as to the accuracy or utility of such information. Execution of this Agreement and the disclosure of Information pursuant to this Agreement does not constitute or imply any commitment, promise, or inducement by disclosing party to make any purchase or sale, or to enter into any additional agreement of any kind.
8. Disclosing party’s failure to enforce any provision, right or remedy under this agreement shall not constitute a waiver of such provision, right or remedy.
9. This Agreement will be construed in, interpreted and applied in accordance with the laws of India.
10. This Agreement and Exhibit A attached hereto constitutes the entire agreement of the parties with respect to the parties' respective obligations in connection with Information disclosed hereunder and supersedes all prior oral and written agreements and discussions with respect thereto. The parties can amend or modify this Agreement only by a writing duly executed by their
33
respective authorized representatives. Neither party shall assign this Agreement without first securing the other party's written consent.
11. This Agreement will remain in effect for three years from the date of the last disclosure of Confidential Information, at which time it will terminate, unless extended by the disclosing party in writing.
12. With regard to the confidential information of M/s______________ disclosed to BPCL, BPCL agrees to comply with all the obligations of receiving party mentioned in this Agreement.
IN WITNESS WHEREOF, the parties hereto have executed this Agreement by their duly
authorized officers or representatives.
M/S ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ BHARAT PETROLEUM
CORPORATION LIMITED
Signature: _____________ Signature: ____________
Printed Name: _________ Printed Name: ___________
Designation: ________________ Designation: ________________________
34
Exhibit A
1. Business Purpose: …………………………………………………………… …………………………………………………………………………………….
2. Confidential Information of M/s ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
a. All communication/ information submitted to the BPCL relating to the proposal of M/s
_______________ for the purpose of procurement and subsequent integration with existing
infrastructure of BPCL, marked as confidential.
3. Confidential Information of BPCL:
a. All details relating to architecture and other Network infrastructure details
of BPCL etc.
b. All information shared in oral or in written form by BPCL with M/s‐‐‐‐‐‐‐‐‐‐‐‐‐
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐.
c. Any information desired by M/s ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ shall be justified for.
d. Information downloaded or taken in physical form shall be returned/ destroyed
after use and not copied.
e. Draft Technical specifications for the various projects and Tender documents
for the same.
BPCL: ___________________ M/s‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
Signed Signed