National Bank for Agriculture and Rural Development, Department … · 2018. 9. 22. ·...

Corrigendum regarding Tender Document for providing three year licenses, installation, configuration, deployment,

updating and technical support for Centralized Antivirus Server Solution with endpoint client agent deployment Date : 19-05-2017

of 13

National Bank for Agriculture and Rural Development,

Department of Information Technology,

5th Floor, ‘C’ Wing, Plot No C-24, ‘G’ Block,

Bandra-Kurla Complex, Bandra (East), Mumbai-400051

Corrigendum to Tender Document for providing three year licenses, installation, configuration, deployment,

updating and technical support for Centralized Antivirus Server Solution with endpoint client agent deployment

Tender No NB.DIT/ 84 / DIT-011-1/2017-18 dated 05th May 2017

Pre-Bid Meeting held on 11th May 2017

Sr.

Clause Page Existing Clause mentioned in RFP Clause

Query of Bidder Clarification / Amendments, if any

1 Can bidder be exempted from payment of EMD and Tender Fee?

No.

2 Additional clause requested - The Bidder may terminate this Agreement upon written notice to NABARD, if NABARD commits a default or material breach under this Agreement and does not remedy the default or material breach within 30 days of notice from the Bidder.

While finalizing the contents of the agreement, suitable clause will be incorporated.

3 Additional clause requested - The total liability of the selected bidder shall not exceed the total cost of the order value. Neither party shall be liable for indirect and consequential damages under this RFP.

Request not accepted.

4 Request to extend the RFP last date by 15 days as the RFP is of large magnitude this needs




of 13

Sr.



working and discussion with multiple team & OEM

5 We Request the bank to provide the Address of Locations of installation which will also be required for Billing. If the Multi-State billing is required, kindly provide the GSTNID of those state/Union Territory.

It is clarified that Multi-State billing is not required.

6 Presently single antivirus is running in the organisation or Multiple antivirus? Presently which antivirus is running?

The information cannot be shared.

7 Will the Bank Provide necessary Hardware and Operating system, networking for hosting?

Yes

8 ‘Pre-Qualifying Criterion’ in 2.1 (1) in PART –II (Eligibility Criteria)

28 The bidder should be registered as a company in India as per Company Act 1956.

Can a Partnership Firm participate in this Tender ?

The bidder should be registered as a company in India as per Companies Act or the bidder should be a registered Partnership Firm.

9 ‘Documents to be submitted’ in 2.1 (1) in PART –II (Eligibility Criteria)

28 Copy of the Certificate of Incorporation issued by Registrar of Companies and full address of the registered office

What documentary proof to be submitted by Partnership Firm?

Registered Company has to submit Copies of the Certificate of Incorporation issued by Registrar of Companies and Articles of Association and Memorandum of Association and full address of the registered office. Registered Partnership Firm has to submit copies of Partnership Deed and Proof of Registration of Partnership Firm and full address of the registered office.

10 ‘Pre-Qualifying Criterion’ in 2.1 (3) in PART

28 The bidder should have made operating profit of at least ₹ Five Lakhs in each of

Modification Requested: "The bidder should have made




of 13

Sr.



–II (Eligibility Criteria)

the last three financial years (2013-14, 2014-15 and 2015-16)

operating profit of average ₹ Three Lakhs in the last three financial years (2013-14, 2014-15 and 2015-16)" OR We request you to change the years to (2014-15, 2015-16 and 2016-17)" and with provisional balance sheet certified by Chartered accounts to be considered


28 The Bidder should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Govt. organization (or Public Sector Bank) in India, for minimum period of 1 year within last 5 years.

i. Request you to modify this point by mentioning it as "Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt. or private organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years."

ii. Request you to modify this point - The Bidder/OEM should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Govt. organization (or Public Sector Bank) in India, for minimum period of 1 year within last 5 years

The Bidder should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Government organization / Central Public Sector Undertaking / Public Sector Financial Institution / Public Sector Insurance Company / Scheduled Commercial Bank in India, for minimum period of 1 year within last 5 years.

12 ‘Documents to be submitted’ in 2.1 (4) in PART –II

28 Whether the documents to be submitted for Client Eligibility should require Copy of Client Certification for successful

It is clarified that Certificate of successful completion and maintenance issued by Client is sufficient.



of 13

Sr.



(Eligibility Criteria)

completion and maintenance with name and contact details of signatory - both from OEM / Vendor or either?


29 Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt. organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years

Request you to modify this point by mentioning it as "centralised security solution for endpoint or AntiSpam or Mobile antimalware" rather than "centralised anti-virus solution" OR it should be "Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt. or private organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years

Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Government organization / Central Public Sector Undertaking / Public Sector Financial Institution / Public Sector Insurance Company / Scheduled Commercial Bank in India with sales and support from bidder, for minimum period of 1 year within last 5 years

14 ‘Documents to be submitted’ in 2.1 (5) in PART –II (Eligibility Criteria)

29 Whether the documents to be submitted for Client Eligibility should require Copy of Client Certification for successful completion and maintenance with name and contact details of signatory - both from OEM / Vendor or either?

It is clarified that Certificate of successful completion and maintenance issued by Client is sufficient.


29 The Antivirus solution product offered should be part of Leader’s quadrant in the latest Gartner Magic Quadrant for Endpoint Protection Platforms Report 2017.

We request you to relax this condition as it is not a regulatory requirement in India.


16 4.5 in Part –IV (Scope of Work) And

32 And

Although Bank desires antivirus solution for 4300 desktops / laptops, however, the actual number of installations may vary,

What will be the deviations in number and how it should be factored?

Deviation may be up to 1-2% of total number of installations within a period of three years.



of 13

Sr.



Point - 5 in Annexure H

77 at the sole discretion of the bank within the period of 3 years.

17 4.9 Sub-Clause (l) in Part –IV (Scope of Work) And Point - 9 in Annexure H (Sub-Point l)

34 And 78

l) Should support wireless devices such as Palm, Pocket PC, and EPOC at no extra cost

Kindly clarify regarding wireless device type and model nos for palm, pocket PC or EPOC devices.

The line referred here in Sub-Clause l) is modified as : l) Should support Operating System (OS) of portable wireless devices such as OS of PDA, tablet OS, mobile phone OS including android, ios , mobile OS built on linux, Windows mobile OS, etc.

18 4.12 in Part –IV (Scope of Work) And Point 12 in Annexure-H (Technical Requirements)

34 And 78

Successful Bidder shall be responsible for supply/ upgrade of latest Antivirus Enterprise Edition Security Suite for all versions of Windows OS covering Antivirus, Desktop Firewall, Intrusion Prevention System, Device control, Application control, Web protection, External media control, Host Integrity, Integrated repair, detection and removal tool for Malware, Antispyware, Anti-spam, Adware, Trojan/Worms, etc. All the tools / applications should be from single manufacturer’s product. This should be deployed in the desktops as a single client software.

Vulnerability Protection and Application Control may Need Separate Client. Requesting to modify this point where the endpoint security solution can be achieved by same manufacturer product but through different agents.

Successful Bidder shall be responsible for supply/ upgrade of latest Antivirus Enterprise Edition Security Suite for all versions of Windows OS covering Antivirus, Desktop Firewall, Intrusion Prevention System, Device control, Application control, Web protection, External media control, Host Integrity, Integrated repair, detection and removal tool for Malware, Antispyware, Anti-spam, Adware, Trojan/Worms, etc. All the tools / applications should be from single manufacturer’s product. This should be provided by one manufacturer and may be deployed in the desktops as client software manageable from Management Server(s) Console.

19 4.14 in Part–IV (Scope of Work) And Point 14 in Annexure-H

35 And 79

The bidder shall provide an active response to all virus related incidents that happen within the Bank and may have to visit the sites at own expense if the problem is not resolved centrally.

Does technical support cost on request (Call) basis includes for problems which not solve centrally?

The bidder shall provide an active response to all virus related incidents that happen within the Bank and may have to visit the sites at own expense if the problem is not resolved centrally. The Bidder has to provide one consolidated Cost for Support



of 13

Sr.



(Technical Requirements)

in Table B in Annexure – J. NABARD has Active Directory infrastructure and it is expected that the successful bidder (vendor) will resolve the problems in NABARD Offices from Head Office(HO) site by using Management Server or remote connection (to computer in Regional Office / Training Establishment).

20 4.17 in Part–IV (Scope of Work) And Point - 17 in Annexure H

35 And 79

All the above points are applicable in respect of all branches / offices of the Bank throughout the country.

Required location details of Bank’s RO, TE offices / Branches and Connectivity details of all users

It is clarified that providing location details is not necessary as Antivirus will be deployed centrally through WAN and Active Directory

21 4.18 in Part–IV (Scope of Work) And Point - 18 in Annexure H ( Technical Requirements)

35 And 79

The solution would be managed centrally using a web-based console that allows system monitoring, software updates, client configuration, and event reporting. The central site administrator should have the ability to manage the software at all levels of the network and have the ability to remotely deploy product updates and modifications to all users. The solution should support plug-in modules designed to add new security features without having to redeploy the entire solution, thereby reducing effort and time needed to deploy new security capabilities to clients and servers across the network. It should be possible to install all features (antivirus, anti-spyware, Enterprise Client Firewall and damage clean-up) at the same time via client deployment methods and to

Apart from Web Based console, we request you to consider MMC (Microsoft Managed Console) as well. MMC's biggest advantage is, is it independent of any protocol and browsers and works as an application lowering down the risk of browser based attacks. Request you to reframe it as "Web Based Console / MMC"

The solution would be managed centrally using a web-based console / MMC (Microsoft Management Console) that allows system monitoring, software updates, client configuration, and event reporting. The central site administrator should have the ability to manage the software at all levels of the network and have the ability to remotely deploy product updates and modifications to all users. The solution should support plug-in modules designed to add new security features without having to redeploy the entire solution, thereby reducing effort and time needed to deploy new security capabilities to clients and servers across the network. It should be possible to install all features (antivirus, anti-spyware, Enterprise Client Firewall and damage clean-up) at the same time via client deployment methods and to



of 13

Sr.



manage centrally via the web-based management console.

manage centrally via the web-based management console / MMC.

22 4.20 in Part–IV (Scope of Work) And Point 20 in Annexure-H ( Technical Requirements)

35 And 79

The solution should provide customized web based reports for easy interpretation.

Need clarification on "Web Based Reports". Would request to specify types of reports and reframe it as "Customized reports for easy interpretation"

The solution should provide customized reports for easy interpretation.


35 And 79

The central site management system must be capable of providing a daily report of found viruses, including locations and a report of incomplete or failed nodes updates for each location. These reports must be accessible by the network administrator at the Central Server.

Need Clarification on the daily reports based on location. The same can be achieved using Group based reporting where in every group would indicate a location to which a system belongs. Please correct our understanding

It is clarified that the requirement in this regard is unambiguous.


36 And 79

The solution should provide a secure Web-based management console to give administrators transparent access to all clients and servers on the network. It should provide customized web based reports for easy interpretation. It should also provide reports, that reflecting, the patch has been deployed. It should offer centrally managed Client Firewall and IDS and should also have virtual patching and it should be an automated process.

Need clarification on "Web Based Reports". Would request to specify types of reports and reframe it as "Customized reports for easy interpretation". Request to make Virtual Patching Generic and to reframe it as " and should also have Exploit prevention to prevent any attacks for any type of unpatched systems"

The solution should provide a secure Web-based management console/MMC to give administrators transparent access to all clients and servers on the network. It should provide customized reports for easy interpretation. It should also provide reports, reflecting, the patch has been deployed. It should offer centrally managed Client Firewall and IDS. The solution should offer virtual patching or mitigate vulnerabilities for any type of unpatched systems and it should be an automated process. The Solution should preferably support scanning on Client Computer for the purpose of discovering and protecting



of 13

Sr.



the existing vulnerabilities on the computer.


36 And 80

The solution should update a particular PC in a ROs/TEs office from Central server. All other PCs in the respective branch / office will get updates from that particular PC not from central server. One Computer will work as update agent/repository of the centralized server at the ROs/TEs level. This computer will get updates from the centralized server at off-working hours. All other computers installed at respective ROs/TEs offices will get updates from the agent/repository computer automatically in a scheduled time or as and when required through Local Area Network (LAN). Solution should have facility to update patches on scheduler basis & zone basis. The Client machine acting as update agent, thereby, delivering pattern updates to rest of the machines in the LAN, should have the capability to upgrade program upgrades also and no separate web server should be required. The antivirus Server should have the capability to assign a client the privilege to act as an update agent for rest of the agents in the network.

Need Clarification "patch updatation is a different solution altogether, request you not to add it into an End Point solution.

The Solution should be able to configure one Computer to work as update agent/repository of the centralized server at the ROs/TEs level. This computer will get updates from the centralized server at scheduled hours. All other computers installed at respective ROs/TEs offices will get updates from the agent/repository computer automatically in a scheduled time or as and when required through Local Area Network (LAN). Solution should have facility to provide update on scheduler basis & zone basis. The Client machine acting as update agent, thereby, delivering pattern updates to rest of the machines in the LAN, should have the capability to upgrade program upgrades also and no separate web server should be required. The antivirus Server should have the capability to assign a client the privilege to act as an update agent for rest of the agents in the network.

26 4.32 in Part–IV (Scope of Work) And

37 And 81

The Management Server should be able to block access to Network in endpoint where host integrity is compromised without requiring any additional client

Need Clarification on Host Integrity Check parameter

It is clarified that Vendor is required to indicate availability of feature in Technical Compliance Sheet (Annexure - H)



of 13

Sr.



Point 32 in Annexure-H ( Technical Requirements)

deployment, management or administration.

27 4.34 in Part–IV (Scope of Work) And Point-34 in Annexure-H ( Technical Requirements)

38 And 81

The scan engine of the protection software must employ “smart scanning” that provides scanning of only those emails which may contain viruses.

Request to make the Term ‘Smart Scanning’ generic.

The scan engine of the protection software must have feature to provide smart / agile scanning of only those emails which may contain viruses.


38 And 81

When a virus is detected in email or email attachments, the software must have the ability to automatically send notification to the email sender, recipient(s) and network administrator. Notification must include date and time of infection, location of server infected, infected file name, action taken on the infected file and recipient being infected.

Request you to modify this point by removing "email and email attachment" and the related sub point i.e. "email sender and recipient"

When a virus is detected, the software must have the ability to send notification to the user and network administrator. Notification must include date and time of infection, location of computer infected, infected file name, action taken on the infected file and recipient being infected.


38 And 81

The solution should provide the ability to remove virus and other malicious codes from desktops as well as repair of damage of the computer. It should have the facility of quarantine of virus affected file system. The Proposed Solution should support Backup and restore of Ransomware-encrypted files.

Backup and restore is not the solution to prevent ransomware attacks. Request you to reframe it to "Providing anti-ransomware protection and prevention against exploits" Note - Anti Ransomware should work on behaviour analysis and should not dependent on the file backup - restore methodology.

The solution should provide the ability to remove virus and other malicious codes from desktops as well as repair of damage of the computer. It should have the facility of quarantine of virus affected file system. The Proposed Solution should have feature to recover files damaged or encrypted by Ransomware.

30 4.43 in Part–IV (Scope of Work) And

39 And

The antivirus Management server should have role based administration with Active Directory integration. It should offer features to create custom role type

Need Clarification: Does location awareness means different policies for same set of users when in the office and outside office?

Request not acceded, original requirement to be fulfilled.



of 13

Sr.



Point -43 in Annexure H ( Technical Requirements)

81 and to add uses to a predefined role or to a custom role. The antivirus Management server should support grouping of clients into domains for easier administration. The antivirus Management server should provide Policy action based on location awareness and should allow establishing separate configuration for internally versus externally located machines. The Security Compliance feature in Solution may leverage Microsoft Active Directory services to determine the security status of the computers in the network.

Security being a prime concern, should be strict for the users irrespective of the users being inside or outside the network. Request you to make it Generic and dilute location awareness point

31 4.51 in Part–IV (Scope of Work) And Point -51 in Annexure H ( Technical Requirements)

The solution should be able to do the following: a) Terminating all known virus processes , exploit content and threats in memory b) Repairing the registry c) Deleting any drop files created by viruses d) Removing any Microsoft Windows services created by viruses e) Restoring all files damaged by viruses f) Includes Clean-up for Spyware, Adware etc.

Terminating all the processes might not be possible if the infections is using system process thread. Moreover, AV generally isolates the infected details into quarantine which can be deleted and cleaned as and when required. Request you to reframe it as "The solution should be able to block any sort of virus/malware/etc. in its early stage before infecting the system"

Request not accepted, original requirement to be fulfilled.


41 And 83

The antivirus solution should have CPU usage performance control during scanning. It should Check the CPU usage level configured on the Web console and the actual CPU consumption on the computer and should adjust the scanning speed if:

Request you to make it generic The antivirus solution may provide feature of System Utilization levels/ System Performance levels/ Resource Utilization levels/ Resource Performance levels (e.g., Low, Below Normal, Medium, Normal level) during scheduled scans on the Client End-Point and this level should be



of 13

Sr.



The CPU usage level is Medium or Low

Actual CPU consumption exceeds a certain threshold

configurable from the Management Server console.


41 And 83

The antivirus solution should provide Outbreak Prevention to limit/deny access to specific shared folders, block ports, and deny write access to specified files and folders on selected clients in case there is an outbreak. The antivirus solution should have a manual outbreak prevention feature that allows administrators to configure port blocking, block shared folder, and deny writes to files and folders manually. The solution should maintain Integrity of endpoints to ensure endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments with the ability to isolate a managed system that does not meet requirements.

Requesting to modify this point by "limit / deny access to shared folders" and to include "deny access to excutable compress file and mutex exclusion handling on malware process"

The antivirus solution should provide Outbreak Prevention to block specific ports, deny write access to specified files and folders and deny access to executable compress file on selected clients in case there is an outbreak. The antivirus solution should have a manual outbreak prevention feature that allows administrators to configure port blocking, block shared folder, and deny writes to files and folders manually. The solution should maintain Integrity of endpoints to ensure endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments with the ability to isolate a managed system that does not meet requirements.

34 4.56 in Part–IV (Scope of Work) And Point - 56 in Annexure H

42 And 83

The antivirus solution should safeguard endpoint mail boxes by scanning incoming POP3 email and Outlook folders for Threats.

The point refers to the requirement of Email Security. The feature has got dependencies on the connectivity, Protocol used and various parameters. Email security is full flegedly a part of Email Security solutions and should not be clubbed with the AV. More ever Nabard should already be using Email gateway for providing email security. Request you to make




of 13

Sr.



email security optional or availability as a dedicated solution


42 And 83

The antivirus solution should be able to manage both SaaS (Software as a Service) and on premise solution from the single management console.

Request you to make it generic The existing clause is generic, however, for clarity, it is clarified as under: The antivirus solution should be able to manage both On-premise and cloud users (users who are not regularly connected to Office WAN and are required to update antivirus through the Internet) console from Single Management Console.

36 5.2 47 The successful bidder/vendor shall, at his own expense, deposit with the Chief General Manager, Department of Information Technology, NABARD, Mumbai, within 15 days from the date of Purchase Order, an unconditional and irrevocable Performance Bank Guarantee, in format as per Annexure A, issued by any scheduled commercial bank equal to 10% of the order value valid for 42 months (36 Months+6 Months Claim Period) from the date of purchase order.

Request to change - If the contract is awarded, the Vendor shall furnish a Performance Bank Guarantee in the format as required by NABARD to the extent of 10% of the value of the contract within 15 days from the date of from the date of acceptance of the purchase contract/ Work Order


37 Sub-Clause 8 (Fall Clause) in Pre-Contract Integrity Pact ( Annexure-K)

8.1 The BIDDER undertakes that it has not supplied/s not supplying similar product/systems or sub systems at a price lower than that offered in the present bid in respect of any other Ministry/Department of the Government of India or PSU and it is found at any stage that similar product/systems or sub systems was supplied by the BIDDER to any other Ministry/Department of the

We request that this clause be deleted in its entirety as the pricing of the Bidder for similar products is based on several factors such as RFP terms, volume commitments and such other requirements, which may differ from Client to Client, and therefore it may not be possible to match the pricing between different clients.

Pre-Contract Integrity Pact has to be as per the format prescribed by Government of India. No dilutions / modifications are allowed.



of 13

Sr.



Government of India or a PSU at a lower price, then that very price, with due allowance for elapsed time, will be applicable to the present case and the difference in the cost would be refunded by the BIDDER to the BUYER, if the contract has already been concluded.

Clarification

Clause / Part Page Clarification

Table B in Annexure – J

88 The Bidder has to provide one total consolidated Cost for Support in Table B in Annexure – J. No breakup of Support Cost, apart from Tax Breakup, is required. If the bidder mentions per call charges, the bid will be invalid.

National Bank for Agriculture and Rural Development, Department … · 2018. 9. 22. ·...

Documents

Transcript of National Bank for Agriculture and Rural Development, Department … · 2018. 9. 22. ·...