REQUEST FOR PROPOSAL (RFP) FOR for... · Last Date of Pre-Bid Queries submission Pre Bid Meeting...
Transcript of REQUEST FOR PROPOSAL (RFP) FOR for... · Last Date of Pre-Bid Queries submission Pre Bid Meeting...
UNITED INDIA INSURANCE COMPANY LTD.
Department of Information Technology
HEAD OFFICE: 24, WHITES ROAD, CHENNAI – 600014
CIN: U93090TN1938GOI000108
Date of Publishing Tender Last Date of Pre-Bid Queries submission Pre Bid Meeting Date Last Date of Tender submission Date of Eligibility Bid Opening Event Tender form fees (Nonrefundable) Earnest Money Deposit Address for Communication and Submission of Bids
: 28/05/2019 : 04/06/2019 on or before 05:00 PM : 05/06/2019 at 03:00 PM : 19/06/2019 on or before 02:30 PM : 19/06/2019 at 03:00 PM : ₹5,000(Rupees Five Thousand Only) : ₹1,00,000 (Rupees One Lakh Only) : Chief Manager (IT) IT Department, First Floor, United India Insurance Company Ltd., HO, 24, Whites Road, Chennai-600014 Tel: 044-28599500 E-mail : [email protected]
REQUEST FOR PROPOSAL (RFP)
FOR
“APPOINTMENT OF AUDITOR FOR COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT”
TENDER NO: UIIC: HO: ITD: RFP: 132:2019-20
UIIC:HO:ITD:RFP:132:2019-20
Page 2 of 34
Table of Contents SECTION - I .................................................................................................................................................... 4
1 ABOUT THE COMPANY ..................................................................................................................... 4
2 PURPOSE OF THIS DOCUMENT ........................................................................................................ 4
3 CONTRACT PERIOD ........................................................................................................................... 4
4 IMPORTANT DATES .......................................................................................................................... 4
5 ELIGIBILITY CRITERIA ........................................................................................................................ 5
SECTION – II .................................................................................................................................................. 6
INSTRUCTIONS / GUIDELINES TO BIDDERS ................................................................................................. 6
1 TENDER OFFER .................................................................................................................................. 6
2 EARNEST MONEY DEPOSIT (E.M.D) ................................................................................................. 7
3 FORFEITURE OF E.M.D ...................................................................................................................... 7
4 REFUND OF E.M.D ............................................................................................................................ 7
5 THE COMPANY RESERVES THE RIGHT TO ........................................................................................ 7
6 REJECTION OF TENDERS ................................................................................................................... 8
7 VALIDITY OF TENDERS ...................................................................................................................... 8
8 SECURITY DEPOSIT ........................................................................................................................... 8
9 PRICE ................................................................................................................................................. 8
10 FORMAT AND SIGNING OF BID .................................................................................................... 8
11 PUBLICITY ...................................................................................................................................... 9
12 ROYALTIES AND PATENTS ............................................................................................................ 9
13 PENALTY CLAUSE .......................................................................................................................... 9
14 TERMINATION ............................................................................................................................ 10
15 INSOLVENCY ............................................................................................................................... 10
16 FORCE MAJEURE ......................................................................................................................... 10
17 DISPUTE RESOLUTION ................................................................................................................ 10
18 NO COMMITMENT TO ACCEPT LOWEST OR ANY OFFER .......................................................... 11
19 WAIVER ....................................................................................................................................... 11
20 GENERAL TERMS ......................................................................................................................... 11
21 CONTRACT / AGREEMENT .......................................................................................................... 12
22 PAYMENT TERMS ....................................................................................................................... 12
23 TIME PERIOD TO COMPLETE ACTIVITIES ................................................................................... 12
UIIC:HO:ITD:RFP:132:2019-20
Page 3 of 34
24 SUB-CONTRACTING .................................................................................................................... 13
SECTION – III ............................................................................................................................................... 14
SCOPE OF WORK ......................................................................................................................................... 14
1. LOCATION COVERED UNDER THE SCOPE ....................................................................................... 14
2. IT CURRENT STATE .......................................................................................................................... 14
3. VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VA/PT) OF APPLICATIONS AND
NETWORKS DEVICES (ANNUAL ACTIVITY – TO BE CONDUCTED AT THE START OF EACH YEAR OR AS
PER CONVENIENCE OF UIIC) ................................................................................................................... 15
4. INFORMATION SECURITY AUDIT TOOLS ........................................................................................ 17
5. COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT (ANNUAL ACTIVITY
– TO BE CONDUCTED AT THE START OF EACH YEAR OR AS PER CONVENIENCE OF UIIC) ................... 17
SECTION – IV ............................................................................................................................................... 18
ANNEXURE I - SELF DECLARATION BY BIDDER ...................................................................................... 18
ANNEXURE II - NO BLACKLISTING DECLARATION .................................................................................. 19
ANNEXURE III - ELIGIBILITY CRITERIA .................................................................................................... 20
ANNEXURE IV - TECHNICAL BID ............................................................................................................. 21
ANNEXURE V - FORMAT OF FINANCIAL BID .......................................................................................... 22
ANNEXURE VI - NON-DISCLOSURE AGREEMENT FORMAT ................................................................... 23
ANNEXURE VII - PERFORMANCE BANK GUARANTEE (PBG).................................................................. 28
ANNEXURE VIII - UNDERTAKING FOR NIL DEVIATIONS ........................................................................ 31
ANNEXURE IX: QUERIES FORMAT .......................................................................................................... 32
ANNEXURE X: FORMAT FOR LETTER OF AUTHORIZATION ................................................................... 33
ANNEXURE XI: CHECKLIST ...................................................................................................................... 34
UIIC:HO:ITD:RFP:132:2019-20
Page 4 of 34
SECTION - I
1 ABOUT THE COMPANY
United India Insurance Company Limited (UIIC) is a leading public sector General Insurance Company
transacting Non-Life Insurance business in India with Head Office at Chennai, 30 Regional Offices, 7 Large
Corporate and Brokers Cells and 2000+ Operating Offices geographically spread throughout India and has
nearly 16000 employees. United India Insurance Company Limited, hereinafter called “UIIC” or “The
Company”, which term or expression unless excluded by or repugnant to the context or the meaning
thereof, shall be deemed to include its successors and permitted assigns, issues this bid document,
hereinafter called Request for Proposal or RFP.
2 PURPOSE OF THIS DOCUMENT
The purpose of this RFP is to select a CERT-IN empaneled Auditor to conduct Comprehensive Information
and Cyber Security Assurance Audit as per guidelines issued by IRDAI dated 07th April, 2017 and all
amendments thereto. The selected bidder/ Auditor will also do vulnerability assessment and penetration
testing (VAPT) of the networked IT infrastructure & Applications of UIIC. It includes DC, NDR and DR site,
Network security architecture, Local Area network, remote access to UIIC’s network and other related
services more fully defined in the Scope of work specified in Section III. The selected bidder/ Auditor shall
engage with UIIC in identifying the gaps and assist, guide, develop and render expert advice to UIIC to
ensure that its information assets are adequately protected on a continuous basis from a variety of threats
such as error, fraud, cyber-attacks, embezzlement, sabotage, terror, extortion, espionage, privacy
violation, service interruption and natural disaster.
3 CONTRACT PERIOD
Bidder/ Auditor should provide services as defined under “Section III: Scope of Work” to UIIC for a period
of two (2) years.
4 IMPORTANT DATES
Event / Activity Date / Time
Publish of RFP /Tender 28.05.2019
Pre-bid Meeting 05.06.2019 at 03:00 PM
Last Date for receipt of queries*/ request for
clarification from bidders through email. No
queries will be accepted on telephone or
through any means other than e-mail
04.06.2019 on or before 05:00 PM
Last date for submission of Sealed Tender Bids 19.06.2019 on or before 02:30 PM
Opening of Eligibility Bid 19.06.2019 at 03:00 PM
Opening of Technical Bid To be intimated to eligible bidders
Opening of Financial Bids. To be intimated to technical qualified bidders
UIIC:HO:ITD:RFP:132:2019-20
Page 5 of 34
*Queries are to be submitted at E-mail: [email protected]. Clarifications on queries will be uploaded
on the UIIC website https://uiic.co.in/tender after last date of receipt of queries.
5 ELIGIBILITY CRITERIA
5.1 The bidder must be a Government Organisation / PSU/ PSE/ Partnership Firm/ LLP or Limited Company
existing in India.
5.2 The bidder should be empaneled with CERT-IN for the period 2019-2021.
5.3 The bidder should have at least two Audit Consultants who are CISA/CISSP qualified and should be
continuously part of the team that will conduct the audit at UIIC.
5.4 The bidder should not be providing IT related service(s) to UIIC currently and should not have
conducted IS Audit/ VAPT during the last 2 years (From Date of Issue of this RFP) for UIIC.
5.5 Undertaking on the official letter-head of the body corporate that the bidder has not been blacklisted
by any department or undertaking of the Government of India or any State Governments of India or
an Indian Public Sector Undertaking.
Documentary Evidence for Eligibility Criteria
5.1 Bidder should submit copy of certificate of incorporation.
5.2 Certificate of Empanelment with CERT-IN
5.3 All Relevant certificates/documents supporting basis laid out in pre-qualification criteria
5.4 Self-declaration on official letter head of the bidder as per Annexure-I.
5.5 Undertaking as per Annexure – II
Note: Bidder should submit supporting documents for fulfilling the eligibility criteria along with Annexure
– III. Bids from the bidders who do not qualify based on the above criteria will be rejected.
UIIC:HO:ITD:RFP:132:2019-20
Page 6 of 34
SECTION – II
INSTRUCTIONS / GUIDELINES TO BIDDERS
Note:
1. Tender Bidding Methodology: Sealed Bid System - 'Single Stage - Three Sealed Envelopes'
[Eligibility Criteria, Technical Bid, Commercial Bid].
2. The bidders are advised to submit the tender strictly based on the terms and conditions and
specifications contained in the RFP/ Tender document including amendments, if any, issued by
UIIC prior to submission of tender. The formats prescribed in the tender documents should be
scrupulously followed by the bidders. Tender bids that do not comply with the terms and
conditions are liable for rejection.
1 TENDER OFFER
1.1 The Tender Offer as indicated above addressed to Chief Manager, Information Technology
department shall be submitted at the Information Technology Department, First Floor, United
India Insurance Company Limited, Regd. & Head Office, No. 24 - Whites Road, Chennai - 600 014
on or before 02:30 PM on 19/06/2019. If the last date for submission of tenders happens to be a
holiday due to some unforeseen circumstances, then the tender can be submitted by 11AM on
the next working day.
1.2 A non-refundable tender document fee of Rs. 5,000/- (Rupees Ten Thousand Only) shall be
remitted through NEFT at least two days prior to the tender submission date to the below
account:
Beneficiary Name United India Insurance Company Ltd.
IFSC Code BOFA0CN6215 (Please distinguish alphabet O with 0 (Zero).
Account No UIIC000100
Bank Details Bank of America, 748, Anna Salai, Chennai 600 002.
Remarks FEEISEC<Depositors name>
1.3 All the bid covers would be opened by the Committee constituted by the Company in the presence
of bidders who are present at the address given above.
1.4 The bidder should provide commercial quote as per the format given in Annexure V - Commercial
Bid.
1.5 Cover A – Eligibility Bid should contain following documents:
a. Proof of Tender Fee (Non – Refundable)
b. Proof of EMD
c. Annexure III: Eligibility Criteria with supporting documents
d. Annexure X: Letter of Authorization
1.6 Cover B – Technical Bid should contain following documents:
a. Annexure III – Technical Bid with supporting documents
UIIC:HO:ITD:RFP:132:2019-20
Page 7 of 34
b. Copy of RFP, Corrigendum and Addendum published in the website
(https://uiic.co.in/tender) duly signed and stamped
c. Annexure VIII - Undertaking for NIL Deviation
1.7 Cover C – Commercial Bid should contain following document:
a. Annexure V - Commercial Bid
2 EARNEST MONEY DEPOSIT (E.M.D)
2.1 The intending bidders shall submit Electronic Credit for EMD of Rs. 1,00,000/- (Rupees One Lakh
Only).
2.2 The E.M.D shall be electronically credited to our Bank Account as given below:
Beneficiary Name United India Insurance Company Ltd.
IFSC Code BOFA0CN6215 (Please distinguish alphabet O with 0 (Zero).
Account No UIIC000100
Bank Details Bank of America, 748, Anna Salai, Chennai 600 002.
Remarks EMDISEC<Depositors name>
2.3 The EMD will not carry any interest.
2.4 The electronic credit should be affected positively on the day prior to the tender submission date.
3 FORFEITURE OF E.M.D
The EMD made by the bidder will be forfeited if:
3.1 The bidder withdraws the tender after acceptance.
3.2 The bidder withdraws the tender before the expiry of the validity period of the tender.
3.3 The bidder violates any of the provisions of the terms and conditions of this tender specification.
3.4 The successful bidder fails to furnish the required Performance Security within 21 days from the
date of receipt of LOA (Letter of Acceptance)
4 REFUND OF E.M.D
4.1 EMD will be refunded to the successful bidder, only after signing of the contract, furnishing of
Security Deposit by way of Bank Guarantee and release of Purchase Order.
4.2 In case of unsuccessful bidders, the EMD will be refunded to them at the earliest after expiry of
the final bid validity and latest on or before the 30th day after the award of the contract.
5 THE COMPANY RESERVES THE RIGHT TO
5.1 Accept / Reject any of the Tenders.
5.2 Revise the quantities at the time of placing the order.
5.3 Add, Modify, Relax or waive any of the conditions stipulated in the tender specification wherever
deemed necessary.
5.4 Reject any or all the tenders without assigning any reason thereof.
UIIC:HO:ITD:RFP:132:2019-20
Page 8 of 34
5.5 Award contracts to one or more bidders for the item/s covered by this tender.
6 REJECTION OF TENDERS
The tender is liable to be rejected interalia:
6.1 If it is not in conformity with the instructions mentioned herein,
6.2 If it is not accompanied by the requisite proof of tender document fee paid.
6.3 If it is not accompanied by the requisite proof of EMD paid.
6.4 If it is not properly signed by the bidder,
6.5 If it is received after the expiry of the due date and time,
6.6 If it is evasive or incomplete including non-furnishing the required documents.
6.7 If it is quoted for period less than the validity of tender.
6.8 If it is received from any blacklisted bidder or whose past experience is not satisfactory.
7 VALIDITY OF TENDERS
Tenders should be valid for acceptance for a period of at least 90 (Ninety) days from the last date of
tender submission. Offers with lesser validity period would be rejected.
8 SECURITY DEPOSIT
The successful tenderer will have to furnish a security deposit to the tune of 10% of the total order
value in the form of a Bank Guarantee for a period of sixty days beyond the completion of project
obtained from a nationalised/scheduled bank for proper fulfilment of the contract.
9 PRICE
9.1 The bidders should quote only the base price. All applicable taxes will be paid as actuals.
9.2 There shall be no escalation in the prices once the prices are fixed and agreed to by the Company
and the bidders. But, any benefit arising out of any subsequent reduction in the prices due to
reduction in duty & taxes after the prices are fixed and before the agreement should be passed
on to the Purchaser /Company.
9.3 All the items should be quoted in INR (Indian Rupees) only.
10 FORMAT AND SIGNING OF BID
10.1 Proposals submitted in response to this tender must be signed by (in all the pages) the
Authorized signatory of the Bidder’s organization as mentioned in Annexure X: Letter of
Authorization.
10.2 The bid shall be in A4 size papers, numbered with index and highlighted with technical
specification details and shall be signed by the Bidder or a person duly authorized to bind the
Bidder to the Contract.
10.3 Any interlineations, erasures or overwriting shall be valid only if the person signing the bid
counter signs them.
UIIC:HO:ITD:RFP:132:2019-20
Page 9 of 34
10.4 Bids should be spirally bound or fastened securely before submission. Bids submitted in loose
sheets will be rejected as non-compliant.
10.5 Bidders responding to this tender must comply with the format requirements given in various
annexure of the tender, bids submitted in any other format/type will be treated as non-
compliant and may be rejected.
10.6 ADDITIONAL INFORMATION: Include additional information which will be essential for better
understanding of the proposal. This might include diagrams, excerpts from manuals, or other
explanatory documentation, which would clarify and/or substantiate the bid. Any material
included here should be specifically referenced elsewhere in the bid.
10.7 GLOSSARY: Provide a glossary of all abbreviations, acronyms, and technical terms used to
describe the services or products proposed. This glossary should be provided even if these terms
are described or defined at their first use in the bid response.
10.8 The entire proposal should be in A4 size paper and neatly bind or filed accordingly.
11 PUBLICITY
Any publicity by the vendor in which the name of the Company is to be mentioned should be carried
out only with the prior and specific written approval from the Company. In case the vendor desires to
show any of the equipment to his customers, prior approval of the Company will have to be obtained
by him in writing.
12 ROYALTIES AND PATENTS
Any royalties or patents or the charges for the use or infringement thereof that may be involved in
the contract shall be included in the price. Bidder shall protect the Company against any claims
thereof.
13 PENALTY CLAUSE
In the event of delayed delivery of the deliverables (as mentioned in Section III: Scope of Work) bidder
shall be liable for penalty deduction at a percentage of the value of the payment due subject to a
maximum of 10% (ten percent) as detailed below:
@ 1% for delay up to one weeks;
@ 2.5% for delay up to two weeks;
@ 5% for delay up to three weeks;
@ 10% for delay for four weeks and above
For this clause, part of the week is considered as a full week.
UIIC:HO:ITD:RFP:132:2019-20
Page 10 of 34
14 TERMINATION
UIIC shall be entitled to terminate the agreement/purchase order with the Bidder at any time giving
30 days’ prior written notice to the Bidder if the Bidder breaches its obligations under the tender
document or the subsequent agreement/purchase order and if the breach is not cured within 15 days
from the date of notice.
15 INSOLVENCY
The Company may terminate the contract by giving written notice to the bidder without
compensation, if the vendor becomes bankrupt or otherwise insolvent, provided that such
termination will-not prejudice or affect any right of action or remedy which has accrued or will accrue
thereafter to the company.
16 FORCE MAJEURE
16.1 The parties shall not be liable for default or non-performance of the obligations under the
contract, if such default or non-performance of the obligations under this contract is caused by
Force Majeure.
16.2 For the purpose of this clause, “Force Majeure” shall mean an event beyond the control of the
parties, due to or as a result of or caused by acts of God, wars, insurrections, riots, earth quake
and fire, events not foreseeable but does not include any fault or negligence or carelessness on
the part of the parties, resulting in such a situation.
16.3 In the event of any such intervening Force Majeure, each party shall notify the other party in
writing of such circumstances and the cause thereof immediately within five calendar days.
Unless otherwise directed by the other party, the party pleading Force Majeure shall continue
to perform/render/discharge other obligations as far as they can reasonably be
attended/fulfilled and shall seek all reasonable alternative means for performance affected by
the Event of Force Majeure.
16.4 In such a case, the time for performance shall be extended by a period(s) not less than the
duration of such delay. If the duration of delay continues beyond a period of three months, the
parties shall hold consultations with each other in an endeavour to find a solution to the
problem. Notwithstanding the above, the decision of UIIC shall be final and binding on the
Bidder.
17 DISPUTE RESOLUTION
17.1 The bids and any contract resulting there from shall be governed by and construed according
to the Indian Laws.
17.2 All settlement of disputes or differences whatsoever, arising between the parties out of or in
connection to the construction, meaning and operation or effect of this Offer or in the discharge
of any obligation arising under this Offer (whether during the course of execution of the order
UIIC:HO:ITD:RFP:132:2019-20
Page 11 of 34
or after completion and whether before or after termination, abandonment or breach of the
Agreement) shall be resolved amicably between UIIC and the vendor’s representative.
17.3 In case of failure to resolve the disputes and differences amicably within 30 days of the receipt
of notice by the other party, then the same shall be resolved as follows:
17.4 "Any dispute or difference whatsoever arising between the parties out of or relating to the
construction, meaning, scope, operation or effect of this contract or the validity or the breach
thereof shall be settled by arbitration in accordance with the Rules of Arbitration of the Indian
Council of Arbitration and the award made in pursuance thereof shall be binding on the parties."
17.5 The venue of the arbitration shall be Chennai.
17.6 The language of arbitration shall be English.
17.7 The award shall be final and binding on both the parties.
17.8 Work under the contract shall be continued by the vendor during the arbitration proceedings
unless otherwise directed in writing by UIIC unless the matter is such that the work cannot
possibly be continued until the decision of the arbitrator is obtained. Save as those which are
otherwise explicitly provided in the contract, no payment due, or payable by UIIC, to the vendor
shall be withheld on account of the ongoing arbitration proceedings, if any, unless it is the
subject matter, or one of the subject matters thereof.
18 NO COMMITMENT TO ACCEPT LOWEST OR ANY OFFER
18.1 UIIC is under no obligation to accept the lowest or any other offer received in response to this
tender and reserves the right to reject any or all the offers including incomplete offers without
assigning any reason whatsoever.
18.2 UIIC reserves the right to make any changes in the terms and conditions of the tender. UIIC will
not be obliged to meet and have discussions with any Bidder or to entertain any
representations.
19 WAIVER
No failure or delay on the part of either party relating to the exercise of any right power privilege or
remedy provided under this RFP or subsequent agreement with the other party shall operate as a
waiver of such right power privilege or remedy or as a waiver of any preceding or succeeding breach
by the other party nor shall any single or partial exercise of any right power privilege or remedy
preclude any other or further exercise of such or any other right power privilege or remedy provided
in this RFP all of which are several and cumulative and are not exclusive of each other or of any other
rights or remedies otherwise available to either party at law or in equity.
20 GENERAL TERMS
20.1 The agreement shall be in force for a period of sixty days beyond the completion of project
from the date of issue of Purchase Order.
UIIC:HO:ITD:RFP:132:2019-20
Page 12 of 34
20.2 The successful bidder shall sign the agreement within 21 days from the date Letter of
Acceptance (LOA) from UIIC.
20.3 Any queries may be communicated through e-mail and response to query will be by return e-
mail/publish in UIIC website.
20.4 Addendum/Amendments/Corrigendum, if any, will be communicated through website only.
UIIC reserves the right to cancel the tender at any time without incurring any penalty or financial
obligation to any bidder.
20.5 UIIC is governed by provisions of the Public Procurement Policy for Micro and Small Enterprises
(MSEs) as circulated by The Ministry of MSME, GoI. The policy details are available on the
website www.dcmsme.gov.in
20.6 These provisions shall be applicable to Micro and Small Enterprises (MSEs) registered with
District Industries Centres or Khadi and Village Industries Commission or Khadi and Village
Industries Board or Coir Board or National Small Industries Corporation or Directorate of
Handicrafts and Handloom or any other body specified by Ministry of Micro, Small and Medium
Enterprises (MSMEs).
20.7 Such MSEs would be entitled for exemption from furnishing tender fee and earnest money
deposit (EMD). In case of any issue on the subject matter, the MSE’s may approach the tender
inviting authority to resolve their grievances.
21 CONTRACT / AGREEMENT
a. The contract/agreement between the Successful bidder and the Purchaser will be signed in accordance with all the terms and conditions mentioned in this tender document.
b. The successful bidder has to furnish two copies of the contract/agreement in a Rs. 100/- stamp paper, with all the above terms and conditions mentioned including the commercials. The draft of the contract/agreement will be shared to the successful bidder along with the LOA.
c. The successful bidder has to furnish the duly signed contract/agreement along with the security deposit/performance guarantee for UIIC’s counter signature within 21 days from the receipt of LOA.
22 PAYMENT TERMS
Payment terms shall be as follows: Half Yearly payments would be paid after each six months subject to completion of activities and satisfactory acceptance of the deliverables as mentioned in “Section III: scope of work”. The half yearly payment would be calculated by dividing the annual payment in two equal parts.
23 TIME PERIOD TO COMPLETE ACTIVITIES
S.No. Activity Period Time Period
1. Vulnerability Assessment and Penetration Testing of
Applications and Network Devices
Year 1 T1*+ 30 days
Year 2 T2* + 45 days
2. Comprehensive Information and Cyber Security Assurance Audit Year 1 T3*+ 30 days
UIIC:HO:ITD:RFP:132:2019-20
Page 13 of 34
Year 2 T4* + 45 days
*T1 is the date from which actual start of VAPT of Applications and Network devices in first year.
*T2 is the date from which actual start of Comprehensive Information and Cyber Security Assurance Audit
in first year.
*T3 is the date from which actual start of VAPT of Applications and Network devices in second year.
*T4 is the date from which actual start of Comprehensive Information and Cyber Security Assurance Audit
in second year.
The entire work has to be completed in accordance with the timeline mentioned above. Any extension of
the completion date due to unforeseen delays shall be by mutual consent and in writing.
If the Bidder fails to complete the assignment as per the time frame prescribed in this RFP, and the
extensions, if any allowed, such failure shall amount to breach of contract. In addition to the penalty which
UIIC is entitled to impose as per RFP, UIIC reserves its right to cancel the order in the event of delay and
invoke the Bank Guarantee.”
24 SUB-CONTRACTING
The successful bidder will not, without the written consent of UIIC, make any assignment or sub-contract
for the provision of any services hereby bid on.
UIIC:HO:ITD:RFP:132:2019-20
Page 14 of 34
SECTION – III
SCOPE OF WORK
1. LOCATION COVERED UNDER THE SCOPE
The IT systems present at the below mentioned locations would be part of the scope
S.No. Location
1. UIIC Head Office, Chennai
2. UIIC Data Center, Chennai*
3. DR Site, Hyderabad
4. NDR Site, Chennai*
5. UIIC Regional Offices, LCBs, HUBs and Operating Offices at PAN India
All the testing is to be conducted from UIIC HO located at Chennai for IT systems located at locations other
than at Chennai, HO. They are to be tested using remote connection. UIIC will facilitate the selected bidder
for setting up the remote connection.
*UIIC is in the process of co-location of Data Center & NDR: the selected bidder must consider new
location of Data Center in the scope.
2. IT CURRENT STATE
UIIC currently has following IT applications at present in the organization but not limited to: -
1. Genisys Configurator as the Core insurance system (policy issuance, underwriting, servicing
and claims administration)
2. Customer Portals
3. CSC Portals
4. Corporate Website
5. OEM Portal
6. Agent Portal
7. Grievance Portal
8. NEFT Portal
9. Web Service integration with OEMs, Brokers, Third Party Administrator (TPA), Web
Aggregators etc.
10. SAP FICO
11. SAP HRMS and Payroll
12. Eclipse (Reporting tool).
13. Oracle Business Intelligence Tool
14. Integrated Treasury Management System
15. Centralized Desktop Management System
16. Corporate Emailing System (IBM Domino)
UIIC:HO:ITD:RFP:132:2019-20
Page 15 of 34
17. Document Management System
18. Proxy Server
IT Systems Covered / Tentative Infrastructure for Audit
S.No. Particulars Details
1. Applications 100±50
2. Web Servers 100±50
3. Database Servers 100±50
4. Network Firewall 7
5. Network Switches 58
6. Routers 14
7. Core Switches 3
8. Proxy Server 1
9. Desktops 750
10. Laptops 110
Note: The final list will be shared with Successful bidder.
3. VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VA/PT) OF APPLICATIONS
AND NETWORKS DEVICES (ANNUAL ACTIVITY – TO BE CONDUCTED AT THE START OF
EACH YEAR OR AS PER CONVENIENCE OF UIIC)
The Vulnerable assessment and Penetration Testing (VAPT) for IT systems present at locations mentioned
in above:
VAPT would include the following but not limited to: -
Port scanning of the servers, network devices and security devices/applications.
Analysis and assessment of vulnerabilities.
Network traffic observation for important and confidential information like username, password
flowing in clear text.
Perform a comprehensive scan of all IP address ranges in use to determine what vulnerabilities
exist in the network devices and servers, and to review all responses to determine if any risks
exist.
Use vulnerability scanners to scan the critical/ network devices and servers to determine
vulnerability exists.
Search for back door traps in the Operating Systems.
Router testing, Firewall testing
Check for the known vulnerabilities in the Operating Systems, and applications like Browser, E-
Mail, Web Server, and VPN etc.
Use tools to perform a password scan to determine accounts that have passwords that are "easy"
to crack.
UIIC:HO:ITD:RFP:132:2019-20
Page 16 of 34
Test for the presence of unnecessary services/applications those are running on the network
devices/servers/workstations.
Exploitation of vulnerabilities (with UIIC’s permission)
The assessment/testing should check for various categories of threats including but not limited to:
I. Unauthorized access into the network and extent of such access possible
II. Unauthorized modifications to the network and traffic flowing over network
III. Extent of information disclosure from the network
IV. Spoofing of identity over the network
V. Possibility of denial of services
VI. Possible threats from malicious codes (viruses and worms etc.)
VII. Possibility of traffic route poisoning
In addition to above, Penetration testing is to be carried out based on the Open Web Application Security
Project (OWASP) Top Ten criteria as mentioned below but not limited to –
A1: Injection Flaws
A2: Broken Authentication and Session Management
A3: Sensitive Data Exposure
A4: XML External Entities (XXE)
A5: Broken Access Control
A6: Security Misconfiguration
A7: Cross-Site Scripting (XSS)
A8: Insecure Deserialization
A9: Using Components with Known Vulnerabilities
A10: Insufficient Logging & Monitoring
The security assessment should use the industry standard penetration test methodologies (like OSSTM)
and scanning techniques, and will focus on applications. The application tests should cover but not limited
to OWASP Top 10 attacks.
Deliverables: Individual report should be provided for various IT Systems location-wise and consolidated.
The Report should consist of an executive summary that expresses business risk and the technical nature
of the risk and its seriousness, and a technical report that includes findings and mitigation strategies in
full detail. Tools used for VAPT should also mentioned in the report.
UIIC:HO:ITD:RFP:132:2019-20
Page 17 of 34
4. INFORMATION SECURITY AUDIT TOOLS
The bidder must use at least two commercial information security auditing tool like Nessus Pro, Acunetix,
Burp Suite etc. besides freeware and proprietary tools.
5. COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT (ANNUAL
ACTIVITY – TO BE CONDUCTED AT THE START OF EACH YEAR OR AS PER CONVENIENCE
OF UIIC)
The scope of audit will cover, but it is not limited to following areas:
1. Policy, Procedures, Standard Practices, Organisation structure & other Government and Regulatory Requirements.
2. Enterprise Security
3. Information Asset Management
4. Physical and Environmental Security
5. Human Resource Security
6. System acquisition, development and maintenance
7. Information Security Risk Management
8. Data Security
9. Application Security
10. Cyber Security
11. Platform /Infrastructure Security
12. Network Security
13. Cryptography & Key Management
14. Security Logging & Monitoring
15. Incident Management
16. Endpoint Security
17. Virtualization
18. Cloud Security
19. Mobile Security
The Selected Bidder/ Auditor will provide Compliance Assessment Report / External Audit Completion
Report covering Data Centers (Primary Site, NDR and DR Site), UIIC Head Office and other offices with
respect to:
UIIC Information Security Policy
IRDAI Guidelines as Information & Cyber Security
Software License Compliance (DC, NDR & DR)
Any other legal requirement
Deliverables: Compliance Assessment Report / External Audit Completion Report
UIIC:HO:ITD:RFP:132:2019-20
Page 18 of 34
SECTION – IV
ANNEXURE I - SELF DECLARATION BY BIDDER (To be submitted on Company letter head)
DECLARATION FORM
I/We hereby solemnly declare that I/We have read and understood all the terms and conditions of the
RFP/ tender for “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance
Audit”. I/We agree to provide the support and services mentioned in the “SCOPE OF WORK” in Section III
of this RFP/ tender document.
I/We also declares that we are not be providing any IT related service(s) to UIIC currently and have not
conducted IS Audit/ VAPT during the last 2 years for UIIC.
Also, the price quoted by us in the financial bid for the “SCOPE OF WORK” in Section - III of this RFP/ tender
document is base price on body corporate, fixed price basis (including all duties, levies, out of pocket
expenses, travelling, lodging etc.) excluding applicable taxes.
Name in Block Letters:
Signature:
Designation:
Body Corporate’s Seal
Place:
Date
UIIC:HO:ITD:RFP:132:2019-20
Page 19 of 34
ANNEXURE II - NO BLACKLISTING DECLARATION (To be submitted in the Bidder's letter head)
Date: dd.mm.yyyy
To
The Chief Manager
Information Technology Department
United India Insurance Company Limited
Head Office, 24, Whites Road
Chennai – 600014
Subject: Submission of No Black Listing Self-Declaration for Tender Ref. No. UIIC: HO: ITD: RFP: 132:2019-
20 “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance Audit”
Dear Sir/Madam
We do hereby declare and affirm that we have not been blacklisted by Central / any State Government /
PSU’s or any regulatory bodies as on the date of bid submission.
Name in Block Letters:
Signature:
Designation:
Body Corporate’s Seal
Place:
Date
UIIC:HO:ITD:RFP:132:2019-20
Page 20 of 34
ANNEXURE III - ELIGIBILITY CRITERIA (To be submitted in the Bidder's letter head)
Sr. No. Particulars Supporting Documents Remarks (If
Any)
1. Name and Registered Address of Bidder
2. Phone no. with STD Code
3. Communication Address
4. Name of person(s) of contact with
telephone/ mobile numbers/ e-mail id
5. The bidder must be a Government
Organisation / PSU/ PSE/ Partnership Firm/
LLP or Limited Company existing in India.
copy of certificate of
incorporation
6. The bidder should be empaneled with CERT-
IN for the period 2019-2021
Certificate of
Empanelment with CERT-
IN
7. The bidder should have at least two Audit
Consultants who are CISA/CISSP qualified
and should be continuously part of the team
that will conduct the audit at UIIC
Relevant Certificates /
Documents
8. The bidder should have done Information
Security Audits of at least 3 Govt./ PSU
organisation in last two years
Copy of Credential Letters/
Purchase Order /
Engagement Letter /
Agreement signed
between the parties
9. The bidder should not be providing IT
related service(s) to UIIC currently and
should not have conducted IS Audit/ VAPT
during the last 2 years (From Date of Issue of
this RFP) for UIIC
Self-declaration on official
letter head of the bidder as
per Annexure-I
10. Undertaking on the official letter-head of
the body corporate that the bidder has not
been blacklisted by any department or
undertaking of the Government of India or
any State Governments of India or an Indian
Public Sector Undertaking
Undertaking as per
Annexure – II
UIIC:HO:ITD:RFP:132:2019-20
Page 21 of 34
ANNEXURE IV - TECHNICAL BID
Following documents are to be submitted:
Sr. No. Particulars
1. Detailed description of the Project Plan and implementation methodology
2. Details of Audit tools
3. Audit Team details such as name, qualifications, experience etc.
4. Detailed description of similar audits carried out by the bidder in terms of project scope,
duration, project size and client profile
5. Any Other supporting document
6. Information sought through various annexures
Note: The pages should be serially numbered with index.
UIIC:HO:ITD:RFP:132:2019-20
Page 22 of 34
ANNEXURE V - FORMAT OF FINANCIAL BID
Particulars Amount in Indian Rupees (All inclusive) in Rupees (In words)
Amount in Indian Rupees (All inclusive) in Rupees (In figures)
Charges for Section III: Scope of Work for First Year (F1)
Charges for Section III : Scope of Work for Second Year (F2)
Total Fees of Two years (F1+F2)
Note: -
Lowest bidder will be calculated based on summation of amount proposed for year 1 to 2 as mentioned in the table above.
The bid price for any year should not be more than 40% of the total bid price for two years.
The bidder should quote price inclusive of all expenses, duties, levies, out of pocket expenses, etc. but exclusive of applicable taxes.
The applicable taxes would be paid on actuals by UIIC. Further, we confirm that we will abide by all the terms and conditions contained in the Request for Proposal document Name in Block Letters:
Signature:
Designation:
Body Corporate’s Seal
Place:
Date
UIIC:HO:ITD:RFP:132:2019-20
Page 23 of 34
ANNEXURE VI - NON-DISCLOSURE AGREEMENT FORMAT This confidentiality and non-disclosure agreement is made on the....................day of...................., 20.....
BETWEEN (Bidder), (hereinafter to be referred to as “-------”) which expression shall unless repugnant to
the subject or the context mean and included its successors, nominees or assigns a company incorporated
under the Companies Act, 1956 and having its principal office at ....................(address).
AND UNITED INDIA INSURANCE COMPANY LIMITED (hereinafter to be called “UIIC”) which expression
shall unless repugnant to the subject or the context mean and included its successors, nominees or assigns
having its Registered Office at 24, Whites Road, Chennai - 600014 on the following terms and conditions:
WHEREAS, in the course of the business relationship between the aforesaid parties, both the parties
acknowledge that either party may have access to or have disclosed any information, which is of a
confidential nature, through any mode and recognize that there is a need to disclose to one another such
confidential information, of each party to be used only for the Business Purpose and to protect such
confidential information from unauthorized use and disclosure;
NOW THEREFORE, in consideration of the mutual promises contained herein, the adequacy and
sufficiency of which consideration is hereby acknowledged and agreed, the parties hereby agree as
follows: —
This Agreement shall apply to all confidential and proprietary information disclosed by one party to the
other party, including information included in the caption ‘Definitions’ of this Agreement and other
information which the disclosing party identifies in writing or otherwise as confidential before or within
thirty days after disclosure to the receiving party (“Confidential Information”). Information may be in any
form or medium, tangible or intangible, and may be communicated/disclosed in writing, orally,
electronically or through visual observation or by any other means to one party (the receiving party) by
the other party (the disclosing party).
1. DEFINITIONS
(a) CONFIDENTIAL INFORMATION means all the information of the Disclosing Party which is disclosed to
the Receiving party pursuant to the business arrangement whether oral or written or through visual
observation or in electronic mode and shall include but is not limited to trade secrets, know-how,
inventions, techniques, processes, plans, algorithms, software programs, source code, semiconductor
designs, schematic designs, business methods, customer lists, contacts, financial information, sales and
marketing plans techniques, schematics, designs, contracts, financial information, sales and marketing
plans, business plans, clients, client data, business affairs, operations, strategies, inventions,
methodologies, technologies, employees, subcontractors, the contents of any and all agreements,
subscription lists, customer lists, photo files, advertising materials, contract quotations, charity contracts,
documents, passwords, codes, computer programs, tapes, books, records, files and tax returns, data,
statistics, facts, figures, numbers, records, professionals employed, correspondence carried out with and
received from professionals such as Advocates, Solicitors, Barristers, Attorneys, Chartered Accountants,
Company Secretaries, Doctors, Auditors, Surveyors, Loss Assessors, Investigators, Forensic experts,
Scientists, Opinions, Reports, all matters coming within the purview of Privileged Communications as
contemplated under Indian Evidence Act, 1872, legal notices sent and received, Claim files, Insurance
UIIC:HO:ITD:RFP:132:2019-20
Page 24 of 34
policies, their rates, advantages, terms, conditions, exclusions, charges, correspondence from and with
clients/ customers or their representatives,, Proposal Forms, Claim-forms, Complaints, Suits, testimonies,
matters related to any enquiry, claim-notes, defences taken before a Court of Law, Judicial For a, Quasi-
judicial bodies, or any Authority, Commission, pricing, service proposals, methods of operations,
procedures, products and/ or services and business information of the Disclosing Party. The above
definition of Confidential Information applies to both parties equally; however in addition, without
limitation, where the Disclosing Party is the UIIC, no information that is exempted from disclosure under
section 8 or any other provision of Right to Information Act, 2005 shall at any time be disclosed by the
Receiving Party to any third party.
(b) MATERIALS means including without limitation, documents, drawings, models, apparatus, sketches,
designs and lists furnished to the Receiving Party by the Disclosing Party and any tangible embodiments
of the Disclosing Party’s Confidential Information created by the Receiving Party.
2. COVENANT NOT TO DISCLOSE
The Receiving Party will use the Disclosing Party’s Confidential Information solely to fulfill its obligations
as part of and in furtherance of the actual or potential business relationship with the Disclosing Party. The
Receiving Party shall not use the Confidential Information in any way that is directly or indirectly
detrimental to the Disclosing Party or its subsidiaries or affiliates, and shall not disclose the Confidential
Information to any unauthorized third party. The Receiving Party shall not disclose any Confidential
Information to any person
except to its employees, authorized agents, consultants and contractors on a need to know basis, who
have prior to the disclosure of or access to any such Confidential Information agreed in writing to receive
it under terms at least as restrictive as those specified in this Agreement.
In this regard, the agreement entered into between the Receiving Party and any such person/s shall be
forwarded to the Disclosing Party promptly thereafter. Prior to disclosing any Confidential Information to
such person/s, the Receiving Party shall inform them of the confidential nature of the information and
their obligation to refrain from disclosure of the Confidential Information. The Receiving party shall use
at least the same degree of care in safeguarding the Confidential Information as it uses or would use in
safeguarding its own Confidential Information, and shall take all steps necessary to protect the
Confidential Information from any unauthorized or inadvertent use. In no event shall the Receiving Party
take all reasonable measures that are lesser than the measures it uses for its own information of similar
type. The Receiving Party and its Representatives will immediately notify the Disclosing Party of any use
or disclosure of the Confidential Information that is not authorized by this Agreement. In particular, the
Receiving Party will immediately give notice in writing to the Disclosing Party of any unauthorized use or
disclosure of the Confidential Information and agrees to assist the Disclosing Party in remedying such
unauthorized use or disclosure of the Confidential Information.
The Receiving Party and its Representatives shall not disclose to any person including, without limitation
any corporation, sovereign, partnership, company, Association of Persons, entity or individual
(i) the fact that any investigations, discussions or negotiations are taking place concerning the actual or
potential business relationship between the parties,
(ii) that it has requested or received Confidential Information, or
UIIC:HO:ITD:RFP:132:2019-20
Page 25 of 34
(iii) any of the terms, conditions or any other fact about the actual or potential business relationship.
This confidentiality obligation shall not apply only to the extent that the Receiving Party can demonstrate
that:
(a) the Confidential Information of the Disclosing Party is, or properly became, at the time of disclosure,
part of the public domain, by publication or otherwise, except by breach of the provisions of this
Agreement; or
(b) was rightfully acquired by the Receiving Party or its Representatives prior to disclosure by the
Disclosing Party;
(c) was independently developed by Receiving Party or its Representatives without reference to the
Confidential Information; or
(d) the Confidential Information of the Disclosing Party is required to be disclosed by a Government
agency, is the subject of a subpoena or other legal or demand for disclosure; provided, however, that the
receiving party has given the disclosing party prompt written notice of such demand for disclosure and
the receiving party reasonably cooperates with the disclosing party's efforts to secure an appropriate
protective order prior to such disclosure.
(e) is disclosed with the prior consent of or was duly authorized in writing by the disclosing party.
3. RETURN OF THE MATERIALS
Upon the disclosing party's request, the receiving party shall either return to the disclosing party all
Information or shall certify to the disclosing party that all media containing Information have been
destroyed. Provided, however, that an archival copy of the Information may be retained in the files of the
receiving party's counsel, solely for the purpose of proving the contents of the Information.
4. OWNERSHIP OF CONFIDENTIAL INFORMATION
The Disclosing Party shall be deemed the owner of all Confidential Information disclosed by it or its agents
to the Receiving Party hereunder, including without limitation all patents, copyright, trademark, service
mark, trade secret and other proprietary rights and interests therein, and Receiving Party acknowledges
and agrees that nothing contained in this Agreement shall be construed as granting any rights to the
Receiving Party, by license or otherwise in or to any Confidential Information. Confidential Information is
provided “as is” with all faults.
By disclosing Information or executing this Agreement, the disclosing party does not grant any license,
explicitly or implicitly, under any trademark, patent, copyright, mask work protection right, trade secret
or any other intellectual property right.
In no event shall the Disclosing Party be liable for the accuracy or completeness of the Confidential
Information. THE DISCLOSING PARTY DISCLAIMS ALL WARRANTIES REGARDING THE INFORMATION,
INCLUDING ALL WARRANTIES WITH RESPECT TO INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS
AND ALL WARRANTIES AS TO THE ACCURACY OR UTILITY OF SUCH INFORMATION. Execution of this
Agreement and the disclosure of Information pursuant to this Agreement does not constitute or imply
UIIC:HO:ITD:RFP:132:2019-20
Page 26 of 34
any commitment, promise, or inducement by either party to make any purchase or sale, or to enter into
any additional agreement of any kind.
5. REMEDIES FOR BREACH OF CONFIDENTIALITY
1. The Receiving Party agrees and acknowledges that Confidential Information is owned solely by
the disclosing party (or its licensors) and that any unauthorized disclosure of any Confidential Information
prohibited herein or any breach of the provisions herein may result in an irreparable harm and significant
injury and damage to the Disclosing Party which may be difficult to ascertain and not be adequately
compensable in terms of monetary damages. The Disclosing Party will have no adequate remedy at law
thereof, and that the Disclosing Party may, in addition to all other remedies available to it at law or in
equity, be entitled to obtain timely preliminary, temporary or permanent mandatory or restraining
injunctions, orders or decrees as may be necessary to protect the Disclosing Party against, or on account
of, any breach by the Receiving Party of the provisions contained herein, and the Receiving Party agrees
to reimburse the reasonable legal fees and other costs incurred by Disclosing Party in enforcing the
provisions of this Agreement apart from paying damages with interest at the market rate prevalent on
the date of breach to the Disclosing Party.
2. The Receiving Party agrees and acknowledges that any disclosure, misappropriation, conversion or
dishonest use of the said Confidential Information shall, in addition to the remedies mentioned above,
make the Receiving Party criminally liable for Breach of Trust under section 405 of the Indian Penal Code.
6. TERM
This Agreement shall be effective on the first date written above and shall continue in full force and effect
at all times thereafter. This Agreement shall however apply to Confidential Information disclosed by the
Disclosing Party to the Receiving Party prior to, as well as after the effective date hereof. The Receiving
Party acknowledges and agrees that the termination of any agreement and relationship with the
Disclosing Party shall not in any way affect the obligations of the Receiving Party in not disclosing of
Confidential Information of the Disclosing Party set forth herein. The obligation of non-disclosure of
Confidential Information shall bind both parties, and also their successors, nominees and assignees,
perpetually.
7. GOVERNING LAW & JURISDICTION
This Agreement shall be governed by and construed with solely in accordance with the laws of India in
every particular, including formation and interpretation without regard to its conflicts of law provisions.
Any proceedings arising out of or in connection with this Agreement shall be brought only before the
Courts of competent jurisdiction in Chennai.
8. ENTIRE AGREEMENT
This Agreement sets forth the entire agreement and understanding between the parties as to the subject-
matter of this Agreement and supersedes all prior or simultaneous representations, discussions, and
UIIC:HO:ITD:RFP:132:2019-20
Page 27 of 34
negotiations whether oral or written or electronic. This Agreement may be amended or supplemented
only by a writing that is signed by duly authorized representatives of both parties.
9. WAIVER
No term or provision hereof will be considered waived by either party and no breach excused by the
Disclosing Party, unless such waiver or consent is in writing signed by or on behalf of duly Constituted
Attorney of the Disclosing Party. No consent or waiver whether express or implied of a breach by the
Disclosing Party will constitute consent to the waiver of or excuse of any other or different or subsequent
breach by the Receiving Party.
10. SEVERABILITY
If any provision of this Agreement is found invalid or unenforceable, that part will be amended to achieve
as nearly as possible the same economic or legal effect as the original provision and the remainder of this
Agreement will remain in full force.
11. NOTICES
Any notice provided for or permitted under this Agreement will be treated as having been given when (a)
delivered personally, or (b) sent by confirmed telecopy, or (c) sent by commercial overnight courier with
written verification of receipt, or (d) mailed postage prepaid by certified or registered mail, return receipt
requested, or (e) by electronic mail, to the party to be notified, at the address set forth below or at such
other place of which the other party has been
notified in accordance with the provisions of this clause. Such notice will be treated as having been
received upon actual receipt or five days after posting. Provided always that notices to the UIIC shall be
served on the Information Technology Department of the Company’s Head Office at Chennai and a CC
thereof be earmarked to the concerned Branch, Divisional or Regional Office as the case may be by RPAD
& email.
IN WITNESS WHEREOF THE PARTIES HERE TO have set and subscribed their respective hands and seals
the day and year herein above mentioned.
a) SIGNED SEALED & DELIVERED BY THE b) SIGNED SEALED & DELIVERED BY THE WITHIN NAMED
INSURANCE COMPANY WITHIN NAMED (BIDDER)
Deputy General Manager
_______________________________ _________________________________
In the presence of In the presence of
Witnesses:1 _______________ Witnesses:1 _______________
Witnesses:2 _______________ Witnesses:2 _______________
UIIC:HO:ITD:RFP:132:2019-20
Page 28 of 34
ANNEXURE VII - PERFORMANCE BANK GUARANTEE (PBG) To be executed by the selected bidder
(To be executed on a non-judicial stamp paper of Rs.100/-)
To,
United India Insurance Company Limited,
Reg. & Head Office: 24, Whites Road,
Chennai - 600014
In consideration of the United India Insurance Company Limited, having its Registered Office at “24,
Whites Road, Chennai - 600014, (hereinafter referred to as ‘UIIC’, which expression shall, unless it be
repugnant to the meaning and context thereof, include its successors, authorized agents, representatives
and permitted assigns) having entered into an Agreement dated …………. for Appointment of Consultant
for Conducting Information Security Audit (which agreement is hereinafter referred to as “the said
Agreement” ) with………… (the selected Bidder’s name and address) (hereinafter referred to as "the
selected Bidder”, which expression shall, unless it be repugnant to the meaning and context thereof,
include its successors, authorized agents, representatives and permitted assigns) and the selected Bidder,
having agreed to provide a guarantee for its performance in the form of an unconditional, irrevocable and
continuing Performance Bank Guarantee as per the terms and conditions of the Request for Proposal
dated …….. (hereinafter referred to as “the RFP”) and the said Agreement, for the due fulfillment by the
selected Bidder of the terms and conditions contained in the RFP and the said Agreement,
1. We, __________________________________ (Name of the bank and full address) (hereinafter
referred to as "the Bank") at the request of the selected Bidder do hereby undertake to pay to UIIC an
amount not exceeding Rs.______- (Rupees _______________________________) at any time against any
losses, damages, costs, charges and expenses caused to or suffered by UIIC by reason of any breach
committed by the selected Bidder of any of the terms and conditions contained in the RFP and the said
Agreement.
2. We, __________________________________ (Name of the bank and full address) do hereby
undertake to pay the amounts due and payable under this performance bank guarantee without any
demur, merely on a demand from UIIC stating that the amounts claimed is due by way of loss or damage
caused to or would be caused to or suffered by UIIC by reason of breach by Selected Bidder of any of the
terms and conditions contained in the RFP and the said Agreement or by reason of the Selected Bidder’s
failure to perform its obligations under the RFP and the said Agreement. Any such demand made on the
Bank shall be conclusive as regards the amount due and payable by the Bank under this performance bank
guarantee. However, our liability under this guarantee shall be restricted to an amount not exceeding
Rs.___________/- (Rupees ________________only).
3. We ____________________________ (Name of the bank and full address) undertake to pay to UIIC
any money so demanded notwithstanding any dispute or dispute raised by the Selected Bidder in any suit
or proceeding pending before any Court or Tribunal relating to the said Agreement or this Performance
bank guarantee our liability under this guarantee being absolute and unequivocal.
UIIC:HO:ITD:RFP:132:2019-20
Page 29 of 34
The Payment so made by us under this performance bank guarantee shall be a valid discharge of our
liability for payment hereunder and the Selected Bidder shall have no claim against us for making such
payment.
4. We, ____________________________ (Name of the bank and full address) further agree that this
performance bank guarantee shall remain in full force and effect during the entire tenure of the said
Agreement till 60 days after all the contractual obligations of the Selected Bidder including warranty
obligations are completed and all the dues of UIIC under or by virtue of the said Agreement have been
fully paid and its claim authorities satisfied or discharged by the said Selected Bidder.
Unless a claim or demand under this performance bank guarantee is made or presented to the Bank within
six months from the expiry of this Performance Bank Guarantee, all the rights of UIIC under this guarantee
shall cease and the Bank shall be released and discharged from all liability hereunder.
5. We, ___________________ (Name of the bank and full address) further agree with UIIC that UIIC shall
have the fullest liberty without our consent and without affecting in any manner our obligations
hereunder to vary any of the terms and conditions of the said Agreement or to extend time of
performance of the Selected Bidder under the said Agreement or from time to time to postpone for any
time the powers exercised by UIIC against the Selected Bidder and to forbear or enforce any of the terms
and conditions relating to said Agreement and we shall not be relieved from our liability by reason of any
variation, or extension being granted by the UIIC to the Selected Bidder or by any such matter or thing
whatsoever which under the law relating to sureties would but for this provision, have effect of so
relieving us.
6. Any claim which we, _____________________________________________ (Name of the bank and full
address) may have against the Selected Bidder shall be subject and subordinate to the prior payment and
performance in full of all our obligations hereunder. The Bank will not, without prior written consent of
UIIC , exercise any legal right or remedy of any kind in respect of any such payment or performance so
long as the Bank’s obligations hereunder remain owing and outstanding, regardless of the insolvency,
liquidation or bankruptcy of the Selected Bidder or otherwise howsoever. We, the Bank, will not counter
claim or set off against its liabilities to UIIC hereunder any sum outstanding to the credit of UIIC with it
7. This performance bank guarantee will not be discharged due to the change in the continuation of the
Bank or the Selected Bidder.
8. We, _________________________ (Name of the bank and full address) undertake not to revoke this
performance bank guarantee during its currency except with the previous consent of UIIC in writing.
9. Notwithstanding anything contained herein:-
1. Our liability under this Performance Bank Guarantee shall not exceed Rs.________/- (Rupees
____________________only).
2. This Performance Bank Guarantee shall be valid upto 60 days after all contractual obligations of the
Bidder including warranty obligations are completed
3. We are liable to pay the guaranteed amount or any part thereof under this Performance Bank
Guarantee only and only if UIIC serves upon us a written claim or demand within six months from the
expiry date of this Performance Bank Guarantee.
10. Our obligation to pay hereunder is as principal debtor and not as surety and it shall not be necessary
for UIIC “to proceed against” the Selected Bidder “before proceeding against” the Bank and this
Performance Bank Guarantee shall be enforceable against the Bank notwithstanding any other security
UIIC:HO:ITD:RFP:132:2019-20
Page 30 of 34
which UIIC may have obtained or may obtain from the Selected Bidder at the time when proceedings are
taken against the said Bank in any manner whatsoever.
11. This Performance Bank Guarantee shall come into force immediately and shall be valid upto 60 days
after all contractual obligations of the Bidder including warranty obligations are completed.
12. We have the power to issue this Performance Bank Guarantee in favor of UIIC and the undersigned
who are executing this Performance Bank Guarantee have the necessary power to do so on behalf of the
Bank.
Date: ………day of …... 2019 for ___________________________ (Name of the bank)
(Signature of the authorized officer of the Bank)
Name and designation of the officer
Seal, name & address of the Bank
Witnesses:
1……………………………………..............
2………..…………………………………
UIIC:HO:ITD:RFP:132:2019-20
Page 31 of 34
ANNEXURE VIII - UNDERTAKING FOR NIL DEVIATIONS (To be submitted on Company letter head)
To
The Chief Manager,
I.T. Department, First Floor,
Regd. & Head Office 24,
Whites Road, Chennai – 600 014
Subject: Undertaking for Nil Deviations for Tender Ref. No. UIIC: HO: ITD: RFP: 132:2019-20 “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance Audit”
Dear Sir/Madam,
There are no deviations (nil deviations) from the terms and conditions of the tender. All the terms and conditions of the tender are acceptable to us.
Name in Block Letters:
Signature:
Designation:
Body Corporate’s Seal
Place:
Date
UIIC:HO:ITD:RFP:132:2019-20
Page 32 of 34
ANNEXURE IX: QUERIES FORMAT
Sr No
Bidder Name
Page No(tender Ref)
Clause(tender Ref) Description in the tender (tender Ref)
Query
1
2
Note: The queries may be communicated only through e-mail to email id [email protected]. Responses of queries will be uploaded in UIIC website or emailed to concerned bidder. No queries will be accepted on telephone or through any means other than e-mail. The queries shall be send in .xls/.xlsx format with above fields only.
UIIC:HO:ITD:RFP:132:2019-20
Page 33 of 34
ANNEXURE X: FORMAT FOR LETTER OF AUTHORIZATION (To be submitted in the Bidder's letter head)
To
The Chief Manager
Information Technology Department
United India Insurance Company Limited
Head Office, 24, Whites Road
Chennai - 600014
LETTER OF AUTHORISATION FOR ATTENDING BID OPENING for Tender No: UIIC: HO: ITD: RFP: 132:2019-
20
The following persons are hereby authorized to attend the bid opening on _____________(date) in the
tender for “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance
Audit” on behalf of M/S_______________________ (Name of the Bidder) in the order of preference given
below:
Order of Preference Name Designation Specimen Signature
I
(Name in Block Letters:
Signature:
Designation:
Body Corporate’s Seal
Place:
Date
1. One person can be authorized for attending the bid opening.
2. Permission for entry to the hall where bids are opened may be refused in case authorization as
prescribed above is not submitted.
UIIC:HO:ITD:RFP:132:2019-20
Page 34 of 34
ANNEXURE XI: CHECKLIST
S.No. Document Enclosed
1. Cover A : Eligibility Bid
Proof of Tender Fee (Non-Refundable)
Proof of EMD
Annexure III: Eligibility Criteria along with Supporting Documents
Annexure V: Format for Letter of Authorization
2. Cover B : Technical Bid
Annexure III – Technical Bid with supporting documents
Copy of RFP published in the website (https://uiic.co.in/tender) duly
signed and stamped
Annexure VIII: Undertaking for NIL Deviation
3. Cover C : Commercial Bid
Annexure V: Commercial Bid
--------OOO--------