REQUEST FOR PROPOSAL (RFP) FOR for... · Last Date of Pre-Bid Queries submission Pre Bid Meeting...

UNITED INDIA INSURANCE COMPANY LTD.

Department of Information Technology

HEAD OFFICE: 24, WHITES ROAD, CHENNAI – 600014

CIN: U93090TN1938GOI000108

Date of Publishing Tender Last Date of Pre-Bid Queries submission Pre Bid Meeting Date Last Date of Tender submission Date of Eligibility Bid Opening Event Tender form fees (Nonrefundable) Earnest Money Deposit Address for Communication and Submission of Bids

: 28/05/2019 : 04/06/2019 on or before 05:00 PM : 05/06/2019 at 03:00 PM : 19/06/2019 on or before 02:30 PM : 19/06/2019 at 03:00 PM : ₹5,000(Rupees Five Thousand Only) : ₹1,00,000 (Rupees One Lakh Only) : Chief Manager (IT) IT Department, First Floor, United India Insurance Company Ltd., HO, 24, Whites Road, Chennai-600014 Tel: 044-28599500 E-mail : [email protected]

REQUEST FOR PROPOSAL (RFP)

FOR

“APPOINTMENT OF AUDITOR FOR COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT”

TENDER NO: UIIC: HO: ITD: RFP: 132:2019-20

mailto:[email protected]

UIIC:HO:ITD:RFP:132:2019-20

of 34

Table of Contents SECTION - I .................................................................................................................................................... 4

1 ABOUT THE COMPANY ..................................................................................................................... 4

2 PURPOSE OF THIS DOCUMENT ........................................................................................................ 4

3 CONTRACT PERIOD ........................................................................................................................... 4

4 IMPORTANT DATES .......................................................................................................................... 4

5 ELIGIBILITY CRITERIA ........................................................................................................................ 5

SECTION – II .................................................................................................................................................. 6

INSTRUCTIONS / GUIDELINES TO BIDDERS ................................................................................................. 6

1 TENDER OFFER .................................................................................................................................. 6

2 EARNEST MONEY DEPOSIT (E.M.D) ................................................................................................. 7

3 FORFEITURE OF E.M.D ...................................................................................................................... 7

4 REFUND OF E.M.D ............................................................................................................................ 7

5 THE COMPANY RESERVES THE RIGHT TO ........................................................................................ 7

6 REJECTION OF TENDERS ................................................................................................................... 8

7 VALIDITY OF TENDERS ...................................................................................................................... 8

8 SECURITY DEPOSIT ........................................................................................................................... 8

9 PRICE ................................................................................................................................................. 8

10 FORMAT AND SIGNING OF BID .................................................................................................... 8

11 PUBLICITY ...................................................................................................................................... 9

12 ROYALTIES AND PATENTS ............................................................................................................ 9

13 PENALTY CLAUSE .......................................................................................................................... 9

14 TERMINATION ............................................................................................................................ 10

15 INSOLVENCY ............................................................................................................................... 10

16 FORCE MAJEURE ......................................................................................................................... 10

17 DISPUTE RESOLUTION ................................................................................................................ 10

18 NO COMMITMENT TO ACCEPT LOWEST OR ANY OFFER .......................................................... 11

19 WAIVER ....................................................................................................................................... 11

20 GENERAL TERMS ......................................................................................................................... 11

21 CONTRACT / AGREEMENT .......................................................................................................... 12

22 PAYMENT TERMS ....................................................................................................................... 12

23 TIME PERIOD TO COMPLETE ACTIVITIES ................................................................................... 12


of 34

24 SUB-CONTRACTING .................................................................................................................... 13

SECTION – III ............................................................................................................................................... 14

SCOPE OF WORK ......................................................................................................................................... 14

1. LOCATION COVERED UNDER THE SCOPE ....................................................................................... 14

2. IT CURRENT STATE .......................................................................................................................... 14

3. VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VA/PT) OF APPLICATIONS AND

NETWORKS DEVICES (ANNUAL ACTIVITY – TO BE CONDUCTED AT THE START OF EACH YEAR OR AS

PER CONVENIENCE OF UIIC) ................................................................................................................... 15

4. INFORMATION SECURITY AUDIT TOOLS ........................................................................................ 17

5. COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT (ANNUAL ACTIVITY

– TO BE CONDUCTED AT THE START OF EACH YEAR OR AS PER CONVENIENCE OF UIIC) ................... 17

SECTION – IV ............................................................................................................................................... 18

ANNEXURE I - SELF DECLARATION BY BIDDER ...................................................................................... 18

ANNEXURE II - NO BLACKLISTING DECLARATION .................................................................................. 19

ANNEXURE III - ELIGIBILITY CRITERIA .................................................................................................... 20

ANNEXURE IV - TECHNICAL BID ............................................................................................................. 21

ANNEXURE V - FORMAT OF FINANCIAL BID .......................................................................................... 22

ANNEXURE VI - NON-DISCLOSURE AGREEMENT FORMAT ................................................................... 23

ANNEXURE VII - PERFORMANCE BANK GUARANTEE (PBG).................................................................. 28

ANNEXURE VIII - UNDERTAKING FOR NIL DEVIATIONS ........................................................................ 31

ANNEXURE IX: QUERIES FORMAT .......................................................................................................... 32

ANNEXURE X: FORMAT FOR LETTER OF AUTHORIZATION ................................................................... 33

ANNEXURE XI: CHECKLIST ...................................................................................................................... 34


of 34

SECTION - I

1 ABOUT THE COMPANY

United India Insurance Company Limited (UIIC) is a leading public sector General Insurance Company

transacting Non-Life Insurance business in India with Head Office at Chennai, 30 Regional Offices, 7 Large

Corporate and Brokers Cells and 2000+ Operating Offices geographically spread throughout India and has

nearly 16000 employees. United India Insurance Company Limited, hereinafter called “UIIC” or “The

Company”, which term or expression unless excluded by or repugnant to the context or the meaning

thereof, shall be deemed to include its successors and permitted assigns, issues this bid document,

hereinafter called Request for Proposal or RFP.

2 PURPOSE OF THIS DOCUMENT

The purpose of this RFP is to select a CERT-IN empaneled Auditor to conduct Comprehensive Information

and Cyber Security Assurance Audit as per guidelines issued by IRDAI dated 07th April, 2017 and all

amendments thereto. The selected bidder/ Auditor will also do vulnerability assessment and penetration

testing (VAPT) of the networked IT infrastructure & Applications of UIIC. It includes DC, NDR and DR site,

Network security architecture, Local Area network, remote access to UIIC’s network and other related

services more fully defined in the Scope of work specified in Section III. The selected bidder/ Auditor shall

engage with UIIC in identifying the gaps and assist, guide, develop and render expert advice to UIIC to

ensure that its information assets are adequately protected on a continuous basis from a variety of threats

such as error, fraud, cyber-attacks, embezzlement, sabotage, terror, extortion, espionage, privacy

violation, service interruption and natural disaster.

3 CONTRACT PERIOD

Bidder/ Auditor should provide services as defined under “Section III: Scope of Work” to UIIC for a period

of two (2) years.

4 IMPORTANT DATES

Event / Activity Date / Time

Publish of RFP /Tender 28.05.2019

Pre-bid Meeting 05.06.2019 at 03:00 PM

Last Date for receipt of queries*/ request for

clarification from bidders through email. No

queries will be accepted on telephone or

through any means other than e-mail

04.06.2019 on or before 05:00 PM

Last date for submission of Sealed Tender Bids 19.06.2019 on or before 02:30 PM

Opening of Eligibility Bid 19.06.2019 at 03:00 PM

Opening of Technical Bid To be intimated to eligible bidders

Opening of Financial Bids. To be intimated to technical qualified bidders


of 34

*Queries are to be submitted at E-mail: [email protected]. Clarifications on queries will be uploaded

on the UIIC website https://uiic.co.in/tender after last date of receipt of queries.

5 ELIGIBILITY CRITERIA

5.1 The bidder must be a Government Organisation / PSU/ PSE/ Partnership Firm/ LLP or Limited Company

existing in India.

5.2 The bidder should be empaneled with CERT-IN for the period 2019-2021.

5.3 The bidder should have at least two Audit Consultants who are CISA/CISSP qualified and should be

continuously part of the team that will conduct the audit at UIIC.

5.4 The bidder should not be providing IT related service(s) to UIIC currently and should not have

conducted IS Audit/ VAPT during the last 2 years (From Date of Issue of this RFP) for UIIC.

5.5 Undertaking on the official letter-head of the body corporate that the bidder has not been blacklisted

by any department or undertaking of the Government of India or any State Governments of India or

an Indian Public Sector Undertaking.

Documentary Evidence for Eligibility Criteria

5.1 Bidder should submit copy of certificate of incorporation.

5.2 Certificate of Empanelment with CERT-IN

5.3 All Relevant certificates/documents supporting basis laid out in pre-qualification criteria

5.4 Self-declaration on official letter head of the bidder as per Annexure-I.

5.5 Undertaking as per Annexure – II

Note: Bidder should submit supporting documents for fulfilling the eligibility criteria along with Annexure

– III. Bids from the bidders who do not qualify based on the above criteria will be rejected.

[email protected]

https://uiic.co.in/tender


of 34

SECTION – II

INSTRUCTIONS / GUIDELINES TO BIDDERS

Note:

1. Tender Bidding Methodology: Sealed Bid System - 'Single Stage - Three Sealed Envelopes'

[Eligibility Criteria, Technical Bid, Commercial Bid].

2. The bidders are advised to submit the tender strictly based on the terms and conditions and

specifications contained in the RFP/ Tender document including amendments, if any, issued by

UIIC prior to submission of tender. The formats prescribed in the tender documents should be

scrupulously followed by the bidders. Tender bids that do not comply with the terms and

conditions are liable for rejection.

1 TENDER OFFER

1.1 The Tender Offer as indicated above addressed to Chief Manager, Information Technology

department shall be submitted at the Information Technology Department, First Floor, United

India Insurance Company Limited, Regd. & Head Office, No. 24 - Whites Road, Chennai - 600 014

on or before 02:30 PM on 19/06/2019. If the last date for submission of tenders happens to be a

holiday due to some unforeseen circumstances, then the tender can be submitted by 11AM on

the next working day.

1.2 A non-refundable tender document fee of Rs. 5,000/- (Rupees Ten Thousand Only) shall be

remitted through NEFT at least two days prior to the tender submission date to the below

account:

Beneficiary Name United India Insurance Company Ltd.

IFSC Code BOFA0CN6215 (Please distinguish alphabet O with 0 (Zero).

Account No UIIC000100

Bank Details Bank of America, 748, Anna Salai, Chennai 600 002.

Remarks FEEISEC<Depositors name>

1.3 All the bid covers would be opened by the Committee constituted by the Company in the presence

of bidders who are present at the address given above.

1.4 The bidder should provide commercial quote as per the format given in Annexure V - Commercial

Bid.

1.5 Cover A – Eligibility Bid should contain following documents:

a. Proof of Tender Fee (Non – Refundable)

b. Proof of EMD

c. Annexure III: Eligibility Criteria with supporting documents

d. Annexure X: Letter of Authorization

1.6 Cover B – Technical Bid should contain following documents:

a. Annexure III – Technical Bid with supporting documents


of 34

b. Copy of RFP, Corrigendum and Addendum published in the website

(https://uiic.co.in/tender) duly signed and stamped

c. Annexure VIII - Undertaking for NIL Deviation

1.7 Cover C – Commercial Bid should contain following document:

a. Annexure V - Commercial Bid

2 EARNEST MONEY DEPOSIT (E.M.D)

2.1 The intending bidders shall submit Electronic Credit for EMD of Rs. 1,00,000/- (Rupees One Lakh

Only).

2.2 The E.M.D shall be electronically credited to our Bank Account as given below:

Beneficiary Name United India Insurance Company Ltd.

IFSC Code BOFA0CN6215 (Please distinguish alphabet O with 0 (Zero).

Account No UIIC000100

Bank Details Bank of America, 748, Anna Salai, Chennai 600 002.

Remarks EMDISEC<Depositors name>

2.3 The EMD will not carry any interest.

2.4 The electronic credit should be affected positively on the day prior to the tender submission date.

3 FORFEITURE OF E.M.D

The EMD made by the bidder will be forfeited if:

3.1 The bidder withdraws the tender after acceptance.

3.2 The bidder withdraws the tender before the expiry of the validity period of the tender.

3.3 The bidder violates any of the provisions of the terms and conditions of this tender specification.

3.4 The successful bidder fails to furnish the required Performance Security within 21 days from the

date of receipt of LOA (Letter of Acceptance)

4 REFUND OF E.M.D

4.1 EMD will be refunded to the successful bidder, only after signing of the contract, furnishing of

Security Deposit by way of Bank Guarantee and release of Purchase Order.

4.2 In case of unsuccessful bidders, the EMD will be refunded to them at the earliest after expiry of

the final bid validity and latest on or before the 30th day after the award of the contract.

5 THE COMPANY RESERVES THE RIGHT TO

5.1 Accept / Reject any of the Tenders.

5.2 Revise the quantities at the time of placing the order.

5.3 Add, Modify, Relax or waive any of the conditions stipulated in the tender specification wherever

deemed necessary.

5.4 Reject any or all the tenders without assigning any reason thereof.



of 34

5.5 Award contracts to one or more bidders for the item/s covered by this tender.

6 REJECTION OF TENDERS

The tender is liable to be rejected interalia:

6.1 If it is not in conformity with the instructions mentioned herein,

6.2 If it is not accompanied by the requisite proof of tender document fee paid.

6.3 If it is not accompanied by the requisite proof of EMD paid.

6.4 If it is not properly signed by the bidder,

6.5 If it is received after the expiry of the due date and time,

6.6 If it is evasive or incomplete including non-furnishing the required documents.

6.7 If it is quoted for period less than the validity of tender.

6.8 If it is received from any blacklisted bidder or whose past experience is not satisfactory.

7 VALIDITY OF TENDERS

Tenders should be valid for acceptance for a period of at least 90 (Ninety) days from the last date of

tender submission. Offers with lesser validity period would be rejected.

8 SECURITY DEPOSIT

The successful tenderer will have to furnish a security deposit to the tune of 10% of the total order

value in the form of a Bank Guarantee for a period of sixty days beyond the completion of project

obtained from a nationalised/scheduled bank for proper fulfilment of the contract.

9 PRICE

9.1 The bidders should quote only the base price. All applicable taxes will be paid as actuals.

9.2 There shall be no escalation in the prices once the prices are fixed and agreed to by the Company

and the bidders. But, any benefit arising out of any subsequent reduction in the prices due to

reduction in duty & taxes after the prices are fixed and before the agreement should be passed

on to the Purchaser /Company.

9.3 All the items should be quoted in INR (Indian Rupees) only.

10 FORMAT AND SIGNING OF BID

10.1 Proposals submitted in response to this tender must be signed by (in all the pages) the

Authorized signatory of the Bidder’s organization as mentioned in Annexure X: Letter of

Authorization.

10.2 The bid shall be in A4 size papers, numbered with index and highlighted with technical

specification details and shall be signed by the Bidder or a person duly authorized to bind the

Bidder to the Contract.

10.3 Any interlineations, erasures or overwriting shall be valid only if the person signing the bid

counter signs them.


of 34

10.4 Bids should be spirally bound or fastened securely before submission. Bids submitted in loose

sheets will be rejected as non-compliant.

10.5 Bidders responding to this tender must comply with the format requirements given in various

annexure of the tender, bids submitted in any other format/type will be treated as non-

compliant and may be rejected.

10.6 ADDITIONAL INFORMATION: Include additional information which will be essential for better

understanding of the proposal. This might include diagrams, excerpts from manuals, or other

explanatory documentation, which would clarify and/or substantiate the bid. Any material

included here should be specifically referenced elsewhere in the bid.

10.7 GLOSSARY: Provide a glossary of all abbreviations, acronyms, and technical terms used to

describe the services or products proposed. This glossary should be provided even if these terms

are described or defined at their first use in the bid response.

10.8 The entire proposal should be in A4 size paper and neatly bind or filed accordingly.

11 PUBLICITY

Any publicity by the vendor in which the name of the Company is to be mentioned should be carried

out only with the prior and specific written approval from the Company. In case the vendor desires to

show any of the equipment to his customers, prior approval of the Company will have to be obtained

by him in writing.

12 ROYALTIES AND PATENTS

Any royalties or patents or the charges for the use or infringement thereof that may be involved in

the contract shall be included in the price. Bidder shall protect the Company against any claims

thereof.

13 PENALTY CLAUSE

In the event of delayed delivery of the deliverables (as mentioned in Section III: Scope of Work) bidder

shall be liable for penalty deduction at a percentage of the value of the payment due subject to a

maximum of 10% (ten percent) as detailed below:

@ 1% for delay up to one weeks;

@ 2.5% for delay up to two weeks;

@ 5% for delay up to three weeks;

@ 10% for delay for four weeks and above

For this clause, part of the week is considered as a full week.


of 34

14 TERMINATION

UIIC shall be entitled to terminate the agreement/purchase order with the Bidder at any time giving

30 days’ prior written notice to the Bidder if the Bidder breaches its obligations under the tender

document or the subsequent agreement/purchase order and if the breach is not cured within 15 days

from the date of notice.

15 INSOLVENCY

The Company may terminate the contract by giving written notice to the bidder without

compensation, if the vendor becomes bankrupt or otherwise insolvent, provided that such

termination will-not prejudice or affect any right of action or remedy which has accrued or will accrue

thereafter to the company.

16 FORCE MAJEURE

16.1 The parties shall not be liable for default or non-performance of the obligations under the

contract, if such default or non-performance of the obligations under this contract is caused by

Force Majeure.

16.2 For the purpose of this clause, “Force Majeure” shall mean an event beyond the control of the

parties, due to or as a result of or caused by acts of God, wars, insurrections, riots, earth quake

and fire, events not foreseeable but does not include any fault or negligence or carelessness on

the part of the parties, resulting in such a situation.

16.3 In the event of any such intervening Force Majeure, each party shall notify the other party in

writing of such circumstances and the cause thereof immediately within five calendar days.

Unless otherwise directed by the other party, the party pleading Force Majeure shall continue

to perform/render/discharge other obligations as far as they can reasonably be

attended/fulfilled and shall seek all reasonable alternative means for performance affected by

the Event of Force Majeure.

16.4 In such a case, the time for performance shall be extended by a period(s) not less than the

duration of such delay. If the duration of delay continues beyond a period of three months, the

parties shall hold consultations with each other in an endeavour to find a solution to the

problem. Notwithstanding the above, the decision of UIIC shall be final and binding on the

Bidder.

17 DISPUTE RESOLUTION

17.1 The bids and any contract resulting there from shall be governed by and construed according

to the Indian Laws.

17.2 All settlement of disputes or differences whatsoever, arising between the parties out of or in

connection to the construction, meaning and operation or effect of this Offer or in the discharge

of any obligation arising under this Offer (whether during the course of execution of the order


of 34

or after completion and whether before or after termination, abandonment or breach of the

Agreement) shall be resolved amicably between UIIC and the vendor’s representative.

17.3 In case of failure to resolve the disputes and differences amicably within 30 days of the receipt

of notice by the other party, then the same shall be resolved as follows:

17.4 "Any dispute or difference whatsoever arising between the parties out of or relating to the

construction, meaning, scope, operation or effect of this contract or the validity or the breach

thereof shall be settled by arbitration in accordance with the Rules of Arbitration of the Indian

Council of Arbitration and the award made in pursuance thereof shall be binding on the parties."

17.5 The venue of the arbitration shall be Chennai.

17.6 The language of arbitration shall be English.

17.7 The award shall be final and binding on both the parties.

17.8 Work under the contract shall be continued by the vendor during the arbitration proceedings

unless otherwise directed in writing by UIIC unless the matter is such that the work cannot

possibly be continued until the decision of the arbitrator is obtained. Save as those which are

otherwise explicitly provided in the contract, no payment due, or payable by UIIC, to the vendor

shall be withheld on account of the ongoing arbitration proceedings, if any, unless it is the

subject matter, or one of the subject matters thereof.

18 NO COMMITMENT TO ACCEPT LOWEST OR ANY OFFER

18.1 UIIC is under no obligation to accept the lowest or any other offer received in response to this

tender and reserves the right to reject any or all the offers including incomplete offers without

assigning any reason whatsoever.

18.2 UIIC reserves the right to make any changes in the terms and conditions of the tender. UIIC will

not be obliged to meet and have discussions with any Bidder or to entertain any

representations.

19 WAIVER

No failure or delay on the part of either party relating to the exercise of any right power privilege or

remedy provided under this RFP or subsequent agreement with the other party shall operate as a

waiver of such right power privilege or remedy or as a waiver of any preceding or succeeding breach

by the other party nor shall any single or partial exercise of any right power privilege or remedy

preclude any other or further exercise of such or any other right power privilege or remedy provided

in this RFP all of which are several and cumulative and are not exclusive of each other or of any other

rights or remedies otherwise available to either party at law or in equity.

20 GENERAL TERMS

20.1 The agreement shall be in force for a period of sixty days beyond the completion of project

from the date of issue of Purchase Order.


of 34

20.2 The successful bidder shall sign the agreement within 21 days from the date Letter of

Acceptance (LOA) from UIIC.

20.3 Any queries may be communicated through e-mail and response to query will be by return e-

mail/publish in UIIC website.

20.4 Addendum/Amendments/Corrigendum, if any, will be communicated through website only.

UIIC reserves the right to cancel the tender at any time without incurring any penalty or financial

obligation to any bidder.

20.5 UIIC is governed by provisions of the Public Procurement Policy for Micro and Small Enterprises

(MSEs) as circulated by The Ministry of MSME, GoI. The policy details are available on the

website www.dcmsme.gov.in

20.6 These provisions shall be applicable to Micro and Small Enterprises (MSEs) registered with

District Industries Centres or Khadi and Village Industries Commission or Khadi and Village

Industries Board or Coir Board or National Small Industries Corporation or Directorate of

Handicrafts and Handloom or any other body specified by Ministry of Micro, Small and Medium

Enterprises (MSMEs).

20.7 Such MSEs would be entitled for exemption from furnishing tender fee and earnest money

deposit (EMD). In case of any issue on the subject matter, the MSE’s may approach the tender

inviting authority to resolve their grievances.

21 CONTRACT / AGREEMENT

a. The contract/agreement between the Successful bidder and the Purchaser will be signed in accordance with all the terms and conditions mentioned in this tender document.

b. The successful bidder has to furnish two copies of the contract/agreement in a Rs. 100/- stamp paper, with all the above terms and conditions mentioned including the commercials. The draft of the contract/agreement will be shared to the successful bidder along with the LOA.

c. The successful bidder has to furnish the duly signed contract/agreement along with the security deposit/performance guarantee for UIIC’s counter signature within 21 days from the receipt of LOA.

22 PAYMENT TERMS

Payment terms shall be as follows: Half Yearly payments would be paid after each six months subject to completion of activities and satisfactory acceptance of the deliverables as mentioned in “Section III: scope of work”. The half yearly payment would be calculated by dividing the annual payment in two equal parts.

23 TIME PERIOD TO COMPLETE ACTIVITIES

S.No. Activity Period Time Period

1. Vulnerability Assessment and Penetration Testing of

Applications and Network Devices

Year 1 T1*+ 30 days

Year 2 T2* + 45 days

2. Comprehensive Information and Cyber Security Assurance Audit Year 1 T3*+ 30 days

http://www.dcmsme.gov.in/


of 34

Year 2 T4* + 45 days

*T1 is the date from which actual start of VAPT of Applications and Network devices in first year.

*T2 is the date from which actual start of Comprehensive Information and Cyber Security Assurance Audit

in first year.

*T3 is the date from which actual start of VAPT of Applications and Network devices in second year.

*T4 is the date from which actual start of Comprehensive Information and Cyber Security Assurance Audit

in second year.

The entire work has to be completed in accordance with the timeline mentioned above. Any extension of

the completion date due to unforeseen delays shall be by mutual consent and in writing.

If the Bidder fails to complete the assignment as per the time frame prescribed in this RFP, and the

extensions, if any allowed, such failure shall amount to breach of contract. In addition to the penalty which

UIIC is entitled to impose as per RFP, UIIC reserves its right to cancel the order in the event of delay and

invoke the Bank Guarantee.”

24 SUB-CONTRACTING

The successful bidder will not, without the written consent of UIIC, make any assignment or sub-contract

for the provision of any services hereby bid on.


of 34

SECTION – III

SCOPE OF WORK

1. LOCATION COVERED UNDER THE SCOPE

The IT systems present at the below mentioned locations would be part of the scope

S.No. Location

1. UIIC Head Office, Chennai

2. UIIC Data Center, Chennai*

3. DR Site, Hyderabad

4. NDR Site, Chennai*

5. UIIC Regional Offices, LCBs, HUBs and Operating Offices at PAN India

All the testing is to be conducted from UIIC HO located at Chennai for IT systems located at locations other

than at Chennai, HO. They are to be tested using remote connection. UIIC will facilitate the selected bidder

for setting up the remote connection.

*UIIC is in the process of co-location of Data Center & NDR: the selected bidder must consider new

location of Data Center in the scope.

2. IT CURRENT STATE

UIIC currently has following IT applications at present in the organization but not limited to: -

1. Genisys Configurator as the Core insurance system (policy issuance, underwriting, servicing

and claims administration)

2. Customer Portals

3. CSC Portals

4. Corporate Website

5. OEM Portal

6. Agent Portal

7. Grievance Portal

8. NEFT Portal

9. Web Service integration with OEMs, Brokers, Third Party Administrator (TPA), Web

Aggregators etc.

10. SAP FICO

11. SAP HRMS and Payroll

12. Eclipse (Reporting tool).

13. Oracle Business Intelligence Tool

14. Integrated Treasury Management System

15. Centralized Desktop Management System

16. Corporate Emailing System (IBM Domino)


of 34

17. Document Management System

18. Proxy Server

IT Systems Covered / Tentative Infrastructure for Audit

S.No. Particulars Details

1. Applications 100±50

2. Web Servers 100±50

3. Database Servers 100±50

4. Network Firewall 7

5. Network Switches 58

6. Routers 14

7. Core Switches 3

8. Proxy Server 1

9. Desktops 750

10. Laptops 110

Note: The final list will be shared with Successful bidder.

3. VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VA/PT) OF APPLICATIONS

AND NETWORKS DEVICES (ANNUAL ACTIVITY – TO BE CONDUCTED AT THE START OF

EACH YEAR OR AS PER CONVENIENCE OF UIIC)

The Vulnerable assessment and Penetration Testing (VAPT) for IT systems present at locations mentioned

in above:

VAPT would include the following but not limited to: -

Port scanning of the servers, network devices and security devices/applications.

Analysis and assessment of vulnerabilities.

Network traffic observation for important and confidential information like username, password

flowing in clear text.

Perform a comprehensive scan of all IP address ranges in use to determine what vulnerabilities

exist in the network devices and servers, and to review all responses to determine if any risks

exist.

Use vulnerability scanners to scan the critical/ network devices and servers to determine

vulnerability exists.

Search for back door traps in the Operating Systems.

Router testing, Firewall testing

Check for the known vulnerabilities in the Operating Systems, and applications like Browser, E-

Mail, Web Server, and VPN etc.

Use tools to perform a password scan to determine accounts that have passwords that are "easy"

to crack.


of 34

Test for the presence of unnecessary services/applications those are running on the network

devices/servers/workstations.

Exploitation of vulnerabilities (with UIIC’s permission)

The assessment/testing should check for various categories of threats including but not limited to:

I. Unauthorized access into the network and extent of such access possible

II. Unauthorized modifications to the network and traffic flowing over network

III. Extent of information disclosure from the network

IV. Spoofing of identity over the network

V. Possibility of denial of services

VI. Possible threats from malicious codes (viruses and worms etc.)

VII. Possibility of traffic route poisoning

In addition to above, Penetration testing is to be carried out based on the Open Web Application Security

Project (OWASP) Top Ten criteria as mentioned below but not limited to –

A1: Injection Flaws

A2: Broken Authentication and Session Management

A3: Sensitive Data Exposure

A4: XML External Entities (XXE)

A5: Broken Access Control

A6: Security Misconfiguration

A7: Cross-Site Scripting (XSS)

A8: Insecure Deserialization

A9: Using Components with Known Vulnerabilities

A10: Insufficient Logging & Monitoring

The security assessment should use the industry standard penetration test methodologies (like OSSTM)

and scanning techniques, and will focus on applications. The application tests should cover but not limited

to OWASP Top 10 attacks.

Deliverables: Individual report should be provided for various IT Systems location-wise and consolidated.

The Report should consist of an executive summary that expresses business risk and the technical nature

of the risk and its seriousness, and a technical report that includes findings and mitigation strategies in

full detail. Tools used for VAPT should also mentioned in the report.


of 34

4. INFORMATION SECURITY AUDIT TOOLS

The bidder must use at least two commercial information security auditing tool like Nessus Pro, Acunetix,

Burp Suite etc. besides freeware and proprietary tools.

5. COMPREHENSIVE INFORMATION AND CYBER SECURITY ASSURANCE AUDIT (ANNUAL

ACTIVITY – TO BE CONDUCTED AT THE START OF EACH YEAR OR AS PER CONVENIENCE

OF UIIC)

The scope of audit will cover, but it is not limited to following areas:

1. Policy, Procedures, Standard Practices, Organisation structure & other Government and Regulatory Requirements.

2. Enterprise Security

3. Information Asset Management

4. Physical and Environmental Security

5. Human Resource Security

6. System acquisition, development and maintenance

7. Information Security Risk Management

8. Data Security

9. Application Security

10. Cyber Security

11. Platform /Infrastructure Security

12. Network Security

13. Cryptography & Key Management

14. Security Logging & Monitoring

15. Incident Management

16. Endpoint Security

17. Virtualization

18. Cloud Security

19. Mobile Security

The Selected Bidder/ Auditor will provide Compliance Assessment Report / External Audit Completion

Report covering Data Centers (Primary Site, NDR and DR Site), UIIC Head Office and other offices with

respect to:

UIIC Information Security Policy

IRDAI Guidelines as Information & Cyber Security

Software License Compliance (DC, NDR & DR)

Any other legal requirement

Deliverables: Compliance Assessment Report / External Audit Completion Report


of 34

SECTION – IV

ANNEXURE I - SELF DECLARATION BY BIDDER (To be submitted on Company letter head)

DECLARATION FORM

I/We hereby solemnly declare that I/We have read and understood all the terms and conditions of the

RFP/ tender for “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance

Audit”. I/We agree to provide the support and services mentioned in the “SCOPE OF WORK” in Section III

of this RFP/ tender document.

I/We also declares that we are not be providing any IT related service(s) to UIIC currently and have not

conducted IS Audit/ VAPT during the last 2 years for UIIC.

Also, the price quoted by us in the financial bid for the “SCOPE OF WORK” in Section - III of this RFP/ tender

document is base price on body corporate, fixed price basis (including all duties, levies, out of pocket

expenses, travelling, lodging etc.) excluding applicable taxes.

Name in Block Letters:

Signature:

Designation:

Body Corporate’s Seal

Place:

Date


of 34

ANNEXURE II - NO BLACKLISTING DECLARATION (To be submitted in the Bidder's letter head)

Date: dd.mm.yyyy

To

The Chief Manager

Information Technology Department

United India Insurance Company Limited

Head Office, 24, Whites Road

Chennai – 600014

Subject: Submission of No Black Listing Self-Declaration for Tender Ref. No. UIIC: HO: ITD: RFP: 132:2019-

20 “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance Audit”

Dear Sir/Madam

We do hereby declare and affirm that we have not been blacklisted by Central / any State Government /

PSU’s or any regulatory bodies as on the date of bid submission.


Signature:

Designation:


Place:

Date


of 34

ANNEXURE III - ELIGIBILITY CRITERIA (To be submitted in the Bidder's letter head)

Sr. No. Particulars Supporting Documents Remarks (If

Any)

1. Name and Registered Address of Bidder

2. Phone no. with STD Code

3. Communication Address

4. Name of person(s) of contact with

telephone/ mobile numbers/ e-mail id

5. The bidder must be a Government

Organisation / PSU/ PSE/ Partnership Firm/

LLP or Limited Company existing in India.

copy of certificate of

incorporation

6. The bidder should be empaneled with CERT-

IN for the period 2019-2021

Certificate of

Empanelment with CERT-

IN

7. The bidder should have at least two Audit

Consultants who are CISA/CISSP qualified

and should be continuously part of the team

that will conduct the audit at UIIC

Relevant Certificates /

Documents

8. The bidder should have done Information

Security Audits of at least 3 Govt./ PSU

organisation in last two years

Copy of Credential Letters/

Purchase Order /

Engagement Letter /

Agreement signed

between the parties

9. The bidder should not be providing IT

related service(s) to UIIC currently and

should not have conducted IS Audit/ VAPT

during the last 2 years (From Date of Issue of

this RFP) for UIIC

Self-declaration on official

letter head of the bidder as

per Annexure-I

10. Undertaking on the official letter-head of

the body corporate that the bidder has not

been blacklisted by any department or

undertaking of the Government of India or

any State Governments of India or an Indian

Public Sector Undertaking

Undertaking as per

Annexure – II


of 34

ANNEXURE IV - TECHNICAL BID

Following documents are to be submitted:

Sr. No. Particulars

1. Detailed description of the Project Plan and implementation methodology

2. Details of Audit tools

3. Audit Team details such as name, qualifications, experience etc.

4. Detailed description of similar audits carried out by the bidder in terms of project scope,

duration, project size and client profile

5. Any Other supporting document

6. Information sought through various annexures

Note: The pages should be serially numbered with index.


of 34

ANNEXURE V - FORMAT OF FINANCIAL BID

Particulars Amount in Indian Rupees (All inclusive) in Rupees (In words)

Amount in Indian Rupees (All inclusive) in Rupees (In figures)

Charges for Section III: Scope of Work for First Year (F1)

Charges for Section III : Scope of Work for Second Year (F2)

Total Fees of Two years (F1+F2)

Note: -

Lowest bidder will be calculated based on summation of amount proposed for year 1 to 2 as mentioned in the table above.

The bid price for any year should not be more than 40% of the total bid price for two years.

The bidder should quote price inclusive of all expenses, duties, levies, out of pocket expenses, etc. but exclusive of applicable taxes.

The applicable taxes would be paid on actuals by UIIC. Further, we confirm that we will abide by all the terms and conditions contained in the Request for Proposal document Name in Block Letters:

Signature:

Designation:


Place:

Date


of 34

ANNEXURE VI - NON-DISCLOSURE AGREEMENT FORMAT This confidentiality and non-disclosure agreement is made on the....................day of...................., 20.....

BETWEEN (Bidder), (hereinafter to be referred to as “-------”) which expression shall unless repugnant to

the subject or the context mean and included its successors, nominees or assigns a company incorporated

under the Companies Act, 1956 and having its principal office at ....................(address).

AND UNITED INDIA INSURANCE COMPANY LIMITED (hereinafter to be called “UIIC”) which expression

shall unless repugnant to the subject or the context mean and included its successors, nominees or assigns

having its Registered Office at 24, Whites Road, Chennai - 600014 on the following terms and conditions:

WHEREAS, in the course of the business relationship between the aforesaid parties, both the parties

acknowledge that either party may have access to or have disclosed any information, which is of a

confidential nature, through any mode and recognize that there is a need to disclose to one another such

confidential information, of each party to be used only for the Business Purpose and to protect such

confidential information from unauthorized use and disclosure;

NOW THEREFORE, in consideration of the mutual promises contained herein, the adequacy and

sufficiency of which consideration is hereby acknowledged and agreed, the parties hereby agree as

follows: —

This Agreement shall apply to all confidential and proprietary information disclosed by one party to the

other party, including information included in the caption ‘Definitions’ of this Agreement and other

information which the disclosing party identifies in writing or otherwise as confidential before or within

thirty days after disclosure to the receiving party (“Confidential Information”). Information may be in any

form or medium, tangible or intangible, and may be communicated/disclosed in writing, orally,

electronically or through visual observation or by any other means to one party (the receiving party) by

the other party (the disclosing party).

1. DEFINITIONS

(a) CONFIDENTIAL INFORMATION means all the information of the Disclosing Party which is disclosed to

the Receiving party pursuant to the business arrangement whether oral or written or through visual

observation or in electronic mode and shall include but is not limited to trade secrets, know-how,

inventions, techniques, processes, plans, algorithms, software programs, source code, semiconductor

designs, schematic designs, business methods, customer lists, contacts, financial information, sales and

marketing plans techniques, schematics, designs, contracts, financial information, sales and marketing

plans, business plans, clients, client data, business affairs, operations, strategies, inventions,

methodologies, technologies, employees, subcontractors, the contents of any and all agreements,

subscription lists, customer lists, photo files, advertising materials, contract quotations, charity contracts,

documents, passwords, codes, computer programs, tapes, books, records, files and tax returns, data,

statistics, facts, figures, numbers, records, professionals employed, correspondence carried out with and

received from professionals such as Advocates, Solicitors, Barristers, Attorneys, Chartered Accountants,

Company Secretaries, Doctors, Auditors, Surveyors, Loss Assessors, Investigators, Forensic experts,

Scientists, Opinions, Reports, all matters coming within the purview of Privileged Communications as

contemplated under Indian Evidence Act, 1872, legal notices sent and received, Claim files, Insurance


of 34

policies, their rates, advantages, terms, conditions, exclusions, charges, correspondence from and with

clients/ customers or their representatives,, Proposal Forms, Claim-forms, Complaints, Suits, testimonies,

matters related to any enquiry, claim-notes, defences taken before a Court of Law, Judicial For a, Quasi-

judicial bodies, or any Authority, Commission, pricing, service proposals, methods of operations,

procedures, products and/ or services and business information of the Disclosing Party. The above

definition of Confidential Information applies to both parties equally; however in addition, without

limitation, where the Disclosing Party is the UIIC, no information that is exempted from disclosure under

section 8 or any other provision of Right to Information Act, 2005 shall at any time be disclosed by the

Receiving Party to any third party.

(b) MATERIALS means including without limitation, documents, drawings, models, apparatus, sketches,

designs and lists furnished to the Receiving Party by the Disclosing Party and any tangible embodiments

of the Disclosing Party’s Confidential Information created by the Receiving Party.

2. COVENANT NOT TO DISCLOSE

The Receiving Party will use the Disclosing Party’s Confidential Information solely to fulfill its obligations

as part of and in furtherance of the actual or potential business relationship with the Disclosing Party. The

Receiving Party shall not use the Confidential Information in any way that is directly or indirectly

detrimental to the Disclosing Party or its subsidiaries or affiliates, and shall not disclose the Confidential

Information to any unauthorized third party. The Receiving Party shall not disclose any Confidential

Information to any person

except to its employees, authorized agents, consultants and contractors on a need to know basis, who

have prior to the disclosure of or access to any such Confidential Information agreed in writing to receive

it under terms at least as restrictive as those specified in this Agreement.

In this regard, the agreement entered into between the Receiving Party and any such person/s shall be

forwarded to the Disclosing Party promptly thereafter. Prior to disclosing any Confidential Information to

such person/s, the Receiving Party shall inform them of the confidential nature of the information and

their obligation to refrain from disclosure of the Confidential Information. The Receiving party shall use

at least the same degree of care in safeguarding the Confidential Information as it uses or would use in

safeguarding its own Confidential Information, and shall take all steps necessary to protect the

Confidential Information from any unauthorized or inadvertent use. In no event shall the Receiving Party

take all reasonable measures that are lesser than the measures it uses for its own information of similar

type. The Receiving Party and its Representatives will immediately notify the Disclosing Party of any use

or disclosure of the Confidential Information that is not authorized by this Agreement. In particular, the

Receiving Party will immediately give notice in writing to the Disclosing Party of any unauthorized use or

disclosure of the Confidential Information and agrees to assist the Disclosing Party in remedying such

unauthorized use or disclosure of the Confidential Information.

The Receiving Party and its Representatives shall not disclose to any person including, without limitation

any corporation, sovereign, partnership, company, Association of Persons, entity or individual

(i) the fact that any investigations, discussions or negotiations are taking place concerning the actual or

potential business relationship between the parties,

(ii) that it has requested or received Confidential Information, or


of 34

(iii) any of the terms, conditions or any other fact about the actual or potential business relationship.

This confidentiality obligation shall not apply only to the extent that the Receiving Party can demonstrate

that:

(a) the Confidential Information of the Disclosing Party is, or properly became, at the time of disclosure,

part of the public domain, by publication or otherwise, except by breach of the provisions of this

Agreement; or

(b) was rightfully acquired by the Receiving Party or its Representatives prior to disclosure by the

Disclosing Party;

(c) was independently developed by Receiving Party or its Representatives without reference to the

Confidential Information; or

(d) the Confidential Information of the Disclosing Party is required to be disclosed by a Government

agency, is the subject of a subpoena or other legal or demand for disclosure; provided, however, that the

receiving party has given the disclosing party prompt written notice of such demand for disclosure and

the receiving party reasonably cooperates with the disclosing party's efforts to secure an appropriate

protective order prior to such disclosure.

(e) is disclosed with the prior consent of or was duly authorized in writing by the disclosing party.

3. RETURN OF THE MATERIALS

Upon the disclosing party's request, the receiving party shall either return to the disclosing party all

Information or shall certify to the disclosing party that all media containing Information have been

destroyed. Provided, however, that an archival copy of the Information may be retained in the files of the

receiving party's counsel, solely for the purpose of proving the contents of the Information.

4. OWNERSHIP OF CONFIDENTIAL INFORMATION

The Disclosing Party shall be deemed the owner of all Confidential Information disclosed by it or its agents

to the Receiving Party hereunder, including without limitation all patents, copyright, trademark, service

mark, trade secret and other proprietary rights and interests therein, and Receiving Party acknowledges

and agrees that nothing contained in this Agreement shall be construed as granting any rights to the

Receiving Party, by license or otherwise in or to any Confidential Information. Confidential Information is

provided “as is” with all faults.

By disclosing Information or executing this Agreement, the disclosing party does not grant any license,

explicitly or implicitly, under any trademark, patent, copyright, mask work protection right, trade secret

or any other intellectual property right.

In no event shall the Disclosing Party be liable for the accuracy or completeness of the Confidential

Information. THE DISCLOSING PARTY DISCLAIMS ALL WARRANTIES REGARDING THE INFORMATION,

INCLUDING ALL WARRANTIES WITH RESPECT TO INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS

AND ALL WARRANTIES AS TO THE ACCURACY OR UTILITY OF SUCH INFORMATION. Execution of this

Agreement and the disclosure of Information pursuant to this Agreement does not constitute or imply


of 34

any commitment, promise, or inducement by either party to make any purchase or sale, or to enter into

any additional agreement of any kind.

5. REMEDIES FOR BREACH OF CONFIDENTIALITY

1. The Receiving Party agrees and acknowledges that Confidential Information is owned solely by

the disclosing party (or its licensors) and that any unauthorized disclosure of any Confidential Information

prohibited herein or any breach of the provisions herein may result in an irreparable harm and significant

injury and damage to the Disclosing Party which may be difficult to ascertain and not be adequately

compensable in terms of monetary damages. The Disclosing Party will have no adequate remedy at law

thereof, and that the Disclosing Party may, in addition to all other remedies available to it at law or in

equity, be entitled to obtain timely preliminary, temporary or permanent mandatory or restraining

injunctions, orders or decrees as may be necessary to protect the Disclosing Party against, or on account

of, any breach by the Receiving Party of the provisions contained herein, and the Receiving Party agrees

to reimburse the reasonable legal fees and other costs incurred by Disclosing Party in enforcing the

provisions of this Agreement apart from paying damages with interest at the market rate prevalent on

the date of breach to the Disclosing Party.

2. The Receiving Party agrees and acknowledges that any disclosure, misappropriation, conversion or

dishonest use of the said Confidential Information shall, in addition to the remedies mentioned above,

make the Receiving Party criminally liable for Breach of Trust under section 405 of the Indian Penal Code.

6. TERM

This Agreement shall be effective on the first date written above and shall continue in full force and effect

at all times thereafter. This Agreement shall however apply to Confidential Information disclosed by the

Disclosing Party to the Receiving Party prior to, as well as after the effective date hereof. The Receiving

Party acknowledges and agrees that the termination of any agreement and relationship with the

Disclosing Party shall not in any way affect the obligations of the Receiving Party in not disclosing of

Confidential Information of the Disclosing Party set forth herein. The obligation of non-disclosure of

Confidential Information shall bind both parties, and also their successors, nominees and assignees,

perpetually.

7. GOVERNING LAW & JURISDICTION

This Agreement shall be governed by and construed with solely in accordance with the laws of India in

every particular, including formation and interpretation without regard to its conflicts of law provisions.

Any proceedings arising out of or in connection with this Agreement shall be brought only before the

Courts of competent jurisdiction in Chennai.

8. ENTIRE AGREEMENT

This Agreement sets forth the entire agreement and understanding between the parties as to the subject-

matter of this Agreement and supersedes all prior or simultaneous representations, discussions, and


of 34

negotiations whether oral or written or electronic. This Agreement may be amended or supplemented

only by a writing that is signed by duly authorized representatives of both parties.

9. WAIVER

No term or provision hereof will be considered waived by either party and no breach excused by the

Disclosing Party, unless such waiver or consent is in writing signed by or on behalf of duly Constituted

Attorney of the Disclosing Party. No consent or waiver whether express or implied of a breach by the

Disclosing Party will constitute consent to the waiver of or excuse of any other or different or subsequent

breach by the Receiving Party.

10. SEVERABILITY

If any provision of this Agreement is found invalid or unenforceable, that part will be amended to achieve

as nearly as possible the same economic or legal effect as the original provision and the remainder of this

Agreement will remain in full force.

11. NOTICES

Any notice provided for or permitted under this Agreement will be treated as having been given when (a)

delivered personally, or (b) sent by confirmed telecopy, or (c) sent by commercial overnight courier with

written verification of receipt, or (d) mailed postage prepaid by certified or registered mail, return receipt

requested, or (e) by electronic mail, to the party to be notified, at the address set forth below or at such

other place of which the other party has been

notified in accordance with the provisions of this clause. Such notice will be treated as having been

received upon actual receipt or five days after posting. Provided always that notices to the UIIC shall be

served on the Information Technology Department of the Company’s Head Office at Chennai and a CC

thereof be earmarked to the concerned Branch, Divisional or Regional Office as the case may be by RPAD

& email.

IN WITNESS WHEREOF THE PARTIES HERE TO have set and subscribed their respective hands and seals

the day and year herein above mentioned.

a) SIGNED SEALED & DELIVERED BY THE b) SIGNED SEALED & DELIVERED BY THE WITHIN NAMED

INSURANCE COMPANY WITHIN NAMED (BIDDER)

Deputy General Manager

_______________________________ _________________________________

In the presence of In the presence of

Witnesses:1 _______________ Witnesses:1 _______________

Witnesses:2 _______________ Witnesses:2 _______________


of 34

ANNEXURE VII - PERFORMANCE BANK GUARANTEE (PBG) To be executed by the selected bidder

(To be executed on a non-judicial stamp paper of Rs.100/-)

To,

United India Insurance Company Limited,

Reg. & Head Office: 24, Whites Road,

Chennai - 600014

In consideration of the United India Insurance Company Limited, having its Registered Office at “24,

Whites Road, Chennai - 600014, (hereinafter referred to as ‘UIIC’, which expression shall, unless it be

repugnant to the meaning and context thereof, include its successors, authorized agents, representatives

and permitted assigns) having entered into an Agreement dated …………. for Appointment of Consultant

for Conducting Information Security Audit (which agreement is hereinafter referred to as “the said

Agreement” ) with………… (the selected Bidder’s name and address) (hereinafter referred to as "the

selected Bidder”, which expression shall, unless it be repugnant to the meaning and context thereof,

include its successors, authorized agents, representatives and permitted assigns) and the selected Bidder,

having agreed to provide a guarantee for its performance in the form of an unconditional, irrevocable and

continuing Performance Bank Guarantee as per the terms and conditions of the Request for Proposal

dated …….. (hereinafter referred to as “the RFP”) and the said Agreement, for the due fulfillment by the

selected Bidder of the terms and conditions contained in the RFP and the said Agreement,

1. We, __________________________________ (Name of the bank and full address) (hereinafter

referred to as "the Bank") at the request of the selected Bidder do hereby undertake to pay to UIIC an

amount not exceeding Rs.______- (Rupees _______________________________) at any time against any

losses, damages, costs, charges and expenses caused to or suffered by UIIC by reason of any breach

committed by the selected Bidder of any of the terms and conditions contained in the RFP and the said

Agreement.

2. We, __________________________________ (Name of the bank and full address) do hereby

undertake to pay the amounts due and payable under this performance bank guarantee without any

demur, merely on a demand from UIIC stating that the amounts claimed is due by way of loss or damage

caused to or would be caused to or suffered by UIIC by reason of breach by Selected Bidder of any of the

terms and conditions contained in the RFP and the said Agreement or by reason of the Selected Bidder’s

failure to perform its obligations under the RFP and the said Agreement. Any such demand made on the

Bank shall be conclusive as regards the amount due and payable by the Bank under this performance bank

guarantee. However, our liability under this guarantee shall be restricted to an amount not exceeding

Rs.___________/- (Rupees ________________only).

3. We ____________________________ (Name of the bank and full address) undertake to pay to UIIC

any money so demanded notwithstanding any dispute or dispute raised by the Selected Bidder in any suit

or proceeding pending before any Court or Tribunal relating to the said Agreement or this Performance

bank guarantee our liability under this guarantee being absolute and unequivocal.


of 34

The Payment so made by us under this performance bank guarantee shall be a valid discharge of our

liability for payment hereunder and the Selected Bidder shall have no claim against us for making such

payment.

4. We, ____________________________ (Name of the bank and full address) further agree that this

performance bank guarantee shall remain in full force and effect during the entire tenure of the said

Agreement till 60 days after all the contractual obligations of the Selected Bidder including warranty

obligations are completed and all the dues of UIIC under or by virtue of the said Agreement have been

fully paid and its claim authorities satisfied or discharged by the said Selected Bidder.

Unless a claim or demand under this performance bank guarantee is made or presented to the Bank within

six months from the expiry of this Performance Bank Guarantee, all the rights of UIIC under this guarantee

shall cease and the Bank shall be released and discharged from all liability hereunder.

5. We, ___________________ (Name of the bank and full address) further agree with UIIC that UIIC shall

have the fullest liberty without our consent and without affecting in any manner our obligations

hereunder to vary any of the terms and conditions of the said Agreement or to extend time of

performance of the Selected Bidder under the said Agreement or from time to time to postpone for any

time the powers exercised by UIIC against the Selected Bidder and to forbear or enforce any of the terms

and conditions relating to said Agreement and we shall not be relieved from our liability by reason of any

variation, or extension being granted by the UIIC to the Selected Bidder or by any such matter or thing

whatsoever which under the law relating to sureties would but for this provision, have effect of so

relieving us.

6. Any claim which we, _____________________________________________ (Name of the bank and full

address) may have against the Selected Bidder shall be subject and subordinate to the prior payment and

performance in full of all our obligations hereunder. The Bank will not, without prior written consent of

UIIC , exercise any legal right or remedy of any kind in respect of any such payment or performance so

long as the Bank’s obligations hereunder remain owing and outstanding, regardless of the insolvency,

liquidation or bankruptcy of the Selected Bidder or otherwise howsoever. We, the Bank, will not counter

claim or set off against its liabilities to UIIC hereunder any sum outstanding to the credit of UIIC with it

7. This performance bank guarantee will not be discharged due to the change in the continuation of the

Bank or the Selected Bidder.

8. We, _________________________ (Name of the bank and full address) undertake not to revoke this

performance bank guarantee during its currency except with the previous consent of UIIC in writing.

9. Notwithstanding anything contained herein:-

1. Our liability under this Performance Bank Guarantee shall not exceed Rs.________/- (Rupees

____________________only).

2. This Performance Bank Guarantee shall be valid upto 60 days after all contractual obligations of the

Bidder including warranty obligations are completed

3. We are liable to pay the guaranteed amount or any part thereof under this Performance Bank

Guarantee only and only if UIIC serves upon us a written claim or demand within six months from the

expiry date of this Performance Bank Guarantee.

10. Our obligation to pay hereunder is as principal debtor and not as surety and it shall not be necessary

for UIIC “to proceed against” the Selected Bidder “before proceeding against” the Bank and this

Performance Bank Guarantee shall be enforceable against the Bank notwithstanding any other security


of 34

which UIIC may have obtained or may obtain from the Selected Bidder at the time when proceedings are

taken against the said Bank in any manner whatsoever.

11. This Performance Bank Guarantee shall come into force immediately and shall be valid upto 60 days

after all contractual obligations of the Bidder including warranty obligations are completed.

12. We have the power to issue this Performance Bank Guarantee in favor of UIIC and the undersigned

who are executing this Performance Bank Guarantee have the necessary power to do so on behalf of the

Bank.

Date: ………day of …... 2019 for ___________________________ (Name of the bank)

(Signature of the authorized officer of the Bank)

Name and designation of the officer

Seal, name & address of the Bank

Witnesses:

1……………………………………..............

2………..…………………………………


of 34

ANNEXURE VIII - UNDERTAKING FOR NIL DEVIATIONS (To be submitted on Company letter head)

To

The Chief Manager,

I.T. Department, First Floor,

Regd. & Head Office 24,

Whites Road, Chennai – 600 014

Subject: Undertaking for Nil Deviations for Tender Ref. No. UIIC: HO: ITD: RFP: 132:2019-20 “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance Audit”

Dear Sir/Madam,

There are no deviations (nil deviations) from the terms and conditions of the tender. All the terms and conditions of the tender are acceptable to us.


Signature:

Designation:


Place:

Date


of 34

ANNEXURE IX: QUERIES FORMAT

Sr No

Bidder Name

Page No(tender Ref)

Clause(tender Ref) Description in the tender (tender Ref)

Query

1

2

Note: The queries may be communicated only through e-mail to email id [email protected]. Responses of queries will be uploaded in UIIC website or emailed to concerned bidder. No queries will be accepted on telephone or through any means other than e-mail. The queries shall be send in .xls/.xlsx format with above fields only.

mailto:[email protected]


of 34

ANNEXURE X: FORMAT FOR LETTER OF AUTHORIZATION (To be submitted in the Bidder's letter head)

To

The Chief Manager

Information Technology Department

United India Insurance Company Limited

Head Office, 24, Whites Road

Chennai - 600014

LETTER OF AUTHORISATION FOR ATTENDING BID OPENING for Tender No: UIIC: HO: ITD: RFP: 132:2019-

20

The following persons are hereby authorized to attend the bid opening on _____________(date) in the

tender for “Appointment of Auditor for Comprehensive Information and Cyber Security Assurance

Audit” on behalf of M/S_______________________ (Name of the Bidder) in the order of preference given

below:

Order of Preference Name Designation Specimen Signature

I

(Name in Block Letters:

Signature:

Designation:


Place:

Date

1. One person can be authorized for attending the bid opening.

2. Permission for entry to the hall where bids are opened may be refused in case authorization as

prescribed above is not submitted.


of 34

ANNEXURE XI: CHECKLIST

S.No. Document Enclosed

1. Cover A : Eligibility Bid

Proof of Tender Fee (Non-Refundable)

Proof of EMD

Annexure III: Eligibility Criteria along with Supporting Documents

Annexure V: Format for Letter of Authorization

2. Cover B : Technical Bid

Annexure III – Technical Bid with supporting documents

Copy of RFP published in the website (https://uiic.co.in/tender) duly

signed and stamped

Annexure VIII: Undertaking for NIL Deviation

3. Cover C : Commercial Bid

Annexure V: Commercial Bid

--------OOO--------


REQUEST FOR PROPOSAL (RFP) FOR for... · Last Date of Pre-Bid Queries submission Pre Bid Meeting...

Documents

Transcript of REQUEST FOR PROPOSAL (RFP) FOR for... · Last Date of Pre-Bid Queries submission Pre Bid Meeting...