DEPARTMENT OF INFORMATION TECHNOLOGY
CORPORATE OFFICE
2nd Floor, Commercial Complex, National Games Village Koramangala,
Bengaluru - 560 047
Tel: 080-25705785, EPABX: 25705825-27
Fax: 25705800,25705790
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
To,
All Eligible Bidders.
Sub: Clarifications/Modifications
for Supply, Installation, Updation and Maintenance of Antivirus solution with End point protection and
end point data loss prevention for use in our Branches/Offices.
Ref: RFP 223/CO: DIT/AV/arm dated 19/01/2017
51. Clause No.1
No. Page No.
1.
1- Brief
Description of
the
Requirements
Serial no- iii
Page No- 3
RFP Term
Hardware/Software for DC, Mumbai and
DRS Bangalore
Bidders Request for following
Clarifications
If the bidder quotes for the exisitng brand of AV
licenses in Syndicate Bank, would that still
need additional hardware & OS requirements
or the bidder can use the same hardware in
which it is currently running. If Yes, please
provide us the current configuration details for
us to know whether it can scale up further to
10000 additional AV licenses
Banks Clarifications/
Modifications
No, vendor has to bring their
own required hardware.
We request bank to amend the clause & allow
bidders with positive net worth to quote.
2.
Eligibility Criteria
Page No.4
Point No: 2
The Bidder should have made net profit
after tax for at least 2 out of the three
consecutive financial years and average
net-worth of ~ 15 Crores.
The bidder should have made net profit after
tax for atleast 2 out of three consecutive
financial years.
(OR)
The bidder should have made net profit after
tax for atleast 2 out of three consecutive
financial years and should have positive
RFP term stands
Page 1 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
81. Clause No.1
No. Page No.
RFP Term
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
networth in previous 3 years
--~
·-------+-----------------~j1~eqUest
you amend the clause to Bidder /
OEM as very few vendors will be qualified
which will limit the participants of the OEM to
for the bank
Eligibility Criteria
Page No.4
Point No: 5
The bidder should have provided and
deployed in a Wide Area Network, a
minimum 15,000 licenses of Antivirus
solutions, to minimum 3 Banks/
PSU/Govt Organizations for the last five
years (2011 and 2016)
2. Kindly request bank to Dilute the clause as:
The bidder should have provided and deployed
in a Wide Area Network, a minimum 20000
licenses of anti-virus solutions to minimum 1
bank/PSU/Govt organizations for the last five
years( From 2011 to 2016 ) OR The bidder
should have provided and deployed in a Wide
Area Network, a minimum 10000 licenses of
anti-virus solutions to minimum 3
banks/PSU/Govt organizations for the last five
years( From 2011 to 2016 )
3. We request the bank to clarify if
upgrade/renewal/support experience qualifies
during this period.
~~~W---_L------------------~
RFP Clause modified as
"The bidder should have
provided and deployed
Antivirus solutions in a Wide
Area Network to minimum 3
Banks/ PSU/Govt
Organizations for three years
and bidder should have
provided and deployed
minimum of 15,000 licenses to
at least one of them and
cumulatively not less than
25000 licenses ."
4. The Bidder should have provided and
deployed in Wide Area Network, a minimum
8000 licenses of Antivirus solutions to
minimum of 2 bank/PSU/Govt organisation for
the last five years (2011 and 2016)
(OR)
The Bidder should have provided and ._::_d_:_ep._l~o:_ye~d_L
,
Page 2 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
RFP Term
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
in Wide Area Network, a minimum 15000
licenses of Antivirus solutions to minimum of 1
bank/PSU/Govt organisation for the last five
years (2011 and 2016)
4.
5.
Delivery Period
Clause No: 6
Page No: 6
Liquidated
Damages
Clause No: 6
Page No: 6
Bidder shall be responsible for delivery/
installation of Antivirus solution with end
point protection in PCs/ Servers within 1
month from the date of Purchase Order
Liquidated Damages: For any delay in
delivery, installation and commissioning of
Antivirus solution, beyond the dates as
stipulated above, the Bank reserves the
right to charge a LD (Liquidated
Damages) as detailed below:
a) We request the bank to amend the clause
to:
1) 8 weeks for Delivery and Installation of
Software & hardware at DC & DRS
2) For deployment of client solution in all the
end user devices we request bank to provide
minimum 6 months' time
b) Bidder shall be responsible for delivery of
antivirus solution with endpoint protection in
PCs/Servers within 1 month from date of
Purchase order. And installation to be
completed within 45 days of delivery of
licenses.
RFP clause stands.
We request bank to relax the clause and
amend the same to 0.5% per week of
undelivered product/services value to
maximum of 5%.
RFP clause stands.
The vendor will be liable for a penalty of
0.5% of the contract value per week
subject to a maximum of 10% of the
license fees. The amount of LD will be
Page 3 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
RFP Term
Date: 13102/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
recovered from the vendor from payments
due to them or by invoking Bank
Guarantees provided by the vendor. If the
LD reaches the maximum, the Bank will
be at liberty to terminate the contract and
invoke all BGs.
Payment terms mentioned as
A. License
100% of the Licence fee along with one
time Implementation Charges, if any, will
be released on satisfactory customization,
implementation and deployment of
Licenses at the needed branchesl offices
6.
Payment Terms
Clause No: 8(a)
& 8(c)
Page No: 7
upon submission documents ...
C. Payment for Hardware, Database &
OS Licenses:
i) On Delivery and Installation: Seventy
(70) % of the Contract Price of the Goods
along with 100% sales tax, 100% Octroi,
wherever applicable, shall be paid on
successful installation of goods and upon
submission of the documents (separate
requests for release of Octroi payments
will not be entertained):
We request the bank to amend the payment
terms to:
License fees: 100% on delivery site-wise
Installation charges to be released post
installation site-wise
Hardware, Database & OS licenses:
=> On Delivery: 90% of contract price site-wise
=> On final acceptance: 10% of contract price
site-wise.
RFP clause stands.
ii) On Final Acceptance: Thirty (30) % of
the Contract Price of the Goods shall be
paid 30 days after successful working and
Page 4 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
RFP Term
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
upon submission of the documents.
B. Onsite Support Charges:
7.
Payment Terms
Clause No: 8(b)
Page No: 7
Even though, Onsite support charges are
taken up to 31/03/2020, payments will be
released quarterly in arrears on pro-rata
basis from the date of providing on-site
support of the relevant quarter within 30
days of receipt of claim. Payments will be
released on receipt of confirmation from
DIT based on verification from the Central
console.
We request the bank to release the same
quarterly in advance.
RFP clause stands.
We request bank to provide 24 working hours
response time at site & 48 working hours for
rectification of reported problem.
RFP Clause stands.
However, all the licenses and support
shall be properly provided irrespective of
Non-claiming/ Non-renewal of
maintenance charges/ on-site support
charges by the vendor in time.
9. License,
Hardware and
Software
8. Maintenance
[.....,::::;:;:::j:::_~and.
Penalty
/.;ll~l
$
e No: 9
fmrfa ~
I *~'~~:;
\.
-
sse opJ47
~
0:
8
For all the problems which could not be
resolved through telephone or e-mail and
which requires the presence of
Successful Bidder engineer, the response
time would be 2 hours from the reporting
time at Metro/Urban centres & and at
other locations outside the Metro/Urban
centres within 4 hours. If the problem is
*. II
..., IV
._
Page 5 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
81. Clause No.1
No. Page No.
RFP Term
Date: 13102/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
not rectified within 24 hours of lodgement
of complaint, penalty will be levied the
vendor will be liable for penalty as
detailed in service level & uptime subject
to a maximum of 10% of the license fees
for each complaint. If the penalty reaches
the maximum, the Bank will be at liberty
to terminate the contract and invoke all
BGs.
Service Level and Uptime:
9.
9. License,
Hardware and
Software
Maintenance
and Penalty
Clause No: 9
Page No: 8
9. License,
Hardware and
Software
Maintenance
10. and Penalty
~:f:=::::s...The Broad
~ ~~~ice
Levels
~?;~~J\O:1
I~
sen95
"'~~
~.~600
~1,!"'" ~
T
The vendor shall ensure that the system
gives minimum 99.50% uptime
(Calculated on monthly basis). For every
0.05% or fraction thereof of additional
downtime, Bank will impose a penalty of
1% of the monthly payment on the onsite
support (subject to maximum of 10% of
the contract value during Contract Period
of three years).
We request the bank to relax the clause to
99% up-time calculated on quarterly basis.
We request bank to relax the penalty clause to
0.5% per week of faulty/down equipment value
to maximum of 5% of faulty/down equipment
value.
We request bank to limit the version change
deployments to 1 during the contract period.
Also please provide min 6 months required for
Latest antivirus software version if any
such deployments as it involves huge effort
during the contract period is to be deployed
and time.
in all machines within 4 weeks release of the
Also consider 75% assets to be covered by
version without any additional cost.
solution shall have latest virus definitions not
85% assets covered by Solution shall have
older than 3 working days.
RFP Clause stands.
Deployment of Antivirus Software and
latest antivirus definitions:
RFP Clause stands.
II /
~
Page 6 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
Page No: 9
RFP Term
latest virus definitions not older than 3 days
from release of the updates. Daily report is
to be submitted
Consolidated report every week. 99.5%
uptime for solution server
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
For every 0.10% drop, we request bank to
consider 0.5% of the monthly payment.
For every corrupted PC that remain unsolved
to reduce the penalty to Rs 500 per day.
We request bank to consider overall max SLA
penalty to 5% of the monthly charges, as
uncapped penalty is considered as huge risk
for the bidder/SI
Reporting and validation of installations:
9. License,
Hardware and
Software
Maintenance
and Penalty
11.
The Broad
Service Levels
SI No: 2
Page No: 9
Usage of bandwidth from Solution server to
Network distribution point and from Network
distribution point to branch distribution point
should not cross the threshold limit as per
Bank's Bandwidth Management Policy,
which is currently 10% of total bandwidth
during Business Hours (i.e. 10:00 HRs 17:30 HRs). Bandwidth throttling report is to
be submitted daily.
More than 98% clients shall be online in
Daily reporting of status of antivirus clients.
We request Bank to consider 95% of the
clients to be online in daily status report
(provided machines are switched on status).
For every 0.10% drop, we request bank to
consider 0.5% of the monthly payment.
For every corrupted PC that remain unsolved
to reduce the penalty to Rs 500 per day.
We request bank to consider overall max SLA
penalty to 5% of the monthly charges, as
uncapped penalty is considered as huge risk
for the bidder/SI
RFP Clause stands.
1. We request to consider "Based on the
signatures/patches/solution
made available by
OEM, 97% of the tickets lodged for distribution
nodes shall be resolved in 24hrs and 95% of
tickets lodged for clients in less than 48hrs"
RFP Clause stands.
Consolidated report every week.
9. License,
Hardware and
Trouble shooting & Resolution of
computers, which remain infected:
~I-Software
~iv
t:!'
3f(
.
#~syn
a
~~Ihe
&
tenance
~nalty
~}~ad
Identify and apply within 1 day any
signature/ solution that needs to be used for
all "still infected" machines. Daily report to be
Page 7 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51.
Clause No.1
No. Page No.
Service Levels
SI No: 3
Page No: 9
RFP Term
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
submittedconsolidatedreport every week.
For every 0.10% drop, we request bank to
consider 0.5% of the monthly payment.
In case of any compatibilityissue with
For every corrupted PC that remain unsolved
respectto the Antivirus Software installation/
to reduce the penalty to Rs 500 per day.
up-gradation,the SI shall troubleshoot,
We request bank to consider overall max SLA
resolve,test and deploy the necessary
patch/ solutiononto the affected machines. penalty to 5% of the monthly charges, as
uncapped penalty is considered as huge risk
97% tickets loggedfor distributionnode shall
for the bidder/SI
be resolved in less than 12 hours and 95%
tickets loggedfor clients in less than 24
Hours.
Daily reportto be submitted.
Consolidatedreport every week.
9. License,
Hardware and
Software
Maintenance
and Penalty
13.
The Broad
Service Levels
SI No: 4
Page No: 9
11. BID
SECURITY AND
~s~ r~~
~STOFRFP
,
'~
~'""
Ben~aluru ~~S7
'.gv
No: 11 (c
Troubleshoot & resolution computers
corrupted due to virus attack:
2. For every 0.10% drop, we request bank to
consider 0.5% of the monthly payment.
Identifyand apply any signature needed for
all corruptedmachineswithin 1 day.
For every corrupted PC that remain unsolved
to reduce the penalty to Rs 500 per day.
Performanceand scalability review report
every quarter
Providinghistoricaldata of last 6 months
immediately.
c) THE BID SECURITY MAYBE
FORFEITED
RFP Clause stands.
We request bank to consider overall max SLA
penalty to 5% of the monthly charges, as
uncapped penalty is considered as huge risk
for the bidder/SI
We request the bank remove this clause.
RFP Clause stands.
(b) If a Bidder fails to participate and
quote price in Online Sealed bids or fails
~If'" :::!',.
--
Page 8 of 14
Date: 13102/2017
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
(b))
Page No: 11
RFP Term
to
Bidders Request for following
Clarifications
Banks Clarificationsl
Mod ifications
login in Reverse Auction Process, or
I. BID SECURITY:
11. BID
SECURITY AND
COST OF RFP
a) The Bidder shall furnish, as part of its
Bid, a Bid security for an amount of~.
15,00,0001- (Rupees Fifteen Lakh only) in
the form of a Bank Guarantee issued by a
reputed Bank in India other than
Syndicate Bank in the format enclosed
valid up to Six months from the date of
RFP and to be submitted along with the
Technical Bid.
Other Leading PSU Banks provide EMD
Exemption if the Bidder is MSME registered.
Requesting you to extend the same benefit to
bidders as well
Yes, Bidder registered as
MSME units in India will be
exempted from payment of
cost of RFP and submission of
Bid Security.
Technical
Specifications
16. Page No: 29
Point No: 8
INTERNET-BASED SCAN & DELIVER Should enable automatic submissions of
unknown 1 suspected virus samples to
vendor and automatic response 1 delivery
of the cure
Do we mean that the files when suspected will
be sent to the vendor cloud? What if the
suspected file is a classified file? We suggest
that all submissions happen on On Premise
and any Automatic response/Delivery happen
from on Premise solution for unknown threats.
It is the discretion of the bank
to submit the filel virus data to
the OEM website. The
requested functionality should
be available in the solution.
Technical
Specifications
17. Page No: 29
Point No: 11
ROAMING CLIENT SUPPORT - The
antivirus software should be able to
automatically detect and update
definitions & scan engine from the
nearest parent server in the network
By roaming we understand that the user is
outside the LAN, the user should not only be
able to get updates but should be able to do
submission to on premise Threat intelligence.
In case the dedicated updater
is down then the updates
should be taken up by the
nearest updater within LAN.
15.
Clause No: 11 (c
(b))
Page No: 11
~e;s ndic~
f#/~~
ifl(~.engal~~~11
~~
-r
Page 9 of 14
Date: 13/02/2017
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
Technical
Specifications
18. Page No: 30
Point No: 28
Technical
Specifications
19. PageNo:31
Point No: 39
Technical
Specifications
20. Page No: 31
Point No: 41
Technical
Specifications
21. Page No: 31
~ Synd.~nt No: 46
M'7 A
j'Jl( ~~
~~,
W~
---=-
RFP Term
Should have Improved Security with
Network Audit - to find out which antivirus
solutions are installed on protected
workstations and network servers
(includes AntiVirus Corporate Edition,
McAfee Virus Scan, Trend Micro
OfficeScan, Computer Associates,
Innoculan, Sophos, Panda etc.,) And find
out which workstation and network
servers are unprotected
Bidders Request for following
Clarifications
Banks Clarifications/
Modifications
Solution can have that capability but as per
understanding the Bank currently has SEP.
The bank will have only one vendor AV across
thus it is imperative to show how many
machines are protected/not protected by
current AV not multi vendor as it would not be
compliant.
RFP Clause is clear.
Need Clarity on the same.
The solution should have the
capability to prevent the
attacks coming through
internet traffic when deployed
in the machines which are in
the internet zone.
Should have VPN Support
Need Clarity on the same.
Machines which are
connecting through VPN
installed with AV client should
have the capability to connect
to the parent machine for
updates.
Should have Closed Loop Automation
through the Digital Immune System
Symantec term, Layer technology term
suggested with Pattern Matching, Heurestrics,
Behaviour Monitoring, Machine learning,
Ransomware Protection, Sandbox submission
on premise.
RFP clause dropped
Should have Internet Zone Control
.~
Page 10 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
81.
Clause No.1
No. Page No.
RFP Term
Date: 13/02/2017
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
Need more clarity on this.
Technical
Specifications
22. Page No: 31
Point No: 48
Should have Unknown Virus Detection &
Repair
Kindly elaborate as this would include APT as
well
1) IDS/IPS on host should not be preconfigured
with static rules (They might be applicable or
not applicable to endpoint). IDS/IPS should
have automatic provisioning as per the
Vulnerability posture of the endpoint
Technical
Specifications
23. Page No: 31
Point No: 52
~
'® ~~
I.~
Benga/u
~.
560 04
-if,
Should Support Anti-Spam
Why we need anti-spam on endpoint, it should
be protected at the email gateway? Dedicated
Email solution also availble, not necessary to
make AV client very heavy
Should maximize deployment
flexibility by providing the
ability to pre-configure AntiVirus, FW & IDS installation
packages from the central
level.
2) Generally spam attack takes place through
Email for which dedicated Mail Security is
preferable
RFP clause stating "Should
Support Anti-Spam" stands
cancelled.
3) Generally spam attack takes place through
Email for which dedicated Mail Security is
preferable.
-
~SYnd/~
.
Should maximize deployment flexibility by
providing the ability to pre-configure AntiVirus, FW & IDS installation packages
RFP clause dropped
(%
<9~
:_
II
i:i V
.J-"f' V' __
T
Page 11 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
Clause No.1
No. Page No.
51.
Technical
Specifications
24. Page No: 31
Point No: 54
-----
Should incorporate a privacy control
function that prevents distribution of userdefined confidential information without
user knowledge
Bidders Request for following
Clarifications
This is more of a DLP feature that should stop
the same with or without user knowledge.
Technical
Specifications
25. Page No: 31
Point No: 55
Solution should have the capability of
machine learningl similar mechanisms (on Machine learning should be on premise and so
premise) to detect advanced malware
should submissions
threats.
Technical
Specifications
26. Page No: 32
Point No: 70
The Antivirus product should also have
the capability to identify phishing
attacks and inform to end user
Technical Specs
, Page No 32,
27.
Point 75
Virus incident alerting: the proposed
system should be configurable to alert the
designated administrators of virus
incidences at the very minimum using
LAN messages and e-mail messages.
SMS (short messaging service) alerting
for critical occurrences (configurable) is
an added advantage
Technical Specs
28. ,Page No 33,
ar;:~~~
'Jl1 anrn Y\~_
b.~
RFP Term
Date: 13102/2017
sY~'nt
82
Request bank to bring more clarity on this point
Solution should have the capability to
integrate with advanced threat prevention
mechanisms.
Request the bank to bring more clarity on the
same.
Please define and indicate level of SMS
Support and alerts required
We request the bank to clarify the same
Is it required only with Endpoint ATP? Need
more clarity on this.
Banks Clarificationsl
Modifications
RFP Clause is clear.
RFP Clause is clear, capability
of machine learningl similar
mechanisms is on premises.
The Antivirus product should
also have the capability to
identify phishing attacksl
phishing sites and inform to
end user and administrator.
RFP Clause is clear.
The solution should have the
capability to send SMS to
administratorsl operational
department personals which is
less than 15 in no.
The clause is modified as:
Solution should have the
capability to integrate with
advanced threat prevention
mechanisms at endpoint level.
In"
Page 12 of 14
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. PageNo.
RFPTerm
Date: 13102/2017
Bidders Requestfor following
Clarifications
Banks Clarificationsl
Modifications
The clause is modified as:
Clause No: 82
29. Page No: 33
Capability to integrate with Advance
Threat Protection.
Technical
Specifications
30. Page No: 35
Point No: 88.34
End Point DLP
solution shall provide support for the
following platforms:
Microsoft Servers of all variants
Windows 7 and above
Linux, AIX etc.
DLP is very user centric and required on
endpoints and gateway, not sure on the used
case for Linux and AIX, kindly clarify
a. Quantity shown for new licenses above
is for evaluation purpose only. Payment
will be made on Actual number of
Licenses supplied & installed.
Requesting Syndicate Bank to modify this
clause as: The quantity mentioned above, is
indicative and the Bank reserves the right to
vary the quantity as per requirement but
maximum up to 5% +1-. Variation of number of
Users 1 assets 1 ticket data up to +/- 5% will be
absorbed in the initial pricing. Any addition
beyond 5% or any addition of location where
the desktop engineer or on call support is
required, needs to be charged extra to the
customer irrespective of resource increase 1
decrease at the rate to be quoted and agreed
between customer and HCL.
Price Schedule
for License Fee
and other
charges
31.
Notes)
a. point
Page No: 46
Is it required only with Endpoint ATP? Please
clarity on this.
Solution should have the
capability to integrate with
advanced threat protection at
endpoint level.
RFPclause modified as
following:
"Solution shall provide
support for the following
platforms:
Microsoft Servers of all
variants Windows 7 and
above"
RFP clause stands.
~Synd~
f~~
I~*
BengaIU~"
560047
~~
...,'
Page 13 of 14
'.~~
T
Date: 13102/2017
Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram
51. Clause No.1
No. Page No.
Annexure P
32. Page No: 59
33.
new
RFP Term
Bidders Request for following
Clarifications
Banks Clarificationsl
Modifications
Annexure P Details of Hardware &
Operating System
If the bidder quotes for the exisitng brand of AV
licenses in Syndicate Bank, can he use the
existing hadrware & OS infrastructure
Bidder has to provide brand
new hardware tailored to meet
banks requirements.
Frequency of Preventive Maintenance is
not mentioned
We request the bank to define the frequency of
Preventive Maintenance.
frequency of Preventive
Maintenance should be on
Quarterly basis
All the participating bidders are requested to make note of the above clarification and all other Terms and conditions of RFP will remain the same.
Last date for submission of bid documents has been extended up to 22/02/2017 by 1600 hours at this office
Yours faithfully,
~~
General Manager (IT)
((Iv ~~
Page 14 of 14