DEPARTMENT OF INFORMATION TECHNOLOGY CORPORATE OFFICE 2nd Floor, Commercial Complex, National Games Village Koramangala, Bengaluru - 560 047 Tel: 080-25705785, EPABX: 25705825-27 Fax: 25705800,25705790 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram To, All Eligible Bidders. Sub: Clarifications/Modifications for Supply, Installation, Updation and Maintenance of Antivirus solution with End point protection and end point data loss prevention for use in our Branches/Offices. Ref: RFP 223/CO: DIT/AV/arm dated 19/01/2017 51. Clause No.1 No. Page No. 1. 1- Brief Description of the Requirements Serial no- iii Page No- 3 RFP Term Hardware/Software for DC, Mumbai and DRS Bangalore Bidders Request for following Clarifications If the bidder quotes for the exisitng brand of AV licenses in Syndicate Bank, would that still need additional hardware & OS requirements or the bidder can use the same hardware in which it is currently running. If Yes, please provide us the current configuration details for us to know whether it can scale up further to 10000 additional AV licenses Banks Clarifications/ Modifications No, vendor has to bring their own required hardware. We request bank to amend the clause & allow bidders with positive net worth to quote. 2. Eligibility Criteria Page No.4 Point No: 2 The Bidder should have made net profit after tax for at least 2 out of the three consecutive financial years and average net-worth of ~ 15 Crores. The bidder should have made net profit after tax for atleast 2 out of three consecutive financial years. (OR) The bidder should have made net profit after tax for atleast 2 out of three consecutive financial years and should have positive RFP term stands Page 1 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 81. Clause No.1 No. Page No. RFP Term Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications networth in previous 3 years --~ ·-------+-----------------~j1~eqUest you amend the clause to Bidder / OEM as very few vendors will be qualified which will limit the participants of the OEM to for the bank Eligibility Criteria Page No.4 Point No: 5 The bidder should have provided and deployed in a Wide Area Network, a minimum 15,000 licenses of Antivirus solutions, to minimum 3 Banks/ PSU/Govt Organizations for the last five years (2011 and 2016) 2. Kindly request bank to Dilute the clause as: The bidder should have provided and deployed in a Wide Area Network, a minimum 20000 licenses of anti-virus solutions to minimum 1 bank/PSU/Govt organizations for the last five years( From 2011 to 2016 ) OR The bidder should have provided and deployed in a Wide Area Network, a minimum 10000 licenses of anti-virus solutions to minimum 3 banks/PSU/Govt organizations for the last five years( From 2011 to 2016 ) 3. We request the bank to clarify if upgrade/renewal/support experience qualifies during this period. ~~~W---_L------------------~ RFP Clause modified as "The bidder should have provided and deployed Antivirus solutions in a Wide Area Network to minimum 3 Banks/ PSU/Govt Organizations for three years and bidder should have provided and deployed minimum of 15,000 licenses to at least one of them and cumulatively not less than 25000 licenses ." 4. The Bidder should have provided and deployed in Wide Area Network, a minimum 8000 licenses of Antivirus solutions to minimum of 2 bank/PSU/Govt organisation for the last five years (2011 and 2016) (OR) The Bidder should have provided and ._::_d_:_ep._l~o:_ye~d_L , Page 2 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. RFP Term Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications in Wide Area Network, a minimum 15000 licenses of Antivirus solutions to minimum of 1 bank/PSU/Govt organisation for the last five years (2011 and 2016) 4. 5. Delivery Period Clause No: 6 Page No: 6 Liquidated Damages Clause No: 6 Page No: 6 Bidder shall be responsible for delivery/ installation of Antivirus solution with end point protection in PCs/ Servers within 1 month from the date of Purchase Order Liquidated Damages: For any delay in delivery, installation and commissioning of Antivirus solution, beyond the dates as stipulated above, the Bank reserves the right to charge a LD (Liquidated Damages) as detailed below: a) We request the bank to amend the clause to: 1) 8 weeks for Delivery and Installation of Software & hardware at DC & DRS 2) For deployment of client solution in all the end user devices we request bank to provide minimum 6 months' time b) Bidder shall be responsible for delivery of antivirus solution with endpoint protection in PCs/Servers within 1 month from date of Purchase order. And installation to be completed within 45 days of delivery of licenses. RFP clause stands. We request bank to relax the clause and amend the same to 0.5% per week of undelivered product/services value to maximum of 5%. RFP clause stands. The vendor will be liable for a penalty of 0.5% of the contract value per week subject to a maximum of 10% of the license fees. The amount of LD will be Page 3 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. RFP Term Date: 13102/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications recovered from the vendor from payments due to them or by invoking Bank Guarantees provided by the vendor. If the LD reaches the maximum, the Bank will be at liberty to terminate the contract and invoke all BGs. Payment terms mentioned as A. License 100% of the Licence fee along with one time Implementation Charges, if any, will be released on satisfactory customization, implementation and deployment of Licenses at the needed branchesl offices 6. Payment Terms Clause No: 8(a) & 8(c) Page No: 7 upon submission documents ... C. Payment for Hardware, Database & OS Licenses: i) On Delivery and Installation: Seventy (70) % of the Contract Price of the Goods along with 100% sales tax, 100% Octroi, wherever applicable, shall be paid on successful installation of goods and upon submission of the documents (separate requests for release of Octroi payments will not be entertained): We request the bank to amend the payment terms to: License fees: 100% on delivery site-wise Installation charges to be released post installation site-wise Hardware, Database & OS licenses: => On Delivery: 90% of contract price site-wise => On final acceptance: 10% of contract price site-wise. RFP clause stands. ii) On Final Acceptance: Thirty (30) % of the Contract Price of the Goods shall be paid 30 days after successful working and Page 4 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. RFP Term Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications upon submission of the documents. B. Onsite Support Charges: 7. Payment Terms Clause No: 8(b) Page No: 7 Even though, Onsite support charges are taken up to 31/03/2020, payments will be released quarterly in arrears on pro-rata basis from the date of providing on-site support of the relevant quarter within 30 days of receipt of claim. Payments will be released on receipt of confirmation from DIT based on verification from the Central console. We request the bank to release the same quarterly in advance. RFP clause stands. We request bank to provide 24 working hours response time at site & 48 working hours for rectification of reported problem. RFP Clause stands. However, all the licenses and support shall be properly provided irrespective of Non-claiming/ Non-renewal of maintenance charges/ on-site support charges by the vendor in time. 9. License, Hardware and Software 8. Maintenance [.....,::::;:;:::j:::_~and. Penalty /.;ll~l $ e No: 9 fmrfa ~ I *~'~~:; \. - sse opJ47 ~ 0: 8 For all the problems which could not be resolved through telephone or e-mail and which requires the presence of Successful Bidder engineer, the response time would be 2 hours from the reporting time at Metro/Urban centres & and at other locations outside the Metro/Urban centres within 4 hours. If the problem is *. II ..., IV ._ Page 5 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 81. Clause No.1 No. Page No. RFP Term Date: 13102/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications not rectified within 24 hours of lodgement of complaint, penalty will be levied the vendor will be liable for penalty as detailed in service level & uptime subject to a maximum of 10% of the license fees for each complaint. If the penalty reaches the maximum, the Bank will be at liberty to terminate the contract and invoke all BGs. Service Level and Uptime: 9. 9. License, Hardware and Software Maintenance and Penalty Clause No: 9 Page No: 8 9. License, Hardware and Software Maintenance 10. and Penalty ~:f:=::::s...The Broad ~ ~~~ice Levels ~?;~~J\O:1 I~ sen95 "'~~ ~.~600 ~1,!"'" ~ T The vendor shall ensure that the system gives minimum 99.50% uptime (Calculated on monthly basis). For every 0.05% or fraction thereof of additional downtime, Bank will impose a penalty of 1% of the monthly payment on the onsite support (subject to maximum of 10% of the contract value during Contract Period of three years). We request the bank to relax the clause to 99% up-time calculated on quarterly basis. We request bank to relax the penalty clause to 0.5% per week of faulty/down equipment value to maximum of 5% of faulty/down equipment value. We request bank to limit the version change deployments to 1 during the contract period. Also please provide min 6 months required for Latest antivirus software version if any such deployments as it involves huge effort during the contract period is to be deployed and time. in all machines within 4 weeks release of the Also consider 75% assets to be covered by version without any additional cost. solution shall have latest virus definitions not 85% assets covered by Solution shall have older than 3 working days. RFP Clause stands. Deployment of Antivirus Software and latest antivirus definitions: RFP Clause stands. II / ~ Page 6 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. Page No: 9 RFP Term latest virus definitions not older than 3 days from release of the updates. Daily report is to be submitted Consolidated report every week. 99.5% uptime for solution server Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications For every 0.10% drop, we request bank to consider 0.5% of the monthly payment. For every corrupted PC that remain unsolved to reduce the penalty to Rs 500 per day. We request bank to consider overall max SLA penalty to 5% of the monthly charges, as uncapped penalty is considered as huge risk for the bidder/SI Reporting and validation of installations: 9. License, Hardware and Software Maintenance and Penalty 11. The Broad Service Levels SI No: 2 Page No: 9 Usage of bandwidth from Solution server to Network distribution point and from Network distribution point to branch distribution point should not cross the threshold limit as per Bank's Bandwidth Management Policy, which is currently 10% of total bandwidth during Business Hours (i.e. 10:00 HRs 17:30 HRs). Bandwidth throttling report is to be submitted daily. More than 98% clients shall be online in Daily reporting of status of antivirus clients. We request Bank to consider 95% of the clients to be online in daily status report (provided machines are switched on status). For every 0.10% drop, we request bank to consider 0.5% of the monthly payment. For every corrupted PC that remain unsolved to reduce the penalty to Rs 500 per day. We request bank to consider overall max SLA penalty to 5% of the monthly charges, as uncapped penalty is considered as huge risk for the bidder/SI RFP Clause stands. 1. We request to consider "Based on the signatures/patches/solution made available by OEM, 97% of the tickets lodged for distribution nodes shall be resolved in 24hrs and 95% of tickets lodged for clients in less than 48hrs" RFP Clause stands. Consolidated report every week. 9. License, Hardware and Trouble shooting & Resolution of computers, which remain infected: ~I-Software ~iv t:!' 3f( . #~syn a ~~Ihe & tenance ~nalty ~}~ad Identify and apply within 1 day any signature/ solution that needs to be used for all "still infected" machines. Daily report to be Page 7 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. Service Levels SI No: 3 Page No: 9 RFP Term Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications submittedconsolidatedreport every week. For every 0.10% drop, we request bank to consider 0.5% of the monthly payment. In case of any compatibilityissue with For every corrupted PC that remain unsolved respectto the Antivirus Software installation/ to reduce the penalty to Rs 500 per day. up-gradation,the SI shall troubleshoot, We request bank to consider overall max SLA resolve,test and deploy the necessary patch/ solutiononto the affected machines. penalty to 5% of the monthly charges, as uncapped penalty is considered as huge risk 97% tickets loggedfor distributionnode shall for the bidder/SI be resolved in less than 12 hours and 95% tickets loggedfor clients in less than 24 Hours. Daily reportto be submitted. Consolidatedreport every week. 9. License, Hardware and Software Maintenance and Penalty 13. The Broad Service Levels SI No: 4 Page No: 9 11. BID SECURITY AND ~s~ r~~ ~STOFRFP , '~ ~'"" Ben~aluru ~~S7 '.gv No: 11 (c Troubleshoot & resolution computers corrupted due to virus attack: 2. For every 0.10% drop, we request bank to consider 0.5% of the monthly payment. Identifyand apply any signature needed for all corruptedmachineswithin 1 day. For every corrupted PC that remain unsolved to reduce the penalty to Rs 500 per day. Performanceand scalability review report every quarter Providinghistoricaldata of last 6 months immediately. c) THE BID SECURITY MAYBE FORFEITED RFP Clause stands. We request bank to consider overall max SLA penalty to 5% of the monthly charges, as uncapped penalty is considered as huge risk for the bidder/SI We request the bank remove this clause. RFP Clause stands. (b) If a Bidder fails to participate and quote price in Online Sealed bids or fails ~If'" :::!',. -- Page 8 of 14 Date: 13102/2017 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. (b)) Page No: 11 RFP Term to Bidders Request for following Clarifications Banks Clarificationsl Mod ifications login in Reverse Auction Process, or I. BID SECURITY: 11. BID SECURITY AND COST OF RFP a) The Bidder shall furnish, as part of its Bid, a Bid security for an amount of~. 15,00,0001- (Rupees Fifteen Lakh only) in the form of a Bank Guarantee issued by a reputed Bank in India other than Syndicate Bank in the format enclosed valid up to Six months from the date of RFP and to be submitted along with the Technical Bid. Other Leading PSU Banks provide EMD Exemption if the Bidder is MSME registered. Requesting you to extend the same benefit to bidders as well Yes, Bidder registered as MSME units in India will be exempted from payment of cost of RFP and submission of Bid Security. Technical Specifications 16. Page No: 29 Point No: 8 INTERNET-BASED SCAN & DELIVER Should enable automatic submissions of unknown 1 suspected virus samples to vendor and automatic response 1 delivery of the cure Do we mean that the files when suspected will be sent to the vendor cloud? What if the suspected file is a classified file? We suggest that all submissions happen on On Premise and any Automatic response/Delivery happen from on Premise solution for unknown threats. It is the discretion of the bank to submit the filel virus data to the OEM website. The requested functionality should be available in the solution. Technical Specifications 17. Page No: 29 Point No: 11 ROAMING CLIENT SUPPORT - The antivirus software should be able to automatically detect and update definitions & scan engine from the nearest parent server in the network By roaming we understand that the user is outside the LAN, the user should not only be able to get updates but should be able to do submission to on premise Threat intelligence. In case the dedicated updater is down then the updates should be taken up by the nearest updater within LAN. 15. Clause No: 11 (c (b)) Page No: 11 ~e;s ndic~ f#/~~ ifl(~.engal~~~11 ~~ -r Page 9 of 14 Date: 13/02/2017 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. Technical Specifications 18. Page No: 30 Point No: 28 Technical Specifications 19. PageNo:31 Point No: 39 Technical Specifications 20. Page No: 31 Point No: 41 Technical Specifications 21. Page No: 31 ~ Synd.~nt No: 46 M'7 A j'Jl( ~~ ~~, W~ ---=- RFP Term Should have Improved Security with Network Audit - to find out which antivirus solutions are installed on protected workstations and network servers (includes AntiVirus Corporate Edition, McAfee Virus Scan, Trend Micro OfficeScan, Computer Associates, Innoculan, Sophos, Panda etc.,) And find out which workstation and network servers are unprotected Bidders Request for following Clarifications Banks Clarifications/ Modifications Solution can have that capability but as per understanding the Bank currently has SEP. The bank will have only one vendor AV across thus it is imperative to show how many machines are protected/not protected by current AV not multi vendor as it would not be compliant. RFP Clause is clear. Need Clarity on the same. The solution should have the capability to prevent the attacks coming through internet traffic when deployed in the machines which are in the internet zone. Should have VPN Support Need Clarity on the same. Machines which are connecting through VPN installed with AV client should have the capability to connect to the parent machine for updates. Should have Closed Loop Automation through the Digital Immune System Symantec term, Layer technology term suggested with Pattern Matching, Heurestrics, Behaviour Monitoring, Machine learning, Ransomware Protection, Sandbox submission on premise. RFP clause dropped Should have Internet Zone Control .~ Page 10 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 81. Clause No.1 No. Page No. RFP Term Date: 13/02/2017 Bidders Request for following Clarifications Banks Clarificationsl Modifications Need more clarity on this. Technical Specifications 22. Page No: 31 Point No: 48 Should have Unknown Virus Detection & Repair Kindly elaborate as this would include APT as well 1) IDS/IPS on host should not be preconfigured with static rules (They might be applicable or not applicable to endpoint). IDS/IPS should have automatic provisioning as per the Vulnerability posture of the endpoint Technical Specifications 23. Page No: 31 Point No: 52 ~ '® ~~ I.~ Benga/u ~. 560 04 -if, Should Support Anti-Spam Why we need anti-spam on endpoint, it should be protected at the email gateway? Dedicated Email solution also availble, not necessary to make AV client very heavy Should maximize deployment flexibility by providing the ability to pre-configure AntiVirus, FW & IDS installation packages from the central level. 2) Generally spam attack takes place through Email for which dedicated Mail Security is preferable RFP clause stating "Should Support Anti-Spam" stands cancelled. 3) Generally spam attack takes place through Email for which dedicated Mail Security is preferable. - ~SYnd/~ . Should maximize deployment flexibility by providing the ability to pre-configure AntiVirus, FW & IDS installation packages RFP clause dropped (% <9~ :_ II i:i V .J-"f' V' __ T Page 11 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram Clause No.1 No. Page No. 51. Technical Specifications 24. Page No: 31 Point No: 54 ----- Should incorporate a privacy control function that prevents distribution of userdefined confidential information without user knowledge Bidders Request for following Clarifications This is more of a DLP feature that should stop the same with or without user knowledge. Technical Specifications 25. Page No: 31 Point No: 55 Solution should have the capability of machine learningl similar mechanisms (on Machine learning should be on premise and so premise) to detect advanced malware should submissions threats. Technical Specifications 26. Page No: 32 Point No: 70 The Antivirus product should also have the capability to identify phishing attacks and inform to end user Technical Specs , Page No 32, 27. Point 75 Virus incident alerting: the proposed system should be configurable to alert the designated administrators of virus incidences at the very minimum using LAN messages and e-mail messages. SMS (short messaging service) alerting for critical occurrences (configurable) is an added advantage Technical Specs 28. ,Page No 33, ar;:~~~ 'Jl1 anrn Y\~_ b.~ RFP Term Date: 13102/2017 sY~'nt 82 Request bank to bring more clarity on this point Solution should have the capability to integrate with advanced threat prevention mechanisms. Request the bank to bring more clarity on the same. Please define and indicate level of SMS Support and alerts required We request the bank to clarify the same Is it required only with Endpoint ATP? Need more clarity on this. Banks Clarificationsl Modifications RFP Clause is clear. RFP Clause is clear, capability of machine learningl similar mechanisms is on premises. The Antivirus product should also have the capability to identify phishing attacksl phishing sites and inform to end user and administrator. RFP Clause is clear. The solution should have the capability to send SMS to administratorsl operational department personals which is less than 15 in no. The clause is modified as: Solution should have the capability to integrate with advanced threat prevention mechanisms at endpoint level. In" Page 12 of 14 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. PageNo. RFPTerm Date: 13102/2017 Bidders Requestfor following Clarifications Banks Clarificationsl Modifications The clause is modified as: Clause No: 82 29. Page No: 33 Capability to integrate with Advance Threat Protection. Technical Specifications 30. Page No: 35 Point No: 88.34 End Point DLP solution shall provide support for the following platforms: Microsoft Servers of all variants Windows 7 and above Linux, AIX etc. DLP is very user centric and required on endpoints and gateway, not sure on the used case for Linux and AIX, kindly clarify a. Quantity shown for new licenses above is for evaluation purpose only. Payment will be made on Actual number of Licenses supplied & installed. Requesting Syndicate Bank to modify this clause as: The quantity mentioned above, is indicative and the Bank reserves the right to vary the quantity as per requirement but maximum up to 5% +1-. Variation of number of Users 1 assets 1 ticket data up to +/- 5% will be absorbed in the initial pricing. Any addition beyond 5% or any addition of location where the desktop engineer or on call support is required, needs to be charged extra to the customer irrespective of resource increase 1 decrease at the rate to be quoted and agreed between customer and HCL. Price Schedule for License Fee and other charges 31. Notes) a. point Page No: 46 Is it required only with Endpoint ATP? Please clarity on this. Solution should have the capability to integrate with advanced threat protection at endpoint level. RFPclause modified as following: "Solution shall provide support for the following platforms: Microsoft Servers of all variants Windows 7 and above" RFP clause stands. ~Synd~ f~~ I~* BengaIU~" 560047 ~~ ...,' Page 13 of 14 '.~~ T Date: 13102/2017 Ref: Ltr No: 30865/CO: DIT/RFP-223/AV/Ram 51. Clause No.1 No. Page No. Annexure P 32. Page No: 59 33. new RFP Term Bidders Request for following Clarifications Banks Clarificationsl Modifications Annexure P Details of Hardware & Operating System If the bidder quotes for the exisitng brand of AV licenses in Syndicate Bank, can he use the existing hadrware & OS infrastructure Bidder has to provide brand new hardware tailored to meet banks requirements. Frequency of Preventive Maintenance is not mentioned We request the bank to define the frequency of Preventive Maintenance. frequency of Preventive Maintenance should be on Quarterly basis All the participating bidders are requested to make note of the above clarification and all other Terms and conditions of RFP will remain the same. Last date for submission of bid documents has been extended up to 22/02/2017 by 1600 hours at this office Yours faithfully, ~~ General Manager (IT) ((Iv ~~ Page 14 of 14