Corrigendum regarding Tender Document for providing three year licenses, installation, configuration, deployment,

Transcription

1 National Bank for Agriculture and Rural Development, Department of Information Technology, 5th Floor, C Wing, Plot No C-24, G Block, Bandra-Kurla Complex, Bandra (East), Mumbai Corrigendum to Tender Document for providing three year licenses, installation, configuration, deployment, Tender No NBDIT/ 84 / DIT-011-1/ dated 05 th May 2017 Pre-Bid Meeting held on 11 th May 2017 Page Existing mentioned in RFP 1 Can bidder be exempted from payment of EMD and Tender Fee? 2 Additional clause requested - The Bidder may terminate this Agreement upon written notice to NABARD, if NABARD commits a default or material breach under this Agreement and does not remedy the default or material breach within 30 days of notice from the Bidder 3 Additional clause requested - The total liability of the selected bidder shall not exceed the total cost of the order value Neither party shall be liable for indirect and consequential damages under this RFP 4 Request to extend the RFP last date by 15 days as the RFP is of large magnitude this needs No While finalizing the contents of the agreement, suitable clause will be incorporated Request not accepted Request not accepted Page 1 of 13

2 Page Existing mentioned in RFP working and discussion with multiple team & OEM 5 We Request the bank to provide the Address of Locations of installation which will also be required for Billing If the Multi- State billing is required, kindly provide the GSTNID of those state/union Territory 6 Presently single antivirus is running in the organisation or Multiple antivirus? Presently which antivirus is running? 7 Will the Bank Provide necessary Hardware and Operating system, networking for hosting? 8 Pre-Qualifying Criterion in 21 (1) in PART II (Eligibility 9 Documents to be submitted in 21 (1) in PART II (Eligibility 10 Pre-Qualifying Criterion in 21 (3) in PART 28 The bidder should be registered as a company in India as per Company Act Copy of the Certificate of Incorporation issued by Registrar of Companies and full address of the registered office 28 The bidder should have made operating profit of at least Five Lakhs in each of Can a Partnership Firm participate in this Tender? What documentary proof to be submitted by Partnership Firm? Modification Requested: "The bidder should have made It is clarified that Multi-State billing is not required The information cannot be shared Yes The bidder should be registered as a company in India as per Companies Act or the bidder should be a registered Partnership Firm Registered Company has to submit Copies of the Certificate of Incorporation issued by Registrar of Companies and Articles of Association and Memorandum of Association and full address of the registered office Registered Partnership Firm has to submit copies of Partnership Deed and Proof of Registration of Partnership Firm and full address of the registered office Request not accepted Page 2 of 13

3 Page Existing mentioned in RFP II (Eligibility 11 Pre-Qualifying Criterion in 21 (4) in PART II (Eligibility 12 Documents to be submitted in 21 (4) in PART II the last three financial years ( , and ) 28 The Bidder should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Govt organization (or Public Sector Bank) in India, for minimum period of 1 year within last 5 years operating profit of average Three Lakhs in the last three financial years ( , and )" OR We request you to change the years to ( , and )" and with provisional balance sheet certified by Chartered accounts to be considered i Request you to modify this point by mentioning it as "Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt or private organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years" ii Request you to modify this point - The Bidder/OEM should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Govt organization (or Public Sector Bank) in India, for minimum period of 1 year within last 5 years 28 Whether the documents to be submitted for Client Eligibility should require Copy of Client Certification for successful The Bidder should have supplied, implemented and maintained Centralized Antivirus Solution with 5000 licenses in at least one Government organization / Central Public Sector Undertaking / Public Sector Financial Institution / Public Sector Insurance Company / Scheduled Commercial Bank in India, for minimum period of 1 year within last 5 years It is clarified that Certificate of successful completion and maintenance issued by Client is sufficient Page 3 of 13

4 Page Existing mentioned in RFP (Eligibility 13 Pre-Qualifying Criterion in 21 (5) in PART II (Eligibility 14 Documents to be submitted in 21 (5) in PART II (Eligibility 15 Pre-Qualifying Criterion in 21 (9) in PART II (Eligibility in Part IV 29 Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years completion and maintenance with name and contact details of signatory - both from OEM / Vendor or either? Request you to modify this point by mentioning it as "centralised security solution for endpoint or AntiSpam or Mobile antimalware" rather than "centralised anti-virus solution" OR it should be "Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Govt or private organization (or any Bank) in India with sales and support from bidder, for minimum period of 1 year within last 5 years 29 Whether the documents to be submitted for Client Eligibility should require Copy of Client Certification for successful completion and maintenance with name and contact details of signatory - both from OEM / Vendor or either? 29 The Antivirus solution product offered should be part of Leader s quadrant in the latest Gartner Magic Quadrant for Endpoint Protection Platforms Report Although Bank desires antivirus solution for 4300 desktops / laptops, however, the actual number of installations may vary, We request you to relax this condition as it is not a regulatory requirement in India What will be the deviations in number and how it should be factored? Offered Centralized Antivirus Solution Product should have been successfully running with 5000 licenses in at least one Government organization / Central Public Sector Undertaking / Public Sector Financial Institution / Public Sector Insurance Company / Scheduled Commercial Bank in India with sales and support from bidder, for minimum period of 1 year within last 5 years It is clarified that Certificate of successful completion and maintenance issued by Client is sufficient Request not accepted Deviation may be up to 1-2% of total number of installations within a period of three years Page 4 of 13

5 Page Existing mentioned in RFP Point - 5 in 77 at the sole discretion of the bank within the period of 3 years Sub- (l) in Part IV Point - 9 in (Sub-Point l) in Part IV Point 12 in (Technical in Part IV Point 14 in l) Should support wireless devices such as Palm, Pocket PC, and EPOC at no extra cost Successful Bidder shall be responsible for supply/ upgrade of latest Antivirus Enterprise Edition Security Suite for all versions of Windows OS covering Antivirus, Desktop Firewall, Intrusion Prevention System, Device control, Application control, Web protection, External media control, Host Integrity, Integrated repair, detection and removal tool for Malware, Antispyware, Antispam, Adware, Trojan/Worms, etc All the tools / applications should be from single manufacturer s product This should be deployed in the desktops as a single client software The bidder shall provide an active response to all virus related incidents that happen within the Bank and may have to visit the sites at own expense if the problem is not resolved centrally Kindly clarify regarding wireless device type and model nos for palm, pocket PC or EPOC devices Vulnerability Protection and Application Control may Need Separate Client Requesting to modify this point where the endpoint security solution can be achieved by same manufacturer product but through different agents Does technical support cost on request (Call) basis includes for problems which not solve centrally? The line referred here in Sub- l) is modified as : l) Should support Operating System (OS) of portable wireless devices such as OS of PDA, tablet OS, mobile phone OS including android, ios, mobile OS built on linux, Windows mobile OS, etc Successful Bidder shall be responsible for supply/ upgrade of latest Antivirus Enterprise Edition Security Suite for all versions of Windows OS covering Antivirus, Desktop Firewall, Intrusion Prevention System, Device control, Application control, Web protection, External media control, Host Integrity, Integrated repair, detection and removal tool for Malware, Antispyware, Anti-spam, Adware, Trojan/Worms, etc All the tools / applications should be from single manufacturer s product This should be provided by one manufacturer and may be deployed in the desktops as client software manageable from Management Server(s) Console The bidder shall provide an active response to all virus related incidents that happen within the Bank and may have to visit the sites at own expense if the problem is not resolved centrally The Bidder has to provide one consolidated Cost for Support Page 5 of 13

6 Page Existing mentioned in RFP (Technical in Part IV Point - 17 in All the above points are applicable in respect of all branches / offices of the Bank throughout the country Required location details of Bank s RO, TE offices / Branches and Connectivity details of all users in Table B in Annexure J NABARD has Active Directory infrastructure and it is expected that the successful bidder (vendor) will resolve the problems in NABARD Offices from Head Office(HO) site by using Management Server or remote connection (to computer in Regional Office / Training Establishment) It is clarified that providing location details is not necessary as Antivirus will be deployed centrally through WAN and Active Directory in Part IV Point - 18 in The solution would be managed centrally using a web-based console that allows system monitoring, software updates, client configuration, and event reporting The central site administrator should have the ability to manage the software at all levels of the network and have the ability to remotely deploy product updates and modifications to all users The solution should support plug-in modules designed to add new security features without having to redeploy the entire solution, thereby reducing effort and time needed to deploy new security capabilities to clients and servers across the network It should be possible to install all features (antivirus, antispyware, Enterprise Client Firewall and damage clean-up) at the same time via client deployment methods and to Apart from Web Based console, we request you to consider MMC (Microsoft Managed Console) as well MMC's biggest advantage is, is it independent of any protocol and browsers and works as an application lowering down the risk of browser based attacks Request you to reframe it as "Web Based Console / MMC" The solution would be managed centrally using a web-based console / MMC (Microsoft Management Console) that allows system monitoring, software updates, client configuration, and event reporting The central site administrator should have the ability to manage the software at all levels of the network and have the ability to remotely deploy product updates and modifications to all users The solution should support plug-in modules designed to add new security features without having to redeploy the entire solution, thereby reducing effort and time needed to deploy new security capabilities to clients and servers across the network It should be possible to install all features (antivirus, anti-spyware, Enterprise Client Firewall and damage clean-up) at the same time via client deployment methods and to Page 6 of 13

7 Page Existing mentioned in RFP manage centrally via the web-based management console manage centrally via the web-based management console / MMC in Part IV Point 20 in ( Technical in Part IV Point 21 in ( Technical in Part IV Point 23 in The solution should provide customized web based reports for easy interpretation The central site management system must be capable of providing a daily report of found viruses, including locations and a report of incomplete or failed nodes updates for each location These reports must be accessible by the network administrator at the Central Server The solution should provide a secure Web-based management console to give administrators transparent access to all clients and servers on the network It should provide customized web based reports for easy interpretation It should also provide reports, that reflecting, the patch has been deployed It should offer centrally managed Client Firewall and IDS and should also have virtual patching and it should be an automated process Need clarification on "Web Based Reports" Would request to specify types of reports and reframe it as "Customized reports for easy interpretation" Need Clarification on the daily reports based on location The same can be achieved using Group based reporting where in every group would indicate a location to which a system belongs Please correct our understanding Need clarification on "Web Based Reports" Would request to specify types of reports and reframe it as "Customized reports for easy interpretation" Request to make Virtual Patching Generic and to reframe it as " and should also have Exploit prevention to prevent any attacks for any type of unpatched systems" The solution should provide customized reports for easy interpretation It is clarified that the requirement in this regard is unambiguous The solution should provide a secure Webbased management console/mmc to give administrators transparent access to all clients and servers on the network It should provide customized reports for easy interpretation It should also provide reports, reflecting, the patch has been deployed It should offer centrally managed Client Firewall and IDS The solution should offer virtual patching or mitigate vulnerabilities for any type of unpatched systems and it should be an automated process The Solution should preferably support scanning on Client Computer for the purpose of discovering and protecting Page 7 of 13

8 Page Existing mentioned in RFP the existing vulnerabilities on the computer in Part IV Point 24 in in Part IV The solution should update a particular PC in a ROs/TEs office from Central server All other PCs in the respective branch / office will get updates from that particular PC not from central server One Computer will work as update agent/repository of the centralized server at the ROs/TEs level This computer will get updates from the centralized server at off-working hours All other computers installed at respective ROs/TEs offices will get updates from the agent/repository computer automatically in a scheduled time or as and when required through Local Area Network (LAN) Solution should have facility to update patches on scheduler basis & zone basis The Client machine acting as update agent, thereby, delivering pattern updates to rest of the machines in the LAN, should have the capability to upgrade program upgrades also and no separate web server should be required The antivirus Server should have the capability to assign a client the privilege to act as an update agent for rest of the agents in the network The Management Server should be able to block access to Network in endpoint where host integrity is compromised without requiring any additional client Need Clarification "patch updatation is a different solution altogether, request you not to add it into an End Point solution Need Clarification on Host Integrity Check parameter The Solution should be able to configure one Computer to work as update agent/repository of the centralized server at the ROs/TEs level This computer will get updates from the centralized server at scheduled hours All other computers installed at respective ROs/TEs offices will get updates from the agent/repository computer automatically in a scheduled time or as and when required through Local Area Network (LAN) Solution should have facility to provide update on scheduler basis & zone basis The Client machine acting as update agent, thereby, delivering pattern updates to rest of the machines in the LAN, should have the capability to upgrade program upgrades also and no separate web server should be required The antivirus Server should have the capability to assign a client the privilege to act as an update agent for rest of the agents in the network It is clarified that Vendor is required to indicate availability of feature in Technical Compliance Sheet (Annexure - H) Page 8 of 13

9 Page Existing mentioned in RFP Point 32 in in Part IV Point-34 in in Part IV Point 35 in in Part IV Point - 38 in in Part IV deployment, management or administration The scan engine of the protection software must employ smart scanning that provides scanning of only those s which may contain viruses When a virus is detected in or attachments, the software must have the ability to automatically send notification to the sender, recipient(s) and network administrator Notification must include date and time of infection, location of server infected, infected file name, action taken on the infected file and recipient being infected The solution should provide the ability to remove virus and other malicious codes from desktops as well as repair of damage of the computer It should have the facility of quarantine of virus affected file system The Proposed Solution should support Backup and restore of Ransomware-encrypted files The antivirus Management server should have role based administration with Active Directory integration It should offer features to create custom role type Request to make the Term Smart Scanning generic Request you to modify this point by removing " and attachment" and the related sub point ie " sender and recipient" Backup and restore is not the solution to prevent ransomware attacks Request you to reframe it to "Providing anti-ransomware protection and prevention against exploits" Note - Anti Ransomware should work on behaviour analysis and should not dependent on the file backup - restore methodology Need Clarification: Does location awareness means different policies for same set of users when in the office and outside office? The scan engine of the protection software must have feature to provide smart / agile scanning of only those s which may contain viruses When a virus is detected, the software must have the ability to send notification to the user and network administrator Notification must include date and time of infection, location of computer infected, infected file name, action taken on the infected file and recipient being infected The solution should provide the ability to remove virus and other malicious codes from desktops as well as repair of damage of the computer It should have the facility of quarantine of virus affected file system The Proposed Solution should have feature to recover files damaged or encrypted by Ransomware Request not acceded, original requirement to be fulfilled Page 9 of 13

10 Page Existing mentioned in RFP Point -43 in in Part IV Point -51 in in Part IV Point - 54 in 81 and to add uses to a predefined role or to a custom role The antivirus Management server should support grouping of clients into domains for easier administration The antivirus Management server should provide Policy action based on location awareness and should allow establishing separate configuration for internally versus externally located machines The Security Compliance feature in Solution may leverage Microsoft Active Directory services to determine the security status of the computers in the network The solution should be able to do the following: a) Terminating all known virus processes, exploit content and threats in memory b) Repairing the registry c) Deleting any drop files created by viruses d) Removing any Microsoft Windows services created by viruses e) Restoring all files damaged by viruses f) Includes Clean-up for Spyware, Adware etc The antivirus solution should have CPU usage performance control during scanning It should Check the CPU usage level configured on the Web console and the actual CPU consumption on the computer and should adjust the scanning speed if: Security being a prime concern, should be strict for the users irrespective of the users being inside or outside the network Request you to make it Generic and dilute location awareness point Terminating all the processes might not be possible if the infections is using system process thread Moreover, AV generally isolates the infected details into quarantine which can be deleted and cleaned as and when required Request you to reframe it as "The solution should be able to block any sort of virus/malware/etc in its early stage before infecting the system" Request you to make it generic Request not accepted, original requirement to be fulfilled The antivirus solution may provide feature of System Utilization levels/ System Performance levels/ Resource Utilization levels/ Resource Performance levels (eg, Low, Below Normal, Medium, Normal level) during scheduled scans on the Client End-Point and this level should be Page 10 of 13

11 Page Existing mentioned in RFP The CPU usage level is Medium or Low Actual CPU consumption exceeds a certain threshold configurable from the Management Server console in Part IV Point - 55 in in Part IV Point - 56 in The antivirus solution should provide Outbreak Prevention to limit/deny access to specific shared folders, block ports, and deny write access to specified files and folders on selected clients in case there is an outbreak The antivirus solution should have a manual outbreak prevention feature that allows administrators to configure port blocking, block shared folder, and deny writes to files and folders manually The solution should maintain Integrity of endpoints to ensure endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments with the ability to isolate a managed system that does not meet requirements The antivirus solution should safeguard endpoint mail boxes by scanning incoming POP3 and Outlook folders for Threats Requesting to modify this point by "limit / deny access to shared folders" and to include "deny access to excutable compress file and mutex exclusion handling on malware process" The point refers to the requirement of Security The feature has got dependencies on the connectivity, Protocol used and various parameters security is full flegedly a part of Security solutions and should not be clubbed with the AV More ever Nabard should already be using gateway for providing security Request you to make The antivirus solution should provide Outbreak Prevention to block specific ports, deny write access to specified files and folders and deny access to executable compress file on selected clients in case there is an outbreak The antivirus solution should have a manual outbreak prevention feature that allows administrators to configure port blocking, block shared folder, and deny writes to files and folders manually The solution should maintain Integrity of endpoints to ensure endpoints are protected and compliant by enforcing policies, detecting unauthorized changes, and conducting damage assessments with the ability to isolate a managed system that does not meet requirements Request not accepted Page 11 of 13

12 Page Existing mentioned in RFP security optional or availability as a dedicated solution in Part IV Point - 57 in The antivirus solution should be able to manage both SaaS (Software as a Service) and on premise solution from the single management console Request you to make it generic The existing clause is generic, however, for clarity, it is clarified as under: The antivirus solution should be able to manage both On-premise and cloud users (users who are not regularly connected to Office WAN and are required to update antivirus through the Internet) console from Single Management Console The successful bidder/vendor shall, at his own expense, deposit with the Chief General Manager, Department of Information Technology, NABARD, Mumbai, within 15 days from the date of Purchase Order, an unconditional and irrevocable Performance Bank Guarantee, in format as per Annexure A, issued by any scheduled commercial bank equal to 10% of the order value valid for 42 months (36 Months+6 Months Claim Period) from the date of purchase order 37 Sub- 8 (Fall ) in Pre-Contract Integrity Pact ( Annexure-K) 81 The BIDDER undertakes that it has not supplied/s not supplying similar product/systems or sub systems at a price lower than that offered in the present bid in respect of any other Ministry/Department of the Government of India or PSU and it is found at any stage that similar product/systems or sub systems was supplied by the BIDDER to any other Ministry/Department of the Request to change - If the contract is awarded, the Vendor shall furnish a Performance Bank Guarantee in the format as required by NABARD to the extent of 10% of the value of the contract within 15 days from the date of from the date of acceptance of the purchase contract/ Work Order We request that this clause be deleted in its entirety as the pricing of the Bidder for similar products is based on several factors such as RFP terms, volume commitments and such other requirements, which may differ from Client to Client, and therefore it may not be possible to match the pricing between different clients Request not accepted Pre-Contract Integrity Pact has to be as per the format prescribed by Government of India No dilutions / modifications are allowed Page 12 of 13

13 Page Existing mentioned in RFP Government of India or a PSU at a lower price, then that very price, with due allowance for elapsed time, will be applicable to the present case and the difference in the cost would be refunded by the BIDDER to the BUYER, if the contract has already been concluded Clarification / Part Page Clarification Table B in Annexure J 88 The Bidder has to provide one total consolidated Cost for Support in Table B in Annexure J No breakup of Support Cost, apart from Tax Breakup, is required If the bidder mentions per call charges, the bid will be invalid Page 13 of 13