E - Tender. Export-Import Bank of India. WTC, 21 st floor, Centre One Building, Cuffe Parade, Mumbai For

Transcription

1 E - Tender For IS-Audit Tender Reference No: IT/EXIM/RFP/ /033 Ph: dharmendra@eximbankindia.in At Export-Import Bank of India WTC, 21 st floor, Centre One Building, Cuffe Parade, Mumbai

2 INDEX Contents 1.BID Schedule and Address QUOTATION BID NOTICE NOTICE INVITING TENDER Mandatory Information TENDER FORM E-Tendering Process Compliance Statement Eligibility Criteria Scope of Work Pre-requisite Scope Two Stage Bidding Process: Payment Terms General Information to Bidders OPENING OF TENDER DOCUMENTS REQUIRED TO BE ATTACHED WITH THE TECHNICAL BID: Annexure A Bid Offer Form (without Price) OFFER LETTER Annexure B Eligibility Criteria (Technical Bid) Annexure C Commercial Bid Format : Annexure D Bidder s Experience Annexure E - Client Details Annexure F - Confidentiality & Non-Disclosure Agreement... 24

3 1.BID Schedule and Address INTRODUCTION Export-Import Bank of India (Exim Bank) was set up for the purpose of financing, facilitating and promoting foreign trade in India. It is the principal financial institution in the country for coordinating working of institutions engaged in financing exports and imports. Exim Bank completed 34 years of operations in March Set up by an Act of Parliament in September 1981, the Bank commenced operations in March 1982 and is wholly owned by the Government of India. Over the last 10 years, Exim Bank has taken several initiatives to help Indian Companies globalize their operations. Exim Bank s current vision is to develop commercially viable relationships with a target set of externally oriented companies by offering them a comprehensive range of products and services aimed at enhancing their internationalization efforts. Exim Bank has been pursuing its mission of enhancing Indian competitiveness by adopting a strategy that addresses the needs of Indian exporters through advisory services and research. Finance is increasingly supplemented with export-related services. Financing programmes are supplemented with advisory services based on Exim Bank s extensive access to business information worldwide and are backed by research and analysis. The Eximius Centre for learning with state-of-the-art facilities offers focused programmes to support institutionbuilding efforts of companies. For further information, visit our web-site

4 Sr. Description Detailed Information No. 1 Name of Project General IS Audit (As per ISMS 27001) 2 Tender Document Cost ` 3000/- 3 Last Date for acceptance of Tender Document Fee 20-Jan :00 Pm. 4 EMD Amount Not Applicable 5 Date of Online Notice 10-Jan :00 Pm. 6 Document Downloading start Date 10-Jan :30 Pm. 7 Document Downloading END Date 24-Jan :00 Pm. 8 Tender Reference Number IT/EXIM/RFP/ /033 9 Last date and time for Bid Submission 10 Date and Time of Technical Bid Opening 11 Date and Time of Commercial Bid Opening 12 Place for Technical / commercial Bid Opening 13 Name and Address for communication 25-Jan :00 PM 25-Jan :00 PM 25-Jan :00 PM Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai Mr. Dharmendra Sachan Dy General Manager-IT Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai PLACE OF RECEIPT OF TENDER : e-tendering / Electronic Tendering / Web Tendering / Online Tendering is the simulation of the manual tendering process on the internet. i.e., The eligible bidders / contractors can log on to the internet site specified using unique user name & password and place their Technical & Commercial bids. The eligible bidders will be trained by M/s. ABC Procures Technologies Ltd. personnel on the methodology of submitting the bids online using a special digital signature/electronic key / password at the date and time specified. The bids placed by the contractors are confidential and will be opened by the authorized EXIM Bank officials. No other person can gain access to the information regarding the bids, which is confidential in nature. Closed online bid: The bidders are requested to note that the submission shall be done only online, can be downloaded only after the tender fees are paid to Exim Bank. The bidders are requested to feed the required information for technical bid and the bidders who are eligible shall upload individual item rates online during the stipulated timeframe.

5 Minimum requirement: 1. Computer/Laptop with internet connection 2. Operating system Windows XP Service pack -3 / VISTA/ WINDOWS 7 3. Digital certificate -Class II or III, Singing + Encryption, and it should be organizational certificate. 2.QUOTATION BID NOTICE The quotation bid is invited for General IS Audit of EXIM Banks s IT Infrastructure At Export-Import Bank of India WTC, 21st floor, Centre One Building, Cuffe Parade, Mumbai CONTACT INFORMATION FOR E-TENDER PROCESS Vendor registration can be done online by opening Website: Click on New Bidder Registration link, create User Id and Password and attach your Digital certificate. For any clarification kindly contact. e-procurement Technologies Limited A- 801 Wall Street - II, Opposite Orient Club, Nr. Gujarat College, Ellis Bridge, Ahmedabad Gujarat State, India Phone: +91 (79) /12/13/14/15/16/17/18/19/20/21 Fax: +91 (79)

6 3. NOTICE INVITING TENDER Export-Import Bank of India (EXIM BANK) invites e-tender in two bid system from the reputed and experienced firm for IS-Audit for EXIM Bank s IT-Infrastructure 1. The e-tender document will be available on Exim Bank s website 2. The tender documents should be submitted on or before 4.00 p.m. on 25/01/2017 on the given website for e-tendering ( and will be evaluated on the techno-commercial basis. 4. Exim Bank reserves the right to cancel the tender. 5. The acceptance of a e-tender by EXIM BANK, which does not bind itself to accept the lowest tender and EXIM BANK reserves itself the authority to reject any or all of the tenders. All tenders in whom any of the prescribed conditions are not fulfilled or are incomplete in any respects are liable to be rejected. 6. Canvassing in any form in connection with e-tender is strictly prohibited and the tenders submitted by the contractors who resort to canvassing will be liable to rejection. 7. All rates should be quoted on the proper form in the e-tender as provided. 8. On acceptance of the e-tender, the name of the accredited representative (s) of the contractor who would be responsible as an authorized signatory, for taking instructions from EXIM BANK shall be communicated to EXIM BANK. 9. The tender shall be valid for 3 months from the date of opening of tenders. 10. It will be obligatory on the part of the tenderer to sign the e-tender documents on each page.

7 4. Mandatory Information Required for Prequalification of the Tenderer Sr. No. Particulars 1. * Name of the Company Details 2. * Name of the Proprietor, Partners/Directors 3. Office Telephone Nos. 4. * Address 5. Address 6. * Year of Establishment 7. Registration No. Date of Registration 8. Status Of Firm. (Proprietor/Partnership/Co. etc.) 9. Name of Bankers 10. * PAN Card No. 11. Sales Tax No. 12. VAT No. 13. * Service Tax No. I/We confirm that to the best of our knowledge this information is authentic and accept that any deliberate concealment will amount to disqualification at any stage. Seal and Signature of the Bidder/s not required since the document is Digitally Signed. Date: Place: Note: Please upload scanned copies of the above mentioned documents with sr. nos. marked(*) on it.

8 5. TENDER FORM To, Dharmendra Sachan, Deputy General Manager Export Import Bank of India Center One Building, Floor 21 World Trade Centre Complex (WTC) Cuffe Parade, Mumbai Dear Sir, Ref: IS Audit in Exim Bank, Cuffe Parade, Mumbai. E-tender Ref No: IT/EXIM/RFP/ /033 Having examined the tender details, terms and conditions, prepared by you, I/we hereby offer to execute the above works at the respective rates, which I/we have quoted for the items in the Schedule of Quantities as per your terms & conditions mentioned in the tender. In the event of this tender being accepted, I/we agree to enter into and execute the necessary contract required by you. I/we agree to pay all applicable taxes prevailing and be levied from time to time on such items for which the same are leviable. I/we understand that you are not bound to accept the lowest tender or bound to assign any reasons for rejecting our tender. We unconditionally agree Exim Bank s preconditions a stipulated in the tender documents. I/We agree that in case of my/our failure to execute work in accordance with the Scope of Work provided, Exim Bank reserves the right to terminate my. Further, I may also be barred from e-tendering in future for the Exim Bank. I/we agree to keep our tender open for 90 days from the date of opening. Yours truly, Place: Date: Name: Designation: Seal:

9 6. E-Tendering Process Compliance Statement The following terms and conditions are deemed as accepted by you for participation in the bid event: 1. The price once submitted cannot be changed. 2. Technical and other non-commercial queries (not impacting price) can be routed to the respective contact personnel of EXIM Bank indicated in the tender document. Bidding process related queries could be addressed to M/s e Procurement Technologies Ltd personnel indicated in the tender document. 3. Inability to bid due to telephone line glitch, Internet response issues, software or hardware hangs will not be the responsibility of M/s e-procurement Technologies Ltd or the EXIM Bank. However M/s e-procurement Technologies Ltd, shall make every effort to ensure availability of technology resources to enable continuous bidding. 4. M/s e-procurement Technologies Ltd does not take responsibility beyond the bid event. Order finalization and post order activities would be transacted directly between bidder and the EXIM bank. 5. Bids once made cannot be withdrawn or modified under any circumstances. 6. EXIM Bank can decide to extend or reschedule or cancel an e-tendering. 7. The bidders are advised to visit for any corrigendum etc., I / We have read, understood and agree to abide by the etendering process compliance Statement. Date Organization Name Designation : Seal and Signature of the Bidder/s not required since the document is Digitally Signed.

10 7. Eligibility Criteria The invitation to bid is open to all Bidders who qualify the Eligibility Criteria as given below, Failure to provide the desired information and documents may lead to disqualification of the Bidder. 1. The Bidder should be an Information Security audit firm and Cert-In Empanelled. Proof is required for CERT-In empanelment. 2. The bidder should have conducted IS-Audit in Data Centers of at least 2 banking or financial institutions (Please attach documentary evidence like work order, evidencing for having completed the assignment in last 3 years.) 3. Audit should be carried out by CERT-In empanelled audit firm by persons having CISA/ CISSP / CISM/ ISO27001 qualifications with at least five years of IS audit experience. The Core Audit Team proposed by the Service Provider should be employers on the rolls of the Service Provider. No part of the engagement shall be outsourced by the selected Service Provider to third party vendor. 4. The firm should submit Non-Disclosure Agreement. 5. All the above Eligibility criteria are mandatory. Exim Bank has the right to Technically disqualify any bidder, if they are not meeting the above requirement.

11 8. Scope of Work EXIM BANK invites e-tender from eligible bidders for I S A u d i t. The criteria and the actual process of evaluation of the responses to this e-tender and subsequent selection of the successful bidder will be entirely at Bank s discretion. Pre-requisite The Bidder should possess the requisite experience, resources and capabilities in providing the services necessary to meet the requirements, as described in the tender document hereof. The Bidder should have impeccable reputation and good will, based on consistent delivery of professional services with the highest technical and ethical standard. Bidders not meeting the Eligibility Criteria will not be considered for further evaluation. Scope 1. Place of IS Audit (Centralized from Head Office, Mumbai): IS audit of Head office and regional offices (9 locations) will be carried out from Head-Office, Mumbai. Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai IT-Infra in Scope: Device Type Quantity Platforms Servers 37 Windows, Aix Database 20 Oracle, SQL Server, MySQL Desktops 416 Windows Applications 03 IIS / Active Directory Network Devices 34 NA Security Devices 19 NA Data Centre 02 Head Office (Primary DC) and DR Site Hyderabad Please note that the Application & Database servers are counted in both sections Servers section & Database/Applications section.

12 1. Bidder should provide the following document:- 1. Approach and Project Schedule (Mandatory) 2. Methodology 3. Deliverables (Security Assessment Report etc.) a. Management Summary with overall severity graph. b. Separate reports for IS-Audit (Head-Office and Regional Office) confirming with IS policies. c. Detailed results for vulnerabilities discovered, exploited vulnerabilities and proof of concepts/screenshots. d. Detailed explanations of the implications of findings, business impacts, and risks for each of the identified exposures. e. Remediation recommendations to the gaps identified. f. Detailed steps (wherever applicable) to be followed while mitigating the reported g. Vulnerabilities Report would be delivered in a password protected Adobe Acrobat (PDF) document format. 4. Roles and Responsibilities of bidders would be as follows as below but not limited to:- 1. IS audit against Bank s approved IS policies. 2. Attempting to guess passwords using password-cracking tools. 3. Attempting penetration through perceivable network equipment/addressing and other vulnerabilities. 4. Check if any Vulnerability exists in the Servers, Desktops, Database, Applications, Network and Security devices in scope without disturbing operations. 5. Sniffing Data or information. 6. To check whether there is any vulnerability present in all IT assets in scope. 7. Vulnerabilities of unnecessary utilities residing on Application server. 8. Effectiveness of Tools being used for monitoring systems and network against intrusions and attacks. 9. If any cases of unauthorized access through hacking, denial of service due to technological failure is possible. 10. Any other items relevant in the case of security. 11. The assessment should include following sections for testing:- a. Trusted & DMZ Zone b. Remote Access c. Network Security Assessment

13 d. Network Security Components e. Network Operational Readiness 12. One or more full-time Security Consultant(s) as required for delivery of the services. 13. Expertise from Security Consultants for the purposes of review and quality assurance. 14. Consultant(s) coordinate access to the required project materials and personnel. 15. Respond schedule update regarding the project. 16. Provide documents / diagrams detailing the project information in a timely manner. 17. Compliance Audit after 1 month of submission of Audit reports. 18. Creation / Updation of Secure Configuration document, as per Scope of Work. Two Stage Bidding Process: 1. For the purpose of selection of the Service Provider, a two-stage bidding process will be followed. 2. The bidders will submit their bids as Technical Bid and Commercial Bid respectively. The Technical Bid will contain exhaustive and comprehensive details, IS Audit approach documents etc. 3. The Commercial Bid will contain only the pricing information. 4. In the first stage, only the Technical Bids will be opened and evaluated. Those bidders whose technical bids satisfy the RFP eligibility criteria and terms and conditions as determined by EXIM BANK shall only be short-listed for commercial bid evaluation. 5. Under the second stage, the Commercial Bids of bidders who have been shortlisted as stated in para 4 above, will be taken up for opening. 6. Kindly note that the EXIM BANK s decision in the selection process will be final and, further, EXIM BANK reserves the right to proceed with or cancel the bid processing at any stage of the bid -processing, if it considers such a cancellation is necessary. Payment Terms 1. The Payment Terms shall be as follows and subject to the deliverables % payment shall be paid on delivery of IS-Audit, 3. Bidders have to make their own arrangement for their travel and stay at the above said locations during the assessment at their own cost.

14 9. General Information to Bidders (a) E-Tender(s) which does not comply with this instruction shall be summarily rejected. (b) All credentials, documents and copies of certificate/information called for would be submitted with the e-tender format. (c) Necessary clarification if any required by EXIM BANK shall be furnished by the tenderer through within the time given by EXIM BANK for the same. EXIM BANK is at liberty to verify any or all documents Submitted by the tenderer, even by referring to third parties. (d) It should be clearly understood by the tenderer that no further opportunity shall be given to them to modify or withdraw any stipulation at any stages of the contract. (e) The e-tender form shall be filled clearly, neatly and accurately. Any wrong information/ mistakes will render the e-tender invalid. Alteration neatly carried out and attested over the full signature of tenderer, however, is permitted. Important: The Professional fees should include travelling, boarding and lodging and all incidental costs. The fees quoted should be all inclusive cost. Please state the number of man-days required for completion of the General IS Audit (a)information about Tenderer:- The tenderer must furnish full, precise and accurate details in respects of information asked for. (b) Signing of Tenders:- (i) The tenderer should have digital signature on his/their firm name. Digitally signing the e-tender shall state in what capacity he is or they are signing the tender e.g. as sole proprietor to a firm or a Secretary /Manager/Managing Director, etc. of a limited company.

15 10. OPENING OF TENDER The e-tender will be opened in EXIM BANK, 21 st floor, WTC, Mumbai at the time and on the date indicated above. The tenderer will be at liberty to be present either in person or through an authorized representative at the time of opening of the tenders. The financial bid of only those tenderer will be opened whose technical bids are found to be acceptable

16 11. DOCUMENTS REQUIRED TO BE ATTACHED WITH THE TECHNICAL BID: A) Self attested copies of the following documents are to be annexed:- Document-I CERT-In Empanelled letter for current year. Document-II Income Tax Pan No. of Firm. Document-III Attested copies of partnership deed/copy of Memorandum and articles of association, as the case may be. Document-IV Name and address of all partners/directors/proprietors as the case may be. Document-V Attested copies of Experience letter/registration certificate of consultantsworking on assignment. Document-VI All other Document mentioned in Tender, e-tender documents its annexure, schedules. Document VII The Bidder should sign and stamp each page of e-tender document for acceptance of all terms and conditions and the same should be enclosed in the technical bid. Document-VII Documentary evidence of Work Order for at least 2 Banks or Financial Institutes in last 3 years.

17 Annexure A Bid Offer Form (without Price) (Bidder s Letter Head) OFFER LETTER Date: To: The Dy General Manager Export-Import Bank of India, Floor 21, Centre One Building World Trade Centre Complex Cuffe Parade, Mumbai Dear Sir, Subject: Regarding E-Tender No. IT/EXIM/ RFP/2016/17/33: dated 10 th Jan 2017 for IS-Audit We have examined the above referred e-tender document. As per the terms and conditions specified in the e-tender document, and in accordance with the schedule of prices indicated in the commercial bid and made part of this offer. We acknowledge having received the following addenda / corrigenda to the e-tender document. Addendum No. / Corrigendum No. Dated While submitting this bid, we certify that: 1. Prices have been quoted in INR. 2. The prices in the bid have not been disclosed and will not be disclosed to any other bidder of this e-tender. 3. We have not induced nor attempted to induce any other bidder to submit or not submit a bid for restricting competition. 4. We agree that the rates / quotes, terms and conditions furnished in this tender are for EXIM BANK. If our offer is accepted, we undertake, to start the assignment under the scope immediately after receipt of your order. We also note that EXIM BANK reserves the right to cancel the order and order cancellation clause as per terms and condition would be applicable.

18 We agree to abide by this offer till 180 days from the last date stipulated by EXIM BANK for submission of bid, and our offer shall remain binding upon us and may be accepted by EXIM BANK any time before the expiry of that period. Until a formal contract is prepared and executed with the selected bidder, this offer will be binding on us. We also certify that the information/data/particulars furnished in our bid are factually correct. We also accept that in the event of any information / data / particulars are found to be incorrect, EXIM BANK will have the right to disqualify /blacklist us and forfeit bid security. We undertake to comply with the terms and conditions of the bid document. We understand that EXIM BANK may reject any or all of the offers without assigning any reason whatsoever. Yours sincerely, Authorized Signature [In full and initials]: Name and Title of Signatory: Name of Company/Firm: Address

19 Annexure B Eligibility Criteria (Technical Bid) S.NO. MINIMUM ELIGIBILITY CRITERIA 1*. The Bidder should be an Information Security consulting firm and empanelled vendor The bidder should 2*. have conducted I S A u d i t of Data Centers of at least 2 banking or financial institutions (Please attach documentary evidence like work order, evidencing for having completed the assignment.) RESPONSE OF THE BIDDER Name of assignment YES/NO 5 Marks YES/NO 10 marks Place Approx order value DOCUMENTS ATTACHED Please attach document Please attach documentary evidence like work order evidencing the completion of the assignment. 3*. The consultants conducting the IS Audit, should be a Certified professional. And must have minimum of 5 years in Information Security Field. YES/NO 15 marks Please attach their current certificate and experience letters.

20 4. Number of IS-Audit s executed by Firm in FY , to <= 10 =10 Marks 11 to <20= to <40 = 30 >40=40 5 Number of CISA,CISM,CISSP, ISO Certified Resources <5 = 10 Marks 5 to 10 = 15 Marks 11 to 20 = 20 Marks >20= 30 Marks Maximum 40 Marks Maximum 30 Marks Declaration Letter is required. Declaration Letter is required. 60 Marks required for Technical Qualification. Please note bidders who fulfil the above criteria are only allowed. Signature:.Name: - Designation:- Date: _, Place

21 Annexure C Commercial Bid Format (Fill Online Only): S. No. Device Type Quantity Platforms Total Price 1 Servers 2 Database 37 Windows, AIX 20 Oracle, SQL Server, MSQL 3 Desktops 416 Windows 4 Applications 03 IIS / ActiveDir 5 Network 25 NA Devices 6 Security 34 NA Devices 7 Data Centers 2 HO & DR Total Price

22 Annexure D Bidder s Experience A - Bidder s Organization [Provide here a brief description of the background and organization of your firm/company. The brief description should include ownership details, date and place of incorporation of the company/firm, objectives of the company/firm etc. B - Bidder s Experience [Using the format below for each Project for which your company/firm was legally contracted for IS Audit. S. No. Particulars Details 1. Name of the Project 2. Approximate cost of contract/project cost 3. Bank/FI Name 4. Duration of Project (months) Note: Please provide documentary evidence from the client wherever applicable. This Annexure has to fill separately for each of the subcontractors. Signature:. Name: Designation: Date: _, Place

23 Annexure E - Client Details Provide details the client details wherever available: S. No. Name of Institution Contact Person Name and Designation Contact Details with e- mail Preferable time to contact Signature:. Name: - Designation: Date: Date: _, Place _, Place

24 Annexure F - Confidentiality & Non-Disclosure Agreement * Stamped for Rs. 100 To be executed by successful bidder post issue of Purchase Order by Exim Bank. This agreement is made on this the----- day of , 2017 between Export-Import Bank of India (EXIM BANK) a company incorporated in India under the provisions of The Companies Act, 1956 (Section 25) and having its registered office at Floor 21, World Trade Center, Cuffe Parade,Mumbai (Hereinafter referred to as EXIM BANK ) which expression shall mean and include unless repugnant to the context, its successors and permitted assigns); AND (Name of Information Security Consulting firm) and having its registered office at which expression shall mean and include unless repugnant to the context, its successors and permitted assigns). WHEREAS: EXIM BANK had floated a Request for Proposal for I S A u d i t of their Information system & IT infrastructure and whereas (Name of Information Security Consulting firm) has been, through an RFP process, selected as the successful Bidder and has been awarded this work. During the course of IS-Audit (Name of Information Security Consulting firm) and EXIM BANK may disclose to each other certain information which may be proprietary and/or of confidential nature. NOW THEREFORE In consideration of the mutual protection of Information herein by the parties hereto and such additional promises and understandings as are hereinafter set forth, the parties agree as follows: 1. For purposes of this Agreement, "Confidential Information" means, with respect to either party, any and all information in written, representational, electronic, verbal or other form relating directly or indirectly to the present or potential business, operation or financial condition of or relating to the disclosing party (including, but not limited to, information identified as being proprietary and/or confidential or pertaining to, pricing, marketing plans or strategy, volumes, services rendered, customers and suppliers lists, financial or technical or service matters or data, employee/agent/ consultant/officer/director related personal or sensitive

25 data and any information which might reasonably be presumed to be proprietary or confidential in nature) excluding any such information which (i) is known to the public (through no act or omission of the receiving party in violation of this Agreement); (ii) is lawfully acquired by the receiving party from an independent source having no obligation to maintain the confidentiality of such information; (iii) was known to the receiving party prior to its disclosure under this Agreement; (iv) was or is independently developed by the receiving party without breach of this Agreement; or (v) is required to be disclosed by governmental or judicial order, in which case the party so required shall give the other party prompt written notice, where possible, and use reasonable efforts to ensure that such disclosure is accorded confidential treatment and also to enable such other party to seek a protective order or other appropriate remedy at such other party's sole costs. 2. This Agreement does not obligate either party to disclose any particular proprietary information; to purchase, sell, license, transfer, or otherwise dispose of any technology, services, or products; or to enter into any other form of business, contract or arrangement. Furthermore, nothing contained hereunder shall be construed as creating, conveying, transferring, granting or conferring by one party on the other party any rights, license or authority in or to the information provided. 3. Each party agrees and undertakes that it shall not, without first obtaining the written consent of the other, disclose or make available to any person, reproduce or transmit in any manner, or use (directly or indirectly) for its own benefit or the benefit of others, any Confidential Information save and except both parties may disclose any Confidential Information to their Affiliates, directors, officers, employees or advisors of their own or of Affiliates on a "need to know" basis to enable them to evaluate such Confidential Information in connection with the negotiation of the possible business relationship; provided that such persons have been informed of, and agree to be bound by obligations which are at least as strict as the recipient s obligations hereunder. For the purpose of this Agreement, Affiliates shall mean, with respect to any party, any other person directly or indirectly Controlling, Controlled by, or under direct or indirect common Control with, such party. "Control", "Controlled" or "Controlling" shall mean, with respect to any person, any circumstance in which such person is controlled by another person by virtue of the latter person controlling the composition of the Board of Directors or owning the largest or controlling percentage of the voting securities of such person or by way of contractual relationship or otherwise. 4. The receiving party shall use the same degree of care and protection to protect the Confidential Information received by it from the disclosing party as it uses to protect its own Confidential Information of a like nature, and in no event such degree of care and protection shall be of less than a reasonable degree of care. 5. The disclosing party shall not be in any way responsible for any decisions or

26 commitments made by Confidential Information. receiving party in relying on the disclosing party's 6. The parties agree that upon termination/expiry of this Agreement or at any time during its currency, at the request of the disclosing party, the receiving party shall promptly deliver to the disclosing party the Confidential Information and copies thereof in its possession or under its direct or indirect control, and shall destroy all memoranda, notes and other writings prepared by the receiving party or its Affiliates or directors, officers, employees or advisors based on the Confidential Information and promptly certify such destruction. 7. Both parties acknowledge that the Confidential Information coming to the knowledge of the other may relate to and/or have implications regarding the future strategies, plans, business activities, methods, processes and or information of the parties, which afford them certain competitive and strategic advantage. Accordingly neither party shall use the Confidential Information in a manner that will jeopardise or adversely affect in any manner such future strategies, plans, business activities, methods, processes, information, and/or competitive and strategic advantage of the disclosing party. 8. The parties hereto acknowledge and agree that in the event of a breach or threatened breach by the other of the provisions of this Agreement, the party not in breach will have no adequate remedy in money or damages and accordingly the party not in breach shall be entitled to injunctive relief against such breach or threatened breach by the party in breach. 9. No failure or delay by either party in exercising or enforcing any right, remedy or power hereunder shall operate as a waiver thereof, nor shall any single or partial exercise or enforcement of any right, remedy or power preclude any further exercise or enforcement thereof or the exercise of enforcement of any other right, remedy or power. 10. If any dispute arises between the parties hereto during the subsistence or thereafter, in connection with or arising out of this Agreement, the dispute shall be referred to arbitration under the Indian Arbitration and Conciliation Act, 1996 by a panel of three arbitrators. Each party will appoint one arbitrator and the two arbitrators so appointed will appoint the third or the presiding arbitrator. Arbitration shall be held in Mumbai, India. The proceedings of arbitration shall be in the English language. The arbitrator s award shall be final and binding on the parties. 11. This Agreement will be governed exclusively by the laws of India jurisdiction shall be vested exclusively in the courts at Mumbai. 12. This Agreement shall not be amended, assigned or transferred by either party without the written consent of the other party.

27 13. Nothing in this Agreement is intended to confer any rights/remedies under or by reason of this Agreement on any third party. 14. This Agreement supersedes all prior discussions and writings with respect to the Confidential Information and constitutes the entire Agreement between the parties with respect to the subject matter hereof. If any term or provision of this Agreement is determined to be illegal, unenforceable, or invalid in whole or in part for any reason, such illegal, unenforceable, or invalid provisions or part(s) thereof shall be stricken from this Agreement. IN WITNESS WHEREOF the parties hereto have duly executed this Agreement as of the date and year written above. Export-Import Bank of India Name: (Name of Information Security Consulting firm) Name: Designation: Designation: