Académique Documents
Professionnel Documents
Culture Documents
Bank of Baroda
Project Office
Baroda Corporate Centre
Mumbai
Nov 03, 2009
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 1 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
06/11/2009
30/11/2009
Confidentiality
This document is meant for the specific use by the Company / person/s interested to participate in the
current tendering process. This document is in its entirety is subject Copyright laws. Bank of Baroda
expects the bidders or any person acting on behalf of the bidders to strictly adhere to the instructions
given in the document and maintain confidentiality of information. The bidders will be held responsible
for any misuse of the information contained in the document and liable to be prosecuted by Bank of
Baroda in the event of such a circumstance is brought to the notice of the Bank. By downloading the
document, the interested party is subject to confidentiality clauses.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 2 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Section I
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 3 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
1.
This Request for Proposal document (RFP) has been prepared solely to enable
Bank of Baroda in the selection of suitable organisations to tender for the
provision for conducting Comprehensive Audit of the Banking Application
installed under the Technology Enabled Business Transformation Project.
The RFP document is not a recommendation, offer or invitation to enter into a
contract, agreement or other arrangement in respect of the services. The provision
of the services is subject to observance of selection process and appropriate
documentation being agreed between Bank of Baroda and any successful bidder
as identified after completion of the selection process as detailed under Section
III, Para 25.
2.
Information Provided
The RFP document contains statements derived from information that is believed
to be reliable at the date obtained but does not purport to provide all of the
information that may be necessary or desirable to enable an intending contracting
party to determine whether or not to enter into a contract or arrangement with
Bank of Baroda in relation to the provision of services. Neither Bank of Baroda
nor any of its employees, agents, contractors, or advisers gives any representation
or warranty, express or implied as to the accuracy or completeness of any
information or statement given or made in this RFP document. Neither Bank of
Baroda nor any of its employees, agents, contractors, or advisers has carried out
or will carry out an independent audit or verification or due diligence exercise in
relation to the contents of any part of the RFP document.
3.
The RFP document is intended solely for the information of the party to whom it
is issued and no other person or organisation.
4. Service Provider Eligibility Criteria
The SP company is required to meet the following eligibility criteria and provide
adequate documentary evidence for each of the criteria stipulated below:
1. Must be a Government Organization/PSU/PSE/partnership firm/LLP or
limited company.
2. Must be in existence for five years as on 31.03.2009 (in case of
mergers/acquisition/restructuring or name change, the date of
establishment of the earlier/original Partnership Firm/Limited Company
can be taken in to account).
3. Must have a minimum turnover of at least Rs 2 Billion in the past two years
out of which, at least, 25% of the revenue must have come from the testing
& Consulting Services
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 4 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidentiality
Disclaimer
Subject to any law to the contrary, and to the maximum extent permitted by law,
Bank of Baroda and its officers, employees, contractors, agents, and advisers
disclaim all liability from any loss or damage (whether foreseeable or not)
suffered by any person acting on or refraining from acting because of any
information, including forecasts, statements, estimates, or projections contained in
this RFP document or conduct ancillary to it whether or not the loss or damage
arises in connection with any negligence, omission, default, lack of care or
misrepresentation on the part of Bank of Baroda or any of its officers, employees,
contractors, agents, or advisers.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 5 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
7.
No Legal Relationship
The Recipient must conduct its own investigation and analysis regarding any
information contained in the RFP document and the meaning and impact of that
information.
10.
Evaluation of Offers
Each Recipient acknowledges and accepts that Bank of Baroda may, in its absolute
discretion, apply whatever criteria it deems appropriate in the selection of Service
Provider, not limited to the selection criteria set out in this RFP document.
The RFP document will not be construed as any contract or arrangement, which
may result from, the issue of this RFP document or any investigation or review
carried out by a Recipient. The Recipient acknowledges by submitting its
response to this RFP document that it has not relied on any information,
representation, or warranty given in this RFP document.
11.a Earnest Money Deposit (EMD)
As part of compliance , intending bidders must pay along with RFP an Earnest
Money Deposit of Rs 50,000/- (Rs fifty thousand only). The earnest money shall
be paid by Demand Draft/Bankers Cheque/Pay Order drawn in favour of Bank
of Baroda payable at Mumbai. The earnest money will not carry any interest.
The EMD will be refunded to non-Selected RFP Respondents along with the
intimation of rejection of their bid. In case of selected respondents the deposit will
be adjusted against the security deposit payable under the terms of contract..
The EMD made by the bidder will be forfeited if:
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 6 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
11.b) Security Deposit; The EMD amount deposited by the successful bidder will be converted as security
Deposit. Excess amount of EMD (i.e. EMD 5% of the contract value) of
successful bidder will be refunded by the bank with two weeks from the date of
acceptance of contract, however if the EMD amount is less than the amount
equivalent of contract value then the successful bidder has to deposit the
difference amount (i.e 5% of the contract value EMD amount) by way of
Demand Draft/Bankers Cheque/Pay Order drawn in favor of the Bank of Baroda
payable at Mumbai, within one week from the date of awarding the contract. The
Security deposit will be refunded by the bank after successful completion of the
project.
Amount of Security Deposit will be rounded off to the nearest thousand. Bank
Guarantee in lieu of Security Deposit is not acceptable.
11.c ) Performance Bank Guarantee :The Selected bidder has to provide an unconditional and irrevocable Performance
Bank Guarantee of 10% of the contract value from the Public Sector Bank in India
(Other than Bank of Baroda) towards due performance of the contract in
accordance with the specifications, terms and conditions of RFP document, within
15 days from the date of letter of indent (LOI). The Bank Guarantee shall be kept
valid three months , beyond the tentative completion period of project.
11.d Application Money
The intending bidders should pay along with bids an Application money of Rs
5000/- (rupees Five Thousand only) The application money shall be paid by
Demand Draft/Bankers Cheque/Pay Order drawn in favour of Bank of Baroda
payable at Mumbai. The application money is non-refundable.
11.e Execution of SLA/NDA:
The SP company should execute (a) a Service Level Agreement, which would
include all the services and terms and conditions of the services to be extended
as detailed herein and as may be prescribed by the Bank and (b) Non-disclosure
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 7 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Agreement. The SP should execute the SLA and NDA within one month from the
date of acceptance of Letter of Appointment..
12.
Each Recipient must notify Bank of Baroda of any error, omission, or discrepancy
found in this RFP document.
13.
Acceptance of Terms
Copies of the RFP are submitted before the aforementioned closing time.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 8 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Registration of RFP
Registration will be effected upon Bank of Baroda receiving the RFP response in
the above manner (Para 14.1). The RFP must be accompanied with all documents,
information, and details If the submission to this RFP does not include all the
information required or is incomplete or submission is through Fax mode, the
RFP is liable to be rejected.
All submissions, including any accompanying documents, will become the
property of Bank of Baroda. Recipients shall be deemed to license, and grant all
rights to, Bank of Baroda to reproduce the whole or any portion of their
submission for the purpose of evaluation, to disclose the contents of the
submission to other Recipients who have registered a submission and to disclose
and/or use the contents of the submission as the basis for any resulting RFP
process, notwithstanding any copyright or other intellectual property right that
may subsist in the submission or accompanying documents.
14.3
Respondents are to provide detailed evidence to substantiate the reasons for a late
RFP submission.
RFPs lodged after the closing date for lodgment of RFPs may be registered by
Bank of Baroda and may be considered and evaluated by the evaluation team at
the absolute discretion of Bank of Baroda. It should be clearly noted that Bank of
Baroda has no obligation to accept or act on any reason for a late submitted
response to RFP.
Bank of Baroda has no liability to any person who lodges a late RFP for any
reason whatsoever, including RFPs taken to be late only because of another
condition of responding.
14.4
RFPs will remain valid and open for evaluation according to the terms for a
period of at least six (6) months from the time the RFP submission process .
14.5.
Recipients are required to direct all communications related to this RFP, including
notification of late RFP submission, through the Nominated Point of Contact
person i.e. General Manager (Projects & IT Operations).
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 9 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
All questions relating to the RFP, technical or otherwise, must be in writing only
to the Nominated Point of Contact.
Bank of Baroda will not answer any communication initiated by Respondents
later than five business days prior to the due date for lodgment of RFPs.
However, Bank of Baroda may in its absolute discretion seek, but under no
obligation to seek, additional information or material from any Respondents after
the RFP closes and all such information and material provided must be taken to
form part of that Respondents response.
Respondents should invariably provide details of their email address(es) as
responses to queries will only be provided to the Respondent via email.
If Bank of Baroda in its absolute discretion deems that the enquiring Respondent
will gain an advantage by a response to a question, then Bank of Baroda reserves
the right to communicate such response to all Respondents.
Bank of Baroda may in its absolute discretion engage in discussion or negotiation
with any Respondent (or simultaneously with more than one Respondent) after
the RFP closes to improve or clarify any response.
15.
Notification
Disqualification
Timeframe
The following is an indicative timeframe for the overall selection process. Bank of
Baroda reserves the right to vary this timeframe at its absolute and sole discretion
should the need arise. Changes to the timeframe will be relayed to the affected
Respondents during the process.
RFP Issuance Date
RFP Response Due
06 November, 2009
30 November, 2009
31 May 2010
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 10 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Section - II
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 11 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
To become the most preferred Public Sector Bank within three years and to
transform into a Universal Financial Services organization offering a full
range of financial products to corporate and personal customers
To become a customer - centric organization providing financial products
and services based on customer needs in all markets it operates
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 12 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
The transformation should be rapid and visible in order to enable the Bank to reap
early benefits. The strategic goals of Bank of Baroda are :
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 13 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Product
Finacle Core, Oracle Financials, Oracle
Financial Services applications Budgeting
Product
Kondor +, KTP
Opus Trade front end trading system
interfacing to depositories as well as
brokers and clearing houses
International Banking and Foreign Finacle Core for Basic FX and MM deals
Exchange
processing
Browser support for K+ dealing at
international treasury locations where
warranted
Interactions with Other banks
CBS - Clearing systems, RTGS, interface
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 14 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Core Processing
Functionality
Core banking
Deposits Savings and investment
Loans Credit Lending
Product Management
Customer Information System
Non Banking financial Products
Transaction Payment Systems
Product
Finacle Core including Trade finance and
Remittances
Finacle core retail and corporate
Finacle Core Retail and Corporate Lending
Finacle Core Parameter driven Product
management
Finacle Core CIF, Oracle TCA
Cards (Interface to existing cards system
in phase-I), Opus Cards
Finacle core, Electra Payment Gateway,
Base24 Switch
Delivery
Functionality
Personal
Productivity
Groupware
Help Instruction and Training
Work
flow
and
Management
Transaction Processing
Reporting
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Product
and Microsoft Exchange
Page 15 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Access
Functionality
Staff Interface
Product
Oracle Self Service
Fluous Self Service
HP Knowledge management
Oracle Portal
Center Finacle Core
Teller Functions/Service
Interface
Self Service Telephone and Internet
Payment Gateway
Internet Banking
Other Agents and Channels
Security
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 16 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Section - III
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 17 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Page 18 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
1.2.2..A) . Threat & Vulnerability Analysis audit of customer facing Web based
Application
Testing tools have to be arranged by the bidder
Appropriate updated tools should be used for each phase of test.
Application implemented in foreign territory is also a part of review/audit.:
Review of security assessment of the technology platforms at the Data
Center
Review the operations and management of Bank-wide Network
Architecture
Review of security and parameter setting for all IT Infrastructure within
the Data Centre including review of Placement of security equipments,
network equipments for securing database, application, web servers of
various applications housed at Data Centre
Review of Configuration and Monitoring of logs of Intrusion Prevention
System, firewalls and response capabilities
Carryout Ethical hacking to expose security gaps and demonstrate the
effectiveness of security measures.
Vulnerability & Penetration Test must be designed to simulate a real
world attack keeping in view prevailing RBI guidelines, IT Act 2000 and
other applicable regulations in India.
Vulnerabilities for defacement and unauthorized modification of
corporate web sites
Search for back door traps in the programs
Check if commonly known holes in the software, especially the browser
and the email software exist through ethical hacking
Review of policies for performing periodic monitoring of activity on the
firewall server to check for malicious activity.
Review of Policies for performing periodic health check on all servers
with the Data center
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 19 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 20 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
UK
T&T
Kenya
Uganda
Hong Kong
Bahamas
Bahrain
Seycellus
Singapore
Ghana
China
Tanzania
UAE
Guyana
Mauritius
Botswana
FIJI
India
CBS
AML
OMAN
sr no
1
2
South Africa
Financial
Managemen
t
SystemOracle
Financials(
EWGL)
Baroda
Connect
Straight
Through
Process
(RTGS/NEF
T)
ATM Switch
(Base24)
Global
Treasury
&Enterprise
wide Limit
Managemen
t
Bank Wide
Mail and
Messagin
g System
Baroda
Cash
Managemen
t
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
3
4
5
6
10
11
Telephone
Banking
HRNES
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 21 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
12
Pay roll
13
Retail
Depositor
y System
Data
Warehousing
and
Oracle
Financial
Services
Application
14
15
Crisil
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
16
Card
Managemen
t System
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 22 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 23 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
To review the Proper MIS reporting in case where manual control during
life cycle of product.
To Review application control of all data upload/download
To review whether Access level controls are appropriately built in and
implemented into the application and to verify whether only authorized
users are able to edit, input or update the data in the application or carry
out activities as per their role..
To verify whether access is given on a need-to-know and need to-do
basis.
To review all the services that are required to run the application Finacle
are properly maintained and managed eg .Finlist val, resin, CRV, RTGS,
Appache web server etc
To review the process of application controls including boundary controls,
input controls, communication controls, database controls, and output
controls.
To review Backups and recovery procedure / control.
To review whether any weaknesses in controls or in application are there
which lead to leakage of income or to non compliance of regulatory
requirements.
To review whether Bank has proper control over software updates and to
check if such updates/customizations have been maintained in
chronological order.
To review the application security features built within Finacle and to
identify gaps in the application security parameter setup in line with the
banks security policies and leading best industry practices.
To review of Finacle Core Banking Solution in all the modules implemented
in CBS (viz GBM, Trade finance, lockers etc) and all modules in totality with
reference to the specifications given in the functional requirement of RFP
floated and the procedures of the bank.
To review the process of controls over the proxy / parking transactions.
To review the control over the inter sol transactions and the collection of
charges there on and to verify proper control is there to reconcile the
transactions at End of Day Operations.
To review the controls over the periodical / mass run system generated
transactions (viz interest/Charge application) and to verify proper control
reports and proper procedures are in place to minimize the impact on
Banks profit.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 24 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Page 25 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
The Technical Proposal will be evaluated first for technical suitability. Commercial
Proposal shall be opened only for the short-listed bidders who have qualified in
the Technical Proposal evaluation.
The Technical Proposal shall contain the technical proposal to the requirement of
the Bank as along with AnnexureA, C, D and E
A copy of the Commercial Proposal masking the prices is to be submitted along
with the Technical Proposal.
The Commercial Proposal shall be submitted as per Annexure B.
The bidder shall submit the Proposals properly filed so that the papers are not
loose. The Bidder shall submit the proposal in suitable capacity of the file such
that the papers do not bulge out and tear during scrutiny.
The technical proposal shall be organized and submitted as per the following
sequence:
a) Table of Contents (list of documents enclosed)
b) Technical proposal with detailed activities broken down, effort estimate,
manpower estimated to be deployed along with annexure D and annexure E
c) Compliance certificate for all the terms and conditions as per Annexure-C
d) All copies of certificates, documentary proofs etc.
e) A CD containing soft copy of the proposal
f) Annexure A
g) Masked Annexure B
All the relevant pages of the proposals (except literatures , datasheets and
brochures) are to be numbered and be signed by authorized signatory on behalf
of the Bidder. The number should be a unique running serial Number. across the
entire document.
The bidder has to submit a soft copy of the entire proposal in a CD. It should be
noted that in case of any discrepancy in information submitted by the bidder in
hard-copy and soft-copy, the hard-copy will be given precedence. However, in
case of non-submission of any hard copy document, if the same is found
submitted in the soft-copy, Bank reserves right to accept the same at its
discretion.
The Bids shall be addressed and submitted to :
GENERAL MANAGER (PROJECTS & IT - Operations)
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 26 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
BANK OF BARODA
Baroda Corporate Centre
Bandra Kurla Complex, Bandra (East)
Mumbai 400 051
The bids (arranged as mentioned above) are to be submitted at the Secretariat of
the General Manager (Projects & IT Operations), marked with the appropriate
label, at the above address before the due date & time as specified. The bid
submitted anywhere else is liable to be rejected.
It may be noted that all queries, clarifications, questions etc., relating to this RFP,
technical or otherwise, must be in writing only and should be to the nominated
point of contact.
Bidders should provide their E-mail address in their queries without fail.
The bidder will submit an undertaking specifying that the bidder has obtained all
necessary statutory and obligatory permission if any to carry out project works,
The proposal should be prepared in English in MS Word format. The e-mail
address and phone/fax numbers of the bidder should also be indicated on the
sealed cover.
FORMATS OF BIDS: The bidders should use the formats prescribed by the Bank
in the RFP for submitting both technical and commercial bids.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 27 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 28 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 29 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 30 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Both the above are independent of each other and are applicable separately and
concurrently. However the same would not be applicable for reasons attributable
to the Bank and Force Majeure. However, it is the responsibility of the bidder to
prove that the delay is attributed to the Bank and Force Majeure. The bidder shall
submit the proof authenticated by the bidder and Banks official that the delay is
attributed to the Bank and/ or Force Majeure along with the bills requesting
payment.
16.Indemnity :
The bidder shall indemnify Bank and keep indemnified for against any loss or
damage by executing an instrument to the effect on a Non-Judicial stamp paper
that Bank may sustain on account of violation of patent, trademarks etc. by the
bidder.
17.Authorized Signatory :
The selected bidder shall indicate the authorized signatories who can discuss and
correspond with the bank, with regard to the obligations under the contract.
The selected bidder shall submit at the time of signing the contract, a certified
copy of the extract of the resolution of their Board, authenticated by Company
Secretary, authorizing an official or officials of the company or a Power of Attorney
copy to discuss, sign agreements/contracts with the Bank. The bidder shall furnish
proof of signature identification for above purposes as required by the Bank.
The selected bidder commits a breach of any of the terms and conditions of
the bid/contract.
The bidder goes into liquidation voluntarily or otherwise.
An attachment is levied or continues to be levied for a period of 7 days
upon effects of the bid.
The progress regarding execution of the contract, made by the selected
bidder is found to be unsatisfactory.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 31 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
After the award of the contract, if the selected bidder does not perform
satisfactorily or delays execution of the contract, the Bank reserves the right to get
the balance contract executed by another party of its choice by giving one months
notice for the same. In this event, the selected bidder is bound to make good the
additional expenditure, which the Bank may have to incur to carry out bidding
process for the execution of the balance of the contract. This clause is applicable,
if for any reason, the contract is cancelled.
The Bank reserves the right to recover any dues payable by the selected bidder
from the security deposit or any amount outstanding to the credit of the selected
bidder, including the pending bills and/or invoking Bank Guarantee, if any, under
this contract.
20.NON PAYMENT OF PROFESSIONAL FEES :
If any of the items/activities as mentioned in the price bid and as mentioned in
annexure D are not taken up by the Bank during the course of this assignment, the
Bank will not pay the professional fees quoted by the SP in the Price Bid against
such activity/item.
21.ASSIGNMENT :
Neither the contract nor any rights granted under the contract may be sold,
leased, assigned, or otherwise transferred, in whole or in part, by the Service
Provider, without the advance written consent of the Bank and any such
attempted sale, lease, assignment or otherwise transfer shall be void and of no
effect .
22. Subcontracting :
The service provider shall not subcontract or permit anyone other than its
personnel to perform any of the work, service or other performance required of the
service provider under the contract without the prior written consent of the Bank.
23. Force Majeure:
Any failure or delay by SP or Bank in the performance of its obligations, to the
extent due to any failure or delay caused by fire, flood, earthquake or similar
elements of nature, or acts of God, war, terrorism, riots, civil disorders, rebellions
or revolutions, acts of governmental authorities or other events beyond the
reasonable control of non-performing Party, is not a default or a ground for
termination. The affected Party shall notify the other party within reasonable time
period of the occurrence of a Force Majeure Event
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 32 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Evaluation
Parameters
Weighta
ge
Sr No
Informations
Provided
meets
requirement(
100%)
Informations
Provided
Partially
meets
requirement(50%)
Informations
Provided does
not
meets
requirement(0%)
Must
have
conducted
Threat
&
Vulnerability
analysis of the
security
architecture,
15
Bank-wide
Network
in
Data Centre /
Disaster
Recovery for at
least 2 Public
Sector banks in
the last 3 years
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 33 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Must
have
conducted
security
and
controls review
of the ATM ,
Internet
Banking , Online Trading ,
Depository
15
Sevices etc and
review
of
service
level
agreement for
managed
services at least
2 public Sector
banks in the last
3 years
Must
have
experience
of
auditing
Banking
45
business
application
Software ie CBS
etc
Sub-Total
75
Engagement
Manager must
have
handled
5
such projects in
the firm for at
least four years
Overall person
responsible
must
have
handled
such 5
projects in firm
for at least 6
years
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 34 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
10
11
12
Proposed team
must
have
experience
in
executing
similar projects
5
in banks out of
which at least
one should be a
public
sector
bank
Sub-Total
15
Demonstration
of
in-depth
understanding
of the Banks
project
5
requirements
through
the
technical
proposal
Technical
Proposal with
detailed brokendown activities
to be performed,
effort
5
estimation,
manpower to be
deployed on a
project-toproject basis.
Sub-Total
25
Total Marks
100
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 35 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
3
4
Major Activities
Total
Cost
Where C Stands for nominal price quoted, Clow stands for the price quote of the
lowest nominal bid. T Stands for technical evaluation score and Thigh stands for
the score of the technically highest bidder. X is equal to 0.4.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 36 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
Bank reserve the right to negotiate the price with the finally short listed bidder
before awarding the contract. It may be noted that Bank will not entertain any
price negotiations with any other bidder, till the Least Price bidder declines to
accept the offer.
Note :
1. Banks exclude RRBs and Cooperative Banks
2. The SP is required to provide documentary evidence for each of the above
criteria and the same would be required on the clients letter head in case
of credentials
26. Project Timelines:
Sl. No.
Major Activities
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Time
Lines
(Days)
XXX
XXX
XXX
XXX
Page 37 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
No
Particulars
Year
of
establishment
and
constitution
Certified copy of Partnership
Deed
or
Certificate
of
Location of Registered office
/Corporate office and address
E-mail addresses
persons
of
contact
Details of:
Description of business and
business background
Service Profile & client profile
Domestic & International presence
Alliance and joint ventures
Whether the consulting process
confirms to ISO 9001(2000),
BS7799, ISO17799 standards and if
so, furnish details of compliance.
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 38 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
10
11
12
13
14
15
16
17
Details of experience/knowledge
possessed in the areas of
Project Planning and management
review, Resource Planning,
Role and Responsibility definition,
Co-ordination across multiple
Gross revenue of the bidder (not of Total
the group)
Year 2007-08
Year 2008-09
YearProfit
2005-06
Net
of the bidder (not of the
From Audit
group)
Year 2007-08
Year 2008-09
Year 2005-06
Details
of the similar assignments
executed by the bidder during the
last two years
(Name of the Bank, time taken for
execution of the assignment and
documentary proofs from the Bank
are to beoffurnished)
Details
the similar assignments
on hand as on date (Name of the
Bank, time projected for execution
of
the
assignment
and
documentary
proofs
from
the
Bank
Name of the team leader identified As per annexure E
for this assignment and his
professional qualifications and
experience/expertise
Details of similar assignments
handled by the said team leader
Documentary
proofs
formembers
all the As per annexure E
Names
of the other
team
identified for this assignment and
their professional qualifications
and experience/expertise
Details of similar assignments
handled by the said team members
Documentary proofs for all the
assertions are to be enclosed
Estimated work plan and time
schedules for providing services
for this assignment
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 39 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
18
19
20
21
Declaration:
1. We confirm that we will abide by all the terms and conditions contained in the
RFP.
2. We hereby unconditionally accept that Bank of Baroda can at its absolute
discretion apply whatever criteria it deems appropriate, not just limiting to those
criteria set out in the RFP, in short listing of bidders.
3. All the details mentioned by us are true and correct and if Bank of Baroda
observes any misrepresentation of facts on any matter at any stage, Bank of
Baroda has the absolute right to reject the proposal and disqualify us from the
selection process.
4. We confirm that this response, for the purpose of short-listing, is valid for a
period of six months, from the date of expiry of the last date for submission of
response to RFP.
5. We confirm that we have noted the contents of the RFP and have ensured that
there is no deviation in filing our response to the RFP and that the Bank will have
the right to disqualify us in case of any such deviations.
Place:
Date :
Seal & Signature of the bidder
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 40 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
ANNEXURE B
Commercial Bid Format
Sr. No.
Major Activities
Estimated
Effort
(In man
days)
Quoted
Price
(In
Rupees)
Business
Software
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 41 of 45
:
:
:
:
Bank of Baroda
Baroda Corporate Centre, Mumbai
ANNEXURE C
Compliance Certificate
To,
Date :
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 42 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
ANNEXURE D
Estimated Effort and Elapsed Time
Sl
N
o
Activities
Threat
&
Vulnerability
Analysis
Security & Control Review of
ATM & Other Applications
Business Application Software
(CBS & Other Business
application)
2
3
Place:
Date:
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Elapsed
Time
Effort
Number
Remark
in Man of team s
days
members
who will
be
deployed
Page 43 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
ANNEXURE E
Proposed Team Profile
Sl
No
Name of
Proposed
Engageme
nt
Manager
/Proposed
Team
Member
Prof.
Quali
ficati
ons
Certificat
ions/
Accredita
tions
IS
audit
expertise
(Mention if he
has worked in
Banks earlier)
In terms
of
years and areas
of expertise
IT
Expertise
In terms
of
years
and areas
of
expertise
Number
of
similar
assignments
involved
In
Public
Sector Banks
in India
Place:
Date:
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 44 of 45
Bank of Baroda
Baroda Corporate Centre, Mumbai
ANNEXURE F
Comments on the Terms & Conditions, Services and Facilities provided:
Please provide your comments on the Terms & conditions in this section. You are
requested to categorize your comments under appropriate headings such as those
pertaining to the Scope of work, Approach, Work plan, Personnel schedule,
Terms & Conditions etc. You are also requested to provide a reference of the page
number, state the clarification point and the comment/ suggestion/ deviation that
you propose as shown below.]
Sr.
No.
Page
#
Suggestion/
1
2
3
4
5
6
7
8
9
End of Document
Project Office
Bank of Baroda
Baroda Corporate Centre
Dated : 03/11/ 2009
Confidential
RFP Document for
Comprehensive audit of
Banking Applications
Page 45 of 45