INDIAN OVERSEAS BANK Information Technology Department Central Office, 763, Anna Salai, CHENNAI

INDIAN OVERSEAS BANK Information Technology Department Central Office, 763, Anna Salai, CHENNAI – 600 002

RFP Ref No. RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018 FOR SUPPLY, INSTALLATION AND MAINTENANCE OF NETWORK ACCESS CONTROL (NAC) SOLUTION AMENDMENT NO.6 13.12.2018

All other terms and conditions given in various clauses / sub-clauses / Annexure in the above referred RFP to the extent not modified below, shall remain Unchanged and continue to be applicable. ______

Sl. No RFP Clause Existing RFP Terms Amended RFP Terms 1 1.3.a.2 The proposed NAC solution of the OEM The proposed NAC solution of the must be in Gartner's Leaders Magic OEM must be in Gartner's Leaders Quadrant for NAC Solution in 2 out of Magic Quadrant for NAC Solution last 3 years. Documentary Proof to be in 2 out of last 5 published reports submitted. (from 2010 to 2014) for Network Access Control. Documentary Proof to be submitted. 2 1.3.a.3 The proposed NAC solution from the The proposed NAC solution from OEM should be functional in any two the OEM should be functional in organizations (Bank atleast one of any organizations /Insurance/Government) with a (Bank/Insurance/Government) minimum of 10000 endpoints each, in with a minimum of 10000 India on the date of the RFP. endpoints each, in India on the (Documentary proof to be submitted). date of the RFP. (Documentary proof to be submitted). 3 1.3.a.4 Proposed Managed Switches & NAC The proposed solution (NAC & Solution should be from the same OEM. Managed Switches) should be of The proposed solution (NAC & the latest model and should not Managed Switches) should be of the be declared End of Service Life latest model and should not be for the duration of the contract period (7 years for NAC & 7 years declared End of Service Life for the for Managed Switches). duration of the contract period (7 Proposed solution should not years for NAC & 7 years for Managed have been declared EOL as on Switches). Proposed solution should not the date of submission of bids. have been declared EOL as on the Documentary Proof (Annexure IV) date of submission of bids. to be attached. Documentary Proof (Annexure IV) to be attached.

Page 1 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

4 1.3.b.4 The Bidder should be Original The Bidder should be Original Equipment Manufacturer of the NAC Equipment Manufacturer of the Solution or the premium partner of NAC Solution or the premium OEM. The Bidder must be in position to partner of OEM. The Bidder must provide support / maintenance / up be in position to provide support / gradation during the period of maintenance / up gradation contract with the Bank and must be during the period of contract with having back-to-back support from the Bank and must be having OEM. Bidder, be it OEM or premium back-to-back support from OEM. partner, to submit a letter of Bidder, be it OEM or premium authorization / Manufacturer partner, to submit a letter of Authorization Form (MAF) as per format authorization / Manufacturer provided in Annexure IV of this RFP. Authorization Form (MAF) as per Either OEM or only one of its premium format provided in Annexure IV of partner in India shall participate in this this RFP. Either OEM or its premium RFP. partner in India shall participate in this RFP. 5 1.5 DELIVERY SCHEDULES The clause has been amended and is attached as Annexure-A to this document. The references to the other clauses of the RFP as contained in the clause remain unchanged. 6 1.6 INSTALLATION AND IMPLEMENTATION: The clause has been amended and is attached as Annexure-A to this document. The references to the other clauses of the RFP as contained in the clause remain unchanged. 7 1.7.2 Managed Switches (8/24/48 Ports): 3 Managed Switches (24/48 years from the date of installation or Ports): 3 years from the date of 37 months from the date of delivery installation or 37 months from whichever is earlier. the date of delivery whichever is earlier. 8 1.9.1 Within 15 (Fifteen) days (exclusive of Within 15 (Fifteen) days holidays) of the date of acceptance (exclusive of holidays) of the of the Purchase Order, the successful date of acceptance of the Bidder shall furnish a bank guarantee Purchase Order, the successful (for delivery and installation) for a Bidder shall furnish a bank period of 6 months with a claim guarantee (for delivery and period of twelve months for an installation) for a period of 12 amount equivalent to 10% of the total months with a claim period of order value (PO Value), in the format twelve months for an amount as per Annexure VIII of the RFP. equivalent to 10% of the total order value (PO Value), in the format as per Annexure VIII of the RFP. 9 1.10 PAYMENT TERMS The clause has been amended and is attached as Annexure-A to this document. The references to the other clauses of the RFP as Page 2 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

contained in the clause remain unchanged. 10 1.11.1 Prices should be quoted as per Prices should be quoted as per Commercial Bid in Annexure ‘III’ Indicative Commercial Bid in Annexure ‘III’ 11 1.12.b Indicative Commercial bids of only Indicative Commercial bids of the technically qualified short-listed all the participating bidders bidders (qualified as per 1.12 (a) shall be opened but however above) will be evaluated for the indicative commercial bids of purpose of arriving at Start Price of only the technically qualified Reverse Auction. short-listed bidders (qualified as per 1.12 (a) above) will be evaluated for the purpose of arriving at Start Price of Reverse Auction. 12 1.12.c.1 The L1 bidder will be determined The L1 bidder will be determined based on the lowest Total Price based on the lowest Total Price Quoted for (Grand Total) under Quoted for (Grand Total) under SL.NO. F (Table VI) of ANNEXURE III). SL.NO. H (Table VIII) of ANNEXURE III). 13 1.13 PROCUREMENT OF ADDITIONAL PROCUREMENT OF ADDITIONAL SWITCHES SWITCHES/END POINT LICENSES 14 1.13 Bank reserves its right to procure Bank reserves its right to procure additional Managed Switches additional Managed Switches (8/24/48 Port) over and above the (24/48 Port) & End Point Licenses quantities mentioned in this RFP from over and above the quantities the awardee of the contract at the mentioned in this RFP from the contracted / predetermined price for awardee of the contract at the supply to its Central Office, Regional price for supply to its Central offices, Branches and other offices Office, Regional offices, located across the Country as per the Branches and other offices additional terms and conditions located across the Country as stipulated below: per the additional terms and conditions stipulated below: 15 1.13.2 The Bank may exercise this option for The Bank may exercise this a period of 1 (one) year from the GO option for a period of 1 (one) Live of the Solution at the pre- year from the GO Live of the determined price. The rates will be Solution at the pre-determined valid for a period of 1 (one) Year from price. The rates will be valid for the date of acceptance of purchase a period of 1 (one) Year from order, if not revised earlier. The the date of acceptance of successful bidder shall supply the purchase order, if not revised additional Routers at the pre- earlier. The successful bidder determined price with similar shall supply the additional technical specifications and models Appliances/Switches/Licenses specified in this RFP) at the time of at the pre-determined price release of purchase order. with similar technical specifications and models specified in this RFP) at the time of release of purchase order.

Page 3 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

16 1.13.6 Comprehensive onsite Warranty and Comprehensive onsite Warranty Annual Maintenance Contract for and Annual Maintenance such additional Switches will also be Contract for such additional as per clause 1.7 & 1.8 of this RFP. procurement will also be as per clause 1.7 & 1.8 of this RFP. 17 2.21.3 In case the bidder fails to meet the In case the bidder fails to meet agreed uptime as mentioned above, the agreed uptime as penalty shall be levied @ Rs. 2,000 per mentioned above, penalty shall 0.1% downtime or part thereof be levied @ Rs. 500 per 0.05% subject to a maximum of 10% of the downtime or part thereof cost of NAC Appliances (Annexure III subject to a maximum of 20% of – Table I Serial No 1.a). the cost of NAC Appliances (Annexure III – Table I Serial No 1.a). 18 Clause During comprehensive on-site During comprehensive on-site 2.25.7 warranty/ comprehensive annual warranty/ comprehensive annual maintenance contract of the solution, maintenance contract of the the bidder will accomplish preventive solution, the bidder will and breakdown maintenance once in accomplish preventive and a half year for the NAC Solution at DC breakdown maintenance once & DR and once in a quarter for all in a half year for the NAC Solution Managed Switches, to ensure that all at DC & DR and for all Managed hardware functions without defect or Switches, to ensure that all interruption. Prior clearance from the hardware functions without Bank should be obtained and records defect or interruption. Prior for having done the preventive clearance from the Bank should maintenance have to be furnished to be obtained and records for Network Division, IT Department of the having done the preventive Bank while submitting the invoice for maintenance have to be AMC/ATS. furnished to Network Division, IT Department of the Bank while submitting the invoice for AMC/ATS. 19 ANNEXURE – Providing the solution would cover Providing the solution would I supply, installation and cover supply, installation and SCOPE OF operationalization of the hardware, all operationalization of the WORK – necessary application software and hardware, all necessary Serial No 1 application software, licenses maintenance of the equipment and maintenance of the supplied for a period of one-year equipment supplied for a period warranty and four years AMC of one-year warranty and four (hardware, system and application years AMC (hardware, system software etc.) with back to back and application software etc.) support from the OEM. The new with back to back support from systems provided should integrate well the OEM. The new systems with the existing facility. provided should integrate well with the existing facility. 20 ANNEXURE – The Successful bidder has to ensure the The Successful bidder has to I availability of two no. of resident ensure the availability of an onsite engineer sat main site i.e. IOB, Central Project Manager for the project till Office, Chennai for setting up and the GO live of the Project. The Page 4 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

SCOPE OF administration of the solution during project manager should have a WORK – office hours (9 am to 6 pm) on all minimum of 5+ years’ experience Serial No 21 working days as well as beyond office in IT Infra project management. hours or on holidays, if required. The Successful bidder should also Resident engineers should have 2 ensure the availability of two no. years’ experience in administration of of onsite resident engineers at the Solution. Certificate from that main site i.e. IOB, Central Office, organisation to be submitted as a Chennai for setting up and proof of experience at the time of administration of the solution payment request for onsite engineer during office hours (9 am to 6 pm) charges. on all working days as well as beyond office hours or on holidays, if required. Resident engineers should have 2 years’ experience in administration of the Solution. Certificate from that organization to be submitted as a proof of experience at the time of payment request for onsite engineer charges. 21 ANNEXURE – Install any patch including but not Install any patch including but not I limited to latest patch of Windows, limited to latest patch of SCOPE OF Anti-virus, Microsoft Office and for any Windows, Anti-virus and for any WORK – other software that is part of bank’s other software that is part of Serial No 24 checklist for profiling and posture bank’s checklist for profiling and (11) assessment of the device for allowing posture assessment of the device access into bank’s network via NAC for allowing access into bank’s solution. The patches will be provided network via NAC solution. The by the bank and to be carried and patches will be provided by the installed by the field engineers of the bank and to be carried and successful bidder. installed by the field engineers of the successful bidder. 22 Annexure I- Technical Specifications: Network The technical specifications for A Access Control Solution the NAC solution have been amended as detailed in Annexure B to this amendment. 23 Annexure I- Technical Specifications- 8 Port The requirement for 8 Port B Managed Switches Managed Switches has been removed from the RFP. Bank shall procure only 24 & 48 Port Switches. Annexure I-B stands deleted. 24 Annexure I - Technical Specifications- 24 & 48 Port The technical specifications for C Managed Switch. the 24 & 48 Port Managed Switches have been amended as detailed in Annexure B to this amendment. 25 Annexure III FORMAT FOR INDICATIVE The annexure has been amended COMMERCIAL BID to remove references to 8 port Managed Switches. Also the quantity mentioned for NAC Page 5 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Appliances has been removed and shall be quoted by bidders as per their solution architecture. 26 Clause During comprehensive on-site During comprehensive on-site 2.25.7 warranty/ comprehensive annual warranty/ comprehensive annual maintenance contract of the solution, maintenance contract of the the bidder will accomplish preventive solution, the bidder will and breakdown maintenance once in accomplish preventive and a half year for the NAC Solution at DC breakdown maintenance once & DR and once in a quarter for all in a half year for the NAC Solution Managed Switches, to ensure that all at DC & DR and for all Managed hardware functions without defect or Switches, to ensure that all interruption. Prior clearance from the hardware functions without Bank should be obtained and records defect or interruption. Prior for having done the preventive clearance from the Bank should maintenance have to be furnished to be obtained and records for Network Division, IT Department of the having done the preventive Bank while submitting the invoice for maintenance have to be AMC/ATS. furnished to Network Division, IT Department of the Bank while submitting the invoice for AMC/ATS. NEW CLAUSES 27 New Clause The OEM of the proposed managed switch must be listed in Gartner's 1.3.a.5 Leaders Magic Quadrant for “Wired and Wireless Access Infrastructure” in 2 out of last 3 years (2016 to 2018). Documentary Proof to be submitted. 28 ANNEXURE – Design and implementation have to be done by the onsite team of experts I from OEM along with bidders skilled team including project manager at SCOPE OF both DC and DRS. WORK – Serial No 25

29 ANNEXURE – Installation of Network switches in Network racks wherever available and I making the switch operational. SCOPE OF WORK – Serial No 24.12

30 ANNEXURE – The above responsibilities of the Engineer visiting the branches shall ipso I facto apply to the site visits for additional procurement defined in clause SCOPE OF 1.13 of this RFP. Bank shall pay site visit charges for the one time WORK – implementation of additional procurement only and no other payment in Serial No lieu of engineer visit for maintenance of the solution (initial or additional) as 24.13 per scope of work shall accrue to the Bank. 31 ANNEXURE – Training – Bidder has to provide OEM training to minimum of 5 Bank officials I which should cover operational administration and troubleshooting SCOPE OF feature of the solution. Training to be arranged in Chennai. Bidder has to WORK – provide user manual and technical documentation both in hard copies Serial No 26 and soft copies to the Bank.

Page 6 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Annexure A

CLAUSE 1.5 DELIVERY SCHEDULE

1. Delivery of NAC Solution at Banks Primary Data Centre - The solution including the required hardware, software and licenses should be delivered at Banks PDC within 6 (Six) weeks from the date of the acceptance of Purchase Order. (Proof of document should be submitted along with the invoice). The address of location for delivery & implementation of the solution is as given below: -

Indian Overseas Bank, Data Centre STT GDC 4, Swami Sivananda Salai 600002, Chennai Tamil Nadu, India

2. Delivery of NAC Solution at Banks DRS - The solution including the required hardware, software and licenses should be delivered at Banks DRS within 6 (Six) weeks from the date of acceptance of the Purchase Order. (Proof of document should be submitted along with the invoice). The address of location for delivery & implementation of the solution is as given below:-

Indian Overseas Bank Disaster Recovery Site, Hyderabad C/o: Ctrl-S Data centers Ltd, 1st floor, Pioneer Towers, Plot No: 16, Software Units Layout, Hi-tech City, Madhapur, Hyderabad-500081

Bank reserves the right to change the delivery locations for the NAC Solution as stated above at its discretion before issue of Purchase Order. Delivery for the above purpose is deemed to be complete when the items specified in the Purchase Order are delivered and date of delivery is the date on which the item is delivered in full in CO and in DR (location wise).

3. Delivery of Managed Switches at Bank’s Locations (Branches/ATMs): Managed Switches (24/48 Port) should be delivered at all locations (Will be shared with Purchase Order) within 8 weeks from the date of acceptance of Purchase Order. Successful Bidder shall complete centralised staging and configuration of these Switches within the schedule mentioned.

4. Extension of delivery schedule: If, at any time during performance of the Contract, the Bidder should encounter conditions impeding timely delivery, the Bidder shall promptly notify the Bank in writing of the fact of the delay, its likely duration and its cause(s). As soon as practicable after receipt of the Bidder's notice, the Bank shall evaluate the situation and may at its discretion extend the Bidder's time for performance against suitable extension of the performance guarantee for delivery.

Page 7 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

5. Penalty for Delayed Delivery: Delivery for the above purpose is deemed to be complete only when all the items specified in Purchase Order are completely delivered (Location wise & item wise) and date of delivery is the date on which the last item is delivered. If the delivery schedule is not maintained as stated in clause 1.5 (1), (2) & (3) or to such extended period as per clause 1.5 (4) of this RFP, a penalty of One Percent (1%) of the item cost (location wise & component wise), for each week or part thereof of the delay subject to a maximum of 10% of the cost of the component will be levied from the expiry of due date of delivery. Any Bank dependency in delay of delivery of the solution components, to the limit as decided by the bank, at its own discretion, shall not be considered for calculation of the penalty.

6. Non-delivery: Failure of the successful bidder to comply with the above delivery schedule, as stipulated in clause 1.5 (1), (2) (3) & (4), shall constitute sufficient grounds for the annulment of the award of contract and invocation of bank guarantee (delivery). In such an event, the Bank will call for new bids and forfeit the EMD/Bank Guarantee.

CLAUSE 1.6. IMPLEMENTATION AND COMMISSIONING & DELAYS IN THE BIDDER'S PERFORMANCE:

1. INSTALLATION OF NAC APPLIANCES: The successful bidder (SB) shall complete the installation & commissioning of the NAC Appliances along with software/licenses etc. at the locations detailed in clause 1.5 of this RFP or so detailed in the Purchase Order, within 4 weeks from the date of actual delivery or due date of delivery of the appliances, whichever is later. Installation of the NAC Appliances & associated software/hardware shall be deemed completed on submission of proof of document of installation and commissioning countersigned by the Bank official .If the schedule mentioned above is not maintained, a penalty of 1% of the cost of NAC Appliances (Serial No 1 Table I of Annexure III) shall be levied on delay of per week or part thereof subject to a maximum of 10% of the cost of NAC Appliances.

2. INSTALLATION OF MANAGED SWITCHES: SB shall complete the installation & commissioning of Managed Switches at the locations detailed in the Purchase Order, within 12 weeks from the date of actual delivery or due date of delivery of the switches, whichever is later. Installation of the Switches shall be deemed completed on submission of proof of document of installation and commissioning. If the schedule mentioned above is not maintained, a penalty of 1% of the cost of Managed Switch (Location Wise & Component Wise) shall be levied on delay of per week or part thereof subject to a maximum of 10% of the cost of the Managed Switches.

3. OPERATIONALISATION OF NAC SOLUTION: SB shall operationalize (Go Live) the NAC Solution as per the Scope of Work detailed in Annexure I of the RFP within 20 weeks of the date of Acceptance of Purchase Order. Operationalisation of the solution shall be deemed completed on submission of GO Live Signoff signed by authorized official of the bank. If this schedule is not maintained a penalty of 1% of the Total Order Value (PO Value) shall be levied on delay of per week or part thereof subject to a maximum of 5% of the Total Order Value.

Page 8 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

4. In case the delivery, installation & implementation of the solution is not completed within a maximum of 24 weeks from the date of acceptance of the Purchase order, it shall constitute sufficient grounds for the annulment of the award of contract and invocation of bank guarantee (EMD/Delivery/Performance).

5. Delivery, Installation and Implementation of Solution & Managed Switches for Additional Procurement as per Clause 1.13:

• Bank will issue separate purchase order/intimation for additional requirement as detailed in clause 1.13. • For this requirement, Successful Bidder shall deliver the switches and complete the installation of the Solution at such sites as per the Scope of Work detailed in Annexure I. • For such implementation only cost of Endpoint License, Managed Switch and cost of Engineer Visit shall be paid by the bank and no extra cost for implementation shall be applicable.

• Such implementation should be completed within 6 weeks from the date of intimation from the bank. • If the schedule is not maintained a penalty of 1% of the Total Order Value (PO Value location wise) shall be levied on delay of per week or part thereof subject to a maximum of 5% of the Total Order Value.

CLAUSE 1.10. PAYMENT TERMS

1. Successful Bidder shall submit the following documents along with request for payment:

a. Backlining Proofs & Warranty Certificates from the OEM. b. Service Level Agreement c. Non-Disclosure Agreement d. Bank Guarantee for Delivery/Performance, as per the following clauses. e. Any other documents as specified in the following clauses.

2. Payment for NAC Appliances (Serial No 1.a of Table I of Annexure III):

a. 60% of the cost of NAC Appliances shall be released on delivery of NAC appliances at the locations specified in the purchase order as per details mentioned in clause 1.5.1 & 1.5.2 of the RFP. Payment shall be released by Information Technology Department on receipt of invoices, proof of delivery (Delivery Challan duly signed by authorized official/ POD copy of Courier Service Provider etc.) after deducting applicable penalty.

b. 20% of the cost of NAC Appliances shall be released on installation of NAC appliances as per details mentioned in clause 1.6.1 of the RFP. Payment shall be released by Information Technology Department on receipt of installation certificate after deducting applicable penalty.

c. 20% of the cost of NAC Appliances shall be released 3 months post Go Live as per details mentioned in clause 1.6.3 of the RFP. Payment shall be released by Information Technology Department on submission of Go Live Certificate after deducting applicable penalty.

Page 9 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

3. Payment for Managed Switches (Serial No 1.b & 1.c of Table I of Annexure III):

a. 50% of the cost of Managed Switches shall be released on delivery of Switches at the locations specified in the purchase order as per details mentioned in clause 1.5.3 of the RFP. Payment shall be released by Information Technology Department on receipt of invoices, proof of delivery (Delivery Challan duly signed by authorized official/ POD copy of Courier Service Provider etc.) after deducting applicable penalty.

b. 20% of the cost of Managed Switches shall be released on installation of Managed Switches as per details mentioned in clause 1.6.2 of the RFP. Payment shall be released by Information Technology Department on submission of installation proof after deducting applicable penalty.

c. 10% of the cost of Managed Switches shall be released on GO live of the NAC Solution as per details mentioned in clause 1.6.3 of the RFP. Payment shall be released by Information Technology Department on submission of Go Live Certificate after deducting applicable penalty.

d. 20% of the cost of Managed Switches shall be released 3 months post GO live of the NAC Solution as per details mentioned in clause 1.6.3 of the RFP. Payment shall be released by Information Technology Department after deducting applicable penalty.

4. Payment for the managed switches as per clause 1.10.3 (a, b, c & d) may be released in lots of minimum 1000 switches, if such a request is received from the successful bidder and on the discretion of the bank.

5. Implementation charges (Serial No 2- Table II- Annexure III) – 100 % Implementation charges shall be made on satisfactory customization, implementation and deployment of the solution duly supported by Go Live Signoff duly countersigned by Bank official and Tax invoice.

6. AMC charges for the NAC Appliance (Serial No 2 – Table III – Annexure III) for the period starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis in advance after deducting applicable penalty & NEFT Charges, on submission of preventive maintenance reports.

7. AMC charges for the Managed Switches (Serial No 2 – Table IV – Annexure III) for the period starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis in advance on submission of preventive maintenance reports after deducting applicable penalty & NEFT Charges,

8. ATS charges for Endpoint Licenses for the period starting from Fourth (4th) year to Seventh (7th) year shall be paid on yearly basis in advance after deducting applicable penalty & NEFT Charges.

Page 10 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

9. Cost Onsite Support: Onsite Support Charges (Serial No 2 – Table V- Annexure III) shall be made quarterly in arrears on submission of satisfactory performance report, invoices after deducting applicable penalty & NEFT Charges.

10. Payment for Additional Procurement: Payment for additional procurement of Switches and Engineer visit for such implementation shall be released on submission of invoices, proof of delivery (Delivery Challan duly signed by authorized official/ POD copy of Courier Service Provider etc.), proof of installation and confirmation of complete implementation of NAC for such procurement.

Page 11 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

ANNXURE B

Technical Specifications: Network Access Control Solution

Bidders Bidders Sr. No Product Specifications (NAC) Compliance Remarks, if (Yes / No) any Solution should integrate seamlessly with Bank's existing IT infrastructure comprising of routers, switches, firewalls, IPS, 1 various types of WAN links and computers, devices, printers, scanners, Kiosks, IP phones, Operating Systems, VC equipment, CCTVs etc. Solution should be capable to Implement authentication and authorisation system for accessing and administering applications, operating systems, databases, network and security devices/systems, point of connectivity (local/remote, etc.) including enforcement of strong password policy, two-factor/multi-factor authentication depending on risk assessment and following the principle of least privileges and separation of duties. The 2 enforcement, authentication and admission control should be enabled centralised as well as right at the point access to bank's network including that at branch local area network. i.e. The entire traffic, from any network/ computing terminal trying to access the bank's network, should not flow to the Data centre/ Central location for the purpose of authentication and admission and access control. Access control Solution should be through a central 3 policy engine across bank. Network Access Control solution (NAC/NAC Solution/Solution) should do exactly what the name implies—control access to the network with policies, 4 including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do. The Network Access Control (NAC) solution should be an automated security control platform that can monitor and control everything on the network—all devices, all 5 operating systems, all users. The solution shall let employees and guests remain productive on the network while critical network resources and sensitive data remain protected. Solution should Maintain an up-to-date/centralized inventory of authorized devices connected to bank’s 6 network (within/outside bank’s premises) and authorized devices enabling the bank’s network.

Solution should provide a highly powerful and flexible 7 attribute-based access control solution that combines authentication, authorization and accounting (AAA),

Page 12 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

NAC, BYOD, posture, profiling, guest management services and conditional elements on a single platform.

It should allow to authenticate and authorize users and endpoints via wired, wireless and VPN with consistent 8 policy throughout the Bank and should support variety of authentication methods (802.1X, MAC auth, Web auth etc) and ensure endpoint compliance is met The proposed solution should have the capability for defining role based policies, implement, monitor 9 continuously for policy violation. In case of violation SOC should be alerted and given a provision of automated remediation. Solution should ensure that the high privilege accounts 10 (administrator level) are not used except to access specific resources Solution should be designed and deployed to work with 11 the existing network and devices and should not require re-architecting the network Solutions must support agent and dissolvable agent method for performing endpoint profiling, base-lining, 12 health check, isolate and initiate remediation process and must check the end device compliance before permitting access to the network The NAC solution should be able to handle minimum 60,000 devices/endpoints and scalable up to 1,00,000 13 devices/endpoints. The solution should perform discovery, profiling, posturing, remediation for minimum 60,000 devices/endpoints from day 1. Solution should have equipment & component level redundancy(HA) , fault tolerance and site level 14 redundancy with automatic-seamless-stateful failover between DC & DR. Solution should have centralized management at both 15 sites. Both sites and each site can be independently managed by the centralized management All devices should have redundant power supply and 16 network connectivity Solution should support multilocation load sharing and 17 failover facility Components/devices should have ability to be clustered in any combination via local and remote network 18 connections providing unlimited scale, redundancy, and access load balancing. Bidder has to provide equipment and peripherals with 19 rack mounting kit to accommodate all components in the rack space provided in Banks data centres. Solution should do Authorization, Authentication and 20 Accounting of network connections Page 13 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Supports a wide range of authentication protocols, including PAP, MS-CHAP, Extensible Authentication 21 Protocol (EAP)-MD5, Protected EAP (PEAP), and EAP- Transport Layer Security (TLS). Enable administrators to centrally configure and manage profiler, posture, guest, authentication, and authorization 22 services in a single web-based GUI console, greatly simplifying administration by providing consistency in managing all these services. Solution should provision for differentiated authorization based on specific device. For eg. When User 1 (who is a Network Admin) logs in from PC A he is authorized to access Internet etc. and he cannot login to any Network 23 device from PC1, but the same User 1 logs in to a System Admin PC kept in Firewall's Management Zone, then the user will be able to login to Network devices but cannot access Internet. Solution should support RADIUS, AD server for client device authentication and TACACS+, RADIUS for network 24 device authentication and logging. Overlay component may be added to achieve both functionality. All external facing interfaces are programmable, which means APIs are available to extend the system to support different authentication protocols, identity stores, health evaluation engines, port and vulnerability scanning 25 engines, SIEM, Firewall, IDS/IPS, APT, NBAD solutions etc. Bidder has to provide the APIs and should be integrated to these solutions without any additional cost. All licenses to be factored for integration Role-based controls of user, device, application or 26 controls based on post authentication security posture Solution should have capability to assign services based 27 on the assigned user role, group, and associated policy (job role, location, device type, and so on). Identity and access management. Solution should have 28 capability to establish user identity, location, and access history, which can be used for compliance and reporting. Solution needs to detect unsuccessful logins and restrict 29 the device to limited access Solution shall detect and disconnect the idle end 30 devices after expiry Authentication time-out Solution should facilitate provisioning of assets provided 31 by the Bank and should deny access to non-complaint devices Solution should provision 2factor or multifactor 32 authentication for allowing access to the network resources 33 Policy simulation engine for testing policy integrity 34 Real-time policy assessment, Context aware policy

Page 14 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

35 Dynamic role-based enforcement 36 Workflow for user and device registration Access control lists – both statically defined filter-ID based 37 enforcement, as well as dynamically downloaded ACLs. Solution must support Non 802.1x technology on assigned 38 ports and 802.1x technology on open use ports Solution should support Mac Address Bypass (MAB) and can further utilize identity of the endpoint to apply the 39 proper rules for access. Mac Address Bypass is typically used for devices, which do not support 802.1x Solution should offer comprehensive visibility of the network by automatically discovering, classifying, and 40 controlling endpoints connected to the network to enable the appropriate services per endpoint Solution should have capability to get finer granularity 41 while identifying devices on the network with Active Endpoint Scanning Solution should support network-based profiling by targeting specific endpoints (based on policy) for 42 specific attribute device scans, resulting in higher accuracy and comprehensive visibility of the network Solution should manage endpoint access to the network with the feature/service, which enables administrators to specify an endpoint and select an action - for example, 43 move to a new VLAN, return to the original VLAN, or isolate the endpoint from the network entirely, push dynamic ACL to the port to restrict access etc. all in a simple interface Solution should offer a rules-based, attribute-driven policy model for creating flexible and business-relevant access control policies. Provides the ability to create fine- grained policies by pulling attributes from predefined 44 dictionaries that include information about user and endpoint identity, posture validation, authentication protocols, profiling identity, or other external attribute sources. Attributes can also be created dynamically and saved for later use It should allow Administrators to create their own device templates. These templates can be used to automatically detect, classify, and associate 45 administrative-defined identities when endpoints connect to the network. Administrators can also associate endpoint-specific authorization policies based on device type.

Page 15 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Verifies endpoint posture assessment for PCs connecting to the network. Works via either a persistent client-based agent or a temporal web agent to validate that an endpoint is conforming to a company's posture policies. Provides the ability to create powerful policies that include but are not limited to checks for the latest OS 46 patches, antivirus and antispyware software packages with current definition file variables (version, date, etc.), registries (key, value, etc), and applications. Solution should support auto-remediation of PC clients as well as periodic reassessment to make sure the endpoint is not in violation of company policies Solution should classify a client machine, and should support client provisioning resource policies to ensure that the client machine is set up with an appropriate 47 agent version, up-to-date compliance modules for antivirus and antispyware vendor support, and correct agent customization packages and profiles, if necessary Solution should have automatic switch port provisions for 48 end device based on pre-defined rule Solution should support Security compliance policy – 49 Security validations the solution is capable of such as antivirus, patch update, o/s, etc. Solution should support automated remediation and 50 integration with all major OEM Antivirus, patch update ,O/S systems, AD, etc. Solution should support URL redirection for remediation or 51 other purposes Solution should have ability to meet each of the follow features:

a. Base lining for endpoints determines the status of a large variety of endpoint devices, including differing device type, operating system, etc. 52 b. Profiling for endpoints identifies all connected devices, including advanced mobile identification.

c. Guest management is performed from a central, “single pane” viewpoint allowing full visibility into current guest provisioning. Solution should support integration with leading helpdesk ticketing system. It should support self remediation 53 through end user self support and automatic remediation including guided remediation, quarantine, manual remediation etc. Solution should be capable of Integration with firewall, IPS, Router, Switch, Wireless Access Points, Active 54 Directory, LDAP, MDM solutions etc of major OEMs. Bank may go for bidirectional integration as per future requirements. Page 16 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Solution should support granular level policy 55 enforcement and provide information about users beyond that obtained in a login system Solution should detect network threats by itself or by integrating with other Security defences and should be 56 prevented from spreading and notifications to be sent to end user and administrator concerning the network threat activity via e-mail and http notification NAC solution should take feedback from external systems 57 like Syslog servers, IDS/IPS, Firewalls etc and block a user if compromised on the network. Solution should deliver customizable self service portals 58 and web pages for device onboarding, registration etc. for standard PC and mobile computing platforms. Should support full guest lifecycle management, whereby guest users can access the network for a limited time, either through administrator sponsorship or by self- 59 signing via a guest portal. Allows administrators to customize portals and policies based on specific needs of the enterprise Solution should have profiling capabilities integrated into the solution in order to detect headless host. The profiling features leverage the existing infrastructure for device discovery. Should support the use of attributes from the 60 following sources or sensors: profiling using MAC OUIs, profiling using DHCP information, profiling using RADIUS information, profiling using HTTP information, profiling using DNS information, profiling using Net Flow/JFlow etc., profiling using SPAN, profiling using SNMP etc. Solution should support threat monitoring, containment, 61 and remediation, extending beyond rogue detection and authentication Support for importing endpoints from LDAP/AD server. Should allow to import MAC addresses and the 62 associated profiles of endpoints securely from an LDAP/AD server Must incorporate a complete set of tools for reporting (Audit trailing, customizable reporting and data export capabilities), analysis, and troubleshooting. Data from 63 access transactions can be organized by customizable data elements and used to generate graphs, tables, and reports. Must correlate and organize user, authentication, and device information together Monitor an endpoint after it has gained access to the 64 network 65 Endpoint audit via NESSUS or NMAP scanning The system should provide standard based external 66 facing APIs to extend support and integration with

Page 17 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

external applications like SIEM, Firewall, IDS/IPS solutions etc Solution should support troubleshooting authentication 67 issues by triggering session re-authentication to follow up with an attempt to re-authenticate again Must support complex PKI deployment where TLS authentication requires validating client certificate from 68 multiple CA trust chain. Must also support AAA server certificate being signed by external CA whilst validating internal PKI signed client certificates. Must be able to issue certificates using an inbuilt 69 Certificate Authority as well as external certificate as per the bank's need. Encryption of traffic to the wireless and wired network 70 using protocols for 802.1X such as EAP-TLS, EAP-PEAP or EAP-MSCHAP. Quarantine (A quarantine network is a restricted IP network that provides users with routed access only to certain hosts and applications). Non Complied 71 devices/endpoints should be quarantined by moving the switch port to a different VLAN or by pushing dynamic/static ACL to the switch port to restrict the access to limited resources. Captive portals (A captive portal intercepts HTTP access to web pages, redirecting users to a web application that provides instructions and tools for updating their 72 computer. Until their computer passes automated inspection, no network usage besides the captive portal is allowed) Solution should enforce security policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without requiring administrator 73 attention. Allow administrators to quickly take corrective action (Quarantine, Un-Quarantine, or Shutdown) on risk- compromised endpoints within the network. Solution should support automated remediation system including starting process, killing process, setting registry 74 keys, starting antivirus, update anti-virus, starting windows updates and running custom scripts. The same should also be user customisable. When endpoints are discovered on the network, they can be profiled dynamically based on the configured 75 endpoint profiling policies, and assigned to the matching endpoint identity groups depending on their profiles. Provides a wide range of access control mechanisms, including downloadable access control lists (dACLs), 76 VLAN assignments, URL redirect, and Security Group Access (SGA) tagging.

Page 18 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

The Solution should have capability to see endpoints attribute data via passive network telemetry or 77 alternatively from the infrastructure via device sensors on switches at Core, Distribution and Access Layer. Solution should have capability which allows users / administrators to add a device on a portal, where the device goes through a registration process for network access. Should allow users / administrator to mark as lost any device that you have registered in the network, and blacklist the device on the network, which prevents others from unauthorized network access when using the blacklisted device. Should 78 have capability to reinstate a blacklisted device to its previous status in Device Portal, and regain network access without having to register the device again in the Devices Portal. Should also support removing any device in the enterprise network temporarily, then register the device for network access again later. Solution should be able to provide seamless user experience. Site Specification Requirements: The bidders should submit, as a part of Technical bid the dimensions and weight of each piece of equipment with necessary 79 power and wiring requirements. The Rack space required at DC and DRS to be stated while providing the requirements. The solution should not add another point of failure and 80 by-pass for business continuity The Solution should have enterprise license without any restriction to use the features mentioned in the RFP from day one. If during the contract, solution is not performing 81 as per specifications in this RFP, bidder has to upgrade / enhance the devices or place additional devices and reconfigure the system without any cost to Bank till the required performance is achieved. The solution should detect all applications / softwares /services installed or running in the endpoint and allow 82 administrators to implement policies governing those applications /softwares / services. For non 802.1X devices, network access to be provided with MAC address Bypass (MAB) with device profiling. If 83 the MAC is not matching with the device profiled record, it has to be immediately blocked (to prevent MAC spoofing) Solution should have the capability to alert and detect the underlying device profiling if any switch port is detected to be connected with more than 2 MAC IDs. It 84 should have the capability to automatically shift the switch port to quarantine VLAN or implement dynamic ACL to the port to restrict access.

Page 19 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

The Solution should be capable of working with various 85 Operating Systems like Windows, Linux. For Linux, the solution should atleast support 802.1 X Auth. The bank has Static IP address schema of /24 and /27 IP address segment at its locations. The solution proposed by 86 the bidder should not involve any change in the IP address schema at the locations. Bidder shall submit Bill of Materials for the Solution (with 87 make & model) along with the technical bid.

Solution should integrate with Enterprise level SIEM solutions and Syslog server. The Solution should be 88 able to share information to leading SIEM vendors using standard protocols (Syslog, CEF). Vendor shall provide documented security use 89 cases for proposed solution.

Solution should have the technical specifications 90 defined and documented with security baselines for implementation.

Authorized Signatory Name and Designation Office Seal Place:

Page 20 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Annexure I (C) Technical Specifications: 24 & 48 Port Managed Switch

Bidders Bidders Sr. No Product Specifications(Managed Switches) Compliance Remarks, if (Yes / No) any Type II & III Managed Switch (24 Port & 48 Port

Respectively) Minimum of 24 port 10/100/1000Mbps Gigabit Ethernet auto sensing ports for Type II Switches and Minimum of 1 48 port 10/100/1000Mbps Gigabit Ethernet auto sensing ports for Type III Switches Should have at least 2 Gigabit Ethernet port 1000Mbps 2 SFP interface for uplink connectivity Switch should be supplied with console cable, power 3 cable (suitable for 5 Amps socket) and rack mounting kits. Full-Duplex operation on Fast Ethernet & Gigabit 4 Ethernet 5 Multiple Load Sharing Trunks 6 Minimum of 512MB DRAM and 256MB Flash Memory 7 Support for minimum 16000 MAC addresses 8 IEEE 802.1Q VLAN support – Port based VLANs 9 RADIUS Support 10 High MTBF support The Switch must be able to generate Syslog Messages 11 with timestamp and Severity codes, which can be exported to a syslog server HTTP/HTTPS access to the Switch to monitor and 12 configure most of the functionalities in addition to command line interface Support for Address Resolution (ARP) to work in 13 conjunction with Private VLAN Edge to minimize broadcasts and maximize available bandwidth The proposed Switch should be IPV6 compliant. The 14 device should be IPV6 Tested device and IPV6 should support from the day one 15 Support 100 Base-TX and L2 switching 16 Multi-Link Trunking 17 Support for Spanning-Tree protocol (IEEE 802.1D) STP Fast calculation features as RSTP for faster 18 convergence Per-port broadcast, multicast and storm control to 19 prevent faulty end stations from degrading overall system performance Support for classification and scheduling based on 20 802.1 P/Q

Page 21 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Support for 802.1P class-of-service (CoS), Ability to 21 Mark/Override 802.1P Cos per port Configurable Tail Drop should be supported for 22 congestion avoidance Multicast must be supported in hardware so that 23 performance is not affected by multiple multicast instances 24 L2 Multicast support – IGMP Snooping Should support both IPV4 and IPV6 addresses in a 25 multicast group Support for external RADIUS for console access 26 restriction and authentication Multi-Level access security on switch consoled to 27 prevent unauthorized users Support for 802.1X port based authentication. Radius change of Authorization (CoA) for Network Access 28 Control, URL redirection for posture, VLAN and ACL assignment. The proposed Switch must support below IEEE 802.1X based security requirements and available from day one • IEEE 802.1X • 802.1X with VLAN assignment • 802.1X with Guest VLAN • 802.1X with guest VLAN enhancements • 802.1X with Auth Fail VLAN • 802.1X with Auth fail Open • 802.1X with Mac Auth Bypass • 802.1X with Mac Auth bypass for Voice VLAN 29 • 802.1X with ACL’s • 802.1X with port security • 802.1X with accounting • NAC-L2 IEEE 802.1X • NAC-L2 IP • NAC-L2 IP Auth Fail open • Web authentication for non 802.1X clients • Multi-Domain Authentication (802.1X for IP Phone + 1 Host Behind phone) • Switch should support concurrent deployment of 802.1X and MAB Authentication. Port Based Access Control List (ACL) for Layer 2 interfaces to allow Security policies to be applied on 30 individual Switch ports using Layer 2, Layer 3 and Layer 4 parameters. 31 Configuration change tracking 32 System Event Logging Network Time Protocol (NTP) / Simple Network time 33 protocol (SNTP) with authentication

Page 22 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

34 Switch should support SNMP Version 3 Support to DHCP is desirable, support DHCP to manage 35 IP networks and supports DHCP client and server Support for Secured Ports which restrict a port to a user- defined group of authorized stations, when secure 36 addresses are assigned to a secure port. The switch should not forward any packets with source addresses outside the defined group of addresses 37 Switch should prevent DHCP Snooping 38 IP Root Guard Broadcast and Multicast storm control to avoid 39 degradation in overall systems performance Downloadable ACL (dACL) assigned dynamically per port & Port Security

1. Switches should support dACLs per port.

2. Should support downloading of dACLs created 40 on a central NAC server

3. Each dACL rule should support specification of multiple ports/IP address.

4. Switch should support display of number of times dACL rules gets matched. 41 Should able to integrate with SIEM solution The Switch should seamlessly integrate with existing 42 Network equipment’s Support for Per-port broadcast, multicast and unicast 43 storm control 44 Should support DNS 45 Should support BPDU guard to avoid topology loop Unicast MAC filtering, unknown unicast and multicast 46 port blocking Support for MAC address notification allows 47 administrators to be notified of users added to or removed from the network Support Bidirectional data support on the SPAN port 48 allows Intrusion Prevention System (IPS) to take action when an intruder is detected Provision for Dynamic policies at Layer 2-4 for QoS and 49 Security Embedded support for web based management using 50 standard secured web browser. 51 Support for SNMP V3 with encryption 52 support for TFTP based software download Support for port mirroring measurement using a 53 network analyzer or RMON probe.

Page 23 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

Switch must be remotely managed via one telnet 54 session for all module configuration. Should have functionality to add new features like OS/ 55 firmware upgrades from central location. Support for dynamic VLAN assignment either through IEEE 802.1x for implementation of VLAN membership 56 policy server client functions to provide flexibility in assigning ports to VLANs. Dynamic VLAN helps enable fast assignment of IP addresses. 57 Real time multi port statistics. Device and port groupings for navigation and policy 58 management. 59 TACACS + server support 60 Enterprise MIB 61 Admin access right 62 Traffic volume/ error/ congestion monitoring The Switch should support IEEE 802.1Q VLANS, 802.1P, 63 802.1D, 802.3U, 802.1X, 802.3ab, 802.3ad, 802.1s. 64 Should support RFC 768, 783, 791, 792, 826, 854, RFC 951. The quoted model should be complied for 65 EAL3/NDPP from day one

Page 24 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

ANNEXURE – III FORMAT FOR INDICATIVE COMMERCIAL BID

1. Name of Bidder :

2. Address of Corporate Office :

TABLE I – COST OF NETWORK ACCESS CONTROL SOLUTION: Sl.No Description Qty Unit Total price Price (Rs.) (a) (Rs.) (b) (a*b) 1.a Network Access Control Appliance* with 3 year comprehensive onsite warranty for DC & DR as per Annexure – I (A). 1.b Licenses for endpoints / devices as per 60000 Annexure – I (A) endpoints / devices with 3 year warranty 1.c 24 Port Managed Switch with 3-year 4590 comprehensive onsite warranty. 1.d 48 Port Managed Switch with 3-year 197 comprehensive onsite warranty. 2. Total (I.a to 1.d) *quantity to be quoted by bidder as per Bill of Materials

TABLE II – COST OF IMPLEMENTATION: Sl.No Description Total Cost (Rs.) 1 Total Cost of Installation and Implementation of Network Access Control Solution at Bank’s DC, DR, Branches, ATMs & Other locations. 2 Total Implementation Cost

TABLE III – AMC FOR NAC APPLIANCE (4th to 7th Year): Sl.No Description Qty Unit Total price Price(Rs.) (Rs.) 1.a AMC for Network Access Control Appliance for 4th year 1.b AMC for Network Access Control Appliance for 5th year 1.c AMC for Network Access Control Appliance for 6th year 1.d AMC for Network Access Control Appliance for 7th year 2. Total cost of AMC (1.a to 1.d)

Page 25 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

TABLE IV – AMC FOR MANAGED SWITCHES (4th to 7th Year): Sl.No Description Qty Unit Total price Price(Rs.) (Rs.) 1.a AMC for 24 Port Managed Switch for 4th 4590 year 1.b AMC for 24 Port Managed Switch for 5th 4590 year 1.c AMC for 24 Port Managed Switch for 6th 4590 year 1.d AMC for 24 Port Managed Switch for 7th 4590 year 1.e AMC for 48 Port Managed Switch for 4th 197 year 1.f AMC for 48 Port Managed Switch for 5th 197 year 1.g AMC for 48 Port Managed Switch for 6th 197 year 1.h AMC for 48 Port Managed Switch for 7th 197 year 2 Total cost of AMC (1.a to 1.i)

TABLE V – COST OF ONSITE SUPPORT (1ST year to 7th year) Sl.No Description Qty Unit Cost (Rs.) Cost of Support (Rs.) 1.a Cost of Onsite Support for 1st year 2 1.b Cost of Onsite Support for 2nd year 2 1.c Cost of Onsite Support for 3rd year 2 1.d Cost of Onsite Support for 4th year 2 1.e Cost of Onsite Support for 5th year 2 1.f Cost of Onsite Support for 6th year 2 1.g Cost of Onsite Support for 7th year 2 2. Total Cost of Onsite Support

TABLE VI – ATS FOR END POINT LICENSES (4th to 7th Year): Sl.No Description Qty Unit Total price Price(Rs.) (Rs.) 1.a ATS for End Point Licenses for 4th year 60000 1.b ATS for End Point Licenses for 5th year 60000 1.c ATS for End Point Licenses for 6th year 60000 1.d ATS for End Point Licenses for 7th year 60000 2. Total cost of ATS (1.a to 1.d)

Page 26 of 27

Amendment no. 6 for RFP Ref: RFP/ITD/005/18-19 dated 05.10.2018

TABLE VII- SITE VISIT CHARGES FOR ADDITIONAL PROCUREMENT ONLY Sl.No Description Qty Unit Total price Price(Rs.) (Rs.) 1 Cost of Engineer Visit for implementation of 100 NAC and installation of Managed Switch for additional procurement as per clause 1.13 2. Total cost of Visit

TABLE VIII – TOTAL COST OF OWNERSHIP (TCO):

Sl.No Description TABLE Total Price (Rs.) A Total amount under Serial No. 2 TABLE I B Total amount under Serial No. 2 TABLE II C Total amount under Serial No. 2 TABLE III D Total amount under Serial No. 2 TABLE IV E Total amount under Serial No. 2 TABLE V F Total amount under Serial No. 2 TABLE VI G Total amount under Serial No. 2 TABLE VII H GRAND TOTAL

Note:

1. L1 will be determined based on the total cost of ownership (TCO) quoted by any of the technically short-listed bidder, whose commercial bid is opened, under Table VIII Serial No. H (Grand Total).

2. Quantities mentioned for Managed Switches, End Point Licenses and Site Visits for Additional Procurement are indicative in nature and should not be construed as commitment from the Bank. Actual count may differ as per the discretion of the Bank.

We certify that the items quoted above meet all the Technical specifications as per Annexure I of the RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018 and prices quoted are all in compliance with the terms indicated in clause 1.10 of the RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018. We also confirm that we agree to all the terms and conditions mentioned in this RFP Ref No. RFP/ITD/005/18-19 dated 05.10.2018.

Authorised Signatory: Name and Designation: Office Seal with date

Page 27 of 27