RFP for Odisha SOC

Request for Proposal (RFP)

for
Engagement of Agency for Implementation of
Odisha Cyber Security Operations Centre (CSOC)

Tender document no:OCAC-TE-17/2018(P-I)/ENQ-20030

Odisha Computer Application Centre (OCAC)

(Technical Directorate of E&IT Department, Govt. of Odisha)
OCAC Building, Plot No.-N-1/7D, Acharya Vihar, RRL Post Office,
Tel No: - 0674-2567280/2567064/2567295/2588283

. 1|Page
RFP for Odisha SOC

Table of Contents

1. Introduction ................................................................................................ 8
2. Acronyms.................................................................................................. 10
3. Invitation for bid ........................................................................................ 12
3.1 Bid Schedule ............................................................................................. 12
3.2 Validity of bid document ............................................................................. 14
3.3 Due Diligence ............................................................................................ 14
3.4 Pre-bid conference ..................................................................................... 14
3.5 General Instructions to bidders .................................................................... 15
3.6 Right to Terminate the Process .................................................................... 16
3.7 Confidential Information ............................................................................. 16
3.8 Submission of bid....................................................................................... 16
3.9 Evaluation procedure .................................................................................. 17
3.10 Criteria for bidding eligibility and evaluation .................................................. 20
3.10.1 Eligibility criteria ........................................................................................ 20
3.10.2 Technical evaluation ................................................................................... 22
3.10.3 Financial evaluation .................................................................................... 26
4. Scope of work for bidder ............................................................................. 27
4.1 Pre-Bidding phase ...................................................................................... 28
4.2 Implementation phase ................................................................................ 28
4.3 Operation and Maintenance phase ................................................................ 30
4.4 Partial Acceptance Test (PAT) ...................................................................... 31
4.5 Final Acceptance Testing (FAT) .................................................................... 31
5. Project Design ........................................................................................... 33
5.1 Project high-level architecture ..................................................................... 33
5.2 Site layout ................................................................................................ 34
5.3 Site Design ............................................................................................... 36
5.4 Site Civil & Non-IT works ............................................................................ 36
6. Minimum technical requirement (Non - IT assets) .......................................... 45
6.1 Earthing .................................................................................................... 45
6.2 UPS .......................................................................................................... 45
6.3 Closed circuit television (CCTV).................................................................... 46
6.4 Door Access Control system ........................................................................ 48
6.5 Addressable fire detection and alarm system ................................................. 49
6.6 Fire extinguisher ........................................................................................ 50
6.7 Rodent repellent system ............................................................................. 51
6.8 Display – for CCTV and Meeting room ........................................................... 51

2|Page
RFP for Odisha SOC

6.9 Display – Video wall with controllers and speakers ......................................... 52

6.10 Network Rack ............................................................................................ 56
7. Minimum technical requirement (IT assets) ................................................... 57
7.1 Security Orchestration Automation & Response (SOAR) .................................. 57
7.2 Log Management appliance ......................................................................... 59
7.3 Security Information and Event Management (SIEM) ...................................... 61
7.4 Anti – Advanced Threat Persistent (Anti – APT) .............................................. 63
7.5 Network Traffic Analyzer ............................................................................. 66
7.6 Intelligence feeds ....................................................................................... 68
7.7 Network Management Switch for Data centre ................................................ 69
7.8 Network Router for SOC Command Centre .................................................... 69
7.9 Managed Switch for SOC Command centre .................................................... 71
7.10 SAN Storage .............................................................................................. 72
7.11 Vulnerability Management Solution............................................................... 73
7.12 Network Monitoring, Helpdesk and Ticketing tool ........................................... 74
7.13 Desktop .................................................................................................... 77
7.14 Multifunction Printer ................................................................................... 78
8. Manpower for CSOC ................................................................................... 79
8.1 Manpower requirement ............................................................................... 79
8.2 Manpower qualification ............................................................................... 80
8.3 Manpower roles and responsibilities .............................................................. 80
8.4 Additional Manpower requirement ................................................................ 84
9. Service Level Agreement............................................................................. 86
9.1 Service level parameters ............................................................................. 88
9.1.1 Device and software availability ................................................................... 88
9.1.2 Incident logging and Response .................................................................... 88
9.1.3 Manpower availability ................................................................................. 91
9.1.4 Surveillance and monitoring ........................................................................ 91
9.1.5 Business Continuity Plan testing................................................................... 92
9.1.6 Electrical power and backup ........................................................................ 92
9.1.7 Access control ........................................................................................... 93
9.1.8 Fire alarm and rodent repellent .................................................................... 93
9.1.9 Civil and electrical works ............................................................................. 93
10. Project Timelines ....................................................................................... 94
11. Payment terms .......................................................................................... 96
11.1 Penalty ..................................................................................................... 99
11.1.1 Supply, Installation, Commissioning ............................................................. 99
11.1.2 Operations and Maintenance ..................................................................... 100

3|Page
RFP for Odisha SOC

11.1.3 Manpower ............................................................................................... 106

12. Reporting ................................................................................................ 107
13. Bill of Materials for CSOC .......................................................................... 109
13.1 IT assets ................................................................................................. 109
13.2 Non-IT assets .......................................................................................... 109
13.3 Manpower requirement ............................................................................. 111
14. General conditions of engagement for bidder ............................................... 112
14.1 General terms ......................................................................................... 112
14.2 Insurance................................................................................................ 113
14.3 Confidentiality ......................................................................................... 113
14.4 Indemnification ........................................................................................ 114
14.5 Limitation of liability for implementation agency .......................................... 115
14.6 Liquidated damages ................................................................................. 115
14.7 Force Majeure .......................................................................................... 116
14.8 Intellectual Property Rights ....................................................................... 116
14.9 Change control ........................................................................................ 117
14.10 Publicity .................................................................................................. 118
14.11 Termination ............................................................................................. 118
14.11.1 Termination for client’s convenience .................................................. 118
14.11.2 Termination for implementation agency’s default ................................ 119
14.11.3 General terms during termination ..................................................... 120
14.12 Taxes and Duties ..................................................................................... 121
14.13 Settlement of Disputes ............................................................................. 121
15. Obligations of OCAC ................................................................................. 122
16. Exit Management ..................................................................................... 122
16.1 Purpose .................................................................................................. 122
16.2 Exit management period ........................................................................... 123
16.3 Exit management plan .............................................................................. 123
Annexure – I: Current asset detail....................................................................... 125
Annexure – II: Proforma .................................................................................... 138
Proforma 1: Bidder profile ......................................................................... 139
Proforma 2: Letter of Authority .................................................................. 140
Proforma 3: Letter for agreement to scope of work ....................................... 141
Proforma 4: Undertaking on Total Responsibility .......................................... 142
Proforma 5: Forwarding Letter for Earnest Money Deposit ............................. 143
Proforma 6: Format of Earnest Money Deposit (EMD).................................... 144
Proforma 7: Compliance of Eligibility criteria ................................................ 145
Proforma 8: Undertaking of Service Level Compliance ................................... 148

4|Page
RFP for Odisha SOC

Proforma 9: Warranty Certificate ................................................................ 149

Proforma 10: Authorization letters from all OEMs ......................................... 150
Proforma 11: Proposal Covering Letter – Technical ....................................... 152
Proforma 12: Compliance of Technical specification for IT and Non-IT assets ... 153
Proforma 13: Project Credentials Format..................................................... 154
Proforma 14: Format for providing CV of Manpower to be proposed ............... 155
Proforma 15: Proposal Covering Letter – Financial ....................................... 157
Proforma 16: Financial Proposal – IT and Non-IT (CAPEX) ............................. 159
Proforma 17: Financial Proposal – Manpower ............................................... 165
Proforma 18: Financial Proposal – Operations and Maintenance (OPEX) .......... 166
Proforma 19: Financial Proposal – Total cost of the project (CAPEX + OPEX) ... 167
Proforma 20: Financial Proposal – Additional cost......................................... 168
Proforma 21: Letter for self-declaration of clean track record ........................ 169
Proforma 22: Format of Bank guarantee ..................................................... 170
Proforma 23: Non-Disclosure Agreement .................................................... 173
Proforma 24: Undertaking on Exit Management ........................................... 174

5|Page
RFP for Odisha SOC

---------------------This page has been intentionally kept blank-------------------

6|Page
RFP for Odisha SOC

Disclaimer
The information contained in this Tender document or subsequently provided to
Bidder(s), whether verbally or in documentary or any other form by Odisha Computer
Application Centre (OCAC) or any of their employees is provided to Bidder(s) on the
terms and conditions set out in this Tender Document and such other terms and
conditions subject to which such information is provided. This Tender is not an
agreement and is neither an offer nor invitation by the OCAC to the Bidders or any other
person. The purpose of this Tender is to provide interested parties with information that
may be useful to them in making their technical and financial offers pursuant to this
Tender (the "Bid"). This Tender includes statements, which reflect various assumptions
and assessments arrived at by the OCAC in relation to the Project. Such assumptions,
assessments and statements do not purport to contain all the information that each
Bidder may require. This Tender may not be appropriate for all persons, and it is not
possible for the OCAC, to consider the technical capabilities, investment objectives,
financial situation and particular needs of each party who reads or uses this Tender. The
assumptions, assessments, statements and information contained in this Tender, may
not be complete, accurate, adequate or correct. Each Bidder should, therefore, conduct
its own investigations, studies and analysis and should check the accuracy, adequacy,
correctness, reliability and completeness of the assumptions, assessments, statements
and information contained in this Tender and obtain independent advice from
appropriate sources. Information provided in this Tender to the Bidder(s) is on a wide
range of matters, some of which depends upon interpretation of law. The information
given is not an exhaustive account of statutory requirements and should not be regarded
as a complete or authoritative statement of law. OCAC accepts no responsibility for the
accuracy or otherwise for any interpretation or opinion on law expressed herein. OCAC,
makes no representation or warranty and shall have no liability to any person, including
any Bidder under any law, statute, rules or regulations or tort, principles of restitution or
unjust enrichment or otherwise for any loss, damages, cost or expense which may arise
from or be incurred or suffered on account of anything contained in this Tender or
otherwise, including the accuracy, adequacy, correctness, completeness or reliability of
the Tender and any assessment, assumption, statement or information contained therein
or deemed to form part of this Tender or arising in any way in this Bid Stage. OCAC also
accepts no liability of any nature whether resulting from negligence or otherwise
howsoever caused arising from reliance of any Bidder upon the statements contained in
this Tender. OCAC may in its absolute discretion, but without being under any obligation
to do so, update, amend or supplement the information, assessment or assumptions
contained in this Tender. The issue of this Tender does not imply that OCAC is bound to
select a Bidder or to appoint the Preferred Bidder, as the case may be, for the Project
and OCAC reserves the right to reject all or any of the Bidders or Bids without assigning
any reason whatsoever. OCAC reserves all the rights to cancel, terminate, change or
modify this selection process and/or requirements of bidding stated in the Tender, at any
time without assigning any reason or providing any notice and without accepting any
liability for the same. The Bidder shall bear all its costs associated with or relating to the
preparation and submission of its Bid including but not limited to preparation, copying,
postage, delivery fees, expenses associated with any demonstrations or presentations
which may be required by OCAC or any other costs incurred in connection with or
relating to its Bid. All such costs and expenses will remain with the Bidder and OCAC
shall not be liable in any manner whatsoever for the same or for any other costs or other
expenses incurred by a Bidder in preparation or submission of the Bid, regardless of the
conduct or outcome of the Bidding Process.

7|Page
RFP for Odisha SOC

1. Introduction
Odisha Computer Application Centre (OCAC), the Designated Technical Directorate of
Electronics & Information Technology Department, Government of Odisha, has evolved
through years as a centre of excellence in IT solutions and e-Governance. It has
contributed significantly to the steady growth of IT in the state. So it helps IT to reach
the common citizen so as to narrow down the Digital Divide and widespread applications
of IT is establishing a system where the citizens are receiving good governance ensuring
speed of decisions from a transparent Government through an effective e-Governance
System.

Computer Emergency Response Team – Odisha (CERT-O)

In the wake of lack of adequate expertise in Government/Government Agencies/ there

emerged a need for setting up of a permanent mechanism which would act as nodal
agency for monitoring various cyber security related matters for Government of
Odisha/Government Organisations. The state government had therefore felt the
necessity for setting up of Computer Emergency Response Team-Odisha (CERT-Odisha
or CERT-O) in line with CERT India (CERT-IN) to cater to crisis situations in Cyber
Security matters of Government of Odisha.

Cyber Security Operation Centre (CSOC)

A cyber security operations centre or CSOC is a subgroup of CERT-O and comprises of a

team of expert individuals and the facility in which they dedicate themselves entirely to
high-quality IT security operations. A CSOC seeks to prevent cybersecurity threats and
detects and responds to any incident on the computers, servers and networks it
oversees. What makes a CSOC unique is the ability to monitor all systems on an ongoing
basis, as employees work in shifts, rotating and logging activity around the clock.

In recent times organizations are shifting their focus more on the human element than
the technology element to assess and mitigate threats directly rather than rely on a
script. While technology systems such as Firewall, IPS or other security appliances may
prevent basic attacks, human analysis is required to put major incidents to rest.

As opposed to a traditional IT department, a CSOC staff primarily includes a team of

highly experienced cybersecurity analysts and trained professionals. These individuals
use a range of computer programs and specialized security processes that can pinpoint
weaknesses in the department’s infrastructure and prevent these vulnerabilities from
leading to intrusion or theft.

Ensuring these programs comply with company, industry and government regulations is
also a significant part of a CSOC’s job.

With a variety of tasks to perform, using a variety of tech and methods, SOCs can look
different depending on a multitude of factors. Some companies, Govt. Departments, PSU
sectors have an in-house CSOC, while others opt to outsource these services. Most
importantly, however, they all have the primary goal of preventing breaches and
minimizing losses due to online criminal activity.

8|Page
RFP for Odisha SOC

Objective

Government of Odisha (GoO), Electronics & Information Technology Department and

Odisha Computer Application Centre (OCAC) intends to take high priority in securing the
organization’s and departmental data and removal of any threat that exist in the current
infrastructure of the organization / department. Additionally, its objective is to ensure
minimum dwell time of any possible threat in servers, networks and systems. This is
possible only if there is a system in place that has constant monitoring. Establishing a
Cyber Security Operations Centre (CSOC) has become more important for organizations
as security breaches are on the rise and the cost associated with data loss is often high.

Hence developed the vision of establishing a Cyber Security Operations Centre to

precisely tackle this problem and be better prepared for a worst-case scenario. At
present there is no integrated system in place to monitor the infrastructure, network
flow, data flow and intrusion for the organization(s). The monitoring currently is done at
individual department or project (SDC / SWAN) level and is not integrated into a
centralized information and monitoring system. The technology utilized by the individual
department / project does not cater to all the infrastructure and are equipped with
limited resources.

In brief the objectives can be distinguished as below:-

 Prevention of cyber security incidents through various measures as establishing
security policy, continuous threat analysis, deployment of preventive and
detective security devices.
 Monitoring, detection and analysis of potential intrusions/threats in real time from
security related data sources.
 Response to the threats in timely manner for mitigate.
 Capacity building and awareness creation for cyber security.

Cyber security operations centre (CSOC) would be a command centre facility for a team
of IT professionals with expertise in information security that would be responsible for
monitoring, analysing and protecting the organization from cyberattacks. In the CSOC,
internet traffic, local area network, desktops, servers, databases, applications and other
systems would be continuously examined for signs of a security incident. The CSOC staff
may work with other teams or departments, but would typically be self-contained with
employees that have high-level information technology and cybersecurity skills.

9|Page
RFP for Odisha SOC

2. Acronyms

List of acronym that has been used in this document has mentioned here along with its
full form/meaning.
Sr.
Abbreviations Description/ Definitions
No.
1. AC Air Conditioning
2. AHU Air Handling Unit
3. APT Advanced Persistent Threats
4. BOM Bill of Material
5. BOQ Bill of Quantity
6. BTA Business Transaction Activity
7. CAPEX Capital Expenditure
8. CCTV Closed Circuit Television
9. CSOC Cyber Security Operations Centre
10. Cu Copper
11. DB Distribution Box
12. DC Data Centre
13. DPR Detailed Project Report
14. DOT Department of Telecom
15. EPS Events per second
16. FAT Final Acceptance Test
17. FTP File Transfer Protocol
18. G2B Government to Business
19. G2C Government to Citizens
20. G2G Government to Government
21. GI Galvanized Iron
22. GoO Government Of Odisha
23. IA Implementation Agency
24. IGBT Insulated Gate Bipolar Transistor
25. IP Internet Protocol
26. IPS Intrusion Prevention System
27. IOT Internet over Things
28. ISMC Indian Standard Medium Channel
29. ISO International Organization for Standardization
30. ISP Internet Service Provider
31. IT Information Technology
32. KV Kilo Volt

10 | P a g e
RFP for Odisha SOC

Sr.
Abbreviations Description/ Definitions
No.
33. LAN Local Area Network
34. LoI Letter of Intent
35. MCB Miniature Circuit Breaker
36. MCCB Moulded Case Circuit Breaker
37. MeitY Ministry of Electronics and Information Technology
38. NOC Network Operations Centre
39. NVR Network Video Recorder
40. O&M Operations and Maintenance
41. OCAC Odisha Computer Application Centre
42. OEM Original Equipment Manufacturer
43. OPEX Operational Expenditure
44. OSDC Odisha State Data Centre
45. PAT Partial Acceptance Test
46. PDU Power Distribution Unit
47. PMU Project Management Unit
48. PoE Power over Ethernet
49. PVC Poly Vinyl Chloride
50. QOS Quality of Services
51. RFP Request For Proposal
52. SAN Storage Area Network
53. SDC State Data Centre
54. SIEM Security Information and Event Management
55. SOAR Security Orchestration Automation and Response
56. SOP Standard Operating Procedure
57. STP Spanning Tree Protocol
58. SWAN State Wide Area Network
59. TCP Transmission Control Protocol
60. UAT User Acceptance Test
61. UPS Uninterrupted Power Supply
62. WAN Wide Area Network

11 | P a g e
RFP for Odisha SOC

3. Invitation for bid

Odisha Computer Application Centre invites offer / proposal from interested bidders for
“Design, Build, Installation, Commissioning, Operation & Maintenance of Non-IT & IT
infrastructure for Cyber Security Operations Centre, Odisha” for a period of four (4)
years from date of Go-live of CSOC. This RFP document is being published on web portal
“https://www.ocac.in”, this section provides general information about the issuer,
important dates, and addresses for bid submission & correspondence for the bidders.

The bidders are advised to study the RFP document carefully. Submission of bids shall be
deemed to have been done after careful study and examination of the RFP document
with full understanding of its implications.

About OCAC
Odisha Computer Application Centre is the nodal agency of Odisha State working
towards promotion & implementation of IT and e-Governance. It is the single-point of
access to any IT business opportunity in Odisha and encourages various players in the
field of IT to come forward and invest in the State of Odisha. OCAC is committed to
generate IT business for the public/private sector with a mandate from the Government
to develop IT in the state. This includes opportunities for software development, supply
of hardware & peripherals, networking and connectivity, web applications, e-commerce,
IT training and an entire gamut of direct and indirect IT businesses.

3.1 Bid Schedule

The Bid document may be purchase by any interested Bidder on submission of a written
application along with the Bid document fee of Rs. 25,000 /- in the form of Demand
Draft from a scheduled bank in India in favour of Odisha Computer Application Centre,
payable at Bhubaneswar, during office hours on any working day. The complete bid
document has also been published on the website www.ocac.in or www.odisha.gov.in for
downloading. The downloaded bid document shall also be considered valid for
participation in the bid process but such bid documents should be submitted along with
the required Bid document fee as mentioned.
Proposal inviting
Odisha Computer Application Centre, Bhubaneswar.
agency
Rs. 25,000/- (Twenty Five Thousand only) plus GST 12% DD
Non Refundable RFP / Bankers Cheque in favour of “OCAC” payable at
Cost Bhubaneswar from a nationalized / scheduled commercial
bank in India.
Sale of RFP From date: 24-09-2020 to 27-10-2020, 2:00 P.M.
Document Also download from our website www.ocac.in
General Manager (Admin)
Odisha Computer Application Centre,
The contact N1/ 7D, Acharya Vihar Square, Near Planetarium, P.O. –
information RRL, Bhubaneswar 751013
Ph. - 0674-2582850/ 2588064
Website: www.ocac.in

12 | P a g e
RFP for Odisha SOC

Last date and time

for submission of Date:27-10-2020 Time:03:00 P.M.
proposal
Rs. 50,00,000/- (Fifty lakhs only) in form of Bank Guarantee
Earnest Money in the prescribed format in favour of “OCAC” payable at
Deposit - (EMD) Bhubaneswar from a nationalized / scheduled commercial
bank in India.
On 30-09-2020 (Bidder pre-bid queries should reach as on
before date:30-09-2020 time:04:00 P.M.) Bidders should
Pre bid Conference
email their pre-bid queries to: “[email protected]” or
and clarifications
“[email protected]” with subject line “Odisha CSOC: Pre-
bid queries against RFP Enq. no. 20030”
Opening of General
cum Technical
27-10-2020, 04:00 P.M.
Presentation by the
qualified bidder.
Opening of
Will be intimated later
Commercial Bids
General Manager (Admin), OCAC,
Address for Odisha Computer Application Centre,
Correspondence and N1/ 7D, Acharya Vihar Square, Near Planetarium, P.O. –
bid submission RRL, Bhubaneswar 751013
Ph. - 0674-2582850/ 2588064
Website: www.ocac.in
This proposal should be filled in English language only. If any
supporting documents are to be submitted, in any other
Language of the
language other than English, then translation of the same in
proposal
English language, attested by the Bidder should be attached.

Proposal currency Prices shall be quoted in Indian Rupees (INR)

13 | P a g e
RFP for Odisha SOC

3.2 Validity of bid document

Bids shall remain valid for a period of 180 days after the last date of submission of
proposal as mentioned in Section 3.1 or as may be extended from time to time. OCAC
holds the right to reject a bid valid for a period shorter than 180 days as non-responsive,
without any correspondence. In exceptional circumstances, prior to expiry of the bid
validity period, OCAC may request the bidders’ consent to an extension of the validity
period. The request and response shall be made in writing. Extension of validity period
by the bidder should be unconditional and irrevocable. The EMD / Bank Guarantee
provided shall also be suitably extended. A bidder may refuse the request without
forfeiting the bid security.

3.3 Due Diligence

The Bid shall be deemed to have been submitted after careful study and examination of
this RFP document. The Bid should be precise, complete and in the prescribed format as
per the requirement of this RFP document. Failure to furnish all information or
submission of a bid not responsive to this RFP will be at the Bidders‟ risk and may result
in rejection of the bid. Also the grounds for rejection of Bid should not be questioned
after the final declaration of the successful Bidder.
The Bidder is requested to carefully examine the RFP documents and the terms and
conditions specified therein, and if there appears to be any ambiguity, contradictions,
inconsistency, gap and/or discrepancy in the RFP document, bidder should seek
necessary clarifications by e-mail as mentioned in Section 3 of the RFP.

Failure to comply with the requirements of this paragraph may render the Proposal non-
compliant and the Proposal will be rejected. Bidders must:

a. Comply with all requirements as set out within this RFP.

b. Submit the forms as specified in this RFP and respond to each element in the order
as set out in this RFP.
c. Include all supporting documentations specified in this RFP.

3.4 Pre-bid conference

 OCAC shall hold a pre-bid conference with the prospective bidders on 03-10-2020
at 4:00 P.M.

 The Bidders will have to ensure that their queries for Pre-Bid conference should be
sent to the e-mail id: [email protected] on or before date 30-09-2020 by
4:00 P.M.

 Queries submitted after the scheduled date and time, shall not be accepted.

 The queries should necessarily be submitted in the following format:

Sr. RFP Clause No. RFP Page no. Existing Clause Reference / Subject
No. Details Clarification
1.
2.

14 | P a g e
RFP for Odisha SOC

3.5 General Instructions to bidders

 One bidder is eligible to submit only one bid proposal. If any bidder is found to be
submitting more than one proposal, any one proposal would be considered and rest
of the proposal submitted by the bidder would be disqualified.

 While every effort has been made to provide comprehensive and accurate
background information, requirements, and specifications, Bidders must form their
own conclusions about the requirements or contact OCAC for any clarification.
Bidders and recipients of this RFP may wish to consult their own legal advisers in
relation to this RFP.

 All necessary tools and accessories required to complete the scope of work as per
RFP document is in the scope of the bidder, at no extra cost to OCAC.

 All information to be supplied by Bidders will be treated as contractually binding on

the Bidders, on successful award of the assignment by OCAC on the basis of this
RFP.

 The bidder should put signature and seal of the authorized personnel on each and
every page of the bid document.

 The certifications of the manpower resources proposed for the project should be
valid during the bid submission and also for the entire duration of the project. Bidder
should ensure to reissue any expired certification from the relevant body.

 No commitment of any kind, contractual or otherwise shall exist unless and until a
formal written contract has been executed by or on behalf of OCAC with the bidder.
OCAC may cancel this public procurement at any time prior to a formal written
contract being executed by or on behalf of OCAC.

 This RFP supersedes and replaces any previous public documentation &
communications in this regard and bidders should place no reliance on such
communications.

 OCAC at any time during the evaluation period may contact the personnel
authorized by the bidder for clarification of information / documentation submitted
by the bidder.

 The bidder may propose “Make in India” products and solutions in their bid, however
the products / solutions should be in compliance with the required guidelines and
standards. They should also meet the criteria and minimum requirement as
mentioned in the RFP document.

 The bidder shall be responsible for the upgradation and additional configuration of
the SIEM (ArcSight ESM) solution, Logger appliances, Connector appliances and User
Behavioural Analyser (UBA) appliance which are installed at Odisha State Data
Centre.

15 | P a g e
RFP for Odisha SOC

 In case the bidder does not intend to utilize or leverage the existing SIEM / ESM
solution and logger appliances deployed at Odisha State Data Centre, the bidder
may be given an option to propose a new SIEM / ESM solution along with required
logger and connector devices. The proposed solution may be added as per the
Proforma 20 of the RFP document. However, the bidder would be responsible for the
integration of the existing solutions with SOC.

 Any solution if required to be in the form of either appliance or software altogether

with its requirement is to be proposed by the bidder.

 Consortium or subcontracting of any kind shall not be acceptable for this project.
Any deviation would lead to disqualification or termination of the same. However, as
per the State ICT Policy 2014 clause 5.5.2, it is mandated that the successful bidder
must associate a local enterprise, who has not been debarred / black listed by state
Government. The involvement / association of the local enterprise is limited to
maximum 25% of the total project. The work allotted to the local enterprise may be
limited to any one of the following:
i. Civil and interior works of the SOC sites.
ii. Installation, maintenance and support of the Non-IT items for SOC.
iii. Manpower deployed for SOC.
The local enterprise should have relevant experience, expertise and reach in the
associated scope of work or activity. The successful bidder has to submit scope of
work, credential and experience details of the local enterprise with OCAC.

3.6 Right to Terminate the Process

 OCAC may terminate the RFP process at any time and without assigning any reason.
OCAC makes no commitments, express or implied, that this process will result in a
business transaction with anyone.

 This RFP does not constitute as an offer by OCAC. The bidder’s participation in this
process may result OCAC selecting the bidder to engage towards execution of the
agreement.

3.7 Confidential Information

OCAC and successful bidder shall keep every information related to the work order /
engagement, project status, data and reports confidential and without the written
consent of the other party hereto, divulge to any third party any documents, data, or
other information furnished directly or indirectly by the other party hereto in connection
with the engagement, whether such information has been furnished prior to, during or
following completion or termination of the contract.

3.8 Submission of bid

 The proposal shall be submitted in hard copy in three parts in, Part-I “RFP fees DD
and EMD BG”, Part-II “Eligibility cum Technical bid” and Part-III “Commercial Bid”.
 The complete bid should be submitted in a single sealed envelope with complete
name and address of the bidder addressed to OCAC. Inside the single envelope, all
the three parts of bid (Part-I, II and III) should be in separate properly labelled
sealed envelopes.

16 | P a g e
RFP for Odisha SOC
 “Eligibility cum Technical bid” would consist of two parts; “Pre-qualification
compliance” & “Technical Proposal”. Technical Bid proposal and Commercial Bid
(consisting of the commercial proposal) shall be submitted as per format mentioned in
Annexure II of the RFP document. The bidders must submit their responses as per the
respective formats given in this RFP, which must be properly flagged to distinguish
the required enclosures.
 The submission of bids should be as per the timelines provided in the RFP. Any
deviation from the timelines would result in the disqualification of the bid.
 All information required as per the RFP should be furnished by the bidder in the
specified formats provided. Any information not found or information in a different
format may lead in the disqualification of the bid.
 The proposal should be signed by an authorized signatory (having power of
attorney/authorized by board resolution) on each page of the proposal document
including enclosures.
 The proposal shall contain no interlineations, erasures or overwriting, in order to
correct error made by the Bidder. All corrections shall be done & initialled by the
authorized signatory after striking out the original words / figures completely.
 Please note that prices should not be indicated in the Technical Proposal but should
only be indicated in the Commercial Proposal. Any proposal with commercial notes /
values / price submitted along with Technical Proposal will be summarily rejected.
 The proposal shall be submitted in hardcopy, along with RFP fee and EMD at the
specified address as mentioned above within the above date and time. The validity of
the EMD should have a validity of 180 days.
 Technical presentation should be made by the bidder on a date specified by OCAC, a
softcopy of the presentation should also be shared by the bidder with OCAC. The
technical presentation should at least contain the following contents:
 Experiences in similar line of services for Cyber SOC.
 Virtual walkthrough of existing Cyber SOC command centres implemented by
the bidder.
 Approach and Methodology for the implementation and O&M of Cyber SOC.
 Provisions for upgradation and technology improvement of SOC
infrastructure.
 Resources proposed for deployment at SOC.
 Brief demonstration of the line of services of the bidder and client base.
 Any other value addition to the services of proposed SOC.
 Technical interview will be taken for the manpower proposed by the bidder for the
operations and maintenance of the project. The interview would be limited to the SOC
analysts, SOC Engineer, Security administration and Threat Intelligence expert and
SOC manager. The date and time of the interview will be intimated by OCAC to the
bidder.
 OCAC may, at its discretion, extend the deadline of the bid process for any
administrative or any other reason.

3.9 Evaluation procedure

1. OCAC may constitute an Evaluation Committee to evaluate the responses of the
bidders.
2. The Evaluation Committee constituted by OCAC shall evaluate the responses to the
RFP and all supporting documents / documentary evidence. Inability to submit
requisite supporting documents / documentary evidence, may lead to rejection.

17 | P a g e
RFP for Odisha SOC
3. The interpretation of the bids and the decision made by the Evaluation Committee in
the evaluation of responses to the RFP shall be final. No correspondence will be
entertained outside the process of evaluation with the committee.
4. The Evaluation Committee may ask for meetings with the bidders to seek clarifications
on their bids.
5. The Evaluation Committee reserves the right to reject any or all bids on the basis of
any deviations.
6. Each of the responses shall be evaluated as per the criterions and requirements
specified in this RFP.
7. Initial Proposal scrutiny will be held and incomplete details as given below will be
treated as non-responsive. If Bids;
a. Are submitted without tender fee or EMD in prescribed format.
b. Are not submitted as specified in the RFP document.
c. Received without the Letter of Authorization (Power of Attorney).
d. Are found with suppression of details.
e. With incomplete information, subjective, conditional offers and partial offers
submitted.
f. Submitted without the documents requested in the Proforma.
g. Have non-compliance of any of the clauses stipulated in the RFP.
h. With lesser validity period.

8. Evaluation Committee will prepare a list of responsive bidders, who comply with all
the Terms and Conditions of the RFP. All eligible bids will be considered for further
evaluation by a Committee according to the Evaluation process define in this RFP
document. The decision of the Committee will be final in this regard. All responsive
Bids will be considered for further processing as below:
a. Evaluation committee will examine the bids to determine whether they
are complete, whether any computational errors have been made, and
whether the bids are generally in order. The interpretations made by the
evaluation committee will be final and binding on the bidders.
b. Reasonableness of Prices: Prices quoted by bidders must be reasonable
with prevalent market rates. AHR (Abnormally High Rates) and ALR
(Abnormally Low rates) shall not be accepted and OCAC shall have to the
right to reject the bid.
c. In case an item has been left out in the BOQ/BOM/Price bid by a
particular bidder but required for the successful implementation of
project and/or it is mentioned in the solution document of the bidder,
OCAC will have the right to reject the bid or ask the bidder to supply the
item free of cost.
d. It is mandatory for bidder to submit detailed BOM (Bill of material with
quantity) as unpriced bid in technical bid. Any discrepancy in price and
unpriced bid will lead to disqualification of the bid OR OCAC will have the
right to consider the highest amongst the BOQ/BOM and the price bid.
e. In case of no price quoted or zero price quoted against an item by a
bidder, the bidder has to provide / implement the item at zero cost.
f. In case of a situation where the bidder has quoted abnormally low
quantity or abnormally high quantity for an item, OCAC will have the
rights to ask for an explanation during technical evaluation stage. The
bidder will be given chance to increase or decrease the quantity as per
the solution the bidder would propose and accepted by OCAC. This will
not be applicable for the quantity mentioned against items that is

18 | P a g e
RFP for Odisha SOC
already asked in the tender. Accordingly during commercial evaluation
the prices will be calculated for revised quantity submitted by bidder.
g. Arithmetical errors will be rectified on the following basis:

 If there is a discrepancy between the unit price and the total price that
is obtained by multiplying the unit price and quantity, the unit price
shall prevail and the total price shall be corrected.
 If there is an error in a total corresponding to the addition or
subtraction of subtotals, the subtotals shall prevail and the total shall be
corrected.

 If the Bidder does not accept the correction of the errors, his proposal
will be rejected.

 If there is a discrepancy between words and figures, the amount in

words will prevail.

h. OCAC may conduct clarification meetings with each or any Bidder to

discuss any matters, technical or otherwise. Result of such meeting/
clarification may be published on specified website; however, no material
changes in the bid shall be permitted.
i. Further, the scope of the evaluation committee also covers taking any
decision with regards to the RFP Document, execution/ implementation of
the project including management period.
j. Proposal shall be opened in the presence of bidders representatives who
intend to attend at their cost. The bidders’ representatives who are
present shall sign a register giving evidence of their attendance.
Proposal document shall be evaluated as per the following steps.

 Preliminary Examination of Eligibility Criteria documents: The Eligibility document

will be examined to determine whether the bidder meets the eligibility criteria,
whether the proposal is complete in all respects, whether the documents have
been properly signed and whether the bids are generally in order. Any bids found
to be non-responsive for any reason or not meeting the minimum levels of the
performance or eligibility criteria specified in various sections of this RFP
Document will be rejected and will not be considered further.
 Technical Evaluation: A detailed evaluation of the bids shall be carried out in
order to determine whether the bidders are competent enough and whether the
technical aspects are substantially responsive to the requirements set forth in the
RFP document. Bids received would be assigned scores based on the parameters
defined. The technical specification and capacity of the solutions provided by the
bidder would also be noted for the evaluation.

 The technically qualified bidders shall be invited during opening of the commercial
bids and subsequently commercial evaluation shall be carried out.

19 | P a g e
RFP for Odisha SOC

3.10 Criteria for bidding eligibility and evaluation

3.10.1 Eligibility criteria

Only those bidders, who satisfy all the eligibility criteria as mentioned herein below, may
respond. Document in support of all eligibility criteria are required to be submitted along
with the Technical Bid. Offers received from the bidders who do not fulfil any of the
following eligibility criteria are liable to be rejected.

Sr.
Pre-qualification criteria Document to be submitted
No.
A bidder with solutions developed in
Declaration by the bidder / OEM on their
an entity incorporated in a country
1 letter head that the bidder has proposed no
sharing a land boundary with India
such solutions in response to the RFP.
cannot participate in this bid.
The bidder should be an established
Company registered under the –
 Certificate of incorporation.
Indian Companies Act, 1956/2013, or
 Certificate consequent to change of name
2 partnership firm register under LLP
if applicable.
Act, 2008 since last 5 years as on
31st March 2019.

The bidder should have a registered

number of:
3
 GST Registration.
 Income Tax / PAN.
The bidder may be either an OEM / an
authorized partner of the OEM whose
4 product bidder is proposing. (The
solution proposed can be from a single
or various OEMs).
The bidder should have a minimum
average annual turnover of at least
5 Rs. 200 Crores in the last three
financial years (i.e. 2016-17, 2017-18
& 2018-19).
 Certificate of GST registration.
 Copy of PAN / Income tax number.
In case of an OEM authorized partner, a
letter of authorization (MAF) from original
manufacturer for each solution / equipment
must be furnished in original duly signed.
Undertaking from the OEM mentioning a
clause that OEM will provide support
services during the complete period of the
contract if the bidder authorized by them
fails to perform.
Audited Balance Sheets for last 3 years, i.e.,
2016-17, 2017-18 & 2018-19 where
financial turnover is segregated. Every
sheet should be duly certified by a chartered
accountant or accounting firm stating Net
Worth, Turnover and Profit/Loss for last 3
financial years.
or
A letter under the head of the chartered
accountant / or firm certifying the financial
turnover of the company is to be submitted
with the bid.
RFP for Odisha SOC

Sr.
Pre-qualification criteria Document to be submitted
No.

Audited Balance Sheets for last 3 years, i.e.,

The bidder should have positive net
worth during the last three financial
6
years (i.e. 2016-17, 2017-18 & 2018-
19).
2016-17, 2017-18 & 2018-19 where profit
or loss from similar works is segregated.
Every sheet should be duly certified by a
chartered accountant or accounting firm
stating Net Worth, Turnover and Profit/Loss
for last 3 financial years.
or
A letter under the head of the chartered
accountant / or firm certifying the profit and
loss of the company from similar line of
service is to be submitted with the bid.

The bidder should provide the list of

clients with whom SOC solution was
implemented during last three years
Relevant MSA copy / Work order copy /
up-to 30.12.2019. SOC solution could
client satisfactory letter regarding successful
be On-premises SOC, Managed SOC,
implementation or ongoing of security
Hybrid SOC.
operation centre (SOC) solution in the name
7 of the bidder is to be submitted.
At least 3 government / BFSI clients.
All work orders / contracts should be The PO / letter should be in the name of the
in the name of the bidder for SOC bidder and clearly mention the scope of
services. work.
Minimum value of any one project
should be above 5 crore.
Self-certification with office location
The bidder should have local office in addresses to be submitted / declaration for
Odisha or should submit a declaration establishment of an office in case LoI has
for establishing an office in Odisha been awarded.
8
within one month of issuing of Letter
of Intent (LoI) from OCAC. The document should be on the bidder’s
letter head signed by the authorized
signatory.
The bidder should not have been
An undertaking to this effect in the
blacklisted by Government of India / company’s letter head signed by authorized
9 Government of Odisha during the last signatory to be submitted as per Proforma
three years. 21 of the RFP document.
The bidder should have minimum
manpower strength as per the
different skill levels defined in the
document:

Level 1 analyst – minimum 20.

An undertaking in the company‘s letter head
Level 2 analyst – minimum 20.
10 signed by authorized signatory to be
SME level - minimum 3.
submitted.
(The manpower criteria as mentioned
in the Section 8.2 and 8.3 of the RFP
document)

All manpower should be on the pay

role of the company / bidder.
RFP for Odisha SOC

Sr.
Pre-qualification criteria Document to be submitted
No.
The bidder should be:
 ISO 9001:2008 or later certified
11 Copy of certificate to be submitted.
 ISO 20000: 2018 certified
 ISO 27001: 2013 certified

3.10.2 Technical evaluation

Sr. Technical evaluation Document to be

Marks distribution
No. criteria submitted
Company Profile
The bidder should
provide the list of
Relevant MSA copy
clients with whom SOC
/ Work order copy
solution was More than or equal to 8
/ client satisfactory 10 marks
implemented during Govt. / BFSI clients.
letter regarding
last three years up-to
successful
30.12.2019. SOC
implementation or
solution could be On-
ongoing of security
premises SOC,
operation centre
Managed SOC, Hybrid
(SOC) solution in
SOC. More than or equal to 5
1 the name of the
and less than 8 govt. / 07 marks
bidder is to be
At least 3 government BFSI clients.
submitted.
/ BFSI clients. All work
orders / contracts
The WO / letter
should be in the name
should be in the
of the bidder for SOC
name of the bidder
services. More than or equal to 3
and clearly
and less than 5 govt. / 05 marks
mention the scope
Minimum value of any BFSI clients.
of work.
one project should be
above 5 crore.
Relevant MSA copy More than or equal to
/ Work order copy 05 on premises CSOC
10 marks
/ client satisfactory projects implemented
letter regarding successfully / ongoing.
successful
implementation or
ongoing of security At least 03 on premises
Experience in operation centre CSOC projects
07 marks
implementation of on- (SOC) solution in implemented
2 premises Cyber the name of the successfully / ongoing.
Security operations bidder is to be
centre. submitted.

The WO / letter At least 02 on-premises

should be in the CSOC projects
name of the bidder 05 marks
implemented
and clearly successfully / ongoing.
mention the scope
of work.
RFP for Odisha SOC

Sr. Technical evaluation Document to be

Marks distribution
No. criteria submitted

Relevant MSA copy

/ Work order copy More than 50000 EPS 10 marks
/ client satisfactory
letter mentioning
The proposed bidder / the number of EPS
More than 30000 EPS
OEM has experience in and the solution. 07 marks
up to 50000 EPS
3 implementing at least
one project handling The WO / letter
20000 EPS or more should be in the
name of the bidder
/ OEM and clearly 20000 EPS up to 30000
05 marks
mention the scope EPS
of work.

Declaration from
Major solutions like
the OEM Yes, have both national
SOAR and SIEM should 05 marks
mentioning the and global presence
be from OEMs who
credential details
have both local and
4 and deployment of
global presence,
solution for No, does not have both
deployed solutions and
customers both national and global
supported customers 00 marks
within and outside presence
globally.
India.
Manpower
At least 04 CISSP, 05
CISA / CISM, 10 CEH
and 06 proposed SIEM
solution certified
10 marks
An undertaking in personnel and 10
the company‘s personnel any one
letter head signed certification mentioned.
by authorized Total 35 personnel.
Certified CISA, CEH, signatory to be At least 02 CISSP, 03
CISSP, CISM, CRISC, submitted. CISA /CISM, 05 CEH
or equivalent (any and 05 proposed SIEM
5
one) personnel under The undertaking solution certified
07 marks
the payroll of the should mention the personnel and 10
company name and personnel any one
employee code of certification mentioned.
the personnel Total 25 personnel.
along with At least 03 CEH and 02
certification. proposed SIEM solution
certified personnel and
05 marks
10 personnel any one
certification mentioned.
Total 15 personnel.
Quality of the CVs of The quality / CV of resource
Maximum 02
6 resources proposed for scoring of CVs proposed for SOC
mark
the CSOC project would be Manager
RFP for Odisha SOC

Sr. Technical evaluation Document to be

Marks distribution
No. criteria submitted
considered on CV of resource
basis of years of proposed for Security
relevant Maximum 02
administration and
mark
experience, Threat Intelligence
qualification, expert
certification, CV of resources
projects associated proposed for CSOC Maximum 1.5
with, etc. The Engineer - 0.5 marks marks
process would be for each resource
held under a CV of resources
technical panel of proposed for Level 2 Maximum 3.5
OCAC. analyst - 0.5 marks for marks
each resource
CV of resources
proposed for Level 1 Maximum 3.5
analyst - 0.5 marks for marks
each resource
Interview of resource
Maximum 02
proposed for SOC
marks
The quality / Manager
scoring of Interview of resource
resources would be proposed for Security
considered through Maximum 02
administration and
interviews to be marks
Threat Intelligence
held through a expert
technical panel of Interview of resources
Quality of resources to
OCAC. proposed for CSOC Maximum 4.5
7 be proposed for CSOC
operations Engineer - 1.5 marks marks
The interview for for each resource
CSOC Engineer, Interview of resources
Level 1 analyst and proposed for Level 2 Maximum 07
Level 2 analyst will analyst - 1 marks for marks
be held collectively each resource
and not on
Interview of resources
individual basis.
proposed for Level 1 Maximum 07
analyst - 1 marks for marks
each resource
Technical Presentation
Marks would be
distributed as per the
Technical
approach and
presentation to be
8 methodology, past 10 marks
given by the bidder
experiences and
to OCAC.
Quality of technical credentials presented
design, approach by the bidder.
Marks would be
methodology, solution Marks would be
awarded as per the
specifications awarded as per
technical
superiority in terms of
committee of
9 technical specifications 10 marks
evaluation from
and capacity of the
OCAC.
solutions as proposed
by the bidder.
RFP for Odisha SOC

Note: Bidders have to obtain a minimum score of 70 marks in the technical evaluation
for qualifying for the financial evaluation.
RFP for Odisha SOC

3.10.3 Financial evaluation

The Evaluation Methodology proposed to be adopted by OCAC will be Quality cum Cost
Based System (QCBS) method of evaluation where Technical Bid Score will get a
weightage of 70% (denoted by ST) and Commercial Bid Score a weightage of 30%
(denoted by SF).

The process of selection of successful bidder for the purpose of award of engagement
shall be as follow:

A. Calculation of Technical Score (ST)

T = Technical Marks Obtain by the Individual bidder.

TH = Highest Technical Marks Obtained by bidder.

ST = Technical Score obtain by the Individual bidder

Calculation of Technical Score (ST)

ST = 100 x (T/TH)

B. Calculation of Financial Score (SF)

F= Total Financial Bid amount quoted by individual Bidder

FL= Lowest Total Financial Bid amount quoted by individual Bidder.

SF = Financial Score obtain by the Individual Bidder

Calculation of Financial Score (SF)

SF = 100 x (FL/F)

C. Calculation of Final Composite Score (S)

The Final Composite Score (S) shall be computed for each firm by assigning 70%
weightage to the Technical Score (ST) and 30% weightage to Financial Score (SF)
using the formula given below:

S = (ST x 0.7) + (SF x 0.3)

Bidder with the highest final composite score will be awarded the engagement. In
case of a tie in the final composite score, the bidder with the higher Technical
Score will be invited for negotiations and selection first.
RFP for Odisha SOC

4. Scope of work for bidder

Cyber Security Operations Centre (CSOC)

The bidder shall supply skilled manpower for Cyber Security Operations Centre (CSOC)
operations over a period of four years at OCAC location as detailed in this document.
Implementation Agency shall ensure uptime & availability of all CSOC devices and tools.
Service provider resources are expected to deliver SOC services including but not limited
to performance monitoring, performance tuning, optimization, and maintenance of CSOC
security tools, SIEM log backup, troubleshooting, security monitoring, security product
management, vulnerability assessment and penetration testing and application security
testing. The detailed SOC reports formats will be discussed and finalized with bidder.

The scope is limited to three stakeholders in the initial phase of the project:
1. Odisha State Data Centre (OSDC).
2. State Wide Area Network (SWAN).
3. State IT Centre.

Initially implementation of CSOC is to be carried out for the above three stakeholders.
On reaching stability and maturity of CSOC system, additional stakeholders would be
added to the project and the scope of work for the bidder would be expanded covering
the additional stakeholders also. The bidder should propose cost for the project as per
the format / proforma provided in the RFP document.

The selected CSOC implementation agency under this RFP would deliver services like:

Security Monitoring Services:

This service will help OCAC to monitor for security events throughout its network by
analysis of logs from servers, devices and key applications.

The following security monitoring service will be catered by CSOC:

• Government department information security and monitoring.

• 24 X 7 security monitoring, detection, response and recovery.
• Real- time Threat intelligence, advanced correlation and proactive threat
detection.
• Integrated cyber security/security framework.
• Monitor cyber-attacks, threats, intrusions, incidents for the critical infrastructure
like SDC, SWAN and State IT Centre.
• Extend Security to all Critical Infrastructure of the State (e.g., SDC, SWAN, IT
Centre, etc.).

Security Product Management:

This service will help OCAC to centralize the management of security products and to
have tight control on the security rules. Services will also include security products
procured in future. The services will include-
a. Configuration, fault, performance and availability management of the CSOC
infrastructure.
b. Activities like but not limited to; patch management, firmware upgrade,
configuration backup.
RFP for Odisha SOC

c. Co-ordination with internal teams for rule base management.

Vulnerability Management Services:

This service will help OCAC to centrally assess and mitigate the security risks in its
network, servers & devices on a continuous basis. The service will include-
a. Set up a baseline security level for department assets.
b. Conduct VAPT and Application Security tests as in when required.
c. Bidder has to provide tools / utilities and skilled resources to conduct the
respective tests.
d. The bidder’s (SOC) team has to provide recommendations for closure of findings
& provide reports on daily basis till closure.
e. Assess the current environment against baseline on periodic basis.
f. Ensure that the baseline is maintained on an ongoing basis and hence assets are
secured against risks.
g. Track the mitigation and coordinate with asset owners for closure of security
gaps.

All the services mentioned above are to be provided during the various phases of the
project as given below:

4.1 Pre-Bidding phase

Site Survey

 All Bidders shall be required to survey the proposed CSOC control room site
before the submission of the commercials.
 All the Bidders shall perform site-survey of all the project location followed by
the preparation & submission of bid.
 The survey shall include the details of the location positioning and
establishment of the CSOC.
 The cost of survey would be borne by the bidder. OCAC holds no responsibility
on the cost undertaken by the bidder for site survey.

4.2 Implementation phase

i. Civil Construction and interior design as per standards.
To be done as mentioned in Section 5.2 and 5.3 of the RFP document.
ii. Site Preparation.
Site preparation structure for CSOC would include false ceiling, lighting, glass and
gypsum / plywood partition, flooring, access control, fire safety and command
centre furniture.

External civil construction may or may not be a part of the scope of the bidder,
discretion of developments and future decisions of OCAC. The scope may be
revised at a later stage with timely intimation to the bidder. Civil construction
inside the identified CSOC space / area would be under the scope of the bidder.

iii. CSOC command centre design, installation and commissioning.

The successful bidder in coordination with OCAC shall arrange for necessary
clearances including statutory and regulatory which shall enable them to
undertake civil, electrical, and mechanical works including building
RFP for Odisha SOC

modification, partitioning, installation of electrical component, cable laying etc.

at the CSOC site.

iv. Design, supply, installation, commissioning for IT and Non-IT

Infrastructure for CSOC.

The successful bidder should carry out:

 Complete procurement, supply, installation and commissioning of required
IT, Non IT, and civil infrastructure at all the designated locations of the
CSOC as identified.
 Successful bidder shall submit stage-wise reports and it should be done
strictly in accordance with the scope of work in the document.
 Successful bidder is expected to adhere to all technical and non-functional
specification for IT, Non-IT and civil infrastructure.
 Any additional design guidelines as provided in the tender document /
proposed solution document has to be achieved as per established delivery
time lines.
 A detailed project plan for the implementation of CSOC is to be provided
during the Kick-off meeting by the successful bidder.
 A work break down structure with all milestones for the entire
commissioning time line is to be provided by the successful Bidder.
 The successful bidder would be required to submit detailed design
documents with all necessary design drawings for all IT, Non IT and civil
infrastructures and would be approved by OCAC Technical Committee before
actual execution of work.
 A supply schedule for all materials with make and model is to be prepared
and submitted in line with the work break down structure of the project
plan.
 All materials are to be dispatched as per expected delivery time lines with
no additional dispatch or delivery costs.
 Any deviation from the expected time lines of delivery is to be intimated in
advance for appropriate actions and reason.
 The materials should be brand new and as per the tender
specifications/requirements.
 Bidder should take care of Insurance against the material loss.

v. Integration of existing departmental and security IT infrastructure with

the proposed CSOC infrastructure.
 All components of CSOC must support scalability with adequate licensing,
accessories and modules to provide continuous growth to meet the
requirements and demand of various departments.
 Bidder should analyze and study the current departmental infrastructure
located at OCAC and Secretariat and provide the solution for migration.
 Bidder accordingly shall implement the solution provided for integration of
all applications and hardware. The details regarding the current scope of
integration with CSOC is given in Annexure – I of the RFP document.
 Necessary inputs would be provided by the respective application vendor
and current Data Centre operator.
RFP for Odisha SOC

vi. Final Acceptance Testing (FAT) for IT and Non IT components under
CSOC and CSOC Go-Live.
 FAT reports will be verified and approved jointly by OCAC, Consultant and
successful bidder following which the commissioning certificate will be
issued by OCAC. All Civil, IT and Non IT systems are to be installed and
tested as per the tender and continuous status reports are to be submitted.
 Consultant and OCAC will participate in the active project management and
monitoring of time lines to ensure adherence to delivering on schedule.
 Commissioning certificate will be issued by OCAC after completion of the
project components as per scope of work.

4.3 Operation and Maintenance phase

1. On-site comprehensive maintenance and provisioning of services of all the ICT

Infrastructure and their components supplied with a provision of onsite spares on
24x7x365 basis after successful execution and acceptance by OCAC.
2. Onsite support for CSOC Operations on 24x7x365 basis by qualified and trained
personnel for a period of four years to ensure high service availability.
3. The successful bidder should provide 24 x 7 x 365 operating and maintaining
services for a period of 4 years from the date of Go Live for CSOC.
4. The successful bidder is required to provide the comprehensive onsite maintenance
with part replacement for all the IT and Non IT equipment.
5. The successful bidder shall be responsible to ensure adequate and timely availability
of spare parts needed for repairing the equipment/ parts.
6. To provide this service the selected bidder must have back to back arrangement
with the respective OEMs/ OEMs authorized partner.
7. The successful bidder has to make necessary arrangements of spares for catering
maintenance needs of equipment/parts during entire engagement period at no extra
cost to the client.
8. Root Cause Analysis of the incidents (Major & Minor) to identify threat sources and
proactive measures to prevent recurrence.
9. Successful bidder will be responsible to store logs in industry standard solution and
format for extraction and sharing with other solutions/ agencies.
10. Analysis of SIEM logs to identify information security vulnerabilities in environment
and provide recommendations to prevent these vulnerabilities.
11. Reporting and logging of all security incidents through the use of appropriate
ticketing tools. Track and monitor the closure of these information security incidents
and escalation of these incidents to appropriate teams/ individuals.
12. The successful bidder shall also provide a detailed process for managing Incident
Response (IR) describing each phases of the process – prepare, identify, contain,
eradicate, recover and learn from the incidents responded to.
13. Develop response plan/ strategy which will describe the prioritization of incidents
based on the organizational impact.
14. The services and solutions in scope should be designed with adequate redundancy
and fault tolerance to ensure compliance with SLAs for uptime and availability.
15. Preparation of CSOC SOPs and User manuals, BCP plan, Exit Management Plan,
Helpdesk management, Change Management, etc. documents.
16. Training to OCAC officials (designated by OCAC) and upgradation of CSOC personnel
on IT infrastructure, SLA management, various CSOC related polices, etc.
RFP for Odisha SOC

17. Engage at least 15 personnel from OCAC / department for the training sessions.
Feedback of each attendee to be taken and shared with OCAC.

The scope of work during the operations phase is divided into following areas which
are listed below:
 Administration, Maintenance and Management Services.
 Documentation related to Standard Operating Procedures (SOP), User
manuals, etc.
 Backup & Restore Services.
 Physical Infrastructure Management and Maintenance Services.
 Preventive Maintenance Services.
 Corrective Maintenance Services.
 Asset Management Services.
 Configuration/ Reconfiguration Management Services.
 Vendor Management Services.
 Vulnerability Management services.
 Threat Management.
 Intelligence feeds.
 Global Threat intelligence subscription.
 Update management (patch update for all software and appliance possible).

The scope of work for the bidder is limited to equipment / component procured as part
of CSOC. Later if any additional hardware or software is required in CSOC, all
additional hardware and software required would be procured by OCAC and would be
maintained by the bidder. However, for monitoring these managed device if any
additional hardware / software / licenses are required then the cost will be borne by
OCAC.

Implementing agency shall provide trainings to department personnel regarding the

operations and awareness of the security technology established in CSOC. The
department would nominate personnel to undertake the training sessions and maybe
in future the trained personnel coordinate in the CSOC related activities.

4.4 Partial Acceptance Test (PAT)

Partial Acceptance Testing (PAT): After completion of mentioned stages of work as per
timelines provided in the RFP, the successful bidder shall request for Partial Acceptance
Test (PAT).

Partial Acceptance Test will be conducted by the Consultant / PMU in accordance with the
timelines, scope of work as mentioned in the RFP and the solution documents proposed
by the successful bidder and accepted by OCAC.

The Consultant / PMU will prepare and submit the report of PAT to OCAC and subject to
its acceptance, it shall be deemed as completion of Partial Acceptance Test (PAT).

4.5 Final Acceptance Testing (FAT)

RFP for Odisha SOC

The acceptance of the Data Centre including DC site in accordance with the requirements
shall be conducted. After successful testing of the features, facilities, functionalities and
integrity of the commissioned devices, equipment and services by OCAC jointly with
Consultant / PMU and successful bidder, a Final Acceptance Test (FAT) Certificate shall
be issued by OCAC to the successful bidder.

The test shall include the following:

1. All civil, electrical, air conditioning works, etc., are completed as per the RFP
specifications and solution documents proposed by the successful bidder and
accepted by OCAC.
2. All hardware and software items must be installed at CSOC site as per RFP
specifications and solution documents.
3. Availability of all the defined services shall be verified. The successful bidder shall be
required to demonstrate all the features/facilities/functionalities as mentioned in the
RFP and solution documents.
4. The PMU in consultation with OCAC shall define detailed test plan.
5. The successful bidder will arrange the test equipment required for performance
verification and also provide documented test results.
6. The successful bidder shall be responsible for the security compliance of the
infrastructure and network before the final acceptance test.
7. The successful integration of all assets and its functioning in the prescribed manner.
8. All points of Partial Acceptance Test (PAT) if any, should be addressed and resolved
before the final acceptance test.
RFP for Odisha SOC

5. Project Design
5.1 Project high-level architecture

The current stakeholders in the project are:

1. Odisha State Data Centre (OSDC) – on same premises.

2. Odisha State Wide Area Network (OSWAN) – on same premises.
3. Odisha State IT centre – on distant premises.

33 | P a g e
RFP for Odisha SOC

5.2 Site layout

The CSOC site would be prepared as the specifications provided at First floor, OCAC Tower, Acharya Vihar, Bhubaneswar, Odisha. The
suggested floor layout to be implemented by the successful bidder is given below:

34 | P a g e
RFP for Odisha SOC

Note:

1. The above layout is indicative only and may be subject to change. The bidders are advised to visit the site for clear understanding
of the actual conditions before bidding.
2. The floor design given is indicative and bidder may propose more optimal design solution which would be subject to review and
approval by OCAC.
3. The bidder shall disconnect the existing fire suppression system from the site in coordination with OCAC and site authority.
4. The bidder should install proper signage and cautionary stickers wherever required in CSOC premises.
5. The bidder should propose for glow signage for emergency exits and room / command centre indicators and entrances of Odisha
CSOC site.
6. The bidder has to carry out any civil construction as required at the site for building up Odisha Cyber SOC.

35 | P a g e
RFP for Odisha SOC

5.3 Site Design

The bidder shall provide detailed design, documentation, make, and model, efficiency
including user, system and operation manuals along with the necessary diagrams, design
drawings and details bifurcation of Bill of Materials (BOM) along with detailed description.
The site drawing (to be submitted before execution or as on when required) may include
but not limited to the following:
 Site layout
 Equipment placement layout
 All drawing for Electrical scheme including single line diagram
 All GA drawing of equipment
 Grounding and Earth pits
 Lighting
 Furniture placement
 Networking cabling
 Trenches, cable trays and raceways
 Aspirating smoke detection, water leak detection, rodent repellent, CCTV, access
control system
 Sectional views
 SOC command centre console / table
 3D drawing as required.

As and when required, the successful bidder has to submit the coordinated drawing for
the solution. The bidder shall take the necessary clearance / approval of the drawings,
design, quality of material, make and model of the quoted material etc. prior to the
execution of the project.

After implementation of the civil works, the bidder has to obtain relevant certifications
for the site and share the same with OCAC.

5.4 Site Civil & Non-IT works

All the specifications and requirement mentioned below are indicative and bidder may
propose their own design and architect for the CSOC site.

FLOORING

1. False flooring for Command Centre:

Providing and fixing bare finish false flooring with steel cement tile, made out of high
grade cold roll steel sheets, of size 610 x 610mm size, in 30mm thickness. Top & bottom
plate joint with 100 spot welding & cavity is filled with light weight cement for solid load
baring capacity, coated on all sides with epoxy powder coating for long life. These tiles
should be placed on to the steel under structure pedestal at required height. The product
should be fire rated non-combustible material. The system should be fully access able
with changeable panels on any direction required, complete in all respect including cost
of materials, labour etc. This should have load bearing capacity of 1650 kg/ sq.m Height
up to 600 mm. All measurements in multiples of 300mm. In case tile is cut into curve,
cut tile will also be measured. Tile puller - Double cup.

Step for false flooring: Providing and fixing of Step made up of 50x25mm aluminium
sections cladded with 2 nos. of 19mm ply / flexi ply / bison board coated with fire
retardant paint. To be finished with laminate as per approved design. In straight or
RFP for Odisha SOC

curved shape. L shaped aluminium extruded Edge profiles at the edge of the step / level
difference. Edge profile edge should be rough to avoid the slip.

The edge profile shall have LED light in desired colour at the steps where movement is
expected.

2. Italian Marble / Composite stone Flooring:

Providing and laying 15-20mm thick stone of approved shade and colour as per design
patterns and with appropriate slopes shown on the drawings laid on white cement
mortar bedding of 1:4 of average thickness up to 25mm laid o on grey cement slurry
inclusive of cutting, curing and finishing of joints with colour pigments. Rate to include
diamond polish, as per desired finish. The rate quoted shall include for keeping the laid
flooring protected with Plastic Sheet & POP till handing over and cleaning the same.

3. Carpet Flooring:

Supply and installing 500mm x 500mm or 300mm x 1200mm carpet tiles with secondary
backing of P.V.C The rate shall include cutting, trimming, fixing and clearing away of
residual material to a location as directed. The rate shall also include supplying and
laying of a protective layer of PVC sheet of 50 microns thickness, held together with
scotch tape. The laid carpet to be vacuumed after the removal of protective cover/on
commissioning. In case the stains are observed in the carpet after the protective layer is
removed, because of inadequate protection, the same shall be shampooed and made
good to the satisfaction of the project managers.

PARTITIONS AND PANELLING

Partition / Panelling - Curved Or straight at different levels to create trough for
hidden lights
Aluminium / GI frame at 600mm x 600mm c/c with additional supports at strategic
locations and filled with acoustic sound absorbent material of high density wrapped in
tissue paper and finished with following materials:
i. 12.5mm thick gypsum board
ii. 12mm Bison board / ply / MDF and finished with laminate
iii. 12mm MDF, covered with CNC cut designed panels and finished with Duco paint
iv. Acoustic panels in various shapes and sizes and covered with fire retardant fabric
to give 0.9 NRC
v. 8mm thick ply backing and finished with 6mm thick lacquered glass in desired
colour
vi. Full Ht. 2 hours Fire Rated Gypsum Partition: Form full height partitions with GI
sections at 600 mm distance. Partition frame to be faced both sides with 2 nos. of
12.5mm thick fire & moisture (RFMR) gypsum board. OEM specifications shall be
followed. Partition shall be finished with jointing tape / compound etc. HUB/ UPS
Room/Battery.
vii. Designer CNC cut metal panelling P/F of designer CNC cut in desired shape metal
wall panelling in desired colour including base frame.
viii. P/F fully glazed partition of 10mm thick toughened float glass fixed with
45x25mm Black Alloy frame in floor/wall complete in all respect as per detail
drawing and as directed by architect. The joints between glass panels are
provided with Aluminium I section.
RFP for Odisha SOC

Designer Printed Film: Opaque / semi opaque film to be installed on clear glasses per the
design reference image. Quote should include cost to prepare ready to print design.
Wall Graphics: Supply and applying approved Graphics as per manufacturer's
specification. Surface preparation - thoroughly sand papering surfaces to remove dust,
dirt, etc., and repairing dents, holes with POP to achieve level surface and finishing
including cost of material, labour, scaffolding etc., all complete.
i. Wall paper on top of existing POP finish wall / gypsum partition.
ii. Corner guard in Anodized / desired powder coated finish 25x25mm fixed on all
exposed corners with adhesive.
iii. P/fixing of 300mm laminated window sill made of aluminium framework + 19mm
thick ply + 1mm thick laminate on existing window sill complete in all respect as
per detail drawing, specification and as directed.
iv. 50mm high aluminium skirting- Providing and fixing 1.5 to 2mm thick 50mm high
extruded anodized aluminium skirting fixed over wall / partition including cost of
12mm ply backing if required.
v. Providing and applying Plaster of Paris punning on walls for true level.
vi. Putty on wall to make it smooth. Applying putty on walls & columns surfaces to
make it ready to receive paint.
PAINT
Applying premium plastic emulsion paint on false ceiling/walls three or more coats with
roller I/c applying cement primer, making smooth surface with putty to the satisfaction
of architect or smooth base to fix the wall paper / graphic. Providing and Applying Duco
paint in approved colour with Duco primer, making smooth surface with putty. The
surface on finishing shall present a flat velvety smooth finish. If necessary more coats
will be applied till the surface presents a uniform appearance.
DOORS
i. Fully glazed frameless glass door of 12mm thick toughened Modi /Asahi float glass
with single or double action heavy duty floor springs and SS patch fittings hinges,
lock, provision for electronic lock for access control, 1200 mm long SS Handle
complete in all respect as per detail drawing and as directed by architect. Cost should
include demountable door frame with groove all around.
ii. Fire Door for UPS and Server room: Made of GI with powder coating in desired colour
and inclusive of all hardware accessories and there should be a provision of
300x300mm fire rated viewing glass window.
iii. Providing and fixing 250 to 300mm deep laminated openable shutters for electrical
panel made of 19mm thick (Phenol formaldehyde bonded BWR grade) board; boxing,
partitions, shutters with external surfaces to be cladded with 1mm thick laminate with
teak wood moulding including and enamel paint on internal surfaces with all
hardware, locks etc.
The doors requirement is given in the table below:

Sr.
Door details Type
No.

01 Main entry door to facility from corridor Double leaf glass door of total
side 2000mm width
02 Entry to command centre from east side Fire rated glass door in SS 304 frame
RFP for Odisha SOC

Sr.
Door details Type
No.

03 Entry to Network / UPS area from corridor Fire rated steel door (min 45mm thick
and 1200mm width) with vision glass
04 Store room, Network room and UPS room Fire rated glass door in SS 304 frame
05 Manager and Meeting room area 1200mm toughened glass door and
glass partition

The above list is indicative only & the bidder may propose additional doors of desired
specifications if required as per the actual site conditions. There will be designer privacy
film on every glass door. Bidder may decide to erect/not erect wall as per requirement of
their design.
FALSE CEILING
The false ceiling for the CSOC site can be a designed as a mixture of metal baffle,
acoustic, curvilinear and printed ceiling. The design to be proposed by the bidder.
1. Metal Baffle Ceiling:
Baffle Ceilings should be Extruded Aluminium / GI profile of 1.2mm thick and of size
25mm x 100mm. The Baffle panels are coated with wooden / solid colours of approved
wood finish. The baffles are connect to tailor made baffle “C” Carrier of 1.2mm thick and
with slots as per spacing’s required between each baffle panels at 125mm centre to
centre. The baffle panels are connected with the baffle carrier with bolt/nut/spring
washer arrangement thereby achieving a firm connection between them. The baffle “C”
Carrier is then suspended at every 1mtr with 6mm threaded rod, where one end is
connected to the carrier and the other end with anchor fastener fixed on true ceiling. The
baffle panels come at a maximum size up to 5.8mtr. in length. The baffle end with an
End Cap is made in Aluminium and is with same finish as the baffle panel. Wherever
required two baffle panels are connected by a splice to make it run continuously or with
a gap of 20mm as per requirement.
2. Designer Acoustic False ceiling:
Mineral Fiber /Glass wool based Acoustical Suspended Ceiling System with tegular edge
tiles with exposed silhouette grid. The tiles should have Humidity Resistance (RH) of
95%, NRC 0.9, Light Reflectance >85%, Thermal Conductivity k = 0.052- 0.057 w/m K,
Fire Performance Class1 or A as per ASTM E 84, suitable for Green Building application,
with Recycled content of 63%, tile size can be 300x1200 or 600x600 mm in DESIRED
colour as per the design.
3. Curvilinear / designer (in varying shapes):
12 mm gypsum board false ceiling with level adjustor (flat/tapered, vertical ) The ceiling
should be finished to get true line & level The ceiling should be braced to wall /windows
framing where blinds/curtain boxes.
4. Ceiling Access Door:
Bidder has to supply & install Access/Trap doors made of cementitious board and
finished with the laminate. Size shall be as per the design requirement.
 RFP for Odisha SOC

FURNITURE
1. Control Desk (H x W x D = 750mm X 9478mm X 900 / 1050 mm)
i. Console desk for 8 users with provision of placing 16 Nos. of monitor on Monitor
Mount, 8 Nos. of keyboard/Mouse on Sliding Tray.
ii. Table design should be fluidic in nature and should be futuristic
iii. Table top finish should be Acrylic moulded (Corian) in desired colour and shape.
iv. Provision for hidden lights including LED lights should be considered
v. Adjustable dimmable task light should be provided in desk
vi. Wire Managers - For routing LAN & Power Cables within the Table.
vii. Adequate Heat management provision for Exhaust of heat from within the desk
Assembly.
viii. Power Distribution Sockets - within the Table for Powering of Active Devices.
Structure
Console System must be of modular design. The Console design shall address the
functional, ergonomic and aesthetic requirements of the particular working environment
while complying with accepted human factor design and ergonomic standards for viewing
distance, angle, keyboard, height, and knee space requirements.
 Standard top height of modular control desk shall be 750 mm. The Console Table
Top / Working
 Surface should be made of 18mm MDF Board with 12mm Solid Acrylic Panel.
 The Basic Structure should consist of Extruded AL Profiles (6063T6 grade) binded by
Top & Bottom (min 2mm) MS Frames formed in such a way as to provide maximum
buckling and torsion resistance. The Front & Back Panels should be openable /
removable (with Push Lock Mechanism) made of laminated MDF Board in min
thickness of 18mm. The Side Panels should be fixed type, made in 26mm MDF Board
Cladded on 18mm MDF Board. All panels must be attached to the frame with
concealed fasteners. Console access panels (Front & Rear Panels) must be
removable without the use of tools. The Front panel should be positioned in such a
way that there should be sufficient leg space (min of 400mm from the front edge of
the Table Top).
 All sheet metal / aluminium parts must be finished with electrostatic powder coating
with average of min 80 microns over all surfaces.
 The console frame shall have provisions for leveller legs to be incorporated into the
frame.
Work Surface
The Console Table Top should be made of 18mm MDF Board with 12mm Solid Acrylic
Panel. The work surface platform shall have smooth edges and transitions, thus avoiding
sharp corners or potential rib catchers for operator safety.
Modular Rear Wall (Slat Wall)
 Wall should be of min 86 mm (Height) and approx. 200-300 mm high from the
Monitor Base.
 Modular walls shall be made of 2mm thick Extruded Aluminium (6063T6 aluminium
alloy).
 It should have high Load bearing capacity. Minimum weight carrying capacity has to
be 20 KGs per Meter.
RFP for Odisha SOC

Monitor Arms
 It shall be capable for mounting all type of existing LCD monitor with dimensions
between 19” to 27” using suitable adopter/additional base plate, if required any.
 Vendor shall provide the suitable adopter/additional base plate for mounting the
existing LCD monitors.
 It shall allow the rotate/ tilt/ raise/the monitors as well as fix their adjustment.
 The monitor arm should be Articulating monitor arm.

Miscellaneous
 There shall be a closed cabinet below the modular control desk for placing of CPU.
Cabinet should have proper cooling system. CPU needs to be accessible from front
as well as rear side of control desk for easy working and maintenance.
 The cabinet shutters shall be of Butt Hinged type with 18mm thick MDF.
 Rear shutters of each console should have provision of Airflow opening for cooling
and heat dissipation effect.
 Rear panel shall have ventilation fans mounted on it.
 Hidden LED lights to be provided for Aesthetics.
 Adjustable Dimmable LED Light to be provided on the Desk.
 It shall have proper arrangement for flow of cables i.e. LAN Cable, Power cable, VGA
cable, Mouse cable, Keyboard etc.
 Design of control desk shall allow cables from the floor cable channel.
 Control desk shall be equipped with individual power distribution unit (PDU) (06 no
for one Modular Control Desk) and capable of being switched on/off individually.
Power supply socket should be dual type i.e. Universal type.
 All bolts must be of SS material to avoid rust due to environment.
Bidder should submit the below certificates / documents after the completion of control
desk / console:
a) ANSI / BIFMA Certificate for Consoles
b) ISO 9001, ISO 14001 & OHSAS 18001 Certificate
c) Green Guard Certificate for low emissions
d) ROHS Compliance
e) ASTM E84

2. Manager Table (H x W x D = 750mm X 1800mm X 800mm)

i. Manager Table with provision of placing 1 Nos. of monitor on Table Top, 1 Nos. of
keyboard/Mouse on Sliding Tray.
ii. Made of 40mm thick Laminated MDF top, powder coated metal / 25mm laminated
MDF under structure, metal / laminated Mdf modesty as per the client choice
iii. Side storage of 750mm x 1050mm x 400 mm should be provided
iv. MDF Based Drawer Unit with all sides laminate. Laminated 18mm (±1mm) MDF
Board Construction
v. Wire Managers - For routing LAN & Power Cables within the Table.
vi. Adequate Heat management provision for Exhaust of heat from within the desk
Assembly.
vii. Power Distribution Sockets - within the Table for Powering of Active Devices.
RFP for Odisha SOC

3. Meeting Room Table (H x W x D = 750mm X 2700mm X 1050mm)

i. Made of 40mm thick Laminated MDF top, powder coated metal / 25mm laminated
MDF under structure as per the client choice
ii. Wire Managers - For routing LAN & Power Cables within the Table.
iii. Adequate Heat management provision for Exhaust of heat from within the desk
Assembly.
iv. Power Distribution Sockets - within the Table for Powering of Active Devices.

4. Reception Table (H x W x D = 1000mm X 1500mm X 700mm)

i. Table design should be fluidic in nature and should be futuristic
ii. it should have double level
iii. Top, front and side finish should be Acrylic moulded (Corian) in desired colour and
shape.
iv. Provision for hidden lights including LED lights should be considered.
v. MDF Based Drawer Unit with all sides laminate. Laminated 18mm (±1mm) MDF
Board Construction.
vi. Wire Managers - For routing LAN & Power Cables within the Table.
vii. Power Distribution Sockets - within the Table for Powering of Active Devices.

5. Command centre chair / Meeting room chair / Visitor Chair / Manager chair
Command centre chair must ergonomically designed in such a manner that long hour
seating does not become tiring. The preferred requirement of chair are: Mid Back Chair,
for Manager High back, Mesh Back & Silver Epoxy Backbone, Synchronized Mechanism,
4-Way Adjustable Armrest, Seat height adjustment, Standard 5-prong P/Nylon Base,
BIFMA & GREEN GUARD certified.
6. Shoe Rack
A shoe rack must be supplied with 16 pair of slippers to be placed at the allocated area
as per site layout.
7. Sofa set with coffee table
Sofa set with suitable coffee table shall be supplied for the reception area as per design
and layout for the CSOC site. Sofa should be of modern design and finished in leather.
Coffee table should be (H x W x D = 450 mm X 1050mm X 600mm) modern design and
10 mm toughened Glass Top.
8. Staff locker
The locker should be made of steel, of standard design as per storage locker. Each
individual locker dimensions should be approx. (Depth x Width x Height) 40 cm x 40 cm
x 45 cm. The locker should be painted, powder coated, polished and corrosion resistant.
Each locker should have facility for pad locking. Each locker should have facility for name
tagging. 16 nos. of lockers should be available in total for the CSOC staff.

9. Storage Units
The storage should be made of hard plywood. The dimension of the each unit should be
at least (L x B x H) 90cm x 60cm x 120cm. Each unit should have hinged doors of equal
width hung with auto closing hinges of 0 cranking overlay type. The hard plywood should
be at least 20mm thick. Each unit should have at least four number of shelves. Each unit
should have lock and key facility. The color of each unit should be moderate and suitable
with the background of the premises.
 RFP for Odisha SOC

ELECTRICAL
i. Supply, storing, handling, laying, testing and commissioning of 1100 Volt grade
XLPE insulated and sheathed aluminium conductor armoured cables, ISI marked ,
including providing required gap between adjacent cables (minimum one cable dia.)
including providing identification tags in shaft/ cable trays etc. complete as per
specifications, as required (Low v/d losses).
ii. Supply, storing, handling, laying, termination, testing and commissioning of 1100
Volt grade XLPE insulated and sheathed copper conductor un-armoured cables ISI
marked including providing required gap between adjacent cables (minimum one
cable dia.) including providing identification tags in shaft and cable trays in ground
etc.
iii. Supplying of all materials and making end terminations of 1.1 KV grade XLPE
insulated aluminum multi core cables of the following sizes. The work includes cable
cladding using brass plated double compression glands, sizing the core leads,
removing insulation, fixing suitable crimping type heavy duty aluminum lugs/
thimbles by using hydraulic crimping tools with correct size of the dies, shaping the
leads and neatly connecting the same to the equipment terminals.
iv. Supplying of all materials and making terminations of 1100 Volt grade PVC
insulated and sheathed copper conductor unarmored cables including providing
required gap between adjacent cables (minimum one cable dia.) and the cost of
providing identification tags in shaft/ cable trays/ in ground etc. The work includes
cable cladding using brass plated double compression glands, sizing the core leads,
removing insulation, fixing suitable crimping type heavy duty copper lugs/ thimbles
by using hydraulic crimping tools with correct size of the dies, shaping the leads and
neatly connecting the same to the equipment terminals.
v. Supplying and installing following size of perforated Hot Dipped Galvanized Iron
cable tray (Galvanization thickness not less than 50 microns) with perforation not
more than 17.5%, in convenient sections, joined with connectors, suspended from
the ceiling with G.I. suspenders including G.I. bolts & nuts, etc. as required.
vi. Supply, fabrication, erection & epoxy painting of steel items as required as per
specification complete, Generally steel items include cable tray, cable tray
supporting arrangements, MS Channels-(ISMC), Angles, Plates and any other steel
items not covered in other items of schedule of quantities. The cable trays shall be
of ladder made of angles and flats / sheet steel folded type. The rate shall also
include painting with two coats of red oxide and primer and two coats of synthetic
enamel paint of approved shade.
vii. Factory Fabricated wall mounted distribution board with one incomer of 160A 4P
MCCB, Cu Bus bar, MFM, and outgoing MCB for UPS and other DBs.
viii. 8 Way TPN DB with One No. 63 A FP MCB as Incomer and Twenty Four No 10/20 A
SP MCB as outgoing. (Light /Power DB).
ix. 8 Way TPN DB with One No. 63 A FP MCB as Incomer and Twenty Four No 10/20 A
SP MCB as outgoing. (CAC DB).
x. Supply, store, erection, testing and commissioning of factory made metal clad totally
enclosed with cast aluminum housing with industrial socket/interlocked combined
rotary switch and socket with scrapping earth connection and plug top. In case of
interlocked socket, the interlocking should ensure that the plug cannot be inserted
or withdrawn while the switch is in 'ON' position (all switches & sockets shall be
housed in painted MS boxes). The erection rate shall include supply of angle iron
 RFP for Odisha SOC

frame work and fixing accessories such as grip bolts/grouting/ welding to steel
structures etc., All the MCBs shall be of 'D' Curve specifications.
xi. MCB shall comply with IS/IEC 60898-1 2002 and IEC 60947-2 or as per revised
standards. The terminals in DB shall be protected against any finger contact to IP20
degree of protection. All the MCB units shall bear ISI & CE mark and breaking
capacity should be 10kA.
i. Supply, erection, testing and commissioning of power points by providing switches /
sockets mounted on suitable size metal coated boxes fixed flush/surface on to the
wall with all fixing and wiring accessories.
ii. Normal power: 6/16 Amps, 3-pin (250 Volts) single phase universal socket with 16
Amps single pole switch with indicating lamp. The pin configuration shall be round
type.
iii. Safety and Security systems UPS Power: 6/16 Amps, 3-pin (250 Volts) single phase
universal socket with 16 Amps single pole switch with indicating lamp. The pin
configuration shall be round type. Plug tops are excluded from the scope of supply.

LED Ceiling lights

i. General Lighting Solutions which offers excellent energy saving and maintenance
free operation. The luminaire should have slim design, which is suitable for recessed
mounted application for control room. The light output should be diffused and should
not create any glare on the screens. This should consist of 600x600 / 300x1200 size
or any other size as per design requirement.
ii. Circular shape down lighter LED fitting with all accessories.
iii. Dimmable lights for control rooms, dimmable down lighters with high system
efficacy, Power Consumption 12W to 24W, highly efficient constant current LED
drivers. Cost to include Dimming Lighting Dali Master Controller, dimmable
drivers and Touch Panel.
iv. Dimmable linear lights including Aluminium cover and acrylic bottom for baffle
ceiling in control room.
v. LED strip lights for the coves. This should be of a higher wattage and should be in
desired colour / able to change colours.

AIR CONDITIONING
The bidder should to visit the site prior to bidding to assess the air conditioning input
duct and dimensions to plan propose likewise. The bidder is required but not limited to
perform the following activities:
i. Supply and Installation of AC duct work from the AHU mouth for the entire area
of SOC.
ii. Linear grill, Diffuser (ceiling mounted) for return air.
iii. Any other works as per design and operations requirement.
RFP for Odisha SOC

6. Minimum technical requirement (Non - IT assets)

6.1 Earthing
Sr.
Component Requirement description
No.
The earthing pit should be a borehole of at least 500 mm diameter
1.
and 3.5 meters deep
Pipe electrode made of a 65 mm diameter GI perforated pipe of 3.0-
2.
meter length attached at the top with a funnel covered with wire mesh.
Annular space between the electrode and borehole walls with layers of
3.
chemical compounds.
4. G.I. strip fixed to the electrode to act as an earthing connection
5. 100 mm of the chamber above ground level
Specification laying of earth wires or GI/copper strips between the earth electrode
6.
and the electrical room
The Earth pit shall conform in all respects to IS: 3043-1987 standard
7.
with latest amendments
8. Ground resistance should be less than 1 ohm, not to exceed 5 ohm
Earth pit covers shall be made of high-quality PVC or high-grade cast
9.
iron.
10. Earth pit covers should be rust free.
11. Earth pit should be maintenance free.

6.2 UPS
Sr.
Component Requirement description
No.
1. Supports extended battery bank capacity
Alarm indicator present for on battery / mains, overload, battery
2.
fault, trip, main fault, etc.
Relevant certificate of quality assurance from reputed bodies or
associations:
IEC/EN 62040-1-1 "General and safety requirements for UPS used
3. in operator access areas."
EN 62040-2 “Electromagnetic compatibility (EMC) requirements”
IEC/EN 62040-3 “performance requirements and test methods
4. Independently controlled maintenance bypass
Capable to be turned off without any interruption to power supply
5.
to devices.
The proposed UPS should be Transformer free design, Full IGBT
6. Functionality double conversion Technology.
UPS should be of N +N configuration. Battery back up to be
7.
provided for 60 minutes on each UPS at Full Load.
UPS system should be capable of operating in synchronization
8. mode with similar rating of UPS. Design of UPS should be
Insulated-gate bipolar transistor (IGBT) rectifier
Each UPS should have phase sequence correction kit without
9.
switching in to battery mode as a default feature.
Linear load harmonics distortion should be less than 3% and non-
10.
liner load harmonics distortion should be less than 5%.
11. Efficiency of UPS should not be less than 95%
Noise generated by UPS under normal steady state condition
12.
should not be more than 60 dB.
13. UPS should be ROHS complied product.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
The type of battery shall be VRLA batteries with combination of
14. LMO & NMC (Lithium Manganese Oxide & Nickel, Manganese, and
Cobalt).
15. Battery would be sealed and maintenance free type (SMF).
The UPS Module would have the battery circuit breaker mounted
16. near to the batteries. When this breaker is opened no battery
voltage would be present in the enclosure.
The battery breaker would be automatically disconnected when the
17. battery reaches to minimum discharge voltage level or when
signaled by other control functions
18. The batteries would be housed in suitable Racks.
19. Minimum load of 20 KVA
20. IGBT based
21. Minimum power factor of 0.8
22. Input power: Three phase 300 V - 450V sinewave,50Hz
23. Output power: Single phase 230V +/-1% sinewave 50 Hz
24. Minimum 60 minutes back-up on full load
25. Minimum output voltage of 400volt
Static Bypass: The static bypass shall be used to provide transfer
of critical load from the Inverter output to the bypass source. This
26. transfer, along with its retransfer, shall take place with no power
interruption to the critical load. In the event of an emergency, this
transfer shall be an automatic function.
Maintenance Bypass: The system shall be equipped with an
Technical external make-before-break Maintenance Bypass Cabinet (MBC) to
27. specification electrically isolate the UPS during routine maintenance and service
of the UPS. The MBC shall completely isolate both the UPS input
and output connections.
Paralleling Operations – The output of all the UPS systems would
be directly connected at the load distribution panel through
individual circuit breakers (part of the distribution panel).
28. The load at the output would be shared equally by all the UPS
systems. The paralleling control mechanism would be available
with individual UPS. There would not be any single point of failure
which can lead to collapse of all the UPS systems.

UPS Batteries should be compliant to Safety Cell UL1642, Module

29. UL 1973, Transportation UN38.3, Seismic GR63, EMC IEC61000-6-
2, and 61000-6-4.

6.3 Closed circuit television (CCTV)

Sr.
Component Requirement description
No.
1. Type of camera should be dome, ceiling fixed, unidirectional.
2. The camera should support rugged, indoor and vandal-resistant
3. Should support IP configuration
4. Should have day and night monitoring capability
Functionality Should have alarm system with one digital input and two relay
5.
output and pre/post alarm buffer
6. Should have multilevel user id and password
7. Should support IP address filtering
8. Should have auto exposure level control
RFP for Odisha SOC

Sr.
Component Requirement description
No.
9. Should support good white balance indoors
10. Should have auto gain control
11. Should support backlight correction
Should support remote administration for configuration and
12.
updates
Should be accessible through a PC client / web client, onscreen
13.
display in English
14. Should have digital signal processing
Camera body should be of plastic with minimum IP53 protection
15.
with weight not more than 50 grams
16. Suitable for operation from -20 to 50 degree Celsius
BIS Registration for safety general requirements as per IS 13252
17.
(Part 1):latest
18. Should support connectivity and power over PoE.
19. NVR:
Should have high decoding capability for Full HD viewing and
20.
recording.
Should have capability to view 16 channels simultaneously with
21.
synchronized real time playback.
Should be equipped with quad-core embedded processor and
22.
operating system.
23. Support 16 channel alarm input and output channels.
24. Supports recording of video clip and storage.
Capable of transferring recorded video / stored video to external
25.
storage device through USB or network.
26. Should be capable of splitting the screen into 1/4/8/16 displays.
Should have in built search feature as per time, date, exact and
27.
smart search.
28. PoE Switch
29. Up to 16 IEEE 802.3af / IEEE 802.3at devices powered
30. Rack mountable
31. Supports PoE Power up to 25 Watts for each PoE port
32. Auto detect powered device (PD)
33. Image sensor type: CMOS
34. Image sensor size: 1 inch
35. Picture mode: 3MP
Resolution should be: HD (1280 x 720 Pixel),Full HD (1920 x 1080
36.
Pixel) configurable into any one
37. IR illumination range should be at least 50 meters
Lens type should be fixed with variable focal length from 3mm to
38.
8mm lens
39. Focus mode should be auto / one push / zooming
40. Technical Frame rate should 30 fps
41. specification Should support video compression: H.265,H.265+,MJPEG,MPEG4
42. Should support dual compressed video streaming
43. Should support 10x digital zoom and 20x optical zoom
44. Should support vertical tilt range from 0 to 5 degrees
Should support one way audio streaming with G.726, G.722.1,
45.
G.711 compression
46. The camera should have UL Listed or CE Certified.
47. Encrypted data transfer through HTTPS (SSL/TLS)
48. Minimum lux to capture color image should be 0.5 lux
49. Signal to noise ratio should be in the range 50 to 60
RFP for Odisha SOC

Sr.
Component Requirement description
No.
50. Maximum shutter speed of 1/10000
Support protocols: UDP, SNMP, IGMP, DHCP, RTP, RSTP, HTTP,
51. SMTP, FTP, ICMP, HTTPS, DNS, DDNS, RTSP, RTCP, NTP, UPnP,
QoS, TCP/IP
52. Any additional PoE adapters if required without any extra cost.
53. NVR:
Should have minimum internal storage of 8 TB and expandable up
54.
to 32 TB.
Support up to 16 channels H.264 / H.265 / MJPEG / MPEG4
55.
compression and decoding.
56. Should have one channel audio input and output.
57. Should have minimum 2 HDMI, 2 USB, 1 RS232 and 1 VGA port.
Capable of frame rate of 1-30 fps, bit rate approx. 20 Mbps per
58.
channel
59. Support scheduled, manual, continuous, etc. mode of recording.
Supports playback function of play, pause, stop, rewind, next file,
60.
previous file, etc.
Support protocols: HTTP, TCI/IP, IPV4, IPV6, UDP, SMTP, NTP,
61.
DHCP, FTP, IP search, P2P, RTSP, etc.
62. Network throughput of 320 Mbps.
63. Should be all safety and technical regulations compliant.
64. PoE Switch
IEEE 802.3 Ethernet
IEEE 802.3u Fast Ethernet
65. IEEE 802.3x Flow Control
IEEE 802.3af Power over Ethernet
IEEE 802.3at Enhancement Power over Ethernet
Hardware based 10/100/1000Mbps Auto-Negotiation and Auto
66.
MDI/MDI-X
67. LED indicators for PoE ready and PoE activity
68. 16-Port 10/100/1000Mbps 802.3at PoE+ Ethernet Switch
69. Switch throughput at least 30 Gbps

6.4 Door Access Control system

Sr.
Component Requirement description
No.
The system should support both biometric (fingerprint) and card
1.
reader system
Should be able to configure fail – safe or fail secure mode in case
2.
of power failure of the card reader
The system should include a suitable management software for
3.
configuration and operating the system.
4. Door opening time should be configurable
The card reader system must have:
 Anti-pass back (APB) check facility and it must be configurable.
Functionality
 Facility to check the validity of the card.
5.  Arrangement for easy installation and maintenance.
 An internally rechargeable battery for storage of time settings
and other settings when reader power goes off.
 Self-diagnostics features for readers
DC power supply inputs must be protected against over-voltage,
6.
reverse polarity and over current.
Access control must read different data such as UID, Employees
7.
name, Department, Validity, D.O.B. etc. using user configured
RFP for Odisha SOC

Sr.
Component Requirement description
No.
keysets
Should be installed at all entry and exit point which includes
8. biometric (fingerprint) & card detection for exit from the CSOC
command centre and button exit configuration for rest of the site.
Supports integration with UPS for uninterrupted power supply to
9.
the locks and doors.
PC based software should communicate with multiple access
10.
control reader controllers using Ethernet LAN interface.
Communicate with the access control readers to configure them, to
11.
fetch swipe data and to monitor their health.
It should generate various reports including Access granted, Access
12. Denied, Attempted Entry, Unused Alarm Entry, Duress Alarms log
w.r.t. Date & Time
13. Should Supports Up to 65,000 Door Controllers
14. Compatible with all reader Hardware
15. Time, User and Zone based Access Control
16. Access Zones, Access Modes and Access Level configuration
Access Control Features Such as 2-Person Rule, First-in User Rule,
17. Anti-pass Back, Guard Tour, Duress Detection, Time Stamping and
More
18. Input and Output Linking
Should allow editing of various access points and their interface
19.
details viz. IP address, Unit ID, Com Port.
Allows editing of employee details, like name, employee number,
20.
shift, access zones.
Allows modification of reader parameters, like operating mode,
21. door open time, welcome string, Alarm settings, Timeouts, etc.
These parameters are also stored in the local database
22. Export function can be used to export data to a CSV file.
23. Up to 10Gb data can be stored in the current tables.
Older data should be moved to archives. Instantaneous Reports
24.
should be available on the current table data.
25. Should be equipped with 10/100 Mbps or higher Ethernet port
26. LED and buzzer for status, alarm, access allowed / denied
27. Should have touch screen for fingerprint scanner
28. Read Range maximum 3.5” for card reader
29. Technical Operating temperature 5 to 55 degrees or better
30. specification IP65 Rating
31. Tamper Detection
32. Tri Color LED and Buzzer
33. Operation mode: Network Mode with Host software
34. Ethernet, RS-485, USB, Aux Input and Aux Output Port

6.5 Addressable fire detection and alarm system

Sr.
Component Requirement description
No.
1. To be installed both above and below the false ceiling
2. Installation to be done with wall sounders
3. System should be sheet steel painted, sealed to IP32
Functionality
The control panel shall be UL/FM listed The control panel shall
4. include all required hardware, software and site specific system
programming to provide a complete and operational system.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
A steel enclosure contains all the required components –
microprocessor, power supply plus a clear LCD (Liquid Crystal
5.
Display), system status indicators and the control buttons that are
the user interface.
Allows the control panel to be connected to a wide variety of
peripheral devices. From display repeaters to custom mimic
6.
displays, printers, serial data interfaces and switching relay
interfaces.
Alarm and Fault conditions are highlighted by LEDs and supported
7.
by enhanced text descriptions on the LCD display
Basic functions (Evacuate, Reset, Mute, Accept, Silence) are
8. available at one access level whilst more advanced operations are
protected by a secondary level passcode
Individual device isolations, test modes and configuration data are
9.
all protected by these secondary access levels
Addressable Manual Call Points (Break Glass Type). The same shall
be square in shape & made of ABS plastic material. Surface / Flush
10.
Mounting. It shall have a "Break glass" message embedded on the
glass.
Control panel the microprocessor maintains a log of the events or
11.
actions occurring on the system
Up to 20 zone with individual LED indicators. Expandable to 40 or
12.
80 individual LED indicators
Addressable Fault / Loop isolator module with Surface mounting
13.
back box & required accessories.
User controls for SOUND ALARMS, SILENCE/ RESOUND, MUTE
14.
BUZZER, ACCEPT, SYSTEM RESET
Conventional Sounder / Hooter shall be made of ABS plastic
material & have the Db level of minimum 85dBs and a multi tone
15. facility, wall mounted with mounting base & required accessories /
Intermittent buzzer (fault condition) High pitched continuous
buzzer (fire condition)
Technical Programmable controls: Alphanumeric multi-level keypad with 15
16.
specification keys and 5 control keys: YES, NO, CHANGE, ENTER and SHIFT
17. LED type zone indicators: FIRE, FAULT/TEST/DISABLED
18. Display: 4x40-character LCD alphanumeric display with back-light
Interface: 3 serial ports with connections for optional RS485 or
19.
RS232 plug-in communication cards.
Operating Temperature: 0°C to +40°C
20.
Humidity: 85% non-condensing (maximum)
21. Loop capacity: 1 to 5 Loops expandable 460mA per loop Maximum
Outputs: Sounder Outputs 2 programmable outputs. Open and
short circuit monitoring. 1A maximum per output. Auxiliary Relays
22.
1 fault and 1 fire relay voltage free, changeover outputs Contacts
rated at 24V AC/DC, 1A, 0.6 PF maximum

6.6 Fire extinguisher

Sr.
Component Requirement description
No.
Device should be compliant to IS: 15683:2006 standards.
1.
Device should be stored pressure type.
Functionality
2. Should be suitable for extinguishing fires of class “A”, “B” and “C”.
3. Suitable for extinguishing electrical fires.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
4. Device should be of red body color code.
5. Device should BIS marked.
Maximum weight of the filled device should not be more than 9
6.
kilograms.
Extinguishing media should be powder based and clean agent for
7.
DC, UPS and Hub room locations in accordance with NFPA 10-2018
8. Expellant media should N2 based (stored pressure).
Technical
9. Capacity of device should be minimum 4.5 kilogram.
specification
10. Operating temperature: -30° C to + 55° C
11. Discharge range for extinguisher should be greater than 2 meters.
12. Effective discharge time for the device should be 15 to 20 seconds.

6.7 Rodent repellent system

Sr.
Component Requirement description
No.
They can be installed in any sensitive area with zero risk of
1.
sparking
The transducers can withstand high temperatures in the false
2.
ceilings
3. The transducers do not need a power connection
The transducers can be tested on an audible range independently,
4.
by selecting the Transducer testing menu from the LCD panel
Centralised Reporting and Monitoring System. Facility to test all
5.
Functionality controllers in one go or in an individual mode
6. Can connect up to 24 transducers with blinking LED
Scheduled or Real Time health status report generation for
7.
Systems Audit
8. Two-way Communication between the controller and the computer
Support network connectivity between the transducers and the
9.
controller
The OEM shall have an IDEMI and CFTRI certification for its
10.
products.
11. Operating Frequency : Above 20 KHZ and below 60 KHz.
12. Sound output: 80db to 110db at 1metre.
13. Power output: 1W per transducer.
14. Sweeps per Minute: 130(Configurable).
15. Frequency Division: 100(Configurable).
16. Power Consumption : 15 Watts Approximately
Technical
17. Power Supply : 230V AC/ 50Hz 14 Volts DC
specification
18. Dimensions of panel : 225 mm X 270mm X 100mm
19. Weight of panel : 6.5 Kgs Approx.
20. Mounting : Wall
RS / EIA 485 to RS / EIA 232C converter to transfer the controller
21.
data to the serial port of your computer
22. LCD display with on-board controls for changing parameters

6.8 Display – for CCTV and Meeting room

Sr.
Component Requirement description
No.
1. The display equipment should be VESA mount ready
Functionality
2. Should have inbuilt speakers
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Should have colour temperature control as : Reddish, Normal,
3.
Bluish, User Mode
4. Have a 8 bit color screen
5. The display should be 32 inch diagonally.
6. Equipped with an IPS panel with 178/178 viewing angle
7. Having energy rating of 6.0 from Energy Star or equivalent
8. Aspect ratio of 16:9
9. Have maximum response time of 4 milliseconds
Should have at least 1 HDMI port, 1 VGA port, 2 x USB 3.0 port, 1
10. Technical
DVI port.
specification
11. Should have at least 01 audio jack
12. Should have minimum resolution of 1024 x 768 pixels
13. Have refresh rate of 60 Hz.
14. Should support video-HDMI: 480p, 576p 720p, 1080i, 1080p
Should support video component:480i, 576i, 480p, 576p 720p,
15.
1080i, 1080p

6.9 Display – Video wall with controllers and speakers

Sr.
Component Requirement description
No.
Video Wall:
The Rear Projection Modules must be based on Single Chip DLP,
Full HD (1920X1080) Native, Rear Projection technology. The
1.
displays shall utilize RGB Laser having different laser bank for
different colors respectively without any moving part.
The system should have a continuous duty cycle of 24/7 for color
calibration and brightness uniformity using automated software via
2.
external server and should also support manual override function
and feature on demand.
No moving Part like color wheel or Phosphor wheel should be
3.
present as moving parts has more failure tendency
The control of the wall shall be possible via a network. All cubes
shall have their own IP address, and the control software can
4.
access all of them at the same time. The available features shall
be: On/Off, Brightness and Color, Input control
Separate hardware server for monitoring features Wall or Panel
5. Functionality
On/Off, Brightness and Color, Input control, health monitoring.
Also, software have feature to show maximum, minimum and
6.
current brightness / color values of all the projectors.
To protect operator’s eyes from blue light coming from screen
7.
sitting in front of video wall can also be reduced during night time
Projector should in-built green color indicator when projector is in
8.
idle state
The system can also have Remote IR feature for quick basic feature
9.
without any software installation
Schedule/time based ON/OFF complete system can also be possible
10.
without any human intervention
Automatic / Schedule/time based backup/restore of
11.
color/brightness settings also possible
Continuous consistency checking of complete system like:
12. Duplicate IP Address, Firmware, Software Health, Cooling Load,
Color & Brightness Mode, Temperature factors, etc.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
No single point of failure projector should be divided into multiple
13.
modules
System should be green focus in the product design, 100% free of
14.
harmful substances, eco-friendly materials
Video controller:
Display Controller to be able to control mentioned video wall and
15. should be based on the latest architecture with 19" Rack mount
industrial chassis
The system should have the capabilities of interacting (Monitoring
& Control) with various applications on different network through
16.
the single Operator Workstation. It shall be possible to launch
layouts, change layouts in real time using Tablet
Keyboard and Mouse along with mechanism to extend them to
17.
20mtrs. Operator desk from display controller to be provided
18. The controller shall be designed for 24 x 7 operation
19. Redundant controller should be provided
The Video Wall and the Controller should be of the same make to
20.
ensure better performance and compatibility
21. All features and functionality should be certified by the OEM.
22. Controller cover opening alarm
23. Resolution Support for Outputs should have 4K support
Regulatory Compliance : UL, CB, BIS,FCC,CE ,IEC 60950, IEC
24.
62368
Should be possible to show Laptop Or Android / IOS phone over
25.
the video wall without disturbing the existing network over wireless
Software:
The software should be able to preconfigure various display layouts
26. and access them at any time with a simple mouse click or
schedule/timer based.
The software should be able display multiple sources anywhere on
video wall in any size.
Key features of Video Wall management Software
27.  Central configuration database
 Browser based user interface
 Auto-detection of network sources
Online configuration of sources, displays and system variables
Video Wall Control Software shall allow commands on wall level or
cube level or a selection of cubes:
• Switching the entire display wall on or off.
• Setting all projection modules to a common brightness target,
28.
which can be either static (fixed) or dynamic to always achieve
maximum (or minimum) common brightness between projection
modules.
• Fine-tune color of each cube
Should support Multiple clients / Consoles to control the Wall
29.
layouts
The Software should be able to share layouts b/w available
30. different video walls on same network as well as preview of sources
on the workstation
Software should enable the user to display multiple sources (both
31. local & remote) up to any size and anywhere on the display walls
(both local & remote).
The software should be able to create layouts and launch them as
32.
and when desired
RFP for Odisha SOC

Sr.
Component Requirement description
No.
The Display Wall and sources (both local & remote) should be
33. controlled from Remote PC through LAN without the use of KVM
Hardware.
34. Software should support display of Alarms
35. The software should provide at least 2 layers of authentication
Software should able to Save and Load desktop layouts from Local
36.
or remote machines
All the Layouts can be scheduled as per user convenience.
37. Software should support auto launch of Layouts according to
specified time event by user
It should be possible to schedule specific Layout based on time
range It should be possible to share the layouts over LAN/WAN
38.
Network with Display in meeting room or on Remote Workstations
connected on LAN/WAN Network
System should have a quick monitor area to access critical
functions of the video wall User should be able to add or delete
critical functions from quick monitor area Full featured Web
39. services based API supports Legacy RS-232 and TCP/IP
All software communication should be encrypted, Secure user
Management with AD and LDAP Support Zero Maintenance,
automatically saves the user’s work
Integrated Embedded & External Audio formats with Audio
decoding of video streams also possible Software also supports
40.
UMD, IDC, Source name, Time (time zone aware), Date, text,
Logo, Message Ticker, Source Status
The system shall include complete Bi-directional Soft KVM to permit
41. operators to take mouse & keyboard control of Displays, Screen
Scrapped applications and DVI source
It should be possible to create two separate Tickers which run
concurrently. These can be positioned at top or bottom and can run
42.
independently. The Ticker can be picked from data source through
screen scrapping or through typing specific incidence, manually
The system should have the capabilities of interacting (Monitoring
& Control) with various applications on different network through
43.
the single Operator Workstation. It shall be possible to launch
layouts, change layouts in real time using Tablet
The control of the wall shall be possible via a network. All cubes
shall have their own IP address, and the control software can
access all of them at the same time. The available features shall
44.
be: On/Off, Brightness and Color, Input control
Separate hardware server for monitoring features Wall or Panel
On/Off, Brightness and Color, Input control, health monitoring.
Software have feature to show maximum, minimum and current
45.
brightness / color values of all the projectors
Central setup & Connection management, Central configuration
46. database, Fully distributed & modular component technology,
Browser based UI, Auto-detection of network sources
Online configuration of sources, backup & restore, Scheduled
47. backup, Fully features web services based API covering all legacy
and encrypted communications
Save and load layouts (complete display presets including
perspectives and applications), start stop and position applications
48.
& sources freely over the complete desktop, remote keyboard and
mouse control from and towards other networked desktops (bi-
RFP for Odisha SOC

Sr.
Component Requirement description
No.
directional)
Supported sources:
Analog & digital / streaming video, Analog (RGB) and Digital (DVI-
49. I) Sources, Network desktops, Network multi-channel workstations
and applications, Internet & internet sources, Embedded & external
audio formats, Localization
50. Speaker:
Should be a sound bar to be installed with the video wall connected
51.
to the video controller.
Should support surround sound audio output with additional wired
52.
woofer.
53. Should be compatible with both the display and the controller.
54. Should support Bluetooth feature.
Video Wall:
All cubes shall of 70” diagonal size and optimized to work in a
55.
multi-screen arrangement (4 X 2)
56. > 700 Nits on screen
57. Laser with lifetime minimum 100000 hours
58. Panel uniformity should be >95%
Color repetition speed must be 18X Frame Rate or higher with 3 x
59.
12-bit color and Brightness correction
Projector is equipped with Automatic motorized alignment no
60.
manual alignment needed
Redundant Power Supply External remote one to be provided only
61. This should be kept in the rack so that power supply can be
changed without disturbing any cube or alignment.
62. Should be IP6X certified by third party laboratory
Projector should complies with EMC (Electro-Magnetic
63.
Compatibility) Standard
Each display module shall have minimum Redundant DP1.2 and
64. HDMI 1.4 (HDCP compliant), DVI-DL inputs for redundancy
purposes
Technical Projector should capable of gen-lock 49 Hz - 61 Hz; 92 -120 Hz,
65.
specification also supports double genlock
66. Serviceability should be rear
67. Native Resolution per Panel should be minimum 1920x1080
68. Aspect Ratio should be 16:09
69. Screen Gap should be Less Than 1mm
70. Contrast ratio should be Min 1800 Lumens
Power consumption should be Less than 200 watt in Normal/Typical
71.
Mode
72. Heat Dissipation should be Less than 800 BTU/hr.
System shall operate properly under 10ºC to 40ºC Temperature ,
73.
Humidity - 20%-80%
74. All features and functionality should be certified by the OEM.
Video controller:
75. Operating System : Windows 10 or higher , 64-bit
76. Xeon with 2.1 GHz or higher end processor, Octa core
77. Memory minimum 32 GB expandable to 64 GB
78. 2 x 1Gb/s / 10 Gb/s LAN
79. Input : H.264, MPEG2/4, MxPEG, MJPEG, V2D, H.263
80. Output : DP/DVI/HDMI, Outputs - Up to 48 HD displays
81. Hard Disk - R.A.I.D-1 redundant setup with 2x 1000GB 2.5” HDD
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Hard disk
82. 4ch Graphic card , Max resolution: 3840x2160@60Hz
83. Speaker:
84. Sound bar should be of 2.1 channel with wired sub-woofer.
Should support audio connectivity through HDMI port, Bluetooth,
85.
wireless connectivity, auxiliary, etc.
86. Should have maximum wattage of 110W.
87. Should be equipped with power adapter and audio cables.
Any additional items should be proposed by bidder with cost
88.
inclusive.
Note: Any accessories or hardware required for the solution should be proposed by the
bidder with cost included in the solution. The bidder has to specify what additional
hardware / accessories has been proposed.

6.10 Network Rack

Sr.
Component Requirement description
No.
1. Type of rack should be rack enclosure.
2. Rack should be free standing type.
The front door of the rack should be of toughened transparent
3.
glass.
The rear door of the rack should be of SPCC quality cold rolled steel
4.
Functionality metal.
5. Back doors should be perforated with 63% or higher perforations
6. Should be available with secure lock
Should be equipped with cable channel in the rear side for cable
7.
management
8. Should support entry of cable from top or bottom of the rack
9. Size of rack should be 42U
10. Depth of the rack should be 1000 millimeter (adjustable)
11. Width of rack should be 600 millimeter
The front and rear doors should open a minimum of 120 degrees to
12.
allow easy access to the interior
13. Should have a load bearing capacity of minimum 1200 kilograms
14. Technical Should have at least one fan for heat dissipation
15. specification Should be RoHS compliant
Should be UL Listed and conform to EIA-310 Standard or India
16. equivalent for Cabinets, Racks, Panels and Associated Equipment
and accommodate industry standard x
Should have a minimum of IP 20 rating for protection against
17.
touch, ingress of foreign bodies, and ingress of water
18. Should be equipped with at least two power strips or PDU.
RFP for Odisha SOC

7. Minimum technical requirement (IT assets)

7.1 Security Orchestration Automation & Response (SOAR)

Sr.
Component Requirement description
No.
SOAR solution should be flexible enough to allow security
1. operations to easily create bidirectional integrations with security
products not supported by default.
The methods used to support these types of integrations could vary
2.
but might include scripting languages, APIs or proprietary methods.
SOAR platform should support common methods of data ingestion,
such as syslog, database connections, APIs, email and online forms,
3.
as well as common data standards such as CEF, Open IOC,
STIX/TAXII, etc.
SOAR solution should have ability to automate and orchestrate
4. process workflows to achieve force multiplication, and reduce the
burden of repetitive tasks on security analysts.
SOAR solution should support flexible methods for implementing
5.
process workflows.
Should be able to automatically extract email attachments from
6.
emails and store that for the related incidents as attachments.
Solution should include 100+ out-of-the-box playbooks for incidents
like Ransomware Attack, Data Leakage, Malware Attack, DOS and
7.
DDOS attack, Phishing Attack, etc. and should support creation of
multiple playbook.
Solution must be able to support creation of incidents via API, Web
8.
URL, SIEM, Ticketing system, etc.
Should support codify process like linear-style playbooks, flow-
9.
controlled workflows or run books.
Functionality Should have out-of-the-box provision or capable of creation and
10.
closure of incident automatically or manually.
Should have capability to execute automated workflow without any
11.
human intervention.
Should have capability to provide simulation environment to test
12.
playbooks without relying on access to real environment.
Should provide option in workflows for manual
intervention/review/approval by analyst to choose decision path
13.
before playbook can continue or to complete a task manually before
playbook can continue.
Implementation of workflows should be flexible enough to support
14. nearly any process which might need to be codified within the
solution.
Workflows should support the use of both built-in and custom
15. integrations, as well as the creation of manual tasks to be
completed by an analyst.
Should have the ability to deliver multiple dashboards that can be
16. customized to meet the specific requirements of different users of
the system.
Flow controlled workflows should be able to support different types
17. of flow control mechanisms, including those which allow for an
analyst to make a decision manually before the workflow continues.
Building workflows should not require a high level of scripting or
18.
programming knowledge and should be based on a GUI platform.
19. The solution should support basic case management functionality
RFP for Odisha SOC

Sr.
Component Requirement description
No.
such as tracking cases, recording actions taken during the incident
and reporting on critical metrics and KPIs.
The following additional features should be available in the SOAR
solution:
 Phase and objective tracking
 Detailed task tracking, including assignment, time spent and
status
20.
 Asset management, tracking all physical and virtual assets
involved in the incident
 Evidence and chain of custody management
 Indicator and sample tracking, correlation and sharing
 Document and report management
Auto-document the entire incident workflow manual as well
21. automated steps for all incidents timestamp of all actions taken in
an incident.
Provide automated report & dashboards for real time measurement
22. of KPI's including MTTD, MTTR for each incident and overall SOC
incidents.
Provide automated incident SLA breach report based on severity,
23.
type, creation time, closure time, response time etc.
Should develop reports by tracking of indicators and samples, such
24.
as IP addresses, URLs, malware samples, etc.
Should have threat intelligence feeds to properly correlate to the
25. end of discovering attack patterns, potential vulnerabilities and
other ongoing risks to the organization.
Should the capability for different forms of threat hunting, while
26. actively looking for attacks and patterns that may not have been
detected through automated methods.
Should be able to integrate with all devices irrespective of the OEM
27.
or manufacturer.
Should be able to provide insights like status, incidents, detections,
28. etc. for different devices on a single platform. User should be able
to access all information without logging out of the SOAR solution.
Should support email or text notifications, along with functionality
29.
to email comprehensive periodic reports and dashboards.
Solution should support the ability to correlate against third party
30.
security data feeds.
Solution be agentless and should support both push and pull
31.
mechanism.
Should be able to parse all the fields from SIEM, UEBA, NTA alerts
including but not limited to: creation time, update time, source /
32.
destination IP, source country, category, system, rule-name,
severity, etc.
Should support at least four analysts’ user accounts and support
33.
scalability for increase in the number of analyst accounts.
Should support a web-based GUI for management, analysis and
34.
reporting.
Should support recreation of any incident for simulation and
35. Technical
requirement analysis purpose.
Should be able to locally store evidence for each alert/incident
36.
raised by it along with capability to search through it.
Should have intuitive, modular, analyst friendly user interface for
37. overall incident management and interface to add/ edit response
tools.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Solution should not have any restriction on the number of response
38.
actions and creation of playbooks.
Should provide capability to embed scripts (Python / java / JS or
39. any other language code) in the playbooks steps to design
playbooks for advance and complex use cases.
Should be able to auto-document the entire incident workflow
40. manual as well automated steps for all incidents timestamp of all
actions taken in an incident.
Solution should have capability to design workflow to provide fully
41.
automated action for any incident.
Solution should have provision for storing security incidents/alerts
and related artefacts for minimum 1 year. Data retention & data
42.
archival settings should be or configurable as per the decision of
OCAC.
Should have at least 150 out of the box API based integrations and
43.
additional integrations should be free.
Should be able to integrate existing SIEM /ESM solution irrespective
44.
of the OEM and version.

7.2 Log Management appliance

The log management appliance should be capable and compatible to integrate with the
below devices:

1. Security Information and Event Management / ESM

a. Make: HPE ArcSight
b. Appliance Model: ESM E7600
c. EPS Support: 10000 EPS
d. Operating System: RedHat Enterprise 7.1 (Maipo)
2. Logger device
a. Make: HPE ArcSight
b. Appliance model: L7600 / product version L7633
c. Operating system: RedHat Enterprise
d. License type: Permanent
e. Software version: 6.7 or higher
3. Connector device
a. Make: HPE ArcSight
b. Appliance model: C6600
c. Operating System: RedHat Enterprise
d. License type: Permanent
e. Software version: 2.9 or higher

Note:
1. The bidder shall be responsible for the integration of the above mentioned
solutions with SOC.
2. The bidder is provided with an option to either upgrade the existing solutions &
utilize for SOC or may propose a new SIEM solution along with logger appliances,
however the existing solution shall be integrated with SOC.
3. The bidder may follow as prescribed in Section 3.5: “General Instructions to
bidders” of the RFP document.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Logger
1. Should function in Client server model.
Should support collection of logs from all devices irrespective of
2.
manufacturer and version.
Should have filtering, parsing, rewriting, normalization
3.
functionality.
Should be able to make rapid searches though billions of
4.
messages.
5. Should be capable of complex searches and drill down results.
6. Should be capable to generate alerts based on automated queries.
Should easily be able to integrate with other third party tools and
7.
solutions.
8. Should be able to integrate with existing SIEM or SOAR solution.
Should support agent and agent-less detection and collection of
9.
logs from devices.
Create customized reports to demonstrate compliance with
10.
standards and regulations such as PCI-DSS, ISO 27001, ETC.
Classify incoming logs in real-time based on message content,
extract named information elements from unstructured log
11.
messages, allowing you to aggregate disparate log formats to
search and generate statistics.
Solution must support the option of collecting raw event data using
12. Syslog, FTP,SCP, SNMP protocols, and any other protocol required
for collection of logs etc.
Parsing and rewriting capabilities to transform and normalize to
13.
enable effective search and analysis.
Solution must provide a native, out of the box capability to collect
Functionality
application log data from custom /in-house developed web
14.
applications or bidder may develop custom parser to ingest custom
logs.
15. Should have automatic data archiving feature.
The solution should prevent tampering of any type of logs and log
16.
any attempts to tamper logs.
Store log data in encrypted, compressed, and timestamped binary
17.
files, restricting access to authorized personnel only
Index logs that enable organizations to segment their log data
18. based on any number of criteria and restrict access to logs based
on user profiles.
Should be able to Integrate with the existing SIEM solution
19.
irrespective of the OEM and version.
Solution should have capacity to maintain and store logs (raw and
20.
normalized) for minimum 90 days online.
21. Should integrate with SAN storage for offline storage of logs.
Solution must be able to store log data both locally and with SAN
22.
integration.
Solution must provide inline options to reduce event data at the
23.
source by filtering out unnecessary event data.
Management should be available through Web browser, CLI, Web
24.
services API.
Connector
Should offer ease of analysis through a common event format for
25.
all log sources.
Should provide complete visibility with collection support for any
26.
event source from the physical layer through the application layer.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Management should be available through Web browser, CLI, Web
27.
services API.
Should support universal content relevance with prebuilt, vendor-
28.
independent content.
Should not have restriction in the number of devices to be
29.
integrated.
Solution must support the option of collecting raw event data using
30. Syslog, FTP,SCP, SNMP protocols, and any other protocol required
for collection of logs etc.
Solution must support local caching and batching at collection level
31.
in case of connectivity failures.
32. Solution should work in both agent-less and agent-based mode.
In case the connectivity with SIEM / logger management system is
lost, the collector should be able to store the data in its own
33. repository. The retention, deletion, synchronization with SIEM
database should be automatic but it should be possible to control
the same manually.
Logger
34. Should have hot swappable dual power supply.
Forward logs to 3rd party analysis tools or fetch data from SSB via
35.
its REST API.
Technical Licensing for at least 20000 EPS and expandable whenever
36.
specification required.
Connector
37. Should have hot swappable dual power supply.
Should support handling and processing of least 20000 EPS and
38.
expandable whenever required.

7.3 Security Information and Event Management (SIEM)

Sr.
Component Requirement description
No.
The OEM of the solution should be in the Gartner, Forrester, IDC,
1.
NSS, etc. leader quadrant in any of the last three years.
Solution should encompass log, packet and end point data with
2.
added context and threat Intelligence.
The solution should factor with following minimum components:
· Management & Reporting
3. · Normalization and Indexing
· Correlation Engine
· Data Management
There should be no limitation on number of devices to be
Functionality
supported. Any addition in no. of devices should have no cost
4. impact on department. The monitoring should be cross device and
cross vendor and be both out of the box and scalable to cover
additional devices and applications as required
The solution should provide an integrated dashboard and Incident
analysis system that could provide a single view into all the
analysis performed across all the different data sources including
5.
but not limited to logs and packets. The Tool should have role
based access control mechanism and handle the entire security
incident lifecycle.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Solution should categorize log data into an easy-to-understand
humanly-readable format that does not require knowledge of OEM-
6.
specific event IDs to conduct investigation, define new correlation
rules, and/or create new reports/dashboards.
All logs that are collected should be studied for completeness of
information required, reporting, analysis and requisite data
7.
enhancement; normalization should be performed to meet the
reporting and analysis needs.

8. Should be manageable and monitored from SIEM unified GUI

console for Correlation, Alerting and Administration.

9. Solution search performance must be capable of searching through

millions of structured (indexed) and unstructured (raw log) events.

10. Should assist analysts by reducing false positives automatically

without configuring any rules or filters to do so.
11. SIEM solution should be able to consume the Threat Intelligence
Feed as proposed in the solution.
12. Seamless and bidirectional integration with SOAR and Vulnerability
Management platform for incident workflow management.
SIEM solution should provide a centralized customizable dashboard
13.
as required in SOC functionality.
Must be able to integrate and work with the current systems of the
14.
organization and its stakeholders.
Solution should help in creating the context around the
Vulnerability by integrating proposed vulnerability management
15.
solution which can further create the priority as per asset &
vulnerability record.
Solution should not require a Database Administrator to perform
16.
implementation, tuning or other DB administrative tasks.
Solution should have Self-signed certificate generation features so
17. that access of appliance for monitoring and administration
purposes can be done in encrypted manner.
Solution must provide a web interface for mapping to remote file
18. systems using NFS or CIFS to backup log data or read raw log files
into the system.
Solution must provide pre-defined alerts and provide the ability to
19. reuse pre-defined filters and manually created filters as alert
criteria.
The solution should support
a. Monitoring and notification of events;
b. Incident Handling and Investigation support;
20.
c. Import of vulnerability scanning information;
d. Analysis and report;
e. Operation management of SOC
Should be able to handle and process complete EPS as forwarded
21. by the logger devices and scalable for upgradation for future
requirement.
Solution must provide inline options to reduce event data at the
22.
source by filtering out unnecessary event data.
It should be able to handle a burst of 1.25 times of the sustained
23. EPS in real time at any given point in time without any drop or
queuing of events.
Should be able to integrate with the existing SIEM solution and
24.
proposed SOAR solution.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
25. Integration should be bi-directional with the SOAR solution.
Solution should log all administrative access and activities and
26.
provide access to the audit logs web interface.
Should support storage and archiving of data and reports as per
27.
requirement.
Solution should be able to restore from archives / external storage
28.
and generate reports whenever required.

7.4 Anti – Advanced Threat Persistent (Anti – APT)

Sr.
Component Requirement description
No.
The OEM of the solution should be in the Gartner, Forrester, IDC,
1.
NSS, etc. leader quadrant in the latest reports.
Lock down patient zero, stop the spread, and neutralize the attack at
2.
the initial point of infection before it spreads laterally.
Solution must be on premise Anti-APT solution and must not be
3. network perimeter security component part devices like UTM and
NGFW and not be a CPU and chip based function.
Increased protection against advanced persistent threats with static
4.
and dynamic detection techniques
Enhance security intelligence similar to NGFW and NGIPS “learn”
5.
from attacks.
Solution should have capabilities to configure files, IP, URLs and
6.
Domains to Black list or white list.
Use specialized detection engines, correlations rules, and custom
7. sandboxing to detect all aspects of an advanced persistent threat,
not just malware.
Should support logging of important parameters like Source IP,
8. Destination IP, ports, protocol, Domain, time stamp etc. of the
attacks sessions.
Should provide correlated threat data such as: IP addresses, DNS
domain names, URLs, Filenames, Process names, Windows Registry
9.
Functionality entries, File hashes, Malware detections and Malware families
through a dashboard
Leverage detection data to create new rules and policies to block
10.
existing and future attacks.
The solution should be OS agnostic and should deploy static/dynamic
analysis for emulation of threats on various operating systems like
Windows, MAC, Linux, etc. irrespective of the versions. The solution
11. should support Windows 7, Windows 8, Windows 10 Microsoft 2003,
Microsoft 2008, Microsoft 2012, and Microsoft 2016 operating
environments for Sandboxing, this requirement should be based on
virtual execution and should not be Hardware or chip based function.
Capable of monitoring all ports and protocols to identify attacks
12.
anywhere on the network.
Capable of examining email attachments using multiple detection
13. engines and sandboxing. Prevent new and unknown attacks in
documents and executable files
Attachments analysed should include a wide range of Windows
executables, Microsoft Office, PDF, Zip, Web content, and
14. compressed file types. Identify new malware hidden in files types,
including but not limited to: Adobe PDF, Microsoft Office, Java, Flash,
executables, and archives
15. Malware protection should be done by specialized detection and
RFP for Odisha SOC

Sr.
Component Requirement description
No.
sandboxing techniques, which can discover malware and exploits
delivered in common office documents.
Solution must be capable of performing multiple file format analysis
which includes but not limited to the following: LNK, Microsoft
objects, pdf, exe files, compressed files, .chm, .swf, .jpg, .dll, .sys,
16.
.com and .hwp and solution should have an in-built document
vulnerabilities detection engine to assure analysis precision and
analysis efficiency.
Capable of analyzing URLs contained in emails using reputation,
17.
content analysis, and sandbox simulation.
18. Capable of unlocking of password-protected files and Zip files
Capable of combining global telemetry from one of the world’s largest
19. cyber intelligence networks, with local customer context, to uncover
attacks that would otherwise evade detection
20. Supports SPAN port or port mirroring configuration
Able to integrate with multiple devices and analyze all information in
21.
parallel
Able to protect from both known and unknown threats utilizing IPS,
22. Antivirus, Anti-Bot, Threat Emulation (sandboxing) and malicious
content detection and real-time elimination technologies.
Able to monitor the instruction flow at the CPU-level to detect
23.
exploits attempting to bypass OS security controls
Capable of decrypting protected SSL and TLS tunnels to extract and
24.
launch files to discover hidden threats.
25. Prevents and remediates evasive ransomware attacks
26. Blocks deceptive phishing sites and alerts on password reuse
27. Protects applications against exploit based attacks
Records and analyzes all endpoint events to provide actionable attack
28.
forensics reports
The solution should be able to inspect and block all network sessions
29. regardless of protocols for suspicious activities or files at various
entry/exit sources to the client's network.
The solution should be able to protect against Advanced Malware,
30. zero day web exploits and targeted threats without relying on
signature database.
The solution should be able to identify malware present in network
file shares and web objects (QuickTime, MP3 and ZIP/RAR/7ZIP/TNEF
31.
archives, 3gp, asf, chm, com, dll, ico, jar, jpeg, jpg, mov.) and able
to quarantine them.
The solution filter must support network action set such as Block
(drop packet), Block, Permit, Trust, Notify, Trace, Rate Limit and
32. Quarantine & must support signatures, protocol anomaly,
vulnerabilities and traffic anomaly filtering methods to detect attacks
and malicious traffic
The solution should be able to identify zero-day malware present in
file and web objects (Adobe Flash File, Java, Microsoft Office Files
33. .doc .docx .ppt .pptx .xls .xlsx, .pdf, rar, dll, sys, tar, exe, zip, bzip,
7zip, ink, chm, swf etc.) and should have ability to interrupt
malicious communication.
The proposed solution should support at least 100+ protocols (e.g.
HTTP, FTP, SMTP, SNMP, IM, IRC, DNS and P2P protocols SMB,
34. Database protocol MySQL, MSSQL, Microsoft Office, Visual Basic,
Acrobat PDF, MAC OS X *.app, zip, tar, flash, executables, link
libraries, etc.) for inspection and should block suspicious
RFP for Odisha SOC

Sr.
Component Requirement description
No.
communications of zero day malware detected IP, URL and file.
Solution should identify spear fishing email, zero day malware and
35. ransomware attacks in email and should quarantine or block
suspicious email messages before reaching user/ mail server.
The solution should support Sandbox test environment which can
36. analyse threats to various operating systems, browsers, databases
etc.
37. The solution should support both inline and out of the band mode.
The solution should be able to detect and prevent bot outbreaks
38.
including identification of infected machines.
The solution should be appliance based with hardened OS. No
39. information should be sent to third party systems for analysis of
malware automatically.
The solution should be able to block the call back tunnel including
40.
fast flux connections.
The solution should be able to share malware information/ zero day
41.
attacks knowledge base with deployed appliances.
42. The solution should be able to capture packets for deep dive analysis.
In case there is no antivirus signature available for malware, solution
43. should have the ability to exfiltrate data about the malware and
share it with the antivirus solution providers.
The solution should be able to pinpoint the origin of attack, Threat
44. description and help to understand the severity and stage of each
attack.
The solution should be able to conduct forensic analysis on historical
45.
data.
Dashboard should have the feature to report Malware type, file type,
46. CVE ID, Severity level, time of attack, source and target IPs, IP
protocol, Attacked ports, Source hosts etc.
The solution should generate periodic reports on attacked ports,
47.
malware types, types of vulnerabilities exploited etc.
The solution should be able to export event data to existing SIEM or
48.
Incident Management Systems.
49. Solution should be able to monitor encrypted traffic.
The management console should be able to provide information
50.
about the health of the appliance such as CPU usage, traffic flow etc.
The solution should display the geo-location of the remote command
51.
and control server.
The solution should be able to integrate with Active Directory to
52.
enforce user based policies.
53. The solution should monitor Inter-VM traffic on a Port Mirror Session.
Sandboxes must support multiple operating systems and for both 32-
54.
bits and 64-bits OS.
The solution should support Windows XP, Windows 7, Windows 8,
Windows 10 Microsoft 2003, Microsoft 2008, Solaris10, Redhat 5 &
55. above Linux operating environments for Sandboxing, this
requirement should be based on virtual execution and should not be
Hardware or chip based function.
The solution should support open web Services API for 3rd party or
56.
scripting integration.
Solution should allow admin to define custom threat intelligence by
57.
importing/exporting rules.
The solution should support windows XP, Windows 7, Windows 8,
58.
windows 10 Microsoft 2003, Microsoft 2008 (32 bit & 64 bit OS),
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Solaris10, and RedHat 5 & above Linux operating environments for
Sandbox file analysis. Solution should have option to upload custom
sandbox image running in client’s environment.
59. Minimum performance throughput up to 2 Gbps
60. Should be able to store online data for at least 90 days.
Capable of performing multiple sandboxing environment in parallel,
61.
handling more than 50 virtual machines
Capable of processing more than 4000 unique files per hour and have
62.
provision for expansion whenever required
Supports OS: Win 10 (64-bit), Win 8.1 (64-bit), Win 8 (32-bit/64-
bit), Win 7 (32-bit/64-bit), Win XP (32-bit/64-bit), Win Server 2016,
63.
Technical Win Server 2012, Win Server 2012 R2, Win Server 2008, Win Server
specification 2003, Android, Mac, Linux
Capable of generating reports in the following formats: STIX,
64.
OpenIOC, XML, JSON, HTML, PDF, text
65. Capable for in-line, TAP / SPAN, monitoring and Fail-open operation
Should be capable to add multiple number of monitoring nodes
66.
logically.
67. Should support scalability in number of ports for expansion.
68. Hot swappable dual power supply
69. Have maximum MTBF and least MTTR

7.5 Network Traffic Analyzer

Sr.
Component Requirement description
No.
1. Identify what applications/protocols are running on the network.
2. Identify bandwidth hogs down to a user, application or device level.
3. Monitor client to server network traffic.
4. Troubleshoot network & application performance issues.
Should be pre-built with hundreds of reports, graphs, and charts,
5.
which are all customizable.
Bandwidth Utilization and flow / packet based Monitoring and
6.
reporting
Should be able to monitor from L2 to L7 layer metrics conversations
7.
in the network.
Should support deployment of multiple sensors/probes to acquire
data from multiple sources in the network, multiple
systems/appliances running analytics engine components for better
8. Functionality assessment of traffic to security profiles, multiple systems/appliances
with deep-learning/machine-learning components for anomaly
detection and, multiple systems/appliances with web-UI components
supporting high-availability and scalability needs.
9. Spot users or devices downloading large volumes of data.
10. Bandwidth Usage by Application
Should support use of aggregation policies (sum, average, minimum,
11. maximum, etc.) that work on volumetric data counters such as
bytes, packets, non-empty packets, etc.
Should support use of policies that can detect spikes of quantum (1x,
12.
2x or a user-configurable jump or fall) in network traffic.
13. Should be to spot top talkers on the network.
Should be able to auto discover assets communicating in the
14.
network.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Should have deep-learning/machine-learning component to detect
15. anomalous and suspicious communication is network traffic
irrespective of its origins or destination and, protocol or application.
Should support use of policies that can detect violations based on
16.
blacklist/whitelist matches.
Should have basic monitoring statistics like tracking source IP,
17.
destination IP, protocols and bandwidth.
Should be capable of bulk decryption of SSH, IPSec, HTTPS, SMTPS,
18.
IMAPS, SSL, TLS, etc. encrypted traffic for analysis and monitoring.
Should integrate with SOAR or log management tools for sharing of
19.
network data in real time and, alerts as they happen.
Should include a distributed search engine data-store to ingest
20. various types of textual, numerical, geospatial, structured and
unstructured data.
Should allow for proactive investigation by allowing user to interact
21.
with data using visual graphs/charts in interactive dashboards.
Should enable user to investigate network performance or security
issues by accessing details about session. The details may pertain to
22.
delays, gaps, session initialization or termination reasons, session
payload and data enrichments.
Should be able to generate and retrieve reports for a minimum of
23. one year period where online data should be available for minimum
90 days period.
Should consist of a sensor or probe to acquire network traffic or flow
24.
data and generate session metadata from the acquired traffic.
Should include an analytics engine component that processes
25. network traffic and/or generated session metadata to detect threats,
risks and, anomalies.
Should support for reconstruction of session if raw capture retention
26.
is configured.
Should not require an internet connection in support of any of its
capabilities. It should be possible to schedule ingestion of OEM
27. supplied and third-party threat intelligence by importing the update
using system console or CLI or scheduling checks with a locally
hosted repository.
Should support anomaly detection without any threat intelligence in
28.
place by using its deep-learning/machine-learning capabilities.
29. Should support minimum 10 Gbps of throughput performance.
30. Should support SPAN / port mirroring.
31. Should support monitoring unlimited number of nodes logically.
32. Should support scalability in number of ports for expansion.
33. Should support minimum 5,00,000 HTTP transactions.
Operating system should be security hardened and embedded with
34.
overlaying kernel for high speed packet processing.
35. Appliance should have hot swappable dual power supply.
Technical
Should be licensed to monitor traffic from unlimited number of
36. specification
nodes.
Protocols like HTTP, SMB, RDP, SSL, DNS, SMTP, LDAP, etc. should
37.
be detected by the solution.
Should support any web browser for management or monitoring
38.
through a workstation.
Monitor network traffic through SNMP, Netflow, WMI, Rest APIs, etc.
39.
and network sniffing.
40. Should be able to generate and retrieve reports within the appliance
RFP for Odisha SOC

Sr.
Component Requirement description
No.
itself without the use of any additional database server.
Should be able to integrate with external storage devices for storing
41.
and retrieving if old records / data.

7.6 Threat Intelligence feeds

Sr.
Component Requirement description
No.
Intelligence feeds should be available from open sources, commercial
1.
sources and international sources.
Threat Intelligence should deliver a comprehensive range of timely
2. adversary and technical threat intelligence through a customizable
portal or Dashboard.
The Threat Intelligence Portal/Dashboard should provide a complete
3.
range of adversary and technical intelligence.
The Threat Intelligence Portal/Dashboard should provide End-to-End
4.
picture of threats.
5. Intelligence feeds should adhere to MITRE and ATT&CK framework.
Threat Intelligence feeds should contain who, how and why are you
6.
being targeted.
Intelligence feeds should be integrated with SOAR / SIEM solution
7. and should be pushed towards the respective devices for
upgradation.
Threat intelligence feeds should enable efficient security operations
8.
and reduce the time for investigation.
The intelligence feeds should be available for the complete proposed
9.
solution and pushed periodically.
Intelligence feeds from all sources should be provided as a bundled
10.
single input.
Functionality Should have inputs preferable from dark web and similar kind of
11.
sources.
12. The threat intelligence feeds should be available in multiple formats.
Intelligence feeds should be reliable to eliminate maximum number
13.
of false positives and reduce duplicity in threat definitions.
14. Should provide advanced IP Reputation.
Should provide the data feed in formats intercept able by the SOC
15.
solutions
Provide scripts based feeds whenever required to download the data
16.
feeds.
17. Should provide additional information in IOCs wherever requested.
Threat Intelligence feed OEM should have experience of at least 10
18.
years.
Threat Intelligence feed has to be unique. This has to be from a
19. different OEM and not the same as of SIEM / SOAR OEM to adhere to
the dual incident monitoring design principle.
Threat intelligence should provide an insight into current and
20.
emerging threats.
21. Intelligence feeds should cater to all SOC solutions and equipment.
Intelligence feeds should also preferably include feeds from the OEM
22. providing the security hardware in-order to provide an integrated
cyber-defense and data exchange between devices.
RFP for Odisha SOC

7.7 Network Management Switch for Data centre

Sr.
Component Requirement description
No.
1. Layer 3 access switch to be installed at data centre.
2. Should be rack mountable and easily installable.
3. Should have in built redundant, hot swappable power supply.
4. Should have internal redundant cooling fan.
5. Should have a console port.
6. Should be IPV4 and IPV6 ready from day one.
7. Supports Layer 2 protocols: 802.1Q VLAN, 802.3xVLAN.
8. Supports Layer 2 protocols: LACP, STP, MSTP, RSTP.
9. Supports Layer 2 protocols: VxLAN, IEEE.
10. Supports Layer 3 protocols: Static routing, RIPv1, RIPv2.
Supports Layer 3 protocols: BGP, OSPFv2, OSPFv3, RIPng, PBR,
11.
BGP4.
12. Supports Layer 3 protocols: PIM-SM & SSM & DM, IS-IS, IS-ISv6.
13. Functionality Supports Layer 3 protocols: VXLAN, VRRP, DCBX.
14. Supports Layer 3 protocols: 802,1Qbb, 802,1Qaz, FCoE, etc.
Should be equipped with security feature: Snooping, dynamic ARP,
15.
ACL, RADIUS / TACAS, Port security, IGMP snooping, DHCP, etc.
16. Support management protocols: GUI / GUI using NMS
17. Support management protocols: CLI, Telnet, TFTP
18. Support management protocols: SNMPv1, SNMPv2, SNMPv3
19. Support management protocols: NTP, SSHv2, DLDP/UDLD
Support management protocols: Hitless patch upgrades, IP
20.
management, Openflow, etc.
Should support: LDP protocol, MCE, P/PE of MPLS VPN, MPLS
21. Traffic Engineering (TE), MPLS Operations, Administration, and
Maintenance
22. Should be RoHS compliant.
23. Should have minimum 24 x 10GE SFP+ ports.
Should at least one management port of GE management interface,
24.
RJ45 and optional management port of RS232 / USB.
25. Should have minimum switching capacity of 450 Gbps.
Technical
26. Should have minimum MAC address table size of 128K
specification
Should be capable of configuring more than 500 IPV4 and 5000
27.
IPV6 routing.
28. Should have in built, preinstalled operating system.
29. Should support minimum 4000 VLAN and VLAN IDs.

7.8 Network Router for SOC Command Centre

Sr.
Component Requirement description
No.
LED indicators for Ethernet and console status, as well as visual
1. system state indications
Functionality Command-line interface (CLI), alarm, network management,
2. logging, statistics aggregation, and on-board failure logging
(OBFL).
RFP for Odisha SOC

Sr.
Component Requirement description
No.
3. Environmental chassis management
4. Minimum 20 Gbps sustained forwarding data traffic capacity
5. One Network Interface Module (NIM) bay.
6. Dual In-line Memory Modules (DIMMs)
7. USB flash or secure token memory stick
8. Should have dual power supply
Should support IPv4, IPv6, static routes, Routing Information
9.
Protocol Versions 1 and 2 (RIP and RIPv2)
Should support Open Shortest Path First (OSPF), Enhanced IGRP
10.
(EIGRP), Border Gateway Protocol (BGP), BGP Router Reflector,
Should support Multicast Internet Group Management Protocol
11.
Version 3 (IGMPv3
Should support Protocol Independent Multicast sparse mode (PIM
SM), PIM Source Specific Multicast (SSM), RSVP, CDP, ERSPAN,
12. IPSLA, Call Home, EEM, IKE, ACL, EVC, DHCP, FR, DNS, LISP,
OTV[6], HSRP, RADIUS, AAA, AVC, Distance Vector Multicast
Routing Protocol (DVMRP), IPv4-to-IPv6 Multicast
Should support MPLS, Layer 2 and Layer 3 VPN, IP sec, Layer 2
13.
Tunnelling Protocol Version 3 (L2TPv3)
Should support Bidirectional Forwarding Detection (BFD),
14.
IEEE802.1ag, and IEEE802.3ah
15. Should support Generic routing encapsulation (GRE)
Should support Ethernet, 802.1q VLAN, Point-to-Point Protocol
16.
(PPP), Multilink Point-to-Point Protocol (MLPPP)
Should support Frame Relay, Multilink Frame Relay (MLFR), High-
17.
Level Data Link Control (HDLC)
18. Should support Serial (RS-232, RS-449, X.21, V.35, and EIA-530)
19. Should support PPP over Ethernet (PPPoE)
Should support QoS, Class-Based Weighted Fair Queuing (CBWFQ),
20.
Weighted Random Early Detection (WRED)
Should support Hierarchical QoS, Policy-Based Routing (PBR),
21.
Performance Routing and NBAR.
Should support Encryption: DES, 3DES, AES-128 or AES-256 (in
22.
CBC and GCM modes)
Should support Authentication: RSA (748/1024/2048 bit), ECDSA
23.
(256/384 bit)
24. Should support Integrity: MD5, SHA, SHA-256, SHA-384, SHA-512
Features such as quality of service (QoS), cryptography, and
25.
access control lists (ACLs) are processed in hardware.
26. Modular QoS CLI (MQC) policies on VLANs or tunnels
Limits an arbitrary collection of low-priority traffic to a certain
27.
bandwidth
RJ-45 console ports and auxiliary ports, and a mini USB console
28.
port.
One copper Ethernet 10/100/1000 Mbps network management
29.
port.
Technical Two USB 2.0 ports for USB flash sticks or USB secure tokens
30. specification (secure key distribution).
31. Minimum aggregated throughput of 01 Gbps from Day 01
32. Minimum 4 x 1 GE Base-T interfaces
33. Minimum 4 x 10 GE SFP+ interfaces
RFP for Odisha SOC

Sr.
Component Requirement description
No.
34. One RJ-45/RS-232 compatible auxiliary port

7.9 Managed Switch for SOC Command centre

Sr.
Component Requirement description
No.
1. Should be of Non-PoE type with form factor of 1U.
2. Should be rack mountable and easily installable.
3. Should have internal redundant cooling fan.
4. Should have a console port.
5. Should be IPV4 and IPV6 ready from day one.
6. Should support Layer 2 features: IEEE 802.1Q tagged VLAN
Should support Layer 2 features: IEEE 802.1D Spanning Tree
7.
Protocol
Should support Layer 2 features: IEEE 802.1D Spanning Tree
8.
Protocol
Should support Layer 2 features: IEEE 802.1v Protocol VLAN & Port
9. VLAN and MAC-based VLAN, Voice VLAN, Guest VLAN, IP subnet-
based VLAN
Should support Layer 2 features: IEEE 802.1 Q-in-Q – IEEE 802.1w
Rapid Spanning Tree, IEEE 802.1s Multiple Spanning Tree, IEEE
10.
802.3ad Link Aggregation (LACP), IEEE 802.1x port access
authentication
Should support Layer 2 features: IGMP v1, v2, v3 snooping
11.
support, IGMP querier
Should support Layer 2 features: Static multicast filtering,
12. Functionality Weighted round robin (WRR) queue technology, MLD v1, v2
snooping
13. Should support Layer 3 features: Static routing, ARP
Should support security features: Access Control Lists (ACL), MAC,
14.
IP, TCP, ACLs: L2/L3/L4
Should support security features: Network storm protection
15.
including broadcast multicast and unicast traffic
Should support security features: Protected ports, MAC filtering,
16.
Private group
Should support security features: IEEE 802.1x port access
17.
authentication, Port security
18. Should support security features: DoS, DHCP snooping
Should support security features: IP Source Guar, Dynamic ARP
19.
inspection
Should support security features: RADIUS (RFC 2865), RADIUS
20.
accounting (RFC 2866), TACACS+
Should support switch management features: SNMP v1, v2c, v3
21.
with multiple IP addresses
Should support switch management features: Private Enterprise
22.
MIB, Port mirroring support (many-to-one)
23. Should support switch management features: DHCP/BOOTP relay-
RFP for Odisha SOC

Sr.
Component Requirement description
No.
primary and backup (RFC 3046, option 82), RFC 2030 Simple
Network Time Protocol (SNTP), DHCP server, DHCP L2 relay
Should support switch management features: IEEE 802.1AB Link
Layer Discovery Protocol (LLDP), ANSI/TIA-1057 LLDP Media
24.
Endpoint Discovery (LLDP-MED), DHCP relay (with backup servers),
GARP/GVRP/GMRP
Should support switch management features: SYSLOG, TFTP, SFTP,
25.
HTTP, SCP, or local USB flash firmware upgrade
Should support switch management features: Port description –
26.
RFC 1519 CIDR
Should support switch management features: Proxy ARP, DNS
27.
lookup
Should support user interfaces: Command Line Interface (CLI) via
console port (5 sessions), Web-based management via embedded
28. HTTP server protected with Secure Sockets Layer, (SSLv3) or
Transport Layer Security (TLS v1), Telnet remote login (5 sessions)
securable with Secure Shell (SSH v1.5, v2)
29. Should have preinstalled operating system.
Should have minimum 48 x 10/100 Base TX ports and 4 x
30.
100/1000 SFP/SFP+ ports.
Technical
Should at least one management port of RJ45 and another
31. specification
management port of RS232 / USB.
32. Should have minimum switching capacity of 15 Gbps.

7.10 SAN Storage

Sr.
Component Requirement description
No.
The bidder to propose relevant SAN switch for the SAN storage in
1.
redundant high availability.
Necessary software to configure and manage the storage space,
2. RAID configuration, logical drives allocation, virtualization,
snapshots for entire capacity etc. should be included.
Should support Non-disruptive component replacement of
3.
controllers, disk drives, power supply, fan subsystem etc.
4. Should support the supplied storage and operating systems.
The storage should support all the Operating System Platforms &
5.
Clustering
Any software or license required to enable connectivity to these OS
6. Functionality
/ software should be included.
Storage should support non-disruptive online firmware upgrade for
7.
both controllers and disk drives.
Should be able to support clustered and individual servers at the
8.
same time.
Should come equipped with storage management software for
9.
configuration and patching.
Should support automated SAS storage tier feature across the
10.
populated drives.
The storage system shall be configured with GUI based
11.
management software as below:
RFP for Odisha SOC

Sr.
Component Requirement description
No.
 Monitor and manage the storage array Configuration.
 Remote Storage base replication.
 Storage front end port monitoring.
 Disk Monitoring.
 LUN management.
 Storage Component replacement, etc.
Usable storage capacity of minimum 200 TB from Day 01 and
12.
scalable up to 1 PB.
Should support hot plug and hot swap of components online
13.
(including controllers, power supplies, cooling fans etc.)
14. Should have redundant controller, power and cooling.
15. The storage system should be scalable.
16. Technical Should provide LUN masking, fiber zoning and SAN security.
17. specification* All relevant software required should be in-built.
18. Should be equipped with hot spares.
Should support remote replication and replication license included.
Synchronous and Asynchronous replication support should be
19.
available with relevant licenses.
20. Should support FC, iSCI protocols. BIS compliant and registered.
21. Should be IPV6 ready from Day 01 of installation.
*Note:

1. The bidder has to assess and propose SAN switch as per requirement in high
availability.
2. Storage requirement is for data retention for a period of 01 year which may be
updated later as per OCAC data retention policy. Any additional storage requirement
cost would be as per the financial proforma as quoted by the bidder.
3. The bidder to assess the infrastructure and proposed relevant drive capacity and
number of slots as per the scalability and storage requirement.

7.11 Vulnerability Management Solution

Sr.
Component Requirement description
No.
The OEM of the solution should be in the Gartner, Forrester, IDC,
1.
NSS, etc. leader quadrant in the latest reports.
2. The solution must be completely on premise solution.
Bidder to propose and implement virtual machine for deployment
3.
of Vulnerability Management Solution.
Solution should have Self-signed certificate generation features so
4. that accessing of appliance from client for monitoring and
administration purposes can be done in encrypted manner.
Functionality
Solution should be IPv6 ready from day one to integrate with full
5.
IPv6 network.
Vulnerability management solution should be a dedicated solution
6.
and not part of SIEM.
Vulnerability management solution should be based on 512 floating
IP addresses (IPs can be changed and active scanning can be done
7.
as per requirement) from Day 01 and can be increased as per
requirement.
8. Integrates seamlessly with the SIEM.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
Ability to import vulnerability assessment and scan results sources
9.
for centralized reporting, dash boarding and analysis.
Is able to transparently utilize all existing points of presence for
10.
scanning purposes as possible.
Is CVE compliant and provides vulnerability risk scoring based on
11.
accepted industry standards (CVE,CVSS);
Can orchestrate a high volume of concurrent assessments without
12. disturbing normal network operations (customizable bandwidth
usage);
13. Can scan both external facing and internal IP ranges;
14. Can scan in zero privileged or credentialed mode;
15. Can perform privileged scanning of network devices;
16. Can scan virtual hosts;
Provides a flexible and automated remediation assignment
17.
capability;
Provides easy access to the solution through a web based
18.
interface;
Delivers role based reporting and operational functionality through
a cascading permissions structure so each user has personalized
19.
information based on their role and the assets they are responsible
for managing;
Allows multiple stakeholders to scan and rescan (for remediation
20.
verification) as needed;
21. Provides flexible assessment scheduling options;
Enforces approved time windows for scans and automatically
22.
manages scans across windows (pause and re-start);
Allows for acceptable risks and false positives to be exceptional
23. from reporting and workflow based on customer defined business
rules;
Captures an audit trail associated with all activities (e.g. discovery,
24.
assignments, notes, exceptions, remediation etc.) vulnerabilities;
Generates alerts and reports on newly emerging vulnerabilities in
25.
between scans, using passive correlation;
26. Differentiates between active and inactive IP addresses
Enables access to raw scan and report data (custom report
27.
building).
Create, manage and schedule vulnerability scans View and report
28.
on vulnerability scan results;
The Solution must provide the ability to produce ad hoc reports
29. while viewing results in the console. PDF and CSV exports shall be
available.
Efficiently manage detected vulnerabilities, through a series of
powerful vulnerability views and the application of very flexible
30.
vulnerability filtering; enabling users to focus on the key, must fix
vulnerabilities;

7.12 Network Monitoring, Helpdesk and Ticketing tool

Sr.
Component Requirement description
No.
The network monitoring tool must monitor performance across
1. Functionality
heterogeneous networks from one end of the enterprise to the
RFP for Odisha SOC

Sr.
Component Requirement description
No.
other.
Proposed NMS solution must be ISO 27001 certified to ensure
2.
security compliances.
NMS OEM must be an industry standard solution and shall be in the
3. present for NPMD and ITSM both in latest published Gartner’s MQ
reports and leading analysts’ reports like IDC or Forrester.
Proposed NMS solution MUST have at least 2 deployments in Indian
Government/ Public Sector, monitoring & managing 2500+ network
4. nodes in each of such deployments.
Customer names, solution details and OEM undertaking needs to
be provided at the time of bidding.
OGC Gold level or Pink Elephant certifications for ITILv3 in at least
5.
10+ processes or equivalent.
The solution should allow for discovery to be run on a continuous
basis which tracks dynamic changes near real-time; in order to
6.
keep the topology always up to date. This discovery should run at a
low overhead, incrementally discovering devices and interfaces.
The proposed solution should also provide network asset inventory
7.
reports.
The tool should automatically discover different type of
heterogeneous devices (all SNMP supported devices i.e. Router,
8.
Switches, Servers, etc.) and map the connectivity between them
with granular visibility up to individual ports level.
The tool shall be able to assign different icons/ symbols to different
9. type of discovered elements. It should show live interface
connections between discovered network devices.
Should support manual addition and deletion of devices from the
10.
repository of assets in the tool.
It should support various discovery protocols to perform both
11. manual and automatic discovery of all L2, L3 Network devices
across any network connectivity existing or planned in future.
In case of dual stack devices, the system shall be able to discover
12.
and show both IPv4 and IPv6 IP addresses.
It shall provide an option to discover and manage the
13.
devices/elements based on SNMP as well as ICMP.
The proposed Network Fault Management solution must support
14. extensive discovery mechanisms and must easily discover new
devices using mechanisms such as SNMP Trap based discovery.
It must also allow for inclusion and exclusion list of IP address or
15.
devices from such discovery mechanisms.
The proposed solution must provide a detailed asset report,
16. organized by vendor name, device type, listing all ports for all
devices.
The Solution must provide reports to identify unused/dormant
17.
network ports in order to facilitate capacity planning.
The system should be able to clearly identify configuration changes
18.
/ policy violations / inventory changes across multi-vendor network
RFP for Odisha SOC

Sr.
Component Requirement description
No.
tool.
The system should support secure device configuration capture and
19. upload and thereby detect inconsistent “running” and “start-up”
configurations and alert the administrators.
The proposed fault management solution must able to perform
20.
“load & merge” configuration changes to multiple network devices.
The proposed fault management solution must able to perform
21.
real-time or scheduled capture of device configurations.
Should able to support and handle large volume of incident, service
22.
requests, changes, etc.
The solution should have a Single Architecture and leverage a
23.
single application instance across ITIL processes.
Support unique data and workflows segregated user role for
24. Incident, Problem, Change, Release, Knowledge Management,
Asset Management and CMDB
Should provide out-of-the-box categorization, as well as routing
25. and escalation workflows that can be triggered based on criteria
such as SLA, impact, urgency, CI, location or department.
26. Should support customization of severity level as per requirements.
Multiple instances shall be allowed to be configured in different
27.
ways in different modules for different outcomes.
The tool should have the knowledge management OOB –
knowledge databases to support investigations, diagnoses, root
28.
cause analysis techniques, and creating / updating workarounds,
temporary fixes and resolutions.
Should allow creating and applying various operational level
29. parameters to Incidents, Requests, Changes, and Release
management modules.
Should have a predefined/customizable field to indicate & track the
30.
progress/status of the lifecycle of ticket(s).
The solution should support SLA violations alerts during the
31.
tracking period.
The tool should provide an audit trail, tracking & monitoring for
32. record information and updates from opening through fulfilment to
closure.
The solution should support managing and maintaining a full
33.
history of an incident SLA.
Should use Industry-standard protocols such as WMI, SNMP, JMX,
34. SSH to perform discovery without requiring the installation of an
agent.
Should have ability to modify out-of-box discovery scripts, create
35.
customized discovery scripts
Discovery should work without requiring agent installation (that is,
36. agent-less discovery) while discovery Layers 2 through Layers 7 of
OSI model
The tool shall be able to work on SNMP V-1, V-2c & V-3 based on
37.
the SNMP version supported by the device.
The solution should have internal storage and function without any
38.
third party database.
39. The solution should be able to integrate with SOAR solution.
The Helpdesk and ticketing system should store unlimited number
40.
of incidents.
RFP for Odisha SOC

Sr.
Component Requirement description
No.
The solution should have manual or automated escalation
41.
mechanism for incidents.
Should support configuration for auto escalation of tickets during
42.
SLA violations.
The solution should support at least 2 administrator user accounts
43.
and at least 10 user accounts.
The solution should be able to store incident records for a period of
44.
at least 90 days.
Should have provision to archive data for future reference and
45.
retrieval.
The tool shall be able to discover IPv4 only, IPv6 only as well as
46.
devices in dual-stack.
Should be able to generate reports regarding CPU and memory
47.
utilization for routers, switches and servers.

7.13 Desktop
Sr.
Component Requirement description
No.
Desktop should be preloaded with suitable operating system which
1.
may provide ease of operations.
Operating system should be of the latest configuration and
2.
enterprise version.
3. Desktop should be of the latest model and configuration.
Functionality
4. Desktop should be available with proper accessories for installation.
All the components of the desktop (like keyboard, mouse, etc.)
5.
should be of the same OEM.
6. Monitor should emit minimal radiation for lesser eye strain.
7. Monitor should have minimum border bezel width.
Intel i5 processor with 6 cores per processor, 2.8 GHz base
8.
frequency and 9MB cache memory
9. Have an additional 1 PCI slot
10. Integrated graphics – Intel HD 630
11. OS partition and storage should be in local hard drive.
12. Minimum 8GB RAM DDR4 with 2666 MHz speed
13. Additional 01 number of DIMM slots should be present
14. Should have a hard drive capacity of 1000 GB @ 7200 rpm
15. Should have an optical drive DVD R/W
Audio in & out, Headphone and microphone ports should be
16.
present.
Technical Should have minimum 2 number of 10/100/1000 on board
17.
specification Integrated Gigabit Port
18. Should have minimum 4 number of USB 3.0 ports
Should have minimum 02 number of VGA ports for two display
19.
connections.
20. Keyboard should be standard type with USB connector.
21. Mouse should be optical scroll wired
22. Mouse connector should be USB type
23. Monitor:
Monitor should be 27 inches diagonally in size with aspect ratio
24.
16:9
25. Monitor should bear resolution of 1920x1080 pixels
26. Screen should be curved with screen curvature of 1800R
RFP for Odisha SOC

Sr.
Component Requirement description
No.
27. Dimension should not be greater than 615 x 458 x 271 mm
28. Monitor should be LED backlit
Should have minimum 01 number of VGA display port and 01
29.
number HDMI port
30. Native contrast ratio should be at least 3000:1
31. Should have a response time of maximum 5 millisecond
32. Viewing angle should be 178 / 178
33. Monitor screen should be coated with anti-glare
Desktop should have power consumption of 180W with 90-95%
34.
efficiency
35. Should be RoHS / Energy star compliance equipment

7.14 Multifunction Printer

Sr.
Component Requirement description
No.
1. The printer should be laser jet.
2. Should have duplex print feature
3. Should support print through wireless direct print connection
4. Should support only black and white printing
5. Functionality Should have features for print, copy and scan.
6. Copier should take input from the flatbed scanner.
7. Table top or stand mountable
8. Plug and play driver installation
9. Equipment should be from a brand with best service life hours
10. Print speed up to 30 ppm
11. Support resolution up to 1200 x 1200 dpi
12. Should support driver installation in all operating systems
13. Scanner Flatbed type with CIS technology
14. Scanner support file format like PDF, JPEG, PNG
15. Front-panel scan, copy buttons
16. 24 bit scan depth with 256 greyscale levels
17. Copy speed up to 30 cpm
18. Copier support resolution of 300 x 300 dpi
19. Copier support enlargement of image from 25 to 400%
20. Copier should support extended contrast adjustments
Connectivity ports: 1 Hi-Speed USB 2.0 Device; 1 Hi-Speed USB
21.
2.0 Host; 1 Fast Ethernet 10/100Base-TX; 1 Wireless 802.11b/g/n
Technical
22. specification Memory 256 MB with 750 MHz processor speed
23. Supports minimum duty cycle of 65000 pages monthly basis
Input / output 350 sheets (standard), 100-sheet multipurpose tray,
24.
250-sheet input tray; 250-sheet output bin
25. Support media type A4; A3; B4 (JIS); B5 (JIS); A5; 16K
Support fonts and typefaces PCL 84 fonts; PCL 6 84 fonts;
26.
Postscript 83 fonts
Control panel 3.0-in; 320 x 240 pixel backlit graphical display;
27. touchscreen; buttons (Home, Cancel, Help, Right/Left Arrows,
Back); LED indicator lights (Ready, Error, Wireless)
28. 3.0-in Touchscreen, LCD (colour graphics)
Security features: SNMP v3, SSL/TLS (HTTPS), 802.1x
29. authentication; password protection, WPA (Wi-Fi Protected Access),
WEP encryption, 802.1x authentication
RFP for Odisha SOC

8. Manpower for CSOC

8.1 Manpower requirement
Sr. No. of
Manpower Designation
No resource
1 SOC manager 1

2 Security administration and Threat Intelligence expert 1

3 SOC Engineer 3

4 SOC Level 2 Analyst 7

5 SOC Level 1 Analyst 7

6 Receptionist 1

TOTAL 20

Sr. Manpower
Shift details
No Designation
 General shift: All days of week except Sunday / State
1. SOC Manager Government holidays.
 Time: 10:00 am to 06:00 pm
Security Threat  General shift: All days of week except Sunday / State
2. and Intelligence Government holidays.
Expert  Time: 10:00 am to 06:00 pm
 Minimum 1 resource available during the time specified.
3. SOC Engineer  All days of week with shift rotation.
 Time: 09:00 am to 09:00 pm
 Minimum 2 resource available during the time specified.
SOC Level 2
4.  All days of week with shift rotation.
Analyst
 24*7 onsite management on shift basis
 Minimum 2 resource available during the time specified.
SOC Level 1
5.  All days of week with shift rotation.
Analyst
 24*7 onsite management on shift basis
 General shift: All days of week except Sunday / State
6. Receptionist Government holidays.
 Time: 10:00 am to 06:00 pm

Note:
1. The above table is indicative only. The bidder can propose a shift rooster as per
his own convenience and optimal utilization of resources.
2. In any case of emergency or urgent leave, an equivalent replacement should be
present with prior approval from department SPOC / Nodal officer.
3. During any critical incident, manpower should be available even beyond the
specified working hours.
4. On a non-working days and government holidays, minimum 05 manpower
resources should be available at the CSOC with respect the working shifts
mentioned.
RFP for Odisha SOC

8.2 Manpower qualification

Curriculum vitae / resume of manpower should be submitted together with the technical
proposal by the bidder to OCAC as per the below mentioned requirement / qualification.

Sr. Designation of
Qualification required
No. Manpower
 B.E / B-Tech /MCA
 Minimum of 3 years of experience in SOC services through
on-premises or managed mode of service provider.
 Minimum 2 year experience in operating a SIEM product and
1. Level 1 Analyst
other security tools.
 Have experience in handling log management and incident
management.
 CEH certified preferred.
 B.E. / B-Tech / MCA
 Total 6 Years of experience out of which, minimum 4 years
of experience in SOC services conducting security device
administration & management and minimum 2 years in
2. Level 2 Analyst SIEM tool & other security tools.
 Certification in at least one industry leading SIEM product.
 Certifications in security, such as CISA, CEH, CISSP, CISM,
CRISC (any one) preferred.
 Certification in ISO 27001:2013 or later version.
 B.E / B-Tech / MCA / Diploma in relevant field.
 Minimum of 3 years of experience in security device
administration & management.
3. CSOC Engineer  Have experience in vendor management, patch
management, Helpdesk and incident management.
 Certified in ITIL v3 or later version.
 ISO 27001:2013 or later version certification preferred.
 B.E / B-Tech/MCA
 Minimum 8 years of experience out of which, minimum 5
Security years relevant experience in SOC services, SOC
Administration administration, threat analysis and hunting, SOC
4. and Threat configuration and management.
Intelligence  Certification in security CISA, CEH, CISSP, CISM, CRISC
expert (any one).
 Certification in ISO 27001:2013 or later version.
 Certification in CTIA from a recognized body is preferable.
 B.E / B-Tech with MBA
 Minimum 10 years of experience out of which, minimum 6
years relevant experience in management from reputed
organizations.
5. SOC Manager  Must have experience of 2 to 3 years with a cybersecurity
domain project and associated with a cybersecurity
organization.
 Certification in PMP, PRINCE2, CPMP, PgMP, CSM etc. (any
one).
The bidder to propose a suitable and experienced candidate for
6. Receptionist
the required position.

8.3 Manpower roles and responsibilities

Sr. Designation of
Roles and Responsibilities
No. Manpower
RFP for Odisha SOC

Sr. Designation of
Roles and Responsibilities
No. Manpower
 Level 1 analyst will identify, categorize, prioritize, and
investigate events rapidly utilizing triage and response
guidelines for the enterprise using commonly available
CSOC log sources that include:
 Firewalls and network devices.
 Infrastructure server and end-user systems.
 Threat intelligence platforms.
 Web proxies.
 Application logs and web-application firewalls.
 Identity and access management systems.
 Cloud and hybrid-IT provisioning, access, and
infrastructure systems.
 Antivirus systems.
 Intrusion detection and prevention systems.
 Monitor incoming event queues for potential security
incidents.
1. Level 1 Analyst  Perform initial investigation and triage of potential
incidents, and escalate or close events as applicable.
 Monitor CSOC ticket (or email) queue for potential event
reporting from outside entities and individual users.
 Maintain CSOC shift logs with relevant activity from the
shift.
 Document investigation results, ensuring relevant details
are reported to level 2 analyst for final event analysis.
 Update or refer CSOC collaboration tool as necessary for
changes to CSOC process and procedure as well as ingest
CSOC daily intelligence reports and previous shift logs.
 Conduct security research and intelligence gathering on
emerging threats and exploits.
 Perform additional auxiliary responsibilities as outlined in
the console monitoring procedure.
 Communicating emergency alerts & warnings to
designated stakeholder/ departments/ OCAC.
 Monitor level 1 analyst performance by investigating
incoming events using CSOC-available tools.
 Ensure level 1 event(s) are addressed in a timely manner
using available reporting and metrics.
 Approve and, if necessary, further investigate level 1-
escalated events.
 Mentor level 1 analysts to improve detection capability
2. Level 2 Analyst
within the CSOC.
 Manage CSOC event and information intake to include
gathering intelligence reports, monitoring ticket queues,
investigating reported incidents, and interacting with other
security and network groups as necessary.
 Serve as detection authority for initial incident declaration.
 Function as shift subject-matter experts on incident
RFP for Odisha SOC

Sr. Designation of
Roles and Responsibilities
No. Manpower
detection and analysis techniques, providing guidance to
junior analysts and making recommendations to
organizational managers.
 Drive and monitor shift-related metrics processes ensuring
applicable reporting is gathered and disseminated per
CSOC requirements.
 Conduct security research and intelligence gathering on
emerging threats and exploits.
 Serve as a backup analyst for any potential coverage gaps
to ensure business continuity.
 SOC Performance Monitoring.
 Responsible for infrastructure deployment and upkeep and
content development.
 Develop, implement, and execute the standard procedures
for the administration, backup, disaster recovery, and
operation of the CSOC systems infrastructure, including:
 Operating system security hardening
 Backup management
 Capacity planning
 Change management
 Version or patch management
 Lifecycle upgrade management
 Configuration management
 Develop and maintain the technical architecture of the
CSOC system, enabling all the components to perform as
expected and meeting established service-level objectives
for system uptime.
 Perform routine equipment checks and preventative
maintenance.
3. CSOC Engineer
 Maintain up-to-date documentation of designs or
configurations.
 Respond to after hours (on-call support) infrastructure
issues as required.
 Be responsible for new product release management,
policy and integration testing, security testing and vendor
management.
 Maintain hardware or software revisions, SIEM content,
security patches, hardening, and documentation.
 Develop and deploy content for the CSOC infrastructure,
including use cases for dashboards, active channels,
reports, rules, filters, trends, and active lists.
 Monitor and help optimize data flow using aggregation,
filters, and use cases to improve the CSOC monitoring and
response capabilities.
 Coordinate and conduct event collection, log management,
event management, compliance automation, and identity
monitoring activities.
RFP for Odisha SOC

Sr. Designation of
Roles and Responsibilities
No. Manpower
 Respond to day-to-day security change requests related to
CSOC operations.
 Perform collateral duties and responsibilities as a backup
to the security engineering role.
 Reviews asset discovery and vulnerability assessment
data.
 Review standard security arrangements, provide
external/semi-external reviews.
 Explores ways to identify stealthy threats that may have
found their way inside network, without detection, using
previous experience in threat intelligence.
 Conducts vulnerability and penetration tests on production
systems to validate resiliency and identify areas of
Security weakness to fix.
Administration  Investigate new vulnerabilities and share the latest
4. and Threat
industry level responses.
Intelligence
expert  Recommends how to optimize security monitoring tools
based on threat hunting discoveries.
 Incident Forensic handling and analysis.
 Network and security consulting and training.
 Risk assessment and mitigation.
 Liaise with different internal and external stakeholders
when an incident occurs
 Manage remotely stored critical information (passwords,
network configurations, etc.) during any high level
incident.
 Manager is responsible for achieving the goals of the CSOC
program through the implementation of processes,
procedures, and performance indicators related to security
incidents and prevention management.
 SOC manager would be responsible for maintaining
smooth operations, ensuring service-level agreements
(SLAs) are met.
 Manage the overall day-to-day operations. They are
responsible for ensuring events and/or incidents are
detected and responded to in adherence to established
5. SOC Manager process as well as procedures.
 Oversee the analysts’ daily tasking.
 Manage the team’s work scheduling.
 Ensure effective incident management.
 Identify chronic operational and security issues, and
ensure they are managed appropriately.
 Manage and escalate roadblocks that may jeopardize
security monitoring operations, infrastructure and SLAs.
 Serve as a senior mentor to CSOC staff.
 Interface and collaborate with outside teams.
 Track tactical issues in execution of CSOC responsibilities.
RFP for Odisha SOC

Sr. Designation of
Roles and Responsibilities
No. Manpower
 Document and track analyst training requirements.
 Ensure analysts follow existing procedures and all
procedures are documented in accordance with local
guidelines.
 Manage the process improvement program for CSOC
processes.
 Serve as an incident manager for the CSOC, along with
other responsibilities.
 Provide security advisor to OCAC/departments on timely
basis.
 Creation of reports, dashboards for CSOC operation and
reporting to OCAC on weekly basis.

8.4 Additional Manpower requirement

In situations where any severe breach or security incident had occurred in the State of
Odisha, additional manpower may be hired on temporary basis for investigation and root
cause analysis. The additional manpower is irrelevant of the scope of the bidder and on
need basis only. The scope of the additional manpower may be decided when and where
the need arises and would be duly communicated.

Sr. Manpower Manpower

Qualification required
No description quantity
 Should have a valid forensic analyst
certification.
 Minimum 05 years of experience of
As per
functioning as a digital forensic analyst
requirement on
1 Forensic Analyst or associate.
request from
 Have hands on experience in handling
OCAC
forensics on computer systems, storage
devices, digital documents & files,
network & security equipment, etc.
 Minimum 10 years of experience in
Security Operations Centre (SOC) or
As per Cyber security domain.
requirement on  Have knowledge about all the solutions
Threat Hunting
2 request from implemented in SOC.
Specialist
OCAC  Have minimum 3 years of experience as
a red team or blue team member.
 Must have scripting knowledge and not
totally depend on automated solutions.
 Minimum 10 years of experience with
any security solution OEM.
As per  Have relevant knowledge with security
requirement on solution at different level of security
3 Security trainer request from architecture.
OCAC  Have hands on experience with security
solution interface and configurations.
 Have experience in providing security
related training and conferences to
RFP for Odisha SOC

Sr. Manpower Manpower

Qualification required
No description quantity
enterprises for cyber risk related matter
and technology.
RFP for Odisha SOC

9. Service Level Agreement

For purposes of this Service Level Agreement, the definitions and terms as specified in
the agreement along with the following terms shall have the meanings set forth below:

 "Availability" shall mean the time for which the services and facilities offered by
the implementation agency are available for conducting operations from the
equipment installed.

 “Downtime” is the time the services and facilities are not available, which excludes
the scheduled outages planned in advance.

 "Helpdesk Support" shall mean the implementation agency’s 24x7x365 Helpdesk

Support Centre which shall handle incident reporting, trouble handling, ticketing and
related enquiries during this engagement.

 “Incident” refers to:

 Any event / abnormalities in the functioning of the SOC equipment /
services that may lead to disruption of SOC services.
 Any security compromise or vulnerability observed in the client
infrastructure.

Incidents are classified into different severity level based on the impact of the
incident:

Sr.
Severity Incident classification
No.
a) Incidents, whose resolution shall require additional
investment in component or time or shall involve co-
ordination with OEMs. These incidents shall impact the
overall functioning of the SOC. For example: device failure,
device module failure, port failure, etc. The SLA would be
measured for the time taken to bypass the device, establish
1. Critical
logical redundancy and restore rest of the services of CSOC.
b) Any security incident occurred / vulnerability found, bearing
impact to disable the operations of a whole department /
stakeholder.
c) Any incident reported by department where a breach had
already occurred.
a) Incidents, whose resolution require change in the
architecture / design / configuration of the SOC components.
b) Integration issue with any department / stakeholder
infrastructure.
c) Any security incident / vulnerability found bearing impact to
2. High disrupt the operation of any asset and limited to that asset
only (example: network device, server, website, etc.). The
SLA would be measured as per the time taken to isolate the
device from the network without disrupting the rest of the
operations of CSOC.
d) Incidents arising due to power UPS / DB / electrical fault
RFP for Odisha SOC

Sr.
Severity Incident classification
No.
which can impact the services of SOC and its components.
e) Any other incident having an impact on the services provided
by SOC.
a) Incidents, whose resolution require software upgradation /
patch management for the SOC infrastructure but have no
serious impact on the stakeholder’s infrastructure.
b) Any security incident / vulnerability found bearing no current
impact on the stakeholder infrastructure but may arise as a
3. Medium
serious threat in future.
c) Incidents related to CCTV, access control, etc. which bear no
impact on the services of SOC. The response timelines for
these items / parameters should be as per individual SLA
defined.
a) Alerts / events reported by the SOC infrastructure which may
be doubtful in nature as false positive and requires further
investigation.
b) Incident bearing no threat but only to be circulated as
awareness and information / advisory to all stakeholders.
c) Any security threat / update provided by recognized bodies
4. Low
(e.g. CERT-In, NIST, etc.) for inclusion in SOC as best
practises.
d) Incidents related to SOC civil and electrical works, power,
alarm system, etc. which bear no impact on the services of
SOC. The response timelines for these items / parameters
should be as per individual SLA defined.

Note:

a. The critical and high incident should be analysed and root cause analysis for the
same should be provided by the successful bidder for every such incident.
b. Any incident which is out of scope or dependent on other stakeholders / department
should be released from isolation with relevant approval from OCAC / CERT-O.
c. Any incident where replacement / procurement /upgradation of asset is required, the
successful bidder should obtain proper approval from OCAC for relaxation of SLA.
Proper cause of relaxation requirement along with the actual timeline required to be
submitted by the successful bidder to OCAC. Any deviation from the actual timeline
provided would be penalized as per SLA for Supply, Installation and Commissioning
& Testing.

 “Resolution Time” means time taken by the bidder to troubleshoot and fix the
problem from the time the incident had been reported or the incident has been
logged at the Helpdesk (whichever is earlier) till the time the problem has been
fixed.
RFP for Odisha SOC

9.1 Service level parameters

9.1.1 Device and software availability

 All the devices / appliances in form of hardware should maintain a minimum
uptime of 99.90% over the measurement period mentioned.
 The uptime of devices is not limited to hardware only but also software, operating
system, virtual environment, etc.
 The device availability would again be segregated as per the device placement
and functionality:
 The uptime of SOC devices (example: switch, Anti-APT, SAN switch, SAN,
Log appliance, etc.) should be taken as a whole and the SLA would be
calculated as the average of the devices uptime.
 The uptime of software / applications should be considered as a different
component and the SLA would be measured likewise.
 The surveillance (CCTV) uptime would be calculated as a separate
parameter.
 The UPS set uptime and load output would be taken as separate
parameter for calculation of SLA.
 Any incident related to civil work would be taken as a separate parameter
for SLA measurement.

Sr. Measurement
Definition Target
No. Interval

1. Device uptime / Device availability Monthly >=99.90%

2. SOC application / software availability Monthly >=99.90%

9.1.2 Incident logging and Response

 Every incident whether reported as alerts or notifications by the SOC devices or
reported by the department / officials should be logged without fail.
 Resolution to every incident should be provided as per the SLA target mentioned.
 The number of hours and days mentioned in SLA are inclusive of office working or
non-working time period. Any escalation to be made outside the working hours
should be done through both written and telephonic communication.
 Any vulnerability recognised during vulnerability assessment should also be
considered as an incident.
 Any critical incident where additional investment or replacement of asset is
required is also to be logged.

Sr. Measureme
Definition Target
No. nt Interval

 100% logging of all alerts and security

Incident incidents.
1. Monthly
Logging  100% logging of all department / official
reporting of incidents.
RFP for Odisha SOC

Sr. Measureme
Definition Target
No. nt Interval
2. Incident response
Scenario 1: When the bidder has full control and authority for the
a.
mitigation of the incident

Mitigation of incident - Less than the next 3

hours

Timeline for isolation of the threat or

i. Critical Monthly vulnerability through CSOC operations / bypass
of the system – the next 30 minutes.

Timeline for identification of the vulnerability /

cause of incident – 30 minutes.

Mitigation of incident - Less than the next 6

hours

Timeline for isolation of the threat or

ii. High Monthly vulnerability through CSOC operations / bypass
of the system – the next 1 hour.

Timeline for identification of the vulnerability /

cause of incident – 1 hour.

iii. Medium Monthly Less than 3 days

iv. Low Monthly Less than 7 days

Scenario 2: When the bidder is dependent on other Stakeholders
b. (OCAC, OSDC, OSWAN, Odisha State IT centre, Other departments
under CSOC) for mitigation of incident

Level 3 escalation to OCAC

Within 12 hours of
and the concerned
second escalation
department / stakeholder

Level 2 escalation to OCAC

Within 8 hours of
and the concerned
first escalation
department / stakeholder

Level 1 escalation to OCAC

i. Critical Monthly and the concerned Within 3 hours
department / stakeholder.

Timeline for isolation of the

threat or vulnerability
through CSOC operations / The next 30
bypass of the system and minutes
escalation to concerned
department / stakeholder
RFP for Odisha SOC

Sr. Measureme
Definition Target
No. nt Interval
Timeline for identification
of the vulnerability / cause 30 minutes
of incident

Level 3 escalation to OCAC

Within 24 hours of
and the concerned
second escalation
department / stakeholder

Level 2 escalation to OCAC

Within 12 hours of
and the concerned
first escalation
department / stakeholder

Level 1 escalation to OCAC

and the concerned Within 6 hours
department / stakeholder.
ii. High Monthly
Timeline for isolation of the
threat or vulnerability
through CSOC operations /
The next 1 hour
bypass of the system and
escalation to concerned
department / stakeholder

Timeline for identification

of the vulnerability / cause 1 hour
of incident

Level 3 escalation to OCAC

Within 72 hours of
and the concerned
second escalation
department / stakeholder

Level 2 escalation to OCAC

Within 48 hours of
iii. Medium Monthly and the concerned
first escalation
department / stakeholder

Level 1 escalation to OCAC

and the concerned Within 48 hours
department / stakeholder.

Level 3 escalation to OCAC

Within 07 days of
and the concerned
second escalation
department / stakeholder

Level 2 escalation to OCAC

Within 03 days of
iv. Low Monthly and the concerned
first escalation
department / stakeholder

Level 1 escalation to OCAC

and the concerned Within 4 days
department / stakeholder.
RFP for Odisha SOC

Note:

1. All timelines are to be considered from the point of occurrence of the incident /
generation of alerts / information received from any external agency or stakeholder.
2. For every incident logged under “Scenario 2”, after Level 3 escalation SLA would not
be applicable to the bidder.
3. For every incident logged under “Scenario 2”, bidder would provide root cause
analysis and mitigation recommendation during Level 2 escalation to the respective
stakeholder / department.

Escalation matrix

The escalation matrix defines who is responsible at what level for handling any incident
or situation in an organization. The matrix below would define the timeline for escalation
and the way thereafter for different stakeholders for the project with Level 1 being the
lowest level of escalation.

For the project sponsoring authority / OCAC:

Sr Level of
Personnel designation Escalation timeline
no. escalation
1. Level 3 Chief Executive officer – OCAC As per SLA defined.
2. Level 2 General Manager (Admin) As per SLA defined.
3. Level 1 SPOC assigned by the department As per SLA defined.

For the respective stakeholder:

The personnel are to be nominated by the respective stakeholder at a later stage.

9.1.3 Manpower availability

 Manpower is a critical aspect of the project and no absence or deviation from the
SLA would be acceptable.
 In case absence could not be avoided by the bidder, additional manpower of the
same skill level and designation should be stationed at the client premises on
temporary basis.
 SLA for manpower availability to be maintained at all times.

Sr. Measurement
Definition Target
No. Interval

1. Manpower availability Monthly 100% attendance as per defined in

Section 8.1 of the RFP document.

9.1.4 Surveillance and monitoring

 The CCTV monitoring should not be down at any time at any day.
 The CCTV monitoring should run 24*7*365 with all the cameras in active
condition at all times.
 The CCTV footage should be stored in the local device storage and should be
transferred to an external storage when and where required.
 At least 60 days CCTV footage should be stored by the bidder (device storage or
external storage). The extended footage could be written in the storage space.
RFP for Odisha SOC

Sr. Measurement
Definition Target
No. Interval
 24*7*365 uptime of all CCTV
cameras.
Surveillance and  60 days continuous recording of
1. Monthly CCTV footage.
monitoring
 Archival of CCTV footage for one
year (not applicable for the first
year).

9.1.5 Business Continuity Plan testing

 The bidder has to submit a BCP plan to OCAC within the first year of operations.
The BCP plan and activities should be reviewed and approved by OCAC.
 The bidder every year once would implement a BCP drill to test the redundancy
and point of failure in the SOC design / architecture.
 The BCP testing would be done for devices in high availability, network as
redundancy and services as redundancy.
 The BCP testing would include the testing of the fire alarm system, mock fire drill
and access control system.

Sl. Measurement
Definition Target
No. Interval
A BCP drill should be conducted once
Business Continuity every year (with minimum gap of six
1. Yearly months from previous BCP drill) to
Plan testing
test the redundancy and point of
failures in the SOC design.

9.1.6 Electrical power and backup

 UPS would be installed in N+N redundant mode for uninterrupted power backup
function. Both of the UPS should be fully functional and operational 24*7*365 in
master slave mode.
 Power distribution should be operational without any fault at all times.

Sl. Measurement
Definition Target SLA
No. Interval
1. Electrical power and back up
Resolution to incident less than 4
(a) Power DB
hours
Monthly
Resolution to incident less than
(b) UPS
12 hours
RFP for Odisha SOC

9.1.7 Access control

 Access control should be connected to power backup systems to be operational
even during main power down scenarios.
 All logs of access control should be captured for future references whenever
required.
 The access control should be operational at all times.

Sl. Measurement
Definition Target SLA
No. Interval
1. Access Control Monthly 100% operational 24*7*365

9.1.8 Fire alarm and rodent repellent

 The fire alarm system should be operational at all times.
 The system would be tested during BCP testing yearly.
 Rodent repellent system should be operational at all times.

Sl. Measurement
Definition Target SLA
No. Interval
1. Fire alarm Monthly 100% operational 24*7*365
2. Rodent repellent Monthly 100% operational 24*7*365

9.1.9 Civil and electrical works

 All incidents related to civil and electrical works should be resolved by the bidder
during the operations and maintenance period.
 If any external vendor needs to be hired (example: electrician, mechanic, etc.),
that would be done by the bidder itself. All cost of the repair would be borne by
the bidder.
 Civil and electrical works would be but not limited to: Ceiling, flooring, light
fixtures, cabling, etc.

Sl. Measurement
Definition Target SLA
No. Interval
1. Civil works Monthly 100% operational 24*7*365
2. Electrical works Monthly 100% operational 24*7*365
RFP for Odisha SOC

10. Project Timelines

The start date of the project shall be from the date of signing the contract /
agreement for the engagement.

T0- Represents the Project Start Date (i.e. agreement signoff date).

Sr.
Activity OCAC PMU IA Timeline Remarks
No.

Kick-off meeting to
MSA signing happen within a week
1 between OCAC √ √ T0 from the date of LoI
and IA along with signing of MSA
between the two parties.

Preparation &
Submission of
site survey,
extension area
readiness, Submission of design
2 structural T0 + 4 documents, layout,
√ √ √
drawings, weeks drawing etc. for statutory
implementation approvals.
plan, civil &
interior works
layout for
approval

Finalization and IA has to work with

3 Approval of the T0 + 6 OCAC for approval of
√ √ √
submitted weeks submitted drawings and
layout, etc. layout.

Completion of all Civil

Completion of and Interior works and
Structural, inspection report of all
4 T0 + 16
Architectural, √ √ item delivered & erected.
weeks
Civil & Interior Successful bidder shall
Works. furnish weekly progress
report.

Supply, Successful bidder shall

Installation and carry out integrated
5 T0 + 22
Commissioning √ √ system testing of all
weeks
& Testing of all equipment and rectify all
Non-IT asset. snags.
RFP for Odisha SOC

Sr.
Activity OCAC PMU IA Timeline Remarks
No.

Supply, Consultant to work with

Installation and successful bidder for User
Commissioning acceptance Test sign-off
of all IT of Non-IT Infrastructure
Equipment system from OCAC

Successful Final
Acceptance Test of all
Project Sign-Off
6 T0 + 24 commissioned IT and
& FAT (Go-Live √ √ √
weeks Non-IT systems and
of the Project)
Issue Go-Live Certificate
from OCAC

The initiation date of

O&M phase would be
4 years from the date of Go-Live
CSOC - certificate issued from
from the
Operations and OCAC.
7 √ √ √ date of
Maintenance
CSOC Go- The O&M phase would
Phase
Live continue for a period of 4
years from the date of
Go-Live.
RFP for Odisha SOC

11. Payment terms

Payment terms regarding supply, installation and commissioning of CSOC

infrastructure (including all civil, IT and Non-IT assets)

 Payment towards installation and commissioning would be made only upon

successful completion of PAT for the assets.
 Payment towards assets may be released on pro-rata basis during FAT / Go-live sign
off.
 All payments would be made on the basis of milestone completion only. No pro-rata
payment would be entertained to the bidder under any circumstances.
 All payments would be done after evaluation and approval of the Payment Approval
Committee (PAC) constituted by OCAC within 30 days from the date of submission of
invoice. Any dispute / discrepancy around the invoice needs to be raised within 20
days of the invoice submission.
 All invoices should be submitted in triplicate copies.

Sr.
Activity Payment Remarks
No.

Preparation & Submission of site

survey, extension area readiness, Submission of design
1 structural drawings, documents, layout, drawing
implementation plan, civil & etc. for statutory approvals.
interior works layout for approval

80% of the
Finalization and Approval of the IA has to work with OCAC
quoted cost
2 submitted layout, Floor diagram, for approval of submitted
for the
Non-IT and IT architecture, etc. drawings and layout.
activity (civil
and interior
Completion of all Civil and
works)
Interior works and
Completion of Structural, inspection report of all item
3 Architectural, Civil & Interior delivered & erected.
Works. Successful bidder shall
furnish weekly progress
report.

Successful bidder shall share

20% of all itemized delivery details
quoted cost and challans related to the
Supply of all Non-IT asset. by the bidder assets.
4 (excluding the civil and interior for Non- IT
Consultant to work with
works) items
successful bidder for
(excluding the
verifying the supply sign-off
civil and
of Non-IT Infrastructure
interior
system from OCAC
works)
RFP for Odisha SOC

Sr.
Activity Payment Remarks
No.

60% of Successful bidder shall carry

quoted cost out integrated system
by the bidder testing of all equipment and
Installation and Commissioning & rectify all snags.
for Non- IT
Testing of all Non-IT asset.
5 items Consultant to work with
(excluding the civil and interior
(excluding the successful bidder for User
works)
civil and acceptance Test sign-off of
interior Non-IT Infrastructure
works) system from OCAC

Successful bidder shall share

all itemized delivery details
and challans related to the
20% of the assets.
quoted cost
6 Supply of all IT asset Consultant to work with
by the bidder
for IT items successful bidder for
verifying the supply sign-off
of IT Infrastructure system
from OCAC

Successful bidder shall carry

out integrated system
testing of all equipment and
60% of the rectify all snags.
Installation and Commissioning quoted cost
7 Consultant to work with
of all IT asset by the bidder
for IT items successful bidder for User
acceptance Test sign-off of
IT Infrastructure system
from OCAC

Successful Final Acceptance

10% of Test of all commissioned IT
Project Sign-Off & FAT (Go-Live
8 quoted CAPEX and Non-IT systems and
of the Project)
cost Issue Go-Live Certificate
from OCAC

Satisfactory performance of
the successful bidder
10% of
Completion of one year of O&M towards the configuration,
9 quoted CAPEX
phase operations and incident
cost
management related to
CSOC.
RFP for Odisha SOC

Payment terms regarding operations and maintenance of CSOC infrastructure

(including all civil, IT and Non-IT assets)

 For the first year period, any payment towards operations and maintenance would not
be made to the bidder, although any penalty towards breach of SLA for the period
would be applicable to the bidder.
 The operations and maintenance cost would be initiated from the onset of the second
year of operations by the bidder after Go-live.
 The SLA compliance and measurement of the services provided by the bidder would
be computed by OCAC or any agency designated by OCAC.
 The OPEX would be as per the AMC and support cost for the CSOC infrastructure. The
AMC and support should be for the whole duration of the bidder contract period. Any
gap in the AMC or support would result in non-payment of the O&M cost proposed by
the bidder.
 All payments would be done after evaluation and approval of the Payment Approval
Committee (PAC) constituted by OCAC.
 All invoices should be submitted in triplicate copies.

Sr.
Activity Timeline Remarks Payment terms
No.

36 months ( no Operations and

payment Maintenance (for IT
towards O&M and Non-IT items) as
Operations and would be made per the financial Quarterly O&M
1. maintenance to the proposal submitted payment = OPEX cost
cost successful by the bidder to be / 12
bidder during distributed uniformly
the first year of into 12 quarter
O&M phase) periods.

Payment terms regarding manpower of CSOC

All payment towards the manpower constituted for CSOC would be considered from the
date all the resources are on board and in full attendance.

Sr.
Activity Timeline Remarks Payment terms
No.

The Manpower cost as

per the financial
Quarterly Manpower
proposal submitted by
1. Manpower cost 48 months payment = OPEX cost
the bidder to be
/ 16
distributed uniformly
into 16 quarter periods.
RFP for Odisha SOC

11.1 Penalty

11.1.1 Supply, Installation, Commissioning

 All the items as mentioned in the BOM should be supplied, delivered and
commissioned within the mentioned timelines. Any delay would attract penalty.
 In case only some items of BOM are not as per timelines, then penalty would
calculated on pro-rata basis item wise.
 The date of commissioning would be considered the date when a written
communication would be sent by the bidder to OCAC for PAT readiness.
 All penalties related to supply, installation and commissioning is capped at 20%
of the prescribed payment for the respective milestone.

Sr.
Activity Timeline Penalty Remarks
No.

Preparation &
Submission of
site survey,
extension area
readiness,
1 structural
T0 + 4 weeks On delay of more
drawings, Deduction of 1% of than 8 weeks, OCAC
implementation the prescribed may issue a letter for
plan, civil & payment for the improvement to the
interior works milestone for every successful bidder.
layout for week of delay
approval subject to Failing which OCAC
maximum of 20% may proceed to
Finalization and of the prescribed terminate the
2 Approval of the payment. contract with the
T0 + 6 weeks
submitted layout, successful bidder.
etc.

Completion of
Structural,
3
Architectural, T0 + 16 weeks
Civil & Interior
Works.

Supply, Deduction of 2% On delay of more

Installation and of the prescribed than 8 weeks, OCAC
Commissioning & payment for the may issue a letter for
Testing of all milestone for
4 informed to the
Non-IT asset. T0 + 22 weeks every week of successful bidder.
Supply, delay subject to Failing which OCAC
Installation and maximum of 20% may proceed to
Commissioning of of the prescribed terminate the
all IT Equipment payment. contract with the
RFP for Odisha SOC

Sr.
Activity Timeline Penalty Remarks
No.

successful bidder.

Deduction of 2%
On delay of more
of the prescribed
than 8 weeks OCAC
payment for the
may issue letter of
Project Sign-Off & milestone for
5 termination and the
FAT (Go-Live of T0 + 24 weeks every week of
work would be
the Project) delay subject to
carried out by OCAC
maximum of 20%
or any other assigned
of the prescribed
agency.
payment.

Rs. 50,000/- per

6 Submission of Within 30 days
week of delay.
PBG of LOI / Award
to contract to
To be measured
successful
on pro-rata day ----------------
bidder
basis.

Rs. 10,000/- per

7 Deployment of Within 15 days
individual
manpower of successful
manpower / per
proposed for SOC PAT / UAT of
week of delay.
the SOC
infrastructure. ----------------
To be measured
on pro-rata basis
as per
deployment of
manpower.

11.1.2 Operations and Maintenance

 All penalty should be calculated quarterly as per Quarterly Guaranteed Revenue

(QGR) billed by the bidder.
 The penalty for the first year (Y1) of operations and maintenance would be
deducted from the first QGR amount or would be adjusted from the 10% of
CAPEX reserved for the satisfactory performance and services rendered for the
first year of O&M.
 In case the incident penalty and individual parameters penalty coincides, the
higher amount of penalty among the two would be considered.
 Relaxation may be provided in the first quarter period after Go-live for
stabilization of the CSOC infrastructure and optimization of alerts generated.
 Overall SLA penalty amount related to operations and maintenance is capped at a
maximum value of 20% of the QGR amount.
RFP for Odisha SOC

Incident Management

Sr. Measurement
Definition SLA Target Penalty terms
No. Interval
 100%
logging of
all alerts
and security
incidents.
Incident  100% Rs. 5000 for every
1. Monthly
Logging logging of incident not logged.
all
department
/ official
reporting of
incidents.
2. Incident resolution
a. Scenario 1: When the bidder has full control and authority for the
mitigation of the incident
Mitigation of <3 hours - No penalty;
incident - Less >=3 hours – 1% of QGR
than the next 3 value for every hour of
hours delay.
(a) Identification
Critical
and isolation of
the threat or More than 1 hour - 1%
vulnerability or of QGR
incident – 1
hour
Mitigation of <6 hours – no penalty;
incident - Less >=6 hours – 0.5% of
than the next 6 QGR value for every
hours hour of delay.
(b) Monthly Identification
High
and isolation of
the threat or More than 2 hours - 1%
vulnerability or of QGR
incident - 2
hours

Mitigation of <3 days – no penalty;

(c)
Medium incident - Less >=3days – Rs. 10,000
than 3 days for every day delay.

Mitigation of <7 days – no penalty;

(d)
Low incident - Less >=7 days – Rs. 5,000
than 7 days for every day of delay.

Sr.
Definition Measurement Interval SLA Target Penalty terms
No.
Scenario 2: When the bidder is dependent on other Stakeholders
ii. (OSDC, OSWAN, Odisha State IT centre, Other departments under
CSOC) for mitigation of incident
RFP for Odisha SOC

Sr.
Definition Measurement Interval SLA Target Penalty terms
No.
Level 3 escalation
After 12 On failure of
to OCAC and the
hours of timely
concerned
second escalation, 1% of
department /
escalation the QGR value.
stakeholder
Level 2 escalation On failure of
to OCAC and the After 8 hours timely
concerned of first escalation, 0.5%
department / escalation of the QGR
(a) stakeholder value.
Critical
Level 1 escalation On failure of
to OCAC and the timely
Less than 3
concerned escalation,
hours
department / 0.25% of the
stakeholder. QGR value.
Identification and
isolation of the
More than 1 hour
threat or 1 hour
- 1% of QGR
vulnerability or
incident
Level 3 escalation
After 24 On failure of
to OCAC and the
hours of timely
concerned
second escalation, 1% of
department /
escalation the QGR value.
stakeholder
Level 2 escalation On failure of
to OCAC and the After 12 timely
Monthly
concerned hours of first escalation, 0.5%
department / escalation of the QGR
(b) stakeholder value.
High
Level 1 escalation On failure of
to OCAC and the timely
Less than 6
concerned escalation,
hours
department / 0.25% of the
stakeholder. QGR value.
Identification and
isolation of the More than 2
threat or 2 hours hours - 1% of
vulnerability or QGR
incident
Level 3 escalation On failure of
After 72
to OCAC and the timely
hours of
concerned escalation, 0.5%
second
department / of the QGR
escalation
stakeholder value.
Level 2 escalation On failure of
(c) to OCAC and the After 48 timely
Medium
concerned hours of first escalation,
department / escalation 0.25% of the
stakeholder QGR value.
Level 1 escalation On failure of
to OCAC and the Less than 48 timely
concerned hours escalation, 0.1%
department / of the QGR
RFP for Odisha SOC

Sr.
Definition Measurement Interval SLA Target Penalty terms
No.
stakeholder. value.

Level 3 escalation On failure of

to OCAC and the After 07 days timely
concerned of second escalation, 0.5%
department / escalation of the QGR
stakeholder value.
Level 2 escalation On failure of
to OCAC and the After 03 days timely
(d) Low concerned of first escalation,
department / escalation 0.25% of the
stakeholder QGR value.
Level 1 escalation On failure of
to OCAC and the timely
Less than 4
concerned escalation, 0.1%
days
department / of the QGR
stakeholder. value.

Service Availability

Sl. Measure
Definition ment SLA Target Penalty terms
No.
Interval
>=99.90%
No penalty
>=98.00%; <99.90%
0.5% of QGR value
Device uptime /
1. Monthly >=99.90% >=95.00%; < 98.00%
Device availability
1% of QGR value
<95.00%
1% of QGR value for very
percentage drop
>=99.90%
No penalty
>=98.00%; <99.90%
SOC application / 0.5% of QGR value
2. software Monthly >=99.90% >=95.00%; < 98.00%
availability 1% of QGR value
<95.00%
1% of QGR value for very
percentage drop
RFP for Odisha SOC

Sl. Measure
Definition ment SLA Target Penalty terms
No.
Interval
Resource replacement with
equivalent skills and experience /
with approval from department –
no penalty.
Level 1 resource absent: Equal
100% cost of the resource proposed by
attendance as the bidder per day on pro rata
Manpower per defined in basis.
3. Monthly
availability Section 9.1.3 CSOC engineer and Level 2
of the RFP resource absent:
document. Double the cost proposed by the
bidder per day on pro rata basis.
Security Admin and Threat Intel
expert and SOC Manager absent
(without approval): 0.1% of QGR
value.
Fault in all the cameras / video
recording system – Rs. 50,000 per
24*7*365 day.
uptime of all
Fault in any one of the cameras –
CCTV
Rs. 5000 per day / per camera.
cameras.
Fault in wiring to the camera – Rs.
Surveillance and
4. Monthly 5000 per day / per camera.
monitoring 60 days
Missing footage:
continuous
Rs. 5000 per hour of missing
recording of
CCTV footage.
CCTV footage.
Archival of
Rs. 10,000 for every instance of
CCTV footage
assessment.
for one year.
A BCP drill
Failure to do BCP test within the
should be
quarter period:
conducted
Business 1% of QGR value.
once a year to
5. Continuity Plan Yearly test the
testing redundancy Failure to do BCP for the specific
and point of year:
failures in the 1% of QGR value.
SOC design.
6. Electrical power and back up
Power DB failure: Less than 4
Resolution to
hours for resolution – no penalty.
(a) Power DB Monthly incident less
Power DB failure: More than 4
than 4 hours
hours 0.1% of QGR value per
RFP for Odisha SOC

Sl. Measure
Definition ment SLA Target Penalty terms
No.
Interval
hour

Any component faulty but DB still

operative for power output:
Rs. 1000 per day per component.

Both UPS faulty and no power

output: Less than 12 hours -
No penalty
Both UPS faulty and no power
Resolution to output: More than 12 hours
(b) UPS Monthly incident less 1% of QGR value
than 12 hours One of the two UPS faulty:
Rs. 1000 per hour
Any module of the UPS faulty
(LED, display, etc.):
Rs. 1000 per day
Fault in complete access control
100% system:
7. Access Control Monthly operational 0.1% of QGR value per day
24*7*365 Fault in one access control unit:
Rs. 5,000 per day
Fault in complete fire alarm
100% system:
8. Fire alarm Monthly operational 0.1% of QGR value per day
24*7*365 Fault in one fire alarm unit:
Rs. 5,000 per day
Fault in complete system:
100%
9. Rodent repellent Monthly Rs. 1,000 per day
operational
Fault in one unit:
24*7*365
Rs. 500 per day
Any major incident:
100%
10. Civil works Monthly Rs. 5,000 per day
operational
Any minor incident:
24*7*365
Rs. 1000 per day
Light fault:
Rs. 1000 per day per light fixture
100%
11. Electrical works Monthly Any major electrical incident:
operational
Rs. 5,000 per day
24*7*365
Any minor electrical incident:
Rs. 1,000 per day
RFP for Odisha SOC

11.1.3 Manpower

Sr.
Parameter SLA Penalty
No.
1 Substitution of No substitution of A penalty amount of Rs.
Resources from resources would be allowed 50,000/- would be applicable
those whose whose CVs / resumes had to the successful bidder per
CVs provided been provided with the substitution per CV / resume
during the technical bid against the proposed with the technical
technical RFP within 180 days from bid.
evaluation the submission of the bid
(except in case of death,
medical incapacity or
resignation).
2 Replacement  Any replacement would not A penalty of 0.1% of the total
of resources be allowed during the first cost of project would be
during year of SOC operations and applicable to the successful
operations and maintenance (except in bidder for every replacement
maintenance case of death, medical deviating from the SLA.
phase incapacity or resignation).

 The replacement would be

limited to SOC Engineer,
Level1 and Level2 analyst
only (except in case of
death, medical incapacity
or resignation).

 The replacement resource

should have similar
qualification and
experience as the replaced
resource.
RFP for Odisha SOC

12. Reporting

 Reports to be submitted by the successful bidder are not limited to the below
mentioned deliverables. The bidder has to generate and share information or reports
as and when required by the client for any device, incident, service, etc.
 The report template are to be prepared by the successful bidder and shared with
OCAC for review and approval.
 OCAC at any point in the duration of the contract may request the successful bidder
to modify the format / data points / template of the reports.
 OCAC at any time during the contract period may request the successful bidder to
share a report for any specific period for any specific parameters. The reports may be
on need basis and has to be shared by the successful bidder as required.
 The scope of Vulnerability assessment would be limited to the hardware / software /
applications under the scope of the successful bidder. Any other VA/PT would be on
request by OCAC and on need basis.

Sr Report to be
Deliverable name Deliverable timeline / frequency
no. shared with
Department SPOC
Weekly incident Weekly basis – Every Monday of
1. / Joint GM (Tech)
report consecutive week
/ PMU
Department SPOC
Monthly incident Monthly basis – Every second day of / GM (Admin) /
2.
report the consecutive month Joint GM (Tech) /
PMU
Monthly basis – Every second day of
the consecutive month Department SPOC
 Availability of all the devices / GM (Admin)/
3. Availability report
installed in COSC. Joint GM (Tech) /
 Availability of all the software and PMU
applications in CSOC.
Monthly basis – for the Department SPOC
SLA compliance measurement of SLA as per the / GM (Admin) /
4.
report parameters mentioned in Section Joint GM (Tech) /
14.1 of the RFP document. PMU
On real time basis / request basis
Department SPOC
 When any severe incident / risk is
/ GM (Admin) /
detected or observed.
5. Risk report Joint GM (Tech)/
 Plan for mitigating the risk.
CEO / concerned
 Timelines for action against the
department Head
risk observed.
On real time basis / request basis
 When a risk is mitigated.
Department SPOC
Root cause analysis  Details of incident.
6. / GM (Admin) /
report  Impact of incident.
Joint GM (Tech)
 Process of mitigation.
 Steps taken for future actions.
Quarterly basis / On real time /
Department SPOC
Vulnerability request basis
7. / GM (Admin) /
assessment report*  List of vulnerabilities observed in
Joint GM (Tech)
the system.
RFP for Odisha SOC

Sr Report to be
Deliverable name Deliverable timeline / frequency
no. shared with
List of risks and vulnerabilities
observed in the application.
 Action taken against each
vulnerability.
 Risk details of each vulnerability.
 Recommendation against each
vulnerability.
Quarterly basis
 Details of utilization device /
apllication wise.
 Top visited websites. Department SPOC
 Top high utilzation devices / / GM (Admin)/
8. Utilization report
users. Joint GM (Tech) /
 Bandwidth utilization. PMU
 Storage details.
 Physical memory utlization.
 Average CPU utilization.
Yearly basis
 Testing of redundancy and point
of failure in the SOC design /
architecture.
 Testing for service high Department SPOC
Business Continuity availability, network as / GM (Admin) /
9.
Plan report redundancy and devices as Joint GM (Tech) /
redundancy. PMU
 Testing of the fire alarm system,
mock fire drill and access control
system.

Yearly basis
 Provide training regarding
technology utilized in SOC.
 Provide training regarding latest Department SPOC
and upcoming technology in SOC. / GM (Admin) /
10. Training report
 Cyber security based products Joint GM (Tech) /
and solutions training from PMU
respective OEMs.
 Feedback from each attendee.
*Note: Vulnerability assessment scope and period of deliverable would be established as
per the stakeholder and OCAC approval and discussion.
RFP for Odisha SOC

13. Bill of Materials for CSOC

13.1 IT assets

IT assets (Indicative)
Sr.
Item Description QTY
No
Network
1 Management Switch - 24 port 2
2 Router 1
3 16 port PoE Switch 1
4 L2 Switch - 48 port 2
Solution
1 Log Management appliance (Logger with Connector)* 4/6
2 Network Traffic analyzer 1
3 Anti – Advanced Persistent Threat Intelligence 2
4 Security Orchestration, Automation and Response (SOAR) 1
5 Security Information and Event Management (SIEM)# 0/1
6 Vulnerability Management Solution 1
7 Network Monitoring, Helpdesk & Ticketing software 1
Storage
1 SAN Switch 2
2 SAN 1
Others
1 Threat Intelligence feeds and updates 1
2 Training 1
Desktop / Printer
1 Desktop 17
2 LED monitors - additional 16
3 Multifunction printer 1
Note:

*Log Management appliances should be proposed as 4 nos. in quantity if existing asset

is to be upgraded and utilized and 6 nos. quantity to be proposed if new assets and
solutions are to be proposed by the bidder.

# SIEM should be proposed as 0 nos. (zero) in quantity if existing asset is to be

upgraded and utilized and 1 nos. (One) quantity to be proposed if new asset and solution
is to be proposed by the bidder.

13.2 Non-IT assets

Non – IT assets (Indicative)
Sr.
Item Description UOM QTY
No
Civil and Interiors
1 Flooring
a False flooring Sqr Mtr Bidder to Propose
b Italian Marble / Composite stone flooring Sqr Mtr Bidder to Propose
c Carpet flooring Sqr Mtr Bidder to Propose
2 Partitions and Panelling Sqr Mtr Bidder to Propose
3 Paint Sqr Mtr Bidder to Propose

109 | P a g e
RFP for Odisha SOC

Non – IT assets (Indicative)

Sr.
Item Description UOM QTY
No
4 Doors
a Double leaf glass door Nos Bidder to Propose
b Fire rated steel door Nos Bidder to Propose
c Fire rated toughened glass door Nos Bidder to Propose
5 False ceiling Sqr Mtr Bidder to Propose
a Metal Baffle ceiling Sqr Mtr Bidder to Propose
b Designer Acoustic false ceiling Sqr Mtr Bidder to Propose
c Curvilinear or designer ceiling Sqr Mtr Bidder to Propose
6 Air Conditioning Sqr Mtr Bidder to Propose
Electrical Wires, Switches & Conduits for ceiling and
7 Sqr Mtr Bidder to Propose
floor lights
8 Passive Cabling with components Sqr Mtr Bidder to Propose
9 LED Ceiling lights
a General LED lights Nos Bidder to Propose
b Circular / Dimmable LED lights Nos Bidder to Propose
c LED strips Nos Bidder to Propose
10 Distribution Board with Electrical MCB complete Nos Bidder to Propose

Modular switch board with switches and sockets for

11 Nos Bidder to Propose
Desk with complete wiring
12 Earth pit Nos. 3
13 Perforated cable tray (factory made galvanized) Mtr Bidder to Propose
14 Cable raceway for cabling and wiring Mtr Bidder to Propose
Electrical
1 UPS - 20 KVA Nos 2
2 Battery bank Set 2
Furniture
1 Command centre control desk - 8 seater capacity Nos 2
2 Manager Table Nos 1
3 Meeting room table Nos 1
4 Reception Table Nos 1
5 Command centre chair Nos 16
6 Chair for office and reception Nos 6
7 Manager's chair Nos 1
8 Storage Units Nos 2
9 Staff Locker unit Nos. Bidder to Propose
10 Key Box Nos 1
11 Dust bin (Stainless steel) Nos 4
12 White board - Glass pasted Nos 2
13 Sofa set Nos 2
14 Coffee table Nos 1
15 Pin up Notice board Nos 2
Safety & Security System
1 Close circuit tele vision (CCTV) NVR - 16 channel Nos 1

110 | P a g e
RFP for Odisha SOC

Non – IT assets (Indicative)

Sr.
Item Description UOM QTY
No
2 Dome camera – IP based Nos 9
3 32 inch Display screen Nos 2
Door Access control system for 8 access controls
4 Set 1
with main panel & software
5 Rodent repellent system Set 1
6 Fire extinguisher - handheld Nos 5
Addressable Fire Detection and Alarm system with
7 Set 1
software (20 detectors, 3 sirens)
Network
1 42U Rack with 48 port jack panel Nos 1
2 LED Display (70 inch) Nos 8
3 Video wall controller & speakers with all accessories Set 1

13.3 Manpower requirement

Sr. No Manpower Designation No. of resource

1 SOC manager 1
Security administration and Threat Intelligence
2 1
expert
3 SOC Engineer 3

4 SOC Level 2 Analyst 7

5 SOC Level 1 Analyst 7

6 Receptionist 1

TOTAL 20

111 | P a g e
RFP for Odisha SOC

14. General conditions of contract for bidder

14.1 General terms

1. All solutions proposed by the bidder should be of latest manufacturing product

and not more than 01 year old from the bid submission date, latest configuration
and should not reach end of life or end of support for at least 07 years after
installation.
2. All cost / price of the items quoted by the bidder would be fixed for the period of
the contract and any new procurement or upgradation of the respective item
would be done basis the quoted price.
3. The certifications of the manpower resources proposed for the project should be
valid during the bid submission and also for the entire duration of the project.
Bidder should ensure to reissue any expired certification from the relevant body.
4. All items proposed by the bidder should support dual stack, both IPV4 and IPV6
technology.
5. The bidder should ensure that the best practices of SOC are implemented during
the duration of the contract.
6. All items should be under the AMC of the OEM and OEM should continue to
provide support even if the bidder exits in between the agreement period.
7. All AMC, licenses, ownership, etc. of assets (hardware or software) should be in
the name of OCAC.
8. All customized tools, configurations would be the property of OCAC and the bidder
would have no claim whatsoever.
9. The bidder during the period of project should adhere to all the regulation and
rules laid by the Government of Odisha in terms of Information Technology.
10. All IPR would be in the name of OCAC and bidder would hand over all
configurations and customized tools to OCAC during exit.
11. The successful bidder shall the take the responsibility of collecting a Non-
disclosure agreement signed by all the resources deployed for CSOC project and
share the same with OCAC.
12. The successful bidder should implement and operate the engagement as per
industry standards and security standards such ISO 27001, MeiTY, CERT-In, etc.
13. The successful bidder should submit the Performance Bank Guarantee to OCAC
within 30 days of Letter of intent / Award of project contract.
14. The Performance Bank Guarantee (PBG) submitted by the successful bidder
should have a validity of at least 60 days beyond the contract period.
15. Any obsolete asset would be supported for inclusion in CSOC by the prospective
implementation agency, maybe subject to upgradation or technical support.
16. The proposed manpower should be deployed at SOC within 15 days of successful
PAT / UAT of the complete infrastructure.
17. All Non-IT assets proposed by the bidder against the RFP should have authorized
service support locally available at Bhubaneswar.
18. Any electrical / cabling rectification, repair within the CSOC premises would be
the responsibility of the successful bidder and OCAC would bear no liability or
borne any cost for the CSOC premises.
19. Retention of all data related to CSOC and relevant reports should be stored for
minimum one year period (combining online and offline data) by the successful
bidder.
RFP for Odisha SOC

20. OCAC will review the performance of the bidder against the SLA at any given time
or duration of the project. The supervision report about the performance of any
services pursuant to this SLA by the successful bidder or any other agency as
appointed by OCAC shall form the basis for imposing damages / penalties for
breach of contract. OCAC reserves the right to appoint a third-party auditor /
agency to validate the deliverables under the SLA of this RFP.
21. The successful bidder during the duration of the agreement period should consult
and coordinate with PMU and OCAC for expansion and integration of any
additional department and stakeholder with Odisha SOC.
22. The successful bidder should consult with PMU and take approval from OCAC for
any change management activities at any time of the project.
23. The successful bidder at any time of the project should cooperate with any PMU /
third party agency appointed by OCAC for monitoring of SOC services and SLA
compliances as and when required.

14.2 Insurance

1. Appropriate insurance to cover all solution components for the transit period
and until the time of its acceptance at the respective site is to be taken by the
successful bidder. As the successful bidder will carry the risk for the material in
his books during transit, the successful bidder should arrange insurance for the
total system as period from the dispatch till Final Acceptance Test is
successfully achieved. Further the Successful bidder is to take all required
insurance coverage in respect of all its personnel who shall be working on this
engagement.
2. Any insurance during the operation and maintenance period of the project
should be done by the successful bidder with prior acceptance form the
department / OCAC.
3. The cost of insurance during the implementation is to be borne by the
successful bidder and should be included in the financial proposal submitted.
4. The cost of insurance during the operation and maintenance period would be
borne by OCAC on actuals, provided the insurance is done by the successful
bidder only with prior acceptance from OCAC.

14.3 Confidentiality
1. OCAC may allow the implementation agency to utilize Confidential Information
and the implementation agency shall maintain the highest level of secrecy,
confidentiality and privacy with regard to such Confidential Information. The
implementation agency shall use its best efforts to protect the confidentiality and
proprietary of Confidential Information.
2. Additionally, the implementation agency shall keep confidential all the details and
information with regard to the Project, including systems, facilities, operations,
management and maintenance of the systems/facilities. The implementation
agency shall use the information only to execute the Project.
3. OCAC shall retain all rights to prevent, stop and if required take the necessary
punitive action against the implementation agency regarding any forbidden
disclosure.
4. The implementation agency may share the confidential information with its
employees, affiliates, agents and subcontractors but only strictly on a need to
know basis in order to accomplish the scope of services under the Agreement.
RFP for Odisha SOC

Upon request of OCAC, the implementation agency shall execute a corporate non-
disclosure agreement (NDA) with OCAC in the mutually agreed format provided
by OCAC shall ensure that all its employees, agents and sub-contractors are
governed by confidential obligations similar to the one contained herein. The
implementation agency and its antecedents shall be bound by the NDA. The
implementation agency will be held responsible for any breach of the NDA by its
antecedents/ delegates/ employee/ subcontractors etc.
5. To the extent the implementation agency shares its confidential or proprietary
information with OCAC for effective performance of the Services, the provisions of
the confidentiality Clause (I) to (iii) shall apply mutatis mutandis on OCAC.
6. The implementation agency shall not use Confidential Information, the name or
the logo of the OCAC except for the purposes of providing the Service as specified
under the agreement.

14.4 Indemnification
The implementation agency hereby indemnifies, hold harmless & undertakes to
defend OCAC, its affiliates and their respective employees, officers and directors
against any claim by a third party including but not limited to damages, costs,
expenses as a result of such claim with regard to:
 the extent that the services provided to OCAC by the implementation agency
under this Agreement infringes any third party’s intellectual property rights;
 taxes/charges/cess/levies (and interest or penalties assessed thereon)
against OCAC that are obligations of bidder pursuant to the agreement;
 any damages for bodily injury (including death) and damage to real property
and tangible personal property caused by the implementation agency;
 any claim or action by or on behalf of the implementation agency personnel
based on his or her employment with the implementation agency, including
claims arising under occupational health and safety, worker’s compensation,
provident fund or other applicable laws or regulations;
 claims by government regulators or agencies for fines, penalties, sanctions
or other remedies arising from or in connection with the implementation
agency’s failure to comply with its regulatory/legal requirements and
compliances;
 any claim on account of an alleged breach of confidentiality and security of
data occurring as a result of acts of omissions or commission of the
implementation agency’s employees or sub-contractors;
 any claim occurring on account of misconduct, negligence or wrongful acts of
omission and commission of employees of the implementation agency,
and/or its sub-contractors;
 any claim occurring on account of misuse or negligent application, misuse of
systems, failure to follow established procedure by the implementation
agency and/or sub-contractor’s employees;
 Implementation agency shall ensure compliance with all applicable laws,
local and Central, including all labour laws like ESI, EPF, Minimum Wages
Act, Odisha Shops & Establishments Act, Contract Labour (Regulation and
abolition) Act 1970, Payment of Bonus Act etc. and shall keep First Part
indemnified and harmless in case of any action for violation by Second Part
of any of the applicable laws so long as this arrangement is in force. For all
purposes the persons deployed will be employees of second part and they
will have no relation whatsoever with First Part. Second Part shall be
RFP for Odisha SOC

responsible to furnish all such information/documents to First Part in this

regard as may be required by it from time to time. Furthermore, Second part
shall be responsible to furnish self- attested copies of all returns/challans
filed by second part in the office of ESI, EPF, Minimum Wages Act, Contract
Labour etc. on monthly basis to the first party, in case, the second part fails
to submit or not willing to submit the copies of returns, first part shall be
entitle to stop the payments till the submissions of the returns.
 In event of any theft, loss, damage, destruction, or any other act of
vandalism or sabotage of the property of the purchaser in the possession
of the bidder by virtue of the agreement, the implementation agency
shall be liable to indemnify the first part to the extent of damage or loss so
caused.
 Implementation agency has all the requisite consents, licenses and
permissions to (I) enter into the Agreement (ii) carry out the obligations set
out in the Agreement and it shall keep all such consents, licenses and
permissions renewed and valid at all times during the continuance of the
agreement.

14.5 Limitation of liability for implementation agency

14.5.1 The implementation agency shall be liable to the client / purchaser,

whether in contract, tort, or otherwise, for any indirect or consequential
loss or damage, loss of use, loss of production, or loss of profits or interest
costs or loss of reputation.
14.5.2 The aggregate liability of the implementation agency to the client /
purchaser, whether under the contract, in tort or otherwise, shall not
exceed the total Contract Price, provided that this limitation shall not apply
to any obligation of the successful bidder to indemnify the client with
respect to intellectual property rights infringement.
14.5.3 The above mentioned points 14.3.1 and 14.3.2 are applicable provided
they do not exclude or limit any liabilities of either party in ways not
permitted by applicable law.

14.6 Liquidated damages

If the implementation agency fails to deliver any or all of the services within the time
period(s) specified in the RFP, OCAC shall without prejudice to its other remedies
under agreement, deduct from the Agreement Price, as liquidated damages, a sum
equivalent to, as per the SLA terms indicated in the bid document, until actual
delivery or performance, subject to a maximum of 20% of the project value / project
cost quoted by the bidder.

If the implementation agency requires an extension of time in completion of

contractual supply on account of occurrence of any hindrance, he shall apply in
writing to the authority, which has placed the supply order, for the same immediately
on occurrence of the hindrance but not after the stipulated date of completion of
supply. Delivery period may be extended with or without liquidated damages if the
delay in the supply of equipment / software / components is on account of hindrances
beyond the control of the bidder.
RFP for Odisha SOC

If OCAC fails to provide space at the respective sites of SOC and/or delay in statutory/
regulatory approvals/ non availability of bandwidth, the Liquidated damages for such
delay shall not be levied on the implementation agency.

14.7 Force Majeure

Force Majeure is herein defined as any cause, which is beyond the control of the
implementation agency or OCAC as the case may be which they could not foresee or
with a reasonable amount of diligence could not have foreseen and which
substantially affect the performance of the contract, such as:
 Neither Party shall be responsible to the other for any delay or failure in
performance of its obligations due to any occurrence commonly known as Force
Majeure which is beyond the control of any parties, including, but is not limited to,
flood, explosion, thundering, acts of God or any Governmental body, public
disorder, riots, embargoes, or strikes, acts of military authority, epidemics,
lockouts or other labour disputes, insurrections, civil commotion, war, enemy
actions.
 If a Force Majeure arises, the implementation agency shall notify promptly within a
reasonable time frame to OCAC in writing of such condition and the cause thereof.
Unless otherwise directed by OCAC, implementation agency shall continue to
perform his obligations under the agreement as far as is reasonably practical, and
shall seek all reasonable alternative means for performance not prevented by the
Force Majeure event.
 The implementation agency shall be excused from performance of his obligations in
whole or part as long as such cases, circumstances or events shall continue to
prevent or delay such performance. Neither Party shall have any liability to the
other Party in respect of the termination of the Agreement as a result of an event
of Force Majeure.
 In case of a Force Majeure, all Parties will endeavour to agree on an alternate
mode of Performance in order to ensure the continuity of service and
implementation of the obligations of a party under the agreement and to minimize
any adverse consequences of Force Majeure.
 Implementation agency shall be paid for supply and services till last date of
termination in case of force majeure
 If force majeure conditions continue for more than 30 days and the services are
suspended then either party has the right to terminate this agreement.

14.8 Intellectual Property Rights

a. All Intellectual Property of OCAC under the agreement will belong exclusively to
GoO, except the pre-existing intellectual property rights of the implementation
agency (if any). On payment of all fees in connection with the agreement and
subject to the other provisions of the agreement, GoO shall at all times retain to
use within its internal business all right title and interest in and to any Intellectual
Property Rights in the deliverables to be provided by the implementation agency
under the agreement and any modifications thereto or works derived from there
except the pre-existing intellectual property rights of the implementation agency
(if any). It is hereby expressly clarified that implementation agency shall have no
RFP for Odisha SOC

right, title or interest in or to such Intellectual Property Rights of OCAC for any
purpose, except the right to use, modify, enhance and operate such designs,
programs, modifications as per requirement of OCAC. Implementation agency
shall not use such Intellectual Property of OCAC for any other purpose during and
after the term of the Contract.
b. No services covered under the agreement shall be sold or disposed by the
implementation agency to OCAC in violation of any right whatsoever of third
party, and in particular, but without prejudice to the generality of the foregoing,
of any patent right, trademark or similar right, or any charge mortgage or lien.
c. Subject to clause (d) below, the Intellectual Property Rights of all the database,
programs, reports, formats etc. developed/created for this project would be of
OCAC / GoO.
d. The implementation agency shall continue to retain sole ownership of the pre-
existing proprietary knowledge, tools, source code, records, SOPs, application
configurations, drawings, methodology, templates, works of authorship,
materials, information plus any modifications or enhancements thereto and
intellectual property content brought in by implementation agency to this
engagement and/or incorporated in the deliverables submitted by bidder to OCAC
or created independently of the performance of the services. For avoidance of
doubt, it is clarified that the implementation agency shall have the right to use
any works of authorship or other intellectual property that may be included in the
deliverables, to develop for themselves, or for others, materials or processes that
may be similar to those produced as a result of the services. Further, any third
party licenses other than the hardware and software to be used by the
implementation agency resources for delivering the deliverables under the
agreement, necessary for the performance of the Services under this Agreement,
would need to be procured by OCAC.
e. Implementation agency hereby undertakes; not to provide access to the
Intellectual Property of OCAC to persons other than authorized users to ensure
that all authorized users are appropriately notified of the importance of respecting
the Intellectual Property Rights of OCAC and that they are made aware of and
undertake to abide by the similar terms and conditions of the agreement. Not to
permit any person, other than the authorized users, to copy, duplicate, translate
into any language, or in any way reproduce the Intellectual Property of OCAC. To
effect and maintain reasonable security measures to safeguard the Intellectual
Property of OCAC from unauthorized access or use by any third party other than
the authorized users. To notify OCAC promptly of any unauthorized disclosure,
use or copying of the Intellectual Property of OCAC of which the implementation
agency becomes aware. To change the manpower deployed if OCAC notifies issue
(along with the justifiable ground) in the satisfactory performance of the
respective resource.

14.9 Change control

OCAC may at any time during the duration of the project, with a prior written intimation
given to the implementation agency make changes within the general scope and
coverage of the agreement.
RFP for Odisha SOC

If any such change causes an increase or decrease in the cost of, or the time required
for the implementation agency performance of any part of the work under the
Agreement, whether changed or not changed by the order, an equitable adjustment
shall be made in the Agreement price or delivery schedule, or both and the
Agreement shall accordingly be amended, based on mutual discussions.

Implementation agency shall not charge for any cost incurred for configuration /
reconfiguration of the equipment / services as directed by OCAC on account of
regulatory compliance / guidelines issued by GoO and GoI.

14.10 Publicity

Any publicity by the implementation agency in which the name of OCAC is to be

used, should be done only with the explicit written permission from OCAC.

14.11 Termination

14.11.1 Termination for client’s convenience

 The client may at any time terminate the contract for any reason by giving the
implementation agency a notice of 90 days for termination. The implementation
agency shall be paid for all acceptable work done until the effective date of
termination.
 Upon receipt of the notice of termination under the above point, the
implementation agency shall either as soon as reasonably practical or upon the
date specified in the notice of termination
 Cease all further work, except for such work as the client may specify in
the notice of termination for the sole purpose of protecting that part of the
system already executed, or any work required to leave the site in a clean
and safe condition;
 Remove all implementation agency’s equipment from the site, repatriate
the implementation agency’s personnel from the site, remove from the
site any wreckage, rubbish, and debris of any kind;
 In addition, the implementation agency, subject to the payment shall:
 Deliver to the client the parts of the system / project executed by
the implementation agency up to the date of termination;
 To the extent legally possible, assign to the client all right, title,
and benefit of the implementation agency to the system, or
subsystem, as at the date of termination, and as may be required
by the client;
 Deliver to the client all non-proprietary drawings, specifications,
and other documents prepared by the bidder as of the date of
termination in connection with the system.
RFP for Odisha SOC

14.11.2 Termination for implementation agency’s default

14.11.2.1 The client, without prejudice to any other rights or remedies it may
possess, may terminate the agreement forthwith in the following
circumstances by giving a notice of 30 days for termination and its
reasons therefore to the implementation agency:

a. If the implementation agency becomes bankrupt or insolvent, has a

receiving order issued against it, compounds with its creditors, or, if
the implementation agency is a corporation, a resolution is passed
or order is made for its winding up (other than a voluntary
liquidation for the purposes of amalgamation or reconstruction), a
receiver is appointed over any part of its undertaking or assets, or if
the implementation agency takes or suffers any other analogous
action in consequence of debt;
b. If the implementation agency assigns or transfers the contract or
any right or interest therein in violation of the provision of contract;
or
c. If the implementation agency, in the judgment of the client, has
engaged in corrupt or fraudulent practices in competing for or in
executing the contract, including but not limited to wilful
misrepresentation of facts concerning ownership of intellectual
property rights in, or proper authorization and/or licenses from the
owner to offer, the hardware, software, or materials provided under
agreement / contract.

For the purposes of this Clause:

“Corrupt practice” means the offering, giving, receiving, or soliciting
of anything of value to influence the action of a public official in the
procurement process or in contract execution.

“Fraudulent practice” means a misrepresentation of facts in order to

influence a procurement process or the execution of a contract to
the detriment of the client and includes collusive practices among
bidders (prior to or after bid submission) designed to establish bid
prices at artificial non-competitive levels and to deprive the client of
the benefits of free and open competition.

“Unfair trade practices” means supply of goods (hardware,

networking equipment, etc.) different from what is mentioned in
the bid documents, and includes change of parts/ components, use
of refurbished / repaired / sub-standard / duplicate parts instead of
genuine new parts or change the specifications and/or make of the
company for which the supply order was given by client.

14.11.2.2 If the implementation agency:

a. Has abandoned or repudiated the Contract;
b. Has without valid reason failed to commence work on the project /
system promptly;
RFP for Odisha SOC

c. Persistently fails to execute the Contract in accordance with the

Contract or persistently neglects to carry out its obligations under the
Contract without just cause;
d. Refuses or is unable to provide sufficient Materials, Services, or labour
to execute and complete the System in the manner specified in the
agreed project plan furnished under the RFP / contract at rates of
progress that give reasonable assurance to the client that the
implementation agency can attain operational acceptance of the
system by the time for achieving operational acceptance as extended;
then the client may, without prejudice to any other rights it may
possess under the agreement, give a notice to the implementation
agency stating the nature of the default and requiring the
implementation agency to remedy the same. If the implementation
agency fails to remedy or to take steps to remedy the same within 30
days of its receipt of such notice, then the client may terminate the
agreement forthwith by giving a notice of termination to the
implementation agency.

Upon receipt of the notice of termination under the above point, the
implementation agency shall either as soon as reasonably practical or upon the
date specified in the notice of termination
a. Cease all further work, except for such work as the client may specify in
the notice of termination for the sole purpose of protecting that part of the
system already executed, or any work required to leave the site in a clean
and safe condition;
b. Remove all implementation agency’s equipment from the site, repatriate
the implementation agency’s personnel from the site, remove from the
site any wreckage, rubbish, and debris of any kind;
c. In addition, the implementation agency, subject to the payment shall:
i. Deliver to the client the parts of the system / project executed by
the bidder up to the date of termination;
ii. To the extent legally possible, assign to the client all right, title,
and benefit of the implementation agency to the system, or
subsystem, as at the date of termination, and as may be required
by the client;
iii. Deliver to the client all non-proprietary drawings, specifications,
and other documents prepared by the implementation agency as
of the date of termination in connection with the system.

14.11.3 General terms during termination

 The client may enter upon the site, expel the implementation agency, and
complete the system itself or by employing any third party. Upon completion of
the system or at such earlier date as the client thinks appropriate, the client shall
give notice to the implementation agency that such implementation agency’s
equipment will be returned to the bidder at or near the site and shall return such
implementation agency’s equipment to the implementation agency in accordance
with such notice. The implementation agency shall thereafter without delay and
at its cost remove or arrange removal of the same from the site.
RFP for Odisha SOC

 If there are any sum due on implementation agency, the client shall deduct the
same accruing prior to the date of termination from the amount to be paid to the
bidder under the agreement.

 If the client completes the system, the cost of completing the system by the
client shall be determined. If the sum that the implementation agency is entitled
to be paid, plus the reasonable costs incurred by the client in completing the
system, exceeds the Agreement Price, the implementation agency shall be liable
for such excess, limited to the total cost of the project as submitted by the
implementation agency. If such excess is greater than the sums due the
implementation agency, the implementation agency shall pay the balance to the
client, and if such excess is less than the sums due the implementation agency,
the client shall pay the balance to the implementation agency. The client and the
implementation agency shall agree, in writing, on the computation described
above and the manner in which any sums shall be paid.

 The Performance Bank Guarantee shall be invoked in case of termination under

termination by implementation agency or termination by implementation agency’s
default.

14.12 Taxes and Duties

All payments will be subjected to tax deduction at source as applicable/ required at

the prevailing tax rates. Any changes, revision or enactment in duties like GST,
taxes or any CESS during the period of validity of the bids and also during the
agreement period by Central/State/Other Government bodies will be considered
and applied after due consideration. The decision of OCAC in this regard will be final
and binding and no dispute will be entertain. Any taxes at the time of supply goods
and services shall be applicable as per the Law.

For goods supplied from outside the Purchaser’s country, the bidder shall be
entirely responsible for all applicable taxes, license fees, and other such levies
imposed outside the Purchaser’s country. The basic price quoted item wise by the
bidder in respect of the transaction between OCAC & the bidder shall include all
taxes & duties and charges payable by the bidder except for the GST, CGST plus
OGST, or IGST, as the case may be, at applicable rate shall be quoted alongside the
basic price for all the items. However, while quoting the basic price against the
package/works, benefit of Input Tax Credit (ITC) should be adjusted in the quoted
price by the bidder.

14.13 Settlement of Disputes

 OCAC and the implementation agency shall make every effort to resolve
amicably by direct informal negotiation, any disagreement or dispute, arising
between them under or in connection with the contract.
 In case of any doubts about a clause of the contract agreement which includes
contract documents, the interpretation given by the client shall be final and
binding, till the time any other interpretation is ordered in the case by
arbitration tribunal.
RFP for Odisha SOC

 If any dispute of any kind whatsoever shall arise between the client and the
implementation agency in connection with or arising out of the agreement,
including without prejudice to the generality of the foregoing, any question
regarding its existence, validity, or termination, or the operation of the System
(whether during the progress of implementation or after its achieving
Operational Acceptance and whether before or after the termination,
abandonment, or breach of the agreement), the parties shall seek to resolve any
such dispute or difference by mutual consultation. If the parties fail to resolve
such a dispute or difference by mutual consultation within 60 days, upon expiry
of which either party may move to the notification of arbitration.
 In case of any dispute between the client and the implementation agency arising
out of the breach or noncompliance of any condition of the Contract, the dispute
shall be resolved in accordance with the provisions of the Arbitration and
Conciliation Act, 1996 (No. 26 of 1996).
 All arbitration proceedings would be held only under the legal jurisdiction of
Bhubaneswar or Cuttack.

15. Obligations of OCAC

1. OCAC would coordinate and assist in acquiring all permissions required for civil
construction, earth pit, area for outdoor installations, cooling system, power
connectivity from OCAC Tower, back-up power connectivity from OCAC tower.
2. Cooling cost, Bandwidth cost, Diesel Cost (if required) and Electricity Cost will be
borne by OCAC and this cost is not part of the scope of the bidder. OCAC shall
directly engage with these service providers and pay them directly.
3. Physical security costs of the CSOC would be borne by OCAC and recruitment of
physical security guards would be done by OCAC.
4. Critical devices like CSOC servers, CSOC appliances and CSOC network devices
would be installed at the State Data Centre.
5. Power supply, network connectivity, rack space, cooling, internet bandwidth to the
above mentioned critical devices would be provided by Odisha SDC.
6. Housekeeping and general up-keep (example: sweeping, dusting, etc.) of CSOC
would be the responsibility of OCAC.

16. Exit Management

The successful bidder shall not exit from the agreement within stipulated time period of
four (4) years after Go-Live. However, in the event that the successful bidder decides to
opt out of the contract prematurely it has to notify the authority six months in advance
through a written letter, the successful bidder will not seek ownership rights over the
equipment and PBG will also be forfeited.

16.1 Purpose

 This section sets out the provisions which will apply upon completion of the
agreement period or upon termination of the agreement for any reasons.
 Both parties shall ensure that their respective associated entities, in case of OCAC,
any third party appointed by the OCAC and in case of the successful bidder, the
RFP for Odisha SOC

OEMs or another OEM authorized partner, carry out their respective obligations
during exit period.
 The exit management period starts, in case of expiry of agreement, on the date
when the agreement comes to an end or in case of termination of agreement, on the
date when the notice of termination is sent to the successful bidder.
 The exit management period ends in three months after the beginning of the exit
management period.

16.2 Exit management period

During the exit management period, the successful bidder shall ensure that:

 All project assets including the hardware, software, documentation and any other
infrastructure shall have been cured of all defects and deficiencies as necessary so
that the assets are compliant with the specifications and standards set forth by
OCAC.
 The successful bidder shall deliver relevant records and reports pertaining to the
CSOC Project and its design, engineering, operation, and maintenance including all
operation and maintenance records and manuals pertaining thereto and complete to
OCAC before end of exit period.
 The Successful bidder shall comply with all other requirements as may be prescribed
under Applicable Laws to complete the exit management and assignment of all the
rights, title and interest of the successful bidder in the CSOC project free from all
encumbrances absolutely and free of any charge or tax to OCAC or its nominee.
 The successful bidder will allow OCAC or any third party appointed by OCAC, access
to information reasonably required to define the then current mode of operation
associated with the provision of the services to enable OCAC or any third party
appointed by OCAC to assess the existing services being delivered.
 The successful bidder during the period of exit would share every artefact related
but not limited to:
I. Documentation of customized tools or software.
II. User manuals and SOPs for various process and operations.
III. Documentation related to support and AMC.
IV. Licenses and ownership documents.
V. Previous reports including all status reports.

16.3 Exit management plan

The successful bidder should prepare an exit management plan and share the same with
OCAC within 90 days of signing of agreement. The EMP should contain:

 A detailed program of the transfer process that could be used in conjunction with
OCAC or any third party appointed by OCAC including details of the means to be
used to ensure continuing provision of the services throughout the transfer
process and of the management structure to be used during the transfer.
 Plans for the communication with OCAC and any related third party as are
necessary to avoid any material detrimental impact on OCAC’s operations as a
result of undertaking the transfer.
 Identification and implementation of specific tasks necessary during the exit
period.
RFP for Odisha SOC

 Timelines of activities to be done by OCAC and the successful bidders during the
exit management period.

The exit management plan has to be updated whenever necessary and shared with
OCAC annually every year.
RFP for Odisha SOC

Annexure – I: Current asset detail

RFP for Odisha SOC

Odisha State Data Centre (OSDC)

Details of servers installed at the Odisha State Data Centre (OSDC)

Sr. Asset
Asset Description Make Model Quantity
No Name

1 SERVER HYPER-V SERVER IBM BL-HS22 1

ADDITIONAL DOMAIN
2 SERVER IBM BL-HS22 1
CONTROLLER SERVER
3 SERVER HYPER-V SERVER IBM BL-HS22 1
4 SERVER PROXY SERVER IBM BL-HS22 1
5 SERVER HYPER-V SERVER IBM BL-HS22 6
DATABASE SERVER ON AIX
6 SERVER IBM P-550 3
PLATFORM
DATABASE SERVER ON
7 SERVER IBM X-3850 M2 2
WINDOWS PLATFORM
TIVOLI STORAGE MANAGEMENT
8 SERVER IBM X-3850 M2 1
SERVER
9 SERVER STAGGING SERVER IBM X-3850 M2 1
10 SERVER CA TIM SERVER IBM X-3850 M2 1
11 SERVER ORACLE RAC SERVER IBM P-550 1
APPLICATION SERVER ON
12 SERVER IBM BL-HS22 1
WINDOWS PLATFORM
NETWORK FAULT MANAGEMENT
13 SERVER IBM BL-HS22 1
SERVER
NETWORK PERFORMANCE
14 SERVER IBM BL-HS22 1
MANAGEMENT SERVER
15 SERVER HELPDESK SERVER IBM BL-HS22 1
16 SERVER SERVER MANAGEMENT SERVER IBM BL-HS22 1
DATABASE MANAGEMENT
17 SERVER IBM BL-HS22 1
SERVER
18 SERVER ORACLE RAC SERVER IBM P-550 1
WEB APPLICATION SERVER ON
19 SERVER IBM BL-HS22 1
WINDOWS PLATFORM
WEB APPLICATION SERVER ON
20 SERVER IBM BL-HS22 1
WINDOWS PLATFORM
BLADE
21 IBM BLADE CHASIS IBM MT 8677 1
CHASIS
BLADE
22 IBM BLADE CHASIS IBM MT 8677 1
CHASIS
23 SERVER HYPER-V SERVER IBM BL-HS23 4
24 SERVER HYPER-V SERVER HP BL460C G9 8
BLADE
25 HP BLADE CHASIS HP BLC 7000C 1
CHASIS
26 SERVER Esxi Server HP HPEDL380 12
DELL EMC
27 SERVER Esxi Server DELL POWER EDGE 12
R740
RFP for Odisha SOC

Details of ESM solution installed at the Odisha State Data Centre (OSDC)

Installed
Server
Sr. Product
Solution name OEM Model Make Quantity
no. version
and
model
Flexconnect -
Enterprise Security HP DL380
1. 6.9 ArcSight 10000 EPS 1
Manager (ESM) Gen9
licensed
L7600
OS: Redhat HP DL380
2. Logger 6.4 ArcSight 2
Enterprise Linux Gen9
(Maipo)
C6600
OS: Redhat HP DL380
3. Connector 2.8 ArcSight 2
Enterprise Linux Gen9
(Maipo)
User Behaviour HP DL380
4. 5.2 ArcSight Basic 1K Actor 1
Analyser Gen9
Note: The support for the above solution expires in December 2021.

Details of storage devices installed at the Odisha State Data Centre (OSDC)

Sr. Asset
No Asset Name Manufactur Make / Model Quantity
. er
1 SAN Switch CISCO DS-C9134-K9 4
2 Storage IBM DS 5300 1
3 Storage Disk Self IBM EXP 5000 14
4 VTL Disk self IBM TS 7520 12
5 VTL Base server IBM TS 7500 SERVER 2
6 Tape Library IBM IBM LT04 UDS3 2
7 Hitachi VSP Replicator HITACHI HJ-4230-7EWEA 1
8 Brocade Switch Brocade Brocade 7800 2
9 MDS/SAN Switch Cisco DSC9148-32P-K9 2
10 SAN STORAGE DELL SC 7020 1
11 NAS DELL FS 8600 1
12 SAN Switch HPE HPSN6500B 2
13 SAN STORAGE HPE HPE 3 PAR 8440 1
14 Storage Disk Self HPE HPE 3 PAR 8000 8
StoreServ SPS Service 1
15 HPE HPE ProLiantDL120 Gen9
Processor
HPE STORE ONCE HPE StoreOnce Enclosure 1
16 HPE
ENCLOSURE (5250)
HPE STORE ONCE BASE HPE StoreOnce Base 1
17 HPE
SYSTEM System (5250)

Details of network devices installed at the Odisha State Data Centre (OSDC)

Sr. Asset
Asset Name Make / Model Quantity
No. Manufacturer
1 INTERNET ROUTER CISCO CISCO3845 2
2 INTERNET SWITCH CISCO Cat3560G-24TS 2
LinkProof On Demand Switch 2
3 NETWORK LOADBALANCER RADWARE
2
RFP for Odisha SOC

Sr. Asset
Asset Name Make / Model Quantity
No. Manufacturer
4 IPS RADWARE DP-1016-NL-D-Q 2
5 INTERNET FIREWALL CISCO Cisco ASA5580 2
6 CORE SWITCH CISCO WS-C6509-E 2
7 WEB DMZ SWITCH CISCO Cat3560G-24TS 2
AppDirector with Cookie 2
8 APP LOADBALANCER RADWARE
Persistency
9 INTRANET FIREWALL CISCO Cisco ASA5550 2
10 MGM DMZ SWITCH CISCO Cat3560G-24TS 2
11 APP & DB DMZ SWITCH CISCO Cat3560G-24TS 2
12 ACCESS SWITCH CISCO Cat3560G-24TS 1
Access Control Server (AAA 2
13 CISCO Cisco 1120 Secure ACS
Server)
SYMANTEC MAIL SECURITY 2
14 MAIL SECURITY APPLIANCE SYMANTEC
8340 APPLIANCE
15 KVM Switch IBM IBM 17353LX 3
16 INTERNET FIREWALL CISCO Cisco FPR-C9300 1
CISCO FIREPOWER 1
17 FMC CISCO
MANAGEMENT CENTRE 2500
CISCO NEXUS N9K- 4
18 NEXUS SWITCH CISCO
C93180YC-FX
19 INTERNET FIREWALL CISCO Cisco FPR-C9300 1
20 IPS RADWARE RADWARE Defence Pro 2
21 APP LOADBALANCER RADWARE RADWARE ALTEON 6029 2
22 VPN CISCO Cisco ASA5525-X 2

Details of peripherals installed at the Odisha State Data Centre (OSDC)

Sr. Asset
Asset Name Make / Model Quantity
No. Manufacturer
1 Desktop DELL OPTIPLEX 380 10
11 Desktop HP HP COMPAQ DX2480 1
12 Desktop DELL OPTIPLEX 9010 6
18 Laptop Dell VOSTRO 1015 6
23 Laptop Dell VOSTRO 3460 4
27 Laptop Dell LATITUDE E5510 1
29 Laptop Dell INSPIRON N5050 1
30 Laptop Dell INSPIRON 15 2
32 Laptop ACER Gateway 4250s 1

Details of applications hosted in Odisha State Data Centre (OSDC)

Sr. Mode of
Application Name User Department
No. Hosting

Electronics & Information

1 BETAN Shared
Technology
Electronics & Information
2 Odisha Mail Shared
Technology
3 Odisha Online Electronics & Information Shared
RFP for Odisha SOC

Sr. Mode of
Application Name User Department
No. Hosting
(Citizen centric e-Services like payment Technology
of electricity bill, water bill, online
application for birth & Death certificate
etc.)
Electronics & Information
4 Social Media Grievance Management Shared
Technology
SRDH
Electronics & Information
5 (State Residence Data Hub) Co-Located
Technology
SRDH_Authentication SRDH_eKYC
Electronics & Information
6 e-District Co-Located
Technology
Portal of OESL Electronics & Information
7 C0-Located
(Odisha e-Governance Service Ltd.) Technology
Electronics & Information
8 Odisha.gov.in Shared
Technology
Electronics & Information
9 SANJOG Shared
Technology
Electronics & Information
10 OCAC.IN Shared
Technology
Electronics & Information
11 MO SARKAR Shared
Technology
12 Resident Commissioner Portal Home Shared
OSSC General Administration & Public
13 Shared
(Odisha Staff Selection Commission) Grievance
General Administration & Public
14 OSSC-Online Shared
Grievance
MAMATA
Women & Child Development &
15 (Web MIS of Scheme for Pregnant Shared
Mission Shakti
Women)
Women & Child Development &
16 Shakti Varta Shared
Mission Shakti
Women & Child Development &
17 e-Pragati Shared
Mission Shakti
Women & Child Development &
18 WCD website Shared
Mission Shakti
WPMS ST & SC Development,
19 (Works Project Monitoring & Payment Minorities & Backward Classes Shared
Solution System) Welfare
20 dcodisha online Health & Family Welfare Shared
21 RHCLMIS Health & Family Welfare Shared
22 State DBT (World Bank) Web Portal Finance Shared
ODRP Revenue & Disaster
23 Shared
(MIS Application of OSDMA) Management
PAIS
24 (Property Allotment Information System, Housing & Urban Development Shared
BDA)

25 BBSROne Housing & Urban Development Shared

26 STA_OMVD Commerce & Transport Shared

27 STA_Portal Commerce & Transport Shared
RFP for Odisha SOC

Sr. Mode of
Application Name User Department
No. Hosting
Micro, Small & Medium
28 STARTUP ODISHA Shared
Enterprise
29 Claimant Management System Higher Education Department Shared
30 RTS Odisha (OREDA) Science & Technology Shared
31 Invest Odisha_IPICOL Industries Shared
Shri Jagannath Temple Inquiry
32 Law Shared
commission
OPSC General Administration & Public
33 C0-Located
(Odisha Public Service Commission) Grievance
General Administration & Public
34 OPSC online C0-Located
Grievance
WAMIS
35 (Works & Account Management Rural Development C0-Located
Information System)
i3MS
36 (integrated Mines & Minerals Steel & Mines C0-Located
Management System)
Food Supplies & Consumer
37 e-Bitaran C0-Located
Welfare
Food Supplies & Consumer
38 ERP Application_SAP C0-Located
Welfare
P-PAS
Food Supplies & Consumer
39 (Paddy Procurement Automation C0-Located
Welfare
System)
SCMS Food Supplies & Consumer
40 C0-Located
(Supply Chain Management System) Welfare
Food Supplies & Consumer
41 MDM Application_IBM C0-Located
Welfare
PIMS
Food Supplies & Consumer
42 (Personnel Information Management C0-Located
Welfare
System)
FPS Automation Food Supplies & Consumer
43 C0-Located
(Fair Price Shops Automation) Welfare
Food Supplies & Consumer
44 Food Odisha Portal & Website C0-Located
Welfare
Food Supplies & Consumer
45 Grievance Redressal System C0-Located
Welfare
BKKY Agriculture & Farmers'
46 C0-Located
(Biju Krushak Kalayan Yojana) Empowerment
Agriculture & Farmers'
47 krushipanipaga Co-Located
Empowerment
Agriculture & Farmers'
48 IVR _Advisory Solution for farmers Co-Located
Empowerment
ORSAC
49 Science & Technology C0-Located
(Orsac new website)
ORSAC
50 Science & Technology C0-Located
(Kenduleaves Orissa)
ORSAC
51 Science & Technology C0-Located
(Banking-Network-Odisha)
52 ORSAC Science & Technology C0-Located
RFP for Odisha SOC

Sr. Mode of
Application Name User Department
No. Hosting
(Web GIS System for IPICOL/IDCO)
ORSAC
53 (Stage Carriage Permit Management Science & Technology C0-Located
System_STA)
ORSAC
54 (Web Application VTS (Vehicle Tracking Science & Technology C0-Located
System)_I3MS)
CTD
55 Finance C0-Located
(Commercial Tax Department)
IFMS
56 (Integrated Financial Management Finance C0-Located
System)
OPHWC
57 (ERP application of Odisha Police Housing Home C0-Located
Welfare Corporation)
CCTNS_SCRB
58 (Crime and Criminal Tracking Network & Home Co-Located
Systems)
Revenue & Disaster
59 e-Registration Co-Located
Management

60 NMMP (BMC_PMC) Housing & Urban Development Co-Located

61 e-Municipality Housing & Urban Development Co-Located

62 Pension Odisha Finance shared

Skill Development & Technical
63 Skill Odisha shared
Education
CTD
64 Finance C0-Located
(Commercial Tax Department)
Web Portal of Directorate of Ports and
65 Commerce & Transport shared
Inland Water Transport
Social Security &
Social Security & Empowerment of
66 Empowerment of Persons with shared
Persons with Disabilities (SSEPD)
Disabilities
e-Niramaya / Odisha State Medical
67 Health & Family Welfare Shared
Corporation Limited (OSMC)
Labour & Employees' State
68 Odia Phalaka Shared
Insurance
Women & Child Development &
69 Sishu Suchana Shared
Mission Shakti
Odia Language Literature &
70 Odia Virtual Academy Shared
Culture Department
71 Bijuli Batti Energy Shared
Agriculture & Farmers'
72 ADAPT Shared
Empowerment
73 Make in Odisha (MIO)_IPICOL Industries Shared
ST & SC Development,
TDCC (Tribal development co-operative
74 Minorities & Backward Classes Co-located
corp.)
Welfare
ST & SC Development,
75 TDCC_MPAS Minorities & Backward Classes Co-located
Welfare
RFP for Odisha SOC

Sr. Mode of
Application Name User Department
No. Hosting
Odisha Primary Education Programme
76 School & Mass Education Co-located
Authority (OPEPA)
Contractor Database Management
77 Works Shared
System (CDMS)
Food Supplies & Consumer
78 DLM Co-located
Welfare
79 BIJUYUVA Sports & Youth Services Shared
80 HOCKEYODISHA Sports & Youth Services Shared
81 RAJBHAVAN Home Shared
Agriculture & Farmers'
82 KALIA Shared
Empowerment
Agriculture & Farmers'
83 Bank Aggregator System Shared
Empowerment
ORERA (Odisha Real Estate Regulatory
84 Housing & Urban Development Shared
Authority)

85 AAHAAR Housing & Urban Development Shared

AWAAS / OUHM (Odisha Urban Housing

86 Housing & Urban Development Shared
Mission)
87 e-SUSHRUT/e-Swasthya/OeHIMS Health & Family Welfare Shared

88 e-Swachh Odisha Housing & Urban Development Shared

89 EXCISE Excise Shared

90 Biju Swastya Kalyan Yojana (BSKY) Health & Family Welfare Shared
91 Shri Jagannath Temple Administration Law Shared
Odisha School Education Programme
92 School & Mass Education Shared
Authority (OSEPA) MIS APP
Odisha School Education Programme
93 School & Mass Education Shared
Authority (OSEPA) WEB
Odisha School Education Programme
94 School & Mass Education Shared
Authority (OSEPA) SMA APP
Odisha School Education Programme
95 School & Mass Education Shared
Authority (OSEPA) PMA APP
Micro, Small & Medium
96 Odisha Youth Innovation Fund Shared
Enterprise
Integrated Legal Monitoring System
97 School & Mass Education Shared
(ILMS)
Panchayati Raj and Drinking
98 Tubewell Management system (TMS) Shared
Water
Women & Child Development &
99 e-prashikyan Shared
Mission Shakti
100 RTDAS Forest & Environment Shared
Social Security &
101 SSEPD Scheme Empowerment of Persons with Shared
Disabilities
102 Rural Development Website Rural Development Shared
Micro, Small & Medium
103 Administration of Incentive Module (AIM) Shared
Enterprise
Revenue & Disaster
104 Revenue Minister's Helpline Shared
Management
Handlooms, Textiles &
105 KRUTI Application Shared
Handicrafts
RFP for Odisha SOC

Sr. Mode of
Application Name User Department
No. Hosting
106 Website of Pathanisamanta Planetarium Science & Technology Shared

Website of Directorate of Higher

107 Higher Education Department Shared
Education

108 MOPRIDE Housing & Urban Development Shared

109 Air Quality Index (AQI) Mobile App Forest & Environment Shared
Panchayati Raj and Drinking
110 GEET Shared
Water
111 eAbkari Excise Shared
Food Supplies & Consumer
112 Feedback Management System Shared
Welfare
113 MIS RTE Pardarshi School & Mass Education Shared

114 MO SARKAR_H&UD Housing & Urban Development Shared

115 MO SCHOOL School & Mass Education Shared

Panchayati Raj and Drinking
116 Odisha Sanitation Shared
Water
117 OMBADC Planning & Convergence Shared
Social Security &
118 MO SARKAR_SSEPD Empowerment of Persons with Shared
Disabilities
Panchayati Raj and Drinking
119 Swachha Odisha Sustha Odisha (SOSO) Shared
Water

Details of email solution installed at the Odisha State Data Centre (OSDC)

Sr.
Description Details
No.
Postfix SMTP (version 2.10.1),
Name and version of the mail messaging Cyrus IMAP (version 1.00),
1
solution / suite Apache (version 2.4.6),
PHP (version 5.4.16)
2 Solution Installation In virtual environment
Operating system on which the email
3 CentOS
messaging system is installed
Number of users utilizing or enlisted for
4 148
the email service currently
5 Directory service utilized LDAP
RFP for Odisha SOC

State IT centre
Details of devices installed at State IT Centre

Sr.
Description Of Asset Make Model Quantity
No.
1 Core Switch Cisco Nexus N9K-C9508 2
2 Core Switch HPE 12904E 2
Cisco Nexus C92160YC-X 9
3 Distribution Switch
HPE 5940 7
4 ASA Cisco ASA 5540 1
5 ASA Cisco ASA 5510 1
6 Firewall Checkpoint 122000 2
7 Content Analyser Forcepoint V10000 G4 2
8 Content Management solution Forcepoint Smart-1210 1
9 Load Balancer RADWARE Alteon NG-6024(VX) 2
Load balancer management
10 RADWARE APSolute Vision 1
solution
11 Router Cisco Cisco-2811 1
12 Router Cisco Cisco7200 1
13 Aruba Aruba 6000 2
14 Wireless Controller Aruba Aruba 7205 2
15 Cisco AIRWLC2106-K9 2
16 Switches CISCO SGE2000P 65
17 Switches CISCO 2960X 159
18 Switches CISCO C3560 1
19 A5120 12
20 Switches HP A5500 1
21 1620 1
22 AP305 61
Wireless access point Aruba
23 AP93 150
HPEProLiant BL 460C
24 Blade Server HP 6
GEN9
HPE ProLiant DL 380
25 Production Server HP 5
GEN9
26 SAN Switch HP HP SN6010C 2
27 Access Switch HP HP 5130 - 24G - 4SFP 2
Array
28 Server Load Balancer APV 2600 2
Networks
29 Tape Library HP HPE MSL4048 1
HPE ProLiant DL 380
30 Production Server HP 3
GEN9
31 Access Switch HP HPE 5130 -24G-4SFP 1
32 Software Firewall HP ProLiant DL180 G5 1
33 SMS Gateway IBM System x3650 1
34 Application IBM System x3650 1
35 Application Backup IBM System x3650 1
36 Database-sql IBM x3850 1
37 Application Backup HP ProLiant DL580 G5 1
RFP for Odisha SOC

Sr.
Description Of Asset Make Model Quantity
No.
38 Application HP ProLiant DL180 G5 1
39 Website HP ProLiant DL180 G5 1
40 Website IBM System x3650 1
41 Database-sql IBM System x3650 1
42 web application HP ProLiant DL580 G7 1
43 Software Firewall Lenovo -------- 1
44 Storage HP -------- 3
45 Application HP ProLiant DL180 G6 1
46 Database-sql HP ProLiant DL180 G6 1
47 Cluster Database HP Blade ProLiant BL420c Gen8 1
48 Cluster Database HP Blade ProLiant BL420c Gen8 1
49 Wagios, PObsitagios, PO HP Blade ProLiant BL420c Gen8 1
50 Westing(Cbsitesting(C HP Blade ProLiant BL420c Gen8 1
51 Application HP Blade ProLiant BL420c Gen8 1
52 Website HP Blade ProLiant BL420c Gen8 1
53 Application HP Blade ProLiant BL420c Gen8 1
54 Application HP Blade ProLiant BL420c Gen8 1
55 AD-DNS HP Blade ProLiant BL420c Gen8 1
56 Website HP Blade ProLiant BL420c Gen8 1
57 Antivirus HP Blade ProLiant BL420c Gen8 1
58 Application HP Blade ProLiant BL420c Gen8 1
ProLiant BL460c
59 Application HP Blade 5
Gen10
ProLiant BL460c
60 SQL Server 2017 Cluster HP Blade 2
Gen10

Details of application hosted at State IT Centre

Sr.
Web Portal / Application Department
No.
Odisha Secretariat Workflow Automation System
1 E&IT
(OSWAS)
2 Student Academic Management System (SAMS) E&IT
RFP for Odisha SOC

State Wide Area Network (SWAN)

Details of devices at State Headquarters

Sr. No. Equipment Details Make Model Quantity

1 Core Router Cisco ASR-1013X 1

2 Switch Cisco 4510 1

3 Switch Cisco 3500 1
4 Switch Cisco CE-500 1
5 Switch HP HPE-5940 1
6 Firewall & IPS Checkpoint 23500 2
7 Web-Security Forcepoint V10KG4 2
8 Antivirus Server Quick Heal SEQRITE 1
9 AAA Server HP Clear Pass-2000 2
10 RMX Polycom RMX 2000 2
11 DMA Polycom DMA 7000 2
12 Resource Manager Polycom Resource Manager 2

Details of devices at District Headquarters

Sr. No. Equipment Detail Make Model Quantity

1 Router Cisco ASR 1001X 30

2 Switch Cisco 3560 30

Details of devices at Block Headquarters

Sr. No. Equipment Detail Make Model Quantity

1 Router Cisco ISR4300 200

2 Router Cisco ISR2911 84
3 Switch Cisco CE-500 209
4 Switch Cisco WS-2960 75

Assets which are obsolete or approaching obsolescence:

State Data Centre (SDC)

Sl.
Asset name Make/Model Quantity EOS date
No.

1 Router Cisco 3845 2 October 31, 2016

2 Access Switch Cisco 3560G-24TS 9 January 31, 2018

3 Internet Firewall Cisco ASA5580 2 July 31, 2017

4 Intranet Firewall Cisco ASA5550 2 September 30, 2018

5 Access Control Server Cisco 1120 Secure 2 May 31, 2016

136 | P a g e
RFP for Odisha SOC

Sl.
Asset name Make/Model Quantity EOS date
No.

(AAA) ACS

State Wide Area Network (SWAN)

Sl.
Asset name Make/Model Quantity
No.

1 Core Switch Cisco 4510 1

2 LAN switch Cisco 3550 2

3 DDOS Radware 3200 1

4 L2 Switch – DHQ Cisco 3560 15

5 L2 Switch – BHQ Cisco CE 500 208

Events per second generated by the devices at SDC, SWAN and State IT
centre:

Events per second for the existing infrastructure under current scope of work
Sr.
Measurement No. of devices Value
No.
Estimated events per second for
1 1342 8000
average 24 hours
Estimated events per second during
2 1342 21000
peak hours

Additional events per second for the proposed additional infrastructure during
expansion of CSOC under extended scope of work
Sr.
Measurement No. of devices Value
No.
Estimated events per second for
1 381 5200
average 24 hours
Estimated events per second during
2 381 14000
peak hours
Note:

1. The successful bidder has to provide devices / infrastructure as per the current
scope of work and maintain feasibility for scalability and expansion as per the
extended infrastructure in future.

137 | P a g e
RFP for Odisha SOC

Annexure – II: Proforma

138 | P a g e
RFP for Odisha SOC

Proforma 1: Bidder profile

(To be declared in the bidder’s letter head)

Name of the Firm/Company

Full Address of the company

Year Established

Telephone Number

Fax Number

E-mail Address

Website
Sectors’ in which the company /
firm has provided services to
Government / Departments in
India
Level 1 analyst:
No. of full time personnel
Level 2 analyst:
currently under employment
SME level:

No. of years of presence in India

Financial Year Turn Over (₹)

2016-17
Annual Turnover
2017-18
2018-19
Name
Designation
Authorized Representative Mobile
Office
E-mail

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

139 | P a g e
RFP for Odisha SOC

Proforma 2: Letter of Authority

(To be declared in bidder’s letter head)

Date:…………………….

To,
The General Manager, OCAC,
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Letter of authority for RFP for Engagement of Agency for Implementation of
Odisha Cyber Security Operations Centre (CSOC), tender no………..

Sir,

I/We ………………………………..hereby authorize following representative(s) to attend Pre Bid

Meeting, Technical Bid opening, Financial Bid opening and for any other correspondence
and communication against above Bid.

1. Name:
Designation:
Signature

2. Name
Designation:
Signature

I/We confirm that I/we shall be bound by all commitments made by aforementioned
authorized representatives.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:
Designation: Date:

Note: The Power of attorney for authorized signatory of this document on behalf of the
company should be attached with the letter.

140 | P a g e
RFP for Odisha SOC

Proforma 3: Letter for agreement to scope of work

Date:……………………….

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Submission of letter for agreement of scope of work for bidder against RFP
no…………….. for Engagement of Agency for Implementation of Odisha Cyber Security
Operations Centre (CSOC)

Sir,

We, the undersigned, have read and examined in detail the RFP documents for
“Engagement of Agency for Implementation of Odisha Cyber Security Operations Centre
(CSOC)”.

We are in consensus to abide by the scope of work as mentioned in Section 4 of the RFP
document and would provide the best of services to fulfil the scope.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

141 | P a g e
RFP for Odisha SOC

Proforma 4: Undertaking on Total Responsibility

(To be declared in the bidder’s letter head)

Date:……………………….

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Dear Sir,

Subject: Undertaking on Total Responsibility for Design, Build, Installation,

Commissioning, Integration and Operation & Maintenance of Non-IT & IT
infrastructure for Odisha Cyber Security Operations Centre at OCAC, Bhubaneswar.

This is to certify that we undertake total responsibility for the successful and defect
free operation of the proposed Project, as per the requirements and terms and
condition of the RFP for Engagement of Agency for Implementation of Odisha Cyber
Security Operations Centre at OCAC, Bhubaneswar”

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

142 | P a g e
RFP for Odisha SOC

Proforma 5: Forwarding Letter for Earnest Money Deposit

(To be declared in the bidder’s letter head)

Forwarding Letter for Earnest Money Deposit

From (Name & complete address of the To

bidder) General Manager (Admin)
_________________________________ Odisha Computer Application
_________________________________ Centre,
_________________________________ N1/ 7D, Acharya Vihar
_________________________________ Square, Near Planetarium,
P.O. – RRL, Bhubaneswar,
Odisha, Pin-751013

Dear Sir/Madam,

Subject: EMD submission for the RFP “Engagement of Agency for

Implementation of Odisha Cyber Security Operations Centre at OCAC,
Bhubaneswar”

Reference: RFP number </____/__> dated <__/____/____>

We, M/s <_______________________>, having carefully read and examined in

detail the RFP document for “Engagement of Agency for Implementation of
Odisha Cyber Security Operations Centre” at OCAC, Bhubaneswar, published by
OCAC hereby submit EMD of Rs. < ______________ >/- (Rupees
<______________> Only) in the form of Bank Guarantee. The details are as
under:

Name of Issuing Bank :

Bank Guarantee number :
Amount :
Dated :

We M/s ___________________________ have read and understood the clauses

of RFP document towards forfeiture of EMD.

Thanking you,
Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:
Designation: Date:

Encl: - Copy of Earnest Money Deposit

143 | P a g e
RFP for Odisha SOC

Proforma 6: Format of Earnest Money Deposit (EMD)

In consideration to the advertisement published by OCAC (hereinafter called the
“Purchaser”) has their offer dated________________ through RFP for
Engagement of Agency for Implementation of Odisha Cyber Security Operations
Centre at OCAC, Bhubaneswar hereinafter called the “IA”) against the
purchaser’s RFP enquiry No. ____/_____/_____ KNOW ALL MEN by these
presents that We ______________< Bank Name> of __________________
having our registered office at _______________ are bound unto
___________________ (hereinafter called the “Purchaser) in the sum of
______________ for which payment will and truly to be made to the said
Purchaser, the Bank binds itself, its successors and assigns by these presents.

Sealed with the Common Seal of the said Bank this ___ day of _____ , 2020.
THE CONDITIONS OF THIS OBLIGATION ARE:
(1) If the IA withdraws or amends, impairs or derogates from the RFP in any respect
within the period of validity of this RFP.
(2) If the IA having been notified of the acceptance of his RFP by the purchaser
during the period of its validity:-
a. If the bidder fails to furnish the Performance Security for the due performance of
the contract.
b. Fails or refuses to accept/execute the contract.

We undertake to pay the Purchaser up to the above amount upon receipt of its
first written demand, without the Purchaser having to substantiate its demand,
provided that in its demand the Purchaser will note that the amount claimed by
it is due to it owing to the occurrence of one or both the two conditions,
specifying the occurred condition or conditions.

This guarantee will remain in force up to and including 180 days from the last
date of RFP bid submission date and any demand in respect thereof should reach
the Bank not later than the above date.
______________________________________
(Signature of the authorized officer of the Bank)
_______________________________________
Name and designation of the officer

____________________________________
Seal, name & address of the Bank and address of the Branch

144 | P a g e
RFP for Odisha SOC

Proforma 7: Compliance of Eligibility criteria

(To be declared in the bidder’s letter head)

Date:……………………….

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Bidder’s compliance for the eligibility criteria as per the RFP for Engagement
of Agency for Implementation of Odisha Cyber Security Operations Centre (CSOC) at
OCAC, Bhubaneswar.

Sir,

In reference to the subject cited, please find below the details of the compliance as per
the eligibility criteria mentioned in the RFP document:

Sr. Compliance
Pre-qualification criteria Document to be submitted
No. (Yes/ No)
A bidder with solutions developed Declaration by the bidder /
in an entity incorporated in a OEM on their letter head that
1 country sharing a land boundary the bidder has proposed no
with India cannot participate in such solutions in response to
this bid. the RFP.
The bidder should be an
established Company registered
 Certificate of incorporation.
under the – Indian Companies Act,
 Certificate consequent to
2 1956/2013, or partnership firm
change of name if
register under LLP Act, 2008 since
applicable.
last 5 years as on 31st March
2019.

The bidder should have a  Certificate of GST

registered number of: registration.
3
 GST Registration.  Copy of PAN / Income tax
 Income Tax / PAN. number.
In case of an OEM authorized
partner, a letter of
authorization (MAF) from
The bidder may be either an OEM original manufacturer for each
/ an authorized partner of the solution / equipment must be
OEM whose product bidder is furnished in original duly
4
proposing. (The solution proposed signed.
can be from a single or various
OEMs). Undertaking from the OEM
mentioning a clause that OEM
will provide support services
during the complete period of

145 | P a g e
RFP for Odisha SOC
Sr.
Pre-qualification criteria
No.
The bidder should have a chartered
minimum average annual turnover
5 of at least Rs. 200 Crores in the
last three financial years (i.e.
2016-17, 2017-18 & 2018-19).
The bidder should have positive
net worth during the last three
6
financial years (i.e. 2016-17,
2017-18 & 2018-19).
The bidder should provide the list
of clients with whom SOC solution
was implemented during last three
years up-to 30.12.2019. SOC
solution could be On-premises
SOC, Managed SOC, Hybrid SOC.
7
At least 3 government / BFSI
clients. All work orders / contracts
should be in the name of the
bidder for SOC services.
Minimum value of any one project
should be above 5 crore.
Compliance
Document to be submitted
(Yes/ No)
the contract if the bidder
authorized by them fails to
perform.
Audited Balance Sheets for
last 3 years, i.e., 2016-17,
2017-18 & 2018-19 where
financial turnover is
segregated. Every sheet
should be duly certified by a
accountant or
accounting firm stating Net
Worth, Turnover and
Profit/Loss for last 3 financial
years.
or
A letter under the head of the
chartered accountant / or firm
certifying the financial
turnover of the company is to
be submitted with the bid.
Audited Balance Sheets for
last 3 years, i.e., 2016-17,
2017-18 & 2018-19 where
profit or loss from similar
works is segregated. Every
sheet should be duly certified
by a chartered accountant or
accounting firm stating Net
Worth, Turnover and
Profit/Loss for last 3 financial
years.
or
A letter under the head of the
chartered accountant / or firm
certifying the profit and loss of
the company from similar line
of service is to be submitted
with the bid.
Relevant MSA copy / Work
order copy / client satisfactory
letter regarding successful
implementation or ongoing of
security operation centre
(SOC) solution in the name of
the bidder is to be submitted.
The PO / letter should be in
the name of the bidder and
clearly mention the scope of
work.
146 | P a g e
RFP for Odisha SOC

Sr.
Pre-qualification criteria
No.
The bidder should have local office
in Odisha or should submit a
declaration for establishing an
8 office in Odisha within one month
of issuing of Letter of Intent (LoI)
from OCAC.
The bidder should not have been
blacklisted by Government of
9 India / Government of Odisha
during the last three years.
The bidder should have minimum
manpower strength as per the
different skill levels defined in the
document:
Compliance
Document to be submitted
(Yes/ No)
Self-certification with office
location addresses to be
submitted / declaration for
establishment of an office in
case LoI has been awarded.
The document should be on
the bidder’s letter head signed
by the authorized signatory.
An undertaking to this effect
in the company’s letter head
signed by authorized signatory
to be submitted as per
Proforma 21 of the RFP
document.

Level 1 analyst – minimum 20. An undertaking in the

Level 2 analyst – minimum 20. company‘s letter head signed
10
SME level - minimum 3. by authorized signatory to be
(The manpower criteria as submitted.
mentioned in the Section 8.2 and
8.3 of the RFP document)

All manpower should be on the

pay role of the company / bidder.
The bidder should be:
 ISO 9001:2008 or later
Copy of certificate to be
11 certified
submitted.
 ISO 20000: 2018 certified
 ISO 27001: 2013 certified

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

147 | P a g e
RFP for Odisha SOC

Proforma 8: Undertaking of Service Level Compliance

(To be declared in the bidder’s letter head)

Date:……………………

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Dear Sir/Madam,

Subject: Undertaking on Service Level Compliance

1. I/We as Implementing Agency do hereby undertake that we shall monitor,

maintain, and comply with the service levels stated in the RFP to provide quality
service to OCAC.
2. However, if the proposed resources, Non-IT Infrastructure and ICT components
are found to be insufficient in meeting the RFP and/or the service level
requirements given by OCAC, then we will augment the same without any
additional cost to OCAC.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

148 | P a g e
RFP for Odisha SOC

Proforma 9: Warranty Certificate

(To be declared in the bidder’s letter head)

Date:……………..
To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Sir/Madam,

We warrant that the equipment(s) supplied under the contract would be newly
manufactured, free from all encumbrances, defects and faults in material or
workmanship or manufacture, shall be of the highest grade and quality, shall be
consistent with the established and generally accepted standards for materials of the
type ordered, shall be in full conformity with the specifications, drawings of samples, if
any, and shall operate as designed. We shall be fully responsible for its efficient and
effective operation. We also warrant that the services provided under the contract shall
be as per the Service Level Agreement (SLA) with Government of Odisha / OCAC.

There are no technical deviations (null deviations) from the requirement specifications of
tendered items and schedule of requirements. The entire work shall be performed as per
your specifications and documents. In case, any item of hardware or software is found
non-compliant at any stage during project implementation, it would be replaced with a
fully compliant product/solution at no additional cost to OCAC. In case of non-adherence
of this activity, OCAC reserves the right to cancel the contract, in case the said contract
is awarded to us by OCAC. We further certify that our proposed solution meets, is
equivalent or better than the minimum technical specifications as given in the RFP.

The obligations under the warranty expressed above shall include all costs relating to
labour, spares, maintenance (preventive as well as unscheduled), and transport charges
from site to manufacturer’s works / service facilities and back for repair or modification
or replacement at site of the equipment or any part of the equipment, which under
normal care and proper use and maintenance proves defective in design, material or
workmanship or fails to operate effectively and efficiently or conform to the
specifications and for which notice is promptly given by OCAC to us (bidder). We shall
provide on-site support for all the equipment and services supplied hereunder during the
period of this warranty (4 years from the date of go-live) and entire service period for
services.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:
Designation: Date:

149 | P a g e
RFP for Odisha SOC

Proforma 10: Authorization letters from all OEMs

Date:…………….
To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Reference: Supply of equipment/software/License for the project “Engagement of

Agency for Implementation of Odisha Cyber Security Operations Centre (CSOC) at
OCAC, Bhubaneswar”

Sir/Madam,

We _______________________, (name and address of the manufacturer) who are

established and reputed manufacturers of __________________ having factories at
__________________ (addresses of manufacturing locations) do hereby authorize M/s
_______________________ (name and address of the Bidder) to bid, negotiate and
conclude the contract with you against the above mentioned RFP for the above
equipment manufactured by us.

We also do hereby assure that we would support our equipment/software/license and

freely upgrade them for a period of four years of Operations and Maintenance, from the
date of go-live of the project, by M/s _______________________ (name and address of
the Bidder) who has proposed to use for the project “Engagement of Agency for
Implementation of Odisha Cyber Security Operations Centre (CSOC) at OCAC,
Bhubaneswar” or his successor. We would also adhere to the timelines for maintenance
as indicated in this RFP by closely working with the Bidder or his successor for a period
of five years from the date of supply of the equipment. We abide by the commercials
quoted by the Bidder towards AMC charges for four years from the date of supply and
successful commissioning of equipment(s) i.e. Go-Live.

We confirm that the products quoted will not be end of life for next five years from the
last date of submission of bids.

Yours faithfully,

For and on behalf of M/s ________________________ (Name of the manufacturer)

Signature _________________________________

Name :

Designation :

Address :

150 | P a g e
RFP for Odisha SOC

Date :

Seal

Note: This letter of authority should be on the letterhead of the concerned manufacturer
and should be signed by a person competent and having the power of attorney to bind
the manufacturer.

151 | P a g e
RFP for Odisha SOC

Proforma 11: Proposal Covering Letter – Technical

(To be declared in the bidder letter head)

Date:……………………….

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Submission of technical proposal against RFP no…………….. for Engagement of

Agency for Implementation of Odisha Cyber Security Operations Centre (CSOC)

Sir,
We, the undersigned, offer to provide services to OCAC on Odisha Cyber Security
Operations Centre (CSOC) with your Request for Proposal dated………………………….

We are hereby submitting our Proposal, which includes this Technical bid as per the
Proforma, eligibility criteria and other relevant terms and conditions of the RFP.
We hereby declare that all the information and statements made in this Technical
bid are true and accept that any misinterpretation contained in it may lead to our
disqualification. We agree to abide by all the terms and conditions of the RFP
document. We would hold the terms of our bid valid for 180 days as stipulated in
the RFP document.
We hereby declare that we are not insolvent, in receivership, bankrupt or being
wound up, our affairs are not being administered by a court or a judicial officer, our
business activities have not been suspended and we are not the subject of legal
proceedings for any of the foregoing.

We understand you are not bound to accept any proposal you receive.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

152 | P a g e
RFP for Odisha SOC

Proforma 12: Compliance of Technical specification for IT and Non-IT

assets
(To be declared in the bidder’s letter head)

Date:………………….

To,
The General Manager (Admin),
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Bidder’s compliance for the technical specification as per the RFP for
Engagement of Agency for Implementation of Odisha Cyber Security Operations Centre
(CSOC)

Sir,

In reference to the subject cited, we provide assurance that all the equipment in
terms of IT and Non-IT assets to be provided for the Odisha Security Operation Centre
project are of the same or higher than the specifications as mentioned in the RFP -
Engagement of Agency for Implementation of Odisha Cyber Security Operations Centre
(CSOC) document.

In case of any discrepancy or non – compliance if observed in future; we shall be

held liable for the same.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

153 | P a g e
RFP for Odisha SOC

Proforma 13: Project Credentials Format

Sl.
Item Detail
No.
General Information
Customer Name/ Government
1.
Department
Details of Contact Person
 Name:
 Designation:
2.  Email:
 Phone: & Fax:
 Mailing Address:

Project Details
3. Name of the project
4. Government/Non-government
5. Start Date/End Date
(work in Progress (PAT/FAT/Go-Live) OR
6. Current Status
completed)
7. Contract Tenure
8. Area of the Data Centre
Effort involved in
9. Payroll person-months in the
complete project
Order Value of the
10
project (in Crores )
Please provide copies of Work
Order or Certificate of Completion
11.
for completed projects from the
customer
More than one same table content may be provided for more than one project detail. A
copy of the work order / MSA / contract should be attached with the format.

I do hereby acknowledge that the details provided above are true to best of my
knowledge.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the System Integrator)

Name: Place:
Designation: Date:

154 | P a g e
RFP for Odisha SOC

Proforma 14: Format for providing CV of Manpower to be proposed

Curriculum Vitae of Key Personnel’s

The bidder shall provide the summary table of details of the manpower that will be
deployed on this project during the implementation.

Table-A

Highest
Years of
Sr. Manpower qualification
Name of resource relevant
No Designation and
experience
certifications
1 SOC manager
Security
administration
2 and Threat
Intelligence
expert
3 SOC Engineer
SOC Level 2
4
Analyst
SOC Level 1
5
Analyst

Table-B

Supporting
Sl. No. Particulars Details
document
1. Key resource / Non Key resource
2. Name of the Personal
3. Current Designation/Job title
4. Current job responsibilities
5. Proposed Role in this project
Total experience and relevant
6.
experience (in years)
Number of years with the
7. organization and date of joining the
firm
Whether resource is engaged by the
8. YES/NO
firm in its own payrolls
Summary of Professional / Domain
9.
Experience
10. Date of Birth
Academic Qualifications:
Attach certificate of
11.  Degree
highest qualification
 Academic institution graduated

155 | P a g e
RFP for Odisha SOC

Supporting
Sl. No. Particulars Details
document
from
 Year of graduation
 Specialization (if any)
 Key achievements and other
relevant information (if any)
Attach relevant
12. Professional Certifications/ Training
certificates
Membership of Professional
13.
Associations
14. Employment Record*
 Details of similar project handled
& the role assigned
 Prior project experience
 Project name
 Customer
15.  Key project features in brief
 Location of the project
 Designation
 Role
 Responsibilities and activities
 Duration of the project
Work already undertaken that best
Detailed tasks Proposed to be
16. illustrates capability to handle the tasks
assigned
assigned**

17. Signature of the representative

I hereby declare that the above mentioned resource would be available during the
project phase of this RFP.

*Starting with present position, list in reverse order every employment held by the staff
member since graduation

**Among the assignments in which the staff has been involved, indicate brief details of
the project in which this responsibility was assigned (including nature and duration of
duty)

Yours sincerely,

(Seal & Signature of the Authorized signatory of the System Integrator)

Name: Place:

Designation: Date:

156 | P a g e
RFP for Odisha SOC

Proforma 15: Proposal Covering Letter – Financial

(To be declared in the bidder letter head)

Date:……………………….

To,
The General Manager, OCAC,
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Submission of Commercial proposal for RFP no……… for Engagement of Agency
for Implementation of Odisha Cyber Security Operations Centre (CSOC)

Sir,
We, the undersigned, have read and examined in detail the RFP documents for
“Engagement of Agency for Implementation of Odisha Cyber Security Operations Centre
(CSOC)”. I / we do hereby propose to provide services as specified in the RFP document
no……./…..dated …/…/……

1. Price proposal and validity

All the prices mentioned in our RFP are in accordance with the terms as specified in the
RFP documents. All the prices and other terms and conditions of this RFP are valid for a
period of 180 days as desired in the RFP.

We hereby confirm that our RFP prices include all taxes. However, all the taxes are
quoted separately under relevant sections. We have studied the clause relating to Indian
Income Tax and hereby declare that if any income tax, surcharge on Income Tax,
Professional and any other corporate Tax in altercated under the law, we shall pay the
same.

2. Unit rates
We have indicated in the relevant schedules enclosed the unit rates for the purpose of on
account of payment as well as for price adjustment in case of any increase to / decrease
from the scope of work under the contract.
185
3. Deviations

157 | P a g e
RFP for Odisha SOC

We declare that all the services shall be performed strictly in accordance with the RFP
documents except for the variations and deviations, all of which have been detailed out
exhaustively in the following statement, irrespective of whatever has been stated to the
contrary anywhere else in our proposal. Further, we agree that additional conditions, if
any, found in the RFP documents, other than those stated in deviation schedule, shall
not be given effect to.

4. RFP pricing
We further confirm that the prices stated in our proposal are in accordance you’re your
Proforma included in RFP documents.

5. Qualifying data
We confirm having submitted the information as required by you in your RFP document.
In case you require any other further information/documentary proof in this regard
before evaluation of our RFP, we agree to furnish the same in time to your satisfaction.

6. Performance bank guarantee bond

We hereby declare that in case the contract is awarded to us, we shall submit the PBG
bond in the form prescribed in Proforma of Bank Guarantee towards PBG and as per
General Conditions of Contract. We hereby declare that our RFP is made in good faith,
without collusion or fraud and the information contained in the RFP is true and correct to
the best of our knowledge and belief. We understand that our RFP is binding on us and
that you are not bound to accept any bid document you receive. We confirm that no
Technical deviations are attached here with this commercial offer.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

158 | P a g e
RFP for Odisha SOC

Proforma 16: Financial Proposal – IT and Non-IT (CAPEX)

(To be declared in bidder’s letter head)

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
IT assets (Indicative)
Network
1 Management Switch - 24 port Nos. 2
2 Network Router Nos. 1
3 16 port PoE Switch Nos. 1
4 L2 Switch - 48 port Nos. 2
Solution
Log Management appliances
1 Nos. 4/6
(Logger with Connector)*
2 Network Traffic analyzer Nos. 1
Anti – Advanced Persistent
3 Nos. 2
Threat Intelligence
Security Orchestration,
4 Automation and Response Nos. 1
(SOAR)
Security Information and Event
5 Nos. 0/1
Management (SIEM)#
Vulnerability Management
6 Nos. 1
Solution
Network Monitoring, Helpdesk
7 Nos. 1
& Ticketing software
Storage
1 SAN Switch Nos. 2
2 SAN Nos. 1

. 159 | P a g e
RFP for Odisha SOC

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
Others
Threat Intelligence feeds and
1 Nos. 1
updates
2 Training Nos. 1
Desktop / Printer
1 Desktop Nos. 17
2 LED monitors - additional Nos. 16
3 Multifunction printer Nos. 1
Non – IT assets (Indicative)
Civil and Interiors
1 Flooring
Bidder
Sqr
a False flooring to
Mtr
Propose
Bidder
Italian Marble / Composite Sqr
b to
stone flooring Mtr
Propose
Bidder
Sqr
c Carpet flooring to
Mtr
Propose
Bidder
Sqr
2 Partitions and Panelling to
Mtr
Propose
Bidder
Sqr
3 Paint to
Mtr
Propose
4 Doors

. 160 | P a g e
RFP for Odisha SOC

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
Bidder
a Double leaf glass door Nos. to
Propose
Bidder
b Fire rated steel door Nos. to
Propose
Bidder
Fire rated toughened glass
c Nos. to
door
Propose
Bidder
Sqr
5 False ceiling to
Mtr
Propose
Bidder
Sqr
a Metal Baffle ceiling to
Mtr
Propose
Bidder
Sqr
b Designer Acoustic false ceiling to
Mtr
Propose
Bidder
Sqr
c Curvilinear or designer ceiling to
Mtr
Propose
Bidder
Sqr
6 Air Conditioning to
Mtr
Propose
Electrical Wires, Switches & Bidder
Sqr
7 Conduits for ceiling and floor to
Mtr
lights Propose
Passive Cabling with Sqr Bidder
8
components Mtr to

. 161 | P a g e
RFP for Odisha SOC

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
Propose

9 LED Ceiling lights

Bidder
a General LED lights Nos. to
Propose
Bidder
b Circular / Dimmable LED lights Nos. to
Propose
Bidder
c LED strips Nos. to
Propose
Bidder
Distribution Board with
10 Nos. to
Electrical MCB complete
Propose
Modular switch board with Bidder
11 switches and sockets for Desk Nos. to
with complete wiring Propose
12 Earth pit Nos. 3
Bidder
Perforated cable tray (factory
13 Mtr to
made galvanized)
Propose
Bidder
Cable raceway for cabling and
14 Mtr to
wiring
Propose
Electrical
1 UPS - 20 KVA Nos 2
2 Battery bank Set 2

. 162 | P a g e
RFP for Odisha SOC

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
Furniture
Command centre control desk
1 Nos. 2
- 8 seater capacity
2 Manager Table Nos. 1
3 Meeting room table Nos. 1
4 Reception Table Nos. 1
5 Command centre chair Nos. 16
6 Chair for office and reception Nos. 6
7 Manager's chair Nos. 1
8 Storage Units Nos. 2
Bidder
9 Staff Locker unit Nos. to
Propose
10 Key Box Nos. 1
11 Dust bin (Stainless steel) Nos. 4
12 White board - Glass pasted Nos. 2
13 Sofa set Nos. 2
14 Coffee table Nos. 1
15 Pin up Notice board Nos. 2
Safety & Security System
Close circuit tele vision (CCTV)
1 Nos. 1
NVR - 16 channel
2 Dome camera – IP based Nos. 9
3 32 inch Display screen Nos. 2
Door Access control system for
4 8 access controls with main Set 1
panel & software

. 163 | P a g e
RFP for Odisha SOC

Total Total
Model price Tax Tax Price
Sr. OEM / Unit Price
Item Description UoM QTY / Part excluding rate amount including
No Make (in Rs.)
Detail tax (in (%) (in Rs.) tax (in
Rs.) Rs.)
A B C = A*B D E =D%*C F = C+E
5 Rodent repellant system Set 1
6 Fire extinguisher - handheld Nos. 5
Adressable Fire Detection and
7 Alarm system with software Set 1
(20 detectors, 3 sirens)
Network
42U Rack with 48 port jack
1 Nos. 1
panel
2 LED Display (70 inch) Nos. 8
Video wall controller &
3 Set 1
speakers with all accessories
Total amount (sum of all values in column C, E and F)

Total CAPEX cost (sum of all values in column F)

Total CAPEX cost in words (sum of all values in column F)

Note:

* Log Management appliances should be proposed as 4 nos. in quantity if existing asset is to be upgraded and utilized and 6 nos.
quantity to be proposed if new assets and solutions are to be proposed by the bidder.

# SIEM should be proposed as 0 nos. (zero) in quantity if existing asset is to be upgraded and utilized and 1 nos. (One) quantity to be
proposed if new asset and solution is to be proposed by the bidder.

. 164 | P a g e
RFP for Odisha SOC

Proforma 17: Financial Proposal – Manpower

(To be declared in bidder’s letter head)

Unit price Total Total tax Total price

Sr. Manpower No. of Total Price Tax rate
per month number of amount including tax
No Designation resource (in Rs.) (%)
(in Rs.) months (in Rs.) (in Rs.)
A B C = A*B D E=D%*C F=C+E

1 SOC manager 1 48
Security administration
2 and Threat Intelligence 1 48
expert
3 SOC Engineer 3 48

4 SOC Level 2 Analyst 7 48

5 SOC Level 1 Analyst 7 48

6 Receptionist 1 48

Total amount (sum of all values in column C, E and F)

Total amount in words (sum of all values in column F)

. 165 | P a g e
RFP for Odisha SOC

Proforma 18: Financial Proposal – Operations and Maintenance (OPEX)

(To be declared in bidder’s letter head)

Year 1 Year 2 Year 3 Year 4

Sl. No Item Description
OPEX (in Rs.) OPEX (in Rs.) OPEX (in Rs.) OPEX (in Rs.)
A B C D
Operations and Maintenance Cost
1. 0.00
estimate for IT asset
Operations and Maintenance Cost
2. 0.00
estimate for Non-IT asset

3. Cost estimate for proposed Manpower

TOTAL

Total OPEX cost (sum of total of columns A, B, C, D)

Total OPEX cost (in words)

. 166 | P a g e
RFP for Odisha SOC

Proforma 19: Financial Proposal – Total cost of the project (CAPEX + OPEX)

Sl. No Item Description Amount quoted by the bidder (in Rs.)

1. Total CAPEX Cost as per Proforma 16

2. Total OPEX Cost as per Proforma 18

Grand Total

Grand Total (in words)

. 167 | P a g e
RFP for Odisha SOC

Proforma 20: Financial Proposal – Additional cost

Any additional resource or tools if proposed by the bidder should be added as per the Proforma provided below. The bidder may add rows
to the format / template if required. This proforma for additional cost will not be a part of the financial evaluation.

Additional Manpower (temporary if required on request from OCAC)

Unit price Total Total tax Total price
Sl. Manpower No. of Total Price Tax rate
per month number of amount including tax
No description resource (in Rs.) (%)
(in Rs.) months (in Rs.) (in Rs.)
A B C = A*B D E=D%*C F=C+E
1 Forensic Analyst 1 1
Threat Hunting 1
2 1
Specialist
3 Security trainer 1 1
TOTAL
TOTAL (in words)

Additional licensing / tools

Quantity Total tax Total price
Sl. Make & Unit price Total Price Tax rate
Manpower description / amount (in including tax
No Model (in Rs.) (in Rs.) (%)
Capacity Rs.) (in Rs.)
A B C=A*B D E=D%*C F=C+E
Vulnerability management
1 solution license – per device
/ per IP
User licenses (to be added
2 by bidder) – per device / per
user
3 Storage per 01 TB in SAN
Any other solution to be
proposed by the bidder
4
can be mentioned by
adding rows to the table*
TOTAL
TOTAL (in words)
*Note: The bidder has to submit the technical specification with justification for the additional solution / appliance proposed.

. 168 | P a g e
RFP for Odisha SOC

Proforma 21: Letter for self-declaration of clean track record

(To be declared in the bidder letter head)

To,
The General Manager, OCAC,
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Subject: Self-declaration for clean track record of services

Sir,

I hereby declare that my company…………………………. has not been debarred / blacklisted

by Government of India / Government of Odisha in the last three years for indulging in
corrupt or fraudulent practices or for indulging in unfair trade practices and not backed
out from executing the work after award of the work as on the RFP submission date.
My company…………………………… is also not involved in any major litigation that may have
an impact of affecting or compromising the delivery of services as required under this
RFP.

I further certify that I am competent authority in my company has authorized me to

make this declaration.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the bidder)

Name: Place:

Designation: Date:

169 | P a g e
RFP for Odisha SOC

Proforma 22: Format of Bank guarantee

(Should be a legal document)

Ref. No._____________________________
Bank Guarantee No _____________ Dated______________

To,
The General Manager, OCAC,
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square,
Near Planetarium, P.O. – RRL,
Bhubaneswar 751013

Dear Sir,
In consideration of Odisha Computer Application Centre, Bhubaneswar, India (hereinafter
referred to as ‘OCAC’, which expression shall, unless repugnant to the context or meaning
thereof, include all its successors, administrators, executors and assignees) after receipt of
the Letter of Intent (LOI) dated………………………………… with M/s
…………………………………………………… having it’s registered / head office at
…………………………………………….. (hereinafter referred to as the implementation agency) which
expression shall, unless repugnant to the context or meaning thereof include all its
successors, administrators, executors and assignees) and OCAC having agreed that the
Implementation agency shall furnish to OCAC a performance guarantee for 10% of the
Total Project Cost for the faithful performance of the entire contract.

We (name of the bank) …………………………………………………. registered under the laws of

_______ having head / registered office at……………………………………..(hereinafter referred to
as "the Bank", which expression shall, unless repugnant to the context or meaning thereof,
include all its successors, administrators, executors and permitted assignees) do hereby
guarantee and undertake to pay immediately on first demand in writing any / all moneys to
the extent of 10% of the Total Project Cost without any demur, reservation, contest or
protest and / or without any reference to the Implementation agency. Any such demand
made by OCAC on the Bank by serving a written notice shall be conclusive and binding,
without any proof, on the bank as regards the amount due and payable, notwithstanding
any dispute(s) pending before any Court, Tribunal, Arbitrator or any other authority and /
or any other matter or thing whatsoever, as liability under these presents being absolute
and unequivocal. We agree that the guarantee herein contained shall be irrevocable and
shall continue to be enforceable until it is discharged by OCAC in writing. This guarantee
shall not be determined, discharged or affected by the liquidation, winding up, dissolution
or insolvency of the implementation agency and shall remain valid, binding and operative

170 | P a g e
RFP for Odisha SOC

against the bank.

The Bank also agrees that OCAC at its option shall be entitled to enforce this Guarantee
against the Bank as a principal debtor, in the first instance, without proceeding against the
implementation agency and notwithstanding any security or other guarantee that OCAC
may have in relation to the implementation agency’s liabilities.

The Bank further agrees that OCAC shall have the fullest liberty without our consented
without affecting in any manner our obligations hereunder to vary any of the terms and
conditions of the said contract or to extend time of performance by the said implementation
agency from time to time or to postpone for any time or from time to time exercise of any
of the powers vested in OCAC against the said implementation agency and to forbear or
enforce any of the terms and conditions relating to the said agreement and we shall not be
relieved from our liability by reason of any such variation, or extension being granted to the
said implementation agency or for any forbearance, act or omission on the part of OCAC or
any indulgence by OCAC to the said implementation agency or any such matter or thing
whatsoever which under the law relating to sureties would, but for this provision, have
effect of so relieving us.

The Bank further agrees that the Guarantee herein contained shall remain in full force
during the period that is taken for the performance of the contract and all dues of OCAC
under or by virtue of this contract have been fully paid and its claim satisfied or discharged
or till OCAC discharges this guarantee in writing, whichever is earlier.

This Guarantee shall not be discharged by any change in our constitution, in the
constitution of OCAC or that of the implementation agency.

The Bank confirms that this guarantee has been issued with observance of appropriate laws
of the country of issue.

The Bank also agrees that this guarantee shall be governed and construed in accordance
with Indian Laws and subject to the exclusive jurisdiction of Indian Courts of OCAC.

Notwithstanding anything contained herein above, our liability under this Guarantee is
limited to Indian Rs. (in figures)……………………………………………. (Indian Rupees (in words)
____________________) and our guarantee shall remain in force until
……………………………………………………………… (indicate OCAC date of expiry of bank guarantee).
Any claim under this Guarantee must be received by us before the expiry of this Bank
Guarantee. If no such claim has been received by us by the said date, the rights of OCAC

171 | P a g e
RFP for Odisha SOC

under this Guarantee will cease. However, if such a claim has been received by us within
the said date, all the rights of OCAC under this Guarantee shall be valid and shall not cease
until we have satisfied that claim.

In witness whereof, the Bank through its authorized officer has set its hand and stamp
on this ………………………Day of……………….……….20…. at …………………………

172 | P a g e
RFP for Odisha SOC

Proforma 23: Non-Disclosure Agreement

Non-Disclosure Agreement

I, <name>, aged about……<age>., employed with

………………………………,<organization name> (“the Organization”)
…………………………….<location of office / organization) as a………………………… <position>
in the ………………………… <service line> have been deputed/assigned to work on
…………………………………………………<project name> (“the Engagement”) for
Organization’s client …………………………………………………….. <client name> (“the Client”).

2. I acknowledge that as per the terms of my employment and the Code of Ethics
applicable to me, I am obliged to keep all confidential information of the
Organization, its affiliates or associates, including but not limited to their personnel,
clients, vendors, customers, business associates etc., in strictest confidence and not
disclose the same to anyone without the prior written consent of the Organization.

3. I acknowledge that in the course of working on the Engagement, I may have access
to or become privy to or otherwise receive non-public information of or relating to
the Client, its subsidiaries, affiliates or associates including but not limited to
information relating to their employees, clients, vendors, customers, business
associates etc. (“Confidential Information”).

4. Without prejudice to the generality of my acknowledgement and obligation under

paragraph 2 above, I specifically acknowledge and agree to maintain the Confidential
Information in strictest confidence and not give access to, share with or otherwise
disclose the same to any persons (including the Client’s and Organization’s
personnel) other than those with whom I am required to share the Confidential
Information strictly on a ‘need to know’ basis in the course of performing my duties
under the Engagement i.e. where there is a legal or professional right to know.

5. I shall take all necessary precautions to maintain the confidentiality of the

Confidential Information, including, but not limited to ensuring that:

 All physical media that holds Confidential Information (i.e., papers, CD-ROMs,
tapes, envelops, binders, file folders, etc.) are always stored in secure places
when not in use.

 My computer system is always locked with password when left unattended.

 Confidential Information pertaining to the Engagement is deleted from my laptop

after archiving all necessary information, data and files in accordance with the
archival policies.

6. I agree that my obligation to maintain the confidentiality of the Confidential

Information shall survive and continue to apply even after the termination of the
Engagement and my employment with the Organization

Signature:

Dated:

173 | P a g e
RFP for Odisha SOC

Proforma 24: Undertaking on Exit Management

(To be declared in the bidder letter head)

Date:……..
To
General Manager (Admin)
Odisha Computer Application Centre,
N1/ 7D, Acharya Vihar Square, Near Planetarium,
P.O. – RRL, Bhubaneswar, Odisha, Pin-751013

Dear Sir/Madam,

Subject: Undertaking on Exit Management and Transition

1. I/We hereby undertake that at the time of completion of our engagement with OCAC,
either at the End of Contract or termination of Contract before planned Contract
Period for any reason, we shall successfully carry out the exit management and
transition of this Project to OCAC or to an agency identified by OCAC to the
satisfaction of OCAC. I/We further undertake to complete the following as part of the
Exit management and transition:

a. We undertake to complete the updating of all Project documents and other

artefacts and handover the same to OCAC before transition.

b. We undertake to design standard operating procedures to manage system

(including application and IT systems), document the same and train OCAC
personnel on the same.

c. If OCAC decides to take over the operations and maintenance of the Project
on its own or identifies or selects any other agency for providing operations &
maintenance services on this Project, then we shall provide necessary
handholding and transition support, which shall include but not be limited to,
conducting detailed walkthrough and demonstrations for the IT Infrastructure,
handing over all relevant documentation, addressing the queries/clarifications
of the new agency with respect to the working / performance levels of the ICT
components , conducting Training sessions etc.

2. I/We also understand that the Exit management and transition will be considered
complete on the basis of approval from OCAC.

Yours sincerely,

(Seal & Signature of the Authorized signatory of the System Integrator)

Name: Place:

Designation: Date

174 | P a g e
RFP for Odisha SOC

------------------------------------End of Document--------------------------------

175 | P a g e