KCBK BD 3779 Supplier

RFP KCBK_BD_3779
Background
KCB Group (hereinafter referred to as "the Group") is a leading Commercial Banking

Group in the East African region renowned for its diversity and growth.
The Group's vision is to be the preferred financial solutions provider in Africa with global
reach. The Group has 10 subsidiary companies across the East African Region in KCB
Kenya, Uganda, Rwanda, Tanzania, Burundi, DRC and South Sudan.
The information in this document and its appendices and attachments is confidential
and is subject to the provisions of our non-disclosure agreement and should not be
disclosed to any external party without explicit prior written consent of the Group.
This document constitutes the formal Request for Proposals (RFP) for Supply,
implementation, and Maintenance of a Security Awareness and Attack Simulation
solution and is being availed on open tender basis and is open for bids from
companies that meet the requirements stated herein.
Aims and Objectives of the tender
This document constitutes the formal Request for Proposals (RFP) for SUPPLY,
IMPLEMENTATION AND MAINTENANCE OF A SECURITY AWARENESS AND
ATTACK SIMULATION SOLUTION for KCB Group. The detailed requirements are
given in the requirements section of this RFP.
Financial Proposal Requirements
The Financial proposal shall clearly indicate the total cost of ownership, but should be
broken down to clearly indicate the cost of Equipment (if any), installation (professional
services) & commissioning charges, support charges. The total cost should be inclusive
Proprietary and Confidential 10/15/24 8:42 AM

1
RFP KCBK_BD_3779
of all applicable taxes. A two-stage procedure will be adopted by the Bank for
evaluating the proposals, with the technical evaluation of all proposals received in time
being completed prior to any financial proposal being evaluated.
Clarification of Bidding Document
All correspondence related to the contract shall be made in English. Any clarification
sought by the bidder in respect of the project shall be addressed at least 4 days (4)
calendar days before the deadline for submission of bids, in writing to the Head, Group
Supply Chain Management. The queries and replies thereto shall then be circulated to
all other prospective bidders (without divulging the name of the bidder raising the
queries) in the form of an addendum, which shall be acknowledged in writing by the
prospective bidders. Enquiries for clarifications should be sent via the procurement
sourcing system on the message menu.
Terms of Bidding
Assuming that the contract is satisfactorily concluded the bidders shall be expected to
install, test, document and commission the solution within the duration determined after
the final agreement is reached and/or purchase order is given.
The Bank reserves the right to accept or to reject any bid, and to annul the bidding
process and reject all bids at any time prior to the award of the contract, without thereby
incurring any liability to any Bidder or any obligation to inform the Bidder of the grounds
for its action.
Proposal and Negotiation Costs
All costs pertaining to the preparation of a proposal and negotiations of a contract shall
be borne by the firms submitting proposals. The Bank will in no case be responsible or
liable for those costs, regardless of the conduct or outcome of the bidding process.
Currency for Pricing of Tender
All bids in response to this RFP should be expressed in KES. However, proposals in
USD currency may be accepted for foreign entities. Costs should be inclusive of VAT,
withholding taxes and other applicable taxes where necessary).
Deadline for the submission of bids
The bid deadline for this RFP is indicated in the sourcing portal as 18th October 2024
By 5pmEAT

2
RFP KCBK_BD_3779
Cost Structure and Non-escalation
The bidder shall, in their offer (Financial Proposal), detail the proposed costs. No price
escalation under this contract shall be allowed. The Bank shall not compensate for any
costs incurred in the preparation and submission of this RFP.
Amendment of Bidding Document
At any time prior to the deadline for submission of bids, the Bank, for any reason,
whether at its own initiative or in response to a clarification requested by a prospective
Bidder, may modify the bidding documents by amendment. All prospective Bidders that
have received the bidding documents will be notified of the amendment in writing, and it
will be binding on them. To allow prospective bidders reasonable time to take any
amendments into account in preparing their bids, the Bank may at its sole discretion
extend the deadline for the submission of bids based on the nature of the amendments.
Taxes and Incidental Costs
The prices and rates in the financial offer will be deemed to be inclusive of all taxes and
any other incidental costs.
Correction of Errors.
Bids determined to be substantially responsive will be checked by the Bank for any
arithmetical errors. Errors will be corrected by the Bank as below:
▪ Where there is a discrepancy between the amounts in figures and in words, the
amount in words will govern, and
▪ Where there is a discrepancy between the unit rate and the line total resulting from
multiplying the unit rate by the quantity, the unit rate as quoted will govern.
The price amount stated in the Bid will be adjusted by the Bank in accordance with the
above procedure for the correction of errors.
Evaluation and Comparison of Bids
Technical proposals will be evaluated prior to the evaluation of the financial bids.
Financial bids of firms whose technical proposals are found to be non-qualifying in
whatever respect may be returned unopened.

3
RFP KCBK_BD_3779
Submit your Response to the following KCB Supplier Portal
https://eoin.fa.em3.oraclecloud.com
When submitting your response, include the following information.

Your Company Name
Company Site (Optional)
Address
Contact Details
Response Valid Until
(Optional)
This document has important legal consequences. The information contained in this document is proprietary of KCB
Bank Kenya Limited. It shall not be used, reproduced, or disclosed to others without the express and written consent
of KCB Bank Kenya Limited.

4
RFP KCBK_BD_3779
Table of Contents
1 Overview.......................................................................................................................................................................6
1.1 General Information..............................................................................................................................................6
1.2 Schedule................................................................................................................................................................6
1.3 Negotiation Controls.............................................................................................................................................6
1.4 Response Rules.....................................................................................................................................................6
1.5 Terms....................................................................................................................................................................6
1.6 Attachments..........................................................................................................................................................6
2 Requirements................................................................................................................................................................7
2.1 Section 1. Company Profile................................................................................................................................12
2.2 Section 2. Attack Simulation..............................................................................................................................14
2.3 Section 3. Cyber Security Awareness Training.................................................................................................17
2.4 Section 4. Program Measurement and Reporting...............................................................................................19
2.5 Section 5. Scalability and Performance..............................................................................................................22
2.6 Section 6. Portability: Cloud, Offline and Mobile access...................................................................................23
2.7 Section 7. Integration..........................................................................................................................................24
2.8 Section 8. Non-functional requirements.............................................................................................................24
2.9 Section 9. Project Management Deliverables.....................................................................................................26
2.10 Section 10. Post Implementation Support.........................................................................................................29
2.11 Section 11. Complete Technical Proposal........................................................................................................29
3 Lines............................................................................................................................................................................30
3.1 Line Information.................................................................................................................................................30
3.2 Line Details.........................................................................................................................................................30
3.2.1 Line 1............................................................................................................................................................30
3.2.2 Line 2............................................................................................................................................................30
3.2.3 Line 3............................................................................................................................................................31
3.2.4 Line 4............................................................................................................................................................31
3.2.5 Line 5............................................................................................................................................................31
3.2.6 Line 6............................................................................................................................................................31
3.2.7 Line 7............................................................................................................................................................32
3.2.8 Line 8............................................................................................................................................................32
4 Appendix: Alternate Lines..........................................................................................................................................33
4.1 Instructions for Alternate Lines..........................................................................................................................33
4.2 Alternate Lines Template...................................................................................................................................33

5
RFP KCBK_BD_3779
1 Overview
1.1 General Information
Title SUPPLY, IMPLEMENTATION AND MAINTENANCE OF A SECURITY
AWARENESS&ATTACK SIMULATION
Buyer Janet Kamau Outcome Purchase Order
E-Mail JMKamau3@kcbgroup. Two Stage Evaluation Yes
com
This is a two stage negotiation and all responses will be evaluated in two stages.
1.2 Schedule
Preview Date Open Date 10/4/24 5:06 PM
Close Date 10/18/24 5:00 PM Award Date
Time Zone Eastern African Time
1.3 Negotiation Controls

Response Visibility Sealed
Lines Settings
Rank Indicator 1,2,3...
Ranking Method Price only
1.4 Response Rules
This negotiation is governed by all the rules displayed below.
Rule
Suppliers are allowed to respond to selected lines
Suppliers are required to respond with full quantity on each line
Suppliers are allowed to revise their submitted response
1.5 Terms
Payment Terms Freight Terms

Shipping Method FOB
Negotiation Currency KES (Kenyan
Shilling)
Price Precision 2
Eligible Response Currencies

Check the one currency in which you will enter your response.
Response Description Conversion Rate Price Precision
Currency
KES Kenyan Shilling 1 2
USD US Dollar 1 USD = 134 KES 2
1.6 Attachments
File Name or URL Type Description
RFP - Security Awareness And A File RFP document

6
RFP KCBK_BD_3779
2 Requirements
*Response is required

7
RFP KCBK_BD_3779
GENERAL CONDITIONS OF CONTRACT
3.1. Introduction
Specific terms of contract shall be discussed with the bidder whose proposal will be accepted by the Bank. The
resulting contract shall include but not be limited to the general terms of contract as stated below from 3.2 to 3.23.
3.2. Award of Contract
Following the opening and evaluation of proposals, the Bank will award the Contract to the successful bidder or
multiple bidders whose bids have been determined to be substantially responsive. The Bank will communicate to the
selected bidder its intention to finalize the draft conditions of engagement submitted earlier with his proposals. After
agreement will have been reached, the successful Bidder shall be invited for agreement and signing of the Contract
Agreement to be prepared by the Bank in consultation with the Bidder.
3.3. Application of General Conditions of Contract
These General Conditions (sections 3.2 to 3.23) shall apply to the extent that they are not superseded by provisions in
other parts of the Contract that shall be signed.
3.4. Bid Validity Period
Bidders are requested to hold their proposals valid for ninety (90) days from the closing date for the submission.
3.5. Non-variation of Costs
The prices quoted for the service and subsequently agreed and incorporated into the contract shall be held fixed for the
contract period.
3.6. Delays in the Bidder's Performance
Delivery and performance of the solution shall be made by the successful Bidder in accordance with the time schedule
as per Agreement.
If at any time during the performance of the Contract, the Bidder should encounter conditions impeding timely

8
RFP KCBK_BD_3779
delivery and performance of the Solution, the Bidder shall promptly notify the Bank in writing of the fact of the delay,
it's likely duration and its cause(s). As soon as practicable after receipt of the Bidder's notice, the Bank shall evaluate
the situation and may at its discretion extend the Bidder's time for performance, with or without liquidated damages, in
which case the extension shall be ratified by the parties by amendment of the Contract.
Except in the case of "force majeure" as provided in Clause 3.14, a delay by the Bidder in the performance of its
delivery obligations shall render the Bidder liable to the imposition of liquidated damages pursuant to Clause 3.8.
3.7. Liquidated damages for delay
The contract resulting out of this RFP shall incorporate suitable provisions for the payment of liquidated damages by
the bidders in case of delays in performance of contract.
All services must be delivered and implemented within agreed timelines after the bank issues a purchase order. Any
delayed in commencement of the execution of the contract will attract a penalty which will be specified in the
agreement signed by both parties.
Notwithstanding the provisions detailed in this section above, the bank reserves the right to terminate the award at any
time and take corrective measures as necessary to protect the bank interests, which interest are solely determined by
the bank.
3.8. Governing Language
The Contract shall be written in the English Language. All correspondence and other documents pertaining to the
Contract which are exchanged by the parties shall also be in English.
3.9. Applicable Law
This agreement arising out of this Request for Proposal shall be governed by and construed in accordance with the
laws of Kenya and the parties submit to the exclusive jurisdiction of the Kenyan Courts.
3.10. Bidder's Obligations

9
RFP KCBK_BD_3779
The Bidder is obliged to work closely with the Bank's staff, act within its own authority, and abide by directives issued
by the Bank that are consistent with the terms of the Contract.
The Bidder will abide by the job safety measures and will indemnify the Bank from all demands or responsibilities
arising from accidents or loss of life, the cause of which is the Bidder's negligence. The Bidder will pay all indemnities
arising from such incidents and will not hold the Bank responsible or obligated.
The Bidder is responsible for managing the activities of its personnel, or subcontracted personnel, and will hold itself
responsible for any misdemeanors. The Bidder will not disclose the Bank's information it has access to, during the
course of the work, to any other third parties without the prior written authorization of the Bank. This clause shall
survive the expiry or earlier termination of the contract.
3.11. The Bank's Obligations
In addition to providing Bidder with such information as may be required by the bidder to complete the project, the
Bank shall,
a) Provide the Bidder with specific and detailed relevant information concerning the contract.
b) In general, provide all information and access to Bank's personnel:
3.12. Confidentiality
The parties undertake on behalf of themselves and their employees, agents and permitted subcontractors that they will
keep confidential and will not use for their own purposes (other than fulfilling their obligations under the contemplated
contract) nor without the prior written consent of the other disclose to any third party any information of a confidential
nature relating to the other (including, without limitation, any trade secrets, confidential or proprietary technical
information, trading and financial details and any other information of commercial value) which may become known
to them under or in connection with the contemplated contract. The terms of this Clause shall survive the expiry or
earlier termination of the contract.
3.13. Force Majeure
a. Neither Bidder nor Bank shall be liable for failure to meet contractual obligations due to Force Majeure.

10
RFP KCBK_BD_3779
b. Force Majeure impediment is taken to mean unforeseen events, which occur after signing the contract with
the successful bidder, including but not limited to strikes, blockade, war, mobilization, revolution or riots, natural
disaster, acts of God, refusal of license by Authorities or other stipulations or restrictions by authorities, in so far
as such an event prevents or delays the contractual party from fulfilling its obligations, without its being able to
prevent or remove the impediment at reasonable cost.
c. The party involved in a case of Force Majeure shall immediately take reasonable steps to limit consequence
of such an event.
d. The party who wishes to plead Force Majeure is under obligation to inform in writing the other party without
delay of the event, of the time it began and its probable duration. The moment of cessation of the event shall also
be reported in writing.
e. The party who has pleaded a Force Majeure event is under obligation, when requested, to prove its effect on
the fulfilling of the contemplated contract.
3.14. Payments
The Bank's standard payment terms is forty five (45) days from the date of invoice. Please note that KCB shall only
make payments through a KCB Account and thus you are encouraged to open a KCB account in case you do not
have one.
3.15. Way Forward
Once the bids are opened, bid analysis will commence and vendors may be informed when their bid has been short-
listed. Short listed vendors will be invited to demonstrate their proposal if need be and to make arrangements for site
visits. In the event that the bank may need to visit client site, vendors will be notified in writing. The bank may also
make surprise unannounced visits to the vendors offices to verify any information contained in the bid document. All
visits are at the discretion of the bank.
3.16. Bid Effectiveness
It is a condition of the bank that the vendor guarantees the sufficiency, and effectiveness of the service model proposed
to meet the bank requirements as outlined in this document. The Bank will hold the vendor solely responsible for the
accuracy and completeness of information supplied in response to this tender. The bank will hold the vendor
responsible for the completeness of the service model proposed and that were the vendor to be awarded the tender,
they would implement the service model without any additional requirements from the bank.
3.17. Contract Provision
The bank will not make any payments in advance. The Bank will issue a Purchase Order for all the services ordered.
The Purchase Order will be paid within 45 days after as agreed upon aforesaid herein. Any payments for the

11
RFP KCBK_BD_3779
maintenance services will be subject to a contract to be agreed with the vendor. The bank will not accept partial
deliveries, and neither will the bank make partial payments.
3.18. Buyer's Rights
The Bank reserves the right to reject any or all the tender bids without giving any reasons and the Bank has no
obligation to accept any offer made. The Bank also reserves the right to keep its selection and selection criteria
confidential. Bids not strictly adhering to tender document conditions may not be considered by the Bank whose
decision on the matter shall be final. The vendor's terms and conditions will not form part of any contract with the
Bank in relation to this tender. Bids not strictly adhering to RFP conditions may not be considered by KCB whose
decision on the matter shall be final.
Canvassing is prohibited and will lead to automatic disqualification.
3.19. Responsibility as an independent contractor
The vendor agrees to take overall responsibility for any services rendered; regardless of whether third parties engaged
by the vendor or the vendor himself carry them out
3.20. Delivery
The delivery timelines shall be as specified in the scope of work, bank will not accept any partial deliveries.
3.21. Risk of Loss
The supplier covers all risks of loss and damage to any equipment for the implementation of the solution, until the
equipment has been delivered to the premises of KCB. Once the equipment /solution has been installed and tested the
responsibility is transferred to KCB.
2.1 Section 1. Company Profile (Technical)

*1.
Does your company have a code of conduct/Ethics policy? If so, please attach a copy
Select one of the following:

a. Yes (Response attachments are required)
b. No

12
RFP KCBK_BD_3779
*2.
Evidence of of any quality assurance accreditation that your company holds e.g. ISO 9000
certifications. If no accreditation held, please provide a description of your current quality system

b. No
Comments:
*3.
Attach your company profile

b. No
*4.
Names of shareholders/directors/principals of the company with % of shares held
*5.
Core business activity (provide option where applicable)
*6.
Associated companies if any

13
RFP KCBK_BD_3779
*7.
Director(s)/ Principals ID Number
*8. SIGN AND SUBMIT DECLARATION FORM
Attachments:
DECLARATION FORM . File
pdf
a. SIGN AND SUBMIT DECLARATION FORM (Response attachments are required)
Comments:
*9.
PLEASE READ ACKNOWLEDGE AND SIGN CONFORMANCE TO THE VENDOR CONFLICT OF
INTEREST DISCLOSURE FORM
Attachments:
CONFLICT OF File
INTEREST STATEMENT
a. ACKNOWLEDGE CONFORMANCE TO THE VENDOR CONFLICT OF INTEREST DISCLOSURE FORM
(Response attachments are required)
b. DOES NOT ACKNOWLEDGE CONFORMANCE TO THE VENDOR CONFLICT OF INTEREST
DISCLOSURE FORM (Response attachments are required)
Comments:
2.2 Section 2. Attack Simulation (Technical)

*3. The Solution must allow random delivery of phishing simulation emails, having each staff receive a unique test
depending on their risk rating or custom configuration.
b. No (Response attachments are optional)
Comments:
*1. Solution must provide all required functionalities to send phishing emails (Campaign) to a large number of internal

14
RFP KCBK_BD_3779
users (employees, contractors, consultants) and third parties on their corporate mailbox.
Comments:
*2. Distribution: Solution must allow planning of campaigns in advance and schedule messages to be sent in batches on a
deferred basis, over a certain period (period should also be customizable).
Comments:
*4. Solution must provide phishing templates drawn from real-world threats employing updated social engineering
techniques, classified according to different degrees of complexity and applicable to the African continent. Templates
should be customizable to include some user's details, such as name and position.
Comments:
*5. Solution must support capture of system user details/metadata statically/manually and dynamically from a central
directory e.g. Active Directory to allow customized distribution of campaigns based on that data. Additional custom
fields must also be possible to allow tagging or categorization of system users based on custom attributes e.g
assessment outcome, cybersecurity training completion
Comments:
*6. The solution vendor, as part of the license, must support development of customized content/templates.
Comments:
*7. Solution should allow the definition KCB branded emails/payload/content independent from the standard templates
provided by the solution.

15
RFP KCBK_BD_3779

Comments:
*8. Solution should provide for advanced attack simulation techniques e.g USB drive testing, QR codes
Comments:
*9. Solution should allow for auditing of simulation-recipient interaction with an attack simulation payload.
Comments:
*10. Solution should provide integrations that allow staff to report phishing simulation through the platform for further
processing e.g sending positive reinforcement notifications
Comments:
*11. The solution must be able to target staff with a certain campaign according to multiple criteria including:
- Randomly, from the whole population

- From a Focus List or Target List
- From a specific department
- From the results of a previous assessments
Comments:
*12. The solution should leverage on machine learning capabilities to recommend and deliver informed and personalized
attack simulation templates based on training and assessment history

16
RFP KCBK_BD_3779

Comments:
*13. The solution should provide an assessment for security awareness proficiency to measure understanding of cyber
security concepts
Comments:
*14. The solution should support table-top exercise scenarios to aid in the training of cyber security incident response and
recovery teams such as ransomware attacks.
*15. The solution should have a mechanism to integrate live threat data and adapt attack simulation campaigns accordingly,
rather than relying on static phishing templates.
Comments:
2.3 Section 3. Cyber Security Awareness Training (Technical)

*1. The solution should provide all required functionalities to deliver security awareness training to a large number of
internal users (employees, contractors, consultants) and third parties on their corporate mail addresses.
Comments:
*2. The solution should provide Cyber Security Awareness Interactive Training Modules, with imagery and interactive
elements that are region-specific, localized beyond language translation.
Comments:

17
RFP KCBK_BD_3779
*3. The solution should provide Interactive Cyber Security Awareness Games like crosswords, trivia's, puzzles etc
Comments:
*4. The solution should support downloading of imagery, videos or documents for customization and sharing using other
platforms such an Learning management system.
Comments:
*5. The solution should provide gamification of learning, with leaderboards, badges and downloadable certificates
*6. The tool should avail varied and engaging content that can be consumed by individuals on varying concept-specific
proficiency and job role basis.
Comments:
*7. The solution should enforce attention from users by using various techniques including active content that the learners
have to interact with as they progress in the course, pause when a user clicks away from running content, knowledge
checks, captivating as well as relatable content.
Comments:
*8. The solution should allow automated training assignment based on cyber security behaviors, assessment performance
and administrator manual configuration
Comments:

18
RFP KCBK_BD_3779
*9. The solution should allow the upload of custom content, how-to guides, and cyber security newsletters
Comments:
*10. The solution should allow custom upload, assignment, and attestation/acknowledgement of policy documents with
auditable interaction
Comments:
*11. The solution should leverage machine learning capabilities to recommend and deliver personalized training content
based on training and assessment history of an individual
Comments:
*12. The solution should allow to plan security training campaigns in advance and schedule content to be sent in batches on
a deferred basis, over a certain period (period should also be customizable).
Comments:
*13. The solution should frequently send reminders on incomplete post-simulation training to staff
Comments:
2.4 Section 4. Program Measurement and Reporting (Technical)

*1. The solution should provide robust and customizable reporting with analytics dashboard that depicts metrics focused

19
RFP KCBK_BD_3779
on security culture
Comments:
*2. Solution must support customized reporting based on attributes captured from a central staff database as well as
additional custom fields.
Comments:
*3. The platform should be able to report on but not limited to the following aspects of cyber security awareness training:
- Users who have signed in to the platform.

- Users who have not signed in.
- Users who have started training.
- Users who have not started training.
- Users who have started but not completed training.
- Users who have completed assigned training.
- Users who have/have not acknowledged attached security policy.
- Total time spent on training
- Total training hours per staff.
Comments:
*4. The solution should provide an individual risk score for users based on the following:
- Behavior- Response to simulated attacks and real-world suspicious activity

- Job Function - Level of access to sensitive data and subject knowledge proficiency
- Training - Training modules completed, and time spent on training.
- Exposure - User's information exposed in data breaches
Comments:
*5. The solution should provide an organization-wide risk score calculated based on all data available on the platform

20
RFP KCBK_BD_3779

Comments:
*6. The solution should, on a single pane of glass, provide a user report card detailing a personal risk score, attack
simulation performance, training performance and a timeline of events.
Comments:
*7. The solution should be able to provide a report on but not limited to the following aspects related to attack simulation
and assessment:
- Failures in the first 24 hours after delivery

- Failure by day (for a multi-day campaign)
- Failure mapped out geographically/ by region that the bank operates in
- Recipients of a campaign
- Users who opened an email.
- Users who clicked a phishing link.
- Users who replied to a phishing test.
- Users who opened attachments.
- Users who enabled macros on an opened attachment.
- Users who entered data on a credential-capture landing page.
- Users who reported a phishing email.
- Users who deleted the phishing email.
- Organization-wide performance over time
- Individual or Group performance
- Failures can be filtered by Manager, Location, Phishing Campaign, Email Template, Template, Category, or User
Group
Comments:
*8. The solution should provide an organizational ranking against industry benchmarks and performance of other
organizations in the same industry and relative size in employee count and cyber exposure
Comments:
*9. The solution should provide a periodic(monthly) exposure check for staff against data breaches

21
RFP KCBK_BD_3779

Comments:
*10. The solution should provide a periodic(monthly)report on look-alike domains (for all KCB Group domains) that can be
used against staff and customers as well as leaked passwords(Of KCB and KCB related accounts)
Comments:
*11. The solution should allow for more detailed, dynamic, and customized reports with user-defined filters and integration
with third-party BI tools to accommodate evolving KCB needs.
Comments:
2.5 Section 5. Scalability and Performance (Technical)

*1. The system should be scalable enough to handle a high number of users accessing content simultaneously and perform
efficiently.
Comments:
*2. The system should allow for modifications on the settings by the administrator without the need for a change to be
done by the Vendor.
Comments:
*3. The system should support sending emails to a high number of addresses with attachments.

22
RFP KCBK_BD_3779

Comments:
*4. The solution should support rapid scaling during high-demand periods, such as during the group -wide campaigns or
assessments.
Comments:
2.6 Section 6. Portability: Cloud, Offline and Mobile access (Technical)

*1. The system should be accessible over the internet and operate satisfactorily from different devices.
Comments:
*2. The system should be a web application that provides for a cross-platform, cross-browsing, and mobile-responsive
solution.
Comments:
*3. The system should have the capability to be hosted on cloud that will enable easy access to all the Subsidiaries thus
facilitating centralized management and reporting.
Comments:
*4. The system should allow users to connect/access to system even when not connected to the corporate network.
Comments:

23
RFP KCBK_BD_3779
2.7 Section 7. Integration (Technical)

*1. The system should support integrations with other systems including:
- Windows Active Directory/ Azure Active Directory for federated identity and/or single sign-on capabilities
- Email/ Microsoft Exchange online/on-premises.
- Security Information and Event Management (SIEM)
- PowerBI
via Application Programming Interfaces (APIs) or other secure integration technologies for authentication,
authorization and forwarding of platform activities.
Comments:
*2. The system API should support the Representational State Transfer (REST), JSON and XML data formats.
Comments:
2.8 Section 8. Non-functional requirements (Technical)

*1. Bidder should clearly show proposed SLA's and support matrix including the escalation matrix.
Comments:
*2. Illustrate proposed training plan for system users and administrators, including various level of certifications.
Comments:
*3. The system should multi-domain deployment i.e the solution should be able to onboard staff from different domains to
allow access to training content as well receiving assessments and notifications on email.

24
RFP KCBK_BD_3779

Comments:
*4. The system should be in line with the context of the local East Africa market-to-be. This includes support for content
served in various languages used in the countries that KCB Group operates in including but not limited to English,
French and Swahili.
Comments:
*5. The date format must follow: "date-month-year" format and should be based on the East Africa and Central African
Time zone.
Comments:
*6. Provide the following mandatory system documentation:
- End user manuals.

- Administrator guides.
-Technical System Architecture diagrams / schematics.
-Technical System specifications/requirements.
-Technical Security Overview.
-API Data Fields document containing a comprehensive listing of all available data fields for the Data Exchange API.
Comments:
*7. Demonstrate Role Based access Management

Comments:
*8. Demonstrate user and administrator activity auditing capability.


25
RFP KCBK_BD_3779

Comments:
*9. Provide the measures taken to protect sensitive data relating to the organization, staff, contractors and third parties.
Comments:
2.9 Section 9. Project Management Deliverables (Technical)

*1. Provide details of experiences in Security Awareness and Attack Simulation solution Implementations. The Bidder
MUST provide details of at least THREE (3 references (name and region) where similar implementations have been
successfully implemented in large organizations/banking/ financial institutions within the last five (5) years.
Additionally, provide contact details for each reference site.
The bidder MUST indicate the site and duration of the projects
The bidder MUST provide the lessons learnt from each site
Comments:
*2. Provide the number and times similar projects were undertaken by individual members of the project team and the
roles undertaken.
Comments:
*3. Describe in detail the level and model of support including your resourcing and RACI matrix across delivery work-
streams
Comments:
*4. Attach at least THREE (3) testimonials citing relevant experience of successful implementations undertaken by the
proposed project resources and the roles played. (Attach evidence for the respective area of interest)

26
RFP KCBK_BD_3779

Comments:
*5. Attach detailed resumes of the all the proposed resources. It is expected that the resources will not change until the
project is fully implemented
Comments:
*6. Provide evidence of relevant certifications and registration by professional bodies for the proposed team
Comments:
*7. Provide a detailed project plan clearly indicating expected deliverables, resources required, milestones, outcomes, and
time schedules for the successful completion of the project
Comments:
*8. Provide confirmation to mobilize resources to commence the project within 2 weeks of issuance of the award letter
from KCB.
Comments:
*9. Provide confirmation whether you can deliver the project with all project resources working on site. The project
implementation site is in Nairobi, Kenya.
Comments:

27
RFP KCBK_BD_3779
*10. Provide confirmation that the proposed project resources MUST be dedicated to the project.
Comments:
*11. Provide any dependencies and pre-requisites necessary for successful project implementation and the rationale thereof.
Comments:
*12. Provide the Test Strategy, the Test plan & approach, indicate the tools and instrumentation for conducting and
managing QA & testing, and resources required.
Comments:
*13. Provide confirmation that you manage the UAT Tests, defect triaging and defect resolution for all UAT phases.
Comments:
*14. Provide confirmation that you will support the System Integration Testing (SIT) for all integration areas. Expected
integrations are, but not limited to:
- AD
- Azure AD
- Email
- SIEM
- Power BI
Comments:

28
RFP KCBK_BD_3779
*15. Provide confirmation that you will support the User Acceptance testing (UAT) which will be conducted by the end-
users and techno-functional analysts to validate whether to accept the project deliverables.
Comments:
2.10 Section 10. Post Implementation Support (Technical)

*1. Provide the post implementation support & structure (on warranty basis) for ALL the ecosystem components capturing
key service offerings. The expected post implementation support period should NOT be less than 12 months.
Comments:
2.11 Section 11. Complete Technical Proposal (Technical)

*1. The bidder must attach the following documents separately, and commercial proposal should strictly be attached only
to the commercial proposal section (The lines section), while the complete technical proposal must be attached in this
section. Bidder who will not adhere to this criteria will automatically be disqualified.
1. Complete Technical Proposal in PDF format covering all the combined technical requirements in response to this
RFP.
2. Commercial proposal in 2 formats : 1) Summarized commercial proposal as per the format laid out in section 1.4.1.2
of the RFP document. 2) Detailed proposal/BOM in your company letterhead
NB//
In the questions response, bidder must Attach supporting document for that specific requirement and indicate
reference/page number where the details can be located on their detailed technical proposal. Where
applicable attach an evidence/screenshot of that specific capability of the system. Bidder who will not
adhere to this criteria will automatically be disqualified.
In their questions responses under the technical requirements section, a bidder must make reference to their technical
proposal attachment. and indicate the page number reference to the technical proposal document
Please note it is a mandatory requirement to respond to ALL questions as laid out in the requirements section.
Questions without responses will attract no scores
b. No

29
RFP KCBK_BD_3779
3 Lines
3.1 Line Information
Line Target UOM Response Response Line Promised

Quantity Quantity Price Amount Date
1-Software 1 Each
license for year 1
2-Software 1 Each
license for year 2
3-Software 1 Each
license for year 3
4-Implementation, 1 Each
installation, and
configuration costs
5-Training-20 1 Each
staff members
6-Logistics costs 1 Each
and other costs
(explain other
costs)
7-Annual 1 Each
Maintenance /
Support Costs
(hardware and
software costs)
year 2
8-Annual 1 Each
Maintenance /
Support Costs
(hardware and
software costs)
year 3
3.2 Line Details
3.2.1 Line 1 Software license for year 1
To provide an alternate line, see appendix.
Category Name Software System
Purchase
Item Revision
Allow Alternate Lines Yes Alternate Line Provided Yes No
Requested Date Location Kencom House,Moi
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)

Purchase

30
RFP KCBK_BD_3779
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)

Purchase
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)
3.2.4 Line 4 Implementation, installation, and configuration costs

Purchase
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)
3.2.5 Line 5 Training-20 staff members

Purchase
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)
3.2.6 Line 6 Logistics costs and other costs (explain other costs)
Purchase
Item Revision

31
RFP KCBK_BD_3779

Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)
3.2.7 Line 7 Annual Maintenance / Support Costs (hardware and software costs) year 2
Purchase
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)
3.2.8 Line 8 Annual Maintenance / Support Costs (hardware and software costs) year 3
Purchase
Item Revision
Avenue
P.O. Box 48400 -
00100
NAIROBI
KENYA
Start Price (KES)

32
RFP KCBK_BD_3779
4 Appendix: Alternate Lines
4.1 Instructions for Alternate Lines
Alternate lines are allowed for some negotiation lines. For these lines, you can propose one or more alternatives by
entering information for each alternate line in the format given below. Print and insert multiple copies as per your
requirement.
4.2 Alternate Lines Template
Negotiation
Line
(Number and description of the negotiation line for
which you have an alternative)
Example:1-xxxxxx
where xxxxxx is the line description of first negotiation
line.
Alternate Line Number
(Enter only numbers in sequence starting with 1 for
every alternate line)
Alternate Line Description
Response Price
(For a negotiation line with cost factors, enter your line
price in the cost factors table)
Response Quantity
UOM
Promised Date
Note to Buyer

33

KCBK BD 3779 Supplier

Uploaded by

Copyright:

Available Formats

KCBK BD 3779 Supplier

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

KCBK BD 3779 Supplier

Uploaded by

Copyright:

Available Formats

RFP KCBK_BD_3779

KCB Group (hereinafter referred to as "the Group") is a leading Commercial Banking

Aims and Objectives of the tender

Financial Proposal Requirements

Proprietary and Confidential 10/15/24 8:42 AM

Clarification of Bidding Document

Proposal and Negotiation Costs

Currency for Pricing of Tender

Deadline for the submission of bids

Proprietary and Confidential 10/15/24 8:42 AM

Cost Structure and Non-escalation

Amendment of Bidding Document

Taxes and Incidental Costs

Evaluation and Comparison of Bids

Proprietary and Confidential 10/15/24 8:42 AM

Submit your Response to the following KCB Supplier Portal

When submitting your response, include the following information.

Proprietary and Confidential 10/15/24 8:42 AM

Proprietary and Confidential 10/15/24 8:42 AM

1.3 Negotiation Controls

Payment Terms Freight Terms

Eligible Response Currencies

Proprietary and Confidential 10/15/24 8:42 AM

Proprietary and Confidential 10/15/24 8:42 AM

GENERAL CONDITIONS OF CONTRACT

3.2. Award of Contract

3.3. Application of General Conditions of Contract

3.4. Bid Validity Period

3.5. Non-variation of Costs

3.6. Delays in the Bidder's Performance

Proprietary and Confidential 10/15/24 8:42 AM

3.7. Liquidated damages for delay

3.8. Governing Language

3.9. Applicable Law

3.10. Bidder's Obligations

Proprietary and Confidential 10/15/24 8:42 AM

3.11. The Bank's Obligations

b) In general, provide all information and access to Bank's personnel:

3.13. Force Majeure

Proprietary and Confidential 10/15/24 8:42 AM

3.15. Way Forward

3.16. Bid Effectiveness

3.17. Contract Provision

Proprietary and Confidential 10/15/24 8:42 AM

3.18. Buyer's Rights

Canvassing is prohibited and will lead to automatic disqualification.

3.19. Responsibility as an independent contractor

3.21. Risk of Loss

2.1 Section 1. Company Profile (Technical)

Select one of the following:

Proprietary and Confidential 10/15/24 8:42 AM

Select one of the following:

Select one of the following:

Names of shareholders/directors/principals of the company with % of shares held

Core business activity (provide option where applicable)

Proprietary and Confidential 10/15/24 8:42 AM

*8. SIGN AND SUBMIT DECLARATION FORM

2.2 Section 2. Attack Simulation (Technical)

Proprietary and Confidential 10/15/24 8:42 AM