Request for proposal for Supply, Implementation and Maintenance of SaaS

based Web Security Solution for PCs for a period of 5 Years

Bank of Baroda

RFP/Tender ref. No.: BCC:IT:PROC:114:07

07th March, 2022

[A] Important Dates:
Schedule of RFP
A.1 RFP No. BCC:IT:PROC: 114:07
Date & Time of Viewing
A.2 03:00 PM on 07th March, 2022
RFP
Last Date of receiving
A.3 request for clarifications 04:00 PM on 15th March, 2022
before the Pre-bid Meeting
A.4 Date of Pre - Bid Meeting 11:30 AM on 16th March, 2022
Pre–Bid Meeting details o Pre bid meeting will be held online through
Bank’s Online Meeting Platform (i.e. Microsoft
Teams)
o Bidder to submit a maximum of -2- participant’s
names, contact numbers, designations and e-
mail IDs on
[email protected] cc to
A.5 [email protected] along with
pre-bid clarification.
o Meeting invite Link will be sent by the Bank to
bidder’s provided email IDs to join the Online
Meeting as per the schedule mentioned above.
Bidder representatives will have to click the Bank
provided link (provided in the e-mail) to join the On-
Line Pre-bid meeting.
Last Date & Time of
A.6 03:00 PM on 04th April, 2022
Submission of Bids
Date & Time of opening of
A.7 Part-I Eligibility cum 03:30 PM on 04th April, 2022
Technical Bid
Date & Time of opening of
A.8 To be communicated later
Part-II Commercial Bid
A.9 Application Money 25,000
A.10 Earnest Money Deposit 5,00,000
Website Address for online
submission of bids Mode: Online
A.11
(Technical as well as URL: https://www.tenderwizard.com/BOB
commercial bids)
A.12 Website Address for Mode: Online

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 2 of 96
 opening of bids URL: https://www.tenderwizard.com/BOB
ITI Limited, Tenderwizard Helpdesk Team
Email: [email protected]
Contact Details of e-
A.13 procurement portal Phone: +91-11-49424365
helpdesk/Support Team For more details, check under Contact us at home
page of e-procurement portal
https://www.tenderwizard.com/BOB
Anupam Bharti, Manager (IT)
Contact No. +91-22-66981554/1448/1556
Email: [email protected],
RFP Coordinator Name, [email protected]
A.14
Contact details (Bank)
Postal Address : The Chief Manager (IT
Procurement), Bank of Baroda, C-34, G-Block,
Baroda Sun Tower, 7th Floor, Project Office, BKC,
Mumbai – 400051

[B] Important Clarifications:

Following terms are used in the document interchangeably to mean:
1. Bank, BOB means ‘Bank of Baroda’
2. Recipient, Respondent, Bidder, service provider, means the respondent to the RFP
document
3. RFP means the Request For Proposal document
4. Proposal, Bid means “Response to the RFP Document”
5. OEMs means “Original Equipment Manufacturers”
6. Support means Support & Services to be provided as part of the Scope of Work
7. MSP means Managed Service Provider of the Bank for Data Center
8. ATP means Acceptance Test Procedure
9. AMC means Annual Maintenance Contract
10. SLA means Service level Agreement
11. SBA means Saving Bank Account
12. DEM means Data Exchange Model

Please note:
I. Any bidder from a country which shares a land border with India will be eligible to
bid in this tender only if the bidder is registered with the Competent Authority.
II. “Bidder” (including the term ‘tenderer’, ‘consultant’ or ‘service provider’ in certain
contexts) means any person or firm or company, including any member of a
consortium or joint venture (that is an association of several persons, or firms or

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 3 of 96
 companies), every artificial juridical person not falling in any of the descriptions of
bidders stated hereinbefore, including any agency branch or office controlled by
such person, participating in a procurement process.
III. “Bidder from a country which shares a land border with India” for the purpose of this
Order means: -
a. An entity incorporated, established or registered in such a country; or
b. A subsidiary of an entity incorporated, established or registered in such a
country; or
c. An entity substantially controlled through entities incorporated, established or
registered in such a country; or
d. An entity whose beneficial owner is situated in such a country; or
e. An Indian (or other) agent of such an entity; or
f. A natural person who is a citizen of such a country; or
g. A consortium or joint venture where any member of the consortium or joint
venture falls under any of the above
IV. The beneficial owner for the purpose of (iii) above will be as under:
1. In case of a company or Limited Liability Partnership, the beneficial owner is the
natural person(s), who, whether acting alone or together, or through one or more
juridical person, has a controlling ownership interest or who exercises control
through other means.
Explanation—
a. “Controlling ownership interest” means ownership of or entitlement to more
than twenty-five per cent, of shares or capital or profits of the company;
b. “Control” shall include the right to appoint majority of the directors or to control
the management or policy decisions including by virtue of their shareholding or
management rights or shareholders agreements or voting agreements;
2. In case of a partnership firm, the beneficial owner is the natural person(s) who,
whether acting alone or together, or through one or more juridical person, has
ownership of entitlement to more than fifteen percent of capital or profits of the
partnership;
3. In case of an unincorporated association or body of individuals, the beneficial
owner is the natural person(s), who, whether acting alone or together, or through
one or more juridical person, has ownership of or entitlement to more than fifteen
percent of the property or capital or profits of such association or body of
individuals;
4. Where no natural person is identified under (1) or (2) or (3) above, the beneficial
owner is the relevant natural person who holds the position of senior managing
official;
5. In case of a trust, the identification of beneficial owner(s) shall include identification
of the author of the trust, the trustee, the beneficiaries with fifteen percent or more
interest in the trust and any other natural person exercising ultimate effective

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 4 of 96
 control over the trust through a chain of control or ownership.
V. An Agent is a person employed to do any act for another, or to represent another
in dealings with third person.
VI. The successful bidder shall not be allowed to sub-contract works to any contractor
from a country which shares a land border with India unless such contractor is
registered with the Competent Authority.
Confidentiality:
This document is meant for the specific use by the Company / person/s interested to participate in the current tendering
process. This document in its entirety is subject to Copyright Laws. Bank of Baroda expects the vendors or any person acting
on behalf of the vendors strictly adhere to the instructions given in the document and maintain confidentiality of information.
The vendors will be held responsible for any misuse of information contained in the document, and liable to be prosecuted by
the Bank In the event that such a circumstance is brought to the notice of the Bank. By downloading the document, the
interested party is subject to confidentiality clauses.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 5 of 96
 Contents
1. Introduction ........................................................................................................ 8
2. Project overview and scope of work ................................................................ 8
3. Contract period .................................................................................................. 8
4. Pre-Qualification for Submission of Bid .......................................................... 8
5. Application Money ............................................................................................. 9
6. Bid Security (Earnest Money Deposit) ............................................................. 9
7. Preference to Make in India initiative ............................................................. 10
8. Performance Guarantee .................................................................................. 10
9. Payment Terms ................................................................................................ 10
10. Sub - Contracting:............................................................................................ 12
11. Service Level Agreement and Non-Disclosure Agreement: ......................... 12
12. Compliance with Laws: ................................................................................... 12
13. Termination: ..................................................................................................... 12
14. Grievance Redressal and Dispute Resolution: ............................................. 13
15. Governing Laws: .............................................................................................. 14
16. Prevention of Corrupt and Fraudulent Practices: ......................................... 14
17. Authorized Signatory: ..................................................................................... 14
18. The bid submission by related parties: ......................................................... 14
19. Right to Reject Bids: ........................................................................................ 15
20. General Terms and conditions ....................................................................... 15
21. Information Confidentiality: ............................................................................ 21
22. Disclaimer ......................................................................................................... 21
Annexure 01 - Guidelines for submission details and E-tendering ................... 22
Annexure 02 –Evaluation Terms ........................................................................... 29
Annexure 03 - Declaration/ undertaking from bidder regarding applicability of
restrictions on procurement from a bidder of a country which shares a land
border with India as per the order no. 6/18/2019-PPD dated 23rd July 2020
issued by Ministry of finance department of expenditure .................................. 40
Annexure 04 – Bid Fees (Application Money) Letter ........................................... 42
Annexure 05 – Bid Security Letter ........................................................................ 43
Annexure 05A – Bid Security Letter ..................................................................... 45
Annexure 06- Bid Security Form ........................................................................... 47
Annexure 07 – Undertaking from the Bidder ....................................................... 51
Annexure 08–Pre-Bid Queries Form ..................................................................... 53

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 6 of 96
Annexure 09–Conformity Letter ............................................................................ 54
Annexure 10 - Letter of Undertaking from OEM .................................................. 55
Annexure 11–Undertaking of Information Security ............................................. 56
Annexure 12 – Project Details (Scope of Work) .................................................. 57
Annexure 13–Service Levels ................................................................................. 69
Annexure 14–Masked Commercial Bid ................................................................ 70
Annexure 15–Commercial Bid .............................................................................. 72
Annexure 16 - Performance Guarantee ................................................................ 74
Annexure 17 - Service Level and Non-Disclosure Agreement Format .............. 78
Annexure 18 - Letter of Undertaking from OEM/ OSD on Cloud Security and
Compliance (Applicable in case of cloud-based solution) ................................. 92

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 7 of 96
1. Introduction
 Bank of Baroda is one of the largest Public Sector Bank (PSU) in India with a
branch network of over 8,100+ branches in India and 95+ branches/offices
overseas including branches of our subsidiaries, distributed in 15+ countries.
 Bank of Baroda, a body corporate constituted under the Banking Companies
(Acquisition & Transfer of Undertakings) Act 1970, having its Corporate Office
at C-26, G-Block, Bandra Kurla Complex, Bandra East, Mumbai - 400051
(hereinafter referred to as the “Bank”) which expression unless repugnant to
the context or meaning thereof shall mean and include its successors and
assigns), intends to issue this RFP document, hereinafter called RFP, to eligible
Bidders, hereafter called as ‘Bidders’, to participate in the competitive bidding
for Supply, Installation & Maintenance of SaaS based Security Solution for PC
for 5 Years.
2. Project overview and scope of work
 This Request for Proposal (RFP) document has been prepared solely for the
purpose of enabling Bank of Baroda (“the Bank”) to select a bidder for Supply,
Installation & Maintenance of SaaS based Security Solution for PC for 5 Years.
 The detail scope of work is mentioned in the Annexure - 12. However, Bank
reserve the right to modify/ change the scope of work at any phase of this
contract.
3. Contract period
The bank shall enter in to an agreement with the selected bidder for a period of 05
Years from the date of subscription of licenses. In case of warranty/AMC of any
product/services the agreement deemed extended the last delivered
hardware/services or support to be provided whichever is later from the date of
placing purchase order. The contract will be deemed completed only when all the
items and services contracted by the Bank are provided in good condition,
installed, implemented, tested and accepted along with the associated
documentation provided to Bank’s employees; as per the requirements of the
contract executed between the Bank and the Bidder. The Bank will have the right
to renegotiate these prices at the end of the contract period.
4. Pre-Qualification for Submission of Bid
Bidders satisfying the eligibility conditions (mentioned in Annexure - 02) and
General terms and conditions specified in this document and ready to provide the
said “Services” in conformity with Scope of Work stipulated in Annexure - 12, may
submit their bid through Bank’s e-tendering service provider website
https://www.tenderwizard.com/BOB on or before the time line stipulated in the [A]
Important Dates.
Bids submitted by any other means other than bid submission in e-tendering
website will not be accepted by the Bank. The detail guidelines for submission
details and E-tendering mentioned in Annexure - 01.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 8 of 96
5. Application Money
A non-refundable Application Money of as mentioned in “[A] Important Dates –
Application Money” must be deposited through RTGS (Real Time Gross
Settlement) / NEFT. The details of the transaction viz. scanned copy of the receipt
of making transaction is required to be uploaded on e-procurement website at the
time of “final online bid submission. The Bank may, at its discretion, reject any
Bidder where application money has not been furnished with RFP response.
This non-refundable fee is to be submitted through the electronic mode to the below
mention account.
 Account Number-29040400000417
 Account Name – Bank of Baroda
 Branch- BKC, Mumbai
 IFSC- BARB0BANEAS
6. Bid Security (Earnest Money Deposit)
Bidders are required to give an earnest money deposit of an amount as mentioned
in “[A] Important Dates” at the time of submission of the technical bid. The proof of
same is to be submitted while opening of eligibility cum technical bid, failing of
which the bid of the concerned bidder may be rejected. Bid Security (Earnest
Money Deposit)” shall be paid through electronic mode or a Bank Guarantee
(Annexure 06 – Bid Security Form) of an equal amount issued by a Commercial
Bank (other than Bank of Baroda) located in India. This bid-security is valid for 8
months and to be submitted through the electronic mode to the below mention
account. The details of the account are as under.
 Account Number-29040400000417
 Account Name – Bank of Baroda
 Branch- BKC, Mumbai
 IFSC- BARB0BANEAS.
Non-submission of Earnest Money Deposit in the format prescribed in RFP will
lead to outright rejection of the Offer. The EMD of unsuccessful bidders will be
returned to them on completion of the procurement process. The EMD (Earnest
Money Deposit) of successful bidder(s) will be returned on submission of
Performance Bank Guarantee / security deposit.
The amount of Earnest money deposit would be forfeited in the following scenarios:
a. In case the bidder withdraws the bid prior to validity period of the bid for any
reason whatsoever.
b. In case of the successful bidder, if the bidder fails or refuses to accept and sign
the contract as specified in this document within 1 month of issue of contract
order/letter of intent for any reason whatsoever; or
 Fail To provide the performance guarantee within 30 days from the
purchase order date, for any reason whatsoever.
 To comply with any other condition precedent to signing the contract
specified in the RFP documents.
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 9 of 96
 Unsuccessful Bidder’s - Bid security money deposit or bank guarantee will be
returned by the Bank within two weeks from closure of the RFP. No interest shall
be paid on Bid security money deposit to unsuccessful Bidders.
Exemption for application money and EMD amount
Exemption from submission of EMD and application money shall be given to
bidders, who are Micro and Small Enterprises (MSEs) / Startups. The bidders who
are MSEs have to submit necessary document issued by NSIC and the bidders
who are startups have to be recognized by Department of Industrial Policy &
Promotion (DIPP) to avail the exemption. To qualify for EMD and tender cost
exemption, firms should necessarily enclose a valid copy of registration certificate
issued by NSIC/DIPP which are valid on last date of submission of the tender
documents along with "Bid Security Declaration" accepting that if they withdraw or
modify their bids during period of validity etc., they will be suspended for the time
specified in the tender documents. MSEs/Startup firms which are in the process of
obtaining NSIC certificate/ DIPP will not be considered for EMD and Tender cost
exemption.
7. Preference to Make in India initiative
Bank of Baroda will abide by Govt. of India Public procurement (preference to Make
in India) order P-45021/2/2017-B.E.-II Dated 15th June 2017 as applicable to
encourage ‘Make in India’ and to promote manufacturing and production of goods
and services in India. In case the bidder wishes to avail preference to Make in India
order 2017 in public procurement as applicable, bidder may provide self-
certification of ‘Local content’ where ‘Local content’ means the amount of value
added in India as a percentage of total value in percentage & relevant documents
as per eligibility criteria (Annexure - 02).
8. Performance Guarantee
The successful Bidder shall provide a Performance Guarantee within 30 days from
the date of receipt of the order or signing of the contract whichever is earlier in the
format as provided in Annexure - 16 to the extent of 3% of the Contract value for
the entire period of the contract plus 3 months and such other extended period as
the Bank may decide for due performance of the project obligations. The guarantee
should be of that of a nationalized Bank or schedule commercial bank only, other
than Bank of Baroda.
In the event of non-performance of obligation or failure to meet terms of this Tender
or subsequent agreement the Bank shall be entitled to invoke the performance
guarantee without notice or right of demur to the Bidder.
The Bank reserves the right to recover any dues payable by the selected Bidder
from any amount outstanding to the credit of the selected Bidder, including the
pending bills and/or invoking Performance Guarantee, if any, under this contract.
If the Performance guarantee is not submitted within the stipulated time, the Bank
reserves the right to cancel the order / contract and the earnest money deposit
taken from the Bidder, will be forfeited.
9. Payment Terms
The payment will be released as follows:

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 10 of 96
 a) Subscription Fee (Platform Usage and Maintenance Charges):
 100% of Platform Usage and Maintenance Charges (including onsite/offsite
Support) plus applicable tax payable quarterly against receipt of satisfactory
service report of previous quarter from the Bank’s Project / Operations
Manager.
b) Implementation, Integration & Initial Customization Cost
 50% of Implementation, Integration & Customization Cost plus applicable tax
after UAT Sign off in the form of Acceptance Test which should be signed by
both Bank’s identified Project Manager & vendor representative.
 30% of Implementation, Integration & Customization Cost plus applicable tax
after go-live sign off from Bank. Go Live Sign Off in the form of Acceptance Test
should be signed by both Banks identified Project Manager & vendor
representative.
 20% of Implementation, Integration & Customization Cost plus applicable tax
after Go-Live closure signoff from Bank. Go Live Closure Sign Off in the form
of Final Acceptance Test should be signed by both Bank’s identified Project
Manager & vendor representative.
c) Onsite Support Charges
 Payable quarterly at the end of each quarter against receipt of satisfactory
support report of previous quarter from the Bank’s Project / Operation Manager.
d) Additional Customization Service Charges
 100% of the customization charges plus applicable tax payable after successful
customization of requested application/ service against
integration/customization report signed by both vendor representative and the
Bank’s Project / Operation Manager.
The payment will be released from IT Department, BCC as per the payment terms
on submission of related documents.
The Bank will pay invoices within a period of 30 days from the date of receipt of
undisputed invoices. Any dispute regarding the invoice will be communicated to
the selected vendor within 15 days from the date of receipt of the invoice. After the
dispute is resolved, Bank shall make payment within 30 days from the date the
dispute stands resolved. There shall be no escalation in the prices once the prices
are fixed and agreed to by the Bank and the vendors. But, any benefit arising out
of any subsequent reduction in the prices due to reduction in duty & taxes after the
prices are fixed and before the delivery should be passed on to the Bank.
The Vendor must accept the payment terms proposed by the Bank. The
commercial bid submitted by the vendors must be in conformity with the payment
terms proposed by the Bank. Any deviation from the proposed payment terms
would not be accepted. The Bank shall have the right to withhold any payment due
to the vendor, in case of delays or defaults on the part of the vendor. Such
withholding of payment shall not amount to a default on the part of the Bank. If any
of the items / activities as mentioned in the price bid is not taken up by the bank
during the course of the assignment, the bank will not pay the professional fees
quoted by the vendor in the price bid against such activity / item.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 11 of 96
10. Sub - Contracting:
The selected service provider/ vender shall not subcontract or permit anyone other
than its personnel to perform any of the work, service or other performance
required under this project. In case any particular specialized service in the
prescribed in the scope of work requires subcontracting, it need to be specified in
the proposal/ response document with all the details of the work/ services. Please
note that no work/services shall be subcontracted without the prior permission from
the Bank in writing.
11. Service Level Agreement and Non-Disclosure Agreement:
The successful bidder shall execute a) Service Level Agreement (SLA) and Non-
Disclosure Agreement (NDA) (As per Annexure - 17), which contained all the
services and terms and conditions of the services to be extended as detailed
herein. The successful bidder shall execute the SLA and NDA and provide the
same along with acceptance of Purchase Order.
All the expenses related to execution of the document such as the applicable stamp
duty and registration charges if any shall be borne by the successful bidder.
12. Compliance with Laws:
Compliance in obtaining approvals/permissions/licenses: The Bidder shall
promptly and timely obtain all such consents, permissions, approvals, licenses,
etc., as may be necessary or required for any of the purposes of this project or for
the conduct of their own business under any applicable Law, Government
Regulation/Guidelines and shall keep the same valid and in force during the term
of the project. Also, the bidder shall comply with the provisions of code of wages,
and other labor welfare legislations. in the event of any failure or omission to do so,
shall indemnify, keep indemnified, hold harmless, defend, protect and fully
compensate the Bank and its employees/ officers/ staff/ personnel/
representatives/agents from and against all claims or demands of liability and all
consequences that may occur or arise for any default or failure on its part to
conform or comply with the above and all other statutory obligations arising there
from. The Bank will give notice of any such claim or demand of liability within
reasonable time to the Bidder.
The Bidder is not absolved from its responsibility of complying with the statutory
obligations as specified above.
13. Termination:
Bank reserves the right to terminate this RFP at any stage without any notice or
assigning any reason.
At any time during the course of the RFP process or before the award of contract
or after execution of the contract that one or more terms and conditions laid down
in this Request For Proposal has not been met by the bidder or the bidder has
made material misrepresentation or has given any materially incorrect or false
information. Bank may terminate his contract and may invoke performance bank
guarantee or forfeit the security deposit as the case may be. Further bank may
impose such restriction/s on the defaulting bidder as it deemed fit.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 12 of 96
 After the award of the contract, if the selected bidder does not perform satisfactorily
or delays execution of the contract, the Bank reserves the right to get the balance
contract executed by another party of its choice by giving one month notice for the
same, In such an event, the bidder is bound to make good the additional
expenditure which the Bank may have to incur for the execution of the balance of
the contract
14. Grievance Redressal and Dispute Resolution:
Any bidder who claims to have a grievance against a decision or action with
regards to the provisions of this RFP may file a request to the Chief Technology
Officer at [email protected]. It may please be noted that the grievance can
be filed by only that bidder who has participated in Procurement proceedings in
accordance with the provisions of this RFP. All letters must be addressed to the
following:
Chief Technology Officer
Bank of Baroda, Baroda Sun Tower
C-34, G-Block, BKC, Mumbai-51
Dispute Resolution:
The Bank and the Bidder shall make every effort to resolve amicably, by direct
informal negotiation between the respective project managers of the Bank and the
Bidder, any disagreement or dispute arising between them under or in connection
with this RFP.
If the Bank project manager and Bidder project manager/ director are unable to
resolve the dispute within thirty days from the commencement of such informal
negotiations, they shall immediately escalate the dispute to the senior authorized
personnel designated by the Bidder and Bank respectively.
If within thirty days from the commencement of such negotiations between the
senior authorized personnel designated by the Bidder and Bank, the Bank and the
Bidder are unable to resolve contractual dispute amicably, either party may require
that the dispute be referred for resolution through formal arbitration.
All questions, disputes or differences arising under and out of, or in connection with
the contract or carrying out of the work whether during the progress of the work or
after the completion and whether before or after the determination, abandonment
or breach of the contract shall be referred to arbitration by a sole Arbitrator
acceptable to both parties OR the number of arbitrators shall be three, with each
side to the dispute being entitled to appoint one arbitrator. The two arbitrators
appointed by the parties shall appoint a third arbitrator shall act as the chairman of
the proceedings.
The seat and place of arbitration shall be Mumbai only. The Arbitration and
Conciliation Act 1996 or any statutory modification thereof shall apply to the
arbitration proceedings.
The arbitral award shall be in writing, state the reasons for the award, and be final
and binding on the parties. The award may include an award of costs, including
reasonable attorneys’ fees and disbursements. Judgment upon the award may be

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 13 of 96
 entered by any court having jurisdiction thereof or having jurisdiction over the
relevant Party.
15. Governing Laws:
This RFP and the subsequent contract shall be governed and construed and
enforced in accordance with the laws of India. both the Parties shall agree that in
respect of any dispute arising upon, over or in respect of any of the terms of this
RFP, only the courts in Mumbai shall have exclusive jurisdiction to try and
adjudicate such disputes to the exclusion of all other courts.
16. Prevention of Corrupt and Fraudulent Practices:
Every Bidders / Suppliers / Contractors are expected to observe the highest
standard of ethics during the procurement and execution of such contracts in
pursuance of the policy:
“Corrupt Practice” means the offering, giving, receiving or soliciting of anything of
value to influence the action of an official in the procurement process or in contract
execution AND
“Fraudulent Practice” means a misrepresentation of facts in order to influence a
procurement process or the execution of contract to the detriment of the Bank and
includes collusive practice among Bidders (prior to or after bid submission)
designed to establish bid prices at artificial non-competitive levels and to deprive
the Bank of the benefits of free and open competition.
The Bank reserves the right to reject a proposal for award if it determines that the
Bidder recommended for award has engaged in corrupt or fraudulent practices in
competing for the contract in question.
The Bank reserves the right to declare a firm ineligible, either indefinitely or for a
stated period of time, to be awarded a contract if at any time it determines that the
firm has engaged in corrupt or fraudulent practices in competing for or in executing
the contract.
17. Authorized Signatory:
The selected Bidder shall indicate the authorized signatories who can discuss and
correspond with the Bank, with regard to the obligations under the contract. The
selected Bidder shall submit at the time of signing the contract, a certified copy of
the resolution of their Board, authenticated by Company Secretary/Director,
authorizing an official or officials of the company or a Power of Attorney copy to
discuss, sign agreements/contracts with the Bank. The Bidder shall furnish proof
of signature identification for above purposes as required by the Bank.
18. The bid submission by related parties:
If related parties (as defined below) submit more than one bid then both /all bids
submitted by related parties are liable to be rejected at any stage at Bank’s
discretion:
a) Bids submitted by holding company and its subsidiary company;
b) Bids submitted by two or more companies having common director/s
c) Bids submitted by partnership firms / LLPs having common partners
d) Bids submitted by companies in the same group of promoters/management
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 14 of 96
 In the case of software or hardware either the Indian agent on behalf of the
principal/ OEM or Principal/ OEM itself can bid but both cannot bid simultaneously
for the same solution in this tender. If an agent submits bid on behalf of the
Principal/ OEM, the same agent cannot submit a bid on behalf of another Principal/
OEM in this tender for the same solution.
19. Right to Reject Bids:
Bank reserves the absolute and unconditional right to reject the response to this
RFP if it is not in accordance with its requirements and no correspondence will be
entertained by the Bank in the matter. The bid is liable to be rejected if:
 It is not in conformity with the instructions mentioned in the RFP document.
 It is not accompanied by the requisite Application Money and Earnest Money
Deposit (EMD).
 It is not properly or duly signed.
 It is received through Telex / telegram / fax
 It is received after expiry of the due date and time.
 It is incomplete including non- furnishing the required documents.
 It is evasive or contains incorrect information.
 There is canvassing of any kind.
 Submitted by related parties
 It is submitted anywhere other than the place mentioned in the RFP.

Further Bank reserves the rights to:

 Reject any or all responses received in response to the RFP
 Extend the time for submission of all proposals
 Cancel the RFP at any stage, without assigning any reason whatsoever.
 Visit the place of work of the bidder
 Conduct an audit of the services provided by the bidder.
 Ascertain information from the Banks and other institutions to which the bidders
have rendered their services for execution of similar projects.
 Revise any part of the tender document, by providing a written addendum at
any stage till the award of the contract. The Bank reserves the right to issue
revisions to this tender document at any time before the award date. The
addendums, if any, shall be published on Bank’s website only.
20. General Terms and conditions
The RFP document is not recommendation; offer to enter into a contract,
agreement or any other arrangement, in respect of the services. The provision of
the services is subject to observance of selection process and appropriate
documentation being agreed between the Bank and any successful Bidder as
identified by the Bank, after completion of the selection process as detailed in this
document.
Information Provided: The RFP document contains statements derived from
information that is believed to be true and reliable at the date obtained but does
not purport to provide all of the information that may be necessary or desirable to
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 15 of 96
 enable an intending contracting party to determine whether or not to enter into a
contract or arrangement with the Bank in relation to the provision of services.
Neither the Bank nor any of its directors, officers, employees, agents,
representative, contractors, or advisers gives any representation or warranty
(whether oral or written), express or implied as to the accuracy, updating or
completeness of any writings, information or statement given or made in this RFP
document.
For Respondent Only: The RFP document is intended solely for the information of
the party to whom it is issued (“the Recipient” or “the Respondent”) and no other
person or organization.
Costs Borne by Respondents: All costs and expenses (whether in terms of time or
money) incurred by the Recipient / Respondent in any way associated with the
development, preparation and submission of responses, including but not limited
to attendance at meetings, discussions, demonstrations, etc. and providing any
additional information required by the Bank, will be borne entirely and exclusively
by the Recipient / Respondent.
No Legal Relationship: No binding legal relationship will exist between any of the
Recipients / Respondents and the Bank until execution of a contractual agreement
to the full satisfaction of the Bank.
Recipient Obligation to Inform Itself: The Recipient must apply its own care and
conduct its own investigation and analysis regarding any information contained in
the RFP document and the meaning and impact of that information.
Evaluation of Offers: Each Recipient acknowledges and accepts that the Bank
may, in its sole and absolute discretion, apply whatever criteria it deems
appropriate in the selection of Bidder, not limited to those selection criteria set out
in this RFP document.
The issuance of RFP document is merely an invitation to offer and must not be
construed as any agreement or contract or arrangement. The bidders
unconditionally acknowledge by submitting its response to this RFP document that
it has not relied on any idea, information, statement, representation, or warranty
given in this RFP document.
Acceptance of Terms: the bidders will, by responding to the Bank’s RFP document,
be deemed to have accepted the terms as stated in this RFP document
Only one submission of response to RFP by each Respondent will be permitted.
The Bank expects the Bidder to adhere to the terms of this tender document and
would not accept any deviations to the same.
The Bank expects that the Bidder appointed under the tender document shall have
the single point responsibility for fulfilling all obligations and providing all
deliverables and services required by Bank.
Unless agreed to specifically by the Bank in writing for any changes to the issued
tender document, the Bidder responses would not be incorporated automatically in
the tender document.
The Bank will notify the Respondents in writing as soon as practicable after the
RFP Evaluation Complete date, about the outcome of the RFP evaluation process,
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 16 of 96
 including whether the Respondent’s RFP response has been accepted or rejected.
The Bank is not obliged to provide any reasons for any such acceptance or
rejection.
All responses received after the due date/time as mentioned in “[A] Important
Dates. Last Date of Submission of RFP Response (Closing Date)” would be
considered late and would be liable to be rejected. E procurement portal will not
allow to lodgment of RFP response after the deadline. It should be clearly noted
that the Bank has no obligation to accept or act on any reason for a late submitted
response to RFP. The Bank has no liability to any Respondent who lodges a late
RFP response for any reason whatsoever, including RFP responses taken to be
late only because of another condition of responding.
The Bank has established RFP coordinators to provide a venue for managing
bidder relationship and other requirements through the Bank’s decision-making
body for contract clarification. All the queries and communication must be
addressed to the RFP coordinators / contact persons from the Bank mentioned in
“[A] Important Dates - RFP Coordinator”
Recipients are required to direct all communications for any clarification related to
this RFP to RFP Coordinator.
All questions relating to the RFP, technical or otherwise, must be in writing and
addressed to the addresses given in point “[A] Important Dates” above.
Interpersonal communications will not be entered into and a Respondent will be
disqualified if attempting to enter into such communications. The Bank will try to
reply, without any obligation in respect thereof, every reasonable question raised
by the Respondents in the manner specified.
However, the Bank may in its absolute discretion seek, but under no obligation to
seek, additional information or material from any Respondents after the RFP closes
and all such information and material provided must be taken to form part of that
Respondent’s response.
Respondents should invariably provide details of their email address (as) as
responses to queries will only be provided to the Respondent via email. If Bank in
its sole and absolute discretion deems that the originator of the query will gain an
advantage by a response to a question, then Bank reserves the right to
communicate such response to all Respondents.
The Bank may in its absolute discretion engage in discussion or negotiation with
any Respondent (or simultaneously with more than one Respondent) after the RFP
closes to improve or clarify any response.
Bidder should submit their Eligibility Cum Technical and Commercial bids through
online portal. The bidder must register for submission of their bid as specified in
this document. .
All submissions, including any accompanying documents, will become the property
of the Bank. The bidder shall be deemed to have licensed, and granted all rights
to, the Bank to reproduce the whole or any portion of their submission for the
purpose of evaluation, to disclose the contents of the submission to other bidders
who have registered a submission and to disclose and/or use the contents of the
submission as the basis for any resulting RFP process, notwithstanding any
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 17 of 96
 copyright or other intellectual property right of the Recipient that may subsist in the
submission or accompanying documents
All responses should be in English language. All responses by the bidder to this
tender document shall be binding on such bidder for a period of 180 days after
opening of the bids.
The bidder may modify or withdraw its offer after submission but prior to the closing
date and time as prescribed by Bank. No offer can be modified or withdrawn by the
bidder subsequent to the closing date and time for submission of the offers.
The bidders required to quote for all the components/services mentioned in the
“Project scope” and all other requirements of this RFP. In case the bidder does not
quote for any of the components/services, the response would be deemed to
include the quote for such unquoted components/service. It is mandatory to submit
the details in the formats provided along with this document duly filled in, along
with the offer. The Bank reserves the right not to allow / permit changes in the
technical specifications and not to evaluate the offer in case of non-submission of
the technical details in the required format or partial submission of technical details.
Based on the Bank’s requirements as listed in this document, the bidder should
identify the best-suited product / solution that would meet the Bank’s requirements
and quote for the same. In case the bidder quotes more than one model and they
have not specified which particular model quoted by them needs to be considered,
then the response would be considered as improper and the whole tender
submitted by the Bidder is liable to be rejected. The Bidder is expected to provide
the best option and quote for the same.
In the event the bidder has not quoted for any mandatory items as required by the
Bank and forming a part of the tender document circulated to the Bidder’s and
responded to by the bidder, the same will be deemed to be provided by the bidder
at no extra cost to the Bank.
The Bank is not responsible for any assumptions or judgments made by the bidder
for proposing the deliverables. The Bank’s interpretation will be final.
The Bank ascertains and concludes that everything as mentioned in the tender
documents circulated to the Bidder and responded by the Bidders have been
quoted for by the Bidder, and there will be no extra cost associated with the same
in case the Bidder has not quoted for the same.
All out of pocket expenses, traveling, boarding and lodging expenses for the entire
life of the contract should be a part of the financial bid submitted by the Bidder to
the Bank. No extra costs on account of any items or services or by way of any out
of pocket expenses, including travel, boarding and lodging etc. will be payable by
the Bank. The Bidder cannot take the plea of omitting any charges or costs and
later lodge a claim on the Bank for the same.
Responses to this RFP should not be construed as an obligation on the part of the
Bank to award a contract / purchase contract for any services or combination of
services. Failure of the Bank to select a bidder shall not result in any claim
whatsoever against the Bank. The Bank reserves the right to reject any or all bids
in part or in full, without assigning any reason whatsoever.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 18 of 96
 By submitting a proposal, the bidder agrees to contract with the Bank within the
time period proscribed by the bank. Failure on the part of the successful bidder to
execute an agreement with the Bank will relieve the Bank of any obligation to the
bidder, and a different bidder may be selected based on the selection process.
The terms and conditions as specified in the RFP and addendums (if any)
thereafter are final and binding on the bidders. In the event the bidders not willing
to accept the terms and conditions of the Bank, the bidder may be disqualified. Any
additional or different terms and conditions proposed by the bidder would be
rejected unless expressly assented to in writing by the Bank and accepted by the
Bank in writing
The bidder shall represent and acknowledge to the Bank that it possesses
necessary experience, expertise and ability to undertake and fulfill its obligations,
involved in the performance of the provisions of this RFP. The bidder represents
that the proposal to be submitted in response to this RFP shall meet the proposed
RFP requirement. If any services, functions or responsibilities not specifically
described in this RFP are an inherent, necessary or customary part of the
deliverables or services and are required for proper performance or provision of
the deliverables or services in accordance with this RFP, they shall be deemed to
be included within the scope of the deliverables or services, as if such services,
functions or responsibilities were specifically required and described in this RFP
and shall be provided by the bidder at no additional cost to the Bank. The bidder
also acknowledges that the Bank relies on this statement of fact, therefore neither
accepting responsibility for, nor relieving the bidder of responsibility for the
performance of all provisions and terms and conditions of this RFP, the Bank
expects the bidder to fulfill all the terms and conditions of this RFP.
the bidder covenants and represents to the Bank the following:
It is duly incorporated, validly existing and in good standing under as per the laws
of the state in which the entity is incorporated.
It has the corporate power and authority to enter into Agreements and perform its
obligations there under.
The execution, delivery and performance under an Agreement by bidder:
Will not violate or contravene any provision of its documents of incorporation;
Will not violate or contravene any law, statute, rule, regulation, licensing
requirement, order, writ, injunction or decree of any court, governmental
instrumentality or other regulatory, governmental or public body, agency or
authority by which it is bound or by which any of its properties or assets are bound;
Except to the extent that the same have been duly and properly completed or
obtained, will not require any filing with, or permit, consent or approval of or license
from, or the giving of any notice to, any court, governmental instrumentality or other
regulatory, governmental or public body, agency or authority, joint venture party,
or any other entity or person whatsoever;
The bidder shall undertake to provide appropriate human as well as other
resources required, to execute the various tasks assigned as part of the project,
from time to time.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 19 of 96
 The Bank would not assume any expenses incurred by the bidder in preparation
of the response to this RFP and also would not return the bid documents to the
Bidders
The Bank will not bear any costs incurred by the bidder for any discussion,
presentation, demonstrations etc. on proposals or proposed contract or for any
work performed in connection therewith.
The Bank reserves the right to extend the dates for submission of responses to this
document.
Preliminary Scrutiny – The Bank will scrutinize the offers to determine whether they
are complete, whether any errors have been made in the offer, whether required
documentation has been furnished, whether the documents have been properly
signed, and whether items are quoted as per the schedule. The Bank may, at its
discretion, waive any minor non-conformity or any minor deficiency in an offer. This
shall be binding on all bidders and the Bank reserves the right for such waivers and
the Bank’s decision in the matter will be final.
Clarification of Offers – To assist in the scrutiny, evaluation and comparison of
offers, the Bank may, at its discretion, ask some or all bidders for clarification of
their offer. The Bank has the right to disqualify the bidder whose clarification is
found not suitable to the proposed project.
No Commitment to Accept Lowest bid or Any Tender – The Bank shall be under
no obligation to accept the lowest price bid or any other offer received in response
to this Tender notice and shall be entitled to reject any or all offers including those
received late or incomplete offers without assigning any reason whatsoever. The
Bank reserves the right to make any changes in the terms and conditions of
procurements. The Bank will not be obliged to meet and have discussions with any
Bidder, and / or to listen to any representations unless there is change in the terms
and conditions of purchase
Erasures or Alterations – The offers containing erasures or alterations will not be
considered. There should be no hand-written material, corrections or alterations in
the offer. Technical details must be completely filled up. Correct information of the
services being offered must be filled in. Filling up of the information using terms
such as “OK”, “accepted”, “noted”, “as given in brochure / manual” is not
acceptable. The Bank may treat the offers not adhering to these guidelines as
unacceptable.
Price Discussion – It is absolutely essential for the Bidders to quote the lowest price
at the time of making the offer in their own interest. The Bank reserves the right to
do price discovery and engage the successful bidder in discussions on the prices
quoted.
If the Bank is not satisfied with the specifications as specified in the tender
document and observes major deviations, the bids of such bidders will not be short-
listed for further evaluation. No further discussions shall be entertained with such
bidders in respect of the subject bid.
The Bidder shall perform its obligations under this Tender as an independent
contractor, and shall not engage subcontractors to perform any of the Deliverables
or Services without the prior permission from Bank. Neither this Tender nor the
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 20 of 96
 Bidder’s performance of obligations under this Tender shall create an association,
partnership, joint venture, or relationship of principal and agent, master and
servant, or employer and employee, between the Bank and the Bidder or its
employees, subcontractor; and neither Party shall have the right, power or authority
(whether expressed or implied) to enter into or assume any duty or obligation on
behalf of the other Party.
The Bidder shall solely be responsible for all payments (including any statutory
payments) to its employees and / or sub-contractors and shall ensure that at no
time shall its employees, personnel or agents hold themselves out as employees
or agents of the Bank, nor seek to be treated as employees of the Bank for any
purpose, including claims of entitlement to fringe benefits provided by the Bank, or
for any kind of income or benefits. The Bidder alone shall file all applicable tax
returns for all of its personnel assigned hereunder in a manner consistent with its
status as an independent contractor of services; and the Bidder will make all
required payments and deposits of taxes in a timely manner.
21. Information Confidentiality:
This document is meant for the specific use by the Company / person/s interested
to participate in the current tendering process. This document in its entirety is
subject to copyright laws. Bank of Baroda expects the bidders or any person acting
on behalf of the bidders to strictly adhere to the instructions given in the document
and maintain confidentiality of information. The Bidders will be held responsible for
any misuse of the information contained in the document and liable to be
prosecuted by the Bank, in the event of such circumstances being brought to the
notice of the Bank. By downloading the document, the interested party is subject
to confidentiality clauses.
22. Disclaimer
Subject to any law to the contrary, and to the maximum extent permitted by law,
the Bank and its directors, officers, employees, contractors, representatives,
agents, and advisers disclaim all liability from any loss, claim, expense (including,
without limitation, any legal fees, costs, charges, demands, actions, liabilities,
expenses or disbursements incurred therein or incidental thereto) or damage,
(whether foreseeable or not) (“Losses”) suffered by any person acting on or
refraining from acting because of any presumptions or information (whether oral or
written and whether express or implied), including forecasts, statements,
estimates, or projections contained in this RFP document or conduct ancillary to it
whether or not the Losses arises in connection with any ignorance, negligence,
inattention, casualness, disregard, omission, default, lack of care, immature
information, falsification or misrepresentation on the part of the Bank or any of its
directors, officers, employees, contractors, representatives, agents, or advisers.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 21 of 96
Annexure 01 - Guidelines for submission details and E-tendering
Eligibility cum Technical Bid to contain the following (All the Documents should
be digitally singed by authorized representative of bidder)
Secti
Section Heading Proforma Given
on #
1. Eligibility criteria compliance with bidder comments Annexure 02
Undertaking from the bidder (regarding applicability of Annexure 03
2. restrictions on procurement from a bidder of a country
which shares a land border with India)
Bidder to Provide
3. Application Money Transaction Details
Annexure 04
Bidder to provide
Transaction Details or
Bank Guarantee as
per Annexure 05
Bid Security (Earnest Money Deposit) For Micro & Small
4.
Enterprises (MSEs) /
Startups
"Bid Security
Declaration -
As Per Annexure 5A
5. Bid Security Form Annexure 06
6. Letter of Undertaking from Bidder Annexure 07
7. Conformity Letter Annexure 09
8. Letter of Undertaking from OEM Annexure 10
9. Undertaking of Information Security (Bidder & OEM) Annexure 11
10. Executive Technical Summary Bidder to provide
Bidder need to provide
Technical Proposal: The proposal based on Technical the Compliance of all
Specification compliance should be submitted with technical requirement
11.
pages properly numbered, each page signed and along with the scope
stamped. mentioned in
Annexure 12
Bidder need to provide
(Signed /Digitally
Copy of the tender document along with annexures and
Signed documents
12. addendum duly sealed and signed on all the pages of
from authorized
the document / digitally signed tender document.
representative of
bidder)
Masked price bid (Please note that the masked price Annexure 14
bid should be exact reflection of the commercial bid
13.
except that the masked price bid should not contain any
financial information)
Letter of authorization from the company authorizing Bidder to provide
14. the person to sign the tender response and related
documents.
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 22 of 96
 Secti
Section Heading Proforma Given
on #
A certified copy of the resolution of Board, Bidder need to provide
authenticated by Company Secretary/Director, (To submit Board
15. authorizing an official/s of the company or a Power of Resolution copy of
Attorney copy to discuss, sign agreements/contracts authorizing official to
with the Bank. submit the Bid)
16. Service Level and Non - Disclosure Agreement Format Annexure 17
Letter of Undertaking from OEM/ OSD on Cloud Annexure 18
17. Security and Compliance (Applicable in case of cloud-
based solution)
Commercial Bid should be strictly as per Commercial bid format (Annexure - 15).
Any commercial bid submitted not in conformity with Annexure – 15 and provided
along with the Eligibility cum Technical bid, then whole bid will be rejected
outright.

Guideline for E-TENDERING

1. General Instructions
To view the Tender Document along with this Notice and its supporting documents, kindly
visit following e-Tendering website of Bank of Baroda: www.tenderwizard.com/BOB
RFP responses received after the deadline for lodgement of RFPs may be registered by
the Bank and may be considered and evaluated by the evaluation team at the absolute
discretion of the Bank. Respondents are to provide detailed evidence to substantiate the
reasons for a late RFP submission. It should be clearly noted that the Bank has no
obligation to accept or act on any reason for a late submitted response to RFP. The Bank
has no liability to any Respondent who lodges a late RFP response for any reason
whatsoever.
The bidders participating first time for e-tendering on Bank of Baroda e-tendering portal will
have to complete the Online Registration Process on the e-tendering portal. A link for
enrolment of new bidders has been provided on the above link. All bidders interested in
participating in the online e-tendering process are required to procure Class III Digital
Signatures e-Token having -02- certificates inside it, one for Signing/Verification purpose
and another for Encryption/Decryption purpose. The bid should be prepared & submitted
online using the bidder’s authorized Class III Digital Signature (Individual certificate is
allowed for proprietorship firms) Digital e- Token.
If any assistance is required regarding e-tendering (registration / upload / download / Bid
Preparation / Bid Submission) please contact Tender wizard Help Desk as per following:
Helpdesk Contact No.: +91-11-49424365
email: [email protected]
Primary Contact Number
 Mr. Krunal Mahajan : +91-8800907637
Alternate Contact Numbers
 Mr. Sandeep Gautam : +91-8800496478
 Mr. Kamal Mishra : +91-8800115821
Contact No. for other activities

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 23 of 96
 Registration Help Desk : +91-11-49424365
(Kindly put “REGISTRATION/PROFILE UPDATE” in the subject line of the email to
[email protected])
 e-procurement queries : +91-11-49424365
(Kindly put “E-PROCUREMENT QUERIES” in the subject line of the email to
[email protected])
Note: please note support team will be contacting through email and whenever
required through phone call as well. Depending on nature of assistance support team
will contact on the priority basis. It will be very convenient for bidder to schedule their
online demo in advance with support team to avoid last minute rush.
2. Downloading of Tender Document
The tender document is uploaded / released on Bank of Baroda e-tendering portal link
as mentioned above. Tender document and supporting documents may be
downloaded from same link. Subsequently, bid has to be prepared and submitted
ONLINE ONLY as per the schedule given in Notice Details. The Tender document will
be available online only. Tender document will not be sold / issued manually.
Only those tender offers shall be accepted for evaluation for which non-refundable
Application Money and Earnest Money Deposit (EMD) is deposited as per the terms
mentioned in this RFP.
3. Preparation& Submission of Bids
The bids (Pre-Qualification, Eligibility, Technical as well as Commercial) shall have to
be prepared and subsequently submitted online only. Bids not submitted “ONLINE” or
by any other mean shall be summarily rejected. No other form of submission shall be
permitted.
4. Do’s and Don’ts for Bidder
 Registration process for new Bidders should be completed within first week of
release of tender.
 The e-procurement portal is open for upload of documents from the start of the bid
submission date. Hence bidders are advised to start the process of upload of bid
documents well in advance.
 Bidders have to prepare for submission of their bid documents online well in
advance as
 The encrypt/upload process of soft copy of the bid documents large in number to
e-procurement portal may take longer time depending upon bidder’s
infrastructure and connectivity.
 To avoid last minute rush & technical difficulties faced by bidders in
uploading/submission of bids, bidders are required to start the uploading of all
the documents required -01- week in advance for timely online submission of bid.
 Bidders to initiate uploading of few primary documents during the start of the tender
submission and any request for help/support required for uploading the documents
/ understanding the system should be taken up with e-procurement service
provider well in advance.
 Bidders should not raise request for extension of time on the last day of submission
due to non-submission of their bids on time as Bank will not be in a position to
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 24 of 96
 provide any support at the last minute as the portal is managed by e-procurement
service provider.
 Bidder should not raise request for offline submission or late submission since
ONLINE submission is accepted only.
 Partly or incomplete submission of bids by the bidders will not be processed and
will be summarily rejected.
5. Guidelines to Bidders for Electronic Tendering System
 Pre-requisites to participate in the Tenders
Registration of bidders on e-procurement portal of Bank of Baroda:
The bidders unregistered on e-procurement portal of Bank of Baroda and interested
in participating in the e-tendering process shall be required to enroll/register on the
e-procurement portal. To enroll, bidders have to generate User ID and password on
www.tenderwizard.com/BOB. The bidders may obtain the necessary information on
the process of registration/enrollment either from Helpdesk Support Team: +91-11-
49424365 or may download Bidder Help Manuals available under “Help Manuals/
Latest Circulars/ Formats” on home page of e-procurement portal i.e.
www.tenderwizard.com/BOB.
 Preparation of Bid & Guidelines for Digital Certificate
The Bid Data that is prepared online is required to be signed & encrypted and the
hash value of the Bid Data is required to be signed electronically using a Class III
Digital Certificate. This is required to maintain the security of the Bid Data and also
to establish the identity of the Bidder transacting on the System. This Digital
Certificate should be having Two Pair (1. Sign Verification 2. Encryption/
Decryption). Encryption Certificate is used to encrypt the data / information and
Signing Certificate to sign the hash value during the Online Submission of Tender
stage.
The Digital Certificates are issued by an approved Certifying Authority authorized
by the Controller of Certifying Authorities of Government of India through their
Authorized Representatives upon receipt of documents required to obtain a Digital
Certificate.
Bid data / information for a particular Tender must be submitted only using the
Digital Certificate. In case, during the process of preparing and submitting a bid for
a particular tender, the bidder loses his / her Digital Signature Certificate (i.e. due
to virus attack, hardware problem, operating system problem), he / she may not be
able to submit the Bid online. Hence, the bidders are advised to store his / her Digital
Certificate securely and if possible, keep a backup at safe place under adequate
security to be used in case of need.
In case of online tendering, if the Digital Certificate issued to an authorized user of
a partnership firm is used for signing and submitting a bid, it will be considered
equivalent to a no objection certificate / power of attorney to that user to submit the
bid on behalf of the Partnership Firm. The Partnership Firm has to authorize a
specific individual via an authorization certificate signed by a partner of the firm (and
in case the applicant is a partner, another partner in the same form is required to
authorize) to use the digital certificate as per Indian Information Technology Act,
2000.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 25 of 96
Unless the Digital Certificate is revoked, it will be assumed to represent adequate
authority of the Authority User to bid on behalf of the Firm for the Tenders processed
on the Electronic Tender Management System of Bank of Baroda as per Indian
Information Technology Act, 2000. The Digital Signature of this Authorized User will
be binding on the Firm. It shall be the responsibility of Partners of the Firm to inform
the Certifying Authority or Sub Certifying Authority, if the Authorized User changes,
and apply for a fresh Digital Signature Certificate. The procedure for application of
a Digital Signature Certificate will remain the same for the new Authorized User.
The same procedure holds true for the Authorized Users in a Private / Public Limited
Company.
The bidder should Ensure while procuring new digital certificate that they procure a
pair of certificates (two certificates) one for the purpose of Digital Signature, Non-
Repudiation and another for Key Encipherment.
 Recommended Hardware and Internet Connectivity
To operate on the Electronic Tendering System, the bidders are recommended to
use Computer System with at least 2 GB of RAM and broadband connectivity with
minimum 1 Mbps bandwidth. However, Computer Systems with latest i3 / i5 Intel
Processors and Broadband/4G connection is recommended for better performance.
 Operating System Requirement: Windows 7 & above
 Browser Requirement (anyone from following)
Microsoft Internet Explorer (IE) version 11 and above
Mozilla Firefox - Latest version
Google Chrome - Latest version
 Browser settings
1. Disable the 'Popup Blocker' in the browser under Tools. Make sure this is in
'Turn Off' mode.
2. Add the e-procurement domain name in the 'Compatibility View' list of your
browser Turn off the 'Smart Screen Filter' in the browser.
 Supported File Types
1. General Documents such as DOC, XLS, JPG, BMP, GIF, PNG, PDF, ZIP
formats are allowed
2. Files with .EXE, .PSD extensions are not allowed
3. File size not to exceed 5 MB per attachment
4. All uploaded files should be virus free and error free
 Minimum System Configuration
1. CPU speed of 2.0 GHz
2. USB Ports
3. 2 GB of System Memory (RAM)
4. Anti-virus software should be enabled and updated regularly
 Requirement of utility software
1. Java Run Time Engine (JRE – 1.8.0) or higher.
2. Microsoft Office 2003 with MS Word and MS Excel
3. Adobe Acrobat Reader, PKI Installation Driver for Digital Signature
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 26 of 96
6. Steps to participate in the e-Tenders
 Online viewing of Detailed Notice Inviting Tenders
The bidders can view the Detailed Tender Notice along with the Time Schedule
(Key Dates) for all the Live Tenders released by Bank of Baroda on the home page
of bank’s e-Tendering Portal on www.tenderwizard.com/BOB.
 Download of Tender Documents
The Pre-qualification / Main Bidding Documents are available for free downloading.
However, to participate in the online tender, the bidder must pay application money
via Demand Draft/NEFT/RTGS mode & submit the details in the e-procurement
portal.
 Online Submission of Tender
Submission of bids will be preceded by Online Submission of Tender with digitally
signed Bid Hashes (Seals) within the Tender Time Schedule (Key dates) published
in the Detailed Notice Inviting Tender. The Bid Data is to be prepared in the
templates provided by the Tendering Authority of BOB. The templates may be either
form based, extensible tables and / or upload-able documents. In the form-based
type of templates and extensible table type of templates, the bidders are required
to enter the data and encrypt the data/documents using the Digital Certificate /
Encryption Tool wherever applicable.
 Close for Bidding: After the expiry of the cut-off time of Online Submission of
Tender stage to be completed by the Bidders has lapsed, the Tender will be
closed by the Tender Authority.
 Online Final Confirmation: After submitting all the documents bidders need to
click on “Final Submission” tab. System will give pop up “You have successfully
completed your submission” that assures submission completion.
 Short listing of Bidders for Commercial Bidding Process : The Tendering
Authority will first open the Technical Bid documents of all Bidders and after
scrutinizing these documents will shortlist the Bidders who are eligible for
Commercial Bidding Process. The short-listed Bidders will be intimated by
email.
 Opening of the Commercial Bids: The Bidders may remain present in the office
of the Tender Opening Authority at the time of opening of Commercial Bids.
However, the results of the Commercial Bids i.e. TCO of all bidders shall be
made available on the bank’s e-procurement portal after the completion of
opening process.
 Tender Schedule (Key Dates) : The bidders are strictly advised to follow the
Dates and Times as indicated in the Time Schedule in the detailed tender
Notice for the Tender. All the online activities are time tracked and the electronic
Tendering System enforces time-locks that ensure that no activity or transaction
can take place outside the Start and End Dates and time of the stage as defined
in the Tender Schedule.
At the sole discretion of the tender Authority, the time schedule of the Tender stages

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 27 of 96
 may be extended.
7. Important Points:
The Bid hash values are digitally signed using valid Class – III Digital Certificate
issued by any Certifying Authority. The bidders are required to obtain Digital
Certificate well in advance.
a. The bidder may modify bids before the deadline for Online Submission of Tender
as per Time Schedule mentioned in the Tender documents.
b. This stage will be applicable during both Pre-bid / Pre-qualification and Financial
Bidding Processes.
Steps by step detailed Bidder Manual are available on homepage under Support
section related to activities like Java Settings, Registration, Login Process, Tender
Participation, Bid Download, upload & Submission, Corrigendum/Addendum,
Clarifications, Re-submissions etc. on e-procurement portal i.e.
www.tenderwizard.com/BOB
Note: Bank and ITI Limited shall not be liable & responsible in any manner whatsoever
for any failure to access & bid on the e-tender platform due to loss of internet
connectivity, electricity failure, virus attack, problems with the PC, any other
unforeseen circumstances etc. before or during the event. Bidders are advised to
ensure system availability and prepare their bid well before time to avoid last minute
rush. Bidders can fix a call with support team members in case guidance is required
by calling on helpdesk number.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 28 of 96
Annexure 02 –Evaluation Terms
1. Evaluation process
A two-stage process is adopted for selection of the Bidder:
 Stage 1 – Eligibility Cum Technical Bid
 Stage 2 – Commercial Bid
During evaluation of the Tenders, the Bank, at its discretion, may ask the Bidder for
clarification in respect of its tender. The request for clarification and the response shall
be in writing, and no change in the substance of the tender shall be sought, offered,
or permitted. The Bank reserves the right to accept or reject any tender in whole or in
parts without assigning any reason thereof. The decision of the Bank shall be final and
binding on all the Bidders to this document and bank will not entertain any
correspondence in this regard.
(Bank will first evaluate the eligibility cum technical bids of the bidders
complying with preference to ‘Make in India’ initiative of Govt. of India.
In case two or more than two bidders complying with preference to ‘Make in
India’ initiative are found eligible under eligibility cum technical criteria
evaluation, as per Make in India guidelines mentioned in the RFP, then
commercial bids of only those bidders will be opened.
In case sufficient bidders complying with preference to ‘Make in India’ initiative
are not found eligible as per eligibility cum technical criteria mentioned in the
RFP, then commercial bids of all eligible bidders will be opened)
A. Eligibility cum Technical Bid
Eligibility criterion for the bidder to qualify this stage is clearly mentioned in below. The
Bidder would need to provide supporting documents as part of the eligibility proof. All
dates if not specified to be applicable from the date of the RFP.
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

A General

1 The bidder must be a Government Documentary Proof to be

Organization / PSU / PSE / attached (Certificate of
partnership firm / LLP or limited Incorporation)
company.

2 The bidder must be in the business Documentary Proof (Proof

of Supply, Implementation and of Successful
Maintenance of SaaS based Web implementation/ref. letters
Security Solution (for PCs) in India at from Clients)
least for a period of last 3 years (As
on RFP date)

3 The bidder must not be blacklisted / Letter of confirmation from

debarred by any Statutory, bidder
Regulatory or Government

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 29 of 96
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

Authorities or Public Sector

Undertakings (PSUs / PSBs) (As on
RFP date)

4 The bidder to provide information Letter of confirmation from

that any of its subsidiary or associate bidder
or holding company or companies
having common director/s or
companies in the same group of
promoters/management or
partnership firms/LLPs having
common partners has not
participated in the bid process.

5 The bidder company/firm should not Letter of confirmation from

be owned or controlled by any bidder
Director or Employee (or Relatives)
of the Bank.

6 The bidder to provide an undertaking Letter of confirmation from

on his letter head that all the bidder
technical features highlighted as part
of Technical Scope are covered in
totality in the proposal submitted by
the bidder.

7 The bidder and OSD is not from such Undertaking as per

a country which shares a land border Annexure and
with India, in terms of the said Copy of certificate of valid
amendments to GFR, 2017. registration with the
or Competent Authority(If
applicable)
The bidder and OSD is from such a
country and have been registered (signed /Digitally singed
with the Competent Authority i.e. the documents from
Registration Committee constituted authorized representative
by the Department for Promotion of of bidder & OSD
Industry and Internal Trade, as
stated under Annexure I to the said
Office Memorandum / Order and we
submit the proof of registration
herewith.

3 Bidder should have received ISO Copies of relevant

9001 Certificates

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 30 of 96
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

B Financial

B1 Below clause applicable for the Original Software Developer (OSD)

whose products are quoted) or if the OSD is bidding directly

1 The OSD must have registered Audited Financial

average annual turnover of Rs. 100 statements for the financial
Crores or above (from Indian years 2018-19, 2019-20
Operations only) during the last and 2020-21*
three completed financial years –
AND
2018-19, 2019-20 and 2020-21*
(Not inclusive of the turnover of Certified letter from the
associate companies) Chartered Accountant. The
CA certificate in this regard
OR should be without any
Below clause is applicable for OSDs riders or qualification
who fall under the category of Micro,
Small & Medium Enterprise (MSEs)
or Start-ups (Necessary valid
documentary proof certifying the
bidder as an MSE or a Start-up
needs to be submitted by the bidder)
The OSD must have registered
average annual turnover of Rs. 50
Crores or above (from Indian
Operations only) during the last
three completed financial years -
2018-19, 2019-20 and 2020-21*
(Not inclusive of the turnover of
associate companies)

2 The OSD must be net profit (after Audited Financial

tax) making entity (from Indian statements for the financial
operations only) continuously for the years 2018-19, 2019-20
last three completed financial years and 2020-21*
– 2018-19, 2019-20 and 2020-21* AND
OR Certified letter from the
The net worth of the OSD should be Chartered Accountant. The
positive as on RFP date AND also CA certificate in this regard
should not have eroded by more should be without any
than 30% (thirty percent) in the last riders or qualification
three years. (As on RFP Date)

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 31 of 96
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

* (If 2020-21 Financial Statements of any bidder is unaudited, then financial

statement for 2017-18,2018-19, 2019-20 will be considered) along with an
undertaking letter from the bidder that the 2020-21 Statements are not audited)

Below clause applicable for the bidder if submitting bid as a partner of

B2 the OSD (Also the OSD whose products are quoted by the partner to meet
the criteria mentioned in B1)

The bidder must have registered Audited Financial

average annual turnover of Rs. 50 statements for the financial
Crores or above (from Indian years 2018-19, 2019-20
Operations only) during the last and 2020-21*
three completed financial years – AND
2018-19, 2019-20 and 2020-21*
(Not inclusive of the turnover of Certified letter from the
associate companies). Chartered Accountant. The
CA certificate in this regard
OR should be without any
Below clause is applicable for riders or qualification
bidders who fall under the category
of Micro, Small & Medium Enterprise
(MSEs) or Start-ups (Necessary
valid documentary proof certifying
the bidder as an MSE or a Start-up
1 needs to be submitted by the bidder)
The bidder must have registered
average annual turnover of Rs. 25
Crores or above (from Indian
Operations only) during the last
three completed financial years -
2018-19, 2019-20 and 2020-21*
(Not inclusive of the turnover of
associate companies)

The bidder must be net profit (after Audited Financial

tax) making entity (from Indian statements for the financial
operations only) continuously for the years 2018-19, 2019-20
last three years that is financial and 2020-21*
years - 2018-19, 2019-20 and 2020- AND
21*
2 Certified letter from the
OR Chartered Accountant. The
The net worth of the bidder should CA certificate in this regard
be positive as on RFP date AND should be without any
also should not have eroded by riders or qualification

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 32 of 96
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

more than 30% (thirty percent) in the

last three years. (As on RFP Date)

* (If 2020-21 Financial Statements of any bidder is unaudited, then financial

statement for 2017-18,2018-19, 2019-20 will be considered) along with an
undertaking letter from the bidder that the 2020-21 Statements are not audited)

C Technical

1 If OSD is bidding directly they cannot Letter of confirmation from

submit another bid with any bidder. OSD in case if OSD is
bidding directly

2 The bidder must be an authorized Letter of authorization from

partner of the OSD having the the OSD
highest or equivalent level of
partnership under security solution
with the OSD at least for the last 3
years (as on RFP date).
In case OSD does not have above
mentioned categorization, then OSD
needs to submit an undertaking
stating that the bidder is an
authorized partner of the OSD
having authorized partnership for the
last 3 years (as on RFP date).

3 The OSD should be a Class-I or Documentary Proof to be

Class-II Local Supplier as defined in attached as per Annexure
the Order No. P-45021/2/2017- II of notification vide ref. no.
PP(BE-II) dated 16-09-2020 by File no.1(10)/2017-CLES
DPIT(PPD)/MoC/GOI. by MeIT/ GOI dated 06-12-
2019 (Format for Self-
AND
Declaration regarding
The OSD needs to comply with "local Supplier" for Cyber
Make in India (MII) condition towards Security Products). As per
“Local Supplier” for Cyber Security GOI MII Guidelines dated
Products as defined in the Annexure 16.09.2020 bidder need to
I & II of the notification vide ref. no. provide Auditor certificate
File no.1(10)/2017-CLES by MeIT/ along with self-declaration.
GOI dated 06-12-2019
(Bank will first evaluate the eligibility
cum technical bids of the bidders
complying with preference to ‘Make
in India’ initiative of Govt. of India.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 33 of 96
S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

In case two or more than two bidders

complying with preference to ‘Make
in India’ initiative are found eligible
under eligibility cum technical criteria
evaluation, as per Make in India
guidelines mentioned in the RFP,
then commercial bids of only those
bidders will be opened.
In case sufficient bidders complying
with preference to ‘Make in India’
initiative are not found eligible as per
eligibility cum technical criteria
mentioned in the RFP, then
commercial bids of all eligible
bidders will be opened)

C Experience and Support Infrastructure

1 The bidder should have supplied and Documentary Proof for

implemented SaaS based Web implementation of order /
Security Solution for minimum 1,000 contract execution copy /
PCs along with operational support Customer Credentials /
& maintenance in at least one Performance Certificate.
commercial bank/ Financial
Institutions / Govt. Organizations in
India in last 3 years (as on RFP date)

2 The proposed OSD’s SaaS based Documentary Proof for

Web Security Solution should be implementation of order /
successfully implemented in contract execution copy /
minimum two organization for a Customer Credentials /
minimum 1,500 PCs for each Performance Certificate.
organization in Commercial Banks /
Financial Institutions / Govt.
Organizations in India in last 3 years
(as on RFP date)

D Others

1 Bidder should have direct onsite Letter of confirmation from

support offices in Mumbai & the Bidder
Hyderabad. In case direct support
office of the bidder is not present in
Mumbai & Hyderabad then an
undertaking to be provided by the
bidder stating that direct onsite
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 34 of 96
 S. Eligibility Criteria Complied Supporting Required
No. (Yes/No)

support would be provided by the

bidder at Mumbai & Hyderabad
whenever desired by the Bank
without any additional cost (Address
details to be provided).

2 Bidder must ensure that the Letter of undertaking from

proposed security solution to be the bidder
supplied will not be End of Life/ Sale
in next 3 years and End of Support
in next 5 years

The technical bids of only those bidders who qualify the above-mentioned eligibility
criteria will be evaluated. The Technical Proposal will be evaluated for technical
suitability as per Annexure 12
B. Technical Bid Evaluation
The vendor needs to achieve a cut – off score of 80 marks in this evaluation stage to
be qualified for commercial bid opening. Only those vendors who achieve the specified
cut – off scores would be short-listed for Commercial Bid Evaluation. The Technical
Proposal will be evaluated for technical suitability and the criteria for evaluation of
technical bids are as under:
Sub
Criteria Evaluation Parameters
Scores
Number of implementations
carried out (in the last 3 years For each Implementation 3 marks 15
starting from date of RFP) **
Technical presentation will be evaluated
on the following parameters:
 Dashboard User Interface & Automatic
Updates (7 Marks)
 Level of Real Time Web Threat
Technical Proposal on
Detection, Prevention & Removal (7 35
Proposed Solution by the Bidder
Marks)
 24/7 Monitoring & Recording (7 Marks)
 Automation Capabilities (7 Marks)
 Future Scalability & Additional Features
(7 Marks)
Demonstration of in-depth understanding
Product Demo of the Bank’s project technical and 50
functional requirements.
TOTAL MARKS 100

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 35 of 96
** Implemented for Banking / PSU/ Gov. Organization/Financial Institute Clients in
India. Copies of Work order / client reference to be provided. Documentary proof
for go live of implementation to be provided.
The vendor should present and demonstrate the proposed solution which will be
evaluated on functional requirement given in the RFP. Further the Bank’s officials would
visit reference sites provided by the Vendor if deemed necessary.
Proof of Concept (POC)
1. Vendor may need to demonstrate POC of their Solution giving 2 days advance
communication. In the POC the vendor needs to demonstrate the proposed solution
as per Bank’s requirement complying requirement mentioned in Annexure – B at our
office as informed by the Bank. Bank has discretion to disqualify the vendor if he
doesn’t appear for POC on given date and time by the Bank.
a) The POC would be done to check whether the proposed model meets the technical
requirement as mentioned in Annexure - B.
b) Vendor have to demonstrate complete events based on the test cases provided
by the Bank.
2. Any vendor who is not complying with the above POC will be technically disqualified
and will not qualify for commercial bid evaluation.
3. The vendor will have to bear all expenses incurred for POC.
In case there is only one vendor having technical score of 80 or more, the Bank may, at
its sole discretion, also consider the next highest technical score and qualify such vendor.
In case, none of the participating vendors qualify on technical criteria and reach or exceed
the cut-off score of 80, then the Bank, at its sole discretion, may qualify two vendors on
the basis of the top 2 scores. However, the Bank at its discretion may reject the proposal
of the Vendor or will not consider vendor below cutoff marks by relaxing as mentioned
above, if in the Bank’s opinion the Vendor could not present or demonstrate the proposed
solution as described in the proposal or in case the responses received from the customer
contacts / site visited are negative or the proposed solution does not meet the Bank’s
functional and technical requirement.
C. Commercial Bid Evaluation
The commercial bids of only those bidders who qualify in both eligibility and technical
evaluation will be opened. The date for opening of the commercial bid would be
communicated separately to the technically eligible Bidders. The commercial bids
submitted by Bidders will be evaluated based on discounted total cost of ownership. The
discount rate will be used @ 10%. The key considerations of the TCO would be the total
payouts for entire project through the contract period, discounted at 10% to arrive at the
present value of the future cash outflows. Accordingly, the L1 (Lowest Bidder) would be
arrived at. The calculation performed by the Bank in this regard is as follows:
 The discounted rate will be calculated on yearly basis based on the formula
A/(1+i/100)^n where A= Total Value in each Year; i=10% and n =Year.
 The Present Value will be calculated for all components where the payment is recurring
year on year. The Present Value for the component will start from the year of purchase
of that component / start of the services (AMC) and shall be calculated till the end year
of the contract. Further n - number of period will be ‘0’ in the year of purchase of that
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 36 of 96
 component / start of the services and subsequently increased by 1 for subsequent
years.
Any component / service for which the payment is a One Time Cost the NPV cost of the
equipment / service for that year will be considered and the relevant year’s NPV cost will
be added as part of Present Value calculation for that year. Further the payment of the
OTC component / services is not recurring in nature hence the present value for that
component / services will be considered in the year of purchase only and not in
subsequent years
The decision of the Bank shall be final and binding on all the bidders to this document.
The Bank reserves the right to accept or reject an offer without assigning any reason
whatsoever. The bidder is expected not to add any conditions / deviations in the
commercial bid. Any such conditions / deviations may make the bid liable for
disqualification.
The proposal of L1 (Lowest Vendor) shall be recommended for award of contract.
2. Commercial Bids Terms
a. In the event the Bank has not asked for any quotes for alternative prices, and the
bidder furnishes the alternative price in the Bidder’s financial bid, the higher of the
prices will be taken for calculating and arriving at the Total Cost of Ownership.
However, payment by the Bank will be made at the lower price. The Bank in this
case may also reject the offer outright.
b. In the event optional prices are not quoted by the bidder, for items where such
prices are a must and required to be quoted for, the highest price quoted by any of
the participating Bidder will be taken as the costs, for such alternatives and also for
arriving at the Total Cost of Ownership for the purpose of evaluation of the Bidder.
The same item has to be supplied by the Bidder free of cost
c. The bidder is requested to quote in Indian Rupee (INR). Bids in currencies other
than INR would not be considered. The date for opening of price bids would be
communicated separately to the successful bidders post the completion of the
technical evaluation
d. The prices and other terms offered by bidders must be firm for an acceptance period
of 180 days from the opening of the commercial bid.
e. In case of any variation (upward or down ward) in Government levies / taxes / cess
/ duties etc. which has been included as part of the price will be borne by the bidder.
Variation would also include the introduction of any new tax / cess/ duty, etc
provided that the benefit or burden of other taxes quoted separately as part of the
commercial bid like GST and any taxes introduced instead of GST and levies
associated to GST or any new taxes introduced after the submission of bidder’s
proposal shall be passed on or adjusted to the Bank. If the Bidder makes any
conditional or vague offers, without conforming to these guidelines, Bank will treat
the prices quoted as in conformity with these guidelines and proceed accordingly.
Necessary documentary evidence should be produced for having paid any
tax/cess/duty, if applicable, and or other applicable levies.
f. If any Tax authorities of any state, including, Local authorities like Corporation,
Municipality etc. or any Government authority or Statutory or autonomous or such
other authority imposes any tax, charge or levy or any cess / charge other than GST
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 37 of 96
 and if the Bank has to pay the same for any of the items or supplies made here
under by the bidder, for any reason including the delay or failure or inability of the
bidder to make payment for the same, the Bank has to be reimbursed such amounts
paid, on being intimated to the Bidder along with the documentary evidence. If the
Bidder does not reimburse the amount within a fortnight, the Bank shall adjust the
amount out of the payments due to the Bidder from the Bank along with the interest
calculated at commercial rate.
g. Terms of payment as indicated in the Purchase Contract that will be issued by the
Bank on the selected Bidder will be final and binding on the bidder and no interest
will be payable by the Bank on outstanding amounts under any circumstances. If
there are any clauses in the Invoice contrary to the terms of the Purchase Contract,
the bidder should give a declaration on the face of the Invoice or by a separate letter
explicitly stating as follows “Clauses, if any contained in the Invoice which are
contrary to the terms contained in the Purchase Contract will not hold good against
the Bank and that the Invoice would be governed by the terms contained in the
Contract concluded between the Bank and the bidder”.
h. The Bank is not responsible for any assumptions or judgments made by the bidder
for arriving at any type of costing. The Bank at all times will benchmark the
performance of the bidder to the RFP and other documents circulated to the bidder
and the expected service levels as mentioned in these documents. In the event of
any deviations from the requirements of these documents, the bidder must make
good the same at no extra costs to the Bank, in order to achieve the desired service
levels as well as meeting the requirements of these documents. The Bank shall not
be responsible for any assumptions made by the bidder and the Bank’s
interpretation will be final.
i. The Commercial Offer should give all relevant price information and should not
contradict the Technical Offer in any manner. There should be no hidden costs for
items quoted.
j. The Bank is not responsible for the arithmetical accuracy of the bid. The bidders
will have to ensure all calculations are accurate. The Bank at any point in time for
reasons whatsoever is not responsible for any assumptions made by the Bidder.
The Bank at a later date will not accept any plea of the bidder or changes in the
commercial offer for any such assumptions.
k. Considering the enormity of the assignment, any service which forms a part of the
Project Scope that is not explicitly mentioned in scope of work as excluded would
form part of this RFP, and the Bidder is expected to provide the same at no
additional cost to the Bank. The Bidder needs to consider and envisage all services
that would be required in the Scope and ensure the same is delivered to the Bank.
The Bank will not accept any plea of the Bidder at a later date for omission of
services on the pretext that the same was not explicitly mentioned in the RFP
3. Price Comparisons
a. The successful bidder will be determined on the basis evaluation mentioned in
Evaluation Criteria in this RFP document.
b. Normalization of bids: The Bank will go through a process of evaluation and
normalization of the bids to the extent possible and feasible to ensure that bidders
are more or less on the same ground of evaluation. After the normalization process,
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 38 of 96
 if the Bank feels that any of the bids needs to be normalized and that such
normalization has a bearing on the price bids; the Bank may at its discretion ask all
the shortlisted bidders to resubmit the commercial bids once again for scrutiny. The
Bank can repeat this normalization process at every stage of bid submission or till
the Bank is satisfied. The bidders agree that they have no reservation or objection
to the normalization process and all the bidders will, by responding to this RFP,
agree to participate in the normalization process and extend their co-operation to
the Bank during this process. The bidders, by submitting the response to this RFP,
agree to the process and conditions of the normalization process.
c. The Price offer shall be on a fixed price basis. Bid submitted with an adjustable
price quotation will be treated as non-responsive and will be liable to be rejected.
The rate quoted by the bidder should necessarily include the following:
 Prices quoted by the Bidder should be inclusive of all taxes, duties, levies etc.
except GST. GST will be paid at actuals. The Bidder is expected to provide the
GST percentage in both the commercial and masked bids (without amounts
being submitted in the technical response). There will be no price escalation for
during the contract period and any extension thereof.
 The Bidders expected to provide details of services which are required to be
extended by the Bidder in accordance with the terms and conditions of the
contract.
d. The Bidder must provide and quote for the required product and services as desired
by the Bank as mentioned in this RFP. Any product or services not proposed to be
provided by the Bidder will result in the proposal being incomplete, which may lead
to disqualification of the Bidder.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 39 of 96
Annexure 03 - Declaration/ undertaking from bidder regarding applicability of
restrictions on procurement from a bidder of a country which shares a land
border with India as per the order no. 6/18/2019-PPD dated 23rd July 2020 issued
by Ministry of finance department of expenditure
(This letter should be on the letterhead of the Bidder duly signed by an
authorized signatory

To
___________
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,

We, M/s -------------- are a private/public limited company/LLP/Firm <strike off

whichever is not applicable>incorporated under the provisions of the Companies Act,
1956/2013 Limited Liability Partnership Act 2008/ Indian Partnership Act 1932, having
our registered office at ----------------------------------------------(referred to as the “Bidder”)
are desirous of participating in the Tender Process in response to your captioned RFP
and in this connection we hereby declare, confirm and agree as under:
We, the Bidder have read and understood the contents of the RFP and Office
Memorandum & the Order (Public Procurement No.1) both bearing no.
F.No.6/18/2019/PPD of 23rd July 2020 issued by Ministry of Finance, Government of
India on insertion of Rule 144 (xi) in the General Financial Rules (GFRs) 2017 and the
amendments & clarifications thereto, regarding restrictions on availing/procurement of
goods and services, of any Bidder from a country which shares a land border with
India and / or sub-contracting to contractors from such countries.
In terms of the above and after having gone through the said amendments including
in particular the words defined therein (which shall have the same meaning for the
purpose of this Declaration cum Undertaking), we the Bidder hereby declare and
confirm that:
Please strike off whichever is not applicable
1. “I/ we have read the clause regarding restrictions on procurement from a bidder of
a country which shares a land border with India; I/ we certify that __________ is not
from such a country.”
2. “I/ we have read the clause regarding restrictions on procurement from a bidder of
a country which shares a land border with India; I/ we certify that __________ is
from such a country. I hereby certify that _________ fulfills all requirements in this
regard and is eligible to be considered. [Valid registration by the Competent
Authority is attached.]”
In case the work awarded to us, I/ we undertake that I/ we shall not subcontract any
of assigned work under this engagement without the prior permission of bank.
Further we undertake that I/we have read the clause regarding restrictions on
procurement from a bidder of a country which shares a land border with India and on
sub-contracting to contractors from such countries; I certify that our subcontractor is
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 40 of 96
not from such a country or, if from such a country, has been registered with the
Competent Authority and will not sub-contract any work to a contractor from such
countries unless such contractor is registered with the Competent Authority. I hereby
certify that our subcontractor fulfills all requirements in this regard and is eligible to be
considered. [Valid registration by the Competent Authority is attached herewith.]”
2. We, hereby confirm that we fulfill all the eligibility criteria as per the office
memorandum/ order mentioned above and RFP and we are eligible to participate in
the Tender process.
We also agree and accept that if our declaration and confirmation is found to be false
at any point of time including after awarding the contract, Bank shall be within its right
to forthwith terminate the contract/ bid without notice to us and initiate such action
including legal action in accordance with law. Bank shall also be within its right to forfeit
the security deposits/ earnest money provided by us and also recover from us the loss
and damages sustained by the Bank on account of the above.
3. This declaration cum undertaking is executed by us or through our Authorized
person, after having read and understood the terms of RFP and the Office
Memorandum and Order.

Dated this…………………………………..by ……………………….20

Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

List of documents enclosed:

1. Copy of certificate of valid registration with the Competent Authority (strike off if not
applicable)

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 41 of 96
Annexure 04 – Bid Fees (Application Money) Letter
To,
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051
Sir,
Sub: RFP FOR……………………………………………………………………………….
We ………………………………………………. having our registered office at
………………………………………. (herein after called the 'BIDDER') are offering
Application Money Deposit as per details below for consideration of the bid of the
above mentioned Bidder.
Amount: Rs. _______ /- (Rupees _______________ Only)
Mode: Online Transfer
Payment Type: RTGS (Real Time Gross Settlement) / NEFT (National Electronics
Fund Transfer)
UTR / Txn ref. No. _______________________________
Txn Date: ______________________________________
Remitting Bank: ________________________________
Remitting Bank IFSC Code: _______________________
Beneficiary Account: Bank of Baroda, Bank Account No. 29040400000417
Beneficiary Bank IFSC Code: BARB0BANEAS
The details of the transaction viz. scanned copy of the receipt of making transaction
or Micro & Small Enterprises (MSEs) / Startups Certificate (if Application Money not
applicable) to be enclosed.
The Bank at its discretion, may reject the bid if the application money doesn’t reflect
in beneficiary account as per details furnished above.
Dated this…………………………………..by ……………………….20
Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 42 of 96
Annexure 05 – Bid Security Letter
To,
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051
Sir,
Sub: RFP FOR………………………………………………………………………………..

We ………………………………………………. having our registered office at

………………………………………. (herein after called the 'BIDDER') are offering
Earnest Money Deposit as per details below for consideration of the bid of the above
mentioned Bidder.
Amount: Rs. _______ /- (Rupees _______________ Only)
Mode: Online Transfer/Bank Guarantee
Payment Type: RTGS (Real Time Gross Settlement) / NEFT (National Electronics
Fund Transfer)/ /Bank Guarantee
UTR / Txn ref. No. _______________________________
Txn Date: ______________________________________
Remitting Bank: ________________________________
Remitting Bank IFSC Code: _______________________
Beneficiary Account: Bank of Baroda, Bank Account No. 29040400000417
Beneficiary Bank IFSC Code: BARB0BANEAS
The details of the transaction viz. scanned copy of the receipt of making transaction
or Bank Guarantee or Micro & Small Enterprises (MSEs) / Startups Certificate (if EMD
not applicable) to be enclosed.
The Bank at its discretion, may reject the bid if the EMD money doesn’t reflect in
beneficiary account or BG not received as per details furnished above.
Account Details for refund of Bid Security (Earnest Money Deposit) as per
terms & conditions mentioned in the Tender document
We …………………………………………………. having our registered office at
………………………………………. (herein after called the 'BIDDER') are providing our
bank account details as per below to be considered as our account for refund of Bid
Security (Earnest Money Deposit), wherever applicable as per terms & conditions
mentioned in the Tender document.
A/C Name:
A/C No. (Company account details):
IFSC Code:

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 43 of 96
Bank Name:
Bank Address:
The details mentioned above is treated as final & bank shall not be held responsible
for any wrong/failed transaction due to any discrepancy in above details.
Dated this…………………………………..by ……………………….20
Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 44 of 96
Annexure 05A – Bid Security Letter
To,
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051
Sir,
Sub: RFP FOR………………………………………………………………………………..
1. I/We, the undersigned, declare that M/s………..is a Micro and Small Enterprise and
the copy of registration certificate issued by NSIC/DIPP for Micro & Small
Enterprises (MSEs) / Startups which are valid on last date of submission of the
tender documents are enclosed.
2. I/We understand that, according to your conditions, bids must be supported by a
Bid Securing Declaration as per Rule 170 of General Financial Rules (GFRs) 2017
by Micro & Small Enterprises (MSEs).
OR
2A. As per the tender / RFP no: ……..floated for …….. at para no: ………. a Bid
Declaration Form in lieu of Bid Security is required to be submitted by me/ as per
Rule 170 of General Financial Rules (GFRs) 2017 by Micro & Small Enterprises
(MSEs).
3. I/We accept that I/We may be disqualified from bidding for any contract with you
for a period of 6 months from the date of notification if I am /We are in a breach of
any obligation under the bid conditions, because I/We
a) have withdrawn/modified/amended, impairs or derogates from the tender,
my/our Bid during the period of bid validity specified in the form of Bid; or
b) having been notified of the acceptance of our Bid by the purchaser during the
period of bid validity (i) fail or reuse to execute the contract, if required, or (ii) fail
or refuse to furnish the Performance Security, in accordance with the Instructions
to Bidders.
4. I/We understand this Bid Securing Declaration shall cease to be valid if I am/we
are not the successful Bidder, upon the earlier of (i) the receipt of your notification
of the name of the successful Bidder; or (ii) thirty days after the expiration of the
validity of my/our Bid.
5. I/We declare that I am the authorised person of ………………to make the
declaration for and on behalf of ………… Letter of Authority for executing
declaration is enclosed

Signed: (insert signature of person whose name and capacity are shown)
in the capacity of : (insert legal capacity of person signing the Bid Securing
Declaration)

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 45 of 96
Name: (insert complete name of person signing he Bid Securing Declaration)
Duly authorized to sign the bid for an on behalf of (insert complete name of Bidder)
Dated on _____________ day of ___________________ (insert date of signing)
Corporate Seal (where appropriate)
(Note: in case of a Joint Venture, the Bid Securing Declaration must be in the name
of all partners to the Joint Venture that submits the Bid)

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 46 of 96
Annexure 06- Bid Security Form
Pro forma for Bank Guarantee in lieu of EMD

To, Date DD-MM-YYYY

Bank of Baroda
………………..
Dear Sir,

WHEREAS..........................................(Company Name) registered under the Indian

Companies Act 1956 and having its Registered Office at
.................................................................. India (hereinafter referred to as “the
VENDOR”) proposes to offer its response to RFP No.. #: ( RFP details)
…………………………... (hereinafter called the “RFP”)

AND WHEREAS, in terms of the conditions as stipulated in the RFP, the VENDOR is
required to furnish a Bank Guarantee in lieu of the Earnest Money Deposit (EMD),
issued by a Scheduled Commercial Bank in India in your favour to secure the order of
the RFP in accordance with the RFP Document (which guarantee is hereinafter called
as “BANK GUARANTEE”)

AND WHEREAS the VENDOR has approached us,

............................................................ for providing the BANK GUARANTEE.
AND WHEREAS at the request of the VENDOR and in consideration of the proposed
RFP response to you,
WE,............................................................having.........................................................
... Office at..........................................................., India has agreed to issue the BANK
GUARANTEE.

THEREFORE, WE, ......................................................., through our local office at

................... India furnish you the Bank GUARANTEE in manner hereinafter contained
and agree with you as follows:

1. We....................................., undertake to pay the amounts due and payable

under this Guarantee without any demur, merely on demand from you and
undertake to indemnify you and keep you indemnified from time to time to the
extent of Rs........................(Rupees ..............................only) an amount
equivalent to the EMD against any loss or damage caused to or suffered by or
that may be caused to or suffered by you on account of any breach or breaches
on the part of the vender . any of the terms and conditions contained in the RFP
and in the event of the VENDOR commits default or defaults in carrying out any
of the work or discharging any obligation in relation thereto under the RFP or
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 47 of 96
 otherwise in the observance and performance of any of the terms and
conditions relating thereto in accordance with the true intent and meaning
thereof, we shall forthwith on demand pay to you such sum or sums not
exceeding the sum of Rs......................(Rupees......................................... only)
as may be claimed by you on account of breach on the part of the VENDOR of
their obligations in terms of the RFP.

2. Notwithstanding anything to the contrary contained herein or elsewhere, we

agree that your decision as to whether the VENDOR has committed any such
default or defaults and the amount or amounts to which you are entitled by
reasons thereof will be binding on us and we shall not be entitled to ask you to
establish your claim or claims under Bank Guarantee but will pay the same
forthwith on your demand without any protest or demur.

3. This Bank Guarantee shall continue and hold good until it is released by you on
the application by the VENDOR after expiry of the relative guarantee period of
the RFP and after the VENDOR had discharged all his obligations under the
RFP and produced a certificate of due completion of work under the said RFP
and submitted a “No Demand Certificate “provided always that the guarantee
shall in no event remain in force after the day of ....................... without
prejudice to your claim or claims arisen and demanded from or otherwise
notified to us in writing before the expiry of the said date which will be
enforceable against us notwithstanding that the same is or are enforced after
the said date.

4. Should it be necessary to extend Bank Guarantee on account of any reason

whatsoever, we undertake to extend the period of Bank Guarantee on your
request under intimation to the VENDOR till such time as may be required by
you. Your decision in this respect shall be final and binding on us.

5. You will have the fullest liberty without affecting Bank Guarantee from time to
time to vary any of the terms and conditions of the RFP or extend the time of
performance of the RFP or to postpone any time or from time to time any of
your rights or powers against the VENDOR and either to enforce or forbear to
enforce any of the terms and conditions of the said RFP and we shall not be
released from our liability under Bank Guarantee by exercise of your liberty with
reference to matters aforesaid or by reason of any time being given to the
VENDOR or any other forbearance, act or omission on your part of or any
indulgence by you to the VENDOR or by any variation or modification of the
RFP or any other act, matter or things whatsoever which under law relating to
sureties, would but for the provisions hereof have the effect of so releasing us
from our liability hereunder provided always that nothing herein contained will
enlarge our liability hereunder beyond the limit of Rs..................(
Rupees....................................only ) as aforesaid or extend the period of the
guarantee beyond the said day of ...................... unless expressly agreed to by
us in writing.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 48 of 96
 6. The Bank Guarantee shall not in any way be affected by your taking or giving
up any securities from the VENDOR or any other person, firm or company on
its behalf or by the winding up, dissolution, insolvency or death as the case may
be of the VENDOR.

7. In order to give full effect to the guarantee herein contained, you shall be entitled
to act as if we were your principal debtors in respect of all your claims against
the VENDOR hereby guaranteed by us as aforesaid and we hereby expressly
waive all our rights of surety ship and other rights, if any, which are in any way
inconsistent with any of the provisions of Bank Guarantee.

8. Subject to the maximum limit of our liability as aforesaid, Bank Guarantee will
cover all your claim or claims against the VENDOR from time to time arising out
of or in relation to the said RFP and in respect of which your claim in writing is
lodged on us before expiry of Bank Guarantee.

9. Any notice by way of demand or otherwise hereunder may be sent by courier,

telex, fax, e-mail or registered post to our local address as aforesaid and if sent
accordingly it shall be deemed to have been given when the same has been
posted.

10. The Bank Guarantee and the powers and provisions herein contained are in
addition to and not by way of limitation of or substitution for any other guarantee
or guarantees here before given to you by us (whether jointly with others or
alone) and now existing un-cancelled and that Bank Guarantee is not intended
to and shall not revoke or limit such guarantee or guarantees.

11. The Bank Guarantee shall not be affected by any change in the constitution of
the VENDOR or us nor shall it be affected by any change in your constitution
or by any amalgamation or absorption thereof or therewith but will ensure to the
benefit of and be available to and be enforceable by the absorbing or
amalgamated company or concern.

12. The Bank Guarantee shall come into force from the date of its execution and
shall not be revoked by us any time during its currency without your previous
consent in writing.

13. We further agree and undertake to pay you the amount demanded by you in
writing irrespective of any dispute or controversy between you and the
VENDOR.

14. Notwithstanding anything contained herein above;

i) our liability under this Guarantee shall not exceed
Rs...............................................( Rupees.........................................only) ;
ii) this Bank Guarantee shall be valid up to and including the date ............. and

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 49 of 96
 iii) we are liable to pay the guaranteed amount or any part thereof under this
Bank Guarantee only and only if you serve upon us a written claim or demand
on or before the expiry of this guarantee.

15. We have the power to issue this Bank Guarantee in your favour under the
Memorandum and Articles of Association of our Bank and the undersigned has
full power to execute this Bank Guarantee under the Power of Attorney issued
by the Bank.

For and on behalf of

Branch Manager

Seal & Address

NOTE:
1. VENDOR SHOULD ENSURE THAT THE SEAL & CODE NO. OF THE
SIGNATORY IS PUT BY THE BANKERS, BEFORE SUBMISSION OF BG
2. STAMP PAPER IS REQUIRED FOR THE BG ISSUED BY THE BANKS
LOCATED IN MUMBAI.
3. BANK GUARANTEE IF SUBMITTED, SHOULD BE ACCOMPANIED WITH
COPY OF THE SFMS TRANSMITTED AT THE TIME OF ISSUE OF BANK
GUARANTEE. AS PER IBA NOTIFICATION NO. PS&BT/GOVT/2305 DATED 16-
MAR-2016 ALONG WITH MINISTRY OF FINANCE, GOVERNMENT OF INDIA
CIRCULAR F.NO.7/112/2011-BOA DATED 08-MAR-2016 WITH RESPECT TO
SENDING BANK GUARANTEE ADVICES THROUGH STRUCTURED FINANCIAL
MESSAGING SYSTEM (SFMS), IT IS NECESSARY TO CONFIRM THE
AUTHENTICITY OF THE BANK GUARANTEES (BG) BY SFMS MESSAGE. THE
SFMS SHOULD BE SENT TO FOLLOWING BRANCH:
BRANCH NAME & ADDRESS: BANK OF BARODA, BKC BRANCH, C-26, G-BLOCK,
BARODA CORPORATE CENTER, BANDRA EAST, MUMBAI-400051
IFSC CODE: BARB0BANEAS (FIFTH LETTER IS “ZERO”)
4. VENDOR SHOULD ENSURE THAT THE BANK GUARANTEE SHOULD
CONTAIN ALL TERMS & CONDITIONS AS PER THIS FORMAT. BANK
GUARANTEE SUBMITTED WITH ANY RIDER OR DEVIATION TO THE
STIPULATED TERMS & CONDITIONS WILL NOT BE ACCEPTED.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 50 of 96
Annexure 07 – Undertaking from the Bidder
To
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,
Sub: RFP FOR……………………………………………………………………………….
1. Having examined the Tender Documents including all Annexures and Appendices,
the receipt of which is hereby duly acknowledged, we, the undersigned offer to
supply, deliver, implement and commission ALL the items mentioned in the
‘Request for Proposal’ and the other schedules of requirements and services for
your bank in conformity with the said Tender Documents in accordance with the
schedule of Prices indicated in the Price Bid and made part of this Tender.
2. If our Bid is accepted, we undertake to comply with the delivery schedule as
mentioned in the Tender Document.
3. We agree to abide by this Tender Offer for 180 days from date of bid opening and
our Offer shall remain binding on us and may be accepted by the Bank any time
before expiry of the offer.
4. This Bid, together with your written acceptance thereof and your notification of
award, shall constitute a binding Contract between us.
5. a) We undertake that in competing for and if the award is made to us, in executing
the subject Contract, we will strictly observe the laws against fraud and corruption
in force in India namely “Prevention of Corruption Act 1988”.
(b)Commission or gratuities, if any paid or to be paid by us to agents relating to
this Bid and to Contract execution, if we are awarded the Contract are listed
below.
i. Name and Address of the Agent - ………………………(please specify NA
if not applicable)
ii. Amount and Currency in which Commission paid / payable -
…………..(please specify NA if not applicable)
iii. Purpose of payment of Commission (If commission is not paid / not
payable indicate the same here) - ……………………………….(please
specify NA if not applicable)
6. We agree that the Bank is not bound to accept the lowest or any Bid the Bank may
receive.
7. We certify that we have provided all the information requested by the bank in the
format requested for. We also understand that the bank has the exclusive right to
reject this offer in case the bank is of the opinion that the required information is
not provided or is provided in a different format.

Dated this…………………………………..by ……………………….20

Yours faithfully,

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 51 of 96
Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 52 of 96
Annexure 08–Pre-Bid Queries Form
(Please note that all pre-bid queried need to be send by email in excel format only)
[Please provide your comments in this section. You are requested to categorize your
comments under appropriate headings such as those pertaining to the Scope of work,
Approach, Work plan, Personnel schedule, Curriculum Vitae, Experience in related
projects etc. You are also requested to provide a reference of the page number, state
the clarification point and the comment/ suggestion that you want to propose as shown
below.]

Name of the Bidder:

Contact Person Name:
Tel No :
e-mail ID:

S. Page Point / Clarification point as Comment/ Suggestion

No. # Section stated in the tender
# document
1
2
3
4
5
6
7
8
9

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #
Date:

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 53 of 96
Annexure 09–Conformity Letter
(This letter should be on the letterhead of the Bidder duly signed by an
authorized signatory)
To
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,
Sub: RFP FOR………………………………………………………………………………...

Further to our proposal dated ………., in response to the Request for

Proposal………………………………………(Bank’s tender No. hereinafter referred to
as “RFP”) issued by Bank of Baroda (“Bank”) we hereby covenant, warrant and
confirm as follows:
We hereby agree to comply with all the terms and conditions / stipulations as contained
in the RFP and the related addendums and other documents including the changes
made to the original tender documents issued by the Bank shall form a valid and
binding part of the aforesaid RFP document. The Bank is not bound by any other
extraneous matters or deviations, even if mentioned by us elsewhere either in our
proposal or any subsequent deviations sought by us, whether orally or in writing, and
the Bank’s decision not to accept any such extraneous conditions and deviations will
be final and binding on us.
Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 54 of 96
Annexure 10 - Letter of Undertaking from OEM
(This letter should be on the letterhead of the OEM / Manufacturer duly signed
by an authorized signatory)
To
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,
Sub: RFP FOR ………………………………………………………………………………..
We ………………………… (Name of the OSD / OEM) who are established and
reputable manufacturers / developers of ………………………… having factories at
………, ……… and …………… do hereby authorize M/s ……………………… (who is
the Bidder submitting its bid pursuant to the Request for Proposal issued by the Bank)
to submit a Bid and negotiate and conclude a contract with you for supply of
……………………………………………… which are manufactured / developed by us
against the Request for Proposal received from your Bank by the Bidder and we have
duly authorized the Bidder for this purpose.
We undertake to perform the obligations as set out in the RFP in respect of such
services and hereby extend our support and services through M/s.………………
during the 5 year contract period as per terms and conditions of the RFP.
We assure you that in the event of M/s ……………………… not being able to fulfill its
obligation as M/s ……………………… Bidder in respect of the terms defined in the
RFP, …………………………………… (OEM / OSD Name) would continue to meet
these either directly or through alternate arrangements without any additional cost to
the Bank
Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 55 of 96
Annexure 11–Undertaking of Information Security
(This letter should be on the letterhead of the Bidder as well as the OEM/
Manufacturer duly signed by an authorized signatory on Information security
as per regulatory requirement

To
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,
Sub: RFP FOR ………………………………………………………………………………..

We hereby undertake that the proposed hardware / software to be supplied will be free
of malware, free of any obvious bugs and free of any covert channels in the code (of
the version of the application being delivered as well as any subsequent
versions/modifications done)

Further we undertake that the Software/ hardware and Services which will be delivered
or provided under this Agreement are not infringe any IPR such as patent, utility model,
industrial design, copyright, trade secret, mask work or trade mark

Dated this…………………………………..by ……………………….20

Yours faithfully,

Authorized Signatory
Name:
Designation:
Bidder’s Corporate Name
Address
Email and Phone #

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 56 of 96
Annexure 12 – Project Details (Scope of Work)

REQUIREMENT BACKGROUND
Bank of Baroda has several branch offices for their existing customers, distributed
across multiple states in India. For each of these branch offices corporate endpoint
assets are provided to the bank employees for performing activities related to daily
business operations.
Now, Bank envisages to have computers (desktops) in each of these mentioned
branch offices with dedicated internet connectivity from the locally available service
providers which is different from the currently provided connectivity to datacenter.
Although these desktops will be used by the bank employees but these will not be a
part of the existing corporate domain polices, hence the bank will be having limited
security controls that can be applied and enforced.
The objective is to implement a SaaS based proxy solution to protect these endpoints
from any potential web threats such as anonymous proxy, botnets and other web-
based attacks that enables the bank to focus on strategic security, such as policy and
architecture, rather than on the operational tasks of managing network infrastructure.
BRIEF SCOPE OF WORK
The solution should be completely cloud managed and should work independently
without dependency on any third party or existing in use endpoint and network
system/solution available with the bank. The solution should work with single agent
installation for all the functionality & should consume low resources of endpoint
devices. The solution should support & work with MS windows client OS (Windows
10) & MAC OS. The solution should be managed from single console / dashboard.
The SoW includes (but not limited to) the tasks overview to establish protection that is
best for banks environment as mentioned here:
 Availability of valid feature licenses of the proposed SaaS based proxy solution.
 Provisioning of cloud based proxy and configure / set up the access rules as
desired by the Bank.
 Install and maintain the agent on compatible desktop platforms enforcing internet
usage policies.
 For traffic forwarding using PAC file, testing connectivity to the cloud service.
 Solution deployment to be tested for full functionality, performance, and security
compliance on a few selected endpoints during the install phase before rolling out
into production. The full testing will be based on the mutually agreed test criteria.
 Software packages to be offered should be legally valid, licensed and latest version
along with the complete set of manuals along with the media.
 Solution to be deployed and configured as per best recommendation practices.
 Any performance issue observed during deployment/implementation or new
feature requests shall be treated as a regular incident and will be subject to OEM’s
support review and assistance.
 Handover to Bank/Managed Service Provider (MSP) with full functionality and
technical knowledge transfer to Bank & MSP

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 57 of 96
IMPLEMENTATION SCOPE OF BIDDER
This section of document describes the overall work that has to be done in regards to
the deployment and implementation of cloud proxy solution in the bank’s environment.
 The selected Bidder shall be required to understand the solution and based on this
understanding and the requirements specified in the RFP, shall propose and
submit the approach document explaining in detail the entire architecture (physical
and logical) of the solution, its integration with the other solutions of the Bank,
management & monitoring of the solution, and project plan (including the transition
plan with timelines).
 The Bidder shall be responsible for configuration and testing of the cloud proxy
solution in the branch office locations identified by the bank.
 The Bidder shall ensure that during various phases of implementation of the
solution and during the contract period, the performance, security, etc. of the
existing setup/network shall not be compromised.
 The Bidder shall be responsible for preparation and updating (periodically or as
and when there are considerable changes) of all the documents pertaining to the
Solution including (but not limited to) the following:
 Logical and physical architecture of the solution
 Low & High-Level Design
 Standard Operating Procedure (SOP) for various activities pertaining to the
management and configuration of the Solution
 User and Administrator Guide/manual
 The bidder shall commence the implementation of the solution only after the
acceptance of the proposal by the Bank.
IMPLEMENTATION STEPS
Following are the procedural steps to be followed for the easy implementation and
maximize the overall solution efficacy (but not limited to):
1. Verify if customer already has a account, else if needed create one for the proxy
deployment project.
2. Provisioning of the SaaS service with the procured cloud proxy feature licenses.
3. Identify the internet gateway public IP address to verify that traffic forwarded by
users to cloud is from customer's network.
4. Creation of hosted users (username & password) required for accessing internet
via the cloud proxy service.
5. Create access policies to filter traffic as per banks requirement and best practices
recommended by OEM.
6. Verification of compatible platforms mentioned on the OEM’s official
documentation portal.
7. Download the agent from the SaaS management console and install as per the
feasible local deployment methods.
8. Verify the working status of agent by:
 Icon in the system tray
 Agent's services are in started state

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 58 of 96
9. Test the connectivity and created policies by generating traffic from endpoints with
functional agents.
10. Monitor the console dashboard / access logs to verify web traffic status.
11. Confirm and validate the agent connectivity / filtering with the policy configurations.
12. Fine tune the configuration if required as based on above monitoring status.
13. Perform any additional integration task (ex. with SIEM) if required by the bank.
14. Generate / Schedule internet activity reports as per the bank’s requirement.
BANK’S PROJECT TECHNICAL AND FUNCTIONAL REQUIREMENTS
Functional & technical scoring will be evaluated on following criteria as part of technical
evaluation
 Requirement available as part of solution (RA) – 2 Marks
 Requirement will be provided as customization (RC) – 1.5 Marks
 Requirement is feasible and to be developed (RD) – 1 Mark
Total Marking will proportionate to 50 marks and accordingly bidders “Product Demo”
marks will be calculated.
S. General Requirement Marking Bidders
No as per Remarks
RA/ RC/
RD
1 The proposed solution must provide protection
against full scope of web threats by having advanced
threat protection capabilities including anti-malware
with machine learning, web reputation, URL filtering,
application visibility and control and HTTP's
decryption to deploy gateways in the cloud—
protecting users no matter where they are.
2 The proposed solution must have a single,
centralized cloud-based management console to
define centralized policies across cloud-based
deployment instances to monitor web use in real time.
The management of policy shall be performed via
GUI based management console must not be
performed as command-line based tools (e.g. CLI,
SSH).
3 The proposed solution must not be declared End of
Life (EoL) or End of Support (EoS) for a period of 5
years from the date of commissioning of the solution.
In case, OEM declares their product’s end of life
during the contract period, Bidder should provide
upgraded version of the products without any
additional cost to the Bank.
4 The solution should be a dedicated web gateway
solution and should have capability from day 1 for
advanced L7 firewall for application filtering, IPS,

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 59 of 96
 Anti-virus, anti-malware and zero-day attack
prevention
5 Solution shall not be a hardware appliance-based
offering.
6 The solution shall support mobile devices iOS,
Android, Windows, Mac OS, Chrome, Red Hat
Enterprise Linux, Ubuntu) to forward web traffic from
these devices to provide web protection.
7 The solution must support web filtering of roaming
endpoints / users which are not connected to
corporate network.
8 The solution should have security filtering engines
and technologies to provide customizable policies for
scanning web traffic and protect your network from
advanced persistent threats and emerging unknown
threats.
9 The proposed solution shall provide an
agent/agentless option for client machines that
enforce the use of PAC file or dedicated end point
agent for traffic forwarding and automatically
deploying certificate to the supported browsers.
Agent must be supported for the below operating
systems: Microsoft Windows, Apple mac OS,
Android. The agent on the client machines should be
tamperproof and the agent on the client machines
should requires a password to prevent unauthorized
uninstallation of the agent.
10 The solution should work with the local breakout of
internet i.e. centralization of internet must not be a
prerequisite.
11 The solution should be capable to understand
Applications irrespective of any ports/ protocols.
12 The solution should support custom application
signature for Bank's home-grown apps based on port-
protocol and matching data patterns
13 The solution should have local India region gateways
from day 1. However, since Bank of Baroda has
global presence, the same solution should be
upgradable, to cover locations across 18+ countries
with local web content delivery, if required in future.
14 The solution / cloud service should provide a monthly
uptime SLA of 99.999%. Bidder should provide a link
to public document from OEM which confirms these
SLAs.
15 The cloud web security solution should provide an
hourly Security Processing Latency of 10ms with an
SLA of 99.99%. Bidder should provide a link to public
document from OEM which confirms these SLAs.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 60 of 96
16 The solution should have flexibility to add native
Digital Experience Management integrated with the
same endpoint agent (for proxy) and same
management console. The Bank should be able to
add the same, if required in future, with just an
addition of a new subscription.
17 Solution should have Microsoft Networking Partners
Program (NPP) Certification to provide a direct,
efficient path for their users to Microsoft 365 products,
ensuring an optimal user experience in accordance
with Microsoft connectivity principles.
18 Solution should have Daily Third-Party SaaS
Application Latency for APAC of max 75ms for
99.99% for applications like- Microsoft O365, Google
G Suite, Salesforce, Box and Slack. Bidder should
provide a link to public document from OEM which
confirms these SLAs.
19 The proposed solution provider must have cloud
service hosted in different geographical locations with
data centre’s based out of India region from day1.
Bank of Baroda has global presence, hence, the
same solution should be upgradable, to cover
locations across 70+ countries with local web content
delivery, if required in future.
20 The cloud security solution should be SOC2 Type II
certified.
21 The proposed solution shall support multiple
methods for traffic forwarding that includes:
• Direct Proxy Setup
• PAC files
• Port Forwarding
• Mobile VPN
22 The solution proxy shall have the capability to be
deployed via PAC or Direct Proxy FQDN.
23 The solution should have complete license for web
security, Antivirus, SSL, and content inspection. The
Solution should intercept user requests for web
destinations HTTP, HTTPs, HTTP2 for web security
and in-line AV scanning for FTP, IMAP, POP3, SMTP
and SMB protocols
24 The proposed solution shall be capable of decrypting
HTTPS traffic.
25 The solution shall be capable to setup policy to
decrypt HTTPS traffic by web category.
26 The solution shall be able to create multiple
decryption rules and to prioritize them to determine
which decryption rules take precedence when
applied.
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 61 of 96
27 The solution should provide an exception list to let
administrators add specific pages, links, or
subdomains they do not want to tunnel within the
trusted domains.
28 The solution shall be capable to support multiple root
CA for HTTPS decryption as defined in policies.
29 The solution shall be capability to import intermediate
root CA for HTTPS decryptions
30 Solution shall be capable to have action while a
server CA failed in validation. Failed case must
include non-trust CA, expired CA. Action must include
Block, Allow.
31 The solution should allow administrators to maintain
a list of trusted domains or URLs, who’s HTTPS traffic
will not be subject to policy rules, and always be
accessible by end users without being decrypted and
inspected.
32 The solution shall be capable of taking action while a
server CA failed in validation.
• The failed cases must include non-trusted CA and
expired CA.
• The actions must include choices for Block, Allow.
33 The solution should support SSL decryption for O365
web applications for granular control and threat
inspection
34 The solution shall be able to log the main domain of
auto-tunnelled website.
35 The proposed solution shall be capable to support
below protocol/method for user authentication
• Captive Portal
• Guest Logon
• SAML Based auth/ LDAP/ Local Database
36 Solution must have User Posture Assessment built in
which can perform Certificate check, Domain check,
AV agent check, BOB Custom apps check, Patch
management check, process and registry check on
endpoints
37 The solution shall have the capability to setup policy
based on:
• (Directory/Domain) user or group
• Traffic type (URL filtering category, Application
Control)
• File type (MIME, True File type, or File name)
• Scheduled date/time
• Action: Block and Allow
38 The solution shall be able to setup custom
categories as defined by domains or URLs for policy
configuration.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 62 of 96
39 The solution must support URL filtering to restrict
users accessing by web categories
40 Proposed solution shall be application based and not
port-based and protocol based.
41 The solution must support at least 70+ pre-defined
web categories for URL filtering, and allow for adding
customized categories.
42 The solution must support "application control" to
restrict user access, known Internet applications.
43 The solution should support public cloud access and
DC corporate application access using single
management, configuration and reporting console
and single agent for endpoints, whenever required in
future, with just a license/subscription upgrade
without the need of any additional/ separate VPN
solution
44 The solution should support bi-directional
communication for accessing the resources. For e.g.-
branch to branch, branch to DC/DR, DC/DR to
branch, branch to mobile users, mobile users to
mobile users, mobile users to branch, mobile users to
DC/DR, DC/DR to mobile users, DC to DR, DR to DC
etc.
45 Solution must protect user credentials by preventing
employees to submit their corporate credentials to
any unauthorised websites based on URL categories.
This functionality should be inline without any need of
3rd party service or agent
46 The solution must support ""application control""
through user/group-based policies with actions. The
policy actions must include Block, Warning, Allow,
and Continue options.
47 The solution must have out-of-box security templates
that contain configurable threat protection that are
used in creating access rules.
48 Solution shall be capable of detecting botnets through
as identified by URL and IP.
49 The solution shall be capable of detecting malicious
websites by the rating scores through some type of
Web Reputation Services.
50 Solution shall be capable of blocking malicious
websites by "web category".
• Minimum requirement of category must include:
Porn/Adult/Nudity, Terrorism, Command and control,
Phishing, Malware, peer-to-peer, newly registered
domains, crypto currency, high-risk, medium-risk and
low risk.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 63 of 96
51 The solution shall be able to detect and block
content by MIME type, as well as true file type:
• Must support user-based, as well as group-based
policies.
• Must support actions by policy.
• Must support below true file type like: EPS, CHM,
GZ, RAR, SIT, TAR, ZIP, FLV, M4A, MID, MOV,
MP4, MP3, RA/RM, SWF, AVI, COM, DLL, EXE,
LNK, MSI, BMP, GIF, JPEG, PNG, PSD, TIF,
DOC/X, PDF, PPT/X, XLS/X
52 The cloud sandboxing shall be capable to detect
malware with following File sizes:
PE/ Executables - upto 15 MB,
APK upto 10MB,
PDF - upto 3 MB,
MS office - uptp 16 MB,
JAR/Flash - 5MB,
Archive file upto 50 MB
53 The solution must use advanced machine learning,
static, dynamic and bare metal analysis in the cloud
sandboxing environment to detect emerging
unknown security risks and prevent the threat from
continuing to spread across your network
54 The solution shall be capable to detect exploitable
documents.
• The supported file types must include Microsoft
Office documents and PDF file.
• All critical CVE based exploits on these files must be
detected
55 The solution should have capabilities to inspect
malware embedded in PDF, word, PPT files.
56 The solution must support different types of
compression algorithms and scan nested
compressed files.
57 DNS Based attacks of following types should be
covered for protection
- Domain Generation Algorithm (DGA)
- Dictionary DGA
- DNS Tunnelling
- Ultra-Slow DNS Tunnelling
- Dangling DNS Attacks
- Malicious Newly Registered Domains (NRD)
- Ultra-Slow DNS Tunnelling
- Fast Flux Domains

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 64 of 96
58 Cloud sandboxing for zero-day attack prevention
should be supported for following file types
- Android application package (APK) files
- Adobe Flash files
- Java Archive (JAR) files
- Microsoft Office files
- Portable executable (PE) files
- Links contained in emails
- Mac OS X files
- Linux (ELF) files
- Archive (RAR and 7-Zip) files
- Script (BAT, JS, VBS, PS1, Shell script, and HTA)
files
Please mentions if there are any exclusions
59 The solution should have efficient anti-malware
engines
60 The solution should be capable of providing AV and
Sandboxing capabilities for all traffic (all ports /
protocols, Web & Non-Web, Non-standard ports etc.)
and all destinations (Data Centre, Public Cloud,
SaaS, Internet)
61 Av and Malware signatures should not be limited to
hash-based signatures. Solution should support
payload-based signatures
62 All threat prevention services - AV, IPS, URL filtering,
Sandboxing, DNS security should be from the OEM
itself proposing this solution and should not be
licensed from 3rd parties
63 Solution must have ability to auto-integrate various
threat prevention services at the backend. For
example, if new malware is found in cloud sandboxing
which has new malicious url or c2, solution should
automatically update the url categories, c2 database
giving better coverage for unknown threats
64 The solution should support dynamic URL
Categorization technology to perform real time
categorization of the website based on the website
content and HTTP URL.
65 The solution shall provide customized URL
categories to add URLs that are not part of the
predefined categories to be referenced in access
rules.
66 The solution should have strong URL filtering
database to real time threats updates, new signatures
and URL database like Phishing, Malicious sites,
Porn sites, Weapons, Financial services, Coin
miners, social networking, Software downloads,
Religion based sites, Gambling sites, Proxy
avoidance and anonymizer, command and control,
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 65 of 96
 advanced malware payloads, C& C, ransom ware
detection, etc. Also, in-addition solution should have
ability to configure custom categories for the
organization.
67 The solution shall integrate with popular search
engines and online services, including Google,
Yahoo, Bing, and YouTube, to leverage their search
safety feature.
68 The solution shall support URL's to approved/blocked
URL list by match methods like
website/keyword/string. Additionally, provision shall
be provided to import to Approved or Blocked URL's
list.
70 The solution should have a large number of
applications in its application category groups and'
should have pre-defined categories like Web,
Webmail, Audio/Video, Game, Instant Messaging,
Network Service, Application service, peer-to-Peer,
File server, File transfer, Forum.
71 The solution should have centralized architecture for
monitoring, reporting, notification, maintaining and
policies through single cloud-based web
management console.
72 The solution should be able to provide dashboards to
monitor web activities that can show top "x" items to
display for application categories, Malwares,
malware, URL categories, ransom ware domains.
73 The solution shall be able to generate alerts to
administrators which can turned on/off as per
requirement.
74 The solution should be provided default notification
pages and also able to customizable user notification
as necessary.
75 The solution shall be capable to define PAC/Agent in
one console. The PAC/Agent shall be editable via
GUI based management console.
76 The solution shall backup and restoration all created
policies, up to 10 backup files shall be supported.
77 The solution should support real time graphical and
chart-based dashboard for the summary of activities
over Web.
78 The solution should be able to schedule reports and
also provide the flexibility to generate on-demand or
scheduled reports in daily/weekly/monthly/ or specific
range (by day and time) to help analyse threats and
security-related events.
80 The solution should be able to provide log analysis to
identify resources at a higher risk of infection or

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 66 of 96
 attack. Administrators can query logs for as long as
31 days from the past 180 days.
81 The solution should be able to provide audit logs that
helps to track the changes made by administrators.
Administrators can query audit logs for as long as 31
days from the past three years.
82 The solution shall provide selection of columns to log
item to be displayed in table, the columns should
include but not limited to Time, User Name, Active
Directory Domain, Reason for Action,
Profile/Template Name, Rule Name, Action, Malware
Name, App Name, Server IP, Client/Server IP, MIME
Type, Domain, URL
84 The solution shall be capable to show statistics of the
last minimum 7 days on the dashboard.
85 The solution should support forwarding access and
audit logs to Syslog or SIEM functions.
84 The solution shall be capable to export raw access
logs with Syslog protocol. Minimum support: Syslog
or CEF
86 The solution shall be capable to let administrator to
define the SIEM Key and Value for secure exporting
of logs.
DISASTER RECOVERY MECHANISM
The proposed solution must be capable of and compatible for Disaster Recovery
Implementation. The successful bidder should describe the provisions for disaster
recovery and show that the proposed solution facilitates disaster recovery.
The bidder needs to submit the technical architecture relating to data/Configuration
replication between primary and secondary site.
TRAINING
The successful bidder needs to provide advanced training for 3 banks officials
(Training & Certification) by OEM certified trainer and one administrator training for 2
officials in DC and DR site.
SERVICE LEVELS AND UPTIME GUARANTEE
For details, please refer to Annexure that provides the service levels for the Solution.
DELIVERY
All the Services / Resource(s) should be delivered within -02- months from the date of
purchase order. Any deliverable has not been supplied or not operational on account
of which the implementation is delayed, will be deemed/treated as non-delivery
thereby excluding the Bank from all payment obligations under the terms of this
contract.
Bidder will have to pay late delivery charges to Bank of Baroda @ 1% of Total Contract
Value inclusive of all taxes, duties, levies etc., per week or part thereof, for late
implementation beyond due date of implementation, to a maximum of 5% of total
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 67 of 96
contract value. If delay exceeds beyond two weeks from due date of delivery, Bank of
Baroda reserves the right to cancel the entire order.
The bidder must strictly adhere to the delivery dates or lead times identified in their
proposal and as agreed by the Bank. Failure to meet these delivery dates, unless it is
due to reasons entirely attributable to the Bank, may constitute a material breach of
the Bidder’s performance. In the event that the Bank is forced to cancel an awarded
contract (relative to this tender document) due to the Bidder’s inability to meet the
established delivery dates or any other reasons attributing to the bidder then that
bidder will be responsible for any re-procurement costs suffered by the Bank. The
liability in such an event could be limited to the differential excess amount spent by the
Bank for procuring similar deliverables and services.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 68 of 96
Annexure 13–Service Levels
The Bank expects that the successful Vendor to adhere to the following minimum
Service Levels:
 Any fault/ issue/ defect failure intimated by Bank through any mode of
communication like call/e-mail/fax etc. are to be acted upon, so as to adhere to the
service levels. Business/ Service Downtime and Deterioration shall be the key
considerations for determining “Penalties” that would be levied on the Successful
Vendor.
 The Vendor should have 24X7 monitoring, escalation and resolution infrastructure.
 Time bound problem addressing team (onsite/offsite) for the complete contract
period.
 Vendor to arrange for updation required in the system to meet the changes
suggested by RBI/ Govt. of India/ regulatory authorities/tax authorities towards
compliance as part of ATS at no extra cost to bank for the entire contract period.
Any delay in meeting the timelines would result in penalty.
Vendor will have to guarantee a minimum uptime of 98.0%, calculated on a monthly
basis. Application (As a whole / any module of the application) availability will be 98.0%
on 24x7x365. The penalty will be calculated as per the details given below.

Uptime percentage - 100% less Downtime Percentage

Downtime percentage - Unavailable Time divided by Total Available Time, calculated
on a monthly basis.
Total Available Time – 24 hrs per day for seven days a week excluding planned
downtime
Unavailable Time - Time involved while the solution is inoperative or operates
inconsistently or erratically.

Uptime
Penalty Details
Percentage

A >= 98.0% No Penalty

Penalty at an incremental rate of 10% of cost of monthly

A < 98.0% subscription charges for every 0.1% lower than the
stipulated uptime

The uptime percentage would be calculated on monthly basis and the calculated
amount would be adjusted from every subsequent quarter payment. The SLA charges
will be subject to an overall cap of 10% of the Monthly subscription Charges and
thereafter, Bank has the discretion to cancel the contract. If Vendor materially fails to
meet an uptime of 98.0% for three (3) consecutive months, the Bank may have the
right to terminate the contract. In case if there are no pending invoices to be paid by
the Bank to the vendor, the vendor has to submit a Demand Draft / pay order / cheque
payable at Mumbai in favour of Bank of Baroda for the same within 15 days from the
notice period from the Bank.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 69 of 96
Annexure 14–Masked Commercial Bid

Year 1 Year 2 Year 3 Year 4 Year 5

Total cost
for 5
Particulars Qty Unit Total Unit Total Unit Total Unit Total Unit Total Years
Cost cost Cost cost Cost cost Cost cost Cost cost (Rs)
(Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs)
Annual Subscription &
Tech Support Cost per
6,000
agent*
One Time
Implementation,
- - - - - - - - -
Integration & Initial
Customization Cost
Onsite Support 365
Charges** Days
Additional
Customization Service -
Charges***
Total Cost for 5 years

*Number of Agents in the contract period is indicative maximum for calculation purpose. Actual utilization may vary as per the requirement.
Payment for the subscription cost will be done on actual utilization basis, based on the unit cost provided by the bidder.
** Bidder needs to provide Onsite Support Charges for 1 Man Day Cost (which will be for 8 Hours shift per day) as Unit Cost. The bank has
discretion to avail or not to avail dedicated support services and number of support engineers at person day cost given. However, for the
TCO purpose 1 person day (1 shift x 1 person) x 365 for each year will be considered.
***100 Man days per year customization effort for any new enhancement related to business requirement (as and when Bank uses).
We abide by following terms and conditions
a. For each of the above items provided the vendor is required to provide the cost for every line item where the vendor has considered the
 cost in BOM.
b. The vendor needs to clearly indicate if there are any recurring costs included in the above bid and quantify the same. In the absence of
this, the vendor would need to provide the same without any charge. Vendor should make no changes to the quantity.
c. If the cost for any line item is indicated as zero then it will be assumed by the Bank that the said item is provided to the Bank without
any cost.
d. All Deliverables to be supplied as per RFP requirements provided in the tender
e. The Service Charges need to include all services and other requirement as mentioned in the RFP
f. The vendor has to make sure all the arithmetical calculations are accurate. Bank will not be held responsible for any incorrect calculations
however for the purpose of calculation Bank will take the corrected figures / cost.
g. All prices to be in Indian Rupee (INR) only.
h. Prices quoted by the Vendor should be inclusive of all taxes, duties, levies etc. except GST which will be paid extra at actuals. The
Vendor is expected to provide the GST amount and GST percentage in both the commercial and masked bids (without amounts being
submitted in the technical response). There will be no price escalation for during the contract period and any extension thereof. Bid
submitted with an adjustable price quotation will be treated as non-responsive and will be rejected
i. Unit wise implementation must be provided by vendor. These prices would be considered for the calculation of TCO (Total Cost of
Ownership).The Bank has discretion to avail any of these optional functionalities as per Bank’s requirement during the contract period.
j. All Quoted Commercial Values should comprise of values only upto 2 decimal places. Bank for evaluation purpose will consider values
only upto 2 decimal places for all calculations & ignore all figures beyond 2 decimal places.

Authorized Signatory
Name:
Designation:
Vendor’s Corporate Name

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 71 of 96
Annexure 15–Commercial Bid

Year 1 Year 2 Year 3 Year 4 Year 5

Total cost
for 5
Particulars Qty Unit Total Unit Total Unit Total Unit Total Unit Total Years
Cost cost Cost cost Cost cost Cost cost Cost cost (Rs)
(Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs) (Rs)
Annual Subscription &
Tech Support Cost per XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX
6,000
agent*
One Time
Implementation,
- XXX XXX - - - - - - - - XXX
Integration &
Customization Cost
Onsite Support 365
XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX
Charges** Days
Additional
Customization Service - XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX XXX
Charges***
Total Cost for 5 years XXX

*Number of Agents in the contract period is indicative maximum for calculation purpose. Actual utilization may vary as per the requirement.
Payment for the subscription cost will be done on actual utilization basis, based on the unit cost provided by the bidder.
** Bidder needs to provide Onsite Support Charges for 1 Man Day Cost (which will be for 8 Hours shift per day) as Unit Cost. The bank has
discretion to avail or not to avail dedicated support services and number of support engineers at person day cost given. However, for the
TCO purpose 1 person day (1 shift x 1 person) x 365 for each year will be considered.
***100 Man days per year customization effort for any new enhancement related to business requirement (as and when Bank uses).

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 72 of 96
We abide by following terms and conditions
k. For each of the above items provided the vendor is required to provide the cost for every line item where the vendor has considered the
cost in BOM.
l. The vendor needs to clearly indicate if there are any recurring costs included in the above bid and quantify the same. In the absence of
this, the vendor would need to provide the same without any charge. Vendor should make no changes to the quantity.
m. If the cost for any line item is indicated as zero then it will be assumed by the Bank that the said item is provided to the Bank without
any cost.
n. All Deliverables to be supplied as per RFP requirements provided in the tender
o. The Service Charges need to include all services and other requirement as mentioned in the RFP
p. The vendor has to make sure all the arithmetical calculations are accurate. Bank will not be held responsible for any incorrect calculations
however for the purpose of calculation Bank will take the corrected figures / cost.
q. All prices to be in Indian Rupee (INR) only.
r. Prices quoted by the Vendor should be inclusive of all taxes, duties, levies etc. except GST which will be paid extra at actuals. The
Vendor is expected to provide the GST amount and GST percentage in both the commercial and masked bids (without amounts being
submitted in the technical response). There will be no price escalation for during the contract period and any extension thereof. Bid
submitted with an adjustable price quotation will be treated as non-responsive and will be rejected
s. Unit wise implementation must be provided by vendor. These prices would be considered for the calculation of TCO (Total Cost of
Ownership). The Bank has discretion to avail any of these optional functionalities as per Bank’s requirement during the contract period.
t. All Quoted Commercial Values should comprise of values only upto 2 decimal places. Bank for evaluation purpose will consider values
only upto 2 decimal places for all calculations & ignore all figures beyond 2 decimal places.

Authorized Signatory
Name:
Designation:
Vendor’s Corporate Name

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 73 of 96
Annexure 16 - Performance Guarantee
BANK GUARANTEE
(FORMAT OF PERFORMANCE BANK GUARANTEE)
To
Chief Technology Officer
Bank of Baroda
Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

WHEREAS M/S …………………………………………… (Name of Bidder) a Company

registered under the Indian Companies Act, 1956 and having its Registered Office at
, (Please provide complete address) (hereinafter referred to as "Bidder") was awarded
a contract by Bank of Baroda (the Bank) vide their Purchase Order no.
……………………………… dated …………………………. (hereinafter referred to as
“PO”) for …………………………….
…………………………………………………………………….

AND WHEREAS, in terms of the conditions as stipulated in the PO and the Request
for Proposal document No. …………………. Dated …………………….. for
………………………… …………………………………………………………………….
(hereinafter referred to as “RFP”), the Bidder is required to furnish a Performance Bank
Guarantee issued by a Public Sector Bank/ schedule commercial bank in India other
than the Bank of Baroda in your favour for Rs……………………./- towards due
performance of the contract in accordance with the specifications, terms and
conditions of the purchase order and RFP document (which guarantee is hereinafter
called as "BANK GUARANTEE").

AND WHEREAS the Bidder has approached us for providing the BANK GUARANTEE.

AND WHEREAS at the request of the Bidder, WE,

..……………………………...……………,a body corporate in terms of the Banking
Companies Acquisition and Transfer of Undertakings Act,1970/1980 having it’s
.................................................................. Office at …………… and a branch interalia
at................................................................... India have agreed to issue the BANK
GUARANTEE.

THEREFORE, WE, (name of Bank and it’s address)

........................................................through our local office at
............................................. India furnish you the BANK GUARANTEE in manner
hereinafter contained and agree with you as follows:
1. We ...................................... do hereby expressly, irrevocably and unconditionally
undertake to pay the amounts due and payable under this Guarantee without
any demur, merely on demand from you and undertake to indemnify you and keep
you indemnified from time to time and at all times to the extent of Rs.
………............./-(Rupees …………………………………………………………..
only) against any loss or damage caused to or suffered by or that may be caused
to or suffered by you on account of any breach or breaches on the part of the
 Bidder of any of the terms and conditions contained in the PO and RFP / SLA and
in the event of the Bidder committing default or defaults in carrying out any of the
work or discharging any obligation under the PO or RFP document or otherwise
in the observance and performance of any of the terms and conditions relating
thereto in accordance with the true intent and meaning thereof, we shall forthwith
on demand pay to you such sum or sums not exceeding the sum of
Rs.……………/-.(Rupees ………………………………………………
…………………………………………… only) as may be claimed by you on
account of breach on the part of the Bidder of their obligations or default in terms
of the PO and RFP.
2. Notwithstanding anything to the contrary contained herein or elsewhere, we agree
that your decision as to whether the Bidder has committed any such breach/
default or defaults and the amount or amounts to which you are entitled by reasons
thereof will be binding on us and we shall not be entitled to ask you to establish
your claim or claims under Bank Guarantee, but will pay the same forthwith on
your demand without any protest or demur. Any such demand made by Bank of
Baroda shall be conclusive as regards the amount due and payable by us to you.
3. This Bank Guarantee shall continue and hold good until it is released by you on
the application by the Bidder after expiry of the relative guarantee period provided
always that the guarantee shall in no event remain in force after
……............................ (date) without prejudice to your claim or claims arisen and
demanded from or otherwise notified to us in writing before the expiry of the said
date which will be enforceable against us notwithstanding that the same is or are
enforced after the said date.
4. You will have the fullest liberty without our consent and without affecting our
liabilities under this Bank Guarantee from time to time to vary any of the terms and
conditions of the PO and RFP or extend the time of performance of the contract
or to postpone for any time or from time to time any of your rights or powers against
the Bidder and either to enforce or forbear to enforce any of the terms and
conditions of the said PO and RFP and we shall not be released from our liability
under Bank Guarantee by exercise of your liberty with reference to matters
aforesaid or by reason of any time being given to the Bidder or any other
forbearance, act or omission on your part or any indulgence by you to the Bidder
or any other act, matter or things whatsoever which under law relating to sureties,
would but for the provisions hereof have the effect of so releasing us from our
liability hereunder provided always that nothing herein contained will enlarge our
liability hereunder beyond the limit of Rs. ……………./-( Rupees……………
…………………………………………………… only) as aforesaid or extend the
period of the guarantee beyond the said ...................... (date) unless expressly
agreed to by us in writing.
5. The Bank Guarantee shall not in any way be affected by your taking or giving up
any securities from the Bidder or any other person, firm or company on its behalf
or by the winding up, dissolution, insolvency or death as the case may be of the
Bidder.
6. In order to give full effect to the guarantee herein contained, you shall be entitled
to act as if we were your principal debtors in respect of all your claims against the
Bidder hereby guaranteed by us as aforesaid and we hereby expressly waive all
our rights of surety ship and other rights, if any, which are in any way inconsistent
with any of the provisions of Bank Guarantee.
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 75 of 96
7. Subject to the maximum limit of our liability as aforesaid, Bank Guarantee will
cover all your claim or claims against the Bidder from time to time arising out of or
in relation to the PO and RFP and in respect of which your claim in writing is
lodged on us before expiry of Bank Guarantee.
8. Any notice by way of demand or otherwise hereunder may be sent by special
courier, telex, fax or registered post to our local address as aforesaid and if sent
accordingly it shall be deemed to have been given when the same has been
posted.
9. The Bank Guarantee and the powers and provisions herein contained are in
addition to and not by way of limitation of or substitution for any other guarantee
or guarantees hereto before given to you by us (whether jointly with others or
alone) and now existing enforce and this Bank Guarantee is not intended to and
shall not revoke or limit such guarantee or guarantees.
10. The Bank Guarantee shall not be affected by any change in the constitution of the
Bidder or us nor shall it be affected by any change in your constitution or by any
amalgamation or absorption thereof or therewith but will ensure to the benefit of
and be available to and be enforceable by the absorbing or amalgamated
company or concern.
11. The Bank Guarantee shall come into force from the date of its execution and shall
not be revoked by us any time during its currency without your previous consent
in writing.
12. We further agree and undertake to pay you the amount demanded by you in
writing irrespective of any dispute or controversy between you and the Bidder in
any suit or proceeding pending before any court or Tribunal relating thereto, our
liability under this present being absolute and unequivocal. The payments so
made by us shall be a valid discharge of our liability for payment here under and
the Bidder shall have no claim against us for making such payment.
13. Notwithstanding anything contained herein above;
a. our liability under this Guarantee shall not exceed Rs. ………………./- (Rupees
……………………………………………………only)
b. this Bank Guarantee shall be valid and remain in force upto and including the
date ............. and
c. we are liable to pay the guaranteed amount or any part thereof under this Bank
Guarantee only and only if you serve upon us a written claim or demand on or
before the expiry of this guarantee.
14. We have the power to issue this Bank Guarantee in your favour under the
Memorandum and Articles of Association of our Bank and the undersigned has
full power to execute this Bank Guarantee under the Power of Attorney issued by
the Bank.

Dated this the ……… day of …………………….., 20…..

For and on behalf of
Branch Manager
Seal and Address

NOTE:
1. VENDOR SHOULD ENSURE THAT THE SEAL & CODE NO. OF THE
SIGNATORY IS PUT BY THE BANKERS, BEFORE SUBMISSION OF BG

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 76 of 96
2. STAMP PAPER IS REQUIRED FOR THE BG ISSUED BY THE BANKS
LOCATED IN MUMBAI.
3. BANK GUARANTEE IF SUBMITTED, SHOULD BE ACCOMPANIED WITH
COPY OF THE SFMS TRANSMITTED AT THE TIME OF ISSUE OF BANK
GUARANTEE. AS PER IBA NOTIFICATION NO. PS&BT/GOVT/2305 DATED 16-
MAR-2016 ALONG WITH MINISTRY OF FINANCE, GOVERNMENT OF INDIA
CIRCULAR F.NO.7/112/2011-BOA DATED 08-MAR-2016 WITH RESPECT TO
SENDING BANK GUARANTEE ADVICES THROUGH STRUCTURED FINANCIAL
MESSAGING SYSTEM (SFMS), IT IS NECESSARY TO CONFIRM THE
AUTHENTICITY OF THE BANK GUARANTEES (BG) BY SFMS MESSAGE. THE
SFMS SHOULD BE SENT TO FOLLOWING BRANCH:
BRANCH NAME & ADDRESS: BANK OF BARODA, BKC BRANCH, C-26, G-BLOCK,
BARODA CORPORATE CENTER, BANDRA EAST, MUMBAI-400051
IFSC CODE: BARB0BANEAS (FIFTH LETTER IS “ZERO”)
4. VENDOR SHOULD ENSURE THAT THE BANK GUARANTEE SHOULD
CONTAIN ALL TERMS & CONDITIONS AS PER THIS FORMAT. BANK
GUARANTEE SUBMITTED WITH ANY RIDER OR DEVIATION TO THE
STIPULATED TERMS & CONDITIONS WILL NOT BE ACCEPTED.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 77 of 96
Annexure 17 - Service Level and Non-Disclosure Agreement Format

This Agreement is made in Mumbai this………. Day of ………….. 20... by and between
BANK OF BARODA, body corporate constituted under the Banking Companies
[Acquisition & Transfer of Undertakings] Act 1970 having its Head Office at Mandvi,
Baroda and Corporate Office at Baroda Corporate Centre, C-26, G-Block, Bandra
Kurla Complex, Bandra (East), Mumbai- 400051, hereinafter for brevity sake referred
to as “Bank” (which expression shall, unless repugnant to the context or meaning,
include its successors and assigns) of the one Part;
AND
________________________, a company incorporated under the Companies Act
1956/ 2013, India, having its registered office at
_____________________________________________________, hereinafter
referred to as “the Service Provider” (which expression shall, unless repugnant to the
context and meaning thereof include its subsidiaries, affiliates, successors and
permitted assigns) of the other Part,
(Bank and the Service Provider hereinafter are individually referred to as “Party” and
collectively as “Parties”)
WHEREAS
Bank of Baroda is one of the largest public sector banks (PSU) in India with a branch
network of over 8,100+ branches in India and 95+ branches/ offices overseas including
branches of our subsidiaries, distributed in 15+ countries. Bank desires to select a
Service Provider for Supply, Installation & Maintenance of Network Hardware at Bank
Branches / Offices and had invited offers.
In response to RFP no ------------------------- dated --------------------------- issued by Bank,
the Service Provider also submitted its offer and has represented that it is engaged in
the business of Supply, Installation & Maintenance of Network Hardware. It further
represented to Bank that it has the requisite skill, knowledge, experiences, experts,
staff and capability to provide required service to Bank. Relying on representations of
Service Provider and other applicable criteria, Service Provider was declared as a
successful bidder in the RFP evaluation process. Accordingly Bank has issued a -----
--------------------------------------------------------.
It was a condition in the RFP that the Parties would enter into a Service Level and Non
Disclosure Agreement which shall include all the services and terms and conditions of
the services to be extended as detailed here in.

NOW, THEREFORE, THIS AGREEMENT WITNESSETH AS FOLLOWS

1. DEFINITIONS
I. Bank, BOB means ‘Bank of Baroda’
II. ATP means Acceptance Test Procedure
III. AMC means Annual Maintenance Contract
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 78 of 96
 IV. BFSI means Banking, Financial services and Insurance
V. DC Means Data Centre
VI. DR Means Data Recovery Centre
VII. MSP means Managed Service Provider of the Bank.
VIII. SLA means Service Level Agreement
IX. Total Cost of Ownership (TCO)
X. SPOC means Single Point of Contact
2. TERM
This Agreement shall come into force on ___________ and shall be in force and effect
for a period ----------------, unless Bank terminates the Agreement by giving a prior
written notice of 30 days as per the terms of this Agreement.
3. SCOPE OF SERVICE
The Service Provider agrees to perform the services as part of the scope of this
engagement including but not limited to as mentioned in Schedule I of this Agreement.
BOB reserves its right to change the scope of the services considering the size and
variety of the requirements and the changing business & security conditions
/environment with mutual consent.
4. STANDARDS
All standards to be followed will adhere to Bureau of Indian Standards (BIS)
specifications or other acceptable standards.
5. DELIVERY
(Terms mentioned in the RFP)
6. DOCUMENTATION
The Service Provider shall supply all necessary documentation for the training, use
and operation of the system. This will include at least one set of original copies per
installation of the user manuals, reference manuals, operations manuals, and system
management manuals in English/Hindi.
7. SINGLE POINT OF CONTACT & DIRECT SUPPORT
(Please incorporate following details – Name, designation, address, email address,
telephone /mobile No.
Escalation matrix for support should also be provided with full details.
8. PAYMENT TERMS
(Terms mentioned in the RFP)
9. SET-OFF
Without prejudice to other rights and remedies available to Bank, Bank shall be
entitled to set-off or adjust any amounts due to Bank under this clause from the Service
Provider against payments due and payable by Bank to the Service Provider for the
services rendered.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 79 of 96
The provisions of this Clause shall survive the termination of this Agreement.
10. COVENANTS OF THE SERVICE PROVIDER
The Service Provider shall deploy and engage suitably experienced and competent
personnel as may reasonably be required for the performance of the services.
During the currency of this Agreement, the Service Provider shall not substitute the
key staff identified for the services mentioned in this Agreement.
The Service Provider shall forthwith withdraw or bar any of its employee/s from the
provision of the services if, in the opinion of BANK:
(i) The quality of services rendered by the said employee is not in accordance
with the quality specifications stipulated by BANK; or
(ii) The engagement or provision of the services by any particular employee is
prejudicial to the interests of BANK.
All employees engaged by the Service Provider shall be in sole employment of the
Service Provider and the Service Provider shall be solely responsible for their
salaries, wages, statutory payments etc. That under no circumstances shall BANK
be liable for any payment or claim or compensation (including but not limited to
compensation on account of injury/death/termination) of any nature to the
employees and personnel of the Service Provider.
The Service Provider:
i. shall be responsible for all negotiations with personnel relating to salaries and
benefits, and shall be responsible for assessments and monitoring of
performance and for all disciplinary matters.
ii. shall not knowingly engage any person with a criminal record/conviction and
shall bar any such person from participating directly or indirectly in the provision
of services under this Agreement.
iii. shall at all times use all reasonable efforts to maintain discipline and good order
amongst its personnel.
iv. shall not exercise any lien on any of the assets, documents, instruments or
material belonging to BANK and in the custody of the Service Provider for any
amount due or claimed to be due by the Service Provider from BANK.
v. shall regularly provide updates to BANK with respect to the provision of the
services and shall meet with the personnel designated by BANK to discuss and
review its performance at such intervals as may be agreed between the Parties.
vi. shall be responsible for compliance of all laws, rules, regulations and
ordinances applicable in respect of its employees, sub-contractors and agents
(including but not limited to code of Wages Act, Provident Fund laws,
Workmen's Compensation Act) and shall establish and maintain all proper
records including, but not limited to, accounting records required by any law,
code, practice or corporate policy applicable to it from time to time, including
records and returns as applicable under labour legislations.
vii. shall not violate any proprietary and intellectual property rights of BANK or any
third party, including without limitation, confidential relationships, patent, trade

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 80 of 96
 secrets, copyright and any other proprietary rights in course of providing
services hereunder.
viii. shall ensure that the quality and standards of materials and services to be
delivered or rendered hereunder, will be of the kind, quality and timeliness as
designated by the BANK and communicated to the Service Provider from time
to time.
ix. shall not work in a manner which, in the reasonable opinion of BANK, may be
detrimental to the interests of BANK and which may adversely affect the role,
duties, functions and obligations of the Service Provider as contemplated by
this Agreement.
x. shall be liable to BANK for any and all losses of any nature whatsoever arisen
directly or indirectly by negligence, dishonest, criminal or fraudulent act of any
of the representatives and employees of the Service Provider while providing
the services to the BANK.
xi. shall itself perform the obligations under this Agreement and shall not assign,
transfer or sub-contract any of its rights and obligations under this Agreement
except with prior written permission of BANK.
11. CONFIDENTIALITY
The Service Provider acknowledges that in the course of performing the obligations
under this Agreement, it shall be exposed to or acquire information of the bank, which
the Service Provider shall treat as confidential.
a. All BOB’s product and process details, documents, data, applications, software,
systems, papers, statements and business / customer information which may be
communicated to or come to the knowledge of Service Provider or Service Provider’s
employees during the course of discharging their obligations shall be treated as
absolutely confidential and Service Provider irrevocably agrees and undertakes and
ensures that Service Provider and its employees shall keep the same secret and
confidential and not disclose the same, in whole or in part to any third party without
prior written permission of BOB. The Service Provider shall not use or allow to be
used any information other than as may be necessary for the due performance by
Service Provider of its obligations hereunder.
b. Service Provider shall not make or retain any copies or record of any Confidential
Information submitted by BOB other than as may be required for the performance of
Service Provider.
c. Service Provider shall notify BOB promptly of any unauthorized or improper use or
disclosure of the Confidential Information.
d. Service Provider shall return all the Confidential Information that is in its custody,
upon termination / expiry of this Agreement. Also, so far as it is practicable Service
Provider shall immediately expunge any Confidential Information relating to the
projects from any computer, word processor or other device in possession or in the
custody and control by Service Provider or its affiliates.
e. Service Provider shall extent practicable, immediately furnish a certificate signed
by its director or other responsible representative confirming that to the best of

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 81 of 96
his/her knowledge, information and belief, having made all proper enquiries the
requirements of this paragraph have been fully complied with.
f. Service Provider hereby unconditionally agrees and undertakes that it and its
employees shall not disclose the terms and conditions of the engagement
Agreement/ Work Order or any other oral or written information which may contain,
hold or bear confidential information or disclose the information submitted by BOB
under any other Agreement to any third party unless such disclosure is mandatorily
required by law or if it is required necessarily to be disclosed to any other
agency/subcontractor or the like for the purpose of performing any of its obligations
under the contract.
However, the Confidential Information will not be limited to the information mentioned
above but not include the following as Confidential Information:
i. Without breach of these presents, has already become or becomes and/or
hereinafter will become part of the public domain;
ii. Prior to the disclosure by BOB was known to or in the possession of the Service
Provider at the time of disclosure;
iii. Was disclosed or parted with the prior consent of BOB;
iv. Was acquired by Service Provider from any third party under the conditions such
that it does not know or have reason to know that such third party acquired directly
or indirectly from BOB.
 The Service Provider agrees to take all necessary action to protect the
Confidential Information against misuse, loss, destruction, deletion and/or
alteration. It shall neither misuse or permit misuse directly or indirectly, nor
commercially exploit the Confidential Information for economic or other benefit.
 In any dispute over whether information or matter is Proprietary Information or
not mentioned herein, it shall be the burden of Service Provider to show that
such contested information or matter is not Proprietary Information within the
meaning of this Agreement, and that it does not constitute violation under any
laws for the time being enforced in India.
Notwithstanding above, bob shall take all the reasonable care to protect all the
confidential information of service provider delivered to BOB while performing of
the services.
The confidentiality obligations shall survive the expiry or termination of the Agreement
between the Service Provider and the Bank.
12. INDEMNITY
The Service Provider shall indemnify the Bank, and shall always keep indemnified and
hold the Bank, its employees, personnel, officers, directors, (hereinafter collectively
referred to as “Personnel”) harmless from and against any and all losses, liabilities,
claims, actions, costs and expenses (including attorneys' fees) relating to, resulting
directly or indirectly from or in any way arising out of any claim, suit or proceeding
brought against the Bank as a result of:

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 82 of 96
  Bank’s authorized / bona fide use of the Deliverables and /or the Services
provided by Service Provider under this Agreement; and/or
 an act or omission of the Service Provider and/or its employees, agents, sub-
contractors in performance of the obligations under this Agreement; and/or
 claims made by employees or subcontractors or subcontractors’ employees,
who are deployed by the Service Provider, against the Bank; and/or
 claims arising out of employment, non-payment of remuneration and non-
provision of statutory benefits by the Service Provider to its employees, its
agents, contractors and sub-contractors
 breach of any of the term of this Agreement or breach of any representation or
false representation or inaccurate statement or assurance or covenant or
warranty of the Service Provider under this Agreement; and/or
 any or all Deliverables or Services infringing any patent, trademarks, copyrights
or such other Intellectual Property Rights; and/or
 breach of confidentiality obligations of the Service Provider contained in this
Agreement; and/or
 Negligence or gross misconduct attributable to the Service Provider or its
employees or sub-contractors.
The Service Provider shall at its own cost and expenses defend or settle at all point of
time any claim against the Bank that the Deliverables and Services delivered or
provided under this Agreement infringe a patent, utility model, industrial design,
copyright, trade secret, mask work or trade mark in the country where the Deliverables
and Services are used, sold or received, the Bank:
 notifies the Service Provider in writing as soon as practicable when the Bank
becomes aware of the claim; and
 cooperates with the Service Provider in the defense and settlement of the
claims.
However, (i) the Service Provider has sole control of the defense and all related
settlement negotiations (ii) the Bank provides the Service Provider with the assistance,
information and authority reasonably necessary to perform the above and (iii) the Bank
does not make any statements or comments or representations about the claim
without the prior written consent of the Service Provider, except where the Bank is
required by any authority/regulator to make a comment/statement/representation.
If use of deliverables is prevented by injunction or court order because of any such
claim or deliverables is likely to become subject of any such claim then the Service
Provider, after due inspection and testing and at no additional cost to the Bank, shall
forthwith either 1) replace or modify the software / equipment with software /
equipment which is functionally equivalent and without affecting the functionality in any
manner so as to avoid the infringement; or 2) obtain a license for the Bank to continue
the use of the software / equipment, as required by the Bank as per the terms and
conditions of this Agreement and to meet the service levels; or 3) refund to the Bank
the amount paid for the infringing software / equipment and bear the incremental costs
of procuring a functionally equivalent software / equipment from a third party, provided
the option under the sub clause (3) shall be exercised by the Bank in the event of the

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 83 of 96
failure of the Service Provider to provide effective remedy under options (1) to (2)
within a reasonable period which would not affect the normal functioning of the Bank.
The Service Provider shall not be liable for defects or non-conformance resulting from:
 Software, hardware, interfacing, or supplies for the solution not approved by
Service Provider; or
 any change, not made by or on behalf of the Service Provider, to some or all of
the deliverables supplied by the Service Provider or modification thereof,
provided the infringement is solely on account of that change;
Indemnity shall exclude indirect, consequential and incidental damages. However,
indemnity would cover damages, loss or liabilities suffered by the Bank arising out of
claims made by customer and / or regulatory authorities for reasons attributable to
breach of obligations under this agreement by the Service Provider.
In the event of Service Provider not fulfilling its obligations under this clause within the
period specified in the notice issued by the Bank, the Bank has the right to recover the
amounts due to it under this provision from any amount payable to the Service Provider
under this project.
The indemnities under this clause are in addition to and without prejudice to the
indemnities given elsewhere in this Agreement.
13. PROPERTY RIGHTS
Each Party owns and retains all rights, title and interests in and to its respective Pre-
Existing Intellectual Property and Independent Intellectual Property. Independent
Intellectual Property means any Intellectual Property developed by a Party
independently of the applicable statement of work. "Pre-Existing Intellectual Property"
means any Intellectual Property owned by a Party, or licensed to such Party (other.
than by the other Party), as at the commencement date of the applicable statement of
work.
Whereas title to all inventions and discoveries made jointly by the parties resulting
from the Work performed as per this agreement shall reside jointly between the
parties. Both the parties shall mutually decide the future course of action to protect/
commercial use of such joint IPR. The Intellectual Property Rights shall be determined
in accordance with Indian Laws.
Without prejudice to above paras all the interim/ final deliverables shall be property of
bank. Subject to requisite payments the service provider deemed to grand exclusive,
perpetual rights to use of the deliverables in favor of bank.
14. PERFORMANCE GUARANTEE
Service Provider, shall provide unconditional and irrevocable Performance Bank
Guarantee for Rs ---------------------/- (Rupees _____Only) in favour of BOB from any
Public Sector Bank other than Bank of Baroda as acceptable to BOB towards due
performance of the contract in accordance of this Agreement. The Performance
Guarantee shall be valid for a period of ___months with additional claim period of
three months after expiry of validity period.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 84 of 96
15. TERMINATION
In following events Bank shall terminate this assignment or cancel any particular order
if service provider:
breaches any of its obligations set forth in this agreement and Such breach is not cured
within 15 ) Working Days after Bank gives written notice; or
 Failure by Service Provider to provide Bank, within 15 ) Working Days, with a
reasonable plan to cure such breach, which is acceptable to the Bank. Or
 The progress regarding execution of the contract/ services rendered by the
Service Provider is not as per the prescribed time line, and found to be
unsatisfactory.
 Supply of substandard materials/ services
 Delay in delivery / installation / commissioning of services.
 Discrepancy in the quality of service / security expected during the
implementation, rollout and subsequent maintenance process.
 If deductions of penalty exceeds more than 10% of the total contract price.
Further Bank may terminate this agreement on happening of following events:
 A liquidator or a receiver is appointed over all or a substantial part of the
undertaking, assets or revenues of the Service Provider and such appointment
continues for a period of twenty one (21) days;
 The Service Provider is subject of an effective resolution for its winding up other
than a voluntary winding up for the purpose of reconstruction or amalgamation.
 The Service Provider becomes insolvent or goes into liquidation voluntarily or
otherwise
 An attachment is levied or continues to be levied for a period of 7 days upon
effects of the Agreement.
 The Service Provider becomes the subject of a court order for its winding up.
Notwithstanding above, in case of change of policy or any unavoidable circumstances
or without any reason Bank reserve the right to terminate this assignment or any
subsequent agreement and / or any particular order, in whole or in part by giving
Service Provider at least 60 days prior notice in writing.
Effect of termination
If bank terminates or cancels the assignment on the default mentioned in the
termination clause, in such case bob reserves the right to get the balance contract
executed by another party of its choice. In this event, the Service Provider shall be
bound to make good the additional expenditure, which the Bank may have to incur to
carry out bidding process for the selection of a new service provider and for execution
of the balance of the contract.
Immediately upon the date of expiration or termination of the Agreement, Bank shall
have no further obligation to pay any fees for any periods commencing on or after such
date.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 85 of 96
Without prejudice to the rights of the Parties, upon termination or expiry of this
Agreement, Bank shall pay to Service Provider, within thirty (30) days of such
termination or expiry, All the undisputed fees outstanding till the date of termination;
Upon the termination or expiry of this Agreement:
 The rights granted to Service Provider shall immediately terminate.
 Upon Bank’s request, with respect to (i) any agreements for maintenance,
disaster recovery services or other third-party services, and any Deliverables
not owned by the Service Provider, being used by Service Provider to provide
the Services and (ii) the assignable agreements, Service Provider shall, use its
reasonable commercial endeavors to transfer or assign such agreements and
Service Provider Equipment to Bank and its designee(s) on commercially
reasonable terms mutually acceptable to both Parties.
 Upon Bank’s request in writing, Service Provider shall be under an obligation
to transfer to Bank or its designee(s) the Deliverables being used by Service
Provider to perform the Services free and clear of all liens, security interests, or
other encumbrances at a value calculated as stated.
16. CORPORATE AUTHORITY
The Parties represent that they have taken all necessary corporate action and sanction
to authorize the execution and consummation of this Agreement and will furnish
satisfactory evidence of same upon request.
17. LAW, JURISDICTION AND DISPUTE RESOLUTION
This Agreement shall be governed and construed and enforced in accordance with the
laws of India. both Parties shall agree that in respect of any dispute arising upon, over
or in respect of any of the terms of this Agreement, only the courts in Mumbai shall
have exclusive jurisdiction to try and adjudicate such disputes to the exclusion of all
other courts.
ARBITRATION
a) The Bank and the Service Provider shall make every effort to resolve amicably,
by direct informal negotiation between the respective project managers/
directors of the Bank and the Service Provider, any disagreement or dispute
arising between them under or in connection with the contract.
b) If the Bank project manager/director and Service Provider project manager/
director are unable to resolve the dispute after thirty days from the
commencement of such informal negotiations, they shall immediately escalate
the dispute to the senior authorized personnel designated by the Service
Provider and Bank respectively.
c) If after thirty days from the commencement of such negotiations between the
senior authorized personnel designated by the Service Provider and Bank, the
Bank and the Service Provider have been unable to resolve contractual dispute
amicably, either party may require that the dispute be referred for resolution
through formal arbitration.
d) All questions, disputes or differences arising under and out of, or in connection
with the contract or carrying out of the work whether during the progress of the
work or after the completion and whether before or after the determination,

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 86 of 96
 abandonment or breach of the contract shall be referred to arbitration by a sole
Arbitrator acceptable to both parties OR the number of arbitrators shall be three,
with each side to the dispute being entitled to appoint one arbitrator. The two
arbitrators appointed by the parties shall appoint a third arbitrator shall act as
the chairman of the proceedings.
e) The place of arbitration shall be Bank’s office that placed the order. The
Arbitration and Conciliation Act 1996 or any statutory modification thereof shall
apply to the arbitration proceedings.
f) The arbitral award shall be in writing, state the reasons for the award, and be
final and binding on the parties. The award may include an award of costs,
including reasonable attorneys’ fees and disbursements. Judgment upon the
award may be entered by any court having jurisdiction thereof or having
jurisdiction over the relevant Party or its assets.
18. AUDIT
All Service Provider records with respect to any matters covered by this Agreement
shall be made available to auditors and or inspecting officials of the Bank and/or
Reserve Bank of India and/or any regulatory authority, at any time during normal
business hours, as often as the Bank deems necessary, to audit, examine, and make
excerpts or transcripts of all relevant data. Said records are subject to examination.
Bank’s auditors would execute confidentiality agreement with the Service Provider
provided that the auditors would be permitted to submit their findings to the Bank,
which would be used by the Bank. The cost of the audit will be borne by the Bank. The
scope of such audit would be limited to Service Levels being covered under the
contract, and financial information would be excluded from such inspection, which will
be subject to the requirements of statutory and regulatory authorities.
The Bank and its authorized representatives, including Reserve Bank of India (RBI) or
any other regulator shall have the right to visit any of the Service Provider’s premises
without prior notice to ensure that data provided by the Bank is not misused. The
Service Provider shall cooperate with the authorized representative/s of the Bank and
shall provide all information/ documents required by the Bank.
19. LIMITATION OF LIABILITY
Except the grounds mentioned under the para two of this clause, Service Provider’s
aggregate liability in connection with obligations undertaken as a part of the
Agreement regardless of the form or nature of the action giving rise to such liability
(whether in contract, tort or otherwise), shall be at actual and limited to the Total
Contract Value.
However, Service Provider’s liability in case of claims against the Bank resulting from
Willful Misconduct or Gross Negligence of Service Provider, its employees and
Subcontractors or from infringement of patents, trademarks, copyrights or such other
Intellectual Property Rights or breach of confidentiality obligations shall be unlimited.
Bank shall not be held liable for and is absolved of any responsibility or claim / litigation
arising out of the use of any third party software or modules supplied by Service
Provider as part of procurement under the Agreement.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 87 of 96
Under no circumstances BOB shall be liable to the Service Provider for direct, indirect,
incidental, consequential, special or exemplary damages arising from termination of
this Agreement, even if BOB has been advised of the possibility of such damages,
such as, but not limited to, loss of revenue or anticipated profits or lost business.
Subject to any law to the contrary, and to the maximum extent permitted by law neither
parties shall be liable to other for any consequential/ incidental, or indirect damages
arising out of this agreement.
All employees engaged by the party shall be in sole employment of the party and the
respective parties shall be solely responsible for their salaries, wages, statutory
payments etc. That under no circumstances shall other party be liable for any payment
or claim or compensation (including but not limited to compensation on account of
injury/death/termination) of any nature to the employees and personnel of the other
party.
20. PUBLICITY
Any publicity by the Service Provider in which the name of the Bank is to be used
should be done only with the explicit written permission of the Bank.
21. INDEPENDENT ARRANGEMENT
This Agreement is on a principal-to-principal basis between the Parties hereto. Nothing
contained in this Agreement shall be construed or deemed to create any association,
partnership or joint venture or employer-employee relationship or principal-agent
relationship in any manner whatsoever between the parties. The Service Provider
acknowledges that its rendering of services is solely within its own control, subject to
the terms and conditions agreed upon and agrees not to hold it out to be an employee,
agent or servant of Bank or Affiliate thereof.
22. SUBCONTRACTING
The Service Provider shall not subcontract or permit anyone other than its personnel
to perform any of the work, service or other performance required by it under the
contract without the prior written consent of the Bank.
23. ASSIGNMENT
The Service Provider agrees that the Service Provider shall not be entitled to assign
any or all of its rights and or obligations under this Agreement to any entity including
Service Provider’s affiliate without the prior written consent of the Bank.
If the Bank undergoes a merger, amalgamation, takeover, consolidation,
reconstruction, change of ownership, etc., this Agreement along with the subsequent
Addendums published shall be considered to be assigned to the new entity and such
an act shall not affect the obligations of the Service Provider under this Agreement.
24. NON – SOLICITATION

The Service Provider, during the term of the contract shall not without the express
written consent of the Bank, directly or indirectly: a) recruit, hire, appoint or engage
or attempt to recruit, hire, appoint or engage or discuss employment with or
otherwise utilize the services of any person who has been an employee or associate

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 88 of 96
or engaged in any capacity, by the Bank in rendering services in relation to the
contract; or b) induce any person who shall have been an employee or associate of
the Bank at any time to terminate his/ her relationship with the Bank.

The above clause shall not applicable in case the recruitment done through public
advertisement.

25. VICARIOUS LIABILITY

The Service Provider shall be the principal employer of the employees, agents,
contractors, subcontractors, etc., if any, engaged by the Service Provider and shall be
vicariously liable for all the acts, deeds, matters or things, whether the same is within
the scope of power or outside the scope of power, vested under the contract. No right
of any employment in the Bank shall accrue or arise, by virtue of engagement of
employees, agents, contractors, subcontractors etc., by the Service Provider for any
assignment under the contract. All remuneration, claims, wages dues etc., of such
employees, agents, contractors, subcontractors etc., of the Service Provider shall be
paid by the Service Provider alone and the Bank shall not have any direct or indirect
liability or obligation, to pay any charges, claims or wages of any of the Service
Provider ’s employees, agents, contractors, subcontractors etc. The Service Provider
shall agree to hold the Bank, its successors, assigns and administrators fully
indemnified, and harmless against loss or liability, claims, actions or proceedings, if
any, whatsoever nature that may arise or caused to the Bank through the action of
Service Provider ’s employees, agents, contractors, subcontractors, etc.
26. FORCE MAJEURE
The Service Provider shall not be liable for forfeiture of its performance security,
liquidated damages, penalties or termination for default, if any to the extent that its
delay in performance or other failure to perform its obligations under the contract is
the result of an event of Force Majeure.
For purposes of this Clause, "Force Majeure" means an event explicitly beyond the
reasonable control of the Service Provider and not involving the Service Provider’s
fault or negligence and not foreseeable. Such events are Acts of God or of public
enemy, acts of Government of India in their sovereign capacity, strikes, political
disruptions, bandhs, riots, civil commotions and acts of war.
If a Force Majeure situation arises, the Service Provider shall promptly notify the Bank
in writing of such conditions and the cause thereof within fifteen calendar days. Unless
otherwise directed by the Bank in writing, the Service Provider shall continue to
perform Service Provider’s obligations under this Agreement as far as is reasonably
practical, and shall seek all reasonable alternative means for performance not
prevented by the Force Majeure event.
In such a case the time for performance shall be extended by a period(s) not less
than duration of such delay. If the duration of delay continues beyond a period of
three months, the Bank and Service Provider shall hold consultations in an endeavor
to find a solution to the problem.
SURVIVAL:
The expiry or the termination of this Agreement does not relieve either party of its
obligations which by their nature ought or intend to survive the termination of this

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 89 of 96
Agreement including without limitation to the clauses of confidentiality, indemnity,
limitation of liability, and covenants of the parties.
27. MISCELLANEOUS
Any provision of this Agreement may be amended or waived if, and only if such
amendment or waiver is in writing and signed, in the case of an amendment by each
Party, or in the case of a waiver, by the Party against whom the waiver is to be
effective.
No failure or delay by any Party in exercising any right, power or privilege hereunder
shall operate as a waiver thereof nor shall any single or partial exercise of any other
right, power or privilege. The rights and remedies herein provided shall be cumulative
and not exclusive of any rights or remedies provided by law.
Unless otherwise provided herein, all notices or other communications under or in
connection with this Agreement shall be given in writing and may be sent by personal
delivery or post or courier or facsimile to the person at the address given below. Any
such notice or other communication will be deemed to be effective if sent by personal
delivery, when delivered, if sent by post, two days after being deposited in the post
and if sent by courier, one day after being deposited with the courier, and if sent by
facsimile, when sent (on receipt of a confirmation to the correct facsimile number).
The addresses referred to hereinabove are:
If to the Bank of Baroda:
The Chief Technical Officer
Baroda Corporate Centre, C-26, G-Block, Bandra Kurla Complex, Bandra
(East), Mumbai- 400051
ATTN: Assistant General Manager (IT)

If to the … ………………………………..
Address_____________________________
ATTN: _________________________________

This Agreement constitutes the entire agreement between the Parties with respect to
the subject matter hereof and supersedes all prior written agreements,
understandings and negotiations, both written and oral, between the Parties with
respect to the subject matter of this Agreement. No representation, inducement,
promise, understanding, condition or warranty not set forth herein has been made or
relied upon by any Party hereto. In case of any contradiction in the terms of RFP
_______ , offer document and Purchase Order etc, and this Agreement the terms
hereof shall prevail.
Neither this Agreement nor any provision hereof is intended to confer upon any
Person other than the Parties to this Agreement any rights or remedies hereunder.
In connection with this Agreement, as well as all transactions contemplated by this
Agreement, each Party agrees to execute and deliver such additional documents

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 90 of 96
and to perform such additional actions as may be necessary, appropriate or
reasonably requested to carry out or evidence the transactions contemplated hereby.
The invalidity or unenforceability of any provisions of this Agreement in any
jurisdiction shall not affect the validity, legality or enforceability of the remainder of
this Agreement in such jurisdiction or the validity, legality or enforceability of this
Agreement, including any such provision, in any other jurisdiction, it being intended
that all rights and obligations of the Parties hereunder shall be enforceable to the
fullest extent permitted by law.
The captions herein are included for convenience of reference only and shall be
ignored in the construction or interpretation hereof.
This Agreement may be signed in duplicate, each of which shall be deemed to be an
original.

IN WITNESS WHEREOF, this Agreement has been executed by the Parties hereto
on the day and year first above written.
Signed and Delivered by the within named

For Bank of Baroda For

________________________________ ________________________________
_ _

Name: Name:

Designation: Designation:

Witness 1 : Witness 1 :

Witness 2 : Witness 2 :

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 91 of 96
Annexure 18 - Letter of Undertaking from OEM/ OSD on Cloud Security and
Compliance (Applicable in case of cloud-based solution)
(This letter should be on the letterhead of the OEM / OSD / Manufacturer duly
signed by an authorized signatory)
To
Chief Technology Officer
Bank of Baroda, Baroda Sun Tower
Bandra Kurla Complex
Bandra (E), Mumbai 400 051

Sir,
Sub: Request for Proposal for Selection of Service Provider for Supply,
Implementation and Maintenance of Cloud based DiGi Hub Contact Centre
Solution.
We ………………………… (Name of the OEM / OSD) who are established and
reputable manufacturers / developers of ………………………… do hereby undertake
the following:
1. The proposed solution is complying with the Information security policy of the bank
for the applicable solution requirements mentioned in RFP.
2. The solution will be able to integrate with Bank’s Active Directory security policies
and authentication framework.
3. The solution will be offered at dedicated environment to have better control over
Bank’s data due to compliance / security related aspects.
4. The solution conforms to the following industry level certifications:
 ISO 27001:2013
 ISO 27017
 SOC 2
 SSAE/SOC
 ISO 27018
5. We ………………………… (Name of the OEM / OSD) who is responsible for:
 Data and application privacy and confidentiality
 System and software access control and administration
 Custodial responsibilities for data and other information assets
 Physical Security of the facilities where the Bank’s data resides
 Physical and logical separation from other customers
 Defining and following Incident response and reporting procedures
 Complying with the Password Policy of the Bank
 Complying with the Data Encryption / Protection requirement of the Bank
 Integration with Single Sign on / Single Sign on Capabilities inbuilt
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 92 of 96
6. In case, if a government demand is received for any data, the below mentioned
process has to be followed:
 Disclose customer data when legally required and only after attempting to
redirect the request to the customer.
 Resist government demands that are invalid.
7. The location of Cloud server should be in India.
We hereby attach our response against the various requirement of Bank as follows.
Subject OEM
Response
1. Right to Audit: Service Provider should provide right to audit as
similar to what Bank is having with other shared data centers in India.
Bank must have “Rights to Audit” the SP's compliance with the
agreement including rights of access to the SP's premises where
relevant records and Bank’s data is being held. It also include audit
rights for the Bank or its appointed auditor (nominee) or regulators as
an integral clause in the service agreement.
2. Data and Information Security: SP to ensure following
 Data integrity management.
 To provide full disclosure regarding security practices and
procedures as stated in their SLAs
 Specific identification of all controls used during the data lifecycle.
 To maintain a fundamental philosophy of knowing where Bank’s
data ( Logical /Physical)
 To determine who should access the data, what their rights and
privileges are, and under what conditions these access rights are
provided and maintain a “Default Deny All” policy
 To define and identify the data classification. SP to enforce the
Bank’s access requirements based on data classification.
 To encrypt data at rest and encrypt data in transit.
 To share what compartmentalization techniques are employed to
isolate Bank data from other customer’s data
 Sharing of encryption management with Bank on multi-tenant
storage.
 To comply with data retention and destruction schedules/Policy
provided by Bank, SP to certify on Bank’s request destroying all data
at all locations including slack in data structures and on the media.
The Bank will have right to audit this practice.
 Understand the logical segregation of information and protective
controls implemented.
 Understand Cloud provider policies and processes for data
retention and destruction and how they compare with internal
organizational policy.
 Perform regular backup and recovery tests to assure that logical
segregation and controls are effective.
 Ensure that Cloud provider personnel controls are in place to
provide a logical segregation of duties.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 93 of 96
  To provide Forensic Investigation Support as and when required by
the Bank.
 To comply with Bank’s RTO/RPO requirement and retention policy.
3. Application and Process Security:
 SP application should meet the requirements for zoning security,
and prevent direct access from the user interface layers to the
database layers. The application needs to follow a multi-tier
deployment model to achieve this.
 The SP application should conforms to Open Web Application
Security project guidelines on web application security, including
protection against SQL injection, cross-site scripting, data validation
for special characters etc.
 The application should conform to applicable security guidelines
from relevant standards. E.g. ISO/IEC 27017, ISO/IEC 20018.
 The application executable files and the source code need to be
secured from unauthorized access and possible theft.
 If the application is deployed on the Cloud using native multi-
tenancy features offered by the application, privacy of data across
tenants or entities needs to be ensured through appropriate access
control mechanisms
 Application should clearly log business errors and technical errors
separately to support separation of duties between business users
and data Center operator.
 User access to sensitive data needs to be controlled
 SP to comply with Bank’s password management policy.
 Features like session timeouts and restricting logins to office hours
should be implemented to enhance security
 The application should clear sensitive data like passwords from
memory immediately after it is processed.
 Application level support for definition of users, roles, and exception
management functions is to be ensured
4. Integration with external applications:
 Application needs to have well defined APIs and application needs
to ensure that only authorized application can invoke such APIs.
 The application must have extensive audits to log all transactions
and important non transactional activities. The application needs to
implement maker-checker principle for activities like important
business parameter updates.
 The application should provide a mechanism to purge old data (after
archival if required) while maintaining transactional integrity.
 The application needs to provide a documented mechanism,
preferably a tool for application monitoring.
 The application needs to provide a documented mechanism,
preferably a tool for reporting important errors and taking automated
actions.
5. IT Infrastructure Security of public cloud consist monitoring as
under:
 Virtual environment security: It includes resource allocation,
hardening of OS, VM image encryption, VM monitoring, USB
Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 94 of 96
 disabling on VMs, VM should be kept on dedicated partition and IP
addresses should not be shared.
 Encryption and Key Management: Depending on sensitivity data is
to be encrypted, transport layer encryption is to be ensured using
SSL, VPN Gateway, SSH and TLS encryption. End-to-end process
for managing and protecting encryption keys to be established and
documented. Compliance is to be ensured in ongoing basis.
 Monitoring: Devices should be integrated with SBSOC for
continuous monitoring for access monitoring, threat monitoring,
audit logging, system usage monitoring, protection of log
information, administrator and operator log monitoring, fault log
monitoring.
6. Physical and Logical Security:
 The SP infrastructure including servers, routers, storage devices,
power supplies, and other components that support operations,
should be physically secured. Safeguards include the adequate
control and monitoring of physical access using biometric access
control measures and closed circuit television (CCTV) monitoring.
 A security plan for the physical environment should be implemented.
Bank should have audit rights on complete physical setup. Data
should be have relevant standard certifications and accreditation.
7. Logical Security:
 In a SP environment where business critical data and information
systems are coexisting at multiple places, logical security has a very
important role in securing the data. To manage logical access Bank
should design access using username, password, OTP, RSA
Token, Biometric Authentication, etc.
8. Legal Issues:
 There are various laws like Information Technology Act, Data
Privacy Act, Data Retention Directive, E-Privacy Directive, E-
Commerce Directive, will be applicable to SP providers and also the
customers of the Cloud service. Compliance with Indian data
privacy law is expected at all times. It will be mandatory to protect
the data privacy as per this law. SP should comply with such laws.
9. Operational Security:
 In view of operational security concerns like BCP, DRP, SLA etc.,
SP need to submit various reports as required by the bank, time to
time for internal or regulatory reporting purposes.
10. Miscellaneous:
SP to ensure the following requirements are met
 Compliance with Information Security of the Bank as applicable on
relevant aspects
 Protection mechanism (physical and logical) SP has in place for the
actual hardware where Bank’s data will be stored on.
 Incident management, business continuity and disaster recovery
policies, and processes and procedures of service provider (SP)
and should include reviews of collocation and back-up facilities.
11 Government requests for audits, compliance etc.

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 95 of 96
 In case, if a government demand is received for any data, the below
mentioned process has to be followed:
 Disclose customer data when legally required and only after
attempting to redirect the request to the customer
 Resist government demands that are invalid
Prior written permission needs to be taken from the bank for all such
requests.

Authorized Signatory
Name:
Designation:
Vendor’s Corporate Name

Request for proposal for Supply, Implementation and Maintenance of SaaS based Web Security Solution for PCs for a period
of 5 Years
Bank of Baroda Confidential Page 96 of 96