Punjab & Sind Bank (A Government of India undertaking) Addendum No. 1 Dated: 01.06.2018 RFP No. PSB/HOIT/RFP/113/2018-19, Date: 15-05-2018 Request for Proposal For Supply, Customization, Deployment, Maintenance & Support of Phone Banking System in the Bank PUNJAB & SIND BANK Head Office Information Technology Department 21, Rajendra Place, New Delhi 110 008
Introduction Bank has published the RFP No. PSB/HOIT/RFP/113/2018-19, Date: 15-05-2018, tender document for Supply, Customization, Deployment, Maintenance & Support of Phone Banking System in the Bank. Following amendments has been made to RFP. All other terms and conditions of the RFP shall remain unchanged. Please treat this Addendum as an integral part of the RFP document issued. RFP Page # RFP Section # Original clause 6 1.1 # MSEs who are registered with District Industries Centre (DICs) / Khadi & Village Industries Commission (KVIC)/ Khadi & Industries Board (KVIB)/Coir Board/ NSIC/Directorate of Handicrafts and Handloom/ Udyog Aadhaar Memorandum (UAM) or any other body specified by Ministry of Micro, Small & Medium Enterprises (MoMSME) will be exempted from submitting Participation fee and Bid Security (EMD) only. 20 Clause 2.26 : Security New Clause 2.26(a) : IT Security Aspects The vendors proposal must include a plan to safeguard the confidentiality of the Bank's business information, legacy applications and data. Revised clause # MSEs who are registered with District Industries Centre (DICs) / Khadi & Village Industries Commission (KVIC)/ Khadi & Industries Board (KVIB)/Coir Board/ NSIC/Directorate of Handicrafts and Handloom/ Udyog Aadhaar Memorandum (UAM) or any other body specified by Ministry of Micro, Small & Medium Enterprises (MoMSME) and Start-ups (recognised by DIPP) will be exempted from submitting Participation fee and Bid Security (EMD) only. Introduced Sub Clause under 2.26 (a) IT Security Aspects Bidder must submit Response Sheet as per Annexure XIV Clause 2.26 : Security Annexure XIV 27 Chapter 3 The proposed application should NOT be dependent/ restricted on a specific platform viz, Operating System, Database, Hardware. The application should be flexible enough (with fine tuning, if required) to port on any Database & Application server/ OS/ Hardware platform as per requirement of the Bank. Removed Page 2
Annexure XIV An indicative list of requirements to be put in place by bidder to achieve baseline cyber-security is given for Phone Banking Solution: Sr Security Requirements No 1 The Bank shall have right to audit of the complete solution proposed by the bidder, and also inspection by the regulators of the country. The Bank shall also have the right to conduct source code audit by third party auditor. The VA and PT should be conducted before go live of the application. 2 The bidder shall adhere to all regulatory and legal requirements of the country (existing and future). The bidder shall also comply with the advisories, recommendations, directions and guidelines etc. issued by CSITE-RBI, CERT-In, NCIIPC etc. on time to time basis. These should be complied within the timelines provided to the Bank. 3 The solution should be connected with Bank's host (i.e. CBS) with Straight Through Processing (STP). 4 The Escrow Mechanism for source code shall be executed with the selected bidder. 5 The bidder shall continuously monitor the release of application patches and expeditiously apply the same. 6 The solution should deployed with multi-tier architecture, i.e. web server, application server, and database servers should be placed in different zones in the Bank. 7 Assurance from bidder/ application providers/ OEMs that the application is free from embedded malicious/ fraudulent code should be provided. The bidders shall submit security certificate of proposed solutions from application providers/ OEM. 8 The bidder shall ensure that secure coding practices is implemented for application. The software/ application development practices should address the vulnerabilities based on best practices such as Open Web Application Security Project (OWASP) proactively. 9 The bidder shall ensure that sensitive information is stored in database in encrypted format with latest encryption standard/ algorithm. 10 The bidder shall ensure that the communication between end user and solution proposed should be encrypted endto-end to ensure confidentiality and integrity of user's data. Bidder Response (Complied/Noncomplied/ Not Applicable) Page 3
Sr. No. Page No Punjab & Sind Bank RFP: PSB/HOIT/RFP/113/2018-19, Dt: 15/05/2018 Clause number Clause Question Bank's Remarks 1 6 1.1 # MSEs who are registered with District Industries Centre (DICs) / Khadi & Village Industries Commission (KVIC)/ Khadi & Industries Board (KVIB)/Coir Board/ NSIC/Directorate of Handicrafts and Handloom/ Udyog Aadhaar Memorandum (UAM) or any other body specified by Ministry of Micro, Small & Medium Enterprises (MoMSME) will be exempted from submitting Participation fee and Bid Security (EMD) only. # MSEs who are registered with District Industries Centre (DICs) / Khadi & Village Industries Commission (KVIC)/ Khadi & Industries Board (KVIB)/Coir Board/ NSIC/Directorate of Handicrafts and Handloom/ Udyog Aadhaar Memorandum (UAM) or any other body specified by Ministry of Micro, Small & Medium Enterprises (MoMSME) and Start-ups (recognised by DIPP) will be exempted from submitting Participation fee and Bid Security (EMD) only. *Kindly give the EMD & tender Fee relaxation to Start-ups too. Mindmill private limited is a startup company and we are registered under the DIPP and according to Department of expenditure PPD letter No: No.F.20/2/2014- PPD(Pt.) startup are exempted from the submission of EMD. The certificates are enclosede as Annexure-1 for your reference. Modified 2 6 1.1 (EC-5) 3 6 1.1 (EC-6) Product offered (Phone Banking System) should be successfully running in at least one Scheduled Commercial Bank in India for the last one year. The bidder should have System Integration experience in having implemented the proposed Phone Banking comprising of supply, commissioning, implementation, rollout, go live and maintenance in at least one Scheduled Commercial Bank in India and should be currently live and running as of date of the RFP. Product offered (Phone Banking System) should be successfully running in at least one Scheduled Commercial Bank /Co-operative Banks/Any Other Banks in India for the last one year. *Kindly add Co-operative Banks/Any Other Banks in India along with scheduled commercial bank to this clause as it will increase the scope of more participation in the tender. The bidder should have System Integration experience in having implemented the proposed Phone Banking comprising of supply, commissioning, implementation, rollout, go live and maintenance in at least one Scheduled Commercial Bank /Co-operative Banks/Any Other Banks in India and should be currently live and running as of date of the RFP. *Kindly add Co-operative Banks/Any Other Banks in India along with scheduled commercial bank to this clause as it will increase the scope of more participation in the tender. 4 15 2.2 Implementation timelines The delivery time is too short. Atleast 6 weeks will be ne 5 16 2.5 (a) Payment terms 20% payment upon start of pilot run Phone Banking Toll Free Phone Number What is needed from vendor for this. The bank has to apply for the toll free 6 25 Chapter 3 used to access Phone Banking number and telephone lines
7 25 Chapter 3 6. Issue of statement of account for maximum 6 months through post or e-mail 8 25 Chapter 3 7. Interest Certificate by Post or e-mail: 9 25 Chapter 3 The system should capable to support 100 concurrent users and be scalable if desired by Bank. The actual printing and posting must be done by the bank Interface details to be provided by the bank. Printing and posting to be done by the bank The additional scalability will involve additional telecom lines and interface hardware. So please give the total capacity needed In case of Post, Physical printing & post will done by Bank In case of Post, Physical printing & post will done by Bank 10 27 Chapter 3 Proposed solution should... Request the bank to delete this as the solutions are developed on OS. Eg some solutions will work on Windows OS and some on Linux only Removed 11 28 Chapter 3 Go live in remaining location The phonebanking system will be a centralised system. This will be implemented in the bank s DC and DR. No other implementation will be needed in branches or ZO. 12 Annexure II. This is very open ended. These can be provided chargeable bases as and 30 1) Phone Banking System IVR Tree... Point 1 when needed by the bank. 13 30 Toll free number Bank has to apply for this and pay the telecom charges The Proposed System will implemented at Bank's DC- and DR Site only.