Request For Quotation
from
Service Providers
for
Web Security & Performance
Testing for Web-based
Applications
for UTIITSL
UTI Infrastructure Technology And Services Limited (UTIITSL) is looking forward to select one Service Provider for
Web Security & Performance Testing for
Web-based Applications in UTIITSL
premises at Navi Mumbai location for the defined Scope.
In this regard, UTIITSL is inviting quotation vide this short notice RFQ from the prospective bidders, response vide sealed quotations needs to be submitted latest by 20th
August 2015 upto 3:00PM (1500 hours IST).
SCOPE OF WORK with Terms and Conditions and other relevant information is being laid down as under:
Scope- Web Security & Performance Testing for Web-based Applications
1. Background:UTI Infrastructure Technology And Services Limited (UTIITSL) is looking forward to select one STQC empanelled Service Provider for providing Web Security & Performance Testing for its Web-based Applications hosted in Data Center at Navi Mumbai with the Disaster Recovery site at Hyderabad.
2. Scope of Work:
a) The Scope will cover Web Security & Performance Testing of the following Web applications:
· Web Application 1 (in Phase I) · Web Application 2 (in Phase II)
· Web Application 3 (in Phase III, optional) b) Web Security Audit
· OWASP Top 10 - 2013 (Open Web Application Security Project) · The Web Application Security Consortium (WASC)
· International Standard Organization (ISO) 27001:2005 · Data Protection Act
· Logical Access Control · Input & Output Controls
c)
Performance TestingPerformance testing is to be conducted with multiple Load scenarios upto the maximum load of available number of licenses and data volume covering the following features/ requirements in detail:
· Web Protocol is http/https
· Application Users basically divided into 2 categories: External Customers and Internal Employees
· Required software and licenses to be procured and used
· Performance objectives and Benchmarking Performance Tests · Creating Performance Test plans, Scripts, Data Preparation
· Performance testing for upto 1000 concurrent users (simulated load). Slabs of 100, 200, 300…up to 1000 concurrent users to be considered · Performance Test report, analysis and recommendations to be submitted
on completion of the activity each time
· Load Testing to be performed till the next achievable target
· Load Testing activity to be ended with submission of the set of test report, analysis and recommendations
· The actual On-site Load and Performance Test activity to be carried out for a minimum of 7 days
3.
Specifications:
1. Dynamic Web page in Web Application 1 – 225 2. Dynamic Web page in Web Application 2 – 180 3. Dynamic Web page in Web Application 3 – 225 *
(* Web Application 3 is currently in Development Phase and is expected to be matching the size of the Web Application 1)
4. Infrastructure: 4.1. Hardware
:
Hardware Configuration for Web Application 1
For Application: For Database:
· VM Servers – 2 · VM Servers – 2
· No. of CPU – 4 x 2 · No. of CPU – 4 x 2
· RAM – 8 GB x 2 · RAM – 16 GB x 2
Hardware Configuration for Web Application 2
For Application: For Database:
· VM Servers – 2 · VM Servers – 2
· No. of CPU – 4 x 2 · No. of CPU – 4 x 2
· RAM – 8 GB x 2 · RAM – 16 GB x 2
(* Hardware Configuration for Web Application 3 is expected to be matching that of Web Application 1)
· Cluster Setup for all Applications (Active–Active) & Database (Master-Slave) · Link Load balancing bandwidth is 50 Mbps
4.2. Software
:
Development Language/Tool: · Java , JDK
· Application/Web Server: Tomcat Apache · Database: MySQL
· Operating System – Red Hat Linux · Bandwidth – 10Mbps
Client Environment:
· Compatible Web Browsers – Google Chrome (Latest Version), Mozilla Firefox (Latest Version), Internet Explorer version 8.0 and above
· Operating System – Windows XP, Windows 7, Windows 8, Linux · LAN Speed for user – 100 Mbps
· LAN Speed for Server – 1 Gbps · Bandwidth – 10Mbps
5. Assignment Location/Site:
UTI Infrastructure Technology And Services Limited Plot No. 3, Sector 11,
CBD Belapur,
Navi Mumbai – 400614 Maharashtra
6. Assignment Frequency: One Assignment cycle for each Web Application.
Note: One Assignment cycle will include multiple visits as may be required by the Service Provider to address and verify closure of gaps and vulnerabilities if any to accomplish all the activities included under the Scope of Assignment. 7. General Terms and Conditions:
a) The terms Scope of Work and Scope of Assignment mean the same in interpretation and have been interchangeably used throughout this document. b) The Service Provider, whosoever will be the winning bidder, should accomplish
the assignment within 2 calendar months for the Assignment under Scope from the date of issue of the Purchase Order.
c) The Service Provider should incur all the expenditure towards provisioning of these services for UTIITSL. The implementation of this service should not require any IT hardware upgradation or new procurement leading to any additional expense for UTIITSL.
d) 100% payment will be made only after satisfactory completion of the assignment or as per Payment Terms defined separately under Scope.
e) Recovery of the penalty if applicable during the assignment would be done by raising an invoice against the bidder.
f) These payment terms will not be changed. The Service Providers are required to quote on these payment terms only.
g) Address for submission of the bids: The sealed quotations in the prescribed format only strictly as per attached Commercial Bid Form in original physical copy to be sent or dropped in the tender box and addressed to “Vice President – DoIT, UTI Infrastructure Technology And Services Limited, Plot No. 3, Sector 11, CBD Belapur, Navi Mumbai – 400614”. The bidders not following the format are liable for rejection under sole discretion of UTIITSL. Quotations sent through any other mode such as e-mails will not be entertained.
h)
Last Date for receipt of sealed quotations: 20thAugust 2015 upto
3:00PM (1500 hours IST).
i) Superscription: The sealed super-envelope (outer cover) containing the tender must be superscribed as “Response to RFQ from Service Providers for Web Security & Performance Testing for Web-based Applications for UTIITSL”.
· The bids should be made in two parts, the ‘Technical Bid’ and the ‘Commercial Bid’ kept in two separate sealed envelopes.
· Technical Bid should be marked clearly as “Technical Bid for the Web Security & Performance Testing for Web-based Applications for UTIITSL” and submitted in sealed covers.
· Commercial Bid should be marked clearly as “Commercial Bid for the Web Security & Performance Testing for Web-based Applications for UTIITSL” and submitted in sealed covers.
· Both the sealed Technical and Commercial bids should be enclosed in another super-envelope (outer cover) and clearly marked as “Response to RFQ from Service Providers for Web Security & Performance Testing for Web-based Applications for UTIITSL” as mentioned above. j) Eligibility Criteria for Pre-Qualification:
(Supporting documents should be attached by bidders/Service Providers or SP)
· The SP must have valid PAN Card.
· The SP must have a valid Sales Tax/ Service Tax/ VAT registration.
· The SP should have no record of being black-listed by any Government/ Public Sector/ Multinational/ National companies. (Self-declaration Certificate as a supporting document should be attached).
· The SP should be STQC empanelled under Information Technology Test Laboratories (ITTL) for Testing related activities; Certificate copy should be attached.
k) Evaluation will be based on Bidder’s eligibility on the points under Eligibility Criteria for Pre-Qualification, Technical Qualification and the most competitive and the lowest rate quoted by the participating and eligible bidders.
l) Any clarifications desired by any Service Provider in connection with any part of this proposal may be sought as per contact details below, however no bid will be acceptable by e-mail:
Office Address Contact Person Contact E-Mail/ Number
UTI Infrastructure Technology And Services Limited
Plot No. 3, Sector 11, CBD Belapur Navi Mumbai – 400614 Mr. Sanjeev Tomar Vice President – IT [email protected] 022- 67931285/ 67931193/ 67931109/ 67931144
COMMERCIAL BID FORM
Date:
The Vice President – DoIT
UTI Infrastructure Technology And Services Limited
Plot No. 3, Sector 11, CBD Belapur
Navi Mumbai – 400614
Sir,
Response to RFQ from Service Providers for
Web Security & Performance Testing for Web-based Applications for
UTIITSL
We are interested in getting our Company selected in your organization as a
Service Provider vide our Response to the RFQ from Service Providers for
Web Security & Performance Testing for Web-based Applications for
UTIITSL.
We have read and understood the details as given in the tender information
regarding the Scope of Work and Terms and Conditions for the selection of
Service Provider for the tender “RFQ from Service Providers for Web
Security & Performance Testing for Web-based Applications for UTIITSL”
and the same are acceptable to us. We have been given all the required
information from UTIITSL. We certify that we are eligible as per laid Terms.
We understand that the Cost comparative statement will be prepared for the
said items and L1 will be evaluated and decided on the basis of our eligibility
on the points under the Eligibility Criteria for Pre-Qualification, Technical
Qualification and the most competitive and the lowest rate quoted by
participating and eligible bidders.
In case of any ambiguity between arithmetic calculations, the rates will be
considered correct and the amount will be derived on the basis of the rates
quoted and the quantity originally mentioned in the Tender.
The deployment/ commissioning of services will be done as per Scope of Work
specification and Terms and Conditions laid down by UTIITSL in their RFQ
notice/ intimation.
COMMERCIAL BID FORM (Contd.)
Security Testing
Performance Testing
Total
(in Rs.)
Sr. No. Activity Person Days required (Indicative) Quoted rate (In Rs.) (A) Person Days required (Indicative) Quoted rate (In Rs.) (B) A+B (inclusive of all taxes) 1 Web Application - 1 2 Web Application - 23 Web Application – 3* (Exactly same as quoted for Web Application 1) Total Amount in Rs. (incl. total of Amounts quoted for all activities at Sr. No. 1, 2, 3 above) Terms and Conditions noted as under:
1. All Prices quoted are in Indian Rupees inclusive of Service Tax and all applicable taxes, duties etc. Government Taxes (including Service Tax etc.) as applicable will need to be clearly shown and defined separately on all the invoices being raised for payments. 2. TDS or other statutory levies, in accordance with rules as applicable, will be deducted
at source by UTIITSL from the above quoted amount.
3. The Total Amount in Table above only will be considered for Commercial Comparison and includes comprehensive one time activity cost for the Web Security & Performance Testing for each Web-based Application hosted in Navi Mumbai premises under the assignment scope.
4. The quoted amount is inclusive of lodging, boarding, travelling charges as may be required during the tenure of execution of the assignment.
5. Payments will be done Application-wise against the invoices raised on completion of activity separately for each Web application. Any Web Application not picked up for the assignment will not be considered for billing and payment.
6. Decision of inclusion/exclusion of a Web Application for the assignment entirely lies with UTIITSL and payments will be made only for the Web Application been taken up for the Scope of Assignment.
7. UTIITSL reserves the right to cancel the entire requirement without assigning any reason.
8. The final decision however on selection of the Service Provider will be at discretion of the tendering authority in UTIITSL.
