Sl. No. RFP (Page No.) Ref Sections/Clause requiring Clarification
Points of clarification given in the RFP Clarification Sought Bank's Reply
1 11 5. SCOPE OF WORK The Bidder shall ensure that the offered solution has to be identical for both the locations as per technical specifications mentioned in this RFP document. Each site should be provided with all the features mentioned in the RFP and should be able to handle the prescribed load, throughput, connections etc independently. The solution should be deployed in high availability mode (minimum 2 set of identical devices with auto failover) at each site except management module
It is understood that Single Management device at DC will manage the proposed security devices at DC & DR site. No separate management is required at DR. Kindly confirm
Yes.
2 12 5. SCOPE OF WORK 16) The Bidder shall be responsible for providing the operational and maintenance training to the identified IT staff of the Bank as and when asked by the Bank.
Request OBC to provide the training duration & batch size for which training needs to be conducted.
The training shall be provided to the identified officials of the Bank at PDC, DRS and at DIT, Head office. 3 20 13. DELIVERY,
INSTALLATION AND COMMISSIONING OF ITEMS
The vendor shall be responsible for delivery and installation of the ordered item(s) at the sites i.e. Primary Data Centre, Mumbai and Disaster Recovery Site, Delhi and making them fully operational at no extra charge within 8 weeks of the date of purchase order
Request OBC to extend the mentioned duration (8 weeks) for delivery, installation & commisioning as delivery itself would normally take 6 weeks. Hence request bank to increase the overall duration for "Delivery, Installation and Commissioning" to minimum 12 weeks
No Change in the Clause as mentioned in the RFP.
4 20 15. PAYMENT TERMS 25% - On delivery of the perimeter security equipments.
65% - After installation, Configuration, operationalization and integration of the same to the satisfaction of the Bank.
10% - 30 days after operationalization of the offered solution.
Request the bank to change the payment terms as: The Bank will make payment as per following scheduled terms. 50% - On delivery of the perimeter security equipments.
40% - After installation, Configuration, operationalization and integration of the same to the satisfaction of the Bank.
10% - 30 days after operationalization of the offered solution.
No Change in the payment clause as mentioned in the RFP.
5 22 20. WARRANTY a) Service support should be available on 24*7*365 basis.
b) The complaint should be resolved at the earliest with following uptime and conditions –
uptime of 99.9% per month.
upgrades if any, for hardware and related software.
Resolution time of 4 hr cannot be commited for all kind of incidents especially the ones which involve product bug. As bidder, we can commit response time of 4 Hr or better.
No Change in the Clause as mentioned in the RFP.
6 21 18.Order Cancellation 1. Delay in supply, installation, and commissioning of perimeter security equipment beyond the specified period (8 weeks).
Request OBC to increase overall duration to 12 weeks No Change in the Clause as mentioned in the RFP.
7 23 22. SUPPORT & MAINTENANCE
The bidder is required to provide sound after-sales service/support by arranging timely attending of calls received from Primary Data Centre, Mumbai and from Disaster Recovery Site, Delhi where the security equipments shall be supplied & installed and problem rectification through competent service engineers. The desired support time should be uniformly maintained at all the sites. To meet up time the vendor has to maintain sufficient inventory of spare parts/equipments at all the support centers to avoid unnecessary delay in obtaining the spare parts/equipments.
It is understood that bidder needs to provide on-demand support during the warranty & AMC period. Pls clarify.
The Bidder shall provide onsite support as per terms & conditions of the RFP during Warranty and AMC period.
8 32 Annexure V- L1 Commercial Format
Firewall along with VPN at PDC (Pairs)- Qty-2 Firewall along with VPN at DRS (Pair)- Qty-1 Centralized Management Gateway (PDC/DRS)- 1
It is understood that bidder needs to quote 2 Pairs of FW along with VPN at DC site which means 2 clusters will be required at DC & 1 similar cluster will be required at DR site. Request OBC to clarify & confirm.
Yes.
9 23 24.Liquidated Damages The Bank expects delivery and installation within 8 weeks. However, if the vendor commits delay in delivery or installation, integration of the offered security equipments as mentioned in the purchase order within the period, the bidder will be liable to pay a sum of 1% (one percent) of the
undelivered/uninstalled portion of the order value per site for each week of delay beyond the scheduled delivery date by way of liquidated damages. Cap on liquidated damages shall be 10% of the undelivered/uninstalled value of the order.
The Bank expects delivery and installation within 12 weeks. However, if the vendor commits delay in delivery or installation, integration of the offered security equipments as mentioned in the purchase order within the period, the bidder will be liable to pay a sum of 1% (one percent) of the undelivered/uninstalled portion of the order value per site for each week of delay beyond the scheduled delivery date by way of liquidated damages. Cap on liquidated damages shall be 10% of the undelivered/uninstalled value of the order.
No Change in the Clause as mentioned in the RFP.
10 32 Annexure V- L1 Commercial Format
Request Bank to provide a line item for implementation charges. Please refer amended L1 Bidder Determination sheet. Pre-Bid Queries for RFP Reference No: OBC/HO/DIT/RFP/SECURITY EQUIPMENTS/47/2014
11 Additional Point Suggested Firewall & its management platform should be based on secure & hardened operating system. It should not be based on ASIC based platform as ASIC platforms are hard coded and any product advancement would require box replacement.
The architecture requirement of the required solution again reviewed keeping in view the technical Infrastructure operational at Bank’s Critical Locations and after discussing the same with IT Consultant of the Bank the revised clause is as
under:-“ The Bidders are advised to propose the solution supporting open Architecture and should not be proprietary/ ASIC based architecture.”
12 Additional Point Suggested Solution should be ICSA Labs certified for ICSA 4.0, FIPS 140-2 certified &
EAL certified to match industry standard.
The offered product should be EAL certified.
13 Additional Point Suggested Firewall should have recommended rating in 2013 NGFW Group tests of
NSS Labs
Not accepted.
14 Additional Point Suggested Security management application must support role based administrator
accounts. For instance roles for firewall policy management only or role for log viewing only.
Not accepted.
15 Limitation of Liability Clause not present in RFP The Bidder’s maximum aggregate liability in connection with obligations undertaken as a part of this RFP regardless of the form or nature of the action giving rise to such liability (whether in contract, tort or otherwise), shall be at actual and limited to the value of the contract.
The Bidder’s liability in case of claims against the Bank resulting from wilful misconduct or gross negligence of the Bidder, its employees and subcontractors or from infringement of patents, trademarks, copyrights or such other Intellectual Property Rights or breach of confidentiality obligations shall be unlimited. Notwithstanding anything to the contrary elsewhere contained in this or any other contract between the parties, neither party shall, in any event, be liable for (1) any indirect, special, punitive, exemplary, speculative or consequential damages, including, but not limited to, any loss of use, loss of data, business interruption, and loss of income or profits, irrespective of whether it had an advance notice of the possibility of any such damages;
Clause Accepted.
16 Exchange Rate Variation Clause not present in RFP Kindly include -“It is agreed that the price quoted is arrived at based on the exchange rate of 1 USD = INR ___(“Base Exchange Rate”). In the event the Base Exchange Rate either increases or decreases by percentage points greater than two per cent [2%], the prices shall be charged as per the then current exchange rate.”
Not accepted.
17 Risk and Title Clause not present in RFP Kindly include -The risk, title and ownership of the products shall be
transferred to the customer upon dispatch of such products to the customer.
Not Accepted.
18 Savings Clause Clause not present in RFP Kindly include-Bidder’s failure to perform its contractual responsibilities, to perform the services, or to meet agreed service levels shall be excused if and to the extent Bidder's performance is effected , delayed or causes non-performance due to Customer's omissions or actions whatsoever.
Clause Accepted.
19 Deemed Acceptance Clause not present in RFP Kindly include- Services and/or deliverables shall be deemed to be fully and finally accepted by Customer in the event when Customer has not submitted its acceptance or rejection response in writing to Bidder within 15 days from the date of installation/commissioning or when Customer uses the Deliverable in its business, whichever occurs earlier. Parties agree that Bidder shall have 15 days time to correct in case of any rejection by Client.
The Revised Clause may be read as "Services and/or deliverables shall be deemed to be fully and finally accepted by Customer in the event when Customer has not submitted its acceptance or rejection response in writing to Bidder within 30 days from the date of installation/commissioning or when Customer uses the Deliverable in its business, whichever occurs earlier. Parties agree that Bidder shall have 30 days time to correct in case of any rejection by Client."
20 Term and Termination Clause not present in RFP Either party may, without cause, terminate any Statement of Work and/or the entire Agreement upon written notice of thirty (30) days to the other.
In case ownership or control of one party, existing as of the date set forth in the agreement changes in a manner that, in sole judgment sole judgment of the other party, adversely affects its rights or interests hereunder.
In the event of termination, Customer shall pay for the services rendered till the date of termination.
Clause Accepted.
21 28 Technical Specifications Proposed Perimeter Security Solution should support Stateful inspection Firewall, IPSec & SSL VPN
Request Bank to confirm if Bank needs Robust Firewall which can do stateful Inspection along with IPSEC & SSL VPN feature support from day one
Yes.
22 28 Technical Specifications Firewall should have a provision to support next generation firewall capabilities including- IPS, Application Control, URL, Content Filtering features (if required in future) without adding any additional appliance and should support unlimited policies.
As understand Bank is looking for a Firewall platform should have provision for Next generation Firewall capabilities from day one and additionally it should have capabilities for IPS , Application Control, URL, Content Filtering features in future , Running Firewall with multiple services like IPS , Application Control , COntent Filtering Features might impact performance , Hence now a days OEM has started developing specific hardware based/modules for this services like content filtering , etc to acheive better performance on the firwall BOX , Hence requesting Bank to consider Firewall appliance having support for modules for different services .
Proposed Change:-Firewall should have a provision to support next generation firewall capabilities including- IPS, Application Control, URL, Content Filtering features (if required in future) by adding software license or modules on the same firewall appliance.
The revised Clause may be modified as "Firewall should have a provision to support next generation firewall capabilities including- IPS, Application Control, URL, Content Filtering features (if required in future) by adding software license or modules on the same firewall appliance."
23 28 Technical Specifications The IPS should be able to inspect SSL, https, SFTP, SSH etc. traffic. Integrated IPS should not make use of additional external device to perform these functions.
Now a days its very critical to inspect TLS/SSL traffic which is usually required in order to find malware in web 2.0 world. Support for inspecting SFTP and SSH traffic are rarely used in the real world , and is not supported by some OEM boxes , hence requesting please relax this SFT and SSH point.
Proposed Change:-The IPS should be able to inspect SSL, https etc. traffic. Integrated IPS should not make use of additional external device to perform these functions.
The IPS should be able to inspect SSL, https etc. traffic. Integrated IPS should not make use of additional external device to perform these functions.
24 28 Technical Specifications The firewall appliance should have minimum 300 GB local hard-disk in order to keep the various logs.
There are thousands of flow information and Logs needs to be stored for several years for forensics purpose therefore 300 GB HDD will not be good enough and you will need more storage capacity, Hence OEM always doesnt support dedicated hardisk for storing logs and therefore as a best practise Enterprise and lot of other Banks store all the Logs into a 3rd party solution as Syslog server or a SIEM Tool or better management and less touch points on the firewall appliance.
Proposed Change:-The firewall appliance should have capability to transfer the various logs to external 3rd party solution as Syslog server or a SIEM Tool.
Proposed Change:-Please reduce this number to 240 GB as lot of vendor don't provide 300GB HDD.
The revised clause may be read as "Appliance Solution should have local storage of minimum 180 days logs storage capacity with minimum of 300 GB storage.
25 28 Technical Specifications New Suggestion Bank should also look at having Application visbility and control features which enables policies to be written based on a wide range of contextual elements, including application, user, device, and location.
Proposed Change:-Proposed Firewall should support Application visbility and control features.
The Bidder may offer the said feature over and above the technical specifications mentioned in the RFP.
26 28 Technical Specifications New Suggestion For Better Management of the firewall and automated Diagnostic and
troubleshooting , Bank can look at this features
Proposed Change:-Automated diagnostic & troubleshooting capability using Smart Call Home functionality to raise a TAC case automatically when the system is facing hardware or software issues without requiring human intervention.
The Bidder may offer the said feature over and above the technical specifications mentioned in the RFP.
27 28 Technical Specifications New Suggestion Now a days Enterprise are demanding OPEN architecture , and many OEM have started building Security devices on OPEN architecture In past other Banks in india & RBI for perimeter security tenders they have included this requirement "Bidders are advised to propose architecture that is open architecture and should not be Proprietary ASIC based architecture ensuring protection against latest threats" Requesting Bank to include this requirement .
Proposed Suggestion:-The Proposed Platform Architecture should be based on open architecture and should not be Proprietary ASIC based architecture ensuring protection against latest threats"
Please refer the technical specifications mentioned in the RFP.
28 28 Technical Suggestions VPN throughput (AES/3DES) should be 5 Gbps. The VPN throughput of 5Gbps requested seems to be very high , which will increase the cost for the Bank , Also if you see other organisations like RBI for VPN requirement they tenders request maximum of 1Gbps. Proposed Change:-VPN throughput (AES/3DES) should be minimum of 3 Gbps or higher
The revised Clause may be read as "VPN throughput (AES/3DES) should be minimum of 3 Gbps or higher."
29 28 Technical Specifications New Suggestion The Technical specificationdoesn’t talk about the Firewall throughput with all services loaded like IPS, Application Control, URL, Content Filtering features , Hence requesting Bank to mention the Firewall throughput considering all the services loaded of minimum 8Gbps , to have a better performance when full loaded with services.
Proposed Change:-The Firewall Next-Generation throughput (multiprotocol) should be minimum 8Gbps .
The features required in the solution has already been asked in the RFP along with the required capacity.
30 28 Technical Specifications Real world (multi-protocol) throughput of Firewall should be 12 Gbps. The Firewall Statefull inspection throughput specifically 12Gbps is on the higher side specfically it will offer more advantage to specific one OEM , Hence requesting bank to open this so other OEM can also participate in this tender, Hence requesting bank to make throughput of minimum 10Gbps and will fullfill OBC network traffic requirements.
Proposed Change:-Real world (multi-protocol) throughput of Firewall statefull inspection should be minimum of 10Gbps OR Higher. Proposed Change:-Please increase this to 40 Gbps as 4 x 10 Gbps ports been asked hence performance should match the number of 10 Gig interfaces
The Revised Clause may be read as''Real world (multi-protocol) throughput of Firewall statefull inspection/Production should be minimum of 10 Gbps or higher."
31 28 Technical Specifications Real world (multi-protocol) throughput of IPS should be of 3 Gbps. Since Bank is planning to use Firewall and IPS services together in future , The Traffic inspected by the IPS will have to go through the firewall & IPS , hence The Performance parameters should be a combination of FW + IPS services together of the appliance , Hence request Bank to mention firewall + IPS multiprotocol throughput.
Proposed Change:Real world (multi-protocol) throughput of IPS + Firewall should be minimum of 5 Gbps
The Bidder may offer the said feature over and above the technical specifications mentioned in the RFP.
32 29 Technical Specifications It must support clientless SSL VPNs for remote access without the need to install a client.
Understand Bank is looking for support clientless SSL VPNs for remote access without the need to install a client. Request Kindly let us know to how many SSL VPN license we need to factor from day one for sizing
Yes. Further the offered solution should support this feature however we would not required any licenses to be activated currently.
33 12 Scope of Work The Bidder shall be responsible for Integration of the offered solution with Bank’s Active Directory System. Further the offered solution should also support smooth integration with Security Information and Event Management Solution as and when deployed by the Bank.
From which SIEM solution Firewalls would be integrated, this will help to identify if default integration of firewall with SIEM is supported or not.
Bank is in the process of procurement of SIEM solution along with other Security Modules. As on date the procurement process has not been completed. 34 9 Bidder Eligibility Criteria Bidder should have minimum 5 ISA/CISM/CISSP/CIHE/CVA/CCSE or similar
security related certification holders in the organization.
We request to amend the clause as
Bidder should have minimum 5 ISA/CISM/CISSP/CIHE/ CVA/CCSE/CISA/ CCSA/CCSE or similar security related certification holders in the organization."
The revised Clause may be read as "Bidder should have minimum 5 ISA/CISM/CISSP/CIHE/ CVA/CCSE/CISA/ CCSA/CCSE or similar security related certification holders in the organization." 35 9 Bidder Eligibility Criteria The Bidder should be empanelled with CERT-In for Information Security
Services
We are in process of getting empanelled.
So we request bank to allow us to submit copy of relevant document / acceptance of application along with undertaking that the process will be completed in due course to time against this clause.
Accepted provided the Bidder furnishes a time line shared by Cert-in for the empanelment. Further the Bidder should have at least Gold Partnership with the OEM of proposed solution.
36 12 Scope of Work New addition The Bank would require the implementation sign off to be given by OEM on their letterhead or through email after bidder has completed the implementation at the Bank site.
