TR-0002340 BankingApplication PDF

Bank of Baroda
Baroda Corporate Centre, Mumbai
Request for Proposal (RFP)

for
Selection of Service Provider for Conducting
Comprehensive Audit of Banking Application System ( India and Foreign
Territories)
Bank of Baroda
Project Office
Baroda Corporate Centre
Mumbai
Nov 03, 2009
Confidential Page 1 of 45 Project Office, BCC, Mumbai

RFP Document for Created on 3/11/2009
Comprehensive audit of
Banking Applications
Bank of Baroda
[A] Important Dates :
1. Issuance of RFP Document by Bank from : 06/11/2009
2. Last Date of Submission of Response by the Bidder : 30/11/2009
[B] Important Clarifications :

Following terms are used in the document interchangeably to mean:
1. Bank of Baroda, BOB, BoB, and Bank means “Bank of Baroda”.

2. Recipient, Respondent and Bidder means “Respondent to the RFP
Document’.
3. RFP means the “Current RFP Document”
4. SP means the “ Service Provider”
5. VA & PT means Vulnerability Assessment and Penetration Testing
Confidentiality
This document is meant for the specific use by the Company / person/s interested to participate in the
current tendering process. This document is in its entirety is subject Copyright laws. Bank of Baroda
expects the bidders or any person acting on behalf of the bidders to strictly adhere to the instructions
given in the document and maintain confidentiality of information. The bidders will be held responsible
for any misuse of the information contained in the document and liable to be prosecuted by Bank of
Baroda in the event of such a circumstance is brought to the notice of the Bank. By downloading the
document, the interested party is subject to confidentiality clauses.

Bank of Baroda
Section – I

Bank of Baroda
1. Introduction and Disclaimer

This Request for Proposal document (“RFP”) has been prepared solely to enable
Bank of Baroda in the selection of suitable organisations to tender for the
provision for conducting Comprehensive Audit of the Banking Application
installed under the Technology Enabled Business Transformation Project.
The RFP document is not a recommendation, offer or invitation to enter into a

contract, agreement or other arrangement in respect of the services. The provision
of the services is subject to observance of selection process and appropriate
documentation being agreed between Bank of Baroda and any successful bidder
as identified after completion of the selection process as detailed under Section –
III, Para 25.
2. Information Provided
The RFP document contains statements derived from information that is believed
to be reliable at the date obtained but does not purport to provide all of the
information that may be necessary or desirable to enable an intending contracting
party to determine whether or not to enter into a contract or arrangement with
Bank of Baroda in relation to the provision of services. Neither Bank of Baroda
nor any of its employees, agents, contractors, or advisers gives any representation
or warranty, express or implied as to the accuracy or completeness of any
information or statement given or made in this RFP document. Neither Bank of
Baroda nor any of its employees, agents, contractors, or advisers has carried out
or will carry out an independent audit or verification or due diligence exercise in
relation to the contents of any part of the RFP document.
3. For Respondent Only

The RFP document is intended solely for the information of the party to whom it
is issued and no other person or organisation.
4. Service Provider Eligibility Criteria
The SP company is required to meet the following eligibility criteria and provide
adequate documentary evidence for each of the criteria stipulated below:
1. Must be a Government Organization/PSU/PSE/partnership firm/LLP or
limited company.
2. Must be in existence for five years as on 31.03.2009 (in case of
mergers/acquisition/restructuring or name change, the date of
establishment of the earlier/original Partnership Firm/Limited Company
can be taken in to account).
3. Must have a minimum turnover of at least Rs 2 Billion in the past two years
out of which, at least, 25% of the revenue must have come from the testing
& Consulting Services
Bank of Baroda
4. Must have made profits for the past 3 years in succession
5. Should have never been blacklisted/barred/disqualified by any
regulator/statutory body.
6. Must have the experience in reviewing of application and IT Systems.
7. Must not be application/implementers/Solution providers, assistance
providers for implementation with an alliance with Hewlett Packard in
Bank of Baroda.
8. Must not be a direct competitor providing solution/application being
provided/ implemented by Hewlett Packard to the Bank.
9. Must have on rolls at least one team leader (Project Manager) and one
additional member who has similar experience as that of the Project
Manager who would have personally involved in at least one similar
assignment. The Engagement Manager must have at least experience of the
Testing Services and Audit Services for 3 years.
10. Must have existence in India.
5. Confidentiality
The RFP document is confidential and is not to be reproduced, transmitted, or
made available by the Recipient to any other party. The RFP document is
provided to the Recipient on the basis of the undertaking of confidentiality given
by the Recipient to Bank of Baroda. Bank of Baroda may update or revise the RFP
document or any part of it. The Recipient acknowledges that any such revised or
amended document is received subject to the same terms and conditions as this
original and subject to the same confidentiality undertaking.
The Recipient will not disclose or discuss the contents of the RFP document with
any officer, employee, consultant, director, agent, or other person associated or
affiliated in any way with Bank of Baroda or any of its customers, suppliers, or
agents without the prior written consent of Bank of Baroda.
6. Disclaimer
Subject to any law to the contrary, and to the maximum extent permitted by law,
Bank of Baroda and its officers, employees, contractors, agents, and advisers
disclaim all liability from any loss or damage (whether foreseeable or not)
suffered by any person acting on or refraining from acting because of any
information, including forecasts, statements, estimates, or projections contained in
this RFP document or conduct ancillary to it whether or not the loss or damage
arises in connection with any negligence, omission, default, lack of care or
misrepresentation on the part of Bank of Baroda or any of its officers, employees,
contractors, agents, or advisers.

Bank of Baroda
7. Costs Borne by Respondents

All costs and expenses incurred by Recipients / Respondents in any way
associated with the development, preparation, and submission of responses,
including but not limited to attendance at meetings, discussions, demonstrations,
etc. and providing any additional information required by Bank of Baroda, will be
borne entirely and exclusively by the Recipient / Respondent.
8. No Legal Relationship
No binding legal relationship will exist between any of the Recipients /
Respondents and Bank of Baroda until execution of a contractual agreement.
9. Recipient’s Obligation to Inform Itself

The Recipient must conduct its own investigation and analysis regarding any
information contained in the RFP document and the meaning and impact of that
information.
10. Evaluation of Offers

Each Recipient acknowledges and accepts that Bank of Baroda may, in its absolute
discretion, apply whatever criteria it deems appropriate in the selection of Service
Provider, not limited to the selection criteria set out in this RFP document.
The RFP document will not be construed as any contract or arrangement, which
may result from, the issue of this RFP document or any investigation or review
carried out by a Recipient. The Recipient acknowledges by submitting its
response to this RFP document that it has not relied on any information,
representation, or warranty given in this RFP document.
11.a Earnest Money Deposit (EMD)
As part of compliance , intending bidders must pay along with RFP an Earnest
Money Deposit of Rs 50,000/- (Rs fifty thousand only). The earnest money shall
be paid by Demand Draft/Bankers Cheque/Pay Order drawn in favour of Bank
of Baroda – payable at Mumbai. The earnest money will not carry any interest.
The EMD will be refunded to non-Selected RFP Respondents along with the
intimation of rejection of their bid. In case of selected respondents the deposit will
be adjusted against the security deposit payable under the terms of contract..
The EMD made by the bidder will be forfeited if:
• The Respondent withdraws his tender before processing the same.

• The Respondent withdraws his tender after processing but before
acceptance of “Letter of Selection for Final RFP” issued by Bank.

Bank of Baroda
• The Selected Respondent withdraws his tender before furnishing an
unconditional and irrevocable Performance Bank Guarantee / security
deposit.
• The Respondent violates any of the provisions of the term and conditions
of this tender specification.
11.b) Security Deposit; -
The EMD amount deposited by the successful bidder will be converted as security
Deposit. Excess amount of EMD (i.e. EMD – 5% of the contract value) of
successful bidder will be refunded by the bank with two weeks from the date of
acceptance of contract, however if the EMD amount is less than the amount
equivalent of contract value then the successful bidder has to deposit the
difference amount (i.e 5% of the contract value – EMD amount) by way of
Demand Draft/Banker’s Cheque/Pay Order drawn in favor of the Bank of Baroda
payable at Mumbai, within one week from the date of awarding the contract. The
Security deposit will be refunded by the bank after successful completion of the
project.
Amount of Security Deposit will be rounded off to the nearest thousand. Bank
Guarantee in lieu of Security Deposit is not acceptable.
11.c ) Performance Bank Guarantee :-
The Selected bidder has to provide an unconditional and irrevocable Performance

Bank Guarantee of 10% of the contract value from the Public Sector Bank in India
(Other than Bank of Baroda) towards due performance of the contract in
accordance with the specifications, terms and conditions of RFP document, within
15 days from the date of letter of indent (LOI). The Bank Guarantee shall be kept
valid three months , beyond the tentative completion period of project.
11.d Application Money
The intending bidders should pay along with bids an Application money of Rs
5000/- (rupees Five Thousand only) The application money shall be paid by
Demand Draft/Banker’s Cheque/Pay Order drawn in favour of Bank of Baroda
payable at Mumbai. The application money is non-refundable.
11.e Execution of SLA/NDA:
The SP company should execute (a) a Service Level Agreement, which would
include all the services and terms and conditions of the services to be extended
as detailed herein and as may be prescribed by the Bank and (b) Non-disclosure

Bank of Baroda
Agreement. The SP should execute the SLA and NDA within one month from the
date of acceptance of Letter of Appointment..
12. Errors and Omissions

Each Recipient must notify Bank of Baroda of any error, omission, or discrepancy
found in this RFP document.
13. Acceptance of Terms

A Recipient will, by responding to Bank of Baroda RFP, be deemed to have
accepted the terms as stated above from Para 1 to Para 12.
14. Lodgment of RFP Response (To be read in conjunction with Section – III,
Para 4)
14.1 RFP Closing Date for submission of Response
RFP Response may be received by the officials indicated below not later than 4:00
pm (Indian Time – GMT +5:30) by 30th November 2009.
Submission of Response to Bank of Baroda
Two (2) paper copies and one (1) electronic copy (Microsoft XP Word and Excel,
on CD ROM) of all submissions must be supplied to Bank of Baroda
addressed to General Manager (Projects & IT Operations) at :
General Manager (Projects & IT - Operations)

Bank of Baroda ,Baroda Corporate Centre
C-26, Block – G, Bandra – Kurla Complex,
Bandra (East)
Mumbai – 400051, India
For any further clarification you may contact
Mr AK Singh
Chief manager (Projects & IT Operations)
LL 022-66985254/
Mr S Salunke 66985234
Submission will be valid if :
• Copies of the RFP are submitted before the aforementioned closing time.
• Submission is not by Fax transmission.
• Response is submitted in two separate sealed envelopes with separate
marking “Technical Proposal” & “Commercial Proposal”
• All separate copies of RFP and attachments must be provided in a sealed
envelope or sachet “.

Bank of Baroda
Only One Submission Permitted
Only one submission of response to RFP by each Vendor / Service Provider will
be permitted. In case of partnerships / consortium, only one submission is
permitted through the lead vendor / service provider.
14.2 Registration of RFP
Registration will be effected upon Bank of Baroda receiving the RFP response in
the above manner (Para 14.1). The RFP must be accompanied with all documents,
information, and details If the submission to this RFP does not include all the
information required or is incomplete or submission is through Fax mode, the
RFP is liable to be rejected.
All submissions, including any accompanying documents, will become the

property of Bank of Baroda. Recipients shall be deemed to license, and grant all
rights to, Bank of Baroda to reproduce the whole or any portion of their
submission for the purpose of evaluation, to disclose the contents of the
submission to other Recipients who have registered a submission and to disclose
and/or use the contents of the submission as the basis for any resulting RFP
process, notwithstanding any copyright or other intellectual property right that
may subsist in the submission or accompanying documents.
14.3 Late RFP Policy

Respondents are to provide detailed evidence to substantiate the reasons for a late
RFP submission.
RFPs lodged after the closing date for lodgment of RFPs may be registered by
Bank of Baroda and may be considered and evaluated by the evaluation team at
the absolute discretion of Bank of Baroda. It should be clearly noted that Bank of
Baroda has no obligation to accept or act on any reason for a late submitted
response to RFP.
Bank of Baroda has no liability to any person who lodges a late RFP for any
reason whatsoever, including RFPs taken to be late only because of another
condition of responding.
14.4 RFP Validity Period

RFPs will remain valid and open for evaluation according to the terms for a
period of at least six (6) months from the time the RFP submission process .
14.5. Requests for Information

Recipients are required to direct all communications related to this RFP, including
notification of late RFP submission, through the Nominated Point of Contact
person i.e. General Manager (Projects & IT – Operations).

Bank of Baroda
All questions relating to the RFP, technical or otherwise, must be in writing only
to the Nominated Point of Contact.
Bank of Baroda will not answer any communication initiated by Respondents
later than five business days prior to the due date for lodgment of RFPs.
However, Bank of Baroda may in its absolute discretion seek, but under no
obligation to seek, additional information or material from any Respondents after
the RFP closes and all such information and material provided must be taken to
form part of that Respondent’s response.
Respondents should invariably provide details of their email address(es) as

responses to queries will only be provided to the Respondent via email.
If Bank of Baroda in its absolute discretion deems that the enquiring Respondent
will gain an advantage by a response to a question, then Bank of Baroda reserves
the right to communicate such response to all Respondents.
Bank of Baroda may in its absolute discretion engage in discussion or negotiation

with any Respondent (or simultaneously with more than one Respondent) after
the RFP closes to improve or clarify any response.
15. Notification
Bank of Baroda will notify the Respondents in writing as soon as practicable
about the outcome of the RFP evaluation process, including whether the
Respondent’s RFP response has been accepted or rejected. Bank of Baroda is not
obliged to provide any reasons for any such acceptance or rejection.
16. Disqualification
Any form of canvassing/lobbying/influence/query regarding short listing, status
etc will be a disqualification.
17. Timeframe
The following is an indicative timeframe for the overall selection process. Bank of
Baroda reserves the right to vary this timeframe at its absolute and sole discretion
should the need arise. Changes to the timeframe will be relayed to the affected
Respondents during the process.
RFP Issuance Date 06 November, 2009

RFP Response Due 30 November, 2009
RFP Evaluation date 31 May 2010

Bank of Baroda
Section - II

Bank of Baroda
1. Bank of Baroda – the Company
Bank of Baroda is the one of the largest Public Sector Banks in India with over 33
million accounts with about 3 to 5 million transactions per day and a Branch
network of over 3000 branches in India and in other 21 overseas countries. Bank
has over 1500 branches in rural/semi urban areas and with 70 offices / branches
in 21 countries overseas.
The Bank has undertaken a massive project for modernization of its banking
processes to become a national bank of international standard. To initiate this
modernization process, the Bank has conducted a Business Driven IT strategy
formulation exercise assisted by Gartners.
2. Business & IT Strategy
The aim of Bank of Baroda’s IT Strategy is to conduct a Technology Enabled

Business Transformation of current business processes through three key
endeavors:
1. The phased deployment of core applications and supporting IT infrastructure
to enable the implementation of best-practice in :
– Banking and financial services
– Corporate operations
2. The development of a Governance of IT model and capability within Bank of
Baroda.
3. The structured development of enhanced IT capability within Bank of Baroda
based on :
– Outsourcing of daily IT operations
– Developing and retaining key skills in planning, programme and
project management, and sourcing management
It is projected that the implementation of the IT Strategy will occur over a three to
five year period
3. Bank’s Vision for Business Transformation

Bank’s vision in going for a technology-enabled transformation is :
To become the most preferred Public Sector Bank within three years and to
transform into a Universal Financial Services organization offering a full
range of financial products to corporate and personal customers
To become a customer - centric organization providing financial products
and services based on customer needs in all markets it operates

Bank of Baroda
To provide products and services in an efficient, effective and responsive
manner and on-demand through multiple channels
The transformation should be rapid and visible in order to enable the Bank to reap
early benefits. The strategic goals of Bank of Baroda are :
The development of a customer centric business,

The delivery of product through multi-channel distribution,
The set up of new Lines of Business through re-organization of existing
lines of business along customer requirements,
The set up of global functions by way of establishment of a corporate
center
An improvement of operational effectiveness.
4. System Integrator (SI) of the Project

Towards realizing the above objectives, Bank’s current Technology Enabled
Business Transformation Project (Project Shikhar), Bank has selected Hewlett
Packard India Sales Private Ltd. (HP) as the System Integrator for the Project.
Broad scope of deliverables under the Project is as under :
• Procurement/supply and installation H/W, System S/W, Application

S/W
• Core Banking System and associated modules
• Other applications (Support Services like General Ledger, HRNeS, Pay
Roll, Integrated Risk Management, Data warehouse, CRM, MIS, ATM
Switch, Mail Messaging, Intranet, Self-Service, E-Learning, Asset
Management, Card Management, e-banking, Payment Gateway, Treasury)
• Customization & Parameterization
• Implementation and maintenance of application software (S/W)
• Designing of complete network architecture for the Bank
• Procurement/supply and installation of various networking equipments,
implementing Branch LAN and enterprise-wide WAN & Network
Management for the entire WAN
• Data Centre & Disaster Recovery Site – Build, Operate & Transfer
• Procurement, follow up and maintenance of network bandwidth/leased
lines, ISDN and other networking needs
• Domestic and International Branch Roll-out
• Proposing and Implementing Information Security Management System
• Training & Transformation Management
• Programmed Management
• Designing, developing and implementing System integration
• All supporting infrastructure & Services (e.g., Data Centre/DRC, Servers,
Desktops, Laptops etc., Managed Services)

Bank of Baroda
• Data communication networks (e.g., WAN, LAN, Voice)
5. Products / Applications being implemented by HP
The SI has proposed and has been implementing the following applications for
the Bank.
Support services:
Functionality Product
Finance, General Ledger, Finacle Core, Oracle Financials, Oracle
Accounting, Consolidated GL, Financial Services applications Budgeting
Finance
Sourcing and Procurement Oracle AP, Purchasing
Human Resource Management Oracle HR, Oracle training &
administration, self Service , Fluous Payroll
Risk Management and Decision Finacle Core, OFSA- Risk Manager, Kvar+,
support Kondor Global Limits, Kondor Credit Var
Performance Management Oracle OFSA – Performance Analyser,
Transfer Pricing, Activity based
Management, Balanced Scorecard Modules
Marketing Decision Support Finacle Core, Oracle Trading Community
MCIF – Customer Segmentation, architecture, Oracle Customer online,
Campaign management Oracle marketing Online, Oracle Sales
online
Customer Relationship Manager OFSA – And Oracle CRM Based on Oracle
CRM Analytics Logical Data Model - TCA+ Oracle
Financial data model
Enterprise Information systems OFSA- Performance Analyser, Risk
manager,
HP- Knowledge Management System
Funds and regulatory
Treasury Kondor +, KTP
Investment and Brokerage Opus Trade – front end trading system
interfacing to depositories as well as
brokers and clearing houses
International Banking and Foreign Finacle Core for Basic FX and MM deals
Exchange processing
Browser support for K+ dealing at
international treasury locations where
warranted
Interactions with Other banks CBS - Clearing systems, RTGS, interface
Bank of Baroda
Treasury to NDS interface
Interactions with Reserve Bank of CBS – RTGS interface
India Treasury – RTGS interface
Core Processing
Core banking Finacle Core including Trade finance and
Remittances
Deposits Savings and investment Finacle core retail and corporate
Loans Credit Lending Finacle Core Retail and Corporate Lending
Product Management Finacle Core Parameter driven Product
management
Customer Information System Finacle Core CIF, Oracle TCA
Non Banking financial Products Cards – (Interface to existing cards system
in phase-I), Opus Cards
Transaction Payment Systems Finacle core, Electra Payment Gateway,
Base24 Switch
Delivery
Personal Productivity and Microsoft Exchange
Groupware
Help Instruction and Training Online help from all application
Training using existing Training center
infrastructure
Set up of e- learning infrastructure
Oracle i-learning
Oracle Training and Administration
Imaging and Printing Scanners and printers – HP
Omni Capture –New Gen
Omni docs – New Gen
Work flow and Document Omni Flow for enterprise workflow
Management Omni docs for document Management
Transaction Processing Base24 ATM Switch
Electra payment Gateway
Reporting Finacle Reporting Tool
Oracle Discoverer

Bank of Baroda
Access
Staff Interface Oracle Self Service
Fluous Self Service
HP Knowledge management
Oracle Portal
Teller Functions/Service Center Finacle Core
Interface
Self Service Telephone and Internet Servion IVR Phone banking
Payment Gateway Electra Payment Gateway
Internet Banking Finacle eChannels , eCorporate
Other Agents and Channels Finacle SMS banking
Kiosk
Security Various including Trendmicro Anti Virus,
Checkpoint Firewall, Cisco pix

Bank of Baroda
Section - III

Bank of Baroda
1. Current RFP Objectives :
1.1 Project Objective
The Bank wishes to appoint competent Service Provider (SP) for carrying out
`Comprehensive Audit of the IT Systems installed at the Data Centre, Mumbai
and Disaster Recovery Centre, Hyderabad implemented by HP. The SP will be
responsible as per the scope and timelines outlined below.
Although the Bank has selected an SI for implementation of various systems and
is in the process of implementing the complete suit of solutions for its branches
and Administrative Offices including overseas offices, Subsidiaries etc., the Bank
is looking for the Comprehensive Audit for all its Banking application systems
(India & foreign territories) installed and systems which will subsequently be
installed.
The selected service provider is required to provide service of comprehensive

audit including the following services: Performance Testing (PT), Optimisation
Testing, High Availability Testing, Scalability Testing with reference to the four
core architectural principles- Performance, Scalability, High Availability,
Investment Protection.
Bank may, at its full discretion, choose to avail of the services for all services or
part thereof. Such decision may be advised in course of the project.
1.2 Project Scope

A description of the envisaged scope is enumerated as under. However, the Bank
reserves its right to change the scope of the RFP considering the size and variety
of the requirements and the changing business conditions.
Based on the contents of the RFP, the selected SP shall be required to
independently arrive at Approach and Methodology, based on globally
acceptable standards and best practices, suitable for the Bank, after taking into
consideration the effort estimate for completion of the same and the resource and
the equipment requirements. The Selected Service Provider is required to conduct
the detailed Risk assessment of IT Assets/Resources of the Bank at DC/DR and
suggest the control measures for the risk identified.
The Bank expressly stipulates that the SP’s selection under this RFP is on the
understanding that this RFP contains only the principal provisions for the entire
assignment and that delivery of the deliverables and the services in connection
therewith are only a part of the assignment. The SP shall be required to undertake
to perform all such tasks, render requisite services and make available such
resources as may be required for the successful completion of the entire

Bank of Baroda
assignment at no additional cost to the Bank.
The SP’s involvement is expected to be spread across a period of at least , 24
months from the date of contract.
The services as indicated in Para 1.2.1 will be covered under the scope of the
Comprehensive Audit of the Banking Applications (Domestic & International
territory) Indicative details of services may involve:
1.2.1 Review/Audit of
1. Periodic Audit of all Customer facing (VA&PT) Web based application at 6
month Interval up to 18 months.
2. Business Application Software (CBS & Other Business application)
3. Compliance Verification of this audit report with in 6 Months.
1.2.2..A) . Threat & Vulnerability Analysis audit of customer facing Web based
Application
Testing tools have to be arranged by the bidder
Appropriate updated tools should be used for each phase of test.

Application implemented in foreign territory is also a part of review/audit.:
Review of security assessment of the technology platforms at the Data

Center
Review the operations and management of Bank-wide Network
Architecture
Review of security and parameter setting for all IT Infrastructure within
the Data Centre including review of Placement of security equipments,
network equipments for securing database, application, web servers of
various applications housed at Data Centre
Review of Configuration and Monitoring of logs of Intrusion Prevention
System, firewalls and response capabilities
Carryout Ethical hacking to expose security gaps and demonstrate the
effectiveness of security measures.
Vulnerability & Penetration Test must be designed to simulate a real
world attack keeping in view prevailing RBI guidelines, IT Act 2000 and
other applicable regulations in India.
Vulnerabilities for defacement and unauthorized modification of
corporate web sites
Search for back door traps in the programs
Check if commonly known holes in the software, especially the browser
and the email software exist through ethical hacking
Review of policies for performing periodic monitoring of activity on the
firewall server to check for malicious activity.
Review of Policies for performing periodic health check on all servers
with the Data center

Bank of Baroda
Review of Backup and restore policy
Review of periodic analysis of logs to bring in changes to the security
posture to mitigate risks from newly identified threats
Check for existence of proper guidelines to retire any infrastructure. It is
to be ensured that the data on such asset is backed up and is removed
from the asset before it is retired. Data that becomes inconsequential or
irrelevant due to various factors must be archived using a proper
archival mechanism. Data, which needs to be destroyed, must be
destroyed immediately and proper guidelines need to be defined as a
process for the same.
Review of firewall configurations and associated policies and
procedures covering Firewall design, operational security, auditing,
logging, monitoring, alerting, IP forwarding etc.
Switch Diagnostic review
Router Diagnostic review
Pro-active virus prevention and detection procedures are in place and
implemented. Virus definitions are updated regularly
Procedures for monitoring of Updation of virus definitions
Process for incident reporting Mechanism to respective data Owner
(particularly to foreign territory)
1.2.2.B) Security and controls review of the ATM, Internet Banking, On-line
Trading, Cash Management, Depository services and Channel banking
encompassing
To review the Transaction flow in Bank’s internet banking

Adequate internal controls are in place to minimize errors, discourage
fraud
Interface with other organizations for utility payments
Process of creation of Internet Banking Ids
PIN management
Authentication controls
ATM card application, generation and Issue Process
ATM PIN generation and distribution procedures
Operating System, application and the Data on the ATM Switch
Interface system between the Host and the ATM switch
Procedures for off-line transactions
ATM switch center & ATM terminals
Review of Backup and recovery procedures for ATM related data and
transactions
All applicable testing for various on-line channels facing customers
Check if the data between ATM and switch is flowing in encrypted form
and not as plain text and evaluate sniffing risk if any
To review the Risk Management Process(Risk Identification,
Assessment &Treatment)

Bank of Baroda
Security & Control Objectives (Data Confidentiality, System Integrity,
Availability, Customer & Transaction Authenticity, and Customer and its
Data Protection)
Managing Outsourcing risks, Monitoring Outsourcing Arrangements.
Distributed Denial of Services attacks (DDOS)
Customer Education Mechanism.
Incident Response Planning and Reporting
Process for Internet based attack, reporting, response & Planning
mechanism.
1.2.3. Review/ Audit of Business Application Software to be conducted for the

following application vs Territory :
√ Indicates Application has been in Live operation in respective territory

X Indicates Application has not been made live in respective territory
South Africa
Hong Kong
Singapore
Botswana
Seycellus
Bahamas
Mauritius
Tanzania
Bahrain
Uganda
Guyana
Ghana
OMAN
Kenya
China
sr no
India
UAE
T&T
FIJI
UK
1 CBS √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
2 AML √ √ √ √ √ √ √ √ X √ √ √ X X √ √ X √ √ X
Financial
Managemen
t System-
Oracle
Financials(
3 EWGL) √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
Baroda
4 Connect √ √ √ √ √ √ √ X X X X X X X X X X X √ X
Straight
Through
Process
(RTGS/NEF
5 T) √ X X X X X X X X X X X X X X X X X X X
ATM Switch
6 (Base24) √ √ √ √ √ √ √ X √ X X X X X X X X X X X
Global
Treasury
&Enterprise
wide Limit
Managemen
7 t √ √ X X X X X √ X X X X X X X √ √ X X X
Bank Wide
Mail and
Messagin
8 g System √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √ √
Baroda
Cash
Managemen
9 t √ X X X X X X X X X X X X X X X X X X X
Telephone
10 Banking √ X X X X X X X X X X X X X X X X X X X
11 HRNES √ X X X X X X X X X X X X X X X X X X X

Bank of Baroda
12 Pay roll √ X X X X X X X X X X X X X X X X X X X
Retail
Depositor
13 y System √ X X X X X X X X X X X X X X X X X X X
Data
Warehousing
and Oracle
Financial
Services
14 Application √ X X X X X X X X X X X X X X X X X X X
15 Crisil √ X X X X X X X X X X X X X X X X X X X
Card
Managemen
16 t System √ X X X X X X X X X X X X X X X X X X X
Review/Audit of application which will be implemented in next 24 months

( Call Centre, E-trading (Online Trading), CRM, CBS (USA, Belgium)
Other application which should also be reviewed are
Internet Payment Gateway, Online trading System,, Asset Management System,

Hire Purchase & Leasing, Performance Management, Knowledge Management,
Solution Architecture & Design Services, Enterprise Management System,
Information Security Management System, Data Archival System, Cheque
Truncation System, Document Management System – Workflow Automation,
Centralized Antivirus, Credit/DebitCard Management (FSS) provided by HP,
Centralized SWIFT Interface with CBS and its process.
Tools used by service provider should be tested before implementation by the

service provider..
1.2.4 For the banking applications (Domestic & International territory) mentioned
above the review should include and is not limited to:
• Perform Application , Security & Controls Review

• Study the applications for adequate input, processing and output controls
• Development of suitable testing methodology / testing strategy document
• Conduct various tests to verify existence and effectiveness of the controls
for all functionalities, schemes and products supported by the applications
under review
• Perform a test of controls setup in the all applications
• Identify ineffectiveness of the intended controls in the software and analyze
the cause for its ineffectiveness
• Controls over automated processing / updations of records, review or
check of critical calculations, review of the functioning of automated
scheduled tasks, output reports design, reports distribution, etc.
• Extent of parameterization.
• Backup/Fall back/Restoration procedures and contingency planning
• Suggestion on segregation of roles and responsibilities with respect to
application software to improve internal controls.
• Adequacy, Accuracy, Data Integrity of the MIS Reports and Audit Reports
Bank of Baroda
• Manageability with respect to ease of configuration, transaction roll backs,
time taken for end of day, day begin operations and recovery procedures
• Hard coded & Virtual user-id and password
• Interfaces with CBS Software of many other applications / services, both in
house and 3rd party systems / solutions – security, confidentiality, integrity,
accuracy and non-repudiation of the data between systems
• Recovery and restart procedures
• Adequacy of Audit trails and Logs
• Adherence to Legal and Statutory Requirements.
• Appropriate user maintenance and password policies being followed
• Review user profiles created at the database level against job roles
• Review of the outsourcing practices.
• That the Bank’s Internet Banking Policy meets all the parameters / criteria
laid down in the communications of RBI on internet banking in India.
• Review of Controls in ATM Operations including ATM Card Management,
ATM Switch Operations, Support to Branches/Users, Incident Reponse
Capability.
• Review of controls in RTGS/NEFT Operational environment Support to
branches/Users/Department, Incident response capability, Robustness of
server Administrative practices.
• Review of identification, Authentications, Authorization Mechanism in
RTGS/NEFT.
• To review effectiveness and efficiency of the Application Software.
• To review Setting of various parameters, updation thereof and actual
working of them as intended and accurately.
• To review the Patch Management of all software and Control over the
Patch Management.
• To review Programmed Change Management
• To review Source Code Maintenance /Escrow arrangement
• To understand and appreciate the Strengths, Flexibility and Weakness of
the all System as implemented and constraints imposed by system on user.
• To review the ‘application security parameters and setup’ to the Bank’s

Security Policy and leading industry best practices.
• To review whether Audit trails are adequate to monitor the application.
• To review whether Day end controls are in place to ensure integrity of the
transactions as per bank’s guidelines/system of authorizations like Maker-
Checker are followed.
• To review user manuals, operating manuals and systems manuals and to
verify the version/updation controls are in place.
• To review version control for all application software
• To review issue log/ Application call status and process with the application
vendors
• To review application response time from end user perspective in
comparison with peer bank/ industry best practice

Bank of Baroda
• To review the Proper MIS reporting in case where manual control during
life cycle of product.
• To Review application control of all data upload/download
• To review whether Access level controls are appropriately built in and
implemented into the application and to verify whether only authorized
users are able to edit, input or update the data in the application or carry
out activities as per their role..
• To verify whether access is given on a ‘need-to-know’ and ‘need to-do’
basis.
• To review all the services that are required to run the application Finacle
are properly maintained and managed eg .Finlist val, resin, CRV, RTGS,
Appache web server etc
• To review the process of application controls including boundary controls,
input controls, communication controls, database controls, and output
controls.
• To review Backups and recovery procedure / control.
• To review whether any weaknesses in controls or in application are there
which lead to leakage of income or to non compliance of regulatory
requirements.
1.2.5 Core Banking Solution- Finacle : Domestic & International In addition

to all the above mentioned points specific attention to be given to the below
mentioned points
Finacle application is to be reviewed for both domestic and International

territories as per the requirements of respective regulatory and security
requirements. The review should include and is not limited to:
• To review whether Bank has proper control over software updates and to
check if such updates/customizations have been maintained in
chronological order.
• To review the application security features built within Finacle and to
identify gaps in the application security parameter setup in line with the
bank’s security policies and leading best industry practices.
• To review of Finacle Core Banking Solution in all the modules implemented
in CBS (viz GBM, Trade finance, lockers etc) and all modules in totality with
reference to the specifications given in the functional requirement of RFP
floated and the procedures of the bank.
• To review the process of controls over the proxy / parking transactions.
• To review the control over the inter sol transactions and the collection of
charges there on and to verify proper control is there to reconcile the
transactions at End of Day Operations.
• To review the controls over the periodical / mass run system generated
transactions (viz interest/Charge application) and to verify proper control
reports and proper procedures are in place to minimize the impact on
Bank’s profit.

Bank of Baroda
• To review whether adequate controls over accounting and adjustments of
sensitive accounts like sundry/suspense / Office accounts are in place.
• To review interface with other systems such as Internet Banking, Govt.
Business module, Treasury module, ATM Controller Software (BASE24),
Payment Gateway, Payment Messaging Solutions, RTGS/NEFT,
Enterprise General Ledger, Data ware House, CMS (Cash Management
Solution) etc. for accuracy, completeness, timeliness and consistency of
data.
2. Compliance Verification SP should verify the compliance audit report of

entire audit report and submit final report within six months of the audit
report.
3. Deliverables
During the course of review, the SP will suggest the following in addition to
other critical observation/ methods/ improvements as deemed fit from the point
of view of the SP professional experience for each of the services mentioned
above :
o All observations will be thoroughly discussed with process owners

before finalization of report
o Reports will be submitted as soft copy in doc and pdf format as well
as one signed hard copy.
o Reports will be submitted territory wise in compliance with respective
regulators.
o All reports will be prepared with the following information:
Gaps, deficiencies, vulnerabilities observed – specific observations
should be given with details
o Risk associated with Gaps, deficiencies vulnerabilities observed
Category of Risk – High/Medium/Low
o Recommendations/ Procedures for removing Gaps, deficiencies,
vulnerabilities observed
o Preparation of Final Testing Report with areas of improvement
o On completion of the Comprehensive Review and audit of Banking
application handover all reports, templates, and policies to the Bank
4 Submission of Bids (Please refer to Section – I, Para 14)
The bids shall be in two parts viz. Technical Proposal and Commercial Proposal.
Both Technical and Commercial Proposals shall be submitted in separate sealed
envelopes superscribing “TECHNICAL PROPOSAL FOR COMPREHENSIVE
AUDIT OF BANKING APPLICATION SYSTEMS on top of the envelope
containing the technical bid and “COMMERCIAL PROPOSAL FOR
COMPREHENSIVE AUDIT OF BANKING APPLICATION SYSTEMS: on top
of the envelope containing commercial bid. These two separate sealed envelopes
Bank of Baroda
should be put together in the sealed master envelope superscribing “PROPOSAL
for COMPREHENSIVE AUDIT OF BANKING APPLICATION SYSTEMS:
The Technical Proposal will be evaluated first for technical suitability. Commercial
Proposal shall be opened only for the short-listed bidders who have qualified in
the Technical Proposal evaluation.
The Technical Proposal shall contain the technical proposal to the requirement of
the Bank as along with Annexure–A, C, D and E
A copy of the Commercial Proposal masking the prices is to be submitted along

with the Technical Proposal.
The Commercial Proposal shall be submitted as per Annexure B.
The bidder shall submit the Proposals properly filed so that the papers are not
loose. The Bidder shall submit the proposal in suitable capacity of the file such
that the papers do not bulge out and tear during scrutiny.
The technical proposal shall be organized and submitted as per the following
sequence:
a) Table of Contents (list of documents enclosed)

b) Technical proposal with detailed activities broken down, effort estimate,
manpower estimated to be deployed along with annexure D and annexure E
c) Compliance certificate for all the terms and conditions as per Annexure-C
d) All copies of certificates, documentary proofs etc.
e) A CD containing soft copy of the proposal
f) Annexure A
g) Masked Annexure B
All the relevant pages of the proposals (except literatures , datasheets and
brochures) are to be numbered and be signed by authorized signatory on behalf
of the Bidder. The number should be a unique running serial Number. across the
entire document.
The bidder has to submit a soft copy of the entire proposal in a CD. It should be
noted that in case of any discrepancy in information submitted by the bidder in
hard-copy and soft-copy, the hard-copy will be given precedence. However, in
case of non-submission of any hard copy document, if the same is found
submitted in the soft-copy, Bank reserves right to accept the same at its
discretion.
The Bids shall be addressed and submitted to :
GENERAL MANAGER (PROJECTS & IT - Operations)

Bank of Baroda
BANK OF BARODA
Bandra Kurla Complex, Bandra (East)
Mumbai 400 051
The bids (arranged as mentioned above) are to be submitted at the Secretariat of

the General Manager (Projects & IT – Operations), marked with the appropriate
label, at the above address before the due date & time as specified. The bid
submitted anywhere else is liable to be rejected.
It may be noted that all queries, clarifications, questions etc., relating to this RFP,
technical or otherwise, must be in writing only and should be to the nominated
point of contact.
Bidders should provide their E-mail address in their queries without fail.
The bidder will submit an undertaking specifying that the bidder has obtained all
necessary statutory and obligatory permission if any to carry out project works,
The proposal should be prepared in English in MS Word format. The e-mail

address and phone/fax numbers of the bidder should also be indicated on the
sealed cover.
FORMATS OF BIDS: The bidders should use the formats prescribed by the Bank
in the RFP for submitting both technical and commercial bids.

Bank of Baroda
5 General Terms and Conditions (Please also refer to Section – I)
5.1 Adherence to Terms and Conditions:

The bidders who wish to submit responses to this RFP should note that they
should abide by all the terms and conditions contained in the RFP. If the
responses contain any extraneous conditions put in by the respondents, such
responses may be disqualified and may not be considered for the selection
process.
5.2 Other terms and conditions :
1. Bank of Baroda reserves the right to :
• Reject any and all responses received in response to the RFP

• Waive or Change any formalities, irregularities, or inconsistencies in
proposal format delivery
• To negotiate any aspect of proposal with any bidder and negotiate with
more than one bidder at a time
• Extend the time for submission of all proposals
• Select the most responsive bidder (in case no bidder satisfies the eligibility
criteria in totality)
• Select the next most responsive bidder if negotiations with the bidder of
choice fail to result in an agreement within a specified time frame.
• Share the information/ clarifications provided in response to RFP by any
bidder, with any other bidder(s) /others, in any form.
• Cancel the RFP/Tender at any stage, without assigning any reason
whatsoever.
6. Substitution of Project Team Members: During the assignment, the

substitution of key staff identified for the assignment will not be allowed unless
such substitution becomes unavoidable to overcome the undue delay or that
such changes are critical to meet the obligation. In such circumstances, the
service provider can do so only with the concurrence of the Bank by providing
other staff of same level of qualifications and expertise. If the Bank is not
satisfied with the substitution, the Bank reserves the right to terminate the
contract and recover whatever payments made by the Bank to the SP during
the course of this assignment besides claiming an amount, equal to the
contract value as liquidated damages. However, the Bank reserves the right to
insist the SP to replace any team member with another (with the qualifications
and expertise as required by the Bank) during the course of assignment.

Bank of Baroda
7. Professionalism : The SP must provide professional, objective and impartial
advice at all times and hold the Bank’s interests paramount and must observe
the highest standard of ethics while executing the assignment.
8. Adherence to Standards : The SP must adhere to laws of land and rules,

regulations and guidelines prescribed by various regulatory, statutory
and Government authorities
9. The Bank reserves the right itself or through a consultant to conduct an audit/
ongoing audit of the services provided by the SP. The cost of the audit/
consultant shall be borne by the Bank
10. The Bank reserves the right to ascertain information from the banks and other
institutions to which the bidders have rendered their services for execution of
similar projects.
11. EXPENSES : It may be noted that Bank will not pay any amount/expenses
/ charges / fees / traveling expenses / boarding expenses / lodging expenses
/ conveyance expenses / out of pocket expenses other than the “Agreed
Professional Fee”. However, traveling, boarding and lodging expenses, if
any, for site visit outside Mumbai for project related work will be discussed
with the Bank as to the need, duration, number of personnel involved, etc.,
and will have to be cleared by the Bank in advance in writing. Settlement of
bills in such cases will be at rates mutually agreed and reimbursable against
production of tickets and bills. Mumbai will be considered as the base
station for the purpose of travelling.
12. The bidder can not change the Project Manager during entire period of
execution of the assignment unless consented in written by the Bank.
13. The bid must contain the resource planning proposed to be deployed for the
project which includes, inter-alia, the number of personnel, skill profile of each
personnel, duration etc.

Bank of Baroda
14. TERMS OF PAYMENT :
The SP’s fees will be paid in the following manner for each item/ activity which is
described in the Commercial Proposal (Annexure B) on a project to project basis :
• 10% of the professional fees on acceptance of testing methodology/strategy

document for VA &PT, Customer facing all hardware/network etc, Core
Banking Solution (Finacle) and other Banking applications.
• 10% of the professional fees on completion of first test of VA &PT first Test for
all customer facing web applications.
• 20% of the professional fees on completion of review of Periodic Audit of all
Customer facing Web based application at 6 months interval up to 18 months
(Threat & Vulnerability analysis) on the security and architecture at the Data
Centre, Bank-wide Network Architecture, security and parameter setting for all
IT Infrastructure within the Data Centre and Disaster Recovery Site, ATM,
Internet Banking, On-line Trading, depository Services and Channel banking
and submission of reports.
• 20 % of professional fees on Completion of Business Application Software
(CBS)
• 20 % of professional fees on Completion of Business Application Software
(Other Business application)
• Balance 20% of the professional fees on rectification /correction/
implementation of suggestions by the SP and submission of the Compliance
Verification Final Report to the Bank.
• All invoices will be paid by the Bank within a period of 45 days from the date of
receipt of undisputed invoices. Any dispute regarding the invoice will be
communicated to the selected bidder within 15 days from the date of receipt of
the invoice. After the dispute is resolved, Bank shall make payment within 30
days from the date the dispute stands resolved.
15. LIQUIDATED DAMAGES (LD) :

The Bank will impose a penalty of Rs. 50,000/- (Rupees Fifty thousand only) per
week or part thereof, for delay in not adhering to the time schedules.
If the selected Bidder fails to complete the due performance of the contract in
accordance to the specifications and conditions agreed during the final contract
negotiation, the Bank reserves the right either to cancel the contract or to accept
performance already made by the bidder. The Bank reserves the right to recover
an amount equal to the value of contract by the Bank as Liquidated Damages for
non-performance.

Bank of Baroda
Both the above are independent of each other and are applicable separately and
concurrently. However the same would not be applicable for reasons attributable
to the Bank and Force Majeure. However, it is the responsibility of the bidder to
prove that the delay is attributed to the Bank and Force Majeure. The bidder shall
submit the proof authenticated by the bidder and Bank’s official that the delay is
attributed to the Bank and/ or Force Majeure along with the bills requesting
payment.
16.Indemnity :
The bidder shall indemnify Bank and keep indemnified for against any loss or
damage by executing an instrument to the effect on a Non-Judicial stamp paper
that Bank may sustain on account of violation of patent, trademarks etc. by the
bidder.
17.Authorized Signatory :
The selected bidder shall indicate the authorized signatories who can discuss and
correspond with the bank, with regard to the obligations under the contract.
The selected bidder shall submit at the time of signing the contract, a certified
copy of the extract of the resolution of their Board, authenticated by Company
Secretary, authorizing an official or officials of the company or a Power of Attorney
copy to discuss, sign agreements/contracts with the Bank. The bidder shall furnish
proof of signature identification for above purposes as required by the Bank.
18. Applicable Law and Jurisdiction of court :
The Contract with the selected bidder shall be governed in accordance with the
Laws of India for the time being enforced and will be subject to the exclusive
jurisdiction of Courts at Mumbai .
19.CANCELLATION OF CONTRACT AND COMPENSATION :
The Bank reserves the right to cancel the contract of the selected bidder and
recover expenditure incurred by the Bank on the following circumstances. The
Bank would provide 30 days notice to rectify any breach/ unsatisfactory progress :
• The selected bidder commits a breach of any of the terms and conditions of
the bid/contract.
• The bidder goes into liquidation voluntarily or otherwise.
• An attachment is levied or continues to be levied for a period of 7 days
upon effects of the bid.
• The progress regarding execution of the contract, made by the selected
bidder is found to be unsatisfactory.

Bank of Baroda
• If deductions on account of penalty exceeds more than 10% of the total
contract price.
After the award of the contract, if the selected bidder does not perform
satisfactorily or delays execution of the contract, the Bank reserves the right to get
the balance contract executed by another party of its choice by giving one months
notice for the same. In this event, the selected bidder is bound to make good the
additional expenditure, which the Bank may have to incur to carry out bidding
process for the execution of the balance of the contract. This clause is applicable,
if for any reason, the contract is cancelled.
The Bank reserves the right to recover any dues payable by the selected bidder
from the security deposit or any amount outstanding to the credit of the selected
bidder, including the pending bills and/or invoking Bank Guarantee, if any, under
this contract.
20.NON PAYMENT OF PROFESSIONAL FEES :
If any of the items/activities as mentioned in the price bid and as mentioned in

annexure D are not taken up by the Bank during the course of this assignment, the
Bank will not pay the professional fees quoted by the SP in the Price Bid against
such activity/item.
21.ASSIGNMENT :
Neither the contract nor any rights granted under the contract may be sold,
leased, assigned, or otherwise transferred, in whole or in part, by the Service
Provider, without the advance written consent of the Bank and any such
attempted sale, lease, assignment or otherwise transfer shall be void and of no
effect .
22. Subcontracting :
The service provider shall not subcontract or permit anyone other than its
personnel to perform any of the work, service or other performance required of the
service provider under the contract without the prior written consent of the Bank.
23. Force Majeure:
Any failure or delay by SP or Bank in the performance of its obligations, to the

extent due to any failure or delay caused by fire, flood, earthquake or similar
elements of nature, or acts of God, war, terrorism, riots, civil disorders, rebellions
or revolutions, acts of governmental authorities or other events beyond the
reasonable control of non-performing Party, is not a default or a ground for
termination. The affected Party shall notify the other party within reasonable time
period of the occurrence of a Force Majeure Event

Bank of Baroda
24. Dispute Resolution:

If a dispute, controversy or claim arises out of or relates to the contract, or breach,
termination or invalidity thereof, and if such dispute, controversy or claim cannot
be settled and resolved by the parties through discussion and negotiation, then
the parties shall refer such dispute to arbitration. Both parties may agree upon a
single arbitrator or either party shall appoint one arbitrator and the two appointed
arbitrators shall thereupon appoint a third arbitrator. The arbitration shall be
conducted in English and a written order shall be prepared. The venue of the
arbitration shall be Mumbai. The arbitration shall be held in accordance with the
Arbitration and Conciliation Act, 1996. The decision of the arbitrator shall be final
and binding upon the parties, provided that each party shall at all times be entitled
to obtain equitable, injunctive or similar relief from any court having jurisdiction in
order to protect its intellectual property and confidential information.
25. SP Selection/Evaluation Process :
25.1 Evaluation Criteria

Technical Bid Evaluation Criteria
Technical criteria are classified under 3 heads - Credentials, People and
Approach & Methodology. The table below highlights the parameters under the
technical criteria and scoring methodology.
Evaluation Informations Informations Informations

Parameters Provided Provided Provided does
Weighta meets Partially meets not meets
Sr No
ge requirement( requirement(50%) requirement(0%)
100%)
Must have
conducted
Threat &
Vulnerability
analysis of the
security
architecture,
1 Bank-wide 15
Network in
Data Centre /
Disaster
Recovery for at
least 2 Public
Sector banks in
the last 3 years
Bank of Baroda
Must have
conducted
security and
controls review
of the ATM ,
Internet
Banking , On-
line Trading ,
Depository
2 15
Sevices etc and
review of
service level
agreement for
managed
services at least
2 public Sector
banks in the last
3 years
Must have
experience of
auditing
Banking
3 45
business
application
Software ie CBS
etc
Sub-Total
75
Engagement
Manager must
have handled
8 5
such projects in
the firm for at
least four years
Overall person
responsible
must have
9 handled such 5
projects in firm
for at least 6
years

Bank of Baroda
Proposed team
must have
experience in
executing
similar projects
10 5
in banks out of
which at least
one should be a
public sector
bank
Sub-Total 15
Demonstration
of in-depth
understanding
of the Bank’s
11 project 5
requirements
through the
technical
proposal
Technical
Proposal with
detailed broken-
down activities
to be performed,
12 effort 5
estimation,
manpower to be
deployed on a
project-to-
project basis.
Sub-Total 25
Total Marks 100

Bank of Baroda
Commercial Evaluation Criterion
Sl. Major Activities Total

No. Cost
1 Threat & Vulnerability Analysis (Periodic
audit at 6 month interval up to 18
months)
2 Security and Controls review of the ATM
, Internet Banking , On-line Trading ,
Depository Sevices etc
3 Business Application Software (CBS &
Other Business application)
4 Compliance of audit report
NET TOTAL COST
Computation Methodology for arriving at “Least Price/Least Quote”

Bank will give 60% weightage to technical score while comparing the commercial
quote. The Procedure is as under :
A “Score(S)” will be calculated for all qualified bidders using the following
formula:
Where C Stands for nominal price quoted, Clow stands for the price quote of the
lowest nominal bid. T Stands for technical evaluation score and Thigh stands for
the score of the technically highest bidder. X is equal to 0.4.

Bank of Baroda
In the above example, ABC , with the highest score becomes the successful
bidder.
Bank reserve the right to negotiate the price with the finally short listed bidder
before awarding the contract. It may be noted that Bank will not entertain any
price negotiations with any other bidder, till the Least Price bidder declines to
accept the offer.
Note :
1. Banks exclude RRBs and Cooperative Banks

2. The SP is required to provide documentary evidence for each of the above
criteria and the same would be required on the client’s letter head in case
of credentials
26. Project Timelines:
Sl. No. Major Activities Major Milestones (Only indicative. Time

Bidder should add more detailed Lines
steps / tasks so as strengthen the (Days)
quality of the response)
1 Threat & Vulnerability Analysis Review the adequacy of the security XXX
(Periodic audit at 6 month interval architecture at the Data centre
up to 18 months) Review the Bank-wide Network
architecture XXX
Review of security and parameter
setting for all IT Infrastructure within XXX
the Data Centre and Disaster recovery
Site
Security and controls review of the
ATM, Internet Banking , On-line
Trading, depository Services and XXX
Channel banking
2 Security & Control Review of Security and Controls review of the

ATM, Internet Banking , Online ATM , Internet Banking , On-line
Trading etc. Trading , Depository Sevices etc
3 Business Application Software Audit of CBS for Domestic and XXX
(CBS & Other Business international territory
application) Audit of Other banking business XXX
application
4 Compliance of Audit Report Audit Compliance report XXX

Bank of Baroda
27. Proposal and other formats
ANNEXURE A
Technical Proposal format:
Particulars to be provided by the bidder in the technical proposal –
No Particulars Details to be furnished by the bidder
1 Name of the bidder

Year of establishment and
2 constitution
Certified copy of “Partnership
Deed” or “Certificate of
Location of Registered office
3 /Corporate office and address
4 Mailing address of the bidder
Names and designations of the

5 persons authorized to make
commitments to the Bank
Telephone and fax numbers of
6 contact persons
E-mail addresses of contact
7 persons
Details of:
8 Description of business and
business background
Service Profile & client profile
Domestic & International presence
Alliance and joint ventures
Whether the consulting process
9 confirms to ISO 9001(2000),
BS7799, ISO17799 standards and if
so, furnish details of compliance.

Bank of Baroda
10 Details of experience/knowledge
possessed in the areas of
Project Planning and management
review, Resource Planning,
Role and Responsibility definition,
Co-ordination across multiple
Gross revenue of the bidder (not of Total From Audit
11 the group)
Year 2007-08
Year 2008-09
YearProfit
Net 2005-06
of the bidder (not of the
12 group)
Year 2007-08
Year 2008-09
Year 2005-06
Details of the similar assignments
13 executed by the bidder during the
last two years
(Name of the Bank, time taken for
execution of the assignment and
documentary proofs from the Bank
are to beoffurnished)
Details the similar assignments
14 on hand as on date (Name of the
Bank, time projected for execution
of the assignment and
documentary proofs from the Bank
Name of the team leader identified As per annexure E
15 for this assignment and his
professional qualifications and
experience/expertise
Details of similar assignments
handled by the said team leader
Documentary
Names proofs
of the other teamformembers
all the As per annexure E
16 identified for this assignment and
their professional qualifications
and experience/expertise
Details of similar assignments
handled by the said team members
Documentary proofs for all the
assertions are to be enclosed
Estimated work plan and time
17 schedules for providing services
for this assignment

Bank of Baroda
18 Effort estimate and elapsed time As per annexure D

are to be furnished in annexure D
Details of inputs, infrastructure
19 requirements required by the
bidder to execute this assignment.
Details of the bidder’s proposed
20 methodology/approach for
providing services to the Bank
with specific reference to the scope
Details of deliverables the bidder
21 proposes with specific reference to
the scope of work.
Declaration:
1. We confirm that we will abide by all the terms and conditions contained in the
RFP.
2. We hereby unconditionally accept that Bank of Baroda can at its absolute

discretion apply whatever criteria it deems appropriate, not just limiting to those
criteria set out in the RFP, in short listing of bidders.
3. All the details mentioned by us are true and correct and if Bank of Baroda
observes any misrepresentation of facts on any matter at any stage, Bank of
Baroda has the absolute right to reject the proposal and disqualify us from the
selection process.
4. We confirm that this response, for the purpose of short-listing, is valid for a
period of six months, from the date of expiry of the last date for submission of
response to RFP.
5. We confirm that we have noted the contents of the RFP and have ensured that
there is no deviation in filing our response to the RFP and that the Bank will have
the right to disqualify us in case of any such deviations.
Place:
Date :
Seal & Signature of the bidder

Bank of Baroda
ANNEXURE B
Commercial Bid Format
Sr. No. Major Activities Major Deliverables (Only Estimated Quoted

indicative. Bidder may add Effort Price
more so as to strengthen the (In man (In
quality of the response) days) Rupees)
1 Threat & Vulnerability Review the adequacy of the
Analysis (Periodic Audit security architecture at the
of all Customer facing web Data Centre
based application)
Review the Bank-wide
Network architecture
Review of security and

parameter setting for all IT
Infrastructure within the Data
Centre and Disaster recovery
Site
2 Security & Control Review Security and controls review
of ATM, Internet Banking , of the ATM, Internet Banking,
Online Trading etc. On-line Trading, depository
Services and Channel banking
3 Business Application Audit of CBS at Domestic &

Software International Territory
Audit of other business
application at Domestic and
International territory.
Please also furnish the following:
1. Average cost per man-day (in Rupees) :

2. Rate per man-day for Senior Resource ( in Rupees) :
3. Rate per man-day for other Resources ( in Rupees) :
4. Rate per man-day external site duty ( Composite Rate) :

Bank of Baroda
ANNEXURE C
Compliance Certificate
To, Date :
The General Manager

(Projects & IT – Operations)
Bank of Baroda
3rd, floor
Bandra Kurla Complex, Bandra (East)
Mumbai 400 051
Dear Sir,
Ref: -
1. Having examined the Request for Proposal (RPF) including all annexures, the
receipt of which is hereby duly acknowledged, we, the undersigned offer to
provide the desired services for Comprehensive Audit of Banking application
Systems in conformity with the said RPF and in accordance with our proposal
and the schedule of Prices indicated in the Price Bid and made part of this bid.
2. If our Bid is accepted, we undertake to complete the project within the
scheduled time lines.
3. We confirm that this offer is valid for six months from the last date for
submission of RFP to the Bank.
4. This Bid, together with your written acceptance thereof and your notification
of award, shall constitute a binding Contract between us.
5. We undertake that in competing for and if the award is made to us, in
executing the subject Contract, we will strictly observe the laws against fraud
and corruption in force in India namely “Prevention of Corruption Act 1988”.
6. We agree that the Bank is not bound to accept the lowest or any Bid that the
Bank may receive.
7. We have not been barred/black-listed by any regulatory / statutory authority
and hold the necessary approvals/licenses/permission of statutory/
regulatory authorities.
8. We shall observe confidentiality of all the information passed on to us in
course of the tendering process and shall not use the information for any other
purpose than the current tender.
Signed Dated
Seal & Signature of the bidder
Phone No.:
Fax:
E-mail:

Bank of Baroda
ANNEXURE D
Estimated Effort and Elapsed Time
Sl Activities Elapsed Effort Number Remark

N Time in Man of team s
o days members
who will
be
deployed
1 Threat & Vulnerability
Analysis
2 Security & Control Review of
ATM & Other Applications
3 Business Application Software
(CBS & Other Business
application)
Place:
Date: Seal and Signature of Bidder:

Bank of Baroda
ANNEXURE E
Proposed Team Profile
Sl Name of Prof. Certificat IS audit IT Number of

No Proposed Quali ions/ expertise Expertise similar
Engageme ficati Accredita (Mention if he In terms assignments
nt ons tions has worked in of years involved
Manager Banks earlier) and areas In Public
/Proposed In terms of of Sector Banks
Team years and areas expertise in India
Member of expertise
Documentary proofs are to be enclosed to substantiate the claims made.
Place:
Date: Seal and signature of the bidder

Bank of Baroda
ANNEXURE F
Comments on the Terms & Conditions, Services and Facilities provided:
Please provide your comments on the Terms & conditions in this section. You are
requested to categorize your comments under appropriate headings such as those
pertaining to the Scope of work, Approach, Work plan, Personnel schedule,
Terms & Conditions etc. You are also requested to provide a reference of the page
number, state the clarification point and the comment/ suggestion/ deviation that
you propose as shown below.]
Sr. Page Point / Clarification point as Comment/ Suggestion/

No. # Section stated in the tender Deviation
# document
1
2
3
4
5
6
7
8
9
End of Document
Project Office
Bank of Baroda
Dated : 03/11/ 2009


TR-0002340 BankingApplication PDF

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

TR-0002340 BankingApplication PDF

Caricato da

Copyright:

Formati disponibili

Bank of Baroda

Baroda Corporate Centre, Mumbai

Request for Proposal (RFP)

Confidential Page 1 of 45 Project Office, BCC, Mumbai

[B] Important Clarifications :

1. Bank of Baroda, BOB, BoB, and Bank means “Bank of Baroda”.

Confidential Page 2 of 45 Project Office, BCC, Mumbai

Confidential Page 3 of 45 Project Office, BCC, Mumbai

1. Introduction and Disclaimer

The RFP document is not a recommendation, offer or invitation to enter into a

3. For Respondent Only

4. Service Provider Eligibility Criteria

Confidential Page 5 of 45 Project Office, BCC, Mumbai

7. Costs Borne by Respondents

9. Recipient’s Obligation to Inform Itself

10. Evaluation of Offers

11.a Earnest Money Deposit (EMD)

The EMD made by the bidder will be forfeited if:

• The Respondent withdraws his tender before processing the same.

Confidential Page 6 of 45 Project Office, BCC, Mumbai

11.b) Security Deposit; -

11.c ) Performance Bank Guarantee :-

The Selected bidder has to provide an unconditional and irrevocable Performance

11.d Application Money

11.e Execution of SLA/NDA:

Confidential Page 7 of 45 Project Office, BCC, Mumbai

12. Errors and Omissions

13. Acceptance of Terms

General Manager (Projects & IT - Operations)

Confidential Page 8 of 45 Project Office, BCC, Mumbai

All submissions, including any accompanying documents, will become the

14.3 Late RFP Policy

14.4 RFP Validity Period

14.5. Requests for Information

Confidential Page 9 of 45 Project Office, BCC, Mumbai

Respondents should invariably provide details of their email address(es) as

Bank of Baroda may in its absolute discretion engage in discussion or negotiation

RFP Issuance Date 06 November, 2009

Confidential Page 10 of 45 Project Office, BCC, Mumbai

Confidential Page 11 of 45 Project Office, BCC, Mumbai

1. Bank of Baroda – the Company

2. Business & IT Strategy

The aim of Bank of Baroda’s IT Strategy is to conduct a Technology Enabled

3. Bank’s Vision for Business Transformation

Confidential Page 12 of 45 Project Office, BCC, Mumbai

The development of a customer centric business,

4. System Integrator (SI) of the Project

• Procurement/supply and installation H/W, System S/W, Application

Confidential Page 13 of 45 Project Office, BCC, Mumbai

5. Products / Applications being implemented by HP

Funds and regulatory

Confidential Page 15 of 45 Project Office, BCC, Mumbai

Confidential Page 16 of 45 Project Office, BCC, Mumbai

Confidential Page 17 of 45 Project Office, BCC, Mumbai

1. Current RFP Objectives :

1.1 Project Objective

The selected service provider is required to provide service of comprehensive

1.2 Project Scope

Confidential Page 18 of 45 Project Office, BCC, Mumbai

Testing tools have to be arranged by the bidder

Appropriate updated tools should be used for each phase of test.

Review of security assessment of the technology platforms at the Data

Confidential Page 19 of 45 Project Office, BCC, Mumbai