Prime Lending Rate Government Scheme UIDF NHB Residex Deposits and Bonds Training Opportunities@NHB e-Services Employee corner Archives

Request for Proposal For Undertaking Information Security Audit

Request for Proposal For Undertaking Information Security Audit

Information Technology Department Head Office, National Housing Bank
Core 5-A, 3rd Floor,India Habitat Centre, Lodhi Road, New Delhi – 110 003

Phone: 011-24649432

Note:- Technical bids will be opened in the presence of bidders who choose to attend.

1. Date of commencement of collecting of Bidding Documents 17/10/2008
2. Last date and time for collecting of Bidding Documents 07/11/2008
17.00 hrs
3. Last date and time for receipt of Bidding Documents 07/11/2008
17.00 hrs
4. Date and Time of Technical Bid Opening 10/11/2008
12.00 hrs
5. Cost of RFP Rs. 5,000/- (non refundable)
6. Earnest Money Deposit Amount Rs.50,000/- (Rs. Fifty Thousand Only)
7. Place of opening of Bids Head Office
National Housing Bank,
Core 5-A, 3rd Floor,
India Habitat Centre, Lodhi Road,
New Delhi – 110003


1. Instruction To Bidder 4
2. Bidder Information & Service Information (Annexure-A) 22
3. Compliance Statement Declaration (Annexure-B) 26
4. Format For Commercial Bid (Annexure-C) 27
5. Pre Qualification Criteria (Annexure-D) 28

National Housing Bank

National Housing Bank (NHB), a statutory organisation is a wholly owned subsidiary of the Reserve Bank of India. NHB is an Apex Financial Institution formed under the Act of the Parliament with a mandate for Promotion, Development and Regulation of the Housing Finance Sector.

Apart from regulating the housing finance companies (HFC), NHB also extends financial support by way equity participation in HFCs and refinance facility to financial institutions such as Banks, HFCs, Co-operative Sector Institutions, Housing Agencies, etc. benefiting the masses both in urban and rural areas.

The head office of NHB is located in New Delhi and it has a regional office located at Mumbai and representative offices at Bangalore, Chennai, Kolkata & Hyderabad. It has also planned to open representative offices in Ahmedabad, Lucknow etc.

1. Purpose

National Housing Bank (hereinafter referred to as the Bank) with Head Office at New Delhi is interested to conduct Information Security Audit for entire IT infrastructure and Systems of the Bank through reputed IS Audit firm. Related activities are defined in the scope of work. The scope of the system can be enhanced as per requirements of Bank.

The purpose of RFP is to solicit proposals from qualified bidders for IS Audit assignment. Technical and commercial bids (to be submitted separately) are invited from bidders for the aforesaid job as per the terms and conditions mentioned hereunder.

2. Scope of Work

Most of the functions of NHB have been computerized and have been brought under the single ERP platform. There has been great reliance on IT systems on day to day operations of the Bank. This has increased the criticality of the IT infrastructure of the Bank.

NHB proposes to undertake ISA of its IT Infrastructure & Systems with a view to check the residence of the extant infrastructure, enhance the security measures and to adopt best international practices & standards in due course.

2.1 Brief overview of Bank’s IT Infrastructure
Bank is a lean omputerized with a staff strength of around 80 officers. The core functions of Bank have been omputerized and most of the systems have been integrated with the Bank’s ERP platform (SAP). Besides Bank has implemented web based application deployed in secured internet for Central Form Repository (CFR) wherein all HFCs submits their returns on-line. There is a software package used by dept. of regulation and supervision (Computerized off-site Monitoring System(COSMOS)) for generating MIS of HFC returns. This package is deployed in client server architecture and developed in Lotus Notes.

NHB has two LANs at each of its Delhi Office and the Mumbai Regional Office (MRO). The Delhi Office and the Mumbai Regional Office of NHB are interconnected through lease lines. In addition to this NHB has a dedicated LAN at Delhi to run RBI-NDS application.

Bank has its Disaster Recovery Site (DRS) at MRO Mumbai which is fully Operational. DR Site consists of SAP System & File Servers. Daily backups are sent to DR Site wherein data is restored in DR System. There is a 72 hours time-lag between DC & DR.

Head Office at New Delhi

Servers Nos.
1. Servers
– on Windows NT, Windows 2000, Windows 2003 platform
– including SQL Server/Exchange Server/SAP Servers
PCs Platform Nos.
1. Client Machines on LAN Windows XP 77
2. Stand-alone PCs Windows 2000/Widows XP 30
3. Laptops/Mobile Computers Widows XP/Windows Vista 46

Regional Office at Mumbai

Servers Nos.
1. Servers
– on Windows 2000 platform
– including SQL Server
PCs Platform Nos.
1. Client Machines on LAN Windows XP 4
2. Stand-alone PCs Windows 2000 6
3. Laptops/Mobile Computers Widows XP 2

* Please note as the IT infrastructure of NHB is undergoing expansion the aforesaid list may undergo some changes.

2.2 Project Scope

The IS Audit will cover the IT infrastructure and systems of the Bank’s head office at Delhi , Regional office at Mumbai. Further, the Bank has its Representative offices located at Hyderabad, Chennai, Bangalore & Kolkata (3-4 more ROs likely to be started) which will be connected to the centralized datacenter located at Head Office. The IS will cover the access control mechanism implemented for these representative offices.

The IS audit is to be conducted in following three phases:


The activities covered under each Phase are appended below:.


1. Risk assessment and identification of security needs.

a) Evaluate security needs of the current IT infrastructure of NHB:

  • Network and the devices in use.
  • Operating systems – Setup, Configurations, Tuning, etc.
  • Database, Systems and Application – Setup, configuration, Tuning, etc.

b. Evaluate the extant design of Security Architecture.

  • Evaluate the extant security architecture, recommend changes/ new designs/layouts, and document the security architecture so as to conform to the RBI Guidelines, International Standards and Industry- wide accepted best practices.

c. Evaluate the System implementation in the Bank

  • Evaluate the current Operational Procedure and Security Policy for processes that have been computerized. Recommending and framing Operational Procedure and Security Policy for these processes. Special emphasis is laid on evaluating the security aspects of system such as SAP, Central Forms Repository, COSMOS etc. implemented in the Bank.
  • Evaluate implementation and maintenance of access controls based on the instructions from the information resource owner and in accordance with applicable policies, directives & standards.
  • IS Auditor must interact with all Head of the Departments (HODs) in the Bank to obtain their views/feedback towards Information Security measures taken by the Bank and evaluate the gap (if any) based on their feedback.

2. Detailing the Security Gaps

  • Document the security gaps i.e. vulnerability, security flaws, loopholes, etc. observed during the course of the review of the IT infrastructure of the Bank.
  • Document recommendations for addressing these security gaps and categorize the identified security gaps based on their criticality, resource/effort requirement to address them.
  • Chart a roadmap for the Bank to ensure compliance and address these security gaps.
  • A preliminary report documenting the major findings of the ISA is to be furnished at the end of this phase.

3. Addressing the Security Gaps

  • Fixing/addressing the Security flaws, gaps, loopholes, shortfalls vulnerabilities in deployment of applications/systems which can be fixed immediately.
  • Recommend fixes for system vulnerabilities in design or otherwise for application systems and network infrastructure.
  • Applying software patches available through OEM to overcome security loopholes/flaws.
  • Suggest changes/modifications in the Security Policies and Security Architecture including Network and Applications of NHB to address the same.


4. User Training

Creating awareness among NHB employees on issues relating to IT security and impart training in security aspects at various operational levels: –

  • Administrative level
  • User level
  • Information Security Audit Training

5. Final Reports of ISA Findings

The final reports of the ISA findings will be submitted in two parts:

  • ISA Report Core findings
  • ISA Report Detailed findings


6. Review

An exercise to review the compliance with the findings and recommendations of ISA had to be undertaken by the vendor. This exercise would be undertaken after 5-6 months of completion of the ISA. This exercise would encompass evaluation of the general/overall level of compliance undertaken by the Bank.

7. Certification for compliance with the findings of the ISA

On completion of the compliance review, the vendor had to provide an ISA compliance certificate to that effect.

2.3 Deliverables

There are six major deliverables in the project

  1. Information Security Audit
  2. Vulnerability: Assessment, Analysis and Resolution
  3. ISA Reports
  4. Training Material for NHB officials
  5. Training Programs
  6. To provide Certificate for the ISA

These are described in the following sub-sections.

Information Security Audit

  • (Type – Services)

Under this project the vendor will provide services for:

  • Risk assessment and identification of security needs.
  • Evaluate of the current IT infrastructure of NHB, Network and the devices in use, Operating Systems, Database and Application packages, Operational Procedures.
  • Identification of vulnerability, security flaws, gaps and loopholes.
  • Evaluate the extant design of Security Architecture, recommend changes/ new designs/layouts, and document the security architecture so as to conform to the RBI Guidelines, International Standards and Industry-wide accepted best practices.
  • The Security Architecture Design includes the Head Office and the Regional Office combined i.e. including the interconnection between the two offices and the interfaces used by various applications on the NHB network.
  • To undertake configuration of Security Architecture including Network and Applications of NHB to address the same.
  • Evaluate the current Operational Procedure and Security Policy for processes that have been computerised. Recommending and framing Operational Procedure and Security policy for these processes.
  • Evaluate of the SAP implementation in the Bank. The business processes implemented on SAP needs to be assessed for their security aspects and recommendation for suitably amendments may be given if required.

Vulnerability Assessment, Analysis and Resolution

  • (Type – Documentation & Service)

Under this project the vendor will provide services for Assess and address the vulnerabilities.

Documenting the vulnerabilities, security flaws, gaps and loopholes

Fixing the vulnerabilities in deployment of applications/systems, and recommend fixes for system vulnerabilities in design or otherwise for application systems and network infrastructure.

Fixing/addressing shortfalls which can be addressed immediately.

Applying software patches available through OEM to overcome security loopholes/flaws.

ISA Report

  • (Type – Documentation)

As indicated earlier the ISA Report would comprise of three sub reports:

ISA Report: Core Findings: The vendor will submit a report bringing out the core findings of the ISA exercise.

ISA Report: Detailed Finding: The detailed findings of the ISA would be brought out in this report which will cover in details all aspects viz. identification of flaws/vulnerability, suggestion for solutions/ corrective measures, future preventive measures, action taken, etc.

ISA Report: Knowledge Transfer: Further, the vendor will also furnish as report capturing the experience gathered during the ISA. It will also cover in details the knowledge transfer activity undertaken by the vendor, the response received from the employees of the Bank and the vendor’s assessment of the IT security awareness and readiness of the Bank’s employees.

Training material for NHB officials

  • (Type – Documentation)

The vendor will develop courseware and provide training material for the NHB officials NHB Administrators and other users.

Training Programs

  • (Type – Service)

The vendor will develop faculty support to impart training to the NHB officials sensitizing them to the various aspects of IT Security.

Provide Certification for the ISA

  • (Type – Documentation & Service)

To vendor is to provide NHB a certification for ISA.
Documentation Format:

  • All documents will be handed over in three copies, legible, neatly and robustly bound on A-4 size, good-quality paper.
  • Soft copies of the document in MS Word format will also be submitted in CDs along with the hard copies.
  • All documents will be in plain English or Hindi

3. Period of contract

The contract will be valid till 3 years from the acceptance of the Order (for 3 successive IS Audit) subject to yearly review. If during the yearly review the performance of the selected bidder is not found up to the mark then the Bank has the discretion to cancel the contract.

4. Audit Schedule

The selected vendor has to depute their officials at NHB Delhi for conducting IS Audit within 10 days of placement of service contract. The timeframe for completion for Phase I of the project would be 4-6 weeks and that for Phase II would be 2-3 weeks. An exercise to review the compliance with the findings and recommendations of ISA had to be undertaken by the vendor (Phase-III). This exercise would be undertaken after 5-6 months of completion of the ISA and certificate is to be issued within a week of Audit Review.

5. Penalty Clause

Penalty will be charged as 2% of the total contract rate per week delay in submission of audit report & audit compliance certificate in phase-I and phase -III respectively ( For phase-I Delay will be counted after 8 weeks of the placement of order & for phase-3 after 9 months of placement of order) with a maximum of 10% of the contract cost. If the delay exceeds 5 weeks, contract / Order may be cancelled and bank may claim entire advance amount with interest from the vendor with additional 10% of the contract cost as penalty.


The bidder shall bear all the costs associated with the preparation and submission of bid and Bank will in no case be responsible or liable for these costs regardless of the conduct or outcome of the bidding process.


The bidder is expected to examine all instructions, forms, terms and conditions and technical specifications in the Bidding Document. Submission of a bid not responsive to the Bidding Document in every respect will be at the bidder’s risk and may result in the rejection of its bid without any further reference to the bidder.


At any time prior to the last Date and Time for submission of bids, the Bank may, for any reason, modify the Bidding Document by amendments at the sole discretion of the Bank. All amendments shall be uploaded on Bank’s website. In order to provide, prospective bidders, reasonable time to take the amendment if any, into account in preparing their bid, the Bank may, at its discretion, extend the deadline for submission of bids.


Bids shall remain valid for six months from the date of bid opening prescribed by the Bank. A bid valid for shorter period shall be rejected by the Bank as non-responsive.


Prices shall be expressed in Indian Rupees only.


For the purpose of the present job, a two-stage bidding process will be followed. The response to the RFP will be submitted in two parts:

  • Technical bid Part I
  • Commercial bid Part II

The bidder will have to submit the Technical bid and Commercial portion of the bid separately in two separate red lac-sealed envelopes (wax seal), duly super scribing “INFORMATION SECURITY AUDIT“, “TECHNICAL BID” or “COMMERCIAL BID” as the case may be.

TECHNICAL BID shall not contain any pricing or commercial information.

The bid shall be typed or written in indelible ink and shall be signed by the Bidder or a person duly authorized by him. The authorization shall be indicated by a written power of attorney accompanying the Bid. All pages of the Bid shall be initialed by the person(s) signing the Bid.

The Bid shall contain no interlineations, erasures or overwriting except as necessary to correct errors made by the Bidder, in which case corrections shall be initialed by the person(s) signing the Bid.


The bidders shall duly seal each envelope with RED LAC SEAL (Wax Seal) and place both the envelopes in a third envelope, which shall also be only sealed with red lac.

The bid should be addressed to Bank at the following address up to the time and date mentioned on page 2 of this document.

Information Technology Department
National Housing Bank,
Head Office Core 5-A,
3rd Floor, India Habitat Centre,
Lodhi Road, New Delhi – 110003


Bids must be received by the Bank at the address specified in the Bid Document not later than the specified date and time as specified in the Bid Document or as extended by the Bank as per clause 7. In the event of the specified date of submission of bids being declared a holiday for the Bank, the bids will be received up to the appointed time on next working day.


Any bid received by the Bank after the deadline for submission of bids will be rejected and/or returned unopened to the Bidder, if so desired by him.


  • Bids once submitted will be treated, as final and no further correspondence will be entertained on this.
  • No bid will be modified after the deadline for submission of bids.
  • No bidder shall be allowed to withdraw the bid, if the bidder happens to be a successful bidder.


16.1 Documents required in Technical Bid Envelope (Sealed Cover):

  1. Bidder’s information as per part “I” of Annexure-‘A’.
  2. Service Information as per part “II” of Annexure –‘A’.
  3. Undertaking Letter as per part “III” of Annexure –‘A’.
  4. Compliance Statement Declaration – Annexure-‘B’

16.2 Documents required in Commercial Bid Envelope (Sealed Cover):

I. Commercial offer: The offer should be as per commercial bid format in Annexure ‘C’ and should be all-inclusive, including taxes and other Govt. levies etc.

17. Payment Schedule:

Payment will be made on yearly basis.

  1. 50 % of yearly contract rate as advance Payment on acceptance of order. Advance payment will be released only on submission of Performance Bank Guarantee of equal amount valid up to one year. A fresh Performance Bank Guarantee (valid upto one year) of an amount equal to the advance payment, will be submitted by the vendor in each year, to obtain the advance payment pertaining to the IS Audit for respective financial year.
  2. 50% of yearly contract rate after completion of the IS Audit and submission of final compliance report for the financial year.

Note: If the selected vendor does not submit Bank Guarantee within one month of placement of order no advance amount will be released and full payment will be made on yearly basis only after completion of the project for respective year.


The Bank will open the technical bids, in the presence of Bidders representative who choose to attend, at the time and date mentioned in Bid document at the address mentioned at clause-11 titled “Submission of Bids”.

The bidders or their representatives who are present shall sign register evidencing their attendance. In the event of the specified date of bid opening being declared a holiday for Bank, the bids shall be opened at the appointed time and place on next working day.

In the first stage, only TECHNICAL BID will be opened and evaluated. Bidders satisfying the technical requirements as determined by the Bank and accepting the terms and conditions of this document shall be short-listed. In the second stage, the COMMERCIAL BID of short-listed bidders will be opened. Bank reserve right to accept or reject any technical bid without assigning any reason thereof. Decision of the Bank in this regard shall be final and binding on the bidders.

Commercial bids of those bidders whose technical bids are found suitable by the Bank shall only be opened.

18.1 Evaluation Criteria for the Bidding Process

The bids received from the firms would be evaluated on the basis of their technical and financial competencies. The technical competencies would be evaluated first and only the firms having the requisite qualifying technical score would be eligible for the financial bid round. The composite score of the technical and financial competencies would be considered as the final score for the firm and firm with highest composite score would be considered for the project.

Technical Bids

Criteria and Point system for the evaluation of the Technical bids are as under: Maximum Points 100

Criteria Points (Max Marks)
1. Number of years of experience of the Firm in IS Audit area (Will be considered only on submission of satisfactory certificate from at least two clients) Max Marks 20
a. 1+ to 3 Years
b. 3+ to 5 Years
c. More Than 5 years
2. Competency of the firm to undertake ISA under highly scalable ERP environment (Decision of the Bank is final towards considering highly scalable ERP package)
(Bidder has to submit satisfactory certificate from atleast two clients in respective area)
Max Marks 20
a. 1 to 3 ERP Package
b. More than 3 ERP Packages
3. List of Clients (with respect to IS Audit) (Only currently valid contracts (upto last 5 years) considered for points award) Max Marks 20
  • For 5 or more in Govt. Sector / PSU/Banks/FIs in India
  • For 3 or More Govt. Sector / PSU/Banks/FIs in India
  • For less then 3 Govt. Sector / PSU/Banks/FIs in India
  • Private clients in India
4. Details of qualified professionals on the role of the firm handling IS Audit. [Following professional qualifications will be considered: (CA/ICWA/MBA/DISA/CISA/CISM)] Max Marks 20
  • More than 50 professionals
  • 25+ to 50 professionals
  • 10 to 25 professionals
5. ISO Certification For Maintenance for IS Audit/Software Audit area
a) If Yes
b) If No
Max Marks 10
6. Average turnover for Last 3 years (with respect to IS Audit only) Max Marks 10
  • Rs. 3 Crore to 5 crore
  • Rs.5 Crore to 8
  • Rs. 8 Crore to 10 crore
  • Rs. 10 Crore and above

Bidders have to provide copies of supporting documents against each criteria mentioned above, without which bid may be rejected.The minimum qualification score for the Technical Bid would be 70.

18.2 Financial Bid

Only firms successfully qualifying the requisite criteria of the Technical Bid process would be considered eligible for the Financial Bid Round.

The evaluation of the Financial Bids would be as follows:

  • The lowest bid will be assigned the maximum Financial Score of 100 points.
  • The Financial Scores of the other Financial Bids will be computed relative to the lowest evaluated Financial Bid.
  • The Financial Score computing methodology is as follows:

Final Processing

  • Proposals would be ranked according to their Final Score arrived at by combining Technical and Financial Scores as follows:

T – Weightage given to the Technical Bid, F – Weightage given to the Financial Bid, T + F = 1)

  • Weightage for the bids are as follows:
I. Technical Bid        T 60%
II. Financial Bid        F 40%
Total Weightage 100%

The firm achieving the highest combined Technical and Financial Score will be invited for negotiations.

  • The Bank reserves the right to revise the evaluation criteria, methodology, distribution points and weightages; if it finds it necessary to do so.


To assist in the examination, evaluation and comparison of bids the Bank may, at its discretion, ask the bidder for clarification and response shall be in writing and no change in the price or substance of the bid shall be sought, offered or permitted.


The Bank will examine the bids to determine whether they are complete, whether any computational errors have been made, whether required information has been provided as underlined in the bid document, whether the documents have been properly signed, and whether bids are generally in order. The bid determined as not in order as per the specifications will be rejected by the Bank.


Any effort by bidder to influence the Bank in the Bank’s bid evaluation, bid comparison or contract award decision may result in the rejection of the Bidders’ bid. Bank’s decision will be final and without prejudice and will be binding on all parties.


The bidder has to submit the bid earnest money of Rs.50,000 (refundable after contract period for successful bidders and after finalizing the selection process for unqualified bidders) (Rs. Fifty Thousand only) in the form of demand draft favouring National Housing Bank, payable at Delhi. EMD draft should be with the bid.


The Bank reserves the right to accept or reject any bid and annul the bidding process and reject all bids at any time prior to award of contract, without thereby incurring any liability to the affected bidder or bidders or any obligation to inform the affected bidder or bidders of the ground for the Bank’s action. Bank reserves the right to select more than one bidder keeping in view its large requirements.


The successful bidder(s) to be called as vendor, shall be required to enter into a Service level Agreement (SLA) with the Bank, within 7 days of the award of the tender or within such extended period as may be specified by the Bank.

Annexure ‘A’

PART – I: Bidder Information

Please provide following information about the Company (Attach separate sheet if required): –

S. No. Information Particulars / Response
1. Company Name
2. Date of Incorporation
3. Company Head Office / Registered Office and Addresses
Contact Person(s)
Yes / No / Comments (if option is ‘No’)
4. Provide the range of services /options offered by you covering service description and different schemes available for:

  • IS Audit
  • Audit of ERP Package
  • IS Audit in any Bank/FIs in India
5. Any pending or past litigation (within three years)? If yes please give details Also mention the details of claims and complaints received in the last three years (About the Company / Services provided by the company). Yes/No/Comments (if option is ‘Yes’)
6. Please mention turnover for last three years and include the copies of Balance Sheet in support of it.
Year Turnover Profit/Loss(-)

Signature of Bidder

PART – II: Service Information

S. No Service Name of organization where the service is provided Duration of service (in weeks)
1 IS Audit
2 ERP Package Audit (Indicate Name of the package)
3 IS Audit of banking package other than ERP

We confirm that, all the details mentioned above are true and correct and if the Bank observes any misrepresentation of facts on any matter at any stage of evaluation, the Bank has the right to reject the proposal and disqualify us from the process.

We hereby acknowledge and unconditionally accept that the Bank can at its absolute discretion apply whatever criteria it deems appropriate, not just limiting to those criteria set out in the RFP document, in short listing of vendors for providing IS Audit Services.

We also acknowledge the information that this bid is valid for a period of six months, for the short-listing purpose, from the date of expiry of the last date for submission of bid.




Letter to be submitted by bidder along with bid documents

To The D.G.M.
Information Technology Department
National Housing Bank,
Head Office Core 5-A, 3rd Floor,
India Habitat Centre, Lodhi Road,
New Delhi – 110003


Reg: Our bid for IS Audit for Bank

We submit our Bid Document herewith.

If our Bid for the above job is accepted, we undertake to enter into and execute at our cost, when called upon by the Bank to do so, a contract in the prescribed form. Unless and until a formal contract is prepared and executed, this bid together with your written acceptance thereof shall constitute a binding contract between us.

We understand that if our Bid is accepted, we are to be jointly and severally responsible for the due performance of the contract.

We understand that you are not bound to accept the lowest or any bid received by you, and you may reject all or any bid; you may accept or entrust the entire work to one vendor or divide the work to more than one vendor without assigning any reason or giving any explanation whatsoever.

We understand that the names of short listed bidders after the completion of first stage (Technical Bid) and the name of the successful bidder to whom the contract is finally awarded after the completion of the second stage (Commercial Bid), shall be communicated to the bidders either over phone/e-mail/letter.

Dated at ______ / ______ day of _______ 200_.

Yours faithfully,

For ________________________

Signature __________________

Name ______________________

Address ____________________


(Authorised Signatory)



Terms and Conditions

We hereby undertake and agree to abide by all the terms and conditions stipulated by the Bank in this RFP including all addendum, corrigendum etc. (Any deviation may result in disqualification of bids).


Seal of company

Technical Specification

We certify that the systems/services offered by us for tender confirms to the specifications stipulated by you with the following deviations

List of deviations

1) ___________________________________________________________

2) ___________________________________________________________

3) ___________________________________________________________

4) ___________________________________________________________

(If left blank it will be construed that there is no deviation from the specifications given above)


Seal of company

Annexure ‘C’

Format for Commercial Bid:

S. No. Particulars Amount/Rate (In Rs.)
1 Information Security Audit:

  • For 1st Year
  • For 2nd Year
  • For 3rd Year

(A). The bidder has to submit the commercial bid only in the above format. All taxes and duties are inclusive.
For computation of financial score, Total Amount/Rate will be taken in consideration.

Note: Providing commercial proposal other than this format may reject the bid.

Annexure – D

Pre Qualification Criteria:

The bidders are also to meet the following pre qualification criteria

  1. The average turnover of bidding company (not parent company) for the last three financial years must exceed Rs. 2 Crore (Documentary proof to be provided).
  2. Empanelment with CERT-In as IS Audit Organization
  3. The bidder Company should have atleast 10 qualified (CA/ICWA/MBA/DISA/CISA/CISM) IS Audit professionals.
  4. The bidder should have at least one year experience in IS Audit area and they should have done this exercise in atleast 3 organizations.

Note: Bidders are to submit documentary proof to establish the qualification of the above mentioned criteria.

Download PDF