Beruflich Dokumente
Kultur Dokumente
SAFDURJUNG AIRPORT
IT DIVISION
TENDER DOCUMENT
1
PAGE LEFT BLANK
2
Table of Contents
Page
S.N Section/Annexure/Schedul Description No
o e
1 Section I Notice Inviting Tender(NIT) 5
2 Section II Instruction To Bidders 9
3 Section III General Terms & Conditions of the Contract 25
4 Section IV Special Conditions of Contract 35
5 Annexure I Acceptance Letter 38
6 Annexure II Performa Bank Guarantee 40
7 Annexure II A Company Letterhead 43
8 Annexure II B Bank Guarantee Format for EMD 45
9 Annexure III List of Support Staff with Qualification Background 48
11 Annexure IV Format for Intimation for Force Majeure Occurrence 50
12 Annexure V Application for Extension of Time 52
13 Annexure VI Bill of Material 56
14 Annexure VIIA Specifications 59
3
PAGE LEFT BLANK
4
SECTION -I
1. Airports Authority of India invites tenders from the authorized dealers/suppliers who are CERT-IN
empaneled auditors as per Annexure XV for the “Implementation of Information Security Management
System(ISMS) at AAI” as per the bill of material given in schedule “B”to the tender document with detailed
Specifications as given in Annexure – VII(A)
2. Estimated cost of the purchase / work (Exclusive of GST) and Earnest Money Deposit are as given below:
3. Tender Fee & EMD: The cost of tender fee & EMD shall be paid “online” on CPP portal through Online Payment
gateway.
4. This tender is invited through the electronic tendering process and can be purchased offline & downloaded
from the Central Public Procurement Portal with URL address http://etenders.gov.in/eprocure/app . A copy of
the tender is also available on AAI website www.aai.aero. Please note that the submission of the tender is only
through the e-Procurement portal http://etenders.gov.in .The tenders will not be accepted in any other form.
Further it may be noted that tenders which are duly submitted on e-Procurement portal shall only be final and
tenders just saved without submission / publish will not be available to the evaluation committee. Bidders are
requested to go through the e-Procurement portal for guidelines, procedures & system requirements. In case
of any technical difficulty, bidders may contact on the following help desk numbers & email ids.
Any Queries relating to the process of online bid submission or queries relating to CPP portal Technical
Assistance, please call the Helpdesk, on following Telephone Numbers Tel: +91-120-4200462, +91-120-
4001002, +91-8826246593 &Email Address:support-eproc@nic.in
Before submitting queries related to system, bidders are requested to follow the instructions given in e-
procurement portal and get their computer system configured according to the recommended settings for
the e-procurement portal.
In order to facilitate the Vendors / Bidders, the AAI Help desk services shall be available on all working days
(except Sunday) between 0800-2000 hours and shall assist users related to the use of the CPP e-Procurement
portal. The below mentioned help desk numbers are intended only for queries related to the ease of use
5
on e-procurement portal. However, AAI shall not be responsible for any reason to bidders for not submitting
the bids in the e-procurement portal.
For any technical assistance with regard to the functioning of the portal the bidders as well as AAI users may
contact according to the escalation matrix as mentioned
below:
S Supp Escalat
E-Mail Contact Timing
L ort ion
Address Numbers s*
. Pers Matrix
N ons
o
.
eprochelp@aai.a 011-24632950 0800-2000
Help
1 Instant ero Ext. 3512 Hrs. (MON -
Desk
. Support (Six Lines) SAT)
Team
Mr. etendersupport@
After 4 aai.aero 011- 0930-1730
2 Sanjeev
Hours of 24632950, Ext- Hrs. (MON-
. Kumar
Issue 3505 FRI)
Manage
r(IT)
General 0930-1730
3 After 03 gmitchq@aai.aero 011-24657900
Manage Hrs.
. r(IT) Days
(MON-FRI)
For queries related to the tender published on the portal, bidders are advised to send clarifications (if any)
through e-procurement portal only, Queries received through by other means shall not be responded.
Bid Manager Details are as below-
The AAI Help Desk services shall remain closed on Sundays & all Government Gazetted Holidays
7. Worksite for the project will be data center of Safdarjung Airport and Rajiv Gandhi Bhawan, New Delhi.
7
PAGE LEFT BLANK
8
SECTION - II
INSTRUCTIONS TO BIDDERS
A. INTRODUCTION
1. DEFINITIONS
1.2. "The Bidder / Vendor" means the individual or firm who participates in this tender and submits Its bid.
1.3. “Project Manager AAI” means the AAI executive responsible for signing all documents from AAI Side and
shall coordinate all the activities of the project with the bidder / contractor.
1.4. "The Supplier / Contractor" means the individual or firm taking up the work as defined under the Notice
Inviting Tender.
1.5. "The Works Order" means the order placed for the supply, installation, testing & commissioning of
systems / works by the Buyer on the Contractor signed by the Buyer including all attachments and
appendices thereto and all documents incorporated by reference therein.
1.6. "The Purchase Order / Supply Order" means the order placed for the supply of items by the Buyer on The
Supplier signed by the Buyer including all attachments and appendices thereto and all Documents
incorporated by reference therein.
1.7. “The Contract” means the agreement signed between the Buyer and the Contractor as per the terms
and conditions contained in the Works Order / Purchase Order.
1.8. "The Contract Price" means the price payable to the Contractor under the Works Order / Purchase
Order for the full and proper performance of its contractual obligations.
1.9. “Non-responsive Bid” means a bid, which is not submitted as per the instructions to the bidders Or Earnest
Money Deposit has not been attached, or the required data has not been provided with The Bid or
intentional errors have been committed in the Bid.
1.10. “CPP Portal” means, a Central Public Procurement Portal specified throughout this document is the
online system for Bidders to submit their Tender packages.
2. Registration at CPPP:
2.1. The Bidders are required to enroll on the e-procurement module of the Central Procurement Portal
(URL: http://etenders.gov.in/eprocure/app). Registration is free of charge.
2.2. Upon enrolment, the bidders will be required to register their valid Digital Signature Certificate (Class- II
or Class-III certificates with signing key usage) issued by any certifying Agency recognized by CCA India.
3. The bidder shall submit the documents comprising the bid, in two covers available on CPP
Portal as given below.
9
3.1.1. Tender Fee: The cost of tender document shall be 1,770/- (including of tax) and will be non-
refundable. The cost of tender document shall be paid online through Payment Gateway on CPP
Portal. The procedure for online payment of Tender Fee through Payment Gateway on CPP Portal is
given in Annexure – XIV. Govt. of India’s Guidelines issued from time to time relating to
exemption of tender fee shall be applicable to eligible bidders.
3.1.2. NSIC and MSME registered bidders shall upload copy of valid NSIC and MSME Registration
Certificate as per Gov. rules for the purpose of verifying their claim for exemption of Tender
fee in cover-1. For details refer clause 9 of section-IV.
3.1.3. Tenders not accompanied by the requisite Tender Fee or valid proof as per Gov. of exemption
from Tender Fee, shall be rejected.
3.1.4. Earnest Money Deposit: EMD of value as given in in Section-I of the Tender (Notice Inviting
Tenders) shall be submitted “Online” as below: -
3.1.4.1. The EMD should be submitted in the online mode, through Payment
Gateway on CPP Portal .
3.1.4.2. The procedure for online payment of EMD through Payment Gateway on CPP Portal
is given in Annexure – XIV.
3.1.4.3. Tenderers not submitting the requisite earnest money deposit will be rejected. In
the case of any extension of tender opening date, tenderer shall arrange to extend
validity of such EMD (BG), suitably. The Bank Guarantee submitted for EMD shall be
valid for six months from the date of opening of Tender
3.1.4.4. Govt. of India’s Guidelines issued from time to time relating to exemption of earnest
money shall be applicable to eligible bidders.
3.1.4.5. Bidder shall provide the name, Designation, email, address, Fax & Phone number of
the bank issuing BG for confirmation purpose.
10
3.1.4.6. Details regarding EMD payment/Refund/forfeit may be seen in Section –
III.
3.2. Cover-1: (Pre-Qualification cum Technical Bid) It shall consist of the following
documents: -
3.2.1. (Bidders shall upload required documents in JPEG/PDF in readable form under specific .RAR
Files in English Language at e-procurement portal as mentioned in bid documents).
3.2.2. The Valid GST No., PAN and TIN - Registration number in India.
3.2.3. Proof of work experience (Work Order): Vendor should have successfully completed similar
works against value equal to 80% or more of the estimated cost or two separate Works
Orders, each for a value equal to or more than 50% of the estimated cost or three separate
Work Orders, each for a value equal to or more than 40% of the estimated cost in last 7 years,
for Government Departments or Public Undertakings or Private sectors (with in
India).Certification of satisfaction with complete detail of work carried out shall be submitted.
The tax deduction at sources / TDS certificates shall be submitted in case of private sectors.
3.2.4. Proof of satisfactory service (Completion of work): Bidder shall submit performance
certificate in respect of the experience of works claimed by bidder against proof of work
experience (Clause 3.2.5) above. Certification of satisfaction with complete detail of work
carried out shall be submitted. Further completion certificates should be issued by the Client/
Customer. In case of work experience of Private Sectors, bidder has to submit TDS certificate
issued by the Customer in support of payment received for execution of work.
3.2.5. All documents required for bids should be issued in English or notarized translation by the
client/customer for whom works have been carried out.
3.2.6. A list of clients served (with contact address) shall also be attached.
3.2.8. Average Annualized Financial Turnover: Vendor should have annualized average financial
turnover of at least Rs. 41,98,988/- (Forty one lakhs ninety eight thousand nine hundred and
eighty eight only) during last 3 financial years. As a proof of financial turn over, copy of
abridged Balance Sheet along with profit & loss account of the bidder for the last three years
should be submitted.
3.2.9. Acceptance Letter: Acceptance of all tender conditions in the format enclosed as Annexure-I
of the tender document.
3.2.10. Power of Attorney: Power of Attorney (Stamp of Rupees 100/-) as per format given in
(Annexure-XI) authorizing the designated executive to sign all documents on behalf of the
company or Firm, if the bid is not signed by the Director of the Company or Partner /
Proprietor of the Firm.
3.2.11. Details of the Vendor Firm/ Company: Format enclosed as Annexure-VIII of the tender
document.
11
3.2.12. Integrity Pact Programme (NOT APPLICABLE): Signing of Integrity Pact (Annexure- IX) is
mandatory for every bidder participating in this tender and the contractor who is awarded
the work. The Pact signed on each page by the person authorized by bidder/sub-
contractor/associate to sign the bid for submission or the person authorized to sign the
contract on behalf of successful bidder shall be submitted by the bidder in PQQ along with
the agreement by the Vendor.
3.2.12.2. The Independent External Monitor (IEM) for this work shall be Sh. M. P.
Juneja & Dr. Anup K. Pujari. All correspondences to him regarding
implementation of Integrity Pact, shall be addressed Sh. M. P. Juneja c/o
Chairman, Airports Authority of India, Rajiv Gandhi Bhawan, Safdarjung
Airport, New Delhi–110003 & Dr. Anup K. Pujari IAS (Retd). E-mail id of
IEMs are mp.juneja@yahoo.com & anup@nic.in respectively.
3.2.12.3. Integrity Pact shall be signed on plain papers by bidder, later which shall be
signed by contract signing authority of AAI.
PROFORMA FOR UNDERTAKING: Bidder firm shall submit an undertaking stating its firm or its partners or its
Directors have not been black listed or any case is pending or any complaint regarding irregularities is pending, in
India or abroad, by any global international body like World Bank/International Monetary Fund/ World health
Organization etc.., or any Indian State/Central Governments Departments or Public Sector Undertaking of India
as per Annexure‐X.
1.1.2. Duly Filled Compliance Statement as per Annexure –VIIA with supporting
documents/literature.
List of documents to be attached with the Pre-Qualification Cum Technical Bid (Cover-1)– Vendor please note
the name of e-File corresponding to the Documents
A RAR File 1
CC-03
C RAR File 3
13
I Integrity Pact as per as Annexure-IX (Not applicable) IP
E RAR File 5
1.2.1. Financial Bid form (Excel File) to be filled as per BOQ/Format Given in Scheduled-B.
1.2.2. Submit the financial bids in the format provided with the bid document and no other format
is acceptable.
2. COST OF BIDDING:
2.1. The Bidder shall bear all costs associated with the preparation and submission of the bid.
The Buyer, will in no case, be responsible or liable for these costs, regardless of the conduct
or outcome of the bidding process.
5. TENDER DOCUMENT
5.1. The required materials, bidding procedures and contract terms are prescribed in the Bid
Documents. The Bid Documents include-
6.1. A bidder may request clarification regarding the Tender document by submitting their
clarification requests to AAI on e-procurement portal only as per below format:
6.2. The AAI shall respond to Clarification Request till the Date of Response queries as specified in
the schedule as indicated in Table 1 of this document, unless the Date is extended by AAI. Any
request received through any other means, except e-procurement port shall not be
entertained
6.3. AAI shall not entertain any post-closing date clarifications or confirmation of compliance
6.4. Response to Clarification requests shall be uploaded at CPP e-procurement portal through
corrigendum/amendments/addendum.
7.1. At any time, prior to the date of submission of bids, the Buyer may, for any reason, whether at
its own initiative or in response to a clarification requested by a prospective Bidder, modify the
bid documents by amendments.
15
B. PREPARATION OF BIDS:
8.1. Bidder should take into account corrigendum/s (if any) published on the tender document for
preparation of bid.
8.2. The bid prepared by the bidder shall be in three covers to be submitted as per Para D of this Section.
Each cover to contain the following documents respectively:
8.2.1. Tender Fee & EMD: for provision of “Name of the work as given in Schedule-A Sl. No. 1”
consisting of the following documents.
8.2.2. Pre-Qualification cum Technical Bid (Cover-1): for provision of “Name of the work as given in
Schedule-A Sl. No. 1” consisting of the following documents.
8.2.2.1. All the relevant documents as asked for Pre-Qualification cum Technical Bid of
the tender in accordance with clause 3 of section-II.
8.3. Financial Bid (Cover-2): for provision of “Name of the work as given in Schedule-A Sl. No. 1”
consisting of the following documents and filled online as per clause 9.
8.3.1. Financial Bid Form (Excel File) to be filled as per BoQ/ format given in Schedule - B.
8.3.2. Bidders are requested to note that they should necessarily submit their financial bids in the
format provided and no other format is acceptable. If the price bid has been given as a
standard BoQ format with the tender document, then the same is to be downloaded and
to be filled by all the bidders. Bidders are required to download the BoQ file, open it and
complete the colored (unprotected) cells with their respective financial quotes and other
details (such as name of the bidder). No other cells should be changed. Once the details
have been completed, the bidder should save it and submit it online, without changing the
filename. If the BoQ file is found to be modified by the bidder, the bid will be rejected.
8.3.3. The bidder shall quote the rates in English language and international numerals.
9. BID PRICES:
16
9.1.1. The bidder shall download the BOQ file (.xls file) and shall upload the duly filled file with the
financial bid. It may be noted that only duly submitted bids shall be evaluated and bids just
saved but not submitted the Financial Bid shall not be part of the evaluation process.
9.1.2. The price bid of the tender document is for pricing only. Conditional price bid shall be liable to
rejection. Price quoted shall be firm and fixed and subject to no escalation, whatsoever, till the
validity period of the tender, including extension if any.
9.1.3. The bidder shall not include GST, in the Unit Rate on on-line Financial Bid Form. Rate of current
prevailing GST on applicable items shall be given in separate sheet with Financial Bid.
9.1.5. The Unit Rate (without GST) shall be used for calculating the total amount in the Financial
Bid.
9.1.6. In the event of any ambiguity, the Unit Rate given in the Financial Bid shall be taken as the
correct basis for calculating all other data. In the event of any Errors or Ambiguity in Unit Rates
itself the Financial Bid of the bidder shall be rejected.
9.1.7. The prices quoted by the bidder shall remain firm on the date of submission of the Bid and
shall not be subject to variation on any account. A bid submitted with an adjustable price
quotation will be treated as non-responsive and rejected.
9.1.8. AAI will have no liability or benefit from any exchange rate fluctuations. The vendor shall bear
all liability or receive all benefit from such fluctuations.
9.1.9. The rates of statuary taxes shall be uploaded on to the e-procurement portal along with the
financial bid or otherwise no claim will be entertained to wards, decrease or increase in
statuary taxes.
9.2. The bidder shall quote only one price for each item of same specification against the
nomenclature shown in Financial Bid. The bidder shall quote as per price schedule given in
Financial Bid for all the items as per specifications/scope of work in Annexure – VI.
9.3. Post offer discount, if any, offered by the bidders shall not be considered. Bidders’ planning
to offer discount shall therefore modify their offers suitably while quoting and shall quote
clearly net price taking into account discount, free supply etc. However, such discounts from
the firm declared as L1 on the basis of post bid negotiations if any shall be considered and
such negotiated offers when agreed by AAI & the bidder shall form a part of the financial Bid.
9.4. Price bid file or any other document containing financial terms/prices shall not be submitted
in any other cover other than financial bid cover of the e-procurement portal or in hard copy
to AAI in any case.
10.1. Pursuant to Clause 8, the bidder shall furnish, as part of his bid, documents establishing the
conformity of his bid to the Bid document of all Items and services, which he proposes to
17
supply/service rendered under the Contract. Submission shall be as follows:
10.1.1. The documentary evidence of the Items/services in conformity to the Bid Documents shall be
in the form of literature, drawings and data that the Bidder shall furnish. These shall be
attached as Annexure to the Compliance Statement as per Clause 10.1.2 below.
10.1.2. Compliance Statement in Annexure-VIIA shall be in the format given below. Compliance
Statement shall be one of the two statements viz. “Complied or “Not complied”. No other
remark or comment will be accepted.
10.1.3. Bidder must attach required technical brochures/literatures/data sheets for all the products
asked in the tender to ensure that compliance to all the specifications given in the tender
document can be verified. Non-availability of specifications (as mentioned in the tender
document) in the brochure/literature will be treated as non-compliance and no clarifications
shall be asked in this regard. If bidder fails to submit the required brochures/literatures along
with the tender document, it shall be treated as non-compliance and may lead to outright
rejection of bid submitted by bidder.
11.1. The offered Bid shall remain valid for a minimum of 180 days from the date of opening of the
technical bid. The bidder shall not be entitled, to revoke or cancel the offer or to vary any term
thereof, during the said period of validity without the consent in writing of AAI. In case of the
bidder revoking or canceling the offer or varying any term in regard thereof, the bidder's earnest
money deposit shall be forfeited.
11.2. If there is any delay in finalization due to unforeseen factors, all the bidders shall be asked to
extend the validity for an appropriate period, specifying a date by which tender is expected to be
finalized. However, the tender process shall not be vitiated if any tenderer declines to extend the
offer as requested for.
12.1. The e-Bid shall be digitally signed by the bidder at e-procurement portal duly authorized to bind
the bidder to the contract. Written power-of-attorney accompanying the bid shall indicate the
letter of authorization. The person or persons signing the e-bid shall sign the bid, except for
printed literature. The e-bid submitted shall be in properly in readable form and encrypted as per
e-tendering portal requirements. Standard Printed terms and conditions of the company other
18
than the NIT conditions shall not be considered.
13.1. The bidders shall digitally sign their bid and upload the bid on line at CPPP (e-procurement portal)
only.
13.2. If all the documents are not digitally signed & encrypted, the buyer shall not accept such open bids
for evaluation purpose and treated as non-responsive. Such bid shall be liable to be rejected.
13.3. The e-procurement portal shall not allow the submission of bid without digital signature.
14.1. The buyer shall receive the bids on line through e-procurement portal only not later than that the
schedule date specified in the NIT. Bidder should submit the bid well in advance to avoid any last
minute issue in submission of bids. The e-procurement portal shall not allow bidder to submit
their Tender after the scheduled Closing date and time.
14.2. The Buyer may, at its discretion extend this deadline for the submission of the bids by amending
the bid documents in accordance with Clause 7 in which case all rights and obligations of the
Buyer and bidders previously subject to the deadline will thereafter be subject to the deadline as
extended.
14.3. The bidder shall submit his bid offer on line at e-procurement portal only. Digitally signed tender
document downloaded from e-procurement portal shall be considered. No separate documents
shall be valid. Only relevant attachments, if any other than the tender document, shall be listed
out for reference.
15. Upon the successful and timely submission of bids, the portal will give a successful bid submission
message & a bid summary will be displayed with the bid no. and date & time of submission of the bid
with all relevant details. The bid summary has to be printed and kept as an acknowledgement of the
submission of the bid.
16.1. E-procurement portal system shall not permit uploading of bids after the scheduled date & time
of submission.
17.1. The bidder may correct, modify his digitally signed bid after submission prior to the deadline,
through provisions of e-procurement portal.
17.2. Subject to Clause 16 of this section, no bid shall be modified subsequent to the deadline for
submission of bids.
19
D BID OPENING AND EVALUATION:
18.1.2. Representative whose bid is not submitted / rejected cannot attend the tender opening.
18.2. Evaluation of Technical bid:
(a) AAI shall evaluate the bids to determine whether they are complete, the documents have been digitally
signed and the bids are in order.
(b) The objective of the evaluation is to select a bidder that can provide the desired service with maximum
efficiency and quality and meeting the Technical requirements defined in Section-D.
(c) AAI will determine the responsiveness of each bid to the Bid documents. For purposes of these clauses, a
responsive bid is one which conforms, to all the terms and conditions of the Bid Documents without material
deviations. AAI's determination of bid's responsiveness is to be based on the contents of the bid itself without
recourse to extrinsic evidence. A bid determined as non-responsive will be rejected by AAI.
(d) The tenders received and accepted shall be evaluated by AAI to ascertain the complete scope contained in the
tender document.
(e) Tenders meeting Technical bid criteria as specified herein shall only be informed and considered for opening and
evaluation of financial bid. However, tenders not meeting Technical bid criteria shall be informed for not meeting
the technical bid criteria.
(f) To shortlist technically qualified bidders, the Technical Bids shall be scrutinized by AAI to ensure whether the
same are in conformity to Technical specifications as per tender. Bidders shall provide complete information to
substantiate compliance of the technical specification listed in the tender. In case of incomplete compliance
statement or inadequate information, tenders shall be finalized on the basis of the information available. It shall,
therefore, be in the bidders’ interest to give complete and comprehensive technical particulars while submitting
the bid.
(g) AAI may seek clarification on technical details or any other information deemed necessary. Such queries raised
on-line on portal e-Procurement Portal at http://etenders.gov.in/eprocure/app, shall be replied on-line positively
by the bidder, within the time specified, failing which the evaluation shall be done on the basis of the information
available.
(h) At no cost to AAI, as a part of Technical Evaluation, bidders participating in this tender may be required to
demonstrate operational and technical requirements or specifications, at a location considered fit by bidder in
consultation with AAI.
(i) If any document submitted in ‘Technical Bid’ is found to be false or fabricated, the EMD shall be forfeited, besides
blacklisting of the bidder.
(j) Airports Authority of India reserves the right to reject any or all tenders, without assigning any reasons thereof,
and to call for any other details or information from any of the bidder.
19.1. The general eligibility cum technical criteria shall be evaluated during preliminary stage and
the vendors who have not submitted requisite documents shall be asked through CPP e-
procurement portal or by email to substantiate their claims with documentary evidence
before a given date failing which their bids shall not be considered further for detailed
evaluation.
19.2. There is only one-time provision to ask shortfall documents through CPP e-procurement
portal. Bidders are responsible to submit the all requisite shortfall documents in the given only
chance, till the stipulated time. No extension in deadline for submitting shortfall documents
has been provisioned in CPP e-procurement portal.
19.3. It may be noted that enquires / clarifications shall be responded only through CPP e-
procurement Portal. All such queries shall be entertained which are received on or before last
date/time for submission of queries. AAI response will be uploaded through e-procurement
portal. Written responses, through email, verbal, telephonic enquiry or enquiry received after
last date of submission of queries shall not be entertained during or post tender process.
20.1.1. The Pre-qualification cum Technical criteria shall be evaluated after opening of bids. Bids
meeting Pre- qualification cum Technical criteria shall only be considered for financial bid
opening.
20.1.2. The Pre-qualification cum Technical requirements shall be verified against the document
submitted by the vendors. The Pre-Qualification cum Technical Bid of the vendors who fail to
substantiate their claim on meeting the pre-qualification cum technical requirements even
after the above process shall be rejected.
21
20.1.3. AAI may seek performance report on a vendor for other clients whose references are given in
the tender. An adverse report from a client shall make the vendor technically unfit leading to
his rejection. The process of seeking performance report shall be kept confidential so that the
vendor is not able to influence the process.
20.1.4. At no cost to AAI, as a part of Technical Evaluation, the bidder participating in this tender may
be required to demonstrate (any or all) operational and technical requirements or
specifications, at a location considered fit by the AAI.
20.1.5. A short-list of bidders qualifying Pre-qualification cum Technical requirements shall be drawn
and thereafter these short-listed bids shall be treated at par for the purpose of financial
comparison.
20.2.1. Financial Bids of those vendors who qualify technically shall be opened electronically at CPP
e-procurement portal on-line. Time and date of opening shall be notified through system
generated email. The bidder shall issue authority letters to their representatives to attend the
opening of financial bids if desired to be present at AAI premise.
20.2.2. Status of bidders L1, L2, L3 shall be based on the total price (excluding GST) arrived after
Financial bid opening
21. The Bidder's names, bid prices, modifications, bid withdrawals and such other details as the Buyer, at
its discretion, may consider appropriate; will be announced at the opening.
22.1. Canvassing in any form in connection with the tenders is strictly prohibited and the tenders
submitted by the contractors who resort to canvassing are liable for rejection. Such rejected
tenders will not be returned.
22.2. No bidder shall try to influence directly or through external source, the Buyer on any matter
relating to its bid, from the time of publication of NIT till the time the contract is awarded.
22.3. Any effort by a bidder to influence the Buyer in the bid evaluation, bid comparison or contract
award decisions shall result in the rejection of the bid, and such actions will be considered as bad
performance for future Projects.
23.1. The acceptance of the tender will be intimated to the successful bidder by AAI, either by fax or
by letter, e-portal.
23.2. AAI shall be the sole judge in the matter of award of contract and decision of AAI shall be final and
binding.
24.2. Tenders not accompanied with prescribed information or are incomplete in any respect, and/or
not meeting prescribed conditions, shall be considered non-responsive and are liable to be
rejected.
24.3. The Buyer reserves the right to accept or reject any bid or a part of the bid or to annul the bidding
process and reject all bids, at any time prior to award of contract without assigning any reason
whatsoever and without thereby incurring any liability to the affected bidder or bidders on the
grounds for the Buyer’s action.
24.4. AAI also reserves the right at its sole discretion not to award any order under the tender called.
AAI shall not pay any costs incurred in the preparation and submission of any tender.
24.5. If the bidder gives wrong information in his Tender, AAI reserves the right to reject such tender
at any stage or to cancel the contract, if awarded, and forfeit the Earnest Money.
24.6. Tenders that are not accompanied with Earnest Money Deposit (EMD) or Exemption certificate
for EMD, shall be rejected outright.
24.7. Should a bidder have a relation or relations employed in AAI in the capacity of an officer or the
authority inviting tender, the same shall be informed by the bidder. In the event of failure to
inform and in a situation where it is established that the relation or relations employed in AAI has
/ have tried to influence the tender proceedings then AAI at its sole discretion may reject the
tender or cancel the contract and forfeit the Earnest Money.
24.8. The requirements indicated in this NIT are the minimum and bids of the firms not complying with
these minimum requirements or having deviations equivalents to the minimum requirements
shall be rejected. However, higher than the minimum requirements shall be technically
acceptable without any additional financial implication.
24.9. Any correspondence after the opening of the technical bid, from the bidder, regarding the bid
unless specifically sought by AAI shall not be considered. Such post bid offers / clarifications may
be liable for action as per clause 20 above.
25.1. The acceptance of the tender will be intimated to the successful bidder by AAI, either by fax or
by letter, e-portal.
25.2. The issue of a Works Order / Purchase Order shall constitute the intention of Buyer to enter into
the contract with the bidder.
25.3. Acceptance of the Works order / Purchase Order will be deemed as effective from the date of
23
issue of Works Order / Purchase Order. All formalities of submission of the Contract Performance
Bank Guarantee (within 30 days) in pursuant to clause 6 of section-III in the format attached
Annexure II and signing of the contract shall be completed within 15 days of the Work Order.
25.4. AAI shall be the sole judge in the matter of award of contract and decision of AAI shall be final and
binding.
26.1. The issue of Works Order / Purchase Order shall constitute the award of contract on the bidder.
The signing of the Contract shall be completed within 15 days of the acceptance of the Works Order
/ Purchase Order.
26.2. Apart from the Contract the bidder awarded the contract will also have to enter into a non-
disclosure in the format attached at Annexure-XII.
27.1. Failure of the successful bidder to comply with the requirement of Clause 23 shall constitute
sufficient ground for the annulment of the award and forfeiture of the EMD in which event the
Buyer may make the award to any other bidder at his discretion or call for new bids.
28.1. The Vendor shall submit copies of Valid Certificates to ensure that all works comply with
standards specified in the Qrs.
29.1. Transfer of Tender Documents by one bidder to another is not permissible. Similarly transfer of
tenders submitted by one bidder in the name of another vendor is not permissible.
30.1. The buyer shall hold regular contract monitoring meetings after the award of the contract to
monitor the performance of the contract.
30.2. First such meeting shall be hold within one week of award of the contract. The date and time of
such meeting shall be intimated to the contractor / supplier by fax. / post. The date and time of
subsequent meetings shall be decided and recorded in previous meetings.
30.3. The proceedings of each meeting shall be recorded and action as required towards successful
execution of the project shall be initiated promptly by both AAI and the contractor.
**************************
24
PAGE LEFT BLANK
25
SECTION – III
1.1 This document sets out the terms & conditions be met in connection with the provision of “Name of
the work as given in Schedule-A Sr. No. 1” to AAI for the work as per details given in the notice
inviting Tender with specifications in Annexure-VII and Annexure VIIA.
1.2 This tender document includes details like quantity, delivery, installation, commissioning (including
Operating system & other software for the items as tendered for) & support services for
maintenance, etc.
1.3 Vendor will carry out maintenance, configure and update all systems mentioned in Annexure – VI
as per the instruction of Engineer-I/C.
1.4 The Vendor will coordinate with OEM / agency for all systems mentioned in Annexure - VI under
warranty.
1.5 Preventive Maintenance shall be carried out as per OEM standards or instructions given from
Engineer I/C.
1.7 The scope of work also includes all the points specified in the “Section III”.
2. Compliance:
2.1 The unconditional acceptance of all the terms & conditions of the NIT has to be submitted through
a letter. The format of the letter is attached at Annexure-I.
2.2 The submission of the tender will imply acceptance of all the tender condition by the bidder laid in
tender document including all the Annexure(s) & schedules to the tender document
2.3 The compliance to the terms & conditions should be supported by authenticated documentation
wherever required.
2.4 Each page of the Bid and cuttings / corrections shall be duly signed with stamp by the bidder. (Not
applicable for E-Tender)
25
2.5 The submission of unconditional acceptance of the terms & conditions of the NIT, as described
above is essential for the tender evaluation. The failure to submit the unconditional acceptance
statement in the said format shall result in his tender being rejected.
3.1 The bidder shall quote the rates in English language and international numerals. The rates shall be
in whole numbers. The rates shall be written in both figures as well as in words. In case of disparity
in figures & words, the rate in words will be considered. In the event of the order being awarded,
the language of all services, manuals, instructions, technical documentation etc. provided for under
this contract will be English. The bidders should quote only in Indian Rupees and the bids in
currencies other than Indian rupees shall not be accepted.
4. Standard Conditions.
4.1 Standard printed conditions of the bidder to the offer, other than the conditions specified here, will
not be acceptable.
4.2 For the purpose of the tender, the metric system of units shall be used.
4.3 All entries in the tender shall either be typed or be in ink. Erasures shall render such tenders liable
to summarily rejection. The bidder shall duly attest all corrections, cancellation and insertions.
4.4 Bidder's offers shall be with reference to section and clause numbers given in the tender schedules.
5. Earnest Money:
5.1 The Earnest Money Deposit (EMD) of amount of Rs. (a) (As Specified in Schedule-A Sr. No. 3 (Rupees
(b) (As Specified in Schedule-A Sr. No. 3 shall be submitted. EMD Amount shall be remitted Online
as specified in para 3.1 of Section-II.
5.2 The EMD of bidder who are not qualified in initial eligibility qualification or Technical qualification,
EMD shall be refunded after Prequalification cum Technical evaluation subject to the bidder giving
receipt for refund of EMD.
5.3.1 Bidders EMD will be forfeited if the bidder withdraws or amends its bid or breach of the
conditions or the tender of impairs or derogates from the tender in any respect within the
period of validity of the tender.
5.3.2 If the successful bidder fails to enter into a contract with AAI within 30 calendar days (or an
extended period as approved by the Accepting Authority in AAI) after the receipt of the
purchase order/Work order.
5.3.3 If the successful bidder fails to submit the Performance Bank Guarantee as stipulated in the
general Conditions of Contract within 30 calendar days (or an extended period as approved
by the Accepting Authority in AAI) after the receipt of the Purchase order/work order.
26
5.3.4 If the bidder knowingly and wilfully supplied incorrect information in the tender.
5.3.5 In the event of not accepting the conditions of the contract even after agreeing to do so and
submitting the letter of unconditional acceptance of the terms and conditions of the tender.
5.3.6 AAI may issue a Letter of Intent (LOI) to the declared L1 bidder and ask the bidder to accept
the LOI within the specified time. If the bidder fails to accept the LOI, it will be construed
that the bidder is not interested in the offer. In such a situation AAI will encash and forfeit
the EMD.
5.4 No interest or any other expenses, whatsoever, shall be payable by AAI on the EMD in any manner.
The Contractor shall pay all banking or conversion charges (and any other expenses incurred in this
regard).
5.5 If a bidder withdraws from the Tender process for any reason deemed unsatisfactory in the sole
opinion of the AAI, their EMD will be encashed and forfeited.
5.6 Should the AAI cancel this Tender process, the EMD of all bidders for whom the EMD was not already
forfeited and encashed without any interest will be refunded automatically via portal.
6.1 The successful bidder shall submit Contract performance guarantee (in lieu of Contract Performance
security) of the value equivalent to 10% (ten percent) of the total price, to AAI in the form of an
irrevocable and unconditional bank guarantee on scheduled commercial bank as per Performa
attached as Annexure-II. The guarantee shall be submitted within 30 calendar days of the issue of
letter of acceptance of his bid, and will be valid till 90 days after the end of contract period. In case
successful bidder fails to submit the PBG within stipulated period, interest @ 12% p.a. on
performance Guarantee amount would be levied (non-refundable) for delayed period of submission
and shall be deducted from EMD or First running Bill. In case, successful bidder fails to submit
performance bank guarantee within 60 days, AAI reserve the right to forfeit EMD and cancel the
order.
6.2 The performance guarantee amount shall be payable to AAI without any condition whatsoever and
the guarantee shall be irrevocable.
6.3 The performance guarantee shall be deemed to govern the following guarantees from the successful
bidder, in addition to other provisions of the guarantee:
6.3.1 The Hardware / Software supplied under the contract shall be free from all defects / bugs and
upon written notice from AAI, the successful bidder shall fully remedy, free of expenses to AAI,
all such defects / bug as developed under the normal use of the said hardware / software within
the period of guarantee/W
6.3.2 performance guarantee is intended to secure the performance of the entire system. However,
it is not to be construed as limiting the damages stipulated in any other clause.
27
6.4 The performance guarantee will be returned to the successful bidder at the end of the period of
liability without interest.
6.5 The bidder as per operation, installation, maintenance manuals and performance guarantee tests
supplied by the successful bidder, will do the loading, installation & commissioning of systems. The
successful bidder will be fully responsible for the guaranteed performance of the supplied systems
and warranty obligations. In case of any problem after commissioning and during guarantee period
the successful bidder will depute his supervisor(s) to AAI's site within 24 hours of intimation to
remove all defects at contractor’s cost.
6.6 A fine of an agreed amount calculated @ 1/2% of the total value of the faulty equipment per week
or part thereof subject to a maximum value equal to the value of the Performance Bank Guarantee
can be imposed in case of delay in rectification of the problem in 72 hours. The acceptance of valid
reasons for non-compliance to 6.5 above shall rest with GM (IT) and his decision with regard to
imposition of the fine shall be final. The fine shall be recovered from the Bank Guarantee.
7. Correspondence:
7.1 All correspondence would be directly with the bidder and correspondence through agents will not
be entertained.
8.1. The Testing and inspection of the equipment/components procured shall be carried out in
two stages as follows.
8.1.1.1. The Buyer or his representative shall have the right to conduct pre-dispatch
inspection of the Hardware and Accessories including the software for
their conformity to the specifications. Where the Buyer decides to conduct such tests
on the premises of the Original Equipment Manufacturer (OEM) or Supplier of the
OEM or its subcontractor(s), all reasonable facilities and assistance like Testing
Instruments and other test gadgets including access to drawings and production data
shall be furnished to the inspectors at no charge to the Buyer. The schedule &
procedure of testing shall be intimated to the bidder after the placement of the Work
order / purchase order. The successfully inspected / accepted items shall be sealed in
the presence of the Inspectors and signed by the inspectors accordingly.
8.1.1.2. If any inspected or tested Items fail to conform to the Specifications, the Buyer
may reject them and the Contractor shall either replace the rejected Items or
make all alterations necessary to meet Specification requirements free of cost to
the Buyer.
8.1.2.1. Notwithstanding the pre-supply tests and inspections prescribed in clause 8.1.1.1
& 8.1.1.2 above, the Items on receipt in the Buyer 's premises will also be tested
after receipt and if found defective, or the seal found to be tempered these items
28
shall be replaced free of cost to the Buyer as laid down in clause 8.3 below.
8.1.3.1. This testing / inspection shall be performed after the completion of installation of
the parts. The inspectors shall verify the component level details during this
testing and shall sign the installation report after successful completion of the post
installation testing. Defects / shortcomings brought out in this testing shall have to be
attended as per the contract within the permitted time schedule.
9. Extension of Time:
9.1 This work is urgent and hence the completion period as per contract shall be adhered to strictly.
However, in-case of extraordinary situations which may delay the completion of the project, the
contractor shall apply for extension in time as per format contained in Annexure-V.
9.2 AAI at its sole discretion may extend the time period for completion of the work without any
prejudice to operate the penalty clauses provided for in the Tender Document. Such extension of
time and the circumstances leading to the extension of time shall be communicated in writing to the
contractor.
10.2 If the successful bidder fails to complete the supply / work within time fixed under the contract, he
shall pay to the AAI without prejudice to any other rights or remedy as may be available to the
purchaser, an agreed compensation amount calculated @ 1/2 % of the total value of the uncompleted
portion of the work per week or part thereof subject to a maximum value equal to the value of the
Performance Bank Guarantee.
10.3 The amount of compensation for delay and waiver of compensation for delay in case of justified
reasons shall be decided at the discretion of Accepting Authority and the same shall be final and
binding on the contractor. Time taken by AAI and local statutory authorities for approval of drawings,
design, estimate etc., force majeure reasons and any other reasons beyond control of the contractor
shall be considered as justified reasons. The amount of compensation may be adjusted or set off
against any sum payable to the contractor under this or any other contract with AAI.
10.4 Appeal for waiver of compensation for delay with due justification shall be decided by the
Competent Authority. The decision of the competent authority on appeal shall be final and binding
on the contractor.
29
10.5 A fine of an agreed amount calculated @0.5% of the total value of the faulty component per week or
part thereof subject to a maximum value equal to the value of the Performance Bank Guarantee can
be imposed incase of delay in rectification of the problem in permitted time frame. The acceptance
of valid reasons for non compliance to 6.5 above shall rest with GM (IT) and his decision with
regard to imposition of the fine shall be final. The fine shall be recovered from the Bank Guarantee.
11. Blank
12.1 AAI may grant an extension of time limit set for the completion of the work / repair in case the timely
completion of the work is delayed by force majeure beyond the contractors control, subject to what
is stated in the following sub paragraphs and to the procedures detailed therein being followed.
Force Majeure is defined as an event of effect that cannot reasonably be anticipated such as acts of
God (like earthquakes, flood, storms etc), acts of states, the direct and indirect consequences of wars
(declared or un-declared), hostilities, national emergencies, civil commotion and strikes (only those
which exceed a duration of ten continuous days) at successful Bidder’s factory. The successful
bidder’s right to an extension of the time limit for completion of the work in above-mentioned cases
is subject to the following procedures.
12.2 That within 10 days after the occurrence of a case of force Majeure but before the expiry of the
stipulated date of completion, the bidder informs the AAI in writing about the occurrence of Force
Majeure Condition (as per Annexure-IV to the tender document) and that the Bidder considers
himself entitled to an extension of the time limit. The contractor shall submit the application for
extension of time as attached in Annexure-V.
12.3 That the contractor produces evidence of the date of occurrence and the duration of the force
majeure in an adequate manner by means of documents drawn up by responsible authorities.
12.4 That the contractor proves that the said conditions have actually been interfered with the carrying
out of the contract.
12.5 That the contractor proves that the delay occurred is not due to his own action or lack of action.
12.6 Apart from the extension of the time limit, force majeure does not entitle the successful bidder to
any relaxation or to any compensation of damage or loss suffered.
13.1 Successful bidder shall protect and fully indemnify the AAI from any claims for infringement of
30
patents, copyright, trademark, license violation or the like.
13.2 Successful bidder shall also protect and fully indemnify the AAI from any claims from successful
bidder's workmen/employees, their heirs, dependents, representatives etc or from any person(s) or
bodies/ companies etc. for any act of commission or omission while executing the order.
13.3 Successful bidder shall be responsible for compliance with all requirements under the laws and shall
protect and indemnify completely the AAI from any claims/penalties arising out of any infringements
and indemnify completely the AAI from any claims/penalties arising out of any infringements.
14.1 If a dispute of any kind whatsoever arises between the AAI and the Contractor in connection with,
or arising out of the Contract or the execution of the works, whether during the execution of the
Works or after their completion and whether before or after repudiation or after termination of the
contract, including any disagreement by either party with any action, inaction, opinion, instruction,
determination, certificate or valuation of the Project Manager or his nominee, the matter in dispute
shall, in first place be referred to the GM (IT), AAI. He shall activate the dispute resolution mechanism
to resolve the dispute in question. Any party may invoke arbitration clause, if dispute in question is
not settled by the Dispute resolution mechanism
14.2 Unless the Contract has already been repudiated or terminated or frustrated the Contractor shall in
every case, continue to proceed with the works with all due diligence and the Contractor and AAI
shall give effect forthwith to every decision of the Project Manager or his nominee unless and until
the same shall be revised, as hereinafter provided, by the Dispute Resolution Mechanism or in an
Arbitral Award.
15.2 The arbitration shall be conducted in accordance with the provisions of the Arbitration and Conciliation
Act, 1996 as amended by the Arbitration and Conciliation (Amendment) Act, 20l5 or any statutory
modification or re-enactment thereof and rules made there under and for the time being in force shall
apply to the arbitration proceeding.
31
16. TERMINATION FOR DEFAULT & RISK PURCHASE:
16.1 The AAI may, without prejudice to any other remedy for breach of contract, by written notice of
default, sent to the Contractor, terminate this Contract in whole or in part in any or the following
events.
16.1.1. If the Contractor fails to deliver any or all of the Items within the time period specified in
the Contract or any extension thereof granted by the AAI pursuant to Clause 9 of Section -
III.
16.1.2. If the Contractor fails to perform any other obligation(s) under Contract.
16.1.3. If the Contractor, in either of the above circumstances, does not remedy his failure within a
period of 30 days (or such longer period as AAI
may authorize in writing) after receipt of the default notice from AAI.
16.1.4. As a penalty to the Contractor the AAI shall en-cash Contract Performance Bank Guarantee.
The AAI in such case shall pay for the assessed value of the executed work that can be used.
No payment shall be made for the efforts put in by the Contractor in case the same are of
no value to AAI. The balance unfinished work of the project will be got done by fresh
tendering on Contractor’s risk and that extra expenditure will be recovered.
17.1 The AAI may at any time terminate the Contract by giving written notice to the supplier, without
compensation to the Contractor, if the Contractor becomes bankrupt or otherwise insolvent as
declared by the competent court provided that such termination will not prejudice or affect any right
or action or remedy which has accrued or will accrue thereafter to AAI. In the event of termination
for penalty to the contractor Clause 16.1.4 shall be applicable.
18.1. Any sum of money due and payable to the contractor (including security deposit refundable to
him) under this contract may be appropriated by the Buyer to set off the same against any
claim of the Buyer for payment of a sum of money arising out of this contract made by
the Contractor with Buyer.
19.1. AAI reserves the right to change the quantity to be supplied but within the overall Deviation limit of
30% of the contract value.
19.2. AAI also reserves the right to purchase Extra item, Substitute items as per site Requirements up to
the overall limit of 30% of the contract value.
19.3. The overall deviation, Extra item or the substitute items taken together shall not exceed 30% of the
contract value unless until it is mutually agreed by both the parties and a specific order is placed on
the vendor in this regard.
32
20.1. Notwithstanding any other term, there shall be no limitation of liability in case of any
damages for bodily injury (including death) and damage to real property and tangible personal
property due to gross negligence and willful misconduct of the other party.
20.2. In all other cases not covered by Clause 20.1 above the total liability of either party under the terms
of the contract shall not exceed the total contract value and in no event shall either party be liable to
the other for any indirect,
incidental, consequential, special or exemplary damages, nor for any damages as to lost profit, data,
goodwill or business, nor for any reliance or cover damages even it was advised about the possibility
of the same.
********************************************************
33
PAGE LEFT BLANK
34
SECTION – IV
1. Definition of Terms:
1.1 For the purpose of the terms and conditions Airports Authority of India will be referred to as AAI and the firm
providing services shall be referred as the Contractor.
2. Service Period:
2.1 This contract is FOR 3 YEAR. AAI shall appoint a maintenance in charge for the purpose of implementation &
monitoring of the contract.
3. Payment Terms:
3.5 It shall be the responsibility of AAI to renew the Contract before the date of expiry of the contract. If not
renewed on regular or temporary basis before the expiry of the contract then the Contractor shall not be
responsible for provision of services during the intermediate period when no maintenance contract is
applicable. If the contract is extended temporarily for a shorter duration than the pro rata payment for actual
period of extension shall only be made to the Contractor on fulfilment of other payment conditions as applicable
in the contract.
3.6 AAI at its discretion shall get the faulty items repaired from other sources at the risk & cost of the contractor. In
such an event AAI shall deduct a fine equal to the repair charges plus all other incidental charges on the repair
from the quarterly bill of the contractor.
4. AAI shall terminate the contract and takeover the system maintenance at any time without notice, in case
the services are not found satisfactory. Under such conditions, all the defects shall be rectified at risk
and cost of contractor.
5. Technical Manual
The bidder shall supply complete set of technical/ operations and maintenance manuals (as applicable) along
with the delivery. The cost of such manuals supplied will be included in the cost of the system.
******************
36
PAGE LEFT BLANK
37
ANNEXURE-I
ACCEPTANCE LETTER
(TO BE SUBMITTED IN Pre-Qualification BID)
To,
G M (IT)
Safdarjung Airport
New Delhi
1. The tender document for the works mentioned above have been sold to me/us by Airports Authority of
India and I / we hereby certify that I / we have read the entire terms and conditions of the tender document
made available to me / us in the office of the General Manager (IT) , AAI, which shall form part of the
contract agreement and I / we shall abide by the conditions / clauses contained therein.
2. I / We hereby unconditionally accept the tender conditions of AAI’s tender document in its entirety for the
above works.
3. It is clarified that after unconditionally accepting the tender conditions in its entirety, it is not permissible
to put any remarks / conditions (except unconditional rebates on quoted rates if any) in the tender
enclosed in cover “1", "2" & “3” and the same has been followed in the present case. In case any provisions
of this tender are found violated after opening cover “1”, "2" &”3”. I / we agree that the tender shall be
rejected and AAI shall without prejudice to any other right or remedy be at liberty to forfeit the full said
earnest money absolutely.
4. That, I /We declare that I/we have not paid and will not pay any bribe to any officer of AAI for awarding
this contract at any stage during its execution or at the time of payment of bills, and further if any officer
of AAI ask for bribe /gratification, I will immediately report it to the appropriate authority of AAI.
Yours Faithfully,
38
PAGE LEFT BLANK
39
ANNEXURE-II
PROFORMA BANK GUARANTEE FOR CONTRACT PERFORMANCE
(To be stamped in accordance with Stamp Act)
Date:
To
Dear Sirs,
Owner", which expression shall unless repugnant to the context or meaning thereof include its successors,
administrators and assigns) having awarded to M/s ---------
shall unless repugnant to the context of meaning thereof, include its successors, administrator’s executors and
assigns), a contract. Bearing No. --------------- dated-----------
valued at ------------------ for ------------------- and the contractor having (scope of contract)
-------(10 per cent) of the said value of the Contract to the Owner. We at -------------
(hereinafter referred to as the 'BANK', which expression shall, unless repugnant to the context or meaning
thereof, include the successors, administrators, executors and assigns) do hereby guarantee and undertake to
pay the Owner, on demand any and all money payable by the Contractor to the extent of --------------------------
---- as aforesaid at any time upto ---------------- (day/month/year) without any demur, reservation, contest,
recourse or protest and/or without any reference to the Contractor. Any such demand made by the owner the
Bank shall be conclusive and binding notwithstanding any difference between the owner and contractor or
any dispute pending before any court, tribunal or any authority.
The Bank undertakes not to revoke this guarantee during its currency without previous consent of the
Owner and further agrees that the guarantee herein contained shall continue to be enforceable till the Owner
discharges this guarantee. The Owner shall have the fullest liberty, without affecting in any way the liability of
the Bank under this guarantee, to postpone from time to time the exercise of any powers vested in then or of
any right which they might have against the Contractor,. And to exercise the same at any time in any manner,
and either to enforce or to forebear to enforce any covenants, contained or implied, in the Contract between
40
the Owner and the Contractor or any other course of or remedy or security available to the Owner. The Bank
shall not be released of its obligations under these presents by any exercise by the Owner or by any other
matters or thing whatsoever which under law would, but for this provision, have the effect of relieving the
Bank. The Bank also agrees that the Owner at its option shall be entitled to enforce this Guarantee against the
Bank as a principal debtor, in the first instance without proceeding against the Contractor and notwithstanding
any security or other guarantee that the Owner may have in relation to the Contractors liabilities.
Apart from other guarantees this Bank Guarantee explicitly provides for the following:
A) The Hardware / Software supplied under the contract shall be free from all defects / bugs and upon
written notice from AAI, the successful bidder shall fully remedy , free of expenses to AAI , all such
defects / bug as developed under the normal use of the said hardware / software within the period of
guarantee/Warranty.
B) The performance guarantee is intended to secure the performance of the entire system. However, it is
not to be construed as limiting the damages stipulated in any other clause.
Notwithstanding anything mentioned herein above our liability under this guarantee is restricted to Rs.
---------- and it shall remain in force upto and including----------------- and shall be extended from time to time
for such period (not exceeding one year), as may be desired by M/s ---------------- on whose behalf this
guarantee has been given.
WITNESS
Date--------------------------
41
PAGE LEFT BLANK
42
ANNEXURE-IIA
(Company Letter Head)
(To be submitted when the form of EMD submission is BG)
(Letter of understanding from the Bidder to Bank to be submitted along with EMD to Airports Authority
of India)
.................... Bank,
.......................
Sir,
The subject Bank Guarantee is obtained from your branch for the purpose of Earnest Money on account of
contract awarded/ to be awarded by M/s AAI to me/us.
I/We hereby authorize the Airports Authority of India in whose favour the deposit is made to close the subject
Bank Guarantee before maturity/on maturity towards adjustment of dues without any
reference/consent/notice from my/our side and the bank is fully discharged by making the payment to
Airports Authority of India.
Date:
Signature of the Depositor
Place:
43
PAGE LEFT BLANK
44
ANNEXURE –II B
BANK GUARANTEE FORMAT FOR EMD(not applicable)
(To be submitted when the form of EMD submission is BG)
Bank Guarantee
The Chairman,
Safdarjung Airport,
INDIA
Dear Sir,
We (full name of the banker) hereby refer to the tender for................. (name of
work) between the Airports Authority of India as purchaser and M/s
..................................... (fill in the name of tenderer) as tenderer providing in
substance for ................ (name of work) as particularized in said tender, to which specific reference is made.
Under the terms of said tender, the tenderer is required to provide a bank guarantee in a form acceptable to
the purchaser for the amount of Rs………(amount in figures)(Rupees .............................. ) on account of EMD.
In view of the foregoing and pursuant to the terms of the said tender, which tender is referred to and made a
part thereof as fully and to the same extent as if copied at length hereon, we hereby absolutely and
unconditionally guarantee to the purchaser, performance of the terms and conditions of the said tender. The
guarantee shall be construed as an absolute, unconditional and direct guarantee of the performance of the
tender without regard to the validity, regularity or enforceability of any obligation of the parties to the tender.
The purchaser shall be entitled to enforce this guarantee without being obliged to resort initially to any other
security or to any other remedy to enforce any of obligations herein guaranteed any may pursue any or all of
its remedies at one or at different times. Upon default of the tender, we agree to pay to the purchaser on
demand and without demur the sum of Rs………(amount in figures)(Rupees …………………………..) or any part
thereof, upon presentation of a written statement by the purchaser that the amount of said demand
represents damages due from the tenderer to the purchaser by virtue of breach of performance by the
tenderer under the terms of the aforesaid tender. The determination of the fact of breach and the amount of
damages sustained and or liability under the guarantee shall be in the sole discretion of the purchaser whose
decision shall be conclusive and binding on the guarantor.
It is mutually agreed that the purchaser shall have the fullest liberty without affecting in any manner our
obligation hereunder with or without our consent to vary any of the terms of the said tender or to extend
the time for performance by the tenderer, from time to time any of the powers exercisable by the
purchaser against the tender and either to forebear or on force any of the terms and conditions relating
to the said tender and we shall not be relieved from our liability by reasons of any variation of any
45
extension being granted to the tender or for any forbearance act or commission on the part of the
purchaser or any indulgence by the purchaser to the tenderer or by any such matter or thing whatsoever
which under the law relating to the sureties would but for this provision have effect of so relieving our
obligation.
This guarantee is confirmed and irrevocable and shall remain in effect until
(the validity shall be six months from the date
of opening of Tender) and such extended periods which may be mutually agreed to. We hereby expressly
waive notice of any said extension of the time for performance and alteration or change in any of the term
and conditions of the said tender.
46
PAGE LEFT BLANK
47
ANNEXURE-III
LIST OF SUPPORT STAFF WITH QUALIFICATION BACKGROUND
(To be submitted with Pre-Qualification Cum Technical bid)
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
AUTHORIZED SIGNATURE
NAME OF THE SIGNATORY
NAME & ADDRESS OF THE TENDERER
OFFICIAL SEAL Date
48
PAGE LEFT BLANK
49
ANNEXURE – IV
FORMAT FOR INTIMATION OF FORCE MAJEURE OCCURRENCE
Safdarjung Airport,
Name of Work : - “Name of the work as given in Schedule-A Sr. No. 1” Tender No. :-
“Tender No. as given in Schedule-A Sr. No. 2”
Sir,
Pursuant to Clause No.12 - FORCE MAJEURE, it is for your kind information that a case of force majeure has
since occurred. Details are given below:
We are entitled to an extension in the date of completion as requested above. Bar Chart with revised schedule
of activities is attached. Please approve the extension in the time. Evidence of the date of occurrence is also
enclosed.
It is certified that performance of the Contract has been interfered with. It is also certified that the incident has
not occurred due to our own action and that there has not been any lack of action by us in preventing the
occurrence.
We are only claiming the extension in the date of completion of the activity (ies) and not claiming the loss
incurred in the course of the incident.
Yours sincerely,
(Project manager)
Enclosures:
50
PAGE LEFT BLANK
51
ANNEXURE – V
Part-I
3. Agreement No.
4. Contract Amount
10. Hindrances on account of which extension is applied for with dates on which hindrances occurred
and the period for which these are likely to last.
Total period for which extension is now applied for on account of hindrances mentioned above.
Month Days
Signature of Contractor
Dated
Part II
2. Recommendations of the project Manager as to whether the reasons given by the contractor are
correct and what extension, if any, is recommended by him. If he does not recommend the
extension, reasons for rejection should be given.
(i) Serial No
(ii) Nature of hindrance
53
(iii) Date of occurrence of hindrance
(iv) Period for which hindrance is likely to last
(v) Extension of time applied for by the contractor
(vi) Overlapping period, if any, giving reference to items which overlap
(vii) Net period for which extension is recommended
(viii) Remarks as to why the hindrance occurred and justification for extension recommended.
3. Project Manager’s Recommendations. The present progress of the work should be stated and
whether the work is likely to be completed by the date up to which extension has been applied
for. If extension of time is not recommended, what compensation is proposed to be levied under
Clause 32 of the agreement.
54
PAGE LEFT BLANK
55
ANNEXURE – VI
BILL OF MATERIAL
Name of Work : - “Name of the work as given in Schedule-A Sr. No. 1”
Tender No. : - “Tender No. as given in Schedule-A Sr. No. 2
Note 1: Form D for concessional duty shall not be applicable for AAI for exemption or reduction in Govt.
Duties.
56
Note 2: Use of erasers, over writing and or corrections in the price Bid should be avoided. However, in case it
becomes unavoidable to use any of these for correction, the same must be authenticated by the person signing
the bid with his signature.
Note 3: The above is for 1 year. The price quoted by the bidder will be for three different years as per Schedule B.
57
PAGE LEFT BLANK
58
ANNEXURE – VII A
Specifications for equipment & compliance Statement As per clause no. 10.1.2 Section II of
Tender Document
Bidder must provide maintenance for the below mentioned items:-
11. E-learning based Cyber Security Programme for the Power users of
AAI.
12. Management awareness programme
59
in managing Cyber Security Incidents at a large organization of at
least 5000 end points on daily basis (5 days a week) in one shift
operation for Cyber Security Incident management and remediation
support. This resource may be required to come beyond the office
hours as well if the situation so requires. In addition to this the
vendor may be required to provide Incident management services
on need basis in situations of large scale outbreak requiring expert
assistance. Such instances shall, however, be rare and in emergency
situations only. The charges for this service will be extra on per
incident basis and the engagement will be comprehensive till the
incident is completely mitigated.
15. Cyber security governance and compliance services.
16. Data classification & protection compliance framework.
17. Assisting AAI in risk assessment & compliance for the purpose of
Cyber insurance.
18. ISMS Consulting, Support for Implementation and Surveillance
Support (03 years)
60
PAGE LEFT BLANK
61
Annexure-VII (B)
Scope of Work
Scope of work and Specifications
Preamble:
I. Airports authority of India is having two data centers at Delhi as mentioned below
to provide various IT services both to the internal and external customers of AAI.
2. The DC at Safdarjung Airport is hosting all the applications and most of the
infrastructure such as Servers, Storage Area Network (SAN) & the backup and
restore facilities. The DC at Rajiv Gandhi Bhavan is primarily used for termination
of the Internet & the Intranet links and housing the periphery security devices like
external firewall, IPS etc.
3. Following applications are hosted in the DC at Rajiv Gandhi Bhavan & Safdarjung
Airport.
3.1 SAPERP
4. IT Division is also running two application viz "eoffice" & "NOCAS" in cloud. The
BSNL cloud facility is being used for both these applications. These cloud based
applications will also be in the scope of the ISMS service provider for VAPT and
all other activities.
5. AAI is primarily using the following OS & Database for provisioning of various services
5.1.2 Linux
5.1.3 HP Unix
62
5.2 Database
5.2.1 Oracle
5.2.3 MySQL
6. In order to provide secure access to the information & the information assets of
AAI, a set of information security and monitoring tools has been deployed in the
datacenter. AAI has the traditional security structure at the gateway which includes
the Firewall, Intrusion Prevention System (IPS), Anti Persistent Threat (APT),
Web mail security etc. AAI has also consolidated the monitoring mechanism and
has implemented the Security Incident and Even Management (SIEM) tool.
Provisioning and augmentation of the Security Infrastructure is a continuous
activity and hence AAI is contemplating implementation of Multi Factor
Authentication (MFA), Web Access Firewall (WAF), End Point Detection and
Remediation (EDR) etc in near future.
7. The ISMS was implemented in Airports Authority of India in the year 2016 and Data Centers at
Safdarjung Airport and Rajiv Gandhi Bhavan were audited and certified for ISO
27001 in Feb 2018. This certificate issued by "nqa" is valid till l0 th April 2021.
The internal and external surveillance Audit for ISO 27001 is due in Jan I Feb 2020
and the same is in the scope of present service provider. However, re-certification
in 2021 and organizing subsequent audits (Both internal by the incumbent vendor
& the external by an independent ISO 27001 qualified auditor I firm) will be in the
scope of the new service provider proposed to be engaged through this tender.
8. As part of the ISMS implementation following documents were prepared and are available with
AAI.
63
8.11 Cryptography Policy
9. As part of the new engagement the selected vendor shall review all the above documents and
suggest if any duplicity is required to be removed and some documents are required to be
64
merged. The vendor shall also review and simplify the existing documents and also prepare any
additional policy document as required.
10. Airports authority of lndia is providing centralized internet services to its employees across India
at all locations connected through the SDWAN and MPLS private WAN network at 110 Airports
& Locations. The remaining airports I locations are using broadband connection to connect via
VPN links to the AAI Intranet. Out of these 110 locations I airports, 55 have been provided in
SDWAN and remaining are on MPLS from Jio. There are dual SDWAN links for internet
services. The SDWAN service on internet and Intranet is being provided by Reliance Jio &
BSNL over redundant links. A policy document will be required to connect the stations using
Broadband connection via Secured VPN connection for regulation of such connections. The
VAPT of the Internet & the Intranet (upto the far location core switch) shall also be in the scope
ofthe vendor.
11. AAI is going to implement the DR site at Hyderabad (Old Hyderabad Airport) by the end of
2020 and hence the new Data Center (DR site) and the related processes will also be part of the
ISMS implementation once the DR is up and before and after it is synchronized with the DC.
This site will also undergo ISO 27001 internal & external audits & certification process. VAPT will
be conducted by 3rd party at Hyderabad, the bidder for this tender needs to undertake the internal
& external audit exercise.
12. Airports authority of India has approximately 11500 end points across different airports and more
than 18000 employees across India. Email and ESS are the common use facilities being utilized
by almost all the employees across India. It is thus essential to reach out and organize an
awareness campaign across all the employees of AAI at three different level.
12.2 Power users- Advance Awareness Programme (Basic+ Advance)- Approximately 7500
employees. These are the employees who have access to the critical information of the
organization like SAP, Airport Information Management System etc and hence need a
higher level of awareness programme. Due to the pandemic related travel restrictions that
are currently in place , we may look for online programme for this one too. So we can
plan webinar / sessions with max 200 no of participants for these sessions.
12.3 AAI Management Awareness Programme- Needs to have the awareness about the ISMS
policies, processes and tools and the importance of the process. This training will be a
class room based training of approximately 2 hours. Video conference facility will be
used to reach out to the remote users.
13. The Basic Awareness and Advance Awareness programme shall be run through E-learning
process and qualified employees will be issued a certificate. All users will have to re-validate the
certificates once a year. The Advance programme will contain the basic programme as well. AAI
management will also have to undertake the basic awareness apart from the management
awareness programme, but this programme will only be classroom based.
65
14. The IT division of AAI is mandated to provide the IT services to all users across India for the
non-operational requirements. The executives of IT division are also involved with the maintenance
and management of the Data Centre and responsible for the implementation of the Information
Security at the core and the end points. These employees are also involved in hands on maintenance
and management of Cyber incidents and hence they need training on all aspects of the Cyber
Security & the Cyber Incident Management & response. Hence, all necessary trainings need to
be imparted to approximately 21 employees of the AAI over 3 programmes of 5 days each. One
programe will be organized in each year of the three year engagement. The programmes needs to
be designed and delivered accordingly. These programmes will be completely practical (Lab) based
and shall be delivered on the tools to be used in planning (Plan), Detection & Analysis,
Containment, Eradication & Recovery and Post incident activities (reports, feedback &
learning) aspects of Cyber Security. This training is designed to be very comprehensive and shall
be followed by an evaluation. Individual found fit may undergo international certification
programmes like CEH, CISM, CISSP, CCSP etc. The exact contents of the training shall be finalized
during the contract.
15. The vendor shall use industry standard tools for carrying out the VAPT & Incident Management
etc. The vendor will suggest the necessary tools and the same will be procured separately by AAI
wherever required. However, the vendor will use the vendor company tools till they are
purchased by AAI. The licensed tools so procured shall be used afterwards.
16. Personal Data Protection Bill on the lines similar to GDPR is likely to be introduced by the Govt
of India. AAI shall be bound to comply the regulations which are promulgated & published by
the Government of India. The vendor shall assist in data classification and carry out the
compliance audit as and when required and shall help in maintaining the compliance in future.
The vendor shall also advise AAI about the applicability of GDPR for any data of European
clients hosted in India by AAI and the measures to ensure compliance. Note:- Detailed GDPR related
process details needs to be formed as per GOI directive (issued by GOI from time to time)
17. AAI is contemplating the mitigation of cyber risks through Cyber Insurance. The scope shall
cover the preparation of necessary documents for the implementation of Cyber Insurance.
Whenever, required AAI shall engage a separate cyber insurance brokerage firm, which will help
AAI in implementing the Cyber Insurance coverage. The scope of the brokerage firm will be
worked out separately. (Note:- Scope of work & BOM needs to be provided to AAI management ,
bid management may be handled by a separate team.)
66
6 Total L2 Switches 82
7 Total L3/Core Switches 6
8 Total Load Balancers 4
9 Total Routers 4
10 Total CCTV Appliances 2
11 Total Security Appliances 17
12 Total Wireless Controller 2
List of Additional Devices under Implementation
1 Firewall – Cisco 2
2 Web Application Firewall 2
3 L3 - Core Switches 2
4 L3 - Distribution Switches 8
Network Infrastructure
No. of Internet SDWAN Links (Jio &
1 BSNL) 2
No of locations on Dual Intranet
2 SDWAN Links 55
No of locations on Single MPLS link
3
(Jio) 55
19. Additional applications and I or devices to the tune of approximately 10% may be included in the
scope anytime during the currency of the contract without any additional financial implication to
AAI.
20.1 The following broad services shall be required from the vendor as part of this
engagement.
67
20.1.8 ISO 27001 (internal and external audit) for re-certification (3 years from April,
2021 onward) and subsequent yearly surveillance audits for the IT infrastructure
of AAI at the existing data center in Delhi.
20.1.9 ISO 27001 audits (internal and external audit) for certification (3 Years) of IT
data center at Hyderabad (DR Site) and subsequent yearly surveillance audits.
20.1.10 E-learning base Cyber Security Awareness Programme for all the employees of
AAI.
20.1.11 E-learning based Cyber Security Programme for the Power users of AAI.
20.1.14 Provisioning of a L-2 Support with at least five years of experience in managing
Cyber Security Incidents at a large organization of at least 5000 end points on
daily basis (5 days a week) in one shift operation for Cyber Security Incident
management and remediation support. This resource may be required to come
beyond the office hours as well if the situation so requires. In addition to this the
vendor may be required to provide Incident management services on need basis
in situations of large scale outbreak requiring expert assistance. Such instances
shall, however, be rare and in emergency situations only. The charges for this
service will be extra on per incident basis and the engagement will be
comprehensive till the incident is completely mitigated.
20.1.17 Assisting AAI in risk assessment & compliance for the purpose of Cyber
insurance.
20.2 ISMS Consulting, Support for Implementation and Surveillance Support (03
years) detailed Scope of work:
20.2.1.1 Review of the existing ISMS implementation and the Security Policies
which will include the Policies, Processes and Technology and shall
cover the following broad activities:
68
20.2.1.1.3 Security controls
20.2.1.2 Deliverables under the scope of this activity are listed below:
20.2.2.2 The audit and ISMS implementation service has to be carried out as per
the laid down standards (ISO 27001) & CERT-in guidelines on policies,
processes, tools & Technologies. The consulting and implementation
process has to ultimately lead to the improvements in the effectiveness
of the ISMS implementation & compliance of the ISO 27001 standards.
The Audit will cover the activities listed below:
69
20.2.2.2.8 Information systems acquisition, development and
maintenance
20.2.2.3 Any other activity if considered necessary shall also be covered in the
scope of Audit.
20.2.2.5 Deliverables under the scope of this activity are listed below:
70
20.2.2.5.1 Information Asset Report
20.2.2.5.4 IT Security Risk Analysis Report (Policies, Processes, Tools & Technology)
20.2.2.7 The comprehensive security audit should follow Open Web Application
Security Project (OWASP) & Open Source Security Testing
Methodology Manual (OSSTMM) standards along with CERT-in
guidelines.
71
20.2.2.8.3 The details of the security devices currently in place is given
in para 6 of the preamble.
20.2.2.8.4 To ascertain that all security devices are integrated with the
SIEM and all logs of the security devices and applications
are getting generated and being monitored at the SIEM. To
also ascertain and document that all events and incidents are
being properly analyzed and action being taken and
recorded on all the events and incidents.
20.2.2.9.1 The scope of work under this activity shall be to carry out
VAPT of for the entire Network of AAI being provided by
Reliance JIO & BSNL as already elaborated under para 10
of the preamble. The connectivity to external locations is
only through the central location at CHQ. The audit at the
far end of the intranet shall only include the far end router
and the core switch and shall be carried out from RGB DC.
Further down the network audit may be required only in
extreme exigency and will be very few in number.
72
20.2.2.1 0.1 The scope of work under this activity shall cover the VAPT
of various applications & the associated operating systems,
databases, front-end devices, load-balancers etc of various
applications of AAI for a period of three years. The detailed
list of applications is given in para 3 & 4 of the preamble.
20.2.2.11.1 The scope of work under this activity shall cover the review
& technical audit of the storage, backup & retrieval systems.
20.2.2.12.1 The scope under this category shall involve the audit of the
physical access controls, environmental controls like
cooling, humidity, fire control & UPS etc. AAI IT Data
Centres in Rajiv Gandhi Bhawan & Safdarjung Airport, both
are located in New Delhi & situated within a walkable distance
of each other . Hyderabad DR will be added once it is
operational later during the course of the contract.
20.2.2.14.1 The vendor shall carry out the post mitigation audits I
vulnerability closure audit on the VAPT recommendations
and prepare the vulnerability closure reports.
20.2.2.15 The vendor shall provide the following services under this activity:
73
20.2.2.15.4 Checking I Auditing of regular patches available through
OEM to overcome security loopholes I flaws and their
deployment.
20.2.2.15.5 The audits should cover all the three states of the
information i.e. at rest, under process and in transit.
20.2.2.15.6 Audit should also carry out the performance testing of the
applications and include performance improvement steps if
required.
20.2.2.16 Deliverables under the scope of this activity are listed below:
20.2.2.17 The following minimum parameters shall be used for the Applications
Security Audit.
74
20.2.2.17.4 Check vulnerabilities like IF Spoofing, session hijacking,
account spoofing Frame spoofing, caching of web pages,
Cross site scripting, Cookie handling etc.
20.2.2.18.16 OS Fingerprinting
75
20.2.2.18.19 Hard-Coded Secrets
20.2.2.19 The above list of minimum parameters & minimum is not all inclusive
and may contain many more parameters I tests which may have become
relevant over the period. It may also be seen that not all tests may be
applicable in all environments.
20.2.2.20 There may be a minor change in network configuration from the time of
release of tender to the time actual audit. The variation over the contract
period may include additional systems to the extent of I 0% which is to
be included in the scope as and when felt necessary by AAI without any
additional financial implication.
20.2.3.2 Deliverables under the scope of this activity are listed below:
76
20.2.3.2.1 Internal Audit Reports
20.2.4.1 The vendor will be required to review and submit the revised Crisis
Management Plan for Countering Cyber Attacks and Cyber Terrorism.
The plan shall be in line with the CERT-In guidelines also taking into
consideration the current AAI infrastructure.
20.2.5.1 The Cyber security awareness campaign will be run by the vender every
year and will be a continuous activity. As per the awareness
programme, three types of users trainings will be conducted as detailed
below:-
77
the importance of ISMS implementation in AAI and shall be
classroom/ online / video conferencing based programme
covering a maximum of about
50 senior executives in 3 batches. This training may also use
the video conferencing facility of AAI for imparting this
training to the remote users.
20.2.5.2 Deliverables under the scope of this activity are listed below:
20.2.6 Activity7: -Third Party audit & Re-Certification for ISO 27001
and subsequent Surveillance Audits
20.2.6.1 Both the DC of AAI at CHQ (RGB & Safdarjung Airport) are ISO
27001 certified by "nqa". The current certificate is valid upto 10th April
2021. The vendor will have to complete the re-certification (for 3 years)
internal audit and will have to engage the external auditors for re-
certification well in time to complete all activities of re-certification
before the expiry date( Whose cost will be on bidders part) . All costs for
re-certification will have to born by
78
the vendor. The subsequent surveillance (internal &
external audits) shall also be in the scope of the vendor.
20.2. 7 Activity7: -Third Party audit & ISO 27001 Certification for the new DR
under implementation at Hyderabad.
20.2.8.1 AAI website www.aai.aero is hosted on the ".aero" domain and its
GIGW certification is not in the purview of STQC. However, the GIGW
compliance is mandatory as per Govt. Guidelines. Hence the vendor will
carry out the GIGW audit of the AAI website as per STQC guidelines
and bring out non-compliance report if any to the standards prescribed
by STQC. The non-compliance will be patched and the vendor will
carry out a compliance audit and confirm that the website is GIGW
compliant in all respects after closure of all non-compliances (if found
during the audit).
20. 2. 9.1 AAI will establish an incident management team consisting of the
executives from the IT department. One L-2 engineer, having an
engineering degree in computer science I IT I Electronics with a
minimum of 5 years of experience in cyber security events I incidents
handling and management with a big organization is required to be
provided on 5 days working basis. This resource will become a key
member of AAI incident response team. The normal working hours of
this resource shall be 9.30-1800 hours on 5-day basis but his services
may be required beyond these hours on requirement basis. His
responsibility will include helping AAI in mitigation of the cyber
incidents I threats and help recover the operations of AAI after the
incident and preparation of the post incident reports.
20.2.10 Activity 10- Need based Incident Management Support
***************
PAGE LEFT BLANK
ANNEXURE – VIII
9 TIN/VAT
10 PAN/Service Tax no.
11 Date of Incorporation of the
Company as per MoA ( Copy
Attached /Uploaded)
12 Proof of Execution of Name of the Po ref. with PO Amt. Remarks
Works Work date
12.1 Similar Work Experience 1
12.2 Similar Work Experience 2
12.3 Similar Work Experience 3
13 Date of completion of Name & Address Contact Email Address
Certificates of the above said Desig. of number
works Signatory
13.1 Similar Work Experience 1
13.2 Similar Work Experience 2
13.3 Similar Work Experience 3
14 Power of Attorney (Stamp Yes or No
Paper of Rs 100/-) in favor of
signatory (attached)
15 Acceptance letter as per Yes or No
Annexure-I
(Attached/Uploaded)
16 List of Qualified Staff Annexure- Yes or No
III
17 Detailed Bill of Material Signed Yes or No
as per Annexure VII
18 Duly Filled Compliance Yes or No
Statement as per Annexure
VIIA
19 Scope of work (Signed and Yes or No
stamped)
The parties hereto hereby agree to enter into this Integrity Pact and agree as follows:
1.1 The Authority undertakes that no official of the Authority, connected directly or indirectly with the
contract, will demand, take a promise for or accept, directly or through intermediaries, any bribe,
consideration, gift, reward, favour or any material or immaterial benefit or any other advantage from the
BIDDER, either for themselves or for any person, organization or third party related to the contract in
exchange for an advantage in the bidding process, bid evaluation, contracting or implementation process
related to the contract.
1.2 The Authority will, during the pre‐contact stage, treat all BIDDERs alike, and will provide to all BIDDERs
the same information and will not provide any such information
to any particular BIDDER which could afford an advantage to that particular BIDDER in comparison to
other BIDDERs.
1.3 All the officials of the Authority will report to the appropriate authority office any attempted or
completed breaches of the above commitments as well as any substantial suspicion of such a breach.
2.0 In case any such preceding misconduct on the part of such official(s) is reported by the BIDDER to the
Authority with full and verifiable facts and the same is prima facie found to be correct by the Authority,
necessary disciplinary proceedings, or any other action as deemed fit, including criminal proceedings may
be initiated by the Authority and such a person shall be debarred from further dealings related to the
contract process. In such a case while an enquiry is being conducted by the Authority the proceedings
under the contract would not be stalled.
3. Commitments of Bidders/Contractor.
The Bidder/Contractor commits itself to take all measures necessary to prevent corrupt practice, unfair
means and illegal activities during any stage of its bid or during any pre‐contract or post‐contract stage in
order to secure the contract or in furtherance to secure it and in particular commit itself to the following:‐
3.1 The Bidder/Contractor will not offer, directly or through intermediaries, any bribe, gift, consideration,
reward, favour, any material or immaterial benefit or other advantage, commission, fees, brokerage or
inducement to any official of the Authority, connected directly or indirectly with the bidding process, or
to any person, organization or third party related to the contract in exchange for any advantage in the
bidding, evaluation, contracting and implementation of the contract.
3.2 (i) The Bidder/Contactor further undertakes that it has not given, offered or promised to give, directly
or indirectly any bribe, gift, consideration, reward, favour, any material or immaterial benefit or other
advantage, commission, fees, brokerage or inducement to any official of the Authority or otherwise in
procuring the Contract or forbearing to do or having done any act in relation to the obtaining or execution
of the contract or any other contract with the Authority for showing or forbearing to show favour or
60isfavor to any person in relation to the contract or any other contract with the Authority.
3.2 (ii) The Bidder /Contactor has not entered and will not enter with other bidders into any undisclosed
agreement or understanding, whether formal or informal. This applies in particular to prices, specification,
certifications, subsidiary contracts, submission or non‐submission of bids or any actions to restrict
competitiveness or to introduce cartelization in the bidding process.
3.3 The Bidder/Contractor shall, when presenting his bid, disclose the name and address of agents and
representatives and Indian BIDDERs shall disclose their foreign principals or associates.
a) The Bidder/Contactor shall when presenting his bid disclose any and all the payments
he has made or, is committed to or intends to make to agents/brokers or any other intermediary, in
connection with this bid/contract.
3.5 The Bidder/Contractor further confirms and declares to the Authority that the BIDDER is the original
manufacturer/integrator/ authorized government sponsored export entity of the stores and has not
engaged any individual or firm or company whether Indian or foreign to intercede, facilitate or in any way
to recommend to the Authority or any of its functionaries, whether officially or unofficially to the award
of the contract to the BIDDER, nor has any amount been paid, promised or intended to be paid to any
such individual, firm or company in respect of any such intercession, facilitation or recommendation.
3.6 The Bidder/Contractor, either while presenting the bid or during pre‐contract negotiations or before
signing the contract, shall disclose any payments he has made, is committed to or intends to make to
officials of the Authority or their family members, agents, brokers or any other intermediaries in
connection with the contract and the details of services agreed upon for such payments.
3.7 The Bidder/Contractor will not collude with other parties interested in the contract to impair the
transparency, fairness and progress of the bidding process, bid evaluation, contracting and
implementation of the contract.
3.8 The Bidder/Contractor will not accept any advantage in exchange for any corrupt practice, unfair
means and illegal activities.
3.9 The Bidder / Contactor shall not use improperly, for purposes of competition or personal gain ,or pass
on to others, any information provided by the Authority as part of the business relationship, regarding
plans, technical proposals and business details, including information contained in any electronic data
carrier. The Bidder / Contractor also undertakes to exercise due and adequate care lest any such
information is divulged.
3.11 The Bidder/Contactor commits to refrain from giving any complaint directly or through any other
manner without supporting it with full and verifiable facts.
3.12 The Bidder/Contactor shall not instigate or cause to instigate any third person to commit any of the
actions mentioned above.
3.13 If the Bidder/Contractor or any employee of the Bidder/Contractor or any person acting on behalf of
the Bidder/ Contractor, either directly or indirectly, is a relative of any of the officers of the Authority, or
alternatively, if any relative of an officer of the Authority has financial interest/stake in the
Bidder’s/Contractor’s firm, the same shall be disclosed by the Bidder/Contractor at the time filing of
tender. The term ‘relative’ for this purpose would be as defined in Section 6 of the Companies Act 1956.
3.14 The Bidder/Contractor shall not lend to or borrow any money from or enter into any monetary
dealings or transactions, directly or indirectly, with any employee of the Authority.
3.15 That if the Bidder/ Contractor, during tender process or before the award of the contract or during
execution of the contract/work has committed a transgression in violation of section 2 or in any other
form such as to put his reliability or credibility as Bidder/Contractor into question, the Authority is entitled
to disqualify him from the tender process or to terminate the contract for such reason and to debar the
BIDDER from participating in future bidding processes.
4. Previous Transgression
4.1 The Bidder/Contractor declares that no previous transgression occurred in the last three years
immediately before signing of this Integrity Pact, with any other company in any country in respect of any
corrupt practices envisaged hereunder or with any Public Sector Enterprise in India or any Government
Department in India that could justify Bidder’s exclusion from the tender process.
4.2 The Bidder/Contractor agrees that if it makes incorrect statement on this subject, he can be
disqualified from the tender process or the contract, if already awarded, can be terminated for such
reason and he may be considered for debarment for future tender/contract processes.
4.3 That the Bidder/Contractor undertakes to get this Pact signed by the subcontractor (s) and associate(s)
whose value of the work contribution exceeds Rs .5 Crores. (Rupees zero point five Crores.) and to submit
the same to the Authority along-with the tender document/ contract before contract signing.
4.4. That sub-contractor(s)/ associate(s) engaged by the Contractor, with the approval of the Authority
after signing of the contract, and whose value of the work contribution exceeds Rs 0.5 Crs. (Rupees Zero
point five Crs.) will be required to sign this Pact by the Contractor, and the same will be submitted to the
Authority before doing/ performing any act/ function by such subcontractor(s)/ associate(s) in relation to
the contract/ work.
4.5 That the Authority will disqualify from the tender process all Bidder(s) who do not sign this Pact or
violate its provisions or fails to get this Pact signed in terms of section 4.3 or 4.4 above.
4.6 That if the Contractor(s) does/ do not sign this Pact or violate its provisions or fails to get this Pact
signed in terms of Section 4.3 or 4.4 above. Authority will terminate the contract and initiate appropriate
action against such Contractor(s).
5. Earnest Money, Security Deposit, Bank gurantee, Draft, Pay order or any other mode and its validity
i/c Warranty Period, Performance gurantee/Bond.
While submitting bid, the BIDDER shall deposit an EMD/SD/BG/DRAFT/PAY ORDER ETC I/C WARRANTY
PERIOD, PG/BOND, VALIDITY ETC, which is as per terms and conditions and details given in NIT / tender
documents sold to the Bidders.
6. Sanctions for Violations/Disqualification from tender process and exclusion from future Contacts.
6.1 Any breach of the aforesaid provisions by the BIDDER or any one employed by it or acting on its behalf
(whether with or without the knowledge of the BIDDER) shall entitle the Authority to take all or any one
of the following actions, wherever required:‐ (i) To immediately call off the pre contract negotiations
without assigning any reason or giving any compensation to the BIDDER. However, the proceedings with
the other BIDDER(s) would continue. (ii) To immediately cancel the contract, if already signed, without
giving any compensation to the BIDDER. (iii) If the Authority has disqualified / debarred the Bidder from
the tender process prior to the award under section 2 or 3 or 4, the Authority is entitled to forfeit the
earnest money deposited/bid security. (iv) To recover all sums already paid by the Authority, and in case
of an Indian BIDDER with interest thereon at 2% higher than the prevailing Prime Lending Rate of State
Bank of India, while in case of a BIDDER from a country other than India with interest thereon at 2% higher
than the LIBOR. If any outstanding payment is due to the BIDDER from the Authority in connection with
any other contract or any other stores, such outstanding payment could also be utilized to recover the
aforesaid sum and interest. (v) To encash the advance bank guarantee and performance bond/warranty
bond, if furnished by the BIDDER, in order to recover the payments, already made by the BUYER, along
with interest. (vi) To cancel all or any other Contracts with the BIDDER. The BIDDER shall be liable to pay
compensation for any loss or damage to the Authority resulting from such cancellation/rescission and the
Authority shall be entitled to deduct the amount so payable from the money(s) due to the BIDDER.
(vii) To debar the BIDDER from participating in future bidding processes for a minimum period of three
years, which may be further extended at the discretion of the Authority.
b) To recover all sums paid in violation of this Pact by BIDDER(s) to any middleman or agent or broker with
a view to securing the contract. (ix) In case where irrevocable Letters of Credit have been received in respect
of any contact signed by the Authority with the BIDDER, the same shall not be opened. (x) Forfeiture of
Performance Bond in case of a decision by the BUYER to forfeit the same without assigning any reason
for imposing sanction for violation of this Pact.
(xi) That if the Authority have terminated the contract under section 2 or 3 or 4 or if the Authority is
entitled to terminate the contract under section 2 or 3 or 4, the Authority shall be entitled to demand and
recover from the contractor damages equivalent to 5% of the contract value or the amount equivalent to
security deposit or performance bank guarantee, whichever is higher.
(xii) That the Bidder / Contractor agrees and undertakes to pay the said amount without protest or demur
subject only to condition that if the Bidder/Contractor can prove and establish to the satisfaction of the
Authority that the disqualification / debarment of the bidder from the tender process or the termination
of the contract after award of the contract has caused no damage to the Authority.
6.2 The Authority will be entitled to take all or any of the actions mentioned at para
6.1(i) to (xii) of this Pact also on the Commission by the BIDDER or any one employed by it or acting on its
behalf (whether with or without the knowledge of the BIDDER), of an offence as defined in Chapter IX of
the Indian Penal code, 1860 or Prevention of Corruption Act, 1988 or any other statute enacted for
prevention of corruption.
6.3 That if the Bidder/Contractor applies to the Authority for premature revocation of the debarment and
proves to the satisfaction of the Authority that he has installed a suitable and effective corruption
prevention system and also restored/recouped the damage, if any, caused by him, the Authority may, if
thinks fit, revoke the debarment prematurely considering the facts and circumstances of the case, and
the documents/evidence adduced by the Bidder/Contractor for first time default.
6.4 That a transgression is considered to have occurred if the Authority is fully satisfied with the available
documents and evidence submitted along with Independent External Monitor’s
recommendations/suggestions that no reasonable doubt is m possible in the matter.
6.5 The decision of the Authority to the effect that a breach of the provisions of this Pact has been
committed by the BIDDER shall be final and conclusive on the BIDDER. However, the BIDDER can approach
the Independent External Monitor(s) appointed
That if the Authority receives any information of conduct of a Bidder/ Contractor or Sub-Contractor or of
an employee or a representative or an Associates of a Bidder, Contractor or Sub- Contractor which
constitute corruption, or if the Authority has substantive suspicion in this regard, the Authority will inform
the Vigilance Department for appropriate action.
8.1. That the Authority has appointed competent and credible Independent External Monitor(s) for this
Pact.
8.2 The task of the Monitor is to review independently and objectively, whether and to what extent the
parties comply with the obligations under this Pact. He will also enquire into any complaint alleging
transgression of any provision of this Pact made by the Bidder, Contractor or Authority.
8.3. That the Monitor is not subject to any instructions by the representatives of the parties and would
perform his functions neutrally and independently. He will report to the Chairperson of the Board of the
Authority.
8.4 That the Bidder / Contractor accepts that the Monitor has the right to access without restriction to all
project documentation of the Authority including that provided by the Bidder/Contractor. The
Bidder/Contractor will also grant the Monitor, upon his request and demonstration of a valid interest,
unrestricted and unconditional access to his project documentation including minutes of meeting. The
same is applicable to Sub – Contractors and Associates. The Monitor is under obligation to treat the
information and documents of the Authority and Bidder/ Contractor / Sub- Contractors/ Associates with
confidentiality.
8.5. That as soon as the Monitor notices, or believes to notice, a violation of this Pact, he will so inform
the management of the Authority and request the management to discontinue or heal the violation, or
to take other relevant action. The Monitor can in this regard submit his recommendations/ suggestions.
Beyond this, the Monitor has no right to demand from the parties that they act in a specific manner,
refrain from action or tolerate action.
8.6 That the Authority will provide to the Monitor sufficient information about all meetings among the
parties related to the project provided such meetings could have an impact on the contractual relations
between the Authority and the Contractor / Bidder. The parties offer to the Monitor the option to
participate in such meetings.
8.7 That the Monitor will submit a written report to the Chairperson of the Board of the Authority within
2 weeks from the date of reference or intimation to him by the Authority and, should the occasion arise,
submit proposals for correcting problematic situations.
8.8 That if the Monitor has reported to the Chairperson of the Board a substantiated suspicion of an
offence under relevant Anti- Corruption Laws of India and the Chairperson has not, within reasonable
time, taken visible action to proceed against such offence or reported it to the Vigilance Department, the
Monitor may also transmit this information directly to the Central Vigilance Commissioner, Government
of India.
9. Facilitation of Investigation.
In case of any allegation of violation of any provisions of this Pact or payment of commission, the Authority
or its agencies shall be entitled to examine all the documents including the Books of Accounts of the
BIDDER and the BIDDER shall provide necessary information and documents in English and shall extend
all possible help for the purpose of such Examination.
That this Pact is subject to Indian Law. The place of performance and jurisdiction is the
11.1 That the changes and supplements as well as termination notices need to be made in writing.
11.2 That if the Bidder / Contractor is a partnership or a consortium, this Pact must be signed by all the
partners and consortium members or their authorized representatives.
12.1 That this Pact comes into force when both the parties have signed it. It expires for the Contractor 12
months after the final payment under the respective contract, and for all other Bidders 3 months after
the contract is awarded.
12.2. That if any claim is made / lodged during this period, the same shall be binding and continue to be
valid despite the lapse of this Pact as specified herein before, unless it is discharged/determined by
Chairman of the Authority.
12.3 That should one or several provisions of this Pact turn out to be invalid; the remainder of this Pact
shall remain valid. In this case, the parties will strive to come to an agreement to their original intentions.
Bidders are also advised to have a company code of conduct (clearly rejecting the use of brides and other
unethical behavior) and a compliance program for the implementation of the code of conduct throughout
the company.
Buyer BIDDER
Name of the Officer CHIEF EXECUTIVE OFFICER
Designation
Deptt./Ministry/PSU
Witness Witness
1._______________________________ 1.______________________________
2._______________________________ 2.______________________________
PAGE LEFT BLANK
ANNEXURE – X
PROFORMA FOR UNDERTAKING
[TO BE SUBMITTED WITH PRE-QUALIFICATION CUM TECHNICAL BID]
To,
General Manager (IT)
Airports Authority of India, Rajiv
Gandhi Bhawan,
Safdarjung Airport, New Delhi 110003.
Name of Work: - “Name of the work as given in Schedule-A Sr. No. 1” Tender
No.: “Tender No. as given in Schedule-A Sr. No. 2”
1. I/We undertake that, our firm or any of our firm’s Partners or Directors have not been
blacklisted and no case is pending and no complaint regarding irregularities is pending, in India or
abroad, by any global international body like World Bank/International Monetary Fund/World
Health Organization, etc. or any Indian State/Central Governments Departments or Public Sector
Undertaking of India.
2. I/We undertake that, our firm possess the required tools, plants, skilled manpower, etc. required
for execution of work as per scope of the tender. I/We also undertake that no part of the scope of
work shall be sublet or outsourced to any third party without written consent from AAI.
3. I/We undertake that, our firm or its Partners or its Directors or Sole Proprietor do not have any
outstanding dues payable to the Airports Authority of India.
4. I/We undertake that, the complete responsibility to carry out the works and their completion as
per scope of the tender, shall be of our firm only.
5. I/We undertake that, our firm or our subsidiary firm or our parent firm has not submitted
Alternate or partial bid(s).
Dated:
(Bidder shall submit irrevocable power of attorney on a non‐judicial stamp paper of Rs.100/‐
Signed by authorized signatory as per Memorandum of Articles authorizing the persons, who are
Signing this bid on behalf of the company)
a Company incorporated under the Provisions of companies Act, 1956 having its
Registered Office at (hereinafter referred to as the
“Company”) do hereby severally appoint, constitute and nominate
official(s) of the Company, so long as they are in the employment of the Company (hereinafter
referred to as the “Attorneys”) to sign agreement and documents with regard Bid No.
due on invited by Airports Authority of
India, Rajiv Gandhi Bhawan, Safdarjung Airport, New Delhi – 110 003 for “Implementation of
Information Security Management System(ISMS) Solutions for Airports Authority of India” and to do all
other acts, deeds and things the said Attorneys may consider expedient to enforce and secure
fulfilment of any such agreement in the name and on behalf of the Company AND THE COMPANY
hereby agrees to ratify and confirm all acts, deeds and things the said Attorneys shall lawfully do by
virtue of these authorities hereby conferred.
IN WITNESS WHEREOF, this deed has been signed and delivered on the day, month and year first
above written by Mr. Authorized Signatory, duly authorized by the Board of
Directors of the Company vide it’s resolution passed in this regard.
Authorized Signatory
Witness:
1.
2.
(Attested)
( )
Authorized Signatory
PAGE LEFT BLANK
ANNEXURE - XII
(NON-DISCLOSURE AND CONFIDENTIAL AGREEMENT)
STRICTLY PRIVATE AND CONFIDENTIAL
BETWEEN
<<Name of the Contractor>>, a company incorporated under the laws of India and having its
corporate office at <<Address of the Contractor>> (hereinafter referred to as <<Contractor>>"
AND
Airports Authority of India, a Government of India, Public Sector Undertaking constituted under
the Airports Authority of Act 1994 having its office and principle place of business at its corporate
headquarter at Rajiv Gandhi Bhawan, Safdarjung Airport, New Delhi 110003 (hereinafter referred
to as "AAI".
WHEREAS <<Contractor>> and AAI (hereinafter referred to as "the Parties") wish to engage in
discussions with each other regarding potential business arrangements between the parties vide
AAI PO/WO No. <<Details of PO/WO>> (hereinafter referred to as "the Purpose").
NOW THEREFORE, to enable such discussions to proceed, each party ("Disclosing Party")
understands that certain Confidential Information, as defined below, may need to be disclosed to
the other Party ("Receiving Party").
1. All information and data relating to the purpose which is obtained, whether in writing,
pictorially, in machine readable form or orally in connection with the discussions
(including but without limitation, financial information, know-how, processes, ideas,
(whether .patentable or not), schematics, trade secrets, technology, customer lists
(potential or actual) and other customer-related information supplier information, sales
statistics, market intelligence, marketing and other business strategies and other
commercial information of a confidential nature.
2. This Agreement, but does not include Confidential Information which is or becomes
publicly vailable, other than as a result of a breach of this Agreement, or becomes lawfully
available to either party from a third party free from any confidentiality restriction or any
information required to be disclosed under any relevant law or regulation provided the
affected party is given prompt notice of such requirements and the scope of such
disclosure is limited to the extent possible or order of court provided that the Disclosing
Party is given prompt notice of such order and (where possible) provided the opportunity
to contest it.
IN CONSIDERATION of each Party's Confidential Information, each Party agrees to the following
terms and conditions:
1. That the Receiving party shall use the Confidential Information only for the purpose. The
Receiving Party shall treat the Confidential Information with the same degree of care and
protection, as it would use with respect of its own Confidential Information.
2. That the Receiving Party shall not disclose any of the Confidential Information to any third
Party, nor shall it use the Confidential Information for any purpose other than stated in clause
1 and except to the extent required by law, without the prior written consent of the Disclosing
Party.
3. The Receiving Party shall not copy or reproduce in any way (including without limitation, store
in any computer or electronic system) any Confidential Information or any documents
containing Confidential Information without the Disclosing Party's consent.
4. The Receiving Party shall take all necessary steps and precautions to protect the Confidential
Information against any un-authorized access and not to divulge any such Confidential
Information or any Confidential Information derived there from to any third person.
5. The Receiving' Party shall immediately upon request by the Disclosing Party deliver to the
Disclosing Party all material including all copies (if any) made under clause 3.
6. The Receiving Party shall not use the Confidential Information directly or indirectly to procure
a commercial advantage over the Disclosing Party both during and after the completion of the
purpose.
7. The Receiving party acknowledge that damages are not a sufficient remedy for the Disclosing
party for any breach of any of the Receiving Party's undertakings herein provided and the
Receiving Party further acknowledges that the Disclosing Party is entitled to specific
performance or injunctive relief (as appropriate) as a remedy for any breach or threatened
breach of those undertakings by the Receiving Party, in addition to any other remedies
available to the Disclosing Party in law or in equity.
8. No failure or delay by either party in exercising or enforcing any right, remedy or power
hereunder shall operate as a waiver thereof, nor shall any single or partial exercise or
enforcement of any right, remedy or power preclude any further exercise or enforcement
thereof or the exercise or enforcement of any other right, remedy or power.
9. The Receiving Party does not acquire any intellectual property rights under this Agreement or
through any disclosure hereunder, except the limited right to use such confidential
Information in accordance with this Agreement. No warranties of any kind are given with
respect to the Confidential Information disclosed under this Agreement or any use thereof
except as may be otherwise agreed to in writing.
10. The Disclosing Party understands that the Receiving Party may currently, or in future, be
developing information internally or receiving information from third parties that may be
similar to that received from the Disclosing Party. Accordingly, nothing in this Agreement shall
be construed as representation or inference that the Receiving Party will not develop any
technology, information, know-how, processes or products, or have technology, information
or products developed for it, that, without violation of this Agreement, compete with or are
the same or similar to the technology, information, know-how, processes or products
contemplated by the Disclosing Party’s Confidential Information.
11. Any dispute or difference arising at any time between the Parties hereto in relation to any
undefined terms contained herein will be resolved through mediation between
12. the senior management of the parties by each parties appointing a person from their
respective senior management as mediators. If the parties are unable to resolve the dispute
within 30 (thirty) days through mediation between them, then the parties shall refer to the
dispute to arbitration. The arbitrator shall be mutually decided between the parties. The
arbitration shall be conducted under Indian Arbitration and Conciliation act of 1996. The place
of arbitration shall be in New Delhi. India. The language of such arbitration shall be English.
13. The laws of the Republic of India shall govern the validity, construction and performance of
this Agreement.
14. Nothing in this Agreement shall prejudice any Party's rights to seek injunctive relief in the
courts of any competent jurisdiction.
15. This Agreement supersedes all prior discussions and writings with respect to the subject
matter hereof, and constitutes the entire agreement between the parties with respect to the
subject matter hereof. No waiver or modification of this Agreement will be binding upon
either party unless made in writing and signed by a duly authorized representative of each
Party and no failure or delay in enforcing and right will be deemed a waiver. In the event that
any of the provisions of this Agreement shall be held by a court or other tribunal of competent
jurisdiction to be unenforceable, the remaining portions hereof shall remain in full force and
effect.
16. This Agreement may be terminated at any-time by a party giving thirty (30) days prior written
notice to the other party, provided that the obligations respecting the Confidential
Information already provided hereunder shall survive any termination of this Agreement for
a period of 2 years from the date of execution of this Agreement.
17. This Agreement has been made in order to keep the conditions of non- disclosure and
confidentiality between «Contractor» & AAI for the documents and information to be
provided by AAI to «Contractor» in connection with the award of work by AAI to «Contractor»
for « Name of work» vide AAI WO/PO No. «Details of WO/PO»
IN WITNESS WHERE OF this Agreement has been executed by the duly authorized representative
of each party on the day and year first above written.
Signed :
Name :
Designation :
Signed:
Name :
Designation :
81
PAGE LEFT BLANK
Annexure XIV
1. TIA/Bid Manager will login to the portal https://etenders.gov.in/ with valid User ID (i.e. User ID
mapped with Digital Signature Certificate) and follow the process of tender creation.
2. After completion of Basic and Cover Details go to next stage for Fee Details and select the option
as per below screen:
1. Payment confirmation can be find out at the time of Tender Opening process.
2. TIA/Bid Manager will login to the portal https://etenders.gov.in/ with valid User ID (i.e. User
ID mapped with Digital Signature Certificate) and follow the process of tender opening.
3. After opening of tender, click on first cover (i.e. Fee Cover) and select Bid Opening or Quick
Bid Opening option against each Bidder.
4. Payment status will be checked/verified for Individual Bidders.
5. Click on View Paid Information link and get the bidder details along with Payment detail.
6. If Status is seen as “Success” it means that bidder has successfully paid for Tender Fee/EMD
Successfully. Screen shot is attached herewith for the reference.
3URFHGXUHIRU2QOLQH&ROOHFWLRQRI(0'DQG7HQGHU)HHIURP%LGGHUV
,QFDVHRI(0',I%LGGHULVSD\LQJ(0'WKURXJKDQ\RIEHORZRSWLRQV6HOHFWWKHRSWLRQ ³<HV´
DVSHUEHORZVFUHHQVKRWDQGSURYLGHWKHGHWDLOVDQGXSORDGFRS\DVDSURRI
%DQN*XDUDQWHH%*6ZLIW7UDQVIHU67
([HPSWHGIURP(0'3D\PHQW
Note: For submitting “EMD through BG/ST” or “Exemption from EMD payment” bidder must
select “Yes” otherwise bidders will not have the option to pay EMD through Bank Guarantee.
Once proceeded it is not possible to revert the option
6HOHFWRSWLRQ³12´DVSHUEHORZVFUHHQVKRWIRUSURFHHGLQJIRU2QOLQH(0'SD\PHQW
$IWHUVHOHFWLQJWKHRSWLRQFOLFNRQ³1H[W´%XWWRQDVSHUDERYHVFUHHQVKRW)XUWKHUSURFHVVWREH
IROORZHGDVSHUVXEVHTXHQWVFUHHQ
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
1DWLRQDO,QIRUPDWLFV&HQWUH 3D\PHQW*DWHZD\
1,&*H31,& 9HUVLRQ 3DJH
PAGE LEFT BLANK
EMPANELLED INFORMATION SECURITY AUDITING ORGANISATIONS by CERT-In
The List of IT Security Auditing Orgnisations, as given below, is up-to-date valid list of CERT-In
Empanelled Information Security Auditing Orgnisations. This list is updated by us as soon as there is
any change in it.
2. M/s AKS Information Technology Services Pvt Ltd (subject to outcome of background
verification)
18. M/s Network Intelligence India Pvt. Ltd. (subject to outcome of background verification)
2nd Floor, 204, Ecospace IT Park,
Off Old Nagardas Road, Andheri-E, Mumbai-400069.
Ph :+919820049549
Fax: NA
Contact Person : Mr. Kanwal Kumar Mookhey
E-mail :kkmookhey[at]niiconsulting.com
22. M/s Protiviti India Member Private Limited (subject to outcome of background verification)
GTB Nagar, Lalbaug, Everard Nagar,
Sion, Mumbai, Maharashtra 400022
Ph :022 6626 3333
Contact Person : Mr. Sandeep Gupta (Managing Director)
E-mail :Sandeep.Gupta[at]protivitiglobal.in
Phone: +91-9702730000
32. M/s Xiarch Solutions Private Limited (subject to outcome of background verification)
AAA TechnologiesLimited,
Mumbai, Delhi, Bangalore, Lucknow, Chennai, Pune
Govt. : 400+
PSU : 100+
Private : 25+
Total Nos. of Information Security Audits done : 525+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 5+
BS7799 / ISO27001 LAs : 30+
CISAs : 20+
DISAs / ISAs : 5+
Any other information security qualification : 35+
Total Nos. of Technical Personnel : 75+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial
i. NetSparker
ii. Core Impact
iii. Nessus Pro
iv. Nipper
v. Burp Suite
vi. Idea
Freeware
i. Nmap
ii. DOMTOOLS - DNS-interrogation tools
iii. Nikto - This tool scans for web-application vulnerabilities
iv. Firewalk - Traceroute-like ACL & network inspection/mapping
v. Hping – TCP ping utilitiy
vi. Dsniff - Passively monitor a network for interesting data (passwords, e-mail, files, etc.).
facilitate the interception of network traffic normally unavailable to an attacker
vii. HTTrack - Website Copier
viii. Tools from FoundStone - Variety of free security-tools
ix. SQL Tools - MS SQL related tools
x. John - John The Ripper, Password-cracking utility
xi. Paros - Web proxy for web application testing
xii. Wikto - Web server vulnerability assessment tool
xiii. Back Track
xiv. Meta Sploit
xv. Ethereal - GUI for packet sniffing. Can analysetcpdump-compatible logs
xvi. NetCat - Swiss Army-knife, very useful
xvii. Hping2 - TCP/IP packet analyzer/assembler, packet forgery, useful for ACL inspection
xviii. Brutus – password cracking for web applications, telnet, etc.
xix. WebSleuth - web-app auditing tool
xx. HTTPrint – detect web server and version
xxi. OpenVas
xxii. W3af
xxiii. Owasp Mantra
xxiv. Wire Shark
xxv. Ettercap
xxvi. Social Engineering Tool Kit
xxvii. Exploit database
xxviii. Aircrack-Ng
xxix. Hydra
xxx. Directory Buster
xxxi. SQL Map
xxxii. SSL Strip
xxxiii. Hamster
xxxiv. Grimwepa
xxxv. CAIN & Able
xxxvi. Rips
xxxvii. Iron Wasp
xxxviii. Fiddler
xxxix. Tamper Data
Proprietary
i. AAA - Used for Finger Printing and identifying open ports, services and misconfiguration
ii. Own developed scripts for Operating System
iii. Own developed scripts for Database Audit
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : -8-
PSU : -17-
Private : -Nil-
Total Nos. of Information Security Audits done : -25-
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
(Reporting period: Oct 2019 to Sep 2020)
CISSPs : -1-
BS7799 / ISO27001 LAs : -11-
CISAs : -Nil-
DISAs / ISAs : -Nil-
Any other information security qualification : -15-
M.Tech (Information Security) :<number of> : -2-
M.Tech (Cyber Security) : <number of> : -3-
M.Tech (Cyber Law & Information Security) : <number of>: -1-
NPT :<number of> : -2-
CEH :<number of> : -9-
CCNSP :<number of> : -2-
CHFI :<number of> : -1-
CSA :<number of> : -1-
ACE :<number of> : -1-
Total Nos. of Technical Personnel : -27-
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 1
PSU : 13
Private : 58
Total Nos. of Information Security Audits done : 72
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 4
CISAs : 1
DISAs / ISAs : None
Any other information security qualification:
QSA for PCI DSS – 1
OSCP - 1
CEH - 4
CISM – 1
CBCP - 1
Total Nos. of Technical Personnel : 12
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Scope: Gap Assessment, Compliance Framework Development and Certification Readiness for
ISO 27001, ISO 27017, ISO 27018, SOC 2 and PCI DSS
Locations: India (Bangalore, Gurgaon, Pune), United States (San Francisco)
Tool User
Nessus Professional Infrastructure Scanning
Burp Suite Penetration Testing / Web Application Scanning
Metasploit Penetration Testing
Charles Infrastructure Scanning
Nikto Penetration Testing
SQLmap Penetration Testing / DB Scanner
W3AF Web Application Scanning
AirCrack-ng Infrastructure Scanning
Netcat Multipurpose Tool
TCPDUMP Infrastructure Scanning / Sniffer
Wireshark Infrastructure Scanning / Sniffer
Kismet Infrastructure Scanning
WebScarab Web Application Scanning
OpenSSL Toolkit Infrastructure scanning
Fiddler / Firebug Web Application Scanning
SQLNinja Penetration Testing / DB Scanner
Nirsoft Suite Multipurpose Toolset
Sysinternals Suite Multipurpose Toolset
Frida Mobile Application Penetration testing
Drozer Mobile Application Penetration testing
QARK Mobile Application Penetration testing
MobSF Mobile Application Penetration testing
SuperAndroidAnalyzer Mobile Application Scanning
Postman API Penetration Testing
FuzzAPI API Scanning
Astra API Penetration Testing
Fortify SCA Secure Code Review
PMD Secure Code Review
Checkstyle Secure Code Review
FingBugs Secure Code Review
Source meter Secure Code Review
SonarQube Secure Code Review
VCG Secure Code Review
Prowler Cloud Configuration Review
Scout Suite Cloud Configuration Review
Custom Scripts Multipurpose
11. *Information as provided by CYRAAC SERVICES PRIVATE LIMITEDon 21st October 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 221
PSU : 0
Private : 0
Total Nos. of Information Security Audits done : 116
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 5
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification :
CISA : 1
CIISA : 1
CCIE-Security : 1
EC-Council ECIH : 1
EC-Council CeH : 3
Total Nos. of Technical Personnel : 7
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial Tools:
Freeware Tools:
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 155+
PSU : 11
Private : 89+
Total Nos. of Information Security Audits done : 255+
(In last 12 months)
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 8
CISAs : 2
CEH : 2
Total Nos. of Technical Personnel : 13
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Carrying out Web-Application Security audit for a Government Organization with value > INR 38
Lacs
Carried out Network Security Audit and Web-Application Security audit for a Private
Organization with value > INR 15 Lacs
Freeware
• Freeware
• Nmap
• Metasploit
• Netcat
• Ethereal
• SSLProxy
• STunnel
• VisualCodeGrepper
• Nikto
• Wireshark
• SQLMap
• Kali-Linux
• OWASP ZAP
• MobSF
• apktool
• Procmon
• Echo Mirage
• Postman
• Drozer
• SonarQube
Commercial
• Burp Suite
• Nessus
• NetSparker
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Headquarters (Mumbai):
301-307, A Wing, Technopolis Knowledge Park,
Mahakali Caves Road, Andheri (East),
Mumbai – 400093
Tel: (+91-22) 6108 5555
Bangalore Office:
3rd floor, B Wing, Jubilee Building,
45, Museum Road, Bengaluru-560025
Govt. : 1
PSU : 8
Private : 42
Total Nos. of Information Security Audits done : 51
CISSPs : 1
BS7799 / ISO27001 LAs : 18
CISAs : 4
DISAs / ISAs : 8
CEH : 7
CCNA : 2
Total Nos. of Technical Personnel : 33
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations:
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Clients Details
World’s leading IT & ITES Company Information Security and Cyber Security
Services for their 3 delivery centers in
Mumbai, Pune and UK. The Project value was
Rs. 2.63 Crores
India’s leading Oil Company System review of core ERP system (i.e. SAP),
business cycles and IT Audits. The scope
covered 26 audits across Pan India.
The Project value was Rs.22,50,000/-
• Nessus Professional
• Kali Linux
• Nmap
• NetCat, NPing, HPing
• OpenSSL
• Wireshark
• Metasploit
• SQLMap
• Appscan
• Burp Suite Pro
• Owasp ZAP
• Nipper, Nipper-ng
• Checkmarx Static Code Analyzer.
• Python, PowerShell
• MobSF
• Magisk
• APKtool
• Echo Mirage
10. Outsourcing of Project to External Information Security Auditors / Experts : Yes/No :No
(If yes, kindly provide oversight arrangement (MoU, contract etc.)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : Yes
(RSM Astute Consulting Private Limited is an independent member firm of RSM International
located at 50 Cannon Street, London, EC4N 6JJ – United Kingdom. RSM International is the 6th
largest audit, tax and consulting network globally and has presence in 120 countries. Each
member entity in respective country is a separate and independently owned entity)
*Information as provided by RSM Astute Consulting Pvt. Ltd on 23rd October 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Sysman Computers
312, Sundram, Rani Laxmi Chowk, Sion Circle, Mumbai 400022
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
For this, we have (a) Confidentiality and Non Disclosure Agreement; (b)
adherence to IT Security and other Policies and (c) clear cut scope of work,
with clear knowledge of client.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 63
PSU : 7
Private : 90
Total Nos. of Information Security Audits done : 160
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 3
CISAs : 2
DISAs / ISAs : 2
Core Technical Security Experts : 10
Any other information security qualification : 6
Total Nos. of Technical Personnel : 18
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
• Done the largest Infrastructure Security Audit and Assessment more than 16000
machines plus Enterprise UTM/IDS/IPS/SIEM/ Routers and other related IP based
devices etc...for an US Based company and Kerala State Government SECWAN network
5000 plus.
• Done The Security Testing for World's 3rd largest image and video content portal for an
UK based Enterprise. Its owned and stock more than 100 millions video and image
contents.
• Done the Infrastructure SOAR Platform audit for largest Retail based network
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 12
PSU : 5
Private : 17
Total Nos. of Information Security Audits done : 34
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them):
Category Number
Network security audit 21
Website /Web application security audit 73
Cyber Security / Compliance Audit 9
Application audit 5
Mobile Application Audit 29
Source Code Review 1
Server Configuration Audit 9
Server VAPT 4
Database Audit 4
Data Migration Audit 2
Technical Number
Competence
CISSPs: 1
BS7799 / ISO27001 4
LAs:
CISAs : 7 (Certified)
+2 (Certification
Pending)
DISAs / ISAs : 0
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required): Refer Annexure.
S. Name of Duration with Experience in Qualifications related
No. Employee <organization> Information Security to Information security
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value:
1. Bandhan Bank -
1. APIs/ Middleware, Mobile Banking & Mobile based payment systems
2. Application Security, ATM switch audits
3. Vulnerability Assessments & Pen testing
4. Cyber security framework, BioMetric Authentication, Network Infra
5. NACH, SFMS, RTGS, NEFT, Corporate Internet Banking, Debit Cards System
6. Active Directory, OS & Databases
7. Network & Security Device
8. Configuration Review
9. Third Party (vendor Audits)
[security audits across multiple platforms, different regions with GRUH Finance
integrated with Bandhan Bank systems – Appls, Databases, APIs, Network,
Infra and Third Party audits] –
approx. Appl/ API/ Infra counts: ~ 200
Value : INR < 25 lacs
2. UCO Bank –
1. Penetration testing
2. Vulnerability Assessments
3. Source Code Audits
3. [VA & PT across multiple platforms including UPI systems, type of testing –
Black box / Grey box / White box) including source code audits – includes
mobile, App – web / thick client / standalone]
4. Periodic Testing / Quarterly / Half yearly –[multi year]
5. approx. Appl/ Source Code Audits/ Infra counts:> 450
Value : INR < 20 Lacs [periodic]
9. List of Information Security Audit Tools used (commercial/ freeware/proprietary):
Other Tools
Mobile application VAPT, Web Application VAPT, Server VAPT,
Kali Linux
Network + WiFI VAPT.
JD-GUI / DEX2JAR/
Mobile Application VAPT
APKTOOL/ Drozer/ MOBSF
POSTMAN Web services and API Testing automated tool
Wireshark Network protocol analyser
11. Whether organization has any Foreign Tie-Ups? If yes, give details: Yes/No:NO
Back
ANNEXURE
ANNEXURE - Details of Team:Details of technical manpower deployed for information security audits
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
The following are in detailed list of different security services provided by C-DAC
IT Audit and Compliance Assessment Services Consultancy Services Other Security Services
Services
- OWASP compliance - Perimeter Security - ISMS Consultancy - Incident Handling
Security audit of web Testing - Governance, Risk and - Intrusion Analysis
applications and web - System hardening Compliance - Malware Analysis
services - Web Apps Security development - Policy Gap Analysis
- Infrastructure audit in Assessment & - Security Policy - Implementation of
compliance to CIS, DISA, Vulnerability Implementation & Security services
PCI, NIST etc., Assessment Threat Modeling - Design & development
- Applications – OWASP, - Penetration Testing - Establishment of of policies, procedures
PCI-DSS, NIST, CIS, DISA - Wireless Network compliance to standards and guidelines
etc., Assessment - Security Architecture - Risk Management and
- ISMS, PCI, UIDAI, RBI, - Architecture Review Development and Disaster Recovery
CCA, Data Protection - Host configuration Implementation Services
and Privacy Act etc. review (Window, Linux, - Managed Security - Business Continuity
- OWASP compliance Cisco, Juniper…) Service Providers for Process Development
security audit of mobile - Wireless Assessment SOC - Information Security
applications - Identity and Access - Establishment of Awareness Training
- Infrastructure Security Control (Multifactor BCP/DR - High End Information
Audit authentication & - Establishment of e-Sign Security training for
- Abuse based audit Multimodal Biometrics ) Infrastructure as per organizational needs
- Framework based / - Assessment of CCA - Risk Assessment
Ecosystem Audit Surveillance Security - CCMP (Cyber Crisis - Log Analysis
- Forensics Audit (Physical and Technical) management Plan) - Incident Analysis
- Application Secure SDLC - Incident Response - Database analysis
assessment Management -
- Data Leakage prevention -
and Data Classification
- Product Review
-
Govt. : 311
PSU : 06
Private : 11
Total Nos. of Information Security Audits done : 328
5. Number of audits in last 12 months , category-wise (Organization can add categories based on project handled by
them)
6. Technical manpower deployed for information security audits : Refer table below at Point No.7
CISSPs :2
BS7799 / ISO27001 LAs : 3
CISAs :0
DISAs / ISAs :0
Any other information security qualification : Refer table below
Total Nos. of Technical Personnel : 44
7. Details of technical manpower deployed for information security audits in Government and Critical sector organizations
(attach Annexure if required)
S. No. Name of Employee Associated with Experience in Qualifications related to Information security
C-DAC since Information
Security
• SANS - GAWN
• SANS - GXPN
• GREM
• ISMS LA
• ECSA
• ISMS LA
26 U V Sudharshan 2018 2 -
28 G Prashant 2018 2 -
Freeware Commercial
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No : NO
Lead centre for all other CDAC centers and Security Audit Certificate Issuance Centre
Centre for Development of Advanced Computing (C - DAC), Plot No. 6 & 7, Hardware Park, Sy No.
1/1,
Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post),
Hyderabad – 501510
2 Chennai C-DAC
Tidel Park, 8th Floor,
'D' Block(North & Sauth),
No.4 Rajiv Gandhi Salai,Taramani,
Chennai- 600113
Phone:+91-44-22542226/7
Fax: +91-44-22542294
3 Delhi C-DAC
First and Second Floors
E - 25, Hauz Khas Market
New Delhi - 110016. India
Phone:+91-11-26510221
Fax: +91-11-26510207
4 Hyderabad C-DAC
Plot No. 6 & 7, Hardware Park,
(Certificate Issuance Sy No. 1/1, Srisailam Highway,
Centre) Pahadi Shareef Via (Keshavagiri Post)
Hyderabad - 501510
Telangana(India)
Sl. No Location Address for Communication
Phone:+91-9100034446/3447/3448
Fax: +91-9100034450
5 Kolkata C-DAC
Plot - E-2/1, Block-GP, Sector-V
Salt Lake Electronics Complex
Bidhannagar, Kolkata - 700 091
Westbengal (India)
Phone: +91-33-23579846/5989
Fax: +91-33-2357-5141
6 Mohali C-DAC
A-34, Industrial Area
Phase VIII, Mohali
Chandigarh - 160 071 India.
Phone: +91-172-2237052-57, 6619000
Fax: +91-172-2237050-51
7 Mumbai C-DAC
Gulmohar Cross Road No. 9
Juhu, Mumbai - 400 049
Maharashtra (India)
Phone: +91-22-26201606/1574
Fax: +91-22-26232195/ 26210139
C-DAC
Raintree Marg, Near Bharati Vidyapeeth, Opp. Kharghar Railway
Station, Sector 7, CBD Belapur
Navi Mumbai - 400 614
Maharashtra (India)
Phone: +91-22-27565303
Fax: +91-22-2756-0004
8 Noida C-DAC
Anusandhan Bhawan, C-56/1, Sector-62,
Noida - 201307
Uttar Pradesh (India)
Phone: +91-120-3063311-14
Fax: +91-120-3063317
Academic Block
C-DAC, Noida : B-30, Sector-62, Institution Area,
Noida – 201307 Uttar Pradesh (India)
Phone: +91-120-3063371-73,
Fax: +91-120-3063374
9 Pune C-DAC
CDAC Innovation Park,
(Headquarters) Panchavati, Pashan,
Pune - 411 008
Phone: +91-20-25503100,
Fax: +91-20-25503131
C-DAC ACTS
CDAC Innovation Park,
Panchavati, Pashan,
Pune - 411 008
Phone: +91-20-25503100,
Fax: +91-20-25503131
Sl. No Location Address for Communication
10 Silchar C-DAC
NIT Silchar campus
Silchar
Assam - 788010. India
Phone:+91 03842-242009
Fax: +91 03842-242009
11 Thiruvananthapuram C-DAC
P.B.NO:6520, Vellayambalam
Thiruvananthapuram - 695033
Kerala (India)
Phone: +91-471-272-3333
Fax: +91-471-2722239/ 2723456
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 5
BS7799 / ISO27001 LAs : 8
CISAs : 3
DISAs / ISAs : 0
Any other information security qualification :
OSCP : 4
CEH : 6
Total Nos. of Technical Personnel : 30+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Lulu International Group, U.A.E 13 Server Locations, 1000 + IP addresses that includes DC,
Network devices, desktops and POS locations.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 30
PSU : 16
Private : 35
Total Nos. of Information Security Audits done : 158
(we have completed multiple project for 1 clients)
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 1
BS7799 / ISO27001 LAs : 2
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : CEH, 10
Total Nos. of Technical Personnel : 21
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Note : The names of consultants can provided upon request to prevent individual identity and
poaching.
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Large Project(In terms of volume): OIL India, Shree Electricals Agra Smart City, ONGC Videsh,
Syndicate Bank
Large Project(In terms of Complexity): Shree Electricals Agra Smart City
Large Project(In terms of Locations): Oil India and NTPC
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
5 nmap Open Source Nmap is a free and open-source No Major Tools will
network scanner created by risk involved be
Gordon Lyon. Nmap is used to handled
discover hosts and services on a by CyberQ
computer network by sending auditor
packets and analyzing the
responses. Nmap provides a
number of features for probing
computer networks, including host
discovery and service and
operating system detection.
guidelines
*Information as provided by CyberQ Consulting Pvt Ltd. on 26th October 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10+
PSU : 5+
Private : 150+
Total Nos. of Information Security Audits done : 150+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 40+
BS7799 / ISO27001 LAs : 150+
CISAs : 25+
DISAs / ISAs : 2
Any other information security qualification :
CISM: 10+, OSCP: 15+
Total Nos. of Technical Personnel : more than 150
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
S. No. Name of Duration Experience in Qualifications related to
Employee with Information Information security
DTTILLP Security
1 Anand Kishore 6+ Years 10+ CEH, Qualys Guard
Pandey Certified, ISO 27001: 2005
LA, BS 25999 LA
2 Sakshi Bansal 6+ Years 9+ Years CISSP, CEH
3 Achal Gangwani 9+ Years 16+ Years ArcSight ESM Security
Analyst – AESA, CEH, ISO
27001:2005 ISMS Lead
Auditor, ITIL Foundation
Level Certified, CCNA, IBM
Certified System
Administrator, IBM
Certified Associate
Developer
4 Shubham Gupta 3+ Years 2+ Years OSCP, CREST CRT
5 Deepak Sharma 1+ Year 7+ Years CEH, CHFI
6 Umesh Huddar 3+ Year 4+ Years OSCP, ECSA
7 Eby Mohan 1+ Year 5+ Years CEH
S. No. Name of Duration Experience in Qualifications related to
Employee with Information Information security
DTTILLP Security
8 Sai Kiran 2+ Years 3+ Years CEH, (ISC)2 System
Battaluri Security Certified
Practitioner
9 Lakshmi 3 Years 20+ Years CISA, CEH, BCMS
Allamsetty
10 Pramod Kumar 3+ Years 13+ Years CISSP, CEH, ITIL, ISO
Potharaju 27001 LA
11 Rameswari 2+ Years 9+ Years CEH
Selvaraj
12 Rohit Ramesh 2+ Years 4+ Years CEH, ECSA
Rabse
13 Zeel D Chavda 3+ Years 3+ Years CEH
14 Maheshkumar 3+ 6+ ECSA, ISO27001
Palaniyappan
15 Kapil Bhardwaj 4+ 10+ CEH, ISO 27001, ITIL,
Prozm Asset Management
Pro, JNCIA
16 G Shanmugaraj 1+ 3+ CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NA
13. Locations of Overseas Headquarters/Offices, if any : M/s Deloitte Touche Tohmatsu India
Limited Liability Partnership, IndiaBulls Finance Centre, Tower 3, 27th – 32nd Floor, Senapati
Bapat Marg, Elphinstone Road (West), Mumbai-400013, Maharashtra, India
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 1
Private : 145
Total Nos. of Information Security Audits done : 146
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs / LI : 18
CISAs : 6
DISAs / ISAs : 0
Any other information security qualification :
2 OSCP
11 CEH
2 CHFI
2 ECSA
1 ISO 22301
2 CISM
6 CCNA
2 SAP
2 DSCI
1 CPISI
5 ITIL
1 HITRUST CCSFP
1 GDPR FAS
2 RHCS
Total Nos. of Technical Personnel : 43
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : Please refer to Annexure 1 :
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Commercial Tools:
• Nessus
• Burpsuite
• Snappytick
Freeware Tools:
• Metasploit
• Wireshark
• NMAP
• SQLMap
• Nikto
• MobiSF
• Hydra
• Cain and Abel
• John The Ripper
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
Yes, Grant Thornton Bharat is part of the GT Member Firm network which is spread across the globe
in 135 countries.
Grant Thornton in India is a member firm within Grant Thornton International (GTIL), global
organization with member firms in over 135 countries. Grant Thornton India LLP (formerly Grant
Thornton India) is registered with limited liability with identity number AAA-7677 and has its
registered office at L-41 Connaught Circus, New Delhi, 110001. References to Grant Thornton
are to Grant Thornton International Ltd (Grant Thornton International) or its member firms.
Grant Thornton International and the member firms are not a worldwide partnership. Services
are delivered independently by the member firms. Member firms carry the Grant Thornton
name, either exclusively or as part of their national practice names and provide assurance, tax
and advisory services to their clients. All member firms share both a common global strategy
and a common global culture focusing on improvement in quality of service delivery, procedures
to monitor quality, and the risk management methodology.
Back
Annexure 1:
Experience in
S. Duration with Qualifications related to
Name of Employee Information
No. GTBLLP Information security
Security
Master’s in information
1 Akshay Garkel 3+ years 19+ years
technology
BS7799 trained, ISP build
Santosh Manohar training, Certified Netware
2 1.5+ years 32 years
Desai engineer (CNE) , Mobile
computing certificate
3 Rohit Bharath Das 3 years 13+ years CISA, ISO 27001, COBIT 5
4 Jignesh Shah 2+ years 18+ Years CISA qualified, ISO 27001
Pradeep Dhanaji
6 1.5+ years 13+ years ISO 27001 LA, CEH, CCNA
Mahangare
ISO 27001 LA and LI, CCNA,
7 Mohit Gera 2 month 9+ years
CCSP, CCNA Security
8 Abhijeet Jayaraj 3 years 8 years CEH, OSCP
Post Graduate Diploma in
Sagar Prakash
9 2.5+ years 6+ years Digital & Cyber Forensics and
Gajara
related laws, CCI (ASCL)
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 15-20
PSU : 15-20
Private : 50-60
Total Nos. of Information Security Audits done : 100
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 10+
BS7799 / ISO27001 LAs : 30+
CISAs : 55
CEH/OSCP : 131
CCSK/OSCP : 10
CCNA / CCNP/CCIE : 15
CHFI / ECIH : 10
Cloud Security Certification : 110+
Total Nos. of Technical Personnel : 600+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Cyber Security Governance and Assurance program for largest identity management
program in India:
KPMG is currently working with India’s largest identity management program,to implement
cyber security Governance, Risk and Compliance and Performance framework. KPMG is
conducting periodic security risk assessment, business application reviews and vulnerability
identifications across client’s technology ecosystem.
KPMG is supporting client in implementation of ISMS framework against ISO 27001 standards
and periodic cyber security maturity reviews threat assessments and BCP/ DR reviews.
KPMG provides support in cyber incident investigation and forensic analysis. As a part of
engagement, KPMG is involved in proactive identification of the possible cyber fraud
scenarios and highlight the same to the client so that appropriate safeguards and controls
can be established to prevent the incidents.
KPMG is also engaged with the client for service level monitoring of the contracts for various
ecosystem partners to provide performance assurance services and assisting the
organizations’ performance as per the desired levels.
KPMG has been providing support in design of Privacy framework design and certification
against standards.The key activity includes of designing a privacy framework to ensure the
sensitive and critical data iswell protected and is being complied to across the ecosystem and
provides continuous oversight support for managing Information Security, Privacy risks in
accordance with its business requirements, laws and regulations.
Commercial
Acunetix,
Burp,
Nessus
AppScan
WebInspect
Proprietary
KRaptor,
KPMG Brand Protection Tool,
KPMG SABA,
KCR Tool
KPMG Digital Signals Insight Platform
KPMG Threat intelligence tool
BackTrack,
Kali Linux,
Paros,
SQLMap,
nmap,
Wireshark
10. Outsourcing of Project to External Information Security Auditors / Experts : No
( If yes, kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by: KPMG Assurance and Consulting Services LLP on 26th October 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 9
PSU : 14
Private : 66
Total Nos. of Information Security Audits done : 89
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 17
CISAs : 4
DISAs / ISAs : 0
Any other information security qualification (CISM, OSCP, CEH, CND) : 40
Total Nos. of Technical Personnel : 60
7. Details of technical manpower deployed for information security audits in Government and Critical
sector organizations (attach Annexure if required)
Experience
S. Duration with in Qualifications related to
Name of Employee
No. <organization> Information Information security
Security
12 B.Tech(Information
Deepak Pandita 3.17 3.5
Technology) CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations etc.)
along with estimated total project value.
• M&M Limited – 15 years for ISO27001 Sustenance and ongoing – 100 plus locations – INR
12 Cr+
• M&M Limited - 3 years for Network and Application Testing – From one location enterprise
wide – INR 3 Cr+
• Bajaj Allianz General Insurance Company – Network and Application Testing – 6 years and
ongoing – 1 location – INR 2 Cr+
• Bajaj Allianz Life Insurance Company – Network & Application Testing – 6 years and
ongoing – 1 location – INR 1 Cr+
• Bajaj Finserv- Consulting for ISO 27001. – Sustenance – 6 years. – 1 location – INR 1 Cr+
• Airport Authority Of India- Consulting for ISO 27001, IS Audit, VA PT( Network and
application) – 3 years- INR 45 L
• Union Bank of India - Consulting For ISO 27001 and ISO 22301 – 6th year in progress – INR
50 L
• SIDBI – ISO27001 – Certification, Surveillance and Sustenance of ISO 27001 – 5th year in
progress – INR 40L+
• State bank of India - VA PT( Network and application) – 5 years – INR 2 Cr+
• Lupin Pharma: ISO 27001 Implementation, Certificate, Audits, VAPT – 10th years in a row
– INR 5 Cr+
• National Stock Exchange (Server VAPT , Web Application Security, Configuration Audit ) –
INR 2 Cr+
I. Commercial Tools
1. Burp Suite Professional
2. Nessus Professional
3. Netsparker Professional
4. FTK
5. Core Impact
*Information as provided by Mahindra Defence Systems Limited (Division Mahindra Special Services
Group) on 26th October 2020.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Net Square has shared the required data till December 2019. Therefore Below mentioned
numbers indicates data starting from January 2020 till date:
Govt. : 4
Private : 10
Total Nos. of Information Security Audits done : 14
Net Square has shared the required data till December 2019. Therefore Below mentioned
numbers indicates data starting from January 2020 till date:
• CISSPs : 1
• CISAs : 1
• CISC : 1
• CEH and equivalent : 11
• CPFA : 1
• OSCP : 2
• OSCE : 1
• NSCE : 5
Net Square also runs its own certification program called Net Square Certified Expert
(NSCE). Details of this are also available from the contacts provided above.
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Net Square takes its non-disclosure agreement with customers very seriously and
therefore is in no position to share this information. Kindly contact us on the contact
details provided above for customer testimonials.
Net Square has a proprietary methodology for testing all kinds of IT environment
ranging from network, thick client application, web application, mobile application,
IoT devices etc. For details of the methodology and a list of tools that we use, kindly
contact us as the details provided above
YES, this is done based on the requirement of client and fitment of a partner with
whom Net Square has partnership agreements. Since these agreements are governed
by Non-Disclosure clauses, we cannot provide such information on a public domain. We
bring in the right partner to the table when we see a need for one
11.Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No :
YES, Cannot provide details due to Non-Disclosure agreements with our foreign
partners.
12. Whether organization is a subsidiary of any foreign based organization? : Yes/ No :NO
*Information as provided by Net Square Solutions Private Limited onOctober 26, 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 7
PSU : 2
Private : more than 100
Total Nos. of Information Security Audits done : more than 300
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 3
BS7799 / ISO27001 LAs : 23
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 7 PCI QSA, 2
CRISC, 72 CEH, 15 ECSA, 8 OSCP
Total Nos. of Technical Personnel : 700+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
We execute 500+ projects each year globally. Here are a few of them-
2. Global Bank with Delivery a. Web application security test Rs. 2 crore+
Centre in India b. Internal penetration test
c. External penetration test
1. Application Security Burp Proxy and Scanner, Paros Proxy and Scanner,
Assessment Wireshark, Winhe, CSRF Tester, OpenSSL,
tHCSSLCheck, Firefox Extensions
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
AtosSE
13. Locations of Overseas Headquarters/Offices, if any : Yes/No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 0
PSU : 5+
Private : 145+
Total Nos. of Information Security Audits done : 150+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
OSCP : 5
OSWE : 1
OSCE : 1
OPSE : 1
CRTP : 1
SANS GWAPT : 1
Total Nos. of Technical Personnel : 30+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
2 One of the Europe based IT 1. IoT product hardware security Euro 100
consulting company assessment Thousand+
2. Web Application Security
Assessment
3. External Network Infrastructure
Assessment
4. Mobile Application Security
Assessment
Information Gathering
1. Dnsenum
2. Fierce domain scan
3. Dig
4. Whois
5. Wget
6. Google Advanced search
Mapping
1. Nmap
2. Scapy
3. Ike-scan
4. Superscan
5. Dirbuster
6. Openssl
7. THC SSLCheck
8. Sslscan
9. Netcat
10. Traceroute
11. Snmpcheck
12. Smtpscan
13. Smbclient
14. Wireshark
15. Web Browser
Vulnerability Assessment
1. Nessus Professional
2. Openvas
3. Skipfish
4. Ratproxy
5. IronWASP
6. Grendel scan
7. Web securify
8. Burp suite professional
9. Paros Proxy
10. SOAPUI
Exploitation
1. Custom python script
2. W3af
3. Metasploit
4. Sqlmap
5. Sqlninja
6. BeEF Framework
7. Hydra
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 8
PSU : 3
Private : 14
Total Nos. of Information Security Audits done : 25+ (Completed)
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 5+
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification:
CEH : 70 +
ECSA : 20+
OSCP :1
Total Nos. of Technical Personnel : 130+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value – ICICI bank
10. Outsourcing of Project to External Information Security Auditors / Experts: No (If yes,
kindly provide oversight arrangement (MoU, contract etc.))
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 12
PSU : 05
Private : 04
Total Nos. of Information Security Audits done : 21
CISSPs : 0
BS7799 / ISO27001 LAs : 0
CISAs : 0
DISAs / ISAs : 0
Any other information security qualification : OSCP 05, CEH 08
Total Nos. of Technical Personnel : 50+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Acunetix
• Nessus
• Nmap
• Wireshark
• OpenVAS
• Nikto
• Metasploit
• Burp-Suite
• W3AF
• SQLMap
• Kali Linux
• Custom scripts
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 196
PSU : 367
Private : 293
Total Nos. of Information Security Audits done : 856
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 01
BS7799 / ISO27001 LAs : 22
CISAs : 08
CEH : 57
SANS : 4
CCNA : 5
CCNP : 02
SCSA : 01
ECSA : 09
Total Nos. of Technical Personnel : 104
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
1.
KK 14Y 1 M 19.50 CISA, CEH, ISO 27001, GCIH,
2.
SKP 14Y 1 M 18.50 CISA, CEH, SANS, ISO 27001
3.
UP 11Y6M 16.00 CEH, CISA,ISO 27001
4.
IMHB 1Y 10 M 13.00 ISO 27001
8.
PKV 3Y1M 7.00 CEH V.10,CISC,CPH,CPFA
9.
KPT 4Y 6M 6.5 CEH,CISA, CAST 613-EC Council
10.
SKK 1Y 4M 6 CEH V10
11.
SD 1 Y 1M 5.6 CEH V10
12.
AAN 1Y6M 5.40 CEH
13.
AS 5Y2M 5.2 CEH, ISO 27001, CISA, SANS
14.
NM 5Y2M 5.2 CEH, ISO 27001, CISA
15.
ARVV 2Y6M 5.8 CEH V10
16.
TM 1Y6M .8 CEH
17.
SK 1 Y 1M 5 ECSA
Experience
S. Name of Duration with in Qualifications related to
No. Employee SecurEyes Information Information security
Security
18.
MAL 2Y 6 M 4.7 CEH V.10
19.
KKO 1 YR 7 M 4.6 CEH V.9, CCNA
20.
PSK 3Y 8M 3.8 IS027001, CEH
21.
VS 1Y 8 M 3.8 CEH V.10
22.
AP 3Y 8M 3.8 IS027001, CEH, ECSA
23.
VK 2Y7M 2.7 CEH
24.
DP 1Y 7 M 2.5 CEH V.10, ECSA
25.
SMK 3Y 8M 3.8 IS027001, CEH
26.
TSR 3Y 8M 3.8 IS027001, CEH
27.
UMR 5Y2M 5.2 CEH, ISO 27001
28.
SP 10 M 4Y CEH
29.
RS 1 Y 6M 4Y6M
30.
RSP 4M 3 Y 3M
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
The largest project handled in last year, was an end-to-end Information security, business
continuity management & data privacy review for a large financial sector organization. The
details of the project are mentioned below:
Project Scope:
1. Current State Assessment against Cyber Security, Business Continuity & Best Practices
in the Data Privacy (including GDPR) including
a) Cyber Security Governance review both at the design and the implementation
levels
b) Review of the Cyber Security Competency levels of the IT, IS & Business
Continuity, Data Governance departments
c) InternalNetwork Penetration Testing (Blackbox) ofIPs
d) External Penetration Testing (Blackbox) of all Public IP addresses belonging to
the Organization
e) Config Review of N/W Components
f) Config Review of Servers (OS, DB, Web & App Servers)
g) Config Review of Security Appliances
h) Remote Connectivity Review
i) Application Penetration Testing (Grey Box) of Applications
j) Review of the SOC practice including SOC Governance, Implementation &
Operation
k) Review of Incident Management practice including IM Governance,
Implementation & Operation
l) Conducting Social Engineering Test using spear phishing technique across Staff
2. Developing the Roadmap for the Highest Cyber Security Maturity Level
3. Multiple Periodic Re-assessments& Reviews for assessing current state
4. Red Teaming
5. Data Privacy Assessment
6. Business Continuity Assessment
7. Drafting of the Data Privacy Framework
Project Complexity:
This was a project for a financial sector organization having a large IT setup. The project covers
a detailed assessment of technology, processes and people components for this critical sector
organization. Large number of applications, infrastructure systems and networks were in the
scope of the security assessment. The assessment included review of third-party interfaces
which were implemented to enable business across multiple interested parties. The project
required the assessment team to perform its review against local and international best
practices, compliance requirements and regulatory standards. This was an approximately 35-
man month project with the team carrying out assessments across locations.
Locations:
Middle-East
Project Value:
Rs. ~3.0 Crores
i. Commercial Tools
1. Nessus (Commercial Professional Version)
2. Burp Suite Professional
3. Fortify
4. WebInspect
5. Nexpose
6. And many more licensed or subscription based commercial tools
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
SecurEyes LLC
Desk No. 023, Business Centre, Abu Dhabi Airports Free Zone, PO Box: 2313,
Abu Dhabi, United Arab Emirates
SecurEyes KSA
3321, Al Sulaimaniyah Dist. Al Safwah Centre, Unit No. 28
Riyadh, 12223-7656, KSA
SecurEyes INC
310, Alder Road, P.O.Box: 841,
Dover, DE – 19904, USA
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 20+
PSU : 80+
Private : 400+
Total Nos. of Information Security Audits done : 500+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Quarterly Red Team Activity for Major Indian Start-up from various perspective of
their infrastructure
Information Gathering
- Bile-Suite
- Cisco torch
- SpiderFoot
- W3af
- Maltego
- SEAT
- In-House sdFinder
- … and 50 other tools
Port Scanning
- Nmap
- In-House networkMapper
- Amap
- Foundstone
- hPing
- ... and 30 other tools
Exploitation
- Saint
- SQL Ninja
- SQL Map
- Inguma
- Metasploit
- … and 100 other tools
Social Engineering
- Social-Engineering Toolkit (SET)
- Firecat
- People Search
- … and 10 other tools
Privilege Escalation
- Cain & Abel
- OphCrack
- Fgdup
- Nipper
- Medusa
- Lynix
- Hydra
- … and 40 others
Commercial Tools
- Nessus Commercial
- Burp Suite
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 50+>
PSU : 5+
Private : 200+
Total Nos. of Information Security Audits done : 1000+
CISSPs : 0
BS7799 / ISO27001 LAs : 3
CISAs : 0
DISAs / ISAs : 0
CSSP : 2+
CEH : 25+
Any other information security qualification : 10+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
One of the largest BFSI: 200+ Mobile Applications, 100+ Web Applications, 200+ Network
Devices, Source Code Review, Configuration Review, and Risk Advisory.
Value of the Project was approx 90 Lacs.
Network VAPT:
1.) Nessus
2.) Nipper freeware
3.) Manual review
Red-Team:
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 20
Private : 50
Total Nos. of Information Security Audits done : 80+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 10
BS7799 / ISO27001 LAs : 20
CISAs : 8
Any other information security qualification
(CEH, ECSA, Pentester Academy, CREST) : 15
Total Nos. of Technical Personnel : 300+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience Qualifications
Duration with
S. in related to
Name of Employee Tata
No. Information Information
Communications
Security security
CEH, ECSA,
Mohan Dass
1 12 23 CHFI, CCSK,
<mohan.dass@tatacommunications.com>
CISSP, QGCS
OSCP (Offensive
Security) ,
CREST
Practitioner
Security Analyst
Saranya Manoharan
4 3 9 (CPSA), CEH
<saranya.manoharan@tatacommunications.com>
(Certified
Ethical Hacker),
Qualys Guard
certified
specialist
CREST
Practitioner
Security Analyst
(CPSA), CEH,
Prasath Jayasundar Qualys Guard
5 3 8
<Prasath.Jayasundar@tatacommunications.com> certified
specialist in
Vulnerability
Management,
CCSK
CEH, Qualys
Divya Dilli
6 3 6 Guard certified
<divya.dilli@tatacommunications.com>
specialist
CEH, CCNA,
Navdeep Sethi
7 1 6 Qualys Guard
<navdeep.sethi@tatacommunications.com>
VM Certified
Nissmole Srambikal
8 2 5.5 CEH , ECSA
<nissmole.srambikal@tatacommunications.com>
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Application Security audit for one of the largest Rating/Research organisation in India, covering Security
Audit for all their critical business applications and infrastructure across global locations. Deal value is
around INR 50Lakh.
• Nessus Pro
• Qualysguard (VMDR)
• Tenable.sc , Tenable.io
• Metasploit Pro
• Burpsuite Pro
• NMAP
• Kali Linux
• Nipper Studio
• Algosec
Dubai Office
• Office No. 308, Building No. 12, Dubai Internet City, Dubai, United Arab Emirates. Tel:
80033111133
Singapore Office
• 18 Tai Seng Street, 18 Tai Seng, #04-01, Singapore 539775 , Tel +65 6632 6700, Tel:
1800 555 4357
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt : 650
PSU : 70
Private : 250
Total Nos. of Information Security Audits done : 970
CISSPs : 02
BS7799 / ISO27001 : 12
CISAs : 06
DISAs / ISAs : 00
CEH/CCNA/CASP/MBCI/OSCP : 50+
Total Nos. of Technical Personnel : 70+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
7.
Yogendra Singh May 2016 9.0 CEH
8.
Siddharth Shukla Jan 2015 6.0 CEH
9.
Pragya Varshney Jun 2016 4.5 CEH, ISO 27001 LA
10.
Mahesh L Singh Jan 2017 4.0 CEH
11.
Viswanathan G. Jan 2018 3.0 CEH, OSCP
12.
Rupika Feb 2018 3.0 CEH
15.
Himanshu Dubey Dec 2017 3.0 CEH
16.
Pankaj Singh Nov 2017 4.5 CEH
17.
Sonu Sahu Sep 2018 3.0 CEH, OSCP
18.
Parthsarthi Biswal May 2018 2.5 CEH
19.
Deepika June 2018 2.5 CEH
20.
Snehita July 2018 2.5 CEH
21.
Sheela Aug 2018 2.5 CEH
22.
Pritam Das Aug 2018 2.5 CEH
23.
Faisal Shadab Sep 2018 2.5 CEH, OSCP
24.
Jyoti Sharma Oct 2018 2.0 CEH
25.
Onkar Babar Sep 2013 7+ CEH, ISO 27001
26.
Alok Kumar Jun 2018 4+ CCNA, CEH
27.
Gurpreet Singh June 2018 2+ CEH
28.
Ankur Kumar June 2018 2.5 CEH
30.
Arjit Agrawal July 2015 5.5 CASP
32.
Piyush Garg Jun 2016 4.5 CASP
33.
Antony Ukken Jun 2018 2.5 CASP
34.
Ankur Upadhyay Jun 2018 2.5 CASP
36.
Arnav Shukla Jan 2019 2 CEH
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Carrying out Cyber Security Audit for one of the National Level Power Sector Project
including audit of SCADA system, Project value is approx. 1.3 Crore
• Carried out Infrastructure, Process & Security Audit of one of the competition exam
conducted online. Total Number of Nodes were approx. 2,00,000. 31 different cities with
276 locations. Project value was approx. 70 Lakh
• Carried out IT Security Audit, ISO 25000 for one of the International Stock Exchange.
Project value was approx. 43 Lakhs.
Freeware Tools
Commercial Tools
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
*Information as provided by AKS Information Technology Services Pvt. Ltd. on 26th Oct 2020
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 10
PSU : 02
Private : 19
Total Nos. of Information Security Audits done : 31
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 06
CISAs : 02
DISAs / ISAs : 0
Any other information security qualification : 05
CEH, OCSP : 03
CHFI : 01
Total Nos. of Technical Personnel : 11
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Energy InfoTech Centre (An IT division of Chhattisgarh State Power Company) at Raipur
covering security risk assessment and implementation of ISO 27001 security controls in
DC, DR and services provided by Customer Care Centre and conducting VAPT for large
number of servers and network devices, SAP & other applications at their DC&DR sites,
conducting periodical IT Audits. Project value of Rs. 19,87,140.
• A smart city project involving security assessment (VAPT, Configuration audits) of thick-
clients, SCADA & other IoT devices, web applications, servers, network devices, etc.
• A software development company working for central govt. (ministry) requiring security
audit of website, CMS backend, mobile application (android and iOS).
11. Whether organization has any Foreign Tie-Ups? If yes, give details : NO
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
3 Private For Bombay stock Bombay Stock Exchange We also work with
exchange, we carry Mr. Shivkumar Pandey BSE for providing
out their yearly CISO Shared SOC Services
“Annual Systems for their members
Audit” as per SEBI
circular. Also, we do
SWIFT security audit
for BSE environment
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have partnered with various international security solutions which we are reselling and /
orproviding support in the region. Some of the 3rd party products are:
- IBM QRadar
- HP ArcSight & Fortify
- Qualys
- Tenable Nessus
- Appknox
- Checkmarx
- TripWire
- Cylance
- CyberArk
# UAE
Network Intelligence India Pvt Ltd
803, Blue Bay Tower, Business Bay,
Dubai, United Arab Emirates
# Singapore
Network Intelligence Pte Ltd
30 Cecil Street
#19-08 Prudential Tower
Singapore (049712)
# Netherland
Network Intelligence Europe B.V.
Bezoekadres Herengracht 420,
1017BZ Amsterdam
*Information as provided by <Network Intelligence India Pvt. Ltd.> on <26th October 2020>
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 50+
PSU : 10+
Private : 250+
Total Nos. of Information Security Audits done : 300+
5. Number of audits in last 12 months, category-wise (Organization can add categories based
on project handled by them)
CISSPs : 5+
BS7799 / ISO27001 LAs : 50+
CISAs : 15+
DISAs / ISAs : NA
Any other information security qualification : 400+
(OSCP, CEH, CISM, DCPP etc.)
Total Nos. of Technical Personnel : 600+
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
PwC PL is providing Cyber Security services for the last 20+ years for various clients including
large public sector organizations, State government departments, and Central government
departments in India. As part of our services we perform end to end design implementation,
review and operations services across various aspects of Cyber security.
PwC PL has a dedicated Cyber security lab which is used to provide cyber security assessment
and testing servicesto various clients in India. The lab is equipped with various commercial
tools, freewares and PwC proprietary tools that are used to provide various services.
11. Whether organization has any Foreign Tie-Ups? If yes, give details :
PricewaterhouseCoopers Pvt. Ltd. is a distinct and separate legal entity incorporated under the
Companies Act, 1956 and engaged in rendering advisory and consulting services.
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 760+
PSU : 20+
Private : 232+
Total Nos. of Information Security Audits done : 1012+
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them).
CISSPs : 1
BS7799 / ISO27001 Las : 1
CISAs : 1
DISAs / ISAs : 0
Any other information security qualification : 20
Total Nos. of Technical Personnel : 25
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : 18
PSU : 06
Private : 49
Total Nos. of Information Security Audits done : 73
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them).
CISSPs : 1
CISAs : 11
ISO27001 LAs : 7
BS 10012 : 9
BS25999 : 1
DISAs / ISAs : 2
Any other information security qualification:
1. Certified Ethical Hacker : 3
2. M.Sc/M.Tech- Cyber Forensics and Information Security: 3
3. PG Diploma in Cyber Law : 1
4. System Security Certified Practitioner : 1
5. CloudU : 1
6. CRisc : 1
7. CDCP : 1
8. ECSA : 1
Total Nos. of Technical Personnel : 16
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required) : As per Annexure-1
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
1. Nessus(Commercial)
2. Burpsuite(Commercial)
3. Nmap
4. Nikto
5. Sqlmap
6. John the Ripper
7. Wireshark
8. Hping3
9. SNMP Walk
10. Metasploit
11. W3af
12. Netcat
13. Pdump
14. THC Hydra
15. Acunetix Free Web Application Scanner
16. Dirbuster
17. ZAP
18. PW Dump
19. OWASP Xenotix
20. SEToolikit
21. Aircrack-ng
11. Whether organization has any Foreign Tie-Ups? If yes, give details : No
Back
Annexure-1
6. Pavana Kumar LKG Mushti 6 Years 7 Months 6 Years 7 Months CISA, ISO 27001:2013
Lead Auditor
7. Sreevatchan S 4 Years 1 Month 4 Years 1 Month Certified Ethical Hacker
(C|EH)
10. Madhan Prasad 3 Years 5 Months 3 Years 5 Months M.Tech., M.Sc., Cyber
Forensics & Information
Security
13. Selin Raj 2 Years 6 Months 2 Years 6 Months B.Tech, CEH, M.Sc.,
Cyber Forensics &
Information Security
15. Sowmya Rajan 2 Years 2 Months 2 Year 2 Months CISA, ISO 27001:2013
Lead Auditor
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
STQC-IT
STQC Directorate,
Electronics Niketan, 6 C G O Complex,
Lodhi Road, New Delhi-110003
Govt. : 125
PSU : 20
Private : 40
Total Nos. of Information Security Audits done : 185
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
CISSPs : 0
BS7799 / ISO27001 LAs : 14
CISAs : <number of>
DISAs / ISAs : <number of>
Any other information security qualification : <number of>
Total Nos. of Technical Personnel : 43
7. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
8. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
• Conformity assessment of different eProcurement and auction systems for Coal Auction,
OFB eProcurement, Director General of Hydro Carbon, Non-Coal Mining Lease have been
completed in time bound manner. The systemsare developed by M/S mjunction or M/S
MSTC Kolkata or (n)codeGujratandare being successfully used.
• Security vulnerability assessment for the websites of Govt. of West Bengal, various
PSUs, Indian Embassies / High Commissions at different countries like Germany,
Romania, Sri Lanka, Tajikistan, Vietnam, United Kingdom and Russia Conducted and
certificate issued for ‘safe to host’.
• Security evaluation of IT Security Products like Core Routers, Networks POTP/PTN Access
Systems, SDH/SONET based Optical Networking Equipment, Telecom Element
management , Dos Mitigation Platform etc.based on Common Criteria standards
(https://www.commoncriteria-india.gov.in/product-certified)
• Security vulnerability assessment of servers and network devices for organization like
IRCTC, CRIS, MSRTC, Power Grid Corporation etc. has been completed.
• Security Assessment of different Mobile Apps both on Android and iOS platforms based
on OWASP MASVS 1.2
Freeware: nmap, dirbuster, Paros, SSL Digger, HPing3, WebScarab, SqlMap, BackTrack
Suite, Nipper, OpenVAS
11. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes/No
Back
Snapshot of skills and competence of CERT-In empanelled
Information Security Auditing Organisation
Govt. : ~0
PSU : ~3
Private : ~146
Total Nos. of Information Security Audits done : ~149
5. Number of audits in last 12 months , category-wise (Organization can add categories based
on project handled by them)
1 OSCP 2
2 JD Edwards 1
3 ISO27001 LA/LI 23
4 CEH 8
5 OPSE 2
6 ISO9001 1
7 Six Sigma Green belt / White belt 2
8 ITIL/ISO20000 7
9 SANS GCFA 1
10 ENCE 1
11 ISO 22301 3
12 CCNA/CCNP/CCSA 6
13 CHFI 1
14 EC Certified Incident Handler 1
15 Carbon Black Defence Associate Analyst 2
16 ECSA 2
8. Details of technical manpower deployed for information security audits in Government and
Critical sector organizations (attach Annexure if required)
Experience
S. Name of Duration with in Qualifications related to
No. Employee Protiviti India Information Information security
Security
67 2.08
Pal Pandian N 5.48 -
Neelakantan
68 2 5.4 CISA
Sethuraman
Anish Kumar
107 0.85 9.25 CISA, CRISC, CPISI, CVA, CDPSE
Pandey
Abhinav
108 0.79 2.99
Lakshmikanthan
109 Viral H Shah 0.79 5.99
Akshay
110 Mahendra 0.76 5.16
Upadhye
Roshni Pranna
111 0.76 3.06
Kumar
Doshi Sahil
112 0.75 5.25
Bharat
Rajani Sanjay
113 0.6 1.84
Sagale
Santosh
114 0.68 16.08
Saraswathibatla
Yuvaraj
115 0.66 8.06
Yalamarthi
116 Purna Pragna C R 0.66 11.06 CISM, ISO 27001 LA
117 AAYUSH MITTAL 0.7 2.6 -
118 ABDUL KHADER 0.8 6.8 -
119 HARIN KUMAR 1.3 2.4
MALA
120 0.8 5.4 -
CHENNAIAH
121 RAVURI VENU 0.9 8 -
122 AHAMED SEYED 0.8 6 CISSP
123 SUSOVAN PAUL 0.7 8.5 CEH
124 VIJAYA ANNANGI 0.9 3.9
Automation Anywhere Certified
Advanced RPA Professional
ISO 22301: 2012 LA
ISO/IEC 27001: 2013 LI
ISO/IEC 27001: 2013 LA
ISO/IEC 20000-1:2011 LA
CEH,JNCIA-Cloud,ITIL
125 Alan Janson 1.6 6
Onetrust Privacy Management
Professional, Onetrust Vendor Risk
Management Expert, Big Data
Foundation,CB Protection
Administrator, CyberArk Certified
Trustee, ACE - PAN-OS 7.0
SAP01,FSE,SCP,CCSA,CCNA
9. Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
Specify Largest Project handled in terms of scope (in terms of volume, complexity, locations
etc.) along with project value.
One of the large banks in India -IT Audits including security assessments –Quarterly
assessment of Internal & External VAPT, configuration review of servers network devices and
web application security assessment as well as IT audit (Project duration : 3 years)
One of the largest Pharma companies - Third Party Assessments - Performing IT/IS
reviews of third parties, planned to conduct approximately 2000 assessments a year (Project
duration: 2 years)
One of the leading banks in India – IT Audits: Performingthemed audits across various
areas of information security such as review of critical application review, IT DR assessment,
Robotic Process automation, IT Domain and Email Infrastructure review, IT Network
Management and IT Governance and Information Security.
12. Whether organization has any Foreign Tie-Ups? If yes, give details : Yes
We have alliance partners for tools and technologies that help us deliver the information / cyber
security audits and projects. Some of our alliance partners are: Flexera, Kaspersky etc. Further,
we have a network where in our global offices assist in providing support from a global
technology alliance perspective
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index.
The parent company of Protiviti India Member Pvt. Ltd (headquartered in Gurugram) is
Independent Consultants FZE (Sharjah). Protiviti India Member Pvt. Ltd. is member firm of the
Protiviti Inc. Protiviti Inc. is a wholly owned subsidiary of Robert Half (NYSE: RHI). Founded in
1948, Robert Half is a member of the S&P 500 index. Offices of Protiviti Inc. and the member
firms are spread across 75+ offices across 27 countries.
Australia:-
1. Level 32, 10 Eagle Street, Brisbane, QLD, 4000, Australia
2. Level 12, 14 Moore Street, Canberra, ACT, 2601, Australia
3. Level 39, 140 William Street, Melbourne, VIC, 3000, Australia
4. Level 19, St. Martin's Tower, 44 St. Georges Terrace, Perth, WA, 6000, Australia
5. Level 24, No 1 Martin Place, Sydney, NSW, 2000, Australia.
China:-
6. Unit 718, China World Office 1, No. 1 Jianguomenwai Street, Chaoyang District, Beijing,
China
7. 9th Floor, Nexxus Building, 41 Connaught Road, Central, Hong Kong S.A.R., China.
8. Rm. 1915-16, Bldg. 2, International Commerce Centre, No. 288 South Shaanxi Road,
Shanghai, 200030, China.
9. Unit 1404, Tower One, Kerry Plaza, No. 1 Zhong Xin Si Road, Futian District, Shenzhen,
518048, China.
Japan:-
10. Osaka Center Building 13F, 4-1-3 Kyutaro-machi, Osaka, 27, 541-0056, Japan.
11. Ote Center Building, 1-1-3 Ote-machi, Tokyo, 13, 100-0004, Japan.
Singapore: -
12. 9 Raffles Place, #40-02 Republic Plaza I, 048619, Singapore.
Bahrain:-
13. Platinum Tower, 17th Floor Bldg 190, Road 2803, Block 428, Seef, P.O. Box 10231,
Manama, Bahrain.
France:-
14. 15-19 rue des Mathurins, Paris, 75009, France.
Germany:-
15. Protiviti GmbH, Upper West (27th Floor) Kantstr. 164, 10623, Berlin, Germany.
16. Protiviti GmbH, Kennedydamm 24, 40476, Düsseldorf, Germany.
17. Mainzer Landstraße 50, 60325, Frankfurt, Germany.
18. Sendlinger Straße 12, 80331 München, Germany.
Italy:-
19. Via Tiziano, 32, Milan, MI, 20145, Italy.
20. Via Bissolati 76, Rome, RM, 00187, Italy.
21. Via Viotti, 1, Turin, TO, 10121, Italy
Kuwait:-
22. Al Shaheed Tower, 4th Floor, Khaled Ben Al Waleed Street, Sharq, P.O. Box 1773, Safat,
13018, Kuwait.
Netherlands:-
23. SOM 1 building (Floor M); Gustav Mahlerlaan 32; 1082 MC Amsterdam, Netherlands.
Oman:-
24. Al Ufuq Building, Shatti Al Qurum, P.O. Box 1130, Ruwi, PC 112, Oman.
Qatar:-
25. Palm Tower B, 19th Floor, P.O. Box 13374, West Bay Doha, Qatar.
Saudi Arabia:-
26. Al-Ibdaa Tower, 18th Floor, King Fahad Branch Road, Al-Olaya, Building No. 7906, P.O.
Box 3825, Riyadh, 12313, Saudi Arabia.
South Africa:-
27. Suite 1A, 100 On Armstrong, La Lucia, Durban, 4051, South Africa.
28. 15 Forest Rd, Building 1 Waverley Office Park, Johannesburg, 2090, South Africa.
United Kingdom:
31. Colmore Building, 20 Colmore Circus, Queensway, Birmingham, B4 6AT, United
Kingdom.
32. Whitefriars, Lewins Mead, Bristol, BS1 2NT, United Kingdom.
33. The Bourse, Boar Lane, Leeds, LS1 5EQ, United Kingdom.
34. Protiviti Limited, The Shard, 32 London Bridge Street, London, SE1 9SG, United
Kingdom.
35. 8th Floor, The Zenith Building, 26 Spring Gardens, Manchester, M2 1AB, United
Kingdom.
36. Pinnacle Mews, 1 Grafton Mews, Milton Keynes, MK9 1FB, United Kingdom.
37. Suite B, Ground Floor, The Stella Building, Whitehall Way, Swindon, SN5 6NX, United
Kingdom.
Bulgaria:-
38. 146, Vitosha blvd., entrance B, 3rd floor, office 32, Sofia 1000, Bulgaria.
Egypt:-
39. Cairo Complex, Ankara Street, Bureau 1, Second Floor Sheraton Area, Heliopolis, Cairo,
Egypt.
Switzerland:-
40. Bahnhofpl. 9, 8001 Zürich, Switzerland.
Argentina:-
41. Alicia Moreau de Justo 1150, piso 3, oficina 306A, (CPAAX1107), Dock 8, Puerto Madero,
Ciudad Autónoma de Buenos Aires, Argentina.
Brazil:-
42. Rua Antonio de Albuquerque, 330, 8º andar Savassi, Belo Horizonte, MG, Brazil
43. Av. Rio Branco, 109, Cj. 702, 7º andar, Rio de Janeiro, RJ, 20040-004, Brazil.
44. Rua James Joule 65-5º andar, Sao Paulo, SP, 04576-080, Brazil.
Chile:-
45. Alonso de Córdova 5320, Off 1905 Las Condes, Santiago, RM, Chile.
Mexico:-
46. Paseo de la Reforma 243 P18, Mexico, DIF, 06500, Mexico.
Peru:-
47. Amador Merino 307 Of. 501, 27, LIM, 15046, Peru.
Venezuela:-
48. Av. La Estancia, CCCT Pirámide Invertida, Piso 6, Oficina 612, Urb. Chuao, Municipio
Chacao Codigo Postal 1064 Estado Miranda Caracas, Venezuela.
Colombia:-
49. Calle 95 con Carrera 15, Edificio 14-48, Oficina 305, Bogota, 110221, Colombia.
Canada:-
50. 487 Riverbend Dr, 3rd Floor, Kitchener, ON, N2K 3S3, Canada.
51. 1, Place Ville Marie, Suite 2330, Montréal, QC, H3B 3M5, Canada.
52. Brookfield Place, 181 Bay Street, Suite 820, Toronto, ON, M5J 2T3, Canada.
United States:-
53. 1640 King Street Suite 400, Alexandria, VA, 22314.
54. Regions Plaza, 1180 West Peachtree St., NE Suite 400, Atlanta, GA, 30309.
55. 1 East Pratt Street, Suite 900, Baltimore, MD, 21202.
56. Oliver Street Tower, 125 High Street, 17th Floor, Boston, MA, 02110.
57. 201 South College Street, 15th Floor, Suite 1500, Charlotte, NC, 28244.
58. 101 North Wacker Drive, Suite 1400, Chicago, IL, 60606.
59. PNC Center, 201 E. Fifth Street Suite 700, Cincinnati, OH, 45202.
60. 1001 Lakeside Avenue, Suite 1320, Cleveland, OH, 44114.
61. 13727 Noel Road, Suite 800, Dallas, TX, 75240.
62. 1125 Seventeenth Street, Suite 825, Denver, CO, 80202.
63. 200 E. Broward Blvd, Suite 1600, Ft. Lauderdale, FL, 33301.
64. 600 Travis Street, 8th Floor, Houston, TX, 77002.
65. 135 N. Pennsylvania St, Suite 1700, Indianapolis, IN, 46204
66. 9401 Indian Creek Parkway, Suite 770, Overland Park, KS, 66210
67. 400 S. Hope Street, Suite 900, Los Angeles, CA, 90071.
68. 411 E. Wisconsin Avenue, Suite 2150, Milwaukee, WI, 53202-4413
69. 225 South Sixth Street, Suite 1730, Minneapolis, MN, 55402
70. 888 7th Ave 13th Floor, New York, NY, 10106
71. 301 E. Pine St, Suite 225, Orlando, FL, 32801
72. 1700 Market Street, Suite 2850, Philadelphia, PA, 19103
73. Airport Tech Center 4127 E. Van Buren Street, Suite 210, Phoenix, AZ, 85008
74. 1001 Liberty Ave, Suite 400, Pittsburgh, PA, 15222
75. 222 SW Columbia St, Suite 1100, Portland, OR, 97201
76. 1051 East Cary St., Suite 602, Richmond, VA, 23219
77. 2180 Harvard St., Suite 250, Sacramento, CA, 95815
78. 3451 N. Triumph Blvd., Suite 103, Lehi, UT, 84043
79. 555 Market Street, Suite 1800, San Francisco, CA, 94105
80. 10 Almaden Blvd., Suite 900, San Jose, CA, 95113.
81. 601 Union St., Suite 4300, Seattle, WA, 98101
82. 1401 S. Brentwood Blvd, Suite 715, St. Louis, MO, 63144
83. 263 Tresser Blvd., 12th Floor, Stamford, CT, 06901
84. Corporate Center III, 4221 Boy Scout. Blvd., Suite 450, Tampa, FL, 33607
85. 1751 Pinnacle Dr., Suite 1600, Mclean, VA, 22102
86. 131 Frogale Ct., Winchester, VA, 22601
87. 10 Woodbridge Center Dr., Woodbridge, NJ, 07095
Switzerland:-
88. Bahnhofpl. 9, 8001 Zürich, Switzerland
India:-
89. 77º Town Centre, Ground Floor (East Wing), Building 3 Block B, Divyasree Technopolis
Yemalur, Bengaluru, KA, 560037, India
90. 4th Floor, A Wing, Alexander Square, No 2, Sardar Patel Road, Little Mount, Guindy,
Chennai, TN, 600032, India
91. Q City, 5th Floor, Block A, Survey No. 109, 110 & 111/2, Nanakramguda Village,
Serilingampally Mandal, R.R. District, Hyderabad, TG, 500 032, India
92. PS Srijan Corporate Park, 1001B, 10th floor, Tower-2, Plot No. 2, Block EP & GP, Sector
–V, Salt Lake City, Kolkata, WB, 700091, India
93. 1st Floor, Godrej Coliseum, Unit No 101, B Wing, Somaiya Hospital Road, Sion (East),
Mumbai, MH, 400 022, India
94. 15th Floor, Tower A, DLF Building No. 5, DLF Phase III, DLF Cyber City, Gurgaon, HR,
122002, India
Back
Top-
PAGE LEFT BLANK
SCHEDULE - A
Name of Work: - “Name of the work as given in Schedule-A Sr. No. 1” Tender No.:
“Tender No. as given in Schedule-A Sr. No. 2”
Note: To be read in conjunction with the Terms & conditions (Section-I, Section-II,
Section-III & Section-IV of the Tender against the sections referred below.
Note 1: Form D for concessional duty shall not be applicable for AAI for exemption or reduction in
Govt. Duties.
Note 2: Use of erasers, over writing and or corrections in the price Bid should be avoided. However, in
case it becomes unavoidable to use any of these for correction, the same must be
authenticated by the person signing the bid with his signature.