Selection of Third Party Auditor for Telangana State Data Centre

(1)

Request for Proposal (RFP)

for

Selection of Third Party Auditor for Telangana State Data Centre

Tender Reference No.: TSTS/IIP/213/TSDC-TPA/2020 December, 2020

Proprietary & Confidential

Telangana State Technology Services Limited,

2^nd Floor, HACA Bhavan, Opp. Assembly, Nampally, Hyderabad, Telangana, 500004, India

Telephones: 91 (40) 23220305, (40) 23228057

(2)

Page 2 of 55

Important Information

1) ProjectName : Selection of Third Party Auditor for the audit of Telangana State Data Centre

2) Bid Reference No. : TSTS/IIP/213/ TSDC-TPA/2020

3) Bid Calling Date : ^31.12.2020

4) Pre Bid queries submission by Email : 05.01.2021@02.00 PM

5) Last Date of Sale of tender document : 12.01.2021 @ 02.00 PM

6) Last Date of Bid Submission : 12.01.2021@ 04.00 PM

7) Venue of Submission : Telangana State Technology ServicesLtd., 2^nd Floor, HACABhavan, Opp. Assembly, Nampally, Hyderabad – 500004.

8) Cost of Tender document : Rs.10,000/- to be procured from TSTS Office or can be downloaded

From website www.tsts.telangana.gov.in, (for Downloaded RFP document bid

Should accompany with DD towards the cost of the tender document.

Original tender document duly Signed on each page to be submitted by the bidder).

9) Earnest Money Deposit : Rs.5,00,000/- (Rupees Five lakh only) Note: The Original DD/BG of

EMD and Tender fees must be submitted at TSTS within two days of closing bid submission.

(4)

Page 4 of 55

Terms and Definitions

1. “Authorized Representative” shall mean any person authorized by either of the parties.

2. “Bidder” means any firm offering the solution(s), service(s) and /or materials required in the RFP. The word Bidder when used in the pre-award period shall be synonymous with Bidder, and when used after award of the Contract shall mean the successful Bidder or Vendor with whom Telangana Technology Services on behalf of the ITE & C Department, Government of Telangana shall sign the agreement for rendering of TPA services.

3. “Contract” is used synonymously with Agreement.

4. “Default Notice” shall mean the written notice of Default of the Agreement issued by one Party to the other in terms hereof.

5. “Fraudulent Practice” means a misrepresentation of facts in order to influence a procurement process or the execution of a Contract and includes collusive practice among Bidders (prior to or after Bid submission) designed to establish Bid prices at artificial non- competitive levels and to deprive the Government of Telangana of the benefits of free and open competition.

6. “GoI” shall stand for the Government of India.

7. “GoTS” shall stand for the Government of Telangana.

8. “TSTS” shall stand for the Telangana State Technology Services Limited.

9. “Contract Period” shall mean the period from the date of signing of the Agreement and up to the completion of time period of contract.

10. “ITIL” means Information Technology Infrastructure Library (ITIL) 11. “CISA” means Certified Information Systems Auditor

12. “ISO 27001 LA” means certification specialized in Information security management systems (ISMS) certified Lead Auditor

13. "Law" shall mean any Act, notification, bye law, rules and regulations, directive, ordinance, order or instruction having the force of law enacted or issued by the Central Government and/ or the GoTS or any other Government or regulatory authority or political subdivision of government agency.

14. “LoI” means issuing of Letter of Intent which shall constitute the intention of the Tenderer to place the Purchase Order with the successful bidder.

15. "Party" means TSTS on behalf of GoTS or Bidder, individually and “Parties” mean TSTS on behalf of GoTS and Bidder, collectively.

16. “Request for Proposal (RFP)”, means this detailed notification seeking a set of solution(s), services(s), materials and/or any combination of them.

17. “Requirements” shall mean and include schedules, details, description, statement of technical data, performance characteristics, standards (Indian as well as International) as applicable and specified in the RFP.

18. "Service" means provision of Contracted service as per this RFP.

19. “Site” shall mean the location(s) for which the Contract has been issued and where the service shall be provided as per agreement.

20. “State” shall mean the State of Telangana.

21. "Third Party Agency" means the successful bidder, appointed by TSTS on behalf of GoTS for audit of State Data Centre operations.

22. “Termination Notice” means the written notice of termination of the Agreement issued by one Party to the other in terms hereof.

23. “DCO” means Data Centre Operator.

24. “IT Audit” means Audit activities performed in the areas of IT/IS Infrastructure/IT Systems/IT Operations /Processes & Policies /Standards, Security /SLA

25. ”QGR” Quarterly Guaranteed Revenue.

(5)

Page 5 of 55

Section – 1

(6)

Page 6 of 55

1. Preamble

Telangana is the 29th state of India, formed on the 2nd of June 2014. The state has an area of 1, 12,077 Sq. Km. and has a population of 3, 52, 86,757. The Telangana region was part of the Hyderabad state from Sept 17^th1948 to Nov 1st 1956, until it was merged with Andhra state to form the Andhra Pradesh state. Telangana is surrounded by Maharashtra and Chhattisgarh in the North, Karnataka in the West and Andhra Pradesh in the South and East directions. Major cities of the state include Hyderabad, Warangal, Nizamabad and Karimnagar. The State is divided into 33 Districts, SHQ-Hyderabad, 33-DHQ, RDO – 71Nos, 590Mandal’s with the capital at Hyderabad. Government of Telangana has taken up the task of Districts reorganization of the existing districts, for better administration and development of the areas. After District reorganization 23 new districts have been created with 156 new Mandal’s.

State Data Centre (SDC) has been identified as one of the important element of the core infrastructure for supporting e-Governance initiatives of NeGP. Under NeGP, it was proposed to create State Data Centres for the States to consolidate services, applications and infrastructure to provide efficient electronic delivery of G2G, G2C and G2B services.

These services can be rendered by the States through common delivery platform seamlessly supported by core Connectivity Infrastructure such as State Wide Area Network (SWAN) and Common Service Centre (CSC) connectivity extended up to village level. State Data Centre would provide many functionalities and some of the key functionalities are Central Repository of the State, Secure Data Storage, Online Delivery of Services, Citizen Information/Services Portal, State Intranet Portal, Disaster Recovery, Remote Management and Service Integration. Under NeGP Data Centre has been setup in the year 2011 spans about 1900 Sq. Ft of server farm area located in a highly secure location with24x7 surveillance.

The State Data Centre is a key-supporting element of e-Government Initiatives &

businesses for delivering services to the citizens with greater reliability, availability and serviceability. SDC provides better operations & management control and minimizes overall cost of Data Management, IT Management, Deployment and other costs.

State Data Centre acts as a mediator and convergence point between open unsecured public domain and sensitive government environment. It enables various State departments to host their services/applications on a common infrastructure leading to ease of integration and efficient management, ensuring that computing resources and the support connectivity infrastructure (SWAN/NICNET) is adequately and optimally used.

The SDC will be equipped to host / co-locate systems (e.g. Web Servers, Application Servers, Database Servers, SAN, and NAS etc.) to host applications at the SDC to use the centralized computing power. The centralized computers/Servers will be used to host multiple applications. SDC will have high availability, centralized authenticating system to authenticate the users to access their respective systems depending on the authentication matrix. Presently M/s. Wipro Ltd. has taken up the contract for operation & maintenance of IT-Non IT infrastructure and FM services of TSDC.

(7)

Page 7 of 55

Section-2

(8)

Page 8 of 55

2. Third Party Auditor (TPA)

TSTS on behalf of Department of Information Technology & Communication, Government of Telangana intends to hire Third Party Auditor for the State Data Centre project. TPA is required to perform audit activities as per the scope of work given in this RFP and TPA is required to audit the work of respective service providers at SDC inline to their respective contracts and RFPs. It is therefore essential for the bidder to understand the requirement of TSTS before bidding, the RFP/Contract document of the respective service providers shall be provided to the successful bidder.

The selected TPA shall have to undertake auditing of TSDC as per the tender conditions for a period of 3 years from date of agreement and can be extended for another one year.

The TPA Agency is required to provide dedicated manpower for entire contract period to TSTS with necessary tools to monitor various performance parameters. The access to BMS and systems related at the Data Centre shall be provided to the new TPA. During the tenure of the contract the TPA team members will be deployed exclusively for this project and cannot be shared for other activities by the bidder. In the event of non-availability of the committed manpower on account of attrition or other cause, the TPA must inform the same in writing to TSTS with a suitable replacement person with equivalent or higher qualification and experience. Their placement must be done within10 working days of an attrition.

TSTS/GoTS shall provide office space at the State Data Centre, TSIIC Zonal Office, Financial District, Nanakramguda, Hyderabad – 500008 with facilities like workstation, internet, printer, power connection etc. and other facilities like laptop. Data card, Mobile phone etc. shall be TPA’s responsibility.

The broad objective of having TPA:

• The Data Center operations and management control processes are adequate and functioning as intended.

• Administrative control of data and its confidentiality, security and privacy is with the State Government de-jure and de-facto.

• Interaction with the various stakeholders occurs as needed.

• Risks are appropriately identified and informed.

• The Data Center Operator’s and service provider’s actions are in compliance with the laid down policies, standards, procedures, and applicable laws and regulations of the Country.

• Quality and continuous improvement are fostered in the SDC operations and management processes.

• Opportunities for improving the processes, policies, standards, administrative and management control, and the data center’s buy-in for the line department may be identified during audits. They will have to be communicated to the TSTS/

Department of ITE&C, GoTS.

• TPA will carry out the activities as per agreement and submit all the mentioned deliverables within the stipulated timeframe. TPA will ensure that the timelines will be adhered to. If there are any perceived slippages on the time lines, TPA would deploy additional manpower, free of any additional charges.

(9)

Page 9 of 55

• TPA will make the best effort to ensure that the quality of deliverables meets the expectations.The successful bidder would get the relevant sections of system integrator RFP, Agreement, etc. from the TSTS.

• The TPA will share all intermediate documents, drafts, reports, VA scan report and any other item related to this assignment, if requested by TSTS. No workproducts, methodology or any other methods used by the TPA should bedeemed as proprietary and non-shareable.

• TPA shall organize weekly/fortnightly review meetings to review functionality issues and progress of work as per pre-defined schedule. The frequency ofmeetings will be intimated by the TPA in consideration of requirements in theinterest of the project. TPA would prepare the minutes of the review meetings mentioning the issues discussed, decisions taken on them and appropriate levelat which these required to be resolved.

• TPA shall submit 1 set of hardcopy and softcopies of all the deliverables to TSTS.

• TPA will recommend Opportunities for improving the processes, policies, standards, administrative and management control if any.

(10)

Page 10 of 55

2.1. TPA’s Scope of Work

The core objective of TPA is to provide objective assurance and audit services designed to monitor and the conformance by the operator and add value to improve the TS SDC.

2.1.1. TS SDC

Scope Overview: The core objective for TPA is to provide audit services designed to monitor and assess the conformance by the TPA and add value to improve the State Data Centre operations. It helps the State accomplish the State Data Centre by bringing a systematic, disciplined approach to evaluate and improve the Effectiveness of infrastructure, operations, service level management, control and governance processes.

The third party audit agency (TPA) will audit the operations and management, security and compliance with standards and processes of the Telangana State Data Centre. The audit report prepared by TPA shall form the basis for payments to the Data Centre Operator during the operation phase.

The TPA services for each project will be made effective from the date of Operation and Management of the respective Project and on deployment of manpower by the TPA agency for the respective project as per the instructions of TSTS

The successful bidders would need to:

i) Study the SDC RFP and the contract signed between the TSTS and DCO for Operation and Management, the respective MoUs signed.

ii) Study the SDC policy guidelines, architecture, design and the services envisaged, processes, helpdesk procedures and security policy of the data center.

iii) Understand the roles and responsibilities of various stakeholders such as ITE&C Department, TSTS, Data Centre Operator, user departments etc.

iv) Study the SLA’s between different stakeholders.

v) Study the proposal of engaged Data Centre Operator with TSTS to understand its offering, value add and SLA commitments.

The following activities, but not limited to, has to be performed by the selected Third Party Auditor (TPA)

1. Audit framework design

2. State Data Centre Infrastructure Audit

3. Operations and Management Process and Control Audit 4. SLA Monitoring Audit

5. Security and compliance Audit 6. Exit management plan

1. To understand the project TPA is required to

• Study the contract signed between the TSTS on behalf of ITE&C Department, GoTS and the TS SDC Operator.

• Study the network architecture & design and the services envisaged for TS SDC.

• Review communication process among the stake holders TSTS / ITE&C Dept., SDC operator.

• Review of the escalation mechanisms being followed to resolve any issues between the TSTS / ITE&C Dept. and the SDC Operator.

(11)

Page 11 of 55

2. Audit framework design:

To ensure the consistency and comparability of the audit on a regular basis, the TPA must establish an audit methodology in discussion with the State ITE&C Department and TSTS and would need to study the proposal of engaged Data Centre Operator with the ITE&C Department and TSTS to understand its offering and SLA commitments. After its study, the TPA would

a. Create a framework and procedure for carrying out the audit. In cases of significant non-compliance, establish a mechanism to resolve audit observations.

b. Prepare various templates required to be filled in by the various stakeholders involved in the audit process.

c. Prepare annual audit plan including stated audit areas and controls.

3. State Data CentreInfrastructure Audit:

The following major activities have to be performed:

i. TPA shall undertake audit for physical and IT infrastructure including verification of completeness of inventory and asset bill of material for the State Data Centre.

ii. TPA would define and audit the control points for inventory audit at the State Data Centres in the State.

iii. TPA shall appraise the State about the health of the components through reports indicating the capacity utilization and corresponding scalability requirements.

iv. TPA shall audit the consumables within the SDC such as Electricity, Diesel, Bandwidth cost etc.

v. Effective utilisation of licenses and their future procurement etc.

vi. TPA shall include audit of DCO's recommendations to the state for capacity planning and upgrades as per the requirements of the state.

vii. TPA shall be responsible for time-to-time verification of newly purchased (on notification to TPA from TSTS/ITE&C Department) IT hardware and software products for TSDC and DR sites of ITE&C Department. TPA shall submit the FAT certificate to ITE&C Department within 7 days

viii. TPA audit shall also cover obsolescence of the physical & IT infrastructure as per the policy defined by the State. The audit report shall provide details of the infrastructure components that are due for obsolescence and provide recommendations for upgrade / refresh of infrastructure components and plan for disposal of obsolete infrastructure components

ix. TPA shall also conduct one time audit of data center for recommendations on obsolete critical items and suggestions on specifications for suitable replacement of equipment without any much impact on data center service. This one time audit shall be conducted during the first quarter after signing the agreement.

4. Operations and Management Process and Control Audit:

a. The TPA would audit the overall Physical and IT infrastructure management processes as per ISO 20000 framework including Monitoring, Maintenance and Management of the entire Data Centre and audit of the Helpdesk provided by DCO and provide recommendations to the TSTS / ITE&C Dept.

(12)

Page 12 of 55

b. It would review and analyse the services provided through SDC and its delivery mechanisms to different line departments & post analysis of the same, would submit a report with recommendations to the TSTS / ITE&C Dept. It would review the Change Management, communication plan, configuration management, availability management, service level management etc. to ensure proper processes are in place for SDC operation and maintenance.

c. Audit the capacity & utilization plan developed by the Date Centre Operator (DCO) and identify gaps.

d. Audit the exit process for the DCO with keeping the transition processes and timelines in mind.

e. TPA would also audit the process & controls followed by the DCO in order to ensure smooth & seamless integration of SDC with other projects

5. SLA Monitoring Audit:

The TPA would perform SLA audit every quarter to review and monitor the performance with reference to the SLA including audit the services (such as call resolution etc.) and overall uptime of data centre. Subsequently, TPA would carry out the following tasks:

i. TPA shall tabulate, in a template, all possible measurable parameters as defined in the SLA. These parameters shall be checked with random performance indicator against each parameter as reflected in the EMS/BMS being used to monitor the services. TPA shall collate the results in a report and submit to the TSTS / ITE&C Dept.

ii. TPA shall also review the configuration/deployment parameters of the EMS/BMS against the configuration report

iii. TPA shall pro-actively convey to the stakeholders any concerns based on the configuration of or information generated through EMS/BMS.

iv. TPA shall review the SLA performance on a quarterly basis and compute penalty for SLA non- compliance on the quarterly payment to be paid to the DCO in line with the agreed SLAs and payment terms &conditions.

v. TPA audit would also verify the parameters of the SLA, which cannot be monitored using BMS/EMS

vi. TPA shall review the helpdesk procedures established by the DCO and submit a Quarterly Report with recommendations to ITE&C Dept/TSTS.

vii. Helpdesk must be implemented in line with ITIL leading practices for service delivery and must necessarily be integrated with the EMS for ensuring 360° functionality including monitoring and managing.

6. Security and Compliance Audit:

a. TPA shall perform security audit of the SDC as per ISO 27001 framework and also as per the orders/guidelines issued by the Central/State Government, Cert-In/ MeitY, review the information security policy, and provide recommendations to ITE&C Dept/TSTS so as to ensure integrity, confidentiality and availability of information and resources.

b. TPA would review the security measures followed by the Data Centre Operator to ensure that the applications being hosted are free of vulnerabilities.

c. The TPA shall provide recommendations to ITE&C department regarding the expiry of security audit compliance certificates of applications hosted at TSDC, one month before expiry of such certificates.

(13)

Page 13 of 55

d. TPA shall conduct the vulnerability assessment & penetration testing on the SDC Physical IT Infrastructure and share the results with ITE&C Dept/TSTS.

e. TPA shall conduct Internal Audits of ISMS as per the requirements of ISO 27001

7. Exit Process Support:

This role is envisaged with the objective of ensuring preparedness of TSTS at all the time for any eventuality resulting in termination of contract.TPA audit includes support/advice in the event of exit of the data center operator. The agency would:

a. Review the exit process as per the contract.

b. Advise TSTS on documentation, process and procedures necessary for taking over the SDC from the operator.

c. Provide advisory support during the transition period from the current operator to the new operator.

d. Conduct audit readiness of TSTS for such an eventually on a yearly basis.

e. Support for smooth transition from existing DCO to newly identified DCO.

2.1.2. TSTS / ITE&C Dept. / DCO Obligation:

DCO will deploy SLA Management Tools as provisioned in DCO’s RFP. Tool should be equipped with adequate licenses. TSTS / ITE&C Dept. / DCO will provide complete access to all the tool and relevant product information to the TPA.

Any relevant documentation required to perform above Services such as logs, reports, system documentation, procedures should be made available to the TPA. Make available in a timely manner all relevant documentation and ensure access to relevant staff and management.

However, any tool for VA and penetration testing, desktop/laptop and any logistics requirements would need to be arranged by TPA.

(14)

Page 14 of 55

2.2. TPA Deliverables

2.2.1. Key deliverables of the TPA for TSDC:

S.No Audit Area Deliverables Periodicity

1. Audit Activity

Audit framework, Audit plan, related procedures and templates incorporating following but not limited to:

• Audit assessment parameters based on ISO 20000, ISO 27000, ITIL Standards, state policies and guidelines

• Tabulation of measurable parameters for SLA audit

• Ensure mapping of the SLA conditions and limits onto EMS/BMS

• Review of processes of interaction between TPA, DCO, TSTS and User departments

• Template for reports to be submitted by the DCO to TPA agency on a regular basis

• Also make sure that EMS reports are not modified

Once (subject to annual review) every year it would be reviewed internally and need to be

updated for new checkpoints etc

2.

SDC

Infrastructure Audit

• Inventory audit report including executive summary, checklist and compliance including but not limited to IT and Non-IT Infrastructure.

Quarterly

3.

Operations &

Management process &

control

Audit report including but not limited to following checkpoints related to processes followed by the DCO for its Data Centre management deliverables:

Data centre management team, skills, facility management services, change management procedures, IT Infrastructure operations – hardware, software and FMS, Electricity and Diesel consumption, backup procedures, antivirus measures, trainings, network and security administrations,

Quarterly

(15)

Page 15 of 55

S.No Audit Area Deliverables Periodicity

performance monitoring, capacity Utilization, web security, documentation related to applications hosted from various departments etc. The audit report shall also emphasize specifically the efficiency of incident management and asset management

4. SLA Audit

Quarterly SLA audit report:

Audit report should include all the SLA parameters as agreed

by the DCO, its

conformance/deviation to the SLA and recommend penalties and payment for the DCO for its quarterly payments

Quarterly

5.

Security and Compliance Audit

Security audit reports including but not limited to the following check points/controls:

• Vulnerability assessment and penetration testing.

The final Report and Executive Summary should include: identification of vulnerabilities, evaluation of potential risks, prioritization of risks. VA/PT tools should be Non-intrusive and non- destructive. The tool, test schedule and potential impact to be approved by TSTS.

• Compliance to SDC and Cert-In Policy guidelines

• Internal ISMS Audit in compliance to ISO 27001 Standard

Quarterly

6. Reporting

&Updates

TPA would be responsible for periodic reports preparation which will be sent to the TSTS in prescribed formats from time to time for information.

Quarterly / As and when required – within 10 days of request from TSTS

7.

Exit

Management Plan

TPA shall submit the Exit Management Plan within 90 days from the date of signing contract

Once- every year

(16)

Page 16 of 55

2.3. Key Resource Requirement

S.No Criteria No. of Resources

1 IT Senior Auditor – SDC – with 5 Years of experience I. Education Qualification: B.E/B.Tech (CSE/IT/ECE)

/ MBA

II. Experience in IT Audit / TPA Projects: More than 3 Years

III. Certifications: CISA / CEH / ECSA / ISO 27001 Lead Auditor/ Six Sigma – Black Belt

1

2 IT Auditor – SDC – with 3 Years of experience i. Education Qualification:

B.E/B.Tech(CSE/IT/ECE)

ii. Experience in IT Audit Projects: More than 2 Years

iii. Experience in IT Auditprojects such as SWAN / SDC /e-Governance project management iv. Certifications: CISA/CEH/ECSA / ISO 27001 /

ITIL / Six Sigma- Black Belt

1

Note: In case there is requirement of additional resource for work completion / deliverable submission TPA may deploy the same without any additional cost.

Minimum requirement of onsite resource to be deployed is 2 and TPA / Bidder will not be paid for any additional resource as it is TPA / bidder responsibility to in time complete work / deliverables.

2.4. Contract period

The period of contract shall be for a period of Three (3) years from the date of successful execution of the contract. The period may be extended for further periods on mutual agreement by both the parties with same terms and conditions.

(17)

Page 17 of 55

Section-3

(18)

Page 18 of 55

3. Bidding Details

3.1. The bidding details shall be as per the following table:

S.No Heading Details

1.

EMD

(Online Payment/BG/DD)

Rs.5,00,000/-

Note: Scanned copy of EMD document should be uploaded on e-Procurement website. The Original Copy of EMD should be submitted to TSTS within 2 Days of due date and time for submission of Bids.

2.

EMD Validity Period Demand Drafts with 3 months or more validity will be accepted as EMD. Date on DD should be later date than the date of issue of pre-bid minutes.

Bank Guarantees (Nationalized/Scheduled) that are payable at Hyderabad Branches only will be accepted.

BG Validity should be up to 180 days from the due date for submission of bid.

3. Bid Validity Period 180 days from the date of opening of bids

4. Tender fee/ Bid Document fee

Tender document can be purchased from TSTS office, Hyderabad between 10:30 am to 5 pm every day except for Sunday and public Holidays, on payment of Rs.

10,000/- (Rupees Ten Thousand Only) in the form of Demand Draft or Banker’s cheque drawn on/issued by any Nationalized/Scheduled Indian Bank in favor of:

“The Managing Director, Telangana State Technology Services Limited”, payable at Hyderabad.

The tender document can also be downloaded from

http://www.tsts.telangana.gov.in and

https://tender.telangana.gov.in. In such case, the scanned copy of DD/Banker’s Cheque for an amount of Rs. 10,000/-(Rupees Ten Thousand Only) drawn in favor of: “The Managing Director, Telangana State Technology Services Limited”, payable at Hyderabad would be required to be uploaded in the Telangana e-Procurement website and the original DD/Banker’s cheque must be submitted to TSTS before the bid submission date.

5. Transaction Fee

Transaction fee: All the participating bidders who submit the bids have to pay an amount @ 0.03% of their final bid value online with a cap of Rs. 10,000/- for quoted value of purchase up to Rs.50 crores and Rs.25000/- if the purchase value is above Rs.50 crores & service tax applicable @ 15% as levied by Govt. of India on transaction fee through online in favour of MD, TSTS.

The amount payable to TSTS is non-refundable.

Corpus Fund: Successful bidder has to pay an amount of 0.04% on quoted value through demand draft in favor of The Managing Director, TSTS, Hyderabad towards corpus fund at the time of concluding agreement.

6. Transaction Fee Payable to The Managing Director, Telangana State Technology Services Ltd., Hyderabad

7. Period for furnishing Within 15 days from date of receipt of Notification of

(19)

Page 19 of 55

performance security Award 8.

Performance security value 10% of Contract Value in favor of “The Managing Director, TSTS” from any Nationalized / Scheduled Bank.

9. performance security validity period

90 days beyond Contract period

10.

Date of signing contract

Within 21 days from date of receipt of Notification of Award of award, The successful bidder will sign the contract with TSTS.

11. Deployment of Manpower As per RFP/Contract Agreement.

12. Bid submission

Online(e-Procurement).

Bidders are requested to submit the bids after issue of Clarifications / Amendments on the Tender document duly considering the changes made,. if any, through e- mail. Bidders are totally responsible for incorporating/complying the changes/amendments issued if in the pre-bid queries in their bid.

13. Procedure for Bid submission

Bids shall be submitted online on tender.telangana.gov.in platform

1. The participating bidders in the tender should register themselves free of cost on e-procurement platform in the website www.tender.telangana.gov.in.

2. Bidders can log-in to e-procurement platform in Secure mode only by signing with the Digital certificates.

The bidders who are desirous of participating in e- procurement shall submit their technical bids, price bids as per the standard formats available at the e- market place.

4. The bidders should scan and upload the respective documents in Pre-Qualification and Technical bid documentation as detailed in the RFP including EMD.

The bidders shall sign on all the statements, documents certificates uploaded by them, owning responsibility for their correctness/authenticity.

The rates should be quoted in INR only 14. Conditional bids Not accepted, liable for Rejection

15. Other conditions

1. After uploading the documents, the copies of the uploaded statements, certificates, documents, original Bid Security (EMD) (except the Price bid/offer/break-up of taxes) are to be submitted by the bidder to the O/o The Managing Director, TSTS, BRKR Bhavan, Hyderabad within 2 days of bid submission.

Failure to furnish any of the uploaded documents, certificates, will entitled in rejection of the bid. The TSTS shall not hold any risk on account of postal delay. Similarly, if any of the certificates, documents, etc., furnished by the Bidder are found to be false / fabricated / bogus, the bidder will be disqualified, blacklisted, action will be initiated as deemed fit and the Bid Security will be forfeited.

(20)

Page 20 of 55

2. TSTS will not hold any risk and responsibility regulating non- visibility of the scanned and uploaded documents.

3. The Documents that are uploaded online on e- market place will only be considered for Bid Evaluation.

4. Important Notice to Contractors, Suppliers and Department users

(i)In the endeavor to bring total automation of processes in e- Procurement, the Govt. has issued orders vide G.O.Ms.No. 13 dated. 5.7.2006 permitting integration of electronic Payment Gateway of ICICI/HDFC/Axis Banks with e-Procurement platform, which provides a facility to participating suppliers / contractors to electronically pay the transaction fee online using their credit cards.

5. In case of consortium either the prime bidder or the consortium partner can purchase the bid document.

The bid can be filed either with user ID of prime bidder or consortium

partner.

16. Key resource details

a. The bidder must provide the detailed CVs of the key resources for project proposed. Any changes in the resource profiles subject to approval from TSTS. The CVs should be provided in the format as given in Annexure.

b. Besides the bidder must also provide the number of the other resources it proposes to deploy for the project and their profile.

c. Bidder should also provide the resource deployment plan for the duration of the project. The resource deployment plan should give the number of man months of the core resources and other resources proposed.

17. Financial Bid

Bid shall be submitted in e-procurement portal only.

The bid should be comprehensive and inclusive for all the services to be provided by the bidder as per scope of his work. The payments would be made to selected bidder on the basis of the bid and further negotiations between the department and the bidder only. No separate payment shall be made for services that are to be delivered by the vendor as part of his scope of work for this project other than the fixed payment for certain deliverables as detailed in the scope of work and the payment terms of the bidder.

a. Any revision in the rates of taxes, duties, charges and levies at a later date and during the tenure of the bid will be paid on actual.

b. The bidder shall be responsible for the costs towards travel/stay, daily allowance or any other allowances with respect to their staff deployed with respect to the execution of this project before or

(21)

Page 21 of 55

after the award of the contract.

18. Other conditions

1.After uploading the documents, the copies of the uploaded statements, certificates, documents, original Demand Drafts / BG in respect of Bid Security (except the Price bid/offer/break-up of costs and taxes) are to be submitted by the bidder to the O/o The Managing Director, TSTS, 2nd Floor, HACA Bhavan, Hyderabad within two working days from the date of bid submission.

2. Failure to furnish any of the uploaded documents, certificates, will entitled in rejection of the bid.

Similarly, if any of the certificates, documents, etc., furnished by the Bidder are found to be false / fabricated / bogus, the bidder will be disqualified, blacklisted, action will be initiated as deemed fit and the Bid Security will be forfeited.

3. TSTS will not hold any risk and responsibility regulating non-visibility of the scanned and uploaded documents.

4. The Documents that are uploaded online on e-market place will only be considered for Bid Evaluation.

5. Important Notice to Contractors, Suppliers and Department users (i)In the endeavor to bring total automation of processes in e-Procurement, the Govt.

has issued orders vide G.O.Ms.No.13 dated. 5.7.2006 permitting integration of electronic Payment Gateway of ICICI/HDFC/Axis Banks with e-Procurement platform, which provides a facility to participating suppliers / contractors to electronically pay the transaction fee online using their credit cards.

3.2. Clarifications on Tender Document

The bidders may seek clarifications on Tender document, if any through eMail before the due date and time specified. TSTS may incorporate any changes in the RFP based on acceptable suggestions received. The decision of the TSTS regarding acceptability of any suggestion shall be final and shall not be called upon to question under any circumstances. The prospective Bidders shall submit their queries / clarifications in writing not later than Date and Time indicated in this RFP. Responses will be conveyed to all the prospective Bidders (by way of hosting amendments/ clarifications on the website i.e. at http://www. tsts.telangana.gov.in) and no participant would be intimated individually about the response of the TSTS. The queries shall be submitted in the following format for clarifications.

S.No Section No. Clause No. Reference/Subject Clarification Sought

(22)

Page 22 of 55

Section 4

(23)

Page 23 of 55

4. Eligibility and Evaluation process

4.1. Eligibility criteria:

The bidder must possess the requisite experience, strength and capabilities in providing the services necessary to meet the requirements, as described in the tender document. The bidder must also possess the technical know-how and the financial wherewithal that would be required to successfully provide TPA services sought by tendering authority, for the entire period of the contract. The bids must be complete in all respect and should cover the entire scope of work as stipulated in the tender document. The invitation to bid is open to all bidders who qualify the eligibility criteria (Pre-Qualification Criteria) as given below:

4.2. Pre-Qualification Criteria:

S.No Criteria Documentary Evidence

1

The bidder should be registered under the Indian Company Act, 1956 or should be a partnership firm or should be a partnership firm registered under the LLP Act 2008, and should have their register offices in India and should have been in existence for a period of since last 5 years as on bid calling date

a) In case the Bidder is a Registered Company in India, they should produce the copy of the Certificate of Incorporation.

b) In case the Bidder is a Registered Partnership Company / Firm, they should produce the copy of Registered Partnership Deed.

2

The Bidders should be empanelled by CERT-IN of MeitY, GOI for Carrying out security audit.

The certificate / letter of empanelment of agencies.

3

The bidder must have experience and expertise in providing Third Party Auditor services, the bidder must be in the TPA business continuously for a period of 5 years in any Data Centre in India.

Work Order/Contract Agreement

4 Bidder must have more than 5 +

resources withISO27001 certification Copy of Certificate from HR

5

The bidder should have a turnover of at least Rs.100Crores in each of the last three financial years (2017-2018, 2018- 2019, 2019-2020) as revealed by audited accounts.

Copy of audited balance sheets and Profit and Loss Account for the last 3 financial years

6

The bidder should have experience in security audit / network audit / ISO audit, compliance audit of at least 5 Data Centre projects in India

Work Order/Contract Agreement

7

Bidder should have experience of atleast 3 projects in providing TPA audit in last 3financial years (i.e., 2017-2018, 2018- 2019 and 2019-2020) for Central/ State Government Departments/PSU. Total contract value of at least such project should be >= 1.8 Crores (INR).

Work Order/ Letter of Intent/Contract Agreement

11 The bidder must have a team of

professionals having a valid professional Name of the employees along with

(24)

Page 24 of 55

S.No Criteria Documentary Evidence

certification (CISA/CISM/CISSP, CEH, ISO 27001 LA) at least 05 resources in each category.

professional certification copies / Confirmation from certifying authority on obtaining accreditation/exam result

12

The bidder should have a minimum 50 technically qualified personnel in the areas of IT Consultancy, IT infrastructure Audit, IT security, Compliance Audit, ISO and Program/Project Management

Declaration on availability of 50 technically qualified personnel

13

The bidder should not be under a Declaration of ineligibility for corrupt, fraudulent practices and debarred/

blacklisted as on Bid calling date by any Central or State Government /Quasi

Government Departments or

Organizations in India for non-satisfactory past performance, corrupt, fraudulent or any other unethical business practices

Non-Blacklisting Declaration signed by authorized signatory.

14

The Bidder should have a registered number of:

I. Income Tax / Pan number II. GST number

I. Copy of Permanent Account Number II. Copy of GST Certificate

15 Bidder should have an office in Hyderabad

Relevant Documents signed by the Authorized Signatory – Details of possession of Office / Rental

agreement, electricity bill, telephone bill etc.

4.3. Technical Evaluation criteria:

A Technical Committee will examine the Technical Bids against the Eligibility Criteria and Evaluation Criteria given in the Tender document. The evaluation will be conducted based on the support documents submitted by the Bidders. The documents which do not meet the eligibility criteria in the first stage of scrutiny will be rejected in that stage itself and further evaluation will not be carried out for such bidders. The eligible Bidders alone will be considered for further evaluation.

The bidders will be called upon, during the evaluation stage, to present their offerings to the Evaluation committee. The presentation should cover the following aspects in detail:

1. Approach Plan and methodology

2. Understanding of the Infrastructure, Experience of SDC audit/operations/value add In order to determine whether the bidders are qualified and whether the technical aspects are substantially responsive to the requirements set forth in the bidding documents, the Tendering Authority will examine the information supplied by the Bidders and shall award points to the bidders based on the following parameter.

(25)

Page 25 of 55

Sl. No Parameter Documents required Maximum

Score 1 Turnover in IT Audit Business

Total cumulative IT Security turnover in the last five financial years ending 31^st March 2020.

i. >=Rs.50 Crore- 10 Marks ii. =>Rs.40 Crore< Rs.50 Crore

- 7 Marks

iii. =>Rs.30 Crore< Rs.40 Crore - 4 Marks

CA certificate for Turnover in IT Audit business along with Balance sheet certified by CA.

10 Marks

2 Bidder’s Third Party Audit

experience in terms of numbers of assignments with Govt/ PSU, in last 5 years. (Max.- 20 marks)

More than 8 Projects =25 Marks Five to Eight Projects= 20 Marks Four projects = 16 Marks

Three projects = 12 Marks Two projects = 8 Marks One project = 4 Marks

25 Marks

3 Bidder should have total Number of 35 Certified Professionals with a minimum of 5 resources in each category

i. CISA/CISM/CISSP ii. CEH/ECSA

iii. ISO 27001- Lead Auditor/Lead Implementer iv. ITIL

v. PMP/PRINCE 2

a. >= 50 professionals – 10 Marks b. >= 45 professionals – 7 Marks c. >= 35 professionals – 5 Marks

Declaration from HR / Authorized Signatory along with copies of Professional

certifications/Confirmation from certifying authority on obtaining accreditation/exam result

10

4 Quality Certification of Bidder a. ISO 27001 - 5 Marks b. Any other Quality

Certification issued by competent Authority of Government - 5 Marks

10

5 Approach and methodology (Max.- 20 marks)

i. Understanding of the

objectives of the assignment ii. Approach & Methodology

Presentation

iii. Presentation

Evaluation Committee will evaluate whether all the points/ requirements mentioned in the RFP are addressed well and award points accordingly, the important parameters being

i. Understanding of the

objectives of the assignment - 5 Marks

ii. Approach & Methodology - 5 Marks

iii. Presentation – 10 Marks

20

(26)

Page 26 of 55

Sl. No Parameter Documents required Maximum

Score 6 Adequacy and Quality of

Resources proposed for Deployment (Max.- 25 marks)

i. Senior Auditor / Senior Consultant – (12 – Marks) Minimum 5 years’ experience with minimum of 2

certifications (ISO 27001 /CISA /ISO 22301 /ITIL v3 Foundation /Six Sigma Black Belt / ISO 20000/ CEH ) Minimum and mandatory details are given in manpower section of the RFP. Proposed resource no meeting the requirement will be given zero marks.

Senior Auditor / Senior Consultant

More than 7 years - 7 Marks More than 6 years upto 7 – 3 Marks

More than 5 years upto 6 – 2 Marks

Less than 5 Years - 0 Marks More than three Certifications – 6 Marks

Three Certifications - 4 Marks Two Certifications - 2 Marks Less than two – No Marks

13

ii. Auditor / Consultant

Minimum 3 years’ experience with minimum of 1

certification (ISO 27001 /CISA /ISO 22301 /ITIL v3 Foundation /Six Sigma Black Belt / ISO 20000/ CEH ) Minimum and mandatory details are given in manpower section of the RFP. Proposed resource no meeting the requirement will be given zero marks.

Auditor / Consultant

More than 5 years - 7 Marks More than 4 years upto 5Years - 5 Marks

More than 3 years upto 4 years – 3 Marks

Less than 3 Years - 0 Marks More than two certifications - 5 Marks

Two certifications - 4 Marks One certification - 3 Marks No Certification - No Marks

12

Total 100

Note: - As a part of Technical Qualification Process, those bidders who have scored >=75 marks would be considered for opening of commercial bid.

It is mandatory for TPA / Bidder to deploy the resource onsite whose profile / cv has been submitted for evaluation purpose. For any replacement in future resource of same of higher qualifications and experience will be deployed by bidder / TPA.

In case of resource deployment is less than the proposed resource then propionate amount on per day basis will be deducted from the half yearly payment of TPA / Bidder. This deduction will be addition to the penalty on deliverables and will not fall under penalty capping. Resource non availability / less qualification and deployment will lead to 100% of payment deduction on per day basis.

(27)

Page 27 of 55

4.4. Evaluation Criteria:

1. TSTS will first undertake a preliminary evaluation of the pre- qualification eligibility criteria and with reference to completeness of the proposals and whether the Proposals are generally in order and complete in nature.

2. Proposals found to be non-responsive for any reason or not meeting the minimum eligibility criteria, as specified in this RFP will be rejected and not included for further detailed technical evaluation.

3. The technical bids of bidders who are qualified in General Bid (Eligibility) will be opened and a detailed evaluation of the Technical Proposals on the basis of their responsiveness to the Terms of Reference by applying the evaluation criteria shall be made.

4. The cost indicated in the Financial Bid shall be deemed as final and reflecting the total cost of services. Omissions, if any, in costing of any item shall not entitle the firm to be compensated and the liability to fulfill its obligations as per the Terms of Reference within the total quoted price shall be that of the consultant.

5. The lowest Financial Bid (Fm) will be given a financial score (Sf) of 100 points. The financial scores (Sf) of the other Financial Bids will be determined using the following formula:

6. Sf = 100 x Fm/F, in which [Sf is the financial score, Fm is the lowest price, and F is the price of the proposal (in INR) under consideration]

7. Proposals will be ranked according to their combined technical (St) and financial (Sf) scores using the weights (T = the weight given to the Technical Proposal; P = the weight given to the Financial Bid; T + P = 1, S= Combined technical and financial score).

8. The weights given to the Technical and Financial Bids will be T= 0.70, and P= 0.30:

9. S=St x T + Sf x P.

10. The firm achieving the highest combined technical and financial score will be invited for negotiations.

4.5. Penalties and Payments:

All deliverables shall be submitted to TSTS post completion of the periodicity of the respective deliverable. In case of any non-satisfactory performance by TPA, penalty upto maximum of 10% on the half yearly payment will be levied and recovered from the payments to be made to TPA.

The payment to the TPA agency shall be processed on half yearly basis.

The payment to the TPA shall be on 6 monthly basis subjects to submission of all deliverables. Invoice shall be submitted in triplicate (for the audit and independent monitoring) shall be submitted as per the following schedule:

S No. Activity % amount to be released

1 End of Every 2nd Quarter upon

Submission of deliverables by the TPA 50 % of the annual Audit Fee

(28)

Page 28 of 55

Manpower Deployment Penalties

Sr

No. Item

% of presence of total manpower (with respect to total no of working days) with

requisite qualification and

experience

Penalty as % of Payment

1 Deployed Manpower

as per this

Agreement

100% Nil

2 Deployed Manpower is less than this agreement

Requirement / not meeting qualification and experience criterion

less than 100% • The payment would be deducted in proportion to the number of days of absence of manpower or in case manpower deployed lacks necessary qualification or

experience, the above deduction shall be calculated on the basis of number of defaulting manpower out of total onsite manpower to be deployed under this contract.

All payments would be made, after subtracting penalties, if any, and TPA must mark attendance for all working days as per TSTS working days. Non marking of attendance will be considered as absence.

It is mandatory to deploy backup / replacement resource if any resource is on leave. Any absence of resource without intimation of TSTS would be considered as breach with per day penalty of 1% of half yearly payment.

SLA for TPA Services/Deliverables Measurement

Services/Deliverables Measurement

Audit and Assessment Framework and Plan Within 4 weeks of signing the contract (effective date)

Quarterly SLA Audit duration 3 weeks from date of submission of MIS report by DCO / on date of deliverable submission finalized by TSTS

SDC Infrastructure Audit and Security and compliance audit duration

3 weeks from date of submission of MIS report by DCO / on date of deliverable submission finalized by TSTS

Exit management plan Within 12 weeks of signing the contract Reports and updates to DIT 1 week from date of request by TSTS

(29)

Page 29 of 55

Operation and Management process and Control

3 weeks from date of submission of MIS report by DCO / on date of deliverable submission finalized by TSTS

Security and Compliance Audit 3 weeks from date of submission of MIS report by DCO / on date of deliverable submission finalized by TSTS

VA/PT of new application to be hosted in Data Centre

Within 4 working days from the date TPA is informed

4.6. Price Bid

4.6.1. Price Bid:

1. All the Price items as asked in the Tender should be filled in the Price Bid Format as given in the Tender.

2. The price quoted by the Bidder shall include cost and expenses on all counts viz.

cost of equipment, materials, tools/ techniques/ methodologies, manpower, supervision, administration, overheads, travel, lodging, boarding, in-station &

outstation expenses, etc and any other cost involved in the supply and commissioning.

3. The Price Bid Form should not contain any conditional offers or variation clauses, otherwise the Bids will be summarily rejected.

4. The Prices quoted shall be only in INDIANRUPEES (INR) only. The tender is liable for rejection if Price Bid contains conditional offers.

5. The Price Bid shall be typed and shall be signed by the authorized signatory in all pages. Any alterations, deletions or overwriting shall be attested with full signature of the authorized signatory.

6. The cost quoted by the Bidder shall remain same during Contract Period specified in the Tender. The Bidder should not change the Commercials during the Contract period including extension period, if any. The increase of duties /taxes payable to the Government in India shall be paid as per the actual.

4.6.2. Price Bid Format:

S. No Description Basic Unit Price (In INR.)

Tax (In INR.)

Total Price (In INR.) 1 1^stYear Annual project cost

2 2^ndYearAnnualprojectcost 3 3^rdYearAnnualprojectcost

Total Cost 4.7. Notification of Award

The acceptance of a tender, subject to contract, will be communicated in writing at the address supplied by the bidder in the bid document. Any change of address of the Bidder, should therefore be promptly notified to the TSTS.

(30)

Page 30 of 55

4.8. Signing of contract

The successful Bidder shall be required to enter into a contract, including any agreements reached during the negotiation process, if any with the Authorized Representative, TSTS, within Thirty (30) days of the award of the contract or within such extended period, as may be specified by the Authorized Representative, TSTS.

The successful bidder has to deploy all the proposed manpower within Fifteen (15) working days of the signing of the contract. This contract shall be on the basis of this RFP document, the Bid of the Bidder, the letter of intent, Technical Presentation and such other terms and conditions as may be determined by the Authorized Representative, TSTS to be necessary for the due performance of the work, as envisaged herein and in accordance with the Bid and the acceptance thereof. The Letter of Intent cum Preliminary Agreement will be in accordance with the format at Proforma-5.

*Note: 1. Failure to agree with the Terms & Conditions of the RFP/Contract:

Failure of the successful Bidder to agree with the Terms & Conditions of the RFP/Contract shall constitute sufficient grounds for the annulment of the award, forfeiture of the EMD and TSTS may make the award to the next Best Value Bidder or call for new Bids.

(31)

Page 31 of 55

Section-5

(32)

Page 32 of 55

5. General Terms & Conditions

The terms and conditions given in the RFP are as follows:

a. One Proposal per Bidder

Each bidder shall submit only one Proposal. The bidder who submits or participates in more than one Proposal will be disqualified

b. Cost of Proposal

The bidder shall bear all costs associated with the preparation and submission of its Proposal, including site visits, and the TSTS will in no case be responsible or liable for those costs, regardless of the conduct or outcome of the proposal process.

c. Amendment of RFP Documents

i. At any time prior to the deadline for submission of Proposal, TSTS may amend the RFP document by issuing suitable Addenda.

ii. Any addendum thus issued shall be part of the RFP document, and shall be communicated in writing or by facsimile to all bidders. The bidder shall promptly acknowledge receipt of each Addendum by facsimile to the RFP issuing authority.

Failure to acknowledge receipt of each Addendum shall be interpreted as receipt of the Addendum by the bidder and no claim will be entertained or accepted in this regard.

iii. To give bidders reasonable time in which to take an Addendum into account in preparing their Proposals, the Department shall extend if necessary, the deadline for submission of Proposals.

d. Limits on Promotion

The bidder will not make any reference to the department or this procurement or resulting contract in any literature, promotional material, brochures, sales presentation or the like without the express prior written consent of the authorized representative of TSTS. The bidder shall not perform any kind of promotion, publicity or advertising etc. at the department offices through any kinds of hoardings, banners or the like without the express prior written consent of the same.

e. Use & Release of Bidder Submissions

TSTS is not liable for any cost incurred by the bidder in the preparation and production of the Proposal, the preparation or execution of any benchmark demonstrations, simulation or training service or for any work performed prior to the execution of a formal contract. All materials submitted become the property of the TSTS and may be returned at his sole discretion. The content of each bidder’s Proposal will be held in strict confidence during the evaluation process, and details of the Proposals will not be discussed outside the evaluation process.

f. Deadline for submission of proposals

Proposals must be received by the RFP issuing authority at the address specified in the RFP no later than the time and date stipulated in the RFP. The authorized authority may, in exceptional circumstances and at his discretion, extend the deadline for submission of Proposals by issuing an Addendum or by intimating all bidders who have been provided the Proposal Documents, in writing or by facsimile in accordance with the RFP requirements. In this case, all rights and obligations of the department and the bidders previously subject to the original deadline will thereafter be subject to the deadline as extended.

(33)

Page 33 of 55

g. Late proposals

Any Proposal received by the RFP issuing authority after the deadline for submission of Proposals prescribed in RFP will be summarily rejected and returned unopened to the bidder.

h. Modification and withdrawal of bids

The bidder may modify or withdraw its Bid after the Bid's submission, provided that written notice of the modification or withdrawal is received by department prior to the deadline prescribed for submission of Bids.

The bidder’s modification or withdrawal notice shall be prepared, sealed, marked and dispatched in accordance with the provisions of this Section. A withdrawal notice may also be sent by fax or email but should be followed by a duly signed confirmation copy not later than the deadline for submission of Bids.

No Bid may be modified subsequent to the deadline for submission of Bids, without the explicit consent of the department in this regard. No Bid may be withdrawn in the interval between the deadline for submission of Bids and the expiration of the period of Bid validity specified by the Bidder on the Bid Form.

i. TSTS’ right to accept any bid and to reject any or all bids

TSTS reserves the right to accept or reject any bid, and to annul the bidding process and reject all bids at any time prior to award of contract, without thereby incurring any liability to the affected bidder(s) or any obligation to inform the affected bidder(s) of the grounds of such decision.

j. Process to Be Confidential

Information relating to the examination, clarification, evaluation and comparison of Proposals, and recommendations for the award of the project shall not be disclosed to Bidders or any other persons not officially concerned with such process until the award to the successful Bidder has been announced.

k. Correction of Errors

Bidders are advised to exercise greatest care in entering the pricing figures. No excuse that mistakes have been made or requests for prices to be corrected will be entertained after the quotations are opened. All corrections, if any, should be signed by the person signing the bid form before submission, failing which the figures for such items may not be considered.

Arithmetic errors in bids will be corrected as follows:

• Where there is a discrepancy between the amounts in figures and in words, the amount in words shall govern.

• Where there is a discrepancy between the unit rate and the line item total resulting from multiplying the unit rate by the quantity, the unit rate will govern unless, in the opinion of department, there is obviously a gross error such as a misplacement of a decimal point, in which case the line item total will govern.

• The amount stated in the tender form, adjusted in accordance with the above procedure, shall be considered as binding, unless it causes the overall tender price to rise, in which case the bid price shall govern.

l. Contacting Department

Any effort by bidders to influence the officials in the examination, evaluation, ranking of Proposals, and recommendation for award of Contract may result in the rejection of the Bidder’s Proposal. Queries, requests if any regarding the bid should be forwarded to the RFP issuing authority at the address specified in this RFP.

Selection of Third Party Auditor for Telangana State Data Centre

Request for Proposal (RFP)

for