REQUEST FOR PROPOSAL (RFP) FOR MANAGED MAIL …

RFP Ref No. JKGB/IT/MMS/RFP/21-1492 Dated: 18-08-2021

Page 1 of 57

RFP Ref. No. JKGB/IT/MMS/RFP/21-1492 Dated: 18-08-2021

REQUEST FOR PROPOSAL (RFP) FOR

MANAGED MAIL MESSAGING SOLUTION ON CLOUD WITH ARCHIVAL

FACILITY


Page 2 of 57

Contents 1. Disclaimer .................................................................................................................................................. 4

2. Brief about J&K Grameen Bank: .................................................................................................................. 4

3. Objective of Proposal .................................................................................................................................. 4

4. Due Diligence ............................................................................................................................................. 5

5. Schedule for Bidding Process ...................................................................................................................... 5

6. Detailed Scope of work with technical requirements for E-mail solution hosted in public cloud is broadly

divided into 4 parts: ......................................................................................................................................... 16

A. Migration of existing mailboxes and data ................................................................................................. 16

B. Technical requirement for proposed Cloud Service as a SaaS solution by the bidder ................................. 16

C. Technical requirement for proposed Email solution on public cloud ......................................................... 17

D. Technical Requirements on Security features ........................................................................................... 25

7. Terms & Conditions .................................................................................................................................. 30

A. Order details ..................................................................................................................................... 30

B. Schedule of Implementation .............................................................................................................. 30

C. Payment Terms ................................................................................................................................. 30

D. Confidentiality .................................................................................................................................. 31

E. Paying Authority ............................................................................................................................... 32

F. Penalty ............................................................................................................................................. 32

G. Force Majeure ................................................................................................................................... 32

H. Contract Period: ................................................................................................................................ 33

I. Completeness of the Project .............................................................................................................. 33

J. Acceptance Testing ........................................................................................................................... 33

K. Order Cancellation ............................................................................................................................ 33

L. Indemnity ......................................................................................................................................... 34

M. Publicity ............................................................................................................................................ 34

N. Privacy & Security Safeguards ............................................................................................................ 34

O. Technological Advancements............................................................................................................. 35

P. Option Clause.................................................................................................................................... 35

Q. Guarantees ....................................................................................................................................... 35

R. Corrupt and Fraudulent Practices ....................................................................................................... 35


Page 3 of 57

S. Termination ...................................................................................................................................... 36

T. Termination for Insolvency ................................................................................................................ 37

U. Resolution Of Disputes ...................................................................................................................... 37

V. Applicable Laws ................................................................................................................................ 37

W. Governing Laws ................................................................................................................................. 37

X. Right To Audit ................................................................................................................................... 37

Y. Evaluation Of Offers .......................................................................................................................... 38

Z. Address Of Notices: ........................................................................................................................... 38

ANNEXURE A : Mutual Nondisclosure Agreement .......................................................................................... 39

ANNEXURE B: Self Declaration by Bidder....................................................................................................... 42

ANNEXURE C: Indemnity............................................................................................................................... 44

ANNEXURE D: Bank Guarantee Format (EMD) ............................................................................................... 47

ANNEXURE E: Service Level Agreement ......................................................................................................... 51

1. Agreement Overview ........................................................................................................................ 51

2. Stakeholders ..................................................................................................................................... 51

3. Service Scope and Terms and Conditions............................................................................................ 51

4. Payment Terms ................................................................................................................................. 51

5. Migration .......................................................................................................................................... 52

6. SLA and Penalty ................................................................................................................................ 52

Annexure F: Bidders Capability/Marking Methodology ................................................................................. 54

ANNEXURE G: Eligibility Format .................................................................................................................... 55

ANNEXURE H : Commercial Bid Format ......................................................................................................... 57


Page 4 of 57

1. Disclaimer

The information contained in this RFP document or any information provided subsequently to bidder(s) whether

verbally or in documentary form by or on behalf of the Bank is provided to the bidder(s) on the terms and

conditions set out in this RFP document and all other terms and conditions subject to which such information is

provided. This RFP is neither an agreement nor an offer and is only an invitation by Bank to the interested

parties/Bidders for submission of bids. The purpose of this RFP is to provide the bidder(s) with information to

assist the formulation of their proposals. While effort has been made to include all information and

requirements of the Bank with respect to the solution requested, this RFP does not claim to include all the

information each bidder may require. Each bidder should conduct its own investigation and analysis and should

check the accuracy, reliability and completeness of the information in this RFP and wherever necessary obtain

independent advice. The Bank makes no representation or warranty and shall incur no liability under any law,

statute, rules or regulations as to the accuracy, reliability or completeness of this RFP. The Bank may in its

absolute discretion, but without being under any obligation to do so, update, amend, supplement or annul the

information in this RFP.

2. Brief about J&K Grameen Bank:

“J&K Grameen Bank”, a Regional Rural Bank created by amalgamation of Jammu Rural Bank and Kamraz Rural

Bank by Government of lndia while exercising power conferred by Sub-Section (1) of section 23(A) of the Regional

Rural Bank's Act,1976 vide notification dated 30th June 2009, issued by Ministry of Finance, Department of

Financial Services, carrying on Banking Business, having its Head office at Narwal, Jammu, Pin-180006, Jammu

and Kashmir, hereinafter referred to as the “Bank”.

The Bank with its network of 217 branches/offices spread across 13 Districts of the UT of Jammu & Kashmir &

Ladakh has been delivering Banking services to more than 12 Lakh customers through 6 Regional offices and 217

branches. The Bank has put in place a robust IT infrastructure with Finacle as CBS platform running in all Business

Units. The Bank’s servers are co-hosted at sponsor bank’s Data Centre in Noida and DR Site in Mumbai.

Detailed information about J&K Grameen bank is available at Banks website www.jkgb.in

3. Objective of Proposal This Request for Proposal (RFP) is to invite proposals from eligible bidders desirous of taking up the project for Migration of Bank’s E-mail system on Public Cloud Architecture with unlimited Archival Facility for the contract period. Sealed offers / Bids (Bid) prepared in accordance with this RFP should be submitted. The criteria and the actual process of evaluation of the responses to this RFP and subsequent selection of the successful bidder will be entirely at Bank’s discretion.


Page 5 of 57

4. Due Diligence

The Bidder is expected to examine all instructions, forms, terms and specifications in this RFP and study the Bid

Document carefully. Bid shall be deemed to have been submitted after careful study and examination of this RFP

with full understanding of its implications. Each Bidder should, at its own costs without any right to claim

reimbursement, conduct its own investigations, analysis and should check the accuracy, reliability and

completeness of the information in this RFP and wherever felt necessary obtain independent advice. The Bid

should be precise, complete and in the prescribed format as per the requirement of this RFP. Failure to furnish

all information required by this RFP or submission of a Bid not responsive to this RFP in each and every respect

shall be at the Bidder’s own risk and may result in rejection of the Bid and for which the Bank shall not be held

responsible. Any decision taken by J&K Grameen Bank as to completeness of the Bid and/or rejection of any / all

Bid(s) shall be final, conclusive and binding upon the Bidder(s) and shall not be question / challenged by the

Bidder(s).

5. Schedule for Bidding Process

RFP Ref. No. JKGB/IT/MMS/RFP/21-1492 Dated 18-08-2021

Scope of Work Implementation and migration of managed mail messaging

solution on public cloud with unlimited archival facility at J&K

Grameen bank

RFP Details

MANAGED MAIL MESSAGING SOLUTION ON CLOUD WITH

ARCHIVAL FACILITY

Mode of Tender Submission Offline

Contact details for correspondence regarding this RFP

Head Of Department

IT-Department, J&K Grameen Bank

Head Office, Narwal-180006, Jammu

[email protected]

Contact No. 7051510171/72

Tender Type Open


Page 6 of 57

Base Currency INR (₹)

Consortium Consortium Bids are not allowed.

Bid Document Availability Document can be downloaded from the Bank’s website : www.jkgb.in

w.e.f. 18-08-2021 (Wednesday) 10:00 A.M.

Pre-bid Queries (If any) End Date (through email only)

27-08-2021 (Friday) 05:00 P.M

Clarifications to pre-bid queries will be provided by the Bank.

All communications regarding points/queries requiring clarifications shall be given through Email/ Conference Call/ WebEx/ Telephone Call on 06-09-2021 (Monday)

Last date and time for Bid submission

14-09-2021 (Tuesday) 05:00 P.M.

Address for submission of Bids

CHAIRMAN SECRETARIAT, J&K Grameen Bank

Head Office, Near Fruit Complex Narwal-180006,

Jammu

[email protected]

Contact No. 7051510171/72

Technical Bid opening date 15-09-2021(Wednesday)

Commercial Bid opening date To be notified separately.

Reverse Auction N/A

Project Duration As per tender document

Tender Fee Non-refundable ₹ 5000/-(Rupees Five Thousand Only) + 18% GST i.e.

(₹ 5900/- including GST). It can be submitted in the form of DD in favor of The General Manager, J&K Grameen Bank payable at Jammu

EMD (Earnest money Deposit) Amount (₹)

A bid security of ₹ 1,00,000/- (Rupees One Lakhs Only) in the form of Bank Guarantee in favor of General Manager J&K Grameen Bank valid for 180 days from the due date of the RFP. Offers made without EMD will be summarily rejected. If the successful Bidder fails to provide the solution ordered within the stipulated time schedule or by the date extended by the Bank, the


Page 7 of 57

same shall be treated as a breach of contract. In such case, the Bank may invoke the Bank Guarantee/ EMD without any notice.

Note: Bids will be opened in presence of the bidders' representatives (maximum two representatives per bidder) through virtual mode who choose to attend. In case the specified date of submission & opening of Bids is declared a holiday in J&K under the NI act, the bids will be received till the specified time on next working day. J&K Grameen Bank is not responsible for non-receipt of responses to RFP within the specified date and time due to any reason including postal holidays or delays. Any bid received after specified date and time for the receipt of bids, will not be accepted by the Bank. Bids once submitted will be treated as final and no further correspondence will be entertained on this. No bid will be modified after the specified date & time for submission of bids. No bidder shall be allowed to withdraw the bid. 1. Overview

The Bank has implemented mail messaging system in year 2015. At present approximately 350 mails ids have been assigned in the system having storage of approximately 500GB (+/- upto 10%) and under maintenance of present System Integrator. Now, the Bank proposes to invite tender for Migration of Bank’s E-mail system on Public Cloud Architecture along with data and unlimited e-mail Archival Facility.

2. Eligibility Criteria

Only those Bidders, who fulfil the following eligibility criteria, are eligible to respond to this RFP. Offers received from the bidders who do not fulfil all of the following eligibility criteria are liable to be rejected.

# Criteria Documents to be submitted

1

The bidder should be a Government Organization/ PSU/ PSE /Public/ Private Limited Company incorporated/ established under Companies Act, 1956/2013 or later and should have been in operation for at least three years as on date of RFP.

Copies of the Certificate of Incorporation.

Name of the Company:

Date of Registration:

CIN No:

GST Registration No.

2

Bidder must have minimum annual turnover of Rs. 20 Crore in each of the last three financial years (2018-19, 2019-20 and 2020-21) and should also have made operating profit in at least two of the previous three financial years.

Copy of the audited Balance Sheets and Profit & Loss statements for the preceding three years (2018-19, 2019-20 and 2020-21)


Page 8 of 57

3

Bidder should have experience of migrating from on premise or cloud Microsoft Exchange of minimum 1000 mail boxes (including history data) into cloud in India and should have experience of maintaining the offered solution (in current bid) for at least one year from implementation of Email solution.

Copy of Client Certification for successful completion and commissioning with name and contact details of signatory.

4

Bidder can be any of the following:-

i. Bidder is OEM and cloud service provider (CSP) i. Undertaking from bidder

ii. Bidder is OEM but not CSP. In that case, Bidder should have agreement with CSP for at least five years to support product service on cloud.

ii. Undertaking from bidder and copy of agreement

iii. Bidder is CSP but not OEM. In that case, bidder should have agreement with OEM to supply OEM’s products and should have back-to-back support agreement for five years.

iii. Undertaking from bidder and copy of agreement

iv. Bidder is neither OEM nor CSP. In that case, bidder should have agreements with OEM and CSP for at least five years to supply OEM’s products and product service on cloud for five years.

iv. Undertaking from bidder and copy of agreement

Manufacturer’s Authorization Form (MAF) to be provided for Hardware & Software /Cloud computing services.

5 The bidder should not be currently blacklisted by any Central/State Govt. depts./Public Sector Banks / Financial Institutions in India

Self-declaration on company letter head.

6

The Cloud service provider should be certified to be compliant to the following control standards:

Copy of ISO certificates, valid as on the date of bid submission.

i. ISO 27001 - Data Center and the cloud services should be certified for the latest version of the standards

ii. ISO/IEC 27017:2015 - Code of practice for information security controls based on ISO/IEC 27002 for cloud services and Information technology

iii.ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds.

iv. ISO 20000-9-Guidance on the application of ISO/IEC 20000-1 to cloud services

7

Proposed Email Cloud service provider should be MeitY (Govt. of India) empanelled and STQC audit compliant for Public Cloud service offering PaaS and IaaS. For Public Cloud service offering for SaaS, should

Copy of Meity empanelment and STQC audit compliance certificate


Page 9 of 57

be compliant as and when MeitY takes it up for Empanelment.

8 The Cloud Service Provider should have Public Cloud Service for a minimum period of three (3) years in India as on the date of release of this RFP.

Copy of Client Certification for successful completion and commissioning with name and contact details of signatory

9

The Cloud Email solution (Email software along with cloud service provider) is under production with minimum 5000 mailboxes for minimum one scheduled commercial bank for at least 2 full year from date of Go-live.

Copy of Client Certification with name and contact details of signatory

10

The service provider should ensure that there are no proceedings / inquiries / investigations have been commenced / pending against service provider by any statutory or regulatory agencies which may result in liquidation of company / firm and / or deterrent on continuity of business.

Declaration in the letterhead of the service provider’s company to that effect should be submitted.

11

Cloud must be hosted in India including DC and DR in India, no network and data sharing/replication/processing to any data center/data processor outside the boundaries of the India shall be done. All server / applications used for proposed email solution in cloud environment as per the Scope of Work, should have DC & DR in India. The services provided should adhere to the latest security and other relevant Guidelines issued by Regulatory Authorities from time to time.

Undertaking on the letterhead of the service provider’s company to that effect should be submitted.

12 The bidder shall ensure that person signing on behalf of company is competent.

Power of Attorney from the authorized signatory to be enclosed

Note:

• Attested photocopies of all relevant documents / certificates should be submitted as proof in support of the claims made. The bidder should provide relevant additional information wherever required in the eligibility criteria. The Bank reserves the right to verify /evaluate the claims made by The Bidder independently. Any decision of The Bank in this regard shall be final, conclusive and binding upon the Bidder. • Scheduled commercial banks include regional rural banks and do not include small finance banks, payment banks and cooperative banks.


Page 10 of 57

3. Modification and Withdrawal of Bids

No bid can be modified by the bidder subsequent to the closing date and time for submission of bids. In the event

of withdrawal of the bid by successful bidders, the EMD will be forfeited by the Bank.

4. Confidentiality

The RFP document is confidential and is not to be reproduced, transmitted, or made available by the Recipient to

any other party. The RFP document is provided to the Recipient on the basis of the undertaking of confidentiality

given by the Recipient to Bank. Bank may update or revise the RFP document or any part of it. The Recipient

acknowledges that any such revised or amended document is received subject to the same terms and conditions

as this original and subject to the same confidentiality undertaking. The Recipient will not disclose or discuss the

contents of the RFP document with any officer, employee, consultant, director, agent, or other person associated

or affiliated in any way with Bank or any of its customers, suppliers, or agents without the prior written consent of

Bank.

5. Disclaimer

Subject to any law to the contrary, and to the maximum extent permitted by law, Bank and its officers, employees,

contractors, agents, and advisers disclaim all liability from any loss or damage (whether foreseeable or not)

suffered by any person acting on or refraining from acting because of any information, including forecasts,

statements, estimates, or projections contained in this RFP document or conduct ancillary to it whether or not the

loss or damage arises in connection with any negligence, omission, default, lack of care or misrepresentation on

the part of Bank or any of its officers, employees, contractors, agents, or advisers.

6. Costs Borne by Respondents

All costs and expenses incurred by Service provider/vendor / Respondents in any way associated with the

development, preparation, and submission of responses, including but not limited to attendance at meetings,

• Either the Indian agent on behalf of the Principal/OEM or Principal/OEM itself can bid but both cannot bid simultaneously for the same solution. • In case of business transfer where bidder has acquired a Business from an entity (“Seller”), work experience credentials of the Seller in relation to the acquired Business may be considered. • In-case of corporate restructuring the earlier entity’s incorporation certificate, financial statements, Credentials, etc. may be considered. • If an agent submits a bid on behalf of the Principal/ OEM, the same agent shall not submit a bid on behalf of another Principal/ OEM for the same solution. • Proposed solution need not be the proposed version of the solution.


Page 11 of 57

discussions, demonstrations, etc. and providing any additional information required by Bank, will be borne entirely

and exclusively by the Recipient / Respondent.

7. No Legal Relationship

No binding legal relationship will exist between any of the Recipients / Respondents and Bank until execution of a

contractual agreement.

8. Errors and Omissions

Each Recipient should notify Bank of any error, omission, or discrepancy found in this RFP document.

9. Acceptance of Terms

A Recipient will, by responding to Bank RFP, be deemed to have accepted the terms as stated in the RFP.

10. Rejection of the Bid

The Bid is liable to be rejected if:

a. The document doesn’t bear signature of authorized person on each page signed and duly stamp.

b. It is received through Telegram/Fax/E-mail.

c. It is received after expiry of the due date and time stipulated for Bid submission.

d. Incomplete Bids, including non-submission or non-furnishing of requisite documents / Conditional Bids/

deviation of terms & conditions or scope of work/ incorrect information in bid / Bids not conforming to the

terms and conditions stipulated in this Request for proposal (RFP) are liable for rejection by the Bank.

e. Bidder should comply with all the points mentioned in the RFP. Noncompliance of any point will lead to

rejection of the bid.

f. Any form of canvassing/lobbying/influence/query regarding short listing, status etc. will be a

disqualification.

11. Information Provided

The RFP document contains statements derived from information that is believed to be reliable at the date

obtained but does not purport to provide all of the information that may be necessary or desirable to enable an


Page 12 of 57

intending contracting party to determine whether or not to enter into a contract or arrangement with Bank in

relation to the provision of services. Neither Bank nor any of its employees, agents, contractors, or advisers gives

any representation or warranty, express or implied as to the accuracy or completeness of any information or

statement given or made in this RFP document.

12. For Respondent Only

The RFP document is intended solely for the information to the party to whom it is issued (“the Recipient” or “the

Respondent”) and no other person or organization.

13. RFP Response

If the response to this RFP does not include the information required or is incomplete or submission is through Fax

mode or through e-mail, the response to the RFP is liable to be rejected.

All submissions will become the property of Bank. Recipients shall be deemed to license, and grant all rights to,

Bank to reproduce the whole or any portion of their submission for the purpose of evaluation, to disclose the

contents of the submission to other Recipients who have registered a submission and to disclose and/or use the

contents of the submission as the basis for any resulting RFP process, notwithstanding any copyright or other

intellectual property right that may subsist in the submission or Banking documents.

14. Notification

Bank will notify the Respondents in writing as soon as possible about the outcome of the RFP evaluation process,

including whether the Respondent’s RFP response has been accepted or rejected. Bank is not obliged to provide

any reasons for any such acceptance or rejection.

15. Language of Bids

The bid, correspondence and supporting documents should be submitted in English.

16. Authorized Signatory

The selected bidder shall indicate the authorized signatories who can discuss, sign negotiate, correspond and any

other required formalities with the bank, with regard to the obligations. The selected bidder shall submit, a

certified copy of the resolution of their Board, authenticated by Company Secretary, authorizing an official or

officials of the company to discuss, sign with the Bank, raise invoice and accept payments and also to correspond.

The bidder shall furnish proof of signature identification for above purposes as required by the Bank.


Page 13 of 57

17. Two Bid System

a. The bidder shall submit his response to the present RFP Document separately in two parts – “The Technical Bid” and ‘Indicative Commercial bid’. Technical Bid will contain complete product specifications as per the specified standard determined by the bank whereas Commercial bid will contain the pricing information. In the first stage, only the Technical Bids shall be opened and evaluated as per the Eligibility criterion determined by the Bank. Those bidders satisfying the technical requirements as determined by the Bank in its absolute discretion shall be short-listed for opening their indicative commercial bid. The L-1 bidder will be decided only later, on finalization of prices.

b. The technically eligible bidders need to provide an end-to-end methodology/solution and arrange for a

presentation to demonstrate the same to the Bank before opening of the commercial bids. The time, date & venue for the same should be intimated to the bidders separately. The bidders are expected to cover the entire scope of work mentioned in the RFP during the technical presentation.

c. The Bank reserves the right to accept or not to accept any bid or to reject a particular bid at its sole discretion

without assigning any reason whatsoever. d. The sealed envelopes should contain reference of this RFP, due date, name of the Bidder with contact

details, Offer reference number etc. Bid document should be duly filed and all the pages of Bid including Brochures

should be made in an organized, structured and neat manner. Brochures / leaflets etc. should not be submitted in

loose form. All the pages of the submitted Bid Documents should be serially numbered and the Bidder’s seal duly

affixed with the Signature of the Authorized Signatory on each page. Documentary proof, wherever required, in

terms of the RFP shall be enclosed.

e. The Bids containing erasures or alterations will not be considered. There should be no hand-written

material, corrections, or alterations in the Bids. Technical details must be completely filled in. Correct technical

information of the product being offered must be filled in.

18. Formation of Bid

Two copies of the offers (both Technical & commercial) must be submitted at the same time, giving

full particulars in TWO SEPARATE sealed envelopes at date, time and venue specified in this RFP

document

Offers received after the last date and time specified for such receipt will be rejected. All envelopes

should be securely sealed and stamped.

The TWO SEPARATE sets of sealed envelopes containing offers must be submitted to the Bank

directly as under:


Page 14 of 57

Envelope-T: Technical [Original] & Technical [Duplicate] Envelope-C: Commercial [Original] & Commercial [Duplicate] Each of the above set of offer must be labeled with the following information:

Type of Offer: (Technical or Commercial)

Copy:(Original or Duplicate)

Tender Reference Number:.

Due Date:.

Name of the Vendor:.

The Duplicate Offer must be identical in all respects to the Original offer submitted to the Bank, and must contain all the above information specified.

ENVELOPE- T (Technical Offer): [2 Copies i.e., Original and Duplicate]

The Technical offer (T.O) should be complete in all respects and contain all information asked for, except prices. The Technical Offer should not contain any price information. The Technical offer should be submitted in 2 copies in a closed envelope to the Bank (marked as original and duplicate). The T.O. should be complete to indicate that all products and services asked for are quoted and all terms adhered to. EMD should be kept in original Technical Offer to be submitted to the Bank. The EMD submitted by the unsuccessful vendors will be released after the completion of each Stage of Evaluation. The EMD of the successful vendor will be released on submission of Performance Bank Guarantee. Performance Bank Guarantee to be deposited for the amount equal to 10 % of the total cost of the project. ENVELOPE-C (Commercial Offer): [2 Copies – i.e., Original and Duplicate] The Commercial Offer (C.O) should give all relevant price information and should not contradict the T.O. in any manner. The Commercial offer should be submitted in 2 copies in a closed envelope to the Bank (marked as original and duplicate). Technical and Commercial Offers must be submitted separately, in different envelopes. Both envelopes should be enclosed in a single big envelope. MSME's are exempted from paying Tender fee and EMD. The MSMEs should have registered with

District Industries Centres or Khadi Village Industries Commission or Khadi & Village Industries


Page 15 of 57

Board or Coir Board or National Small Industries Corporation or Directorate of Handicrafts &

Handloom or Any other body specified by the Ministry of Micro, Small & Medium Enterprises.

MSMEs should submit the relevant documentary proof for claiming the exemptions.

All pages of the Bid Document must be serially numbered, and each page must be manually/ physically signed by the authorized signatory and stamped by Bidder’s Official seal. No document should contain photocopy/ stamp of the sign.

The Entire bid document must be signed by a Single Authorized Signatory Only. If Bank seeks any clarification during the evaluation, the clarification documents should also be signed by the same authorized signatory who has signed the bid documents.

All Annexures must be on the letter head of the Bidder. All documents, addressed to the Bank, should be submitted in Original. (No Photocopies will be accepted).

All third party documents must be signed by their authorized signatory and his/ her designation, Official E-mail ID and Mobile no. should also be evident.

All supporting documents must be submitted in readable form.

The Bid should be properly sealed and marked as “Bid for Managed Mail Messaging Solution on Cloud with

archival facility”, Tender Reference Number, Bidder’s name and address.

19. Submission of bid

The Bank expects the bidders to carefully examine all instructions, terms and conditions mentioned in this RFP document before submitting its unconditional compliance as part of the RFP. Failure to furnish all information required or submission of an RFP not substantially responsive to the RFP in every respect will be at the bidder’s risk and may result in the rejection of its response. Two copies of the offers (both Technical & commercial) must be submitted at the same time, giving full particulars in TWO SEPARATE sealed envelopes at the Bank’s address given below, on or before 1700 hours Sep 14, 2021: CHAIRMAN SECRETARIAT J&K Grameen Bank, Head Office, Narwal Jammu- 180 006 (JK) Any other mode of submission, e.g. by courier, fax, e-mail etc. and submission of bid at any other place will not be accepted/considered.


Page 16 of 57

20. Cost of Preparation The Bidder shall bear all costs associated with the preparation and submission of its Bid and the Bank will in no case be responsible or liable for these costs, regardless of the conduct or outcome of the Bidding process. 1. If any information/ data/ particulars are found to be incorrect, Bank will have the right to disqualify/ blacklist the bidder and invoke the Performance Bank Guarantee/ initiate legal proceedings as per the terms of Bid security declaration. All communications, correspondence will be only to the authorized signatory of the prime bidder. Any partner/ sub-contractor has to communicate only through the prime bidder. The prime bidder will act as the single point of contact for the Bank. 2. Bank reserves its right to cancel the order even after placing the letter of Intent (LOI)/ Purchase Order, if Bank receives any directions/ orders from Statutory Body/ RBI/ Govt. of India in a nature that binds the Bank not to take the project forward. 3. Please note that any deviations mentioned anywhere in the Bid Document will not be considered and evaluated

by the Bank and the bid will be summarily rejected and no further clarification will be sought. Bank reserve the

right to reject the bid if bid is not submitted in proper format as per RFP.

21. Late bids Bank will not accept/ receive any bid after the due date and time (for receipt of bids as prescribed in this RFP) in

any circumstances. Bidders are advised to take a note of it.

6. Detailed Scope of work with technical requirements for E-mail solution hosted in public cloud is

broadly divided into 4 parts:

Migration of existing mailboxes and data

Technical requirement for proposed Cloud Service as a SaaS solution by the bidder

Technical requirement for proposed Email solution on public cloud

Technical Requirements on Security features

A. Migration of existing mailboxes and data

1. Migration of 350 mailboxes along with their data on new public cloud

B. Technical requirement for proposed Cloud Service as a SaaS solution by the bidder

2. The infrastructure should be offered as public cloud-based software as a service. DC & DR set up must comply with all Indian regulatory guidelines defined for providing cloud-based services in India.

3. Cloud must be hosted in India including DC and DR in India, no network and data sharing/replication/processing to any data centre/data processor outside the boundaries of the country. The bidder/successful bidder shall be bound by Indian law and Indian IT Law. No data in any circumstances should be shared / copied / transmitted/processed without Bank’s consent / written permission of the Bank and it should be as per the Indian IT Law.

4. The Cloud service provider should be certified to be compliant to the following control standards:


Page 17 of 57

• ISO 27001 - Data Centre and the cloud services should be certified for the latest version of the

standards

• ISO/IEC 27017:2015 - Code of practice for information security controls based on ISO/IEC 27002 for

cloud services and Information technology.

• ISO 27018 - Code of practice for protection of personally identifiable information (PII) in public clouds.

ISO 20000-9-Guidance on the application of ISO/IEC 20000-1 to cloud services

5. The proposed email and archival solution should have road map for more than two years beyond the contract period i.e. total 7 years of life span and should not meet end of life / end of support during the period. If the end of life / end of support announced by the OEM during the period, bidder has to replace the software with the equivalent / better capability of licensed e-mail software and client applications without any additional cost to the Bank.

6. The proposed cloud base productivity suite must be IPv6 Compliant with dual stack compatibility. Subsequent migration to IPv6 to be done without any additional cost to Bank.

7. An email solution to be accessible over multiple devices (Minimum 4 devices per user like Tablets, Mobile Phones, Laptops, Desktops etc.) All the devices should be in Sync. Solution should have following features:

• Meeting/Calendar/Task list

• Email clients should be accessible over web browsers Email archiving

and advanced security solutions

C. Technical requirement for proposed Email solution on public cloud

1. Solution must have Message broadcasting feature (One to Many, Many to many). 2. Solution should have inbuilt Anti-spam/Malware and any other such type of threats control. 3. If Indian government demand is received for any data, the process mentioned below has to be

followed:

• Disclosure of data of any kind on legal/statutory compulsion should be done only after obtaining concurrence from the Bank.

• Resist illicit demands that are invalid which are not permitted by the Indian Government or Indian IT Law or any other Indian Regulatory Authorities.

4. Solution (Cloud) must have Production and Disaster recovery site (replica of production) with Active-Passive deployment has to be maintained in India.


Page 18 of 57

5. Records pertaining to all mails and data including attachments must be available in the proposed solution with the facility of archival / retrieval at any time as requested by the Bank, during the contract period.

6. Solution should have the capability of sending to Bulk mails/promotional emails to users, customers

and potential customers.

7. Solution should have capability to Create Mailing Lists, access Control Level etc. and should have the

ability to control Attachment size, type and extension, etc.

8. The proposed mail solution should provide the administrators web-based user management facility.

9. Solution should have capability for Mail Queue management/Priority Management and should handle

SMTP Secured connection.

10. Solution should provide access from Mobile devices/Mobile Apps with real time syncing of mails between all the

access points and should support third party email clients.

11. Solution should provide functionality for Self-password reset/Password Management with support to multi

factor authentication.

12. Solution should have capability to provide Alerts and monitoring interface and solution support Remote

Administration for administrators.

13. Solution should have Data Loss Prevention (DLP) capabilities: Keeping organization safe from users

mistakenly sending sensitive information to unauthorized people. Three categories of actions : a) Block

sensitive content mail from being sent based on policies b) Rights-protect sensitive mails at server

before sending to recipients based on admin policies c) Provide Policy Tips to users to inform policy

violations before sensitive data is sent.

14. Solution should have Capability to integrate with the authentication servers (LDAP/ADFS etc.) and Integration

with applications using API.

15. Solution should have Capability to send and receive authenticated and encrypted emails and archived mail

backup and restoration at user level.


Page 19 of 57

16. Solution should have Support to mark/filter Spam/Junk mail management to Administrators and end

users.

17. Solution should allow end-user to remotely wipe data from mobile devices with or without Administrator

intervention.

18. Solution should have Rich features e.g. mail search, calendar and Task Management, Reminders, meetings setup

along with desktop sharing capabilities from all types of clients-thick/fat, thin browser clients.

19. The proposed messaging solution on cloud should provide high availability and load Balancing and Disaster

Recovery capability.

20. The proposed messaging solution on cloud should support recalling/resending of messages sent and

also should notify the user on the success or failure of the message recall. This facility should be

available to users and administrators.

21. The proposed messaging solution on cloud should support standard protocols like POP3/IMAP/HTTP and SMTP

/MIME over normal and secure channels. The email solution should support Mail clients having the following

features viz. POP3, IMAP, LDAP, SMTP

22. Should be capable of administration through a single window interface to provide server level control and

configuration of the messaging system for all servers including:

• Create / rename / delete mail accounts

• Reset / set user passwords for Messaging platform

• List all users in the messaging system

• Search for a user and modification of user object attributes

• Enable / disable user accounts

• Change delegated administration passwords

• Add alias e-mail address for a user

• Create transport rule as per requirement.

• Ability to see and export all type of logs like mail tracking logs, audit logs etc.

• Increase/Decrease the attachment size of mail id


Page 20 of 57

• Increase/Decrease the size of mail box

• Backend and other necessary support to be provided by the bidder

23. The proposed messaging solution on cloud should be able to detect and clean Virus, malware, spyware,

gray ware, Trojan, worm, document exploits, macro virus, packed files, manage web reputation, spam,

phishing, mails, attachment blocking, content filtering i.e. Antivirus Software on Servers, Antivirus Scan

on Mail Routing/transport Servers for within domain mails.

24. The proposed messaging solution on cloud to detect and clean Virus, malware, spyware, gray ware, Trojan, worm,

document exploits, macro virus, packed files, manage web reputation, spam, pushing, mails, attachment

blocking, content filtering i.e. Antivirus Software at the Email Gateway (i.e. Mx) is required to be proposed by

bidder/Cloud Service Provider for and for outside domain mails.

25. The infrastructure should be offered as a cloud based software as a service (SaaS).

26. The email along with archives and individual file storage should be hosted in India for primary and secondary

copies.

27. The cloud infrastructure should have presence in at least 2 cities in India.

28. The solution should be encrypting data both at rest and encryption in transit with SSL/TLS.

29. The Service uptime agreement for the proposed solution should have monthly uptime commitments and have

transparent monthly credit calculations in case of uptime not being met for any service/s.

30. The same Service Level Agreement should be applicable to all included or related services or components that is

required for the solution to be contracted for the requirement

31. The proposed solution should not mandate any minimum number of users for any service uptime calculations

32. The proposed solution should also have Service level commitments for virus detection and blocking,

spam effectiveness, false positives as well as email delivery.

33. The Enterprise email messaging system must provide seamless and secure web access via popular Internet

browsers (Internet Explorer, Mozilla Firefox, Safari), and the user interface and experience must be consistent


Page 21 of 57

across the web interface and the email client, as well as the modern mobile devices‟ internet browsers or mobile

mail apps

34. The solution should support all widely used email clients such as MS Outlook, Mozilla Thunderbird, IBM Lotus

Notes etc.

35. Should provide in-built antivirus and anti-spam functionality to filter suspicious, unwanted emails. The security

solution should provide a console to administrators for monitoring.

36. Should have built in Capability to manage Mailboxes, use existing Data Loss Prevention Policies templates, Org-

wide rules, Distribution Groups, External Contacts in service administration portal. The ability to send/receive

encrypted emails. Additional feature of digital signature and encrypting e-mails shall be in built in the solution.

37. Should provide out of box archive solution without need for 3rd party integration. Admin and respective end

user/client should be able to retrieve the archival record which may be required from time to time without

downloading/restoring the mailbox.

38. License and Support for 3rd party add on components (if any) to meet the requirements listed, to be

provided by bidder for the entire contract period.

39. Ability to provide different mail box sizes to users based on their roles/categories/designation.

40. An administrator console to implement/manage/change organization level archival, retention and Backup

policies.

41. Users should be able to use conditional formatting/filtering to automatically /manually arrange emails based on

sender, subject, recipients, status, importance etc.

42. Should support conditional mail routing for different email domains

43. Solution should have the mailbox audit feature for all users should be enabled immediate upon creation on cloud.

Audit Logs should be preserved for at least 90 days in online & 10 years for offline.

44. The messaging system should support antivirus stamping to validate the particular antivirus engine that

scanned the mail, the antivirus signature used to scan and the time of scan.

45. It should have for digital signatures.


Page 22 of 57

46. It should have tolls for message tracking and monitoring management.

47. It should be capable of integration with PKI services.

48. It should have to access email from mobile phones.

49. It should have multiple address book.

50. It should support for filtering and grouping of addresses into multiple virtual address books depending on

attributes defined in the filters.

51. It should support SMTP as default messaging protocol for mail transfer for internet.

52. It should have support for multiple domains over the internet.

53. It should have support for standards like MIME/SMIME on client & web access.

54. It should have routing engine like ESMTP.

55. It should have mail access using web browser.

56. It should support aliases e-mail addresses.

57. It should have ability to use Indian local language i.e. Unicode compliant.

58. It should have ability to spell check

59. It should have ability to store messages in draft for later sending

60. It should have ability to use address book global and local from compose screen.

61. It should have ability to add auto signature (VCF)


Page 23 of 57

62. It should have ability to save message in sent folders

63. It should have ability to mark a copy to self during composing

64. It should support message displaying capabilities-messages sent OR Failed-If Failed Reason

65. It should have ability to compose HTML messages.

66. It should have ability to compose in Rich Edit Form

67. Options in Folders should be Inbox, Draft, Sent, Trash by Default

68. It should support for User Created Folders

69. It should have create, rename, delete, user created folders

70. It should have ability to Empty Trash.

71. It should have support to visualize summary of Folders Based on New / Total Messages.

72. It should have filter rules for users based on Sender / Recipient subject etc.

73. It should support Priority on Filters.

74. It should support PKI services for all clients (such as mail client, web, and mobile devices) and should provide

infrastructure to enable Mail messaging (S/MIME) capability and integration with messaging system.

75. Should provide support for POP3, IMAP4, SMTP, NNTP & HTTP based protocols.

76. Messaging Server should support cHTML, XHTML, and HTML mobile phone browser.

77. Policy based management should provide for centralized, targeted control over user settings, so a change in one

place can update users in any scope from an individual to a group or to an entire organization.

78. It should have Anti-Spam and Filtering Functionalities.

79. Messaging server should be capable of implementing Private Blacklist, Private Whitelists and DNS Whitelists


Page 24 of 57

80. It should be possible for contacts from the Global Address List (Shared company directory) to be added to

personal contact. It should be also possible for Contacts in Messaging server to be directly synchronized to Pocket

PC Client.

81. Messaging Client and Server should support Mail / Multipurpose Internet Mail Extensions (S-MIME), enabling

users to digitally sign and encrypt e-mails and attachments.

82. There should be feature for sent messages to be recalled by the sender.

83. User should be able to select the priority of the follow-up (low, normal, urgent), indicated by a flag in

the inbox. Additionally, user should be capable of setting an alarm as a reminder of a follow-up action,

like marking an e-mail for followup.

84. Should allow the user to move to the next or previous message without having to return to the inbox view.

85. The browser email software should provide caching of certain static data, like a e-mail form, so that the browser

needs to bring down data only once, instead of requesting the same data from the server each time.

86. Browser based software should use compression techniques in order to reduce the network bandwidth

consumption and thus, improve client performance on high-latency networks or dial-up connections.

87. Browser software should support basic authentication, session authentication, active content filtering,

additionally it should be designed to work well with supported proxy servers and virtual private network

solutions.

88. Software should be able to send encrypted messages, signed messages and also capable of verifying the digital

signature directly from the browser interface.

89. Users should be able to take advantage of web mail Redirect to access their mail without knowing the full names

of their mail files or mail servers.

90. Should provide support for group collaboration, calendaring, scheduling. Should provide support for

collaborative development and support for workflow scenarios and web services.

91. The messaging software should support automatic message routing for messaging architecture with multiple

routes, and mails should be delivered using the most direct route by default.

92. The messaging software should also have features to enable administrators to configure schedule and priority of

messages to optimize bandwidth usage.

93. The messaging software should support configuration of different Out Of Office message to be sent to external

recipients.

94. The messaging software should support configuring and scheduling Out of Office to end and begin on different

dates.


Page 25 of 57

95. Email Data (Complete or Delta) should not be kept outside the boundaries of India at any point of time neither

for data filtration or quarantine process nor for any other reason.

96. There should be a centralized e-discovery mechanism to find information from mail, group conversations,

attachment and documents stored on document libraries from single compliance portal.

97. Mail Box Size and Other Requirements:

Profile Items/Service ( Unlimited archival) No of Mailboxes

Profile 1 10 GB 30

Profile 2 2 GB 320

D. Technical Requirements on Security features

1. The solution should have Inbuilt Security mechanism for preventing Zero Hour Threats, Remote

access threats, Targeted and blended attacks including, but not limited to, anti-APT solution

denial of service, distributed denial of services (DDoS), spam, malware, spyware, Ransomware,

Cryptoware, Botnets, Phishing, spear phishing, whaling, vishing frauds, drive-by downloads,

browser gateway fraud, ghost administrator exploits, identity frauds, memory update frauds,

password related frauds, business email compromise (BEC), stealthy attacks, etc. covering all

protocols viz., SMTP, POP3 & IMAP.

2. The solution should have capability to protect user from Information or Identity Theft.

3. The solution should have Safe Links feature which should proactively protects bank‟s email

users from malicious hyperlinks in a message. The protection should remain every time they

click the link, as malicious links must be dynamically blocked while good links can be accessed.

4. The solution should have Safe Attachments which should protects against unknown malware and

viruses, and provides zero-day protection to safeguard messaging system. All messages and attachments

that don’t have a known virus/malware signature are routed to a special environment which should have

analysis techniques to detect malicious intent. If no suspicious activity is detected, the message should

be released for delivery to the user’s mailbox.

5. The solution should have Spoof intelligence which should detects when a sender appears to be sending

mail on behalf of one or more user accounts within our organization's domains. It should enable

administrator to review all senders who are spoofing our domain, and then choose to allow the sender

to continue or block the sender.


Page 26 of 57

6. The solution should have capability to quarantine messages identified as spam, bulk mail, phishing mail,

containing malware, or because they matched a mail flow rule or Bank security policy, can be sent to

quarantine. Bank’s authorized users can review, delete, release or manage email messages sent to

quarantine.

7. It should have machine learning models to detect phishing messages.

8. Advanced Threat Protection should be robust and should not take more than 10 min to evaluate safe

attachment & safe link for delivery of emails with attachments or Links.

9. The solution should support Advanced Sandboxing capabilities to detect Malicious Emails including

attachments from Day one.

10. The solution should support industry standard encryptions such as AES 256 GCM, TLS 1.3 or above and

relevant secure versions as and when released during the entire Contract Period between Server to

Server & Server to Mail Clients.

11. For integration with external applications, application needs to have well defined APIs and application

needs to ensure that only authorized application can invoke such APIs.

12. Web Access to Email should be through HTTPs (latest SSL Certificate should be installed).

13. The solution should support Digital Signature of Email messages and encryption for data at Rest & in

transit.

14. The Solution must have a Sender Policy Framework (SPF) designed to detect email spoofing by providing

a mechanism to allow receiving mail exchangers to check that incoming mail from a domain comes from

a host authorized by that domain's administrators. Also, DKIM and DMARC Tool must be available in the

Email Solution. DMARC Policy must be implemented.

15. The Solution should have Data integrity management.

16. To determine who should access the data, what their rights and privileges are, and under what conditions

these access rights are provided and maintain a “Default Deny All” policy.

17. To comply with data retention and destruction schedules/Policy as published in OEM‟s Online Services

Terms and to certify on bank’s request destruction of all data at all locations.

18. Understand the logical segregation of information and protective controls implemented.

19. Understand Cloud provider policies and processes for data retention and destruction and how they

compare with internal organizational policy.

20. Perform regular backup and recovery tests to assure that logical segregation and controls are effective.

21. Ensure that Cloud provider personnel controls are in place to provide a logical segregation of duties.


Page 27 of 57

22. The solution should provide protection at multiple levels and at multiple checkpoints in the messaging

infrastructure, including messaging SMTP gateway and Mailbox servers, helping to stop viruses, worms,

and spam before they impact the network or user productivity.

23. It should provide support for scanning any files that use structured storage and the OLE embedded data

format (for example, .doc, .xls, .ppt, or .shs) as container files. This ensures that any embedded files are

scanned as potential virus carriers.

24. It should provide comprehensive Antivirus protection against the latest threats and viruses by using

multiple levels of checks involving multiple technologies.

25. It should have the capability to detect and stop the propagation of common malicious code (worms) via

email messages.

26. Scanning of emails should be supported the following configurations:

a. Scanning of inbound mails

b. Scanning of outbound mails

c. Scanning of internal mails

d. Mailbox scanning

e. On access scanning

27. It should provide options to scan / check for malicious mails both when they are delivered to the

mailboxes and when they are accessed later from the mailboxes.

28. In an outbreak scenario, it should be possible to scan email messages when they are accessed from the

mailboxes with latest updated signature.

29. There should be a provision to scan messages in the mailboxes with the latest signatures which had been

scanned earlier (1 day before or 5 days before, 1 week before, etc). This would help catch potential

malicious code which may have entered user’s mailbox earlier when a signature was not available.

30. It should support domain-level black and white lists.

31. It should proactively target patterns common in spam campaigns.

32. It should support DNS Based Distributed black lists.

33. It should provide IP based block-and-allow list based on sender reputation. These lists should be

automatically updated as new versions become available. It should also allow administrators to configure

additional IP allow-or-deny lists as needed.

34. It should support Tagging and forwarding of SPAM or likely SPAM messages.

35. It should provide keyword (body text) based filtering. It should filter messages based on a variety of

words, phrases, and/or sentences.


Page 28 of 57

36. It should have maximum uptime during the definition signature updates and mail flow should not be

affected/stopped/or queued during definition updates.

37. It should provide protection against latest threats using rapid release of definitions.

38. It should have high availability features and should have no single point of failure at any level.

39. The information protection technology should augment the bank’s security strategy by

providing protection of information through persistent usage policies, which remain with the

information, no matter where it goes.

40. The information protection technology should protect the content with RSA 1024-bit

encryption and authentication so that information will be safe in transit and will remain with

the document, no matter where it goes.

41. The information protection technology should wrap the content with security that prevents the

information from being viewed, even if the information is unintentionally distributed beyond

company walls and to unauthorized recipients.

42. The proposed Anti-virus, Anti-spam, anti-malware for email solution should be scalable and

should offer fault tolerance to safe guard against hardware failures. The fail over box should be

capable of taking over from the primary box in the case of a failure in the primary box without

any annual intervention.

43. The proposed Anti-virus, Anti-spam, anti-malware for email solution should be capable of

monitoring contents of SMTP messages and thereby block messages with a specified type of

attachment, size or particular keywords in the message body, and SMTP header.

44. The Anti-Spam function should be capable of detecting Spam E mail messages at the gateway;

The Anti-Spam function could use the following detection technologies:

a. Rule set Detection

b. Heuristic Detection

c. Content Inspection

d. Rate limit

45. The proposed Anti-virus, anti-spam, anti-malware for email solution should be capable of

implementing following policy filters including other advanced filters like Known Domains,

Blocking, Throttling, Relay, Trusted, Black list, White list, Suspect list.

46. The proposed Anti-virus, anti-spam, anti-malware for email solution must support the following:


Page 29 of 57

a. Must be accurate

b. Must support a reputational awareness system for internet sourced mail flow.

c. Must identify the reputational awareness system utilized

d. Must support the capability to block messages based on differing criteria

e. Must support attachment interrogation and blocking

f. Content Management should have Subject line & message body of Email, File attachment name,

type, or size, Scans inside text attachments & ZIP attachments.

g. Anti-spam filter should have Black hole List Support, Administrator Defined phrases, Sender Base

score, Spam Threshold, Header Rules, Body Hash Rules, Heuristic Rules, Signature based, Open

Proxy List.

h. Must support connection limiting

i. Must support the ability to rewrite email headers

j. Must support ability to do content analysis

k. Must support the ability to take different types of actions on mail messages depending on how

they are scored by the system.

l. Must support end-user quarantine functions that include view and managing quarantined mail

through a secure, web based interface for Spam messages, virus messages and suspect messages

m. Must support end user self-service features for the configuration of Spam controls, white listing

and Black listing, Quarantine access, Spam threshold management

n. Must provide anti-virus & anti-malware detection & prevention capabilities

o. Must have automated real-time detection & prevention update capabilities.

p. Must have anti-malware policy configuration capabilities

q. Single management administrative console for managing both anti-spam, antivirus, anti-

malware systems.

r. Must provide real-time reporting capabilities of the following types: Email virus

detection/stoppage reporting, System reporting, Spam Detection reports, Spam Detection

reports, Must provide reports that list changes/Updates to the system occurring in real time.

47. The bidder should provide updates and upgrades as and when released by the OEM during

contract period without any additional charges to the bank.

48. Security being prime concern, solution should not breach the security of any other installations

of Bank in any way.


Page 30 of 57

49. DC-DR drill to be performed as per RBI/Regulator guideline from time to time.

7. Terms & Conditions

A. Order details

The purchase order will be placed by Bank Head Office, IT Department in the name of selected bidder as per requirement. The payment will be made by Head Office, IT Department and the Performance Bank Guarantee for order will be required to be submitted in the same office. The SLA shall be signed between the parties within 4 weeks of the issuance of Purchase order.

B. Schedule of Implementation

• The project should be completed within 2 weeks, including implementation and migration of mail boxes,

from the date of purchase order.

• Any license, if required, need to be provided by the Vendor. The Vendor is solely responsible for any legal

obligation related to licenses during warranty period of five years for solution proposed as implemented by

the Vendor.

• The project is considered as completed (Commissioned and Operationalized) after signing the Acceptance

Test Plan (ATP) document jointly by the Bank and the vendor. The component level checking for individual

item may be included during the acceptance test.

C. Payment Terms

The payment will be made by J&K Grameen Bank, Head Office, IT Department. The selected bidder has to submit

the Performance Bank Guarantee for a period of contracted period +90 days with a claim expiry of 1 year

amounting to 10% of the order value within stipulated time frame at aforesaid office. The Payment shall be made

as per the terms and conditions mentioned in the RFP, quoted by the vendor and finalized by the Bank. Bank will

make the payment after signing of Service Level Agreement as follows:

a. Migration Cost:

• The payment along with the taxes will be paid to the bidder after successful completion migration of

existing mail id’s / mail boxes, assigned in the system and made operational, on submission of supporting

proof of documents and the acceptance certificate duly signed by Bank’s authorized official & satisfactory

service report from the Bank after realizing penalty charges for late delivery & installation, if any.

b. Revenue Cost:


Page 31 of 57

• Quarterly in Advance against Performance Bank Guarantee (PBG) of 10% of Project cost for the

contracted period.

• In the absence of PBG, 90% of quarterly recurring charges shall be released on submission of invoices in

next quarter.

• Invoices should be drawn upon J&K Grameen Bank.

• Taxes shall be extra as applicable.

• SLA shall be signed between the Company and J&K Grameen Bank within 4 weeks from the issuance of

this Purchase Order. Payments shall be released after the signing of the agreement.

• The payment for availing the cloud services from the date of successful completion of the entire 350 mail

id’s / mail boxes will be paid quarterly post availing the service.

• Bills shall be raised on quarterly orderly basis as per scope of work mentioned in the RFP and payment

shall be released accordingly by the Bank.

• No payment will be made in advance for any supplies under this invitation for bid.

D. Confidentiality

The bidder/selected bidder must undertake that they shall hold in trust any Information received by them under

the Contract/Service Level Agreement, and the strictest of confidence shall be maintained in respect of such

Information. The bidder has also to agree:

• To maintain and use the Information only for the purposes of the Contract/Agreement and only as permitted

by BANK

• To only make copies as specifically authorized by the prior written consent of Bank and with the same

confidential or proprietary notices as may be printed or displayed on the original;

• To restrict access and disclosure of Information to such of their employees, agents, strictly on a “need to

know” basis, to maintain confidentiality of the

Information disclosed to them in accordance with this Clause, and

• To treat all Information as Confidential Information.


Page 32 of 57

• Conflict of interest: The Vendor shall disclose to BANK in writing, all actual and potential conflicts of interest

that exist, arise or may arise (either for the Vendor or the Bidder’s team) in the course of performing the

Service(s) as soon as practical after it becomes aware of that conflict.

• The successful Bidder is required to execute a Non-Disclosure Agreement to the bank as per bank’s format

before or at the time of execution of the SLA (Service Level Agreement).

E. Paying Authority

The payments which is/are inclusive of GST and other taxes, fees etc. as per the Payment Schedule covered

herein above shall be paid by Department of Information Technology, J&K Grameen Bank, Head Office- Jammu.

However, Payment of the Bills would be released, on receipt of advice / confirmation for satisfactory delivery and

commissioning, live running and service report etc. after deducting all penalties.

F. Penalty

Penalty shall be applicable as per the SLA mentioned in the RFP

The Bank would consider the following formula to calculate the downtime below the designated limits of

operational uptime:

Downtime %= (Scheduled uptime – calculated downtime)*100)/Scheduled uptime Where:

“Scheduled Uptime”: Means the operating hours of the system for quarterly.

Calculated downtime: Is the number of hours in the month for which the DC was not completely functional as a

whole or any of its subsystem was not operational in its full capacity.

Penalty Calculation Matrix:-

Assume that particular aspect of „Critical‟ level wherein because of a situation of failure of both the UPS‟s at an

instance. The minimum service level in a month is 99.75% for all services on 24X7 basis.

G. Force Majeure

Force Majeure is herein defined as any cause, which is beyond the control of the selected bidder or the Bank as

the case maybe which they could not foresee or with a reasonable amount of diligence could not have foreseen

and which substantially affect the performance, such as:

• Natural phenomenon, including but not limited to floods, droughts, earthquakes, epidemics

• Situations, including but not limited to war, declared or undeclared, priorities, quarantines, embargoes


Page 33 of 57

• Terrorist attacks, public unrest in work area

Provided either party shall within ten (10) days from the occurrence of such a cause notify the other in writing of

such causes. The Selected bidder or the Bank shall not be liable for delay in performing his / her obligations

resulting from any Force Majeure cause as referred to and / or defined above.

H. Contract Period:

The tenure of the Contract will be for a period of 5 (Five) years effective from the date of execution of the Service

Level Agreement (SLA) unless terminated earlier by the Bank by serving 90 days prior notice in writing to the

selected bidder at its own convenience without assigning any reason and without any cost or compensation

therefor. However, after the completion of initial period of 3 (Three) years, the rates may be revised for further 2

years on such terms and conditions as would be decided by the Bank.

The performance of the selected bidder shall be reviewed every quarter and the Bank reserves the right to

terminate the contract at its sole discretion by giving 90 days‟ notice without assigning any reasons and without

any cost or compensation therefor. Any offer falling short of the contract validity period is liable for rejection.

The selected bidder is required to enter into a Service Level Agreement (SLA), the format whereof is to be supplied

by the Bank.

I. Completeness of the Project

The project will be deemed as incomplete if the desired objectives of the project as mentioned in Section “Scope

of Work” of this document are not achieved.

J. Acceptance Testing

The Bank will carry out the acceptance tests as per Scope of work, supplied & implemented by the selected bidder

as a part of the Project. The Vendor shall assist the Bank in all acceptance tests to be carried out by the Bank. The

provisioned items will be deemed accepted only on successful acceptance of those products and the vendor would

need to provision insurance of those items till successful acceptance. The Bank at its discretion may modify, add or

amend the acceptance tests which then will have to be included by the vendor and that there shall not be any

additional charges payable by the Bank for carrying out this acceptance test.

K. Order Cancellation

The Bank reserve its right to cancel the order in the event of one or more of the following situations, that are not

occasioned due to reasons solely and directly attributable to the Bank alone:

• Delay in commissioning / implementation / testing beyond the specified period.


Page 34 of 57

• Serious discrepancy in the quality of service expected during the implementation, rollout and subsequent

maintenance process.

• In case of cancellation of order, any payments made by the Bank to the Vendor would necessarily have to

be returned to the Bank, further the Vendor would also be required to compensate the Bank for any direct

loss suffered by the Bank due to the cancellation of the contract/purchase order and any additional

expenditure to be incurred by the Bank to appoint any other Vendor.

This is after repaying the original amount paid.

• Vendor should be liable under this section if the contract/ purchase order has been cancelled in case sum

total of penalties and deliveries equal to exceed 10% of the TCO.

L. Indemnity

The selected Bidder agrees to indemnify and keep indemnified the Bank against all losses, damages, costs, charges

and expenses incurred or suffered by the Bank due to or on account of any claim for infringement of intellectual

property rights.

The selected Bidder agrees to indemnify and keep indemnified the Bank against all losses, damages, costs, charges

and expenses incurred or suffered by the Bank due to or on account of any breach of the terms and conditions

contained in this RFP or Service Level Agreement to be executed.

The selected Bidder agrees to indemnify and keep indemnified Bank at all times against all claims, demands,

actions, costs, expenses (including legal expenses), loss of reputation and suits which may arise or be brought

against the Bank, by third parties on account of negligence or failure to fulfil obligations by the selected bidder or

its employees/personnel.

All indemnities shall survive notwithstanding expiry or termination of Service Level Agreement and the Vendor shall

continue to be liable under the indemnities.

Selected Bidder is required to furnish a separate Letter of Indemnity (Format whereof to be supplied by the Bank)

in Bank’s favour in this respect before or at the time of execution of the Service Level Agreement.

M. Publicity

Any publicity by the selected bidder in which the name of the Bank is to be used should be done only with the explicit written permission of the Bank.

N. Privacy & Security Safeguards

The selected bidder shall not publish or disclose in any manner, without the Bank's prior written consent, the details of any security safeguards designed, developed, or implemented by the selected bidder under this contract or existing at any Bank location. The Selected bidder shall develop procedures and


Page 35 of 57

implementation plans to ensure that IT resources leaving the control of the assigned user (such as being reassigned, removed for repair, replaced, or upgraded) are cleared of all Bank Data and sensitive application software. The Selected bidder shall also ensure that all subcontractors who are involved in providing such security safeguards or part of it shall not publish or disclose in any manner, without the Bank's prior written consent, the details of any security safeguards designed, developed, or implemented by the selected bidder under this contract or existing at any Bank location.

O. Technological Advancements

The Selected bidder shall take reasonable and suitable action, taking into account economic circumstances, at mutually agreed increase / decrease in charges, and the Service Levels, to provide the Services to the Bank at a technological level that will enable the Bank to take advantage of technological advancement in the industry from time to time.

P. Option Clause

Bidders are bound to accept the following:

i. The Purchaser reserves the right to increase or decrease the quantity to be ordered up to 25 percent of bid quantity at the time of placement of contract.

ii. The purchaser also reserves the right to increase the ordered quantity during the currency of the contract at the contracted rates.

iii. The purchaser also reserve the right to increase per mailbox storage as per the contracted rates.

Q. Guarantees

Selected bidder should guarantee that all the material as deemed suitable for the delivery and management for

the Migration of Bank’s E-mail system on Public Cloud Architecture with unlimited e-mail Archival Facility. All

hardware and software must be supplied with their original and complete printed documentation.

R. Corrupt and Fraudulent Practices

As per Central Vigilance Commission (CVC) directives, it is required that Bidders / Suppliers / Contractors observe

the highest standard of ethics during the procurement and execution of such contracts in pursuance of this policy:


Page 36 of 57

“Corrupt Practice” means the offering, giving, receiving or soliciting of anything of values to influence the action of

an official in the procurement process or in contract execution

AND

“Fraudulent Practice” means a misrepresentation of facts in order to influence a procurement process or the

execution of contract to the detriment of the Bank and includes collusive practice among bidders (prior to or after

bid submission) designed to establish bid prices at artificial non-competitive levels and to deprive he Bank of the

benefits of free and open competition.

The Bank reserves the right to reject a proposal for award if it determines that the bidder recommended for award

has engaged in corrupt or fraudulent practices in competing for the contract in question.

The Bank reserves the right to declare a firm ineligible, either indefinitely or for a stated period of time, to be

awarded a contract if at any time it determines that the firm has engaged in corrupt or fraudulent practices in

competing for or in executing the contract.

S. Termination

J&K Grameen BANK reserves the right to cancel the work/purchase order or terminate the SLA by giving 90

(ninety) days' prior notice in writing and recover damages, costs and expenses etc., incurred by Bank under the

following circumstances: -

• The selected bidder commits a breach of any of the terms and conditions of this RFP or the SLA to be executed

between the Bank and the selected Bidder.

• The selected bidder goes into liquidation, voluntarily or otherwise.

• The selected bidder violates the Laws, Rules, Regulations, Bye-Laws, Guidelines, and Notifications etc.

• An attachment is levied or continues to be levied for a period of seven days upon effects of the bid.

• The selected bidder fails to complete the assignment as per the time lines prescribed in the Work Order/SLA

and the extension, if any allowed.

• J&K Grameen BANK reserves the right to recover any dues payable by the selected Bidder from any amount

outstanding to the credit of the selected bidder, including the adjustment of pending bills and/or invoking

the Performance Bank Guarantee under this contract.

• After award of the contract, if the selected bidder does not perform satisfactorily or delays execution of the

contract, J&K Grameen BANK reserves the right to get the balance contract executed by another party of its

choice by giving one month’s notice for the same. In this event, the selected bidder is bound to make good

the additional expenditure, which J&K Grameen BANK may have to incur in executing the balance contract.

This clause is applicable, if the contract is cancelled for any reason, whatsoever.


Page 37 of 57

The rights of the Bank enumerated above are in addition to the rights/remedies available to the Bank under the

Law(s) for the time being in force.

T. Termination for Insolvency

The Bank may at any time terminate the Contract by giving written notice to the Bidder, if the Bidder becomes

bankrupt or otherwise insolvent. In this event, termination will be without compensation to the Bidder, provided

that such termination will not prejudice or affect any right of action or remedy, which has accrued or will accrue

thereafter to the Bank.

U. Resolution Of Disputes

“In the event of disputes, differences, claims and questions between the Parties hereto arising out of this

Agreement or in any way relating hereto or any term, condition or provision herein mentioned or the construction

or interpretation thereof or otherwise in relation hereto, the Parties shall first endeavour to settle such differences,

disputes, claims or questions by friendly consultation and failing such settlement, the same shall be referred to the

arbitration of two arbitrators, one to be appointed by each Party and such arbitrators shall appoint an umpire

before commencing the arbitration proceedings. The arbitration shall be held in accordance with the Arbitration

and Conciliation Act, 1996 or any statutory modification or re-enactment thereof for the time being in force and

shall be held in Jammu and conducted in English language.

The Court in Jammu alone shall have jurisdiction over such arbitration proceedings. The award of the Arbitration

shall be final, conclusive and binding upon the Parties hereto as an award of Arbitration and Conciliation Act, 1996

or any statutory modification or re-enactment thereof for the time being in force. Such award may be filed in any

competent Court in Jammu.

Each Party will bear the expenses/costs incurred by it in appointing the Arbitrator. However, the cost of appointing

the Umpire shall be borne equally by both the Parties.”

V. Applicable Laws

The Contract shall be interpreted in accordance with the laws of the Union of India read with local laws of the UT of

Jammu & Kashmir and the Company shall agree to submit to the courts under whose exclusive jurisdiction the

Registered Office of BANK falls.

W. Governing Laws

This Contract, its meaning and interpretation, and the relation between the Parties shall be governed by the

applicable laws of India read with Local Laws of J&K UT.

X. Right To Audit

Bank reserves the right to conduct an audit/ ongoing audit of the services provided by Bidder. The Selected Bidder (Service Provider) shall be subject to annual audit by internal/ external Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas of products (IT hardware/ Software) and services etc. provided to the Bank and Service Provider is required to submit such certification by such Auditors to the Bank. Bidder should allow the J&K


Page 38 of 57

Grameen Bank or persons authorized by it to access Bank documents, records or transactions or any other information given to, stored or processed by Bidder within a reasonable time failing which Bidder will be liable to pay any charges/ penalty levied by the Bank without prejudice to the other rights of the Bank. Bidder should allow the J&K Grameen Bank to conduct audits or inspection of its Books and account with regard to Bank’s documents by one or more officials or employees or other persons duly authorized by the Bank. Bank also has the right to audit and test the security controls periodically.

Y. Evaluation of Offers

Each Recipient acknowledges and accepts that the Bank may, in its sole and absolute discretion, apply whatever criteria it deems appropriate in the selection of vendor, not limited to those selection criteria set out in this RFP document. The issuance of RFP document is merely an invitation to offer and must not be construed as any agreement or contract or arrangement nor would it be construed as any investigation or review carried out by a Recipient. The Recipient unconditionally acknowledges by submitting its response to this RFP document that it has not relied on any idea, information, statement, representation, or warranty given in this RFP document. Validity of the bid should be 180 days from the date of opening of the bid.

Z. Address Of Notices:

Following shall be address of BANK for notice purpose: General Manager, J&K Grameen Bank, Head Office, Narwal, Jammu- 180 006 (India) Following shall be address of Company for notice purpose: ……………………………………………………………….. ……………………………………………………………….. ………………………………………………………………..


Page 39 of 57

ANNEXURE A : Mutual Nondisclosure Agreement THIS MUTUAL NONDISCLOSURE AGREEMENT (the “Agreement”) is made and entered into as of (DD/MM/YYYY) by and between _________, a company incorporated under the laws of India , having its registered address at __________________________ (the “Company”) and J & K Grameen Bank(the “Recipient”). 1. Purpose J&K Grameen Bank has engaged or wishes to engage the company for undertaking the project vide Purchase Order No:…………………and each party may disclose or may come to know during the course of the project certain confidential technical and business information which the disclosing party desires the receiving party to treat as confidential. 2. “Confidential Information” means any information disclosed or acquired by other party during the course of the projects, either directly or indirectly, in writing, orally or by inspection of tangible objects (including without limitation documents, prototypes, samples, technical data, trade secrets, know-how, research, product plans, services, customers, markets, software, inventions, processes, designs, drawings, marketing plans, financial condition and the Company’s plant and device), which is designated as “Confidential,” “Proprietary” or some similar designation. Information communicated orally shall be considered Confidential Information if such information is confirmed in writing as being Confidential Information within a reasonable time after the initial disclosure. Confidential Information may also include information disclosed to a disclosing party by third parties. Confidential Information shall not, however, include any information which (i) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (ii) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party through no action or inaction of the receiving party; (iii) is already in the possession of the receiving party at the time of disclosure by the disclosing part as shown by the receiving party’s files and records immediately prior to the time of disclosure; (iv) is obtained by the receiving party from a third party without a breach of such third party’s obligations of confidentiality; (v) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information, as shown by documents and other competent evidence in the receiving party’s possession; or (vi) is required by law to be disclosed by the receiving party, provided that the receiving party gives the disclosing party prompt written notice of such requirement prior to such disclosure and assistance in obtaining an order protecting the information from public disclosure. 3. Non-use and Non-disclosure. Each party agrees not to use any Confidential Information of the other party for any purpose except to evaluate and engage in discussions concerning a potential business relationship between the parties. Each party agrees not to disclose any Confidential Information of the other party to third parties or to such party’s employees, except to those employees of the receiving party who are required to have the information in order to evaluate or engage in discussions concerning the contemplated business relationship. Neither party shall reverse engineer, disassemble, or decompile any prototypes, software or other tangible objects which embody the other party’s Confidential Information and which are provided to the party hereunder. 4. Maintenance of Confidentiality. Each party agrees that is shall take reasonable measures to protect the secrecy of and avoid disclosure and unauthorized use of the Confidential Information of the other party. Each party shall take at least those measures that it takes to protect its own most highly confidential information and shall ensure that its employees who have access to Confidential Information of the other party have signed a non-use and non-disclosures agreement in content similar to the provisions hereof, prior to any disclosure of Confidential Information to such employees. Neither party shall make any copies of the Confidential Information of the other


Page 40 of 57

party unless the same are previously approved in writing by the other party. Each party shall reproduce the other party’s proprietary rights notices on any such approved copies, in the same manner in which such notices were set forth in or on the original. Each party shall immediately notify the other party in the event of any unauthorized use or disclosure of the Confidential Information. 5. No Obligation. Nothing herein shall obligate either party to proceed with any transaction between them and each party reserves the right, in its sole discretion, to terminate the discussions contemplated by this Agreement concerning the business opportunity. This Agreement does not constitute a joint venture or other such business agreement. 6. No Warranty. All Confidential Information is provided “AS IS.” Each party makes no warranties, expressed, implied or otherwise, regarding its accuracy, completeness or performance. 7. Return of Materials. All documents and other tangible objects containing or representing Confidential Information which have been disclosed by either party to the other party, and all copies thereof which are in the possession of the other party, shall be and remain the property of the disclosing party and shall be promptly returned to the disclosing party upon the disclosing party’s written request. 8. No License. Nothing in this Agreement is intended to grant any rights to either party under any patent, mask work right or copyright of the other party, nor shall this Agreement grant any party any rights in or to the Confidential Information of the other party except as expressly set forth herein.

9. Term. The Obligations of each receiving party hereunder shall survive for a period of ___________from the date hereof. 10. Adherence. The content of the agreement is subject to adherence audit by J&K Grameen Bank. It shall be the responsibility of the Company to fully cooperate and make available the requisite resources/evidences as mandated by J&K Grameen Bank. 11. Remedies. Each party agrees that any violation or threatened violation of this Agreement may cause irreparable injury to the other party, entitling the other party to seek injunctive relief in addition to all legal remedies.

12. Arbitration, Governing Law & Jurisdiction

a. In the event of disputes, differences, claims and questions between the Parties hereto arising out of this Agreement or in any way relating hereto or any term, condition or provision herein mentioned or the construction or interpretation thereof or otherwise in relation hereto, the Parties shall first endeavour to settle such differences, disputes, claims or questions by friendly consultation and failing such settlement, the same shall be referred to the arbitration of two arbitrators, one to be appointed by each Party and such arbitrators shall appoint an umpire before commencing the arbitration proceedings. The arbitration shall be held in accordance with the Arbitration and Conciliation Act, 1996 or any statutory modification or re-enactment thereof for the time being in force. b. The Courts in Jammu alone shall have jurisdiction over such arbitration proceedings.

c. The award of the Arbitration shall be final, conclusive and binding upon the Parties hereto as an award of Arbitration and Conciliation Act, 1996 or any statutory modification or re-enactment thereof for the time being in force. Such award shall be filed in any competent Court in Jammu.


Page 41 of 57

d. Each Party will bear the expenses/costs incurred by it in appointing the Arbitrator. However, the cost of appointing the Umpire shall be borne equally by both the Parties.”

e. This Agreement is construed and shall be governed in accordance with the laws of India read with the local laws of the UT of Jammu and Kashmir.” 13. Miscellaneous. This Agreement shall bind and injure to the benefit of the parties hereto and their successors and assigns. This document contains the entire Agreement between the parties with respect to the subject matter hereof, and neither party shall have any obligation, express or implied by law, with respect to trade secret or propriety information of the other party except as set forth herein. Any failure to enforce any provision of this Agreement shall not constitute a waiver thereof or of any other provision. Any provision of this Agreement may be amended or waived if, and only if such amendment or waiver is in writing and signed, in the case of amendment by each Party, or in the case of a waiver, by the party against whom the waiver is to be effective”. The undersigned represent that they have the authority to enter into this Agreement on behalf of the person,

entity or corporation listed above their names.

COMPANY NAME RECIPIENT By: By: (Signature) (Signature) Name: Name: Title: Title: Address: Address: Company Seal Company Seal


Page 42 of 57

ANNEXURE B: Self Declaration by Bidder (To be submitted on the Bidders Letter Head)

To The General Manager J&K Grameen bank Head Office, near Fruit Complex Narwal-18006, Jammu (J&K)

Subject: RFP for MANAGED MAIL MESSAGING SOLUTION ON CLOUD WITH ARCHIVAL FACILITY

Dear Sir,

With reference to your advertisement published in

………………………………….. on ……………………… on the captioned subject

we furnish the following Papers/Documents for the subject purpose.

We………………………………………………(name and designation) on behalf of

…………………………… having its registered office at ……………………..have submitted a Bid

proposal to J&K Grameen Bank for managed Mail Messaging Solution on Cloud with Archival

Facility in response to the RFP ref no. …………………………….dated …………………issued by

J&K Grameen Bank.

We are duly authorized persons to submit this undertaking.

We have read and understood the aforesaid RFP and we hereby convey our absolute

and unconditional acceptance to the aforesaid RFP.

We do not have any business relationship with J&K Grameen Bank including its

directors and officers which may result in any conflict of interest between us and J&K

Grameen Bank. We shall on occurrence of any such event immediately inform the

concerned authorities of the same.

We have submitted our Bid in compliance with the specific requirements as

mentioned in this RFP.

We have provided with all necessary information and details as required by J&K

Grameen Bank and shall provide with such additional information’s may be required

by J&K Grameen Bank from time to time.

Neither we nor any of our employee/director has been barred from providing the


Page 43 of 57

Services nor are we in negative list/blacklisted by any public sector banks, statutory

or regulatory or investigative agencies in India or abroad in the last 5 years.

There is no vigilance and / or court case pending against us/company and no inquiry

or investigation pending against us from any statutory regulatory and / or

investigation agency.

All the information furnished here in and as per the document submitted is true and

accurate and nothing has been concealed or tampered with. We have gone through

all the conditions of Bid and are aware that we would be liable to any punitive action

in case of furnishing of false information / documents.

We also undertake that, we were/are never involved in any legal case that may affect

the solvency / existence of our organization or in any other way that may affect

capability to provide / continue the services to bank.

Bank is not bound to accept any bid received on the lowest rate (L1) criteria only,Bank may

reject all or any bid.

If our Bid for the above job is accepted as mentioned in your RFP, we undertake to enter into

and execute a contract agreement & SLA at our cost, when called upon by the purchaser to do

so. Till such a formal contract is prepared and executed, this bid shall constitute a binding

contract between us and the bank & we are responsible for the due performance of the contract.

Bank may accept or entrust the entire work to one Bidder or divide the work to more than one

bidder without assigning any reason or giving any explanation whatsoever.

It is further certified that we have not modified or deleted any text/matter in this RFP.

Dated this _____ day of ____________________ 2021

Signature

(Company Seal/stamp)

__________________

In the capacity of

Duly authorized to sign bids for and on behalf of:


Page 44 of 57

ANNEXURE C: Indemnity (To be submitted by Successful Bidder on Winning the Contract)

INDEMNITY

This Deed of Indemnity executed at _____________ on the ______ day of _______ by

__________________ ______________________<insert name of the Successful Bidder>

(hereinafter referred to as “the Obligor” which expression shall unless it be repugnant

to the context, subject or meaning thereof, shall be deemed to mean and include

successors and permitted assigns);

IN FAVOUR OF

J&K Grameen Bank, a Regional Rural Bank created by amalgamation of Jammu Rural Bank

and Kamraz Rural Bank by Government of lndia while exercising power conferred by

Sub-Section (1) of section 23(A) of the Regional Rural Bank's Act,1976 vide notification

dated 30th June 2009, issued by Ministry of Finance, Department of Financial Services,

carrying on Banking Business, having its Head office at Narwal, Jammu, Pin-180006,

Jammu and Kashmir, hereinafter referred to as the “Bank” which expression shall, unless

it be repugnant to the subject or context or meaning thereof, be deemed to mean and

include its successors and assigns)

Now, the Bank and Successful Bidder wherever the context so permits, shall hereinafter

collectively refer to as the “Parties” and individually as a “Party”.

WHEREAS

The Bank had floated RFP No.----------------- dated ----------------------for Managed Mail Messaging Solution on Cloud with Archival Facility for J&K Grameen Bank for the period

of FIVE years from the date of issue of Letter of Intent and Obligor stood as a successful bidder to provide services as particularly mentioned in Scope of Work of the RFP. a) The Obligor has the expertise, resources, infrastructure, qualified manpower and

information technology resources to provide the Services and hereby represents and

warrants that it shall provide the Services meeting global quality standards and standards

prevalent in the industry internationally.

b) The Obligor represents and warrants that all Services provided shall conform to the

requirements of the Contract as set out therein and the Obligor shall at all times adhere to

Good Industry Practices.

c) The Obligor represents and warrants that it has obtained all Applicable Permits required to

provide the Services and that the Services shall be provided in compliance with all

Applicable Laws and the provision of the Services shall not result in the

infringement of any third-party intellectual property rights.


Page 45 of 57

1) Bank, relying and based on the aforesaid representations and warranties of the

Obligor, has agreed to avail the services of the Obligor on the terms and conditions

contained in the RFP with the Obligor;

2) One of the conditions of the aforesaid Contract is that the Obligor is required to furnish an

indemnity in favor of Bank indemnifying the latter against any loss, damages or claims arising

out of any violations of the applicable laws, regulations, guidelines during the execution of its

services to Bank over the contract period as also for breach committed by the Obligor on

account of misconduct, omission and negligence or any dishonest and fraudulent act by the

Obligor.

3) In pursuance thereof, the Obligor has agreed to furnish an indemnity in the form

and manner and to the satisfaction of Bank as hereinafter appearing;

NOW THIS DEED WITNESSETH AS UNDER:

The Obligor shall, at all times hereinafter, save and keep harmless and indemnified Bank,

including its respective directors, officers, and employees and keep them indemnified from

and against all losses, liabilities, claims, damages, obligations, litigations, suits, actions,

judgments, costs expenses and/or otherwise including but not limited to those from third

parties or liabilities of any kind howsoever suffered, (including, without limitation, reasonable

attorneys' fees), awarded by court of law or other competent governmental authority or

arbitral tribunal or tribunal of competent jurisdiction arising before, during or after

completion of Services, which result from, arise in connection with or are related in any way

of actions or claims initiated or preferred by third parties or statutory/regulatory authorities,

arising out of or in connection with and not limited to:

(i) The Obligor's breach of the representations and warranties specified in this Agreement;

(ii) Acts or omissions of, negligence, or misconduct by the Obligor; or

(iii) The fault or negligence of the Obligor, its officers, employees, agents, subcontractors

and/or representations resulting in loss or damage or injury to property or assets or injury to

persons or death;

(iv) Use of server, machine, equipment or other hardware or Materials or Program and other

hardware and software systems, provided by the Obligor directly and/or indirectly and

includes non-compatibility of software or hardware in any manner;

(v) Defective Servers/other machine parts or Materials or Program not replaced as

contemplated in this Agreement;

(vi) Infringement of patent, trademark, intellectual property rights, copyrights, industrial

drawings or designs

(vii) Acts of fraud or dishonesty.

For the purposes of this Agreement, the Obligor shall include the Obligor, its personnel,


Page 46 of 57

employees, consultants and/or other authorized persons.

1. The obligations of the Obligor herein are irrevocable, absolute and unconditional,in each

case irrespective of the value, genuineness, validity, regularity or enforceability of the

aforesaid Contractor the insolvency, Bankruptcy, re-organization, dissolution, liquidation or

change in ownership of Bank or Obligor or any other circumstance whatsoever which might

otherwise constitute a discharge of or defence to an indemnifier.

2. The obligations of the Obligor under this deed shall not be affected by any act, omission,

matter or thing which, would reduce, release or prejudice the Obligor from any of the

indemnified obligations under this indemnity or prejudice or diminish the indemnified

obligations in whole or in part, including in law, equity or contract (whether or not known to

it, or to Bank).

3. This indemnity shall survive the aforesaid Contract.

4. Any notice, request or other communication to be given or made under this indemnity shall

be in writing addressed to either party at the address stated in the aforesaid Contract and or

as stated above.

5. The words and expressions not specifically defined shall have the same meanings

as are respectively assigned to them in the Bid Document.

For M/s _________________

Signature Name:

Designation:

Company Seal.


Page 47 of 57

ANNEXURE D: Bank Guarantee Format (EMD)

Offer Reference No.:_______________

To:

The General Manager,

J&K Grameen Bank

Near Fruit Complex

Narwal, Jammu-180006

WHEREAS.......................................... (Company Name) registered under the Indian

Companies Act 1956 and having its Registered Office

at.................................................................. India (hereinafter referred to as “the

CSP/OEM”) proposes to RFP and offer in response to RFP No. ………………………….dated

……………………….. For Managed mail Messaging Solution with Archival Facility at J&K

Grameen Bank (Hereinafter called the “RFP”) AND

WHEREAS, in terms of the conditions as stipulated in the RFP, the CSP/OEM is required to

furnish a Bank Guarantee in lieu of the Earnest Money Deposit (EMD), issued by a scheduled

commercial bank in India in your favor to secure the order of the RFP in accordance with the

RFP Document (which guarantee is hereinafter called as “BANK GUARANTEE”) AND

WHEREAS the SI/OEM has approached us, ............................................................ for

providing the BANK GUARANTEE.

AND WHEREAS at the request of the CSP/OEM and in consideration of the proposed RFP to

you, we, .................................................................. having Branch Office/Unit amongst others

at..........................................., India and registered office/Headquarter

at……………………………………….. have agreed to issue the BANK GUARANTEE.

THEREFORE, we, ......................................................., through our local office at

................... India furnish you the Bank GUARANTEE in manner hereinafter contained

and agree with you as follows:

1. We....................................., undertake to pay the amounts due and payable under this Guarantee

without any demur, merely on demand from you and undertake to indemnify you and keep you

indemnified from time to time to the extent of Rs........................(Rupees ..............................only)

an amount equivalent to the EMD against any loss or damage caused to or suffered by or that may

be caused to or suffered by you on account of any breach or breaches on the part of the CSP/OEM

of any of the terms and conditions contained in the RFP and in the event of the CSP/OEM commits

default or defaults in carrying out any of the work or discharging any obligation in relation thereto

under the RFP or otherwise in the observance and performance of any of the terms and conditions

relating thereto in accordance with the true intent and meaning thereof, we shall forthwith on

demand pay to you such sum or sums not exceeding the sum of Rs......................................

(Rupees................................................ only) as may be claimed by you on account of breach on


Page 48 of 57

the part of the CSP/OEM of their obligations in terms of the RFP. Any such demand made on the

Bank shall be conclusive as regards amount due and payable by the Bank under this guarantee.

2. Notwithstanding anything to the contrary contained herein or elsewhere, we agree that your

decision as to whether the CSP/OEM has committed any such default or defaults and the amount

or amounts to which you are entitled by reasons thereof will be binding on us and we shall not be

entitled to ask you to establish your claim or claims under Bank Guarantee but will pay the same

forthwith on your demand without any protest or demur.

3. This Bank Guarantee shall continue and hold good until it is released by you on the application by

the CSP/OEM after expiry of the relative guarantee period of the RFP and after the CSP/OEM had

discharged all his obligations under the RFP and produced a certificate of due completion of work

under the said RFP and submitted a “ No Demand Certificate “ provided always that the guarantee

shall in no event remain in force after the day of ...........................without prejudice to your claim

or claims arisen and demanded from or otherwise notified to us in writing before the expiry of the

said date which will be enforceable against us notwithstanding that the same is or are enforced

after the said date.

4. Should it be necessary to extend Bank Guarantee on account of any reason whatsoever, we may,

at our sole discretion extend the period of Bank Guarantee on your request under intimation to the

CSP/OEM till such time as may be required by you.

5. You will have the fullest liberty without affecting Bank Guarantee from time to time to vary any of

the terms and conditions of the RFP or extend the time of performance of the RFP or to postpone

any time or from time to time any of your rights or powers against the CSP/OEM and either to

enforce or forbear to enforce any of the terms and conditions of the said RFP and we shall not be

released from our liability under Bank Guarantee by exercise of your liberty with reference to

matters aforesaid or by reason of any time being given to the CSP/OEM or any other forbearance,

act or omission on your part of or any indulgence by you to the CSP/OEM or by any variation or

modification of the RFP or any other act, matter or things whatsoever which under law relating to

sureties, would but for the provisions hereof have the effect of so releasing us from our liability

hereunder provided always that nothing herein contained will enlarge our liability hereunder

beyond the limit of Rs................... (Rupees....................................only) as aforesaid or extend the

period of the guarantee beyond the said day of ...................... unless expressly agreed to by us in

writing.

6. The Bank Guarantee shall not in any way be affected by your taking or giving up any securities

from the CSP/OEM or any other person, firm or company on its behalf or by the winding up,

dissolution, insolvency or death as the case may be of the CSP/OEM.

7. In order to give full effect to the guarantee herein contained, you shall be entitled to act as if we

were your principal debtors in respect of all your claims against the CSP/OEM hereby guaranteed


Page 49 of 57

by us as aforesaid and we hereby expressly waive all our rights of surety ship and other rights, if

any, which are in any way inconsistent with any of the provisions of Bank Guarantee.

8. Subject to the maximum limit of our liability as aforesaid, Bank Guarantee will cover all your claim

or claims against the CSP/OEM from time to time arising out of or in relation to the said RFP and in

respect of which your claim in writing is lodged on us before expiry of Bank Guarantee.

9. Any notice by way of demand or otherwise hereunder may be sent by special courier, telex, fax,

email or registered post to our local address as aforesaid and if sent accordingly it shall be

deemed to have been given when the same has been received .

10. The Bank Guarantee and the powers and provisions herein contained are in addition to and not by

way of limitation of or substitution for any other guarantee or guarantees here before given to you

by us (whether jointly with others or alone) and that Bank Guarantee is not intended to and shall

not revoke or limit such guarantee or guarantees.

11. The Bank Guarantee shall not be affected by any change in the constitution of the CSP/OEM or us

nor shall it be affected by any change in your constitution or by any amalgamation or absorption

thereof or therewith but will ensure to the benefit of and be available to and be enforceable by the

absorbing or amalgamated company or concern.

12. The Bank Guarantee shall come into force from the date of its execution and shall not be revoked

by us any time during its currency without your previous consent in writing.

13. We undertake to pay to you any money so demanded notwithstanding any dispute or disputes

raised by the CSP/OEM in any suit or proceeding pending before any court or Tribunal relating

thereto our liability under this present being absolute and unequivocal.

14. Notwithstanding anything contained herein above; our liability under this Bank Guarantee shall

not exceed Rs ......................... (Rupees ......................................... only);

This Bank Guarantee shall be valid up to ............. ; and claim period of this Bank Guarantee shall

be ………………… year/s after expiry of the validity period i:e up to …………….

We are liable to pay the guaranteed amount or any part thereof only and only if you serve upon us

a written claim for invoking the Bank Guarantee by or before the expiry of claim period i:e up

to…………

15. We have the power to issue this Bank Guarantee in your favor and the undersigned has full power

to execute this Bank Guarantee under the Power of Attorney issued by the Bank.


Page 50 of 57

For and on behalf of BANK

Authorized Signatory

Seal

Address


Page 51 of 57

ANNEXURE E: Service Level Agreement

1. Agreement Overview

This Agreement represents a Service Level Agreement (“SLA” or “Agreement”) between the buyer

and Cloud Services provider.

The purpose of this agreement is to facilitate implementation of for Migration of Bank‟s E-mail system on Public Cloud Architecture with e-mail Archival Facility

This Agreement outlines the scope of work, Stakeholder’s obligation and general terms and

conditions of all services covered as they are mutually understood by the stakeholders.

The Agreement remains valid until superseded by a revised agreement mutually endorsed by the

stakeholders.

2. Stakeholders

The two main stakeholders associated with this SLA are:

1) Service Provider(s)

2) Buyer

It is assumed that all stakeholders would have read and understood the same before signing the SLA.

Objective and Goals

The objective of this Agreement is to ensure that the proper elements and commitments are in place

to provide consistent delivery of service to buyer by service provider.

The goals of this Agreement are to:

Provide clear reference to service ownership, accountability, roles and/or responsibilities.

Present a clear, concise and measurable description of service provision to the customer.

Establish Terms and Conditions for all the involved stakeholders.

To ensure that both the parties understand the consequences in case of termination of services due to

any of the stated reasons

The agreement can also be modified on the mutual agreement of all the involved stakeholders

Thus, the agreement will act as a reference document that both the parties have understood the

aforementioned terms and conditions and have agreed to comply by the same.

3. Service Scope and Terms and Conditions

Service Scope and Terms and Conditions are as specified in the Point 6 and 7 of RFP.

4. Payment Terms

Payment Terms and condition are as per specified in the RFP Point 7 sub point C.


Page 52 of 57

5. Migration

In the event of termination or expiry of the Term, the Vendor shall cooperate with the bank in migrating of the whole

data at no additional expenses and afterwards shall delete all data of the Bank that may exist with the Vendor.

6. SLA and Penalty

The Cloud Service Providers should adhere to the Service Level Agreements, this section describes

the Penalties which may be imposed on CSPs. In case these service levels cannot be achieved at

service levels defined in the agreement, the bank should invoke the performance related penalties.

Payments to the SP to be linked to the compliance with the SLA metrics laid down in the agreement.

Service Levels

NO. Measurement Target

Uptime Severity Penalty

1

Uptime of cloud Solution-

Storage, Network, Virtualisation

Layer, Virtual Operating System,

Cloud Security Layer

99.75% Critical

Default on any one or more of the

provisioned resource will attract

penalty of 1% of <Periodic Payment>

on fall of every 0.25% below 99.75%.

2 a. Virus detection and blocking

b. Spam effectiveness

c. Email delivery

100%

95%

100%

Default on any one or more of these

resources will attract penalty of 1% of

<Periodic Payment> on fall of every

1% below the mentioned levels.

3 Security Breach

10% of the Contract Amount or

termination as deemed fit by the Buyer

Department along with Legal Action

4 Data Loss 1% of the bill amount per incident

5 Cumulative Penalty

Cannot exceed 10% of the contract

value after which the contract stands

cancelled

The undersigned represent that they have the authority to enter into this Agreement on behalf of the person, entity or corporation listed above their names.


Page 53 of 57

COMPANY NAME RECIPIENT By: By: (Signature) (Signature) Name: Name: Title: Title: Address: Address: Company Seal Company Seal


Page 54 of 57

Annexure F: Bidders Capability/Marking Methodology

Max Marks

S No Technical and Operational = T

1

Additional Experience in BFSI : a. 2 for SCB b. 1.5 for non-SCB entities from BFSI 10

2

POC : Marks will be assigned by an internal committee based on the methodology, work plan, team composition, and solution architecture and integration plan for all the individual components. 20

3 Migration - Additional 0.5 Marks with max upto 2.5:- For every 500 mailboxes after 1000 mailboxes 2.5

4 Live Mailboxes - Additional .05 Marks with max upto 2.5:- For every 1000 mailboxes after 5000 mailboxes 2.5

5

Multiple Tier Security Equipment/Service (With maximum of 1 Mark for each point) 1. For each additional AV - 0.5 marks 2. For each additional Anti-Spam - 0.5 marks 3. For each additional ATP - 0.5 marks 4. For each additional Sandbox - 0.5 marks 5. For each additional Anti Malware -0.5 marks 5

Overall Evaluation Marks:

The combined marks of both the technical and financial proposals as per Weight age stated will determine the final, overall attained marks. Based on the total marks obtained, the following is the methodology for calculating the total marks. S = (C_low / C) * 0.6 + (T / T_high)* 0.4 Final Marks (F) = 100 * S C_low: Lowest Price quoted C: Bid Price as quoted by the bidder T-high: Highest Technical Score Obtained as per Annexure F above T Technical: Technical Score obtained by the bidder as per Annexure F above The Bidder scoring the maximum final Marks (F) shall be declared as the successful Bidder.


Page 55 of 57

ANNEXURE G: Eligibility Format

# Criteria and Supporting Documents

Compliance with

Supporting

Documents (Yes/No)

1

The bidder should be a Government Organization/ PSU/ PSE /Public/

Private Limited Company incorporated/ established under Companies

Act, 1956/2013 or later and should have been in operation for at least

three years as on date of RFP.

2

Bidder must have minimum annual turnover of Rs. 20 Crore in each of

the last three financial years (2018-19, 2019-20 and 2020-21) and

should also have made operating profit in at least two of the previous

three financial years.

3

Bidder should have experience of migrating from on premise or cloud

Microsoft Exchange of minimum 1000 mail boxes (including history

data) into cloud in India and should have experience of maintaining the

offered solution (in current bid) for at least one year from

implementation of Email solution.

4

Bidder can be any of the following:-

i. Bidder is OEM and cloud service provider (CSP)

ii. Bidder is OEM but not CSP. In that case, Bidder should have

agreement with CSP for at least five years to support product service

on cloud.

iii. Bidder is CSP but not OEM. In that case, bidder should have

agreement with OEM to supply OEM’s products and should have back-

to-back support agreement for five years.

iv. Bidder is neither OEM nor CSP. In that case, bidder should have

agreements with OEM and CSP for at least five years to supply OEM’s

products and product service on cloud for five years.

Manufacturer’s Authorization Form (MAF) is to be provided for Hardware & Software /Cloud computing services.

5 The bidder should not be currently blacklisted by any Central/State

Govt. depts./Public Sector Banks / Financial Institutions in India

6

The Cloud service provider should be certified to be compliant to the

following control standards:

i. ISO 27001 - Data Center and the cloud services should be certified

for the latest version of the standards

ii. ISO/IEC 27017:2015 - Code of practice for information security

controls based on ISO/IEC 27002 for cloud services and Information

technology

iii.ISO 27018 - Code of practice for protection of personally identifiable

information (PII) in public clouds.


Page 56 of 57

iv. ISO 20000-9-Guidance on the application of ISO/IEC 20000-1 to

cloud services

7

Proposed Email Cloud service provider should be MeitY (Govt. of

India) empanelled and STQC audit compliant for Public Cloud service

offering PaaS and IaaS. For Public Cloud service offering for SaaS,

should be compliant as and when MeitY takes it up for Empanelment.

8

The Cloud Service Provider should have Public Cloud Service for a

minimum period of three (3) years in India as on the date of release of

this RFP.

9

The Cloud Email solution (Email software along with cloud service

provider) is under production with minimum 5000 mailboxes for

minimum one scheduled commercial bank for at least 2 full year from

date of Go-live.

10

The service provider should ensure that there are no proceedings /

inquiries / investigations have been commenced / pending against

service provider by any statutory or regulatory agencies which may

result in liquidation of company / firm and / or deterrent on continuity

of business.

11

Cloud must be hosted in India including DC and DR in India, no

network and data sharing/replication/processing to any data

center/data processor outside the boundaries of the India shall be

done. All server / applications used for proposed email solution in

cloud environment as per the Scope of Work, should have DC & DR in

India. The services provided should adhere to the latest security and

other relevant Guidelines issued by Regulatory Authorities from time

to time.

12 The bidder shall ensure that person signing on behalf of company is

competent.


Page 57 of 57

ANNEXURE H: Commercial Bid Format

# Product Description Qty Unit Price Per Month

Total Yearly Cost

Total Cost for 3 years

1 Email Service with 2 GB MailBox with Archival Solution 320 No

2 Email Service with 10 GB MailBox with Archival Solution 30 No

# Other Costs Qty Unit Price OTC 3

Migration Cost (storage in GB) 500GB

(approx)

4 One Time Cost (OTC) (if any)

C = Total Cost (exclusive of Taxes) ₹ 0 Additional Service Rate Card (exclusive of Taxes)

Rate Card Qty Unit Rate/

Month

1 Additional Storage Space per Mailbox Per Gb 2 Additional Mailbox

Note:

1. Additional Service Rate Card will not be considered for the selection of L1 Bidder.

2. 3 year Project cost will be considered for identifying L1 Bidder as per formula mentioned in Annexure F