Chapter – 1: Introduction
1.1. Background
Punjab National Bank (PNB) has taken many IT initiatives. Bank has computerized 100% of its branches and has implemented a Centralized Banking Solution with Data Centre at New Delhi and Disaster Recovery Site at Mumbai.
Bank has already implemented Data Ware House project for providing better access to information, to foster better and more informed decision-making, besides providing statutory reporting and MIS for the bank.
In the bank there are several applications which are developed in house/or procured through outsourcing for internal requirements of Bank. Some of these applications are accessed through Enterprise Wide Network by different Branch Offices and also available through Internet and through Dial-up Connection. Approximately, every year 50-60 software are being developed In house / procured in our bank for which Security cum Functional Audit is required.
We have alternate Delivery channels services like Internet Banking, ATM, Mobile Banking, Mobile Apps, Tab Banking and POS etc which is being also offered to the Bank customers. An ATM Switch has been installed at New Delhi in the Data Centre and a DR setup in Mumbai. Internet Banking Infrastructure is also located and integrated with the Enterprise Wide Network in a secured manner.
The Operating Systems used in Different applications include different flavors of Unix like Solaris, AIX, SCO etc.), Windows NT, Windows 2008/2012 enterprise Servers, Guardian, IBM AIX, HP Unix, Novell Netware, Tandem, DOS etc. Applications, which use messaging, include SWIFT, SFMS (RBI Infinet), Cash Management Services, Electronic Funds Transfer, and other RBI Projects etc. The Mail Server is on MS Exchange Server 2010. The Data bases include Oracle, MS SQL, DB2, Access, Sybase etc.
To Secure the Application software, Data bases, Data, Information etc and to ensure the availability of resources including the network to authorized users without any disruption or degradation, the bank plans to utilize the services of Information Security.
The bank houses various security devices positioned across various locations to protect its infrastructure from internet threats.
1.2. Purpose
For empanelment of IS Auditor for Security cum functional Audit of application software for providing independent reasonable assurance to the management on:
1. Audit of application software or any enhancement in any existing Application/IT Platform before roll out in live environment which serves our following purpose:-
I. Ensure better quality of software development.
II. Reducing the chances of security breach in the software.
III. Improve the secure coding practices for future software development..
IV. Robust IT security.
V. Mitigation of risks where there are significant control weaknesses
VI. Efficient utilization of IT Resources.
VII. Ensuring compliance of IT Security Policy and procedures defined by the Bank.
1.3. Project Scope
Detailed scope is at Annexure A. The overall approach of the Security cum functional Audit of application software shall be constructive/ contributory. The evaluation shall be comprehensive, clear and Security cum functional Audit shall help rectify the lacunae by concise directions.
1.4. Invitation
This RFP seeks Bidder(s) who are committed to the Information Security business and have the capability and experience in conducting Security cum functional audit of application software. Auditor wherever mentioned in RFP means the bidder/ company /firm who can conduct the security cum functional audit of application software.
Evaluation criteria, evaluation of the responses to the RFP and subsequent selection of the successful bidder(s) will be entirely at PNB’s sole discretion.Bank’s decision shall be final and binding and no correspondence about the decision shall be entertained.
1.5. Time Schedule of Various bid related events
| 1. | Date of commencement of availability of Bidding Documents for Sale | 12.03.2018 |
| 2. | Last date & time for submission of queries (by e-mail). | 18.03.2018 05.00 PM |
| 3. | Last date and time for receipt of Bidding Documents. | 02.04.2018 02.00 PM |
| 4. | Date and Time of Bid Opening.
(Change if any will be communicated to bidders who have purchased RFP.) |
02.04.2018 03.00 PM |
| 5. | Cost of RFP | Rs. 5000/- (non refundable) to be deposited in A/C 1522002100021143, PNB IAD, IFSC – PUNB0976200, Branch – PNB Head Office (9762200), Sector -10Dwarka New Delhi |
| 6. | Earnest Money Deposit Amount | Rs.50000/- Rs. Fifty Thousand Only to be deposited in A/C 1522002100021143, PNB IAD, IFSC – PUNB0976200, Branch – PNB Head Office (9762200), Sector -10Dwarka New Delhi |
| 7. | Place of opening of Bids | Punjab National Bank, IT Audit Cell, Inspection & Audit Division, Head Office 2nd Floor, East Wing, Corporate Office, Plot-4, Sector 10, Dwarka, New Delhi – 110075 |
Note:
(i) Bids will be opened in the presence of bidders who choose to attend as above
(ii) The schedule is subject to change and notice in writing of any changes will be published and communicated wherever feasible through bank’s corporate web-site pnbindia.in. The PNB reserves the right to cancel the RFP at any time without incurring any financial obligation to any Bidder or potential Bidder.
(iii) Any query regarding the RFP may be sent to iadisaudit@pnb.co.in and pankajgupta@pnb.co.in addressed to The Chief Manager, IT Audit Cell, Inspection & Audit Division, Head Office, 2nd Floor, East Wing, Corporate Office, Plot 4, Sector-10, Dwarka, Rajendra Place, New Delhi – 110075 before the Last date & time for submission of queries by e-mail.
1.6 Confidentiality
The RFP document is confidential and is not to be reproduced, transmitted, or made available or disclosed in any form or manner by the Recipient to any other person. Punjab National Bank may amend or revise the RFP document or any part of it. The Recipient accepts that they will receive any such revised or amended document subject to the same terms and conditions as this original and subject also to confidentiality.
The Recipient will not disclose or discuss the contents of the RFP document with any officer, employee, consultant, director, agent, or other person associated or affiliated in any way with Punjab National Bank or any of its customers, Auditors, or agents without the prior written consent of the Bank. The empanelled bidder shall execute a Confidentiality & Non Disclosure agreement with the Bank as per Annexure ‘J’.
1.7 Non Disclosure Clause
i) The bidder (and his employees) shall not, unless the bank gives permission in writing, disclose any part or whole of this RFP document, of the proposal and/or contract, or any specification, plan, drawing, pattern, sample or information furnished by the bank, in connection therewith to any person other than a person employed by the bidder in the pursuance of the proposal and/or contract. Disclosure to any such employed person shall be made in confidence and shall be to the extent only so far as may be necessary for purposes of such performance. The bidder will ensure that the employees engaged by the bidder will maintain strict confidentiality.
ii) The bidder, his employees and agents shall not without prior written consent from the bank make any use of any document or information given by the Bank, except for purposes of performing the contract award.
iii) In case of breach, the bank shall take such legal action as it may deem fit.
1.8 RFP TERMINOLOGY
Definitions
Throughout this RFP, unless inconsistent with the subject matter or context, the following terms will have the meaning as under:
i. Agreement:
Any written contract to be entered into between Punjab National Bank and the Bidder(s) qualifying for empanelment with respect to providing for any deliverables or services contemplated by this RFP. Any Agreement shall be deemed to incorporate, as schedules, this RFP and all supplements issued by
