Inviting Tender from Cert-In empanelled agencies for Conducting Load and Security Testing of Web application of UPSDM



Similar documents
Subject : Annual Contract for Pest Control, Rodent Control and Termite Control to the Commission for the year

DETAILED OF TENDER PAPER FOR PRINTING & SUPPLY OF FLEXI BOARD UNDER FEEDING PROGRAMMES (SNP/EFP & MDM) FOR THE YEAR

2. The Earnest Money Deposit (EMD) of Rs. 50,000/- (Rupees Fifty thousand only) in

Tender No: NEDA/Comp/ RMS/ Dated: 03/11/2015

How To Sell Cement In Jamshedpur

For providing Facility Management Services of IT Infrastructure at College of Engineering Pune

SOFTWARE TECHNOLOGY PARKS OF INDIA

SUPPLY AND INSTALLATION OF INTERNET BANDWIDTH SERVICES

LIMITED TENDER FOR DESIGN, DEVELOPMENT AND IMPLEMENTATION OF WEBSITE FOR NON TIMBER FOREST PRODUCE (NTFP)

Expression of Interest for Providing Server Space and Technical Support

Dr. Bhim Rao Ambedkar Engineering College of Information Technology Banda

TEXTILES COMMITTEE GOVERNMENT OF INDIA MINISTRY OF TEXTILES P. BALU ROAD, PRABHADEVI MUMBAI REQUEST FOR PROPOSAL (RFP)

Development of application Software for Election Commission

Advt.No.: IISER/S&P/2/15-16 Dt. 12 th May 2015 NOTICE INVITING TENDER

Indian Institute of Technology, Kharagpur Kharagpur , WB, India

Tender Notice. Tender no. : NTSC (O)/EM/F&F/ Date: 8th June, 2015

State Health Society, Bihar Pariwar Kalyan Bhawan, Sheikhpura, Patna-14

TENDER NOTIFICATION ENTRY OF DATA FROM I-R/II-R/I-U/II-U FORM INTO DATABASE

HIRING OF ACCOUNTANTS

FOR PROCUREMENT OF MATERIALS UNDER DEPOSIT / APDRP WORKS

भ रत य कप स नगम ल मट ड

DIRECTORATE OF KNOWLEDGE MANAGEMENT IN AGRICULTURE (Indian Council of Agricultural Research) Krishi Anusandhan Bhavan, Pusa, New Delhi

Ministry of External Affairs Government of India External Publicity & Public Diplomacy Division PAV Section

DIRECTORATE OF PUBLICITY & PUBLIC RELATIONS CUSTOMS & CENTRAL EXCISE C.R.BUILDING, NEW DELHI. ***************************

TENDER DOCUMENT FOR ESTABLISHMENT OF VIDEO CONFERENCING FACILITY TENDER ENQUIRY

1 MH-04-BS-5818 Maruti OMNI 12/09/ MH-43-A-6505 Maruti ESTEEM 25/02/2005

Tender document. for. Providing Managed Internet Leased Line Network. at Chandigarh Police Headquarters, Sector 9, Chandigarh

REQUEST FOR PROPOSAL (RFP) FOR SCANNING & DOCUMENT MANAGEMENT SOLUTION FOR THE COMMISSIONER OF INCOME TAX, DELHI-II NEW DELHI

ANNEXURE - I MPD/EPC/TIC/ NR logo web application development dated: Page 1

NOTICE INVINTING QUOTATION

TENDER NOTICE FOR SOCIAL MEDIA MONITORING SERVICES (TWITTER) FOR THE EXTERNAL PUBLICITY AND PUBLIC DIPLOMACY DIVISION, MINISTRY OF EXTERNAL AFFAIRS

Ref. REC/Adm. (Estate)/ / Dated

Dr. Bhim Rao Ambedkar Engineering College of Information Technology Banda

INVITATION FOR LIMITED TENDER FOR SUPPLY OF TECHNICAL MANPOWER

100 mbps dedicated uncompressed symmetric Internet Bandwidth (1:1) connectivity through optic fiber Leased Line at given location:

Dy. General Manager (Information Technology)

TENDER FOR TRAVEL SERVICES

TENDER DOCUMENT FOR SUPPLY OF OMR SCANNER WITH BAR CODE READER

School of Open Learning University of Delhi

Dr. Bhim Rao Ambedkar Engineering College of Information Technology Banda

Bank of Baroda inviting tenders from Gujarat Based Reputed Printers for F.Y with BOB Zonal Stationery Cell, Baroda. Ph.

e-tender (ON-LINE) INVITATION NOTICE NO. 06 Of

TENDER DOCUMENTS FOR SUPPLY INSTALLATION AND COMMISSIONING OF BIOMETRIC DEVICE FOR FINGERPRINT ATTENDANCE SYSTEM

No /1/2016-Genl. Government of India Ministry of Textiles

PRASAR BHARATI ( INDIA S PUBLIC SERVICE BROADCASTER ) NEWS SERVICES DIVISION : ALL INDIA RADIO NO. 17(10)/ /G/

How To Run A Web Server On A Linux Or Windows Computer (For Free) On A Cheap Server (For Cheap) On Your Own Computer (Free) On An Old Hard Drive (For A Free) Or Ipad (For Low Cost)

SUPPLY, INSTALLATION, TESTING & COMMISSIONING OF SPLIT AIR CONDITIONERS

INDIAN INSTITUTE OF TECHNOLOGY GANDHINAGAR

2) For display on the Notice Board.

Notice Inviting Quotation for HIRING OF VEHICLES

GOVT. WOMEN S POLYTECHNIC COLLEGE Shivaji Nagar, Bhopal, Madhya Pradesh

TENDERS INVITED FOR DESIGN, DEVELOPMENT, HOSTING AND MAINTENANCE OF WEBSITE FOR ICAR - CENTRAL CITRUS RESEARCH INSTITUTE LOCATION: OPP. N.B.S.S.

TENDER NOTICE NO. 04/

Rajya Sabha Secretariat Rajya Sabha Television 12 A, Gurudwara Rakab Ganj Road, New Delhi TENDER NOTICE FOR INTERNET CONNECTIVITY

TENDER DOCUMENT. For SUPPLY OF TWO OMR SCANNER WITH BAR CODE READER

(A K Chatterjee ) Sc. F & Head, BIS-DSBO

1.1 The tendering process is online at Airports Authority of India s e-portal URL address or

National Small Industries Corporation Ltd NSIC Bhawan, Okhla Industrial Estate, Phase III New Delhi-20 Telephone:

E-Tender. Director on behalf of the Punjab State Council for Education Research & Training invites e tenders for the job of Online Counseling.

Government of Jharkhand Department of Science & Technology Nepal House, Doranda, Ranchi Ph , , Fax ,

TENDER DOCUMENT FOR. IVRS Complaint redressal system to handle complaints from the public. Related MIS Software AT UPNEDA, HEAD OFFICE

Notice for Inviting EOI from Chartered Accountants Firms for Conducting Statutory Audit of DRDA, Malkangiri. For the FINANCIAL YEAR

University Centre for IT Infrastructure Management 4 th Floor, D-Block Guru Gobind Singh Indraprastha University Sector-16 C, Dwarka, Delhi

Following terms and conditions may be kept in view while submitting the bids :-

Tender for development, upgradation of web based software application for Student Information System (SIS) INVITATION OF THE BID

भ रत य गक स थ न र पड़

SHORT TERM TENDER NOTICE

GOVERNMENT OF ASSAM DIRECTORATE OF TRAINING ASSAM ADMINISTRATIVE STAFF COLLEGE KHANAPARA: GUWAHATI NOTICE INVITING TENDER

INDIAN INSTITUTE OF TECHNOLOGY GANDHINAGAR

Annual Maintenance Contract (AMC) of Computer/Printer/Server/Scanner/ Laptop/UPS etc. in the Ministry of Women and Child Development

Wanted Plot at Bavla. Advertisement for purchase of plot at Bavla under Ahmedabad DO.

INVITATION FOR TENDER FOR SUPPLY OF EQUIPMENT

LIMITED TENDER ENQUIRY FOR RODENT CONTROL SERVICES IN AAAGH

CENTRAL BOARD OF SECONDARY EDUCATION 2 COMMUNITY CENTRE, PREET VIHAR DELHI CBSE/CU/EXAMS/2009 Form No E... Price -Rs. 200/- Non-refundable

New Delhi, Dated: 5th May 2011 TENDER NOTICE

Tender document Estate Maintenance Department Web : Phone :

REQUEST FOR PROPOSAL FOR DESIGNING AND PRINTING OF NEWSLETTER- SAMVAD

BIHAR RURAL DEVELOPMENT SOCIETY (BRDS) RURAL DEVELOPMENT DEPARTMENT GOVERNMENT OF BIHAR MAIN SECRETARIAT PATNA BIHAR (INDIA)

SANITARY SECTION IIT Kharagpur

No. MMTC/MIN/IOS/05/2015 Date :

Expression of Interest

CENTRAL ELECTRONICS LIMITED (A Public Sector Enterprise) for the

DIRECTORATE OF SOCIAL AUDIT

Supply, Installation and maintenance of OCSP software

PQ Value No. Tender(Rs) (Rs.)

How To Buy 1 Kg Of Maize African Tall

- NOTICE INVITING TENDER

DAYALBAGH EDUCATIONAL INSTITUTE DAYALBAGH, AGRA

TENDER FOR INSTALLATION OF TEA/COFFEE VENDING MACHINES AND SUPPLY OF MATERIALS/CONSUMABLES AT CORPORATE OFFICE, GURGAON

No.31/14/1000/2014-GA Government of India Ministry of Commerce & Industry Department of Commerce (GA Section) *****

Request for Techno-Commercial Proposal. Design, Development, Implementation & Maintenance of Portal Solution for Dr. MCR HRD IAP

DETAILED TERMS AND CONDITIONS FOR PROVIDING SERVICES OF FIRMS OF CHARTERED ACCOUNTANTS.

URBAN LOCAL BODIES, HARYANA SHORT TERM TENDER

REQUEST FOR PROPOSAL FOR EMPANNELMENT OF VENDORS FOR DESIGNING, DEVELOPMENT, MAINTENANCE & HOSTING OF WEB-SITE/ WEB-PORTAL AS PER BANK S NEED

Prof.& Head, Department of Computer Science & Engineering PEC University of Technology Chandigarh

OIL INDIA LIMITED (A GOVERNMENT OF INDIA ENTERPRISE) DULIAJAN , ASSAM NOTICE OF INVITING TENDER

Tender Notice For Annual maintenance contract of Air Conditioners

Government of India Office of the Director General of Civil Aviation Opposite Safdarjung Airport, New Delhi. TENDER NOTICE

Oracle Financial Services Applications

Transcription:

Inviting Tender from Cert-In empanelled agencies for Conducting Load and Security Testing of Web application of UPSDM [Reference No. 19 UPSDM/Portal/Dated: 19 th April, 2015] Last Date & Time of Submission of Bid 5 th May 2015 3:00 p.m Date & Time of Opening of Bid 6th May 2015 4:00 p.m Name of the Bidding Company/ Firm: Contact Person: Authorized Bid Signatory: Correspondence Address: Mobile No Telephone Fax Website Official E-mail Address

Subject:- Tender for conducting the Security Audit of web applications of UPSDM from CERT-in Empanelled agencies. UPSDM is inviting tender from Cert-In Empanelled Agencies for Load and Security testing of below mentioned application. The application need to obtain the safe-to-host certificate from Cert-In empanelled agencies before hosting the same on U.P. State Data Center. The applications are - 1. Online Portal of UPSDM ( http://upsdm.gov.in), (http://app.upsdm.gov.in/upsdmapp/upsdm_mvc/index.php/login) Bidders are advised to study the document carefully. The Cost estimates may please be provided in the sealed envelope and should reach by post to the below mentioned address latest by 3:00 PM of 05/05/2015. The Agencies are requested to submit the combined proposal for both the testing and only one financial quotation is to be submitted for both the testing. The sealed quotation is to be raised in the name of following Mission Director Uttar Pradesh Skill Development Mission Tender document with other details is also available on UPSDM Website i.e. www.upsdm.gov.in

KEY INFORMATION A Name of the Client / Authority Uttar Pradesh Skill Development Society (legal entity)/ Uttar Pradesh Skill Development Mission B Document intended for Cert-In Empanelled Agencies C Address where proposals have to be submitted Mission Director ITI Aliganj Campus Aliganj, Lucknow 226024 D Last date of submission 05.05.2015 at 3:00 PM E Time, place and date for opening of proposals 06.05.2015 at 4 PM Conference Hall of ITI, Aliganj (Original Proposals shall be opened and EMD would be checked) F Earnest Money Deposit Rs. 20,000 (Details provided under Terms and Conditions) G Performance Guarantee 5% of the Total Project Cost (Details provided under Terms and Conditions) H Time, place and date for opening of financial proposals (Annexure III) To be intimated to eligible organisations. I Mode of Selection Eligible Organization quoting the Least Cost shall be selected.

TERMS & CONDITIONS ANNEXURE-I 1. The web applications will be hosted at State Data Center server after Security audit, so the testing certificates should be in compliance with the UPSDC standards. 2. The envelope shall be prominently marked on top with "COMMERCIAL BID FOR CONDUCTING THE LOAD AND SECUIRTY TESTING OF WEB APPLICATIONS OF UPSDM. The envelop should be properly sealed. 3. The tenders should reach this office by 3:00 PM of 5 th May 2015. 4. The price bids of those firms will be opened who fulfils the terms and conditions. 5. Only those Organizations/firms registered with the CERT-in-empanelled are eligible for submitting the tender. 6. Incomplete or conditional tender will not be entertained. 7. No tender will be accepted after closing date and time 8. The first round of security and load testing report should be submitted to UPSDM within 07 days after the work order issued by UPSDM and consecutive round report if any, should be submitted within next 5 working days. 9. The tenderer may remain present himself /herself or his/her authorized representative at the time of opening the tender. Only authorized representative will be allowed to attend the meeting of the Tender Committee. 10. All the firms / organizations participating in the Tender must submit a list of their owners / partners etc. along with their contact numbers and a Certificate to the effect that the firm / organization is neither blacklisted by any Govt. Department nor any Criminal Case registered against the firm or its owner or partners anywhere in India be attached with this tender. Any firm/organization blacklisted by a Govt./Semi Govt. Deptt. shall not be considered for this tender and tender will be rejected straightway. 11. The payment will be made only after submitting the final load and security test certificate on completion of Test of website. 12. No claim for interest in case of delayed payment will be entertained. 13. A copy of terms & conditions attached as and Scope of work attached as duly signed by the tenderer, as a token of acceptance of the same should be attached along-with the tender. 14. The Tender Committee reserves the right to relax any terms and condition in the Govt. interest, with the approval of competent authority. NOTE: (A) DOCUMENTS REQUIRED TO BE ATTACHED WITH BID: 1. Certificate of Incorporation / Registration 2. Sale Tax / VAT Registration Certificate along with TIN No. 3. Copy of authorization with CERT-in empanelment. 4. Copy of terms and conditions duly signed with seal of the firm/organization, in token of acceptance of terms and conditions.

5. All the firms participating in the Tender must submit a list of their owners / partners etc. and a Certificate to the effect that the firm is neither blacklisted by any Govt. Department nor any Criminal Case is registered against the firm or its owner or partners anywhere in India. 6. All other supporting documents as required in the tender shall be attached B. COMMERCIAL BID should be in the format given at Annexure-III and it should contain price only and no other documents shall be enclosed. C. Clause for EARNEST MONEY DEPOSIT Every applicant participating in the bidding process must furnish the required earnest money deposit (EMD) as specified in Key Information section. EMD of an applicant lying with Uttar Pradesh Skill Development Mission in respect of other bids awaiting decision will not be adjusted towards EMD for the fresh bids. The EMD originally deposited may, however, be taken into consideration in case proposals are re-invited. The EMD may be deposited in the form of a banker s cheque or demand draft in favour of Uttar Pradesh Skill Development Society payable at Lucknow. The EMD shall be valid for the period of 180 days. The same shall be payable at par at Lucknow. - Since the duration of the Demand Draft / Banker s Cheque for EMD does not impact the empanelment process if the time taken for the process does not stretch beyond the duration of the EMD, such Demand Draft / Banker s Cheque for EMD of 3 month duration is deemed to be appropriate subject to the aforementioned condition. Hence, Demand Draft / Banker s Cheque for EMD with 3 months validity shall be considered eligible subject to the condition that the applicants would need to furnish a fresh Demand Draft / Banker s Cheque for EMD with further 3 months duration in case the empanelment process does not complete within 3 months. The applicants who do not submit fresh EMDs under such circumstances shall not be considered for empanelment. Refund of EMD: The EMD of unsuccessful applicants shall be refunded within 30 days of completion of empanelment process. Forfeiture of EMD: The EMD taken from the applicant shall be forfeited in the following cases: a) When the applicant does not sign the agreement within a period of 7 working days of issue of Letter of Invitation (LoI) b) When the applicant withdraws or modifies his proposal after opening of proposals. c) When the applicant does not deposit the Performance Guarantee in the form of Bank Guarantee before the Agreement is signed. d) To adjust any dues against the firm from any other Agreement with Uttar Pradesh Skill Development Mission.

D. Clause for PERFORMANCE GUARANTEE Within 7 working days from the date of Letter of Invitation (LOI) from UPSDM, the selected organisation shall furnish a Performance Guarantee equivalent to 5% of the total sanctioned project cost. The Performance Guarantee shall be submitted by way of Bank Guarantee (format to be notified post selection) issued by one of the Scheduled Commercial Banks in India for the due performance of the Assignment with a validity period of 12 months. Forfeiture of Performance Guarantee: Performance Guarantee shall be forfeited in the following cases unless decided otherwise by UPSDM: - - If the organisation does not submit first round of security and load testing report to UPSDM within 07 days after the work order issued by UPSDM - If the organisation does not submit consecutive round report if any, within next 5 working days. SIGNATURE WITH SEAL OF TENDERER NAME IN BLOCK LETTERS: Company Name with Full Address:

Scope of Work for the Security and Load Testing ANNEXURE-II Primary objective of the security audit exercise is to identify major vulnerabilities in the web application from internal and external threats. Once the threats are identified and reported the auditors should also suggest possible remedies. Technical Details of the applications are as follows: 1. Online Portal of UPSDM S. No. Information About the Application Version and Count 1 Database PostGres SQL 2 Server Side Script PHP 3 Web Application Server Apache 2.0 4 Total Size of the application Website- 348 MB Application- 524 MB 5 Total No. of form fields and forms available for user to input No. of forms- 61 (approx..) No. of form fields-1100(approx..) 6 Total No. of static pages 6 Pages 7 Total No. of Dynamic Pages 139 Dynamic Pages 8 No. of Roles Total 4 roles Total Pages 139(Dynamic) * 6(Static) * * Since, the application is still under development, therefore the actual number of pages may slightly differ while placing the work order. Also, the URL for UPSDM would be created separately before putting the work order.

To ensure that the web based applications of UPSDM is free from the vulnerabilities. The audit exercise will need to undertake the following activities: 1. Identify the security vulnerabilities, which may be discovered during website security audit including cross-site scripting, Broken links/weak session management, Buffer Overflows, Forceful browsing, Form/ hidden field manipulation, Command injection, Insecure use of cryptography, Cookie posing, SQL injection, Server miss-configuration, Well known platform vulnerabilities, Errors triggering sensitive information, leak etc. 2. Identification and prioritization of various risks to the UPSDM online web applications; 3. Identify remedial solutions and recommendations for making the web applications secure. 4. Undertake user profiling and suggest specific access methodologies and privileges for each category of the users identified. 5. The auditors will have to carry out an assessment of the vulnerabilities, threats and risks that exist in UPSDM Online web application through Internet Vulnerability Assessment and Penetration Testing. This will include identifying remedial solutions and recommendations for implementations of the same to mitigate all identified risks, with the objective of enhancing the security of the system. 6. Both the applications should be audited as per the CERT-in Standards. The auditor is expected to submit the final audit report after the remedies/recommendations are implemented and confirmed with retest. 7. The Audit Firm/company has to submit a summary compliance report at the end of the assessment phase and the final Report will certify that UPSDM web applications are incompliance with the UPSDC standards Deliverables and Audit Reports The successful bidder will be required to submit the following documents in printed format (2 copies each) after the audit of above mentioned two web application: (i) A detailed report with security status and discovered vulnerabilities weakness and misconfigurations with associated risk levels and recommended actions for risk mitigations. (ii) Summary and detailed reports on security risk, vulnerabilities and audit with the necessary counter measures and recommended corrective actions to be undertaken by UPSDM. (iii) The final load and security test certificate for online applications and should be in compliance with the UPSDC standards. (iv) All deliverables shall be in English language and in A4 size format. (v) The vendor will be required to submit the deliverables as per terms and conditions of this document. (vi) All reports as mentioned above should be given in 7 working days after work order issued by UPSDM and consecutive round report if any, should be submitted within next 5 working days.

ANNEXURE-III COMMERCIAL BID (On Company Letter Head) The Agencies are requested to submit the combined proposal for both the testing and only one financial quotation is to be submitted for both the applications. Name of the Bidder: Address for Correspondence: I/we hereby submit the commercial bid for conducting Load testing and Security Testing of web applications of UPSDM as per the Scope of work given in this tender document within the time specified and in accordance with the terms and conditions. The bidders are required to quote the rates in the following format. S.No Description Total Cost exclusive of taxes (in Rs.) 1 Load testing with 1,000 users. 2 Security Testing Grand Total (A) 1. The rate should not be provided as a percentage figure but in absolute Indian Rupees. 2. The rate quoted must be reasonable and valid for the period of contract from the date of opening of Financial bid. 3. Bid would be finalized on the basis of (A) i.e Grand Total. 4. Taxes will be paid as per Govt. norms. SIGNATURE WITH SEAL OF TENDERER NAME IN BLOCK LETTERS: Company Name with Full Address:

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information