Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for

Information Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

2022
cument History

Overview
Department of Information
Procurement Policy Manual for RajCOMP Info Services Limited

Document Title
Technology & Communication,
RajCOMP Info Services Limited- Manual on Policies and Procedures for
Procurement (DoIT&C)
Document Final Government of Rajasthan (GoR)
Status

Abstract This document provides a broad framework and guidelines for RajCOMP Info
Services Limited Staff in carrying out various procurement activities.

Draft RFP for Rate Contract for Selection of

CERT-IN Certified Auditor for Information
Document Publication History
Security Audit of Aadhaar Authentication
Date Ecosystem
Author for the period of Five
Version RemarkYears based on
th
Open Competitive Bidding through e-
17 February 2011 Dr. S.S. Vaishnava V3 Final Version
Procurement/ e-Tender

Distribution

Version Name Location

Final MD RajComp Info Services Limited RajComp Info Services Limited office, Jaipur

Secretary (IT) RajComp Info Services Limited office, Jaipur

Page 1 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

TABLE OF CONTENTS
1. INVITATION FOR BID (IFB) & NOTICE INVITING BID (NIB)................................................................................. 10
2. PROJECT PROFILE & BACKGROUND INFORMATION ........................................................................................ 13
3. PRE-QUALIFICATION/ ELIGIBILITY CRITERIA ................................................................................................... 15
4. SCOPE OF WORK, DELIVERABLES & TIMELINES ................................................................................................ 17
1) Overview of Scope of Work 17
a) Audit Approach 17
b) Frequency of Audit 18
c) Audit Methodology and phases of Audit 18
d) Project Duration 19
2) Project Deliverables, Milestones & Time Schedule 20
5. INSTRUCTION TO BIDDERS (ITB) ..................................................................................................................... 21
1) Sale of Bidding/ Tender Documents 21
2) Pre-bid Meeting/ Clarifications 21
3) Changes in the Bidding Document 22
4) Period of Validity of Bids 22
5) Format and Signing of Bids 23
6) Cost & Language of Bidding 24
7) Alternative/ Multiple Bids 24
8) Bid Security 24
9) Deadline for the submission of Bids 26
10) Withdrawal, Substitution, and Modification of Bids 26
11) Opening of Bids 26
12) Selection Method: 27
13) Clarification of Bids 27
14) Evaluation & Tabulation of Technical Bids 28
15) Evaluation & Tabulation of Financial Bids 29
16) Correction of Arithmetic Errors in Financial Bids 30
17) Price/ purchase preference in evaluation 30
18) Negotiations 31
19) Exclusion of Bids/ Disqualification 31
20) Lack of competition 32
21) Acceptance of the successfulBid and award of contract 33
22) Information and publication of award 34
23) Procuring entity’s right to accept or reject any or all Bids 34
24) Right to vary quantity 34
25) Performance Security 34

Page 2 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

26) Execution of agreement 35

27) Confidentiality 36
28) Cancellation of procurement process 37
29) Code of Integrity for Bidders 37
30) Interference with Procurement Process 38
31) Appeals 38
32) Stay of procurement proceedings 40
33) Vexatious Appeals & Complaints 40
34) Offenses by Firms/ Companies 41
35) Debarment from Bidding 41
36) Monitoring of Contract 42
6. GENERAL TERMS AND CONDITIONS OF TENDER & CONTRACT.......................................................................... 43
1) Contract Documents 44
2) Interpretation 44
3) Language 44
4) Joint Venture, Consortium or Association 45
5) Notices 45
6) Governing Law 45
7) Scope of Supply 45
8) Supplier’s/ Selected Bidder’s Responsibilities 45
9) Purchaser’s Responsibilities 45
10) Contract Price 46
11) Recoveries from Supplier/ Selected Bidder 46
12) Taxes & Duties 46
13) Copyright 47
14) Confidential Information 47
15) Sub-contracting 48
16) Specifications and Standards 48
17) Extension in Delivery Period and Liquidated Damages (LD) 49
18) Limitation of Liability 51
19) Force Majeure 51
20) Change Orders and Contract Amendments 52
21) Termination 52
22) Exit Management 53
23) Settlement of Disputes 57
7. SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT............................................................................ 58
1) Payment Terms and Schedule 58
2) Service Level Standards/ Requirements/ Agreement 58
Page 3 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

3) Special Conditions of the Bid 59

ANNEXURE-1: REQUESTING ENTITY COMPLIANCE CHECKLIST V2.0 ....................................................................................... 60
ANNEXURE-2: PRE-BID QUERIES FORMAT ................................................................................................................ 60
ANNEXURE-3: BIDDER’S AUTHORIZATION CERTIFICATE {TO BE SUBMITTED BY THE BIDDER ON HIS LETTER HEAD} .................... 62
ANNEXURE-4: SELF-DECLARATION {TO BE SUBMITTED BY THE BIDDER ON HIS LETTER HEAD} ................................................... 63
ANNEXURE-5: CERTIFICATE OF CONFORMITY/ NO DEVIATION {TO BE SUBMITTED BY THE BIDDER ON HIS LETTER HEAD} .......... 64
ANNEXURE-6: FINANCIAL BID COVER LETTER & FORMAT ......................................................................................... 65
ANNEXURE-7: BANK GUARANTEE FORMAT {TO BE SUBMITTED BY THE BIDDER’S BANK} ....................................................... 67
ANNEXURE-8: DRAFT AGREEMENT FORMAT ............................................................................................................ 69
ANNEXURE-9: MEMORANDUM OF APPEAL UNDER THE RTPP ACT, 2012 ................................................................... 72
ANNEXURE-10: FORMAT FOR SUBMISSION OF PROJECT REFERENCES FOR PRE-QUALIFICATION EXPERIENCE ............ 73
ANNEXURE-11: BANK GUARANTEE FORMAT FOR BID SECURITY ............................................................................... 74
GUIDELINES FOR SUBMISSION OF BANK GUARANTEE ............................................................................................... 76

Page 4 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Request for Proposal (RFP) for Rate Contract for Selection of CERT-IN Certified Auditor for Information
Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Reference No. F11(47)/DoIT&C/2022/00148/2022 Dated: 31-05-2022

SPPP UBN – ITC2223SLOB00018

Online though eProcurement/ e-Tendering system

Mode of Bid Submission
at [Link]
Commissioner and Joint Secretary,
DoIT&C, Second Floor, IT Building, Yojana Bhawan
Procuring Authority
Campus, Tilak Marg, C-Scheme, Jaipur-302005
(Rajasthan)
Date & Time of Pre-bid meeting 08/06/2022 at 03:00 PM
Last Date & Time of Submission of Bid By 04:00 PM of 30/06/2022
Date & Time of Opening of Technical Bid At 04:30 PM of 30/06/2022

Bid Document Fee: Rs. 1000.00 (Rupees One Thousand only)

RISL Processing Fee: Rs. 1000.00/- (Rupees One Thousand only)

Name of the Bidding Company/ Firm:

Contact Person(Authorised Bid Signatory):
Correspondence Address:
Telephone &
Mobile No.
Fax Nos.:
Website & E-Mail:

Department of Information Technology & Communications (DoIT&C)

IT Building, Yojana Bhawan Campus, Tilak Marg, C-Scheme, Jaipur (Rajasthan)
Phone: 0141-2224855 Fax: 0141-2222011
Web: [Link] Email: [Link]@[Link]

Page 5 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ABBREVIATIONS & DEFINITIONS

Abbreviation Full Form / Description

The Rajasthan Transparency in Public Procurement Act, 2012
Act
(Act No. 21 of 2012) and Rules thereto
AUA Authentication user agency
ASA Authentication Service Agency
The bidder’s representative/ officer vested (explicitly, implicitly,
or through conduct) with the powers to commit the authorizing
Authorised Signatory organization to a binding agreement. Also called signing officer/
authority having the Power of Attorney (PoA) from the competent
authority of the respective Bidding firm.
B.E. Bachelor of Engineering
[Link]. Bachelor of Technology
BCA Bachelor of computer applications
BG Bank Guarantee
A security provided to the procuring entity by a bidder for
Bid Security securing the fulfilment of any obligation in terms of the provisions
of the bidding documents.
A formal offer made in pursuance of an invitation by a procuring
Bid/ eBid entity and includes any tender, proposal or quotation in
electronic format
Any person/ firm/ agency/ company/ contractor/ supplier/
Bidder vendor participating in the procurement/ bidding process with
the procurement entity
Documents issued by the procuring entity, including any
Bidding Document amendments thereto, that set out the terms and conditions of the
given procurement and includes the invitation to bid
BoM Bill of Material
BoQ Bill of Quantity (Financial Bid)
CA Chartered Accountant
CIDR Central Identities Data Repository
CMC Contract Monitoring Committee
CMM/CMMi Capability Maturity Model / Capability Maturity Model Integration
An authority or officer to whom the relevant administrative or
Competent Authority financial powers have been delegated for taking decision in a
matter relating to procurement.
A contract entered into between the procuring entity and a
Contract/ Procurement Contract
successful bidder concerning the subject matter of procurement

Contract/ Project Period As Specified in Scope of Work

COTS Commercial Off The Shelf Software

CV Curriculum Vitae
Page 6 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Abbreviation Full Form / Description

Day A calendar day as per GoR/ GoI.
DBA Database Administrator
Department of Electronics and Information Technology,
DeitY, GoI
Government of India
Department of Information Technology and Communications,
DoIT&C
Government of Rajasthan.
DSM Data Security Manager
EA Enrolment Agencies
e-KYC Electronic know your customer
ETDC Electronic Testing & Development Center
e-Sign Electronic signature
FMS Facility Management Services
FOR/ FOB Free on Board or Freight on Board
FRS Functional Requirement specification
FY Financial Year
GoI/ GoR Govt. of India/ Govt. of Rajasthan
All articles, material, commodities, electricity, livestock, furniture,
fixtures, raw material, spares, instruments, software, machinery,
equipment, industrial plant, vehicles, aircraft, ships, railway
rolling stock and any other category of goods, whether in
Goods
solid, liquid or gaseous form, purchased or otherwise acquired for
the use of a procuring entity as well as services or works
incidental to the supply of the goods if the value of services
or works or both does not exceed that of the goods themselves
GoR Government of Rajasthan (GoR)
GST Goods & Service Tax
HSM Hardware Security Module
ICT Information and Communication Technology.
Invitation for Bids (A document published by the procuring entity
inviting Bids relating to the subject matter of procurement and
IFB
any amendment thereto and includes notice inviting Bid and
request for proposal)
INR Indian Rupee
INR Indian National Rupee
iOS iPhone OS
ISI Indian Standards Institution
ISO International Organisation for Standardisation
IT Information Technology
IT Information Technology
ITB Instruction to Bidders
J2EE Java 2 Enterprise Edition
KSA KYC Service agency
Page 7 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Abbreviation Full Form / Description

KUA KYC user agency
KYC Know your customer
KYR+ Know your resident
L-1 Lowest Bid
LCBS Least cost based selection
LD Liquidated Damages
LoI Letter of Intent
MBA Master of Business Administration
MCA Master of Computer Applications
MCA Master of Computer Applications
MCP Microsoft Certified Professional
MS Microsoft Office
MSCE Microsoft Certified Systems Engineer
MSSQL Microsoft Standardized query language
A bidding process in which qualified bidders only from within
NCB
India are allowed to participate
National e-Governance Plan of Government of India, Department
NeGP of Information Technology (DIT), Ministry of Communications and
Information Technology (MCIT), New Delhi.
NIB Notice Inviting Bid
Notification A notification published in the Official Gazette
O&M Operation & Maintenance
OEM Original Equipment Manufacturer
OIC Officer In Charge
PAN Permanent Account Number
PBG Performance Bank Guarantee
PC Procurement/ Purchase Committee
PID Personal Identification block
PMU Project Management Unit
PoS Point of Sale
PQ Pre-Qualification
The process of procurement extending from the issue of
Procurement Process invitation to Bid till the award of the procurement contract or
cancellation of the procurement process, as the case may be
The acquisition by purchase, lease, license or otherwise of works,
goods or services, including award of Public Private Partnership
projects, by a procuring entity whether directly or through an
Procurement/ Public Procurement
agency with which a contract for procurement services is entered
into, but does not include any acquisition without consideration,
and “procure” or “procured” shall be construed accordingly
Project Site Wherever applicable, means the designated place or places.

Page 8 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Abbreviation Full Form / Description

PSD/ SD Performance Security Deposit/ Security Deposit
Person or entity that is a recipient of a good or service provided
Purchaser/ Tendering Authority/
by a seller (bidder) under a purchase order or contract of sale.
Procuring Entity
Also called buyer. DoIT&C in this RFP document.
RD Registered Devices
RISL RajCOMP Info Services Limited
RSDC Rajasthan State Data Centre, New IT Building, Jaipur
RUID Rajasthan Unique Identification
Any subject matter of procurement other than goods or works
and includes physical, maintenance, professional, intellectual,
Services consultancy and advisory services or any service classified or
declared as such by a procuring entity and does not include
appointment of any person made by any procuring entity
Service Level Agreement is a negotiated agreement between two
parties wherein one is the customer and the other is the service
provider. It is aa service contract where the level of service is
SLA
formally defined. In practice, the term SLA is sometimes used to
refer to the contracted delivery time (of the service) or
performance.
SoW Scope of Work
SQL Standardized query language
SRDH State Resident Data Hub
SSDG State Services Delivery Gateway
State Government Government of Rajasthan (GoR)
State Public Procurement Portal
(SPPP) [Link]
STQC Standardisation Testing and Quality Certification, Govt. of India
Sub-AUA Sub-authentication user agency
Any item of procurement whether in the form of goods, services
Subject Matter of Procurement
or works
TIN Tax Identification Number
TPA Third Party Auditors
UAT User acceptance test
UBN Unique Bid Number
UI User Interface
UID Unique Identification Number
UIDAI Unique Identification Authority of India
VID Virtual Identification Number
WO/ PO Work Order/ Purchase Order

Page 9 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

1. INVITATION FOR BID (IFB) & NOTICE INVITING BID (NIB)

Reference No. F11(47)/DoIT&C/2022/00148/2022 Dated: 31-05-2022
UBN: ITC2223SLOB00018
 Name: Commissioner, DoIT&C, GoR
Name & Address of the
 Address: IT Building, Yojana Bhawan Campus, Tilak Marg, C-Scheme, Jaipur-
Procuring Entity
302005 (Rajasthan)
 Name: Ranveer Singh
Name & Address of the  Designation: System Analyst (Joint Director)
Officer In-charge (OIC)  Address: 5th Floor, Rajasthan State Data Centre, Jhalana, Jaipur (Rajasthan)
 Email: [Link]@[Link]
Request for Proposal (RFP) for Rate Contract for Selection of CERT-IN Certified
Subject Matter of
Auditor for Information Security Audit of Aadhaar Authentication Ecosystem for
Procurement
the period of Five Years
Single-stage: Two part (envelop) open competitive e-Bid procedure at
Bid Procedure
[Link]
Bid Evaluation Criteria
Least Cost Based Selection (LCBS)-L1
(Selection Method)
 Websites: [Link] [Link]
[Link]
Websites for downloading
 Bid document fee: Rs. 1000.00 (Rupees One Thousand only) in Cash/
Bid Document, Corrigendum,
Demand Draft in favour of “Commissioner, DoIT&C” payable at “Jaipur”.
Addendum etc.
 RISL Processing Fee: Rs. 1000.00 (Rupees One Thousand only) in Demand
Draft in favour of “Managing Director, RISL” payable at “Jaipur”.
Amount (INR): Rs. 95.75/- Lakh (Rupees Ninety Five Lakh Seventy Five
Estimated Procurement Cost
Thousand Only) (Excl of taxes)
• Bid Security
o Amount (INR): Rs. 1,91,500/- [2% of the estimated procurement cost]
Bid Security and Mode of o Amount (INR): Rs. 95,750/- [1% of the estimated procurement cost in
case of S.S.I. units and units of BIFR]
Payment
 Mode of Payment
o DD/BC or BG (specified format) of a Scheduled Bank in Favour of
“Commissioner, DoIT&C” payable at “Jaipur”
Period of Sale of Bid
31/05/2022 to 4:00 PM of 30/06/2022
Document (Start/ End Date)
 Date/ Time: 08/06/2022 at 03:00 PM
 Place: Virtual Meeting by Webex
 Virtual Meeting- Link to be shared (Prospective bidders needs to send the
email to [Link]@[Link] for pre-bid participation with name,
Date/ Time/ Place of Pre-bid
phone no. , designation and email id of authorised participant 2 hours prior
Meeting
to pre-bid meeting date & time. Purchaser shall share the link of Webex
virtual meeting link on the details shared.)
 Last date of submitting clarifications requests by the bidder: 08/06/22, 6 PM
 Response to queries/clarifications by procuring entity: 20/06/2022

Page 10 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

 Manner: Online at e-Proc website ([Link]

Manner, Start/ End Date for
 Start Date: From 05:00 PM of 21/06/2022
the submission of Bids
 End Date: 30/06/2022 till 04:00 PM
Submission of Banker’s
 Fifth Floor, Rajasthan State Data Center, Jhalana, Jaipur, Rajasthan
Cheque/ Demand Draft for
 Start Date: From 05:00 PM of 21/06/2022
Tender Fee, Bid Security, and
 End Date: 30/06/2022 till 04:00 PM
Processing Fee*
Date/ Time/ Place of  Date: 30/06/2022 ; Time: 04:30 PM
Technical Bid Opening  Place Fifth Floor, Rajasthan State Data Center, Jhalana, Jaipur, Rajasthan
Date/ Time/ Place of
Will be intimated later to the Technically qualified bidders
Financial Bid Opening
Bid Validity 90 days from the bid submission deadline
Note:
1) Bidder (authorised signatory) shall submit their offer on-line in Electronic formats both for technical and financial
proposal. However, DD for Tender Fees, RISL Processing Fees and Bid Security should be submitted physically at the
office of Tendering Authority as prescribed in NIB and scanned copy of same should also be uploaded along with the
technical Bid/ cover.
2) * In case, any of the bidders fails to physically submit the Banker’s Cheque/ Demand Draft for Tender Fee, Bid Security,
and RISL Processing Fee up to as mentioned in NIB, its Bid shall not be accepted. The Banker’s Cheque/ Demand Draft
for Bid document fee, RISL Processing Fee and Bid Security should be drawn in favour of “Managing Director, RajCOMP
Info Services Ltd.” payable at “Jaipur” from any Scheduled Commercial Bank.
3) To participate in online bidding process, Bidders must procure a Digital Signature Certificate (Type III) as per Information
Technology Act-2000 using which they can digitally sign their electronic bids. Bidders can procure the same from any
CCA approved certifying agency, i.e. TCS, Safecrypt, Ncode etc. Bidders who already have a valid Digital Signature
Certificate (DSC) need not procure a new DSC. Also, bidders must register on [Link] (bidders
already registered on [Link] before 30-09-2011 must register again).
4) DoIT&C will not be responsible for delay in online submission due to any reason. For this, bidders are requested to
upload the complete bid well advance in time so as to avoid 11th hour issues like slow speed; choking of web site due to
heavy load or any other unforeseen problems.
5) Bidders are also advised to refer "Bidders Manual Kit" available at e-Procurement website for further details about the
e-Tendering process.
6) Training for the bidders on the usage of e-Tendering System (e-Procurement) is also being arranged by DoIT&C, GoR on
a regular basis. Bidders interested for training may contact e-Procurement Cell, DoIT&C for booking the training slot.
Contact No: 0141-4022688 (Help desk 10 am to 6 pm on all working days)
e-mail: eproc@[Link]
Address : e-Procurement Cell, RISL, Yojana Bhawan, Tilak Marg, C-Scheme, Jaipur
7) The procuring entity reserves the complete right to cancel the bid process and reject any or all of the Bids.
8) No contractual obligation whatsoever shall arise from the bid document/ bidding process unless and until a formal
contract is signed and executed between the procuring entity and the successful bidder.
9) Procurement entity disclaims any factual/ or other errors in the bid document (the onus is purely on the individual
bidders to verify such information) and the information provided therein are intended only to help the bidders to
prepare a logical bid-proposal.
10) The provisions of RTPP Act 2012 and Rules thereto shall be applicable for this procurement. Furthermore, in case of
any inconsistency in any of the provisions of this bid document with the RTPP Act 2012 and Rules thereto, the later shall
prevail.

System Analyst (JD) & OIC-Aadhaar Project

Page 11 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

NOTICE

OFFICE OF THE: Commissioner and Joint Secretary, DoIT&C Govt. of Rajasthan

IT Building, Yojana Bhawan Campus, Tilak Marg, C-Scheme, Jaipur-302005 (Rajasthan)

Telephone: 0141-2224855, Email: [Link]@[Link]

e-Bids are invited up to 04:00 PM of 30/06/2022 for Request for Proposal (RFP) for “Rate Contract for
Selection of CERT-IN Certified Auditor for Information Security Audit of Aadhaar Authentication
Ecosystem for the period of Five Years”. Details may be seen in the Bid Document at the website of
State Public Procurement Portal ([Link] or e-Procurement Portal
[Link] or our website [Link]
[Link] followed by the submission of bid document fee of Rs 1000.00 in Cash/
Banker’s cheque / Demand draft.

System Analyst (JD) & OIC-Aadhaar Project

Page 12 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

2. PROJECT PROFILE & BACKGROUND INFORMATION

The Government of India (GoI) has embarked upon an ambitious initiative to provide a Unique
Identification (UID) to every resident of India and has constituted the Unique Identification Authority of
India (UIDAI) for this purpose. The widespread implementation of the UID project needs the reach and
flexibility to enroll residents across the country.

Aadhaar project was initiated in September 2011 in State of Rajasthan with the appointment of DoIT&C
as State Registrar under UIDAI. To achieve this, DoIT&C had partnered with a variety of agencies and
service providers to enroll residents for UID through participation of various stakeholders to make UID
project successful.

Aadhaar authentication is the process wherein Aadhaar number, along with other attributes
(demographic/biometrics/OTP) is submitted to UIDAI's Central Identities Data Repository (CIDR) for
verification; the CIDR verifies whether the data submitted matches the data available in CIDR and
responds with a “yes/no”. No personal identity information is returned as part of the response. The
purpose of Authentication is to enable residents to prove their identity and for service providers to
confirm that the residents are „who they say they are' in order to supply services and give access to
benefits. A fundamental building block for service delivery is the KYC (Know Your Customer) process,
which establishes the identity of the resident, their address, and other basic information such as their
date of birth and gender. Typically, this KYC information is combined with other information at the point
of service delivery to determine eligibility– either for an LPG connection, a scholarship, a loan, a social
security pension, a mobile connection, etc. The Aadhaar e-KYC service provides an instant, electronic,
non- repudiable proof of identity and proof of address along with date of birth and gender. In addition, it
also provides the resident’s mobile number and email address to the service provider, which helps further
streamline the process of service delivery. E-KYC may be performed at an agent location using biometric
authentication, as well as remotely using an OTP on a website or mobile connection. The authentication
process involves interaction of many ecosystem partners such as Authentication User Agency,
Authentication Service Agency, Sub-AUAs (the entity which desires to use Aadhaar authentication
services but chooses to access this service by routing authentication request through an existing AUA‟s
infrastructure) with UIDAI‟s CIDR. Any agency that needs to authenticate residents for the purpose of
service delivery could use Aadhaar authentication. Such an agency must register with the UIDAI as an
Authentication User Agency. Authentication Service Agencies are entities that have secure leased line
connectivity with the CIDR.

Page 13 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

AUAs collect information required for Aadhaar authentication from the resident and transmit it to ASA.
ASAs transmit authentication requests to CIDR on behalf of one or more AUAs. AUA’s use Authentication
devices to collect PID (Personal Identity Data) from Aadhaar holders. The key partners could engage with
each other in multiple ways. For example,

 An AUA could choose to become its own ASA, or

 An AUA could access Aadhaar authentication services through multiple ASAs for reasons such as
business continuity planning, or

 An AUA could transmit authentication requests for its own service delivery needs as well as on
behalf of multiple Sub AUAs.

State Registrar, DoIT&C is designated ASA/AUA/KUA/KSA under UIDAI and provides various
authentication and e-KYC services as per rules and regulations drafted under various Aadhaar rules and
Aadhaar act 2016. The security is of prime importance in all these services. To establish proper checks and
balances of security and compliance as per UIDAI norms DoIT&C intends to select an agency to perform
security audit of entire Aadhaar ecosystem of Rajasthan on timely basis.

The auditing and monitoring of Aadhaar Ecosystem of Rajasthan and implementation of security controls
checks shall provide purchaser the condition and administration of security point as per UIDAI guidelines/
IT Act 2000/2008 and Aadhaar Act 2016 in Aadhaar project of Rajasthan. It shall provide purchaser with:

 Measuring efficiency of operations

 Evaluating compliance to security policy or standards.

 Compliance to UIDAI guidelines/ IT Act 2000/2008 and Aadhaar Act 2016

Page 14 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

3. PRE-QUALIFICATION/ ELIGIBILITY CRITERIA

1) A bidder participating in the procurement process shall possess the following minimum pre-
qualification/ eligibility criteria.

S. Basic Specific Requirements Documents Required

No. Requirement
1 Legal Entity The bidder should be a Proprietorship - Copy of valid Registration
firm duly registered either under the Certificates
Rajasthan Shops & Commercial Or
Establishments Act, 1958 or any other - Copy of Certificates of
Act of State/ Union, as applicable for incorporation
dealing in the subject matter of
procurement OR A company registered
under Indian Companies Act, 1956 OR A
partnership firm registered under
Indian Partnership Act, 1932.
2 Financial Average annual turnover from IT Audit CA Certificate with CA’s
Turnover from IT Services should be at least Rs 50 Lakh Registration Number/ Seal
/ ITeS from last three audited financial years
i.e. FY 2019-20, 2020-21, 2021-22 OR
2018-19, 2019-20, 2020-21 if 2021-22 is
unaudited
3 Financial: Net The net worth of the bidder should be CA Certificate with CA’s
Worth Positive as per audited balance sheet as Registration Number/ Seal
on 31st March 2022 OR 31st March 2021
if 2021-22 is unaudited.
4 Technical a) Preferably three years of experience Work Completion Certificates
Capability in Information Security (IS) Auditing from the client; OR Work
work. Order + Self Certificate of
b) Should have carried out at least five Completion (Certified by CA
Information Security Audits in the last with CA’s Registration
two years, out of which two Number/ Seal); OR Work
Information Security Audits should be Order + Phase Completion
of Aadhaar AUA or ASA applications. Certificate from the client
and
Details of Project Experience
in Annexure-10
5 Tax registration The bidder should have a registered -Copy of PAN Card
number of
i.) Income Tax / PAN number -Copy of valid GST certificate
ii.) GST
6 Mandatory Bidder should: - A Self Certified letter as per
Undertaking a) not be insolvent, in receivership, Annexure-4: Self-Declaration
bankrupt or being wound up, not
Page 15 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

S. Basic Specific Requirements Documents Required

No. Requirement
have its affairs administered by a
court or a judicial officer, not have
its business activities suspended
and must not be the subject of legal
proceedings for any of the
foregoing reasons;
b) not have, and their directors and
officers not have, been convicted of
any criminal offence related to their
professional conduct or the making
of false statements or
misrepresentations as to their
qualifications to enter into a
procurement contract within a
period of two years preceding the
commencement of the
procurement process, or not have
been otherwise disqualified
pursuant to debarment
proceedings;
c) Not have a conflict of interest in the
procurement in question as
specified in the bidding document.
d) Comply with the code of integrity as
specified in the bidding document.
7 Bidder The bidder should be an Empanelled Copy of valid certificate of
organisation Information Security Auditing Empanelment as documentary
Certification Organization on Indian Computer proof
Emergency Response Team (CERT-In)
under Ministry of Electronics and
Information Technology. Govt. of India
2) In addition to the provisions regarding the qualifications of the bidders as set out in (1) above: -
a. the procuring entity shall disqualify a bidder as per the provisions under “Clause:Exclusion/
Disqualification of bidsin Chapter-5: ITB”; and
b. the procuring entity may require a bidder, who was pre-qualified, to demonstrate its qualifications
again in accordance with the same criteria used to pre-qualify such bidder. The procuring entity
shall disqualify any bidder that fails to demonstrate its qualifications again, if requested to do so.
The procuring entity shall promptly notify each bidder requested to demonstrate its qualifications
again as to whether or not the bidder has done so to the satisfaction of the procuring entity.

Page 16 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

4. SCOPE OF WORK, DELIVERABLES & TIMELINES

Under the Aadhaar Act 2016, State Registrar DoIT&C as an ASA-AUA is responsible for providing Aadhaar
enrolment and authentication, including operation and management of entire Rajasthan UID Project. As a
State Registrar, DoIT&C has to ensure the security of identity information and authentication records of
individuals. Hence DoIT&C wishes to select an agency to carry out security audit of Aadhaar ecosystem of
its Sub-AUAs including its own IT infrastructure as an AUAs/KUAs and ASAs with with reference to
regulation 14 (1) (h) of Aadhaar (Authentication) Regulation 2016 which prescribes the roles and
responsibilities of a Requesting Entity. The regulation requires that every Requesting Entity shall "ensure
that its operations and systems are audited by information systems auditor certified by a recognized body
on an annual basis to ensure compliance with the Authority’s standards and specifications and the audit
report should be shared with the Authority upon request". Selected bidder shall carry out onsite review of
the AUA/KUA, Sub AUAs and ASA to review the effectiveness of the processes and controls deployed by
the AUA/KUA, Sub-AUAs and ASA. The selected bidder will review compliance to information security
policies, UIDAI compliances, and confirmation to various guidelines issued by UIDAI and shall submit Audit
report in Requesting Entity compliance Checklist V2.0 on annual basis at the end of each Financial Year.
The selected bidder will provide actionable recommendations to department so as to ensure data
governance, confidentiality, integrity, reliability and availability of information and resources to comply
with the guidelines of Aadhaar act 2016 and security framework issued by UIDAI for ASA/KSA/AUA/Sub-
AUA.
The auditor will maintain confidentiality of information received from department, its stakeholders and no
information will be shared with anyone other than designated personnel. All information, findings,
documents will only be used for the purpose of audit as defined under scope of work in this document.

1) Overview of Scope of Work

a) Audit Approach

Approach of audit shall be based on through preparation of Audit checklist based on established standards
of UIDAI compliances -controls and guidelines, UIDAI information security policy, Aadhaar Act (2016) and
its regulations, and other security guidelines, notifications , requirements, agreement, responsibilities &
instructions specific to AUA/ KUA, Sub AUA and ASA as prescribed by UIDAI from time to time. Based on
the Audit findings, risks to further classify as Low, Medium, High and Very High is each specific audit areas.

Page 17 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

b) Frequency of Audit

Selected Bidder shall carry out systematic, independent, and documented process for obtaining audit
evidence and shall evaluate it objectively to determine the extent to which are relevant and verifiable on
the basis of process based approach and risk framework in order to comply with UIDAI guidelines and IT
act 2000, Aadhaar act 2016. Selected Bidder shall conduct a regular annual audit for DoIT&C AUA/ KUA,
Sub AUAs and ASA. The regular annual audit shall be performed onsite as per defined timelines and with a
prior intimation to AUA/ KUA, Sub AUAs and ASA. Board timelines to condut the regular annual audit is as
below. Selected bidder shall intimate the concern entity about the detailed audit plan before 15 days of
statrting the audit activity.

Entitiy Type Audit Timelines for each Year

DoIT&C AUA-ASA Between 1st January- 31st March or as decided by DoIT&C
Sub-AUAs under DoIT&C Between 1st January- 31st March or as decided by DoIT&C

c) Audit Methodology and phases of Audit

The Audit will include but not limited to manual procedures, computer assisted procedures, automated
procedures, and usage of proprietary or universally accepted software depending on the chosen audit
approach.

Page 18 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

The audit will be performed onsite to check the effectiveness of the security controls deployed by the
AUA/KUA, Sub-AUAs and ASA. The selected bidder is required to perform a detailed security and
compliance assessment for the assigned entities offering aadhaar based services. The selected bidder is
expected to conduct the audit based on “Requesting Entity compliance Checklist V2.0” of UIDAI or any
further changes in this checklist or any other directions issued by UIDAI time-to-time. The audit shall be
carried out after due approval and confirmation from Officer in Charge (OIC). DoIT&C-AUA is having 14
Sub-AUAs currently who are conducting Aadhaar Authentication through DoIT&C. “Requesting Entity
compliance Checklist V2.0” is enclosed at Annexure-1.

d) Project Duration

The expected Contract/ Project Period include Five (5) Financial Years which shall commence from the
date of signing of agreement.

Page 19 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

2) Project Deliverables, Milestones & Time Schedule

S. Milestone/ Phase Deliverables Timelines Payable Amount
No.

1. Annual Information  Submission of Final As per timelines 100% payment as per

Security Audit of DoIT&C Audit Report in defined in Scope
work order on yearly basis.
AUA, ASA as per prescribed format. of Work section
“Requesting Entity 4.1
compliance Checklist
V2.0” of UIDAI and as
per latest guidelines
issued by UIDAI

2. Annual Information  Submission of Final As per timelines 100% payment as per

Security Audit of Sub- Audit Report in defined in Scope
work order on yearly basis.
AUAs as per “Requesting prescribed format. of Work section
Entity compliance 4.1
Checklist V2.0” of UIDAI
and as per latest
guidelines issued by
UIDAI

Page 20 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

5. INSTRUCTION TO BIDDERS (ITB)

1) Sale of Bidding/ Tender Documents

a) The sale of bidding documents shall be commenced from the date of publication of Notice Inviting
Bids (NIB) and shall be stopped one day prior to the date of opening of Bid. The complete bidding
document shall also be placed on the State Public Procurement Portal and e-Procurement portal.
The prospective bidders shall be permitted to download the bidding document from the websites
and pay its price while submitting the Bid to the procuring entity.
b) The bidding documents shall be made available to any prospective bidder who pays the price for it
in cash or by bank demand draft, banker's cheque.
c) Bidding documents purchased by Principal of any concern may be used by its authorised sole
selling agents/ marketing agents/ distributors/ sub-distributors and authorised dealers or vice
versa.

2) Pre-bid Meeting/ Clarifications

a) Any prospective bidder may, in writing, seek clarifications from the procuring entity in respect of
the bidding documents.
b) Pre-bid meeting will be organized in virtual mode. Link for virtual meeting will be shared
separeately via email to the prospective bidders. Prospective bidders need to send the email to
[Link]@[Link] for pre-bid participation with name, phone no. , designation and
email id of authorised participant 2 hours prior to pre-bid meeting date & time. Purchaser shall
share the link of Webex virtual meeting link on the details shared.
c) A pre-bid conference is also scheduled by the procuring entity as per the details mentioned in the
NIB and to clarify doubts of potential bidders in respect of the procurement and the records of
such conference shall be intimated to all bidders and where applicable, shall be published on the
respective websites.
d) The period within which the bidders may seek clarifications under (a) above and the period within
which the procuring entity shall respond to such requests for clarifications shall be as under: -
a. Last date of submitting clarifications requests by the bidder:as per NIB
b. Response to clarifications by procuring entity: as per NIB
e) The minutes and response, if any, shall be provided promptly to all bidders to which the procuring
entity provided the bidding documents, so as to enable those bidders to take minutes into account
in preparing their bids, and shall be published on the respective websites.

Page 21 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

3) Changes in the Bidding Document

a) At any time, prior to the deadline for submission of Bids, the procuring entity may for any reason,
whether on its own initiative or as a result of a request for clarification by a bidder, modify the
bidding documents by issuing an addendum in accordance with the provisions below.
b) In case, any modification is made to the bidding document or any clarification is issued which
materially affects the terms contained in the bidding document, the procuring entity shall publish
such modification or clarification in the same manner as the publication of the initial bidding
document.
c) In case, a clarification or modification is issued to the bidding document, the procuring entity may,
prior to the last date for submission of Bids, extend such time limit in order to allow the bidders
sufficient time to take into account the clarification or modification, as the case may be, while
submitting their Bids.
d) Any bidder, who has submitted his Bid in response to the original invitation, shall have the
opportunity to modify or re-submit it, as the case may be, within the period of time originally
allotted or such extended time as may be allowed for submission of Bids, when changes are made
to the bidding document by the procuring entity:
Provided that the Bid last submitted or the Bid as modified by the bidder shall be considered for
evaluation.

4) Period of Validity of Bids

a) Bids submitted by the bidders shall remain valid during the period specified in the NIB/ bidding
document. A Bid valid for a shorter period shall be rejected by the procuring entity as non-
responsive Bid.
b) Prior to the expiry of the period of validity of Bids, the procuring entity, in exceptional
circumstances, may request the bidders to extend the bid validity period for an additional
specified period of time. A bidder may refuse the request and such refusal shall be treated as
withdrawal of Bidand in such circumstances bid security shall not be forfeited.
c) Bidders that agree to an extension of the period of validity of their Bids shall extend or get
extended the period of validity of bid securities submitted by them or submit new bid securities to
cover the extended period of validity of their bids. A bidder whose bid security is not extended, or
that has not submitted a new bid security, is considered to have refused the request to extend the
period of validity of its Bid.

Page 22 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

5) Format and Signing of Bids

a) Bidders must submit their bids online at e-Procurement portal i.e. [Link]
b) All the documents uploaded should be digitally signed with the DSC of authorized signatory.
c) A Single stage-Two part/ cover system shall be followedfor the Bid: -
a. Technical Bid, including fee details, eligibility& technical documents
b. Financial Bid
d) The technical bidshall consist of the following documents: -

S. No. Documents Type Document Format

Fee Details
1. Technical Bid Cover letter, Bidding Instrument/ Proof of submission ([Link])
document Fee (Tender Fee), RISL  Scanned copy of Fee Receipt/DD/Banker Cheque
Processing Fee (e-Procurement), and  Scanned copy of DD/Banker Cheque
Bid Security  Scanned copy of DD/Banker Cheque/BG
(Submit original copy at DoIT&C)
Eligibility Documents
2. Bidder’s Authorisation Certificate As per Annexure-3 and copy of PoA (Power of
Attorney)/Board resolution stating that Auth.
Signatory (DSC holder) can sign the bid/ contract on
behalf of the firm.([Link])
3. All the documents mentioned in the All eligibility documents as per PQ Eligibility criteria in
“Eligibility Criteria”, in support of the chapter-3
eligibility
4. Mandatory Undertaking A Self Certified letter as per Annexure-4: Self-
Declaration
Technical Documents
5. Certificate of Conformity/ No As per Annexure-5
Deviation
6. Format For Submission Of Project As per Annexure-10
References For Pre-Qualification
Experience

b) Financial bid shall include the following documents: -

S. No. Documents Type Document Format

1. Financial Bid – Covering Letter On bidder’s letter head duly signed by authorized
signatory as per Annexure-7 ([Link])
2. Financial Bid– Format As per BoQ (.XLS) format available on e-Procurement
portal

c) The bidder should ensure that all the required documents, as mentioned in this bidding document,
are submitted along with the Bid and in the prescribed format only. Non-submission of the
Page 23 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

required documents or submission of the documents in a different format/ contents may lead to
the rejections of the Bid submitted by the bidder.

6) Cost & Language of Bidding

a) The Bidder shall bear all costs associated with the preparation and submission of its Bid, and the
procuring entity shall not be responsible or liable for those costs, regardless of the conduct or
outcome of the bidding process.
b) The Bid, as well as all correspondence and documents relating to the Bid exchanged by the Bidder
and the procuring entity, shall be written only in English Language. Supporting documents and
printed literature that are part of the Bid may be in another language provided they are
accompanied by an accurate translation of the relevant passages in English/ Hindi language, in
which case, for purposes of interpretation of the Bid, such translation shall govern.

7) Alternative/ Multiple Bids

Alternative/ Multiple Bids shall not be considered at all.

8) Bid Security
Every bidder, if not exempted, participating in the procurement process will be required to furnish the
bid security as specified in the NIB.
a) In lieu of bid security, a bid securing declaration shall be taken from Departments of the State
Government, Undertakings, Corporations, Autonomous bodies, Registered Societies and
Cooperative Societies which are owned or controlled or managed by the State Government and
Government Undertakings of the Central Government.
b) Bid security instrument or cash receipt of bid security or a bid securing declaration shall necessarily
accompany the technical bid.
c) Bid security of a bidder lying with the procuring entity in respect of other bids awaiting decision
shall not be adjusted towards bid security for the fresh bids. The bid security originally deposited
may, however, be taken into consideration in case bids are re-invited.
d) The bid security may be given in the form of a banker’s cheque or demand draft or bank
guarantee, in specified format, of a scheduled bank or deposited through eGRAS. The bid security
must remain valid thirty days beyond the original or extended validity period of the bid.
e) The issuer of the bid security and the confirmer, if any, of the bid security, as well as the form and
terms of the bid security, must be acceptable to the procuring entity.

Page 24 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

f) Prior to presenting a submission, a bidder may request the procuring entity to confirm the
acceptability of proposed issuer of a bid security or of a proposed confirmer, if required. The
procuring entity shall respond promptly to such a request.
g) The bank guarantee presented as bid security shall be got confirmed from the concerned issuing
bank. However, the confirmation of the acceptability of a proposed issuer or of any proposed
confirmer does not preclude the procuring entity from rejecting the bid security on the ground
that the issuer or the confirmer, as the case may be, has become insolvent or has otherwise ceased
to be creditworthy.
h) The bid security of unsuccessful bidders shall be refunded soon after final acceptance of successful
bid and signing of Agreement and submitting performance security.
i) The Bid security taken from a bidder shall be forfeited, including the interest, if any, in the
following cases, namely: -
a. when the bidder withdraws or modifies its bid after opening of bids;
b. when the bidder does not execute the agreement, if any, after placement of supply/ work
order within the specified period;
c. when the bidder fails to commence the supply of the goods or service or execute work as per
supply/ work order within the time specified;
d. when the bidder does not deposit the performance security within specified period after the
supply/ work order is placed; and
e. if the bidder breaches any provision of code of integrity, prescribed for bidders, specified in the
bidding document.
j) Notice will be given to the bidder with reasonable time before bid security deposited is forfeited.
k) No interest shall be payable on the bid security.
l) In case of the successful bidder, the amount of bid security may be adjusted in arriving at the
amount of the Performance Security, or refunded if the successful bidder furnishes the full amount
of performance security.
m) The procuring entity shall promptly return the bid security after the earliest of the following
events, namely:-
a. the expiry of validity of bid security;
b. the execution of agreement for procurement and performance security is furnished by the
successful bidder;
c. the cancellation of the procurement process; or
d. the withdrawal of bid prior to the deadline for presenting bids, unless the bidding documents
stipulate that no such withdrawal is permitted.

Page 25 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

9) Deadline for the submission of Bids

a) Bids shall be received online at e-Procurement portal and up to the time and date specified in the
NIB.
b) Normally, the date of submission and opening of Bids would not be extended. In exceptional
circumstances or when the bidding document are required to be substantially modified as a result
of discussions in pre-bid meeting/ conference or otherwise and the time with the prospective
bidders for preparation of Bids appears insufficient, the date may be extended by the procuring
entity. In such case the publicity of extended time and date shall be given in the manner, as was
given at the time of issuing the original NIB and shall also be placed on the State Public
Procurement Portal, if applicable. It would be ensured that after issue of corrigendum, reasonable
time is available to the bidders for preparation and submission of their Bids. The procuring entity
shall also publish such modifications in the bidding document in the same manner as the
publication of initial bidding document. If, in the office of the Bids receiving and opening authority,
the last date of submission or opening of Bids is a non-working day, the Bids shall be received or
opened on the next working day.

10) Withdrawal, Substitution, and Modification of Bids

a) If permitted on e-Procurementportal, a Bidder may withdraw its Bid or re-submit its Bid (technical
and/ or financial cover) as per the instructions/ procedure mentioned at e-Procurementwebsite
under the section "Bidder's Manual Kit".
b) Bids withdrawn shall not be opened and processes further.

11) Opening of Bids

a) The Bids shall be opened by the bid opening & evaluation committee on the date and time
mentioned in the NIB in the presence of the bidders or their authorised representatives who
choose to be present.
b) The committee may co-opt experienced persons in the committee to conduct the process of Bid
opening.
c) The committee shall prepare a list of the bidders or their representatives attending the opening of
Bids and obtain their signatures on the same. The list shall also contain the representative’s name
and telephone number and corresponding bidders’ names and addresses. The authority letters, if
any, brought by the representatives shall be attached to the list. The list shall be signed by all the
members of Bid opening committee with date and time of opening of the Bids.
Page 26 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d) All the documents comprising of technical Bid/ cover shall be opened & downloaded from the e-
Procurement website (only for the bidders who have submitted the prescribed fee(s) to DoIT&C).
e) The committee shall conduct a preliminary scrutiny of the opened technical Bids to assess the
prima-facie responsiveness and ensure that the: -
a. bid is accompanied by bidding document fee, bid security or bid securing declaration, and
processing fee (if applicable);
b. bid is valid for the period, specified in the bidding document;
c. bid is unconditional and the bidder has agreed to give the required performance security; and
d. other conditions, as specified in the bidding document are fulfilled.
e. any other information which the committee may consider appropriate.
f) No Bid shall be rejected at the time of Bid opening except the Bids not accompanied with the proof
of payment or instrument of the required price of bidding document, processing feeand bid
security.
g) The Financial Bid cover shall be kept unopened and shall be opened later on the date and time
intimated to the bidders who qualify in the evaluation of technical Bids.

12) Selection Method:

a) The selection method is Least Cost Based Selection (LCBS or L1). L-1 shall be calculated on total
price of all the items. No item wise L-1 shall be calculated. However procurement entity reserves
the right for negotiation on each item as well.

13) Clarification of Bids

b) To assist in the examination, evaluation, comparison and qualification of the Bids, the bid
evaluation committee may, at its discretion, ask any bidder for a clarification regarding its Bid. The
committee's request for clarification and the response of the bidder shall be through the e-
Procurement portal.
c) Any clarification submitted by a bidder with regard to its Bid that is not in response to a request by
the committee shall not be considered.
d) No change in the prices or substance of the Bid shall be sought, offered, or permitted, except to
confirm the correction of arithmetic errors discovered by the committee in the evaluation of the
financial Bids.
e) No substantive change to qualification information or to a submission, including changes aimed at
making an unqualified bidder, qualified or an unresponsive submission, responsive shall be sought,
offered or permitted.
Page 27 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

14) Evaluation & Tabulation of Technical Bids

a) Determination of Responsiveness
a. The bid evaluation committee shall determine the responsiveness of a Bid on the basis of
bidding document and the provisions of pre-qualification/ eligibility criteria of the bidding
document.
b. A responsive Bid is one that meets the requirements of the bidding document without any
material deviation, reservation, or omission where: -
i. “deviation” is a departure from the requirements specified in the bidding document;
ii. “reservation” is the setting of limiting conditions or withholding from complete acceptance
of the requirements specified in the bidding document; and
iii. “Omission” is the failure to submit part or all of the information or documentation
required in the bidding document.
c. A material deviation, reservation, or omission is one that,
i. if accepted, shall:-
1. affect in any substantial way the scope, quality, or performance of the subject matter
of procurement specified in the bidding documents; or
2. limits in any substantial way, inconsistent with the bidding documents, the procuring
entity’s rights or the bidder’s obligations under the proposed contract; or
ii. if rectified, shall unfairly affect the competitive position of other bidders presenting
responsive Bids.
d. The bid evaluation committee shall examine the technical aspects of the Bid in particular, to
confirm that all requirements of bidding document have been met without any material
deviation, reservation or omission.
e. The procuring entity shall regard a Bid as responsive if it conforms to all requirements set out
in the bidding document, or it contains minor deviations that do not materially alter or depart
from the characteristics, terms, conditions and other requirements set out in the bidding
document, or if it contains errors or oversights that can be corrected without touching on the
substance of the Bid.
b) Non-material Non-conformities in Bids
a. The bid evaluation committee may waive any non-conformities in the Bid that do not
constitute a material deviation, reservation or omission, the Bid shall be deemed to be
substantially responsive.
b. The bid evaluation committee may request the bidder to submit the necessary information or
document like audited statement of accounts/ CA Certificate, Registration Certificate, ISO/

Page 28 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

CMMi Certificates, etc. within a reasonable period of time. Failure of the bidder to comply
with the request may result in the rejection of its Bid.
c. The bid evaluation committee may rectify non-material nonconformities or omissions on the
basis of the information or documentation received from the bidder under (b) above.
c) Tabulation of Technical Bids
a. If Technical Bids have been invited, they shall be tabulated by the bid evaluation committee in
the form of a comparative statement to evaluate the qualification of the bidders against the
criteria for qualification set out in the bidding document.
b. The members of bid evaluation committee shall give their recommendations below the table
as to which of the bidders have been found to be qualified in evaluation of Technical Bids and
sign it.
d) The number of firms qualified in technical evaluation, if less than two and it is considered
necessary by the procuring entity to continue with the procurement process, reasons shall be
recorded in writing and included in the record of the procurement proceedings.
e) The bidders who qualified in the technical evaluation shall be informed in writing about the date,
time and place of opening of their financial Bids.

15) Evaluation & Tabulation of Financial Bids

Subject to the provisions of “Acceptance of Successful Bid and Award of Contract” below, the
procuring entity shall take following actions for evaluation of financial Bids:-

a) For single part/ coverBid system, where Bid is received in single cover along with requisite bid
security, processing fee or user charges and price of bidding documents within specified time, it
shall be considered for financial evaluation by the Bids evaluation committee;

OR

For two part/ cover Bid system, the financial Bids of the bidders who qualified in technical
evaluation shall be opened online at the notified time, date and place by the bid evaluation
committee in the presence of the bidders or their representatives who choose to be present>;

b) the process of opening of the financial Bids shall be similar to that of technical Bids.
c) the names of the bidders, the rates given by them and conditions put, if any, shall be read out and
recorded;
d) conditional Bids are liable to be rejected;

Page 29 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

e) the evaluation shall include all costs and all taxes and duties applicable to the bidder as per law of
the Central/ State Government/ Local Authorities, and the evaluation criteria specified in the
bidding documents shall only be applied;
f) the offers shall be evaluated and marked L1, L2, L3 etc. L1 being the lowest offer and then others
in ascending order in case price is the only criteria, or evaluated and marked H1, H2, H3 etc. in
descending order. In case quality is also a criteria and the combined score of technical and financial
evaluation is considered.
g) the bid evaluation committee shall prepare a comparative statement in tabular form in accordance
with rulesalong with its report on evaluation of financial Bids and recommend the lowest offer for
acceptance to the procuring entity, if price is the only criterion, or most advantageous Bid in other
case;
h) The members of bids evaluation committee shall give their recommendations below the table
regarding lowest Bid or most advantageous Bid and sign it.
i) it shall be ensured that the offer recommended for sanction is justifiable looking to the prevailing
market rates of the goods, works or service required to be procured.

16) Correction of Arithmetic Errors in Financial Bids

The bid evaluation committee shall correct arithmetical errors in substantially responsive Bids, on the
following basis, namely: -

a) if there is a discrepancy between the unit price and the total price that is obtained by multiplying
the unit price and quantity, the unit price shall prevail and the total price shall be corrected,
unless in the opinion of the bid evaluation committee there is an obvious misplacement of the
decimal point in the unit price, in which case the total price as quoted shall govern and the unit
price shall be corrected;
b) if there is an error in a total corresponding to the addition or subtraction of subtotals, the
subtotals shall prevail and the total shall be corrected; and
c) if there is a discrepancy between words and figures, the amount in words shall prevail, unless the
amount expressed in words is related to an arithmetic error, in which case the amount in figures
shall prevail subject to clause (a) and (b) above.

17) Price/ purchase preference in evaluation

Price and/ or purchase preference notified by the State Government (GoR) and as mentioned in the
bidding document shall be considered in the evaluation of Bids and award of contract.

Page 30 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

18) Negotiations
a) Except in case of procurement by method of single source procurement or procurement by
competitive negotiations, to the extent possible, no negotiations shall be conducted after the pre-
bid stage. All clarifications needed to be sought shall be sought in the pre-bid stage itself.
b) Negotiations may, however, be undertaken only with the lowest or most advantageous bidder
when the rates are considered to be much higher than the prevailing market rates.
c) The bid evaluation committee shall have full powers to undertake negotiations. Detailed reasons
and results of negotiations shall be recorded in the proceedings.
d) The lowest or most advantageous bidder shall be informed in writing either through messenger or
by registered letter and e-mail (if available). A minimum time of seven days shall be given for
calling negotiations. In case of urgency the bid evaluation committee, after recording reasons, may
reduce the time, provided the lowest or most advantageous bidder has received the intimation
and consented to regarding holding of negotiations.
e) Negotiations shall not make the original offer made by the bidder inoperative. The bid evaluation
committee shall have option to consider the original offer in case the bidder decides to increase
rates originally quoted or imposes any new terms or conditions.
f) In case of non-satisfactory achievement of rates from lowest or most advantageous bidder, the bid
evaluation committee may choose to make a written counter offer to the lowest or most
advantageous bidder and if this is not accepted by him, the committee may decide to reject and
re-invite Bids or to make the same counter-offer first to the second lowest or most advantageous
bidder, then to the third lowest or most advantageous bidder and so on in the order of their initial
standing and work/ supply order be awarded to the bidder who accepts the counter-offer. This
procedure would be used in exceptional cases only.
g) In case the rates even after the negotiations are considered very high, fresh Bids shall be invited.

19) Exclusion of Bids/ Disqualification

a) A procuring entity shall exclude/ disqualify a Bid, if: -
a. the information submitted, concerning the qualifications of the bidder, was false or
constituted a misrepresentation; or
b. the information submitted, concerning the qualifications of the bidder, was materially
inaccurate or incomplete; and
c. the bidder is not qualified as per pre-qualification/ eligibility criteria mentioned in the bidding
document;
Page 31 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d. the Bid materially departs from the requirements specified in the bidding document or it
contains false information;
e. the bidder, submitting the Bid, his agent or any one acting on his behalf, gave or agreed to
give, to any officer or employee of the procuring entity or other governmental authority a
gratification in any form, or any other thing of value, so as to unduly influence the
procurement process;
f. a bidder, in the opinion of the procuring entity, has a conflict of interest materially affecting
fair competition.
b) A Bid shall be excluded/ disqualified as soon as the cause for its exclusion/ disqualification is
discovered.
c) Every decision of a procuring entity to exclude a Bid shall be for reasons to be recorded in writing
and shall be: -
a. communicated to the concerned bidder in writing;
b. published on the State Public Procurement Portal, if applicable.

20) Lack of competition

a) A situation may arise where, if after evaluation of Bids, the bid evaluation committee may end-up
with one responsive Bid [Link] such situation, the bid evaluation committee would check as to
whether while floating the NIB all necessary requirements to encourage competition like standard
bid conditions, industry friendly specifications, wide publicity, sufficient time for formulation of
Bids, etc were fulfilled. If not, the NIBwould be re-floated after rectifying deficiencies. The bid
process shall be considered valid even if there is one responsive Bid, provided that: -
a. the Bid is technically qualified;
b. the price quoted by the bidder is assessed to be reasonable;
c. the Bid is unconditional and complete in all respects;
d. there are no obvious indicators of cartelization amongst bidders; and
e. the bidder is qualified as per the provisions of pre-qualification/ eligibility criteria in the
bidding document
b) The bid evaluation committee shall prepare a justification note for approval by the next higher
authority of the procuring entity, with the concurrence of the accounts member.
c) In case of dissent by any member of bid evaluation committee, the next higher authority in
delegation of financial powers shall decide as to whether to sanction the single Bid or re-invite Bids
after recording reasons.

Page 32 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d) If a decision to re-invite the Bids is taken, market assessment shall be carried out for estimation of
market depth, eligibility criteria and cost estimate.

21) Acceptance of the successfulBid and award of contract

a) The procuring entity after considering the recommendations of the bid evaluation committee and
the conditions of Bid, if any, financial implications, trials, sample testing and test reports, etc., shall
accept or reject the successful Bid. If any member of the bid evaluation committee,has disagreed
or given its note of dissent, the matter shall be referred to the next higher authority, as per
delegation of financial powers, for decision.
b) Decision on Bids shall be taken within original validity period of Bids and time period allowed to
procuring entity for taking decision. If the decision is not taken within the original validity period or
time limit allowed for taking decision, the matter shall be referred to the next higher authority in
delegation of financial powers for decision.
c) Before award of the contract, the procuring entity shall ensure that the price of successful Bid is
reasonable and consistent with the required quality.
d) A Bid shall be treated as successful only after the competent authority has approved the
procurement in terms of that Bid.
e) The procuring entity shall award the contract to the bidder whose offer has been determined to be
the lowest or most advantageous in accordance with the evaluation criteria set out in the bidding
document and if the bidder has been determined to be qualified to perform the contract
satisfactorily on the basis of qualification criteria fixed for the bidders in the bidding document for
the subject matter of procurement.
f) Prior to the expiration of the period of bid validity, the procuring entity shall inform the successful
bidder, in writing, that its Bid has been accepted.
g) As soon as a Bid is accepted by the competent authority, its written intimation shall be sent to the
concerned bidder by registered post or email and asked to execute an agreement in the format
given in the bidding documents on a non-judicial stamp of requisite value and deposit the amount
of performance security or a performance security declaration, if applicable, within a period
specified in the bidding documents or where the period is not specified in the bidding documents
then within fifteen days from the date on which the letter of acceptance or letter of intent is
dispatched to the bidder.
h) If the issuance of formal letter of acceptance is likely to take time, in the meanwhile a Letter of
Intent (LOI) may be sent to the bidder. The acceptance of an offer is complete as soon as the letter
of acceptance or letter of intent is posted and/ or sent by email (if available) to the address of the
Page 33 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

bidder given in the bidding document. Until a formal contract is executed, the letter of acceptance
or LOI shall constitute a binding contract.
i) The bid security of the bidders who’sBids could not be accepted shall be refunded soon after the
contract with the successful bidder is signed and its performance securityis obtained.

22) Information and publication of award

Information of award of contract shall be communicated to all participating bidders and published on
the respective website(s) as specified in NIB.

23) Procuring entity’s right to accept or reject any or all Bids

The Procuring entity reserves the right to accept or reject any Bid, and to annul (cancel) the bidding
process and reject all Bids at any time prior to award of contract, without thereby incurring any liability
to the bidders.

24) Right to vary quantity

a) If the procuring entity does not procure any subject matter of procurement or procures less than the
quantity specified in the bidding documents due to change in circumstances, the bidder shall not
be entitled for any claim or compensation.
b) Repeat orders for extra items or additional quantities may be placed on the rates and conditions given
in the contract (if the original order was given after inviting open competitive Bids). Delivery or
completion period may also be proportionately increased. The limits of repeat order shall be as under:
1) 50% of the quantity of the individual items and 50% of the value of original contract in case of
works; and
2) 50% of the value of goods or services of the original contract.

25) Performance Security

a) Prior to execution of agreement, Performance security shall be solicited from all successful bidders
except the departments of the State Government and undertakings, corporations, autonomous
bodies, registered societies, co-operative societies which are owned or controlled or managed by
the State Government and undertakings of the Central Government. However, a performance
security declaration shall be taken from them. The State Government may relax the provision of
performance security in particular procurement or any class of procurement.
b) The amount of performance security shall be 5%, or as may be specified in the bidding document,
of the amount of supply order in case of procurement of goods and services. In case of Small Scale
Page 34 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Industries (SSI) of Rajasthan, it shall be 1% of the amount of quantity ordered for supply of goods
and in case of sick industries, other than SSI, whose cases are pending before the Board of
Industrial and Financial Reconstruction (BIFR), it shall be 2% of the amount of supply order.
c) Performance security shall be furnished in any one of the following forms: -
a. Bank Draft or Banker's Cheque of a scheduled bank;
b. National Savings Certificates and any other script/ instrument under National
Savings Schemes for promotion of small savings issued by a Post Office in Rajasthan, if the
same can be pledged under the relevant rules. They shall be accepted at their surrender
value at the time of bid and formally transferred in the name of procuring entity with the
approval of Head Post Master;
c. Bank guarantee/s of a scheduled bank. It shall be got verified from the issuing bank. Other
conditions regarding bank guarantee shall be same as mentioned in the bidding document
for bid security;
d. Fixed Deposit Receipt (FDR) of a scheduled bank. It shall be in the name of procuring entity
on account of bidder and discharged by the bidder in advance. The procuring entity shall
ensure before accepting the FDR that the bidder furnishes an undertaking from the bank
to make payment/premature payment of the FDR on demand to the procuring entity
without requirement of consent of the bidder concerned. In the event of forfeiture of the
performance security, the Fixed Deposit shall be forfeited along with interest earned on
such Fixed Deposit.
d) Performance security furnished in the form specified in clause [b.] to [e.] of (c)above shall remain
valid for a period of 60 days beyond the date of completion of all contractual obligations of the
bidder, including warranty obligations and maintenance and defect liability period.
e) Forfeiture of Security Deposit: Security amount in full or part may be forfeited, including interest, if
any, in the following cases:-
a. When any terms and condition of the contract is breached.
b. When the bidder fails to make complete supply satisfactorily.
c. if the bidder breaches any provision of code of integrity, prescribed for bidders, specified
in the bidding document.
f) Notice will be given to the bidder with reasonable time before PSD deposited is forfeited.
g) No interest shall be payable on the PSD.

26) Execution of agreement

Page 35 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

a) A procurement contract shall come into force from the date on which the letter of acceptance or
letter of intent is despatched to the bidder.
b) The successful bidder shall sign the procurement contract within 15 days from the date on which
the letter of acceptance or letter of intent is despatched to the successful bidder.
c) If the bidder, who’sBid has been accepted, fails to sign a written procurement contract or fails to
furnish the required performance security within specified period, the procuring entity shall take
action against the successful bidder as per the provisions of the bidding document and Act. The
procuring entity may, in such case, cancel the procurement process or if it deems fit, offer for
acceptance the rates of lowest or most advantageous bidder to the next lowest or most
advantageous bidder, in accordance with the criteria and procedures set out in the bidding
document.
d) The bidder will be required to execute the agreement on a non-judicial stamp of specified value at
its cost and to be purchase from anywhere in Rajasthan only.

27) Confidentiality
a) Notwithstanding anything contained in this bidding document but subject to the provisions of any
other law for the time being in force providing for disclosure of information, a procuring entity
shall not disclose any information if such disclosure, in its opinion, is likely to: -
a. impede enforcement of any law;
b. affect the security or strategic interests of India;
c. affect the intellectual property rights or legitimate commercial interests of bidders;
d. affect the legitimate commercial interests of the procuring entity in situations that may include
when the procurement relates to a project in which the procuring entity is to make a
competitive bid, or the intellectual property rights of the procuring entity.
b) The procuring entity shall treat all communications with bidders related to the procurement
process in such manner as to avoid their disclosure to competing bidders or to any other person
not authorised to have access to such information.
c) The procuring entity may impose on bidders and sub-contractors, if there are any for fulfilling the
terms of the procurement contract, conditions aimed at protecting information, the disclosure of
which violates (a) above.
d) In addition to the restrictions specified above, the procuring entity, while procuring a subject
matter of such nature which requires the procuring entity to maintain confidentiality, may impose
condition for protecting confidentiality of such information.

Page 36 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

28) Cancellation of procurement process

a) If any procurement process has been cancelled, it shall not be reopened but it shall not prevent
the procuring entity from initiating a new procurement process for the same subject matter of
procurement, if required.
b) A procuring entity may, for reasons to be recorded in writing, cancel the process of procurement
initiated by it -
a. at any time prior to the acceptance of the successful Bid; or
b. after the successful Bid is accepted in accordance with (d) and (e) below.
c) The procuring entity shall not open any bids or proposals after taking a decision to cancel the
procurement and shall return such unopened bids or proposals.
d) The decision of the procuring entity to cancel the procurement and reasons for such decision shall
be immediately communicated to all bidders that participated in the procurement process.
e) If the bidder who’sBid has been accepted as successful fails to sign any written procurement
contract as required, or fails to provide any required security for the performance of the contract,
the procuring entity may cancel the procurement process.
f) If a bidder is convicted of any offence under the Act, the procuring entity may: -
a. cancel the relevant procurement process if the Bid of the convicted bidder has been declared
as successful but no procurement contract has been entered into;
b. rescind (cancel) the relevant contract or forfeit the payment of all or a part of the
contract value if the procurement contract has been entered into between the procuring
entity and the convicted bidder.

29) Code of Integrity for Bidders

a) No person participating in a procurement process shall act in contravention of the code of integrity
prescribed by the State Government.
b) The code of integrity include provisions for: -
a. Prohibiting
i. any offer, solicitation or acceptance of any bribe, reward or gift or any material benefit,
either directly or indirectly, in exchange for an unfair advantage in the procurement
process or to otherwise influence the procurement process;
ii. any omission, including a misrepresentation that misleads or attempts to mislead so as
to obtain a financial or other benefit or avoid an obligation;
iii. any collusion, bid rigging or anti-competitive behaviour to impair the transparency,
fairness and progress of the procurement process;
Page 37 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

iv. improper use of information shared between the procuring entity and the bidders with an
intent to gain unfair advantage in the procurement process or for personal gain;
v. any financial or business transactions between the bidder and any officer or employee of
the procuring entity;
vi. any coercion including impairing or harming or threatening to do the same, directly or
indirectly, to any party or to its property to influence the procurement process;
vii. any obstruction of any investigation or audit of a procurement process;
b. disclosure of conflict of interest;
c. disclosure by the bidder of any previous transgressions with any entity in India or any other
country during the last two years or of any debarment by any other procuring entity.
c) Without prejudice to the provisions below, in case of any breach of the code of integrity by a
bidder or prospective bidder, as the case may be, the procuring entity may take appropriate
measures including: -
a. exclusion of the bidder from the procurement process;
b. calling-off of pre-contract negotiations and forfeiture or encashment of bid security;
c. forfeiture or encashment of any other security or bond relating to the procurement;
d. recovery of payments made by the procuring entity along with interest thereon at bank rate;
e. cancellation of the relevant contract and recovery of compensation for loss incurred by the
procuring entity;
f. debarment of the bidder from participation in future procurements of the procuring entity for
a period not exceeding two years.

30) Interference with Procurement Process

A bidder, who: -
a)withdraws from the procurement process after opening of financial bids;
b) withdraws from the procurement process after being declared the successful bidder;
c) fails to enter into procurement contract after being declared the successful bidder;
d) fails to provide performance security or any other document or security required in terms of the
bidding documents after being declared the successful bidder, without valid grounds,

shall, in addition to the recourse available in the bidding document or the contract, be
punished with fine which may extend to fifty lakh rupees or ten per cent of the assessed value of
procurement, whichever is less.

31) Appeals
Page 38 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

a) Subject to “Appeal not to lie in certain cases” below, if any bidder or prospective bidder is
aggrieved that any decision, action or omission of the procuring entity is in contravention to
the provisions of the Act or the rules or guidelines issued thereunder, he may file an appeal to such
officer of the procuring entity, as may be designated by it for the purpose, within a period of 10
days from the date of such decision or action, omission, as the case may be, clearly giving the
specific ground or grounds on which he feels aggrieved:
a. Provided that after the declaration of a bidder as successful in terms of “Award of Contract”,
the appeal may be filed only by a bidder who has participated in procurement proceedings:
b. Provided further that in case a procuring entity evaluates the technical Bid before the opening
of the financial Bid, an appeal related to the matter of financial Bid may be filed only by a
bidder whose technical Bid is found to be acceptable.
b) The officer to whom an appeal is filed under (a) above shall deal with the appeal as expeditiously
as possible and shall endeavour to dispose it of within 30 days from the date of filing of the appeal.
c) If the officer designated under (a) above fails to dispose of the appeal filed under that sub-section
within the period specified in (c) above, or if the bidder or prospective bidder or the procuring
entity is aggrieved by the order passed, the bidder or prospective bidder or the procuring entity, as
the case may be, may file a second appeal to an officer or authority designated by the State
Government in this behalf within 15 days from the expiry of the period specified in (c) above or of
the date of receipt of the order passed under (b) above, as the case may be.
d) The officer or authority to which an appeal is filed under (c) above shall deal with the appeal as
expeditiously as possible and shall endeavour to dispose it of within 30 days from the date of filing
of the appeal:
e) The officer or authority to which an appeal may be filed under (a) or (d) above shall be :
First Appellate Authority: Principal Secretary, IT&C, GoR
Second Appellate Authority: Finance Secretary (Budget), Finance Department, GoR
f) Form of Appeal:
a. Every appeal under (a) and (c) above shall be as per Annexure-12 along with as many
copies as there are respondents in the appeal.
b. Every appeal shall be accompanied by an order appealed against, if any, affidavit verifying
the facts stated in the appeal and proof of payment of fee.
c. Every appeal may be presented to First Appellate Authority or Second Appellate Authority,
as the case may be, in person or through registered post or authorised representative.
g) Fee for Appeal: Fee for filing appeal:

Page 39 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

a. Fee for first appeal shall be rupees two thousand five hundred and for second appeal shall
be rupees ten thousand, which shall be non-refundable.
b. The fee shall be paid in the form of bank demand draft or banker’s cheque of a Scheduled
Bank payable in the name of Appellate Authority concerned.
h) Procedure for disposal of appeal:
a. The First Appellate Authority or Second Appellate Authority, as the case may be, upon
filing of appeal, shall issue notice accompanied by copy of appeal, affidavit and documents,
if any, to the respondents and fix date of hearing.
b. On the date fixed for hearing, the First Appellate Authority or Second Appellate Authority,
as the case may be, shall,-
i. hear all the parties to appeal present before him; and
ii. peruse or inspect documents, relevant records or copies thereof relating to the
matter.
c. After hearing the parties, perusal or inspection of documents and relevant records or
copies thereof relating to the matter, the Appellate Authority concerned shall pass an
order in writing and provide the copy of order to the parties to appeal free of cost.
d. The order passed under (c) shall also be placed on the State Public Procurement Portal.
i) No information which would impair the protection of essential security interests of India, or
impede the enforcement of law or fair competition, or prejudice the legitimate commercial
interests of the bidder or the procuring entity, shall be disclosed in a proceeding under an appeal.
32) Stay of procurement proceedings

While hearing of an appeal, the officer or authority hearing the appeal may, on an application made in
this behalf and after affording a reasonable opportunity of hearing to the parties concerned, stay the
procurement proceedings pending disposal of the appeal, if he, or it, is satisfied that failure to do so is
likely to lead to miscarriage of justice.

33) Vexatious Appeals & Complaints

Whoever intentionally files any vexatious, frivolous or malicious appeal or complaint under the “The
Rajasthan Transparency Public Procurement Act 2012”, with the intention of delaying or defeating
any procurement or causing loss to any procuring entity or any other bidder, shall be punished with
fine which may extend to twenty lakh rupees or five per cent of the value of procurement, whichever
is less.

Page 40 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

34) Offenses by Firms/ Companies

a)Where an offence under “The Rajasthan Transparency Public Procurement Act 2012” has been
committed by a company, every person who at the time the offence was committed was in
charge of and was responsible to the company for the conduct of the business of the company,
as well as the company, shall be deemed to be guilty of having committed the offence and shall
be liable to be proceeded against and punished accordingly:
Provided that nothing contained in this sub-section shall render any such person liable for any
punishment if he proves that the offence was committed without his knowledge or that he had
exercised all due diligence to prevent the commission of such offence.
b) Notwithstanding anything contained in (a) above, where an offence under this Act has been
committed by a company and it is proved that the offence has been committed with the consent
or connivance of or is attributable to any neglect on the part of any director, manager, secretary
or other officer of the company, such director, manager, secretary or other officer shall also be
deemed to be guilty of having committed such offence and shall be liable to be proceeded
against and punished accordingly.
c) For the purpose of this section-
a. "company" means a body corporate and includes a limited liability partnership, firm,
registered society or co- operative society, trust or other association of individuals; and
b. "director" in relation to a limited liability partnership or firm, means a partner in the firm.
d) Abetment of certain offenses: Whoever abets an offence punishable under this Act, whether or
not that offence is committed in consequence of that abetment, shall be punished with the
punishment provided for the offence.

35) Debarment from Bidding

a) A bidder shall be debarred by the State Government if he has been convicted of an offence

a. under the Prevention of Corruption Act, 1988 (Central Act No. 49 of 1988); or
b. under the Indian Penal Code, 1860 (Central Act No. 45 of 1860) or any other law for the
time being in force, for causing any loss of life or property or causing a threat to public
health as part of execution of a public procurement contract.
b) A bidder debarred under (a) above shall not be eligible to participate in a procurement process of
any procuring entity for a period not exceeding two years commencing from the date on which he
was debarred.
c) If a procuring entity finds that a bidder has breached the code of integrity prescribed in terms of
“Code of Integrity for bidders” above, it may debar the bidder for a period not exceeding two years.

Page 41 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d) Where the entire bid security or the entire performance security or any substitute thereof, as the
case may be, of a bidder has been forfeited by a procuring entity in respect of any procurement
process or procurement contract, the bidder may be debarred from participating in any procurement
process undertaken by the procuring entity for a period not exceeding two years.

e) The State Government or a procuring entity, as the case may be, shall not debar a bidder under this
section unless such bidder has been given a reasonable opportunity of being heard.

36) Monitoring of Contract

a)An officer or a committee of officers named Contract Monitoring Committee (CMC) may be
nominated by procuring entity to monitor the progress of the contract during its delivery period.
b) During the delivery period the CMC shall keep a watch on the progress of the contract and shall
ensure that quantity of goods and service delivery is in proportion to the total delivery period
given, if it is a severable contract, in which the delivery of the goods and service is to be obtained
continuously or is batched. If the entire quantity of goods and service is to be delivered in the
form of completed work or entire contract like fabrication work, the process of completion of
work may be watched and inspections of the selected bidder’s premises where the work is being
completed may be inspected.
c) If delay in delivery of goods and service is observed a performance notice would be given to the
selected bidder to speed up the delivery.
d) Any change in the constitution of the firm, etc. shall be notified forth with by the contractor in
writing to the procuring entity and such change shall not relieve any former member of the firm,
etc., from any liability under the contract.
e)No new partner/ partners shall be accepted in the firm by the selected bidder in respect of the
contract unless he/ they agree to abide by all its terms, conditions and deposits with the
procuring entity through a written agreement to this effect. The bidder’s receipt for
acknowledgement or that of any partners subsequently accepted as above shall bind all of them
and will be sufficient discharge for any of the purpose of the contract.
f) The selected bidder shall not assign or sub-let his contract or any substantial part thereof to any
other agency without the permission of procuring entity.

Page 42 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

6. GENERAL TERMS AND CONDITIONS OF TENDER & CONTRACT

Bidders should read these conditions carefully and comply strictly while sending their bids.

Definitions

For the purpose of clarity, the following words and expressions shall have the meanings hereby assigned to
them: -
a) “Contract” means the Agreement entered into between the Purchaser and the successful/ selected
bidder, together with the Contract Documents referred to therein, including all attachments,
appendices, and all documents incorporated by reference therein.
b) “Contract Documents” means the documents listed in the Agreement, including any amendments
thereto.
c) “Contract Price” means the price payable to the successful/ selected bidder as specified in the
Agreement, subject to such additions and adjustments thereto or deductions there from, as may be
made pursuant to the Contract.
d) “Day” means a calendar day.
e) “Delivery” means the transfer of the Goods from the successful/ selected bidder to the Purchaser in
accordance with the terms and conditions set forth in the Contract.
f) “Completion” means the fulfilment of the related services by the successful/ selected bidder in
accordance with the terms and conditions set forth in the Contract.
g) “Goods” means all of the commodities, raw material, machinery and equipment, and/or other
materials that the successful/ selected bidder is required to supply to the Purchaser under the
Contract.
h) “Purchaser” means the entity purchasing the Goods and related services, as specified in the bidding
document.
i) “Related Services” means the services incidental to the supply of the goods, such as insurance,
installation, training and initial maintenance and other similar obligations of the successful/ selected
bidder under the Contract.
j) “Subcontractor” means any natural person, private or government entity, or a combination of the
above, including its legal successors or permitted assigns, to whom any part of the Goods to be
supplied or execution of any part of the related services is subcontracted by the successful/ selected
bidder.
k) “Supplier/ Successful or Selected bidder” means the person, private or government entity, or a
combination of the above, whose Bid to perform the Contract has been accepted by the Purchaser and
is named as such in the Agreement, and includes the legal successors or permitted assigns of the
successful/ selected bidder.
Page 43 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

l) “The Site,” where applicable, means the designated project place(s) named in the bidding document.

Note: The bidder shall be deemed to have carefully examined the conditions, specifications, size, make and
drawings, etc., of the goods to be supplied and related services to be rendered. If the bidder has any
doubts as to the meaning of any portion of these conditions or of the specification, drawing, etc., he shall,
before submitting the Bid and signing the contract refer the same to the procuring entity and get
clarifications.

1) Contract Documents

Subject to the order of precedence set forth in the Agreement, all documents forming the Contract
(and all parts thereof) are intended to be correlative, complementary, and mutually explanatory.

2) Interpretation

a) If the context so requires it, singular means plural and vice versa.
b) Entire Agreement: The Contract constitutes the entire agreement between the Purchaser and the
Supplier/ Selected bidder and supersedes all communications, negotiations and agreements
(whether written or oral) of parties with respect thereto made prior to the date of Contract.
c) Amendment: No amendment or other variation of the Contract shall be valid unless it is in writing,
is dated, expressly refers to the Contract, and is signed by a duly authorized representative of each
party thereto.
d) Non-waiver: Subject to the condition (f) below, no relaxation, forbearance, delay, or indulgence by
either party in enforcing any of the terms and conditions of the Contract or the granting of time by
either party to the other shall prejudice, affect, or restrict the rights of that party under the
Contract, neither shall any waiver by either party of any breach of Contract operate as waiver of
any subsequent or continuing breach of Contract.
e) Any waiver of a party’s rights, powers, or remedies under the Contract must be in writing, dated,
and signed by an authorized representative of the party granting such waiver, and must specify the
right and the extent to which it is being waived.
f) Severability: If any provision or condition of the Contract is prohibited or rendered invalid or
unenforceable, such prohibition, invalidity or unenforceability shall not affect the validity or
enforceability of any other provisions and conditions of the Contract.

3) Language

a) The Contract as well as all correspondence and documents relating to the Contract exchanged by
the successful/ selected bidder and the Purchaser, shall be written in English language only.
Page 44 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Supporting documents and printed literature that are part of the Contract may be in another
language provided they are accompanied by an accurate translation of the relevant passages in the
language specified in the special conditions of the contract, in which case, for purposes of
interpretation of the Contract, this translation shall govern.
b) The successful/ selected bidder shall bear all costs of translation to the governing language and all
risks of the accuracy of such translation.

4) Joint Venture, Consortium or Association

Joint venture & consortium is not allowed

5) Notices

a) Any notice given by one party to the other pursuant to the Contract shall be in writing to the
address specified in the contract. The term “in writing” means communicated in written form with
proof of dispatch and receipt.
b) A Notice shall be effective when delivered or on the Notice’s effective date, whichever is later.

6) Governing Law

The Contract shall be governed by and interpreted in accordance with the laws of the Rajasthan State/
the Country (India), unless otherwise specified in the contract.

7) Scope of Supply

a) Subject to the provisions in the bidding document and contract, the goods and related services to
be supplied shall be as specified in the bidding document.
b) Unless otherwise stipulated in the Contract, the scope of supply shall include all such items not
specifically mentioned in the Contract but that can be reasonably inferred from the Contract as
being required for attaining delivery and completion of the goods and related services as if such
items were expressly mentioned in the Contract.

8) Supplier’s/ Selected Bidder’s Responsibilities

The Supplier/ Selected Bidder shall supply all the services included in the scope of supply in accordance
with the provisions of bidding document and/ or contract.

9) Purchaser’s Responsibilities

a) Whenever the supply of goods and related services requires that the Supplier/ Selected Bidder
obtain permits, approvals, and import and other licenses from local public authorities, the
Purchaser shall, if so required by the Supplier/ Selected Bidder, make its best effort to assist the

Page 45 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

Supplier/ Selected Bidder in complying with such requirements in a timely and expeditious
manner.
b) The Purchaser shall pay all costs involved in the performance of its responsibilities, in accordance
with the general and special conditions of the contract.

10) Contract Price

a) The Contract Price shall be paid as specified in the contract subject to any additions and
adjustments thereto, or deductions there from, as may be made pursuant to the Contract.
b) Prices charged by the Supplier/ Selected Bidder for the Goods delivered and the Related Services
performed under the Contract shall not vary from the prices quoted by the Supplier/ Selected
Bidder in its bid, with the exception of any price adjustments authorized in the special conditions
of the contract.

11) Recoveries from Supplier/ Selected Bidder

a) Recovery of liquidated damages, short supply, breakage, rejected articles shall be made ordinarily
from bills.
b) The Purchase Officer shall withhold amount to the extent of short supply, broken/ damaged or for
rejected articles unless these are replaced satisfactorily. In case of failure to withhold the amount,
it shall be recovered from his dues and performance security deposit available with DoIT&C.
c) The balance, if any, shall be demanded from the Supplier/ Selected Bidder and when recovery is
not possible, the Purchase Officer shall take recourse to law in force.

12) Taxes & Duties

a) The TDS, Raj-VAT, Service Tax etc., if applicable, shall be deducted at source/ paid by DoIT&C as
per prevailing rates.
b) For goods supplied from outside India, the successful/ selected bidder shall be entirely responsible
for all taxes, stamp duties, license fees, and other such levies imposed outside the country.
c) For goods supplied from within India, the successful/ selected bidder shall be entirely responsible
for all taxes, duties, license fees, etc., incurred until delivery of the contracted Goods to the
Purchaser.
d) If any tax exemptions, reductions, allowances or privileges may be available to the successful/
selected bidder in India, the Purchaser shall use its best efforts to enable the successful/ selected
bidder to benefit from any such tax savings to the maximum allowable extent.
Page 46 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

13) Copyright

The copyright in all drawings, design documents, source code and other services/materials containing
data and information furnished to the Purchaser by the Supplier/ Selected Bidder herein shall remain
vested in the DoIT&C.

14) Confidential Information

a) The Purchaser and the Supplier/ Selected Bidder shall keep confidential and shall not, without the
written consent of the other party hereto, divulge to any third party any drawings, documents,
data, or other information furnished directly or indirectly by the other party hereto in connection
with the Contract, whether such information has been furnished prior to, during or following
completion or termination of the Contract.
b) The Supplier/ Selected Bidder may furnish to its Subcontractor, if permitted, such documents,
data, and other information it receives from the Purchaser to the extent required for the
Subcontractor to perform its work under the Contract, in which event the Supplier/ Selected
Bidder shall obtain from such Subcontractor an undertaking of confidentiality similar to that
imposed on the Supplier/ Selected Bidder.
c) The Purchaser shall not use such documents, data, and other information received from the
Supplier/ Selected Bidder for any purposes unrelated to the Contract. Similarly, the Supplier/
Selected Bidder shall not use such documents, data, and other information received from the
Purchaser for any purpose other than the design, procurement, or other work and services
required for the performance of the Contract.
d) The obligation of a party under sub-clauses above, however, shall not apply to information that: -
i. the Purchaser or Supplier/ Selected Bidder need to share with user department /DoIT&C or
other institutions participating in the Contract;
ii. now or hereafter enters the public domain through no fault of that party;
iii. can be proven to have been possessed by that party at the time of disclosure and which was
not previously obtained, directly or indirectly, from the other party; or
iv. otherwise lawfully becomes available to that party from a third party that has no obligation of
confidentiality.
e) The above provisions shall not in any way modify any undertaking of confidentiality given by either
of the parties hereto prior to the date of the Contract in respect of the supply or any part thereof.
f) The provisions of this clause shall survive completion or termination, for whatever reason, of the
Contract.
Page 47 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

15) Sub-contracting

a) The bidder shall not assign or sub-let his contract or any substantial part thereof to any other
agency without the permission of Purchaser/ Tendering Authority.
b) If permitted, the selected bidder shall notify the Purchaser, in writing, of all subcontracts awarded
under the Contract, if not already specified in the Bid. Subcontracting shall in no event relieve the
Supplier/ Selected Bidder from any of its obligations, duties, responsibilities, or liability under the
Contract.
c) Subcontractors, if permitted, shall comply with the provisions of bidding document and/ or
contract.

16) Specifications and Standards

a) All articles supplied shall strictly conform to the specifications, trademark laid down in the bidding
document and wherever articles have been required according to ISI/ ISO/ other applicable
specifications/ certifications/ standards, those articles should conform strictly to those
specifications/ certifications/ standards. The supply shall be of best quality and description. The
decision of the competent authority/ purchase committee whether the articles supplied conforms
to the specifications shall be final and binding on the supplier/ selected bidder.
b) Technical Specifications and Drawings
i. The Supplier/ Selected Bidder shall ensure that the goods and related services comply with the
technical specifications and other provisions of the Contract.
ii. The Supplier/ Selected Bidder shall be entitled to disclaim responsibility for any design, data,
drawing, specification or other document, or any modification thereof provided or designed by
or on behalf of the Purchaser, by giving a notice of such disclaimer to the Purchaser.
iii. The goods and related services supplied under this Contract shall conform to the standards
mentioned in bidding document and, when no applicable standard is mentioned, the standard
shall be equivalent or superior to the official standards whose application is appropriate to the
country of origin of the Goods.
c) Wherever references are made in the Contract to codes and standards in accordance with which it
shall be executed, the edition or the revised version of such codes and standards shall be those
specified in the bidding document. During Contract execution, any changes in any such codes and
standards shall be applied only after approval by the Purchaser and shall be treated in accordance
with the general conditions of the contract.

Page 48 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d) The supplier/ selected bidder must certify that all the goods are new, unused, and of the agreed
make and models, and that they incorporate all recent improvements in design and materials,
unless provided otherwise in the Contract.
e) The supplier/ selected bidder should further warrant that the Goods shall be free from defects
arising from any act or omission of the supplier/ selected bidder or arising from design, materials,
and workmanship, under normal use in the conditions prevailing in the place of final destination.

17) Extension in Delivery Period and Liquidated Damages (LD)

a) Except as provided under clause “Force Majeure”, if the supplier/ selected bidder fails to deliver
any or all of the Goods or perform the Related Services within the period specified in the Contract,
the Purchaser may without prejudice to all its other remedies under the Contract, deduct from the
Contract Price, as liquidated damages, a sum equivalent to the percentage specified in (d) below
for each week or part thereof of delay until actual delivery or performance, up to a maximum
deduction of the percentage specified in the bidding document and/ or contract. Once the
maximum is reached, the Purchaser may terminate the Contract pursuant to clause “Termination”.
b) The time specified for delivery in the bidding document shall be deemed to be the essence of the
contract and the supplier/ selected biddershall arrange goods supply and related services within
the specified period.
c) Delivery and installation/ completion period may be extended with or without liquidated damages,
if the delay in the supply of goods or service is on account of hindrances beyond the control of the
supplier/ selected bidder.
i. The supplier/ selected bidder shall request in writing to the Purchaser giving reasons for
extending the delivery period of service, if he finds himself unable to complete the supply of
goods or service within the stipulated delivery period or is unable to maintain prorate progress
in the supply of goods or service delivery. This request shall be submitted as soon as a
hindrance in delivery of goods and service occurs or within 15 days from such occurrence but
before expiry of stipulated period of completion of delivery of goods and service after which
such request shall not be entertained.
ii. The Purchaser shall examine the justification of causes of hindrance in the delivery of goods
and service and the period of delay occurred due to that and recommend the competent
authority on the period of extension which should be granted with or without liquidated
damages.
iii. Normally, extension in delivery period of goods and service in following circumstances may be
considered without liquidated damages:
Page 49 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

a. When delay has occurred due to delay in supply of drawings, designs, plans etc. if the user
department or DoIT&C was required to supply them to the supplier of goods or service
provider as per terms of the contract.
b. When delay has occurred in supply of materials etc. if these were required to be supplied
to the supplier or service provider by the DoIT&C as per terms of the contract.
iv. If the competent authority agrees to extend the delivery period/ schedule, an amendment to
the contract with suitable denial clauses and with or without liquidated damages, as the case
may be, shall be issued. The amendment letter shall mention that no extra price or additional
cost for any reason, what so ever beyond the contracted cost shall be paid for the delayed
supply of goods and service.
v. It shall be at the discretion of the concerned authority to accept or not to accept the supply of
goods and/ or services rendered by the contractor after the expiry of the stipulated delivery
period, if no formal extension in delivery period has been applied and granted. The competent
authority shall have right to cancel the contract with respect to undelivered goods and/ or
service.
vi. If user department or DoIT&C is in need of the good and/ or service rendered after expiry of
the stipulated delivery period, it may accept the services and issue a letter of extension in
delivery period with usual liquidated damages and denial clauses to regularize the transaction.
d) In case of extension in the delivery and/ or installation/ completion/ commissioning period is
granted with full liquidated damages, the recovery shall be made on the basis of following
percentages of value of goods and/ or service which the supplier/ selected bidder has failed to
supply/ install/ complete : -

No. Condition LD %*
Delay up to one fourth period of the prescribed period of delivery, successful
a. 2.5 %
installation and completion of work
Delay exceeding one fourth but not exceeding half of the prescribed period of
b. 5.0 %
delivery, successful installation and completion of work
Delay exceeding half but not exceeding two fourth of the prescribed period of
c. 7.5 %
delivery, successful installation and completion of work
Delay exceeding two fourth of the prescribed period of delivery, successful
d. 10.0 %
installation and completion of work

i. Fraction of a day in reckoning period of delay in supplies, successful installation and

completion of work shall be eliminated, if it is less than half a day.
ii. The maximum amount of liquidated damages shall be 10% of the contract value.

Page 50 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

iii. *The percentage refers to the payment due for the associated works/ goods/ service.

18) Limitation of Liability

Except in cases of gross negligence or wilful misconduct: -

a) neither party shall be liable to the other party for any indirect or consequential loss or damage,
loss of use, loss of production, or loss of profits or interest costs, provided that this exclusion shall
not apply to any obligation of the supplier/ selected bidder to pay liquidated damages to the
Purchaser; and
b) the aggregate liability of the supplier/ selected bidder to the Purchaser, whether under the
Contract, in tort, or otherwise, shall not exceed the amount specified in the Contract, provided
that this limitation shall not apply to the cost of repairing or replacing defective equipment, or to
any obligation of the supplier/ selected bidder to indemnify the Purchaser with respect to patent
infringement.

19) Force Majeure

a) The supplier/ selected bidder shall not be liable for forfeiture of its PSD, LD, or termination for
default if and to the extent that it’s delay in performance or other failure to perform its obligations
under the Contract is the result of an event of Force Majeure.
b) For purposes of this Clause, “Force Majeure” means an event or situation beyond the control of
the supplier/ selected bidder that is not foreseeable, is unavoidable, and its origin is not due to
negligence or lack of care on the part of the supplier/ selected bidder. Such events may include,
but not be limited to, acts of the Purchaser in its sovereign capacity, wars or revolutions, fires,
floods, epidemics, quarantine restrictions, and freight embargoes.
c) If a Force Majeure situation arises, the supplier/ selected bidder shall promptly notify the DoIT&C
in writing of such conditions and cause thereof within 15 days of occurrence of such event. Unless
otherwise directed by DoIT&C, the supplier/ selected bidder shall continue to perform its
obligations under the contract as far as reasonably practical.
d) If the performance in whole or part or any obligation under the contract is prevented or delayed
by any reason of Force Majeure for a period exceeding 60 days, either party at its option may
terminate the contract without any financial repercussion on either side.
e) In case a Force Majeure situation occurs with the user department or DoIT&C, the user
department or DoIT&C may take the case with the supplier/ selected bidder on similar lines.

Page 51 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

20) Change Orders and Contract Amendments

a) The Purchaser may at any time order the supplier/ selected bidder through Notice in accordance
with clause “Notices” above, to make changes within the general scope of the Contract in any one
or more of the following: -
i. drawings, designs, or specifications, where Goods to be furnished under the Contract are to be
specifically manufactured for the Purchaser;
ii. the method of shipment or packing;
iii. the place of delivery; and
iv. the related services to be provided by the supplier/ selected bidder.
b) If any such change causes an increase or decrease in the cost of, or the time required for, the
supplier’s/ selected bidder’s performance of any provisions under the Contract, an equitable
adjustment shall be made in the Contract Price or in the Delivery and Completion Schedule, or
both, and the Contract shall accordingly should be amended. Any claims by the supplier/ selected
bidder for adjustment under this clause must be asserted within thirty (30) days from the date of
the supplier’s/ selected bidder’s receipt of the Purchaser’s change order.
c) Prices to be charged by the supplier/ selected bidder for any related services that might be needed
but which were not included in the Contract shall be agreed upon in advance by the parties and
shall not exceed the prevailing rates charged to other parties by the supplier/ selected bidder for
similar services.

21) Termination
a) Termination for Default

i. The tender sanctioning authority of DoIT&C may, without prejudice to any other remedy for
breach of contract, by a written notice of default of at least 30 days sent to the supplier/
selected bidder, terminate the contract in whole or in part: -
a. If the supplier/ selected bidder fails to deliver any or all quantities of the service within the
time period specified in the contract, or any extension thereof granted by DoIT&C; or
b. If the supplier/ selected bidder fails to perform any other obligation under the contract
within the specified period of delivery of service or any extension granted thereof; or
c. If the supplier/ selected bidder, in the judgement of the Purchaser, is found to be engaged
in corrupt, fraudulent, collusive, or coercive practices in competing for or in executing the
contract.
d. If the supplier/ selected bidder commits breach of any condition of the contract.

Page 52 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ii. If DoIT&C terminates the contract in whole or in part, amount of PSD may be forfeited.
iii. Before cancelling a contract and taking further action, advice of senior most finance person
available in the office and of legal adviser or legal assistant posted in the office, if there is one,
may be obtained.

b) Termination for Insolvency

DoIT&C may at any time terminate the Contract by giving a written notice of at least 30 days to the
supplier/ selected bidder, if the supplier/ selected bidder becomes bankrupt or otherwise
insolvent. In such event, termination will be without compensation to the supplier/ selected
bidder, provided that such termination will not prejudice or affect any right of action or remedy
that has accrued or will accrue thereafter to DoIT&C.

c) Termination for Convenience

i. DoIT&C, by a written notice of at least 30 days sent to the supplier/ selected bidder, may
terminate the Contract, in whole or in part, at any time for its convenience. The Notice of
termination shall specify that termination is for the Purchaser’s convenience, the extent to
which performance of the supplier/ selected bidder under the Contract is terminated, and the
date upon which such termination becomes effective.
ii. Depending on merits of the case the supplier/ selected bidder may be appropriately
compensated on mutually agreed terms for the loss incurred by the contract if any due to such
termination.
iii. The Goods that are complete and ready for shipment within twenty-eight (28) days after the
supplier’s/ selected bidder’s receipt of the Notice of termination shall be accepted by the
Purchaser at the Contract terms and prices. For the remaining Goods, the Purchaser may elect:
a. To have any portion completed and delivered at the Contract terms and prices; and/or
b. To cancel the remainder and pay to the supplier/ selected bidder an agreed amount for
partially completed Goods and Related Services and for materials and parts previously
procured by the supplier/ selected bidder.

22) Exit Management

a)Preamble
i. The word ‘parties’ include the procuring entity and the selected bidder.
ii. This Schedule sets out the provisions, which will apply on expiry or termination of the
Project Implementation and Operations and Management of SLA.
Page 53 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

iii. In the case of termination of the Project Implementation and/ or Operation and
Management SLA due to illegality, the Parties shall agree at that time whether, and if so
during what period, the provisions of this Schedule shall apply.
iv. The Parties shall ensure that their respective associated entities carry out their respective
obligations set out in this Exit Management Schedule.
b) Transfer of Assets
i. The selected bidder may continue work on the assets for the duration of the exit
management period which may be aas decided by purchaser period from the date of expiry
or termination of the agreement, if required by DoIT&C to do so. During this period, the
selected bidder will transfer all the assets in good working condition and as per the
specifications of the bidding document including the ones being upgraded to the
department/ designated agency. The security deposit/ performance security submitted by
selected bidder will only be returned after the successful transfer of the entire project
including its infrastructure.
ii. The selected bidder, if not already done, will transfer all the Software Licenses under the
name of the DoIT&C as desired by the procuring entity during the exit management period.
iii. DoIT&C during the project implementation phase and the operation and management phase
shall be entitled to serve notice in writing to the selected bidder at any time during the exit
management period requiring the selected bidder to provide DoIT&C or its nominated
agencies with a complete and up-to-date list of the assets within 30 days of such notice.
iv. Upon service of a notice, as mentioned above, the following provisions shall apply: -
a. In the event, if the assets which to be transferred to DoIT&C mortgaged to any financial
institutions by the selected bidder, the selected bidder shall ensure that all such liens
and liabilities have been cleared beyond any doubt, prior to such transfer. All documents
regarding the discharge of such lien and liabilities shall be furnished to DoIT&C or its
nominated agencies.
b. All title of the assets to be transferred to DoIT&C or its nominated agencies pursuant to
clause(s) above shall be transferred on the last day of the exit management period. All
expenses occurred during transfer of assets shall be borne by the selected bidder.
c. That on the expiry of this clause, the selected bidder and any individual assigned for the
performance of the services under this clause shall handover or cause to be handed over
all confidential information and all other related material in its possession, including the
entire established infrastructure supplied by selected bidder to DoIT&C.

Page 54 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

d. That the products and technology delivered to DoIT&C during the contract term or on
expiry of the contract duration should not be sold or re-used or copied or transferred by
selected bidder to other locations apart from the locations mentioned in the this bidding
document without prior written notice and approval of DoIT&C. Supplied hardware,
software & documents etc., used by selected bidder for DoIT&C shall be the legal
properties of DoIT&C.
c) Cooperation and Provision of Information during the exit management period
i. The selected bidder will allow DoIT&C or its nominated agencies access to the information
reasonably required to define the current mode of operation associated with the provision
of the services to enable DoIT&C or its nominated agencies to assess the existing services
being delivered.
ii. The selected bidder shall provide access to copies of all information held or controlled by
them which they have prepared or maintained in accordance with the Project
Implementation, the Operation and Management SLA and SOWs relating to any material
aspect of the services provided by the selected bidder. DoIT&C or its nominated agencies
shall be entitled to copy all such information comprising of details pertaining to the services
rendered and other performance data. The selected bidder shall permit DoIT&C or its
nominated agencies and/ or any replacement operator to have reasonable access to its
employees and facilities as reasonably required by DoIT&C or its nominated agencies to
understand the methods of delivery of the services employed by the selected bidder and to
assist appropriate knowledge transfer.
d) Confidential Information, Security and Data
The selected bidder will promptly on the commencement of the exit management period supply
to DoIT&C or its nominated agencies the following:
i. Documentation relating to Intellectual Property Rights;
ii. Project related data and confidential information;
iii. All current and updated data as is reasonably required for purposes of DoIT&C or its
nominated agencies transitioning the services to its replacement selected bidder in a readily
available format nominated by DoIT&C or its nominated agencies; and
iv. All other information (including but not limited to documents, records and agreements)
relating to the services reasonably necessary to enable DoIT&C or its nominated agencies, or
its replacement operator to carry out due diligence in order to transition the provision of the
services to DoIT&C or its nominated agencies, or its replacement operator (as the case may
be).

Page 55 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

v. Before the expiry of the exit management period, the selected bidder shall deliver to DoIT&C
or its nominated agencies all new or up-dated materials from the categories set out above
and shall not retain any copies thereof, except that the selected bidder shall be permitted to
retain one copy of such materials for archival purposes only.
e)Transfer of certain agreements
i. On request by Procuring entity or its nominated agencies, the selected bidder shall effect
such assignments, transfers, innovations, licenses and sub-licenses as Procuring entity or its
nominated agencies may require in favour of procuring entity or its nominated agencies, or
its replacement operator in relation to any equipment lease, maintenance or service
provision agreement between selected bidder and third party leasers, operators, or
operator, and which are related to the services and reasonably necessary for carrying out of
the replacement services by DoIT&C or its nominated agencies, or its replacement operator.
ii. Right of Access to Premises: At any time during the exit management period and for such
period of time following termination or expiry of the SLA, where assets are located at the
selected bidder’s premises, the selected bidder will be obliged to give reasonable rights of
access to (or, in the case of assets located on a third party's premises, procure reasonable
rights of access to DoIT&C or its nominated agencies, and/ or any replacement operator in
order to inventory the assets.
f) General Obligations of the selected bidder
i. The selected bidder shall provide all such information as may reasonably be necessary to
effect as seamless during handover as practicable in the circumstances to DoIT&C or its
nominated agencies or its replacement operator and which the operator has in its
possession or control at any time during the exit management period.
ii. The selected bidder shall commit adequate resources to comply with its obligations under
this Exit Management Clause.
g)Exit Management Plan
i. The selected bidder shall provide DoIT&C or its nominated agencies with a recommended
exit management plan ("Exit Management Plan") which shall deal with at least the following
aspects of exit management in relation to the SLA as a whole and in relation to the Project
Implementation, the Operation and Management SLA and SOWs.
ii. A detailed program of the transfer process that could be used in conjunction with a
replacement operator including details of the means to be used to ensure continuing
provision of the services throughout the transfer process or until the cessation of the
services and of the management structure to be used during the transfer; and

Page 56 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

iii. Plans for the communication with such of the selected bidder's, staff, suppliers, customers
and any related third party as are necessary to avoid any material detrimental impact on
DoIT&C operations as a result of undertaking the transfer; and
iv. If applicable, proposed arrangements and Plans for provision of contingent support in terms
of business continuance and hand holding during the transition period, to DoIT&C or its
nominated agencies, and Replacement Operator for a reasonable period, so that the services
provided continue and do not come to a halt.
v. The Bidder shall re-draft the Exit Management Plan annually after signing of contract to
ensure that it is kept relevant and up to date.
vi. Each Exit Management Plan shall be presented by the selected bidder to and approved by
DoIT&C or its nominated agencies.
vii. In the event of termination or expiry of SLA, Project Implementation, Operation and
Management SLA or SOWs each party shall comply with the Exit Management Plan.
viii. During the exit management period, the selected bidder shall use its best efforts to deliver
the services.
ix. Payments during the Exit Management period shall be made in accordance with the Terms
of Payment Clause.
x. It would be the responsibility of the selected bidder to support new operator during the
transition period.

23) Settlement of Disputes

Any disputes which may arise out of this Agreement, and which cannot be settled in discussions or
negotiations between the Parties, shall be referred to the appropriate management or higher
authorities of the respective parties to resolve such dispute in good faith. In case no settlement is
reached the parties shall refer it to a sole arbitrator appointed and selected by parties. Arbitration
shall be conducted in accordance with the provisions of the Arbitration and Conciliation (Amendment)
Act, 2015 or any other subsequent modifications or enactments thereof. The venue for Arbitration
proceedings shall be Jaipur or any suitable place agreed by all parties. The Arbitration shall be
conducted in English Language and the award shall be binding upon all Parties.

Page 57 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

7. SPECIAL TERMS AND CONDITIONS OF TENDER & CONTRACT

1) Payment Terms and Schedule

a) Payment schedule - Payments to the successful/selected bidder shall be made after successful completion
of the target milestones (including specified project deliverables), as specified in payment schedule in
section 4.2 of this RFP document

b) The supplier’s/ selected bidder’s request for payment shall be made to the purchaser in writing,
accompanied by invoices describing, as appropriate, the goods delivered and related services performed,
and by the required documents submitted pursuant to general conditions of the contract and upon
fulfilment of all the obligations stipulated in the Contract.

c) Due payments shall be paid to selected bidder promptly by purchaser upon submission of deliverables and
invoices.

d) The currency or currencies in which payments shall be made to the supplier/ selected bidder under this
Contract shall be Indian Rupees (INR) only.

e) In case of disputed items, the disputed amount shall be withheld and will be paid only after settlement of
the dispute.

f) Payment in case of those goods which need testing shall be made only when such tests have been carried
out, test results received conforming to the prescribed specification.

g) Any penalties/ liquidated damages, as applicable, for delay and non-performance, as mentioned in this
bidding document, will be deducted from the payments for the respective milestones.

h) Taxes, as applicable, will be deducted/ paid, as per the prevalent rules and regulations.

2) Service Level Standards/ Requirements/ Agreement

a) Purpose & Duration of SLA: The SLA purpose is to enforce a contract between the selected bidder and
Purchaser. The SLA would come into effect from the date of agreement and until the successful completion
of the onsite warranty/operations & maintenance period.

b) Penalty for Not Meeting the SLAs (Regular annual Audit of entire Aadhaar Ecosystem of Rajasthan UID
Project including AUA, ASA and Sub-AUAs):
The selected bidder has to achieve the service level standards for achieving the milestones as per timelines
defined in section 4 of this RFP. If the selected bidder fails to meet the timelines as mentioned in section 4 of
this RFP than penalty asmentioned below shall be levied on selected bidder:-
Page 58 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

a) Delay up to one month of the prescribed timeline to 10% of the total amount payable for that particular
achieve the targeted milestone and submission of its milestone.

deliverables.

b) Delay exceeding one month but less than two 15% of the total amount payable for that particular
month of the prescribed timeline to achieve the milestone.
targeted milestone and submission of its deliverables.

c) Delay exceeding two month but less than three 20% of the total amount payable for that particular
month of the prescribed timeline to achieve the milestone.
targeted milestone and submission of its deliverables.

An upper cap of 20% of total project purchase order can be levied as penalty in complete project duration, post
which purchaser reserves the right to terminate the agreement.

Note: Any delay/ non-performance, not attributable to the selected bidder, shall not be taken into account
while computing adherence to service levels but the selected bidder shall submit sufficient records/
documents that the delay/ non-performance is not on his part.

3) Special Conditions of the Bid

Price Validity- The quoted rate will remain unchanged during the entire contract period. However the
Contract may be extended further for another One (01) Year on the basis of same terms and conditions by
mutual consent.
Additional Work Orders- Number of Sub-AUAs registered under AUA-DoIT&C may increase during the
contract period. In this case, additional work orders on same rates may be issued to the selected bidders
on same terms and conditions. Total price of additional work orders may not exceed the 50% value of
estimated procurement cost.

Page 59 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-1: Requesting Entity compliance Checklist V2.0

UIDAI, Govt of India has issued “Requesting Entity Compliance Checklist V2.0” vide its order dated:
30-01-2019. This complete order may be found here:
[Link]

Page 60 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-2: PRE-BID QUERIES FORMAT

Name of the Company/Firm:

Name of Person(s) Representing the Company/ Firm:

Name of Person Designation Email-ID(s) Tel. Nos. & Fax Nos.

Company/Firm Contacts:

Contact Person(s) Address for Email-ID(s) Tel. Nos. & Fax Nos.
Correspondence

Query / Clarification Sought:

[Link]. RFP Page RFP Rule Rule Details Query/ Suggestion/

No. No. Clarification

Note: - Queries must be strictly submitted only in the prescribed format (.XLS/ .XLSX/ .PDF). Queries not
submitted in the prescribed format will not be considered/ responded at all by the procuring entity.

Page 61 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-3: BIDDER’S AUTHORIZATION CERTIFICATE {to be submitted by the bidder on his Letter head}

(Enclose copy of PoA (Power of Attorney)/Board resolution stating that Auth. Signatory can sign the bid/
contract on behalf of the firm)

To,

{Procuring entity},

______________________________,

______________________________,

I/ We {Name/ Designation} hereby declare/ certify that {Name/ Designation} is hereby authorized to sign
relevant documents on behalf of the company/ firm in dealing with NIB reference No.
______________________ dated _________. He/ She is also authorized to attend meetings & submit
technical & commercial information/ clarifications as may be required by you in the course of processing
the Bid. For the purpose of validation, his/ her verified signatures are as under.

Thanking you,

Name of the Bidder: - Verified Signature:

Authorised Signatory: -

Seal of the Organization: -

Date:

Place:

Page 62 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-4: SELF-DECLARATION {to be submitted by the bidder on his Letter head}

To,

{Procuring entity},

______________________________,

In response to the NIB Ref. No. _____________________________ dated ___________ for {Project Title},
as an Owner/ Partner/ Director/ Auth. [Link] ____________________________________, I/ We hereby
declare that presently our Company/ firm _________________, at the time of bidding,: -
a) possess the necessary professional, technical, financial and managerial resources and competence
required by the Bidding Document issued by the Procuring Entity;
b) have fulfilled my/ our obligation to pay such of the taxes payable to the Union and the State
Government or any local authority as specified in the Bidding Document;
c) is having unblemished record and is not declared ineligible for corrupt & fraudulent practices either
indefinitely or for a particular period of time by any State/ Central government/ PSU/ UT.
d) does not have any previous transgressions with any entity in India or abroad during the last 3 years
e) does not have any debarment by any other procuring entity
f) isnot insolvent in receivership, bankrupt or being wound up, not have its affairs administered by a
court or a judicial officer, not have its business activities suspended and is not the subject of legal
proceedings for any of the foregoing reasons;
g) does not have, and ourdirectors and officers not have been convicted of any criminal offence related
to their professional conduct or the making of false statements or misrepresentations as to their
qualifications to enter into a procurement contract within a period of two years preceding the
commencement of the procurement process, or not have been otherwise disqualified pursuant to
debarment proceedings;
h) does not have conflict of interest as mentioned in the bidding document which materially affects the
fair competition.
i) will comply with the code of integrity as specified in the bidding document.
If this declaration is found to be incorrect then without prejudice to any other action that may be taken as
per the provisions of the applicable Act and Rules thereto prescribed by GoR, my/ our security may be
forfeited in full and our bid, to the extent accepted, may be cancelled.
Thanking you,

Name of the Bidder: -

Authorised Signatory: -
Seal of the Organization: -
Date:

Place:

Page 63 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-5: CERTIFICATE OF CONFORMITY/ NO DEVIATION {to be submitted by the bidder on his Letter
head}

To,

{Procuring Entity},

______________________________,

CERTIFICATE

This is to certify that, that there are no deviations/will not be any deviation of any kind from the
requirement or deliverables for security audit work of Aadhaar Authentication ecosystem of DoIT&C.

Also, I/ we have thoroughly read the bidding document and by signing this certificate, we hereby submit
our token of unconditional acceptance to all the terms & conditions of the bidding document without any
deviations.

I/ We also certify that the price I/ we have quoted is inclusive of all the cost factors involved in the end-to-
end implementation and execution of the project, to meet the desired Standards set out in the bidding
Document.

Thanking you,

Name of the Bidder: -

Authorised Signatory: -

Seal of the Organization: -

Date:

Place:

Page 64 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-6: FINANCIAL BID COVER LETTER & FORMAT

COVER LETTER {to be submitted by the bidder on his Letter head}

To,

The Commissioner and Joint Secretary,

DoIT&C, IT Building, Yojana Bhawan Campus,
Tilak Marg, C-Scheme, Jaipur-302005 (Rajasthan)

Reference: NIB No. : ___________________________________ Dated: __________

Dear Sir,

We, the undersigned bidder, having read & examined in detail, the bidding document, the receipt of
which is hereby duly acknowledged, I/ we, the undersigned, offer to supply/ work in conformity with the
said bidding document.

I/ We undertake that/ to: -

 thequoted prices are in conformity with the requirements prescribed. The quote/ price are
inclusive of all cost likely to be incurred for executing this work. The prices are exclusive of all type
of govt. taxes/duties as mentioned in the financial bid (BoQ), as the GST shall be paid as per
prevailing rate.
 if awarded the contract, I/ we shall submit the prescribed performance security deposit and shall
supply/ work in accordance with the prescribed timelines.
 abide by this bid for a period of _____ days after the last date fixed for bid submission and it shall
remain binding upon us and may be accepted at any time before the expiry of that period.
 until a formal contract is prepared and executed, this bid, together with your written acceptance
thereof and your notification of award shall constitute a binding Contract between us.
 our bid is made in good faith, without collusion or fraud and the information contained in the bid is
true and correct to the best of our knowledge and belief.
 you are not bound to accept the lowest or any bid you may receive.

We unconditionally agree to all the terms & conditions as mentioned in the bidding document and submit
that we have not submitted any deviations in this regard.

Date:
Authorized Signatory
Name:
Designation:

Page 65 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information Security Audit of Aadhaar Authentication
Ecosystem for the period of Five Years

Financial Bid Format

{To be submitted by the bidder only in BoQ format (.XLS) available at e-Procurement portal}
The Bidders needs to submit their Financial Proposal at e-procurement website as per the below mentioned templates:
NOTE: Following is template only. Bidders should only mention financial rates in BOQ and upload same on e-procurement website
Name of Work: RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information Security Audit of Aadhaar Authentication Ecosystem for the
period of Five Years
Reference No. F11(47)/DoIT&C/2022/00148/2022 Dated: 31-05-2022
Bidder Name:
SCHEDULE OF WORKS
(This BOQ template must not be modified/ replaced by the bidder and the same should be uploaded after filling the relevant columns, else the bidder is liable to
be rejected for this tender. Bidders are allowed to enter the Bidder Name and Values only)
1 2 3 4 5 6
S. Item Description Quantity Unit Per Unit Price Total Price Excluding GST
No. (For Five Excluding GST (in INR)
Years) (in INR)
(5*3)

1 Annual Information Security Audit of

DoIT&C AUA, ASA as per “Requesting Entity 5 Annual Information Security
compliance Checklist V2.0” of UIDAI and as Audit
per latest guidelines issued by UIDAI
2 Annual Information Security Audit of Sub- Annual Information Security
AUAs as per “Requesting Entity compliance 70 Audit
Checklist V2.0” of UIDAI and as per latest
guidelines issued by UIDAI
Total (in INR)
Total (in words): Rs.
GST shall be paid as per prevailing rates

Page 66 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for
Information Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-7: BANK GUARANTEE FORMAT {to be submitted by the bidder’s bank}

BANK GUARANTEE FORMAT – PERFORMANCE SECURITY (PBG)

(To be stamped in accordance with Stamp Act and on a Stamp Paper purchased from Rajasthan State only
and to be issued by a Nationalised/ Scheduled bank having its branch at Jaipur and payable at par at
Jaipur, Rajasthan)

To,
The Commissioner and Joint Secretary,
Department of Information Technology & Communications (DoIT&C),
IT Building, Yojana Bhawan Campus, Tilak Marg,
C-Scheme, Jaipur-302005 (Rajasthan)

1. In consideration of the Department of Information Technology & Communications (hereinafter called

"DoIT&C") having agreed to exempt M/s ..........................(hereinafter called "the said Contractor(s)"
from the demand, under the terms and conditions of an Work Order/LOI No..................................dated
.....................made between the DoIT&C through …………………… and .......................(Contractor) for the
work .................(hereinafter called "the said Agreement") of Security Deposit for the due fulfilment by
the said Contractor (s) of the terms and conditions contained in the said Agreement, on production of
a Bank Guarantee for Rs...................(rupees ........................................only), we ...................(indicate the
name of the Bank), (hereinafter referred to as "the Bank") at the request of ..................Contractor(s)
do hereby undertake to pay to the DoIT&C an amount not exceeding
Rs...................(Rupees..................................only) on demand.
2. We................. (Indicate the name of Bank), do hereby undertake to pay Rs....................
(Rupees............................only), the amounts due and payable under this guarantee without any demur
or delay, merely on a demand from the DoIT&C. Any such demand made on the bank by the DoIT&C
shall be conclusive as regards the amount due and payable by the Bank under this guarantee. The Bank
Guarantee shall be completely at the disposal of the DoIT&C and We....................... (Indicate the name
of Bank), bound ourselves with all directions given by DoIT&C regarding this Bank Guarantee. However,
our liability under this guarantee shall be restricted to an amount not exceeding Rs......................
(Rupees....................only).
3. We.......................(indicate the name of Bank), undertake to pay to the DoIT&C any money so
demanded notwithstanding any dispute or disputes raised by the contractor(s) in any suit or
proceeding pending before any Court or Tribunal or Arbitrator etc. relating thereto, our liability under
these presents being absolute, unequivocal and unconditional.
4. We.....................(indicate the name of Bank) further agree that the performance guarantee herein
contained shall remain in full force and effective up to <DATE> and that it shall continue to be
enforceable for above specified period till all the dues of DoIT&C under or by virtue of the said
Agreement have been fully paid and its claims satisfied or discharged or till the DoIT&C certifies that
the terms and conditions of the said Agreement have been fully and properly carried out by the said
Contractor(s) and accordingly discharges this guarantee.
5. We ...........................(indicate the name of Bank) further agree with the DoIT&C that the DoIT&C shall
have the fullest liberty without our consent and without affecting in any manner our obligations
hereunder to vary any of the terms and conditions of the said Agreement or to extend time of
Page 67 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

performance by the said Contractor(s) from time to time or to postpone for any time or from time to
time any of the powers exercisable by the DoIT&C against the said Contractor(s) and to forbear or
enforce any of the terms and conditions relating to the said Agreement and we shall not be relieved
from our liability by reason of any such variation, or extension being granted to the said Contractor(s)
or for any forbearance, act or omission on the part of the DoIT&C or any indulgence by the DoIT&C to
the said Contractor(s) or by any such matter or thing whatsoever which would but for this provision,
have effect of so relieving us.
6. The liability of us ............................. (indicate the name of Bank), under this guarantee will not be
discharged due to the change in the constitution of the Bank or the contractor(s).
7. We .............................. (indicate the name of Bank), lastly undertake not to revoke this guarantee
except with the previous consent of the DoIT&C in writing.
8. This performance Guarantee shall remain valid and in full effect, until it is decided to be discharged by
the DoIT&C. Notwithstanding anything mentioned above, our liability against this guarantee is
restricted to Rs........................... (Rupees..............................only).
9. It shall not be necessary for the DoIT&C to proceed against the contractor before proceeding against
the Bank and the guarantee herein contained shall be enforceable against the Bank notwithstanding
any security which the DoIT&C may have obtained or obtain from the contractor.
10. We .............................. (indicate the name of Bank) verify that we have a branch at Jaipur. We
undertake that this Bank Guarantee shall be payable at any of its branch at Jaipur. If the last day of
expiry of Bank Guarantee happens to be a holiday of the Bank, the Bank Guarantee shall expire on the
close of the next working day.
11. We hereby confirm that we have the power(s) to issue this guarantee in your favour under the
memorandum and articles of Association/constitution of our bank and the undersigned is/are the
recipient of authority by express delegation of power(s) and has/have full power(s) to execute this
guarantee for the power of attorney issued by the bank.

Dated..........................day of....................For and on behalf of the <Bank> (indicate the Bank)

Signature

(Name & Designation)

Bank's Seal

The above performance Guarantee is accepted by the DoIT&C

For and on behalf of the DoIT&C

Signature

Page 68 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

(Name & Designation)

ANNEXURE-8: DRAFT AGREEMENT FORMAT

This Contract is made and entered into on this ______day of ________, 2022 by and between Department
of Information Technology & Communications (DoIT&C), having its head office at IT Building, Yojana
Bhawan Campus, Tilak Marg, C-Scheme, Jaipur-302005 (Rajasthan) (herein after referred to as Purchaser/
DoIT&C) which term or expression, unless excluded by or repugnant to the subject or context, shall
include his successors in office and assignees on ONE PART

And

M/s__________________, a company registered under _______________________ with its registered

office at _____________________ (herein after referred as the “Successful Bidder/ Supplier”) which term
or expression, unless excluded by or repugnant to the subject or context, shall include his successors in
office and assignees on the OTHER PART.

Whereas,
Purchaser is desirous of appointing an agency for <project title>as per the Scope of Work and Terms and
Conditions as set forth in the RFP document dated _________ of <NIB No _________________>.

And whereas

M/s______________represents that it has the necessary experience for carrying out the overall work as
referred to herein and has submitted a bid and subsequent clarifications for providing the required
services against said NIB and RFP document issued in this regard, in accordance with the terms and
conditions set forth herein and any other reasonable requirements of the Purchaser from time to time.

And whereas

Purchaser has accepted the bid of supplier and has placed the Work Order/LOI vide Letter No.
__________________dated _______, on which supplier has given their acceptance vide their Letter
No._____________ dated ____________.

And whereas

The supplier has deposited a sum of Rs. ________________/- (Rupees _________________) in the form of
__________________ ref no. _________________ dated ______________ of ____________ Bank and
valid up to _____________ as security deposit for the due performance of the contract.

Now it is hereby agreed to by and between both the parties as under: -

1. The NIB Ref. No. ____________________________ dated ___________ and RFP document dated
_________ issued by DoIT&C along with its enclosures/ annexures, wherever applicable, are deemed
to be taken as part of this contract and are binding on both the parties executing this contract.

Page 69 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

2. In consideration of the payment to be made by DoIT&C to supplier at the rates set forth in the work
order no. ____________________ dated _________ will duly supply the said articles set forth in
“Annexure-I: Bill of Material” thereof and provide related services in the manner set forth in the RFP,
along with its enclosures/ annexures and Technical Bid along with subsequent clarifications submitted
by supplier.
3. The DoIT&C do hereby agree that if supplier shall duly supply the said articles and provide related
services in the manner aforesaid observe and keep the said terms and conditions of the RFP and
Contract, the DoIT&C will pay or cause to be paid to supplier, at the time and the manner set forth in
the said conditions of the RFP, the amount payable for each and every project milestone & deliverable.
The mode of Payment will be as specified in the RFP document.
4. The timelines for the prescribed Scope of Work, requirement of services and deployment of technical
resources shall be affected from the date of work order i.e. ____________ and completed by supplier
within the period as specified in the RFP document.
5. In case of extension in the delivery and/ or installation period/ completion period with liquidated
damages, the recovery shall be made on the basis of following percentages of value of stores/ works
which supplier has failed to supply/ install/ complete: -
a) Delay up to one fourth period of the prescribed delivery period, successful 2.5%
installation & completion of work
b) Delay exceeding one fourth but not exceeding half of the prescribed delivery 5.0%
period, successful installation & completion of work.
c) Delay exceeding half but not exceeding two fourth of the prescribed delivery 7.5%
period, successful installation & completion of work.
d) Delay exceeding two fourth of the prescribed delivery period, successful 10.0%
installation & completion of work.
Note:
i. Fraction of a day in reckoning period of delay in supplies/ maintenance services shall be
eliminated if it is less than half a day.
ii. The maximum amount of agreed liquidated damages shall be 10%.
iii. If supplier requires an extension of time in completion of contractual supply on account of
occurrence of any hindrances, he shall apply in writing to the authority which had placed the
work order, for the same immediately on occurrence of the hindrance but not after the
stipulated date of completion of supply.
iv. Delivery period may be extended with or without liquidated damages if the delay in the supply of
goods in on account of hindrances beyond the control of supplier.
6. All disputes arising out of this agreement and all questions relating to the interpretation of this
agreement shall be decided as per the procedure mentioned in the RFP document.

In witness whereof the parties have caused this contract to be executed by their Authorized Signatories on
this _____day of _______________, 2022.

Signed By: Signed By:

Page 70 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

()
Designation: Authorized Signatory
Company: Department of IT&C, Govt of Rajasthan

In the presence of: In the presence of:

( ) ()
Designation: Designation:
Company: Department of IT&C, Govt of Rajasthan

( ) ()
Designation: Designation:
Company: Department of IT&C, Govt of Rajasthan

Page 71 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-9: MEMORANDUM OF APPEAL UNDER THE RTPP ACT, 2012

Appeal No ………of ……………

Before the ………………………… (First/ Second Appellate Authority)

1. Particulars of appellant:
a. Name of the appellant: <please specify>
b. Official address, if any: <please specify>
c. Residential address: <please specify>

2. Name and address of the respondent(s):

a. <please specify>
b. <please specify>
c. <please specify>

3. Number and date of the order appealed against and name and designation of the officer/ authority
who passed the order (enclose copy), or a statement of a decision, action or omission of the procuring
entity in contravention to the provisions of the Act by which the appellant is aggrieved:<please
specify>

4. If the Appellant proposes to be represented by a representative, the name and postal address of the
representative:<please specify>

5. Number of affidavits and documents enclosed with the appeal:<please specify>

6. Grounds of appeal (supported by an affidavit):<please specify>

7. Prayer:<please specify>

Place …………………………………….

Date ……………………………………

Appellant's Signature

Page 72 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-10: FORMAT FOR SUBMISSION OF PROJECT REFERENCES FOR PRE-QUALIFICATION

EXPERIENCE

Project Name: Value of Contract/Work Order (In INR):

Country: Project Duration:
Location within country:
Name of Customer: Total No. of staff-months of the assignment (If-any):
Contact person with address, phone, fax Approx. value of the services provided by your
and e-mail: company under the contract (in INR):
Start date (month/year):
Completion date (month/year):
Name of associated Bidders, if any:
Narrative description of Project:
List of Services provided by your firm/company:

Note: Please attach a copy of the work order/ completion certificate/ purchase order/ letter from the
customer for each project reference.

Page 73 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

ANNEXURE-11: BANK GUARANTEE FORMAT FOR BID SECURITY

(To be stamped in accordance with Stamp Act and to be issued by a Nationalized/ Scheduled bank having
its branch at Jaipur and payable at par at Jaipur, Rajasthan)

To,
The Commissioner,
Department of Information Technology & Communications (DOIT&C),
IT Building, Yojana Bhawan Campus, Tilak Marg,C-Scheme, Jaipur-302005 (Raj).

Sir,

1. In accordance with your Notice Inviting Bid for <please specify the project title> vide NIB reference
no.<Pleasespecify> M/s. (Name & full address of the firm) (Hereinafter called the “Bidder”) hereby
submits the Bank Guarantee to participate in the said procurement/ bidding process as mentioned in
the bidding document.

It is a condition in the bidding documents that the Bidder has to deposit Bid Security amounting to
<Rs. _________(Rupees <in words>)> in respect to the NIB Ref. No._____________ dated
____________ issued by DoIT&C, IT Building, Yojana Bhawan Campus, Tilak Marg, C-Scheme,
Jaipur, Rajasthan (hereinafter referred to as “DoIT&C”) by a Bank Guarantee from a Nationalised
Bank/ Scheduled Commercial Bank having its branch at Jaipur irrevocable and operative till the bid
validity date (i.e. <please specify>days from the date ofsubmission ofbid). Itmay be extended if
required in concurrence with the bid validity.

And whereas the Bidder desires to furnish a Bank Guarantee for a sum of <Rs. (Rupees in
words>) to the DoIT&C as bid security deposit.

2. Now, therefore, we the (Bank), a body corporate constituted under the Banking Companies
(Acquisition and Transfer of Undertaking) Act. 1969 (delete, if not applicable) and branch Office at
(herein after referred to as the Guarantor) do hereby undertake and agree to pay forthwith on
demand in writing by the DoIT&C of the said guaranteed amount without any demur, reservation or
recourse.

3. We, the aforesaid bank, further agree that the DoIT&C shall be the sole judge of and as to whether the
Bidder has committed any breach or breaches of any of the terms costs, charges and expenses caused
to or suffered by or that may be caused to or suffered by the DoIT&C on account thereof to the extent
of the Bid security required to be deposited by the Bidder in respect of the said bidding document and
the decision of the DoIT&C that the Bidder has committed such breach or breaches and as to the
amount or amounts of loss, damage, costs, charges and expenses caused to or suffered by or that may
Page 74 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

be caused to or suffered by the DoIT&C shall be final and binding on us.

4. We, the said Bank further agree that the Guarantee herein contained shall remain in full force and
effect until it is released by the DoIT&C and it is further declared that it shall not be necessary for the
DoIT&C to proceed against the Bidder before proceeding against the Bank and the Guarantee herein
contained shall be invoked against the Bank, not withstanding any security which the DoIT&C may have
obtained or shall be obtained from the Bidder at any time when proceedings are taken against the
Bank for whatever amount that may be outstanding or unrealized under the Guarantee.
5. Any notice by way of demand or otherwise hereunder may be sent by special courier, telex, fax,
registered post or other electronic media to our address, as aforesaid and if sent by post, it shall be
deemed to have been given to us after the expiry of 48 hours when the same has been posted.
6. If it is necessary to extend this guarantee on account of any reason whatsoever, we undertake to
extend the period of this guarantee on the request of our constituent under intimation to you.
7. The right of the DoIT&C to recover the said amount of <Rs. (Rupees <in words>)> from us in manner
aforesaid will not be precluded/ affected, even if, disputes have been raised by the said M/s.
……….………………(Bidder) and/ or dispute or disputes are pending before any court, authority, officer,
tribunal, arbitrator(s) etc..
8. Not withstanding anything stated above, our liability under this guarantee shall be restricted to
<Rs._________ (Rupees<in words>)> and our guarantee shall remain in force till bid validity period i.e.
<please specify> days from the last date of bid submission and unless a demand or claim under the
guarantee is made on us in writing within three months after the Bid validity date, all your rights under
the guarantee shall be forfeited and we shall be relieved and discharged from all liability thereunder.
9. This guarantee shall be governed by and construed in accordance with the Indian Laws and we hereby
submit to the exclusive jurisdiction of courts of Justice in India for the purpose of any suit or action or
other proceedings arising out of this guarantee or the subject matter hereof brought by you may not
be enforced in or by such count.
10. We hereby confirm that we have the power/s to issue this Guarantee in your favour under the
Memorandum and Articles of Association/ Constitution of our bank and the undersigned is/are the
recipient of authority by express delegation of power/s and has/have full power/s to execute this
guarantee under the Power of Attorney issued by the bank in your favour.

Date ………………… (Signature) ……………………………………….

Place ………………… (Printed Name) ………………………………….
(Designation) ……………………………………
(Bank’s common seal) ………………………….

Page 75 of 76
 Draft RFP for Rate Contract for Selection of CERT-IN Certified Auditor for Information

Security Audit of Aadhaar Authentication Ecosystem for the period of Five Years

In presence of:

WITNESS (with full name, designation, address & official seal, if any) (1)

………………………………………
………………………………………

WITNESS (with full name, designation, address & official seal, if any) (2)

………………………………………
………………………………………

Bank Details

Name & address of Bank:

Name of contact person of Bank:

Contact telephone number:

Email:

GUIDELINES FOR SUBMISSION OF BANK GUARANTEE

The Bank Guarantee shall fulfil the following conditions in the absence of which they cannot be
considered valid: -

1. Bank Guarantee shall be executed on non- judicial stamp paper of applicable value purchased in the
name of the bank.
2. Two persons should sign as witnesses mentioning their full name, designation, address and office seal
(if any).
3. The Executor (Bank Authorities) may mention the power of attorney No. and date of execution in his/
her favour authorizing him/ her to sign the document. The Power of Attorney to be witnessed by two
persons mentioning their full name and address.
4. The Bank Guarantee should be executed by a Nationalised Bank/Scheduled Commercial Bank only.
5. Non – Judicial stamp paper shall be use d within 6 months from the date of Purchase of the same.
Bank Guarantee executed on the non-judicial stamp paper after 6 (six) months of the purchase of
such stamp paper shall be treated as non-valid.
6. Thecontents of Bank Guarantee shall be strictly as per format prescribed by DoIT&C.
7. Each page of Bank Guarantee shall bear signature and seal of the Bank and B.G. number.
8. All corrections, deletions etc. in the Bank Guarantee should be authenticated by signature of Bank
Officials signing the Bank Guarantee.

Page 76 of 76