REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VAPT) OF CORE BANKING SOLUTION, DATA CENTRE, DR SITE, NETWORKING INFRASTRUCTURE AND OTHER ALLIED SYSTEMS Ref No: MSCB/ITD/SYS-AUDIT/341/2019-20 The Maharashtra State Co-operative Bank Limited (Incorporating The Vidarbha Co-op Bank Ltd.) Sir Vithaldas Thackersey Memorial Building, 9, Maharashtra Chamber of Commerce Lane, Fort, Mumbai 400001. Last Date of Submission: 14 th March 2019 till 3:00 PM
12
Embed
REQUEST FOR PROPOSAL (RFP) FOR - mscbank.com for Information... · REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VAPT)
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
REQUEST FOR PROPOSAL (RFP) FOR
INFORMATION SYSTEM AUDIT AND VULNERABILITY ASSESSMENT AND PENETRATION TESTING (VAPT)
OF CORE BANKING SOLUTION, DATA CENTRE, DR SITE, NETWORKING
INFRASTRUCTURE AND OTHER ALLIED SYSTEMS
Ref No: MSCB/ITD/SYS-AUDIT/341/2019-20
The Maharashtra State Co-operative Bank Limited
(Incorporating The Vidarbha Co-op Bank Ltd.)
Sir Vithaldas Thackersey Memorial Building,
9, Maharashtra Chamber of Commerce Lane,
Fort, Mumbai 400001.
Last Date of Submission: 14th March 2019 till 3:00 PM
2 The Maharashtra State Co-operative Bank
REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VAPT
Table of Content 1. TENDER NOTICE .................................................................................................................................... 3
3. ABOUT MSCB ........................................................................................................................................ 3
4. ABOUT BANK COMPUTERISATION ........................................................................................................ 4
5. PRESENT STATUS .................................................................................................................................. 5
11. TERMS AND CONDITIONS ..................................................................................................................... 7
ANNEXURE I ................................................................................................................................................. 9
ANNEXURE II .............................................................................................................................................. 10
ANNEXURE III ............................................................................................................................................. 12
3 The Maharashtra State Co-operative Bank
REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VAPT
1. TENDER NOTICE Sealed commercial bids are invited from CERT-IN empanelled Information Security Auditing Organisations for
Information System Audit of Core Banking Solution, Digital Banking, Data Centre, DR Site, Networking
Infrastructure and Other Integrated Systems of The Maharashtra State Co-Operative Bank Ltd. (MSCB) Head Office,
Price of Tender Document Rs. 1000 (Rupees One Thousand) plus 18% GST By Cash/ NEFT to A/c No 0002117030003377 (IFS Code – MSCI0082002, title of account – Other receipts account)
Date of Commencement of Sale of Document 07th
March 2019 11:00 AM
Last date of submission of the Pre bid Queries 11th
March 2019 01:00 PM
Date of Pre-bid Meeting 11th
March 2019 03:00 PM
Last date of submission of Bids 14th
March 2019 03:00 PM
Opening of Offer 14th
March 2019 04:00 PM
Address for Communication: The Managing Director, The Maharashtra State Coop. Bank Ltd. Head Office, Sir Vithhaldas Thackersey Memorial Building, 9, Maharashtra Chambers of Commerce Lane, Fort, MUMBAI - 400001. Tel Nos: 022-22800527 / 22800711 Email: [email protected]
3. ABOUT MSCB
The Maharashtra State Cooperative Bank Ltd, Mumbai is a premier Co-operative institute at State level established
in 1911. It is rendering its services to its increasing number of clientele in more diversified and multifarious banking
services and facilities over last 10 decades and has established itself as a leader of co-operative movement in the
state of Maharashtra. It has been in the process of helping the economic development of rural Maharashtra
through its 6 regional offices 50 Branches in the State.
The main business of the MSCB can be classified as direct financing for the cooperative societies, engaged in
various fields like Sugar production, Marketing, Spinning Mills, various types of agriculture processing units; direct
financing to some State level and National level co-operatives and indirect financing through three tier system i.e.
MSCB at apex level, DCC Banks at middle level and primary agriculture societies at grass root level.
MSCB has 50 branches, 3 Extension Counters, Administrative Office, 6 regional offices and Head office that have
Infrasoft provides direct support for the CBS application. The bank has DC & DR which are managed by Dynacons.
The bank is direct member of NFS and is live on RuPay ATM, POS and ECOM services. It is live on Mobile Banking
services for its customers.
4 The Maharashtra State Co-operative Bank
REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VAPT
4. ABOUT BANK COMPUTERISATION
The MSCB initiated the process of computerization of its operations in a phased manner starting in 1998-99.
During the First Phase (1998 to 2003), MSCB covered banking operations at HO – Branch (which accounted for
majority of the Transactions), Treasury and Human Resources Department. The Vendor (Next-Step now known as
Data-Vision from Pune) developed the software as per the requirements of MSCB and implemented the same on a
Client –Server architecture at the HO.
During the second Phase of computerization (2003 to 2008), the MSCB computerized its Branches, Regional Offices
and Pay Offices Transactions. The Branches were computerized on distributed Total Branch Automation (“TBA”)
systems with Application Software called “OMNIE” provided and implemented by Infrasoft Technologies (India)
LTd (“ITL”). Although, the ITIL OMNIE (TBA) was a industry standard TBA product, it required considerable
customization in view of peculiar nature of MSCB operations as an apex state level co-operative Bank. During this
Phase, the Bank successfully implemented RTGS application as per RBI requirement. The Bank also installed a
readymade product KASTLE from 3i Infotech for Treasury, Risk Management / Asset Liability Management (“ALM”)
operations. The Bank also introduced DMAT services for Share transactions and implemented Software Application
from CMC for back-office management in due course. The Bank also established in Jan 2007 well equipped in
house IT / Computer Training Centre at its premises at Vashi.
In the third Phase of computerization (2008 to2011), MSCB focused on implementation of the Core Banking
Software and development of an effective and timely MIS. In addition the Bank attempted to cover other
corporate function like International Banking Transactions, Bank Guarantees, and Letter of Credits etc. By the time
computerization of Branches was nearing completion, the Bank realized the need to implement the Core Banking
System (“CBS”) with centralized architecture so as to cater to functional requirements of the Bank, client /
customer expectations for new services, and technological advancements. Therefore, during 2009, the Bank
decided to migrate it operations to CBS (from TBA).
In view of the large customization requirements, familiarity of the MSCB specific functionality and to maintain
continuity of operations including User Interface of the Application, it was decided to select and implement ITL’s
“OMNI Enterprise 2.0” application software product to ensure smooth transition from TBA to CBS.
Implementation of CBS: During April 2009 to March 2011, the Bank has completed the various activities towards
implementation of CBS as mentioned below in brief:
Establishment of Data Center (“DC”) at HO Mumbai
Establishment of Disaster Recovery (“DR”) Site at RO, Pune
Installation of Computer Hardware, Networking Equipments, System Software for Data-center for CBS.
Provision of Connectivity / Bandwidth for DC, DR, Regional Office (“RO”), Pay Offices (“PO”) and Branches
Migration of HO Branch - Application and Data to OMNI Enterprise CBS software
Provision of Facility Management Services (“FMS”) at DC & DR to manage the DC and DR operations.
Installation of Oracle Database Servers, Benchmarking, and installation of OMNI Enterprise Application
Software Suite
Selection of Core IT Staff and their training from C-DAC.
Unification of Master Data (Customer Code / Account Number, GL Heads, Product Codes, etc) across the
Bank offices
Migration of Data of HO, ROs and Branch Offices and implementation of Connectivity in a phased manner
for all 56 locations.
Implementation of Integrated Personnel Management System
5 The Maharashtra State Co-operative Bank
REQUEST FOR PROPOSAL (RFP) FOR INFORMATION SYSTEM AUDIT AND VAPT
Installation of other Hardware such as Servers, Desktops for HO Departments, RTGS, CCIL and Branch
Offices etc.
As a result of the completion of the above activities, the Bank is in a position to generate the consolidated Balance
Sheet / Trail Balance, and Other Reports on a Centralized Database from March 31, 2011 onwards. At present, all
locations (HO, ROs and Branch Offices totaling 58) are connected to DC and DR with Primary (MPLS / Leased Lines)
and Secondary (ISDN) lines for CBS.
5. PRESENT STATUS
The primary Data Centre is presently situated at HO and Disaster Recovery Centre is situated in Pune RO
premises.
The current status of various applications deployed at MSC Bank are listed below:-
Applications Vendor All Branches or Partial
CBS Infrasoft All Branches
ATM Switch Infrasoft -
Treasury 3i Infotech HO
AML (Anti Money Laundering) Infrasoft All Branches
ALM (Asset Liability Management) 3i Infotech CPID
RTGS/NEFT IFTAS All Branches
HRMS P2B All Branches
CCIL Applications CCIL HO
RAM (Risk Assessment Module) CRISIL All Branches
SWIFT SWIFT International Banking Division (IBD)
CTS Software: Quadpro Managed By: SourceHoV
CTS Service Centres (7)
6. ELIGIBILITY CRITERIA
Bidder should be CERT-IN empaneled Information Security Auditing organisation located in Mumbai or Pune.
7. BANK’S OBJECTIVES FOR CONDUCTING SYSTEM AUDIT Bank’s Objective for conducting Systems audit of Information systems and IT infrastructure is to get reasonable
assurance from a third party auditor that:
Bank’s information systems and data are secure, and will remain complete, integrated, current, and
accurate throughout processing.
Bank’s information assets / resources (hardware / software) are secured against unauthorized access /
usage /damage / changes.
Bank’s business continuity planning is adequate enough to ensure smooth customer Service, despite
interruption to technology facilities for a significant amount of time
Bank’s networks are adequately provided and protected.
Bank’s computer operations are carried out in a controlled environment.
Bank can get independent assurance over effectiveness of controls exercised by out-sourced vendors for