Scribd
Upload
83 views

Sbi RFP On Learning Managment System

Uploaded by

ishanreadon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views

Sbi RFP On Learning Managment System

Uploaded by

ishanreadon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 232

REQUEST FOR PROPOSAL

FOR PROCUREMENT OF LEARNING MANAGEMENT SYSTEM

SBI/GITC/HRMS/2024/2025/1156
Dated: 15/06/2024

State Bank of India,


HRMS Department,
Global IT Centre Belapur,
Railway Station Building,
Tower # 7, 4th floor, CBD Belapur,
Navi Mumbai 400614.
RFP for procurement of Learning Management
System

1. SCHEDULE OF EVENTS

Sl Particulars Remarks
No
1 Contact details of issuing department Name: Mr. Manoj Kumar Sinha
(Name, Designation, Mobile No., Email and Designation: Deputy General Manager
office address for sending any kind of Email ID: dgmit.hrms@sbi.co.in
correspondence regarding this RFP) Contact Address: State Bank of India,
HRMS Department,
Global IT Centre Belapur,
Railway Station Building,
Tower # 7, 4th floor, CBD Belapur,
Navi Mumbai 400614.
Contact Number: +91 22-27592001
RFP may be downloaded from Bank’s website
2 Bid Document Availability including
https://sbi.co.in/web/sbi-in-the-
changes/amendments, if any to be issued
news/procurement-news
from 15th June 2024 to 8th July 2024

3 Last date for requesting clarification Upto 5:00 PM on 21st June 2024
All communications regarding points / queries
requiring clarifications shall be given in writing
or by e-mail.
ashutosh.rai1@sbi.co.in
shubhangi.gaikwad@sbi.co.in
4 Pre - bid Meeting at Global IT Centre Belapur From 3:00 PM to 5:00 PM on 25th June 2024
at Global IT Centre Belapur
5 Clarifications to queries raised at pre-bid
meeting will be provided by the Bank. On 2nd July 2024

6 Last date and time for Bid submission Upto 5:00 PM on 8th July 2024

7 Address for submission of Bids M/s eProcurement Technologies Limited


(EPTL)
https://etender.sbi

8 Date and Time of opening of Technical Bids 3:00 PM on 9th July 2024
Authorized representatives of Bidders may be
present online during opening of the Technical
Bids. However, Technical Bids would be
opened even in the absence of any or all of the
Bidder representatives.
9 Opening of Price Bids Price bid of technically qualified bidders only
will be opened on a subsequent date.
10 Tender Fee Rs. 20,000/-
Amount should be deposited in
A/c No: 4897932113433
IFSC: SBIN0011343
Branch OAD, GITC, Belapur

Page 2 of 232
RFP for procurement of Learning Management
System

Account Name: Subsidy Inward Remittance


Mode of transaction: NEFT or RTGS only

Tender fee will be non-refundable.


11 Earnest Money Deposit Rs 75,00,000/-
Amount should be deposited in
A/c No: 4897932113433
IFSC: SBIN0011343
Branch OAD, GITC, Belapur
Account Name: Subsidy Inward Remittance
Mode of transaction: NEFT or RTGS only

Or
EMD should be in the form of a bank guarantee.
EMD shall be valid up to 180 days from bid
submission date.
Bidder should deposit EMD and Tender Fee
separately.

12 Bank Guarantee 5% of contract Performance Security in form


value of BG should be valid for 5
years and 9 months from the
effective date of the Contract.
13 Contact details of e-Procurement agency M/s E-Procurement Technologies Ltd,
appointed for e-procurement Ahmedabad
Website: https://etender.sbi/SBI/

Name Phone Email Id


Number
Utkarsh 6352632098 utkarsh@eptl.in
Pal
Mubasser 7859800621 mubassera@ept
a Mansuri l.in
Sandhya 6352631968 sandhya@eptl.i
Vekariya n
Trupti 6352632310 trupti.p@eptl.in
Patel

Page 3 of 232
RFP for procurement of Learning Management
System

Table of Contents
1. SCHEDULE OF EVENTS ......................................................................................................................... 2
2. INVITATION TO BID: .............................................................................................................................. 8
3. DEFINITIONS AND ABBREVIATIONS: ............................................................................................. 9
4. SCOPE OF WORK: ....................................................................................................................................11
5. ELIGIBILITY AND TECHNICAL CRITERIA: ...................................................................................14
6. COST OF BID DOCUMENT: ..................................................................................................................14
7. CLARIFICATION AND AMENDMENTS ON RFP/PRE-BID MEETING: ...................................14
8. CONTENTS OF BID DOCUMENT:.......................................................................................................15
9. EARNEST MONEY DEPOSIT (EMD): ................................................................................................15
10. BID PREPARATION AND SUBMISSION:..........................................................................................16
11. DEADLINE FOR SUBMISSION OF BIDS: ..........................................................................................17
12. MODIFICATION AND WITHDRAWAL OF BIDS:...........................................................................18
13. PERIOD OF BID VALIDITY: .................................................................................................................18
14. BID INTEGRITY: ......................................................................................................................................18
15. BIDDING PROCESS/OPENING OF TECHNICAL BIDS: ................................................................18
16. TECHNICAL EVALUATION: ................................................................................................................19
17. EVALUATION OF PRICE BIDS AND FINALIZATION: .................................................................19
18. CONTACTING THE BANK: ...................................................................................................................20
19. AWARD CRITERIA AND AWARD OF CONTRACT:......................................................................20
20. POWERS TO VARY OR OMIT WORK: ...............................................................................................22
21. WAIVER OF RIGHTS: .............................................................................................................................22
22. CONTRACT AMENDMENT: .................................................................................................................22
23. BANK’S RIGHT TO ACCEPT ANY BID AND TO REJECT ANY OR ALL BIDS: .....................22
24. BANK GUARANTEE: ..............................................................................................................................23
25. SYSTEM INTEGRATION TESTING & USER ACCEPTANCE TESTING: ..................................23
26. SERVICES: .................................................................................................................................................23
27. WARRANTY AND ANNUAL MAINTENANCE CONTRACT: .....................................................24
28. PENALTIES: ...............................................................................................................................................25
29. RIGHT TO VERIFICATION: ..................................................................................................................25
30. INSPECTION AND TESTING: ...............................................................................................................25
31. RIGHT TO AUDIT: ...................................................................................................................................26
32. SUBCONTRACTING: ..............................................................................................................................26
33. VALIDITY OF AGREEMENT:...............................................................................................................27
34. LIMITATION OF LIABILITY: ...............................................................................................................27
35. CONFIDENTIALITY:...............................................................................................................................27
36. DELAY IN SERVICE PROVIDER’S PERFORMANCE: ..................................................................28
37. SERVICE PROVIDER’S OBLIGATIONS: ...........................................................................................28
38. TECHNICAL DOCUMENTATION: ......................................................................................................30
39. INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP:.........................................................30
40. LIQUIDATED DAMAGES: .....................................................................................................................31
41. CONFLICT OF INTEREST:.....................................................................................................................31
42. CODE OF INTEGRITY AND DEBARMENT/BANNING: ...............................................................32
43. TERMINATION FOR DEFAULT: .........................................................................................................35
44. FORCE MAJEURE: ...................................................................................................................................36
45. TERMINATION FOR INSOLVENCY: .................................................................................................36
46. TERMINATION FOR CONVENIENCE: ..............................................................................................36
47. DISPUTES / ARBITRATION (APPLICABLE IN CASE OF SUCCESSFUL BIDDER ONLY): 37
48. GOVERNING LANGUAGE: ...................................................................................................................37
49. APPLICABLE LAW: .................................................................................................................................37
50. TAXES AND DUTIES: .............................................................................................................................37
51. TAX DEDUCTION AT SOURCE: ..........................................................................................................38
52. TENDER FEE: ............................................................................................................................................39
53. EXEMPTION OF EMD AND TENDER FEE: ......................................................................................39
54. NOTICES:....................................................................................................................................................39
APPENDIX- A ..........................................................................................................................................................41
APPENDIX- B...........................................................................................................................................................44
APPENDIX- C...........................................................................................................................................................47

Page 4 of 232
RFP for procurement of Learning Management
System

APPENDIX- D ..........................................................................................................................................................74
APPENDIX- E ...........................................................................................................................................................75
APPENDIX- F ...........................................................................................................................................................84
APPENDIX- G ..........................................................................................................................................................89
APPENDIX- H ..........................................................................................................................................................90
APPENDIX- I ............................................................................................................................................................92
APPENDIX- J ............................................................................................................................................................94
APPENDIX- K ..........................................................................................................................................................97
APPENDIX- L .........................................................................................................................................................174
APPENDIX- M........................................................................................................................................................179
APPENDIX- N ........................................................................................................................................................180
APPENDIX- O ........................................................................................................................................................181
APPENDIX- P .........................................................................................................................................................187
APPENDIX- Q ........................................................................................................................................................189
APPENDIX- R.........................................................................................................................................................194
APPENDIX- S .........................................................................................................................................................203
APPENDIX- T .........................................................................................................................................................204
APPENDIX- U ........................................................................................................................................................207
APPENDIX-V .........................................................................................................................................................217
APPENDIX W .........................................................................................................................................................218
APPENDIX X ..........................................................................................................................................................219
APPENDIX-Y .........................................................................................................................................................230

Part-I

S.N. INDEX
1 SCHEDULE OF EVENTS
2 INVITATION TO BID
3 DEFINITIONS & ABBREVIATIONS
4 SCOPE OF WORK
5 ELIGIBILITY AND TECHNICAL CRITERIA
6 COST OF BID DOCUMENT
7 CLARIFICATIONS AND AMENDMENTS ON RFP/PRE-BID MEETING
8 CONTENTS OF BID DOCUMENTS
9 EARNEST MONEY DEPOSIT (EMD)
10 BID PREPARATION AND SUBMISSION
11 DEADLINE FOR SUBMISSION OF BIDS
12 MODIFICATION AND WITHDRAWAL OF BIDS
13 PERIOD OF BID VALIDITY
14 BID INTEGRITY
15 BIDDING PROCESS/ OPENING OF TECHNICAL BIDS
16 TECHNICAL EVALUATION
17 EVALUATION OF PRICE BIDS AND FINALIZATION
18 CONTACTING THE BANK
19 AWARD CRITERIA AND AWARD OF CONTRACT
20 POWER TO VARY OR OMIT WORK
21 WAIVER OF RIGHTS
22 CONTRACT AMENDMENT
23 BANK’S RIGHT TO ACCEPT ANY BID AND TO REJECT ANY OR ALL BIDS
24 BANK GUARANTEE
25 SYSTEM INTEGRATION TESTING AND USER ACCEPTANCE TESTING

Page 5 of 232
RFP for procurement of Learning Management
System

26 SERVICES
27 WARRANTY AND ANNUAL MAINTENANCE CONTRACT
28 PENALTIES
29 RIGHT TO VERIFICATION
30 INSPECTION AND TESTING
31 RIGHT TO AUDIT
32 SUB-CONTRACTING
33 VALIDITY OF AGREEMENT
34 LIMITATION OF LIABILITY
35 CONFIDENTIALITY
36 DELAY IN SERVICE PROVIDER’S PERFORMANCE
37 SERVICE PROVIDER’S OBLIGATIONS
38 TECHNICAL DOCUMENTATION
39 INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP
40 LIQUIDATED DAMAGES
41 CONFLICT OF INTEREST
42 CODE OF INTEGRITY AND DEBARMENT/BANNING
43 TERMINATION FOR DEFAULT
44 FORCE MAJEURE
45 TERMINATION FOR INSOLVENCY
46 TERMINATION FOR CONVENIENCE
47 DISPUTES/ARBITRATION
48 GOVERNING LANGUAGES
49 APPLICABLE LAW
50 TAXES AND DUTIES
51 TAX DEDUCTION AT SOURCES
52 TENDER FEE
53 EXEMPTION OF EMD AND TENDER FEE
54 NOTICES

Part-II

APPENDIX INDEX
A BID FORM
B BIDDER’S ELIGIBILITY CRITERIA
C LEARNING PLATFORM REQUIREMENTS
D BIDDER DETAILS
E SCOPE OF WORK AND PAYMENT SCHEDULE
F PRICE BID
G CERTIFICATE OF LOCAL CONTENT
H BANK GUARANTEE FORMAT
I PROFORMA OF CERTIFICATE TO BE ISSUED BY THE BANK AFTER
SUCCESSFUL COMMISSIONING AND ACCEPTANCE OF THE SOFTWARE
SOLUTION/ SERVICES
J OTHER TERMS & PENALTIES
K SERVICE LEVEL AGREEMENT
L NON-DISCLOSURE AGREEMENT
M PRE-BID QUERY FORMAT

Page 6 of 232
RFP for procurement of Learning Management
System

N FORMAT FOR SUBMISSION OF CLIENT REFERENCES


O PRE-CONTRACT INTEGRITY PACT
P FORMAT FOR EMD BANK GUARANTEE
Q SECURITY REQUIREMENTS
R CLOUD REQUIREMENTS
S LIST OF COUNTRIES
T TECHNICAL EVALUATION METRICS
U TEAM REQUIREMENTS & PROFILE FORMAT
V POST IMPLEMENTATION INCIDENT MANAGEMENT SLA
W LIST OF STANDARD INTEGRATIONS
X DATA PROCESSING AGREEMENT
Y CYBER SECURITY REQUIREMENTS

Page 7 of 232
RFP for procurement of Learning Management
System

2. INVITATION TO BID:

i. State Bank of India (herein after referred to as ‘SBI/the Bank’), having its Corporate Centre at
Mumbai, various other offices (LHOs/ Head Offices /Zonal Offices/Global Link Services, Global
IT Centre, foreign offices, etc.) of State Bank of India, branches/other offices, Subsidiaries and
Joint Ventures available at various locations and managed by the Bank (collectively referred to as
State Bank Group or ‘SBG’ hereinafter). This Request for Proposal (RFP) has been issued by the
Bank on behalf of SBG for procurement of Learning Management System (LMS) both web and
app version, its configuration, implementation, maintenance and post-implementation support.

ii. In order to meet the Software Solution/ service requirements, the Bank proposes to invite online
Bids from eligible Bidders as per details/scope of work mentioned in Appendix-E of this RFP
document.

iii. Bidder shall mean any entity (i.e. juristic person) who meets the eligibility criteria given in
Appendix-B of this RFP and willing to provide the Software Solution/ service as required in this
RFP. The interested Bidders who agree to all the terms and conditions contained in this RFP may
submit their Bids with the information desired in this RFP. Consortium bidding is not permitted
under this RFP.

iv. Address for submission of online Bids, contact details including email address for sending
communications are given in Schedule of Events of this RFP.

v. The purpose of SBI behind this RFP is to seek a detailed technical and commercial proposal for
procurement of the Software Solution/ service desired in this RFP. The proposed Software
Solution/ service must integrate with Bank’s existing infrastructure seamlessly.

vi. This RFP document shall not be transferred, reproduced or otherwise used for purpose other than
for which it is specifically issued.

vii. Interested Bidders are advised to go through the entire RFP before submission of online Bids to
avoid any chance of elimination. The eligible Bidders desirous of taking up the project for supply
of proposed Software Solution/ service for SBI are invited to submit their technical and commercial
proposal in response to this RFP. The criteria and the actual process of evaluation of the responses
to this RFP and subsequent selection of the successful Bidder will be entirely at Bank’s discretion.
This RFP seeks proposal from Bidders who have the necessary experience, capability & expertise
to provide SBI the proposed Software Solution/ service adhering to Bank’s requirements outlined
in this RFP.

DISCLAIMER:

i. The information contained in this RFP or information provided subsequently to Bidder(s) whether
verbally or in documentary form/email by or on behalf of SBI, is subject to the terms and conditions
set out in this RFP.

ii. This RFP is not an offer by State Bank of India, but an invitation to receive responses from the
eligible Bidders.

iii. The purpose of this RFP is to provide the Bidder(s) with information to assist preparation of their
Bid proposals. This RFP does not claim to contain all the information each Bidder may require.

Page 8 of 232
RFP for procurement of Learning Management
System

Each Bidder should conduct its own investigations and analysis and should check the accuracy,
reliability and completeness of the information contained in this RFP and where necessary obtain
independent advice/clarifications. Bank may in its absolute discretion, but without being under any
obligation to do so, update, amend or supplement the information in this RFP.

iv. The Bank, its employees and advisors make no representation or warranty and shall have no
liability to any person, including any Bidder under any law, statute, rules or regulations or tort,
principles of restitution or unjust enrichment or otherwise for any loss, damages, cost or expense
which may arise from or be incurred or suffered on account of anything contained in this RFP or
otherwise, including the accuracy, adequacy, correctness, completeness or reliability of the RFP
and any assessment, assumption, statement or information contained therein or deemed to form or
arising in any way for participation in this bidding process.

v. The Bank also accepts no liability of any nature whether resulting from negligence or otherwise,
howsoever caused arising from reliance of any Bidder upon the statements contained in this RFP.

vi. The Bidder is expected to examine all instructions, forms, terms and specifications in this RFP.
Failure to furnish all information required under this RFP or to submit a Bid not substantially
responsive to this RFP in all respect will be at the Bidder’s risk and may result in rejection of the
Bid.

vii. The issue of this RFP does not imply that the Bank is bound to select a Bidder or to award the
contract to the Selected Bidder, as the case may be, for the Project and the Bank reserves the right
to reject all or any of the Bids or Bidders without assigning any reason whatsoever before issuance
of purchase order and/or its acceptance thereof by the successful Bidder as defined in Award
Criteria and Award of Contract in this RFP.

3. DEFINITIONS AND ABBREVIATIONS:

Definitions:
In this connection, the following terms shall be interpreted as indicated below:

i. “The Bank” ‘means the State Bank of India (including domestic branches and foreign offices),
Subsidiaries and Joint Ventures, where the Bank has ownership of more than 50% of voting
securities or the power to direct the management and policies of such Subsidiaries and Joint
Ventures.

ii. “Bidder” means an eligible entity/firm submitting the Bid in response to this RFP.

iii. “Bid” means the written reply or submission of response to this RFP.

iv. “The Contract” means the agreement entered into between the Bank and Service Provider, as
recorded in the Contract Form signed by the parties, including all attachments and appendices
thereto and all documents incorporated by reference therein.

v. “Total Cost of Ownership/TCO” means the price payable to Service Provider over the entire
period of Contract for the full and proper performance of its contractual obligations.

vi. “Vendor/Service Provider” is the successful Bidder found eligible as per eligibility criteria set
out in this RFP, whose technical Bid has been accepted and who has emerged as TC1 Bidder as
per the selection criteria set out in the RFP and to whom notification of award has been given by
the Bank.
vii. Software Solution/ Services/ System – “Software Solution” or “Services” or “System” means
all software products, services, scope of work and deliverables to be provided by a Bidder as
described in the RFP and include services ancillary to the development of the solution, such as

Page 9 of 232
RFP for procurement of Learning Management
System

installation, commissioning, integration with existing systems, provision of technical assistance,


training, certifications, auditing, and other obligation of Service Provider covered under the RFP.

viii. “Deliverables/ Work Product" means all work product generated by Bidder solely or jointly with
others in the performance of the Services, including, but not limited to, any and all information,
notes, reports, material, drawings, records, diagrams, formulae, processes, technology, firmware,
software, know-how, designs, ideas, discoveries, inventions, improvements, copyrights,
trademarks and trade secrets.

ix. “Services” means all services, scope of work and deliverables to be provided by a Bidder as
described in the RFP and include provision of technical assistance, training, certifications, auditing
and other obligation of Service Provider covered under this RFP.

x. Annual Maintenance Contract (AMC) - This would be the annual cost of maintenance of
Software Solution / Service.

xi. “TC1 - Techno-Commercial Bidder” - The quality of technical proposals is scored as per criteria
announced in the RFP. Only those responsive bids that have achieved the minimum specified
qualifying technical score are considered for further evaluation. After opening and scoring the price
bids of technically qualified bidders, a final combined score is arrived at by giving predefined
relative weightages for the score of the technical bid and the score of price bid. The bidder
obtaining the highest total combined score in evaluation of technical and price as above will be
ranked TC1. In case of a tie between two or more bidders for the highest total combined score, then
the bidder with highest technical score amongst such bidders shall be the successful bidder.

xii. “Go Live” means Sign-off of complete solution as per requirements mentioned in this RFP and
org-wide launch of the LMS to the users.

Abbreviations:

The long form of abbreviations commonly used in the document is given below:

SR No Abbreviation Long form


1 AD Active Directory
2 AI Artificial Intelligence
3 API Application Program Interface
4 AR Augmented Reality
5 ATI Apex Training Institute
6 AV Antivirus
7 BFSI Banking, Financial Services and Insurance
8 BG Bank Guarantee
9 CERT IN Indian Computer Emergency Response Team
10 CSP Cloud Service Provider
11 DAM Digital Asset Management
12 DDOS Distributed Denial-Of-Service
13 DMZ Disaster Management Zone
14 DR Site Disaster Recovery Site
15 FY Financial Year
16 GST Goods and Service Tax
17 HIDS Host-Based Intrusion Detection Systems
18 HRMS Human Resource Management System

Page 10 of 232
RFP for procurement of Learning Management
System

19 ILT Instructor-Led Training


20 IPS Intrusion Prevention System
21 JAWS Job Access With Speech
22 KPI Key Performance Indicator
23 KRA Key Result Areas
24 L&D Learning and Development
25 LAN Local Area Network
26 ML Machine Learning
27 MOOC Massive open online course
28 MPLS Multiprotocol Label Switching
29 NCA Network Access Control
30 NDA Non-Disclosure Agreement
31 NIDS Network Intrusion Detection System
32 OEM Original Equipment Manufacturer
33 OWASP Open Web Application Security Project
34 PO Purchase Order
35 PMS Performance Management System
36 PWD Person with a disability
37 SBILD State Bank Institutes of Learning and Development
38 SCORM Sharable Content Object Reference Model
39 SFTP Secured File Transfer Protocol
40 SIEM Security Information and Event Management
41 SLA Service Level Agreement
42 SME Subject Matter Expert
43 SOC System and Organization Controls
44 SOP Standard Operating Procedure
45 SSL Secure Sockets Layer
46 SSO Single Sign-On
47 STU Strategic Training Unit
48 UAT User Acceptance Testing
49 VAPT Vulnerability Assessment and Penetration Testing
50 VILT Virtual instructor-led training
51 VPN Virtual Private Network
52 VR Virtual Reality
53 WAF Web Application Firewall
54 WAN Wide Area Network

4. SCOPE OF WORK:

Founded in 1806, State Bank of India (SBI) has evolved into a distinguished financial institution,
holding a pivotal position in the nation's banking sector. With a rich history spanning centuries,
SBI's commitment to financial excellence is underscored by its extensive network and significant
presence in the Indian financial landscape.

Page 11 of 232
RFP for procurement of Learning Management
System

The bank's operations extend beyond traditional branches, with more than 2.4 Lakh employees and
additional support from contractual parties like Customer Service Points (CSPs) and Feet on Street
(FOS). This dynamic workforce forms an integral part of SBI's operational framework,
contributing to its adaptability and responsiveness to its customer’s needs.

Learning Ecosystem at SBI

Within the complex and evolving world of banking, SBI places a profound emphasis on Learning
and Development (L&D). Guided by the Strategic Training Unit (STU), training initiatives at SBI
are proactive, planned, and continuous, serving as a cornerstone of organizational development. In
response to the specialized nature of contemporary banking, SBI has established six Apex Training
Institutes (ATIs) providing both academic excellence and practical experience across various
domains.

Supplementing the ATIs are 51 State Bank Institutes of Learning and Development (SBILDs)
strategically dispersed across the country. These institutes deliver fundamental, process-centric
programs, contributing to the holistic development of SBI's workforce.

Training modalities used by the ATIs and SBILDs encompass classroom sessions, knowledge-
sharing videos, e-learning, research publications, collaboration with MOOC platforms, case
studies, articles, and more, ensuring a multifaceted approach to employee development.

Presently, SBI employs the following tailor-built platforms for various learning interventions:

 A platform for enabling the scheduling, coordination, and tracking of in-person programs
across various training centers, this platform covers all in-person training management
conducted by both ATIs and SBILDs. It features tools for managing training nominations,
scheduling sessions, conducting pre- and post-assessments, tracking attendance, capturing
participant feedback, uploading question banks, overseeing hostel management, and
generating reports.

 A platform for scheduling webinars and efficiently tracking attendance for virtual sessions.

 An eLearning platform that hosts an extensive content library with over 700 courses, all
uploaded as SCORM packages, continuously enhancing the knowledge and skills of
employees.

 A platform that helps answer operational queries related to job-specific tasks from employees,
this specialized portal redirects questions to faculty members with subject matter expertise
(SMEs) who promptly address the inquiries. The portal also features a standardized library
addressing frequently asked questions, providing a centralized resource for common queries.

 A portal for streamlining the training management process for probationary and trainee
officers.

Looking ahead, SBI envisions a comprehensive Learning Management System (LMS) to propel
its Learning and Development plans.

A brief list of some of the benefits that the LMS platform is expected to provide is appended:
 Serve as a single source of learning for all employees
 Provide an enhanced learning experience leveraging advanced features
 Capture and catalog the diverse training needs of employees across the organization

Page 12 of 232
RFP for procurement of Learning Management
System

 Tailor personalized learning pathways for employees based on performance metrics, roles,
grades, past experiences, and more
 Seamlessly integrate different learning offerings from both internal and external sources,
including institutes and vendors
 Provide the Strategic Training Unit (STU) and circle Learning and Development (L&D) teams
with visibility into training program performance through advanced reports
 Facilitate the migration of historical training data to ensure continuity and accessibility
 Transfer existing e-learning content to the new LMS platform for streamlined access and
management
 Implement AI/ML-based functionalities to enhance the overall learning experience for
employees
 Provide robust mechanisms for the measurement of training efficacy, enabling continuous
improvement

SBI invites bids from eligible bidders to assist in the deployment of the LMS to foster a culture of
continuous learning, adaptability, and skill development among its diverse workforces. The
selected bidder will play a pivotal role in shaping the future of learning and development at SBI.

The detailed scope of work including functional and technical requirements are given in
Appendix-C and Appendix-E of this document.

The Bank may, at its sole discretion, provide remote access to its information technology system
to IT Service Provider through a secured Virtual Private Network (VPN) in order to facilitate the
performance of IT Services. Such remote access to the Bank’s information technology system shall
be subject to the following:
i. Service Provider shall ensure that the remote access to the Bank’s VPN is performed
through a laptop/desktop (“Device”) specially allotted for that purpose by the Service
Provider and not through any other private or public Device.
ii. Service Provider shall ensure that only its authorized employees/representatives access
the Device.
iii. Service Provider shall be required to get the Device hardened/configured as per the Bank’s
prevailing standards and policy.
iv. Service Provider and/or its employee/representative shall be required to furnish an
undertaking and/or information security declaration on the Bank’s prescribed format
before such remote access is provided by the Bank.
v. Service Provider shall ensure that services are performed in a physically protected and
secure environment which ensures confidentiality and integrity of the Bank’s data and
artefacts, including but not limited to information (on customer, account, transactions,
users, usage, staff, etc.), architecture (information, data, network, application, security,
etc.), programming codes, access configurations, parameter settings, executable files, etc.,
which the Bank representative may inspect. Service Provider shall facilitate and/ or
handover the Device to the Bank or its authorized representative for investigation and/or
forensic audit.
vi. Service Provider shall be responsible for protecting its network and subnetworks, from
which remote access to the Bank’s network is performed, effectively against unauthorized
access, malware, malicious code and other threats in order to ensure the Bank’s
information technology system is not compromised in the course of using remote access
facility.

Page 13 of 232
RFP for procurement of Learning Management
System

5. ELIGIBILITY AND TECHNICAL CRITERIA:

i. Bid is open to all Bidders who meet the eligibility and technical criteria as given in Appendix-B
& Appendix-T of this document. The Bidder has to submit the documents substantiating eligibility
criteria as mentioned in this RFP document.

(a) If any Bidder submits Bid on behalf of Principal/OEM, the same Bidder shall not submit a
Bid on behalf of another Principal/OEM under the RFP. Bid submitted with option of
multiple OEMs shall also be considered bid submitted on behalf of multiple OEM.

(b) Either the Bidder on behalf of Principal/OEM or Principal/OEM itself is allowed to Bid,
however, both cannot Bid simultaneously.

ii. The Bidder shall also submit PRE-CONTRACT INTEGRITY PACT along with technical Bid
as prescribed in Appendix-O duly signed by the Bidder on each page and witnessed by two
persons. The Pre-Contract Integrity Pact shall be stamped as applicable in the State where it is
executed. Bid submitted without Pre-Contract Integrity Pact, as per the format provided in the
RFP, shall not be considered.

6. COST OF BID DOCUMENT:

The participating Bidders shall bear all the costs associated with or relating to the preparation and
submission of their Bids including but not limited to preparation, copying, postage, delivery fees,
expenses associated with any demonstration or presentations which may be required by the Bank
or any other costs incurred in connection with or relating to their Bid. The Bank shall not be liable
in any manner whatsoever for the same or for any other costs or other expenses incurred by a
Bidder regardless of the conduct or outcome of the bidding process.

7. CLARIFICATION AND AMENDMENTS ON RFP/PRE-BID MEETING:

i. Bidder requiring any clarification on RFP may notify the Bank in writing strictly as per the format
given in Appendix-M at the address/by e-mail within the date/time mentioned in the Schedule of
Events.

ii. A pre-Bid meeting will be held in person or online on the date and time specified in the Schedule
of Events which may be attended by the authorized representatives of the Bidders interested to
respond to this RFP.

iii. The queries received (without identifying source of query) and response of the Bank thereof will
be posted on the Bank’s website or conveyed to the Bidders.

iv. The Bank reserves the right to amend, rescind or reissue the RFP, at any time prior to the deadline
for submission of Bids. The Bank, for any reason, whether, on its own initiative or in response to
a clarification requested by a prospective Bidder, may modify the RFP, by amendment which will
be made available to the Bidders by way of corrigendum/addendum. The interested parties/Bidders
are advised to check the Bank’s website regularly till the date of submission of Bid document
specified in the Schedule of Events/ email and ensure that clarifications/ amendments issued by the
Bank, if any, have been taken into consideration before submitting the Bid. Such amendments/
clarifications, if any, issued by the Bank will be binding on the participating Bidders. Bank will
not take any responsibility for any such omissions by the Bidder. The Bank, at its own discretion,
may extend the deadline for submission of Bids in order to allow prospective Bidders a reasonable

Page 14 of 232
RFP for procurement of Learning Management
System

time to prepare the Bid, for taking the amendment into account. Nothing in this RFP or any
addenda/corrigenda or clarifications issued in connection thereto is intended to relieve Bidders
from forming their own opinions and conclusions in respect of the matters addressed in this RFP
or any addenda/corrigenda or clarifications issued in connection thereto.

v. No request for change in commercial/legal terms and conditions, other than what has been
mentioned in this RFP or any addenda/corrigenda or clarifications issued in connection thereto,
will be entertained and queries in this regard, therefore will not be entertained.

vi. Queries received after the scheduled date and time will not be responded/acted upon.

8. CONTENTS OF BID DOCUMENT:

i. The Bidder must thoroughly study/analyze and properly understand the contents of this RFP, its
meaning and impact of the information contained therein.

ii. Failure to furnish all information required in this RFP or submission of Bid not responsive to this
RFP in any respect will be at the Bidder’s risk and responsibility and the same may finally result
in rejection of its Bid. The Bank has made considerable effort to ensure that accurate information
is contained in this RFP and is supplied solely as guidelines for Bidders.

iii. The Bid prepared by the Bidder, as well as all correspondences and documents relating to the Bid
exchanged by the Bidder and the Bank and supporting documents and printed literature shall be
submitted in English.

iv. The information provided by the Bidders in response to this RFP will become the property of the
Bank and will not be returned. Incomplete information in Bid document may lead to non-
consideration of the proposal.

9. EARNEST MONEY DEPOSIT (EMD):

i. The Bidder shall furnish EMD for the amount and validity period mentioned in Schedule of Events
of this RFP.

ii. EMD is required to protect the Bank against the risk of Bidder’s conduct

iii. The EMD should be directly credited to the designated account or it should be in form of Bank
Guarantee (as prescribed in Appendix-P) issued in favour of State Bank of India by any scheduled
commercial bank in India. In case, SBI is the sole banker of the Bidder, a Letter of Comfort from
SBI would be acceptable.

If EMD is directly credited to designated account, proof of remittance of EMD in the designated
account should be enclosed with the technical bid. However, if EMD is in form of Bank Guarantee,
A scanned copy of original EMD Bank Guarantee should be uploaded on the portal of e-
Procurement agency along with the technical bid. Original EMD Bank Guarantee should be
delivered through registered post/courier or given in person to the Bank at the address specified in
Schedule of Event Sl. No. 1, within the bid submission date and time for the RFP.

iv. Any Bid not accompanied by EMD for the specified amount and not submitted to the Bank as
mentioned in this RFP will be rejected as non-responsive.

Page 15 of 232
RFP for procurement of Learning Management
System

v. The EMD of the unsuccessful Bidder(s) would be refunded/returned by the Bank within 30 days
of the Bidder being notified as being unsuccessful.

vi. The EMD of successful Bidder will be discharged upon the Bidder signing the Contract and
furnishing the Bank Guarantee for the amount and validity as mentioned in this RFP, which should
be strictly on the lines of the format placed in Appendix-H.

vii. No interest is payable on EMD.

viii. The EMD may be forfeited: -

(a) if a Bidder withdraws his Bid during the period of Bid validity specified in this RFP; or

(b) if a Bidder makes any statement or encloses any form which turns out to be false / incorrect at
any time prior to signing of Contract; or

(c) if the successful Bidder fails to accept Purchase Order and/or sign the Contract with the Bank
or furnish Bank Guarantee, within the specified time period in the RFP.

ix. If EMD is forfeited for any reasons mentioned above, the concerned Bidder may be debarred from
participating in the RFPs floated by the Bank/this department, in future, as per sole discretion of
the Bank.

10. BID PREPARATION AND SUBMISSION:

i. The Bid is to be submitted separately for technical and Price on portal of e-Procurement agency
for providing of Learning Management System in response to the RFP No.
SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024. Documents mentioned below are to be
uploaded on portal of e-Procurement agency with digital signature of authorised signatory:
(a) Index of all the documents, letters, bid forms, etc. submitted in response to RFP along with
page numbers.
(b) Bid covering letter/Bid form on the lines of Appendix-A on Bidder’s letter head.
(c) Proof of remittance of EMD (if directly credited to designated account) and Tender Fee as
specified in this document. In case, EMD is submitted in form of BG, scanned copy of original
BG should be uploaded subject to compliance of requirement mentioned in clause no
12“DEADLINE FOR SUBMISSION OF BIDS” sub-clause (ii).
(d) Specific response with supporting documents in respect of Eligibility Criteria as mentioned in
Appendix-B and technical eligibility criteria on the lines of Appendix-T.
(e) Bidder’s details as per Appendix-D on Bidder’s letter head.
(f) Audited financial statement and profit and loss account statement as mentioned in Part-II.
(g) A copy of board resolution along with a copy of power of attorney (POA wherever applicable)
showing that the signatory has been duly authorized to sign the Bid document.
If applicable, a scanned copy of duly stamped and signed Pre-Contract Integrity Pact subject
to compliance of requirement mentioned in clause no 11“DEADLINE FOR SUBMISSION OF
BIDS” sub-clause (ii).
If applicable, copy of registration certificate issued by competent authority as mentioned in Sl
No 2 of Eligibility Criteria under Appendix-B.

ii. Price Bid for procurement of Learning Management System in response to the RFP No.
SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024 should contain only Price Bid strictly on
the lines of Appendix-F. The Price must include all the price components mentioned. Prices are
to be quoted in Indian Rupees only.

Page 16 of 232
RFP for procurement of Learning Management
System

iii. Bidders may please note:

(a) The Bidder should quote for the entire package on a single responsibility basis for Services it
proposes to provide.
(b) While submitting the Technical Bid, literature on the Services should be segregated and kept
together in one section.
(c) Care should be taken that the Technical Bid shall not contain any price information. Such
proposal, if received, will be rejected.
(d) The Bid document shall be complete in accordance with various clauses of the RFP document
or any addenda/corrigenda or clarifications issued in connection thereto, duly signed by the
authorized representative of the Bidder. Board resolution authorizing representative to Bid and
make commitments on behalf of the Bidder is to be attached.
(e) It is mandatory for all the Bidders to have class-III Digital Signature Certificate (DSC) (in the
name of person who will sign the Bid) from any of the licensed certifying agency to participate
in this RFP. DSC should be in the name of the authorized signatory. It should be in corporate
capacity (that is in Bidder capacity).
(f) Bids are liable to be rejected if only one Bid (i.e. Technical Bid or Price Bid) is received.
(g) If deemed necessary, the Bank may seek clarifications on any aspect from the Bidder.
However, that would not entitle the Bidder to change or cause any change in the substances of
the Bid already submitted or the price quoted.
(h) The Bidder may also be asked to give presentation for the purpose of clarification of the Bid.
(i) The Bidder must provide specific and factual replies to the points raised in the RFP.
(j) The Bid shall be typed or written and shall be digitally signed by the Bidder or a person or
persons duly authorized to bind the Bidder to the Contract.
(k) All the enclosures (Bid submission) shall be serially numbered.
(l) Bidder(s) should prepare and submit their online Bids well in advance before the prescribed
date and time to avoid any delay or problem during the bid submission process. The Bank shall
not be held responsible for any sort of delay or the difficulties faced by the Bidder(s) during
the submission of online Bids.
(m) Bidder(s) should ensure that the Bid documents submitted should be free from virus and if the
documents could not be opened, due to virus or otherwise, during Bid opening, the Bid is liable
to be rejected.
(n) The Bank reserves the right to reject Bids not conforming to above.

11. DEADLINE FOR SUBMISSION OF BIDS:

i. Bids must be submitted online on portal of e-Procurement agency by the date and time mentioned
in the “Schedule of Events”.

ii. Wherever applicable, the Bidder shall submit the original EMD Bank Guarantee and Pre-Contract
Integrity Pact together with their respective enclosures and seal it in an envelope and mark the
envelope as “Technical Bid”. The said envelope shall clearly bear the name of the project and name
and address of the Bidder. In addition, the last date for bid submission should be indicated on the
right and corner of the envelope. The original documents should be submitted within the bid
submission date and time for the RFP at the address mentioned in Sl No 1 of Schedule of Events,
failing which Bid will be treated as non-responsive.

iii. In case the Bank extends the scheduled date of submission of Bid document, the Bids shall be
submitted by the time and date rescheduled. All rights and obligations of the Bank and Bidders
will remain the same.

Page 17 of 232
RFP for procurement of Learning Management
System

iv. In the event of the specified date for submission of Bids being declared a holiday for the Bank, the
Bids will be received upto the appointed time on the next working day.

v. Any Bid received after the deadline for submission of Bids prescribed, will be rejected and returned
unopened to the Bidder.

12. MODIFICATION AND WITHDRAWAL OF BIDS:

i. The Bidder may modify or withdraw its Bid after the Bid’s submission, provided modification,
including substitution or withdrawal of the Bids, is received on e-procurement portal, prior to the
deadline prescribed for submission of Bids.

ii. No modification in the Bid shall be allowed, after the deadline for submission of Bids.

iii. No Bid shall be withdrawn in the interval between the deadline for submission of Bids and the
expiration of the period of Bid validity specified in this RFP. Withdrawal of a Bid during this
interval may result in the forfeiture of EMD submitted by the Bidder.

13. PERIOD OF BID VALIDITY:

i. Bid shall remain valid for duration of 9 calendar months from Bid submission date.

ii. In exceptional circumstances, the Bank may solicit the Bidders’ consent to an extension of the
period of validity. The request and the responses thereto shall be made in writing. A Bidder is free
to refuse the request. However, in such case, the Bank will not forfeit its EMD. However, any
extension of validity of Bids or price will not entitle the Bidder to revise/modify the Bid document.

iii. Once Purchase Order or Letter of Intent is issued by the Bank, the said price will remain fixed for
the entire Contract period and shall not be subjected to variation on any account, including
exchange rate fluctuations and custom duty. A Bid submitted with an adjustable price quotation
will be treated as non-responsive and will be rejected.

14. BID INTEGRITY:

Willful misrepresentation of any fact within the Bid will lead to the cancellation of the contract without
prejudice to other actions that the Bank may take. All the submissions, including any accompanying
documents, will become property of the Bank. The Bidders shall be deemed to license, and grant all
rights to the Bank, to reproduce the whole or any portion of their Bid document for the purpose of
evaluation and to disclose the contents of submission for regulatory and legal requirements.

15. BIDDING PROCESS/OPENING OF TECHNICAL BIDS:

i. All the technical Bids received up to the specified time and date will be opened for initial evaluation
on the time and date mentioned in the schedule of events. The technical Bids will be opened in the
presence of representatives of the Bidders who choose to attend the same on portal of e-
Procurement agency. However, Bids may be opened even in the absence of representatives of one
or more of the Bidders.

ii. In the first stage, only technical Bid will be opened and evaluated. Bids of such Bidders satisfying
eligibility criteria and agree to comply with all the terms and conditions specified in the RFP will
be evaluated for technical criteria/specifications/eligibility. Only those Bids that comply with
technical criteria shall become eligible for price Bid opening and further RFP evaluation process.

Page 18 of 232
RFP for procurement of Learning Management
System

iii. The Bank will examine the Bids to determine whether they are complete, required formats have
been furnished, the documents have been properly signed, EMD and Tender Fee for the desired
amount and validity period is available and the Bids are generally in order. The Bank may, at its
discretion waive any minor non-conformity or irregularity in a Bid which does not constitute a
material deviation.

iv. Prior to the detailed evaluation, the Bank will determine the responsiveness of each Bid to the RFP.
For purposes of these Clauses, a responsive Bid is one, which conforms to all the terms and
conditions of the RFP in toto, without any deviation.

v. The Bank’s determination of a Bid’s responsiveness will be based on the contents of the Bid itself,
without recourse to extrinsic evidence.

vi. After opening of the technical Bids and preliminary evaluation, some or all the Bidders may be
asked to make presentations on the Software Solution/service proposed to be offered by them.

vii. If a Bid is not responsive, it will be rejected by the Bank and will not subsequently be made
responsive by the Bidder by correction of the non-conformity.

16. TECHNICAL EVALUATION:

i. Technical evaluation will include technical information submitted as per technical Bid format,
demonstration of proposed Software Solution/services, reference calls and site visits, wherever
required. The Bidder may highlight the noteworthy/superior features of their Software Solution/
services. The Bidder will demonstrate/substantiate all claims made in the technical Bid along with
supporting documents to the Bank, the capability of the Software Solution/ services to support all
the required functionalities at their cost in their lab or those at other organizations where similar
Software Solution/ services are in use.

ii. During evaluation and comparison of Bids, the Bank may, at its discretion ask the Bidders for
clarification on the Bids received. The request for clarification shall be in writing and no change
in prices or substance of the Bid shall be sought, offered or permitted. No clarification at the
initiative of the Bidder shall be entertained after bid submission date.

17. EVALUATION OF PRICE BIDS AND FINALIZATION:

i. The price Bid(s) of only those Bidders, who are short-listed after technical evaluation, would be
opened. The minimum qualifying score for being technically qualified would be 75% of the total
technical score.

ii. After the opening of Price Bid, the scores of both Technical Evaluation and Commercial Evaluation
would be calculated on 70:30 basis (70% Weightage to Technical and 30% Weightage to
Commercial).

iii. Successful bidder would be selected on the basis of Techno Commercial Evaluation as defined in
Appendix-F (Illustration).

iv. Errors, if any, in the price breakup format will be rectified as under:

Page 19 of 232
RFP for procurement of Learning Management
System

(a) If there is a discrepancy between the unit price and total price which is obtained by multiplying
the unit price with quantity, the unit price shall prevail and the total price shall be corrected
unless it is a lower figure. If the Bidder does not accept the correction of errors, the Bid will be
rejected.
(b) If there is a discrepancy in the unit price quoted in figures and words, the unit price in figures or
in words, as the case may be, which corresponds to the total Bid price for the Bid shall be taken
as correct.
(c) If the Bidder has not worked out the total Bid price or the total Bid price does not correspond to
the unit price quoted either in words or figures, the unit price quoted in words shall be taken as
correct.
(d) The Bidder should quote for all the items/services desired in this RFP. In case, prices are not
quoted by any Bidder for any specific product and / or service, for the purpose of evaluation, the
highest of the prices quoted by other Bidders participating in the bidding process will be
reckoned as the notional price for that service, for that Bidder. However, if selected, at the time
of award of Contract, the lowest of the price(s) quoted by other Bidders (whose Price Bids are
also opened) for that service will be reckoned. This shall be binding on all the Bidders. However,
the Bank reserves the right to reject all such incomplete Bids.

18. CONTACTING THE BANK:

i. No Bidder shall contact the Bank on any matter relating to its Bid, from the time of opening of
price Bid to the time, the Contract is awarded.

ii. Any effort by a Bidder to influence the Bank in its decisions on Bid evaluation, Bid comparison or
contract award may result in the rejection of the Bid.

19. AWARD CRITERIA AND AWARD OF CONTRACT:

i. Applicability of Preference to Make in India, Order 2017 (PPP-MII Order)

Guidelines on Public Procurement (Preference to Make in India), Order 2017 (PPP-MII Order) and
any revision thereto will be applicable for this RFP. As the evaluation of successful bidder is on the
basis of TC1, margin of purchase preference to Class-I local supplier shall not be applicable under
this RFP.

(a) For the purpose of Preference to Make in India, Order 2017 (PPP-MII Order) and revision
thereto:

“Local content” means the amount of value added in India which shall, unless otherwise prescribed
by the Nodal Ministry, be the total value of the item procured (excluding net domestic indirect taxes)
minus the value of imported content in the item (including all customs duties) as a proportion of the
total value, in percent.

“Class-I local supplier” means a supplier or service provider whose product or service offered for
procurement meets the minimum local content as prescribed for ‘Class-I local supplier’ hereunder.

“Class-II local supplier” means a supplier or service provider whose product or service offered for
procurement meets the minimum local content as prescribed for ‘Class-II local supplier’ hereunder.
Class-II local supplier shall not get any purchase preference under this RFP.

Page 20 of 232
RFP for procurement of Learning Management
System

“Non-local supplier” means a supplier or service provider whose product or service offered for
procurement has ‘local content’ less than that prescribed for ‘Class-II local supplier’ under this RFP.

“Minimum Local content” for the purpose of this RFP, the ‘local content’ requirement to categorize
a supplier as ‘Class-I local supplier’ is minimum 50%. For ‘Class-II local supplier’, the ‘local content’
requirement is minimum 20%. If Nodal Ministry/Department has prescribed different percentage of
minimum ‘local content’ requirement to categorize a supplier as ‘Class-I local supplier’/ ‘Class-II
local supplier’, same shall be applicable.

ii. Verification of local content:


The ‘Class-I local supplier’/ ‘Class-II local supplier’ at the time of submission of bid shall be required
to provide a certificate as per Appendix-G from the statutory auditor or cost auditor of the company
(in the case of companies) or from a practicing cost accountant or practicing chartered accountant (in
respect of suppliers other than companies) giving the percentage of local content requirement for
‘Class-I local supplier’/ ‘Class-II local supplier’ as the case may be.

iii. Bank will notify successful Bidder (TC1) in writing by way of issuance of purchase order through
letter or fax/email that its Bid has been accepted. The selected Bidder has to return the duplicate
copy of the same to the Bank within 7 working days, duly Accepted, Stamped and Signed by
Authorized Signatory in token of acceptance.

iv. The successful Bidder will have to submit Non-disclosure Agreement, Bank Guarantee for the
amount and validity as desired in this RFP and strictly on the lines of format given in Appendix of
this RFP together with acceptance of all terms and conditions of RFP.

v. Copy of board resolution and power of attorney (POA wherever applicable) showing that the
signatory has been duly authorized to sign the acceptance letter, contract and NDA should be
submitted.

vi. The successful Bidder shall be required to enter into a Contract with the Bank and submit the Bank
Guarantee, within 30 days from issuance of Purchase Order or within such extended period as may
be decided by the Bank.

vii. Till execution of a formal contract, the RFP, along with the Bank’s notification of award by way
of issuance of purchase order and Service Provider’s acceptance thereof, would be binding
contractual obligation between the Bank and the successful Bidder.

viii. The Bank reserves the right to stipulate, at the time of finalization of the Contract, any other
document(s) to be enclosed as a part of the final Contract.

ix. Failure of the successful Bidder to comply with the requirements/terms and conditions of this RFP
shall constitute sufficient grounds for the annulment of the award and forfeiture of the EMD and/or
BG.

x. Upon notification of award to the successful Bidder, the Bank will notify the award of contract to
the successful Bidder on the Bank’s website. The EMD of each unsuccessful Bidder will be
discharged and returned.

Page 21 of 232
RFP for procurement of Learning Management
System

20. POWERS TO VARY OR OMIT WORK:

i. No alterations, amendments, omissions, additions, suspensions or variations of the work


(hereinafter referred to as variation) under the contract shall be made by the successful Bidder
except as directed in writing by Bank. The Bank shall have full powers, subject to the provision
herein after contained, from time to time during the execution of the contract, by notice in writing
to instruct the successful Bidder to make any variation without prejudice to the contract. The finally
selected Bidder shall carry out such variation and be bound by the same conditions as far as
applicable as though the said variations occurred in the contract documents. If any, suggested
variations would, in the opinion of the finally selected Bidder, if carried out, prevent him from
fulfilling any of his obligations under the contract, he shall notify Bank thereof in writing with
reasons for holding such opinion and Bank shall instruct the successful Bidder to make such other
modified variation without prejudice to the contract. The finally selected Bidder shall carry out
such variation and be bound by the same conditions as far as applicable as though the said
variations occurred in the contract documents. If the Bank confirms its instructions, the successful
Bidder’s obligations shall be modified to such an extent as may be mutually agreed, if such
variation involves extra cost. Any agreed difference in cost occasioned by such variation shall be
added to or deducted from the contract price as the case may be.

ii. In any case in which the successful Bidder has received instructions from the Bank as to the
requirements for carrying out the altered or additional substituted work which either then or later
on, will in the opinion of the finally selected Bidders, involve a claim for additional payments, such
additional payments shall be mutually agreed in line with the terms and conditions of the order.

iii. If any change in the work is likely to result in reduction in cost, the parties shall agree in writing
so as to the extent of change in contract price, before the finally selected Bidder(s) proceeds with
the change.

21. WAIVER OF RIGHTS:

Each Party agrees that any delay or omission on the part of the other Party to exercise any right,
power or remedy under this RFP will not automatically operate as a waiver of such right, power or
remedy or any other right, power or remedy and no waiver will be effective unless it is in writing
and signed by the waiving Party. Further the waiver or the single or partial exercise of any right,
power or remedy by either Party hereunder on one occasion will not be construed as a bar to a
waiver of any successive or other right, power or remedy on any other occasion.

22. CONTRACT AMENDMENT:

No variation in or modification of the terms of the Contract shall be made, except by written
amendment, signed by the parties.

23. BANK’S RIGHT TO ACCEPT ANY BID AND TO REJECT ANY OR ALL BIDS:

The Bank reserves the right to accept or reject any Bid in part or in full or to cancel the bidding
process and reject all Bids at any time prior to contract award as specified in Award Criteria and
Award of Contract, without incurring any liability to the affected Bidder or Bidders or any obligation
to inform the affected Bidder or Bidders of the grounds for the Bank’s action.

Page 22 of 232
RFP for procurement of Learning Management
System

24. BANK GUARANTEE:

i. Performance security in form of Bank Guarantee [BG] for the amount with validity period as
specified in this RFP strictly on the format at Appendix-H is to be submitted by the finally selected
Bidder (s). The BG has to be issued by a Scheduled Commercial Bank other than SBI and needs
to be submitted within the specified time of receipt of formal communication from the Bank about
their Bid finally selected. In case, SBI is the sole Banker for the Bidder, a Letter of Comfort from
SBI may be accepted.

ii. The Bank Guarantee is required to protect the interest of the Bank against delay in
supply/installation and/or the risk of non-performance of the successful Bidder in respect
successful implementation of the project, or performance of the material or services sold, or breach
of any terms and conditions of the Agreement, which may warrant invoking of Bank Guarantee.

25. SYSTEM INTEGRATION TESTING & USER ACCEPTANCE TESTING:

Service Provider should integrate the software with the existing systems as per requirement of the
Bank and carry out thorough system integration testing.

System integration testing will be followed by user acceptance testing, plan for which has to be
submitted by Service Provider to the Bank. The UAT includes functional tests, resilience tests,
benchmark comparisons, operational tests, load tests etc. SBI staff / third Party vendor designated
by the Bank will carry out the functional testing. This staff / third party vendor will need necessary
on-site training for the purpose and should be provided by Service Provider. Service Provider
should carry out other testing like resiliency/ benchmarking/ load etc. Service Provider should
submit result log for all testing to the Bank.

On satisfactory completion of the aforementioned tests, the User Acceptance Test (UAT) letter will
be issued to Service Provider by the competent authority on the line of Appendix-I.

26. SERVICES:

i. All professional services necessary to successfully implement the proposed Software Solution will
be part of the RFP/Contract.

ii. The Bidder should also submit as part of technical Bid an overview of Project Management
approach of the proposed product.

iii. Bidder should ensure that key personnel with relevant skill-sets are available to the Bank.

iv. Bidder should ensure that the quality of methodologies for delivering the services, adhere to quality
standards/timelines stipulated therefor.

v. Bidder shall be willing to transfer skills to relevant personnel from the Bank, by means of training
and documentation.

vi. Bidder shall provide and implement patches/ upgrades/ updates for hardware/ software/ Operating
System / Middleware etc as and when released by Service Provider/ OEM or as per requirements
of the Bank. Bidder should bring to notice of the Bank all releases/ version changes.

Page 23 of 232
RFP for procurement of Learning Management
System

vii. Bidder shall obtain a written permission from the Bank before applying any of the patches/
upgrades/ updates. Bidder has to support older versions of the hardware/ software/ Operating
System /Middleware etc in case the Bank chooses not to upgrade to latest version.

viii. Bidder shall provide maintenance support for Hardware/ Software/ Operating System/ Middleware
over the entire period of contract.

ix. All product updates, upgrades & patches shall be provided by the Bidder/ Service Provider free of
cost during warranty and AMC/ ATS/ S&S period.

x. Bidder shall provide legally valid Software Solution. The detailed information on license count
and type of license shall also be provided to the Bank.

xi. The Bidder shall keep the Bank explicitly informed the end of support dates on related
products/hardware/firmware and should ensure support during warranty and AMC/ATS/S&S.

27. WARRANTY AND ANNUAL MAINTENANCE CONTRACT:

i. The selected Bidder shall support the Software Solution during the period of warranty and AMC
(if included in purchase order) as specified in Scope of work in this RFP from the date of acceptance
of the Software Solution by State Bank of India.

ii. During the warranty and AMC period (if desired), the Bidder will have to undertake comprehensive
support of the Software Solution supplied by the Bidder and all new versions, releases, and updates
for all standard software to be supplied to the Bank at no additional cost. During the support period,
the Bidder shall maintain the Software Solution to comply with parameters defined for acceptance
criteria and the Bidder shall be responsible for all costs relating to labour, spares, maintenance
(preventive and corrective), compliance of security requirements and transport charges from and
to the Site (s) in connection with the repair/ replacement of the Software Solution, which, under
normal and proper use and maintenance thereof, proves defective in design, material or
workmanship or fails to conform to the specifications, as specified.

iii. During the support period (warranty and AMC, if desired), Service Provider shall ensure that
services of professionally qualified personnel are available for providing comprehensive on-site
maintenance of the Software Solution and its components as per the Bank’s requirements.
Comprehensive maintenance shall include, among other things, day to day maintenance of the
Software Solution as per the Bank’s policy, reloading of firmware/software, compliance to security
requirements, etc. when required or in the event of system crash/malfunctioning, arranging and
configuring facility as per the requirements of the Bank, fine tuning, system monitoring, log
maintenance, etc. The Bidder shall provide services of an expert engineer at SBI GITC, Belapur or
at other locations wherever required, whenever it is essential. In case of failure of Software
Solution, the Bidder shall ensure that Software Solution is made operational to the full satisfaction
of the Bank within the given timelines.

iv. Warranty/ AMC (if opted) for the system software/ off-the-shelf software will be provided to the
Bank as per the general conditions of sale of such software.

v. Support (Warranty/ AMC, if opted) would be on-site and comprehensive in nature and must have
back-to-back support from the OEM/Service Provider. Service Provider will warrant products
against defects arising out of faulty design etc. during the specified support period.

Page 24 of 232
RFP for procurement of Learning Management
System

vi. In the event of system break down or failures at any stage, protection available, which would
include the following, shall be specified.
(a) Diagnostics for identification of systems failures
(b) Protection of data/ Configuration
(c) Recovery/ restart facility
(d) Backup of system software/ Configuration

vii. Prompt support shall be made available as desired in this RFP during the support period at the
locations as and when required by the Bank.

viii. The Bidder shall be agreeable for on-call/on-site support during peak weeks (last and first week of
each month) and at the time of switching over from PR to DR and vice-versa. No extra charge shall
be paid by the Bank for such needs, if any, during the support period.

ix. Bidder support staff should be well trained to effectively handle queries raised by the
customers/employees of the Bank.

x. Updated escalation matrix shall be made available to the Bank once in each quarter and each time
the matrix gets changed.

28. PENALTIES:

As mentioned in Appendix-J of this RFP.

29. RIGHT TO VERIFICATION:

The Bank reserves the right to verify any or all of the statements made by the Bidder in the Bid
document and to inspect the Bidder’s facility, if necessary, to establish to its satisfaction about the
Bidder’s capacity/capabilities to perform the job.

30. INSPECTION AND TESTING:

i. The Bank reserves the right to carry out pre-shipment inspection or demand a demonstration of the
product on a representative model at Service Provider’s location.

ii. The inspection and test prior to dispatch of the product/at the time of final acceptance would be as
follows:

(a) Service Provider shall intimate the Bank before dispatching products for conducting inspection
and testing.
(b) The inspection and acceptance test may also be conducted at the point of delivery and / or at the
products’ final destination. Reasonable facilities and assistance, including access to drawings
and production data, shall be furnished to the inspectors, at no charge to the Bank. In case of
failure by Service Provider to provide necessary facility / equipment at its premises, all the cost
of such inspection like travel, boarding, lodging & other incidental expenses of the Bank’s
representatives to be borne by Service Provider.
iii. The Bank’s right to inspect, test the product/ solution after delivery of the same to the Bank and
where necessary reject the products/solution which does not meet the specification provided by the
Bank. This shall in no way be limited or waived by reason of the products/ solution having

Page 25 of 232
RFP for procurement of Learning Management
System

previously being inspected, tested and passed by the Bank or its representative prior to the products/
solution shipment from the place of origin by the Bank or its representative prior to the installation
and commissioning.

iv. Nothing stated hereinabove shall in any way release Service Provider from any warranty or other
obligations under this contract.

v. System integration testing and User Acceptance testing will be carried out as per requirement of
the Bank.

31. RIGHT TO AUDIT:

i. The Selected Bidder (Service Provider) shall be subject to annual audit by internal/ external
Auditors appointed by the Bank/ inspecting official from the Reserve Bank of India or any
regulatory authority, covering the risk parameters finalized by the Bank/ such auditors in the areas
of products (IT hardware/ Software) and services etc. provided to the Bank and Service Provider
is required to submit such certification by such Auditors to the Bank. Service Provider and or his /
their outsourced agents / sub – contractors (if allowed by the Bank) shall facilitate the same The
Bank can make its expert assessment on the efficiency and effectiveness of the security, control,
risk management, governance system and process created by the Service Provider. The Service
Provider shall, whenever required by the Auditors, furnish all relevant information, records/data to
them. All costs for such audit shall be borne by the Bank. Except for the audit done by Reserve
Bank of India or any statutory/regulatory authority, the Bank shall provide reasonable notice not
less than 7 (seven) days to Service Provider before such audit and same shall be conducted during
normal business hours.

ii. Where any deficiency has been observed during audit of the Service Provider on the risk parameters
finalized by the Bank or in the certification submitted by the Auditors, the Service Provider shall
correct/resolve the same at the earliest and shall provide all necessary documents related to
resolution thereof and the auditor shall further certify in respect of resolution of the deficiencies.
The resolution provided by the Service Provider shall require to be certified by the Auditors
covering the respective risk parameters against which such deficiencies have been observed.

iii. Service Provider further agrees that whenever required by the Bank, it will furnish all relevant
information, records/data to such auditors and/or inspecting officials of the Bank/Reserve Bank of
India and/or any regulatory authority(ies). The Bank reserves the right to call for and/or retain any
relevant information /audit reports on financial and security review with their findings undertaken
by the Service Provider. However, Service Provider shall not be obligated to provide records/data
not related to Services under the Agreement (e.g. internal cost breakup etc.).

iv. Service provider shall grant unrestricted and effective access to a) data related to the outsourced
activities; b) the relevant business premises of the service provider; subject to appropriate security
protocols, for the purpose of effective oversight use by the Bank, their auditors, regulators and
other relevant Competent Authorities, as authorised under law.

32. SUBCONTRACTING:

As per scope of this RFP, sub-contracting is not permitted.

Page 26 of 232
RFP for procurement of Learning Management
System

33. VALIDITY OF AGREEMENT:

The Agreement/ SLA will be valid for the period of 5 year (s) 6 months. The Bank reserves the
right to terminate the Agreement as per the terms of RFP/ Agreement.

34. LIMITATION OF LIABILITY:

i. The maximum aggregate liability of Service Provider, subject to below mentioned sub-clause (iii),
in respect of any claims, losses, costs or damages arising out of or in connection with this
RFP/Agreement shall not exceed the total Project Cost.

ii. Under no circumstances shall either Party be liable for any indirect, consequential or incidental
losses, damages or claims including loss of profit, loss of business or revenue.

iii. The limitations set forth herein shall not apply with respect to:

a) claims that are the subject of indemnification pursuant to infringement of third party
Intellectual Property Right;
b) damage(s) occasioned by the Gross Negligence or Willful Misconduct of Service Provider,
c) damage(s) occasioned by Service Provider for breach of Confidentiality Obligations,
d) Regulatory or statutory fines imposed by a Government or Regulatory agency for non-
compliance of statutory or regulatory guidelines applicable to the Bank, provided such
guidelines were brought to the notice of Service Provider.

For the purpose of abovementioned sub-clause (iii)(b) “Gross Negligence” means any act or
failure to act by a party which was in reckless disregard of or gross indifference to the obligation
of the party under this Agreement and which causes injury, damage to life, personal safety, real
property, harmful consequences to the other party, which such party knew, or would have known
if it was acting as a reasonable person, would result from such act or failure to act for which such
Party is legally liable. Notwithstanding the forgoing, Gross Negligence shall not include any action
taken in good faith.
“Willful Misconduct” means any act or failure to act with an intentional disregard of any
provision of this Agreement, which a party knew or should have known if it was acting as a
reasonable person, which would result in injury, damage to life, personal safety, real property,
harmful consequences to the other party, but shall not include any error of judgment or mistake
made in good faith.

35. CONFIDENTIALITY:

Confidentiality obligation shall be as per Non-disclosure agreement and clause 15 of Service


Level Agreement placed as Appendix-K to this RFP.

The Bank reserves its right to recall all the Bank’s materials including Confidential Information,
if stored in Service Provider system or environment, at any time during the term of the Contract
or immediately upon expiry or termination of Contract. Service Provider shall ensure complete
removal of such material or data from its system or environment (including backup media) to the
satisfaction of the Bank

Page 27 of 232
RFP for procurement of Learning Management
System

36. DELAY IN SERVICE PROVIDER’S PERFORMANCE:

i. Delivery, installation, commissioning of the Software Solution and performance of Services shall
be made by Service Provider within the timelines prescribed in Part II of this RFP.

ii. If at any time during performance of the Contract, Service Provider should encounter conditions
impeding timely delivery of the Software Solution and performance of Services, Service Provider
shall promptly notify the Bank in writing of the fact of the delay, its likely duration and cause(s).
As soon as practicable after receipt of Service Provider’s notice, the Bank shall evaluate the
situation and may, at its discretion, extend Service Providers’ time for performance, in which case,
the extension shall be ratified by the parties by amendment of the Contract.

iii. Any delay in performing the obligation/ defect in performance by Service Provider may result in
imposition of penalty, liquidated damages, invocation of Bank Guarantee and/or termination of
Contract (as laid down elsewhere in this RFP document).

37. SERVICE PROVIDER’S OBLIGATIONS:

i. Service Provider is responsible for and obliged to conduct all contracted activities in accordance
with the Contract using state-of-the-art methods and economic principles and exercising all means
available to achieve the performance specified in the Contract.

ii. Service Provider is obliged to work closely with the Bank’s staff, act within its own authority and
abide by directives issued by the Bank from time to time and complete implementation activities.

iii. Service Provider will abide by the job safety measures prevalent in India and will free the Bank
from all demands or responsibilities arising from accidents or loss of life, the cause of which is
Service Provider’s negligence. Service Provider will pay all indemnities arising from such
incidents and will not hold the Bank responsible or obligated.

iv. Service Provider is responsible for activities of its personnel or sub-contracted personnel (where
permitted) and will hold itself responsible for any misdemeanors.

v. Service Provider shall treat as confidential all data and information about the Bank, obtained in the
process of executing its responsibilities, in strict confidence and will not reveal such information
to any other party without prior written approval of the Bank as explained under ‘Non-Disclosure
Agreement’ in Appendix-L of this RFP.

vi. Without the Bank’s prior written permission, Service Provider shall not store or share Bank’s
materials including Confidential Information outside the geographical boundary of India or in/with
a public cloud.

vii. Service Provider agrees that the Bank either itself or through its authorized representative shall
have right to perform ethical hacking on public IPs and URLs of Service Provider, wherein the
Bank has integrations.

viii. Service Provider agrees that it shall communicate to the Bank well in advance along with detail
plan of action, if any changes in Service Provider’s environment/infrastructure is of the nature that
may have direct or indirect impact on the Services provided under this Agreement or operations of
its Services.

Page 28 of 232
RFP for procurement of Learning Management
System

ix. Service Provider at its own expenses, agrees to provide audit report of the process and
infrastructure from CERT-In empaneled ISSP, periodically, at least once in a year or as requested
by the Bank.

x. Service Provider shall report the incidents, including cyber incidents and those resulting in
disruption of service and data loss/ leakage immediately but not later than one hour of detection.

xi. The Service Provider shall execute Data Processing Agreement on the format attached as
Appendix-X to this RFP.

xii. Service Provider shall abide by the provisions of the DPDP Act, 2023 - 11th August, 2023; CG-
DL-E-12082023-248045 as and when the relevant rules and guidelines come into force.

xiii. Service Provider shall ensure confidentiality, integrity and availability of the Bank’s information
at all times and shall comply with regard to the followings:
(a) Acceptable Usage Policy: Information assets of Service Provider should be provided to its
authorized users only for the intended purpose and users shall adhere to safe and acceptable
usage practices.
(b) Email Usage: The employees of Service Provider shall use authorized media only for email
communication.
(c) Password Management: Service Provider shall have a password management system in
place, which ensures secure passwords.
(d) Physical and Environmental Security: Service Provider shall provide sufficient guidance for
its employees with respect to physical and environmental security.
(e) Logical Access Control and User Access Management: The access to information and
information systems shall be according to the principles of “least privilege” and "need to
know" basis to authorized users of Service Provider.
(f) Infrastructure Security: Service Provider shall ensure correct and secure operations of
information processing facilities.
(g) Change Management: Service Provider shall provide a managed and orderly method in
which changes to the information technology environment are requested, tested and approved
prior to installation or implementation.
(h) Information Security Incident Management: Service provider shall ensure effective
management of information security incidents, including the preservation of digital evidence.
(i) Communications Strategy: Service provider shall ensure prevention of unauthorized access
to communications traffic, or to any written information that is transmitted or transferred.
(j) Service Provider Relationship: Service provider shall ensure that information security risks
related to outsourcing of Services to any other party, if permitted by the Bank, shall be
assessed and managed regularly, to the satisfaction of the Bank.
(k) Digital Risk: Service Provider shall ensure that electronic data is gathered and preserved in
a systematic, standardized and legal manner to ensure the admissibility of the evidence for
the purpose of any legal proceedings or investigations, whenever demanded by the Bank.
(l) Change Management: Service Provider shall provide a managed and orderly method in
which changes to the information technology environment (including, database, operating
system, application, networking etc.) are requested, tested and approved prior to installation
or implementation.

Page 29 of 232
RFP for procurement of Learning Management
System

38. TECHNICAL DOCUMENTATION:

i. Service Provider shall deliver the following documents to the Bank for every software including
third party software before software/ service become operational, which includes, user manuals,
installation manuals, operation manuals, design documents, process documents, technical manuals,
functional specification, software requirement specification, on-line tutorials/ CBTs, system
configuration documents, system/database administrative documents, debugging/diagnostics
documents, test procedures etc.

ii. Service Provider shall also provide documents related to Review Records/ Test Bug Reports/ Root
Cause Analysis Report, list of all Product components, list of all dependent/external modules and
list of all documents relating to traceability of the Software Solution as and when applicable.

iii. Service Provider shall also provide the MIS reports, data flow documents, data register and data
dictionary as per requirements of the Bank. Any level/ version changes and/or clarification or
corrections or modifications in the above-mentioned documentation should be supplied by Service
Provider to the Bank, free of cost in timely manner.

39. INTELLECTUAL PROPERTY RIGHTS AND OWNERSHIP:

i. For any technology / Software / solution developed/used/supplied by Service Provider for


performing Services or licensing and implementing Software and solution for the Bank as part of
this RFP, Service Provider shall have right to use as well right to license for the outsourced services
or third party product. The Bank shall not be liable for any license or IPR violation on the part of
Service provider.

ii. Without the Bank’s prior written approval, Service provider will not, in performing the Services,
use or incorporate, link to or call or depend in any way upon, any software or other intellectual
property that is subject to an Open Source or Copy-left license or any other agreement that may
give rise to any third-party claims or to limit the Bank’s rights under this RFP.

iii. Subject to below mentioned sub-clause (iv) and (v) of this RFP, Service Provider shall, at its own
expenses without any limitation, indemnify and keep fully and effectively indemnified the Bank
against all cost, claims, damages, demands, expenses and liabilities whatsoever nature arising out
of or in connection with all claims of infringement of Intellectual Property Right, including patent,
trademark, copyright, trade secret or industrial design rights of any third party arising from use of
the technology / Software / products or any part thereof in India or abroad, for Software
licensed/developed as part of this engagement. In case of violation/ infringement of patent/
trademark/ copyright/ trade secret or industrial design or any other Intellectual Property Right of
third party, Service Provider shall, after due inspection and testing, without any additional cost (a)
procure for the Bank the right to continue to using the Software supplied; or (b) replace or modify
the Software to make it non-infringing so long as the replacement to or modification of Software
provide substantially equivalent functional, performance and operational features as the infringing
Software which is being replaced or modified; or (c) to the extent that the activities under clauses
(a) and (b) above are not commercially reasonable, refund to the Bank all amounts paid by the
Bank to Service Provider under this RFP/Agreement.

iv. The Bank will give (a) notice to Service provider of any such claim without delay/provide
reasonable assistance to Service provider in disposing of the claim; (b) sole authority to defend and
settle such claim and; (c) will at no time admit to any liability for or express any intent to settle the
claim provided that (i) Service Provider shall not partially settle any such claim without the written

Page 30 of 232
RFP for procurement of Learning Management
System

consent of the Bank, unless such settlement releases the Bank fully from such claim, (ii) Service
Provider shall promptly provide the Bank with copies of all pleadings or similar documents relating
to any such claim, (iii) Service Provider shall consult with the Bank with respect to the defense and
settlement of any such claim, and (iv) in any litigation to which the Bank is also a party, the Bank
shall be entitled to be separately represented at its own expenses by counsel of its own selection.

v. Service Provider shall have no obligations with respect to any infringement claims to the extent
that the infringement claim arises or results from: (i) Service Provider’s compliance with the
Bank’s specific technical designs or instructions (except where Service Provider knew or should
have known that such compliance was likely to result in an infringement claim and Service
Provider did not inform the Bank of the same); (ii) any unauthorized modification or alteration of
the Software by the Bank or its employee; (iii) failure to implement an update to the licensed
software that would have avoided the infringement, provided Service Provider has notified the
Bank in writing that use of the update would have avoided the claim.

vi. Service Provider shall grant the Bank a fully paid-up, irrevocable, non-exclusive, unlimited, license
throughout the territory of India or abroad to access, replicate and use software provided by Service
Provider, including all inventions, designs and marks embodied therein perpetually. The source
code / object code / executable code and compilation procedures of the Software Solution should
be placed under an Escrow arrangement. All necessary documentation in this behalf should be
made available to the Bank. In case of Escrow arrangement, complete details and the location and
the terms and conditions applicable for escrow must be specified. Any update or upgrade to source
code should be informed and brought under Escrow or made available to the Bank.

40. LIQUIDATED DAMAGES:

If the Service Provider fails to deliver product and/or perform any or all the Services within the
stipulated time, schedule as specified in this RFP/Agreement, the Bank may, without prejudice to
its other remedies under the RFP/Agreement, and unless otherwise extension of time is agreed
upon without the application of liquidated damages, deduct from the Project Cost, as liquidated
damages a sum equivalent to 0.5% of total Project Cost for delay of each week or part thereof
maximum up to 5% of total Project Cost. Once the maximum deduction is reached, the Bank may
consider termination of the Agreement.

41. CONFLICT OF INTEREST:

i. Bidder shall not have a conflict of interest (the “Conflict of Interest”) that affects the bidding
Process. Any Bidder found to have a Conflict of Interest shall be disqualified. In the event of
disqualification, the Bank shall be entitled to forfeit and appropriate the Bid Security and/or
Performance Security (Bank Guarantee), as the case may be, as mutually agreed upon genuine
estimated loss and damage likely to be suffered and incurred by the Bank and not by way of penalty
for, inter alia, the time, cost and effort of the Bank, including consideration of such Bidder’s
proposal (the “Damages”), without prejudice to any other right or remedy that may be available to
the Bank under the bidding Documents and/ or the Agreement or otherwise.

ii. Without limiting the generality of the above, a Bidder shall be deemed to have a Conflict of Interest
affecting the bidding Process, if:

(a) the Bidder, its Member or Associate (or any constituent thereof) and any other Bidder, its
Member or any Associate thereof (or any constituent thereof) have common controlling

Page 31 of 232
RFP for procurement of Learning Management
System

shareholders or other ownership interest; provided that this disqualification shall not apply in
cases where the direct or indirect shareholding of a Bidder, its Member or an Associate thereof
(or any shareholder thereof having a shareholding of more than 5% (five per cent) of the paid
up and subscribed share capital of such Bidder, Member or Associate, as the case may be) in
the other Bidder, its Member or Associate, has less than 5% (five per cent) of the subscribed
and paid up equity share capital thereof; provided further that this disqualification shall not
apply to any ownership by a bank, insurance company, pension fund or a public financial
institution referred to in section 2(72) of the Companies Act, 2013. For the purposes of this
Clause, indirect shareholding held through one or more intermediate persons shall be computed
as follows: (aa) where any intermediary is controlled by a person through management control
or otherwise, the entire shareholding held by such controlled intermediary in any other person
(the “Subject Person”) shall be taken into account for computing the shareholding of such
controlling person in the Subject Person; and (bb) subject always to sub-clause (aa) above,
where a person does not exercise control over an intermediary, which has shareholding in the
Subject Person, the computation of indirect shareholding of such person in the Subject Person
shall be undertaken on a proportionate basis; provided, however, that no such shareholding shall
be reckoned under this sub-clause (bb) if the shareholding of such person in the intermediary is
less than 26% of the subscribed and paid up equity shareholding of such intermediary; or
(b) a constituent of such Bidder is also a constituent of another Bidder; or
(c) such Bidder, its Member or any Associate thereof receives or has received any direct or indirect
subsidy, grant, concessional loan or subordinated debt from any other Bidder, its Member or
Associate, or has provided any such subsidy, grant, concessional loan or subordinated debt to
any other Bidder, its Member or any Associate thereof; or
(d) such Bidder has the same legal representative for purposes of this Bid as any other Bidder; or
(e) such Bidder, or any Associate thereof, has a relationship with another Bidder, or any Associate
thereof, directly or through common third party/ parties, that puts either or both of them in a
position to have access to each other’s information about, or to influence the Bid of either or
each other; or
(f) such Bidder or any of its affiliates thereof has participated as a consultant to the Bank in the
preparation of any documents, design or technical specifications of the RFP.
iii. For the purposes of this RFP, Associate means, in relation to the Bidder, a person who controls, is
controlled by, or is under the common control with such Bidder (the “Associate”). As used in this
definition, the expression “control” means, with respect to a person which is a company or
corporation, the ownership, directly or indirectly, of more than 50% (fifty per cent) of the voting
shares of such person, and with respect to a person which is not a company or corporation, the
power to direct the management and policies of such person by operation of law or by contract.

42. CODE OF INTEGRITY AND DEBARMENT/BANNING:

i. The Bidder and their respective officers, employees, agents and advisers shall observe the highest
standard of ethics during the bidding Process. Notwithstanding anything to the contrary contained
herein, the Bank shall reject Bid without being liable in any manner whatsoever to the Bidder if it
determines that the Bidder has, directly or indirectly or through an agent, engaged in
corrupt/fraudulent/coercive/undesirable or restrictive practices in the bidding Process.

Page 32 of 232
RFP for procurement of Learning Management
System

ii. Bidders are obliged under code of integrity to Suo-moto proactively declare any conflicts of interest
(pre-existing or as and as soon as these arise at any stage) in RFP process or execution of contract.
Failure to do so would amount to violation of this code of integrity.

iii. Any Bidder needs to declare any previous transgressions of such a code of integrity with any entity
in any country during the last three years or of being debarred by any other procuring entity. Failure
to do so would amount to violation of this code of integrity.

iv. For the purposes of this clause, the following terms shall have the meaning hereinafter, respectively
assigned to them:
(a) “corrupt practice” means making offers, solicitation or acceptance of bribe, rewards or
gifts or any material benefit, in exchange for an unfair advantage in the procurement process
or to otherwise influence the procurement process or contract execution;

(b) “Fraudulent practice” means any omission or misrepresentation that may mislead or
attempt to mislead so that financial or other benefits may be obtained or an obligation
avoided. This includes making false declaration or providing false information for
participation in a RFP process or to secure a contract or in execution of the contract;

(c) “Coercive practice” means harming or threatening to harm, persons or their property to
influence their participation in the procurement process or affect the execution of a contract;

(d) “Anti-competitive practice” means any collusion, bid rigging or anti-competitive


arrangement, or any other practice coming under the purview of the Competition Act, 2002,
between two or more bidders, with or without the knowledge of the Bank, that may impair
the transparency, fairness and the progress of the procurement process or to establish bid
prices at artificial, non-competitive levels;

(e) “Obstructive practice” means materially impede the Bank’s or Government agencies
investigation into allegations of one or more of the above mentioned prohibited practices
either by deliberately destroying, falsifying, altering; or by concealing of evidence material
to the investigation; or by making false statements to investigators and/or by threatening,
harassing or intimidating any party to prevent it from disclosing its knowledge of matters
relevant to the investigation or from pursuing the investigation; or by impeding the Bank’s
rights of audit or access to information;

v. Debarment/Banning
Empanelment/participation of Bidders and their eligibility to participate in the Bank’s
procurements is subject to compliance with code of integrity and performance in contracts as per
terms and conditions of contracts. Following grades of debarment from empanelment/participation
in the Bank’s procurement process shall be considered against delinquent Vendors/Bidders:

(a) Holiday Listing (Temporary Debarment - suspension):

Whenever a Vendor is found lacking in performance, in case of less frequent and less serious
misdemeanors, the vendors may be put on a holiday listing (temporary debarment) for a period
upto 12 (twelve) months. When a Vendor is on the holiday listing, he is neither invited to bid nor
are his bids considered for evaluation during the period of the holiday. The Vendor is, however,
not removed from the list of empaneled vendors, if any. Performance issues which may justify
holiday listing of the Vendor are:

Page 33 of 232
RFP for procurement of Learning Management
System

 Vendors who have not responded to requests for quotation/tenders consecutively three times
without furnishing valid reasons, if mandated in the empanelment contract (if applicable);

 Repeated non-performance or performance below specified standards (including after sales


services and maintenance services etc.);

 Vendors undergoing process for removal from empanelment/participation in procurement


process or banning/debarment may also be put on a holiday listing during such proceedings.

(b) Debarment from participation including removal from empanelled list

Debarment of a delinquent Vendor (including their related entities) for a period (one to two years)
from the Bank’s procurements including removal from empanelment, wherever such Vendor is
empaneled, due to severe deficiencies in performance or other serious transgressions. Reasons
which may justify debarment and/or removal of the Vendor from the list of empaneled vendors
are:

 Without prejudice to the rights of the Bank under Clause 42” CODE OF INTEGRITY AND
DEBARMENT/BANNING " sub-clause (i) hereinabove, if a Bidder is found by the Bank to have
directly or indirectly or through an agent, engaged or indulged in any
corrupt/fraudulent/coercive/undesirable or restrictive practices during the bidding Process, such
Bidder shall not be eligible to participate in any EOI/RFP issued by the Bank during a period
of 2 (two) years from the date of debarment.

 Vendor fails to abide by the terms and conditions or to maintain the required
technical/operational staff/equipment or there is change in its production/service line affecting
its performance adversely, or fails to cooperate or qualify in the review for empanelment;

 If Vendor ceases to exist or ceases to operate in the category of requirements for which it is
empaneled;

 Bankruptcy or insolvency on the part of the vendor as declared by a court of law; or

 Banning by Ministry/Department or any other Government agency;

 Other than in situations of force majeure, technically qualified Bidder withdraws from the
procurement process or after being declared as successful bidder: (i) withdraws from the
process; (ii) fails to enter into a Contract; or (iii) fails to provide performance guarantee or any
other document or security required in terms of the RFP documents;

 If the Central Bureau of Investigation/CVC/C&AG or Vigilance Department of the Bank or


any other investigating agency recommends such a course in respect of a case under
investigation;

 Employs a Government servant or the Bank’s Officer within two years of his retirement, who
has had business dealings with him in an official capacity before retirement; or

 Any other ground, based on which the Bank considers, that continuation of Contract is not in
public interest.

 If there is strong justification for believing that the partners/directors/proprietor/agents of the


firm/company has been guilty of violation of the code of integrity or Integrity Pact (wherever
applicable), evasion or habitual default in payment of any tax levied by law; etc.

Page 34 of 232
RFP for procurement of Learning Management
System

(c) Banning from Ministry/Country-wide procurements


For serious transgression of code of integrity, a delinquent Vendor (including their related entities)
may be banned/debarred from participation in a procurement process of the Bank including
procurement process of any procuring entity of Government of India for a period not exceeding
three years commencing from the date of debarment.

43. TERMINATION FOR DEFAULT:

i. The Bank may, without prejudice to any other remedy for breach of Agreement, written notice of
not less than 30 (thirty) days, terminate the Agreement in whole or in part:
(a) If the Service Provider fails to deliver any or all the obligations within the time period
specified in the RFP/Agreement, or any extension thereof granted by the Bank;
(b) If the Service Provider fails to perform any other obligation(s) under the RFP/Agreement;
(c) Violations of any terms and conditions stipulated in the RFP;
(d) On happening of any termination event mentioned in the RFP/Agreement.

Prior to providing a written notice of termination to Service Provider under abovementioned sub-
clause (i) (a) to (c), the Bank shall provide Service Provider with a written notice of 30 (thirty)
days to cure such breach of the Agreement. If the breach continues or remains unrectified after
expiry of cure period, the Bank shall have right to initiate action in accordance with above clause.

ii. In the event the Bank terminates the Contract in whole or in part for the breaches attributable to
Service Provider, the Bank may procure, upon such terms and in such manner as it deems
appropriate, software and Services similar to those undelivered, and subject to limitation of liability
clause of this RFP Service Provider shall be liable to the Bank for any increase in cost for such
similar Software Solution and/or Services. However, Service Provider shall continue performance
of the Contract to the extent not terminated.

iii. If the Contract is terminated under any termination clause, Service Provider shall handover all
documents/ executable/ Bank’s data or any other relevant information to the Bank in timely manner
and in proper format as per scope of this RFP and shall also support the orderly transition to another
vendor or to the Bank.

iv. During the transition, Service Provider shall also support the Bank on technical queries/support on
process implementation or in case of software provision for future upgrades.

v. The Bank’s right to terminate the Contract will be in addition to the penalties / liquidated damages
and other actions as specified in this RFP.

vi. In the event of failure of the Service Provider to render the Services or in the event of termination
of Agreement or expiry of term or otherwise, without prejudice to any other right, the Bank at its
sole discretion may make alternate arrangement for getting the Services contracted with another
vendor. In such case, the Bank shall give prior notice to the existing Service Provider. The existing
Service Provider shall continue to provide services as per the terms of the Agreement until a ‘New
Service Provider’ completely takes over the work. During the transition phase, the existing Service
Provider shall render all reasonable assistance to the new Service Provider within such period
prescribed by the Bank, at no extra cost to the Bank, for ensuring smooth switch over and continuity
of services, provided where transition services are required by the Bank or New Service Provider
beyond the term of this Agreement, reasons for which are not attributable to Service Provider,
payment shall be made to Service Provider for such additional period on the same rates and

Page 35 of 232
RFP for procurement of Learning Management
System

payment terms as specified in this Agreement. If existing Service Provider is breach of this
obligation, they shall be liable for paying a penalty of 10% of the total Project Cost on demand to
the Bank, which may be settled from the payment of invoices or Bank Guarantee for the contracted
period or by invocation of Bank Guarantee.

44. FORCE MAJEURE:

i. Notwithstanding the provisions of terms and conditions contained in this RFP, neither party shall
be liable for any delay in in performing its obligations herein if and to the extent that such delay is
the result of an event of Force Majeure.

ii. For the purposes of this clause, 'Force Majeure' means and includes wars, insurrections, revolution,
civil disturbance, riots, terrorist acts, public strikes, hartal, bundh, fires, floods, epidemic,
quarantine restrictions, freight embargoes, declared general strikes in relevant industries, Vis
Major, acts of Government in their sovereign capacity, impeding reasonable performance of
Service Provider and / or Sub-Contractor but does not include any foreseeable events, commercial
considerations or those involving fault or negligence on the part of the party claiming Force
Majeure.

iii. If a Force Majeure situation arises, Service Provider shall promptly notify the Bank in writing of
such condition and the cause thereof. Unless otherwise directed by the Bank in writing, Service
Provider shall continue to perform its obligations under the Contract as far as is reasonably
practical, and shall seek all reasonable alternative means for performance not prevented by the
Force Majeure event.

iv. If the Force Majeure situation continues beyond 30 (thirty) days, either party shall have the right
to terminate the Agreement by giving a notice to the other party. Neither party shall have any penal
liability to the other in respect of the termination of the Agreement as a result of an event of Force
Majeure. However, Service Provider shall be entitled to receive payments for all services actually
rendered up to the date of the termination of the Agreement.

45. TERMINATION FOR INSOLVENCY:

The Bank may, at any time, terminate the Contract by giving written notice to Service Provider, if
Service Provider becomes Bankrupt or insolvent or any application for bankruptcy, insolvency or
winding up has been filed against it by any person. In this event, termination will be without
compensation to Service Provider, provided that such termination will not prejudice or affect any
right of action or remedy, which has accrued or will accrue thereafter to the Bank.

46. TERMINATION FOR CONVENIENCE:

i. The Bank, by written notice of not less than 90 (ninety) days, may terminate the Contract, in whole
or in part, for its convenience.

ii. In the event of termination of the Agreement for the Bank’s convenience, Service Provider shall
be entitled to receive payment for the Services rendered (delivered) up to the effective date of
termination.

Page 36 of 232
RFP for procurement of Learning Management
System

47. DISPUTES / ARBITRATION (APPLICABLE IN CASE OF SUCCESSFUL BIDDER


ONLY):

i. All disputes or differences whatsoever arising between the parties out of or in connection with the
Contract (including dispute concerning interpretation) or in discharge of any obligation arising out
of the Contract (whether during the progress of work or after completion of such work and whether
before or after the termination of the Contract, abandonment or breach of the Contract), shall be
settled amicably. If however, the parties are not able to solve them amicably within 30 (thirty) days
after dispute occurs as evidenced through the first written communication from any Party notifying
the other regarding the disputes, either party (SBI or Service Provider), give written notice to other
party clearly setting out there in specific dispute(s) and/or difference(s) and shall be referred to a
sole arbitrator mutually agreed upon, and the award made in pursuance thereof shall be binding on
the parties. In the absence of consensus about the single arbitrator, the dispute may be referred to
an arbitration panel; one to be nominated by each party and the said arbitrators shall nominate a
presiding arbitrator, before commencing the arbitration proceedings. The arbitration shall be settled
in accordance with the applicable Indian Laws and arbitration proceeding shall be conducted in
accordance with Arbitration and Conciliation Act 1996 and any amendment thereto. Any appeal
will be subject to the exclusive jurisdiction of courts at Mumbai.

ii. Service Provider shall continue work under the Contract during the arbitration proceedings unless
otherwise directed by the Bank or unless the matter is such that the work cannot possibly be
continued until the decision of the arbitrator is obtained.

iii. Arbitration proceeding shall be held at Mumbai, India, and the language of the arbitration
proceedings and that of all documents and communications between the parties shall be in English.

48. GOVERNING LANGUAGE:

The governing language shall be English.

49. APPLICABLE LAW:

The Contract shall be interpreted in accordance with the laws of the Union of India and shall be
subjected to the exclusive jurisdiction of courts at Mumbai.

50. TAXES AND DUTIES:

i. Service Provider shall be liable to pay all corporate taxes and income tax that shall be levied
according to the laws and regulations applicable from time to time in India and the price Bid by
Service Provider shall include all such taxes in the quoted price.

ii. Prices quoted should be exclusive of GST. All other present and future tax /duties, if any applicable
and also cost of incidental services such as transportation, road permits, insurance etc. should be
included in the price quoted. The quoted prices and taxes/duties and statutory levies such as GST
etc. should be specified in the separate sheet (Appendix-F).

iii. Custom duty as also cost of incidental services such as transportation, road permits, insurance etc.
in connection with delivery of products at site including any incidental services and
commissioning, if any, which may be levied, shall be borne by Service Provider and the Bank shall
not be liable for the same. Only specified taxes/ levies and duties in the Appendix-F will be
payable by the Bank on actuals upon production of original receipt wherever required. If any

Page 37 of 232
RFP for procurement of Learning Management
System

specified taxes/ levies and duties in Appendix-F are replaced by the new legislation of
Government, same shall be borne by the Bank. The Bank shall not be liable for payment of those
Central / State Government taxes, levies, duties or any tax/ duties imposed by local bodies/
authorities, which are not specified by the Bidder in Appendix-F

iv. Prices payable to Service Provider as stated in the Contract shall be firm and not subject to
adjustment during performance of the Contract, irrespective of reasons whatsoever, including
exchange rate fluctuations, any upward revision in Custom duty.

v. Income / Corporate Taxes in India: The Bidder shall be liable to pay all corporate taxes and income
tax that shall be levied according to the laws and regulations applicable from time to time in India
and the price Bid by the Bidder shall include all such taxes in the contract price.

vi. Parties shall fulfil all their respective compliance requirements under the GST law. This shall
include (but not be limited to):

(a) Bank shall pay GST amount after verifying the details of invoice on GSTR 2B on GSTN
portal.
(b) In case any credit, refund or other benefit is denied or delayed to the Bank due to any non-
compliance of GST Laws by the vendor including but not limited to, failure to upload the
details of invoice or any other details of the supply of goods or services, as the case may
be, as required under GST Law on the appropriate government’s goods and services tax
network portal, the failure to pay applicable GST to the Government or due to non-
furnishing or furnishing of incorrect or incomplete documents by the party, vendor would
reimburse the loss to the Bank including, but not limited to, any tax loss or denial of credit,
interest and penalty and reasonable fee for contesting the demand. Amount payable under
this clause shall survive irrespective of termination of agreement if the demand pertains
to the agreement period.
(c) In case of any tax demand or denial of ITC or refund or any other benefit by the GST
authorities, both the parties may mutually decide whether to contest the matter. In case, it
is decided to contest the matter, the vendor is required to deposit the disputed demand
including interest and penalty proposed with the other party without waiting for the
outcome of the legal proceeding. In case the matter is finally decided in favour of the other
party, the other party is required to refund the amount received from the defaulting party
without any interest.

vii. All expenses, stamp duty and other charges/ expenses in connection with the execution of the
Agreement as a result of this RFP process shall be borne by Service Provider. The Agreement/
Contract would be stamped as per Maharashtra Stamp Act, 1958 and any amendment thereto.

51. TAX DEDUCTION AT SOURCE:

i. Wherever the laws and regulations require deduction of such taxes at the source of payment, the
Bank shall effect such deductions from the payment due to Service Provider. The remittance of
amounts so deducted and issuance of certificate for such deductions shall be made by the Bank as
per the laws and regulations for the time being in force. Nothing in the Contract shall relieve
Service Provider from his responsibility to pay any tax that may be levied in India on income and
profits made by Service Provider in respect of this Contract.

Page 38 of 232
RFP for procurement of Learning Management
System

ii. Service Provider’s staff, personnel and labour will be liable to pay personal income taxes in India
in respect of such of their salaries and wages as are chargeable under the laws and regulations for
the time being in force, and Service Provider shall perform such duties in regard to such deductions
thereof as may be imposed on him by such laws and regulations.

iii. Bank will deduct TDS at applicable rate while making payment under GST Act 2017 and Income
Tax Act 1961.

52. TENDER FEE:

Non-refundable Tender Fee should be directly credited to the designated account as mentioned in
Schedule of Events. Proof of remittance of Tender Fee in the designated account should be
enclosed with the technical bid. The Bids without tender fee will not be considered valid.

53. EXEMPTION OF EMD AND TENDER FEE:

Micro & Small Enterprises (MSE) units and Start-ups* are exempted from payment of EMD and
tender fee provided the products and/or services they are offering, are manufactured and/or services
rendered by them. Exemption as stated above is not applicable for selling products and/or services,
manufactured/ rendered by other companies.

Bidder should submit supporting documents issued by competent Govt. bodies to become eligible
for the above exemption.

Bidders may please note:

i. NSIC certificate/ Udyog Aadhar Memorandum/Udyam Registration Certificate should cover the
items tendered to get EMD/tender fee exemptions. Certificate/ Memorandum should be valid as on
due date / extended due date for Bid submission.

ii. “Start-up” company should enclose the valid Certificate of Recognition issued by Department for
Promotion of Industry and Internal Trade (DPIIT), (erstwhile Department of Industrial Policy and
Promotion), Ministry of Commerce & Industry, Govt. of India with the technical bid.

iii. *Start-ups which are not under the category of MSE shall not be eligible for exemption of tender
fee.

iv. Bidder who solely on its own, fulfils each eligibility criteria condition as per the RFP terms and
conditions and who are having MSE or Start-up company status, can claim exemption for EMD/
tender fee.

v. If all these conditions are not fulfilled or supporting documents are not submitted with the technical
Bid, then all those Bids without tender fees /EMD will be summarily rejected and no queries will
be entertained.

54. NOTICES:

Any notice given by one party to the other pursuant to this Contract shall be sent to other party in writing
or by Fax and confirmed in writing to other Party’s address. The notice shall be effective when delivered
or on the notice’s effective date whichever is later.

Page 39 of 232
RFP for procurement of Learning Management
System

Part-II

Page 40 of 232
RFP for procurement of Learning Management
System

Appendix- A

BID FORM (TECHNICAL BID)


[On Company’s letter head]
(To be included in Technical Bid)

Date: ______________
To:
State Bank of India,
HRMS Department,
Global IT Centre Belapur,
Railway Station Building,
Tower # 7, 4th floor, CBD Belapur,
Navi Mumbai 400614.

Dear Sir,
Ref: RFP No. SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

We have examined the above RFP, the receipt of which is hereby duly acknowledged and subsequent pre-
bid clarifications/ modifications / revisions, if any, furnished by the Bank and we offer to supply, Install,
test, commission and support the desired Software Solution detailed in this RFP. We shall abide by the terms
and conditions spelt out in the RFP. We shall participate and submit the commercial Bid through online
auction to be conducted by the Bank’s authorized service provider, on the date advised to us.

i. While submitting this Bid, we certify that:

 The undersigned is authorized to sign on behalf of the Bidder and the necessary support document
delegating this authority is enclosed to this letter.
 We declare that we are not in contravention of conflict of interest obligation mentioned in this RFP.
 Prices submitted by us have been arrived at without agreement with any other Bidder of this RFP
for the purpose of restricting competition.
 The prices submitted by us have not been disclosed and will not be disclosed to any other Bidder
responding to this RFP.
 We have not induced or attempted to induce any other Bidder to submit or not to submit a Bid for
restricting competition.
 We have quoted for all the products/services mentioned in this RFP in our price Bid.
 The rate quoted in the price Bids are as per the RFP and subsequent pre-Bid clarifications/
modifications/ revisions furnished by the Bank, without any exception.
ii. We undertake that, in competing for (and, if the award is made to us, in executing) the above contract, we
will strictly observe the laws against fraud and corruption in force in India namely “Prevention of
Corruption Act 1988”.

iii. We undertake that we will not offer, directly or through intermediaries, any bribe, gift, consideration,
reward, favour, any material or immaterial benefit or other advantage, commission, fees, brokerage
or inducement to any official of the Bank, connected directly or indirectly with the bidding process,

Page 41 of 232
RFP for procurement of Learning Management
System

or to any person, organisation or third party related to the contract in exchange for any advantage
in the bidding, evaluation, contracting and implementation of the contract .

iv. We undertake that we will not resort to canvassing with any official of the Bank, connected directly or
indirectly with the bidding process to derive any undue advantage. We also understand that any violation in
this regard, will result in disqualification of bidder from further bidding process.

v. It is further certified that the contents of our Bid are factually correct. We have not sought any deviation
to the terms and conditions of the RFP. We also accept that in the event of any information / data /
particulars proving to be incorrect, the Bank will have right to disqualify us from the RFP without
prejudice to any other rights available to the Bank.

vi. We certify that while submitting our Bid document, we have not made any changes in the contents of the
RFP document, read with its amendments/clarifications provided by the Bank.

vii. We agree to abide by all the RFP terms and conditions, contents of Service Level Agreement as per
template available at Appendix-K of this RFP and the rates quoted therein for the orders awarded by the
Bank up to the period prescribed in the RFP, which shall remain binding upon us.

viii. On acceptance of our technical bid, we undertake to participate in Reverse auction by way of login in
Reverse auction tool. In case of declaration as successful Vendor on completion of Reverse auction
process, we undertake to complete the formalities as specified in this RFP.

ix. The commercial bidding process will be through the reverse auction process to be conducted by the Bank
or a company authorized by the Bank. We understand that our authorized representative who would
participate in the reverse auction process would be possessing a valid digital certificate for the purpose.

x. Till execution of a formal contract, the RFP, along with the Bank’s notification of award by way of
issuance of purchase order and our acceptance thereof, would be binding contractual obligation on the
Bank and us.

xi. We understand that you are not bound to accept the lowest or any Bid you may receive and you may reject
all or any Bid without assigning any reason or giving any explanation whatsoever.

xii. We hereby certify that our name does not appear in any “Caution” list of RBI / IBA or any other regulatory
body for outsourcing activity.

xiii. We hereby certify that on the date of submission of Bid for this RFP, we do not have any past/ present
litigation which adversely affect our participation in this RFP or we are not under any debarment/blacklist
period for breach of contract/fraud/corrupt practices by any Scheduled Commercial Bank/ Public Sector
Undertaking/ State or Central Government or their agencies/departments.

xiv. We hereby certify that we (participating in RFP as OEM)/ our OEM have a support center and level 3
escalation (highest) located in India.

xv. We hereby certify that on the date of submission of Bid, we do not have any Service Level Agreement
pending to be signed with the Bank for more than 6 months from the date of issue of purchase order.

xvi. We hereby certify that we have read the clauses contained in O.M. No. 6/18/2019-PPD, dated 23.07.2020
order (Public Procurement No. 1), order (Public Procurement No. 2) dated 23.07.2020 and order (Public
Procurement No. 3) dated 24.07.2020 along with subsequent Orders and its amendment thereto regarding
restrictions on procurement from a bidder of a country which shares a land border with India. We further

Page 42 of 232
RFP for procurement of Learning Management
System

certify that we and our OEM are not from such a country or if from a country, has been registered with
competent authority (where applicable evidence of valid certificate to be attached). We certify that we
and our OEM fulfil all the requirements in this regard and are eligible to participate in this RFP.

xvii. If our Bid is accepted, we undertake to enter into and execute at our cost, when called upon by the Bank
to do so, a contract in the prescribed form and we shall be solely responsible for the due performance of
the contract.

xviii. We, further, hereby undertake and agree to abide by all the terms and conditions stipulated by the Bank
in the RFP document.

Dated this ....... day of ............................ 20..


______________________________________________________________
(Signature) (Name)
(In the capacity of)
Duly authorised to sign Bid for and on behalf of
______________________________________
Seal of the company.

Page 43 of 232
RFP for procurement of Learning Management
System

Appendix- B

Bidder’s Eligibility Criteria

Bidders meeting the following criteria are eligible to submit their Bids along with supporting documents. If
the Bid is not accompanied by all the required documents supporting eligibility criteria, the same would be
rejected:

S. Eligibility Criteria Compliance Documents to be submitted


No. (Yes/No)
1. The Bidder must be an Indian Certificate of Incorporation issued by
Company/ LLP /Partnership firm Registrar of Companies and full address of
registered under applicable Act in the registered office along with
India. Memorandum & Articles of Association/
Partnership Deed.
2. The Bidder (including its OEM, if Bidder should specifically certify in
any) must comply with the Appendix-A in this regard and provide copy
requirements contained in O.M. No. of registration certificate issued by
6/18/2019-PPD, dated 23.07.2020 competent authority wherever applicable.
order (Public Procurement No. 1),
order (Public Procurement No. 2)
dated 23.07.2020 and order (Public
Procurement No. 3) dated
24.07.2020
3. The Bidder must have an average Copy of the audited financial statement for
turnover of minimum Rs. 20 crore required financial years. (Certificate from
during last 03 (three) financial statutory auditor for preceding/current 3
year(s) i.e. FY 2020-21, FY 2021-22 years may be submitted.)
and FY 2022-23.
4. The Bidder should be profitable Copy of the audited financial statement
organization on the basis of profit along with profit and loss statement for
before tax (PBT) for at least 02 (two) corresponding years and / or Certificate of
out of last 03 (three) financial years the statutory auditor.
mentioned in para 3 above.
5 Bidder should have experience of Copy of the work order and / or Certificate
minimum 5 years in providing of completion of the work. The Bidder
learning platform (LMS) services should also furnish user acceptance report.

6. The Bidder (including its OEM, if Certificate of local content to be submitted


any) should either be Class-I or as per Appendix-G.
Class-II local supplier as defined
under this RFP.
7. Client references and contact details Bidder should specifically confirm on their
(email/ landline/ mobile) of letter head in this regard as per Appendix-N
customers for whom the Bidder has
executed similar projects in India.

Page 44 of 232
RFP for procurement of Learning Management
System

(Start and End Date of the Project to


be mentioned)
(At least 2 client references are
required)
8. Certification Requirements Copy of the Valid Certificate(s) to be
ISO/IEC 27001 OR SOC 2 provided
9. Past/present litigations, disputes, if Brief details of litigations, disputes related
any (Adverse litigations could result to product/services being procured under
in disqualification, at the sole this RFP or infringement of any third party
discretion of the Bank) Intellectual Property Rights by prospective
Bidder/ OEM or disputes among Bidder's
board of directors, liquidation, bankruptcy,
insolvency cases or cases for
debarment/blacklisting for breach of
contract/fraud/corrupt practices by any
Scheduled Commercial Bank/ Public Sector
Undertaking / State or Central Government
or their agencies/ departments or any such
similar cases, if any are to be given on
Company’s letter head.
10. Bidders should not be under Bidder should specifically certify in
debarment/blacklist period for Appendix-A in this regard.
breach of contract/fraud/corrupt
practices by any Scheduled
Commercial Bank/ Public Sector
Undertaking / State or Central
Government or their agencies/
departments on the date of
submission of bid for this RFP.
11. The bidder, if participating as Bidder should specifically certify in
Channel Partner of any OEM, then Appendix-A in this regard.
OEM should have a support center
and level 3 escalation (highest)
located in India.
For OEMs, directly participating, the
conditions mentioned above for
support center remain applicable.
12 The Bidder should not have any Bidder should specifically certify in
Service Level Agreement pending to Appendix-A in this regard.
be signed with the Bank for more
than 6 months from the date of issue
of purchase order.
13 Bidder should have experience in Bidder should specifically confirm on their
deploying LMS as specified in this letter head in this regard as per Appendix-
RFP to at least two companies in N with a copy of the work order and / or
India as on 31.03.2023 Certificate of completion of the work.
14 Bidder should have experience in Bidder should specifically confirm on their
deploying LMS as specified in this letter head in this regard as per Appendix-N
RFP to at least one company with with a copy of the Valid Certificate(s) to be
Asset Base of more than Rs. 1 Lakh provided including work order, invoice,

Page 45 of 232
RFP for procurement of Learning Management
System

Crores as on 31.03.2023, during the certificate of completion and financial


last 5 FY. statements (if financial statements not
available in public domain)
15 Bidder should have experience in Bidder should specifically confirm on their
deploying LMS as specified in this letter head in this regard as per Appendix-N
RFP to at least one company in India with a copy of the Valid Certificate(s) to be
covering a userbase of at least 15000 provided including work order, invoice,
users, during the last 5 FY, as on certificate of completion, etc. indicating the
31.03.2023. total userbase covered
16 Bidder should have deployed LMS in Bidder should specifically confirm on their
at least one of the following: letter head in this regard as per Appendix-N
 Public Sector Bank/Private with a copy of the work order and / or
Bank or Certificate of completion of the work.
 Public Sector Undertaking
or
 Listed private company
during the last 5 FY, as on
31.03.2023.
17 Bidder should have data center,
disaster recovery center, high Self-declaration on the company letter
availability zones across data head.
centers located in India only

Documentary evidence must be furnished against each of the above criteria along with an index. All documents
must be signed by the authorized signatory of the Bidder. Relevant portions, in the documents submitted in
pursuance of eligibility criteria, should be highlighted.

Bidders are required to furnish evidence for SI No 13 to 16 individually, as all four criteria are compulsory.
However, bidders have the flexibility to present evidence from various clients, rather than being limited to a single
client for all four points.

Eligibility criteria mentioned at Sl No 3 to 5 and 13 to 16 in table above are relaxed for Startups subject
to their meeting of quality and technical specifications. Bidder to note the followings:

i. Start-up* company should enclose the valid Certificate of Recognition issued by Department for
Promotion of Industry and Internal Trade (DPIIT), (erstwhile Department of Industrial Policy and
Promotion), Ministry of Commerce & Industry, Govt. of India with the technical bid.
ii. Bidder who solely on its own, fulfils each eligibility criteria condition as per the RFP terms and
conditions and who are having Start-up company status, can claim exemption for eligibility criteria
mentioned at Sl No 3 to 5 and 13 to 16 in table above.
iii. If all these conditions are not fulfilled or supporting documents are not submitted with the technical
Bid, then all those Bids will be summarily rejected, and no queries will be entertained.

Name & Signature of authorised signatory

Seal of Company

Page 46 of 232
RFP for procurement of Learning Management
System

Appendix- C

Learning Platform Requirements

1. List of Mandatory Functional and Technical Requirements

The application proposed by the bidder must mandatorily have the functionalities given in Table A at
go-live. In the event of failure to comply with the stipulated requirements, penalties shall be imposed in
accordance with the delineations set forth in Appendix-J of this RFP.

The Bidder is required to submit their responses in the excel sheet provided.

Each requirement in Table A will be evaluated, and the bidder will receive a score based on the following
criteria, provided satisfactory proof is presented by the bidder. The total score will then be adjusted to
a maximum of 30 marks as outlined in Appendix – T of this RFP.

Requirement available as part If not available, is it feasible to Score for requirement


of the existing offering customize within the
(Yes/No) implementation timeline
Yes - 3
No Yes 1.5

Table A :

Applicab
Availabl Shall be
ility of
Type of e as part customized
Require requirem
Process Requirement of the within the
ment Requirement ent
Name (Functional/ existing implement
No. # (Mobile/
Technical) offering ation
Web/
(Yes/No) timeline
Both)
Home page should Functional
include a running
notification bar to
show key training-
related alerts
User
including but not
Experience
1.01 limited to
Manageme
new/upcoming
nt
training programs,
quizzes/surveys
launched,
contests/case studies
launched, etc.
System should have Functional
the ability to support
User screen reading
Experience functionality such as
1.02
Manageme JAWS (Job Access
nt With Speech) for
PWD (people with
disability)

Page 47 of 232
RFP for procurement of Learning Management
System

Home Page should Functional


User
have a 'help' feature to
Experience
1.03 guide users on various
Manageme
functionalities of the
nt
learning platform
System should have Functional
User
the ability to support
Experience
1.04 multi-lingual
Manageme
interface with English
nt
and Hindi mandatory
Home page should be Functional
User customizable in the
Experience arrangement of
1.05
Manageme features, tiles, etc. and
nt basis the user profile
selected
Platform should be Functional
customizable in
User accordance with the
Experience SBI branding
1.06
Manageme guidelines including
nt colors, font size and
style, logos, graphics,
etc.
System should Functional
provide the ability to
User save learner progress
Experience while accessing e-
1.07
Manageme learning courses and
nt allow learners to
resume learning from
where they left
System should Functional
provide the ability for
Login and both learners and
Password admin to set/change
2.01
Manageme password in
nt alignment with the
bank’s pre-defined
password guidelines
System should have Functional
session time out,
password expiry
functionality
Login and
configured and
Password
2.02 managed as per the
Manageme
Bank’s policy. Users
nt
should receive a
prompt to continue or
extend their session to
avoid re-login.
System should have Functional
the ability to provide
Login and
single-sign-on/ active
Password
2.03 directory (AD) for
Manageme
SBI employees using
nt
their employee ID
with an option for

Page 48 of 232
RFP for procurement of Learning Management
System

multifactor
authentication

System should have Functional


the ability to allow
faculty/ L&D admin
Calendar to create and publish a
Manageme 3.01 training calendar by
nt type of training
center, location, etc.

System should allow Functional


learners to view
Calendar training calendars by
Manageme 3.02 type of training
nt center, location, etc.
to which they are
mapped
System should Functional
provide the ability for
Training
leaners to self-
Nominatio 4.01
nominate for training
n
programs they are
eligible for
System should Functional
provide the ability for
Training managers/L&D
Nominatio 4.02 admins to nominate
n learners for training
programs they are
eligible for
System should have Functional
the ability to provide a
list of learners eligible
for a training program
Training basis pre-defined
Nominatio 4.03 criteria e.g. role,
n minimum tenure, no.
of programs attended
in an FY, etc. to ease
the nomination
process
System should Functional
provide the ability for
Training
L&D admins to
Nominatio 4.04
approve/decline
n
nominations received
for training programs
System should Functional
provide the ability for
Training managers to
Nominatio 4.05 approve/decline
n nominations received
from learners and/or
L&D admins

Page 49 of 232
RFP for procurement of Learning Management
System

System should Functional


provide the ability for
Training learners and admins
Nominatio 4.06 to send reminders to
n learner’s reporting
manager to approve
program nomination
System should have Functional
the ability to
prompt/notify
Training learners in case they
Nominatio 4.07 have already
n completed a training
program and attempt
to self-nominate
again
System should be able Functional
to prevent duplicate
enrollments in
training programs by
Training
notifying admins
Nominatio 4.08
and/or managers
n
when nominating a
participant who has
already completed the
program
System should Functional
provide the ability to
host, access, score,
and track the
following delivery
methods, including
but not limited to:
• E-learning
(SCORM)
• Video-based
learning
• Micro-learning
nuggets

Content ILT/VILT/Webinars
Manageme 5.01 • Podcasts
nt • E-books
• Social Learning/ E-
discussion Groups/
Chat
• Online
Assessments/
Quizzes
• Surveys
• AR/VR
• Electronic
documents such as
PDF (case studies,
research material,
publications, books),
iPDFs, articles,

Page 50 of 232
RFP for procurement of Learning Management
System

Microsoft Office
documents etc.

System should Functional


provide the ability to
track time spent on all
Content
content types (for e.g.,
Manageme 5.02
e-learnings, videos,
nt
PDFs, webinars, etc.)
before marking the
completion status
System should Functional
provide the ability to
Content track the version
Manageme 5.03 history for all content
nt types including the
date the content was
last edited
System should have Functional
Content an integrated content
Manageme 5.04 and media server with
nt no limit on data
upload
System must have a Functional
built-in SCORM
Content player so that a
Manageme 5.05 preview of content
nt packages is possible
in a real-life
environment
System should Functional
provide the ability to
Content host, deliver, and
Manageme 5.06 track content
nt compliant with
SCORM 1.2 and
above and xAPI
System should Functional
provide the ability to
Content copy-disabled content
Manageme 5.07 (not allow
nt screenshots) on the
mobile app to prevent
its unauthorized use
For mobile Functional
Content application, the
Manageme 5.08 system should only
nt allow in-app
download
The system should Functional
offer users the
capability to access
Content learning content
Manageme 5.09 offline and
nt synchronize their
learning progress
with the platform
when they are online

Page 51 of 232
RFP for procurement of Learning Management
System

System should Functional


provide the ability to
Content rate all learning
Manageme content types(for e.g.,
nt/User ILT, VILT, e-
6.01
Experience learning, videos,
Manageme PDFs, etc.) post
nt completion including
numeric rating, star
rating, etc.
System should Functional
provide the ability for
learners to view
percentage
Content
completions or
Manageme
number of
nt/User
6.02 completions/views on
Experience
specific courses (e.g.,
Manageme
10% of your peers
nt
have completed a
specific course, 10k
views, 25k
completions)
System should Functional
provide the ability to
Content view a consolidated
Manageme rating as well as
nt/User comments given by
6.03
Experience other users on all
Manageme learning content types
nt (for e.g., ILT, VILT,
e-learning, videos,
PDFs, etc.)
System should Functional
Content
provide the ability to
Manageme
add comments on all
nt/User
6.04 learning content types
Experience
(for e.g., ILT, VILT,
Manageme
e-learning, videos,
nt
PDFs, etc.)
System should have a Functional
Program built-in skills
Manageme 7.01 taxonomy for linking
nt skills to job roles and
learning content
System should have Functional
the ability to
Program configure a
Manageme 7.02 customized skills
nt taxonomy for linking
skills to job roles and
learning content
System should have Functional
the ability to create an
Program
ILT that extends
Manageme 7.03
beyond a single day.
nt
(Please note: Each
program/ILT may

Page 52 of 232
RFP for procurement of Learning Management
System

extend over multiple


days, with several
sessions conducted
each day. These
sessions may be
conducted by
different faculty
members)
System should Functional
provide the ability to
include the following
fields (non-
exhaustive) while
creating learning
across all content
types (as applicable):
title/topic, owner,
training center,
location, training
room name and
number,
competency/skill,
Program
KRA, role eligibility,
Manageme 7.04
start date, end/expiry
nt
data, duration,
program
coordinator/owner,
faculty mapping,
mapping of bank
mandated principles,
no. of slots/seats
available for
ILT/VILT, training
type (internal,
external training etc.),
cost of program,
mandatory vs non-
mandatory etc.
System should Functional
provide ability for
admin to sequence an
ILT into pre-reads,
pre-assessment, series
Program of sessions per day,
Manageme 7.05 post-assessment,
nt post-program reads
and post-program
webinar with an
option for tagging
mandatory vs non-
mandatory
System should have Functional
the ability to map an
Program overall coordinator(s)
Manageme 7.06 for the ILT and
nt different faculty for
each session within
the ILT

Page 53 of 232
RFP for procurement of Learning Management
System

System should have Functional


the ability to duplicate
an instance of
learning
Program path/ILT/VILT to
Manageme 7.07 avoid re-entering
nt information, with
flexibility to edit
content in certain
fields (e.g., date, time
etc.)
When creating an Functional
ILT/VILT system
Program
should provide admin
Manageme 7.08
with the ability to
nt
allocate seats to
certain locations
System should have Functional
Program the ability to auto-
Manageme 7.09 notify faculty/admin
nt once the seats for an
ILT/VILT are filled
System should Functional
provide ability to
allow learners to
Program
register for webinar
Manageme 7.10
on 'first come first
nt
serve' basis and close
registrations once
seats are filled
System should have Functional
the ability to send
system-driven
customized
reminders/notificatio
ns through
email/SMS/in-app
notifications for
learners including but
Program not limited:
Manageme 7.11 • notification on
nt upload/launch of new
ILT/VILT/e-
learnings
• reminders on
upcoming programs
scheduled/nominated
for
• reminders to
complete mandatory
trainings
System should have Functional
the ability to notify
Program learner & manager
Manageme 7.12 when a learner is
nt assigned an
ILT/VILT with
required session

Page 54 of 232
RFP for procurement of Learning Management
System

details, date, time,


location, duration, etc

System should have Functional


the ability to send
calendar invite (sync
with outlook) to
Program learner for assigned /
Manageme 7.13 nominated ILT/VILT
nt with details including
but not limited to
session dates, topic,
location, duration,
etc.
System should have Functional
Program the ability to capture
Manageme 7.14 feedback at a program
nt (ILT) level and
session level
System should Functional
provide the ability to
Program
launch
Manageme 7.15
quizzes/survey/polls
nt
during an ILT session
to the attendees
System should have Functional
the ability to allow
admins to define the
completion timeline
for mandatory
Program programs assigned to
Manageme 7.16 learners (e.g., newly
nt joined probationary
officers should
complete 50 e-
learning courses
within 24 months of
their joining)
System should Functional
provide the ability for
Program admins to
Manageme 7.17 configure/customize
nt the completion
certificate on the
learning platform
System should have Functional
the ability to provide
learners with a list of
Program
external training
Manageme 7.18
programs available
nt
and allow them to
self-nominate basis
eligibility

Page 55 of 232
RFP for procurement of Learning Management
System

System should have Functional


the ability to exempt
learners from
Program mandatory trainings
Manageme 7.19 (all types) by
nt obtaining data from
HRMS or marking
exemption through
the learning platform
System should Functional
provide ability for
admins to create and
assign learning
content and learning
path (ILT, VILT, e-
learning) based on a
Program
single or combination
Manageme 7.20
of multiple criteria
nt
such as SBI divisions,
functions, job
families, job roles,
location, career level,
competencies/skills,
training centre
mapping etc.
System should have Functional
Program the ability to auto-
Manageme 7.21 retire courses and
nt revoke learner access
post end/expiry date
System should have Functional
the ability to auto-
notify owner of a
Program
course/program/e-
Manageme 7.22
learning on the expiry
nt
date a pre-defined no.
of days before it
expires
System should have Functional
the ability to create a
Program
database of questions
Manageme 7.23
(MCQ, true or false,
nt
fill in the blanks etc.)
by topics
System should have a Functional
Program maker checker
Manageme 7.24 configuration to
nt approve the question
bank created per topic
System should Functional
provide the ability to
Program
search question bank
Manageme 7.25
by topic name,
nt
question bank ID,
keywords, etc.

Page 56 of 232
RFP for procurement of Learning Management
System

System should allow Functional


L&D admin/ faculty
Program the ability to create an
Manageme 7.26 assessment by
nt searching and
selecting questions
across question banks
System should enable Functional
search functionality
for learners to search
all learning content
types by a single or
combination of
criteria including but
not limited to:
- program/course
name
Browse/
- role
Search
8.01 - eligibility
Manageme
- training institute
nt
- zone/location
- domain/ topic
- competencies/skills
- assigned course
- duration
- type of content
(ILT/VILT/e-learning
etc.)
- nomination
- keywords
System should enable Functional
search functionality
for admin to search
for learners and other
Browse/
users as required by a
Search
8.02 single or combination
Manageme
of criteria including
nt
but not limited to
employee ID, first
name, last name, role,
user profiles etc.
System should enable Functional
search functionality
for managers to
search/filter direct
Browse/
reports by a single or
Search
8.03 combination of
Manageme
criteria including but
nt
not limited to
employee ID, first
name, last name, role
etc.
System should enable Functional
Browse/
search functionality
Search
8.04 for faculty to search
Manageme
for trainings they are
nt
mapped/assigned to

Page 57 of 232
RFP for procurement of Learning Management
System

System should have Functional


the ability to create a
section on the
platform for learner &
Gamified
faculty recognition
Learning 9.01
including but not
Experience
limited to photo,
name, designation,
location, leaderboard
score etc.
System should have Functional
the ability to allow
learners to earn
Gamified points/badges based
Learning 9.02 on pre-determined
Experience milestones, such as
number of
completions, timeline
for completion, etc.
System should Functional
provide users the
Gamified ability to filter a
Learning 9.03 leaderboard by
Experience content type e.g., for
e-learnings, VILT,
ILT etc.
System should Functional
provide users the
ability to apply filters
Gamified to leaderboard
Learning 9.04 including but not
Experience limited to type of
training institute,
zone, region, job role
etc.
System should Functional
provide a discussion
forum for all users to
Social
10.01 facilitate
Learning
collaborative learning
through posts and
comments
System should Functional
provide the ability for
Social users to recommend
10.02
Learning courses to other users
through discussion
boards
System should Functional
provide the ability for
learners to access a
learning dashboard
Report
with features
Manageme 11.01
including but not
nt
limited to list of
learning content
assigned,
progress/status of

Page 58 of 232
RFP for procurement of Learning Management
System

learning, upcoming
training scheduled
etc.

System should Functional


provide the ability for
Report
all users to subscribe
Manageme 11.02
to periodic reports
nt
based on their user
profile
System should Functional
provide the ability to
filter aggregated data
by multiple learner-
specific or
organizational criteria
including but not
Report
limited to employee
Manageme 11.03
ID, SBI divisions,
nt
functions, job
families, job roles,
scale/career level,
competencies,
training institute type,
location, program
name/topic, etc.
System should Functional
provide the ability to
schedule the
Report generation of reports
Manageme 11.04 basis timelines
nt defined by the bank
including weekly,
monthly, quarterly,
and annually
System should have Functional
the ability to analyze
data and provide
Report
insights with visual
Manageme 11.05
representation
nt
(analytics
capabilities)

System should Functional


provide the ability to
Report download reports in
Manageme 11.06 formats including but
nt not limited to excel,
plain text, CSV, PDF,
RCN, TCH, etc.
System should Functional
Report provide the ability to
Manageme 11.07 assign access to
nt customized
reports/dashboards

Page 59 of 232
RFP for procurement of Learning Management
System

basis the security


profile of users

System should Functional


Report provide the ability to
Manageme 11.08 report consolidated
nt feedback data for both
learners and faculty
System should Functional
Report provide the ability to
Manageme 11.09 access learner’s
nt learning history basis
type of access granted
System should have Functional
Report the ability to generate
Manageme 11.10 report on learning
nt costs by training
centers
System should have Functional
the ability to
consolidate learner
data to provide list of
learners who have not
completed any
training in specified
duration (e.g. Last
FY), list of learners
Report with less than defined
Manageme 11.11 hours of training
nt completed (e.g.
learners with less than
2 hours of training),
list of learners with
assignment/quiz
scores less than
defined threshold
(e.g. learners who
have scored less than
10 marks)
System should Functional
provide the ability to
generate reports for
training centers
including data such as
no. of training
Report
programs completed
Manageme 11.12
– monthly, quarterly,
nt
annually, no. of
employees/learners
trained by job role,
scale/level etc.
classroom capacity
utilization etc.
System should be able Functional
Report to track, consolidate
Manageme 11.13 and report learning
nt content data including
but not limited to no.

Page 60 of 232
RFP for procurement of Learning Management
System

of views/downloads,
consolidated
reviews/ratings,
highest vs lowest
views/ratings etc.
System should have Functional
the ability to track,
Report
consolidate and report
Manageme 11.14
data for internal &
nt
external training (e.g.,
MOOCs)
System should have Functional
the ability to generate
reports on the no. of
training hours
Report
completed by learner
Manageme 11.15
for all learning
nt
content types in a
month, quarter,
annually for internal
and external training
System should have Functional
the ability to create
reports for mandatory
trainings including
Report
data such as program
Manageme 11.16
name/topic, unique
nt
no. of employees
trained, total staff
trained in a particular
quarter, year etc.
System should have Functional
the ability to generate
individual employee-
wise learning reports
on entering employee
ID, with learning
Report details including but
Manageme 11.17 not limited to list of
nt mandatory/optional
learning
content/assessments
and status including
not started/in
progress/completed,
learning history, etc.
System should have Functional
Report report builder
Manageme 11.18 functionality for
nt custom report
creation
System should Functional
provide the ability to
Report set up customized
Manageme 11.19 reports/dashboards to
nt track progress of
learning across all
content types and

Page 61 of 232
RFP for procurement of Learning Management
System

users (internal and


external)

System should have Functional


the ability to generate
Report
comparative reports
Manageme 11.20
(e.g. Comparison of
nt
Q1 to Q2 completion
in a given FY)
System should Functional
Tracking provide the ability to
Attendanc mark attendance on
e and 12.01 webinar basis pre-
Completio define criteria such as
n no. of hours spent in
the webinar
System should Functional
provide the ability for
learner to upload
certificate post
completion of any
Tracking
external (non-SBI)
Attendanc
programs with
e and 12.02
checker functionality
Completio
(e.g., reporting
n
manager or L&D
team to validate and
approve the
certification
uploaded)
System should have Functional
the ability to capture
attendance for in-
person programs
Tracking
(ILT) using system-
Attendanc
driven mechanisms
e and 12.03
such as QR code and
Completio
also have the ability
n
for admin/faculty to
authenticate
attendance marked by
the learner
System should Functional
Tracking
provide the ability for
Attendanc
learner to
e and 12.04
view/download/print
Completio
the completion
n
certificate
System should Functional
provide the ability to
Tracking
track mandatory
Attendanc
training completion
e and 12.05
across all learning
Completio
modalities and assign
n
a score to participants
basis

Page 62 of 232
RFP for procurement of Learning Management
System

progress/completion
and other pre-defined
criteria. Score should
flow back to the
HRMS and / or PMS

System should have Functional


Learning
the ability to support
Ecosystem
13.01 up to 5 layers of
Manageme
customized approval
nt
workflows
System should have Functional
the ability to create
Learning
and maintain database
Ecosystem
13.02 of training center and
Manageme
faculty (both internal
nt
and external)
information
Service provider must
provide a ticketing
system to log all
queries (L1 and
above) on a single
Administra
platform. L1 issues
tive 14.01
will be managed by
Support
the SBI admin team
and L2 and above
issues are to be
handled by the service
provide. Technical
System should have Technical
the ability to support
all standard web
browsers like
Microsoft Internet
General 15.01
Explorer, Microsoft
Edge, Google
Chrome, Mozilla,
Safari, Firefox, Opera
etc.
System should have Technical
the ability to support
multiple operating
systems like
Microsoft Windows
General 15.02 10 and above, Mac
OSX, Snow Leopard
and above etc. on the
web version and
Andriod and iOS on
the mobile version
System should Technical
provide multi-device
and multi-channel
General 15.03
access
(desktop/tablet/mobil
e) for all users on web

Page 63 of 232
RFP for procurement of Learning Management
System

as well as on mobile
app with screen
responsiveness for
adaptability
according to screen
dimension
System should have Technical
the ability to restrict
concurrent login by
General 15.04 the same user on
multiple devices i.e.,
restrict access to
single device at a time
System should have Technical
cloud based storage
and administration of
General 15.05
content. Streaming
capacity should not be
a constraint
System should have Technical
the ability to auto-
adjust the resolution
of videos basis
internet & intranet
General 15.06
bandwidth of the user
(in-app video
download, with
ability to decide
download quality)
System should have Technical
the ability to
configure IP address
for certain online
General 15.07 exams/courses/progra
ms so that they can
only be accessible
from designated SBI
centers
System should have Technical
the ability to migrate
existing SBI data
spread including
General 15.08
content and learner
history from across
multiple SBI
platforms
System should have Technical
the ability to integrate
Integration 16.01
with HRMS & PMS
on a real time basis
System should have Technical
the ability to integrate
Integration 16.02
with external APIs
such as MOOCs

Page 64 of 232
RFP for procurement of Learning Management
System

System should have Technical


the ability to curate
courses from the
integrated MOOCs
and allow admins to
assign such courses to
learner’s basis a pre-
defined criteria such
Integration 16.03
as role, tenure etc.
(i.e., learners cannot
see the entire
catalogue of a
MOOC. They can
only see courses they
are allowed to enrol
for/complete)
System should have Technical
the ability to integrate
with APIs such as
Outlook, MS Teams,
Zoom, WebEx etc.
Integration 16.04 Bidders to share
details of the standard
integrations include
in the product in the
template provided in
Appendix W
System should have Technical
the ability to support
data flow from
Integration 16.05
HRMS & PMS to the
learning platform and
vice-versa
System should have Technical
the ability to track
KRA and KPI
Integration 16.06 information from
PMS and recommend
learning courses
appropriately.
System should have Technical
the ability to support
min 2.5 Lakh staff
and 1 Lakh non-staff
Scalability 17.01
of SBI (Please note
these number do not
indicate commitment
of minimum licenses)
Should support at Technical
least 10% concurrent
users at a time with no
application
performance issues
Scalability 17.02
(Please note: Bidders
are required to
submit a load test
report for 30k+
concurrent users at

Page 65 of 232
RFP for procurement of Learning Management
System

the time of technical


bid submission)

System should have Technical


the ability to provide
external users (who
are not on the
HRMS/do not have an
employee ID), the
option to log in
User
through alternative
Manageme 18.01
mechanisms such as
nt
email ID, basis the
assigned user profile.
Additionally,
multifactor
authentication should
be implemented for
secure access.
The system should Technical
support external user
self-registration on
the learning platform.
User
Additionally, admins
Manageme 18.02
must possess the
nt
ability to authenticate
these external users to
obtain access to the
learning platform
System should have
the ability to
create/edit/manage a
minimum of 25
security profiles in the
system (with differing
access rights)
including but not
User limited to learner,
Manageme 18.03 manager, manager of Technical
nt manager, faculty,
training center head,
L&D, maker,
checker, admin, super
admin etc. basis level
of access rights
(create/edit/view/dele
te/assign learning and
reports) required.

Page 66 of 232
RFP for procurement of Learning Management
System

System should have Technical


the ability to change
access type/security
profile of learner from
external user to
internal user and vise-
versa without loss of
learning history (e.g.,
probationary officers
User
will be treated as
Manageme 18.04
external users for 45
nt
days and provided
restricted access to
the learning platform
using a temporary ID.
Once the PFID is
generated the user
profile needs to be
changed to internal
user)
System should have Technical
the ability to
accurately map each
user according to their
position in the current
User org structure in their
Manageme 18.05 respective
nt geographies (as given
in Appendix-S) and
SBI entities for
defining access right
to learnings across
content types
System should have Technical
the ability for the
super admin to
perform all activities
User
across all other user
Manageme 18.06
profiles including the
nt
ability to
create/edit/manage/de
lete/assign user
profiles
System should allow Technical
admin profiles to
complete user
registrations
User
individually or
Manageme 18.07
through the export or
nt
import of user data
(e.g. Bulk upload of
user data through .csv
file)

Page 67 of 232
RFP for procurement of Learning Management
System

System should have Technical


the ability to create
certain admin profiles
which can create/
edit/ delete data for
User
one or more specific
Manageme 18.08
learner groups (e.g.,
nt
Admin rights to
manually mark
course completion for
local officers based in
foreign locations)

Below is an indicative non-exhaustive list of user profiles and their corresponding access rights, to provide
the bidder with an understanding of the expectations from the LMS.

• Ability for learner user profile to:


Note: This is a non-exhaustive list
• Search/view relevant learning paths/curriculum and learning content
• Download relevant learning content
• Self-nominate/self-enroll for relevant learning programs/content
• Access and complete learning programs/content assigned and rate them post completion
• Confirm attendance for in person learning programs (e.g., QR code scanning)
• Complete/submit feedback, assessments, assignments
• Participate in discussion forums and chat with peers, faculty, mentors, and other learners
• Submit quizzes, assignments and assessments
• Receive appropriate notifications
• Receive certificates/badges and upload certificates received from having completed external
trainings
• View grades/feedback received from managers/faculty, view leaderboard, learning history, learner
dashboards for tracking learning progress

Ability for the manager user profile to:


Note: This is a non-exhaustive list
• Assign learning content to subordinates
• Approve/decline self-nominations received
• View learning history and learning progress of subordinates
• Approve certificates uploaded by the subordinate
• Complete feedback on subordinates

Ability for the faculty user profile to:


Note: This is a non-exhaustive list
• Create/ edit/ delete/ upload/ launch/ deploy learning programs/ courses across all content types
• Create/edit/delete/upload/publish learning calendar and schedule learning programs/ courses
across all content types
• Manage learning cohorts/ batches
• Assign learning content to specific learners
• Validate attendance of learners for in-person learning programs based on nominations and
confirmation from learners
• Review/ grade assignments/ submissions/ assessments from learners
• Provide feedback to learners through a feedback form
• Launch discussion forums for specific learners (closed groups)
• View feedback received from learners
• View learning history and learning progress of learners

Page 68 of 232
RFP for procurement of Learning Management
System

• Create/view/ download reports

Ability for the admin to:


Note: This is a non-exhaustive list
• Create/modify/delete user profiles including assigning roles and managing permissions
• Create/ edit/ delete/ upload/ launch/ deploy learning programs/ courses across all content types
• Enroll learners for learning programs across all content types and modify enrollment as required
• Manage standard system configurations (e.g., configuration of notification, reports etc.)
• Create/view/download reports implement and manage security measures (e.g., user authentication,
access rights etc.)

Page 69 of 232
RFP for procurement of Learning Management
System

2. List of Addition Functional and Technical Requirements (Non-mandatory)

Table B:

The Bidder is required to submit their responses in the excel sheet provided.

Available If not Applicabil


as part of available, ity of
the is it Requirem
existing feasible to ent
Types of
Process Require offering customize (Web/Mob
Requirement requireme
Name ment No. (Yes/No) within the ile/Both)
nts
implement
ation
timeline
(Yes/No)
System should have the
ability to support multi-
User
lingual interface with
Experience I.A Functional
minimum 3 Indian
Management
languages other than
Hindi
System should provide
User
users ability to set a
Experience I.B Functional
default language
Management
preference
System should provide the
ability to generate
User
scorecards based on
Experience I.C Functional
completed trainings,
Management
assessments and other
defined metrics.
System should allow
approval workflow for
Calendar calendar to ensure
II Functional
Management calendar is approved
before it is launched to
learners
The system should prompt
the user if they attempt to
Training
III register for multiple Functional
Nomination
trainings scheduled at the
same time.
System should provide the
ability to support content
creation and modification
– including content
Content
IV.A authoring/editing and Functional
Management
ability to make updates to
the content without
impacting learner
experience
System should provide the
Content ability for admin to
IV.B Functional
Management regulate/restrict download
of learning content

Page 70 of 232
RFP for procurement of Learning Management
System

System should provide the


Content ability for learners to
IV.C Functional
Management enable or disable subtitles
and transcripts
System should have the
ability to enable or disable
Content
IV.D fast-forwarding and/or Functional
Management
skipping video / slide in e-
learning content
System should provide
functionality to prevent
Content unauthorized copying of
IV.E Functional
Management learning content such as
disabling right-click
and/or watermarking
Content
System should provide
Management/
learners the ability to
User V Functional
bookmark learning across
Experience
all learning content types
Management
System should provide
learners the ability to
Program create their own learning
VI Functional
Management paths basis eligibility of
learning and track
progress
System should have the
ability to allow admins to
Social
VII.A assign mentors to Functional
Learning
individual learner or
learner groups
System should provide
mentors and mentees the
Social
VII.B ability to share feedback Functional
Learning
based on pre-defined
parameters
System should provide
mentors and mentee the
Social
VII.C ability to set up meetings, Functional
Learning
chat, share courses, etc.
through the platform
System should provide
chat feature for users to
Social
VII.D chat with other users 24/7 Functional
Learning
including notification on
receiving messages
System should provide the
ability to generate reports
Report
VIII on gamification related to Functional
Management
leaderboard points,
badges, etc.
System should have the
ability to provide library
Learning
management features,
Ecosystem IX.A Functional
including but not limited
Management
to, catalogue
management, inventory

Page 71 of 232
RFP for procurement of Learning Management
System

tracking, issuing
resources, search
functionality, etc.
Learning System should have the
Ecosystem IX.B ability to support remote Functional
Management proctoring features
System should have the
ability to provide hostel
Learning management features,
Ecosystem IX.C including but not limited Functional
Management to tracking occupancy,
room booking, room
allocation, etc.
System should provide
General X.A auto-rotation on the Technical
mobile application
System should have the
ability to provide SIM
General X.B Technical
binding feature for mobile
application
System should have the
ability to provide the
General X.C learner the option to select Technical
download quality for
applicable content types

3. Other Requirements

The bidder shall be required to comply with the following requirements:

1. Set up and maintenance of development, UAT, pre-production, production, DR and near DR sites of
the LMS.
Site Instances Size
Development Web App DB 25% of
production
UAT Web App DB 25% of
production
Pre-production Web App DB Replica of
production
Production Web App DB
DR Web App DB Replica of
production
Near DR Replication and
storage of DB logs

2. The system should have undergone system testing, integration testing, regression testing, load testing,
performance testing and user acceptance testing before org-wide go live

3. Cloud Requirements

The bidder must comply with the below mandatory requirements.

Page 72 of 232
RFP for procurement of Learning Management
System

Table C-1: Cloud Requirements


SR Nature of Requirement Compliance as per Appendix R
No
1 Deployment Model Specific Requirements
2 General Requirements
3 Service Management Requirements
4 User/Admin Portal Requirements
5 LAN / WAN Requirements
6 Disaster Recovery & Business Continuity
Requirements
7 Security Requirements
8 Management Reporting Requirements
9 Exit Management / Transition Requirements
10 Managed Services Requirements

The above compliance must be maintained by selected bidder on an on-going basis and conformation as per
the Bank’s format shall be provided to the Bank periodically/on demand.

The bidder will comply with the full-fledged guidelines & standards as and when such guidelines / standards
are published by the Bank before go-live. The bidder shall comply with the changes guidelines & standards
published by the Bank from time to time during the period of contract.

Name & Signature of authorised signatory

Seal of Company

Page 73 of 232
RFP for procurement of Learning Management
System

Appendix- D

Bidder Details

Details of the Bidder


S. No. Particulars Details

1. Name

2. Date of Incorporation and / or commencement of


business
3. Certificate of incorporation

4. Brief description of the Bidder including details of its


main line of business
5. Company website URL

6. Company Pan Number

7. Company GSTIN Number

8. Particulars of the Authorized Signatory of the Bidder


a) Name
b) Designation
c) Address
d) Phone Number (Landline)
e) Mobile Number
f) Fax Number
g) Email Address

9 Details for EMD Refund (applicable only if EMD is


directly credited in designated account):-
a) Account No.
b) Name of account holder
c) Name of Bank
d) IFSC Code

Name & Signature of authorised signatory

Seal of Company

Page 74 of 232
RFP for procurement of Learning Management
System

Appendix- E

Scope of Work and Payment Schedule

Sl Particulars Requirements/ Remarks


No
1 Description of Description of the envisaged scope is enumerated as under. However, the
Product/Services Bank at its discretion reserves the right to change the scope of the RFP
considering the size and variety of the requirements and the changing
business conditions.

i. SBI envisions deploying a comprehensive Learning Management


System (LMS) to propel its Learning and Development plans

ii. Considering the extensive nature of the assignment and the envisaged
relationship with the Bidder, any service, which forms a part of learning
management that is not explicitly mentioned in this RFP as excluded
would form part of this RFP, and the Bidder is expected to provide the
same at no additional costs to the Bank. The Bidder has to envisage all
necessary services to be provided and ensure the same is delivered to the
Bank. The Bank will not accept any plea of the Bidder at a later date for
omission of critical services on the pretext that the same was not
explicitly mentioned in the RFP.

iii. The Bidder will be required to fix any vulnerability that is found to be
inherent in the solution at no additional cost during the entire tenure of
the contract. These vulnerabilities can be detected by the Bank or can be
a finding of any internal or external audit conducted by the Bank or its
auditors on a periodic basis.

iv. The bidder is required to depute an implementation and post-


implementation team and share their profile details and roles and
responsibilities as per the details provided in Appendix – U.
Bidders to take note of the following with regards to the staffing:
 Sharing resources’ profile: Resources’ profile must be shared
with the Bank. After the evaluation of the profile, the Bank may
interact with resources and provide consent if found suitable for
the project.
 Attrition period: - It is to be ensured that, resources should
continue in project for the duration of the contract
 Replacement if any, of the resource should be provided within
15 days. Bank will charge penalty for nonavailability of
resources.
 All resources deployed on the project will work from onsite as
required at the location specified by the Bank.
 Knowledge Transfer: - All new resources should have 30 days
evaluation time and the billing of resources will start after
completion of evaluation period.

Page 75 of 232
RFP for procurement of Learning Management
System

 Bank has right to reject the services of bidder resources anytime


during the period of contract.
 Bank at its discretion shall change the number of resources
required for the project however total number of deployed
resources should not exceed 40 at any point in time.

v. The bidder is required to note the following points:


 The bidder has to size the Solution covering hardware, software
& services to ensure availability, scalability, redundancy and
performance of the solution, and to meet technical and
functional requirements as per the terms of the RFP within the
timeframe prescribed by the Bank.
 The bidder is completely responsible for the proposed solution
to meet the scope and objectives of the RFP and all addenda &
corrigenda issued thereafter. The Bank assumes no
responsibility for assumptions made by the bidder. In the event
the proposed solution fails to meet the Service Level Agreement
(SLA) service levels and the scope and objectives of the RFP
(and addendums), the bidder will have to upgrade, modify or
replace the solution at no additional cost to the Bank.
 The bidder has to ensure the arithmetical accuracy of the
technical and commercial bid. The Bank will not be responsible
for any errors in the bid submitted by the bidder.

Assumptions,
 The Bank will not be responsible or liable for any infringements
or unauthorized use of the licensed products. In the event of any
claims against the Bank for any license-related issues, the
selected Bidder will have to act upon the same and all liabilities
and claims whatsoever will have to be settled by the selected
Bidder.
 Further if the selected Bidder has missed out providing any
required licenses/artifact/resource requirements etc. to the Bank,
then the Bank will not bear any additional amount for
procurement of such licenses/artifact/provision of resources at a
later date. Selected Bidder is required to consider the Technical
Support of the Solution and related application software for the
period of contract from day one.
2 Description of i. Bidder shall meet the LMS requirements on Web and Mobile app as
Deliverables outlined in Appendix C of this RFP

ii. The system should have undergone system testing, integration


testing, regression testing, load testing, performance testing and user
acceptance testing before org-wide go live.

iii. The bidder will also be required to submit the following list of
documentation:
 Project plan, technical design document and product specifications
 LMS Configuration Workbooks
 Product manual including software media and license materials

Page 76 of 232
RFP for procurement of Learning Management
System

 Integration Specification Document


 Data Migration Strategy & Implementation Plan
 Testing Strategy
 System Validation Test Scenarios
 System Validation Test Scripts
 System Integration Test Scenarios
 System Integration Test Scripts
 Test tracking Log
 Training Strategy and Material
 Deployment Plan
 LMS Governance Policies
 Standard Operating Procedures (SOPs)
 Any other document requested by the Bank

3 Third-Party Components Not Applicable


4 Term of the Project -
Project Schedule; The Bank envisions the implementation of an
Milestones and delivery LMS within the timeframe given below. If
locations the project timeline is not met due to specific
circumstances, Bank may extend the timeline Duration for
with mutual understanding between the Activity
bidder and the Bank.

Project Activities (indicative)


Vendor onboarding and project planning
70 days post
LMS requirements finalization signing of
contract
Platform configuration (including
integrations, data migration) and unit testing
 Testing and platform approval by SBI:
Note: Testing stages including system
integration testing, UAT and security
testing to be conducted by SBI. Vendor 90 days post
to make system updates within 5 platform
working days of receiving feedback at configuration
each testing iteration/stage and unit testing

 Create SOPs
 Create training material
Pilot the new LMS in select geographies/
functions
Monitor performance and resolve technical 20 days post
issues testing
approval by
Apply necessary updates
SBI
Training for SBI admin (Knowledge
Transfer)

Page 77 of 232
RFP for procurement of Learning Management
System

Scaling platform for org-wide go-live

Organisation-wide LMS go-live Launch day


60 days post
Hypercare (monitoring performance)
go-live
5 years post
Post implementation support (L2 and above)
go-live

5 Warranty Term The selected bidder shall provide 5 years complete application warranty
6 Annual Maintenance N.A.
(AMC) Term
7 Integration / Migration A. Interface & Integration requirements
Requirements with All integration requisites with the bank’s existing system is shared
existing systems comprehensively in Appendix-C. The bidder shall assume responsibility
for ensuring the fulfillment of all specified requirements.
i. The selected Bidder has to customize, implement, rollout and maintain
the interfaces.
ii. The Bidder is required to build interfaces between the proposed
Solution with the applications and systems mentioned in requirements.
iii. Bank expects that the integration/interface architecture is based
around industry best practices.
iv. The selected Bidder will be responsible for identifying the detailed
interface requirements for integrating the proposed solution to the
existing systems of the Bank for all functionalities as mentioned in this
RFP and third-party systems as specified by the Bank. The integration
architecture should be clearly defined. The integration architecture
should include the types of interfaces supported; the standards used and
should comply with enterprise architecture of the Bank.
vi. The Bidder will present to the Bank the interface requirements for
review. Any suggestions from the Bank will have to be included by the
Bidder.
vii. The Bidder will be responsible for developing, testing and
maintaining the interfaces. When developing the interfaces, the Bidder
should ensure the requirements of data format, frequency of data transfer,
quality checks and validations before data transfer and priorities for data
transfer are identified and addressed.
viii. The Bidder must ensure that all applicable interfaces are automated
with no manual intervention required for their successful operation on an
on-going basis.
ix. The Bidder must ensure to incorporate all necessary security & control
features within the application, operating system, database, etc. so as to
maintain integrity and confidentiality of data at all times. The Bidder will
be responsible for setting up the test environment for interface testing.
xi. The Bidder will help/assist the Bank in preparing the test cases for the
testing. Bidder shall ensure that the test cases meet all the testing
requirements of the Bank.

Page 78 of 232
RFP for procurement of Learning Management
System

B. Migration:
i. Selected bidder will be responsible for formulating the “Data
Migration Strategy” and process documents.
ii. Selected bidder will take not more than Thirty (30) working days
from date of release of purchase order to prepare the “Data
Migration Strategy” and process documents.
iii. The selected bidder has to provide the Data Extraction tool. If
required, the tool will be customized by selected bidder to meet
the Bank specific migration requirements.
iv. Selected bidder will need to understand the file structure of the
existing applications. Selected bidder will have to provide
facility in the tool to generate data files in the structure as
required for upload to its Solution.
v. Bank will review and sign–off the Data Migration Strategy and
process documents.
vi. All comments and suggestions of the Bank must be incorporated
in the Data Migration Strategy and process documents before
obtaining sign–off.
vii. Bidders are required to note the following:
 SBI currently manages more than 12 learning
platforms, each requiring the migration of both
learning content and transactional data in its entirety
 The databases of these systems encompass various
specifications, including but not limited to the
following:
o File Server
o Microsoft Sharepoint
o MS-SQL
 The total volume of data, comprising both content and
transactional records, is estimated at 300 GB.
 Transactional data, encompassing learner history, past,
current, and future enrollments, completions,
attendance records, etc., spanning the last 10 years,
needs to be migrated.
 Data formats to be migrated include, but are not limited
to, SCORM 1.2, plain text, .xlx, .xlsx, .doc, .docx, .pdf,
.txt, .ppt, .pptx, HTML, .mov, .mp3, .mp4, .MAV,
.jpeg, .jpg, .png, .mpeg

8 Help Desk Requirements i. The bidders post-implementation support team resources are expected
to be deployed for 6 days a week and an estimated 9 hours a day as per
the working calendar of the bank. The bank reserves the right to request
resources to work beyond these parameters as needed.
ii. Bidder shall provide a highly skilled support team onsite, for the
management of post implementation incident SLAs
9 MIS Report Generation Bidder is required to meet report generation requirements as outlined in
requirement Appendix C.

Page 79 of 232
RFP for procurement of Learning Management
System

10 In case of Transaction Not Applicable


System

11 Performance i. The combined up-time of the hardware and software should


Requirements provide continuous and guaranteed level of service and
functionality as defined in SLA (except the down-time due to
the Bank’s network or UPS failure). The bidder undertakes and
guarantees a system Up-Time of 99.5% during the period of
contract.
ii. Increased application traffic during peak hours should not lead
to slowness of application.

Availability
Site Instances Size
Development Web App DB 25% of
production
UAT Web App DB 25% of
production
Pre-production Web App DB Replica of
production
Production Web App DB
DR Web App DB Replica of
production
Near DR Replication and
storage of DB logs

12 Scalability Requirements i. The bidder to ensure the proposed application should be scalable
as per Bank’s future requirement
ii. Considering the growth projection, the bidder has to provide
hardware sizing for the next 5 years.
iii. The Bidder should ensure that there is headroom of 30% in
terms of vertical scalability and horizontal scalability in the
proposed Storage.

13 Regulatory / Compliance i. The solution should be implemented as per industry best


Requirements practices in accordance with the requirements outlined in the
RFP
ii. It should comply with India specific data security and access
regulations and/or certifications.
iii. The LMS implementation for the foreign offices, need to
comply with the applicable country specific regulatory
compliances
iv. Bidder shall comply with Data Governance policies and
standards of SBI including data retention.
14 Security Requirements The Bidder shall comply with Bank’s IT and IS policies, procedures,
guidelines applicable from time to time detailed in Appendix Q and
Appendix R.
15 Limited Trial / Pilot Bidder to complete the pilot as per the timelines mentioned in Row No.
Requirements 4 of Appendix E

Page 80 of 232
RFP for procurement of Learning Management
System

16 Review and Testing; i. The bidder shall carry out thorough System Integration Testing
Acceptance (SIT) to confirm if the integrations with other bank systems are
working properly.
ii. The bidder shall set up environments required for System
Integration Testing and UAT.
iii. The bidder shall maintain proper documents for all the
tasks/actions done during the migration.
iv. The bidder is required to resolve any issues encountered during
SIT.
v. System integration testing will be followed by user acceptance
testing, plan for which has to be submitted by the bidder to the
Bank. The UAT includes Functional tests, Load tests, Security
Assessment, VA & PT and Application Deployment
Architecture etc.
vi. The bidder shall fix all the issues encountered during UAT for
all the instances in the scope.
vii. The bidder shall test all the existing reports and business
transactional flow with proposed application. The bidder is also
required to assist the Bank team with UAT testing for all
instances in the scope.
viii. The system will be considered accepted only after User
acceptance test is completed as per the agreed plan and is duly
signed/certified by the Bank.
ix. The final acceptance of the LMS will be based on the UAT sign
off, moving the same into pilot and successful go-live
17 Backup system / POC /  Backup and Archiving
test & training system / The final selected bidder to provide the automated backup and data
DR system archiving facility/tools as per the backup and data retention policy of
the Bank. The bidder should ensure that primary and fallback sites
will be kept synchronised with current data.

 Disaster Recovery & Business Continuity Plan


i. Selected bidder shall prepare the Disaster Recovery & Business
continuity plan as per Bank’s format and submit.
ii. Primary site (PR) and Disaster Recovery site (DR) should be in
different seismic zones in India.
iii. The selected bidder is required to configure and maintain DR for
the complete application.
iv. The bidder is required to replicate all the configurations and data
changes to DR.
v. The bidder shall ensure that, the switch over and switch back
between Production and DR should be automated and ensure
RTO of 60 minutes and RPO of 15 minutes are achieved.
vi. Selected bidder shall provide real time dashboard to monitor DR
sync status
.
18 Training The selected bidder will be required to train the SBI admin team on
product usage, SOPs, use of ticketing portal and all other critical
elements relating to the LMS.

Page 81 of 232
RFP for procurement of Learning Management
System

19 Payment schedule i. Bank’s standard payment terms are applicable. No advance


will be paid against the Purchase order.
ii. The expected timeline to complete implementation/Go-Live of
all functionalities of the LMS are mentioned in this RFP. The
terms of payment will be as follows:

Table A: Implementation phase

Percentage of one-time
Key Milestone
implementation cost
On completion of process 10%
workshops and finalization
of LMS requirements
On completion of UAT 15%
On completion of training 15%
for SBI admin, knowledge
transfer, and SOP creation
On completion of data 20%
migration and successful
data migration audit from
the Bank
On org-wide go-live 20%
60 days post go-live date 20%
(with the fulfilment of
mandatory requirements
outlined in Appendix C-
Table A)
Total` 100%

Table B: Post-implementation phase (Applicable from the day of go-


live till end of 5-year contract)

Type Payment milestone


License cost Employee License (for SBI employees):
Quarterly payment at the end of the quarter
Non-Employee Licenses (for external users):
Quarterly payment at the end of the quarter
Note:
Minimum guaranteed licenses for each year
shall be determined at the time of
contracting
Additional licenses will be paid at the end of
each year
The Bidder is required to adjust all the
licenses of exited users with new users
Support cost Quarterly payment for post-implementation
support team based on man-day cost

Page 82 of 232
RFP for procurement of Learning Management
System

(invoice to be raised at the end of each


quarter)
Bespoke 50% of the payment on the identification of
development cost the scope of development and the rest 50%
payment 30 days post rollout of new
development to end-users

Page 83 of 232
RFP for procurement of Learning Management
System

Appendix- F

Price Bid

The Price Bid needs to contain the information listed hereunder and needs to be submitted on portal of the
e-Procurement agency. The total bid price value will be determined by summing the total cost provided in
Tables A, B, and C.

Sr.
Type of cost Cost
No.
Recurring License Cost
1. Total Cost of Table A

2. One-time Implementation Cost Total Cost of Table B

3. Post-implementation support cost Total Cost of Table C


Table A Cost + Table B Cost +
Total Price Bid Value (Total Cost of Ownership)
Table C Cost

Table A – Recurring License Cost

Sr. Item Quantity Unit Cost Per Total Cost Per Total Cost For
No. License Year 5 Years
1 *Employee Licenses (for 250000
employees)
User subscription/licenses
inclusive of desktop/web
and mobile application for
250000 licenses

Note: The unit cost of


licenses shall remain
unchanged for a variation
of up to 25% higher or
lower than 250000
2 *Non-Employee Licenses 50000
(for external users)
User subscription/licenses
inclusive of desktop/web
and mobile application for
50000 licenses

Note: The unit cost of


licenses shallremain
unchanged for a variation

Page 84 of 232
RFP for procurement of Learning Management
System

of up to 25% higher or
lower than 50000

Table A Total Cost:

*Definitions of licenses:

1. Employee license (for employees):

- License allotted to one pre-defined end-user; this follows a one-license – one-user approach.

- Data for the users will flow from the HRMS.

- Licenses of exited users will be transferable to other users (e.g. New joiners); the data of exited
user has to be retained.

2. Non-employee license (for external users):

- One license can be allotted to different users non-concurrently, this follows a one-license – multi-
user approach.

- Data for such users may not be stored in the HRMS.

- The user history of all users using the license should be retained at all times.

Table B: One-time Implementation Cost

Sr. Item Type of cost Total Cost


No.
1 Learning platform setup (desktop/web and Lumpsum
mobile application) implementation cost
including the following:
- Process workshops
- Custom branding and white
labelling
- Configuration as per requirements
detailed in Appendix C – Table A
- Data migration
- Standard integration (list to be
shared in the appendix)
- Pilot Testing
- Project management
- Training (for SBI admin team)
- Process SOPs and governance
creation
- Knowledge transfer
- Hypercare support
Table B Total Cost:

Page 85 of 232
RFP for procurement of Learning Management
System

Table C: Post-implementation support cost

Sr. Item Type of cost Unit cost Total Cost Total Cost for
No. per Year 5 Years
1 Bespoke development cost** Man day**
This encompasses any requirements
beyond those specified in Appendix
C-Table A, as well as any
functionalities present in the existing
platform not detailed in this RFP and
features extending beyond the
bidder's product roadmap until the
end of the contract period

2 Post-implementation support cost for Monthly per


L1 resource; responsibilities detailed resource
in Appendix-U3
3 Post-implementation support cost Monthly per
beyond L1 resource (L2 and above); resource
responsibilities detailed in
Appendix-U3
Table C Total Cost

Notes:
 All costs should be provided in INR only
 Bidders are requested to provide a license fee inclusive of unlimited cloud storage.
 The license cost provided by the bidder shall remain unchanged for each subsequent year till the
end of the 5 year post implementation period.
 In case the Bank decides to extend the contract for a further term of 3 years, any increase in the
cost of licenses should not exceed 10% and any increase in the cost of post-implementation man
day cost should not exceed 12%
 Bidders are requested to provide costs inclusive of out-of-pocket expenses (OPEs) such as travel
and accommodation as applicable.
 **For the purpose of calculation and evaluation, the Bank will consider 100 man-days across the
5 year period for ‘Bespoke development as part of Post-implementation Cost’. This does not
indicate the bank's minimum commitment and the actual number may increase or decrease as per
requirement of the Bank.
 For the purpose of calculation and evaluation, the bank will consider the following:
o Five L1 resources on a full-time basis post-go-live for a period of 2 months post-hypercare
o Eight resources beyond L1 resources (L2 and above) on a full-time basis post-go-live for
a period of 5 years
o The resources are expected to be deployed for 6 days per week, full-time i.e., an estimated
9 hours a day, basis the Bank’s working calendar. The Bank reserves the right to request
resources to work beyond these parameters as needed.

Page 86 of 232
RFP for procurement of Learning Management
System

oThe actual requirement of resources may increase or decrease for each year as per the
requirement of the Bank
Breakup of Taxes and Duties

Sr. Name of activity/Services Tax 1 Tax 2 Tax 3


No.

Mention Name of Tax


GST%
1.
2.
3.
Grand Total

Name & Signature of authorised signatory

Seal of Company

Page 87 of 232
RFP for procurement of Learning Management
System

Techno-Commercial Evaluation Illustrative

The Price Bid of only those Bidders, who are short-listed after technical evaluation, would be opened.

Bids will be evaluated as per Combined Quality Cum Cost Based System (QCBS). The Technical bids as
per RFP will be allotted weightage of 70% while Commercial Price bids will be allotted weightage of 30%.

A combined score will be arrived at after considering the nominal financial quote and the marks obtained
in technical evaluation with relative weights of 70% for Technical Bid and 30 % for Commercial Bid
according to the following formula:

𝑇𝑒𝑐ℎ𝑛𝑖𝑐𝑎𝑙 𝑆𝑐𝑜𝑟𝑒 𝑜𝑓 𝐴 𝐿𝑜𝑤𝑒𝑠𝑡 𝑐𝑜𝑚𝑚𝑒𝑟𝑐𝑖𝑎𝑙 𝑏𝑖𝑑 𝑆𝑐𝑜𝑟𝑒


𝐶𝑜𝑚𝑏𝑖𝑛𝑒𝑑 𝑆𝑐𝑜𝑟𝑒 𝑜𝑓 𝐴 = 70 ∗ [ ] + 30 ∗ [ ]
𝐻𝑖𝑔ℎ𝑒𝑠𝑡 𝑇𝑒𝑐ℎ𝑛𝑖𝑐𝑎𝑙 𝑆𝑐𝑜𝑟𝑒 𝐶𝑜𝑚𝑚𝑒𝑟𝑐𝑖𝑎𝑙 𝐵𝑖𝑑 𝑜𝑓 𝐴

(A: Bidder A)

The Bidder obtaining the highest total combined score in evaluation of technical and commercial bids will
be ranked TC1 followed by bidder securing lesser marks as TC2, TC3, etc. The Bidder securing highest
combined marks and ranked TC1 shall be declared as the Successful bidder and be eligible for award of
contract. In case of tie between two or more bidders for the highest total combined score, then the bidder
with highest technical score amongst such bidders shall be the successful bidder.

Sl. Technical Commercial Weighted Weighted


Bidder *Score
No. Marks Bid Marks Technical Score Commercial Score
(t) (f) =[(t) / t-highest] *70 =[(f-lowest / f]*30
1 Bidder A 90 60 90/90 *70 = 70 50/60 *30 = 25 95.5

2 Bidder B 80 70 80/90 *70 = 62.2 50/70 *30 = 21.43 83.7

3 Bidder C 75 50 75/90 *70 = 58.3 50/50*30 = 30 88.3

In the above example, the bidder “A” with highest score of 95.5 will be the successful bidder.

Page 88 of 232
RFP for procurement of Learning Management
System

Appendix- G

Certificate of Local Content

<Certificate from the statutory auditor or cost auditor of the company (in case of companies) or from a
practicing cost accountant or practicing chartered accountant (in respect of suppliers other than
companies) giving the percentage of local content, on their letter head with Registration Number with seal.>

Date:

To,
____________________________

____________________________

____________________________

Dear Sir,

Ref.: RFP No. SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024

This is to certify that proposed ______________ <product details> is having the local content of
___________ % as defined in the above mentioned RFP.

i. This certificate is submitted in reference to the Public Procurement (Preference to Make in India), Order
2017 including revision thereto.

Signature of Statutory Auditor/Cost Auditor


Registration Number:
Seal

Counter-signed:

Bidder OEM

< Certified copy of board resolution for appointment of statutory/cost auditor should also be enclosed
with the certificate of local content.>

Page 89 of 232
RFP for procurement of Learning Management
System

Appendix- H

BANK GUARANTEE FORMAT


(TO BE STAMPED AS AN AGREEMENT)

THIS BANK GUARANTEE AGREEMENT executed at _________this _________day of


_________20__ by _________ (Name of the Bank) _________ having its Registered Office at
_________and its Branch at _________ (hereinafter referred to as “the Guarantor”, which expression shall,
unless it be repugnant to the subject, meaning or context thereof, be deemed to mean and include its
successors and permitted assigns) IN FAVOUR OF State Bank of India, a Statutory Corporation constituted
under the State Bank of India Act, 1955 having its Corporate Centre at State Bank Bhavan, Nariman Point,
Mumbai and one of its offices at____________(procuring office address), hereinafter referred to as “SBI”
which expression shall, unless repugnant to the subject, context or meaning thereof, be deemed to mean and
include its successors and assigns).

WHEREAS M/s__________________________________________, incorporated under


__________________________________ Act having its registered office at
__________________________________ and principal place of business at
__________________________________ (hereinafter referred to as “Service Provider/ Vendor” which
expression shall unless repugnant to the context or meaning thereof shall include its successor, executor &
assigns) has agreed to develop, implement and support _________ (name of Software Solution/ Service)
(hereinafter referred to as “Services”) to SBI in accordance with the Request for Proposal (RFP) No.:
SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024

WHEREAS, SBI has agreed to avail the Services from the Service Provider for a period of ______ year(s)
subject to the terms and conditions mentioned in the RFP.

WHEREAS, in accordance with terms and conditions of the RFP/Purchase order/Agreement


dated_________, Service Provider is required to furnish a Bank Guarantee for a sum of Rs.__________/-
(Rupees _________ only) for due performance of the obligations of the Service Provider in providing the
Services, in accordance with the RFP/Purchase order/Agreement guaranteeing payment of the said amount
of Rs.__________/- (Rupees __________ only) to SBI, if Service Provider fails to fulfill its obligations as
agreed in RFP/Agreement.

WHEREAS, the Bank Guarantee is required to be valid for a total period of _____ months and in the event
of failure, on the part of Service Provider, to fulfill any of its commitments / obligations under the
RFP/Agreement, SBI shall be entitled to invoke the Guarantee.

AND WHEREAS, the Guarantor, at the request of Service Provider, agreed to issue, on behalf of Service
Provider, Guarantee as above, for an amount of Rs.___________/- (Rupees ___________ only).

NOW THIS GUARANTEE WITNESSETH THAT


1. In consideration of SBI having agreed to entrust the Service Provider for rendering Services as
mentioned in the RFP, we, the Guarantors, hereby unconditionally and irrevocably guarantee that
Service Provider shall fulfill its commitments and obligations in respect of providing the Services
as mentioned in the RFP/Agreement and in the event of Service Provider failing to perform / fulfill

Page 90 of 232
RFP for procurement of Learning Management
System

its commitments / obligations in respect of providing Services as mentioned in the RFP/Agreement,


we (the Guarantor) shall on demand(s), from time to time from SBI, without protest or demur or
without reference to Service Provider and not withstanding any contestation or existence of any
dispute whatsoever between Service Provider and SBI, pay SBI forthwith the sums so demanded
by SBI not exceeding Rs.__________/- (Rupees ____________only).
2. Any notice / communication / demand from SBI to the effect that Service Provider has failed to
fulfill its commitments / obligations in respect of rendering the Services as mentioned in the
Agreement, shall be conclusive, final & binding on the Guarantor and shall not be questioned by
the Guarantor in or outside the court, tribunal, authority or arbitration as the case may be and all
such demands shall be honoured by the Guarantor without any delay.
3. We (the Guarantor) confirm that our obligation to the SBI, under this guarantee shall be independent
of the agreement or other understandings, whatsoever, between the SBI and the Service Provider.
4. This Guarantee shall not be revoked by us (the Guarantor) without prior consent in writing of the
SBI.

WE (THE GUARANTOR) HEREBY FURTHER AGREE & DECLARE THAT-


i. Any neglect or forbearance on the part of SBI to Service Provider or any indulgence of any kind
shown by SBI to Service Provider or any change in the terms and conditions of the Agreement or
the Services shall not, in any way, release or discharge the Bank from its liabilities under this
Guarantee.
ii. This Guarantee herein contained shall be distinct and independent and shall be enforceable against
the Guarantor, notwithstanding any Guarantee or Security now or hereinafter held by SBI at its
discretion.
iii. This Guarantee shall not be affected by any infirmity or absence or irregularity in the execution of
this Guarantee by and / or on behalf of the Guarantor or by merger or amalgamation or any change
in the Constitution or name of the Guarantor.
iv. This Guarantee shall not be affected by any change in the constitution of SBI or Service Provider
or winding up / liquidation of Service Provider, whether voluntary or otherwise
v. This Guarantee shall be a continuing guarantee during its validity period.
vi. This Guarantee shall remain in full force and effect for a period of __ year(s) ____month(s) from
the date of the issuance i.e. up to _________. Unless a claim under this Guarantee is made against
us on or before ____, all your rights under this Guarantee shall be forfeited and we shall be relieved
and discharged from all liabilities there under.
vii. This Guarantee shall be governed by Indian Laws and the Courts in Mumbai, India alone shall
have the jurisdiction to try & entertain any dispute arising out of this Guarantee.

Notwithstanding anything contained herein above:

i. Our liability under this Bank Guarantee shall not exceed Rs__________________/- (Rs.
________________only)
ii. This Bank Guarantee shall be valid upto________________
iii. We are liable to pay the guaranteed amount or any part thereof under this Bank Guarantee only
and only if SBI serve upon us a written claim or demand on or before______________

Yours faithfully,

For and on behalf of bank.


__________________________
Authorized official

Page 91 of 232
RFP for procurement of Learning Management
System

Appendix- I

PROFORMA OF CERTIFICATE TO BE ISSUED BY THE BANK


AFTER SUCCESSFUL COMMISSIONING AND ACCEPTANCE
OF THE SOFTWARE SOLUTION/ SERVICES

Date:

M/s._____________
_________________

Sub: Certificate of delivery, installation and commissioning

1.This is to certify that the Software Solution as detailed below has/have been successfully installed
and commissioned (subject to remarks in Para No. 2) in accordance with the
Contract/specifications.

a) PO No._________________ dated _______________________

b) Description of the Solution _____________________________

c) Quantity ____________________________________________

d) Date of installation____________________________________

e) Date of acceptance test _________________________________

f) Date of commissioning ________________________________

2. Details of specifications of Software Solution not yet commissioned and recoveries to be made on
that account:

S. No. Description Amount to be recovered

3. The installation and commissioning have been done to our entire satisfaction and staff have been
trained to operate the Software Solution.

4. Service Provider has fulfilled his contractual obligations satisfactorily


or
Service Provider has failed to fulfill his contractual obligations with regard to the following:

(a)

(b)

(c)

Page 92 of 232
RFP for procurement of Learning Management
System

5. The amount of recovery on account of non-supply of Software Solution/Services is given under


Para No. 2 above.

Signature _______________________

Name _______________________

Designation with stamp __________________


______________________________________

Page 93 of 232
RFP for procurement of Learning Management
System

Appendix- J

OTHER TERMS AND PENALTIES

I. PENALTIES FOR DELAYED IMPLEMENTATION


1. The Bank expects that the selected bidder completes the scope of work within the timeframe
defined in this RFP. Inability of the selected bidder to either provide the requirements as per
the scope or to meet the timelines as specified would be treated as breach of contract and would
invoke the penalty clause. The rate of penalty would be 0.5% of the implementation cost per
week of delay or non-compliance. Bank at its discretion may apply this rule to any major non
delivery, non-adherence, non-conformity, non-submission of agreed or mandatory documents
as part of the Project.
2. Thereafter, at the discretion of the Bank, the contract may be cancelled. Bank also has the right
to invoke the Performance Guarantee, Penalty Clause on delay which is not attributable to
Bank and is attributable to the selected Bidder.
3. The bidder should ensure implementation of LMS application with all the functional, technical
and cloud and security requirements as specified in the RFP document.
4. Notwithstanding anything contained above, no such penalty will be chargeable on the selected
bidder for the inability occasioned, if such inability is due to reasons entirely attributable to
Bank.

II. PENALTIES FOR NON-COMPLIANCE TO MANDATORY REQUIREMENTS


The Bank expects that the selected bidder shall provide all the mandatory requirements
outlined in Appendix - C Table-A at the time of go-live. Inability of the selected bidder to
provide the mandatory requirements within the timelines specified would be treated as breach
of contract and the invoice associated with the milestone ‘60 days post go-live’ as outlined in
Appendix E- point 19 (Payment Schedule) Table A – Implementation Phase shall be withheld.
The Bank reserves the right to determine whether the go-live can proceed without specific
mandatory requirements.

III. PENALTIES FOR DATA MIGRATION

1. The bidder shall guarantee 100% accuracy for data migration. The Bidder shall be liable for
liquidated damages if the data accuracy falls below 100%.
2. The percentage shall be calculated as,

Total no of error free records migrated


( ) × 100
Total no of records migrated in that batch

3. Penalty at the rate of Rs.25,000/- will be applied for every drop in 1 % i.e., Rs.25,000/- if the
data accuracy is below 100 % and Rs.50,000/- if the data accuracy is below 99% and so on
for every %.

IV. PENALTIES FOR NON-COMPLIANCE TO POST IMPLEMENTATION SERVICES

All the queries are to be logged into a ticketing system and a ticket number should be
generated. The bidder shall ensure adherence to the below mentioned target, failing which a

Page 94 of 232
RFP for procurement of Learning Management
System

penalty will be deducted from the post implementation support cost. The detailed post
implementation SLA is defined in Appendix-V

Penalty
Severity Target Achievement range
(% of monthly fee)

P1 response time (30 minutes) 90% 70% - <89% 5%

P2 response time (1 business


90% 70% - <89% 5%
hour)
P3 response time (2 business
90% 70% - <89% 5%
hours)
P4 response time (4 business
90% 70% - <89% 5%
hours)
P1 resolution time (6 business
90% 70% - <89% 5%
hours)
P2 resolution time (12
90% 70% - <89% 5%
business hours)
P3 resolution time (2 business
90% 70% - <89% 10%
days)
P4 resolution time (8 business
90% 70% - <89% 10%
days)

Note:
i. The selected bidder will be required to furnish a weekly/monthly/quarterly/annual SLA
report to the Bank
ii. SBI admin team should also have access to download weekly/monthly/quarterly/annual
SLA reports directly from the ticketing portal.
iii. If the selected bidder consistently reports a target of 70% or less, then the Bank holds the
right to mandate a change in one or more assigned post implementation support resources
iv. If the selected bidder consistently reports performance below the target, the Bank holds
the right to terminate services

V. PENALTIES DUE TO DOWNTIME OF APPLICATION

The Bank prefers the system to have a regular uptime of 99.99% and an overall uptime of
99.50% per month in order to not invoke a penalty.

Level of monthly uptime Penalty

99.50% and above No Penalty

98% and above but below 99.50% 1 % of total quarterly pay-out of license cost

97% and above but below 98% 2 % of total quarterly pay-out of license cost

96% and above but below 97% 3 % of total quarterly pay-out of license cost

Page 95 of 232
RFP for procurement of Learning Management
System

95% and above but below 96% 4 % of total quarterly pay-out of license cost

Below 95% 5 % of total quarterly pay-out of license cost

Note: The selected bidder will be required to furnish a monthly uptime report to SBI

Sum of total hours during month – Sum of downtime hours during


𝑈𝑝𝑡𝑖𝑚𝑒 % = ( ) × 100
Sum of total hours during month

VI. PENALTIES FOR POST-IMPLEMENTATION CUSTOMIZATION/CONFIGURATION


OF APPLICATION

Bank expects that the selected bidder completes any additional scope of work within the agreed
timeframe failing which the bidder shall be subject to a penalty of 0.5% of the cost of additional
scope of work per week of delay up to 5% of total cost of additional scope. Once the maximum
deduction is reached, the Bank may consider termination of the Agreement. Bank at its discretion
may apply this rule to any major non delivery, non-adherence, non-conformity, non-submission of
agreed or mandatory documents as part of the Project.

VII. PENALTY FOR ABSENCE OF POST IMPLEMENTATION SUPPORT TEAM

In case a team member from the post-implementation support team is absent, the bank will deduct
charges for each day of their absence.

Calculation of Charge = (monthly charges/working days) X no. of days absent

Note: The maximum penalties on account of all above cases will be 10% of the total cost of the project

Page 96 of 232
RFP for procurement of Learning Management
System

Appendix- K

Service Level Agreement

SOFTWARE/SERVICE LEVEL AGREEMENT

BETWEEN
STATE BANK OF INDIA
AND

Commencement Date:
Date of Expiry:

This agreement (“Agreement”) is made at_________ (Place) on this __________day of _______ 202_.
BETWEEN
State Bank of India, constituted under the State Bank of India Act, 1955 having its Corporate Centre and
Central Office at State Bank Bhavan, Madame Cama Road, Nariman Point, Mumbai-21 and its Global IT
Centre at Sector-11, CBD Belapur, Navi Mumbai- 400614 through its ______________Department,
hereinafter referred to as “the Bank” which expression shall, unless it be repugnant to the context or
meaning thereof, be deemed to mean and include its successors in title and assigns of the First Part:
AND
________________________ a private/public limited company/LLP/Firm <strike off whichever is not
applicable> incorporated under the provisions of the Companies Act, 1956/ Limited Liability Partnership
Act 2008/ Indian Partnership Act 1932 <strike off whichever is not applicable>, having its registered office
at …………………………….. hereinafter referred to as “Service Provider/ Vendor”, which expression
shall mean to include its successors in title and permitted assigns of the Second Part:
WHEREAS
A. “The Bank” is carrying on business in banking in India and overseas and desirous to avail services
for ____________, and

____________, and
B. Service Provider in the business of providing ____________ ,and has agreed to supply __________
(Software) and/or providing the Services as mentioned in Request for Proposal (RFP) No.
____________ dated ____________issued by the Bank along with its clarifications/ corrigenda,
referred hereinafter as a “RFP” and same shall be part of this Agreement.

Page 97 of 232
RFP for procurement of Learning Management
System

NOW THEREFORE, in consideration of the mutual covenants, undertakings and conditions set forth below,
and for other valid consideration the acceptability and sufficiency of which are hereby acknowledged, the
Parties hereby agree to the following terms and conditions hereinafter contained:-

1. DEFINITIONS & INTERPRETATION

1.1 Definition

Certain terms used in this Agreement are defined hereunder. Other terms used in this Agreement are defined
where they are used and have the meanings there indicated. Unless otherwise specifically defined, those
terms, acronyms and phrases in this Agreement that are utilized in the information technology services
industry or other pertinent business context shall be interpreted in accordance with their generally
understood meaning in such industry or business context, unless the context otherwise requires/mentions,
the following definitions shall apply:

1.1.1 ‘The Bank’ shall mean the State Bank of India (including domestic branches and foreign
offices) Subsidiaries and Joint Ventures, where the Bank has ownership of more than 50%
of voting securities or the power to direct the management and policies of such Subsidiaries
and Joint Ventures.

1.1.2 “Code” shall mean computer programming code contained in the Software. If not otherwise
specified, Code shall include both Object Code and Source Code which means programming
languages, including all comments and procedural code, and all related development
documents (e.g., flow charts, schematics, statements of principles of operations, end-user
manuals, architecture standards, and any other specifications that are used to create or that
comprise the Code). Code shall include Maintenance Modifications and Enhancements in
the Software.

1.1.3 “Confidential Information” shall have the meaning set forth in Clause 15.

1.1.4 “Data Dictionary or Metadata Repository” shall mean a repository of information about data
such as meaning, relationships to other data, origin/lineage, usage, business context and
format including but not limited to data type, data length, data structure etc., further, it as a
collection of columns and tables with metadata.

1.1.5 “Deficiencies” shall mean defects arising from non-conformity with the mutually agreed
specifications and/or failure or non-conformity in the Scope of Services.

1.1.6 “Documentation” will describe in detail and in a completely self-contained manner how the
user may access and use the Learning management system (LMS) such that any reader of
the Documentation can access, use and maintain all of the functionalities of the Software,
without the need for any further instructions. ‘Documentation’ includes, user manuals,
installation manuals, operation manuals, design documents, process documents, data flow
documents, data register, technical manuals, functional specification, software requirement

Page 98 of 232
RFP for procurement of Learning Management
System

specification, on-line tutorials/CBTs, system configuration documents, Data Dictionary,


system/database administrative documents, debugging/diagnostics documents, test
procedures, Review Records/ Test Bug Reports/ Root Cause Analysis Report, list of all
Product components, list of all dependent/external modules and list of all documents relating
to traceability of the Product as and when applicable etc.

1.1.7 “Intellectual Property Rights” shall mean, on a worldwide basis, any and all: (a) rights
associated with works of authorship, including copyrights &moral rights; (b) Trade Marks;
(c) trade secret rights; (d) patents, designs, algorithms and other industrial property rights; I
other intellectual and industrial property rights of every kind and nature, however
designated, whether arising by operation of law, contract, license or otherwise; and (f)
registrations, initial applications, renewals, extensions, continuations, divisions or reissues
thereof now or hereafter in force (including any rights in any of the foregoing).

1.1.8 “Open Source or Copyleft license” shall mean a license of a computer program in which the
source code is available to the general public for use and/or modification from its original
design.

1.1.9 “Project Cost” means the price payable to Service Provider over the entire period of
Agreement (i.e. Rs.___________<in words>) for the full and proper performance of its
contractual obligations.

1.1.10 “Project Documents” shall mean all the plans, drawings and specifications used while
bidding and all other documents necessary to complete all work.

1.1.11 “Request for Proposal (RFP)” shall mean RFP NO Ref: SBI/GITC/HRMS/2024/2025/1156
dated : 15/06/2024 along with its clarifications/ corrigenda issued by the Bank time to time.

1.1.12 “Revision control procedure” shall mean the procedure for management of changes to
documents, software programs, and other collections of information made during this
engagement.

1.1.13 “Root Cause Analysis Report” shall mean a report addressing a problem or non-
conformance, in order to get to the ‘root cause’ of the problem, which thereby assists in
correcting or eliminating the cause, and prevent the problem from recurring.

1.1.14 ‘Services’ shall mean and include the Services offered by Service Provider more particularly
described in Clause 2 of this Agreement. ‘Services’ shall also include the implementation
services, training services and maintenance Services and other obligation of Service
Provider to be provided under this Agreement.

1.1.15 “Software” shall mean (a) the software product(s) described in this Agreement; (b) all
maintenance, modifications and enhancements that are provided to the Bank; (c) the Code
contained in or otherwise related to each of the foregoing; and (d) the Documentation.

Page 99 of 232
RFP for procurement of Learning Management
System

1.1.16 “Test Bug Reports” shall mean a report providing the details as to the efficiency of software
in relation with reporting and resolution of any bug.

1.2 Interpretations:

1.2.1 Reference to a person includes any individual, firm, body corporate, association (whether
incorporated or not) and authority or agency (whether government, semi government or
local).

1.2.2 The singular includes the plural and vice versa.

1.2.3 Reference to any gender includes each other gender.

1.2.4 The provisions of the contents table, headings, clause numbers, italics, bold print and
underlining is for ease of reference only and shall not affect the interpretation of this
Agreement.

1.2.5 The Schedules, Annexures and Appendices to this Agreement shall form part of this
Agreement.

1.2.6 A reference to any documents or agreements (and, where applicable, any of their respective
provisions) means those documents or agreements as amended, supplemented or replaced
from time to time provided they are amended, supplemented or replaced in the manner
envisaged in the relevant documents or agreements.

1.2.7 A reference to any statute, regulation, rule or other legislative provision includes any
amendment to the statutory modification or re-enactment or, legislative provisions
substituted for, and any statutory instrument issued under that statute, regulation, rule or
other legislative provision.

1.2.8 Any agreement, notice, consent, approval, disclosure or communication under or pursuant
to this Agreement is to be in writing.

1.2.9 The terms not defined in this agreement shall be given the same meaning as given to them
in the RFP. If no such meaning is given technical words shall be understood in technical
sense in accordance with the industrial practices.

1.3 Commencement, Term & Change in Terms

1.3.1 This Agreement shall commence from its date of execution mentioned above/ be deemed to
have commenced from _______ (Effective Date).

1.3.2 This Agreement shall be in force for a period of 5 years 6 months from Effective Date,
unless terminated by the Bank by notice in writing in accordance with the termination
clauses of this Agreement.

1.3.3 The Bank shall have the right at its discretion to renew this Agreement in writing, for a
further term of 3 years on the mutually agreed terms & conditions. However, in case of

Page 100 of 232


RFP for procurement of Learning Management
System

extension, any increase in the cost of licenses should not exceed 10% and any increase in
the cost of post-implementation man day cost should not exceed 12%

1.3.4 Either Party can propose changes to the scope, nature or time schedule of services being
performed under this Service Level Agreement. Such changes can be made upon mutually
accepted terms & conditions maintaining the spirit (Purpose) of this Service Level
Agreement.

2. SCOPE OF WORK

2.1 The scope and nature of the work which Service Provider has to provide to the Bank
(Services) are described in Annexure-A.
2.2 The Bank may, at its sole discretion, provide remote access to its information technology
system to IT Service Provider through secured Virtual Private Network (VPN) in order to
facilitate the performance of IT Services. Such remote access to the Bank’s information
technology system shall be subject to the following:

2.2.1 Service Provider shall ensure that the remote access to the Bank’s VPN is performed
through a laptop/desktop (“Device”) specially allotted for that purpose by the Service
Provider and not through any other private or public Device.
2.2.2 Service Provider shall ensure that only its authorized employees/representatives
access the Device.
2.2.3 Service Provider shall be required to get the Device hardened/configured as per the
Bank’s prevailing standards and policy.
2.2.4 Service Provider and/or its employee/representative shall be required to furnish an
undertaking and/or information security declaration on the Bank’s prescribed format
before such remote access is provided by the Bank.
2.2.5 Service Provider shall ensure that services are performed in a physically protected
and secure environment which ensures confidentiality and integrity of the Bank’s data and
artefacts, including but not limited to information (on customer, account, transactions,
users, usage, staff, etc.), architecture (information, data, network, application, security,
etc.), programming codes, access configurations, parameter settings, executable files, etc.,
which the Bank representative may inspect. Service Provider shall facilitate and/ or
handover the Device to the Bank or its authorized representative for investigation and/or
forensic audit.
2.2.6 Service Provider shall be responsible for protecting its network and subnetworks,
from which remote access to the Bank’s network is performed, effectively against
unauthorized access, malware, malicious code and other threats in order to ensure the
Bank’s information technology system is not compromised in the course of using remote
access facility.

Page 101 of 232


RFP for procurement of Learning Management
System

3. FEES COMPENSATION

3.1 Professional fees


3.1.1 Service Provider shall be paid fees and charges in the manner detailed in hereunder, the
same shall be subject to deduction of income tax thereon wherever required under the
provisions of the Income Tax Act by the Bank. The remittance of amounts so deducted
and issuance of certificate for such deductions shall be made by the Bank as per the laws
and regulations for the time being in force. Nothing in the Agreement shall relieve Service
Provider from his responsibility to pay any tax that may be levied in India on income and
profits made by Service Provider in respect of this Agreement.
3.1.2 ______________
3.1.3 ______________
3.2 All duties and taxes (excluding____________ or any other tax imposed by the Government
in lieu of same), if any, which may be levied, shall be borne by Service Provider and Bank
shall not be liable for the same. All expenses, stamp duty and other charges/ expenses in
connection with execution of this Agreement shall be borne by Service Provider.
___________ <insert tax payable by the Bank> or any other tax imposed by the Government
in lieu of same shall be borne by the Bank on actual upon production of original receipt
wherever required.
3.3 Service Provider shall provide a clear description quantifying the service element and goods
element in the invoices generated by them.
3.4 Payments
3.4.1 The Bank will pay properly submitted valid invoices within reasonable period but not
exceeding 30 (thirty) days after its receipt thereof. All payments shall be made in Indian
Rupees.
3.4.2 The Bank may withhold payment of any product/services that it disputes in good faith and
may set-off penalty amount or any other amount which Service Provider owes to the Bank
against amount payable to Service Provider under this Agreement. However, before
levying penalty or recovery of any damages, the Bank shall provide a written notice to
Service Provider indicating the reasons for such penalty or recovery of damages. Service
Provider shall have the liberty to present its case in writing together with documentary
evidences, if any, within 21 (twenty one) days. Penalty or damages, if any, recoverable
from Service Provider shall be recovered by the Bank through a credit note or revised
invoices. In case Service Provider fails to issue credit note/ revised invoice, the Bank shall
have right to withhold the payment or set-off penal amount from current invoices.

Page 102 of 232


RFP for procurement of Learning Management
System

3.5 Bank Guarantee and Penalties

3.5.1 Service Provider shall furnish performance security in the form of Bank Guarantee for an
amount of 5% of the total project cost valid for a period of 5 years 9 months from a
Scheduled Commercial Bank other than State Bank of India in a format provided/
approved by the Bank.
3.5.2 The Bank Guarantee is required to protect the interest of the Bank against delay in
supply/installation and/or the risk of non-performance of Service Provider in respect of
successful implementation of the project; or performance of the material or services sold;
or breach of any terms and conditions of the Agreement, which may warrant invoking of
Bank Guarantee.
3.5.3 If at any time during performance of the Contract, Service Provider shall encounter
unexpected conditions impeding timely completion of the Services under the Agreement
and performance of the services, Service Provider shall promptly notify the Bank in
writing of the fact of the delay, it’s likely duration and its cause(s). As soon as practicable,
after receipt of Service Provider’s notice, the Bank shall evaluate the situation and may at
its discretion extend Service Provider’s time for performance, in which case the extension
shall be ratified by the Parties by amendment of the Agreement.
3.5.4 Performance of the obligations under the Agreement shall be made by Service Provider in
accordance with the time schedule specified in this Agreement.
3.5.5 Service Provider shall be liable to pay penalty at the rate mentioned in Annexure ‘F’ in
respect of any delay beyond the permitted period in providing the Services.
3.5.6 Subject to Clause 17 of this Agreement, any unexcused delay by Service Provider in the
performance of its Contract obligations shall render this Agreement to be terminated.
3.5.7 No penalty shall be levied in case of delay(s) in deliverables or performance of the contract
for the reasons solely and directly attributable to the Bank. On reaching the maximum of
penalties specified the Bank reserves the right to terminate the Agreement.

4. LIABILITIES/OBLIGATION

4.1 The Bank’s Duties /Responsibility (if any)


(i) Processing and authorising invoices
(ii) Approval of Information
(iii) ____________
4.2 Service Provider Duties
(i) Service Delivery responsibilities
(a) To adhere to the service levels documented in this Agreement.
(b) Software solution provided and/or maintained by Service Provider shall be free from
OWASP Top 10 vulnerabilities (latest) during the term of Agreement.

Page 103 of 232


RFP for procurement of Learning Management
System

(c) Service provider shall ensure to filter all phishing / spamming / overflow attacks in
order to ensure availability and integrity on continuous basis.
(d) Service Provider shall without any additional cost, rectify the vulnerabilities observed
by the Bank during security review of Code. The Code shall be comprehensively
reviewed periodically by the Bank or its authorized representative.
(e) Service Provider shall ensure that Service Provider’s personnel and its sub-contractors
(if allowed) will abide by all reasonable directives issued by the Bank, including those
set forth in the Bank’s then-current standards, policies and procedures (to the extent
applicable), all on-site rules of behaviour, work schedules, security procedures and
other standards, policies and procedures as established by the Bank from time to time.
(f) Service Provider agrees and declares that it shall be the sole responsibility of Service
Provider to comply with the provisions of all the applicable laws, concerning or in
relation to rendering of Services by Service Provider as envisaged under this
Agreement.
(g) Service Provider shall be responsible to provide Data Dictionary in a format provided
by the Bank. During the term of this Agreement, such a format may be revised by the
Bank as per the requirements. Service Provider shall capture all the fields in Data
Dictionary format and keep the same always updated during the term of this
Agreement.
(h) Service Provider shall report the incidents, including cyber incidents and those
resulting in disruption of service and data loss/ leakage immediately but not later than
one hour of detection.
(i) The Service Provider shall execute Data Processing Agreement on the format attached
as Annexure-H to this RFP
(j) Service Provider shall abide by the provisions of the DPDP Act, 2023 – 11th August,
2023; CG-DL-E-12082023-248045 as and when the relevant rules and guidelines
come into force.
(ii) Security Responsibility
(a) To maintain the confidentiality of the Bank’s resources and other intellectual property
rights.
(b) ____________

5. REPRESENTATIONS & WARRANTIES

5.1 Service Provider warrants that the technical quality and performance of the Services provided
will be consistent with the mutually agreed standards. Warranty shall be for a period of 5 years
from the date of acceptance.

Page 104 of 232


RFP for procurement of Learning Management
System

5.2 Any defect found will be evaluated mutually to establish the exact cause of the defect. Bank
may have direct and separate agreement with Service Provider to provide technical support
to the Bank for related deficiencies.
5.3 Service Provider warrants that at the time of delivery the Software or its component is free
from malware, free from any obvious bugs, and free from any covert channels in the code (of
the versions of the applications/software being delivered as well as any subsequent
versions/modifications delivered).
5.4 Service Provider represents and warrants that its personnel shall be present at the Bank
premises or any other place as the Bank may direct, only for the Services and follow all the
instructions provided by the Bank; Act diligently, professionally and shall maintain the
decorum and environment of the Bank; Comply with all occupational, health or safety policies
of the Bank.
5.5 Service Provider warrants that it shall be solely liable and responsible for compliance of
applicable Labour Laws in respect of its employee, agents, representatives and sub-
contractors (if allowed) and in particular laws relating to terminal benefits such as pension,
gratuity, provident fund, bonus or other benefits to which they may be entitled and the laws
relating to contract labour, minimum wages, etc., and the Bank shall have no liability in this
regard.
5.6 Each Party represents and warrants that it has all requisite power and authorization to enter
into and perform this Agreement and that nothing contained herein or required in the
performance hereof conflict or will conflict with or give rise to a breach or default under, or
permit any person or entity to terminate, any contract or instrument to which the party is
bound.
5.7 Service Provider warrants that it has full right, title and interest in and to all software,
copyrights, trade names, trademarks, service marks, logos symbols and other proprietary
marks (collectively ‘IPR’) owned by it (including appropriate limited right of use of those
owned by any of its vendors, affiliates or subcontractors) which it provides to the Bank, for
use related to the Services to be provided under this Agreement.
5.8 Service Provider shall perform the Services and carry out its obligations under the Agreement
with due diligence, efficiency and economy, in accordance with generally accepted
techniques and practices used in the industry and with professional standards recognized by
international professional bodies and shall observe sound management practices. It shall
employ appropriate advanced technology and safe and effective equipment, machinery,
material and methods.
5.9 Service Provider has the requisite technical and other competence, sufficient, suitable,
qualified and experienced manpower/personnel and expertise in providing the Services to the
Bank.
5.10 Service Provider shall duly intimate to the Bank immediately, the changes, if any in the
constitution of Service Provider.

Page 105 of 232


RFP for procurement of Learning Management
System

5.11 Service Provider warrants that to the best of its knowledge, as on the Effective Date of this
Agreement, the Software does not violate or infringe any patent, copyright, trademarks, trade
secrets or other Intellectual Property Rights of any third party.
5.12 Service Provider shall ensure that all persons, employees, workers and other individuals
engaged by or sub-contracted (if allowed) by Service Provider in rendering the Services under
this Agreement have undergone proper background check, police verification and other
necessary due diligence checks to examine their antecedence and ensure their suitability for
such engagement. No person shall be engaged by Service Provider unless such person is found
to be suitable in such verification and Service Provider shall retain the records of such
verification and shall produce the same to the Bank as when requested.
5.13 During the Warranty Period if any software or any component thereof is supplied by Service
Provider is inoperable or suffers degraded performance not due to causes external to the
software, Service provider shall, at the Bank’s request, promptly replace the software or
specified component with new software of the same type and quality. Such replacement shall
be accomplished without any adverse impact on the Bank’s operations within agreed time
frame.

6. GENERAL INDEMNITY
6.1 Service provider agrees and hereby keeps the Bank indemnified against all claims, actions,
loss, damages, costs, expenses, charges, including legal expenses (Attorney, Advocates fees
included) which the Bank may suffer or incur on account of (i) Service Provider’s breach
of its warranties, covenants, responsibilities or obligations; or (ii) breach of confidentiality
obligations mentioned in this Agreement; or (iii) any willful misconduct and gross negligent
acts on the part of employees, agents, representatives or sub-contractors (if allowed) of
Service Provider. Service provider agrees to make good the loss suffered by the Bank.
6.2 Service provider hereby undertakes the responsibility to take all possible measures, at no cost,
to avoid or rectify any issues which thereby results in non-performance of software within
reasonable time. The Bank shall report as far as possible all material defects to Service
provider without undue delay. Service provider also undertakes to co-operate with other
service providers thereby ensuring expected performance covered under scope of work.

7. CONTINGENCY PLANS
Service provider shall arrange and ensure proper data recovery mechanism, attrition plan and other
contingency plans to meet any unexpected obstruction to Service Provider or any employees or sub-
contractors (if allowed) of Service Provider in rendering the Services or any part of the same under this
Agreement to the Bank. Service Provider at Banks discretion shall co-operate with the bank in case on any
contingency.

Page 106 of 232


RFP for procurement of Learning Management
System

8. TRANSITION REQUIREMENT
In the event of failure of Service Provider to render the Services or in the event of termination of
Agreement or expiry of term or otherwise, without prejudice to any other right, the Bank at its sole
discretion may make alternate arrangement for getting the Services contracted with another vendor.
In such case, the Bank shall give prior notice to the existing Service Provider. The existing Service
Provider shall continue to provide services as per the terms of the Agreement until a ‘New Service
Provider’ completely takes over the work. During the transition phase, the existing Service Provider
shall render all reasonable assistance to the new Service Provider within such period prescribed by
the Bank, at no extra cost to the Bank, for ensuring smooth switch over and continuity of Services,
provided where transition services are required by the Bank or New Service Provider beyond the
term of this Agreement, reasons for which are not attributable to Service Provider, payment shall be
made to Service Provider for such additional period on the same rates and payment terms as
specified in this Agreement. If existing vendor is breach of this obligation, they shall be liable for
paying a penalty of Rs.___________ on demand to the Bank, which may be settled from the
payment of invoices or bank guarantee for the contracted period. Transition & Knowledge Transfer
plan is mentioned in Annexure G.

9. LIQUIDATED DAMAGES

If Service Provider fails to deliver product and/or perform any or all the Services within the
stipulated time, schedule as specified in this Agreement, the Bank may, without prejudice to its
other remedies under the Agreement, and unless otherwise extension of time is agreed upon
without the application of liquidated damages, deduct from the Project Cost, as liquidated damages
a sum equivalent to ____% of total Project cost for delay of each week or part thereof maximum
up to ___% of total Project cost. Once the maximum deduction is reached, the Bank may consider
termination of the Agreement.

10. RELATIONSHIP BETWEEN THE PARTIES


10.1 It is specifically agreed that Service Provider shall act as independent service provider and
shall not be deemed to be the Agent of the Bank except in respect of the transactions/services
which give rise to Principal – Agent relationship by express agreement between the Parties.
10.2 Neither Service Provider nor its employees, agents, representatives, Sub-Contractors shall
hold out or represent as agents of the Bank.
10.3 None of the employees, representatives or agents of Service Provider shall be entitled to claim
any absorption or any other claim or benefit against the Bank.
10.4 This Agreement shall not be construed as joint venture. Each Party shall be responsible for
all its obligations towards its respective employees. No employee of any of the two Parties
shall claim to be employee of other Party.
10.5 All the obligations towards the employee(s) of a Party on account of personal accidents while
working in the premises of the other Party shall remain with the respective employer and not

Page 107 of 232


RFP for procurement of Learning Management
System

on the Party in whose premises the accident occurred unless such accidents occurred due to
gross negligent act of the Party in whose premises the accident occurred.
10.6 For redressal of complaints of sexual harassment at workplace, Parties agree to comply with
the policy framed by the Bank (including any amendment thereto) in pursuant to the Sexual
Harassment of Women at Workplace (Prevention, Prohibition and Redressal) Act, 2013
including any amendment thereto.

11. SUB CONTRACTING

As per the scope of this Agreement sub-contracting is not permitted.

12. INTELLECTUAL PROPERTY RIGHTS

12.1 For any technology / Software / solution developed/used/supplied by Service provider for
performing Services or licensing and implementing Software and solution for the Bank as
part of this Agreement, Service Provider shall have right to use as well right to license for the
outsourced services or third party product. The Bank shall not be liable for any license or
IPR violation on the part of Service Provider.
12.2 Without the Bank’s prior written approval, Service provider will not, in performing the
Services, use or incorporate, link to or call or depend in any way upon, any software or other
intellectual property that is subject to an Open Source or Copy-left license or any other
agreement that may give rise to any third-party claims or to limit the Bank’s rights under this
Agreement.
12.3 Subject to below mentioned sub-clause 12.4 and 12.5 of this Agreement, Service Provider
shall, at its own expenses without any limitation, indemnify and keep fully and effectively
indemnified the Bank against all cost, claims, damages, demands, expenses and liabilities
whatsoever nature arising out of or in connection with all claims of infringement of
Intellectual Property Right, including patent, trademark, copyright, trade secret or industrial
design rights of any third party arising from use of the technology / Software / products or
any part thereof in India or abroad, for Software licensed/developed as part of this
engagement. In case of violation/ infringement of patent/ trademark/ copyright/ trade secret
or industrial design or any other Intellectual Property Right of third party, Service Provider
shall, after due inspection and testing, without any additional cost (a) procure for the Bank
the right to continue to using the Software supplied; or (b) replace or modify the Software to
make it non-infringing so long as the replacement to or modification of Software provide
substantially equivalent functional, performance and operational features as the infringing
Software which is being replaced or modified; or (c) to the extent that the activities under
clauses (a) and (b) above are not commercially reasonable, refund to the Bank all amounts
paid by the Bank to Service Provider under this Agreement.

Page 108 of 232


RFP for procurement of Learning Management
System

12.4 The Bank will give (a) notice to Service provider of any such claim without delay/provide
reasonable assistance to Service provider in disposing of the claim; (b) sole authority to
defend and settle such claim and; (c) will at no time admit to any liability for or express any
intent to settle the claim provided that (i) Service Provider shall not partially settle any such
claim without the written consent of the Bank, unless such settlement releases the Bank fully
from such claim, (ii) Service Provider shall promptly provide the Bank with copies of all
pleadings or similar documents relating to any such claim, (iii) Service Provider shall consult
with the Bank with respect to the defense and settlement of any such claim, and (iv) in any
litigation to which the Bank is also a party, the Bank shall be entitled to be separately
represented at its own expenses by counsel of its own selection..
12.5 Service Provider shall have no obligations with respect to any infringement claims to the
extent that the infringement claim arises or results from: (i) Service Provider’s compliance
with the Bank’s specific technical designs or instructions (except where Service Provider
knew or should have known that such compliance was likely to result in an Infringement
Claim and Service Provider did not inform the Bank of the same); (ii) any unauthorized
modification or alteration of the Software by the Bank; or (iii) failure to implement an update
to the licensed software that would have avoided the infringement, provided Service Provider
has notified the Bank in writing that use of the update would have avoided the claim.
12.6 Service provider hereby grants the Bank a fully paid-up, irrevocable, unlimited, non-
exclusive/exclusive license throughout the territory of India or abroad to access, replicate,
modify and use Software licensed/developed including its upgraded versions available during
the term of this Agreement by Service provider as part of this engagement, including all
inventions, designs and trademarks embodied therein perpetually.
12.7 Software licensed/developed as part of this Agreement can be put to use in all offices of the
Bank.

13. INSTALLATION
Service provider will install the software/support the Bank in installation of the software
developed into the Bank’s production, disaster recovery, testing and training environment, if
required.

14. INSPECTION AND AUDIT


14.1 It is agreed by and between the parties that Service Provider shall be subject to annual audit
by internal/external Auditors appointed by the Bank/ inspecting official from the Reserve
Bank of India or any regulatory authority, covering the risk parameters finalized by the Bank/
such auditors in the areas of products (IT hardware/ Software) and services etc. provided to
the Bank and Service Provider shall submit such certification by such Auditors to the Bank.
Service Provider and or his / their outsourced agents /sub – contractors (if allowed by the
Bank) shall facilitate the same. The Bank can make its expert assessment on the efficiency

Page 109 of 232


RFP for procurement of Learning Management
System

and effectiveness of the security, control, risk management, governance system and process
created by Service Provider. Service Provider shall, whenever required by such Auditors,
furnish all relevant information, records/data to them. All costs for such audit shall be borne
by the Bank. Except for the audit done by Reserve Bank of India or any statutory/regulatory
authority, the Bank shall provide reasonable notice not less than 7 (seven) days to Service
Provider before such audit and same shall be conducted during normal business hours.
14.2 Where any Deficiency has been observed during audit of Service Provider on the risk
parameters finalized by the Bank or in the certification submitted by the Auditors, it is agreed
upon by Service Provider that it shall correct/ resolve the same at the earliest and shall provide
all necessary documents related to resolution thereof and the auditor shall further certify in
respect of resolution of the Deficiencies. It is also agreed that Service Provider shall provide
certification of the auditor to the Bank regarding compliance of the observations made by the
auditors covering the respective risk parameters against which such Deficiencies observed.
14.3 Service Provider further agrees that whenever required by the Bank, it will furnish all relevant
information, records/data to such auditors and/or inspecting officials of the Bank/ Reserve
Bank of India and/or any regulatory authority (ies). The Bank reserves the right to call for
and/or retain any relevant information/ audit reports on financial and security review with
their findings undertaken by Service Provider. However, Service Provider shall not be
obligated to provide records/data not related to Services under the Agreement (e.g. internal
cost break-ups etc.).
14.4 Service Provider shall grants unrestricted and effective access to a) data related to the
Services; b) the relevant business premises of the Service Provider; subject to appropriate
security protocols, for the purpose of effective oversight use by the Bank, their auditors,
regulators and other relevant Competent Authorities, as authorised under law.

15. CONFIDENTIALITY
15.1 “Confidential Information” mean all information which is material to the business operations
of either party or its affiliated companies, designated as being confidential or which, under
the circumstances surrounding disclosure out to be treated as confidential, in any form
including, but not limited to, proprietary information and trade secrets, whether or not
protected under any patent, copy right or other intellectual property laws, in any oral,
photographic or electronic form, whether contained on computer hard disks or floppy
diskettes or otherwise without any limitation whatsoever. Without prejudice to the generality
of the foregoing, the Confidential Information shall include all information about the party
and its customers, costing and technical data, studies, consultants reports, financial
information, computer models and programs, software Code, contracts, drawings, blue prints,
specifications, operating techniques, processes, models, diagrams, data sheets, reports and
other information with respect to any of the foregoing matters. All and every information
received by the parties and marked confidential hereto shall be assumed to be confidential

Page 110 of 232


RFP for procurement of Learning Management
System

information unless otherwise proved. It is further agreed that the information relating to the
Bank and its customers is deemed confidential whether marked confidential or not.
15.2 All information relating to the accounts of the Bank’s customers shall be confidential
information, whether labeled as such or otherwise.
15.3 All information relating to the infrastructure and Applications (including designs and
processes) shall be deemed to be Confidential Information whether labeled as such or not.
Service provider personnel/resources responsible for the project are expected to take care that
their representatives, where necessary, have executed a Non-Disclosure Agreement to comply
with the confidential obligations under this Agreement.
15.4 Each party agrees that it will not disclose any Confidential Information received from the
other to any third parties under any circumstances without the prior written consent of the
other party unless such disclosure of Confidential Information is required by law, legal
process or any order of any government authority. Service provider, in this connection, agrees
to abide by the laws especially applicable to confidentiality of information relating to
customers of Banks and the banks per-se, even when the disclosure is required under the law.
In such event, the Party must notify the other Party that such disclosure has been made in
accordance with law; legal process or order of a government authority.
15.5 Each party, including its personnel, shall use the Confidential Information only for the
purposes of achieving objectives set out in this Agreement. Use of the Confidential
Information for any other purpose shall constitute breach of trust of the same.
15.6 Each party may disclose the Confidential Information to its personnel solely for the purpose
of undertaking work directly related to the Agreement. The extent of Confidential Information
disclosed shall be strictly limited to what is necessary for those particular personnel to perform
his/her duties in connection with the Agreement. Further each Party shall ensure that each
personnel representing the respective party agree to be bound by obligations of confidentiality
no less restrictive than the terms of this Agreement.
15.7 The non-disclosure obligations herein contained shall not be applicable only under the
following circumstances:
(i) Where Confidential Information comes into the public domain during or after the
date of this Agreement otherwise than by disclosure by receiving party in breach of
the terms hereof.
(ii) Where any Confidential Information was disclosed after receiving the written
consent of disclosing party.
(iii) Where receiving party is requested or required by law or by any Court or
governmental agency or authority to disclose any of the Confidential Information,
then receiving party will provide the other Party with prompt notice of such request
or requirement prior to such disclosure.
(iv) Where any Confidential Information was received by the receiving party from a third
party which does not have any obligations of confidentiality to the other Party.

Page 111 of 232


RFP for procurement of Learning Management
System

(v) Where Confidential Information is independently developed by receiving party


without any reference to or use of disclosing party’s Confidential Information.
15.8 Receiving party undertakes to promptly notify disclosing party in writing any breach of
obligation of the Agreement by its employees or representatives including confidentiality
obligations. Receiving party acknowledges that monetary damages may not be the only and /
or a sufficient remedy for unauthorized disclosure of Confidential Information and that
disclosing party shall be entitled, without waiving any other rights or remedies, to injunctive
or equitable relief as may be deemed proper by a Court of competent jurisdiction.
15.9 Service Provider shall not, without the Bank’s prior written consent, make use of any
document or information received from the Bank except for purposes of performing the
services and obligations under this Agreement.
15.10 Any document received from the Bank shall remain the property of the Bank and shall be
returned (in all copies) to the Bank on completion of Service Provider’s performance under
the Agreement.
15.11 Upon expiration or termination of the Agreement, all the Bank’s proprietary documents,
customized programs partially or wholly completed and associated documentation, or the
Bank’s materials which are directly related to any project under the Agreement shall be
delivered to the Bank or at the Bank’s written instruction destroyed, and no copies shall be
retained Service provider without the Bank’s written consent.
15.12 The foregoing obligations (collectively referred to as “Confidentiality Obligations”) set out
in this Agreement shall survive the term of this Agreement and for a period of five (5) years
thereafter provided Confidentiality Obligations with respect to individually identifiable
information, customer’s data of Parties or software in human-readable form (e.g., source
code) shall survive in perpetuity.

16. OWNERSHIP (Not applicable)

17. SOURCE CODE ESCROW AGREEMENT


17.1 Service Provider shall deposit the source code of the Software and everything required to
independently maintain the Software, to the source code escrow account and agrees to
everything mentioned in source code escrow agreement.
17.2 Service provider shall deposit the latest version of source code in escrow account at regular
intervals as mentioned in source code escrow agreement.
17.3 The Bank shall have the right to get the source code released and will receive no
opposition/hindrances from the escrow agent and Service provider under the following
conditions:-
(ii) In the event wherein Service provider files a voluntary petition in bankruptcy or
insolvency or has been otherwise declared Insolvent/Bankrupt; or

Page 112 of 232


RFP for procurement of Learning Management
System

(iii) In the event wherein Service provider has declared its expressed/written unwillingness
to fulfill his contractual obligations under this Agreement; or
(iv) Service Provider is wound up, or ordered wound up, or has a winding up petition ordered
against it, or assigns all or a substantial part of its business or assets for the benefit of
creditors, or permits the appointment of a receiver for the whole or substantial part of
its business or assets, or otherwise ceases to conduct its business in the normal course;
or
(v) Service Provider discontinues business because of insolvency or bankruptcy, and no
successor assumes Service Provider’s Software maintenance obligations or obligations
mentioned in the Agreement; or
(vi) Service Provider dissolves or ceases to function as a going concern or to conduct its
operation in the normal course of business or intends and conveys its intention to do so;
or
(vii) Any other release condition as specified in source code escrow agreement.
17.4 Service provider agrees to bear the payment of fees due to the escrow agent.
17.5 The escrow agreement shall ipso-facto would get terminated on delivery of source code to
either of the parties upon the terms & conditions mentioned in source code escrow agreement.

18. TERMINATION

18.1 The Bank may, without prejudice to any other remedy for breach of Agreement, by written
notice of not less than 30 (thirty) days, terminate the Agreement in whole or in part:
(e) If Service Provider fails to deliver any or all the obligations within the time period
specified in the Agreement, or any extension thereof granted by the Bank;
(f) If Service Provider fails to perform any other obligation(s) under the Agreement;
(g) Violations of any terms and conditions stipulated in the RFP;
(h) On happening of any termination event mentioned herein above in this Agreement.
Prior to providing a written notice of termination to Service Provider under above
mentioned sub-clause (i) to (iii), the Bank shall provide Service Provider with a
written notice of 30 (thirty) days to cure such breach of the Agreement. If the breach
continues or remains unrectified after expiry of cure period, the Bank shall have right
to initiate action in accordance with above clause.
18.2 The Bank, by written notice of not less than 90 (ninety) days, may terminate the Agreement,
in whole or in part, for its convenience, provided same shall not be invoked by the Bank
before completion of half of the total Contract period (including the notice period). In the
event of termination of the Agreement for the Bank’s convenience, Service Provider shall be
entitled to receive payment for the Services rendered (delivered) up to the effective date of
termination.

Page 113 of 232


RFP for procurement of Learning Management
System

18.3 In the event the bank terminates the Agreement in whole or in part for the breaches attributable
to Service Provider, the Bank may procure, upon such terms and in such manner, as it deems
appropriate, software or services similar to those undelivered and subject to clause 21 Service
Provider shall be liable to the Bank for any excess costs for such similar software or services.
However, Service provider, in case of part termination, shall continue the performance of the
Agreement to the extent not terminated.
18.4 The Bank shall have a right to terminate the Agreement immediately by giving a notice in
writing to Service Provider in the following eventualities:
(i) If any Receiver/Liquidator is appointed in connection with the business of Service Provider
or Service Provider transfers substantial assets in favour of its creditors or any orders /
directions are issued by any Authority / Regulator which has the effect of suspension of the
business of Service Provider.
(ii) If Service Provider applies to the Court or passes a resolution for voluntary winding up of
or any other creditor / person files a petition for winding up or dissolution of Service
Provider.
(iii) If any acts of commission or omission on the part of Service Provider or its agents,
employees, sub-contractors or representatives, in the reasonable opinion of the Bank
tantamount to fraud or prejudicial to the interest of the Bank or its employees.
(iv) Any document, information, data or statement submitted by Service Provider in response to
RFP, based on which Service Provider was considered eligible or successful, is found to be
false, incorrect or misleading.
18.5 In the event of the termination of the Agreement Service Provider shall be liable and
responsible to return to the Bank all records, documents, data and information including
Confidential Information pertains to or relating to the Bank in its possession.
18.6 In the event of termination of the Agreement for material breach, Bank shall have the right
to report such incident in accordance with the mandatory reporting obligations under the
applicable law or regulations.
18.7 Upon termination or expiration of this Agreement, all rights and obligations of the Parties
hereunder shall cease, except such rights and obligations as may have accrued on the date of
termination or expiration; the obligation of indemnity; obligation of payment; confidentiality
obligation; Governing Law clause; Dispute resolution clause; and any right which a Party
may have under the applicable Law.

19. DISPUTE REDRESSAL MACHANISM & GOVERNING LAW


19.1 All disputes or differences whatsoever arising between the parties out of or in connection with
this Agreement (including dispute concerning interpretation) or in discharge of any obligation
arising out of the Agreement (whether during the progress of work or after completion of such
work and whether before or after the termination of this Agreement, abandonment or breach
of this Agreement), shall be settled amicably.

Page 114 of 232


RFP for procurement of Learning Management
System

19.2 If the parties are not able to solve them amicably within 30 (thirty) days after dispute occurs
as evidenced through the first written communication from any Party notifying the other
regarding the disputes, either Party [the Bank or Service Provider] shall give written notice to
other party clearly setting out there in, specific dispute(s) and/or difference(s), and shall be
referred to a sole arbitrator mutually agreed upon, and the award made in pursuance thereof
shall be binding on the Parties.
19.3 In the absence of consensus about the single arbitrator, the dispute may be referred to an
arbitration panel; one to be nominated by each Party and the said arbitrators shall nominate a
presiding arbitrator, before commencing the arbitration proceedings. The arbitration shall be
settled in accordance with the applicable Indian Laws and the arbitration shall be conducted
in accordance with the Arbitration and Conciliation Act, 1996.
19.4 Service Provider shall continue work under the Agreement during the arbitration proceedings,
unless otherwise directed by the Bank or unless the matter is such that the work cannot
possibly be continued until the decision of the arbitrator is obtained.
19.5 Arbitration proceeding shall be held at Mumbai, India, and the language of the arbitration
proceedings and that of all documents and communications between the parties shall be in
English.
19.6 This Agreement shall be governed by laws in force in India. Subject to the arbitration clause
above, all disputes arising out of or in relation to this Agreement, shall be subject to the
exclusive jurisdiction of the courts at Mumbai only.
19.7 In case of any change in applicable laws that has an effect on the terms of this Agreement, the
Parties agree that the Agreement may be reviewed, and if deemed necessary by the Parties,
make necessary amendments to the Agreement by mutual agreement in good faith, in case of
disagreement obligations mentioned in this clause shall be observed.

20. POWERS TO VARY OR OMIT WORK


20.1 No alterations, amendments, omissions, additions, suspensions or variations of the work
(hereinafter referred to as variation) under the Agreement shall be made by Service provider
except as directed in writing by Bank. The Bank shall have full powers, subject to the
provision herein after contained, from time to time during the execution of the Agreement, by
notice in writing to instruct Service Provider to make any variation without prejudice to the
Agreement. Service Provider shall carry out such variations and be bound by the same
conditions, though the said variations occurred in the Agreement documents. If any suggested
variations would, in the opinion of Service Provider, if carried out, prevent them from
fulfilling any of their obligations under the Agreement, they shall notify the Bank, thereof, in
writing with reasons for holding such opinion and Bank shall instruct Service Provider to
make such other modified variation without prejudice to the Agreement. Service Provider
shall carry out such variations and be bound by the same conditions, though the said variations
occurred in the Agreement documents. If Bank confirms their instructions Service Provider’s

Page 115 of 232


RFP for procurement of Learning Management
System

obligations will be modified to such an extent as may be mutually agreed. If such variation
involves extra cost, any agreed difference in cost occasioned by such variation shall be
mutually agreed between the parties. In any case in which Service Provider has received
instructions from the Bank as to the requirement of carrying out the altered or additional
substituted work, which either then or later on, will in the opinion of Service Provider, involve
a claim for additional payments, such additional payments shall be mutually agreed in line
with the terms and conditions of the order.
20.2 If any change in the work is likely to result in reduction in cost, the parties shall agree in
writing so as to the extent of reduction in payment to be made to Service Provider, before
Service provider proceeding with the change.

21. WAIVER OF RIGHTS


Each Party agrees that any delay or omission on the part of the other Party to exercise any
right, power or remedy under this Agreement will not automatically operate as a waiver of
such right, power or remedy or any other right, power or remedy and no waiver will be
effective unless it is in writing and signed by the waiving Party. Further the waiver or the
single or partial exercise of any right, power or remedy by either Party hereunder on one
occasion will not be construed as a bar to a waiver of any successive or other right, power or
remedy on any other occasion.

22. LIMITATION OF LIABILITY


22.1 The maximum aggregate liability of Service Provider, subject to below mentioned sub-clause
22.3, in respect of any claims, losses, costs or damages arising out of or in connection with
this Agreement shall not exceed the total Project Cost.
22.2 Under no circumstances shall either Party be liable for any indirect, consequential or
incidental losses, damages or claims including loss of profit, loss of business or revenue.
22.3 The limitations set forth in abovementioned sub-Clause 22.1 shall not apply with respect to:
(i) claims that are the subject of indemnification pursuant to Clause 12
(infringement of third party Intellectual Property Right);
(ii) damage(s) occasioned by the Gross Negligence or Willful Misconduct of Service
Provider;
(iii) damage(s) occasioned by Service Provider for breach of Confidentiality
Obligations ;
(iv) Regulatory or statutory fines imposed by a Government or Regulatory agency
for non-compliance of statutory or regulatory guidelines applicable to the Bank,
provided such guidelines were brought to the notice of Service Provider.
For the purpose of above mentioned sub-clause 22.3(ii) “Gross Negligence”
means any act or failure to act by a party which was in reckless disregard of or
gross indifference to the obligation of the party under this Agreement and which

Page 116 of 232


RFP for procurement of Learning Management
System

causes injury, damage to life, personal safety, real property, harmful


consequences to the other party, which such party knew, or would have known
if it was acting as a reasonable person, would result from such act or failure to
act for which such Party is legally liable. Notwithstanding the forgoing, Gross
Negligence shall not include any action taken in good faith.
“Willful Misconduct” means any act or failure to act with an intentional
disregard of any provision of this Agreement, which a party knew or should have
known if it was acting as a reasonable person, which would result in injury,
damage to life, personal safety, real property, harmful consequences to the other
party, but shall not include any error of judgment or mistake made in good faith.

23. FORCE MAJEURE

23.1 Notwithstanding anything else contained in the Agreement, neither Party shall be liable for
any delay in performing its obligations herein if and to the extent that such delay is the result
of an event of Force Majeure.
23.2 For the purposes of this clause, ‘Force Majeure’ means and includes wars, insurrections,
revolution, civil disturbance, riots, terrorist acts, public strikes, hartal, bundh, fires, floods,
epidemic, quarantine restrictions, freight embargoes, declared general strikes in relevant
industries, Vis Major, acts of Government in their sovereign capacity, impeding reasonable
performance of Service Provider and /or sub-contractor but does not include any foreseeable
events, commercial considerations or those involving fault or negligence on the part of the
party claiming Force Majeure.
23.3 If Force Majeure situation arises, the non-performing Party shall promptly notify to the other
Party in writing of such conditions and the cause(s) thereof. Unless otherwise agreed in
writing, the non-performing Party shall continue to perform its obligations under the
Agreement as far as is reasonably practical, and shall seek all reasonable alternative means
for performance not prevented by the Force Majeure event.
23.4 If the Force Majeure situation continues beyond 30 (thirty) days, either Party shall have the
right to terminate the Agreement by giving a notice to the other Party. Neither Party shall
have any penal liability to the other in respect of the termination of this Agreement as a result
of an event of Force Majeure. However, Service Provider shall be entitled to receive payments
for all services actually rendered up to the date of the termination of this Agreement.

24. NOTICES
24.1 Any notice or any other communication required to be given under this Agreement shall be
in writing and may be given by delivering the same by hand or sending the same by prepaid
registered mail, postage prepaid, telegram or facsimile to the relevant address set forth below
or such other address as each Party may notify in writing to the other Party from time to time.

Page 117 of 232


RFP for procurement of Learning Management
System

Any such notice given as aforesaid shall be deemed to be served or received at the time upon
delivery (if delivered by hand) or upon actual receipt (if given by postage prepaid, telegram
or facsimile).
24.2 A notice shall be effective when it is delivered or on the effective date of the notice, whichever
is later.
24.3 The addresses for Communications to the Parties are as under.
(a) In the case of the Bank
State Bank of India,
HRMS Department
Fourth Floor, Tower 7,
Railway Station Building,
CBD Belapur, 400614
(b) In case of Service Provider

24.4 In case there is any change in the address of one Party, it shall be promptly communicated in
writing to the other Party.

25. GENERAL TERMS & CONDITIONS

25.1 TRAINING: Service Provider shall train designated Bank officials on the configuration,
operation/ functionalities, maintenance, support & administration for Software, application
architecture and components, installation, troubleshooting processes of the proposed Services
as mentioned in this Agreement
25.2 PUBLICITY: Service Provider may make a reference of the Services rendered to the Bank
covered under this Agreement on Service provider’s Web Site or in their sales presentations,
promotional materials, business plans or news releases etc., only after prior written approval
from the Bank.
25.3 SUCCESSORS AND ASSIGNS: This Agreement shall bind and inure to the benefit of the
Parties, and their respective successors and permitted assigns.
25.4 NON-HIRE AND NON-SOLICITATION: During the term of this Agreement and for a
period of one year thereafter, neither Party shall (either directly or indirectly through a third
party) employ, solicit to employ, cause to be solicited for the purpose of employment or offer
employment to any employee(s) of the other Party, or aid any third person to do so, without
the specific written consent of the other Party. However, nothing in this clause shall affect the
Bank’s regular recruitments as per its recruitment policy and not targeted to the employees of
Service provider.
25.5 SEVERABILITY: The invalidity or unenforceability of any provision of this Agreement shall
not in any way effect, impair or render unenforceable this Agreement or any other provision
contained herein, which shall remain in full force and effect.

Page 118 of 232


RFP for procurement of Learning Management
System

25.6 MODIFICATION: This Agreement may not be modified or amended except in writing signed
by duly authorized representatives of each Party with express mention thereto of this
Agreement.
25.7 ENTIRE AGREEMENT: The following documents along with all addenda issued thereto
shall be deemed to form and be read and construed as integral part of this Agreement and in
case of any contradiction between or among them the priority in which a document would
prevail over another would be as laid down below beginning from the highest priority to the
lowest priority:
(i) This Agreement;
(ii) Annexure of Agreement;
(iii) Purchase Order No._______ dated ________; and
(iv) RFP
25.8 PRIVITY: Neither this Agreement nor any provision hereof is intended to confer upon any
person/s other than the Parties to this Agreement any rights or remedies hereunder.
25.9 DUE AUTHORISATION: Each of the undersigned hereby represents to the other that she/
he is authorized to enter into this Agreement and bind the respective parties to this Agreement.
25.10 COUNTERPART: This Agreement may be executed in duplicate and each copy is treated as
original for all legal purposes.

IN WITNESS WHEREOF, the Parties hereto have caused this Agreement to be executed by their
duly authorized representatives as of the date and day first mentioned above.

State Bank of India _____________Service Provider

By: By:
Name: Name:
Designation: Designation:
Date: Date:

WITNESS:
1. 1.

2. 2.

Page 119 of 232


RFP for procurement of Learning Management
System

ANNEXURE-A
DELIVERABLES/SCOPE OF WORK

As per Appendix E of the RFP

1. Description of Deliverables:

i. Service provider shall meet the LMS requirements on web and Mobile app as outlined in
Appendix C of this RFP
ii. The system should have undergone system testing, integration testing, regression testing, load
testing, performance testing and user acceptance testing before org-wide go live.
iii. The service provider will also be required to submit the following list of documentation:
 Project plan, technical design document and product specifications
 LMS Configuration Workbooks
 Product manual including software media and license materials
 Integration Specification Document
 Data Migration Strategy & Implementation plan
 Testing Strategy
 System Validation Test Scenarios
 System Validation Test Scripts
 System Integration Test Scenarios
 System Integration Test Scripts
 Test tracking Log
 Training Strategy and Material
 Deployment Plan
 LMS Governance Policies
 Standard Operating Procedures (SOPs)
 Any other document requested by the Bank

Note: The service provider is expected to meet all requirements outlined in Appendix C Table A
(mandatory requirements)

2. Specifications, Performance Standards, and Functional Requirements:

Table A: Mandatory Functional and Technical Requirements

Applicab
Type of Availabl Shall be
ility of
Requirem e as part customized
Require requirem
Process ent of the within the
ment No. Requirement ent
Name (Function existing implement
# (Mobile/
al/ offering ation
Web/
Technical) (Yes/No) timeline
Both)
Home page should Functional
include a running
notification bar to
show key training-
User
related alerts
Experience
1.01 including but not
Manageme
limited to
nt
new/upcoming
training programs,
quizzes/surveys
launched,

Page 120 of 232


RFP for procurement of Learning Management
System

contests/case studies
launched, etc.

System should have Functional


the ability to support
User screen reading
Experience functionality such as
1.02
Manageme JAWS (Job Access
nt With Speech) for
PWD (people with
disability)
Home Page should Functional
User
have a 'help' feature to
Experience
1.03 guide users on various
Manageme
functionalities of the
nt
learning platform
System should have Functional
User
the ability to support
Experience
1.04 multi-lingual
Manageme
interface with English
nt
and Hindi mandatory
Home page should be Functional
User customizable in the
Experience arrangement of
1.05
Manageme features, tiles, etc. and
nt basis the user profile
selected
Platform should be Functional
customizable in
User accordance with the
Experience SBI branding
1.06
Manageme guidelines including
nt colors, font size and
style, logos, graphics,
etc.
System should Functional
provide the ability to
User save learner progress
Experience while accessing e-
1.07
Manageme learning courses and
nt allow learners to
resume learning from
where they left
System should Functional
provide the ability for
Login and both learners and
Password admin to set/change
2.01
Manageme password in
nt alignment with the
bank’s pre-defined
password guidelines
Login and System should have Functional
Password session time out,
2.02
Manageme password expiry
nt functionality

Page 121 of 232


RFP for procurement of Learning Management
System

configured and
managed as per the
Bank’s policy. Users
should receive a
prompt to continue or
extend their session to
avoid re-login.
System should have Functional
the ability to provide
single-sign-on/ active
Login and
directory (AD) for
Password
2.03 SBI employees using
Manageme
their employee ID
nt
with an option for
multifactor
authentication
System should have Functional
the ability to allow
faculty/ L&D admin
Calendar to create and publish a
Manageme 3.01 training calendar by
nt type of training
center, location, etc.

System should allow Functional


learners to view
Calendar training calendars by
Manageme 3.02 type of training
nt center, location, etc.
to which they are
mapped
System should Functional
provide the ability for
Training
leaners to self-
Nominatio 4.01
nominate for training
n
programs they are
eligible for
System should Functional
provide the ability for
Training managers/L&D
Nominatio 4.02 admins to nominate
n learners for training
programs they are
eligible for
System should have Functional
the ability to provide a
list of learners eligible
for a training program
Training basis pre-defined
Nominatio 4.03 criteria e.g. role,
n minimum tenure, no.
of programs attended
in an FY, etc. to ease
the nomination
process

Page 122 of 232


RFP for procurement of Learning Management
System

System should Functional


provide the ability for
Training
L&D admins to
Nominatio 4.04
approve/decline
n
nominations received
for training programs
System should Functional
provide the ability for
Training managers to
Nominatio 4.05 approve/decline
n nominations received
from learners and/or
L&D admins
System should Functional
provide the ability for
Training learners and admins
Nominatio 4.06 to send reminders to
n learner’s reporting
manager to approve
program nomination
System should have Functional
the ability to
prompt/notify
Training
learners in case they
Nominatio 4.07
have already
n
completed a training
program and attempt
to self-nominate again
System should be able Functional
to prevent duplicate
enrollments in
training programs by
Training
notifying admins
Nominatio 4.08
and/or managers
n
when nominating a
participant who has
already completed the
program
System should Functional
provide the ability to
host, access, score,
and track the
following delivery
methods, including
but not limited to:
• E-learning
(SCORM)
Content
• Video-based
Manageme 5.01
learning
nt
• Micro-learning
nuggets
• ILT/VILT/Webinars
• Podcasts
• E-books
• Social Learning/ E-
discussion Groups/
Chat
• Online

Page 123 of 232


RFP for procurement of Learning Management
System

Assessments/ Quizzes
• Surveys
• AR/VR
• Electronic
documents such as
PDF (case studies,
research material,
publications, books),
iPDFs, articles,
Microsoft Office
documents etc.
System should Functional
provide the ability to
track time spent on all
Content
content types (for e.g.,
Manageme 5.02
e-learnings, videos,
nt
PDFs, webinars, etc.)
before marking the
completion status
System should Functional
provide the ability to
Content track the version
Manageme 5.03 history for all content
nt types including the
date the content was
last edited
System should have Functional
Content an integrated content
Manageme 5.04 and media server with
nt no limit on data
upload
System must have a Functional
built-in SCORM
Content player so that a
Manageme 5.05 preview of content
nt packages is possible
in a real-life
environment
System should Functional
provide the ability to
Content host, deliver, and
Manageme 5.06 track content
nt compliant with
SCORM 1.2 and
above and xAPI
System should Functional
provide the ability to
Content copy-disabled content
Manageme 5.07 (not allow
nt screenshots) on the
mobile app to prevent
its unauthorized use
For mobile Functional
Content application, the
Manageme 5.08 system should only
nt allow in-app
download

Page 124 of 232


RFP for procurement of Learning Management
System

The system should Functional


offer users the
capability to access
Content learning content
Manageme 5.09 offline and
nt synchronize their
learning progress with
the platform when
they are online
System should Functional
provide the ability to
Content rate all learning
Manageme content types(for e.g.,
nt/User ILT, VILT, e-
6.01
Experience learning, videos,
Manageme PDFs, etc.) post
nt completion including
numeric rating, star
rating, etc.
System should Functional
provide the ability for
learners to view
percentage
Content
completions or
Manageme
number of
nt/User
6.02 completions/views on
Experience
specific courses (e.g.,
Manageme
10% of your peers
nt
have completed a
specific course, 10k
views, 25k
completions)
System should Functional
provide the ability to
Content view a consolidated
Manageme rating as well as
nt/User comments given by
6.03
Experience other users on all
Manageme learning content types
nt (for e.g., ILT, VILT,
e-learning, videos,
PDFs, etc.)
System should Functional
Content
provide the ability to
Manageme
add comments on all
nt/User
6.04 learning content types
Experience
(for e.g., ILT, VILT,
Manageme
e-learning, videos,
nt
PDFs, etc.)
System should have a Functional
Program built-in skills
Manageme 7.01 taxonomy for linking
nt skills to job roles and
learning content
System should have Functional
Program
the ability to
Manageme 7.02
configure a
nt
customized skills

Page 125 of 232


RFP for procurement of Learning Management
System

taxonomy for linking


skills to job roles and
learning content
System should have Functional
the ability to create an
ILT that extends
beyond a single day.
(Please note: Each
Program program/ILT may
Manageme 7.03 extend over multiple
nt days, with several
sessions conducted
each day. These
sessions may be
conducted by different
faculty members)
System should Functional
provide the ability to
include the following
fields (non-
exhaustive) while
creating learning
across all content
types (as applicable):
title/topic, owner,
training center,
location, training
room name and
number,
competency/skill,
Program
KRA, role eligibility,
Manageme 7.04
start date, end/expiry
nt
data, duration,
program
coordinator/owner,
faculty mapping,
mapping of bank
mandated principles,
no. of slots/seats
available for
ILT/VILT, training
type (internal,
external training etc.),
cost of program,
mandatory vs non-
mandatory etc.
System should Functional
provide ability for
admin to sequence an
ILT into pre-reads,
Program pre-assessment, series
Manageme 7.05 of sessions per day,
nt post-assessment,
post-program reads
and post-program
webinar with an
option for tagging

Page 126 of 232


RFP for procurement of Learning Management
System

mandatory vs non-
mandatory

System should have Functional


the ability to map an
Program overall coordinator(s)
Manageme 7.06 for the ILT and
nt different faculty for
each session within
the ILT
System should have Functional
the ability to duplicate
an instance of
learning
Program path/ILT/VILT to
Manageme 7.07 avoid re-entering
nt information, with
flexibility to edit
content in certain
fields (e.g., date, time
etc.)
When creating an Functional
ILT/VILT system
Program
should provide admin
Manageme 7.08
with the ability to
nt
allocate seats to
certain locations
System should have Functional
Program the ability to auto-
Manageme 7.09 notify faculty/admin
nt once the seats for an
ILT/VILT are filled
System should Functional
provide ability to
allow learners to
Program
register for webinar
Manageme 7.10
on 'first come first
nt
serve' basis and close
registrations once
seats are filled
System should have Functional
the ability to send
system-driven
customized
reminders/notificatio
ns through
Program
email/SMS/in-app
Manageme 7.11
notifications for
nt
learners including but
not limited:
• notification on
upload/launch of new
ILT/VILT/e-learnings
• reminders on

Page 127 of 232


RFP for procurement of Learning Management
System

upcoming programs
scheduled/nominated
for
• reminders to
complete mandatory
trainings

System should have Functional


the ability to notify
learner & manager
Program when a learner is
Manageme 7.12 assigned an
nt ILT/VILT with
required session
details, date, time,
location, duration, etc
System should have Functional
the ability to send
calendar invite (sync
with outlook) to
Program learner for assigned /
Manageme 7.13 nominated ILT/VILT
nt with details including
but not limited to
session dates, topic,
location, duration,
etc.
System should have Functional
Program the ability to capture
Manageme 7.14 feedback at a program
nt (ILT) level and
session level
System should Functional
provide the ability to
Program
launch
Manageme 7.15
quizzes/survey/polls
nt
during an ILT session
to the attendees
System should have Functional
the ability to allow
admins to define the
completion timeline
for mandatory
Program programs assigned to
Manageme 7.16 learners (e.g., newly
nt joined probationary
officers should
complete 50 e-
learning courses
within 24 months of
their joining)
System should Functional
Program
provide the ability for
Manageme 7.17
admins to
nt
configure/customize

Page 128 of 232


RFP for procurement of Learning Management
System

the completion
certificate on the
learning platform
System should have Functional
the ability to provide
learners with a list of
Program
external training
Manageme 7.18
programs available
nt
and allow them to
self-nominate basis
eligibility
System should have Functional
the ability to exempt
learners from
Program mandatory trainings
Manageme 7.19 (all types) by
nt obtaining data from
HRMS or marking
exemption through
the learning platform
System should Functional
provide ability for
admins to create and
assign learning
content and learning
path (ILT, VILT, e-
learning) based on a
Program
single or combination
Manageme 7.20
of multiple criteria
nt
such as SBI divisions,
functions, job
families, job roles,
location, career level,
competencies/skills,
training centre
mapping etc.
System should have Functional
Program the ability to auto-
Manageme 7.21 retire courses and
nt revoke learner access
post end/expiry date
System should have Functional
the ability to auto-
notify owner of a
Program
course/program/e-
Manageme 7.22
learning on the expiry
nt
date a pre-defined no.
of days before it
expires
System should have Functional
the ability to create a
Program
database of questions
Manageme 7.23
(MCQ, true or false,
nt
fill in the blanks etc.)
by topics

Page 129 of 232


RFP for procurement of Learning Management
System

System should have a Functional


Program maker checker
Manageme 7.24 configuration to
nt approve the question
bank created per topic
System should Functional
provide the ability to
Program
search question bank
Manageme 7.25
by topic name,
nt
question bank ID,
keywords, etc.
System should allow Functional
L&D admin/ faculty
Program the ability to create an
Manageme 7.26 assessment by
nt searching and
selecting questions
across question banks
System should enable Functional
search functionality
for learners to search
all learning content
types by a single or
combination of
criteria including but
not limited to:
- program/course
name
Browse/
- role
Search
8.01 - eligibility
Manageme
- training institute
nt
- zone/location
- domain/ topic
- competencies/skills
- assigned course
- duration
- type of content
(ILT/VILT/e-learning
etc.)
- nomination
- keywords
System should enable Functional
search functionality
for admin to search
for learners and other
Browse/
users as required by a
Search
8.02 single or combination
Manageme
of criteria including
nt
but not limited to
employee ID, first
name, last name, role,
user profiles etc.
System should enable Functional
Browse/ search functionality
Search for managers to
8.03
Manageme search/filter direct
nt reports by a single or
combination of

Page 130 of 232


RFP for procurement of Learning Management
System

criteria including but


not limited to
employee ID, first
name, last name, role
etc.
System should enable Functional
Browse/
search functionality
Search
8.04 for faculty to search
Manageme
for trainings they are
nt
mapped/assigned to
System should have Functional
the ability to create a
section on the
platform for learner &
Gamified
faculty recognition
Learning 9.01
including but not
Experience
limited to photo,
name, designation,
location, leaderboard
score etc.
System should have Functional
the ability to allow
learners to earn
Gamified points/badges based
Learning 9.02 on pre-determined
Experience milestones, such as
number of
completions, timeline
for completion, etc.
System should Functional
provide users the
Gamified ability to filter a
Learning 9.03 leaderboard by
Experience content type e.g., for
e-learnings, VILT,
ILT etc.
System should Functional
provide users the
ability to apply filters
Gamified to leaderboard
Learning 9.04 including but not
Experience limited to type of
training institute,
zone, region, job role
etc.
System should Functional
provide a discussion
forum for all users to
Social
10.01 facilitate
Learning
collaborative learning
through posts and
comments
System should Functional
Social provide the ability for
10.02
Learning users to recommend
courses to other users

Page 131 of 232


RFP for procurement of Learning Management
System

through discussion
boards

System should Functional


provide the ability for
learners to access a
learning dashboard
with features
Report including but not
Manageme 11.01 limited to list of
nt learning content
assigned,
progress/status of
learning, upcoming
training scheduled
etc.
System should Functional
provide the ability for
Report
all users to subscribe
Manageme 11.02
to periodic reports
nt
based on their user
profile
System should Functional
provide the ability to
filter aggregated data
by multiple learner-
specific or
organizational criteria
including but not
Report
limited to employee
Manageme 11.03
ID, SBI divisions,
nt
functions, job
families, job roles,
scale/career level,
competencies,
training institute type,
location, program
name/topic, etc.
System should Functional
provide the ability to
schedule the
Report generation of reports
Manageme 11.04 basis timelines
nt defined by the bank
including weekly,
monthly, quarterly,
and annually
System should have Functional
the ability to analyze
data and provide
Report
insights with visual
Manageme 11.05
representation
nt
(analytics
capabilities)

Page 132 of 232


RFP for procurement of Learning Management
System

System should Functional


provide the ability to
Report download reports in
Manageme 11.06 formats including but
nt not limited to excel,
plain text, CSV, PDF,
RCN, TCH, etc.
System should Functional
provide the ability to
Report assign access to
Manageme 11.07 customized
nt reports/dashboards
basis the security
profile of users
System should Functional
Report provide the ability to
Manageme 11.08 report consolidated
nt feedback data for both
learners and faculty
System should Functional
Report provide the ability to
Manageme 11.09 access learner’s
nt learning history basis
type of access granted
System should have Functional
Report the ability to generate
Manageme 11.10 report on learning
nt costs by training
centers
System should have Functional
the ability to
consolidate learner
data to provide list of
learners who have not
completed any
training in specified
duration (e.g. Last
FY), list of learners
Report with less than defined
Manageme 11.11 hours of training
nt completed (e.g.
learners with less than
2 hours of training),
list of learners with
assignment/quiz
scores less than
defined threshold
(e.g. learners who
have scored less than
10 marks)
System should Functional
provide the ability to
generate reports for
Report
training centers
Manageme 11.12
including data such as
nt
no. of training
programs completed –
monthly, quarterly,

Page 133 of 232


RFP for procurement of Learning Management
System

annually, no. of
employees/learners
trained by job role,
scale/level etc.
classroom capacity
utilization etc.
System should be able Functional
to track, consolidate
and report learning
content data including
Report
but not limited to no.
Manageme 11.13
of views/downloads,
nt
consolidated
reviews/ratings,
highest vs lowest
views/ratings etc.
System should have Functional
the ability to
Report track,consolidate and
Manageme 11.14 report data for
nt internal & external
training (e.g.,
MOOCs)
System should have Functional
the ability to generate
reports on the no. of
training hours
Report
completed by learner
Manageme 11.15
for all learning
nt
content types in a
month, quarter,
annually for internal
and external training
System should have Functional
the ability to create
reports for mandatory
trainings including
Report
data such as program
Manageme 11.16
name/topic, unique
nt
no. of employees
trained, total staff
trained in a particular
quarter, year etc.
System should have Functional
the ability to generate
individual employee-
wise learning reports
on entering employee
ID, with learning
Report details including but
Manageme 11.17 not limited to list of
nt mandatory/optional
learning
content/assessments
and status including
not started/in
progress/completed,
learning history, etc.

Page 134 of 232


RFP for procurement of Learning Management
System

System should have Functional


Report report builder
Manageme 11.18 functionality for
nt custom report
creation
System should Functional
provide the ability to
set up customized
Report reports/dashboards to
Manageme 11.19 track progress of
nt learning across all
content types and
users (internal and
external)
System should have Functional
the ability to generate
Report
comparative reports
Manageme 11.20
(e.g. Comparison of
nt
Q1 to Q2 completion
in a given FY)
System should Functional
Tracking provide the ability to
Attendance mark attendance on
and 12.01 webinar basis pre-
Completio define criteria such as
n no. of hours spent in
the webinar
System should Functional
provide the ability for
learner to upload
certificate post
completion of any
Tracking
external (non-SBI)
Attendance
programs with
and 12.02
checker functionality
Completio
(e.g., reporting
n
manager or L&D
team to validate and
approve the
certification
uploaded)
System should have Functional
the ability to capture
attendance for in-
person programs
Tracking
(ILT) using system-
Attendance
driven mechanisms
and 12.03
such as QR code and
Completio
also have the ability
n
for admin/faculty to
authenticate
attendance marked by
the learner
Tracking Functional
System should
Attendance
provide the ability for
and 12.04
learner to
Completio
view/download/print
n

Page 135 of 232


RFP for procurement of Learning Management
System

the completion
certificate

System should Functional


provide the ability to
track mandatory
training completion
Tracking across all learning
Attendance modalities and assign
and 12.05 a score to participants
Completio basis
n progress/completion
and other pre-defined
criteria. Score should
flow back to the
HRMS and / or PMS
System should have Functional
Learning
the ability to support
Ecosystem
13.01 up to 5 layers of
Manageme
customized approval
nt
workflows
System should have Functional
the ability to create
Learning
and maintain database
Ecosystem
13.02 of training center and
Manageme
faculty (both internal
nt
and external)
information
Service provider must
provide a ticketing
system to log all
queries (L1 and
above) on a single
Administra
platform. L1 issues
tive 14.01
will be managed by
Support
the SBI admin team
and L2 and above
issues are to be
handled by the service
provide. Technical
System should have Technical
the ability to support
all standard web
browsers like
Microsoft Internet
General 15.01
Explorer, Microsoft
Edge, Google
Chrome, Mozilla,
Safari, Firefox, Opera
etc.
System should have Technical
the ability to support
multiple operating
General 15.02
systems like
Microsoft Windows
10 and above, Mac

Page 136 of 232


RFP for procurement of Learning Management
System

OSX, Snow Leopard


and above etc. on the
web version and
Andriod and iOS on
the mobile version
System should Technical
provide multi-device
and multi-channel
access
(desktop/tablet/mobil
e) for all users on web
General 15.03
as well as on mobile
app with screen
responsiveness for
adaptability
according to screen
dimension
System should have Technical
the ability to restrict
concurrent login by
General 15.04 the same user on
multiple devices i.e.,
restrict access to
single device at a time
System should have Technical
cloud based storage
and administration of
General 15.05
content. Streaming
capacity should not be
a constraint
System should have Technical
the ability to auto-
adjust the resolution
of videos basis
internet & intranet
General 15.06
bandwidth of the user
(in-app video
download, with
ability to decide
download quality)
System should have Technical
the ability to
configure IP address
for certain online
General 15.07 exams/courses/progra
ms so that they can
only be accessible
from designated SBI
centers
System should have Technical
the ability to migrate
existing SBI data
spread including
General 15.08
content and learner
history from across
multiple SBI
platforms

Page 137 of 232


RFP for procurement of Learning Management
System

System should have Technical


the ability to integrate
Integration 16.01
with HRMS & PMS
on a real time basis
System should have Technical
the ability to integrate
Integration 16.02
with external APIs
such as MOOCs
System should have Technical
the ability to curate
courses from the
integrated MOOCs
and allow admins to
assign such courses to
learner’s basis a pre-
defined criteria such
Integration 16.03
as role, tenure etc.
(i.e., learners cannot
see the entire
catalogue of a
MOOC. They can
only see courses they
are allowed to enrol
for/complete)
System should have Technical
the ability to integrate
with APIs such as
Outlook, MS Teams,
Zoom, WebEx etc.
Integration 16.04 Bidders to share
details of the standard
integrations include in
the product in the
template provided in
Appendix W
System should have Technical
the ability to support
data flow from
Integration 16.05
HRMS & PMS to the
learning platform and
vice-versa
System should have Technical
the ability to track
KRA and KPI
Integration 16.06 information from
PMS and recommend
learning courses
appropriately.
System should have Technical
the ability to support
min 2.5 Lakh staff and
1 Lakh non-staff of
Scalability 17.01
SBI (Please note
these number do not
indicate commitment
of minimum licenses)

Page 138 of 232


RFP for procurement of Learning Management
System

Should support at Technical


least 10% concurrent
users at a time with no
application
performance issues
(Please note: Bidders
Scalability 17.02
are required to
submit a load test
report for 30k+
concurrent users at
the time of technical
bid submission)
System should have Technical
the ability to provide
external users (who
are not on the
HRMS/do not have an
employee ID), the
option to log in
User
through alternative
Manageme 18.01
mechanisms such as
nt
email ID, basis the
assigned user profile.
Additionally,
multifactor
authentication should
be implemented for
secure access.
The system should Technical
support external user
self-registration on
the learning platform.
User
Additionally, admins
Manageme 18.02
must possess the
nt
ability to authenticate
these external users to
obtain access to the
learning platform
System should have
the ability to
create/edit/manage a
minimum of 25
security profiles in the
system (with differing
access rights)
including but not
User limited to learner,
Manageme 18.03 manager, manager of Technical
nt manager, faculty,
training center head,
L&D, maker,
checker, admin, super
admin etc. basis level
of access rights
(create/edit/view/dele
te/assign learning and
reports) required.

Page 139 of 232


RFP for procurement of Learning Management
System

System should have Technical


the ability to change
access type/security
profile of learner from
external user to
internal user and vise-
versa without loss of
learning history (e.g.,
probationary officers
User
will be treated as
Manageme 18.04
external users for 45
nt
days and provided
restricted access to
the learning platform
using a temporary ID.
Once the PFID is
generated the user
profile needs to be
changed to internal
user)
System should have Technical
the ability to
accurately map each
user according to their
position in the current
User org structure in their
Manageme 18.05 respective
nt geographies (as given
in Appendix-S) and
SBI entities for
defining access right
to learnings across
content types
System should have Technical
the ability for the
super admin to
perform all activities
User
across all other user
Manageme 18.06
profiles including the
nt
ability to
create/edit/manage/de
lete/assign user
profiles
System should allow Technical
admin profiles to
complete user
registrations
User
individually or
Manageme 18.07
through the export or
nt
import of user data
(e.g. Bulk upload of
user data through .csv
file)

Page 140 of 232


RFP for procurement of Learning Management
System

System should have Technical


the ability to create
certain admin profiles
which can create/
edit/ delete data for
User
one or more specific
Manageme 18.08
learner groups (e.g.,
nt
Admin rights to
manually mark course
completion for local
officers based in
foreign locations)

2.1 Service Provider undertakes and warrants to provide technical support with resolution
time frame as per the matrix given below:

Table B: Response time and resolution time required of vendor

Severity Level Description First Response Resolution Time


Time
P1 – Critical Technical and systems problems that 30 minutes 6 business hours
block a whole organization from
performing critical business operations. A
significant majority of users (60% or
more) are impacted. The service must be
restored immediately. No workaround or
temporary solution is available to continue
business operations.
E.g. – Widespread log-in issues, system
outages impacting the majority of users,
security breaches or vulnerabilities
P2 – High Blocks significant users from completing 1 business hour 12 business hours
major functionalities and/or causes a
severe drop in the app's performance.
Impacts around half or more users. The
service must be restored in a short time. A
workaround or temporary solution may or
may not be available.
E.g. - Intermittent access issues and major
functionality errors such as course content
loading, inability to submit assignments or
quizzes
P3 – Medium Moderately impacts users' ability to use 2 business hours 2 business days
the platform/app and hinders certain non-
business critical operations. It affects a
small number of users (<10%).
Restoration of service can take
comparatively more time. A temporary
workaround is available with some
additional effort.
E.g. - Course content display issues, user
data accuracy issues, incompatibility with

Page 141 of 232


RFP for procurement of Learning Management
System

browser or mobile updates for specific


user group
P4 – Low Creates a sub-optimal end-user 4 business hours 8 business days
experience, only affects one or multiple
users from performing non-critical
operations. May not require immediate
attention as it does not significantly affect
the user’s productivity. A workaround is
easily available.
E.g. Cosmetic issues such as layout
changes, font size, etc., feature
enhancement requests, course content
alignment

3. Documentation:
The service provider will be required to submit the following list of documentation:
 Project plan, technical design document and product specifications
 LMS Configuration Workbooks
 Product manual including software media and license materials
 Integration Specification Document
 Data Migration Strategy & Implementation plan
 Testing Strategy
 System Validation Test Scenarios
 System Validation Test Scripts
 System Integration Test Scenarios
 System Integration Test Scripts
 Test tracking Log
 Training Strategy and Material
 Deployment Plan
 LMS Governance Policies
 Standard Operating Procedures (SOPs)
 Any other document requested by the Bank

4. Place of Service

1. State Bank of India, Global IT Centre Belapur

2. State Bank of India, Corporate Centre

Or any other place as the bank may direct

5. Standard Services
Standard services to be delivered under this agreement are illustratively listed below:-
The details of services, their responsibilities and availability to be described----

1……
2…….

As defined in Appendix E of the RFP

Page 142 of 232


RFP for procurement of Learning Management
System

6. Maintenance/ Upgrades

6.1 Service Provider shall maintain and upgrade the Software during the warranty and support period
so that the Software shall, at all times during the warranty and support period, meet or exceed the
specifications in the Project Documents and the performance requirements as set forth in this
Agreement. Service provider shall, at no cost to the Bank, promptly correct any and all errors,
Deficiencies and defects in the Software.
6.2 Service Provider shall have the operational maintenance obligations (e.g., telephone support,
problem resolution, on-site services) as mentioned in Annexure A.

Table C: Post Implementation Support team


Role Responsibilities No. of Duration
Resources
Post  Manage simple “How to” issues 5 Full time during
implementation that can be resolved without hyper care and 2
L1 team having to perform root cause additional months
analysis post hyper care
 Addressing basic user queries
including but not limited to login,
password reset, access, application
navigation, usage of platform, etc.
 Resolve simple commonly
occurring issues for users and other
platform user profiles (Admin,
Faculty, content creator, etc)
Post  Any issues that cannot be resolved 4 Full time till the
implementation by the L1 team end of the
L2 team  Includes troubleshooting for issues contract period
escalated by the level 1 support
team
o Analyzing error messages and
system logs
o Resolving issues related to
learning content, assisting with
troubleshooting for multimedia
and interactive elements for all
types of users
o Addressing issues related to
third-party integrations
o Troubleshooting data
exchange, learner master data
issues within internal systems
o Addressing errors with
viewing and downloading
reports

Page 143 of 232


RFP for procurement of Learning Management
System

 The L2 team will be responsible


for examining quarterly system
releases and evaluating their
impact on the platform.
 The L2 team in collaboration with
the L3 team shall be responsible
for coordinating with the STU
team at SBI to decide whether to
incorporate or exclude the newly
released features.
 If the decision is made to
incorporate the releases or new
features into the platform, the L2
team (with L3 as required) shall be
responsible for rolling out the
features and making necessary
modifications to the platform
 L2 team will take on the
responsibility of training the SBI
L1 team on the new releases/
features.
Post  Any issues that cannot be resolved 4 Full time till the
implementation by the L2 team end of the
L3 team  Should possess expertise in contract period
technology platforms to resolve the
issue
 Includes resolving issues escalated
from Level 2
o SSO failure
o Hardware, Server, Storage and
network issues
o Integration issues
 L3 team will also be accountable
for managing minor workflow
changes

7. Correction of Deficiencies in Deliverables


7.1 If Service provider is unable to correct all Deficiencies preventing acceptance of a
deliverable or meet the performance requirements, for which Service provider is
responsible within the timelines as mentioned in this Agreement, the Bank may at its
discretion:
a) Without prejudiced to the Bank’s other rights under this Agreement, allow Service
provider to continue its efforts to make corrections; or
b) Accept the deliverable with its Deficiencies and reach agreement with Service provider
on an equitable reduction to Service provider’s charges for developing such deliverable
to reflect the uncorrected Deficiencies; or

Page 144 of 232


RFP for procurement of Learning Management
System

c) Terminate this Agreement for cause in accordance with Clause 17 (except that the Bank
is under no obligation to provide Service provider any further opportunity to cure) and
recover its damages as set forth in this Agreement.

8. Service Milestones

The Bank envisions the implementation of an LMS within the


timeframe given below.
If the project timeline is not met due to specific circumstances,
Duration for
Bank may extend the timeline with mutual understanding between
Activity
the bidder and the Bank.

Project Activities (indicative)


Vendor onboarding and project planning
70 days post
LMS requirements finalization
signing of contract
Platform configuration (including integrations, data migration)
and unit testing
 Testing and platform approval by SBI:
Note: Testing stages including system integration testing, UAT
and security testing to be conducted by SBI. Vendor to make 90 days post
system updates within 5 working days of receiving feedback at platform
each testing iteration/stage configuration and
unit testing
 Create SOPs
 Create training material
Pilot the new LMS in select geographies/ functions

Monitor performance and resolve technical issues


20 days post
Apply necessary updates testing approval
by SBI
Training for SBI admin (Knowledge Transfer)

Scaling platform for org-wide go-live

Organisation-wide LMS go-live Launch day


60 days post go-
Hypercare (monitoring performance)
live
5 years post go-
Post implementation support (L2 and above)
live

9. Risk Management

Service Provider shall identify and document the risk in delivering the Services. Service Provider
shall identify the methodology to monitor and prevent the risk, and shall also document the steps
taken to manage the impact of the risks.

Page 145 of 232


RFP for procurement of Learning Management
System

ANNEXURE-B

INFRASTUCTURE MANAGEMENT METRICS

As detailed in RFP (Appendix E) - Section 17 and Appendix-V

(a) Service metric for Recovery Time objective (RTO)

SL Service level Service level object Measurement range/criteria


no. category

1. RTO during 60 minutes Time taken for shutting DC and making DR


disaster for shifting live and vice versa
to DC and vice
versa

(b) SLA for Recovery Point Objective

SL Service level Service level object Measurement range/criteria


no. category

1. RPO during 15 minutes Amount of lost data acceptable


disaster for shifting
to DR and vice
versa

Page 146 of 232


RFP for procurement of Learning Management
System

ANNEXURE-C

APPLICATION DEVELOPMENT & MAINTENANCE METRIC.

As detailed in RFP (Appendix V)

Severity Level Description First Response Resolution


Time Time
P1 – Critical Technical and systems problems that 30 minutes 6 business
block a whole organization from hours
performing critical business operations.
A significant majority of users (60% or
more) are impacted. The service must be
restored immediately. No workaround or
temporary solution is available to
continue business operations.
E.g. – Widespread log-in issues, system
outage impacting the majority of user,
security breach or vulnerabilities
P2 – High Blocks significant users from 1 business hour 12 business
completing major functionalities and/or hours
causes a severe drop in the app's
performance. Impacts around half or
more users. The service must be restored
in a short time. A workaround or
temporary solution may or may not be
available.
E.g. - Intermittent access issues and
major functionality errors such as
course content loading, inability to
submit assignments or quizzes
P3 – Medium Moderately impacts users' ability to use 2 business hours 2 business
the platform/app and hinders certain days
non-business critical operations. It
affects a small number of users (<10%).
Restoration of service can take
comparatively more time. A temporary
workaround is available with some
additional effort.
E.g. - Course content display issues, user
data accuracy issues, incompatibility
with browser or mobile updates for
specific user group
P4 – Low Creates a sub-optimal end-user 4 business hours 8 business
experience, only affects one or multiple days
users from performing non-critical
operations. May not require immediate
attention as it does not significantly

Page 147 of 232


RFP for procurement of Learning Management
System

affect the user’s productivity. A


workaround is easily available.
E.g. Cosmetic issues such as layout
changes, font size, etc., feature
enhancement requests, course content
alignment

Page 148 of 232


RFP for procurement of Learning Management
System

ANNEXURE-D

SERVICE DESK SUPPORT METRIC

As detailed in RFP (Appendix E) Section 8

Help Desk Requirement:

i. The service provider post-implementation support team resources are expected to be deployed for 6
days a week and an estimated 9 hours a day as per the working calendar of the bank. The bank reserves
the right to request resources to work beyond these parameters as needed.
ii. Service provider shall provide a highly skilled support team onsite, for the management of post
implementation incident SLAs

SERVICE LEVEL REPORTING/ FREQUENCY

Monthly or as advised by the bank

SERVICE REVIEW MEETING

Monthly or as advised by the bank

Service Review meeting shall be held annually/ half yearly. The following comprise of
the Service Review Board:

 President,

 Members…………….

Report Name Interval Recipient Responsible

Page 149 of 232


RFP for procurement of Learning Management
System

ANNEXURE-E
ESCALATION MATRICS

Service level Response/Resolution Escalation thresholds


Category Time

Escalation Level 1 Escalation.........

Escalation to Escalation Escalation to Escalation


Mode Mode

Production <Name,
Support designation
contact no.>

Service <Name,
Milestones designation
contact no.>

Infrastructure <Name,
Management designation
contact no.>

Application <Name,
Development & designation
Maintenance contact no.>

Information <Name,
Security designation
contact no.>

Service Desk <Name,


Support designation
contact no.>

Page 150 of 232


RFP for procurement of Learning Management
System

ANNEXURE-F

PENALTY FOR NON-PERFORMANCE OF SLA

As per Appendix J of the RFP

Service level category SLA Measure Penalty Calculation

Per week of
0.5% of the implementation cost per week of delay or non-
Delayed Implementation delay or non-
compliance
compliance

Inability by
vendor to
provide the
Payment toward invoice associated with the payment milestone ‘60
Non-Compliance to mandatory
days post go-live’ as outlined in Appendix E- point 19 (Payment
Mandatory Requirements requirements
Schedule) Table A – Implementation Phase, shall be withheld
within the
implementation
timelines

Total no of error free records migrated


( ) 𝑥 100
Total no of records migrated in that batch

Data Accuracy
Data Migration of less than Penalty at the rate of Rs.25,000/- will be applied for every drop in 1
100% % i.e., Rs.25,000/- if the data accuracy is below 100 % and
Rs.50,000/- if the data accuracy is below 99% and so on for every %.

Sum of total hours during month − Sum of downtime hours during month
( ) 𝑥 100
Sum of total hours during month

 99.50% and above – No penalty


 Uptime of 98% and above but below 99.50% - penalty of 1% of
total quarterly pay-out of license cost
Penalty for
overall uptime  Uptime of 97% and above but below 98% - penalty of 2% of
Application Downtime total quarterly pay-out of license cost
of less than
99.50%  Uptime of 96% and above but below 97% - penalty of 3% of
total quarterly pay-out of license cost
 Uptime of 95% and above but below 96% - penalty of 4% of
total quarterly pay-out of license cost
 Uptime below 95% - penalty of 5 % of total quarterly pay-out of
license cost

Delay in
completion of
Post implementation
any additional Penalty of 0.5% of the cost of additional scope of work per week of
customization/configuration
scope of work delay up to 5% of total cost of additional scope
of application
within the
timeframe

Page 151 of 232


RFP for procurement of Learning Management
System

In case of
Absence of Post absence of 𝑀𝑜𝑛𝑡ℎ𝑙𝑦 𝐶ℎ𝑎𝑟𝑔𝑒
( ) 𝑥 𝑛𝑜. 𝑜𝑓 𝑑𝑎𝑦𝑠 𝑜𝑓 𝑎𝑏𝑠𝑒𝑛𝑠𝑒
𝑇𝑜𝑡𝑎𝑙 𝑊𝑜𝑟𝑘𝑖𝑛𝑔 𝑑𝑎𝑦𝑠
Implementation Support post-
Team implementation Per resource, charge for absence will be calculated as above
team member

Penalty
Achievement (% of
Severity Target
range monthly
fee)

P1 response time (30


90% 70% - <89% 5%
minutes)

P2 response time (1
90% 70% - <89% 5%
business hour)

P3 response time (2
90% 70% - <89% 5%
business hours)
Non-
P4 response time (4
adherence 90% 70% - <89% 5%
business hours)
to
Post Implementation
response P1 resolution time (6
Service 90% 70% - <89% 5%
time and business hours)

Resolution P2 resolution time (12


90% 70% - <89% 5%
time business hours)

P3 resolution time (2
90% 70% - <89% 10%
business days)

P4 resolution time (8
90% 70% - <89% 10%
business days)

The bidder shall ensure adherence to the above mentioned target,


failing which a penalty will be deducted from the post
implementation support cost.

Note: The maximum penalties on account of all above cases will be 10% of the total cost of the project

Page 152 of 232


RFP for procurement of Learning Management
System

ANNEXURE G

Transition & Knowledge Transfer Plan

1. Introduction

1.1 This Annexure describes the duties and responsibilities of Service Provider and the Bank to ensure
proper transition of services and to ensure complete knowledge transfer.

2. Objectives
2.1 The objectives of this annexure are to:
(1) ensure a smooth transition of Services from Service Provider to a New/Replacement
SERVICE PROVIDER or back to the Bank at the termination or expiry of this Agreement;
(2) ensure that the responsibilities of both parties to this Agreement are clearly defined in the
event of exit and transfer; and
(3) ensure that all relevant Assets are transferred.

3. General
3.1 Where the Bank intends to continue equivalent or substantially similar services to the Services
provided by Service Provider after termination or expiry the Agreement, either by performing
them itself or by means of a New/Replacement SERVICE PROVIDER, Service Provider shall
ensure the smooth transition to the Replacement SERVICE PROVIDER and shall co-operate
with the Bank or the Replacement SERVICE PROVIDER as required in order to fulfil the
obligations under this annexure.
3.2 Service Provider shall co-operate fully with the Bank and any potential Replacement SERVICE
PROVIDERs tendering for any Services, including the transfer of responsibility for the provision
of the Services previously performed by Service Provider to be achieved with the minimum of
disruption. In particular:
3.2.1 during any procurement process initiated by the Bank and in anticipation of the expiry or
termination of the Agreement and irrespective of the identity of any potential or actual
Replacement SERVICE PROVIDER, Service Provider shall comply with all reasonable requests
by the Bank to provide information relating to the operation of the Services, including but not
limited to, hardware and software used, inter-working, coordinating with other application
owners, access to and provision of all performance reports, agreed procedures, and any other
relevant information (including the configurations set up for the Bank and procedures used by
Service Provider for handling Data) reasonably necessary to achieve an effective transition,
provided that:

Page 153 of 232


RFP for procurement of Learning Management
System

3.2.1.1 Service Provider shall not be obliged to provide any information concerning the costs of delivery
of the Services or any part thereof or disclose the financial records of Service Provider to any
such party;
3.2.1.2 Service Provider shall not be obliged to disclose any such information for use by an actual or
potential Replacement SERVICE PROVIDER unless such a party shall have entered into a
confidentiality agreement; and
3.2.1.3 whilst supplying information as contemplated in this paragraph 3.2.1 Service Provider shall
provide sufficient information to comply with the reasonable requests of the Bank to enable an
effective tendering process to take place but shall not be required to provide information or
material which Service Provider may not disclose as a matter of law.
3.3 In assisting the Bank and/or the Replacement SERVICE PROVIDER to transfer the Services the
following commercial approach shall apply:
(1) where Service Provider does not have to utilise resources in addition to those normally
used to deliver the Services prior to termination or expiry, Service Provider shall make no
additional Charges. The Bank may reasonably request that support and materials already
in place to provide the Services may be redeployed onto work required to effect the
transition provided always that where the Bank agrees in advance that such redeployment
will prevent Service Provider from meeting any Service Levels, achieving any other key
dates or from providing any specific deliverables to the Bank, the Bank shall not be entitled
to claim any penalty or liquidated damages for the same.
(2) where any support and materials necessary to undertake the transfer work or any costs
incurred by Service Provider are additional to those in place as part of the proper provision
of the Services the Bank shall pay Service Provider for staff time agreed in advance at the
rates agreed between the parties and for materials and other costs at a reasonable price
which shall be agreed with the Bank.
3.4 If so required by the Bank, on the provision of no less than 15 (fifteen) days’ notice in writing,
Service Provider shall continue to provide the Services or an agreed part of the Services for a
period not exceeding 6 (Six) months beyond the date of termination or expiry of the Agreement.
In such event the Bank shall reimburse Service Provider for such elements of the Services as are
provided beyond the date of termination or expiry date of the Agreement on the basis that:
(1) Services for which rates already specified in the Agreement shall be provided on such
rates;
(2) materials and other costs, if any, will be charged at a reasonable price which shall be
mutually agreed between the Parties.
3.5 Service Provider shall provide to the Bank an analysis of the Services to the extent reasonably
necessary to enable the Bank to plan migration of such workload to a Replacement SERVICE
PROVIDER provided always that this analysis involves providing performance data already
delivered to the Bank as part of the performance monitoring regime.

Page 154 of 232


RFP for procurement of Learning Management
System

3.6 Service Provider shall provide such information as the Bank reasonably considers to be
necessary for the actual Replacement SERVICE PROVIDER, or any potential Replacement
SERVICE PROVIDER during any procurement process, to define the tasks which would need
to be undertaken in order to ensure the smooth transition of all or any part of the Services.
3.7 Service Provider shall make available such Key Personnel who have been involved in the
provision of the Services as the Parties may agree to assist the Bank or a Replacement SERVICE
PROVIDER (as appropriate) in the continued support of the Services beyond the expiry or
termination of the Agreement, in which event the Bank shall pay for the services of such Key
Personnel on a time and materials basis at the rates agreed between the parties.
3.8 Service Provider shall co-operate with the Bank during the handover to a Replacement
SERVICE PROVIDER and such co-operation shall extend to, but shall not be limited to, inter-
working, co-ordinating and access to and provision of all operational and performance
documents, reports, summaries produced by Service Provider for the Bank, including the
configurations set up for the Bank and any and all information to be provided by Service Provider
to the Bank under any other term of this Agreement necessary to achieve an effective transition
without disruption to routine operational requirements.

4. Replacement SERVICE PROVIDER


4.1 In the event that the Services are to be transferred to a Replacement SERVICE PROVIDER, the
Bank will use reasonable endeavors to ensure that the Replacement SERVICE PROVIDER co-
operates with Service Provider during the handover of the Services.

5. Subcontractors
5.1 Service Provider agrees to provide the Bank with details of the Subcontracts (if permitted by the
Bank) used in the provision of the Services. Service Provider will not restrain or hinder its
Subcontractors from entering into agreements with other prospective service providers for the
delivery of supplies or services to the Replacement SERVICE PROVIDER.

6. Transfer of Configuration Management Database


6.1 6 (six) months prior to expiry or within 2 (two) week of notice of termination of this Agreement
Service Provider shall deliver to the Bank a full, accurate and up to date cut of content from the
Configuration Management Database (or equivalent) used to store details of Configurable Items
and Configuration Management data for all products used to support delivery of the Services.

7. Transfer of Assets
7.1 6 (six) months prior to expiry or within 2 (two) week of notice of termination of the Agreement
Service Provider shall deliver to the Bank the Asset Register comprising:
(1) a list of all Assets eligible for transfer to the Bank; and

Page 155 of 232


RFP for procurement of Learning Management
System

(2) a list identifying all other Assets, (including human resources, skillset requirement and
know-how), that are ineligible for transfer but which are essential to the delivery of the
Services. The purpose of each component and the reason for ineligibility for transfer shall
be included in the list.
7.2 Within 1 (one) month of receiving the Asset Register as described above, the Bank shall notify
Service Provider of the Assets it requires to be transferred, (the “Required Assets”), and the Bank
and Service Provider shall provide for the approval of the Bank a draft plan for the Asset transfer.
7.3 In the event that the Required Assets are not located on Bank premises:
(1) Service Provider shall be responsible for the dismantling and packing of the Required
Assets and to ensure their availability for collection by the Bank or its authorised
representative by the date agreed for this;
(2) any charges levied by Service Provider for the Required Assets not owned by the Bank
shall be fair and reasonable in relation to the condition of the Assets and the then fair market
value; and
(3) for the avoidance of doubt, the Bank will not be responsible for the Assets.
7.4 Service Provider warrants that the Required Assets and any components thereof transferred to
the Bank or Replacement SERVICE PROVIDER benefit from any remaining manufacturer’s
warranty relating to the Required Assets at that time, always provided such warranties are
transferable to a third party.

8. Transfer of Software Licenses


8.1 6 (six) months prior to expiry or within 2 (two) week of notice of termination of this Agreement
Service Provider shall deliver to the Bank all licenses for Software used in the provision of
Services which were purchased by the Bank.
8.2 On notice of termination of this Agreement Service Provider shall, within 2 (two) week of such
notice, deliver to the Bank details of all licenses for SERVICE PROVIDER Software and
SERVICE PROVIDER Third Party Software used in the provision of the Services, including the
terms of the software license agreements. For the avoidance of doubt, the Bank shall be
responsible for any costs incurred in the transfer of licenses from Service Provider to the Bank
or to a Replacement SERVICE PROVIDER provided such costs shall be agreed in advance.
Where transfer is not possible or not economically viable the Parties will discuss alternative
licensing arrangements.
8.3 Within 1 (one)month of receiving the software license information as described above, the Bank
shall notify Service Provider of the licenses it wishes to be transferred, and Service Provider
shall provide for the approval of the Bank a draft plan for license transfer, covering novation of
agreements with relevant software providers, as required. Where novation is not possible or not
economically viable the Parties will discuss alternative licensing arrangements.

Page 156 of 232


RFP for procurement of Learning Management
System

9. Transfer of Software
9.1 Wherein State Bank of India is the owner of the software, 6 (six) months prior to expiry or within
2 (two) weeks of notice of termination of this Agreement Service Provider shall deliver, or
otherwise certify in writing that it has delivered, to the Bank a full, accurate and up to date
version of the Software including up to date versions and latest releases of, but not limited to:
(a) Source Code (with source tree) and associated documentation;
(b) application architecture documentation and diagrams;
(c) release documentation for functional, technical and interface specifications;
(d) a plan with allocated resources to handover code and design to new development and test
teams (this should include architectural design and code ‘walk-through’);
(e) Source Code and supporting documentation for testing framework tool and performance
tool;
(f) test director database;
(g) test results for the latest full runs of the testing framework tool and performance tool on
each environment; and

10. Transfer of Documentation


10.1 6 (six) months prior to expiry or within 2 (two) weeks of notice of termination of this Agreement
Service Provider shall deliver to the Bank a full, accurate and up-to date set of Documentation
that relates to any element of the Services as defined in Annexure A.

11. Transfer of Service Management Process


11.1 6 (six) months prior to expiry or within 2 (two) weeks of notice of termination of this Agreement
Service Provider shall deliver to the Bank:

(a) a plan for the handover and continuous delivery of the Service Desk function and allocate
the required resources;
(b) full and up to date, both historical and outstanding Service Desk ticket data including, but
not limited to:
(1) Incidents;
(2) Problems;
(3) Service Requests;
(4) Changes;
(5) Service Level reporting data;
(c) a list and topology of all tools and products associated with the provision of the Software
and the Services;
(d) full content of software builds and server configuration details for software deployment and
management; and
(e) monitoring software tools and configuration.

Page 157 of 232


RFP for procurement of Learning Management
System

12. Transfer of Knowledge Base


12.1 6 (six) months prior to expiry or within 2 (two) week of notice of termination of this Agreement
Service Provider shall deliver to the Bank a full, accurate and up to date cut of content from the
knowledge base (or equivalent) used to troubleshoot issues arising with the Services but shall
not be required to provide information or material which Service Provider may not disclose as
a matter of law.

13. Transfer of Service Structure


13.1 6 (six) months prior to expiry or within 2 (two) weeks’ notice of termination of this Agreement
Service Provider shall deliver to the Bank a full, accurate and up to date version of the
following, as a minimum:
(a) archive of records including:
(1) Questionnaire Packs;
(2) project plans and sign off;
(3) Acceptance Criteria; and
(4) Post Implementation Reviews.
(b) programme plan of all work in progress currently accepted and those in progress;
(c) latest version of documentation set;
(d) Source Code (if appropriate) and all documentation to support the services build tool with
any documentation for ‘workarounds’ that have taken place;
(e) Source Code, application architecture documentation/diagram and other documentation;
(f) Source Code, application architecture documentation/diagram and other documentation for
Helpdesk; and
(g) project plan and resource required to hand Service Structure capability over to the new
team.

14. Transfer of Data


14.1 In the event of expiry or termination of this Agreement Service Provider shall cease to use the
Bank’s Data and, at the request of the Bank, shall destroy all such copies of the Bank’s Data
then in its possession to the extent specified by the Bank.
14.2 Except where, pursuant to paragraph 14.1 above, the Bank has instructed Service Provider to
destroy such Bank’s Data as is held and controlled by Service Provider, 1 (one) months prior
to expiry or within 1 (one) month of termination of this Agreement, Service Provider shall
deliver to the Bank:
(1) An inventory of the Bank’s Data held and controlled by Service Provider, plus any other
data required to support the Services; and/or
(2) a draft plan for the transfer of the Bank’s Data held and controlled by Service Provider
and any other available data to be transferred.

Page 158 of 232


RFP for procurement of Learning Management
System

15. Training Services on Transfer


15.1 Service Provider shall comply with the Bank’s reasonable request to assist in the identification
and specification of any training requirements following expiry or termination. The purpose of
such training shall be to enable the Bank or a Replacement SERVICE PROVIDER to adopt,
integrate and utilize the Data and Assets transferred and to deliver an equivalent service to that
previously provided by Service Provider.
15.2 The provision of any training services and/or deliverables and the charges for such services
and/or deliverables shall be agreed between the parties.
15.3 Subject to paragraph 15.2 above, Service Provider shall produce for the Bank’s consideration
and approval 6 (six) months prior to expiry or within 10 (ten) working days of issue of notice
of termination:
(1) A training strategy, which details the required courses and their objectives;
(2) Training materials (including assessment criteria); and
(3) a training plan of the required training events.
15.4 Subject to paragraph 15.2 above, Service Provider shall schedule all necessary resources to
fulfil the training plan, and deliver the training as agreed with the Bank.
15.5 SERVICE PROVIDER shall provide training courses on operation of licensed /open source
software product at Bank’s ________Premises, at such times, during business hours as Bank
may reasonably request. Each training course will last for ________hours. Bank may enroll up
to ________ of its staff or ________ employees of the new/replacement service provider in any
training course, and Service Provider shall provide a hard copy of the Product (licensed or open
sourced) standard training manual for each enrollee. Each training course will be taught by a
technical expert with no fewer than _______ years of experience in operating _______software
system. SERVICE PROVIDER shall provide the _______ training without any additional
charges.

16. Transfer Support Activities


16.1 6 (six) months prior to expiry or within 10 (ten) Working Days of issue of notice of
termination, Service Provider shall assist the Bank or Replacement SERVICE PROVIDER to
develop a viable exit transition plan which shall contain details of the tasks and responsibilities
required to enable the transition from the Services provided under this Agreement to the
Replacement SERVICE PROVIDER or the Bank, as the case may be.
16.2 The exit transition plan shall be in a format to be agreed with the Bank and shall include, but
not be limited to:
(1) a timetable of events;
(2) resources;
(3) assumptions;
(4) activities;

Page 159 of 232


RFP for procurement of Learning Management
System

(5) responsibilities; and


(6) risks.
16.3 Service Provider shall supply to the Bank or a Replacement SERVICE PROVIDER specific
materials including but not limited to:
(a) Change Request log;
(b) entire back-up history; and
(c) dump of database contents including the Asset Register, problem management system
and operating procedures. For the avoidance of doubt this shall not include proprietary
software tools of Service Provider which are used for project management purposes
generally within Service Provider’s business.
16.4 Service Provider shall supply to the Bank or a Replacement SERVICE PROVIDER proposals
for the retention of Key Personnel for the duration of the transition period.
16.5 On the date of expiry Service Provider shall provide to the Bank refreshed versions of the
materials required under paragraph 16.3 above which shall reflect the position as at the date
of expiry.
16.6 Service Provider shall provide to the Bank or to any Replacement SERVICE PROVIDER
within 14 (fourteen) Working Days of expiry or termination a full and complete copy of the
Incident log book and all associated documentation recorded by Service Provider till the date
of expiry or termination.
16.7 Service Provider shall provide for the approval of the Bank a draft plan to transfer or complete
work-in-progress at the date of expiry or termination.

17. Use of Bank Premises


17.1 Prior to expiry or on notice of termination of this Agreement, Service Provider shall provide
for the approval of the Bank a draft plan specifying the necessary steps to be taken by both
Service Provider and the Bank to ensure that the Bank’s Premises are vacated by Service
Provider.
17.2 Unless otherwise agreed, Service Provider shall be responsible for all costs associated with
Service Provider’s vacation of the Bank’s Premises, removal of equipment and furnishings,
redeployment of SERVICE PROVIDER Personnel, termination of arrangements with
Subcontractors and service contractors and restoration of the Bank Premises to their original
condition (subject to a reasonable allowance for wear and tear).

Page 160 of 232


RFP for procurement of Learning Management
System

ANNEXURE H

Data Processing Agreement

This Data Processing Agreement ("Agreement") forms part of the Contract for Services ("Principal
Agreement") dated ______________between:

(i) State Bank of India ("Controller")

And

(ii) M/s. _______________________________("Data Processor")

WHEREAS:

(A) State Bank of India (hereafter referred to as “SBI”) acts as a Data Controller.

(B) SBI wishes to contract certain Services (provided in Schedule 1), which imply the processing of
personal data (provided in Schedule 2), to the Data Processor.

The Parties seek to implement a data processing agreement that complies with the requirements of the
current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
(General Data Protection Regulation) and any other data protection and privacy laws applicable to the
Services.

(C) The Parties wish to lay down their rights and obligations (Processor obligations in Clause 3).

IT IS AGREED AS FOLLOWS:

1. Definitions and Interpretation:

1.1 Unless otherwise defined herein, terms and expressions used in this Agreement shall have the following
meaning:

1.1.1 "Agreement" means this Data Processing Agreement and all schedules.

1.1.2 “Controller” has the meaning given to “data controller” in the UK Data Protection Act 1998 and
“controller” in the General Data Protection Regulation (as applicable).

1.1.3 “Client” means a customer of State Bank of India.


1.1.4 “Data Protection Legislation” means as applicable, the UK Data Protection Act 1998, Directive
95/46/EC of the European Parliament and any laws or regulations implementing it, the Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data (General Data
Protection Regulation) and any equivalent or replacement law in the UK and any other data protection and
privacy laws applicable to the Services.

Page 161 of 232


RFP for procurement of Learning Management
System

1.1.5 “Data subject” has the meaning given to it in the Data Protection Legislation.

1.1.6 "Personal Data" has the meaning given to it in the Data Protection Legislation and relates only to
Personal Data processed by a Contracted Processor on behalf of SBI pursuant to or in connection with the
Principal Agreement in relation to the Services provided.

1.1.7 "Processor" means a data processor providing services to SBI.

1.1.8 “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on
behalf of SBI in connection with the Agreement.

1.1.9 "Data Protection Laws" means EU Data Protection Laws and, to the extent
applicable, the data protection or privacy laws of any other country.

1.1.10 "EEA" means the European Economic Area.

1.1.11 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation
of each Member State and as amended, replaced or superseded from time to time, including by the GDPR
and laws implementing or supplementing the GDPR.

1.1.12 "GDPR" means EU General Data Protection Regulation 2016/679.

1.1.13 "Data Transfer" means:

1.1.13.1 a transfer of Personal Data from SBI to a Processor; or

1.1.13.2 an onward transfer of Personal Data from a Processor to a Subcontracted Processor, or between
two establishments of a Processor, in each case, where such transfer would be prohibited by Data Protection
Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of
Data Protection Laws).

1.1.14 "Services" means the services to be performed by the Processor described in the Principal Agreement
(as provided in Schedule 1).

1.1.15 “Supervisory authority” has the meaning given to it in the Data Protection
Legislation.

1.1.16 “Personal data breach” has the meaning given to it in the Data Protection
Legislation.

1.1.17 “Personnel” means the personnel of the Processor, Subcontractors and Sub
processors who provide the applicable Services; and

1.1.18 “Third country” has the meaning given to it in the Data Protection Legislation.

2. Processing of Personal Data:

2.1 In the course of providing Services to State Bank of India, the Processor may process Personal Data on
behalf of State Bank of India.

Page 162 of 232


RFP for procurement of Learning Management
System

2.2 Processor shall:

2.2.1 comply with all applicable Data Protection Laws in the Processing of Personal Data; and

2.2.2 not Process Personal Data other than on the relevant documented instructions of SBI.

3. PROCESSOR OBLIGATIONS:

3.1 Processor Personnel:

Processor shall take reasonable steps to ensure the reliability of any employee, agent or sub-processor who
may have access to Personal Data, ensuring in each case that access is strictly limited to those individuals
who need to know / access the relevant Personal Data, as strictly necessary for the purposes of the Principal
Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Processor,
ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory
obligations of confidentiality.

3.1.1. The Processor shall process Personal Data only on the documented instructions from State Bank of
India from time to time. State Bank of India shall notify the Processor of any amendments to existing
instructions or additional instructions in relation to the processing of Personal Data in writing and Processor
shall promptly comply with such instructions.

3.1.2. Notwithstanding clause 3.1, the Processor (and its Personnel) may process the Personal Data if it is
required to do so by European Union law, Member State law or to satisfy any other legal obligations to
which it is subject. In such circumstance, the Processor shall notify State Bank of India of that requirement
before it processes the Personal Data, unless the applicable law prohibits it from doing so.

3.1.3. The Processor shall immediately notify State Bank of India if, in Processor’s
opinion, State Bank of India’s documented data processing instructions breach the Data Protection
Legislation. If and to the extent the Processor is unable to comply with any instruction received from State
Bank of India, it shall promptly notify State Bank of India accordingly.

3.1.4. The purpose of the Processor processing Personal Data is the performance of the Services pursuant
to the Principal Agreement.

3.2 Security:

3.2.1 Taking into account the nature, scope, context and purposes of Processing
(provided in Schedule 2) as well as the risk of varying likelihood and severity for the rights and freedoms
of natural persons, Processor shall in relation to Personal Data implement appropriate technical and
organizational measures (Processor obligations in Schedule 3) to ensure a level of security appropriate to
that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

3.2.2 In assessing the appropriate level of security, Processor shall take into account, in particular, risks
related to processing of Personal Data.

3.2.3 The Processor shall use appropriate technical and organisational measures to prevent the
unauthorised or unlawful processing of Personal Data and protect against accidental loss or destruction of,
or damage to, any Personal Data during processing activities. It shall implement and maintain the security
safeguards and standards based on the IS policy of State Bank of India as updated and notified to the

Page 163 of 232


RFP for procurement of Learning Management
System

Processor by State Bank of India from time to time. The Processor will not decrease the overall level of
security safeguards and standards during the term of this Agreement without State Bank of India’s prior
consent.

3.3 Sub-Processing:

3.3.1 The Processor shall not appoint (or disclose any Personal Data to) any Sub- Processors without prior
written authorisation from State Bank of India.

3.3.2 The Processor shall include in any contract with its Sub processors who will process Personal Data on
State Bank of India’s behalf, obligations on such Sub processors which are no less onerous than those
obligations imposed upon the Processor in this Agreement relating to Personal Data. The Processor shall be
liable for the acts and omissions of its Sub processors to the same extent to which the Processor would be
liable if performing the services of each Sub processor directly under the terms of this Agreement.

3.4 Data Subject Rights:

Data subjects (SBI NRI customers) whose Personal Data is processed pursuant to this Agreement have the
right to request access to and the correction, deletion or blocking of such Personal Data under Data
Protection Legislation. Such requests shall be addressed to and be considered by State Bank of India
responsible for ensuring such requests are handled in accordance with Data Protection Legislation.

3.4.1Taking into account the nature of the Processing, Processor shall assist SBI by implementing
appropriate technical and organisational measures (Processor obligations in Schedule 3), insofar as this is
possible, for the fulfilment of SBI’s obligations, as reasonably understood by SBI, to respond to requests to
exercise Data Subject rights under the Data Protection Laws.

3.4.2 In case Data Subject Requests are received by Processor, then the Processor shall:

3.4.2.1 promptly notify SBI if it receives a request from a Data Subject under
any Data Protection Law in respect of Personal Data; and

3.4.2.2 ensure that it does not respond to that request except on the
documented instructions of SBI or as required by Applicable Laws to
which the Processor is subject, in which case Processor shall to the
extent permitted by Applicable Laws

3.4.2.3 inform SBI of that legal requirement before the Processor responds to
the request.

3.5 Personal Data Breach:

3.5.1 Processor shall notify SBI without undue delay upon Processor becoming aware of a Personal Data
Breach affecting Personal Data, providing SBI with sufficient information to allow SBI to meet any
obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

3.5.2 Processor shall co-operate with SBI and take reasonable commercial steps as are directed by SBI to
assist in the investigation, mitigation and remediation of each such Personal Data Breach.

Page 164 of 232


RFP for procurement of Learning Management
System

3.6 Data Protection Impact Assessment and Prior Consultation:

Processor shall provide reasonable assistance to SBI with any data protection impact assessments, and prior
consultations with Supervising Authorities or other competent data privacy authorities, which SBI
reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other
Data Protection Law, in each case solely in relation to Processing of Personal Data by and taking into
account the nature of the Processing and information available to, the Processors.

3.7 Deletion or return of Personal Data:


3.7.1 Subject to this section 3.7 Processor shall, promptly and in any event within 10 business days of the
date of cessation of any Services involving the Processing of Personal Data (the "Cessation Date"), delete
all copies of those Personal Data.

3.7.2 Processor shall provide written certification to SBI that it has fully complied with this section 3.7
within 10 business days of the Cessation Date.

3.8 Audit Rights:

The Processor shall make available to State Bank of India and any supervisory authority or their
representatives the information necessary to demonstrate its compliance with this Agreement and allow for
and contribute to audits and inspections by allowing State Bank of India, its Client, a supervisory authority
or their representatives to conduct an audit or inspection of that part of the Processor’s business which is
relevant to the Services [on at least an annual basis (or more frequently when mandated by a relevant
supervisory authority or to comply with the Data Protection Legislation) and] on reasonable notice, in
relation to the Processing of Personal Data by the Processor.

3.9 Data Transfer:

The Processor may not transfer or authorize the transfer of Data to countries outside the EU/ India and/or
the European Economic Area (EEA) without the prior written consent of SBI. If personal data processed
under this Agreement is transferred from a country within the European Economic Area to a country outside
the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To
achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses /
EU-US Privacy Shield for the transfer of personal data.

3.10 Records:

The Processor shall maintain written records of its data processing activities pursuant to providing the
Services to State Bank of India in accordance with Data Protection Legislation.

3.11 Notify:

The Processor shall immediately and fully notify State Bank of India in writing of any communications the
Processor (or any of its Sub processors) receives from third parties in connection with the processing of the
Personal Data, including (without limitation) subject access requests or other requests, notices or other
communications from individuals, or their representatives, or from the European Data Protection Board, the
UK’s Information Commissioner’s Office (in the case of the United Kingdom) and/or any other supervisory
authority or data protection authority or any other regulator (including a financial regulator) or court.

Page 165 of 232


RFP for procurement of Learning Management
System

3.12 Agreement Termination:

Upon expiry or termination of this Agreement or the Services for any reason or State Bank of India’s earlier
request, the Procesor shall: (i) return to State Bank of India; and (ii) delete from all computer systems and
other data storage systems, all Personal Data, provided that the Processor shall not be required to return or
delete all or part of the Personal Data that it is legally permitted to retain. The Processor shall confirm to
State Bank of India that it has complied with its obligation to delete Personal Data under this clause.

4. STATE BANK OF INDIA’S OBLIGATIONS:

State Bank of India shall:

4.1 in its use of the Services, process the Personal Data in accordance with the
requirements of the Data Protection Legislation.

4.2 use its reasonable endeavours to promptly notify the Processor if it becomes aware of any breaches or
of other irregularities with the requirements of the Data Protection Legislation in respect of the Personal
Data processed by the Processor.

5. General Terms:

5.1 Confidentiality:

Each Party must keep this Agreement and information it receives about the other Party and its business in
connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that
Confidential Information without the prior written consent of the other Party except to the extent that:

(a) disclosure is required by law.

(b) the relevant information is already in the public domain.

5.2 Notices:

All notices and communications given under this Agreement must be in writing and will be delivered
personally, sent by post or sent by email to the address or email address set out in the heading of this
Agreement at such other address as notified from time to time by the Parties changing address.

5.3 Governing Law and Jurisdiction:

5.3.1This Agreement is governed by the laws of INDIA.

5.3.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve
amicably, will be submitted to the exclusive jurisdiction of the courts of MUMBAI.

IN WITNESS WHEREOF, this Agreement is entered into and becomes a binding part of the Principal
Agreement with effect from the date first set out below.

For State Bank of India


Signature ______________________________
Name _________________________________

Page 166 of 232


RFP for procurement of Learning Management
System

Title __________________________________
Date Signed ____________________________

For Processor M/s


Signature ______________________________
Name _________________________________
Title __________________________________
Date Signed ____________________________

Page 167 of 232


RFP for procurement of Learning Management
System

SCHEDULE 1

1.1 Services

<<Insert a description of the Services provided by the Data Processor (under the Principal Service
Agreement, where relevant)>>.

SCHEDULE 2

Personal Data

Category of Category of Nature of Purpose(s) of Duration of


Personal Data Subject Processing Processing Processing
Data Carried Out

SCHEDULE 3

Technical and Organisational Data Protection Measures

1. The Processor shall ensure that, in respect of all Personal Data it receives from or processes on behalf of
SBI, it maintains security measures to a standard appropriate to:

1.1. the nature of the Personal Data; and

1.2. Safeguard from the harm that might result from unlawful or unauthorised processing or accidental loss,
damage, or destruction of the Personal Data.

2. In particular, the Processor shall:

2.1. have in place, and comply with, a security policy which:

2.1.1. defines security needs based on a risk assessment.

2.1.2. allocates responsibility for implementing the policy to a specific individual (such as the Processor’s
Data Protection Officer) or personnel and is provided to SBI on or before the commencement of this
Agreement.

2.1.3. ensure that appropriate security safeguards and virus protection are in place to protect the hardware
and software which is used in processing the Personal Data in accordance with best industry practice.

2.1.4. prevent unauthorised access to the Personal Data.

2.1.5. protect the Personal Data using pseudonymisation and encryption.

Page 168 of 232


RFP for procurement of Learning Management
System

2.1.6. ensure the confidentiality, integrity and availability of the systems and services in regard to the
processing of Personal Data.

2.1.7. ensure the fast availability of and access to Personal Data in the event of a physical or technical
incident.

2.1.8. have in place a procedure for periodically reviewing and evaluating the effectiveness of the technical
and organisational measures taken to ensure the safety of the processing of Personal Data.

2.1.9. ensure that its storage of Personal Data conforms with best industry practice such that the media on
which Personal Data is recorded (including paper records and records stored electronically) are stored in
secure locations and access by personnel to Personal Data is strictly monitored and controlled.

2.1.10. have secure methods in place for the transfer of Personal Data whether in
physical form (for example, by using couriers rather than post) or electronic form (for example, by using
encryption).

2.1.11. password protect all computers and other devices on which Personal Data is stored, ensuring that all
passwords are secure, and that passwords are not shared under any circumstances.

2.1.12. not allow the storage of the Personal Data on any mobile devices such as laptops or tablets unless
such devices are kept on its premises at all times.

2.1.13. take reasonable steps to ensure the reliability of personnel who have access to the Personal Data.

2.1.14. have in place methods for detecting and dealing with breaches of security
(including loss, damage, or destruction of Personal Data) including:

2.1.14.1. having a proper procedure in place for investigating and remedying breaches of the GDPR; and

2.1.14.2. notifying SBI as soon as any such security breach occurs.

2.1.15. have a secure procedure for backing up all Personal Data and storing back-ups separately from
originals; and

2.1.16. adopt such organisational, operational, and technological processes and


procedures as are required to comply with the requirements of ISO/IEC 27001:2013 and SBI’s Information
Security Policy as appropriate.

At the time of signing this Agreement, the Processor has the following technical and organizational
measures in place: (To be vetted by SBI)

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
1 Whether the Processor has Information security policy in place
with periodic reviews?
2 a. Business Continuity Management

Page 169 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
b. Backup management
c. Desktop/system/server/network device
hardening with baseline controls
Whether the d. Patch Management
Processor have e. Port Management Media Movement
operational
processes with f. Log Management
periodic review,
including but not g. Personnel Security
limited to: h. Physical Security
i. Internal security assessment processes

3 Whether a proper documented Change Management process has


been instituted by the Processor?
4 Whether the Processor has a documented policy and process of
Incident management /response?

a. Firewall
b. WAF
Whether the Processor’s c. IDS/IPS
environment is suitably d. AD
5
protected from external e. AV
threats by way of: f. NAC
g. DLP
h. Any other technology
6 Whether rules are implemented on Firewalls of the Processor
environment as per an approved process?
7 Whether firewall rule position is regularly monitored for presence
of any vulnerable open port or any-any rule?
8 Whether proper log generation, storage, management and analysis
happens for the Processor application?

a. Web
Is the Processor b. Application
maintaining all logs for
9 c. DB
forensic readiness related
to: d. Configuration
e. User access
10 Whether the Processor maintains logs for privileged access to their
critical systems?
11 Whether privilege access to the Processor environment is
permitted from internet?
12 Whether the Processor has captive SOC or Managed Service SOC
for monitoring their systems and operations?

Page 170 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
13 Whether the Processor environment is segregated into militarized
zone (MZ) and demilitarized zone (DMZ) separated by Firewall,
where any access from an external entity is permitted through
DMZ only?

a. Production
Whether Processor has
deployed secure b. Disaster recovery
14
environments for their c. Testing environments
applications for:

a. Web
b. App
Whether the Processor
follows the best practices c. DB
15 of creation of separate
d. Critical applications
network zones (VLAN
Segments) for: e. Non-Critical applications
f. UAT
16 Whether the Processor configures access to officials based on a
documented and approved Role Conflict Matrix?
a. Internal servers
Whether Internet access is
17 b. Database servers
permitted on:
c. Any other servers
18 Whether the Processor has deployed a dedicated information
security team independent of IT, reporting directly to MD/CIO for
conducting security related functions & operations?
19 Whether CERT-IN Empaneled ISSPs are engaged by the third
party for ensuring security posture of their application?
20 Whether quarterly vulnerability assessment and penetration
testing is being done by the Processor for their infrastructure?
21 Whether suitable Security Certifications (ISO, PCI-DSS etc.) of
the security posture at vendor environment are in place?
22 Whether the Processor has deployed any open source or free
software in their environment?
If yes, whether security review has been done for such software?

23 Whether the data shared with the Processor is owned by SBI (SBI
= Information Owner)?
24 Whether the data shared with the Processor is of sensitive nature?
25 Whether the requirement and the data fields to be stored by the
Processor is approved by Information Owner?
26 Where shared, whether the bare minimum data only is being
shared? (Please document the NEED for sharing every data field)
27 Whether the data to be shared with Processor will be encrypted as
per industry best standards with robust key management?
28 Whether the Processor is required to store the data owned by State
Bank?

Page 171 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
29 Whether any data which is permitted to be stored by the Processor
will be completely erased after processing by the Processor at their
end?
30 Whether the data shared with the Processor is stored with
encryption (Data at rest encryption)?
31 Whether the data storage technology (Servers /Public Cloud/
Tapes etc.) has been appropriately reviewed by IT AO?
32 Whether the Processor is required to share SBI specific data to any
other party for any purpose?
33 Whether a system of obtaining approval by the Processor from the
IT Application Owner is put in place before carrying out any
changes?
34 Whether Processor is permitted to take any crucial decisions on
behalf of SBI without written approval from IT Application
Owner?
If not, are such instances being monitored? IT Application Owner
to describe the system of monitoring such instances.

35 Whether Application Owner has verified that the Processor has


implemented efficient and sufficient preventive controls to protect
SBI’s interests against any damage under section 43 of IT Act?
36 Whether the selection criteria for awarding the work to Processor
vendor is based on the quality of service?
a. Right to Audit to SBI with scope
defined
b. Adherence by the vendor to SBI
Information Security
requirements including regular
reviews,
change management,
port management,
patch management,
backup management,
Whether the access management,
SLA/agreement between log management etc.
37
SBI and the Processor
c. Right to recall data by SBI.
contains these clauses:
d. Regulatory and Statutory
compliance at vendor site.
Special emphasis on section 43A
of IT Act 2000 apart from
others.
e. Availability of Compensation
clause in case of any data breach
or incident resulting into any
type of loss to SBI, due to
vendor negligence.

Page 172 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
f. No Sharing of data with any
third party without explicit
written permission from
competent Information Owner
of the Bank including the Law
Enforcement Agencies.

Page 173 of 232


RFP for procurement of Learning Management
System

Appendix- L

NON-DISCLOSURE AGREEMENT

THIS RECIPROCAL NON-DISCLOSURE AGREEMENT (the “Agreement”) is made at ___________


between:

State Bank of India constituted under the State Bank of India Act, 1955 having its Corporate Centre and
Central Office at State Bank Bhavan, Madame Cama Road, Nariman Point, Mumbai-21 and its Global IT
Centre at Sector-11, CBD Belapur, Navi Mumbai- 400614 through its _________________ Department
(hereinafter referred to as “Bank” which expression includes its successors and assigns) of the ONE PART;

And

____________________________________ a private/public limited company/LLP/Firm <strike off


whichever is not applicable> incorporated under the provisions of the Companies Act, 1956/ Limited
Liability Partnership Act 2008/ Indian Partnership Act 1932 <strike off whichever is not applicable>, having
its registered office at _________________ (hereinafter referred to as “_________” which expression shall
unless repugnant to the subject or context thereof, shall mean and include its successors and permitted
assigns) of the OTHER PART;

And Whereas

1. _________________________________________ is carrying on business of providing


_________________________________, has agreed to __________________________ for the
Bank and other related tasks.

2. For purposes of advancing their business relationship, the parties would need to disclose certain
valuable confidential information to each other (the Party receiving the information being referred
to as the “Receiving Party” and the Party disclosing the information being referred to as the
“Disclosing Party. Therefore, in consideration of covenants and agreements contained herein for
the mutual disclosure of confidential information to each other, and intending to be legally bound,
the parties agree to terms and conditions as set out hereunder.

NOW IT IS HEREBY AGREED BY AND BETWEEN THE PARTIES AS UNDER

1. Confidential Information and Confidential Materials:

(a) “Confidential Information” means non-public information that Disclosing Party designates as being
confidential or which, under the circumstances surrounding disclosure ought to be treated as
confidential. “Confidential Information” includes, without limitation, information relating to
developed, installed or purchased Disclosing Party software or hardware products, the information
relating to general architecture of Disclosing Party’s network, information relating to nature and
content of data stored within network or in any other storage media, Disclosing Party’s business
policies, practices, methodology, policy design delivery, and information received from others that
Disclosing Party is obligated to treat as confidential. Confidential Information disclosed to
Receiving Party by any Disclosing Party Subsidiary and/ or agents is covered by this agreement

Page 174 of 232


RFP for procurement of Learning Management
System

(b) Confidential Information shall not include any information that: (i) is or subsequently becomes
publicly available without Receiving Party’s breach of any obligation owed to Disclosing party; (ii)
becomes known to Receiving Party free from any confidentiality obligations prior to Disclosing
Party’s disclosure of such information to Receiving Party; (iii) became known to Receiving Party
from a source other than Disclosing Party other than by the breach of an obligation of confidentiality
owed to Disclosing Party and without confidentiality restrictions on use and disclosure; or (iv) is
independently developed by Receiving Party.

(c) “Confidential Materials” shall mean all tangible materials containing Confidential Information,
including without limitation written or printed documents and computer disks or tapes, whether
machine or user readable.

2. Restrictions

(a) Each party shall treat as confidential the Contract and any and all information (“confidential
information”) obtained from the other pursuant to the Contract and shall not divulge such
information to any person (except to such party’s “Covered Person” which term shall mean
employees, contingent workers and professional advisers of a party who need to know the same)
without the other party’s written consent provided that this clause shall not extend to information
which was rightfully in the possession of such party prior to the commencement of the negotiations
leading to the Contract, which is already public knowledge or becomes so at a future date (otherwise
than as a result of a breach of this clause). Receiving Party will have executed or shall execute
appropriate written agreements with Covered Person, sufficient to enable it to comply with all the
provisions of this Agreement. If the Service Provider appoints any Sub-Contractor (if allowed) then
the Service Provider may disclose confidential information to such Sub-Contractor subject to such
Sub Contractor giving the Bank an undertaking in similar terms to the provisions of this clause. Any
breach of this Agreement by Receiving Party’s Covered Person or Sub-Contractor shall also be
constructed a breach of this Agreement by Receiving Party.

(b) Receiving Party may disclose Confidential Information in accordance with judicial or other
governmental order to the intended recipients (as detailed in this clause), provided Receiving Party
shall give Disclosing Party reasonable notice (provided not restricted by applicable laws) prior to
such disclosure and shall comply with any applicable protective order or equivalent. The intended
recipients for this purpose are:

i. the statutory auditors of the either party and

ii. government or regulatory authorities regulating the affairs of the parties and inspectors and
supervisory bodies thereof

(c) Confidential Information and Confidential Material may be disclosed, reproduced, summarized or
distributed only in pursuance of Receiving Party’s business relationship with Disclosing Party, and
only as otherwise provided hereunder. Receiving Party agrees to segregate all such Confidential
Material from the confidential material of others in order to prevent mixing.

3. Rights and Remedies

a. Receiving Party shall notify Disclosing Party immediately upon discovery of any unauthorized used
or disclosure of Confidential Information and/ or Confidential Materials, or any other breach of this
Agreement by Receiving Party, and will cooperate with Disclosing Party in every reasonable way
to help Disclosing Party regain possession of the Confidential Information and/ or Confidential
Materials and prevent its further unauthorized use.

Page 175 of 232


RFP for procurement of Learning Management
System

b. Receiving Party shall return all originals, copies, reproductions and summaries of Confidential
Information or Confidential Materials at Disclosing Party’s request, or at Disclosing Party’s option,
certify destruction of the same.

c. Receiving Party acknowledges that monetary damages may not be the only and / or a sufficient
remedy for unauthorized disclosure of Confidential Information and that disclosing party shall be
entitled, without waiving any other rights or remedies (including but not limited to as listed below),
to injunctive or equitable relief as may be deemed proper by a Court of competent jurisdiction.

i. Suspension of access privileges

ii. Change of personnel assigned to the job

iii. Termination of contract

d. Disclosing Party may visit Receiving Party’s premises, with reasonable prior notice and during
normal business hours, to review Receiving Party’s compliance with the term of this Agreement.

4. Miscellaneous

(a) All Confidential Information and Confidential Materials are and shall remain the sole and of
Disclosing Party. By disclosing information to Receiving Party, Disclosing Party does not grant any
expressed or implied right to Receiving Party to disclose information under the Disclosing Party’s
patents, copyrights, trademarks, or trade secret information.

(b) Confidential Information made available is provided “As Is,” and disclosing party disclaims all
representations, conditions and warranties, express or implied, including, without limitation,
representations, conditions or warranties of accuracy, completeness, performance, fitness for a
particular purpose, satisfactory quality and merchantability provided same shall not be construed to
include fraud or wilful default of disclosing party.

(c) Neither party grants to the other party any license, by implication or otherwise, to use the
Confidential Information, other than for the limited purpose of evaluating or advancing a business
relationship between the parties, or any license rights whatsoever in any patent, copyright or other
intellectual property rights pertaining to the Confidential Information.

(d) The terms of Confidentiality under this Agreement shall not be construed to limit either party’s right
to independently develop or acquire product without use of the other party’s Confidential
Information. Further, either party shall be free to use for any purpose the residuals resulting from
access to or work with such Confidential Information, provided that such party shall maintain the
confidentiality of the Confidential Information as provided herein. The term “residuals” means
information in non-tangible form, which may be retained by person who has had access to the
Confidential Information, including ideas, concepts, know-how or techniques contained therein.
Neither party shall have any obligation to limit or restrict the assignment of such persons or to pay
royalties for any work resulting from the use of residuals. However, the foregoing shall not be
deemed to grant to either party a license under the other party’s copyrights or patents.

(e) This Agreement constitutes the entire agreement between the parties with respect to the subject
matter hereof. It shall not be modified except by a written agreement dated subsequently to the date
of this Agreement and signed by both parties. None of the provisions of this Agreement shall be
deemed to have been waived by any act or acquiescence on the part of Disclosing Party, its agents,
or employees, except by an instrument in writing signed by an authorized officer of Disclosing
Party. No waiver of any provision of this Agreement shall constitute a waiver of any other
provision(s) or of the same provision on another occasion.

Page 176 of 232


RFP for procurement of Learning Management
System

(f) In case of any dispute, both the parties agree for neutral third party arbitration. Such arbitrator will
be jointly selected by the two parties and he/she may be an auditor, lawyer, consultant or any other
person of trust. The said proceedings shall be conducted in English language at Mumbai and in
accordance with the provisions of Indian Arbitration and Conciliation Act 1996 or any Amendments
or Re-enactments thereto. Nothing in this clause prevents a party from having recourse to a court of
competent jurisdiction for the sole purpose of seeking a preliminary injunction or any other
provisional judicial relief it considers necessary to avoid irreparable damage. This Agreement shall
be governed by and construed in accordance with the laws of Republic of India. Each Party hereby
irrevocably submits to the exclusive jurisdiction of the courts of Mumbai.

(g) Subject to the limitations set forth in this Agreement, this Agreement will inure to the benefit of and
be binding upon the parties, their successors and assigns.

(h) If any provision of this Agreement shall be held by a court of competent jurisdiction to be illegal,
invalid or unenforceable, the remaining provisions shall remain in full force and effect.

(i) The Agreement shall be effective from _______ (“Effective Date”) and shall be valid for a period
of ________ year(s) thereafter (the “Agreement Term”). The foregoing obligations as to
confidentiality shall survive the term of this Agreement and for a period of five (5) years thereafter
provided confidentiality obligations with respect to individually identifiable information,
customer’s data of Parties or software in human-readable form (e.g., source code) shall survive in
perpetuity.

5. Suggestions and Feedback

Either party from time to time may provide suggestions, comments or other feedback to the other
party with respect to Confidential Information provided originally by the other party (hereinafter
“feedback”). Both party agree that all Feedback is and shall be entirely voluntary and shall not in
absence of separate agreement, create any confidentially obligation for the receiving party.
However, the Receiving Party shall not disclose the source of any feedback without the providing
party’s consent. Feedback shall be clearly designated as such and, except as otherwise provided
herein, each party shall be free to disclose and use such Feedback as it sees fit, entirely without
obligation of any kind to other party. The foregoing shall not, however, affect either party’s
obligations hereunder with respect to Confidential Information of other party.

Dated this __________ day of _______ (Month) 20__ at __________(place)

For and on behalf of ___________________________

Name

Designation

Place

Signature

Page 177 of 232


RFP for procurement of Learning Management
System

For and on behalf of ___________________________

Name

Designation

Place

Signature

Page 178 of 232


RFP for procurement of Learning Management
System

Appendix- M

Pre-Bid Query Format


(To be provide strictly in Excel format)

Vendor Sl. RFP RFP Existing Query/Suggestions


Name No Page No Clause No. Clause

Page 179 of 232


RFP for procurement of Learning Management
System

Appendix- N

Format for Submission of Client References

To whosoever it may concern

Particulars Details

Client Information

Client Name

Client Address

Name of the contact person and designation

Phone number of the contact person

E-mail address of the contact person

Project Details

Name of the Project

Start Date

End Date

Current Status (In Progress / Completed)

Size of Project

Value of Work Order (In Lakh) (only single work order)

Name & Signature of authorised signatory

Seal of Company

Page 180 of 232


RFP for procurement of Learning Management
System

Appendix- O

PRE CONTRACT INTEGRITY PACT


(TO BE STAMPED AS AN AGREEMENT)

General
This pre-Bid pre-contract Agreement (hereinafter called the Integrity Pact) is made
on ________ day of the month of 201 , between, on the one hand, the State Bank of India a
body corporate incorporated under the State Bank of India Act, 1955 having its Corporate Centre at
State Bank Bhavan, Nariman Point, Mumbai through its ____________________ Department / Office
at Global IT Center at CBD Belapur, 400614,
(hereinafter called the “BUYER”, which expression shall mean and include, unless the context otherwise
requires, its successors) of the First Part

And

M/s____________________ represented by Shri________________, Chief Executive Officer/


Authorised signatory (hereinafter called the “BIDDER/Seller which expression shall mean and include,
unless the context otherwise requires, its / his successors and permitted assigns of the Second Part.

WHEREAS the BUYER proposes to procure (Name of the Stores/Equipment/Item) and the
BIDDER/Seller is willing to offer/has offered the stores and

WHEREAS the BIDDER is a private company/public company/Government


undertaking/partnership/registered export agency, constituted in accordance with the relevant law in the
matter and the BUYER is an Office / Department of State Bank of India performing its functions on
behalf of State Bank of India.

NOW, THEREFORE,

To avoid all forms of corruption by following a system that is fair, transparent and free from any
influence/prejudiced dealings prior to, during and subsequent to the currency of the contract to be
entered into with a view to :

 Enabling the BUYER to obtain the desired service / product at a competitive price in conformity
with the defined specifications by avoiding the high cost and the distortionary impact of
corruption on public procurement; and

 Enabling BIDDERs to abstain from bribing or indulging in any corrupt practice in order to
secure the contract by providing assurance to them that their competitors will also abstain from
bribing and other corrupt practices and the BUYER will commit to prevent corruption, in any
farm, by its officials by following transparent procedures.

The parties hereto hereby agree to enter into this Integrity Pact and agree as follows:

1. Commitments of the BUYER


1.1 The BUYER undertakes that no official of the BUYER, connected directly or indirectly with
the contract, will demand, take a promise for or accept, directly or through intermediaries, any
bribe, consideration, gift, reward, favour or any material or immaterial benefit or any other

Page 181 of 232


RFP for procurement of Learning Management
System

advantage from the BIDDER, either for themselves or for any person, organisation or third
party related to the contract in exchange for an advantage in the bidding process, Bid evaluation,
contracting or implementation process related to the contract.
1.2 The BUYER will, during the pre-contract stage, treat all BIDDERs alike, and will provide to
all BIDDERs the same information and will not provide any such information to any particular
BIDDER which could afford an advantage to that particular BIDDER in comparison to other
B1DDERs.
1.3 All the officials of the BUYER will report to the appropriate authority any attempted or
completed breaches of the above commitments as well as any substantial suspicion of such a
breach.
1.4 In case any such preceding misconduct on the part of such official(s) is
reported by the BIDDER to the BUYER with full and verifiable facts and the same is prima
facie found to be correct by the BUYER, necessary disciplinary proceedings, or any other action
as deemed fit, including criminal proceedings may be initiated by the BUYER and such a person
shall be debarred from further dealings related to the contract process. In such a case while an
enquiry is being conducted by the BUYER the proceedings under the contract would not be
stalled.

2. Commitments of BIDDERs
2.1 The BIDDER commits itself to take all measures necessary to prevent corrupt practices, unfair
means and illegal activities during any stage of its Bid or during any pre -contract or post-
contract stage in order to secure the contract or in furtherance to secure it and in particular
commit itself to the following:
2. 2 The BIDDER will not offer, directly or through intermediaries, any bribe, gift, consideration,
reward, favour, any material or immaterial benefit or other advantage, commission, fees,
brokerage or inducement to any official of the BUYER, connected directly or i ndirectly with
the bidding process, or to any person, organisation or third party related to the contract in
exchange for any advantage in the bidding, evaluation, contracting and implementation of the
contract.
2.3 The BIDDER further undertakes that it has not given, offered or promised to give, directly or
indirectly any bribe, gift, consideration, reward, favour, any material or immaterial benefit or
other advantage, commission, fees, brokerage or inducement to any official of the BUYER or
otherwise in procuring the Contract or forbearing to do or having done any act in relation to the
obtaining or execution of the contract or any other contract with State Bank of India for showing
or forbearing to show favour or disfavour to any person in relation to the contract or any other
contract with State Bank of India.
2.4 Wherever applicable, the BIDDER shall disclose the name and address of agents and
representatives permitted by the Bid documents and Indian BIDDERs shall disclose their foreign
principals or associates, if any.
2.5 The BIDDER confirms and declares that they have not made any payments to any agents/brokers
or any other intermediary, in connection with this Bid/contract.
2.6 The BIDDER further confirms and declares to the BUYER that the BIDDER is the original
vendors or service providers in respect of product / service covered in the Bid documents and the
BIDDER has not engaged any individual or firm or company whether Indian or foreign to
intercede, facilitate or in any way to recommend to the BUYER or any of its functionaries,
whether officially or unofficially to the award of the contract to the BIDDER, nor has any amount
been paid, promised or intended to be paid to any such individual, firm or company in respect of
any such intercession, facilitation or recommendation.
2.7 The BIDDER, at the earliest available opportunity, i.e. either while presenting the Bid or during
pre-contract negotiations and in any case before opening the financial Bid and before signing the

Page 182 of 232


RFP for procurement of Learning Management
System

contract, shall disclose any payments he has made, is committed to or intends to make to officials
of the BUYER or their family members, agents, brokers or any other intermediaries in connection
with the contract and the details of services agreed upon for such payments.
2.8 The BIDDER will not collude with other parties interested in the contract to impair the
transparency, fairness and progress of the bidding process, Bid evaluation, contracting and
implementation of the contract.
2.9 The BIDDER will not accept any advantage in exchange for any corrupt practice, unfair
means and illegal activities.
2.10 The BIDDER shall not use improperly, for purposes of competition or personal gain, or pass. On
‘to° others, any -information provided by the BUYER as part of the business relationship,
regarding plans, technical proposals and business details, including information contained in
any electronic data carrier. The BIDDER also undertakes to exercise due and adequate care lest
any such information is divulged.
2.11 The BIDDER commits to refrain from giving any complaint directly or through any other manner
without supporting it with full and verifiable facts.
2.12 The BIDDER shall not instigate or cause to instigate any third person to commit any of the
actions mentioned above.
2.13 If the BIDDER or any employee of the BIDDER or any person acting on behalf of the BIDDER,
either directly or indirectly, is a relative of any of the officers of the BUYER, or alternatively, if
any relative of an officer of the BUYER has financial Interest/stake in the BIDDER’s firm, the
same shall be disclosed by the BIDDER at the time of filing of tender. The term ‘relative’ for
this purpose would be as defined in Section 6 of the Companies Act 1956.
2.14 The BIDDER shall not lend to or borrow any money from or enter into any monetary dealings or
transactions, directly or indirectly, with any employee of the BUYER.

3. Previous Transgression
3.1 The BIDDER declares that no previous transgression occurred in the last three years
immediately before signing of this Integrity Pact, with any other company in any country in
respect of any corrupt practices envisaged hereunder or with any Public Sector Enterprise /
Public Sector Banks in India or any Government Department in India or RBI that could justify
BIDDER’s exclusion from the tender process.
3.2 The BIDDER agrees that if it makes incorrect statement on this subject, BIDDER can be
disqualified from the tender process or the contract, if already awarded, can be terminated for
such reason.

4. Earnest Money (Security Deposit)


4.1 While submitting commercial Bid, the BIDDER shall deposit an amount (specified in RFP) as
Earnest Money/Security Deposit, with the BUYER through any of the mode mentioned in the
RFP / Bid document and no such mode is specified, by a Bank Draft or a Pay Order in favour
of State Bank of India from any Bank including SBI . However payment of any such amount
by way of Bank Guarantee, if so permitted as per Bid documents / RFP should be from any
Scheduled Commercial Bank other than SBI and promising payment of the guaranteed sum to
the BUYER on demand within three working days without any demur whatsoever and without
seeking any reasons whatsoever. The demand for payment by the BUYER shall be treated as
conclusive proof for making such payment to the BUYER.
4.2 Unless otherwise stipulated in the Bid document / RFP, the Earnest Money/Security Deposit shall
be valid upto a period of five years or the complete conclusion of the contractual obligations to
the complete satisfaction of both the BIDDER and the BUYER, including warranty period,
whichever is later.
4.3 In case of the successful BIDDER a clause would also be incorporated in the Article pertaining

Page 183 of 232


RFP for procurement of Learning Management
System

to Performance Bond in the Purchase Contract that the provisions of Sanctions for Violation
shall be applicable for forfeiture of Performance Bond in case of a decision by the BUYER to
forfeit the same-without assigning any reason for imposing sanction for violation of this Pact.
4.4 No interest shall be payable by the BUYER to the BIDDER on Earnest Money/Security Deposit
for the period of its currency.

5. Sanctions for Violations


5.1 Any breach of the aforesaid provisions by the BIDDER or any one employed by it or acting on
its behalf (whether with or without the knowledge of the BIDDER) shall entitle the BUYER to
take all or any one of the following actions, wherever required:
(i) To immediately call off the pre contract negotiations without assigning any reason and without
giving any compensation to the BIDDER. However, the proceedings with the other BIDDER(s)
would continue, unless the BUYER desires to drop the entire process.
(ii) The Earnest Money Deposit (in pre-contract stage) and/or Security Deposit/Performance Bond
(after the contract is signed) shall stand forfeited either fully or partially, as decided by the BUYER
and the BUYER shall not be required to assign any reason therefore.To immediately cancel the
contract, if already signed, without giving any compensation to the BIDDER.
(iii) To recover all sums already paid by the BUYER, and in case of an Indian BIDDER with interest
thereon at 2% higher than the prevailing Base Rate of State Bank of India, while in case of a
BIDDER from a country other than India with interest thereon at 2% higher than the LIBOR. If
any outstanding payment is due to the BIDDER from the BUYER in connection with any other
contract for any other stores, such outstanding could also be utilized to recover the aforesaid sum
and interest.
(iv) To encash the advance bank guarantee and performance bond/warranty bond, if furnished by the
BIDDER, in order to recover the payments, already made by the BUYER, along with interest.
(v) To cancel all or any other Contracts with the BIDDER. The BIDDER shall be liable to pay
compensation for any loss or damage to the BUYER resulting from such cancellation/rescission
and the BUYER shall be entitled to deduct the amount so payable from the money(s) due to the
BIDDER.
(vi) To debar the BIDDER from participating in future bidding processes of the BUYER or any of its
Subsidiaries for a minimum period of five years, which may be further extended at the discretion
of the BUYER.
(vii) To recover all sums paid, in violation of this Pact, by BIDDER(s) to any middleman or agent or
broker with a view to securing the contract.
(viii) Forfeiture of Performance Bond in case of a decision by the BUYER to forfeit the same without
assigning any reason for imposing sanction for violation of this Pact.
(ix) Intimate to the CVC, IBA, RBI, as the BUYER deemed fit the details of such events for appropriate
action by such authorities.

5.2 The BUYER will be entitled to take all or any of the actions mentioned at para 5.1(i) to (x) of
this Pact also on the Commission by the BIDDER or any one employed by it or acting on its
behalf (whether with or without the knowledge of the BIDDER), of an offence as defined in
Chapter IX of the Indian Penal code, 1860 or Prevention of Corruption Act, 1988 or any other
statute enacted for prevention of corruption.
5.3 The decision of the BUYER to the effect that a breach of the provisions of this Pact has been
committed by the BIDDER shall be final and conclusive on the BIDDER. However, the
BIDDER can approach the Independent Monitor(s) appointed for the purposes of this Pact.

6. Fall Clause
The BIDDER undertakes that it has not supplied/is not supplying similar product/systems or
subsystems at a price lower than that offered in the present Bid in respect of any other
Ministry/Department of the Government of India or PSU or any other Bank and if it is found at
any stage that similar product/systems or sub systems was supplied by the BIDDER to any other
Ministry/Department of the Government of India or a PSU or a Bank at a lower price, then that

Page 184 of 232


RFP for procurement of Learning Management
System

very price, with due allowance for elapsed time, will be applicable to the present case and the
difference in the cost would be refunded by the BIDDER to the BUYER, if the contract has
already been concluded.

7. Independent Monitors
7.1 The BUYER has appointed Independent Monitor (hereinafter referred to as Monitor) for this
Pact in consultation with the Central Vigilance Commission (Names and Addresses of the
Monitors to be given).

Shri Otem Dai


IAS (Retd.)
otemdai@hotmail.com

7.2 The task of the Monitor shall be to review independently and objectively, whether and to what
extent the parties comply with the obligations under this Pact.
7.3 The Monitor shall not be subjected to instructions by the representatives of the parties and
perform their functions neutrally and independently.
7.4 Both the parties accept that the Monitor has the right to access all the documents relating to the
project/procurement, including minutes of meetings. Parties signing this Pact shall not approach
the Courts while representing the matters to Independent External Monitor and he/she will await
their decision in the matter.
7.5 As soon as the Monitor notices, or has reason to believe, a violation of
this Pact, he will so inform the Authority designated by the BUYER.
7.6 The BIDDER(s) accepts that the Monitor has the right to access without restriction to all Project
documentation of the BUYER including that provided by the BIDDER. The BIDDER will also
grant the Monitor, upon his request and demonstration of a valid interest, unrestricted and
unconditional access to his project documentation. The same is applicable to Subcontractors.
The Monitor shall be under contractual obligation to treat the information and documents of
the BIDDER/Subcontractor(s) with confidentiality.
7.7 The BUYER will provide to the Monitor sufficient information about all meetings among the
parties related to the Project provided such meetings could have an impact on the contractual
relations between the parties. The parties will offer to the Monitor the option to participate in
such meetings.
7.8 The Monitor will submit a written report to the designated Authority of BUYER/Secretary in
the Department/ within 8 to 10 weeks from the date of reference or intimation to him by the
BUYER / BIDDER and, should the occasion arise, submit proposals for correcting problematic
situations.

8. Facilitation of Investigation
In case of any allegation of violation of any provisions of this Pact or payment of commission,
the BUYER or its agencies shall be entitled to examine all the documents including the Books
of Accounts of the BIDDER and the BIDDER shall provide necessary information and
documents in English and shall extend all possible help for the purpose of such examination.

9. Law and Place of Jurisdiction


This Pact is subject to Indian Law. The place of performance and jurisdiction is the seat of the
BUYER.

Page 185 of 232


RFP for procurement of Learning Management
System

10. Other Legal Actions


The actions stipulated in this Integrity Pact are without prejudice to any other legal action that
may follow in accordance with the provisions of the extant law in force relating to any civil or
criminal proceedings.

11. Validity

11.1 The validity of this Integrity Pact shall be from date of its signing and extend upto 5 years or
the complete execution of the contract to the satisfaction of both the BUYER and the
BIDDER/Seller, including warranty period, whichever is later. In case BIDDER is
unsuccessful, this Integrity Pact shall expire after six months from the date of the signing of the
contract, with the successful Bidder by the BUYER.
11.2 Should one or several provisions of this Pact turn out to be invalid; the remainder of this Pact
shall remain valid. In this case, the parties will strive to come to an agreement to their original
intentions.

12. The parties hereby sign this Integrity Pact at _____________ on _____________

For BUYER For BIDDER


Name of the Officer. Chief Executive Officer/
Designation Authorised Signatory
Office / Department / Branch Designation
State Bank of India.

Witness Witness
1
1.
2
2.
Note: This agreement will require stamp duty as applicable in the State where it is executed or
stamp duty payable as per Maharashtra Stamp Act, whichever is higher.

Page 186 of 232


RFP for procurement of Learning Management
System

Appendix- P

FORMAT FOR EMD BANK GUARANTEE

To:

-------------------

EMD BANK GUARANTEE FOR


NAME OF SOFTWARE SOLUTION/ SERVICES TO STATE BANK OF INDIA TO MEET SUCH
REQUIRMENT AND PROVIDE SUCH SOFTWARE SOLUTION/ SERVICES AS ARE SET OUT
IN THE RFP NO. SBI/GITC/HRMS/2024/2025/1156 dated 15/06/2024

WHEREAS State Bank of India (SBI), having its Corporate Office at Nariman Point, Mumbai, and Regional
offices at other State capital cities in India has invited Request for Proposal to develop, implement and
support ________________(name of Software Solution/ Service) as are set out in the Request for Proposal
SBI:xx:xx dated dd/mm/yyyy.

1. It is one of the terms of said Request for Proposal that the Bidder shall furnish a Bank Guarantee
for a sum of Rs._________/-(Rupees _____________________ only) as Earnest Money Deposit.

2. M/s. ________________________, (hereinafter called as Bidder, who are our constituents intends
to submit their Bid for the said work and have requested us to furnish guarantee in respect of the
said sum of Rs.__________/-(Rupees _____________________ only)

3. NOW THIS GUARANTEE WITNESSETH THAT


We _____________________________ (Bank) do hereby agree with and undertake to the State
Bank of India, their Successors, assigns that in the event of the SBI coming to the conclusion that
the Bidder has not performed their obligations under the said conditions of the RFP or have
committed a breach thereof, which conclusion shall be binding on us as well as the said Bidder, we
shall on demand by the SBI, pay without demur to the SBI, a sum of Rs.__________/- (Rupees
_____________________ Only) that may be demanded by SBI. Our guarantee shall be treated as
equivalent to the Earnest Money Deposit for the due performance of the obligations of the Bidder
under the said conditions, provided, however, that our liability against such sum shall not exceed
the sum of Rs.__________/- (Rupees _____________________ Only).

4. We also agree to undertake to and confirm that the sum not exceeding Rs.__________/- (Rupees
_____________________ Only) as aforesaid shall be paid by us without any demur or protest,
merely on demand from the SBI on receipt of a notice in writing stating the amount is due to them
and we shall not ask for any further proof or evidence and the notice from the SBI shall be
conclusive and binding on us and shall not be questioned by us in any respect or manner
whatsoever. We undertake to pay the amount claimed by the SBI, without protest or demur or
without reference to Bidder and not-withstanding any contestation or existence of any dispute
whatsoever between Bidder and SBI, pay SBI forthwith from the date of receipt of the notice as
aforesaid. We confirm that our obligation to the SBI under this guarantee shall be independent of
the agreement or agreements or other understandings between the SBI and the Bidder. This
guarantee shall not be revoked by us without prior consent in writing of the SBI.

5. We hereby further agree that –

a) Any forbearance or commission on the part of the SBI in enforcing the conditions of the said
agreement or in compliance with any of the terms and conditions stipulated in the said Bid and/or
hereunder or granting of any time or showing of any indulgence by the SBI to the Bidder or any
other matter in connection therewith shall not discharge us in any way our obligation under this
guarantee. This guarantee shall be discharged only by the performance of the Bidder of their

Page 187 of 232


RFP for procurement of Learning Management
System

obligations and in the event of their failure to do so, by payment by us of the sum not exceeding
Rs.__________/- (Rupees _____________________ Only)

b) Our liability under these presents shall not exceed the sum of Rs.__________/- (Rupees
_____________________ Only)

c) Our liability under this agreement shall not be affected by any infirmity or irregularity on the
part of our said constituents in tendering for the said work or their obligations there under or by
dissolution or change in the constitution of our said constituents.

d) This guarantee shall remain in force upto 180 days provided that if so desired by the SBI, this
guarantee shall be renewed for a further period as may be indicated by them on the same terms
and conditions as contained herein.

e) Our liability under this presents will terminate unless these presents are renewed as provided
herein upto 180 days or on the day when our said constituents comply with their obligations, as
to which a certificate in writing by the SBI alone is the conclusive proof, whichever date is
earlier.

f) Unless a claim or suit or action is filed against us on or before____(date to be filled by BG


issuing bank), all the rights of the SBI against us under this guarantee shall be forfeited and we
shall be released and discharged from all our obligations and liabilities hereunder.

g) This guarantee shall be governed by Indian Laws and the Courts in Mumbai, India alone shall
have the jurisdiction to try & entertain any dispute arising out of this guarantee.

Notwithstanding anything contained hereinabove:


(a) Our liability under this Bank Guarantee shall not exceed Rs……….………/- (Rupees
…………………….only)
(b) This Bank Guarantee shall be valid upto ……………………….
(c) We are liable to pay the guaranteed amount or any part thereof under this Bank Guarantee only
and only if you serve upon us a written claim or demand on or before ……………………

Yours faithfully,

For and on behalf of

_____________________________________
Authorized official of the bank

(Note: This guarantee will require stamp duty as applicable in the State where it is executed and shall be
signed by the official(s) whose signature and authority shall be verified)

Page 188 of 232


RFP for procurement of Learning Management
System

Appendix- Q

SECURITY REQUIREMENTS

Bidder is required to comply with the following points and submit their compliance on the same on their
letter head along with required evidence. In case of non-compliance of any of the requirement, Bid would
be rejected:

S. Required Controls Compliance Required Evidence


No. (Yes/No)
1 Whether Bidder has (Board/ Top Content table/ page of IS Policy
Management approved) Information and review history page.
Security (IS) Policy in place with periodic
review (minimum annually) by Top
Management.
2 Whether IS Policy is communicated to all Relevant evidence or compliance
employees and does Bidder monitor the certificate.
compliance of the said policy.
3 Whether Bidder has operational processes For organisations with ISO-
(SOP, etc) with periodic review (at least 27001, PCI-DSS, SOC1, SOC2
annually) including but not limited to: certification, relevant
a) Business continuity management certification with validity periods
b) Backup Management and needs to be produced.
Restoration Testing For other organisations, each
c) Desktop/ system/ server/ network approved document/ IS Policy
device hardening with baseline (respective contents) needs to be
controls produced with version history.
d) Patch management
e) Port management
f) Media movement
g) Log management
h) Personnel security
i) Physical security
j) Internal security assessment
processes
k) Incident Management
l) Regulatory Compliance
4 Whether Bidder’s IT environment is Evidence for controls in place.
suitably protected from external threats by
way of firewall, WAF, IDS/IPS, AD, AV,
NAC, DLP etc.
5 Whether rules are implemented on Approved Process of Firewall
Firewalls of the Bidder’s environment as Rules and self-certification
per their approved process. Whether (signed by IS Head of the
Bidder has processes in place to review the company) for non-presence of
Firewalls periodically. overly permissible such as Any-
Any Rules or generic
rules/evidence for latest Firewall
Audit Report.

Page 189 of 232


RFP for procurement of Learning Management
System

6 Whether Bidder has captive SOC or Evidence of SOC implementation


managed service SOC for monitoring their and its activities.
system and operations.
7 Whether Bidder’s environment is CERT empanelled auditor's
segregated into militarized zone (MZ) and Report on verification of its
demilitarized zone (DMZ) separated by implementation.
firewall, where any access from an external
entity is permitted through DMZ only.
8 Whether Bidder has deployed secure Evidence of a Secured DR Site at
production, disaster recovery and testing different location(s).
environment for their application.
9 Bidder to confirm that privilege access to Evidence for the secured access,
its environment is not permitted from reviewed by CERT empanelled
internet. auditors.
10 Whether the Bidder has a dedicated Relevant clauses in Policy and
information security team independent of implementation evidence like
IT, reporting directly to MD/CIO for organisation structure etc.
conducting security related functions &
operations.
11 Whether CERT-IN Empaneled Auditors Latest security Testing
are engaged by Bidder for ensuring Certification with Scope of
security posture of their application. review & closure of observations.
Security testing includes but is not limited
to Appsec, API Testing, Source Code
Review, VA, PT, SCD, DFRA, Process
Review, Access Control etc.
12 Whether suitable security certification Certificate with validity period, if
(ISO, PCI-DSS, SOC1 and SOC2 etc.) of available.
the security posture at Bidders IT
environment are in place.
13 Whether Bidder is agreeable to secure the Evidence for protection of data in
Bank’s data (if shared) while transit, transit such as Secure Encryption
processing, at store, during backup and algorithm used.
archivals, over external media etc. with
latest & secured encryption standards.
14 Whether Bidder has processes in place and Self-certification in case of Govt
is agreeable to completely erase the data entity and approved Purging
after processing at their end or after a Process & timeline and Evidence
clearly defined retention period, if so of actual implementation for
permitted to be stored. Non-Govt entities duly verified
by CERT empanelled IS auditor
to be provided by successful
Bidder at relevant time.
15 Bidder to confirm that it will not share the
Bank’s data to any other party for any
purpose without prior permission of the
Bank.
16 Whether Bidder is willing to put in place a
system of obtaining approval from the
Bank before carrying out any changes in
their environment.

Page 190 of 232


RFP for procurement of Learning Management
System

17 Bidder to confirm that it will not take any


crucial decisions on behalf of the Bank
without written approval from the Bank.
18 Whether Bidder is willing to implement an
efficient and sufficient preventive control
to protect the Bank’s interests against any
damage under section 43 of IT Act.
19 Whether Bidder configures or provides Role Conflict Matrix and
access to officials based on a documented evidence of following the same.
and approved Role Conflict Matrix.
20 Whether Bidder is agreeable that all default Evidence of having disabled
admin and root users are deleted/disabled default admins and root users
and access is based on user specific IDs and preferably verified by CERT
all such accesses are logged. empanelled auditor.
21 Whether Bidder has deployed Active Details of the AD, SSO,
Directory (AD), Single Sign On (SSO) and Password Policy in relevant
strong Password Policy for End point and clauses of IS Policy and/or
application access. compliance verification.
22 Whether Bidder is agreeable to define Approved Access Control
proper access control for protecting the process document and evidence
Bank’s data (if shared) and access to the of implementation to be provided
data is strictly on need-to-know Basis. by successful Bidder at relevant
time.
23 Whether Bidder follows the best practices CERT empanelled auditor's
of creation of separate network zones Report on verification of its
(VLAN segments) for production and non- implementation.
production such as UAT.

24 Whether Bidder follows the best practices Self-certification (signed by IS


of creation of separate network zones Head of the company) with
(VLAN segments) for Web, App, DB, evidence.
Critical & Non-Critical Applications.
25 Whether Bidder is agreeable to have a Network architecture diagram
separate network architecture diagram specific to the Bank to be
specific to integration with the Bank. provided by successful Bidder.
26 Bidder to confirm that internet access is Evidence of purpose/need of this
restricted on internal servers, database and verification of controls in
servers or any other servers. place by CERT empanelled ISSP.
27 Whether Bidder has deployed any open If any Open Source software is
source or free software in their used, evidence for process in
environment. If yes, whether processes are place to adhere to the stated
in place for closure of vulnerabilities & control and/or declaration that
regular/timely patching for such software. there are no known CVE
(Common Vulnerability &
Exposures).
28 Whether minimum baseline controls are Content page of SCD document
implemented for hardening the application and review history and
and DB Servers. implementation evidence of latest
SCD version.
29 Whether Suitable Security certificate such Certificate with validity period.
as ISO27017 & ISO27018 for Cloud

Page 191 of 232


RFP for procurement of Learning Management
System

Services (if applicable) and PCI DSS


where Debit Card related data (if
applicable) are processed are in place.
30 Whether Bidder is agreeable that the key Approved Process for Key
used by it to encrypt the Bank’s data (if Management and evidence of
shared) should be different i.e. it should not actual implementation of Key
be the same that was/is used for other Sharing.
clients.
31 Bidder to confirm that data should not be Approved Process & evidence of
allowed to be downloaded or to prepare implementation of the control.
copies unless explicitly approved.
32 Whether Bidder is agreeable to performs Evidence of conducting DR
periodic DR Drills. drills, lessons learnt and their
detailed recordings to be
provided by successful Bidder.
33 Bidder is agreeable that the application and Evidence of dedicated
DB will be hosted separately on a infrastructure (physical/ logical)
dedicated infrastructure (physical/logical) for the Bank to be provided by
for the Bank. successful Bidder.

34 Whether proper log generation, storage, Log generation, storage and


management and analysis happens for the review process certified by CERT
Bidder’s application (including DFRA & empaneled auditor.
access logs).

35 Whether the privilege access activities are Evidence of Privileged access


logged, monitored, controlled and logs and PIMS implementation.
governed preferably using Privilege
Identity Management (PIM).

Bidder should also confirm whether it has witnessed any security or privacy breach in the past 2 (two) years.
Bidder should submit self-certification of IS Head in case of Govt entity/evidence reported to regulatory
agencies and/or self-attestation and the same to be verified by CERT empaneled ISSP.

Letters of Intent (LoIs) will be issued to TC1 bidder and the selected bidder will be required to undergo IT
& Security review, also called as ISD review. Selected bidder will be required to submit the documents,
duly certified by CERT-IN Auditors, for getting clearance from IS Dept. of the Bank as mentioned in
Appendix Q as well as mentioned any other place in the RFP document.

The bidder/ vendor shall have obligation to comply with Bank’s IS policy, Cyber Security Policy and IT
Policy and regulatory requirements and implement all the recommendations// close all the vulnerabilities
reported in the various information security reviews, IS audit, UAT etc conducted by the Bank, bank
appointed third party professionals, Regulators during the contact period without any additional cost to the
Bank.

Page 192 of 232


RFP for procurement of Learning Management
System

Note:

 The above-mentioned required controls shall be reviewed at quarterly interval.

 Service Provider at its own expenses, agrees to submit certificate from CERT-In empaneled ISSP,
periodically, i.e. at quarterly interval by 15th day of completion of respective quarter or as requested
by the Bank for the control points mentioned in Appendix Q.

Page 193 of 232


RFP for procurement of Learning Management
System

Appendix- R
CLOUD REQUIREMENTS

For cloud deployment platform, the Bidder is required to comply with the following points and submit their
compliance on the same on their letter head in format of Table C-1

Deployment Model Specific Requirements

1. Data center, Disaster recovery center, High availability zones across data centers shall be in India
only.
2. Bidder shall ensure that all data functions and processing are performed within the boundaries of
India.
3. Shall be hosted and provided services on a dedicated instance for the Bank on the cloud
4. The infrastructure elements including server, storage (including backup storage) and network of
the public Cloud should provide strong tenant isolation, provide granular identity and access
management capability and data encryption (In-Transit and At-Rest) and to be logically separate
from the public and other cloud offerings of the cloud service provider.
5. There should be logical separation (of servers, storage, network infrastructure and networks) to
protect data, applications and servers and provide robust virtual isolation for the Bank.
6. The space allocated for the dedicated infrastructure should be clearly demarcated and identified as
hosting Bank’s Project. The demarcated and identified area shall not host any components other
than those of Banks Project.
7. The entire N/W Path for Bank’s hosted applications shall be separate (logical separation &
isolation) from the other clients and should be dedicated for the Bank.
8. Implement a firewall policy that allows the Bank to administer it remotely and allowing the Bank
to have read-only access to inspect the firewall configuration in accordance with the Banks
direction.
9. The cloud service offering shall support Network and security with dedicated firewall along with
load balancer integration for auto-scale functions. However, the dedicated infrastructure elements
can be shared within the Bank.
10. The management consoles should only show the data relevant to the Bank.
11. With respect to monitoring tools, if any agent has to be deployed on the VMs or otherwise, the
monitoring tools may be shared provided there is logical segregation and controls built-in to ensure
that the tools & deployed agents comply to the security policies and ONLY the events, performance
threshold alerts and inventory data for the OS, DB, infrastructure and Application is captured &
sent by the deployed agents. The monitoring tools and deployed agents (in case of agent-based
tools) shall not capture or send Bank’s application and/or user and/or transaction data.
12. Shall leverage and share all network-related security toolset which are in network flow.
13. Security toolset shall be a dedicated installation of the tools / products for the Bank.
14. Database System Software shall be a dedicated instance for the Bank
15. For ensuring strategic control of the operations, approval of the Bank shall be taken prior to making
changes / modifications of the deployed solution, database, data, configurations, security solutions,
hosted infrastructure, etc.
16. The above set of activities where prior approvals of the Bank have to be taken is only indicative
and by no means an exhaustive list. The set of activities for which such approval has to be obtained
will be finalized by the Bank and reviewed on as needed basis.
17. For any changes (including auto-provisioning and others that may or may not need prior approval)
to the underlying cloud infrastructure, software, etc. under the scope of the bidder, that has the
potential to affect the SLAs (performance, availability), the Bank shall get alerts / notifications
from the bidder, both as advance alerts and post implementation alerts
18. Real time Integration of Logs (web, application, DB, Network) with Bank SOC is required

Page 194 of 232


RFP for procurement of Learning Management
System

19. Should the Bank decide to migrate the application to its private cloud at any point in the future, the
service provider shall undertake the migration process, subject to an agreed-upon additional cost

General Requirements

1. Shall be in accordance with the requirements in this RFP.


2. Bidder shall provide dedicated resources for Bank’s project.
3. There should be sufficient headroom (at an overall level in the compute, network and storage
capacity offered) available for near real time provisioning (as per the SLA requirement of the Bank)
during any unanticipated spikes in the user load.
4. Ability to integrate fully with the Government of India approved Certificate Authorities to enable
the Bank to use the Digital Certificates / Digital Signatures.
5. The Bank shall retain ownership of any user created/loaded data and applications hosted on CSP’s
infrastructure and maintains the right to request (or should be able to retrieve) full copies of these
at any time.
6. The Bank retains ownership of all VMs, templates, clones, and scripts/applications created for the
Bank’s application and retains the right to request (or should be able to retrieve) full copies VMs
at any time.
7. The Bank shall be provided access rights (including the underlying secure connection) to the user
administration / portal of cloud services to have visibility into the dashboard, SLAs, management
reports, etc. provided by the Cloud Service provider.
8. CSP shall not provision any unmanaged VMs for the applications.
9. CSPs shall provide interoperability support with regards to available APIs, data portability etc. for
the Bank to utilize in case of Change of cloud service provider, migration back to in-house
infrastructure, burst to a different cloud service provider or availing backup or DR services from a
different service provider as and when needed
10. Should adhere to the ever-evolving guidelines as specified by CERT-In (https://www.cert-
in.org.in/)
11. Should adhere to the relevant standards published (or to be published) by the Bank, Ministry of
Electronics & Information Technology (MeitY) or any standards body setup / recognized by
Government of India and notified to the bidder by the Bank as a mandatory standard.
12. Bidder shall also adhere to the relevant audit requirements as defined in the RFP.
13. The Bidder should complete VA & PT testing on an annual basis and submit timely reports to the
bank

Service Management Requirements

Operational Management
1. Manage the network, storage, server and virtualization layers, to include performance of internal
technology refresh cycles applicable to meet the SLAs without any financial impact to the Bank.
Provide a secure, dual factor method of remote access which allows the Bank designated personnel
(privileged users) the ability to perform duties on the hosted infrastructure
2. Upgrade and periodically replace hardware without any financial impact to the Bank. All the data
within replaced hardware shall be immediately deleted/destroyed and certify the VM and data
destruction to the Bank as per stipulations and shall ensure that the data cannot be forensically
recovered.
3. Perform patch management appropriate to the scope of their control
a. Alerts well in advance on the upcoming patches via email.

Page 195 of 232


RFP for procurement of Learning Management
System

b. Patch VMs on the next available patch management change window


c. Application of automated OS security patches
d. Send regular reminders to the Bank designated email address five (5) days prior to patch cut off
dates
4. OS level vulnerability management – all OS images created within the cloud platform are regularly
patched with the latest security updates
5. Provide the artifacts, security policies and procedures demonstrating its compliance with the
Security Assessment and Authorization requirements as described in Security Requirements in this
RFP.
6. Bidder shall Monitor availability of the servers, CSP -supplied operating system & system
software, and CSP’s network
7. The bidder is fully responsible for tech refreshes, patch management and other operations of
infrastructure within the scope.
8. Investigate outages, perform appropriate corrective action to restore the hardware, operating
system, and related tools and provide Root Cause Analysis (RCA) within the timeframe provided
by the Bank.
9. Bidder shall be responsible for managing the infrastructure including VMs as per the ITIL
standards.
10. Comply with technology (hardware and software components) refresh requirements as required so
as to upgrade any technology prior to reaching end of life / end of support and as well as to ensure
security requirements and service level agreements (SLA) are met without and additional cost to
the Bank.
11. Software (limited to OS, security solutions and other platform stack offered by the bidder to the
Bank) will never be more than two versions behind unless deferred or rejected by Bank.

Data Management
1. Manage data isolation in a multi-tenant environment.
2. The bidder shall ensure compliance to the Bank’s Backup and Retention policy.
3. Transfer data back in-house either on demand or in case of contract or order termination for any
reason
4. Manage data remanence throughout the data life cycle.
5. Provide and implement security mechanisms for handling data at rest and in transit.
6. Bidder shall not delete any data at the end of the agreement (for a maximum of 90 days beyond the
expiry of the Agreement) without the express approval of the Bank.
7. When the Bank or bidder (with prior approval of the Bank) scales down the infrastructure services,
bidder is responsible for deleting or otherwise securing Bank’s Content/data prior to VM deletion
and in case deleted, shall ensure that the data cannot be forensically recovered.
8. Bidder shall ensure the protection of the Bank’s data from any unauthorized access, modification,
copying/storing. Violation of this shall be treated as copyright infringement

User/Admin Portal Requirements

1. Utilization Monitoring: Provide automatic monitoring of resource utilization and other events such
as failure of service, degraded service, etc. via service dashboard or other electronic means.
Real time performance thresholds
Real time performance health checks
Real time performance monitoring & Alert
Historical Performance Monitoring
Capacity Utilization statistics
Cloud Resource Usage including increase / decrease in resources used during auto scale

Page 196 of 232


RFP for procurement of Learning Management
System

Log (DB, Application) and files sync status of DC and DR


2. Trouble Management – Provide Trouble Ticketing via online portal/interface (tools).
3. User Profile Management- Support maintenance of user profiles and present the user with his/her
profile at the time of login

LAN / WAN Requirements


1. Local Area Network (LAN) shall not impede data transmission.
2. Provide a redundant local area network (LAN) infrastructure and static IP addresses from the Bank
IP pool or “private” non-internet routable addresses from CSP pool.
3. Provide private connectivity between a Bank’s network and cloud data Center Facilities
4. Application should be accessible from Internet as well as Bank’s Intranet.
5. Allow mapping IP addresses to domains owned by the Bank, allowing websites or other
applications operating in the cloud to be viewed externally as Bank’s URLs and services
6. Provide infrastructure that is Ipv4 and Ipv6 compliant.
7. Bidder shall have the capability to provide adequate bandwidth between Primary Data Center and
Disaster Recovery Center for data replication purpose.
8. Support network level redundancy through MPLS lines from two different service providers,
alternate routing paths facilitated at ISP backbone (MPLS), redundant network devices etc. These
two network service providers should not share same back-end infrastructure. Redundancy in
security and load balancers, in high availability mode, will be provided to facilitate alternate paths
in the network

Disaster Recovery & Business Continuity Requirements

1. Bidder is responsible for Disaster Recovery Services so as to ensure continuity of operations in the
event of failure of primary data center to meet the RPO and RTO requirements of the Bank.
2. The Primary DC and the DRC should be in different seismic zones in India.
3. During normal operations, the Primary Data Center (PR) will serve the requests. The Disaster
Recovery Site will not be performing any work but will remain on standby. During this period, the
compute environment for the application in DR shall be available but with minimum possible
compute resources required for a functional DR as per the solution offered. The application
environment shall be installed and ready for use. DR Database Storage shall be replicated on an
ongoing basis and shall be available in full (100% of the PR) as per designed RTO/RPO and
replication strategy. The storage should be 100% of the capacity of the Primary Data Center site.
4. In the event of a site failover or switchover, DR site will take over the active role, and all requests
will be routed through that site. Application data and application states will be replicated between
data centers so that when an outage occurs, failover to the surviving data center can be
accomplished within the specified RTO. This is the period during which the Compute environment
for the application shall be equivalent to DC. The installed application instance and the database
shall be usable and the same SLAs as DC shall be provided. The use of this Full Compute DR
environment can be for specific periods during a year for the purposes of DC failure or DR Drills
or DC maintenance. The Database and storage shall be of full capacity and the licenses and security
shall be for full infrastructure. The bandwidth at the DR shall be scaled to the level of Data center.
Users of application should be routed seamlessly from DC site to DR site. The bidder shall conduct
DR drill for seven days at the interval of every six months of operation wherein the Primary DC
has to be deactivated and complete operations shall be carried out from the DR Site. However,
during the change from DC to DRC or vice-versa (regular planned changes), there should not be
any data loss.
5. The bidder should offer dashboard to monitor RPO and RTO of each application and database.

Page 197 of 232


RFP for procurement of Learning Management
System

6. Any lag in data replication should be clearly visible in dashboard and alerts of same should be sent
to respective authorities.

Security Requirements

1. Bidder will be responsible for provisioning, securing, monitoring, and maintaining the hardware,
network(s), and software that support the infrastructure, Virtual Machines (VMs).
2. The Data Center Facility shall at a minimum, implement the security toolset: Security & Data
Privacy (Data & Network Security including Anti Virus, Virtual Firewall, Multi Factor
Authentication, VPN, IPS, Log Analyzer / Syslog, SSL, DDOS Protection, HIDS / NIDS, Rights
Management, SIEM, DAM, WAF, Integrated Vulnerability Assessment, SOC, Data Privacy, Data
Encryption, Certifications & Compliance, Authentication & Authorization, and Auditing &
Accounting)
3. Integration with Bank’s Security Operation Center (SOC) including SIEM, DAM, WAF
4. Integration with Bank’s AD, SSO
5. Meet the ever-evolving security requirements as specified by CERT-In (https://www.cert-
in.org.in/)
6. Meet any security requirements published (or to be published) by the Bank or any standards body
setup / recognized by Government of India from time to time and notified to the bidder by the Bank
as a mandatory standard
7. Bank reserves the right to verify the security test results.
8. Implement industry standard storage strategies and controls for securing data in the Storage Area
Network so that clients are restricted to their allocated storage.
9. Deploy public facing services in a zone (DMZ) different from the application services. The
Database nodes should be in a separate zone with higher security layer.
10. Nonproduction environments should be segregated (in a different VLAN) from the production
environment such that the users of the environments are in separate networks.
11. All environments (Web, App, DB) should be segregated in a different VLAN.
12. Cloud offering should have built-in user-level controls and administrator logs for transparency and
audit control
13. Cloud Platform should be protected by fully managed Intrusion detection system using signature,
protocol, and anomaly-based inspection thus providing network intrusion detection monitoring.
14. Cloud platform should provide Edge-to-Edge security, visibility and carrier class threat
management and remediation against security hazards like Denial of Service (DoS) and Distributed
Denial of Service (DdoS) attacks, botnets, etc. Also, shall provide protection against network issues
such as traffic and routing instability
15. Cloud platform should provide Web Application Filter for OWASP Top 10 protection as a service
that can be enabled for the Banks that require such a service.
16. Provision of private network ports to be connected to the Banks network for additional secure
connectivity between the Bank network and the cloud through support for MPLS, Fiber, P2P links.
17. Cloud Service provider shall allow audits of all administrator activities performed by the bidder
and allow Bank to download copies of these logs in read-only format.
18. Maintain the security features described below, investigate incidents detected, undertake corrective
action, and report to Bank, as appropriate
19. Deploy and update commercial anti-malware tools, investigate incidents, and undertake remedial
action necessary to restore servers and operating systems to operation.
20. Shall provide a consolidated view of the availability, integrity and consistency of the Web/ App/
DB tiers
21. Bidder should enforce password policies (complex password, change password as per Bank’s
policies etc.)

Page 198 of 232


RFP for procurement of Learning Management
System

22. Shall be contractually subject to all Bank’s IT Security standards, policies, and reporting
requirements. The bidder shall meet and comply with all the Bank’s IT Security Policies and all
applicable Bank’s standards and guidelines, other regulatory/Government-wide laws and
regulations for protection and security of Information Technology.
23. Shall generally and substantially and in good faith follow Bank’s guidelines and CERT-In
guidance. Where there are no procedural guides, use generally accepted industry best practices for
IT security.
24. Information systems must be assessed whenever there is a significant change to the system’s
security posture
25. Bidder shall conduct regular independent third-party assessments of the CSP’s security controls to
determine the extent to which security controls are implemented correctly, operating as intended,
and producing the desired outcome with respect to meeting security requirements and submit the
results to the Bank
26. In case CSP has industry standard certifications (assessed by a third-party auditor) that verify
compliance against the security requirements of the RFP, SLA the results, relevant reports,
certifications may be provided with evidence along with the mapping of the industry standard
certification controls against the RFP requirements. However, if there are any requirements that do
not fall under the industry standard certifications, the bidder shall get the Third-Party Auditor to
assess the conformance to the requirements.
27. Provide an independent Security Assessment/Risk Assessment
28. Bank reserves the right to perform Penetration Test. If the Bank exercises this right, the bidder
shall allow the Bank’s designated third-party auditors to conduct activities to include control
reviews that include but are not limited to operating system vulnerability scanning, web application
scanning, and database scanning of applicable systems that support the processing, transportation,
storage, or security of Bank’s information. This includes the general support system infrastructure.
29. Identified gaps shall be tracked for mitigation in a Plan of Action document.
30. Bidder is responsible for mitigating all security risks found and continuous monitoring activities.
All critical and high-risk vulnerabilities must be mitigated within 7 days, high-risk vulnerabilities
must be mitigated within 14 days and all medium risk vulnerabilities must be mitigated within 21
days and all low-risk vulnerabilities must be mitigated within 28 days from the date vulnerabilities
are formally identified. The Bank will determine the risk rating of vulnerabilities.
31. Shall provide access to the Bank or their designee acting as their agent, when requested, in order
to verify compliance with the requirements for an Information
32. Technology security program. Bank reserves the right to conduct on-site inspections. Bidder shall
make appropriate personnel available for interviews and documentation during this review. If
documentation is considered proprietary or sensitive, these documents may be reviewed on-site
under the bidder’s supervision.
33. Shall provide vulnerability scan reports from Web Application, Database, and Operating System
Scans or the services for the Bank to run the vulnerability scan. Scan results (that fall under the
scope of the bidder) shall be managed and mitigated in Plans of Action.
34. All documents exclusively produced for the project are the property of the Bank and cannot be
reproduced or retained by the bidder. All appropriate project documentation will be given to Bank
during and at the end of this contract or at the time of termination of the contract. The bidder shall
not release any project information without the written consent of the Bank. Any request for
information relating to the Project presented to the bidder must be submitted to the Bank for
approval.
35. Bidder shall protect all Bank data, equipment, etc., by treating the information as sensitive.
Sensitive but unclassified information, data, and/or equipment will only be disclosed to authorized
personnel. The bidder shall keep the information confidential, use appropriate safeguards to
maintain its security in accordance with minimum standards. When no longer required, this

Page 199 of 232


RFP for procurement of Learning Management
System

information, data, and/or equipment shall be returned to Bank control, destroyed, or held until
otherwise directed by the Bank. The bidder shall destroy unneeded items by burning, shredding, or
any other method that precludes the reconstruction of the material.
36. Bank has the right to perform manual or automated audits, scans, reviews, or other inspections of
the bidder’s IT environment being used to provide or facilitate services for the Bank through a
Bank’s designated third-party auditor. Bidder shall be responsible for the following privacy and
security safeguards:
a. Bidder shall not publish or disclose in any manner, without the Bank’s written consent,
the details of any safeguards either designed or developed by the bidder under the
Agreement or otherwise provided by the Bank.
b. To the extent required to carry out a program of inspection to safeguard against threats
and hazards to the security, integrity, and confidentiality of any Bank’s data collected and
stored by the bidder, the bidder shall afford the Bank’s logical and physical access to the
CSP’s facilities, installations, technical capabilities, operations, documentation, records,
and databases within 72 hours of the request. Automated audits shall include, but are not
limited to, the following methods:
i. Authenticated and unauthenticated operating system/network vulnerability
scans.
ii. Authenticated and unauthenticated web application vulnerability scans.
iii. Authenticated and unauthenticated database application vulnerability scans.
37. Automated scans can be performed by Bank’s designated third-party auditors, using Bank’s
specified tools. If the CSP chooses to run its own automated scans or audits, results from these
scans may, at the Bank’s discretion, be accepted in lieu of Bank’s performed vulnerability scans.
In these cases, scanning tools and their configuration shall be approved by the Bank. In addition,
the results of bidder-conducted scans shall be provided, in full, to the Bank.
38. Submission to regular audits: bidder will extend required support to regular audits conducted by
Bank. The purpose of these audits will not only be to ensure conformance with the requirements
stated in this RFP, but also to ensure that the implementation is executed in the best of ways to
meet the requirements of Bank. These audits may be conducted by Bank or Bank’s designated
third-party auditors. Bidder will cooperate fully with the auditor. Bank will inform the bidder of
the shortcomings if any after the audit is completed; and the Bidder will respond appropriately and
address the identified gaps.

Management Reporting Requirements

Deliverables listed below should be accessible via online interface not later than 10 days after the end of the
calendar month and available for up to one year after creation. The information shall be available in format
approved by Bank. The bidder shall monitor and maintain the stated service levels as agreed in the Service
Level Agreement between the Bank and the bidder.

1. Service Level Management


a. Service Level Management Reports (as per the service levels agreed in the Service Level
Agreement between the Bank and the bidder)
b. Text description of major outages (including description of root-cause and fix) resulting
in greater than 1-hour of unscheduled downtime within a month
2. Network and Security Administration (including security breaches with classification, action taken
by the CSP and status) related reports
3. Help Desk / Trouble Tickets raised by the Bank
a. Number of Help Desk/customer service requests received.
b. Number of Trouble Tickets Opened

Page 200 of 232


RFP for procurement of Learning Management
System

c. Number of trouble tickets closed


d. Average mean time to respond to Trouble Tickets (time between trouble ticket opened
and the first contact with customer)
e. Average mean time to resolve trouble ticket
4. Monthly utilization (including peak and non-peak volumetric details) of the Service Offerings for
the Bank
5. Centralized Monitoring & Management and Reporting with:
a. Alerts on event threshold and policy-based actions upon deviations.
b. Internet & Intranet Data Transfer
c. Virtual Instances (CPU, Memory, Storage and Network Port) configuration and utilization
d. Storage Volume (Read/Write and IOPS)
e. Load balancer
f. Application Services
g. Database Monitoring
h. Reports on non-conformance and escalation for privileged access by unauthorized roles/
identities
6. Any other reports as deemed required by Bank from time-to-time.

Exit Management and Transition Requirements

1. Continuity and performance of the Services at all times including the duration of the Agreement
and post expiry of the Agreement is a critical requirement of the Bank. It is the prime responsibility
of bidder to ensure continuity of service at all times of the Agreement including exit management
period and in no way any facility/service shall be affected/degraded. Further, Bidder is also
responsible for all activities required to train and transfer the knowledge to the Replacement
Agency (or Bank) to ensure similar continuity and performance of the Services post expiry of the
Agreement.
2. At the end of the contract period or upon termination of contract, bidder is required to provide
necessary handholding and transition support to ensure the continuity and performance of the
Services to the complete satisfaction of Bank.
3. Bidder shall support the Bank in migration of the VMs, data, content and any other assets to the
new environment created by the Bank or any Agency (on behalf of the Bank) on alternate service
provider’s offerings to enable successful deployment and running of the Bank’s solution on the
new infrastructure. Bidder shall certify the VM, Content and data destruction to the Bank as per
stipulations and shall ensure that the data cannot be forensically recovered. Bidder shall have the
responsibility to support and assist the Bank till successful deployment and access the services
from the new environment.
4. Bidder shall not delete any data at the end of the agreement (for a maximum of 90 days beyond the
expiry of the Agreement) without the express approval of the Bank.
5. During the exit/transition management process, it is the responsibility of the bidder to address and
rectify the problems with respect to migration of the Bank’s application and related IT
infrastructure including installation/reinstallation of the system software etc.
6. The ownership of the data generated upon usage of the system, at any point of time during the
contract or expiry or termination of the contract, shall rest absolutely with Bank.
1. During the contract period, the bidder shall ensure that all the documentation required by the Bank
for smooth transition including configuration, Functional, Technical, SOP, guidelines user manual,
architectural documents etc. are kept up to date and all such documentation is handed over to the
Bank during the exit management process.

Page 201 of 232


RFP for procurement of Learning Management
System

Managed Services Requirements

Backup Services
1. The bidder should configure, schedule and manage backups of all the data including but not limited
to files, folders, images, system state, databases and enterprise applications as per the policy
defined by the Bank.
2. The bidder shall be responsible for file system and database backup and restore services. As part
of the responsibilities the bidder should:
a. Perform and store data and file backups (process of duplicating the customers “to be-
backed-up” “Target Data”) consisting of an initial full back up with daily incremental
backups for files.
b. For the files, perform weekly backups.
c. For the databases, perform a weekly full database backup, with daily backup of database
transaction log files.
d. Cloud platform should provide Encryption of all backup files and data and management
of encryption keys as a service shall be enabled for the Bank.
e. Monitor and manage backup activity.
f. Restore the requested data from backup within a two-hour timeframe.
g. Perform administration, tuning, optimization, planning, maintenance, and operations
management for backup and restore.
h. Provide and install additional infrastructure capacity for backup and restore, as required.
i. Perform backup on the next scheduled backup window in case of any scheduling conflicts
between backup and patch management.
j. Production data shall be replicated to the database copy maintained at Bank’s data center
and provision for daily sync should be ensured by the bidder.

Page 202 of 232


RFP for procurement of Learning Management
System

Appendix- S

LIST OF COUNTRIES – SBI FOREIGN OFFICES

Sl No. Country
1 USA
2 Canada
3 Germany
4 Belgium
5 UK
6 South Africa
7 Mauritius
8 Sri Lanka
9 Bangladesh
10 Nepal
11 China
12 Japan
13 Maldives
14 Oman
15 Singapore
16 Bahrain
17 Qatar
18 Australia
19 Indonesia
20 Hongkong
21 UAE

Page 203 of 232


RFP for procurement of Learning Management
System

Appendix- T

TECHNICAL EVALUATION METRICS

(Minimum marks for getting shortlisted for commercial bid opening: 75%)

SI. Documents to be
Parameters submitted Criteria Marks Max Marks
No

Bidder Experience
1

Bidder should 10 or more years 10


specifically confirm
through a self- 6 to less than 10
5
Length of time declaration on their years
providing LMS letterhead and
1.1 services 10
provide the
purchase order of 5 to less than 6
the first LMS 3
years
contract that they
have signed

Bidder should 8 or more


10
Experience in specifically confirm projects executed
providing LMS to on their letterhead
public/private listed in this regard as per 4 to 7 projects
5
companies in India Appendix-N with a executed
1.2 10
during the last 5 FY copy of the work
as on 31.03.2023 order and / or
Certificate of 2 to 3 projects
3
completion of the executed
work.

Bidder should 6 or more


10
Experience in specifically confirm projects executed
providing LMS for on their letterhead
companies in this regard as per 4 to 5 projects
5
(public/private) in Appendix-N with a executed
1.3 10
the BFSI sector in copy of the work
India during the last order and / or
5 FY as on Certificate of 2 to 3 projects
3
31.03.2023 completion of the executed
work.

Executed at least Bidder should User base of


1.4 one project (in a specifically confirm 50000 or more 10 10
single contract) on on their letterhead learners
providing LMS to in this regard as per

Page 204 of 232


RFP for procurement of Learning Management
System

public limited or Appendix-N with a User base of


private limited copy of the work 20000 or more to
5
company in India order and / or less than 50000
with a pre-defined Certificate of learners
user base during the completion of the
last 5 FY as on work. Please User base of
31.03.2023 provide requisite 15000 to less
proof for 3
than 20000
substantiating the learners
userbase served

2 Approach and Implementation

The bidder must


furnish screenshots
Availability of to confirm the
features as per availability of the
requirements specified
provided in requirement. Please
2.1 Appendix-C Table ensure that the - - 30
A of the RFP. numbering of the
The scoring criteria screenshots matches
is provided in the requirement
Appendix C number outlined in
Table A of Appendix
C in the RFP.

Bidders are
Technical required to submit
Presentation and the following as part
Platform Demo: of the technical bid
response document:
Eligible bidders will
be provided with a - Understanding of
template for the SBI’s business
technical context and needs
presentation and are
required to adhere to - Approach and
the format. methodology for
project
2.2 Furthermore, implementation - - 30
eligible bidders will
receive a use case - Approach for
for the platform knowledge transfer
demo. Evaluation to SBI Admin
criteria for the demo - Outline of work-
will be based on the plan with activities,
quality of the user key milestones and
interface (UI) and time frame for
user experience completion of
(UX) of the learning different activities.
platform, as well as
the extent to which - Approach and best
practices for

Page 205 of 232


RFP for procurement of Learning Management
System

the features meet managing risk and


SBI's requirements. contingency plan for
implementation of
the project in the
given timeframe

- Product roadmap
details

Total Marks 100

Note:
Scores on parameters 1.1 to 1.4 will be normalized for start-ups. Start-ups will be allocated a percentage of
score corresponding to the cumulative score attained on points 2.1 and 2.2 for the aforementioned
parameters. Therefore, while technical evaluation, parameter mentioned under 1.1 to 1.4 does not in any
manner be quantified for evaluating the score of the startup to compete with the other non startup bidders
duly providing the relaxation of prior turnover and prior experience in accordance with Startup policy of
GOI.

Page 206 of 232


RFP for procurement of Learning Management
System

Appendix- U

TEAM REQUIREMENTS & PROFILE FORMAT

Appendix-U 1

TEAM REQUIREMENTS

The bidder is required to depute the following resources and share their profile details and roles and
responsibilities in the format provided.
Additionally, please provide a team structure (organogram) and the number of resources that the bidder
shall provide.

Availability On-site
On-site
Responsibilities (indicative; during Hypercar requireme
Role requireme
non exhaustive) implementatio e nt during
nt
n phase Hypercare
Client  Leads the overall
Relationship project delivery,
Manager providing day-to day
leadership and
collaborating with the
project teams
 Responsible for
maintaining regular
client communication As
 Addresses any required
concerns or issues As As till the end
As required
regarding their required required of the
experience with the contract
product period
 Facilitates decision
making and ensures
successful delivery of
the project
 Ensures timely
deliverables while
meeting quality
standards
Project  Tracks key milestones
Manager and ensures adherence
(PMO) to the committed
timelines
 Provide status updates
to the client team on a Full time
weekly/monthly/quarte till the end
rly basis Full time Full time Full time of the
 Highlights potential contract
risks and works with period
the implementation
team to identify
mitigation mechanisms
 Oversee post-
implementation team

Page 207 of 232


RFP for procurement of Learning Management
System

and coordinate with


them for application
monitoring,
infrastructure and
security monitoring,
and other support as
needed by the bank.
Functional  Understands client
Lead requirements across
functions and ensures
that the learning
As
platform aligns with all Full time - -
required
the requirements
 Provides sign-off on
the functional
specifications
Technical/  Provides expertise on
Integration technical aspects like
Lead integrations, SSO, etc.
 Provides sign-off on
the technical
specifications
including integrations
 Ensures that the
learning platform
architecture aligns with
organizational
demands, scalability
requirements,
concurrency
requirements, etc. to
safeguard optimal
system performance
 Addresses any
As As
integration challenges Full time Full time
required required
and ensures the
accuracy of data flows
 Leads the technical
team responsible for
platform configurations
 Works with the
training team to
develop material and
provide technical
training for end-users
and administrators
 Monitors system
performance and
provides expertise for
addressing any issues
that may arise in the
post-implementation
phase.
 Ensure that design
Solution decisions (functional As As As
Full time
Architect and technical – required required required
integrations) are in line

Page 208 of 232


RFP for procurement of Learning Management
System

with SBI’s
requirements
 Oversees
implementation to
ensure business
challenges are being
resolved
 Guides the
development team as
required to successfully
deliver the project
 Defines the data
migration strategy –
scope, requirements,
objectives – through
analysis of the existing
data structures
 Manages the migration
of data from existing
systems to the LMS
 Oversees data
Data rationalization, data
Migration extraction and data As As
Full time Full time
Specialist/ transformation required required
Lead activities
 Performs validation
activities once data is
loaded in the LMS and
rectifies data quality
issues
 Supports during the
post-migration phase to
address any data-
related issues that may
arise.
 Oversees all the testing
activities and guides
the testing team
 Understands the project
requirements and
creates the testing
scenarios
 Leads the testing
cycles including but
not limited to
As As As
Testing Lead managing logistics, Full time
required required required
setting up of test
environment,
assignment and
execution of testing
scenarios
 Provides reports from
the various testing
phases such as system
integration testing,
UAT etc.

Page 209 of 232


RFP for procurement of Learning Management
System

 Works with the


development team to
prioritize and resolve
defects
 Responsible for quality
assurance process
beyond testing phase
 Establishes quality
standards and
processes
 Ensure adherence to As As
QA Lead Full time Full time
development standards, required required
risk management,
process improvement
 Ensure that the
learning platform
complies with industry
standards, regulations,
 Creates and leads the
training development
effort
 Outlines the training
As As As
Training Lead strategy and creates the Full time
required required required
training plan
 Coordinates training
delivery across
identified stakeholders
 Collaborates with the
client to understand
analytics and reporting
requirements
 Develops and
implements analytics
and reporting strategy
Analytics and
for the LMS in line As As
Reporting Full time Full time
with the client required required
Lead
stakeholder
requirements
 Ensures configuration
of customized reports
 Ensures reliability of
information presented
in reports
 Ensures that the
learning platform
complies with industry
standards, regulations,
and security protocols
 Enhances security
Security measures to identify As As As
Part time
Advisor potential weaknesses in required required required
the system and address
the same
 Collaborates with
stakeholders to
understand security
requirements and

Page 210 of 232


RFP for procurement of Learning Management
System

implements measures
to secure sensitive data
 Ensures compliance
with industry best
practices and leading
security standards
 Supports the leads
(technical
Extended lead/functional
Team lead/data migration
(multiple lead/testing lead etc.)
Full time Full time Full time Full time
team on respective activities
members as  Ensure at least one
required) team member is
mapped to each team
lead
 Manage simple “How
to” issues that can be
resolved without
having to perform root
cause analysis
 Addressing basic user Full time
queries including but during
not limited to login, Onsite hyper care
Post
password reset, access, Part time only only and 2
implementatio Full time
application navigation, during pilot during additional
n L1 team
usage of platform, etc. pilot months
 Resolve simple post hyper
commonly occurring care
issues for users and
other platform user
profiles (Admin,
Faculty, content
creator, etc)
 Any issues that cannot
be resolved by the L1
team
 Includes
troubleshooting for
issues escalated by the
level 1 support team
o Analyzing error
messages and
system logs Full time
Onsite
Post o Resolving issues till the end
Part time only only
implementatio related to learning Full time of the
during pilot during
n L2 team content, assisting contract
pilot
with troubleshooting period
for multimedia and
interactive elements
for all types of users
o Addressing issues
related to third-party
integrations
o Troubleshooting
data exchange,
learner master data

Page 211 of 232


RFP for procurement of Learning Management
System

issues within
internal systems
o Addressing errors
with viewing and
downloading reports
 The L2 team will be
responsible for
examining quarterly
system releases and
evaluating their impact
on the platform.
 The L2 team in
collaboration with the
L3 team shall be
responsible for
coordinating with the
STU team at SBI to
decide whether to
incorporate or exclude
the newly released
features.
 If the decision is made
to incorporate the
releases or new
features into the
platform, the L2 team
(with L3 as required)
shall be responsible for
rolling out the features
and making necessary
modifications to the
platform
 L2 team will take on
the responsibility of
training the SBI L1
team on the new
releases/ features.

 Any issues that cannot


be resolved by the L2
team
 Should possess
expertise in technology
platforms to resolve the
issue
 Includes resolving Full time
Onsite
Post issues escalated from till the end
Part time only only
implementatio Level 2 Full time of the
during pilot during
n L3 team o SSO failure contract
pilot
o Hardware, period
Server, Storage
and network
issues
o Integration
issues
 L3 team will also be
accountable for

Page 212 of 232


RFP for procurement of Learning Management
System

managing minor
workflow changes

Note:
 The team provided by the bidder should have preferably worked on similar engagements for BFSI
sector and / or other large scale deployments spanning multiple geographies and for more than
5000 users
 The bidder will be required to provide L1 support during hyper care and additional 2 months post
hyper care. Beyond this timeframe, L1 support will be managed by the SBI admin team.
 The bidder must provide a final escalation point beyond the team outlined above. Additionally, the
bidder is required to provide an escalation matrix during the time of contracting.

Page 213 of 232


RFP for procurement of Learning Management
System

Appendix-U 2

PROFILE FORMAT

Name:

Designation/Role on this project:

Areas of Expertise:

Total Years of Experience:

Nationality:

Qualifications:

Key responsibilities on this project:

Prior work undertaken that best illustrates capability to handle the tasks assigned under this RFP

Client #1

Client Name:

Overview of the project:

Year:

Duration:

No. of user to which LMS was deployed:

List countries where LMS was deployed:

Key Activities Performed:

Client #2

Client Name:

Overview of the project:

Year:

Duration:

No. of user to which LMS was deployed:

List countries where LMS was deployed:

Key Activities Performed:

Page 214 of 232


RFP for procurement of Learning Management
System

Appendix-U 3

LIST OF BIDDER RESOURCES

Implementation Team

No. of resources
(Bidder can recommend the
Role Min resources required
number basis RFP
requirement)
Client Relationship Manager 1 N.A
N.A
Project Lead (PMO) 1
N.A
Functional Lead 1
N.A
Technical/ Integration Lead 1
N.A
Solution Architect 1
N.A
Data Migration Specialist/ Lead 1
N.A
Testing Lead 1
N.A
QA Lead 1
N.A
Training Lead 1
N.A
Analytics and reporting Lead 1

Security Advisor 1 N.A.


No. of
Role name
resources
Extended Team
Note: Please mention the role and the
number of resources that will be 7
provided. Add more rows as required to
provide this information

Post-Implementation Team

No. of resources
(Bidder can recommend the
Role Min resources required
number basis RFP
requirement)

L1 team 5

L2 team 4

Page 215 of 232


RFP for procurement of Learning Management
System

L3 team 4

Note:
 The Bank may at its discretion request for increasing or decreasing the number of resources
deployed

Page 216 of 232


RFP for procurement of Learning Management
System

Appendix- V

Post Implementation Incident SLA

This section sets forth the conditions under which the bidder will be required to provide post
implementation incident management support. The table below outlines the minimum standards required
from the bidder.

Severity Level Description First Response Resolution Target


Time Time
P1 – Critical Technical and systems problems that block a 30 minutes 6 business 90%
whole organization from performing critical hours
business operations. A significant majority
of users (60% or more) are impacted. The
service must be restored immediately. No
workaround or temporary solution is
available to continue business operations.
E.g. – Widespread log-in issues, system outages
impacting the majority of users, security breaches
or vulnerabilities
P2 – High Blocks significant users from completing 1 business hour 12 business 90%
major functionalities and/or causes a severe hours
drop in the app's performance. Impacts
around half or more users. The service must
be restored in a short time. A workaround or
temporary solution may or may not be
available.
E.g. - Intermittent access issues and major
functionality errors such as course content
loading, inability to submit assignments or
quizzes
P3 – Medium Moderately impacts users' ability to use the 2 business hours 2 business 90%
platform/app and hinders certain non- days
business critical operations. It affects a small
number of users (<10%). Restoration of
service can take comparatively more time. A
temporary workaround is available with
some additional effort.
E.g. - Course content display issues, user
data accuracy issues, incompatibility with
browser or mobile updates for specific user
group
Creates a sub-optimal end-user experience, 4 business hours 8 business 90%
only affects one or multiple users from days
performing non-critical operations. May not
require immediate attention as it does not
P4 – Low significantly affect the user’s productivity. A
workaround is easily available.
E.g. Cosmetic issues such as layout changes,
font size, etc., feature enhancement requests,
course content alignment

Page 217 of 232


RFP for procurement of Learning Management
System

Appendix- W

List of Standard Integrations

Bidders are required to share a list of standard integrations currently included in the product using the
table shared below. Standard integrations will be considered as part of the offering and should be provided
by the bidder at no additional cost.

Integrations included in the existing product


1.
2.
3.
4.
5.
6. Please add more rows as required

Page 218 of 232


RFP for procurement of Learning Management
System

Appendix- X

Data Processing Agreement

This Data Processing Agreement ("Agreement") forms part of the Contract for Services ("Principal
Agreement") dated ______________between:

(i) State Bank of India ("Controller")

And

(ii) M/s. _______________________________("Data Processor")

WHEREAS:

(A) State Bank of India (hereafter referred to as “SBI”) acts as a Data Controller.

(B) SBI wishes to contract certain Services (provided in Schedule 1), which imply the processing of
personal data (provided in Schedule 2), to the Data Processor.

The Parties seek to implement a data processing agreement that complies with the requirements of the
current legal framework in relation to data processing and with the Regulation (EU) 2016/679 of the
European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
(General Data Protection Regulation) and any other data protection and privacy laws applicable to the
Services.

(C) The Parties wish to lay down their rights and obligations (Processor obligations in Clause 3).

IT IS AGREED AS FOLLOWS:

1. Definitions and Interpretation:

1.1 Unless otherwise defined herein, terms and expressions used in this Agreement shall have the following
meaning:

1.1.1 "Agreement" means this Data Processing Agreement and all schedules.

1.1.2 “Controller” has the meaning given to “data controller” in the UK Data Protection Act 1998 and
“controller” in the General Data Protection Regulation (as applicable).

1.1.3 “Client” means a customer of State Bank of India.


1.1.4 “Data Protection Legislation” means as applicable, the UK Data Protection Act 1998, Directive
95/46/EC of the European Parliament and any laws or regulations implementing it, the Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
persons with regard to the processing of personal data and on the free movement of such data (General Data
Protection Regulation) and any equivalent or replacement law in the UK and any other data protection and
privacy laws applicable to the Services.

1.1.5 “Data subject” has the meaning given to it in the Data Protection Legislation.

1.1.6 "Personal Data" has the meaning given to it in the Data Protection Legislation and relates only to
Personal Data processed by a Contracted Processor on behalf of SBI pursuant to or in connection with the
Principal Agreement in relation to the Services provided.

1.1.7 "Processor" means a data processor providing services to SBI.

Page 219 of 232


RFP for procurement of Learning Management
System

1.1.8 “Subprocessor” means any person appointed by or on behalf of Processor to process Personal Data on
behalf of SBI in connection with the Agreement.

1.1.9 "Data Protection Laws" means EU Data Protection Laws and, to the extent
applicable, the data protection or privacy laws of any other country.

1.1.10 "EEA" means the European Economic Area.

1.1.11 "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation
of each Member State and as amended, replaced or superseded from time to time, including by the GDPR
and laws implementing or
supplementing the GDPR.

1.1.12 "GDPR" means EU General Data Protection Regulation 2016/679.

1.1.13 "Data Transfer" means:

1.1.13.1 a transfer of Personal Data from SBI to a Processor; or

1.1.13.2 an onward transfer of Personal Data from a Processor to a Subcontracted Processor, or between
two establishments of a Processor, in each case, where such transfer would be prohibited by Data Protection
Laws (or by the terms of data transfer agreements put in place to address the data transfer restrictions of
Data Protection Laws).

1.1.14 "Services" means the services to be performed by the Processor described in the Principal Agreement
(as provided in Schedule 1).

1.1.15 “Supervisory authority” has the meaning given to it in the Data Protection
Legislation.

1.1.16 “Personal data breach” has the meaning given to it in the Data Protection
Legislation.

1.1.17 “Personnel” means the personnel of the Processor, Subcontractors and Sub
processors who provide the applicable Services; and

1.1.18 “Third country” has the meaning given to it in the Data Protection Legislation.

2. Processing of Personal Data:

2.1 In the course of providing Services to State Bank of India, the Processor may process Personal Data on
behalf of State Bank of India.

2.2 Processor shall:

2.2.1 comply with all applicable Data Protection Laws in the Processing of Personal Data; and

2.2.2 not Process Personal Data other than on the relevant documented instructions of SBI.

3. PROCESSOR OBLIGATIONS:

3.1 Processor Personnel:

Processor shall take reasonable steps to ensure the reliability of any employee, agent or sub-processor who
may have access to Personal Data, ensuring in each case that access is strictly limited to those individuals
who need to know / access the relevant Personal Data, as strictly necessary for the purposes of the Principal
Agreement, and to comply with Applicable Laws in the context of that individual's duties to the Processor,

Page 220 of 232


RFP for procurement of Learning Management
System

ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory
obligations of confidentiality.

3.1.1. The Processor shall process Personal Data only on the documented instructions from State Bank of
India from time to time. State Bank of India shall notify the Processor of any amendments to existing
instructions or additional instructions in relation to the processing of Personal Data in writing and Processor
shall promptly comply with such instructions.

3.1.2. Notwithstanding clause 3.1, the Processor (and its Personnel) may process the Personal Data if it is
required to do so by European Union law, Member State law or to satisfy any other legal obligations to
which it is subject. In such circumstance, the Processor shall notify State Bank of India of that requirement
before it processes the Personal Data, unless the applicable law prohibits it from doing so.

3.1.3. The Processor shall immediately notify State Bank of India if, in Processor’s
opinion, State Bank of India’s documented data processing instructions breach the Data Protection
Legislation. If and to the extent the Processor is unable to comply with any instruction received from State
Bank of India, it shall promptly notify State Bank of India accordingly.

3.1.4. The purpose of the Processor processing Personal Data is the performance of the Services pursuant
to the Principal Agreement.

3.2 Security:

3.2.1 Taking into account the nature, scope, context and purposes of Processing
(provided in Schedule 2) as well as the risk of varying likelihood and severity for the rights and freedoms
of natural persons, Processor shall in relation to Personal Data implement appropriate technical and
organizational measures (Processor obligations in Schedule 3) to ensure a level of security appropriate to
that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR.

3.2.2 In assessing the appropriate level of security, Processor shall take into account, in particular, risks
related to processing of Personal Data.

3.2.3 The Processor shall use appropriate technical and organisational measures to prevent the
unauthorised or unlawful processing of Personal Data and protect against accidental loss or destruction of,
or damage to, any Personal Data during processing activities. It shall implement and maintain the security
safeguards and standards based on the IS policy of State Bank of India as updated and notified to the
Processor by State Bank of India from time to time. The Processor will not decrease the overall level of
security safeguards and standards during the term of this Agreement without State Bank of India’s prior
consent.

3.3 Sub-Processing:

3.3.1 The Processor shall not appoint (or disclose any Personal Data to) any Sub- Processors without prior
written authorisation from State Bank of India.

3.3.2 The Processor shall include in any contract with its Sub processors who will process Personal Data
on State Bank of India’s behalf, obligations on such Sub processors which are no less onerous than those
obligations imposed upon the Processor in this Agreement relating to Personal Data. The Processor shall
be liable for the acts and omissions of its Sub processors to the same extent to which the Processor would
be liable if performing the services of each Sub processor directly under the terms of this Agreement.

3.4 Data Subject Rights:

Data subjects (SBI NRI customers) whose Personal Data is processed pursuant to this Agreement have the
right to request access to and the correction, deletion or blocking of such Personal Data under Data
Protection Legislation. Such requests shall be addressed to and be considered by State Bank of India
responsible for ensuring such requests are handled in accordance with Data Protection Legislation.

Page 221 of 232


RFP for procurement of Learning Management
System

3.4.1 Taking into account the nature of the Processing, Processor shall assist SBI by implementing
appropriate technical and organisational measures (Processor obligations in Schedule 3), insofar as this is
possible, for the fulfilment of SBI’s obligations, as reasonably understood by SBI, to respond to requests to
exercise Data Subject rights under the Data Protection Laws.

3.4.2 In case Data Subject Requests are received by Processor, then the Processor shall:

3.4.2.1 promptly notify SBI if it receives a request from a Data Subject under
any Data Protection Law in respect of Personal Data; and

3.4.2.2 ensure that it does not respond to that request except on the documented instructions of SBI or as
required by Applicable Laws to which the Processor is subject, in which case Processor shall to the extent
permitted by Applicable Laws

3.4.2.3 inform SBI of that legal requirement before the Processor responds to
the request.

3.5 Personal Data Breach:

3.5.1 Processor shall notify SBI without undue delay upon Processor becoming aware of a Personal Data
Breach affecting Personal Data, providing SBI with sufficient information to allow SBI to meet any
obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

3.5.2 Processor shall co-operate with SBI and take reasonable commercial steps as are directed by SBI to
assist in the investigation, mitigation and remediation of each such Personal Data Breach.

3.6 Data Protection Impact Assessment and Prior Consultation:

Processor shall provide reasonable assistance to SBI with any data protection impact assessments, and prior
consultations with Supervising Authorities or other competent data privacy authorities, which SBI
reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other
Data Protection Law, in each case solely in relation to Processing of Personal Data by and taking into
account the nature of the Processing and information available to, the Processors.

3.7 Deletion or return of Personal Data:


3.7.1 Subject to this section 3.7 Processor shall, promptly and in any event within 10 business days of the
date of cessation of any Services involving the Processing of Personal Data (the "Cessation Date"), delete
all copies of those Personal Data.

3.7.2 Processor shall provide written certification to SBI that it has fully complied with this section 3.7
within 10 business days of the Cessation Date.

3.8 Audit Rights:

The Processor shall make available to State Bank of India and any supervisory authority or their
representatives the information necessary to demonstrate its compliance with this Agreement and allow for
and contribute to audits and inspections by allowing State Bank of India, its Client, a supervisory authority
or their representatives to conduct an audit or inspection of that part of the Processor’s business which is
relevant to the Services [on at least an annual basis (or more frequently when mandated by a relevant
supervisory authority or to comply with the Data Protection Legislation) and] on reasonable notice, in
relation to the Processing of Personal Data by the Processor.

3.9 Data Transfer:

The Processor may not transfer or authorize the transfer of Data to countries outside the EU/ India and/or
the European Economic Area (EEA) without the prior written consent of SBI. If personal data processed
under this Agreement is transferred from a country within the European Economic Area to a country outside
the European Economic Area, the Parties shall ensure that the personal data are adequately protected. To

Page 222 of 232


RFP for procurement of Learning Management
System

achieve this, the Parties shall, unless agreed otherwise, rely on EU approved standard contractual clauses /
EU-US Privacy Shield for the transfer of personal data.

3.10 Records:

The Processor shall maintain written records of its data processing activities pursuant to providing the
Services to State Bank of India in accordance with Data Protection Legislation.

3.11 Notify:

The Processor shall immediately and fully notify State Bank of India in writing of any communications the
Processor (or any of its Sub processors) receives from third parties in connection with the processing of the
Personal Data, including (without limitation) subject access requests or other requests, notices or other
communications from individuals, or their representatives, or from the European Data Protection Board, the
UK’s Information Commissioner’s Office (in the case of the United Kingdom) and/or any other supervisory
authority or data protection authority or any other regulator (including a financial regulator) or court.

3.12 Agreement Termination:

Upon expiry or termination of this Agreement or the Services for any reason or State Bank of India’s earlier
request, the Procesor shall: (i) return to State Bank of India; and (ii) delete from all computer systems and
other data storage systems, all Personal Data, provided that the Processor shall not be required to return or
delete all or part of the Personal Data that it is legally permitted to retain. The Processor shall confirm to
State Bank of India that it has complied with its obligation to delete Personal Data under this clause.

4. STATE BANK OF INDIA’S OBLIGATIONS:

State Bank of India shall:

4.1 in its use of the Services, process the Personal Data in accordance with the
requirements of the Data Protection Legislation.

4.2 use its reasonable endeavours to promptly notify the Processor if it becomes aware of any breaches or
of other irregularities with the requirements of the Data Protection Legislation in respect of the Personal
Data processed by the Processor.

5. General Terms:

5.1 Confidentiality:

Each Party must keep this Agreement and information it receives about the other Party and its business in
connection with this Agreement (“Confidential Information”) confidential and must not use or disclose that
Confidential Information without the prior written consent of the other Party except to the extent that:

(a) disclosure is required by law.

(b) the relevant information is already in the public domain.

5.2 Notices:

All notices and communications given under this Agreement must be in writing and will be delivered
personally, sent by post or sent by email to the address or email address set out in the heading of this
Agreement at such other address as notified from time to time by the Parties changing address.

5.3 Governing Law and Jurisdiction:

5.3.1This Agreement is governed by the laws of INDIA.

Page 223 of 232


RFP for procurement of Learning Management
System

5.3.2 Any dispute arising in connection with this Agreement, which the Parties will not be able to resolve
amicably, will be submitted to the exclusive jurisdiction of the courts of MUMBAI.

IN WITNESS WHEREOF, this Agreement is entered into and becomes a binding part of the Principal
Agreement with effect from the date first set out below.

For State Bank of India


Signature ______________________________
Name _________________________________
Title __________________________________
Date Signed ____________________________

For Processor M/s


Signature ______________________________
Name _________________________________
Title __________________________________
Date Signed ____________________________

Page 224 of 232


RFP for procurement of Learning Management
System

SCHEDULE 1

1.1 Services

<<Insert a description of the Services provided by the Data Processor (under the Principal Service
Agreement, where relevant)>>.

SCHEDULE 2

Personal Data

Category of Category of Nature of Purpose(s) of Duration of


Personal Data Subject Processing Processing Processing
Data Carried Out

SCHEDULE 3

Technical and Organisational Data Protection Measures

1. The Processor shall ensure that, in respect of all Personal Data it receives from or processes on behalf of
SBI, it maintains security measures to a standard appropriate to:

1.1. the nature of the Personal Data; and

1.2. Safeguard from the harm that might result from unlawful or unauthorised processing or accidental loss,
damage, or destruction of the Personal Data.

2. In particular, the Processor shall:

2.1. have in place, and comply with, a security policy which:

2.1.1. defines security needs based on a risk assessment.

2.1.2. allocates responsibility for implementing the policy to a specific individual (such as the Processor’s
Data Protection Officer) or personnel and is provided to SBI on or before the commencement of this
Agreement.

2.1.3. ensure that appropriate security safeguards and virus protection are in place to protect the hardware
and software which is used in processing the Personal Data in accordance with best industry practice.

2.1.4. prevent unauthorised access to the Personal Data.

2.1.5. protect the Personal Data using pseudonymisation and encryption.

2.1.6. ensure the confidentiality, integrity and availability of the systems and services in regard to the
processing of Personal Data.

Page 225 of 232


RFP for procurement of Learning Management
System

2.1.7. ensure the fast availability of and access to Personal Data in the event of a physical or technical
incident.

2.1.8. have in place a procedure for periodically reviewing and evaluating the effectiveness of the technical
and organisational measures taken to ensure the safety of the processing of Personal Data.

2.1.9. ensure that its storage of Personal Data conforms with best industry practice such that the media on
which Personal Data is recorded (including paper records and records stored electronically) are stored in
secure locations and access by personnel to Personal Data is strictly monitored and controlled.

2.1.10. have secure methods in place for the transfer of Personal Data whether in
physical form (for example, by using couriers rather than post) or electronic form (for example, by using
encryption).

2.1.11. password protect all computers and other devices on which Personal Data is stored, ensuring that all
passwords are secure, and that passwords are not shared under any circumstances.

2.1.12. not allow the storage of the Personal Data on any mobile devices such as laptops or tablets unless
such devices are kept on its premises at all times.

2.1.13. take reasonable steps to ensure the reliability of personnel who have access to the Personal Data.

2.1.14. have in place methods for detecting and dealing with breaches of security
(including loss, damage, or destruction of Personal Data) including:

2.1.14.1. having a proper procedure in place for investigating and remedying breaches of the GDPR; and

2.1.14.2. notifying SBI as soon as any such security breach occurs.

2.1.15. have a secure procedure for backing up all Personal Data and storing back-ups separately from
originals; and

2.1.16. adopt such organisational, operational, and technological processes and


procedures as are required to comply with the requirements of ISO/IEC 27001:2013 and SBI’s Information
Security Policy as appropriate.

At the time of signing this Agreement, the Processor has the following technical and organizational
measures in place: (To be vetted by SBI)

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
1 Whether the Processor has Information security policy in place
with periodic reviews?
a. Business Continuity Management
b. Backup management
Whether the
Processor have c. Desktop/system/server/network device
operational hardening with baseline controls
2 processes with d. Patch Management
periodic review,
including but not e. Port Management Media Movement
limited to: f. Log Management
g. Personnel Security

Page 226 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
h. Physical Security
i. Internal security assessment processes

3 Whether a proper documented Change Management process has


been instituted by the Processor?
4 Whether the Processor has a documented policy and process of
Incident management /response?

a. Firewall
b. WAF
Whether the Processor’s c. IDS/IPS
environment is suitably d. AD
5
protected from external e. AV
threats by way of: f. NAC
g. DLP
h. Any other technology
6 Whether rules are implemented on Firewalls of the Processor
environment as per an approved process?
7 Whether firewall rule position is regularly monitored for presence
of any vulnerable open port or any-any rule?
8 Whether proper log generation, storage, management and analysis
happens for the Processor application?

a. Web
Is the Processor b. Application
maintaining all logs for
9 c. DB
forensic readiness
related to: d. Configuration
e. User access
10 Whether the Processor maintains logs for privileged access to their
critical systems?
11 Whether privilege access to the Processor environment is
permitted from internet?
12 Whether the Processor has captive SOC or Managed Service SOC
for monitoring their systems and operations?
13 Whether the Processor environment is segregated into militarized
zone (MZ) and demilitarized zone (DMZ) separated by Firewall,
where any access from an external entity is permitted through
DMZ only?

a. Production
Whether Processor has
14
deployed secure
b. Disaster recovery

Page 227 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
environments for their c. Testing environments
applications for:

a. Web
b. App
Whether the Processor
follows the best c. DB
15 practices of creation of
d. Critical applications
separate network zones
(VLAN Segments) for: e. Non-Critical applications
f. UAT
16 Whether the Processor configures access to officials based on a
documented and approved Role Conflict Matrix?
a. Internal servers
Whether Internet access b. Database servers
17
is permitted on:
c. Any other servers
18 Whether the Processor has deployed a dedicated information
security team independent of IT, reporting directly to MD/CIO for
conducting security related functions & operations?
19 Whether CERT-IN Empaneled ISSPs are engaged by the third
party for ensuring security posture of their application?
20 Whether quarterly vulnerability assessment and penetration
testing is being done by the Processor for their infrastructure?
21 Whether suitable Security Certifications (ISO, PCI-DSS etc.) of
the security posture at vendor environment are in place?
22 Whether the Processor has deployed any open source or free
software in their environment?
If yes, whether security review has been done for such software?

23 Whether the data shared with the Processor is owned by SBI (SBI
= Information Owner)?
24 Whether the data shared with the Processor is of sensitive nature?
25 Whether the requirement and the data fields to be stored by the
Processor is approved by Information Owner?
26 Where shared, whether the bare minimum data only is being
shared? (Please document the NEED for sharing every data field)
27 Whether the data to be shared with Processor will be encrypted as
per industry best standards with robust key management?
28 Whether the Processor is required to store the data owned by State
Bank?
29 Whether any data which is permitted to be stored by the Processor
will be completely erased after processing by the Processor at their
end?
30 Whether the data shared with the Processor is stored with
encryption (Data at rest encryption)?
31 Whether the data storage technology (Servers /Public Cloud/
Tapes etc.) has been appropriately reviewed by IT AO?
32 Whether the Processor is required to share SBI specific data to any
other party for any purpose?

Page 228 of 232


RFP for procurement of Learning Management
System

S. No Controls to be implemented Compliance If under


(Yes / No) implementation,
give date by which
implementation
will be done
33 Whether a system of obtaining approval by the Processor from the
IT Application Owner is put in place before carrying out any
changes?
34 Whether Processor is permitted to take any crucial decisions on
behalf of SBI without written approval from IT Application
Owner?
If not, are such instances being monitored? IT Application Owner
to describe the system of monitoring such instances.

35 Whether Application Owner has verified that the Processor has


implemented efficient and sufficient preventive controls to protect
SBI’s interests against any damage under section 43 of IT Act?
36 Whether the selection criteria for awarding the work to Processor
vendor is based on the quality of service?
a. Right to Audit to SBI with scope
defined
b. Adherence by the vendor to SBI
Information Security
requirements including regular
reviews,
change management,
port management,
patch management,
backup management,
access management,
log management etc.
Whether the c. Right to recall data by SBI.
SLA/agreement between d. Regulatory and Statutory
37
SBI and the Processor
compliance at vendor site. Special
contains these clauses:
emphasis on section 43A of IT Act
2000 apart from others.
e. Availability of Compensation
clause in case of any data breach
or incident resulting into any type
of loss to SBI, due to vendor
negligence.
f. No Sharing of data with any third
party without explicit written
permission from competent
Information Owner of the Bank
including the Law Enforcement
Agencies.

Page 229 of 232


RFP for procurement of Learning Management
System

Appendix- Y

CYBER SECURITY

1.1 Secure Design:


a. Develop, implement, maintain and use best in class industry proven security controls that prevents the
misuse of information systems and appropriately protect the confidentiality, integrity, and availability of
information systems. Follow industry standards such as OWASP, SANS, NIST frameworks during design
and development phase.
b. The platform should support strong authentication controls like multifactor authentication
c. The platform should have strong authorization controls. Solution to have controls for prevention against
unauthorized data access and distribution. User and admin access control management to be provided as
part of solution. Access control to be based on least access privilege principle. The Bank or team assigned
by the Bank will be reviewing all access controls mechanism defined.
d. The solution should be capable of integrating with the existing single sign on facility of the Bank.
e. While developing the interfaces, the Bidder must ensure and incorporate all necessary security and control
features within the application, OS, database, network etc., as per OWASP, SANS standards so as to
maintain confidentiality, integrity and availability of the data.
f. Wherever applicable, the solution to have strong file level validation controls for size, type and content.
There should be preventive control against malware. Files should be scanned for any malicious content
in a controlled sandbox environment.
g. The file store locations need to be secured. Strong cryptographic controls to be supported. Such controls
should be compliant as per Industry standards such as FIPS-140, level 2 or higher. The encryption should
support for data while in transit or rest. All encryption keys should be stored in secured location (such as
HSM) with limited access as per NIST framework.

1.2 Secure Development:


a. The solution should adhere to the S-SDLC (Secure System Development Lifecycle) process and practices
as per Bank’s IS policy.
b. Bidder to adhere to the security plan as per the S-SDLC activities and should incorporate it into the Project
Plan before getting it approved from the Bank
c. Developers should be skilled in secure coding and OWASP Top ten vulnerabilities.
d. Code should be developed as per secure coding practices and reviewed to ensure the same.

1.3 Secure Deployment:


a. The solution for sandbox type environment should be isolated from production environment where data
originating from external source could be processed & validated for any malicious content/code before
being sent to internal system.
b. All the hardware or required components should be shipped directly from OEM to the Bank’s premises.
c. Bidder should enforce process and policies such that only authorized users should have access to the
source code.
d. Test data shall be selected carefully and protected and controlled.
e. The source code should be maintained in version-controlled environment that provides for logging and
audit of all activities performed on source code.
f. Development, test, staging and production environment must be physically and logically separated from
one another as far as possible.
g. The solution should ensure there should be no data leakages by implementation of distributed
programming frameworks. The solution should secure data storage and logs. Auditing should be enabled
to track each activity.

Page 230 of 232


RFP for procurement of Learning Management
System

h. All the underlying infrastructure components such as OS, servers (web, application, and database) or any
product should be hardened on each environment before being made functional.
i. Logging should be defined properly so that in the eventuality of the application being targeted or even
compromised it is important for the organization to be able to carry out forensics of the attack as part of
its incidence response framework.
j. Bidder should provide the support for integration of the application with Web Application Firewall
(WAF) and provide the requisite details to WAF Team for implementation of the same.
k. Bidder should provide the support for integration of the application with Intrusion Prevention System
(IPS) and the requisite details to IPS Team for implementation of the same.
l. The bidder should provide support for integration with SIEM (Security Information and Event
Management), DAM (Database Activity Monitoring), and other available tools.

1.4 Security Assessment


a. Wherever applicable, the bidder to conduct SAST (Static Application Security Testing) & DAST
(Dynamic Application Security Testing) and provide detailed reports of the same or the Bank may conduct
the SAST. The bidder should close all the vulnerabilities which should be revalidated by conducting
SAST & DAST again.
b. The bidder should provide full support to Security Review, VAPT and Risk Assessment of all platforms
conducted by the Bank.
c. Standards Benchmark - To ensure that all parties have a common understanding of any security issues
uncovered, the independent organization that specializes in Information security shall provide a rating
based on industry standards as defined by First’s Common Vulnerability Scoring System (CVSS) and
Mitre’s Common Weakness Enumeration (CWE).

1.5 BCP – DR
The selected bidder should develop a disaster recovery plan for restoration of the system in the event of a
disaster or major incident. The Disaster Recovery (DR) Plan should be tested prior to the go-live to
verify DR readiness. Ensure the promotion of the build to production environment is done in a secure
manner and the production environment is ready for the system go-live.

1.6 Secure use of Open Source:


a. The Implementation of open-source technologies should be taken up in compliance with Information
Security (IS) policy of the Bank.
b. The bidder to provide full support in implementation and maintenance for the open-source technologies
in terms of upgradation, patching etc.
c. The bidder should provide the list of all open-source libraries being used in the platform. None of these
should consist of any malicious code/script. All such libraries/code should undergo SAST.
d. Developer shall disclose all binary executables (i.e. compiled or byte code; source code is not required)
of the software, including all libraries or components.
e. Developer shall disclose the origin of all software and hardware components used in the product including
any open source or 3rd party licensed components.

1.7 Security Compliance to Policies and Process:


a. The Bidder shall abide by the access level agreement to ensure safeguards of the confidentiality, integrity,
and availability of the information systems. Bidder will not copy any data obtained while performing
services under this RFP to any media, including hard drives, flash drives, or other electronic device, other
than as expressly approved by the Bank.
b. The Bank will have the right to audit the bidder’s people, processes, technology etc. as part of Vendor
security risk assessment process.

Page 231 of 232


RFP for procurement of Learning Management
System

c. Solution should also be compliant to Indian Information Technology Act, 2000 (along-with amendments
as per Information Technology (Amendment) Act, 2008) and any applicable data privacy & protection
Act.
d. The system should be fully compliant with ISO27001 controls.
e. All personnel who will be part of this engagement should agree to the terms and condition of NDA and
sign in with the Bank .

1.8 Security for Support & Maintenance


a. Bidder should follow all the process defined by the Bank like Incident, Change, Release and Patch
Management
b. Static application security testing and dynamic application security testing should be conducted by the
bidder for any change request involving a design or code change. All gaps identified will be fixed by
Bidder prior to go-live.
c. The Bank reserves the right to conduct further security testing of the source code and the system by either
the Bank personnel or another party. Any gaps identified during this testing will be fixed by Bidder at no
extra cost to the Bank.
d. Configuration items such as computers and other devices, software & hardware contracts and licenses,
third party tools and business services which are related to the application should be disclosed.
e. Bidder will resolve security incidents as per the agreed SLAs.
f. All user and technical access will be granted as per the Role Based Access Control (RBAC) matrix
approved by the Bank. All access will be reviewed as per defined frequency and during control points
e.g. when a team-member leave team or organization.
g. Information Security controls will be enforced when moving production data into non-production
environments e.g. masking sensitive data during the cloning process etc. Audits will be conducted by the
Bank to ensure security controls sustenance. Any gaps identified will be remediated by the bidder.
h. Bidder shall share the source code of the procured application. In case the source code is not to be shared,
the bidder shall provide certificate from regulator approved security auditors, confirming that the code is
free from all code related vulnerabilities.
i. Bidder shall ensure compliance with all government, regulatory and Bank’s internal security
prescriptions, in respect of the product under procurement.

Page 232 of 232

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy