pharma implement vendor tender

7/31/2019 Pharma Implement Vendor Tender

1/253

Page 1 of 253

Tender Document

for engagement of

Implementation Vendor

PROJECT AICNET

www.aicofindia.org

AGRICULTURE INSURANCE COMPANY OF INDIA LIMITED

Regd. Office : AMBADEEP (13th Floor), 14, Kasturba Gandhi Marg, New Delhi-1100 01


2/253

AGRICULTURE INSURANCE COMPANY OF INDIA LTD.

Page 2 of 253

Table of Contents

1 COMPANY ..........................................................................................................41.1 Overview......................................................................................................41.2 Goals .............................................................................................................5

2 PROJECT AICNET..............................................................................................63 AICNET Phase II (IMPLEMENTATION PHASE) ......................................8

3.1 Components of AICNET............................................................................83.2 Program Management Office for AICNET ...........................................11

4 AICNET Phase II TENDER : ADMINISTRATIVE ASPECTS...............124.1 Definitions..................................................................................................124.2 General Clauses.........................................................................................134.3 Bidder Eligibility criteria for Prime / Lead Bidder...........................174.4 Tender Process...........................................................................................18

4.4.1 Bid Submission procedure...............................................................184.4.2 Submission of Documents in the Technical Bid ...........................194.4.3 Technical Bid Format........................................................................214.4.4 Commercial Bid Format...................................................................234.4.5 Bid Calendar......................................................................................274.4.6 Venue and Deadline for submission of Bid...................................294.4.7 Pre-Bid Meetings...............................................................................294.4.8 Bid Opening .......................................................................................304.4.9 Erasures or alterations to the Bids..................................................304.4.10 Withdrawal of Bid.............................................................................314.4.11 Late Tender Bids ...............................................................................314.4.12 Language of Bid ................................................................................314.4.13 Currency of Bid and Payment.........................................................314.4.14 Period of Validity of Bid ..................................................................314.4.15 Site visit by AIC.................................................................................31

4.5

Bid Evaluation ...........................................................................................32

4.5.1 Preliminary scrutiny.........................................................................354.5.2 Clarification of Bids ..........................................................................35

4.6 Award of Contract ....................................................................................354.7 Tender Costs ..............................................................................................37

4.7.1 Tender Processing Fees ....................................................................374.7.2 Earnest Money Deposit....................................................................37


3/253


Page 3 of 253

4.7.3 Performance Bank Guarantee .........................................................385 AICNET Phase II TENDER:TECHNICAL ASPECTS............................40

5.1 Scope of Work............................................................................................405.2

General Principles of Solution Design ...................................................52

5.3 Network Architecture ..............................................................................575.4 Security Architecture................................................................................595.5 Application Description...........................................................................695.6 Expected Application Usage ...................................................................885.7 Application Performance.........................................................................89

6 AICNET - Phase II - TENDER : PAYMENT TERMS..................................917 AICNET Phase II TENDER : LEGAL ASPECTS.....................................96

7.1 Draft Contract Agreement.......................................................................967.2 Service Level Agreement (SLAs) ..........................................................158

7.2.1 Service Level Monitoring Indices .................................................1597.3 Penalties....................................................................................................1627.4 Change Control major deviation/overflow beyond the scope of thisTender...................................................................................................................162

8 Annexure..........................................................................................................1648.1 Annexure 1: Functional Requirement Specification of Applications

1648.2 Annexure 2: Technical Bid Covering Letter.....................................2288.3 Annexure 3: Commercial Bid Covering Letter ................................2308.4 Annexure 4: Format for Bill of Material...............................................2328.5 Annexure 5: Format for Submission of Resume.................................2338.6 Annexure 6: Project Experience Format ..............................................2348.7 Annexure 7: Statement of Deviation(s) from Scope of Work - Format

2358.8 Annexure 8: Clarification of Queries - Format ...................................2368.9 Annexure 9: Performance Bank Guarantee - Format.........................2378.10

Annexure 10: Change Management Sessions .....................................242

8.11 Annexure 11: Technical Evaluation......................................................2448.12 Annexure 12: Project AICNET-II Timeline (Tentative) .....................2468.13 Annexure 13: Table of Contents for SRS..............................................253


4/253


Page 4 of 253

1 COMPANY1.1 OverviewAgriculture Insurance Company of India Limited. (AIC) has been promoted

by General Insurance Corporation of India (GIC), National Bank for

Agriculture and Rural Development (NABARD) and the four Public Sector

General Insurance companies; viz. National Insurance Company Limited, The

New India Insurance Company Limited, Oriental Insurance Company

Limited, United India Insurance Company Limited. At inception, AIC took

over from GIC the implementation of National Agricultural Insurance

Scheme (NAIS), which is the Governments crop insurance scheme.

AIC is under the administrative control of Ministry of Finance, Government

of India (GOI), and under the operational supervision of Ministry of

Agriculture, GOI. IRDA (Insurance Regulatory and Development Authority,

Hyderabad), is the Regulatory body of AIC.

AIC has its Head Office at New Delhi and 17 Regional Offices spread across

the country. The net earned premium of AIC during 2007-08 was Rs. 636.14

Crore. AIC sells various agriculture and allied insurance products and

schemes. Operational & Management Expenses (OME) for AIC is less than 2%

of revenue (2007-08), a definitive edge over competition.

A significant amount of crop insurance business arises out of NAIS. At the

same time AIC is constantly developing newer products which are in line

with market needs and have ready acceptability. Some of the products are:

a.

Weather Based Crop Insurance Scheme (WBCIS)b. Bio fuel Tree/ Plant Insurance Policyc. Wheat Insuranced. Mango Insurancee. Varsha Bimaf. Rainfall Insurance Scheme for Coffee growersg. Rubber Insurance


5/253


Page 5 of 253

h. Uttrakhand Seb Bima Yojana1.2 GoalsLong Term Goals1) Double the coverage (in terms of farmers/acreage/ premium) by the end of

the 11th Five Year Plan

2) Broader Product Mix Foray into New business lines (besides crop

insurance) like cattle, pisciculture etc.

3) Develop a comprehensive umbrella package covering all insurance needs

of a farmer

4) Maintaining Operational & Management Expenses below 5%

5) Growth of NAIS business while increasing the overall percentage of

business through other products

6) Fostering increased customer and stakeholder confidence

Short Term Goals

1) Ensuring coverage of all eligible loanee farmers under crop insurance

2) Reduction in cycle time of claim disbursement

3) Modification of existing products to make them more farmer friendly,

commercially viable, and in line with sound insurance principles

4) Extension of AIC office network to the district level with necessary

resources5) Strengthen distribution / service channels to reach more farmers effectively


6/253


Page 6 of 253

2 PROJECT AICNETDue to escalating operations and data volumes arising out of lowered

insurance unit (from Tehsil to Gram Panchayat level), implementation of

weather based crop insurance products, setting up a network of "Krishi Bima

Sansthans, etc., a need was felt for establishing a holistic Decision Support

System. It was envisaged to adopt an Enterprise Platform for Analytics

System and Intelligence Dissemination, develop an Integrated Operational

Application, supported by a Data Center. At present, AIC is using

Applications developed on Oracle as back-end and Oracle Developer as front-

end in its standalone Regional Offices with no interconnectivity.

Accordingly PROJECT AICNET was envisaged as a holistic IT Systems

Solutions project encompassing all the IT needs of the company. The objective

of the Project is to adopt best industry practices and appropriate technology

to collect, analyze and disseminate requisite information.

AICNET encompasses the software applications to automate parts of the

business and the supporting infrastructure to enable and enhance it. The

solution is expected to facilitate development of new products and services,

streamlining of current operations, office automation and upscaling ofoperations in a cost effective manner. Additionally AICNET is expected to

yield rich dividends in terms of employee productivity and stakeholder

satisfaction.

Project AICNET is divided into two phases:

PHASE I Preparation of the IS Plan (Consultancy Report) - completed

PHASE II Implementation of the IS Plan - to commence through this tender


7/253


Page 7 of 253

INFOTECH SYSTEMS CONSULTANT

To obtain support and consultation for AICNET, AIC has appointed M/s.

Wipro Limited (Infotech Division) as its Infotech Systems Consultant,hereafter referred to as Wipro or IS Consultants.

Role of IS Consultant

In Phase I, Wipro has prepared the Consultancy Report comprising of the

following deliverables:

Inception Report and Project Plan Understanding of the Project AICNET

Business Analysis Report Study of the Business Processes AS-IS and Should

Be.IT Road Map InfoTech Solution as per Business Analysis Report.

All the above deliverables have been adopted by AIC.

In Phase II, role of the IS Consultant shall be to assist AIC to select the

IMPLEMENTATION VENDOR (ImV) and the Product(s) where required

(by following the due process of the Company), and to supervise the

implementation of the IS Plan (Consultancy Report).


8/253


Page 8 of 253

3 AICNET Phase II (IMPLEMENTATION PHASE)3.1 Components of AICNET


9/253


Page 9 of 253

Each Application would have an Owner Department within AIC.

Table 1: AICNET Applications and their Owner Departments

Application Owner Department

Enterprise Applications - Email Solution, Antivirus,

Firewall etc.IT

Portal IT

Top Management Dashboard ANNAPOORNA IT

Product Development & Evaluation System R&D

Human Resources System HR

Financial Management System Finance

Office Services Management System Administration

Legal Management System Legal

Call Centre Setup IT

Underwriting and Claims System Technical

Channel Relationship Management System Marketing

Process Management System Quality Cell (IT)

Data Warehouse & BI System IT

Knowledge Management System IT

Project AICNET-II has been broadly classified into 4 categorize of services:

Application Part of Tender - ImV Responsibility Satellite Services Part of Tender - ImV Responsibility Managed IT Services Part of Tender - ImV Responsibility External Tie-Ups Not Part of Tender - AIC Domain

AICNET Applications would run on a centralized web-based model.

Application meant all the modules mentioned in the functional

decomposition diagram.

To facilitate a smooth transition of stakeholders from the current working

methods to the automated models, extensive Change Management activities

would have to be carried out by the ImV at appropriate stages within the

implementation cycle. The Change Management strategy takes into account


10/253


Page 10 of 253

advantages unique to AIC such as it low headcount, strong management

support, the lack of legacy applications, and its young tech-savvy workforce.

Satellite Services are those components of AICNET which would be the soleresponsibility of the ImV to set-up/tie-up with and manage. The Satellite

Services would be quoted for in the Commercial Bid. Satellite Services would

include Data Centre and Disaster Recovery Services, Call Centre (voice-based

support centre), SMS Gateway, Web-site & E-Mail, WAN Connectivity, etc.

The performance of these Satellite Services shall be regulated by the Service

Level Agreements (SLAs).

External Tie-Ups - AIC would tie-up with External Data/Service Providers,

like Market Information Provider, Mutual Fund Analysis Data Provider,Payment Gateway, STP Gateway Provider, CCIL Platform Provider, Weather

Data Provider, Land Record Data Provider, RBI - PSMIS (Priority Sector

Management Information System), etc. ImV would assist and facilitate the

Company in this regard to the extent possible. However, once a tie-up is

achieved, it shall be the responsibility of the ImV to integrate it with AICNET

(for which the ImV has to quote a separate per-State rate in the Commercial

Bid).

By default, any necessary service or component not specifically mandated as

External Tie-Up would be responsibility of the ImV.

Managed IT Services All necessary services required to keep AICNET and

all its components running. These would include but not be limited to

maintenance (hardware, software, networking and Satellite Services),

debugging, troubleshooting and an IT Support Desk.

The ImV shall be single point responsibility for all components of AICNETexcept explicitly mentioned under External Tie-Ups.

A detailed Tentative Implementation Schedule spanning approximately two

and a half years (as per initial estimate) has been suggested for the entire

AICNET-II in this Tender document (Section 8.12).


11/253


Page 11 of 253

3.2 Program Management Office for AICNET

Board IT Committee

The Board IT Committee shall be responsible for providing approvals and

policy level decisions for the AICNET. The Board IT Committee shall meet as

and when necessary.

AIC Counterpart Cell

The AIC Counterpart Cell and IS CONSULTANT (Wipro Team) shall interact

with the ImV to supervise the implementation of Project AICNET. In addition

to operational level coordination, the AIC Counterpart Cell and Wipro shall

also meet at least once a month to review progress and deliverables. AIC

Counterpart Cell shall be composed of the senior management of AIC, HO

departmental heads, and include representation from the ROs. Review

meetings shall deliberate upon the monthly Status Report to be submitted by

the ImV.

Board IT Committee

Wipro Team AIC Counterpart Cell

Implementation Vendor (ImV)


12/253


Page 12 of 253

4 AICNET Phase II TENDER : ADMINISTRATIVEASPECTS

4.1 Definitions "The Company or AIC" means Agriculture Insurance Company of

India Limited (AIC).

AICNET-II means Phase-II of Project AICNET. Tenderer or Bidder means a Firm who is eligible to participate in

this Tender and submits its Bid.

ImV means a Firm providing the services under the contract withwhom AIC has entered into a contract.

Letter of Intent (LOI) means the written communication to thesuccessful Bidder of the intention of AIC for the award of the services as

per the contract read out with the Tender documents.

Contract means the written order signed by AIC and (ImplementationVendor) ImV after the acceptance of the successful Bidders Bid by AIC

for executing the award.

Contract Price means the price payable to the ImV under the contractfor the full and proper compliance of his contractual obligations.

Consignee means authorized official(s) of AIC for receiving the goodsand services at their intended locations.

Financial Year means, unless otherwise stated specifically, a period of12 months from April to next March.

Satellite Services are components of AICNET which are envisaged tobe outsourced for, e.g. Data Center for Server Hosting, E- Mail, Call

Centre (voice-based support centre), SMS Gateway, Bandwidth, etc.

External Data/Service Providers are tie-ups which AIC would enterinto like Market Information Provider, Mutual Fund Analysis Data

Provider, Payment Gateway, STP Gateway Provider, CCIL Platform

Provider, Weather Data Provider, Land Record Data Provider, etc.

Go-Live Date means the date on which the acceptance testing of theApplication has been successfully completed on all sites.


13/253


14/253


Page 14 of 253

to Award of contract, without assigning any reason or thereby incurring any

liability towards the affected Bidder(s) or any obligation to inform the affected

Bidder(s) of the grounds for AICs action. AIC reserves the rights to alter,

amend, modify, or change any of the specifications, terms and conditionsmentioned herein above.

6. Corrupt or fraudulent practicesAIC insists that the Bidders under this Tender observe the highest standards

of ethics during the procurement and execution of such contracts. In

pursuance of this policy, AIC defines the terms set forth as follows:-

Corrupt practice means the offering, giving, receiving or soliciting of any

thing of value to influence the action of the public official in the procurementprocess or in contract execution; and

Fraudulent practice means a misrepresentation of facts in order to

influence a procurement process or a execution of a contract to the detriment

of AIC, and includes collusive practice among Bidders (prior to or after Bid

submission) designed to establish Bid prices at artificial non-competitive

levels and to deprive AIC of the benefits of the free and open competition;

AIC will reject a Bid for award if it is determined that the Bidder

recommended for award has engaged in corrupt or fraudulent practices in

competing for the contract in question.

AIC will declare a Bidder ineligible, either indefinitely or for a stated period

of time, to be awarded a contract if at any time it is determined that the

Bidder has engaged in corrupt and fraudulent practices in competing for, or

in executing, a contract.

7. Signing of ContractThe Draft Contract Form is appended with this TENDER document (Section

7.1). The successful Bidder shall sign and date the Contract and return it to

AIC within 10 days of announcement of Successful Bidder.


15/253


Page 15 of 253

8. General terms of execution of work The ImV is solely responsible for smooth functioning of AICNET and all

its components.

The ImV shall take prior approval of AIC at every step of preparation ofall documents, formats, modus-operandi charts, process charts etc.

The ImV shall attend all meetings with the Senior Management andCommittees of AIC whenever intimated. Normally, the meetings will be

held at AICs Head Office located in New Delhi.

The ImV shall provide all Documents, Reports, Certificates, Database,Software, Photographs, etc. as and when required by AIC, for carrying out

its mandated responsibilities.

The ImV shall obtain concurrence of AIC on all its certifications andcompliances.

Every Month, the ImV shall submit a Progress-cum-Status Report to AICand make a presentation thereon. The Report must be point-wise and

structured. The Report must also be advisory as to the further course of

action, particularly to catch up on delay, if any.

As and when felt necessary by AIC, the ImV shall arrange for siteinspection by AIC.

NOTE: ALL REPORTS, DOCUMENTS, ETC. SHALL BE SUBMITTED BOTH

IN HARD COPY AND ELECTRONIC FORM (ONE COPY OF EACH) AS

FAR AS APPLICABLE.


16/253


Page 16 of 253

9. Activity CalendarTable 2: AICNET Applications ordered by implementation start date T indicates date of

signing of contract (An indicative Gantt Chart has also been included in this Tender)

Application Module Start

(months from T)

Module Go Live

Date

(months from T)

Enterprise Applications - Email

Solution, Antivirus, Firewall etc.T T + 2

Portal T + 1 T + 3

Top Management

Dashboard AnnapoornaT + 1 T + 3

Product Development & Evaluation

SystemT + 3 T + 5

Human Resources System T + 3 T + 8

Financial Management System T + 4 T + 13

Office Services Management System T + 7 T + 10

Legal Management System T + 9 T + 11

Call Center Setup T + 11 T + 13

Underwriting and Claims System T + 11 T + 24

Channel Relationship ManagementSystem

T + 12 T + 17

Process Management System T + 16 T + 18

Data Warehouse & BI System T + 17 T + 25

Knowledge Management System T + 24 T + 29

Around the conclusion of every stage, the ImV shall make a

Presentation to the Company about the stage. The ImV shall comply with any

review points/recommendations made during the Presentation, and only

after acceptance of the corrected position by the company shall that particular

stage be deemed to have concluded.

NOTE: IN CASE OF DISAGREEMENT IN INTERPRETATION OF ANY

TERM (OR ITS SCOPE) HEREIN, THE VIEW OF AIC SHALL PREVAIL AND

BE BINDING.


17/253


Page 17 of 253

4.3 Bidder Eligibility criteria for Prime / Lead Biddera. Only the following Firms registered / incorporated in India may bid:

i. Single Firmsii. Consortium of Firms led by a Lead/Prime Bidder

b. The Single OR Prime Bidder must have core competency in softwaredevelopment and implementation.

c. Prime Bidder in the consortium will be the single point representative ofthe Consortium Bidder for the entire duration of AICNET-II. However the

Contract document shall be signed by all members of the consortium but

all further documentation up to the Sign-Off stage can be signed by the

Lead / Prime Vendor.

d. Single OR Prime Bidder must fulfil ALL the Eligibility Criteria asspecified:

S. No. Parameters

1 Presence in India for at least 5 financial year presence in India (as on

31.03.2008) (in case of Companies, certificate of incorporation / in case of

partnership Firms, date of registration)

2 3 Corporate Level IT Projects executed in India

(a) Of pan-India scale with at least 20 nodes (locations/ branches) each

(b) Involving all aspects of IT, i.e. Hardware, Software and Networking.

(c) For a value (remuneration) of at least INR 10 Crore each.

3 Additionally 1 Software project of at least INR 3 Crore should be in the

Government / PSU sector in India.

4 Additionally 1 Software project of at least INR 1 Crore should be in the

Insurance sector (in India or elsewhere)

5 Turnover for IT related services in India, in each of the last 3 auditedFinancial Years not below INR 100 Crore. (Certification from Statutory

Auditors)

6 SEI-CMM Level 5 certification

7 At least 5,000 full time employees on the Firms payrolls in the IT services

division

* Certification and supporting documents to be provided for all of the above


18/253


Page 18 of 253

4.4 Tender Process4.4.1 Bid Submission procedureThe prospective bidder shall submit a sealed envelope consisting of two (2)copies of all the bid documents. The name of the project, the bidders name

and address, and the name of the primary and secondary contact person

should be provided on the right hand side of sealed Proposal and must be

received at the address mentioned in this Tender document (section 4.4.6).

The Tender shall be in TWO parts TECHNICAL BID [TB] & COMMERCIAL

BID [CB]. Both the Bids must be submitted together (under a covering letter),

but in SEPARATE SEALED COVERS, giving full particulars and duly

superscribed as follows:

ENVELOPE - I (TECHNICAL BID) - "ENGAGEMENT OF AICNET

IMPLEMENTATION VENDOR 2008 TECHNICAL BID

ENVELOPE - II (COMMERCIAL BID) - "ENGAGEMENT OF AICNET

IMPLEMENTATION VENDOR 2008 COMMERCIAL BID

ENVELOPE - I (TECHNICAL BID)

The Technical Bid must be submitted in a SEALED ENVELOPE along with

the Technical Bid - Cover letter as given in this Tender document (section 8.2).

The Technical Bid [TB] should be complete in all respects and contain all

information asked for. IT SHOULD NOT CONTAIN ANY COMMERCIAL

INFORMATION.

ENVELOPE - IA (EARNEST MONEY DEPOSIT [EMD])

An EMD must be submitted along with the Technical Bid, IN ASEPARATE OPEN ENVELOPE as mentioned in this Tender document

(section 4.7.2).

Bids not accompanied by EMD shall not be accepted. No interest shall be payable by the Company for the amount deposited

as EMD.

No Bank Guarantee will be accepted in lieu of the EMD.


19/253


Page 19 of 253

EMD of successful bidder would be returned to the successful bidder orawardee on completion of the contract. The amount of the EMD shall be

adjusted towards fulfilment of the requirement of the Performance Bank

Guarantee.

ENVELOPE - II (COMMERCIAL BID)

The Commercial Bid must be submitted in a SEALED ENVELOPE along with

the Commercial Bid - Cover letter as given in this Tender document (section

8.3).

Note 1: No loose documents will be accepted as part of either the Technical or

Commercial Bid.

Note 2: AIC will not accept delivery of proposal by fax or e-mail. Proposals

received in such manner shall be rejected and not be entertained.

4.4.2 Submission of Documents in the Technical BidThe Bidders must submit, inter-alia, as part of their Technical Bid, the

following documents in the order below:

a. Eligibility DocumentsCertificate of Incorporation for Companies / date of Registration for

Partnership Firms.

Last 3 audited Financial Years statementDetail of Projects as per the Eligibility Criteria.SEI-CMM Level 5 certificationIn case of Consortium/Joint Venture/Business partnership:

o Details of Lead/Prime Biddero Information regarding any conflicting activities and

declaration thereof

o Power of Attorney in favour of the Person(s) signing the Bidso Affidavit of the Bidder on Rs. 100/- stamp paper to the affect

that :

Declaring the composition of the Consortium that the consortium have quoted for all the items mentioned

in the Tender document,


20/253


Page 20 of 253

All information/documents furnished by them are true &correct to the best of their knowledge & belief, and nothing

material has been concealed.

b. Technical Evaluation DocumentsCertificate/letter of Satisfactory Implementation from the ClientDetail of all projects as per the criteria mentioned in Technical Evaluation

c. Technical Presentation CD and Documents (if any)Note: No promotional or marketing literature should be submitted in loose

form. Technical proposals containing generic marketing or business

promotion sections will not be favourably looked upon. The material on thebidder organisation should be relevant to the scope of this engagement.


21/253


Page 21 of 253

4.4.3 Technical Bid FormatThe Technical Bid should incorporate the following in order given below:

a. Understanding of AICNET objectives and architecture.b. Approach for setting up AICNET-II:

i. System Requirement Specification for variousapplications

ii. Strategy for setting up of AICNETiii. Technical Architectureiv. Security Architecturev. Network Architecture

vi. Data Centre and Disaster Recovery Architecturec. The Bidder shall include specifications of Data Center (including server

specifications) and Bandwidth requirement progressively along the

duration of the project till the Sign- Off date.

d. The Bidder shall provide details of its plan to address the technologyrequirements, such as scalability, availability, performance requirements

of the system mentioned in this TENDER.

e. Work Plan clearly marking all deliverables and start end dates ofproject phases

f. ImV - Project Team structure, size and capabilities.g. A specific description of prior experience and expertise of the resources

to be dedicated for the project.

h. Resumes of key manager(s) responsible for the management of theproject and team, highlighting relevant experiences in the format

mentioned in this Tender document (section 8.5).

i. Resumes of the personnel who would be directly assigned/responsibleto provide the major services/functions as pertains to this contract and

the specific function each individual would perform.

j. All resumes of the proposed team should be given only in the formatprovided in this TENDER (section 8.5).

k. Innovative suggestions that the bidder may want to render w.r.t. theapproach adopted for the assignment in the light of their expertise or

experience from similar assignments.


22/253


Page 22 of 253

l. Bill of Material of all components proposed for solution (e.g. software,hardware, etc.) in the format as provided in this TENDER (section 8.4).

m.Experience with similar activities in the format provided in this TENDER(section 8.6).

n. Quality assurance/process.o. Deviations and Exclusions: the Bidder shall provide the deviations and

exclusions, if any, from the defined scope of work in the format provided

in this TENDER (Section 8.7).

p. Bidder Undertakings: Bidders guarantee for accomplishing theimplementation schedules for completion of AICNET Phase-II.

q. Total Responsibility: Bidder should issue a statement undertaking totalresponsibility for the defect free operation of AICNET.

r. Any other information that Bidder thinks worth mentioning in theproposal.


23/253


4.4.4 Commercial Bid Format

OPEXS.

No

Sub Component CAPEX

Year 1 Year 2 Year 3 Year 4 Y1 Applications

1.1 Portal NA NA NA NA N

1.2 Human Resource Management

System (HRMS)

NA NA NA NA N

1.3 Office Services Management

System

NA NA NA NA N

1.4 Financial Management System NA NA NA NA N

1.5 Product Development System NA NA NA NA N1.6 Legal Management System NA NA NA NA N

1.7 Underwriting and Claim

Processing System

NA NA NA NA N

1.8 Channel Relationship and

Grievance Redressal System

NA NA NA NA N

1.9 Process Management System NA NA NA NA N

1.10 Data Warehousing, Business

Intelligence and Data MiningApplications

NA NA NA NA N

1.11 Knowledge Management

System

NA NA NA NA N


24/253


OPEXS.

No

Sub Component CAPEX

Year 1 Year 2 Year 3 Year 4 Y

2 Satellite Services

2.1 Call Centre NA

2.2 Bandwidth NA

2.3 SMS Gateway NA

2.4 Server Hosting on Data Centre NA

2.5 Email NA

2.6 Client Level Security NA

3 Router with Firewall / IP

facilities built-in

4 Licenses

5 Certifications

5.1 ISO 270001 NA NA NA NA N

6 Managed IT Services NA

Total 1

CAPEX

TOTAL OPEX TOTAL

For Discounting Factor (DF)


25/253


S

No

Sub Component Unit Rate

1 Integration with Land Records (Per State Rate)

2 Training / Change Management

3 IT Professional Man-Month (8hrs X 22 days) rate

Total 2

Grand Total (Total 1 + Total 2)

Note 1: The commercial quote carries a total weightage of 30. Out of this:

25 points will be allotted on the basis of the above Grand Total only 5 points will be allotted on the basis of the Discounting Factor (DF). If the O

indicated in the above table) is 25% or more, then 5 points for DF will be allotted

Note 2: Year-wise progressive OPEX must not decrease; from year to year, the OPEX quo

constant or increase.

Note 3: If AICNET Sign Off extends beyond the 5th year (from the date of Contract A

completed year thereafter, the average of 5 year OPEX quote will be applicable.

Note 4: For provisioning services under External Tie-Ups AIC will be responsible, however Im

for integrating the services with appropriate Applications. The quote for the integration effort

the respective Applications should be included in the quote for respective Applications (except


26/253


Note 5: All quotes to be mentioned in INR

Note 6: For each component/module above, 80% of due payments would be paid as per achand cumulative balance (20%) would be paid after Sign-Off.

The success of Project AICNET depends on the combined performance of ALL its compone

words, the following principle applies The chain can be only as strong as its weakest link

performance of the entire project will be affected and jeopardized by the f

component/module/service.

Following this principle, THE CUMULATIVE 20% AT THE SIGN-OFF OF PROJECT AICONLY IF THE ENTIRE PROJECT (INCLUDING ALL ITS COMPONENTS/MODULES

SUPPORT COMPLIANCE) IS FUNCTIONING/PERFORMING SATISFACTORILY IN TOTAL

This overriding final payment condition is at the sole discretion of AIC (TEC) and in additio

penalties and punitive measures prescribed elsewhere in this Tender Document.


27/253


Page 27 of 253

4.4.5 Bid CalendarTable 3: Tender Calendar

S.No. Key Activities Date1 Issue of Tender 11.10.2008

(Saturday)

2 Last date for receiving initial queries from prospective

bidders (1300 hrs)

24.10.2008

(Friday)

3 Pre-Bid Meeting 1 for initial clarifications (1130 hrs) 05.11.2008

(Wednesday)

4 Revision/Addendum/Corrigendum (if any) uploaded on

AIC website (http://www.aicofindia.org)

12.11.2008

(Wednesday)5 Last date of receiving supplementary queries from

prospective bidders (1300 hrs)

17.11.2008

(Monday)

6 Pre-Bid Meeting 2 for final clarifications (1130 hrs) 19.11.2008

(Wednesday)

7 Last date for submission of sealed bids and Presentation

CDs (1300 hrs)

26.11.2008

(Wednesday)

8 Technical Bid opening (1400 hrs) 26.11.2008

(Wednesday)9 Vendor short listing for presentation based on eligibility

criteria

01.12.2008

(Monday)

10 Vendor Presentation to Technical Evaluation Committee

(TEC) - Start Date (1000 hrs onwards)

03.12.2008

(Wednesday)

11 Final Technical assessment by TEC 13.12.2008

(Saturday)

12 Commercial Bid opening & Final Score (1300 hrs) 13.12.2008

(Saturday)

13 Contract signing and Award 29.12.2008

(Monday)

Contact: Shri Avinanda Ghosh, Chief Manager ([email protected])

2nd Floor, Jeevandeep Building, Parliament Street, New Delhi 110001

Contact Number (Office): 011 23349000


28/253


Page 28 of 253

The Company reserves the sole discretion and right to unilaterally revise any of

the dates (and notify the time) mentioned above. In such case, the revised

dates/times will be uploaded in the Project AICNET link on the Companys

website (http://www.aicofindia.org), NO LATER THAN 5 DAYS BEFORE THE

EARLIER PUBLISHED DATE. The revised (uploaded) date shall override the

earlier published date.

Note 1: The Technical Evaluation Committee (TEC) shall analyse and assess Bids

and will be composed of (Quorum=4):

General Manager, AIC Deputy General Manager (IT), AIC Chief Manager (IT), AIC IS Technical Advisor IS Consultant

Note 2: Presentation CD-Rs + signed printouts must be submitted by all

Prospective Bidders as part of the Technical Bid. Approx. half-day Presentation-

cum-Interaction session would be taken by TEC for assessment of Technical

suitability and competence, carrying a weightage of 40 points. The presentation

shall cover the following broad areas:S.no. Parameters for

Evaluation

Points Indicative Issues

1 Understanding

of AICNET

8 Does the Bidder clearly understand the challenges

that are likely to be faced in implementing

AICNET? What are the solutions proposed to these

challenges? What is the track record of the Bidder

in implementing these solutions?

2 ProvenSolution

8 To what extent is the functionality of AICNETalready available? Has the solution been

successfully implemented earlier, preferably across

several locations? In case it is a developed solution,

has the Bidder implemented similar solutions

elsewhere ?


29/253


Page 29 of 253

3 Flexibility 8 Does the solution permit easy enhancement of

functionality as the future needs of AICNET

evolve? Further, does the solution permit plug-in /

plug-out functionality so that one or more modules

could be replaced with new solutions, perhaps

from a third party? To what extent does the

solution permit platform independence?

4 Maintainability 8 To what extent is the solution maintainable? To

what extent is it built using industry-standard

processes, methodologies, tools, languages, etc?

5 Scalability 8 Has the solution been implemented across

installations of size and scale similar to AICNET?

4.4.6 Venue and Deadline for submission of BidThe Bids in ORIGINAL should reach AIC at the following address:

Agriculture Insurance Company of India Limited,

AMBADEEP (13th

Floor),14, Kasturba Gandhi Marg,

New Delhi 110001

In case the bid is submitted by hand, bidders representative(s) shall sign a

register evidencing their attendance.

4.4.7 Pre-Bid MeetingsThe bidders authorized representatives are invited to attend the Pre-Bid Meeting

at their own cost.

Venue of both the Pre-Bid Meetings shall be uploaded on the Companys website

under the link of Project AICNET 5 days in advance of the date of the

meetings.


30/253


Page 30 of 253

Pre-Bid Meeting 1 would clarify written queries received as well as any query

raised in the meeting itself.

After the Pre-Bid Meeting 1, if the Company feels necessary, it may at its sole

discretion issue a revision/addendum/corrigendum and upload it on its

website. In such case this revised document/addendum/corrigendum shall be

considered as a legal and valid, and would supercede the earlier version.

Pre-Bid Meeting 2 would clarify the written supplementary queries as well as

any query raised in the meeting itself.

4.4.8 Bid OpeningTotal transparency will be observed while opening of Bids. Sealed envelops of

the bids will be opened in the presence of authorized representatives of the

bidders who wish to attend the event. AIC reserves the right at all times to

postpone or cancel a scheduled TENDER opening. The venue and time for the

opening of Bids shall be uploaded on the Companys website under the link of

Project AICNET 5 days in advance of Bid Opening dates.

4.4.9 Erasures or alterations to the BidsBids containing un-initialled erasures or alterations will not be considered. AIC

reserves the right to treat Bids not adhering to these guidelines as unacceptable.

Bidders are advised to exercise adequate care in quoting the prices. No

modification/ correction in quotations will be entertained once the commercial

bids are submitted. Even before submission of the bid, care should be taken to

ensure that any corrections/overwriting in the bid are initialled by the person

signing the bid form.

In case of Arithmetic errors in bids for amounts mentioned in figures and in

words, the amount in words shall govern.


31/253


32/253


Page 32 of 253

4.5 Bid EvaluationSelection Basis

CQCCBS (Combined Quality Cum Cost Based Selection) evaluation

methodology will be employed for selection of Implementation Vendor (ImV).

CQCCBS uses a competitive process among eligible Firms that takes into account

the technical as well as the commercial parameters in the selection of the

successful firm. A weighted scoring pattern on a scale of 100 has been adopted to

account for the relative impact of different components of the bid.

TECHNICAL EVALUATION (WEIGHT 70): The Technical evaluation shall be

done via the following steps:

a. Shortlisting of all submitted bids on the basis of defined eligibility criteriab. Scoring of all shortlisted eligible bids on the basis of pre-defined and

structured technical parameters as mentioned in this Tender (Refer Section

8.11) (Weight: 30)

c. Scoring of all shortlisted eligible bids through a vendor presentation andinteractions session (Weight: 40)

COMMERCIAL EVALUATION (WEIGHT 30): The Commercial bid has been

called for sub-component wise in a structured tabular format.

a. Each sub-component (application / service) specified in the commercial bidtable shall be quoted for CAPEX (development and commissioning) in INR

and for Annual OPEX (running costs for services/upgradation and

maintenance within scope for applications) in INR. For some components, a

rate quote has also been called for.b. The Commercial quote carries a total weightage of 30. Out of this:

25 points will be allotted on the basis of the Grand Total of theCommercial bid only

5 points will be allotted on the basis of the Discounting Factor (DF).If the OPEX : CAPEX ratio (as indicated in the Commercial bid


33/253


Page 33 of 253

format) is 25% or more, then 5 points for DF will be allotted

(otherwise 0 points)

c. The sub-component costs are called for:i. So that Management may retain the right to exclude any

sub-component at any stage with a two month notice from

the agreed timelines.

ii. To enable the management to make milestone-basedpayments

.


34/253


35/253


Page 35 of 253

B: 50.00 + 25.00 = 75.00 points H2 rank

C: 40.00 + 27.73 = 67.73 points H3 rank

Bidder A at Rs.120 was therefore declared as H1, and recommended for

Negotiations /approval.

4.5.1 Preliminary scrutinyAIC will initially scrutinize the Bids on the following parameters:

Technical documentation has been furnished Documents have been properly signed EMD DD is valid in all aspects

A Tender Bid determined not substantially responsive will be rejected by AIC,

and the Commercial Bid for such Bidder will NOT be opened.

4.5.2 Clarification of BidsA prospective bidder requiring any clarification on the TENDER documents may

notify AIC in writing, in the format mentioned in this Tender document (Section

8.8), at the AICs address indicated in this TENDER (Section 4.4.5). All queries

should reach AIC by 14:00 hours on the respective dates.

AIC would give clarifications to the bidders in the Pre bid meetings only. AIC

would not prepare and send responses to the queries and clarifications by the

bidders in a consolidated manner and has the right not to respond to some or

any of the queries at its sole discretion. AIC will not normally entertain or

respond to bidders queries and clarifications after Pre Bid Meeting 2.

4.6 Award of ContractThe successful Bidder will be negotiated with for award of the Contract. The

assignment will commence from the date of signing of Contract. The single Firm

or all members of the consortium, as the case may be shall have to sign the

Contract.


36/253


Page 36 of 253

The draft Contract appended herewith shall form the basis of the finalnegotiation and contract between the Company and successful bidder.

However the commitments submitted by the successful bidder throughtheir bid documents stands sacrosanct from their side.

* (Read along with the tender document and the bid of successful bidder)


37/253


Page 37 of 253

4.7 Tender Costs

4.7.1

Tender Processing Fees

4.7.1.1 PurposeThe bidder is responsible for all costs incurred in connection with participation

in this process, including but not limited to, costs incurred in conduct of

informative and other diligence activities, participation in meetings,

presentation, preparation of bid and in providing additional information

required by AIC.

4.7.1.2 AmountAll Tenderers are required to pay Rs. 20,000/- (Rupees Twenty Thousand only)

towards Tender Processing Fees.

4.7.1.3 Mode of PaymentTender Processing Fees to be paid in the form of demand Draft drawn in favor of

AGRICULTURE INSURANCE COMPANY OF INDIA LIMITED and payable

at NEW DELHI

4.7.1.4 Refund / Repayment RulesThe Tender Processing Fee is Non-Refundable.

4.7.1.5 ForfeitureBid without adequate EMD will be liable for rejection without providing any

opportunity to the bidder concerned

4.7.2 Earnest Money Deposit4.7.2.1 PurposeAn earnest Money Deposit is a deposit to demonstrate that the bidder is serious

(earnest) about the tender and its execution.


38/253


Page 38 of 253

4.7.2.2 AmountBidders shall submit, along with their Bids, Bid security or EMD of Rs.

10,00,000/- (Rupees Ten Lakhs only).

4.7.2.3 Mode of PaymentEMD will be paid in the form of a Demand Draft in favor of AGRICULTURE

INSURANCE COMPANY OF INDIA LIMITED and payable at NEW DELHI.

EMD in any other form shall not be entertained

4.7.2.4 Refund / Repayment RulesEMD would be refunded to all unsuccessful bidders within 30 days of award of

the Project. EMD of successful bidder would be returned to the successful bidderor awardee on completion of the contract. The amount of the EMD shall be

adjusted towards fulfilment of the requirement of the PBG.

4.7.2.5 ForfeitureAny attempt to influence the bidding process as defined in this Tender document

(Section 4.2) shall lead to forfeiture of the EMD and shall attract blacklisting of

the bidder. EMD can also be forfeited in the following instances:

If Bid is withdrawn during the validity period or any extension thereof. If the Tender is varied or modified in a manner not acceptable to AIC after

opening of the same.

If the Bidder tries to influence the evaluation process, at any stage. If the First ranked Bidder withdraws his Bid during negotiations (However,

failure to arrive at consensus by both the parties shall not be construed as

withdrawal of Bid by such Tenderer).

4.7.3 Performance Bank Guarantee4.7.3.1 PurposeThe successful bidder shall at its own expense deposit with AIC, within fifteen

(15) working days of the date of award of the contract, an unconditional and

irrevocable Performance Bank Guarantee (PBG) from a scheduled bank, payable


39/253


Page 39 of 253

on demand, for the due performance and fulfilment of the contract by the

awardee. The PBG shall remain valid for the duration of the project timeline.

4.7.3.2 AmountThe successful bidder is required to deposit Rs. 20,000,000/- (Rupees Two Crores

only) as Performance Bank Guarantee.

4.7.3.3 Mode of PaymentAs per standard banking procedure

4.7.3.4 Refund / Repayment RulesNot applicable

4.7.3.5 ForfeitureIn the event of non-performance of the contract for reasons attributable to the

awardee, AIC would invoke the PBG. Notwithstanding and without prejudice to

any rights whatsoever of AIC under the contract in the matter, the proceeds of

the PBG shall be payable to AIC. AIC shall notify the bidder in writing of the

exercise of its right to invoke the PBG indicating the contractual obligation(s) for

which the bidder is in default, and will ask the bidder to show cause as to why

AIC should not invoke the PBG. The awardee is required to show cause inwriting, within 14 working days of the date of show cause notice.

AIC will retain sole and overriding discretion in all matters relating to the show

cause procedure.


40/253


5 AICNET Phase II TENDER:TECHNICAL ASPECTS

5.1 Scope of Work

The scope of the project AICNET as described here includes, but not limited to:

Head Components Area Description of scop

Application Design Based on the

Specifications (FR

analysis/study, t

System Requireme

format given this8.13). The ImV sha

its stakeholders,

proposed deviatio

Applications -Portal

-HRMS

-Office Services Management

System

-Financial Management System-Product Development System

-Legal Management System

-Underwriting and Claim

processing system

-Channel Relationship and

Grievance Redressal System

-Process Management System

-Data warehousing, Business

Intelligence and Data Mining

Applications

-Knowledge Management

Application

Development /

Configuration and

Integration

The ImV shall d

Applications wi

updations /upgra

For all Applicatio

scratch, or ready

methodologies, la

and documentatio


41/253



as per generally acSystem

User Acceptance

Testing

The ImV shall

-design and subm

Cases for each App

-submit the Test P

and schedule) and

- perform the testi

on the approved T

results and fix t

testing.

- Stress Testing of be conducted an

submitted to AIC.

Implementation and

Go-Live (for each

location)

-Data preparation,

transformation, cle

-Integration with G

-Providing Docum

Manual) and Appl

-The satisfactory cdetermine/ signify

particular Applica

Satellite Call Centre Call Handling ImV shall provide


42/253



capable of hand

Languages with an

1000 calls per day.

All India Toll Free

Number

ImV shall provid

number. The Tol

queries both for

Centre. The IVR

calls for the Call

Desk.

SMS Gateway - ImV shall prov

which SMSs can be- ImV shall setup

support the func

Mobile Insurance

Claim Processing S

Connectivity and

Availability

ImV shall be

connectivity and a

Services

Network

Hardware -ImV shall suppl

Routers with inbuone each at AIC of


43/253



Bandwidth -ImV shall setup

between AIC H

hosting AICNET a

- ImV shall setup

Broadband Interne

and ROs.

Email Server - ImV shall setup

exclusively for p

AIC. ImV shall cre

accounts each with

- ImV shall host tCentre facility to b

project AICNET

E-Mail

Email Clients - ImV shall instal

for 300 users

Data Centre Server Hosting - ImV shall make

Facility for hostin

scope of AICNET

- ImV shall proServers (such as

Server, Databas

Antivirus Server, F


44/253



- The capacity

sufficient to succe

within the scope o

- ImV shall ensur

measures to cop

Hardware Comp

Failure, Power Fai

- ImV shall ensu

provided for AIC

data/ application

AICNET- ImV shall ensur

hosting the Data

shared by any othe

- At no stage of th

capacity as de

running the applic

Disaster Recovery -ImV shall ensure

hosting applicationFlood and other en

-ImV shall ensure

hosting applicati


45/253



burglary

Data Centre

Services

- ImV shall pro

Backup, Data S

Intrusion Preventi

Application

Availability on the

Internet

- ImV shall obta

machines

- ImV shall conn

AICNET applica

ensuring ApplicaInternet through

Kbps (20 Mbps) ca

- ImV shall provi

connectivity failur

Client level Security Solutions - ImV shall ensure

AIC through Antiv

- ImV shall supp

Antivirus Server avirus solution sho

for known viruses


46/253



- ImV should ens

regularly updated

External Tie-

ups

-STP Gateway

-Screen for online equity quotes

-Payment Gateway

-Market Information

-Mutual Fund Analysis Data

-CCIL Platform

-Weather Data

- The ImV shall

between the Comp

providers

- ImV shall int

accessible applica

application (as de

the applications

Section 8.1)

- Payment Gatewa2nd year (from the

along with the

Processing System

Licenses -Database License

-Reusable Components

-Off the Shelf Software

-Antivirus

-Email-GIS (Geographical Information

System)

-Any other License

- ImV shall provid

License Certificate

applicable) to AIC

- Licenses shall be

- ImV shall provisoftware for the

AICNET

- Licenses shall


47/253



applicable) on a

basis

Training /

Change

Management

-Collateral Development

-IT Department Sensitization

Training

-Training to Nodal banks and

intermediaries

Refer Section 8.10 ImV shall under

interventions as p

objectives, and inc

and end-user staf

stakeholders in its

Managed IT

Services

IT Support Desk -The ImV shall p

from the Go-L

Application to be

and cumulatively they go-live, upt

Warranty period o

- The services

stabilization, hard

administration,

database administ

resolution

-ImV shall coordissues related to an

under the scope of

- ImV shall provi


48/253



logging and status

under the scope of

-The Managed IT

through an equipp

HO.

-At ROs, the Im

services from its ow

IT Infrastructure Management -Hardware

maintenance

-System

Administration-System Security

Administration

-AIC Office

connectivity and

end-user problem

resolution.

ImV shall take

Infrastructure at A

any user issues re

the duration of the- At present, AIC

Hardware (appro

nos of Compaq P

Compaq PIII based

based Desktops, 1

based Desktops, 1

based Laptops, 30

one Printers, 55 Matrix Printers (13

5 nos of 2 KVA U

100 nos of HP Co


49/253



16 nos of Dell Co

some of the DM

ones, UPSs etc. are

date.

-SEVOTTAM The ImV shall be

of all components

conflict with the pr

The ImV shall p

necessary for certif

The ImV shall faci

through the entire

Since Sevottam en

activities (and h

separate Sevottam

However, the abov

the final sign-off p

Documentation Security Policy for

Ensuring standards -Roll out of the Sec-Pre-Audit of the S

Certifications

Support

-ISO 27001

Support for The ImV shall faci


50/253



certification through the enti

Expected jobs-

Accreditation Age

(if any) and arrang

Warranty Solution Warranty -The ImV shall w

overall Solution s

from the design o

any act of omission

-This Warranty

tuning, optimizing

to serve its intentApplication. The

up to the Sign-Off

from the last G

Application, OR t

whichever is later.

Note1: ImV shall submit an Inception Report after signing of the contract detailing th

Structure, agreed Scope, Work Breakdown Structure, Project Plan, Deliverables, MilestonesRisk Management Plan, Communication Plan, various templates to be utilized for project repo

effect the framework for successful execution of the project AICNET.


51/253


Note 2: Licenses and Intellectual Property Right (IPR)

-Source Code, Documentation, executables, Usership Rights, etc. of all the Applications / Com

AIC shall be the IPR of AIC.

-All Components such as DLLs / APIs / executables for which source code cannot be providfor successful operation of AICNET shall be provided to AIC with perpetual usage rights.

-ImV shall ensure that the licenses of all the software required for running AICNET be in the n


52/253


Page 52 of 253

5.2 General Principles of Solution Design1. ApplicationThe Applications described shall be web-enabled unless specified otherwise. This

suggested Design takes into account the following advantages of web

applications over traditional applications:

a. End-user does not need to install any softwareb. Platform independence, only a web browser requiredc. Easy version management - newer versions & updates are easily installed

on the server, rather than on each individual computer

d. A central server processes all user-transactionse. Anywhere-Access - Applications are accessible from within the AIC

organisation as well as anywhere else.

f. The design of the Application should follow the N Tier Architecture withseparate layers for Presentation, Business Logic, Database, etc.

g. The security of the data transfer should be ensured through encryption.2. UsabilityA critical success factor for AICNET is a simple, intuitive user interface. It must

be noted that a majority of the users (external users) of AICNET may have just abasic familiarity with computers, and the user interfaces must be designed

accordingly.

a. For Applications meant primarily for office environment, user-interfaceshould be rich and interactive.

b. For applications to be used in rural settings over a low bandwidthconnection, the pages served to the user should be in small size.

c. Response time of web pages should be fast even for low bandwidth users asdefined in this Tender (Section 5.7).

d. Page elements that require additional downloads (not included on astandard web browser) should be avoided and in any case restricted for

those applications that are likely to be accessed from low bandwidth

locations.


53/253


Page 53 of 253

3. Touch PointsThere will be three new touch points between AIC and its various stakeholders,

in addition to the current physical offices:

a. Web based interaction: This is the primary means of interaction withstakeholders. System functionality is planned around a web portal.

b. Voice based interaction: Capability will be established so that stakeholdersinformation needs may be satisfied over the telephone with the assistance of

voice based support. The following services will be available over the

telephone ideally by dialing a toll free number or local number. The key to

success in a voice interaction model is tightly defining the set of services thatare offered and providing the voice support staff with the relevant

information to provide that service.

Sales Information: Product information (scheme structure, cost, benefits)relevant to the end customer (Farmer) and to the intermediary will be

available over the telephone. The nearest point of sale of the product (bank

branch, e-choupal etc) to the customer will be available.

End customer servicing information: The farmer may call up the call centerto get updated information on the current status of his policy if the policy

is in force and complete in all respects, claim accrued as on date, scheduled

payout dates etc.

Intermediary servicing information: The intermediaries such as e-choupalrepresentatives or bank representatives can call to enquire about the

payment of commission.

Claim related information: The farmer may call to confirm details of theclaim due to him and to which bank account it was electronically creditedwith the credit date.

Grievance redressing: In case any of the requests from intermediaries andfarmers cannot be tackled at the first level of voice based support, they

would be escalated to be taken up by an AIC official as defined by an

escalation matrix.


54/253


Page 54 of 253

Information elicitation: The voice channel will also be used for elicitinginformation from stakeholders. For instance in the planned redesign of

forms a two step information gathering procedure is envisaged. The

detailed information could be taken from the farmer over the telephone.

Similarly if there is an operational issue or missing information from an

intermediary that can be resolved over the telephone, a ticket may be raised

for a voice support executive to track and resolve the issue.

Internal Stakeholder needs: Voice support may also be provided to internalstakeholders for a limited set of routine services such as finding out about

HR issues, or opening a ticket for IT support.

c. SMS based interaction: All sms communication will be in English.Sales Channel: AICNET will receive inbound SMSes from farmers and respond

with a message on how to get in touch with AIC nearest intermediary outlet,

website address and be optionally be followed up by a call. This is will serve as a

first point of contact for the end customer. AIC would advertise a number to sms

on for more information in their print, poster and TV ads. Schemes could be

directly advertised in specific areas to the database of farmer mobile numbers so

built up.

Information Channel for Intermediaries: Intermediaries would be able to receive

a defined set of information via sms-on-demand services. For Example:

By smsing commission an intermediary would receive

his total outstanding commission amount and last amount paid.

Information Channel & Policy Renewal: Farmers would be able to renew existing

policies or gain information about their policies via sms. For Example:

By smsing [renew] a farmer would be sentpolicy details and allowed to renew the policy. Such a system is envisaged to be

piloted.


55/253


Page 55 of 253

4. Local Language interfaceThe interface (website only) offered by various applications to external users

such as the interface of the underwriting system, should be available in a local

language in addition to

English. There are 22 official

languages included in the

eighth schedule of the

Constitution of India (Article 344(1) & 351). The languages to be implemented are

specified above.

5. Map based ReportsMap based reports should be incorporated for relevant applications through GIS.

6. IT Support DeskIT Support desk facilities will be provided by the ImV to enable effective support

to users in their interactions with the solution. The ImV shall setup the IT

Support Desk to provide the information and service status tracking facilities to

users.

All interactions with user will be assigned a ticket number and the number willbe made available to the user along with the identification of the agent without

the client having to make a request in this regard, at the beginning of the

interaction.

All interactions will be noted on system. The transactions shall also bemonitored both on line and off line - on a statistically appropriate sampling

basis to assess service level as well as delivery effectiveness and for providing

training/ feedback to agents.

All complaints/ grievances of user will be recorded and followed up forresolution if necessary in coordination with departments. The user will be kept

informed of the progress of resolution and the final resolution.

Senior members of the IT Support Desk team shall contact the user on needbasis.

Solicit user satisfaction level from the user in call.Conduct the user satisfaction surveys.

Assamese Oriya Urdu Kannada

Punjabi Gujarati Tamil Telugu

Bengali Marathi Malyalam English


56/253


Page 56 of 253

The IT Support Desk shall be available during working hours on all workingdays of AIC.


57/253


Page 57 of 253

5.3 Network Architecture

The suggested network architecture for AICNET is depicted below:

Broa

dban

dInternet

Con

nectio

n

Figure 1: AICNET Network Architecture

AIC Head Office (HO) and the 17 Regional Offices (RO) at present are

envisaged to be connected securely via broadband to the Internet. While

broadband Internet connections will be sufficient to run AICNET at the ROs, a

leased line connection is recommended between the HO and the Server Hosting

Setup, especially to ensure high performance for the top management

dashboards. AIC Offices shall be connected securely to the internet, protected by

firewalls with Intrusion Prevention Systems.


58/253


Page 58 of 253

Customers, Intermediaries, Payment Gateway, SMS gateway, IVRS gateway are

envisaged to be connected to AICNET over the internet. ImV shall be solely

responsible for connecting AIC offices to AICNET Server Hosting Site.


59/253


Page 59 of 253

5.4 Security ArchitectureSecurity is fundamentally about protecting assets. Assets may be tangible items,

such as a web page or AICs customer database or they may be less tangible,

such as the company's reputation which may be affected due to a security

incident.

Information security means protecting information and information systems

from unauthorized access, use, disclosure, disruption, modification, or

destruction.

AICNETs information security needs can be broken down into the following

categories:

1. Hardware Infrastructure

a. Internal Desktops, Laptops, Network Equipments (switches & routers),

b. External Servers (Web Server, Application Server, Database Server, email

Server)

2. Dataa. Application Code

b. Master Data

c. Transaction Data

Assumptions

The defined Security Architecture depends on the following assumptions:

1. AIC is responsible for the security at AIC HO and AIC RO (and also for theserver hosting facility if owned by AIC)

2. AIC is not responsible for provisioning & maintenance of hardware and

connectivity to all external stakeholders (channel partner locations, Nodal Bank,

PACS/Branch, e-Kiosk, Intermediary, Individual Farmers etc)


60/253


Page 60 of 253

BS7799 / ISO 27002 Security Standards

The latest standard in the series is BS7799-3, Guidelines for Information Security

Risk Management. BS7799-3 covers the major aspects of the ISO security

standard ISO/IEC 27002:2005- Information technology - Security techniques -

Code of practice for information security management. AIC may choose to

comply with BS7799-3 by undergoing a security audit once its systems are in

place. The first step to compliance is to establish a comprehensive Information

Security Policy at AIC. The company needs to ensure the confidentiality,

integrity, and availability of both vital company information and customer

information.

The security architecture described below is the first step in preparing a fullfledged Security Policy covering all applications, and functions within the

organization. Complete compliance to the ISO standard covers the following 12

areas:

1. Risk Assessment

2. Security policy

3. Organization of information security - governance of information security

4. Asset management - inventory and classification of information assets

5. Human resources security - security aspects for employees joining, movingand leaving an organization

6. Physical and environmental security - protection of the computer facilities

7. Communications and operations management - management of technical

security controls in systems and networks

8. Access control - restriction of access rights to networks, systems, applications,

functions and data

9. Information systems acquisition, development and maintenance - building

security into applications10. Information security incident management - anticipating and responding

appropriately to information security breaches

11. Business continuity management - protecting, maintaining and recovering

business-critical processes and systems


61/253


Page 61 of 253

12. Compliance - ensuring conformance with information security policies,

standards, laws and regulations

Physical Security

The security issues related to Hardware can be addressed through employing

measures of Physical Security such as:

1. Access Control

Access to hardware infrastructure should be restricted to authorized users only.

Different hardware components need to be grouped based on the group of

intended users. Servers need not be accessible to every employee in theorganization. Only an authorized group of users need to access servers. Access

rights need to be defined for every hardware asset class.

2. Surveillance

Physical as well as electronic surveillance through measures such as Closed

Circuit Television (CCTV) surveillance needs to be employed to monitor the

exceptions from expected behavior in people. Any exception needs to be

identified and tackled according to possible impact on the security scenario.

Data Security

Security of data in transit over the network will be ensured at two levels.

Application Level

Network Level

Measures for Application Level Security comprise of features built in the

Applications (e.g. Underwriting & Claim Processing System) used generationand processing of transactional data. Features such as those listed below must be

ensured for Application Level security.


62/253


Page 62 of 253

Input Validation Features must be built in the developed application to

ensure validation of its input to avoid exploits like buffer overflows or sql

injections.

Authentication Application functionalities and databases must be accessible

establishing authenticity of the user. System must be able to contain risks such as

brute force attacks, dictionary attacks, credential theft, network eavesdropping

and cookie replay.

Authorization Application functionalities should be selectively available to

users with appropriate authorization. This is required to avoid data tampering

and disclosure of confidential data.

Session management Application must securely maintain sessions. At any

point of time, only one session per user should be maintained. This reduces the

chances of scenarios such as session hijacking, session replay or eavesdropping.

Cryptography Developed applications must store and transmit data in

encrypted form by employing strong cryptography algorithms.

Exception Management Exception management needs to be an important

feature of the developed application software. Exceptions can be generated by

malformed data, infrastructure or connectivity issues, ill formed business rules,

etc.

Auditing and logging All transactions must be logged and audit trail

maintained. This can help set the responsibility for every action including which

have resulted in unwarranted or unwanted ones.

Layered Approach

A layered security approach has been adopted while designing the Network

Level Security Architecture for AIC. The layered approach is both a technical

strategy, deploying adequate measures be put in place at different levels within


63/253


Page 63 of 253

the network infrastructure, and an organizational strategy, requiring buy-in and

participation from the senior management down to the operations level. The

layered-security approach centers on maintaining appropriate security measures

and procedures at three different levels within the IT environment.

Host Level

Security

Perimeter LevelSecurity

Internal NetworkLevel Security

Security Levels

INTERNET

Database

Server

Webserver ApplicationServer

End User

(Farmer/ Intermediary)

Payment GatewayDisaster Recovery Center

Broa

dban

dInternet

Con

nectio

n

Mobile Network

Provider

Server Hosting Services

Datawarehouse

IVRS ServerSMS Gateway

`` ` HO AIC

RO 1 AIC RO 2 AIC RO 3 - AIC

AIC Zone of responsibility

Leased

Lin

e

Figure 2: AICNET Security Architecture

Security level Security Applicable security measures

1. Perimeter Firewall

Network-based anti-Virus

VPN encryption

IPS/IDS

2. Internal Network Intrusion detection /prevention system (IDS/IPS)

Firewall

Network access control

Access control /user authentication


64/253


Page 64 of 253

3. Host Host IDS

Host vulnerability assessment (VA)

Network access control

Anti-virusAccess control/user authentication

Perimeter Security

The perimeter should ideally consist of well configured firewalls and a set of

strictly controlled servers located in a portion of the perimeter referred to as the

DMZ (demilitarized zone). A DMZ typically contains the Web servers, email

gateways and network antivirus etc. that need access to the Internet. Presence of

DMZ provides an additional layer of security to the existing setup safeguarding

internal network from external attacks. While the server perimeter will be

secured by the hosting service provider, AIC would need to secure its own

perimeter.

The firewall must have strict rules about what can enter inside the network as

well as rules about how machines in the DMZ can interact with the Internet,

third party and the inside network. The technologies that provide security at the

perimeter level are firewall, gateway level anti-Virus, and IPS and VPNencryption etc. which need to be implemented.

In order to ensure uninterrupted Internet services it is recommended to deploy a

redundant link; preferably another link should be procured from different

service provider in order to achieve redundancy at service provider level.

Additional link can also be used for load balancing purpose for growing

numbers of internet users at AIC.

Network SecurityThe internal network includes desktops & servers and point-to-point connections

to remote offices. The technologies that provide security at the network level are

Intrusion detection /prevention system (IDS/IPS), firewall, network access

control & access control /user authentication.


65/253


Page 65 of 253

Host Security

Certain parameters which include registry settings, services (applications)

operating on the device, or patches to the operating system or important

applications should be appropriately set and maintained. The technologies that

provide security at the host level are host IDS/IPS, host vulnerability assessment

(VA), patch management, network access control, anti-virus, access control/user

authentication etc. which need to be implemented on a need basis.

Detailed Recommendations for Security Architecture

Firewalls

It is recommended to implement firewall in high availability mode; to ensureuninterrupted connectivity to Internet services. Firewall can be configured on

failover mode in order to eliminate manual intervention in case of failure of

primary firewall. Firewall shall be configured to block all unneeded services/

ports. Logging must be enabled on the firewall; this will help in analysis of

suspected events/ activities. Remote administration of firewall shall be strictly

controlled by port level authentication also same shall be guided by strict change

control mechanism; whereby vendor shall be allowed to modify only approved

changes. Every administrator shall be configured separate account with requiredprivilege levels. Backup of firewall configuration shall be stored on to a secure

media.

Redundancy

All critical systems, devices and links which can become single point of failures

leading to business loss should be configured in a redundant mode to provide

high availability. Redundancy is must, but not limited to the below list

Firewalls

Internet Links

Routers (Internet, WAN etc.)

Core, other critical Switches

NTP Server

Syslog Server


66/253


Page 66 of 253

Authentication, Authorization and Accounting (AAA)

AAA system should be implemented for all critical systems & devices in the AIC

network. This will ease the authentication and authorization process and also

help to maintain accountability of actions done by users.

Two-Factor Authentication

Two-Factor or Strong Authentication mechanism should be enforced for all

critical systems, devices and users. A proper solution / product should be

worked out based on integration factors, user friendliness, features etc. The AAA

system integrated with the Two-Factor Authentication solution will help in

enhancing security.

Systems & Devices:

Two-Factor authentication is a must, but not limited to the following devices /

systems.

Security Devices: Firewalls, Intrusion Detection / Prevention Systems, etc.

Networking Devices: Routers, Switches, etc.

Crucial Servers: Database etc

Critical Users:

Two-Factor authentication is a must, but not limited to the following types of

users.

Senior Management: Accessing critical information via Internet or shared

networks

Business Users: Critical Business users accessing critical data

Administrators: Sys admins, Security Admins, Network Admins, DBAs, etc.

Third Party / External Users: e.g. Vendors accessing critical information fromAIC network

Intrusion Detection and Prevention Systems


67/253


Page 67 of 253

It would help monitoring, detecting and preventing malicious traffic. AIC can

also consider installing Host based Intrusion Detection Systems (HIDS) on

critical systems (wherever possible) in the network. Signature updates for the

same shall be done regularly.

Access Control

Access to data, systems, servers, and devices should be made available based on

business requirement and on a need to know basis only. Strict access controls

should be deployed at the network and application layers. This can be achieved

by implementing Access Control List (ACL) on switches and routers, policies on

firewalls