request for proposal (rfp) - kcb bank group · pdf file1 commercial on confidence it/march...
TRANSCRIPT
![Page 1: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/1.jpg)
1 Commercial on Confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
REQUEST FOR PROPOSAL (RFP)
Release Date: Wednesday,05th March 2014
Last Date for Receipt of Bids: Wednesday ,26th March 2014 at
3.00p.m (GMT+3) Nairobi (Kenya)
IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND
WEB APPLICATION SECURITY/FIREWALL SOLUTION.
![Page 2: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/2.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 2
ISSUE OF RFP DOCUMENT TO PROSPECTIVE BIDDERS – Database Security and Web
Application Monitoring
This form serves as an acknowledgement of receipt of the tender and
participation. This page is to be completed immediately on download and a
scan copy e-mailed to [email protected]. Firms that do not register their
interest immediately in this manner may not be sent the RFP addenda should
any arise.
Table 1: Registration of Interest to Participate
Item Supplier Details
Name of Person
Organization Name
Postal Address
Tel No
Fax No
Email Address (this e-mail address
should be clearly written as
communication with bidders shall be
through e-mail)
Signature:
Date
Company Stamp
![Page 3: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/3.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 3
Table of Contents 1. SECTION 1 - REQUEST FOR PROPOSALS .................................................................................................... 4
1.1.Introduction ............................................................................................................................................. 4
1.2 Background of the Project ................................................................................................................... 4
1.3 Aims and Objectives of the project ................................................................................................. 4
1.4 Format of RFP Response and Other Information for Bidders ........................................................ 5
Financial Evaluation (separate sealed envelope ) .................................................................................. 13
SECTION 2 – SCOPE OF Services ................................................................................................................... 15
2.11 Brief Overview of Technical Systems Environment ........................................................................... 17
Database / Programming Environments ............................................................................................... 17
Web Applications ....................................................................................................................................... 17
2.12 Functional Requirements ....................................................................................................................... 18
Delivery, Testing and Acceptance (On Successful Bidding) .................................................................. 18
SECTION 3 - GENERAL CONDITIONS OF CONTRACT ................................................................................. 19
3.1 Introduction ................................................................................................................................................ 19
3.2 Award of Contract .............................................................................................................................. 19
3.3 Application of General Conditions of Contract ............................................................................ 19
3.4 Ownership ............................................................................................................................................ 19
3.5 Bid Validity Period ............................................................................................................................... 19
3.6 Performance Security......................................................................................................................... 20
3.7 Delays in the Bidder’s Performance ................................................................................................ 21
3.8 Liquidated damages for delay ........................................................................................................ 21
3.9 Governing Language ......................................................................................................................... 21
3.10 Applicable Law ............................................................................................................................... 21
3.11 Bidder’s Obligations ....................................................................................................................... 21
3.12 The Bank’s Obligations .................................................................................................................. 23
3.13 Confidentiality ................................................................................................................................. 23
3.14 Force Majeure ................................................................................................................................. 23
Appendix A – Technical Requirements Matrix........................................................................................... 27
Exhibit A - Reference Sites ............................................................................................................................. 47
Appendix I ........................................................................................................................................................ 48
ANNEX 3 – SUPPLIER QUESTIONNAIRE .......................................................................................................... 49
ANNEX 4 – PERFORMANCE SECURITY FORM (FORMAT)............................................................................. 58
ANNEX 5 – CERTIFICATE OF COMPLIANCE .................................................................................................. 59
![Page 4: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/4.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 4
1. SECTION 1 - REQUEST FOR PROPOSALS
1.1.Introduction
Kenya Commercial Bank Limited (hereinafter referred to as “the Bank”) is a
leading commercial banking group in the East African region, renowned for its
diversity and growth . In addition to Kenya, it has other subsidiaries namely; KCB
(Tanzania) limited, a banking subsidiary operating in Tanzania, KCB (Uganda)
limited, a banking subsidiary operating in Uganda, KCB (Sudan) limited, a banking
subsidiary operating in Sudan, KCB (Rwanda) limited, a banking subsidiary
operating in Rwanda and KCB Burundi a banking subsidiary operating in Burundi.
The objective of this RFP is to provide the bank with information about their
capability to plan, install, implement and manage this process from end to end
with structured methodologies and skilled personnel on a fixed time schedule
and within budget.
1.2 Background of the Project
The bank operates in a highly computerised environment that includes
maintaining connections to its business partners and to the world at large
through the internet and dedicated point to point connections. Therefore like
similar organisations it is prone to business interruptions as a result of failed or
malfunctioning systems, business data corruption or stolen data.
Computer system holes and vulnerabilities make it possible to exploit unsecure
implementations and may result in system failures and exploits, whether by
malice, mistake or innocently. Further, the bank needs to ensure its systems are
protected and implemented as per best practice and thereby avoid damage
to itself or business partners.
1.3 Aims and Objectives of the project
The KCB Group has decided to implement a Database and Web Application
Firewall solutions to enhance security of Critical Systems that are accessed by
internal as well as external stakeholders, as part of an overall strategy to
implement a more secure, productive, industry standard information technology
(IT) management processes and supporting IT management applications.
This Request for Proposal (RFP) is being released on open tender.Proposals
responses are epected from suppliers of database and web application firewall
solutions.
![Page 5: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/5.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 5
The information in this document and its appendices and attachments is
confidential and is subject to the provisions of our non-disclosure agreement
and should not be disclosed to any external party without explicit prior written
consent of Kenya Commercial Bank.
The Bank has prepared this Request for Proposal (RFP) to facilitate the selection
of a vendor to provide such a solution.
Objectives
The purpose of the assignment is to acquire, implement and maintain Database
and Web Application Firewall solutions for the KCB Group that will improve KCB
Group‟s security of all public / internet facing applications and reinforce the
defense-in-depth approach in place.
Based on KCB Group strategy, the project will help KCB Group to mitigate the
risks related to web access control operations by:
1.3.1 Automatically learning the web application structure and user behavior
1.3.2 Virtually patching databases and applications through vulnerability
scanner integration.
1.3.3 Updating database and web defenses with research-driven intelligence
on current threats
1.3.4 Delivering high performance business-relevant reporting and alerts
1.4 Format of RFP Response and Other Information for Bidders
1.4.1 The overall summary information regarding the SUPPLY AND
IMPLEMENTATION OF A DATABASE AND WEB APPLICATION
SECURITY/FIREWALL SOLUTION is given in section 2 – Scope of Services and
the summary in 1.3 Aims and Objectives. The bidder shall include in their
offer any additional services considered necessary for the successful
implementation of their proposal.
1.4.2 Proposals from bidders should be submitted in two distinct parts, namely
Technical proposal and financial proposal and these should be in two
separate sealed envelopes, both of which should then be placed in a
common sealed envelope marked:
“IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB
APPLICATION SECURITY/FIREWALL SOLUTION
![Page 6: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/6.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 6
DO NOT OPEN BEFORE Wednesday, 26th MARCH 2014 at 3.00 pm (GMT+3)
Nairobi Kenya
The two separate inner envelopes should be clearly marked “Technical
Proposal”, and “Financial Proposal”, respectively, and should bear the
name of the Bidder.
1.4.3 The Technical Proposal should contain the following:
Bidders, willing to be considered for SUPPLY AND IMPLEMENTATION OF A
DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION are
expected to furnish the Bank with among others the following vital
information, which will be treated in strict confidence by the Bank.
Provide a company profile as per supplier questionnaire in Annex 3.
The RFP response document duly signed as per ANNEX 5 – CERTIFICATE
OF COMPLIANCE
Approval licenses, by the various bodies for compliance, MUST be
included where applicable.
Audited financial statements of the company submitting the RFP bid,
for the last three years
Demonstrate capability and capacity to provide technical
requirements functional requirements and functionalities as per KCB
requirements in section 2.0
NOTE: The Financial proposal (MUST BE IN A SEPARATE SEALED ENVELOPE )
CLEARLY MARKED “ FINANCIAl PROPOSAL”
1.4.4 Clearly indicate the total cost of carrying out the solution as follows:-
a. The Supplier shall provide a firm, fixed price for the Original Contract Period.
All costs associated with the required system shall be included in the prices.
Kindly note that the cost should include supply, installation and
commissioning of the system inclusive of all freight charges and applicable
duties and taxes (VAT and withholding Tax).
Provide an itemized list of all items included and summarize your costs as shown
in the table below:-
![Page 7: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/7.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 7
PRICE BREAK –DOWN (In a separate sealed envelope as per clause 1.4.2)
Item Requirement Description UNIT Of Measure / Rate TAXES TOTAL COST (incl of Taxes)
i. Software/Licencing Costs 1.No of UsersQuoted for
2.Licence model quoted for
ii. Software/Licencing Costs - Third Party Third Party Applications
iii. Annual Support / Maintenance cost AMC model of computation
iv. Implementation, installation and configuration
costs
1. Define 1 man day in hours
2. Rate Per Man day
v. Training costs 1. Define 1 man day in hours
2. Rate Per Man day
vi. Logistics costs and other costs
1. No of room nights for
Accomodation
2.No of Travel Day
3.Define 1 travel Day
vii. Customization and Integration 1. Define 1 man day in hours
2. Rate Per Man day
viii. Modules Confirm and list modules Quoted for in
the Financial proposal
ix Any other cost As applicable
b. Additional Cost to Complete. Provide an itemized list of any items not
included above by the Bank and related costs that Supplier deems
necessary to provide the information to meet the requirements specified in
proposal. Failure to provide said list shall not relieve the Supplier from
providing such items as necessary to meeting all of the requirements
specified in proposal at the Fixed Price Purchase Costs proposed.
1.4.5 Soft Copies for each proposal are to be provided in the standard
Microsoft Office suite of Programs or Adobe Reader and delivered
together with hard copy of the tender.NOTE that only the information on
the Hard copy Bound bid document shall be considered as the MAIN
scource document.
1.4.6 Bidders are requested to hold their proposals valid for ninety (90) days
from the closing date for the submission. The Bank will make its best efforts
to arrive at a decision within this period.
![Page 8: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/8.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 8
1.4.7 Assuming that the Contract will be satisfactorily concluded, the bidders
shall be expected to commence the assignment after the final
agreement is reached.
1.4.8 The bid documents shall be addressed to the following address and
dropped at the tender box on 5th Floor, Kencom House, Wing B on or
before the closing date.
Head of Procurement
Kenya Commercial Bank
5th Floor Kencom House
P.O. Box 48400, 00100
Nairobi, Kenya
Please note that tenders received by facsimile or electronic mail will be
rejected.
1.4.9 If a bidding firm does not have all the expertise and/or resources for the
assignment, there is no objection to the firm associating with another firm
to enable a full range of expertise and/or resources to be presented. The
request for Joint Venture shall be accompanied with full documented
details of the proposed association.
1.4.10 In the case of a Joint Venture or Association, all the firms constituting the
Joint Venture or Association will be jointly and severally liable and at least
one firm in the Joint Venture or Association shall be financially capable of
meeting the contract requirements and potential liabilities on its own and
shall assume contracting responsibility and liability for satisfactory
execution of the assignment.
1.4.11 The contracting arrangements shall define clearly the responsibilities and
the services to be provided by each firm in the case of a joint venture.
1.4.12 The Bank reserves the right to accept or to reject any bid, and to annul
the bidding process and reject all bids at any time prior to the award of
the contract, without thereby incurring any liability to any Bidder or any
obligation to inform the Bidder of the grounds for its action.
1.4.13 The vendor‟s terms and conditions will not form part of any contract with
KCB in relation to this tender.
![Page 9: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/9.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 9
Canvassing is prohibited and will lead to automatic disqualification.
1.4.14 Cost of bidding
The Bidder shall bear all costs associated with the preparation and submission of
its bid, and the Bank will in no case be responsible or liable for those costs,
regardless of the conduct or outcome of the bidding process.
1.4.15 Clarification of Bidding Document
i. All correspondence related to the contract shall be made in English.
ii. Should there be any doubt or uncertainty, the Bidder shall seek
clarification in writing addressed to the Head of Procurement through e-mail to: [email protected].
iii. Any clarification sought by the bidder in respect of the RFP shall be
addressed at least nine (9) calendar days before the deadline for
submission of bids, in writing to the Head of Procurement through the
same mail.
iv. It is the responsibility of the Bidder to obtain any further information
required to complete this RFP.
v. Any clarification requests and their associated response will be circulated
to all Bidders.
vi. The last date for receipt of requests for clarifications from bidders is
Wednesday 17th March 2014.
The RFQ Clarification Template is as follows:-
Company Name:
Contact Person: (primary Supplier contact)
E-mail:
Phone:
Fax:
Document Number/Supplier
# Date Section/ Paragraph(2) Question
1
2
3
(1) Question (s) mailing Date.
(2) From the KCB Document.
![Page 10: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/10.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 10
The queries and replies thereto shall then be circulated to all other prospective
bidders (without divulging the name of the bidder raising the queries) in the form
of an addendum, which shall be acknowledged in writing by the prospective
bidders.
Enquiries for clarifications should be sent by e-mail to: [email protected]
1.4.16 Amendment of Bidding Document
At any time prior to the deadline for submission of bids, the Bank, for any reason,
whether at its own initiative or in response to a clarification requested by a
prospective Bidder, may modify the bidding documents by amendment.
All prospective Bidders that have received the bidding documents will be
notified of the amendment in writing, and it will be binding on them. It is
therefore important that bidders give the correct details in the format given on
page 1 at the time of collecting/receiving the RFP document.
To allow prospective Bidders reasonable time to take any amendments into
account in preparing their bids, the Bank may at its sole discretion extend the
deadline for the submission of bids based on the nature of the amendments.
1.4.17 Deadline for Submission of Bids
Bids should be addressed to the Head of Procurement and sent for receipt on or
Before Wednesday 26th March 2014. Any bid received by the Bank after
This deadline will be rejected.Those submitting tenders or their representatives
may attend the tender opening of date and time of submission.
1.4.18 Responsiveness of Proposals
The responsiveness of the proposals to the requirements of this RFP will be
determined. A responsive proposal is deemed to contain all documents or
information specifically called for in this RFP document. A bid determined not
responsive will be rejected by the Bank and may not subsequently be made
responsive by the Bidder by correction of the non-conforming item(s).
1.4.19 Bid Evaluation and Comparison of Bids
Technical proposals will be evaluated and will form the basis for bids
comparison. Alltender responses will be evaluated in three phases:-
a. Preliminary evaluation that will determine administrative compliance.
b. Detailed technical evaluation to determine technical compliance and
support responsiveness of the vendor
![Page 11: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/11.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 11
c. Financial evaluation to consider pricing competitiveness and the financial
capability of the vendors
Once the bids are opened, bid evaluation will commence
Sample Preliminary phase evaluation form
Item
No.
Item Description/Required Requirements Notes from
Supplier’s Bid
(Tick if
submitted fully,
cross X if not
submitted or
partial
submission)
1 Certificate of compliance (attached) Must submit
2 Certificate of incorporation or registration. Must submit
3 Copies of VAT, PIN, Ministry of Public
works approval,
Must submit all
4 Copies of Certified NSSF, NHIF returns for
the last recent 3 months
Must submit all
5 Attached copies of relevant technical/CVs
certificates of staff
Must submit relevant
to this project
6 Copies of Audit books of accounts for the
last 3 years i.e. 2010, 2011, 2012
Must submit
7 Complete address (Physical, postal,
telephone, facsimile and e-mail) for the head
office and all other registered offices in
Kenya
Must submit
8 Letter of accreditation by the principles Must submit
9 List of directors and principal officers of the
company
Must submit List of
directors and
shareholding ratio
10 Letter of no Objection from the suppliers and
or reference sites given
Must Submit
Does Supplier qualify to proceed?
(Yes/No)
Failure to submit any
of the above
disqualifies Supplier
from further
evaluation
![Page 12: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/12.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 12
Technical Evaluation
The technical evaluation will constitute 100% of the overall score and will include
a desktop evaluation and additional detailed evaluations. The desktop
evaluation will be scored as follows:Vendors ability to meet and exceed the
objectives of the RFP together with the functional requirements detailed in
Appendix A
Experience and reliability of the Supplier‟s organization are considered in the
evaluation process. Therefore, the Supplier is advised to submit any information,
which documents successful and reliable experience in past performances,
especially those performances related to the requirements of this RFP.
The Supplier should provide the following information related to previous and
current services/contracts performed by the Supplier‟s organization and any
proposed subcontractors which are similar to the requirements of this RFP (This
information may be shown on the form attached as Exhibit A to this RFP or in a
similar manner):
a. Name, address, and telephone number of client/contracting agency and
a representative of that client/agency who may be contacted for
verification of all information submitted;
b. Dates and locations of the service/contract; and
c. A brief, written description of the specific prior services performed and
requirements thereof.
Proposals will be evaluated based on the Supplier‟s distinctive plan for
performing the requirements of the RFP. Therefore, the Supplier should present a
written narrative, which demonstrates the method or manner in which the
Supplier proposes to satisfy these requirements. The language of the narrative
should be straightforward and limited to facts, solutions to problems, and plans
of action.
Where the words “shall” or “must” are used, they signify a required minimum
function of system capacity that will heavily impact the Bidder‟s final response
rating.
Where the words “may” or “desired” are used, they signify that the feature or
capacity is desirable but not mandatory; therefore, the specifications in
question will possess minimal impact on the Bidder‟s final response rating.
The method by which the proposed method of performance is written will be left
to the discretion of the Supplier. However, the Supplier should address each
![Page 13: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/13.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 13
specific paragraph and subparagraph of the Specifications by paragraph and
page number as an item for discussion. Immediately below these numbers, write
descriptions of how, when, by whom, with what, to what degree, why, where,
etc, the requirements will be satisfied.
Demo /Proof of Concept
After the desktop evaluation as per RFP response, the prospective supplier will
be required to give further detailed proof of the viability of the solution
highlighting the functionality as represented in the RFP. This may include all or
part of the following:-
Vendor presentations
A solution demo with the actual installed solution
A Proof of Concept installation at the bank‟s premises in a test scenario if
so required
Site visits to current clients of the supplier who have implemented similar
solution as put forward in the RFP response
It should be noted that vendors will be progressively evaluated from one stage
to the other. Only shortlisted vendors will progress to the next stage
Site visits
In the event that the bank may need to visit client site, vendors will be notified in
writing. The bank may also make surprise unannounced visits to the vendors
offices to verify any information contained in the bid document. All visits are at
the discretion of the bank. Vendors may also be called upon to make brief and
short presentations and /or demos on their technical solutions before a panel
constituted by the bank.
Financial Evaluation (separate sealed envelope )
Financial evaluation will constitute 100% of the overall score and will
concentrate on the following.
a. Pricing
All bids in response to this RFP should be expressed in USD or KSH. For those
expressed in USD a Kenya Shilling equivalent MUST be given clearly indicating
the exchange rate. Those who do not indicate the Kenya Shilling equivalent
MAY not be considered further for evaluation.
NOTE : Expressions in other currencies shall not be permitted
![Page 14: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/14.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 14
i. The Supplier shall provide a firm, fixed price for the Original Contract
Period. All costs associated with the required services/equipment shall be
included in the prices. All deliveries shall be made FOB Destination with
freight charges fully included and prepaid. The Supplier pays and bears
the freight charges.
ii. Costs inclusive of VAT and other applicable taxes where necessary and
Man/Day estimates, where appropriate, broken down by:
1. General supplier costs
2. Training
3. Ongoing fixed costs (Annual maintenance, annual licensing,
etc)
4. Installation costs should include complete installation and
customization of reports, case management and integration
with other systems.
5. Any other costs
The VAT amount must clearly be stipulated and separated from the base costs.
The quoted prices should be valid for a minimum of 90 days.Any other fees
required for deployment and ongoing support must be quoted separately.
Provide an itemized list of any other items and related costs that Supplier deems
necessary to meet the requirements specified in proposal. Failure to provide said
list shall not relieve the Supplier from providing such items as necessary to
meeting all of the requirements specified in proposal at the Fixed Price Purchase
Costs proposed.
KCB SHALL ONLY MAKE PAYMENTS THROUGH A KCB ACCOUNT AND THUS ALL
BIDDERS ARE ENCOURAGED TO OPEN AN ACCOUNT
The Bank will not make any payments in advance. The Bank will issue an LPO for
all the equipment and/or services ordered. The LPO will be paid within 45 days
after delivery, testing installation and acceptance of the equipment and/or
services supplied. The bank will not accept partial deliveries.Payment for
equipment and/or services will only be made once the entire ordered
equipment and/or services are delivered, installed and commissioned.
b. Correction of Errors. Bids determined to be substantially responsive will be checked by the Bank for any arithmetical errors. Errors will be corrected by the Bank as below:
Where there is a discrepancy between the amounts in figures and in words, the amount in words will govern, and
![Page 15: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/15.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 15
Where there is a discrepancy between the unit rate and the
line total resulting from multiplying the unit rate by the quantity, the unit rate as quoted will govern. The price amount stated in the Bid will be adjusted by the Bank in accordance with the above procedure for the correction of errors.
c. Financial stability
This will involve an assessment of key standard financial ratios and trends for the
last 3 years such as profitability, leverage, debt ratio, gross margins and sales
turnover. However, the Bank is under no obligation to award the tender as per
clause 1.4.12
SECTION 2 – SCOPE OF Services
The security of IT applications has become a mission-critical aspect of the IT
Security strategy. We are not only seeking a supplier for the software and
hardware but also partnership with the provider to help KCB Group in leveraging
this technology through a sound implementation approach with proven
organizational adoption tools. Based on the above, the scope will include the
following:
2.1 Supply, install, configure and maintain Database and Web Application
Firewall solutions (software, hardware) that will meet the functional and
technical requirements.
2.2 Provide Database Firewall solutions with core capabilities for the following
database platforms:
Oracle
MS-SQL
Sybase
DB2
Informix
MySQL
Teradata
PostgresSQL
Netezza
![Page 16: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/16.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 16
2.3 Provide Web Application Firewall solutions with core capabilities of
supporting Web and portal applications such Outlook Web Access
(OWA), SharePoint and all custom in-house web applications.
2.4 Develop and propose an implementation methodology with
roadmap/schedule with monitoring targets and risks towards the desired
target.
2.5 Provide the implementation services of the solution as stated in the
proposed roadmap from installation, configuration and final deployment
of the solution.
2.6 Deliver training services of the Database and Web Application Firewall
solution during the implementation for technical staff for knowledge
transfer both on the functional and technical aspects
2.7 Deliver documentation of the solution from the installation to deployment
2.8 Provide maintenance service for the solution including software version
upgrade and hardware replacement.
2.9 Provide support and assistance including both remote and local/onsite
assistance for resolution of major technical problems and/or issues.
2.10 Current Installations
This section provides a brief overview of KCB establishment that is relevant to the
proposed solution.The Kenya commercial Bank is incorporated in Kenya. The
bank‟s establishment in Kenya consists of 167 branches.
It has 4 other subsidiaries:
KCB Rwanda – Headquarter + 9 branches
KCB Tanzania - Headquarter + 10 branches
KCB Uganda - Headquarter + 14 branches
KCB Sudan - Headquarter + 20 branches
The Head Office for the group is located in Kencom house Nairobi,
Kenya.Further information about the bank can be obtained from the group‟s
website (http://www.kcbbankgroupgroup.com)
![Page 17: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/17.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 17
2.11 Brief Overview of Technical Systems Environment
The bank has several computerised systems, the most relevant (for the purpose
of this project) of which are as summarised below.
Database / Programming Environments
MS SQL Server 2000 /2005 /2008
Oracle; various flavours of the database including but not limited to
versions 8i /9i /10g/11i
Informix
JBOSS
Microsoft .Net 2.0 and above
Sybase Adaptive Enterprise Server database
Client-side applications developed in Visual studio/ .Net and
PowerBuilder 6.0
Web Applications
T24 Core banking system from Temenos. This application runs on HP UX
at the backend while the clients are browser based (firefox and
Internet Explorer version 6.1 and above). The backend system is
programmed using JBOSS and Oracle.
Microsoft SharePoint 2007
Email Applications: MS Exchange 2010. Proxy Servers / firewalls:
Microsoft ISA Server 2006, CISCO PIX, ASA and Checkpoint firewalls. The
Microsoft ISA Server 2006 will be replaced with Microsoft Forefront
Threat Management Gateway during the year
Sybrin clearing system on windows environment
Internet & Mobile banking applications
TranzWare card system
![Page 18: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/18.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 18
2.12 Functional Requirements
Functional requirements are indicated in (Appendix A – Technical Requirements
Matrix). The section should be completed in its entirety in the vendor response.
Delivery, Testing and Acceptance (On Successful Bidding)
The product will deem to have been:
a) Delivered when
i. The complete machine readable form of the product together with the
product documentation is received at KCB‟s primary location (IT
Division, 7th floor Kencom House, Nairobi); and
b) Tested / POC
ii. The bank will test the proposed solution in a test environment to
ascertain that all the functionality as put forward by the supplier are
met. Incorrect information discovered at this time will constitute grounds
for disqualification. It is the responsibility of the supplier to ensure the
requirement defined in the proposal is achieved. The signed proposal
will be the sole reference document for any discussion issues arising
related to acceptance; and
c) Accepted when
iii. The solution has been successfully installed and configured on the
Production environment by the representative of the Supplier as per
product documentation; and
iv. Acceptance Criteria: the Bank will accept the proposed deliverable
after they have been fully tested by the bank and confirmed to meet
the requirement as specified in the original RFP.
KCB Shall endeavour to provide the Production environment as soon as it is
practically possible. Delivery and performance of the Services shall be made by
the successful Bidder in accordance with the time schedule as per Proposal and
subsequent Agreement.
![Page 19: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/19.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 19
SECTION 3 - GENERAL CONDITIONS OF CONTRACT
3.1 Introduction
Specific terms of contract shall be discussed with the bidder whose proposal
will be accepted by the Bank. The resulting contract shall include but not be
limited to the general terms of contract as stated below from 3.2 to 3.14.
3.2 Award of Contract
Following the opening and evaluation of proposals, the Bank will award the
Contract to the successful bidder whose bid has been determined to be
substantially responsive and has been determined as the best evaluated bid.
The Bank will communicate to the selected bidder its intention to finalize the
draft conditions of engagement submitted earlier with his proposals.
After agreement has been reached, the successful Bidder shall be invited for
signing of the Contract Agreement to be prepared by the Bank in
consultation with the Bidder.
3.3 Application of General Conditions of Contract
These General Conditions (sections 3.2 to 3.14) shall apply to the extent that
they are not superseded by provisions in other parts of the Contract that shall
be signed.
3.4 Ownership
The proposal should be modelled along the perpetual licensing with
annual maintenance costs which provides the bank the right to continue
using the product „as is‟ on expiry of the maintenance period.
The Supplier should include a 2-year bundled support and indicate (as a
percentage of the product cost where applicable) the cost of continued
support after the two years. The bundled support cost should be clearly
separated from the cost of the product
3.5 Bid Validity Period
Bidders are requested to hold their proposals valid for ninety (90) days from
the closing date for the submission.
![Page 20: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/20.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 20
3.6 Performance Security
The Bank may at it‟s discretion shall require the successful bidder to furnish it with
Performance Security. The performance bond amount will be one hundred
percent (100%) of the total bid price before the bank can issue any Purchase
Order. The performance bond will be valid for a minimum of 9 months and must
be provided within 14 days from the date of written notification to the Supplier
by the bank to provide the bond. Failure to comply with this requirement will
void the tender award and the bank at its sole discretion may award the tender
to any other Supplier.
3.6.1 The Performance Security shall be in the form of a bank guarantee issued
by a commercial bank operating in Kenya and shall be in a format
prescribed by the Bank. The performance guarantee shall be submitted
within 10 days of notification of award.
3.6.2 The proceeds of the Performance Security shall be payable to the Kenya
Commercial Bank as compensation for any loss resulting from the Bidder‟s
failure to complete its obligations under the Contract.
3.6.3 The Performance Security will be discharged by the Company not later
than two months following the date of completion of the Bidder‟s
performance obligations, and the Bank‟s acceptance of the final report
as specified in the contract.
It is a condition of the bank that the Supplier guarantees the sufficiency, and
effectiveness of the solution proposed to meet the bank requirements as
outlined in this document. The Bank will hold the Supplier solely responsible for
the accuracy and completeness of information supplied in response to this
tender. The bank will hold the Supplier responsible for the completeness of the
solution proposed and that were the Supplier to be awarded the tender, they
would implement the solution without any additional requirements from the
bank
![Page 21: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/21.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 21
3.7 Delays in the Bidder’s Performance
3.7.1 Delivery and performance of the Supply, installation and Maintenance of
Signage shall be made by the successful Bidder in accordance with the
time schedule as per Agreement.
3.7.2 If at any time during the performance of the Contract, the Bidder should
encounter conditions impeding timely delivery and performance of the
Services, the Bidder shall promptly notifies the Bank in writing of the fact of
the delay, its likely duration and its cause(s). As soon as practicable after
receipt of the Bidder's notice, the Bank shall evaluate the situation and
may at its discretion extend the Bidder's time for performance, with or
without liquidated damages, in which case the extension shall be ratified
by the parties by amendment of the Contract.
3.7.3 Except in the case of “force majeure” as provided in Clause 3.13, a delay
by the Bidder in the performance of its delivery obligations shall render the
Bidder liable to the imposition of liquidated damages pursuant to Clause
3.8 liquidated damages
3.8 Liquidated damages for delay
The contract resulting out of this RFP shall incorporate suitable provisions for
the payment of liquidated damages by the bidders in case of delays in
performance of contract.
3.9 Governing Language
The Contract shall be written in the English Language. All correspondence
and other documents pertaining to the Contract which are exchanged by
the parties shall also be in English.
3.10 Applicable Law
This agreement arising out of this RFP shall be governed by and construed in
accordance with the laws of Kenya and the parties submit to the exclusive
jurisdiction of the Kenyan Courts.
3.11 Bidder’s Obligations
![Page 22: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/22.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 22
3.11.1 The Bidder is obliged to work closely with the Bank's staff, act within its own
authority, and abide by directives issued by the Bank that are consistent
with the terms of the Contract.
3.11.2 The Bidder will abide by the job safety measures and will indemnify the
Bank from all demands or responsibilities arising from accidents or loss of
life, the cause of which is the Bidder's negligence. The Bidder will pay all
indemnities arising from such incidents and will not hold the Bank
responsible or obligated.
3.11.3 The Bidder is responsible for managing the activities of its personnel, or
subcontracted personnel, and will hold itself responsible for any
misdemeanors.
3.11.4 The Bidder will not disclose the Bank's information it has access to, during
the course of the work, to any other third parties without the prior written
authorization of the Bank. This clause shall survive the expiry or earlier
termination of the contract.
3.11.5 The Bidder shall appoint an experienced counterpart resource to handle
this requirement for the duration of the Contract. The Bank may also
demand a replacement of the manager if it is not satisfied with the
manager‟s work or for any other reason.
3.11.6 The Bidder shall take the lead role and be jointly responsible with the Bank
for producing a finalised project plan and schedule, including
identification of all major milestones and specific resources that the Bank
is required to provide.
3.11.7 The Supplier represents and warrants that it is entitled to respond to this
RFP and that it is fully entitled to the proposed Product by way of reseller
licensing or ownership and has the right to sell and/or licence the Product
as provided in their RFP response and shall hold KCB harmless from action
for infringement of patents and/or copyrights
![Page 23: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/23.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 23
3.12 The Bank’s Obligations
In addition to providing Bidder with such information as may be required by
the bidder the Bank shall,
(a) Provide the Bidder with specific and detailed relevant information
(b) In general, provide all relevant information and access to Bank's
premises.
3.13 Confidentiality
The parties undertake on behalf of themselves and their employees, agents
and permitted subcontractors that they will keep confidential and will not
use for their own purposes (other than fulfilling their obligations under the
contemplated contract) nor without the prior written consent of the other
disclose to any third party any information of a confidential nature relating to
the other (including, without limitation, any trade secrets, confidential or
proprietary technical information, trading and financial details and any other
information of commercial value) which may become known to them under
or in connection with the contemplated contract. The terms of this Clause
2.15 shall survive the expiry or earlier termination of the contract.
3.14 Force Majeure
(a) Neither Bidder nor Bank shall be liable for failure to meet contractual
obligations due to Force Majeure.
(b) Force Majeure impediment is taken to mean unforeseen events, which
occur after signing the contract with the successful bidder, including but
not limited to strikes, blockade, war, mobilization, revolution or riots,
natural disaster, acts of God, refusal of license by Authorities or other
stipulations or restrictions by authorities, in so far as such an event prevents
or delays the contractual party from fulfilling its obligations, without its
being able to prevent or remove the impediment at reasonable cost.
(c) The party involved in a case of Force Majeure shall immediately take
reasonable steps to limit consequence of such an event.
(d) The party who wishes to plead Force Majeure is under obligation to inform
in writing the other party without delay of the event, of the time it began
and its probable duration. The moment of cessation of the event shall also
be reported in writing.
(e) The party who has pleaded a Force Majeure event is under obligation,
when requested, to prove its effect on the fulfilling of the contemplated
contract.
![Page 24: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/24.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 24
Form of Tender - (In separate Sealed envelope clearly marked financial
proposal summary)
We, M/S___________________________________________________
Hereby submit our bid for “REQUEST FOR PROPOSAL FOR PROVISION OF A
DATABASE AND WEB APPLICATION FIREWALL SOLUTION “at a total cost of
KES_____________________________________________ or
(in words)
KES___________________________________________________
inclusive of V.A.T and agree to abide by the terms and conditions as stipulated in the Request for
proposal document.
Tenderer’s name ------------------------------------------------------------
P. O BOX -----------------------------------------------------------------
Signature of the tenderer ------------------------------------------------------
Company Stamp/Seal.
![Page 25: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/25.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 25
Performance Security Form (Format)
Know all men by these presents that we:
1. .....................................................................................
(Full name & address in block letters) PRINCIPAL
2. .....................................................................................
(Full name & address in block letters) SURETY
are held firmly bound, jointly and in severally, unto Kenya Commercial Bank Limited in the
principal sum of United States Dollars
....................................................................................................
for which payment well and truly to be made we bind ourselves firmly by these presents.
The condition of the above obligations being that should the said <name of Bidder>fulfil his
/their obligation/s under an agreement entered into between the Kenya Commercial Bank
Limited, and themselves in respect of <<the requirement>>for Kenya Commercial Bank Ltd.
during the period ending .................................................. and not incur cancellation of the
agreement for any cause whatsoever then the above obligation to be null and void; otherwise to
remain in full force and effect. The validity of this guarantee expires on
............................................................................ which is two months beyond the contract period
(i.e. after submission and acceptance by the Bank of final report).
.......................................................................................
PRINCIPAL (Signature)
.......................................................................................
Principal’s Stamp
SURETY (Signature)………………………………………..
SURETY’s Stamp…………………………………………….
Nairobi this ................. of ..............two thousand and ............................
( The following words should be inserted in the signatory’s own handwriting)
“Good for the sum* of United States Dollars ........................................................”
(*sum to be specified in words & figures)
![Page 26: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/26.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 26
Certificate of Compliance
All Suppliers should sign the certificate of compliance below and return it together with a copy
of this tender document and their quotation.
We___________________________ have read this tender document and agree with the terms
and conditions stipulated therein.
Signature of tenderer -------------------------------------------
Date………………………………………………………….
Company Stamp/Seal.
![Page 27: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/27.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 27
Appendix A – Technical Requirements Matrix
Functional Requirements and Specifications
The tables below provide a feature summary for the products under procurement. All products
should be quoted for separately.
Please identify and describe where necessary the levels of support as: Full Support, Partial
Support and No Support:
Database Firewall
Specification Description Level of
support
Supported Database
Platforms
Oracle
MS-SQL
Sybase
DB2 (including LUW, z/OS and DB2/400)
Informix
MySQL
PostgreSQL
Teradata
Netezza
Deployment Modes Network: Non-inline sniffer, transparent bridge
Agentless collection of 3rd party database audit logs
Performance
Overhead
Network monitoring – Zero impact on monitored
servers
Agent based monitoring – 1-3% CPU resources
Centralized
Management across
geographically
dispersed locations
Web User Interface (HTTP/HTTPS)
Command Line Interface (SSH/Console)
Centralized
Administration across
geographically
dispersed locations
MX Server for centralized management
Integrated management option
Hierarchical management
Database Audit SQL operation (raw or parsed)
![Page 28: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/28.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 28
Details SQL response (raw or parsed)
Database, Schema and Object
User name
Timestamp
Source IP,
Source OS,
Source application
Parameters used
Stored Procedures
DB Server restarts, row level operations
Privileged Activities All privileged activity, DDL and DCL
Schema Changes (CREATE, DROP, ALTER)
Creation, modification of accounts, roles and
privileges (GRANT, REVOKE)
Access to Sensitive
Data
Successful and Failed SELECTs
All data changes
Security Exceptions Failed Logins, Connection Errors, SQL errors
Data Modification INSERTs, UPDATEs, DELETEs (DML activity)
Stored Procedures Creation, Modification, Execution
Triggers Creation and Modification
Tamper-Proof Audit
Trail
Audit trail stored in a tamper-proof repository
encryption or digital signing of audit data
Role based access controls to view audit data (read-
only)
Real-time visibility of audit data
Fraud Identification Unauthorized activity on sensitive data
Abnormal activity hours and source
Unexpected user activity
Unexpected Database growth/shrinkage
Data Leak
Identification
Requests for classified data
Unauthorized/abnormal data extraction
![Page 29: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/29.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 29
Database Security Dynamic Profile (White List security)
Protocol Validation (SQL and protocol validation)
Real-time alerts
Platform Security Operating system intrusion signatures
Known and zero-day worm security
Network Security Stateful firewall
DoS prevention
Policy Updates Regular Application Defense Center security and
compliance updates
Real-Time Event
Management and
Report distribution
SNMP
Syslog
Incident management ticketing integration
Custom followed action
task workflow
Integrated graphical reporting
Real-time dashboard
Server Discovery Automated discovery of database servers
Data Discovery and
Classification
Database servers
Financial Information
Credit Card Numbers
System and Application Credentials
Personal Identification Information
Custom data types
User Rights
Management (add-on
option)
Audit user rights over database objects
Validate excessive rights over sensitive data
Identify dormant accounts
Track changes to user rights
Vulnerability
Assessment
Operating System vulnerabilities
Database vulnerabilities
Configuration flaws
![Page 30: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/30.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 30
Risk scoring and mitigation steps
Training Standard product training at an authorized training
center for 5 KCB staff. This should include training
fees, travel and lodging expenses. Logistics and
allowances to be computed at KCB rates.
Support One year standard support on hardware and software
Two year standard support on hardware and software
Three year standard support on hardware and
software
Specification for Database Activity Monitoring:
ID Specification Response
Architecture
1 Is the solution appliance based or virtual appliance based?
2 Does the solution require deployment of agents on the database servers?
3 If So, There should be only one agent to monitor all DB activities including
local DB traffic and network DB traffic
4 All agents regardless of deployment mode should be managed from the
centralized management console
5 Agents should have only minimal overhead for the production DB servers
6 Agent should support AIX,HPUX, LINUX, Solaris and Windows platforms
7 There should not be additional agents required to be installed to monitor and
block DB traffic/attacks traffic if required
8 There should not be any 3rd
party software to be installed for agents
9 Audit trails should be stored within the solution and it should not be stored in
any database
10 Audit trails should be tamperproof and should be stored in encrypted flat files.
11 Solution component should be managed centrally.
12 Solution Should support below DB platforms
Oracle
MS-SQL (Microsoft SQL Server)
DB2 (LUW, z/OS and DB2/400)
Sybase
![Page 31: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/31.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 31
Informix
MySQL
PostgreSQL
Teradata
Netezza
Database Discovery
1 Solution should discover both new and existing database systems and should
map all on the network.
2 Product should provide automated discovery of both new and existing Database
tables
3 Product should keep the historical information about the systems and their
configuration.
4 Product should show changes since the last scan for DB Discovery and
configuration
5 Solution support identification of rogue or test databases
6 Solution should discover asset management and change management processes
Data Classification
1 The product should perform data discovery and classification
2 Solution should detect sensitive data types, such as credit card numbers, social
security numbers, etc., in database objects
3 The solution should locate custom data types in database objects
Vulnerability Assessments
1 Solution should have Database vulnerability assessment tests for assessing the
vulnerabilities and mis-configurations of database servers, and their OS
platforms. OSs and RDBMSs are tested for known exploits and mis-
configurations.
2 Solution should have a comprehensive list of pre-defined assessment policies
and tests to address PCI-DSS, SOX, and HIPAA requirements. Vulnerabilities
specific for Oracle EBS, and PeopleSoft databases can also be detected. In
addition, the following tests should be included:
- Latest patches and releases installed
- Changes to database files
- Default accounts and passwords
- Newly created/updated logins
- Remote OS authentication enabled
- Escalated user privileges granted
3 Should be able to add custom assessments to the solution?
![Page 32: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/32.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 32
4 Solution should support user created scripts for assessment tests.
5 The product should identify missing patches
6 The solution should verify that default database accounts do not have a
“default” password
7 The product should be used to measure compliance with industry standards and
regulations
Vulnerability Assessment Result Analysis and Reporting
1 The product should present a view of risk to data – by vulnerability and the
sensitivity of the data
2 Solution should have Database vulnerability assessment tests for assessing the
vulnerabilities and mis-configurations of database servers, and their OS
platforms. OSs and RDBMSs are tested for known exploits and mis-
configurations.
3 Solution should have a comprehensive list of pre-defined assessment policies
and tests to address PCI-DSS, SOX, and HIPAA requirements. Vulnerabilities
specific for SAP, Oracle EBS, and PeopleSoft databases can also be detected.
In addition, the following tests should be included:
- Latest patches and releases installed
- Changes to database files
- Default accounts and passwords
- Newly created/updated logins
- Remote OS authentication enabled
- Escalated user privileges granted
4 The solution should have pre-defined reports.
5 The product should support custom report generation.
6 The product should compare the results of a discovery, classification or
assessment job with a previous run
7 Should have an option to distribute reports on demand and automatically (on
schedule)
Remediation (optional : for future requirement)
1 The product can be upgraded for mitigation of risk to sensitive data stored in
databases?
2 Should have an option to upgrade the product to actively prevent attempts to
exploit known vulnerabilities
![Page 33: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/33.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 33
3 The solution can be upgraded to offer virtual patching capabilities (protecting
the database from known vulnerabilities without deploying a patch or script on
the system)
Database Activity Monitoring
1 Solution should have Appliance/virtual appliance solution to monitor network
based DataBase activity and should have agents to monitor Local DB activity
2 Should product employ a centralized appliance
3 Solution should provide for centralized control of collected information
4 Should have DBMS product to be used as part of the appliance package to
store configuration and alert logs, not for storing Audit data
5 The solution should support high-availability
6 Product should be able to installed in Sniffing mode or Inline mode.
7 Solution should have built in bypass(fail open) for inline mode
7 Solution should support below DataBases
Oracle, MS SQL, DB2, Informix, Sybase,MySQL, Teradata,Netezza
8 The solution should not use the native database audit functionality.
9 the Solution should not employ transaction log auditing?
10 Should be able to integerate with leading SIEM tools
11 The product should have means to archive and restore data
12 The agent should not require a reboot after installation/configuration
13 The solution should not require any changes to monitored database and/or
application
14 The Solution should not require a database restart after
installation/configuration?
15 The audited data transferred between the agent and the appliance should be
through an Encrypted channel
16 The solution should capture before and after image of data that is being
manipulated
17 Product should identify differences in baseline user activity.
18 The solution should capture Select activity by user/role
19 The solution should capture update, insert, delete (DML) activity by user/role
![Page 34: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/34.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 34
20 The solution should capture schema/object changes (DDL) activity by user/role
21 The solution should capture manipulation of accounts, roles and privileges
(DCL) by user/role
22 DAM Should monitor privileged operations including both SQL and Protocol
level operations be monitored.
23 DAM Should monitor MS SQL statements where caching is used
24 DAM solution be able to monitor activities at new DB interface/ connector
created by any user/ system without any manual intervention
25 The solution should have automated mechanism for updating security
configurations/policies
Alerting and Blocking Capabilities
1 The solution should provide automated, real-time event alert mechanism
2 The solution should have an option to upgrade to database attack in real-time
3 The solution should monitor privileged users
4 The solution should have an option to upgrade to block privileged users
activity if required
5 the Solution should monitor for all DB attacks like SQL injection and alert
despite the traffic is not audited.
6 The Solution should have an option to upgrade to block DB attacks like SQL
injections in real time.
7 The solution should 100% monitor the DB traffic for all DB violation and
attacks despite the traffic is not being audited
Reporting
1 Solution should have packaged reporting capabilities
2 product should support use of pre-configured policies/reports (PCI, SOX,
HIPAA) for ensuring regulatory compliance
3 Producti should have a functionality to assist with security event forensics
![Page 35: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/35.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 35
Web Application Firewall
Specification Description Feature
Support
Web Security
Dynamic Profile (White List security)
Web server & application signatures
Reputation based security and IP geolocation
HTTP RFC compliance
Normalization of encoded data
Automated-client detection
Required
Application Attacks
Prevented
Refer to Appendix I Required
HTTPS/SSL Inspection
Passive decryption or termination
Optional HSM for SSL key storage
Required
Web Services Security
XML/SOAP profile enforcement
Web services signatures
XML protocol conformance
Required
Web Fraud Prevention Fraud and malware detection Required
Content Modification
URL rewriting (obfuscation)
Cookie signing
Cookie encryption
Custom error messages
Error code handling
Required
Platform Security
Operating system intrusion signatures
Known and zero-day worm security
Required
Network Security
Stateful firewall
DoS prevention
Required
Advanced Protection
Correlation rules incorporating all security
elements (white list, black list) to detect
complex, multi-stage attacks
Required
Data Leak Prevention
Credit card numbers
PII (personally identifiable information)
Pattern matching
Required
![Page 36: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/36.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 36
Policy/Signature Updates Frequent security updates Required
Authentication
Support for RSA Access Manager for two-
factor authentication
Support for LDAP (Active Directory)
Support for SSL client certificates
Required
User Awareness
Automated Tracking of Web Application
Users
Required
Deployment Mode
Transparent Bridge (Layer 2)
Reverse Proxy and Transparent Proxy (Layer
7)
Non-inline sniffer
Required
Management
Support for a Web User Interface
(HTTP/HTTPS)
Command Line Interface (SSH/Console)
Required
Administration MX Server for centralized management Required
Logging/Monitoring
SNMP
Syslog
Integrated graphical reporting
Real-time dashboard
Required
High Availability
IMPVHA (Active/Active, Active/Passive)
Fail open interfaces (bridge mode only)
Support for VRRP
Support for STP and RSTP
Required
Solution Delivery Option Physical appliance Required
Web Application
Vulnerability Scanner
Integration
WhiteHat, IBM, Cenzic, NT OBJECTives,
HP, Qualys, and Beyond Security
Required
Enterprise Application
Support
SIEM/SIM tools: ArcSight, RSA enVision,
Prism Microsystems, Q1 Labs, TriGeo, NetIQ
Log Management: CA ELM, SenSage,
Infoscience Corporation
Required
![Page 37: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/37.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 37
TCP/IP Support IPv4, IPv6 Required
Training
Standard product training at an authorized
training center for 5 KCB staff. This should
include training fees, travel and lodging
expenses. Logistics and allowances to be
computed at KCB rates.
Required
Support
One year standard support on hardware and
software
Required
Specification for Web Access Firewall:
ID Specification Remarks
Policy Management
The WAF shall be able to automatically-build policies
The WAF shall be able to manually accept false positives by simple means
(check box)
The WAF shall be able to define different policies for different applications
The WAF shall be able to create custom attack signatures or events
The WAF shall be able to customize Denial of Service policies
The WAF shall be able to combine detection and prevention techniques
The WAF shall have policy roll-back mechanism
The WAF shall be able to do versioning of polices
The WAF shall have a built-in real-time policy builder with automatic self-
learning and creation of security polices
The WAF shall have prebuilt polices for applications - eg Microsoft
Sharepoint, OWA, SAP, Oracle E-Business, Sieble for fast deployment
Profile Learning Process
The WAF shall be able to recognise trusted hosts
The WAF shall be able to learn about the application without human
intervention
The WAF shall be able to inspect policy (auditing + reporting)
The WAF shall be able to protect new content pages and objects without
policy modifications
![Page 38: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/38.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 38
Configuration Management
The WAF shall have Role-based management with user authentication
The WAF shall be able to replace/customize error and blocked pages
The WAF shall have configurable security levels
Logs and Monitoring
The WAF shall have ability to identify and notify system faults and loss of
performance (SNMP, syslog, e-mail, …)
The WAF shall have ability to customize logging
The WAF shall have ability to generate service and system statistics
The WAF shall be able to perform time synchronisation (ntp, …)
Miscellaneous
The WAF shall have a robustness and reliable GUI interface
The WAF shall be able to be managed via serial console, SSH or https web
gui
The WAF shall be able to support caching and compression in a single
platform
The WAF shall be able to prevent OS fingerprinting
The WAF shall be able to perform data guard and cloaking (hiding of error
pages and application error pages)
The WAF shall be able to Intergrate with vulnerability testing tools (eg
whitehat sentinel) for automated instant policy tuning
The WAF shall be able to be implemented and installed on application
delivery controller (ADC) hardware platforms and managed from the same
GUI.
SSL capabilities
The WAF shall be capable of terminating https traffic for http websites
The WAF shall be FIPS 140-2 compliant
The WAF shall have SSL accelerators available for SSL offloading
The WAF shall store the certificate private key on the WAF using a secure
mechanism
The WAF shall store the certificate private key on the WAF using a secure
mechanism, and a passphrase
![Page 39: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/39.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 39
The WAF shall capable of communication to a backend application server
using https
The WAF shall be capable of tuning the SSL parameters, such as SSL
encryption methode used, SSL version
HTTP/HTML & XML
The WAF shall support HTTP 1.0 and 1.1 versions
The WAF shall support application/x-www-form-urlencoded encoding
The WAF shall support v0 cookies
The WAF shall support v1 cookies
The WAF shall enforce cookie types used
The WAF shall support chunked encoding in requests
The WAF shall support chunked encoding in responses
The WAF shall support response compression
The WAF shall support application flows management and manually
define site flow and object policies
The WAF shall support all character sets during validation
The WAF shall restrict methods used eg GET, POST , all other methods
The WAF shall restrict protocols and protocol versions used
The WAF shall support multi-byte language encoding
The WAF shall validate URL-encoded characters
The WAF shall restrict request method length
The WAF shall restrict request line length
The WAF shall restrict request URI length
The WAF shall restrict query string length
The WAF shall restrict protocol (name and version) length
The WAF shall restrict the number of headers
The WAF shall restrict header name length
The WAF shall restrict header value length
The WAF shall restrict request body length
The WAF shall restrict cookie name length
The WAF shall restrict cookie value length
The WAF shall restrict the number of cookies
The WAF shall restrict parameter name length
The WAF shall restrict parameter value length
The WAF shall restrict the number of parameters
The WAF shall restrict combined parameter length (names and values
together)
![Page 40: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/40.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 40
The WAF shall support protection of XML Web Services
The WAF shall restrict XML Web Services access to methods defined via
Web Services Description Language (WSDL)
The WAF shall be able to perform information display masking/scrubbing
on requests and responses
The WAF shall be able to perform validation for Web Services XML
Documents
The WAF shall be able to monitor latency of Layer 7 (application layer)
traffic to detect the spikes and anomalies in the typical traffic pattern to
detect, report on, and prevent layer 7 DOS attacks.
The WAF shall be able to to detect, report on, and prevent Layer 7
(application layer) brute force attack attempts to break in to secured areas of
a web application by trying exhaustive, systematic permutations of code or
username/password combinations to discover legitimate authentication
credentials.
Detection techniques
The WAF shall be able to support the following detection techniques :
URL-decoding
Null byte string termination
Self-referencing paths (i.e. use of /./ and encoded equivalents)
Path back-references (i.e. use of /../ and encoded equivalents)
Mixed case
Excessive use of whitespace
Comment removal (e.g. convert DELETE/**/FROM to DELETE FROM)
Conversion of (Windows-supported) backslash characters into forward
slash characters.
Conversion of IIS-specific Unicode encoding (%uXXYY)
Decode HTML entities (e.g. c,", ª)
Escaped characters (e.g. \t, \001, \xAA, \uAABB)
Negative security model techniques
Positive security model support - An "allow what's known" policy, blocking
all unknow traffic and data types
Positive security model configuration
Application flow
Dynamic Positive security model configuration maintenance
Built in process engine to detect evasion techniques like cross site scripting
Is there an out of the box rule database available
Automated regular signature updates
![Page 41: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/41.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 41
Operates in a full Proxy architecture and inline control over all traffic
through the WAF
Ability to hide back-end application serverOS fingerprinting data and
application specific information
Ability to protect agaisnt malicious activity within and hijacking of
embedded client side code (javascript, vbscript, ect…)
Incident Response capabilities
The WAF shall be capable of logging security events with syslog
The WAF shall be capable of logging security events with snmp
The WAF shall be capable of being monitored with snmp for statistical
information
The WAF shall support monitoring using snmp version 3
Support tools
The WAF shall be capable of being restored to factory defaults
The WAF shall support an open api that will be able to fully administer the
WAF.
Redundancy Capabilities
The WAF shall be able to support High Availability Failover via network or
serial
The WAF shall be able to perform application level health check of the
back end servers
Network and Performance
The WAF shall be able to support vlan configuration through built in switch
The WAF shall be able to perform TCP/IP optimization
The WAF shall be able to perform packet filtering
Implemented concepts to cover vulnerabilities (OWASP based)
The WAF shall be able to protect against :
Unvalidated input
Injection flaws
SQL injection
![Page 42: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/42.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 42
OS injection
Parameter tampering
Cookie poisoning
Hidden field manipulation
Cross site scripting flaws
Buffer overflows
Broken access control
Broken authentication and session management
Improper Error Handling
XML bombs/DOS
Forceful Browsing
Sensitive information leakage
Session hijacking
Denial of service
Request Smuggling
Cookie manipulation
Certification
The WAF shall be an ICSA certified web application firewall
MX Management Server
Specification Description Remarks
Management Intuitive Web User Interface (HTTP/HTTPS)
Command Line Interface (SSH/Console)
Provisioning
MX Management Server centrally provisions, manages, and
monitors up to 15 SecureSphere gateways
Supports distributed, heterogeneous deployments of Web
and database gateways
Out-of-Band
Management
Out-of-band management supported via out-of-band
management ports in SecureSphere gateways
Management
Communications
SSL encrypted communications between MX Management
server and SecureSphere gateways
Policy/Signature
Updates
Security updates provided weekly or immediately for
critical threats
![Page 43: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/43.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 43
Hierarchical
Management
Policies may be defined hierarchically, via a flexible, object
–oriented policy framework.
Role-Based
Administration
Completely customizable roles and privileges
Users can be assigned roles
User inherit all privileges of the group
User authentication supports LDAP and SSL certificate
Alerts
SNMP
Syslog
Incident management ticketing integration
Custom followed action
Integrated graphical reporting
Real-time dashboard
Workflow Task-oriented workflow engine
Internal Data
Storage
Audit trail stored in tamper-proof repository
Optional encryption or digital signing of audit data
Role-based access controls to view audit data (read-only)
Real-time visibility of audit data
External Data
Storage and
Archiving
SAN (Fibre Channel interfaces) for online access
NAS for online access
NFS*
FTP*
HTTP/S*
SCP*
* Data is compressed and archived
Supported
Products
Database Activity Monitoring
Database Firewall
Discovery and Assessment Server
File Activity Monitoring
File Firewall
SecureSphere for SharePoint
Web Application Firewall
Support One year standard support on hardware and software
![Page 44: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/44.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 44
Non -Functional Requirements and Specifications
ID Non Functional Requirements
USER INTERFACE
Remarks
Provision of portals/screens
for non-technical stakeholder
usage, suitable for auditors
and security professionals
without detailed knowledge of
database internals.
DOCUMENTATION
-Schematic Remarks
Provision of the Applicaton
Architecture Schematic for
Production and DR Sites and
High Availability (HA)
-System Manual -provides an overview of the system including the system objectives, system
functionality, equipment configuration, software inventory, etc.
Remarks
Documentation of Application
Objectives
Documentation of Application
Functions i.e Function
ID/Name, Function
Description,Mode (e.g.
Online/Batch,Enquiry/Update)
Documentation of Equipment
Configurations i.e. Computer
Manufacturer,Model
Number,Serial Number,IP
Address,OS Version,Database
Version
Documentation of Software
Inventories i.e Program
ID/Name,Functions of the
program,in the case of
client/server application the
location of the program (e.g.
Database Server, Application
Server,Client etc) should be
![Page 45: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/45.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 45
specified
Documentation in detail of
the system security profiles
and data protecton
measurement on system
functions
Documentation in detail of the
Disaster Recovery Plan and
Procedures of the system
-Location of soft copy of the System
Remarks
The latest version of all the
programs should be kept in
softcopy for future reference
and maintenance on KCB
premises and included in the
documentation
-Data Manual- The Data Manual documents all data captured, processed or produced by the
system
Remarks
Documentation of the
database schema of the
application which shows the
relationship among files/table
and other groups of data e.g
Entity-Relationship Diagram
Screen/Report Description
Documentation i.e. List of
Screens, Screen Layout,List of
Reports, Report Layout
-Application Manual -documents an overview of the system and provides detailed user
instructions and procedures for all functionality provided by the system.
Documenation of user
procedures descriptions and
instructions in detail covering
areas like batching of input
data, control of documents,
actions on specific events,
![Page 46: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/46.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 46
error amendments, etc
SYSTEM INTERFACING AND INTEGRATION
Remarks
Integration with existing
reporting, workflow, and
trouble-ticketing systems e.g
Synergy Pro Helpdesk, App
Server
Compliance to Service
Oriented Arcitecture
The solution shall support Java
Database Connectivity (JDBC)
and Microsoft connectivity
technology (such as Open
Database Connectivity (ODBC)
or Object Linking and
Embedding Database [OLEDB]).
SECURITY
Remarks
Support Security Using
Database Access Controls. The
solution shall support database
security using the following
database access controls:
GRANT and REVOKE privilege
facilities, the VIEW definition
capabilities, and some
Discretionary Access Control
(DAC) mechanisms.
CONFORMANCE TO INDUSTRY BEST STANDARDS
Remarks
The Web Application Firewall
Solution shall be endorsed by the
Web Application Security
Consortium (WASC) and
OWASP
![Page 47: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/47.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 47
Deliverables
At the end of the implementation exercise, the solution provider should provide a comprehensive
report with a detail of completed implementation work. The report will consist among others the
following:
1. Fully installed well integrated customized and functioning Database Firewall solutions for
the need of KCB.
2. Fully installed well integrated customized and functioning Web Application Firewall
solutions for the need of KCB.
3. Fully installed well integrated customized and functioning MX Management Server
4. Two fully installed HP TouchSmart IQ816 Computers to facilitate a monitoring center for
this Database and Web Application Firewall solution
5. Presentation of the working solution to the IT management and staff of KCB after
completion of the implementation for review and feedback.
6. An executive summary report for Management of the implemented solutions
Exhibit A - Reference Sites
References of similar implementations/deployment of such product for organizations similar to
KCB in size and complexity done over the past one year.
1. Prior Services Performed for:
Company Name:
Address:
Contact Name:
Telephone Number:
Date of Contract:
Length of Contract:
Description of Prior Services (include dates):
2. Prior Services Performed for:
Company Name:
Address:
Contact Name:
Telephone Number:
Date of Contract:
Length of Contract:
Description of Prior Services (include dates):
(repeat as relevant)
![Page 48: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/48.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 48
Appendix I
WEB APPLICATION SECURITY & COMMON ATTACKS
The solution must be able to detect and block the following Web application threats:
1. Anonymous Proxy
Vulnerabilities
2. Brute Force Login
3. Buffer Overflow
4. Cookie Injection
5. Cookie Poisoning
6. Corporate Espionage
7. Credit Card Exposure
8. Cross Site Request
Forgery (CSRF)
9. Cross Site Scripting
(XSS)
10. Data Destruction
11. Directory Traversal
12. Drive-by-Downloads
13. Forceful Browsing
14. Form Field Tampering
15. Google Hacking
16. HTTP Distributed
Denial of Service
(DDoS)
17. HTTP Response
Splitting
18. HTTP Verb Tampering
19. Illegal Encoding
1. Known Worms
2. Malicious Encoding
3. Malicious Robots
4. OS Command Injection
5. Parameter Tampering
6. Patient Data Disclosure
7. Phishing Attacks
8. Remote File Inclusion Attacks
9. Sensitive Data Leakage (Social
Security Numbers, Cardholder
Data, PII, HPI)
10. Session Hijacking
11. Site Reconnaissance
12. Site Scraping
13. SQL Injection
14. Web server software and
operating system attacks
15. Web Services (XML) attacks
16. Zero Day Web Worms
![Page 49: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/49.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 49
ANNEX 3 – SUPPLIER QUESTIONNAIRE
Bidders, willing to be considered for the tender for SUPPLY AND IMPLEMENTATION
OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION are
expected to furnish the Company with among others the following vital
information, which will be treated in strict confidence by the Company.
1.0 CORPORATE INFORMATION
No. PARTICULARS RESPONSE [If space is
insufficient, please use a
separate sheet]
1.1
Full name of organization:
1.2 Is your
organiz
ation
(Please
tick
one)
i) a public limited incorporated
company? attach a copy of
Certificate of incorporation including
any Certificate of Change of Name,
Memorandum & Articles of
Association
ii) a public listed company? If yes,
please attach a copy of Certificate of
incorporation including any
Certificate of Change of Name,
Memorandum & Articles of
Association
iii) a limited incorporated company?
If yes, please attach a copy of
Certificate of incorporation including
any Certificate of Change of Name,
Memorandum & Articles of
Association
iv) a partnership? If yes, please
attach certified copy of the
Partnership Deed and business name
certificate
v) a sole trader? If yes, please attach
a certified copy of the business name
certificate
![Page 50: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/50.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 50
vi) other (please specify)
1.3 Company Registration number (if this applies)-
attach a copy of Certificate of incorporation
including any Certificate of Change of Name or
relevant certificate from country of
incorporation.
1.4 Date and country of Registration:
1.5 Full physical address of principal place of
business:
Full postal address of the business:
1.6 Registered address if different from the above:
Post Code:
1.7
Telephone number:
1.8 Fax number:
1.9 E-mail address:
1.10 Website address (if any):
1.11 Company/Partnership/Sole Trader Tax PIN:
(Please provide a certified copy of the PIN
Certificate)
1.12 VAT Registration number:
(Please provide a certified copy of the VAT
Certificate)
1.13 Period in which you have been in the specific
business for which you wish to bid.
1.14 Current Dealership letter/certification for
Equipment preferably issued in 2012.
1.15 Names of the Shareholders, Directors and
Partners.
If a Kenyan company please provide an
original search report issued by the Registrar of
Companies showing the directors and
![Page 51: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/51.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 51
shareholders (Companies Form CR 12).
1.16 Associated companies(if any)
1.17 Please provide a copy of the latest annual
returns together with the filing receipt as filed at
the Companies Registry
1.17 Name of (ultimate) parent/holding company (if
this applies):
1.18 Company number of parent/holding company
(if this applies):
1.19 If a consortium is expressing interest, please
give the full name of the other organisation
(the proposed consortium partners should also
complete this questionnaire in its entirety)
1.20 Name and contacts of the Legal
Representative of the company; Name, Title;
Telephone, Fax and Email address.
1.21 Contact person within the organisation to
whom enquiries about this bid should be
directed:
NAME:
TITLE
TEL:
FAX:
EMAIL:
2.0 FINANCIAL INFORMATION
No. PARTICULARS
2.1
What was your turnover in the last
two years?
…………
for year ended
--/--/----
………
for year
ended
--/--/----
2.2
Has your organisation met all its obligations to pay its
creditors and staff during the past year?
Yes / No
![Page 52: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/52.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 52
If no, please give details:
2.3 Have you had any contracts terminated for poor
performance in the last three years, or any contracts
where damages have been claimed by the
contracting authority?
Yes / No
If yes, please give details:
2.4
What is the name and
branch of your
bankers (who could
provide a reference)?
Name:
Branch:
Telephone Number:
Postal Address:
Contact Person
Name:
Contact Position
Contact E-mail:
2.5
Provide a copy of the following
A copy of your most recent audited accounts (for the last
three years)
A statement of your turnover, profit & loss account and cash
flow for the most recent year of trading (for the last three
years)
A statement of your cash flow forecast for the current year
and a bank letter outlining the current cash and credit
position.
3.0 BUSINESS ACTIVITIES
No. PARTICULARS
3.1
What are the main business activities of your organisation? i.e.
Manufacturer, Assembler, Distributor, service centre, retailer, (please
specify).
![Page 53: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/53.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 53
3.2
How many staff does your organisation have? ............
Indicate the number under each category
i. Technical (Permanent………, Temporary……)
ii. Semiskilled (Permanent……., Temporary……..)
3.3 Please generally describe the experience and expertise your organization
possesses that will enable you to effectively and efficiently undertake the
work you are bidding for, as required by KCB.
Attach you company organogram (organisation chart) with emphasis
on the job you are bidding for.
Attach CV‟s of key staff
3.4 Please submit a declaration that all staff within your organization that are or
will
Be involved in the project are or will be permitted to work within your
organization under the laws of Kenya or the laws of the country in which it is
established.
4.0 TRADE REFERENCES
4.1 Please provide in the table below details of the projects you have
undertaken relevant to the job you are bidding for performed over the
last three (3) years, or that are relevant to this bid document.
No
Customer
Organization
(name)
Customer
contact
name and
phone
number
Contract
reference
and brief
description:
Date
contract
awarded
Value of businesses
transacted:
(Kshs/USD/Euro)
1
2
3
![Page 54: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/54.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 54
4
5
6
7
8
5.0 CERTIFICATIONS, ACCREDITATIONS AND APPROVALS
Detail any relevant certifications and accreditations by principals or
accreditation bodies and attach copies of such certification. Such
certifications may be for your company or for your individual staff as
relevant to the work they do and the key skills for the service or goods you
propose to supply.
6.0 AGENCIES AND PARTNERSHIPS
a) Detail any agencies and partnerships that you have that are relevant
to the categories of goods and/or services you are interested in
supplying.
b) List your primary sources of supply for goods that you propose to
supply.
7.0 MANAGEMENT POLICIES
a) Employee Integrity
How does the firm ensure the integrity of staff? Detail any
related policies.
b) Code of Conduct/Ethics
Does your company have a code of conduct? If so, please attach
a copy.
Indicate if your company subscribes to a professional body with a
code of conduct/ethics.
c) Company employment policy
Does the firm have a documented employment policy? What
are key highlights from this policy if in existence?
d) Environmental Policy/Green Agenda Policy
![Page 55: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/55.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 55
Is your firm ISO 140001 certified or do you have an
environmental policy as an organization?
Are your waste segregated as per different waste streams?
How are wastes from your firm disposed?
e) Customer Service
Does the firm have a documented policy on Customer Service?
Which position in your firm is responsible for customer service and
how is this position supported by other functions?
Does your firm use any performance management techniques,
including customer satisfaction measurement? If so, what are
the key parameters?
8.0 BUSINESS PROBITY AND LITIGATION MANAGEMENT
Please confirm whether any of the following criteria applies to your organisation:
Note that failure to disclose information relevant to this section may result in your
exclusion as a potential KCB supplier.
No. PARTICULARS RESPONSE
8.1
Is the organisation bankrupt or
being wound up, having its
affairs administered by the
court, or have you entered into
an arrangement with creditors,
suspended business activities or
any analogous situation arising
from similar proceedings in
Kenya or the country in which it
is established?
8.2 Please provide a statement of
any material pending or
threatened litigation or other
legal proceedings where the
claim is of a value in excess of
USD 20,000.
8.3 Has any partner, director,
shareholder or employee
whom you would propose to
use to deliver this service been
![Page 56: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/56.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 56
convicted of an offence
concerning his professional
conduct?
8.4 Has any partner, director or
shareholder been the subject
of corruption or fraud
investigations by the police,
Kenya Anti-Corruption Authority
or similar authority in the
country in which your
organisation is established?
8.6 Has the organisation not fulfilled
obligations relating to the
payment of any statutory
deductions or contributions
including income tax as
required under Kenyan law or
the laws of the country in which
it is established?
8.7 Please state if any Director
shareholder/ Partner and / or
Company Secretary of the
Organisation is currently
employed or has been
employed in the past 3 years
by KCB.
8.8 Please state if any Director /
Partner and / or Company
Secretary of the Organisation
has a close relative who is
employed by KCB and who is in
a position to influence the
award of any supply award. A
“close relative” refers to
spouse, parents, siblings and
children
9.0 INSURANCE
Please provide details of your current insurance cover Value
![Page 57: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/57.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 57
9.1
Employer‟s Liability:
9.2
Public Liability:
9.3
Professional Indemnity (if applicable)
9.4 Other (specify)
10.0 EVALUATION
(a) Requirements For Evaluation
The following documents should be attached.
i. Certificate of Incorporation/Business Name Certificate
ii. Trading Certificate
iii. Business Permits
iv. Certificate from relevant regulatory authority (where applicable
v. Manufacturers Authorization /or equivalent (where applicable).
vi. TAX PIN Certificate or equivalent
vii. Tax Compliance certificate or equivalent
viii. Current dealership letter/certification of equipment
ix. List of Directors, telephone and their postal address
x. Form CR 12 as issued by the Registrar of Companies (original) or certified
as true copy
xi. Audited Accounts (Three years)
xii. Bank Account Information
xiii. CVs of Senior Staff
xiv. Organogram/Organization Chart
![Page 58: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/58.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 58
ANNEX 4 – PERFORMANCE SECURITY FORM (FORMAT)
Know all men by these presents that we:
1. .....................................................................................
(Full name & address in block letters) PRINCIPAL
2. .....................................................................................
(Full name & address in block letters) SURETY
are held firmly bound, jointly and in severally, unto Kenya Commercial Bank
Limited in the principal sum of US Dollars
....................................................................................................
for which payment well and truly to be made we bind ourselves firmly by these
presents.
The condition of the above obligations being that should the said <name of
Bidder>
fulfill his /their obligation/s under an agreement entered into between the Kenya
Commercial Bank Limited, and themselves in respect of <<the requirement>>
for Kenya Commercial Bank Ltd. during the period ending
..................................................
and not incur cancellation of the agreement for any cause whatsoever then the
above obligation to be null and void; otherwise to remain in full force and
effect. The validity of this guarantee expires on
............................................................................
which is two months beyond the contract period (i.e. after submission and
acceptance by the Bank of final report).
.......................................................................................
PRINCIPAL (Signature).......................................................................................
Principal‟s Stamp
SURETY (Signature)………………………………………..
![Page 59: REQUEST FOR PROPOSAL (RFP) - KCB Bank Group · PDF file1 commercial on confidence it/march 2014/ supply and implementation of a database and web application security/firewall solution](https://reader033.vdocuments.net/reader033/viewer/2022042707/5a7057037f8b9a93538bedc3/html5/thumbnails/59.jpg)
Commercial in confidence IT/March 2014/ SUPPLY AND IMPLEMENTATION OF A DATABASE AND WEB APPLICATION SECURITY/FIREWALL SOLUTION.
Page 59
SURETY‟s Stamp…………………………………………….
Nairobi this ................. of .............. two thousand and ............................
( The following words should be inserted in the signatory‟s own handwriting)
“Good for the sum* of US Dollars ........................................................”
(*sum to be specified in words & figures)
ANNEX 5 – CERTIFICATE OF COMPLIANCE
All Suppliers should sign the certificate of compliance below and return it
together with the bound tender document.
We___________________________ have read this tender document and agree with
the terms and conditions stipulated therein.
Signature of tenderer -------------------------------------------
Date………………………………………………………….
Company Stamp/Seal.