Credit Information Corporation Tender

Description May 3, 2024 Request For Quotation No.: 2024-cims(012)-npsvp-0020 Procurement Of Cloud-based Web Application Firewall (waf) Solution (negotiated Procurement – Small Value Procurement) Sir/madam: The Credit Information Corporation Through Credit Information Management Services Invites You To Submit Your Quotation / Offer For The Item/s Described Below Using The Price Proposal Form (see Annex "a") Subject To The Terms And Conditions Stated In The Rfq And Terms Of Reference (see Annex “b”). Qty Uom Particulars Unit Cost (in Php) Approved Budget For The Contract (abc) In Php 1 Lot Procurement Of Cloud-based Web Application Firewall (waf) Solution * With One (1) Website Included * Two (2) Additional Websites * One Hundred Fifty (150) Login Protect Licenses 990,000.00 990,000.00 Contract Duration: One (1) Calendar Year Or May 20, 2025 To May 19, 2025 Delivery Schedule: Thirty (30) Calendar Days Upon Receipt Of Notice To Proceed. Delivery Site: 6f, Exchange Corner Bldg., 107 Va Rufino St. Cor. Esteban St., Legaspi Village, Makati City Submit Your Proposal, Together With The Following Documents, Duly Signed By You Or Your Duly Authorized Representative, Not Later Than May 9, 2024, 5:00 P.m. Philgeps Certificate/number; Mayor’s/business Permit For The Current Year; Latest Income/business Tax Returns; Notarized Omnibus Sworn Statement (annex C); And For Authorized Representatives: Spa (sole Proprietorship/partnership), Secretary’s Certificate Or Board Resolution (corporation). Note: Philgeps Platinum Registration Certificate May Be Submitted In Lieu Of Philgeps Number, And Mayor’s/business Permit For The Current Year Only One (1) Set Of Documents Certified To Be True Copies Of The Original Shall Be Required.  Proposals And Other Documents Required Shall Be Sent Electronically To Procurementunit@creditinfo.gov.ph. Electronically Submitted Proposals And Documents Must Be Submitted On Or Before The Deadline Of Submission As Stated In This Rfq. Upon Determination Of Your Technical, Legal And Financial Eligibility, The Administration Unit Of The Cic Shall Undertake Negotiation With Your Company Based On The Technical Specifications For This Project. Phoebe Ann R. Wagan Administrative Services Officer V Annex "a" Price Proposal Form Date: _________________ Administrative Office Credit Information Corporation 6f, Exchange Corner Bldg., 107 Va Rufino St. Cor. Esteban St., Legaspi Village, Makati City Sir/madam: Having Examined The Request For Quotation No. Rfq No. 2024-cims(012)-npsvp-0020, Which Includes The Technical Specifications, The Receipt Of Which Is Hereby Duly Acknowledged, The Undersigned, Offer To, In Conformity With The Said Request For Quotation For The Sums Stated Hereunder: Qty Uom Particulars Unit Price (in Php) Total Bid Price In Php (inclusive Of Vat) 1 Lot Procurement Of Cloud-based Web Application Firewall (waf) Solution * With One (1) Website Included * Two (2) Additional Websites * One Hundred Fifty (150) Login Protect Licenses Contract Duration: One (1) Calendar Year Or May 20, 2025 To May 19, 2025 Total Bid Price In Words: ______________________________________________________ We Undertake, If Our Proposal Is Accepted, To Deliver The Goods/services As Identified In The Technical Specifications/terms Of Reference And In Accordance With The Delivery Schedule. Our Quotation Includes All Taxes, Duties And/or Levies Payable And Is Valid For A Period Of Thirty (30) Calendar Days Upon Issuance Of This Document. We Understand That The Cic Technical Working Group May Require From Us The Submission Of Documents That Will Prove Our Legal, Financial And Technical Capability To Undertake This Project. Until A Formal Contract Is Prepared And Executed, This Proposal, Together With Your Written Acceptance Thereof And The Notice Of Award, Shall Be Binding Upon Us. We Understand That You Are Not Bound To Accept The Lowest Or Any Proposal You May Receive. Dated This ________________. Signature Of Authorized Representative Printed Name Of Authorized Representative Capacity Duly Authorized To Sign Proposal For And On Behalf Of: ___________________ Annex "b" Compliance Form Technical Specifications Procurement Of Cloud-based Web Application Firewall (waf) Solution 1. Overview The Credit Information Corporation (cic) Is Mandated To Collect And Aggregate Borrower’s Credit Data To Establish The Credit Worthiness Of Borrowers. Cic Needs And Uses A Cloud-based Web Application Firewall (waf) Service That Offers Powerful Way To Protect Critical Web Applications Of Cic, And To Efficiently Manage And Optimize Website Performance Where The Submitting Entities (ses) And Accessing Entities (aes) Access The Credit Data And Reports Securely. Cic Uses The Cloud-based Web Application Firewall (waf) Solution With The Following Features And Capabilities: 99.99% Uptime Can Block Over 600 Million Attacks Per Day Enterprise Reporting And Analytics Security At The Speed Of Devops Flexible Deployment Options Use The Web Application Firewall To Secure: Active And Legacy Applications Third-party Applications Apis & Micro Services Cloud Applications, Containers, Virtual Machines And More 2. Purpose The Cic Aims To Renew The Existing Of Existing Cloud-based Waf Solution To Continually Provide A Secure And Easy-to-manage Technology That Integrate With Other Credit Information System (cis) Infrastructure And Systems Of The Cic To Secure, Protect, And Reduce Web Application Risks While Overcoming Its Limited Budget And Man-power Resources. 3. Scope The Paid License Covers To Receive Professional Services, Product Updates And Versions, And Access To Technical Support For One (1) Year. 4. Definition Of Terms Term Definition Cyber Threats In Computer Security, A Threat Is A Potential Negative Action Or Event Facilitated By A Vulnerability That Results In An Unwanted Impact To A Computer System Or Application Ddos In Computing, A Denial-of-service Attack Is A Cyber-attack In Which The Perpetrator Seeks To Make A Machine Or Network Resource Unavailable To Its Intended Users By Temporarily Or Indefinitely Disrupting Services Of A Host Connected To The Internet. Firewall In Computing, A Firewall Is A Network Security System That Monitors And Controls Incoming And Outgoing Network Traffic Based On Predetermined Security Rules. A Firewall Typically Establishes A Barrier Between A Trusted Network And An Untrusted Network, Such As The Internet. Https Hypertext Transfer Protocol Secure (https) Is An Extension Of The Hypertext Transfer Protocol (http). It Is Used For Secure Communication Over A Computer Network, And Is Widely Used On The Internet. In Https, The Communication Protocol Is Encrypted Using Transport Layer Security (tls) Or, Formerly, Secure Sockets Layer (ssl). The Protocol Is Therefore Also Referred To As Http Over Tls, Or Http Over Ssl. Key Exchange Key Exchange (also Key Establishment) Is A Method In Cryptography By Which Cryptographic Keys Are Exchanged Between Two Parties, Allowing Use Of A Cryptographic Algorithm. Multi-factor Authentication (mfa Or Sometimes 2fa) Multi-factor Authentication Is An Electronic Authentication Method In Which A Computer User Is Granted Access To A Website Or Application Only After Successfully Presenting Two Or More Pieces Of Evidence To An Authentication Mechanism: Knowledge, Possession, And Inherence. Service Level Agreement (sla) A Commitment Between A Service Provider And A Client. Particular Aspects Of The Service – Quality, Availability, Responsibilities – Are Agreed Between The Service Provider And The Service User Web Application Firewall A Web Application Firewall Is A Specific Form Of Application Firewall That Filters, Monitors, And Blocks Http Traffic To And From A Web Service. Website A Collection Of Web Pages And Related Content That Is Identified By A Common Domain Name And Published On At Least One Web Server --definitions Are Retrieved From Wikipedia.com, Techopedia.com 5. Duties And Responsibilities 5.1. Service Provider (sp) The Sp’s Responsibilities With Respect To This Project Are As Follows: The Renewal And Installation Of License Must Be Completed Within Thirty (30) Calendar Days From The Receipt Of The Notice To Proceed (ntp). Otherwise, The Sp Shall Pay A Penalty In The Amount Of One Tenth Of One Percent (1/10 Of 1%) Of The Total Contract Price For Every Calendar Day Of Delay. 5.2. Credit Information Corporation Cic’s Responsibilities With Respect To This Project Are As Follows: Grant The Sp’s Authorized Representative Access To Its Premises, Equipment And Facilities Located Therein To Perform Its Obligations, Provided That Such Representative Shall Be Accompanied By The Duly Assigned Personnel Of The Cic Technical Support Department. Secure The Necessary Access Pass And Building Permit Required By The Building Administrator And Assumes Responsibility For The Safe Custody And Use Of The Equipment. Monitor The Provided Services And Verify If The Parameters Under The Service Level Agreement Are Met And Performed By The Sp. Issuance Of A Certificate Of Inspection And Acceptance To The Sp Upon Successful Completion Of The Testing Certifying That The Sp Conforms To All Requirements Stipulated In This Document. Pursuant To General Procurement Policy Board (gppb) Resolution No. 019-2006 Dated 06 December 2006, At The End Of Each Year, The Cic Will Conduct An Assessment Of The Quality Of Service Provided Particularly The Cost Charged By The Sp And The Range Of Services It Offers Against Other Service Providers In The Area. Conducts Assessment/evaluation Of The Sp 60 Days Before The End Of The Contract. 6. Requirements 6.1. General Items Requirements Statement Of Compliance “comply” Or “not Comply” Proof/evidence Of Compliance 1. Service Provider Duly Notarized Statement That The Sp Has Been In Business Of Providing The Cic’s Existing Cloud-based Web Application Firewall Solution For At Least Five (5) Years Prior To The Deadline For The Submission Of Bids. The Sp Must Establish A Single Point Of Contact Call Center Operations/helpdesk With Hotline Numbers To Provide Timely And Responsive Trouble Reporting, Incident Handling, Problem Escalation And Field Support For All Problem Related Issues. The Sp Must Provide Escalation Or Incident Management Procedures, Including The Complete Names Of Contact Persons, Positions, Email Address, Mobile And Landline Numbers. The Sp Shall Inform Cic Of Any Changes On The Escalation Or Incident Management Procedure Immediately. The Sp Should Provide Unlimited Phone, Email, Chat And Any Form Of Electronic Communications And Messaging Support For One (1) Year. 8x5 (monday To Friday) For Local Support, And 24x7 For International Helpdesk Support. The Sp Should Provide A Consumable 8x5 Onsite Support With Next Business Day Response Time For One Year. Four (4) Visits Of Free Onsite Support During The Contract Period. Implement Recommended Remedial Action, Security Updates, System Upgrades As Needed. 2. Service Delivery Manager The Sp Should Assign A Service Delivery Manager (sdm) To Cic For The Project To Ensure All Requirements Of This Contract Are Successfully Delivered To Cic. The Sdm Should Have At Least Two (2) Year Service Delivery Or Project Management Experience In Handling Similar Project Implementation. (provide Curriculum Vitae And Related Certifications.) 3. Technical Support Staff The Sp Should Assign At Least Two (2) Technical Support/engineers To The Cic Project. They Must Be Permanent Employees Of The Service Provider For At Least One And Half (1 ½) Years. (provide Certificate Of Employment, Updated Curriculum Vitae & Related Certifications.) Technical Requirements Items Requirements Statement Of Compliance “comply” Or “not Comply” Proof/evidence Of Compliance System Overview 1. A Cloud-based Web Application Firewall (waf) Service That Offers Powerful Way To Protect Critical Web Applications And Optimize Website Performance. A) Cloud-based Web Application Firewall (waf) With 1 Website Included B) Two (2) Additional Websites C) One Hundred Fifty (150) Login Protect Licenses. D) Coverage Period: May 20, 2024 - May 19, 2024 2. The Solution Must Leverage Accurate Rule-sets To Protect Websites Against Known And Emerging Cyber Threats, Such As Sql Injection, Cross-site Scripting (xss), Spam, Site Scraping, Malicious Bots, And Other Owasp Top Ten Vulnerabilities 3. Ddos Attack Mitigation And Defense For All Types Of Ddos Attacks. 4. Content Delivery Network Function To Improve Website Responsiveness, Lower Web Server Utilization, And Reduces Bandwidth Consumption. The Solution Should Automatically Cache And Serve Website Content From Distributed Data Centers, To Eliminate Bottlenecks At Central Servers, And Ensure That Website Visitor Is Receiving Content From The Data Center With Closest Proximity To Their Geographical Location. 5. Provides Automated Pci Reporting Without Impacting Web Development Processes And Does Not Require In-house Pci Expertise On Involved Pci Consulting Projects. 6. Cloud-based Deployment. 7. Protect Log-in Pages Of Publicly Available Web Applications With Strong Two-factor Authentication Without Integration, Coding Or Software Changes. End User Should Be Able To Manage And Control Multiple Logins Across Several Websites In A Centralized Manner. 8. Two Factor Authentication Is Supported Using Either Email, Sms Or Google Authenticator. 9. The Solution Must Be The Same With The Existing Cloud-based Waf Solution And Login Protect Licenses Of The Cic. 6.3. Service Level Items Requirements Statement Of Compliance “comply” Or “not Comply” Proof/evidence Of Compliance 1. Change Requests Cr Must Be Acknowledged By The Sp Within Two (2) Hours Upon Receipt, Mondays To Fridays, 8:00-5:00 Pm. 2. Incident Response Help-desk Facility Available Twenty-four By Seven (24x7) To Receive Report On Any Issues Incident Response/support Tickets Relayed Through Helpdesk, Email, Phone, Or Instant Messaging Must Be Acknowledged By The Service Provider Within Two (2) Hours Upon Receipt, And C) Resolve Issues Within Six (6) Hours Upon Acknowledgement. 3. Service Report The Sp Must Provide Service Reports For Each Onsite Or Remote Support Service Performed And Shall Be Verified And Acknowledged By Cic Authorized Personnel. The Sp Shall Submit A Detailed Problem Resolution Report For Every Service Requested Within 24 Hours. It Shall Include Details Of Actions Taken In Resolving The Problem Duly Acknowledged By The Authorized Cic Personnel. 7. Schedule Of Delivery The Service Provider Shall Commence Delivery And Implementation Of The Services Within 30 Calendar Days (lead Time For Delivery For Non-stock Items) Upon Receipt Of The Notice To Proceed. 8. Terms Of Payment Payment Shall Be Made On The Following: Payment Shall Be Made On A One Time Basis Subject To Submission Of Billing Statement And Other Supporting Documents By The Service Provider, Subject To The Issuance Of Certificate Of Satisfactory Service By Cic. The Start Of Billing Shall Be Based On The Date Of Issuance Of “certificate Of Acceptance”. Payment Shall Be Subject To The “warranty” Provisions In The Form Of Retention Money In An Amount Equivalent To At Least One Percent (1%) Of The Contract Price Required In Section 62 Of R.a. 9184 And Its Irr. 9. Contract Termination Both Parties Have The Option Or Terminate The Contract Acceptable To Both Parties Based On The Philippine Government Procurement Reform Act And Its Implementing Rules And Regulations, Gppb Guidelines Or Its Issuances, And Other Philippine Laws As Applicable. Pursuant To Annex I Of The 2016 Revised Implementing Rules And Regulations, As Of 15 July 2022, Of The Republic Act No. 9184, The Cic Reserves The Right To Terminate The Procurement Of Cloud-based Web Application Firewall (waf) Solution On The Following Grounds: Termination By Default: Pursuant To Section 68 Of The 2016 Revised Irr, When Outside Of Force Majeure, The Sp Fails To Deliver Or Perform Any Or All Of The Contract Deliverables Within The Period Specified In The Contract, Or Within Any Extension Thereof Granted By The Cic Pursuant To A Request Made By The Sp Prior To The Delay, And Such Failure Amounts To At Least Ten Percent (10%) Of The Contract Price; Pursuant To Section 68 Of The 2016 Revised Irr, The Sp, As A Result Of The Force Majeure, Is Unable To Deliver Or Perform Any Or All Of The Contract Deliverables, Amounting To At Least Ten Percent (10%) Of The Contract Price, For A Period Of Not Less Than Sixty (60) Calendar Days After Receipt Of Notice From The Cic Stating That The Circumstances Of Force Majeure Is Deemed To Have Ceases; Or The Sp Fails To Perform Any Other Obligation Under The Contract. Termination For Convenience, In Whole Or In Part. If The Cic Has Determined The Existence Of Conditions That Make The Contract Implementation Economically, Financially Or Technically Impractical And/or Unnecessary, Such As, But Not Limited To, Fortuitous Event/s Or Changes In Law And National Government Policies. Termination For Insolvency. If The Sp Is Declared Bankrupt Or Insolvent As Determined With Finality By A Court Of Competent Jurisdiction. Termination For Unlawful Acts. In Case It Is Determined Prima Facie That The Sp Engaged, Before Or During The Implementation Of The Contract, In Unlawful Deeds And Behaviors Relative To Contract Acquisition And Implementation. Statement Of Compliance Dated This ________________. Signature Of Authorized Representative Printed Name Of Authorized Representative Capacity Duly Authorized To Sign Compliance For And On Behalf Of: ___________________ Annex "c" Omnibus Sworn Statement Republic Of The Philippines ) City/municipality Of ______ ) S.s. Affidavit I, [name Of Affiant], Of Legal Age, [civil Status], [nationality], And Residing At [address Of Affiant], After Having Been Duly Sworn In Accordance With Law, Do Hereby Depose And State That: [select One, Delete The Other:] [if A Sole Proprietorship:] I Am The Sole Proprietor Or Authorized Representative Of [name Of Bidder] With Office Address At [address Of Bidder]; [if A Partnership, Corporation, Cooperative, Or Joint Venture:] I Am The Duly Authorized And Designated Representative Of [name Of Bidder] With Office Address At [address Of Bidder]; [select One, Delete The Other:] [if A Sole Proprietorship:] As The Owner And Sole Proprietor, Or Authorized Representative Of [name Of Bidder], I Have Full Power And Authority To Do, Execute And Perform Any And All Acts Necessary To Participate, Submit The Bid, And To Sign And Execute The Ensuing Contract For [name Of The Project] Of The [name Of The Procuring Entity], As Shown In The Attached Duly Notarized Special Power Of Attorney; [if A Partnership, Corporation, Cooperative, Or Joint Venture:] I Am Granted Full Power And Authority To Do, Execute And Perform Any And All Acts Necessary To Participate, Submit The Bid, And To Sign And Execute The Ensuing Contract For [name Of The Project] Of The [name Of The Procuring Entity], As Shown In The Attached [state Title Of Attached Document Showing Proof Of Authorization (e.g., Duly Notarized Secretary’s Certificate, Board/partnership Resolution, Or Special Power Of Attorney, Whichever Is Applicable;)]; [name Of Bidder] Is Not “blacklisted” Or Barred From Bidding By The Government Of The Philippines Or Any Of Its Agencies, Offices, Corporations, Or Local Government Units, Foreign Government/foreign Or International Financing Institution Whose Blacklisting Rules Have Been Recognized By The Government Procurement Policy Board, By Itself Or By Relation, Membership, Association, Affiliation, Or Controlling Interest With Another Blacklisted Person Or Entity As Defined And Provided For In The Uniform Guidelines On Blacklisting; Each Of The Documents Submitted In Satisfaction Of The Bidding Requirements Is An Authentic Copy Of The Original, Complete, And All Statements And Information Provided Therein Are True And Correct; [name Of Bidder] Is Authorizing The Head Of The Procuring Entity Or Its Duly Authorized Representative(s) To Verify All The Documents Submitted; [select One, Delete The Rest:] [if A Sole Proprietorship:] The Owner Or Sole Proprietor Is Not Related To The Head Of The Procuring Entity, Procurement Agent If Engaged, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree; [if A Partnership Or Cooperative:] None Of The Officers And Members Of [name Of Bidder] Is Related To The Head Of The Procuring Entity, Procurement Agent If Engaged, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree; [if A Corporation Or Joint Venture:] None Of The Officers, Directors, And Controlling Stockholders Of [name Of Bidder] Is Related To The Head Of The Procuring Entity, Procurement Agent If Engaged, Members Of The Bids And Awards Committee (bac), The Technical Working Group, And The Bac Secretariat, The Head Of The Project Management Office Or The End-user Unit, And The Project Consultants By Consanguinity Or Affinity Up To The Third Civil Degree; [name Of Bidder] Complies With Existing Labor Laws And Standards; And [name Of Bidder] Is Aware Of And Has Undertaken The Responsibilities As A Bidder In Compliance With The Philippine Bidding Documents, Which Includes: Carefully Examining All Of The Bidding Documents; Acknowledging All Conditions, Local Or Otherwise, Affecting The Implementation Of The Contract; Making An Estimate Of The Facilities Available And Needed For The Contract To Be Bid, If Any; And Inquiring Or Securing Supplemental/bid Bulletin(s) Issued For The [name Of The Project]. [name Of Bidder] Did Not Give Or Pay Directly Or Indirectly, Any Commission, Amount, Fee, Or Any Form Of Consideration, Pecuniary Or Otherwise, To Any Person Or Official, Personnel Or Representative Of The Government In Relation To Any Procurement Project Or Activity. In Case Advance Payment Was Made Or Given, Failure To Perform Or Deliver Any Of The Obligations And Undertakings In The Contract Shall Be Sufficient Grounds To Constitute Criminal Liability For Swindling (estafa) Or The Commission Of Fraud With Unfaithfulness Or Abuse Of Confidence Through Misappropriating Or Converting Any Payment Received By A Person Or Entity Under An Obligation Involving The Duty To Deliver Certain Goods Or Services, To The Prejudice Of The Public And The Government Of The Philippines Pursuant To Article 315 Of Act No. 3815 S. 1930, As Amended, Or The Revised Penal Code. In Witness Whereof, I Have Hereunto Set My Hand This __ Day Of ___, 20__ At ____________, Philippines. _____________________________________ Bidder’s Representative/authorized Signatory Subscribed And Sworn To Before Me This __ Day Of [month] [year] At [place Of Execution], Philippines. Affiant/s Is/are Personally Known To Me And Was/were Identified By Me Through Competent Evidence Of Identity As Defined In The 2004 Rules On Notarial Practice (a.m. No. 02-8-13-sc). Affiant/s Exhibited To Me His/her [insert Type Of Government Identification Card Used], With His/her Photograph And Signature Appearing Thereon, With No. ______ . Witness My Hand And Seal This ___ Day Of [month] [year]. Name Of Notary Public Doc. No. ___ Page No. ___ Book No. ___ Series Of ____. Note: “sec. 12. Competent Evidence Of Identity – The Phrase “competent Evidence Of Identity” Refers To The Identification Of An Individual Based On: At Least One Current Identification Document Issued By An Official Agency Bearing The Photograph And Signature Of The Individual, Such As But Not Limited To, Passport, Driver’s License, Professional Regulations Commission Id, National Bureau Of Investigation Clearance, Police Clearance, Postal Id, Voter’s Id, Barangay Certification, Government Service And Insurance System (gsis) E-card, Social Security System (sss) Card, Philhealth Card, Senior Citizen Card, Overseas Workers Welfare Administration (owwa) Id, Ofw Id, Seaman’s Book, Alien Certificate Of Registration/immigrant Certificate Of Registration, Government Office Id, Certification From The National Council For The Welfare Of Disabled Persons (ncwdp), Department Of Social Welfare And Development (dswd) Certification; The Board Resolution Or Secretary’s Certificate Referring To The Said Board Resolution Designating The Bidder’s Authorized Representative And Signatory Need Not Specifically Indicate The Particular Project Where Such Authority Is Given Provided That The Said Authority Covers Activities By Cic.