GEM

Uttarakhand Finance Department Vulnerability & Penetration Testing Tender 2025 - Web & Mobile Apps ATC Compliance

Bid Publish Date

18-Nov-2025, 3:19 pm

Bid End Date

01-Dec-2025, 4:00 pm

Bid Opening Date

01-Dec-2025, 4:30 pm

Location

DEHRADUN , UTTARAKHAND

Progress

Issue18-Nov-2025, 3:19 pm
AwardPending
Explore all 4 tabs to view complete tender details

Quantity

1

Bid Type

Two Packet Bid

Key Highlights

  • ATC-driven scope for Vulnerability and Penetration Testing of Web & Mobile Apps
  • 25% quantity/duration flex at contract issue; 25% post-issuance cap
  • Excess Settlement: allow additional charges up to a defined percentage with documentation
  • No explicit BOQ; relies on ATC and attached terms for scope and invoicing
  • Delivery timeline and exact standards not detailed in available data; refer to ATC
  • Mandatory technical bid aligned to government procurement terms and ATC attachments

Categories 3

INFORMATION SECURITY WEB SECURITY AUDIT

Tender Overview

The Uttarakhand Finance Department invites a Vulnerability and Penetration Testing (VAPT) bid covering Web Applications and Mobile Applications as per Attributable Terms and Conditions (ATC). The procurement scope is described under ATC and Scope with no explicit BOQ items or quantities published. The contract includes a flexible 25% adjustment window for quantity or duration at the contract issue stage, with a follow-on allowance of up to 25% post-issuance. This tender targets qualified security testing vendors capable of dynamic and static assessments, risk assessment, and remediation advisory under government procurement norms in Uttarakhand. A clear differentiator is the formal ATC attachment governing scope and invoicing allowances. Unique aspects include the optional excess settlement mechanism and the explicit quantity/duration adjustment cap.

Technical Specifications & Requirements

  • Category: Vulnerability and Penetration Testing for Web Applications and Mobile Applications as per ATC and Scope
  • Scope reference: ATC document linked to the tender; no itemized BOQ available
  • Testing focus: dynamic (live app testing), static analysis, risk assessment, and remediation guidance per ATC terms
  • Invoicing: Excess Settlement enabled; additional charges up to a defined percentage of item-level total value allowed with required supporting documents during invoice creation
  • Compliance context: Government procurement standards implied by ATC (no explicit standards listed in data)
  • Delivery/Implementation: Not specified in available data; bidders must rely on ATC and attached terms for schedule and milestones

Terms, Conditions & Eligibility

  • Quantity/duration flexibility: Up to 25% increase or decrease at contract issue, and post-issuance adjustments capped at 25%
  • Payment/invoicing: Excess charges allowed up to quoted excess settlement percentage; must declare applicability during invoice creation with supporting documents
  • Documentation: Submit ATC-compliant technical bid; ensure GST, PAN, experience proofs, and security/testing certifications as per tender terms
  • EMD/ Security: No explicit EMD amount published in data; bidders should verify ATC for EMD requirements
  • Compliance: Adhere to ATC document; there is a specific uploaded ATC file referenced but not viewable in provided data
  • Penalties/LD: Not specified in available data; bidders should review ATC for any LD or performance penalties

Key Specifications

  • Product/Service: Vulnerability and Penetration Testing for Web Applications and Mobile Applications

  • Scope reference: ATC document attached to tender (not provided in data)

  • Estimated value: Not disclosed in available data; rely on ATC for value bands

  • Standards/Certifications: Specific standards not listed in data; verify ATC for required certifications

  • Testing outputs: Security assessment report, remediation guidance, risk rating, and traceable results

  • Invoicing: Excess settlement with supporting documents; percentage cap to be defined in ATC

Terms & Conditions

  • 25% quantity/duration adjustment allowed at contract issue

  • Excess settlement invoicing with mandatory supporting documents

  • Submit ATC-compliant technical bid with standard government documents

Important Clauses

Payment Terms

Excess charges allowed up to a defined percentage; declare applicability during invoice creation with supporting documents

Delivery Schedule

Delivery milestones to be defined in ATC; no explicit dates in available data

Penalties/Liquidated Damages

Not specified in current data; review ATC for LD provisions

Bidder Eligibility

  • Proven experience in executing Vulnerability and Penetration Testing for web and mobile apps

  • Ability to comply with government procurement ATC terms and conditions

  • Registered GST, valid PAN, and financial statements (as required)

Past Similar Tenders (Historical Results)

5 found

Vulnerability and Penetration Testing

Bharat Electronics Limited (bel)

GHAZIABAD, UTTAR PRADESH

Posted: 1 August 2025
Closed: 9 September 2025
GEM

Vulnerability and Penetration Testing

Govind Ballabh Pant (g.b. Pant) Institute Of Himalayan Environment And Development (gbpihed)

Posted: 28 May 2025
Closed: 9 June 2025
GEM

Vulnerability and Penetration Testing

North Eastern Electric Power Corporation Limited

EAST KHASI HILLS, MEGHALAYA

Posted: 16 May 2025
Closed: 31 May 2025
GEM

Vulnerability and Penetration Testing

Grid Controller Of India Limited

Posted: 20 May 2025
Closed: 10 June 2025
GEM

Vulnerability and Penetration Testing

Indian Army

WEST DELHI, DELHI

Posted: 26 June 2025
Closed: 7 July 2025
GEM

🤖 AI-Powered Bidder Prediction

Discover companies most likely to bid on this tender

Live AI
Historical Data

Required Documents

1

GST certificate

2

PAN card

3

Experience certificates for similar VAPT projects

4

Financial statements (audited, if available)

5

EMD/ Security deposit documentation as per ATC

6

Technical bid document aligned to ATC requirements

7

OEM authorizations or proof of capability for testing tools (if required by ATC)

Frequently Asked Questions

Key insights about UTTARAKHAND tender market

How to bid for the Uttarakhand VAPT tender in 2025 with ATC terms

Bidders should submit ATC-aligned technical bids, provide GST and PAN, supply experience certificates for web/mobile VAPT, and attach EMD documentation as per ATC. Ensure you understand the 25% quantity/duration flex and the excess settlement invoicing rule with required supporting documents.

What documents are required for VAPT tender submission in Uttarakhand

Submit GST certificate, PAN card, recent experience certificates for similar VAPT projects, audited financial statements if available, security/testing tool capabilities, OEM authorizations if applicable, and the ATC-compliant technical bid reflecting scope and invoicing rules.

What are the testing scope and deliverables for web and mobile VAPT

Testing scope includes vulnerability assessment and penetration testing for web and mobile applications as per ATC. Deliverables should include a detailed security assessment report, risk ratings, remediation guidance, and a traceable set of findings aligned to the ATC requirements.

When is the bid submission timeline and payment terms (VAPT Uttarakhand)

The available data does not publish explicit dates; bidders should monitor ATC attachments for deadlines. Payment terms follow the excess settlement policy; any extra charges require declaration and supporting documents during invoice generation.

What are the EMD requirements for Uttarakhand VAPT procurement

EMD requirements are not specified in the data; bidders must check ATC for exact EMD amount, mode of payment, and submission deadlines to qualify for bid submission.

Which standards or certifications are required for VAPT bidding in this tender

The tender data does not list explicit standards; bidders should refer to the uploaded ATC document, which may specify required certifications and tool capabilities for web and mobile application security testing.

How to handle quantity adjustments in the Uttarakhand VAPT contract

The contract allows a ±25% adjustment in quantity or duration at issue and a further ±25% after issuance. Vendors must accept revised scope and align invoices with the adjusted quantity, ensuring documentation supports any changes.

What should be included in the technical bid for ATC-based VAPT

Include approach to web/mobile VAPT, testing methodologies, toolset details, team CVs, past project summaries, compliance with ATC terms, and clear mapping to risk remediation outputs, plus all required statutory documents.

Similar Tenders

5 found

Vulnerability and Penetration Testing - Network, Web Application, servers; Data Communications and

Tata Memorial Centre

📍 MUMBAI, MAHARASHTRA

EMD: ₹60,000
⏰ Deadline: 2 months left
🛒 Type: Service
View GEM

Indian Bank Vulnerability and Penetration Testing Tender Chennai Tamil Nadu 2025 - RFP Security Testing Services

Indian Bank

📍 CHENNAI, TAMIL NADU

EMD: ₹7.5 L
⏰ Deadline: 3 weeks left
🛒 Type: Service
View GEM

Vulnerability and Penetration Testing - Please refer RFP document, Network, Web Application; Applic

Export Import Bank Of India

📍 MUMBAI, MAHARASHTRA

EMD: ₹50,000
Est: ₹35.0 L
⏰ Deadline: 3 weeks left
🛒 Type: Service
View GEM
Urgent

Vulnerability and Penetration Testing - Windows Application; Security Code Review, Malware Analysis

Institute For Plasma Research

⏰ Deadline: 7 days left
🛒 Type: Service
View GEM

Cyber Security Audit - Cyber Security Audit - Vulnerability Assessment and Penetration Testing VAPT

N/a

Est: ₹30,090
⏰ Deadline: 2 weeks left
🛒 Type: Service
View GEM