National Disaster Response Force Cyber Security Audit Tender Gadarpur Uttarakhand 2026 IS CERT-In Empaneled Auditor

Tender Overview

Organization: National Disaster Response Force (ndrf) under the Central Armed Police Forces. Product/Service: External cyber security audit (VAPT) for 15th BN NDRF at Gadarpur, Uttarakhand. Quantity/Scope: IT assets include 79 desktops, 3 laptops, 1 firewall, 1 24-Port switch, 5 x 8-Port non-manageable switches, 5 wifi routers, and 3 photocopiers. Estimated Value: ₹100,000. Location: Gadarpur, Uttarakhand. Audit Mode: Hybrid (on-site and off-site). Key Differentiator: Must be conducted by a CERT-In empaneled auditor with detailed audit methodology, logs, and evidence delivery. Unique deliverables cover VAPT plan, configuration reviews, API security assessment, and risk reports. This tender requires GeM portal submission and adherence to central government cyber guidelines.

Technical Specifications & Requirements

• Audit Type: Vulnerability Assessment and Penetration Testing (VAPT) with on-site/off-site hybrid approach.
• Equipment Covered: Desktop Computers (79), Laptops (3), Firewall (1), 24 Port Manageable Switch (1), 8 Port Non-manageable Switch (5), WiFi Router (5), Photostat Machine (3).
• Auditor Credentials: CERT-In empanelment certificate (valid), Auditor identity, CES certified letter, audit authorization letter, NDA, Data Confidentiality declaration.
• Deliverables: VAPT plan with logs, configuration review (server/network/DB/app), application/API security assessment, risk/threat/vulnerability report, audit methodology and tools/techniques list, deployment plan.
• Documentation: Audit plan, tool list, methodology, and evidence pockets; past govt audit experience; audit agency registration.
• Standards/Compliance: Must align with central government cyber security guidelines and CERT-In requirements.

Terms, Conditions & Eligibility

• 25% Clause: Buyer may adjust contract quantity or duration by up to 25%; increases require service provider consent for lump-sum contracts.
• EMD / Submissions: Upload of required certificates and documents (ATC/Corrigendum) is mandatory; bid may be rejected otherwise.
• Eligibility: CERT-In empaneled auditor with government sector audit experience; NDA and data confidentiality compliance.
• Deliverables Timeline: Audit plan and methodology to be provided; detailed schedule to be prepared by auditor; final deliverables include plan, logs, and risk reports.
• Other: Compliance with GeM portal submission; adherence to central government guidelines; no explicit dates provided in tender text.