GEM

Bhakra Beas Management Board Cyber Security Audit Tender Chandigarh 2025 – Onsite IT Infra Risk Assessment & VAPT

Posted

23 Oct 2025, 05:42 pm

Deadline

13 Nov 2025, 04:00 pm

Value

₹2,30,100

Location

CHANDIGARH , CHANDIGARH

Progress

Issue23 Oct 2025, 05:42 pm
AwardPending
Explore all 4 tabs to view complete tender details

Quantity

1

Bid Type

Two Packet Bid

Categories 1

SECURITY AUDIT

Tender Overview

The Bhakra Beas Management Board (BBMB) in Chandigarh invites bids for an onsite cyber security audit of its IT infrastructure, including a Data Center at Head Office, and the LAN/WAN network across Chandigarh and project sites such as Nangal, Talwara, and Sundernagar. The scope covers Vulnerability Assessment & Penetration Testing (VAPT) of IT infrastructure and application software, with deliverables comprising official audit reports aligned to the stated scope. Estimated contract value is ₹230,100. The procurement emphasizes on-site execution (except external penetration testing), certificate submissions on malicious code, and strict adherence to ATC/SOW documents. The contract quantity and duration flexibility up to 25% are clearly allowed by the buyer.

Technical Specifications & Requirements

  • Onsite cyber security audit of BBMB IT infrastructure, including the Data Center at Head Office, Sec 19-B, Chandigarh
  • Scope spans Chandigarh city network and additional project locations: Nangal, Talwara, Sundernagar, etc.
  • Includes Vulnerability Assessment & Penetration Testing (VAPT) of IT infrastructure and application software
  • Deliverables: final audit reports confirming adherence to the defined scope
  • Mandatory certificates: Malicious Code Certificate requisite, confirming absence of embedded malware
  • Exclusions noted: External Penetration Testing as per bid document; onsite performance required
  • Mandatory documentation and ATC compliance for bid submission

Terms, Conditions & Eligibility

  • Quantity/duration adjustment allowed up to 25% at contract issue and can be increased within the same limit post-issue
  • Mandatory Malicious Code Certificate to confirm no embedded malware or IPR violations
  • Past project experience acceptable via multiple document types (contract copy, client execution certificate, or equivalent)
  • Deliverables include comprehensive onsite audit reports and VAPT findings as per SOW
  • EMD amount not disclosed in tender data; bidders must verify submission requirements in ATC/Corrigendum
  • Failure to upload required certificates/documents can lead to bid rejection

Key Specifications

  • Product/Service: Onsite cyber security audit with VAPT

  • Locations: Data Center Head Office Chandigarh, LAN/WAN in Chandigarh, Nangal, Talwara, Sundernagar

  • Scope: IT infrastructure and application software audit, excluding external penetration testing

  • Deliverables: final audit reports confirming scope compliance

  • Certifications: Malicious Code Certificate required; ensure no embedded malware or IPR infringements

Terms & Conditions

  • EMD amount not disclosed; verify submission requirements in ATC

  • Contract quantity/duration may change up to 25% during issuance or post-issuance

  • Onsite audit only; external penetration testing excluded per bid document

  • Mandatory Malicious Code Certificate to certify code integrity

  • Past experience evidenced by contracts, execution certificates, or alternative proofs

  • Bid documents must include required certificates and ATC/Corrigendum compliance

Important Clauses

Malicious Code Certificate

Bidder must certify absence of embedded malicious code in hardware/software and potential IPR infringement; breach may trigger contract termination and liability for damages.

Scope of Work (SOW)

Onsite cyber security audit of BBMB IT infrastructure and LAN/WAN; VAPT included for IT infra and applications; external penetration testing excluded.

Quantity/Duration Variance

Buyer may adjust contract quantity or duration by up to 25% at contract issuance and within same limit post-issuance.

Bidder Eligibility

  • Proven experience in delivering onsite cyber security audits for government or large enterprises

  • Capability to perform VAPT on data centers and enterprise LAN/WAN environments

  • Submission of required certificates (including Malicious Code Certificate) and ATC-compliant documents

AI-Powered Bidder Prediction

Companies most likely to bid

Unlock Bidder Insights

AI predictions on likely bidders

Required Documents

1

Experience Criteria

2

Bidder Turnover

3

Certificate (Requested in ATC)

4

Additional Doc 1 (Requested in ATC)

5

Additional Doc 2 (Requested in ATC)

6

Additional Doc 3 (Requested in ATC)

7

Additional Doc 4 (Requested in ATC) *In case any bidder is seeking exemption from Experience / Turnover Criteria

8

the supporting documents to prove his eligibility for exemption must be uploaded for evaluation by the buyer

Frequently Asked Questions

How to bid for Chandigarh cyber security audit tender with VAPT at BBMB?

Bidders should submit ATC-compliant documents, including Malicious Code Certificate, past experience proof, GST and PAN, and any OEM authorizations. Ensure onsite audit delivery plan covers Data Center at Head Office and LAN/WAN at Chandigarh plus project sites, with final audit reports within scope.

What documents are required for BBMB cyber security audit bid 2025?

Prepare GST certificate, PAN card, experience certificates or client execution certificates, financial statements, EMD details (if required), technical bid documents, and any OEM authorizations; upload Malicious Code Certificate and ATC-compliant forms as specified.

What are the key technical requirements for BBMB VAPT audit bid?

The bidder must perform an onsite cyber security audit including VAPT of BBMB IT infrastructure and applications, covering Data Center and LAN/WAN across Chandigarh and project sites, delivering final audit reports with scope confirmation; external penetration testing is excluded per terms.

When is the delivery/report submission deadline for BBMB audit?

Delivery timelines are defined in the ATC; ensure compliance with onsite audit completion and submission of final audit reports confirming scope adherence as per SOW.

What are the EMD and payment terms for BBMB procurement?

EMD amount is not disclosed in tender data; verify in the official bid document. Payment terms are governed by the contract; look for milestone or final payment conditions in the ATC/SOW.

Which locations are included in BBMB onsite cyber security audit scope?

Scope includes Data Center at BBMB Head Office, Chandigarh, plus LAN/WAN networks in Chandigarh and project locations such as Nangal, Talwara, Sundernagar; the audit must be onsite with deliverables as specified.

What certificates are mandatory for BBMB cyber security bid submission?

Mandatory Malicious Code Certificate must be uploaded; ensure all required certificates per bid document, ATC, and corrigenda are provided to avoid rejection.

What is the scope exclusion for BBMB cybersecurity bid?

External Penetration Testing is excluded from the scope; the bidder will conduct onsite audit and VAPT within BBMB IT infrastructure and applications.

Similar Tenders

Cyber Security Audit - Infrastructure Audit, Security and Compliance Audit

Central Armed Police Forces

LATEHAR, JHARKHAND

Est: ₹50,000
View Details

Cyber Security Audit - Infrastructure Audit, Security and Compliance Audit

Department of Economic Affairs

HOSHANGABAD, MADHYA PRADESH

Est: ₹6.0 L
View Details