Annexures

Annexure 1. Format for sending query to APDCL

[Query shall be sent via email to [email protected] and it must include the queries in an excel (spreadsheet)
format]
From:

[Reference No.]

[Address of the Bidder]

[Telephone No., Fax No., Email] [Date]

To:

The Chief General Manager (PP&D)

Assam Power Distribution Company Limited,
6th Floor, Bijulee Bhawan,
Paltanbazar Guwahati, Assam

Sub: Query.
Ref: Your Tender No. [Insert NIT No.] (the “BID DOCUMENT”).

Dear Sir,

Please find below our query with respect to the BID DOCUMENT subject to the terms and conditions therein:

BID Reference Page No. Concise Query Justification

Sr. DOCUMENT Clause No.

1.

2.

3.

Thanking you,

Sincerely yours,

[Insert Signature here] [Insert Name here] [Insert Designation here]

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 97 of 115
 Annexure 2: Format of Covering Letter by bidder for submission of Bid

[Covering Letter shall be on the official letter head of the bidder] Reference No.]
[From:
[Address of the bidder] [TelephoneNo.,
Fax No., Email][Date]

To:
The Chief General Manager (PP&D)
Assam Power Distribution Company Limited
6th Floor, Bijulee Bhawan, Paltanbazar Guwahati, Assam

Sub: Bid for AI/ML POWERED BUSINESS INTELLGIENCE ANALYTICS SOLUTION for APDCL

Ref: Your Tender No. [Insert NIT No.]

Dear Sir,

We,the undersigned...................................... [Insert name of the bidder] having read, examined and understood in
detail the BID DOCUMENT for AI/ML POWERED BUSINESS INTELLIGENCE ANALYTICS SOLUTION for
APDCL hereby submit our Bid comprising of Technical and Financial Bids.

1. We give our unconditional acceptance to the BID DOCUMENT including but not limited to all its instructions,
terms and conditions, and formats attached thereto ,issued by APDCL, as amended.In token of our acceptance to the
BID DOCUMENT, the same have been initialed by us and enclosed to the Bid. We shall ensure that we shall execute
such requirements as per the provisions of the BID DOCUMENT and provisions of such BID DOCUMENT shall be
binding onus.

2. Fulfillment of BID DOCUMENT Eligibility

We undertake that we fulfill the Eligibility Criteria stipulated in the BID DOCUMENT

3. EMD
We have deposited EMD and Tender Processing fees of Rupees ……..Only(Rs. .................) via reference
number

4. No Deviation
We have submitted our Financial Bid strictly as per terms and formats of the BID DOCUMENT, without any
deviations, conditions and without mentioning any assumptions or notes for the Financial Bid in the said format.

5. Acceptance
We hereby unconditionally and irrevocably agree and accept that the decision made by APDCL in respect of any
matter regarding or arising out of the BID DOCUMENT shall be binding on us.We hereby expressly waive any and
all claims in respect of Bid process.

We confirm that there are no litigations or disputes against us, which materially affect our ability to fulfill our
obligations with regard to fulfilling our obligations as per the BID DOCUMENT.

6. Familiarity with Relevant Indian Laws and Regulations

We confirm that we have studied the provisions of the relevant Indian laws and regulations as required to enable us to
submit this Bid and execute the BID DOCUMENT Documents, in the event of our selection as Selected Bidder. We
further undertake and agree that all such factors as mentioned in the BID DOCUMENT have been fully examined
and considered while submitting the Bid.

7. Contact Person
Details of the contact person representing us supported by the Power of Attorney prescribed in the BID DOCUMENT
are furnished as under:

Name :………………………………………………….
Designation :……………………………………………
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 98 of 115
Company :…………………………………………
Address :……………………………………………
………………………………………………….
…………………………………………………. Mobile : ………………………………………… Phone :
……………………………………………… Fax :…………………………………………
Email : ………………………………………………….

8. We are submitting here with the Technical Bid containing duly signed formats(duly attested) as desired by you
in the BID DOCUMENT for your consideration.

9. We are also submitting herewith the Financial Bid in electronic form, as per the terms and conditions in the BID
DOCUMENT.

10. It is confirmed that our Bid is consistent with all the requirements of submission as stated in the BID
DOCUMENT and subsequent communications from APDCL.

11. The information submitted in our Bid is complete, strictly as per the requirements stipulated in the BID
DOCUMENT and is correct to the best of our knowledge and understanding. We would be solely responsible for any
errors or omissions in our Bid.

12. We confirm that all the terms and conditions of our Bid are valid for acceptance for a period of one (1) year from
the Bid Submission Deadline.

13. We confirm that we have not taken any deviation so as to be deemed non- responsive with respect to the
provisions stipulated in the BIDDOCUMENT.

14. We confirm that no order/ ruling has been passed by any Competent Court or Appropriate Commission against
us in the preceding one (1) year from the Bid Submission Deadline for breach of any contract and that the Bid
Security submitted by the us has not been forfeited, either partly or wholly,in any bid process in the preceding one (1)
year from the Bid Submission Deadline.

Dated the ……………. [Insert date of the month] day of ……………. [Insert month, year] at …………….
[Insert place]. Thanking you,
Sincerely yours,

[Insert Signature here]

[Insert Name here]
[Insert Designation here]

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 99 of 115
 Annexure 3: Format of Power of Attorney by the bidder authorizing an
Individual as Designated Representative for the bidder.

[To be on non-judicial stamp paper of Rupees One Hundred Only (INR 100/-) or appropriate value as per Stamp Act
relevant to place of execution. Foreign companies submitting Bids are required to follow the applicable law in their
country.]

Know all men by these presents,we ..................................................................................................... [Insert

Name and address of the registered office of the bidder] do hereby constitute, appoint, nominate and authorize
Mr./Ms ................................................................................................................................................... [Insert
name and residential address], who is presently employed with us and holding the position of as our true
and lawful attorney,
to do in our name and on our behalf, all such acts, deeds and things necessary in connection with or incidental to
submission of our Bid in response to Tender No.
………….. (the “BID DOCUMENT”) dated ………..for AI/ML POWERED BUSINESS INTELLIGENCE
ANALYTICS SOLUTION for APDCL (the “Project”) issued by the Assam Power Distribution Company Limited
(APDCL), including signing and submission of the Bid and all other documents related to the Bid, including but not
limited to undertakings, letters, certificates, acceptances, clarifications, guarantees or any other document which
APDCL may require us to submit. The aforesaid attorney is further authorized for making representations to APDCL,
and providing information / responses to APDCL, representing us in all matters before APDCL, and generally
dealing with APDCL in all matters in connection with our Bid till the completion of the bidding process as per the
terms of the BID DOCUMENT.

We hereby agree to ratify all acts, deeds and things done by our said attorney pursuant to this Power of Attorney and
that all acts, deeds and things done by our aforesaid attorney shall be binding on us and shall always be deemed to
have been done by us.

All the terms used herein but not defined shall have the meaning ascribed to such terms under the BID DOCUMENT.

Signed by the within named ...................................................................... [Insert the name of the

executant company] through the hand of Mr .......................................................................................... duly
authorized by the Board to issue such Power of Attorney dated this
………………………. day of ………

Accepted

…………………………… (Signature of Attorney)

[Insert Name, designation and address of the Attorney]

Attested

………………………………….. (Signature of the executant)

(Name, designation and address of the executant)

…………………………………….
Signature and stamp of Notary of the place of execution

Commonseal of ..................................... has been affixed in my/our presence pursuant to

Board of Director’s Resolution dated……

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 100 of 115
WITNESS:
1 (Signature)
Name ………………………………….
Designation...........…………………..

2 (Signature)
Name ………………………………….
Designation...........…………………..

Notes:
 The mode of execution of the power of attorney should be in accordance with the procedure, if any, laid
down by the applicable law and the charter documents of the executant(s).
 In the event, power of attorney has been executed outside India, the same needs to be duly notarized by a
notary public of the jurisdiction where it is executed.
 Also, wherever required, the executant(s) should submit for verification the extract of the charter documents
and documents such as a Board resolution/power of attorney, in favour of the person executing this power
of attorney for delegation of power hereunder on behalf of the executant(s).

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 101 of 115
 Annexure 4: Format of Bill of Quantities (BoQ)

Item Unit Qty

Software Modules
Nos.
Data Management Software Module : License (Perpetual) 1
Nos.
Advanced Analytics Software Module : License (Perpetual) 1
Nos.
Data Warehouse Software Module : License (Perpetual) 1
Nos.
Visualization & Reporting Software Module : License (Perpetual) 1
Nos.
Alert & Investigation framework Software Module : License (Perpetual) 1
Analytics for forecasting and Demand Planning Software Module : License Nos.
1
(Perpetual)
Implementation
AU
Implementation Cost 1
(Activity Unit)
Provisioning and Implementation of Cloud and hosting of the above modules till AU
1
Go-Live
FMS Support (2 yrs. post Go-Live)
AU
Yearly Support Post Go-Live (2 years)
 Software Support for Implemented Analytics Solution 1
 Maintaining 24 x 7 uptime of the entire system

Cloud Infrastructure Provision, Management and Monitoring for 2 yrs. post Go- AU
1
Live

Note: Total cost for 3 years calculated on the basis of estimated effective quantity will be considered for financial evaluation;
however, LoA will be awarded on the unit rates quoted by the selected bidder against each item.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 102 of 115
 Annexure 5: Quoted Prices for the Financial Bid

To be submitted online as per the BoQ

Annexure 6: Format of Performance Security to be provided by selected Bidder

[To be on non-judicial stamp paper of Rupees One Hundred Only (INR 100/-) duly signed on each page.
Foreign entities submitting Bid are required to follow the applicable law in their country]

ReferenceNo. ……………. Bank Guarantee No.……………. Dated:…………….

To

The Chief General Manager (PP&D)

Assam Power Distribution Company Limited
6th Floor ,Bijulee Bhawan,
Paltanbazar Guwahati, Assam

Dear Sir,

WHEREAS……………. [Insert name of the bidder] having its registered office at …………..
[Insert address of the Bidder] (hereinafter, the “Contractor”), subsequent to participation in Tender No.
………………… dated ……………… (the “BID DOCUMENT”) issued by Assam Power Distribution
Company Limited (“APDCL”) (hereinafter, the “Beneficiary”) for ‘AI/ML POWERED BUSINESS
INTELLIGENCE ANALYTICS SOLUTION for APDCL’, have been issued the Letter of Award as the
Selected Bidder.

And WHEREAS a Bank Guarantee for Rupees ……………. [Insert amount in words] (…………….)
[Insert amount in figures] valid till……………. [Insert date ]is required to be submitted by the Contractor
as per the terms and conditions of the BIDDOCUMENT.

We, …………….[Insert name of the Bank and address of the Branch giving the Bank Guarantee] having
our registered office at ......................................................................... [Insert address of the registered office
Of the Bank]hereby give this Bank Guarantee No…………. [Insert Bank Guarantee number]
dated …………….[Insert the date of the Bank Guarantee], and hereby agree unequivocally and
unconditionally to pay immediately on demand in writing from the Beneficiary any officer authorized by it
in this behalf any amount not exceeding Rupee [Insert amount in words]( ........................................................... )
[Insert amount in figures]to the said Beneficiary on behalf of the Contractor.

We ........................... [Insert name of the Bank ]al so agree that with drawal of the Bid or part thereof by the
Bidder within its validity or non-submission of Performance Security by the Bidder within the stipulated
time of the Letter of Award to the Bidder or any violation to the relevant terms stipulated in the BID
DOCUMENT would constitute ade fault on the part of the Bidder and that this Bank Guarantee is liable to
be invoked and encashed within its validity by the Beneficiary
incaseofanyoccurrenceofadefaultonthepartoftheBidderandthattheencashedamount is liable to be forfeited by
the Beneficiary.

This agreement shall be valid and binding on this Bank up to and inclusive of…………..
[Insert the date of validity of the Bank]and shall not be terminable by notice or by Guarantor change in the
constitution of the Bank or the firm of the Bidder Or by any reason whatsoever and our liability hereunder
shall not be impaired or discharged by any extension of time or variations or alternations made, given,
conceded with or without our knowledge or consent by or between the Bidder and the Beneficiary.

NOTWITHSTANDING anything contained hereinbefore, our liability under this guarantee is restricted to
Rupees [To be inserted by the selected bidder] only .Our Guarantee shall remain in force till 39 (Thirty

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 103 of 115
Nine) months from the date of issue of this Performance Guarantee. Unless demands or claims under this
Bank Guarantee are made to us in writing on or before 39 (Thirty Nine) months and one month from the
date of issue of this Performance Guarantee], all rights of the Beneficiary under this Bank Guarantee shall
be forfeited and we shall be released and discharged from all liabilities there under.

[Insert the address of the Bank with complete postal branch code, telephone and fax numbers, and official
round seal of the Bank]

Attested:
[Insert signature of the Bank’s Authorized Signatory …………………. [Signature] (Notary Public)

Place:…………………………. Date:
…………………………….

INSTRUCTIONS FOR SUBMITTING BANK GUARANTEE

1. Bank Guarantee to be executed on non-judicial stamp paper of appropriate value as per Stamp Act
relevant to place of execution. Foreign entities submitting Bids are required to follow the applicable law in
their country.
2. The Bank Guarantee by Bidder shall be given from Nationalized Banks authorized by RBI.
3. The Banks shall be the recognized or notified by the Finance Department, Government of Assam
from time to time.
4. The bank must have a registered branch office in Guwahati, Assam.
5. The full address along with the Telex/Fax No. and e-mail address of the issuing bank to be mentioned.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 104 of 115
 Annexure-7 NON-DISCLOSURE AGREEMENT

(To be on a non-judicial stamp paper of Rs.100/-)

This Non-Disclosure Agreement (“Agreement”)pursuant to the contract for ‘AI/ML POWERED BUSINESS
INTELLIGENCE ANALYTICS SOLUTION for APDCL’ for which bid was invited vide NIT No.xxxxxxxxxx, dated
this ... day of ....... (“Effective Date”), is made by and between:

Assam Power Distribution Company Limited., a company incorporated under the Companies Act, 1956 and having its
th
registered office at 4 Floor, Bijulee Bhawan, Paltan Bazar, Guwahati- 781001, Assam (hereinafter referred to as
“APDCL”);

and

XXXXXXXXXXXXXXX a company incorporated under the Companies Act, having its registered office at
___________________________________________________ (herein after referred as “VENDOR”);

APDCL and VENDOR will collectively be referred to as “Parties” and individually as “Party” and shall, wherever the
context admits, mean and include their respective successors-in-interest and permitted assigns.

WHEREAS, during the course of discussions among the Parties relating to award of work order to vendor for door to
door survey of consumers, the vendor may be disclosed to the information including the data of consumers, it may
consider proprietary and confidential.

APDCL disclosing the information shall be referred to as “Disclosing Party” and the VENDOR receiving the
information shall be referred to as the “Recipient/Receiving Party”.

NOW IN CONSIDERATION OF THE PREMISES, AND MUTUAL AGREEMENTS CONTAINED HEREIN,

DISCLOSING PARTY AND RECIPIENT PARTY AGREE AS FOLLOWS:

1. "Confidential Information" shall mean all information of the Disclosing Party/APDCL, including any
commercial, financial, technical or other information relating to the past, present and future research,
development, business activities, products, and services of the Disclosing Party, which is disclosed to the
Recipient in connection with the Business Purpose (whether disclosed orally or in any other form
whatsoever, including without limitation data, drawings, films, documents and computer readable media)
and which is marked or otherwise designated as confidential or proprietary or is reasonably understood to be
of confidential or proprietary nature. This will include all information/data collected from the consumers of
APDCL. Any discussions, whether formal or informal, between the Parties in respect of the subject matter
hereof are embodied in the definition of the Confidential Information. Oral disclosures of the Information
may be reduced to writing by the Disclosing Party and designated as confidential to the Receiving Party
within thirty (30) days of it being disclosed.
2. The Vendor undertakes the following in respect of Confidential Information for which it is the Recipient:

a) To treat Confidential Information of APDCL and Its consumers as confidential, using the same degree
of care as it uses for its own confidential information of like kind, but no event less than reasonable
care;
b) Not without the APDCL’s prior written consent, to communicate or disclose any Confidential
Information to any person except:
i. only to those employees of the Recipient’s organization, on a reasonable need to know basis,
who are concerned with the Business Purpose;
ii. where the Recipient is ordered by a court of competent jurisdiction to do so, or there is a
statutory obligation to do so, except that the Recipient shall promptly inform the Disclosing
Party in writing before any disclosure and shall provide the Disclosing Party reasonable
assistance so that Disclosing Party may seek a protective order or other appropriate remedy
and/or waive compliance with the provisions of this Agreement before any disclosure under
such order or obligation is made; and
c) to ensure that all Parties mentioned in paragraph (b) above are made aware, prior to the disclosure of
such Confidential Information, of the confidential nature thereof and agree to hold such Confidential

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 105 of 115
 Information in strict confidence in accordance with the terms of this Agreement and to use its
reasonable endeavours to ensure that such Parties comply with their obligations.
d) not to use or circulate such Confidential Information within its own organisation except solely to the
extent necessary for the Business Purpose or any other purpose APDCL may hereafter expressly
authorise in writing;
e) to effect and maintain adequate security measures to safeguard such Confidential Information from
unauthorised access, disclosure, use and misappropriation and to notify the Disclosing Party of any
unauthorized use of disclosure; and
f) not to copy or reproduce the Confidential Information of APDCL or its consumers, without the
APDCL’s prior written consent.
g) ensure that, except for the purposes of this agreement, all copies of Information shall only be
reproduced after APDCL’s prior written consent, may bear the original legend, marking, stamp or other
positive written identification on the face thereof indicating that the Information therein is proprietary
information of the Disclosing Party.

3. The above restrictions shall not apply to information (including, but not limited to, ideas, concepts, know-how,
techniques, and methodologies) that: (a) is or has becomes publicly known or part of the public domain through no
fault of the Recipient; (b) is lawfully received from a third Party without any restriction and without any obligation of
confidentiality; (c) is already known to the Recipient with no obligation of confidentiality to the Disclosing Party; (d)
is independently developed by Recipient without use of or reference to the Confidential Information; or (e) is
approved for release by written authorization of Disclosing Party.

4. Confidential Information shall be deemed the property of the Disclosing Party. Nothing contained in this
Agreement or disclosure of the Confidential Information shall be construed as granting to or conferring on the Vendor
any rights by APDCL or otherwise, expressly or impliedly, to any patents, trade secrets, copyrights, trademarks or
other rights in the Confidential Information. All confidential information is provided "as is". APDCL does not make
any warranties, express, implied or otherwise, including without limitation warranties regarding non-infringement,
trademark, copyright, patent or any other intellectual property right or accuracy, completeness or performance.

5. The Parties agree that the provision of Confidential Information hereunder and any discussions held in connection
with the Business Purpose shall not prevent APDCL from pursuing similar or other discussions with third Parties.
Nothing herein shall obligate or otherwise commit APDCL to purchase any product or service from Vendor. It is
agreed by Vendor that it shall not be claiming any right over the said confidential information/data. It is agreed by
Vendor that in case of preparation of reports/charts/PPTs containing tha data under the ownership of APDCL, APDCL
shall be having ownership rights over the said reports/charts/PPTs.

6. Within ninety (90) days after the completion or termination of the Business Purpose, work order or request of
APDCL, VENDOR shall promptly deliver to APDCL all Confidential Information and after confirmation as to receipt
from APDCL further intimation to APDCL, all copies thereof and destroy or erase any Confidential Information
contained in any materials and documentation, including all originals, copies, computer data files, word processing
files, letters, or other computer storage files, prepared by or on behalf of the Recipient.

7. Vendor shall not make or permit others to make any reference to the subject matter of the Agreement, or the
Confidential Information or use the name, trade name, trademark, logo, acronym or other designation of APDCL in
any public announcements, promotional, marketing, sales materials or efforts or otherwise without the prior written
consent of APDCL.

8. All disputes arising out of or in connection with this Agreement, including any question regarding its existence,
validity or termination, shall, unless amicably settled between the Parties, be finally settled by arbitration according to
the provisions of Arbitration & Conciliation Act, 2016 and/or any statutory modifications thereof by an arbitral
tribunal consisting of Sole Arbitrator jointly appointed by parties and in case of parties failing to agree the
appointment of sole arbitrator, the sole arbitrator shall be appointed in terms of the provisions of Arbitration &
Conciliation Act. The seat of arbitration shall be at Delhi. The procedural law of this place shall apply where the Rules
are silent. The arbitration proceedings shall be conducted in English.

9. Nothing in this Agreement is intended to confer any benefit on any third Party or any right to enforce any term of
this Agreement. This Agreement shall come into force upon execution by the Parties and shall remain valid till the
continuance of work order. The rights and obligations of the Parties which have accrued prior to termination shall,
however, survive the termination of this Agreement for a period of One (1) years. This Agreement shall be governed
by and construed in accordance with the laws of India, without giving effect to conflict of law rules.
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 106 of 115
10. Neither Party may assign its rights or delegate its duties or obligations under this Agreement without prior written
consent of the other Party. Any attempt to do so is void. This Agreement may not be modified or amended except by
the mutual written agreement of the Parties.

11. No waiver of any provision of this Agreement shall be effective unless it is in writing and signed by the Party
against which it is sought to be enforced.

12. The Parties agree that this Agreement is the complete and exclusive statement of the agreement between the
Parties relating to the subject matter of the Agreement. This Agreement supersedes all requests for proposals,
proposals or other prior or contemporaneous agreements, oral or written, and all other communications between the
Parties relating to the subject matter hereof.

13. If any provision of this Agreement is found by a court of competent jurisdiction to be invalid, illegal or otherwise
unenforceable, the same shall not affect the other provisions hereof or the whole of this Agreement, but such provision
shall be deemed modified to the extent necessary in the court's opinion to render such provision enforceable, and the
rights and obligations of the Parties shall be construed and enforced accordingly, preserving to the fullest permissible
extent the intent and agreements of the Parties herein set forth.

14. Where this Agreement is to be, amongst others, admitted as evidence, for the purposes of legal proceedings of any
nature in any forum, copies of this Agreement, certified to be true copies by authorized personnel of the Parties shall
be deemed original solely for such purpose.

15. This Agreement may be executed in any number of counterparts, each of which shall be deemed an original, but
all such counterparts together shall constitute but one and the same instrument.

16. That the executory of this instant agreement do hereby confirm and declare that they have standing and competent
right to execute this instant agreement and there is no other/further stipulation, which is in contradiction to the terms
of this agreement and/or prevent/restrict the execution and/or operation of the terms of this agreement.

IN WITNESS WHEREOF, the Parties hereto have executed this Agreement as of the date first written above.

For XXXXXXXXXXXXXXXXX ____________________________

Name:

Designation:

Witness:

1.

ForAssam Power Distribution Co. Ltd.

_________________________

Name:

Designation:

Witness:

1.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 107 of 115
 Annexure-8 Agreement Format for Cyber Security
(To be on a non-judicial stamp paper of Rs.100/-)

This Cyber Security Agreement (“Agreement”), dated this ... day of ....... (“Effective Date”), is made by and between:
Assam Power Distribution Company Limited., a company incorporated under the Companies Act, 1956 and having its registered office at 4th Floor, Bijulee Bhawan, Paltan Bazar,
Guwahati- 781001, Assam (hereinafter referred to as “Owner”) pursuant to the contract for AI/ML POWERED BUSINESS INTELLIGENCE ANALYTICS SOLUTION for APDCL
for which bid was invited vide NIT No.xxxxxxxxxx;
and
XXXXXXXXXXXXXXX a company incorporated under the Companies Act, having its registered office at ___________________________________________________ (herein
after referred as “Company”);

1. The OEM/Supplier/Vendor/integrators, here in shall be referred to as "Company" and Responsible Entity as defined in CEA (Cyber Security in Power Sector) Regulation,
2021 herein shall be referred to as "Owner" and the component/equipment/system/services being procured by the Owner through the bid from the Company shall be
collectively referred to as Product.

2. The Company through a digitally signed statement by their Authorized representative shall disclose along with their bid, the existence and reasons for all known cyber
security vulnerabilities or identified backdoor codes in effect till the submission of bid by the Company, in each of their Product offered for sale. Further known cyber
security vulnerabilities or identified backdoor codes should be disclosed by the Company during post bid discussion if any held by the Owner. The owner reserves the right to
seek compensatory security controls for mitigation of the disclosed vulnerability or identical backdoor codes along with the letter of Acceptance of the Supply Order/Work
Award Order or to reject the bid without any notice to the Company, based upon the risk evaluation of the disclosed cyber security vulnerabilities by the Company.

3. The Company through a digitally signed statement by their Authorized representative shall submit along with their Letter of Acceptance of Supply Order/Work Award Order,
the details of obsolescence of any part/ component of hardware/software and the list of all new cyber security vulnerabilities in each Product offered for sale, discovered
subsequent to the submission of bid, by the Company or has come to the knowledge of the Company or been brought to the Company's knowledge, by any of their existing
Customer or previous Customer, Partner or related/unrelated third Party.

4. During the currency of support agreement for the Products supplied to the Owner or till termination of the support agreement been communicated to the Authorized
representative of the Company in writing by the Owner, the Company shall be liable to disclose details of all additional cyber security vulnerabilities, that been discovered by
the Company or that comes in the knowledge of the Company or is brought to the Company's knowledge by any of their existing Customer or previous Customer, partner or
related/unrelated third Party, along with cyber threat mitigation measures which needs to be taken thereof by the Owner, without any further commercial implication to the
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 108 of 115
 Owner.

5. During the currency of support agreement for the Products supplied to the Owner or till termination of the support agreement been communicated to the Authorized
representative of the Company in writing by the Owner, the Company shall disclose details of all exploits of cyber security vulnerabilities, previously known or unknown, in
all Products supplied to the Owner or similar Products supplied to any other customer by the Company, within 24 hours of such information coming in the knowledge of
Company, through any source including Cyber Security Audit carried out by CERT-In empanelled Auditors, along with cyber threat mitigation measures, which need to be
taken thereof by the Owner, without any further commercial implication to the Owner.

6. The Company during the currency of support agreement for the Products supplied to the Owner and even after the expiry of the support agreement, shall inform to the Owner
from time to time, through the mutually agreed digital/physical mode, in case the Company comes across any event(s) or condition(s) that may probably result in, any
security breach or likely risks of other compromises, within the Owner's IT or OT Systems and Data Bases, along with cyber threat mitigation measures, which needs to be
taken thereof by the Owner, without any further commercial implication to the Owner

7. In case the Company, intentionally or unintentionally, fails to provide, or deliberately do not provide the information or fails to provide cyber threat mitigation measures to be
taken thereof by the Owner, as mandated in above clauses from Sl. No. 2 to Sl. No. 6, the Performance Security of the Company submitted with the Owner shall stand
forfeited without issuance of any show cause notice by the Owner to the Company. In case if the Performance Security of the Company submitted with the Owner is
forfeited, the Company, their Partner Company if any, shall be debarred from the participation in future bids invited by the Owner.

8. The Company through a digitally signed statement by their Authorized representative shall certify that the cyber security features designed, recommended in the Product
supplied by the Company or their Authorised Partner or Subsidiaries to the Owner, are in accordance with the defined IEC/ISO/IS Standards, best practices, Cyber laws, and
Regulations, as specified by the Owner in their bid document and essential for safe and secure Operation and Maintenance of fie IT/OT,ICS systems of tire Owner

9. The Company shall ensure that Product supplied against the Supply Order/Work Award Order under consideration or against re-order in part or full against previous Supply
Order/Work Award Order, as well as the modifications, reconfiguration, upgradation, changes in Parameters, settings proposed to be made to the existing Architectural
layout or utilization of Cyber Assets, as part of the execution of Supply Order/Work Award Order, are in accordance with the defined IECASO/IS Standards, best practices,
Cyber laws, and Regulations, as specified by the Owner in their bid document and essential for safe and secr.re Operation and Maintenance of the IT/OT,{ICS systems of the
Owner. All modifications shall be carried out by the Company as per mutually written agreement between Owner and Authorized representative of the Company, before its
implementation/commencement of Supply Order/Work Award Order. The Owner shall be responsible for consulting cyber security experts and for arranging the necessary
support to the Company, if any modifications are to be made to the existing Architectural layout or utilization of Cyber Assets.
10. In case, the Company has been awarded the Maintenance & Support Contract for a part or the entire IT and OT System of the Owner:
i) The Company shall provide a host-based malware detection scheme for the control system network and equipment as per the IEC,/ISO,{S Standards mentioned in
the bid document of the Owner.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 109 of 115
 ii) The Company shall certify, the adequacy of the system performance of the deployed host-based malware detection scheme for quarantine (instead of automatically
deleting) suspected infected files and the Company shall also provide the scheme for updating the Malware signatures.
iii) The Company shall also test major updates to malware detection applications and provide performance measurement data on the impact of using the malware
detection applications in an active system. Any commercial implication related to update/upgrades for malware detection and protection will be borne by Owner.
11. The Company through a digitally signed document by their Authorized representative shall submit to the Owner, in detail the tried and tested backup and disaster recovery
technology and plan for the Product as practised by the Company till the time of submission of bid. The Owner shall be free to implement such technology and Plan on their
Own or engage the Company at a mutually agreed cost or get it implemented through a Third Party, provided that the liability, cost and responsibilities of such
implementation shall rest on the Owner.
12. In case, the Company accepts the Supply Order/ Work Award Order offered with or without Maintenance & Support contract for part or entire IT or OT System of the
Product, then, on demand made by Owner, the Company shall provide documentation detailing all applications, utilities, system services, scripts, configuration files,
databases, and all other software required and the appropriate configurations, including revisions and/or patch levels for each of the computing & Storage systems to the
extent deemed necessary for sale and secure operation and maintenance ol If and Of System to be carried out by the Owner himself or through any third Party.
13. The Company shall advise Owner as per mutually agreed Terms and Conditions on the measures to be followed by the Owner during Operation and Maintenance of the IT
and OT System in accordance with applicable IEC/ISO/IS Standards and best practices, which shall include but are not limited to, cyber security policies and procedures,
documentation and training requirements, continuous monitoring of assets for tampering and intrusion, periodic evaluation for asset vulnerabilities, implementation and
update of appropriate technical, physical, and operational standards, and offline testing of all software/firmware patches/updates prior to placing updates into IT and OT
Systems of the Product.
14. The Company shall provide a listing of services required for all ICT based sub-systems and applications of the Product supplied by them to the Owner. The listing shall
include all ports and services required for normal operation as well as any other ports and services required for emergency operation/maintenance of the Product. The listing
shall also include an explanation or cross reference furnished by the Company or by any authorised Person on behalf of Company, to explain why each service is deemed
necessary for operation and maintenance of the supplied Product.
15. The Company shall certify and provide proof that all default passwords have been reset with hardened password and services are patched to current released version till the
time of completion of SAT procedure and issue of successful SAT completion certificate by the Owner. The Company shall be liable to provide, within and up to a pre-
negotiated period, appropriate software and service updates to mitigate threats from all vulnerabilities associated with the Product and to maintain the established level of
system security. Any additional cost related to such upgrades after the pre negotiated period shall be borne by the Owner.
16. The company shall inform the Owner about any conflict between the software components/ versions/ services/ ports used by the supplied Products and the pre-existing
application. The Company and Owner shall resolve such conflicts as per mutual terms and conditions. The Company shall remove a software component if not required for
the operation and maintenance of the system or application, with the Owner's due written permission only. The Company shall maintain documentation on what has been
removed and shall furnish this information to the Owner as and when called for by the Owner. Responsibility with Company is limited to the set of unused software,
application, utilities as may be brought into the Owner's environment by the Company and not the ones any pre-exiting in the environment. The Owner is expected to put in
place an established "Change Management Procedure" which may be shared with the Company if essential for cyber security.
17. The Company shall notify the Owner in writing on the non-standard operation caried out by the Owner's Employees and that the Company shall not be held liable for
Vulnerabilities exposed by the listed incorrect operation carried out by the Owner's Employees or any person other than those working on behalf of the Company. However,
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 110 of 115
 the Company shall stand for prosecution and bear any consequential loss or damage suffered by the Owner from exposure to such Vulnerabilities which were known to the
Company and intentionally not disclosed to the Owner or no measures were suggested for mitigation of risk from such known vulnerabilities.
18. The Owner shall have the right, but not the obligation, at all reasonable times to inspect/test the Product for being Counterfeit or Tainted and to test for presence of any
embedded hardware or software Trojan in the Product.
i) The Company shall provide all reasonable assistance and facilities and access for such inspection and cyber testing at the Company's Factory, at Company's
/Supplier's facilities, or at the facilities of any Subcontractor where any part (hardware or software) of the Product has been or are being fabricated, manufactured or
integrated.
ii) Inspection and cyber testing of the Product if caried out by the Owner shall in no way relieve the Company from its obligations for FAT and SAT mandated in the
Supply Order or any other examination of Tests provisioned under the mutually extended Terms and Conditions or any Agreement entered between the Owner and
the Company.
iii) The company shall extend the necessary support to the Owner in collecting the required evidence from the Product for reporting any security incident.
iv) The Owner shall not infringe any IPR of the Company or Company's Suppliers in any form during any inspection and cyber testing if carried out by the Owner in
exercise of their right as per clause at Sl. No. 18(i).
v) The Owner shall provide reasonable notice period to the Company for any inspection and cyber testing if to be carried out by Owner and the expenses if any on
account of inspection and cyber testing shall be borne either by Owner or the Company as per the mutually agreement.
19. Should any Employee of Company if required or to be permitted the Logical Access or unescorted physical access to the Cyber Assets of the Owner or of any of their
Affiliates, that are identified as "Critical Infrastructure" or as'Protected System" by NCIIPC {constituted under IT Act 70A}, then the Employee of the Company shall meet
pre-requisites mandated by Owner prior to gaining access to any such "Critical Infrastructure" or 'Protected System" of the Owner.
i) Therefore, when any secured electronic or physical access is needed or to be permitted, all Employees of the Company identified as above in this provision shall:
a) abide by and shall have successfully completed the Company-administered background screening requirement.
b) have undergone successfully the mandatory Cyber Security training prescribed by the Owner, for all of their "Critical Infrastructure" and "Protected
System" as per CEA(Cyber Security in Power Sector) Regulations 2021.
c) have a valid Company Identification document and should have been listed in Company's Management System for tracking purposes;

Pursuant to this clause in order to ascertain fitness, qualification and integrity of Employees identified for executing Works awarded to the Company, the
Company shall perform background investigation on these Employees of their Company or of their Supplier or of Subcontractors assigned to execute such
Work on behalf of the Company at the Owner's site or at facilities of the Company, their Suppliers /Sub Contractors.

d) in the event that the Company or their Supplier or Sub-Contractor

i) determines that any of the Employee permitted access pursuant to this clause no longer requires access or
ii) terminates the employment of any of the Employee having valid permission to such an access pursuant to this clause, Company shall notify
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 111 of 115
 Owner in writing within 24 hours of such determination or termination.
ii) The Company shall be held responsible and shall have to bear the cost of the damages resulting to the Owner's Asset, Facilities, Business interruptions or damage to
the Owner's reputation, out of any cyber incident resulting of any misconduct, on site or remotely, directly or indirectly by the Employee(s) of the Company or the
Employee(s) of the Supplier or Subcontractor.
20. The Company shall abide by the Owner's approved patch management and patch update process. The Company shall provide patch updates affecting security within a pre-
negotiated period as identified in the patch management process. The Company shall apply, test and validate the appropriate patch updates and/or workarounds on a baseline
reference system before updation process. The company shall communicate to the owner all patch update software configuration files/database with check sum of the
package files, through digitally signed encrypted message. Mitigation of any vulnerabilities found, shall be carried out within a pre-negotiated period by the Company. Any
system upgrade provided by the Company to the Owner, commercial implications shall be settled at mutually agreed prices.
21. With the due approval of the Owner, the Company shall disable, through software or physical disconnection, all redundant communication ports and removable media drives.
The Owner shall password protect the BIOS from unauthorized changes unless it is not technically feasible, in which case Owner shall document this case and provide
mitigation measures. On Owner's demand, Company shall provide a documented list of all disabled or removed USB ports, CD/DVD drives, and other removable media
devices.
22. With the due approval of the Owner, the Company shall configure the network devices to limit access to from specific locations, where appropriate, and provide
documentation of the configuration. With the due approval of the Owner, the Company shall configure the system to allow the system administrators the ability to re-enable
devices if the devices are disabled by software and provide documentation of the configuration. The Owner is expected to put in place an established "Change Management
Procedure".
23. The Company shall have and provide to the Owner the documentation of a written flaw remediation process. Company shall provide appropriate software updates and/or
workarounds to mitigate all vulnerabilities associated with the flaw in the Product within and up to a pre-negotiated period. After Company is made aware of or discovers any
flaws, Company shall provide notification of such flaws affecting security of software supplied by the Company, within and up to a pre-negotiated period. Notification shall
include, but is not limited to, detailed documentation describing the flaw with security impact, root cause, corrective action, commercial implication if any. etc.
24. ln addition to the foregoing, the Company shall immediately notify Owner in writing if the Company at any time discovers any part of the Work to be defective or not in
accordance with the Work Award Order.
25. The Company shall comply with the Owner's Application Security standards as mentioned in the bid document, whenever Owner seeks Coding for Security enhancement.
26. The Company shall provide a process for Owner's Employee(s) to submit problem reports and remediation requests to be included in the system security. The process shall
include tracking history and corrective action status reporting. The Company shall review and report their initial action plan within 24 hours or pre-negotiated period
whichever is later of submitting the problem reports. Company shall secure reports on problem regarding security vulnerabilities from public discloser and notify Owner of
all problems and remediation steps. regardless of origin of discovery ot the problem. Company shall inform Owner in writing of flaws within applications and operating
systems in a reasonable period and provide corrective actions, fixes, or monitoring guidance for vulnerability exploits associated with the flaw. Company shall provide an
auditable history of flaws including the remediation steps taken for each. Any commercial implication related to update / upgrades will be borne by Owner, if it is beyond the
support period of the Product as agreed by the Company.
27. In case the technical required of the Owner demands, the Company shall provide a detailed plan for appropriate physical security mechanisms. Company shall provide
lockable or locking enclosures for control system components (e.g., servers, clients, and networking hardware). The Company shall provide locking devices with a minimum
RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 112 of 115
 of two keys per lock identifiable to each lock, and keyed or not keyed alike depending on Owner requirements. Company shall recommend a room locking device(s) where
the equipment and workstations are located, if not already installed by Owner. Company shall verify and provide documentation that unauthorized logging devices are not
installed (e.g., key loggers, cameras, and microphones). Company shall provide two-factor authentication for physical access control.
28. The company shall provide a system whereby account activity is logged and is auditable both from a management (policy) and operational (account use activity perspective.
Company shall time stamp, encrypt, and control access to audit trails and-log files The company shall ensure audit logging does not adversely impact system performance
requirements. Company shall provide read-only media for log creation.
29. The company shall provide a configurable account password management system that allows for selection of password length, frequency of change, setting of required
password complexity, number of login attempts, inactive session logout, screen lock by application, and denial of repeated or recycled use of the same password. Company
shall not store passwords electronically or in company supplied hardcopy documentation in clear text unless the media is physically protected, company shall control
configuration interface access to the account management system. company shall provide a mechanism for rollback of security authentication policies during emergency
system recovery or other abnormal operations, where system availability would be negatively impacted by normal security procedures, but such rollback shall not be
automatic, and would require the specific affirmative agreement of Owner.
30. The company shall configure hosts operator workstation with least privilege file and account access and provide documentation of the configuration. The company shall
configure the necessary system services to be executed at-the least user privilege level, possible for that service and provide documentation of the configuration. Upon the
completion of the task of changing or disabling access to such files and functions as directed by the owner, the company shall provide documented evidence that the tasks has
been successfully completed.
31. The company shall recommend which specific accounts need to be active and those that can be disabled, removed, or modified- The Company shall disable, remove, or
modify all the accounts pursuant to the approved recommendation from owner. The owner shall be responsible for correct usage and maintenance of the defined accounts.
32. The Owner, shall retain and maintain at least one set of record of all documents obtained or generated in the course of the execution of the work Awarded to the company, for
a period of five years, from the date of the completion of the work, at a designated archive defined by competent Authority.
33. In the event of any damages caused the Owner, any resultant work to be done by the Company to make good, the Work shall be at, Nil/additional, cost and time, as mutually
agreed between the owner and company, on case to case basis. Both owner and the Company shall have responsibilities e.g. the holistic, state-of-the-art security concept
which owner has put in place, and such concept shall include, but not limited to the following:
i) installation of updates as soon as provided/made available by the company
ii) complying with security advisories of the Company
iii) regular vulnerability scanning and testing
iv) robust password policy
v) firewalls, network client authentication, malware scanners, etc.
34. Limitation of Liability
i) The obligations of Company in relation to or in connection with cyber threats, set forth in this Agreement, shall be the exclusive remedy and in lieu of any other
rights and remedies the Owner may have, with respect to cyber threats and any damage suffered there from, whether under contract, law or otherwise.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 113 of 115
 ii) Unless otherwise mutually agreed in writing, any right of the Owner to claim damages resulting from or related to cyber threats, such as but not limited to loss or
manipulation of data, downtime, business interruption, lost profit, cost for product reset and/or data reconstruction, regardless of the legal basis, but in particular
resulting from any duty under the Agreement, is hereby excluded.
iii) In General, the Company is responsible and liable, till the mutually agreed time period, for mitigating all vulnerabilities associated with the Product and maintaining
the established level of system security in the system of the Owner.
iv) In particular Company assumes no liability whatsoever for damage caused by
a) Owner's intrusive security testing;
b) Unauthorized modification of the system configuration or security level;
c) The installation of patches which are not authorized by Company; or
d) the Owner delaying the self-installation of patches made available by Company.
v) Under no circumstances, Company's liability arising from any act or omission relating to cyber threats, shall exceed the aggregate liability stated in the contract or
Supply Order/Work Award Order, to which this document is an integral part, and such liability shall relate only to claims arising from reasonably foreseeable acts
or circumstances.
35. Definitions for various terminology used in this Agreement e.g. security breach, material adverse effect, vulnerability, etc shall be in accordance with international standard
e.g. ISO/IEC series 27000, 27001, IS l6335,lEC 62443
36. Any amendments to this agreement shall be made in a written or digital form duly signed and stamped by authorized representatives of each Party.

IN WITNESS WHEREOF, the Parties hereto have executed this Agreement as of the date first written above.
For XXXXXXXXXXXXXXXXX ____________________________
Name:
Designation:
Witness:
1.
For Assam Power Distribution Co. Ltd.
_________________________
Name:

Designation:

Witness:

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 114 of 115
1.

RfP for appointment of AI/ML Powered Business Intelligence Analytics Solution Provider for APDCL
Page 115 of 115