Para 9.9 — CONSULT_MANUAL
Original Rule Text
a) bespoke software development; b) cloud based services and c) composite IT system integration services involving design, development, deployment, commissioning of IT system including supply of hardware, development of software, bandwidth, and operation/maintenance of the system for a define period after go-live etc.
2. IT services procurement involves aligning business goals, assessing vendor capabilities, and adopting agile practices. Whether it's bespoke software, cloud services, or system integration, a well-defined procurement process ensures optimal outcomes for organizations.
3. QCBS Selection: Since quality is of prime importance in procurement of IT services, QCBS selection with due emphasis on quality weightage (even up to 80%, depending on quality requirements) may be used. In cloud services in particular, alternative pricing models may be allowed to be quoted.
4. Caution against Restrictive and discriminatory Qualification Conditions: Ministry of Electronics & Information Technology (MeitY) has cautioned75 that qualification conditions for cloud service provider should not be restrictive/ discriminatory like insistence on ‘Gartner’s ‘Magic Quadrant etc., and very high financial turnover, which impede the domestic service providers and does not add value to the users. They have also cited Department for Promotion of Industry and Trade & Internal Trade (DPIIT), Ministry of Commerce and Industry has similar advisory76 that such discrimination against domestic players is a violation of Make India Order which provide purchase preference to local content requirement. Therein, common examples of restrictive and discriminatory conditions against the local suppliers, in procurement of IT Services have been cited as:
a) Restrictive and Discriminatory Eligibility Criteria in Tender Conditions i) Mandatory Presence in Gartner Magic Quadrant - IT and Telecom Products; ii) Mandatory USFDA/ European CE - Medical Devices;
9.9 Procurement of Integrated IT Projects 1. Procurement of integrated IT Projects (refer to para 1.4-3-b) should normally be carried out as Procurement of Consultancy services, as the outcomes/ deliverables vary from one service provider to another. The IT Projects may include:
Manual for Procurement of Consultancy Services, Second Edition, 2025 iii) ExcessiveTurnover.requirementRs.1000 Cr for-procurement of Rs.70 Cr; iv) Excessive past Experience - 10 years; v) Export experience to G8 countries; vi) Additional requirement of Bank Guarantee for Local Supplier; vii) Delayed Payment Terms to Local suppliers b) Restrictive and Discriminatory specifications -Foreign Brands specified i) CISCO, NEC, Alcatel, Siemens - Telecom Products ii) HP, Dell, Lenovo - IT products iii) OTIS, Mitsubishi, Schindler, Kone, Johnson - Lifts c) Restrictive and Discriminatory specifications/ Preapproved foreign brands in works/ turnkey projects i) Local manufacturer not included in pre-approved list; ii) Specification tailor made to suit foreign products; iii) Foreign technical standards indicated in the specification; iv) Technical parameters to favour foreign products viz. (-) 25-degree temperature compatibility (or EPBX equipment being procured for airport in Central India).
5. Bespoke Software Development: Bespoke software development involves creating customized software solutions tailored to specific organizational needs. Unlike off-the-shelf software, bespoke applications are designed from scratch, considering unique requirements, workflows, and business processes. Here are key considerations for procuring bespoke software:
a) Defining Requirements: The procurement process begins with a thorough understanding of business needs. Engage stakeholders, gather functional and nonfunctional requirements, and define clear objectives. Stipulate an agile development approach that allows iterative development, frequent feedback, and adaptability. Agile ensures alignment with evolving requirements and minimizes risks. b) Technical Qualifications: Evaluate bidders based on their expertise, track record, and ability to deliver custom solutions. Consider factors like technical proficiency, domain knowledge, scalability, security, and support and project management capabilities.
6. Cloud-Based Services: Cloud-based services offer scalability, flexibility, and costeffectiveness. When procuring cloud services, consider the following:
a) Defining Requirements: i) SLAs and Data Privacy: Define service-level agreements (SLAs) regarding uptime, performance, and support. Address data privacy and compliance requirements, especially if handling sensitive information. ii) Migration Strategy: Plan the migration process carefully. Assess existing applications for cloud readiness, choose the right migration approach re-architecting, or hybrid), and ensure minimal disruption.
(lift-andshift, b) Service Models: Understand the different cloud service models: i) Software as a Service (SaaS): Ready-to-use applications hosted by the provider. ii) Platform as a Service (PaaS): Development platforms and tools for building custom applications. iii) Infrastructure as a Service (IaaS): Virtualized computing resources (servers, storage, networking).
c) Technical Qualifications: Evaluate cloud providers based on factors such as reliability, security, compliance, data sovereignty. Consider well-established cloud services providers.
7. Composite IT System Integration Services: Composite IT system integration involves connecting disparate systems, applications, and data sources to create a cohesive ecosystem. Here's how to approach procurement:
a) Defining Requirement: i) Integration Strategy: Define the integration scope, including APIs, middleware, and data synchronization. Consider whether real-time or batch processing is required. ii) Interoperability and Scalability: Ensure that integrated components can communicate seamlessly. Scalability is crucial to accommodate future growth and changing business needs. iii) Testing and Maintenance: Specify testing requirements (unit, integration, and end-to-end testing). Also, outline ongoing maintenance and support expectations. b) Technical Qualification: Select vendors with expertise in integrating complex systems. Look for experience in integrating diverse technologies (ERP, CRM, legacy systems) and handling data transformations.
8. Cyber auditing and Testing of hardware: The tenders issued by the Procuring Entities should include detailed requirements for security auditing and testing of devices intended for perpetual internet connectivity e.g., Servers, loT (Internet of Things) devices/ CCTV cameras etc., to mitigate security vulnerabilities and breaches of Government Systems. The specifications must underscore the necessity of security measures at both hardware and software levels to ensure the security and integrity of such devices or systems. CERT-IN77 empanelled organizations specialize in conducting security auditing, vulnerability assessments, and penetration testing of computer systems, networks, and applications. However, their primary domain may not encompass comprehensive hardware security testing and evaluation of loT Devices/ CCTV cameras, which is the domain of STQC-IN. STQC, under the aegis of the Ministry of Electronics and Information Technology (MeitY), has expertise for thorough evaluation of loT Devices' hardware to ensure adherence to specified standards and comprehensive evaluation of security aspects in the loT Devices.
9. For more details, Ministry of Electronics & Information Technology’s latest Model RfP Documents for Selection of Implementation Agencies78 (which includes Guidance Notes) may please be referred.