SERVICE STC

SPECIAL TERMS AND CONDITIONS FOR

Blockchain Services

1. Preamble

A) All contracts related to Blockchain services placed through GeM portal shall be governed by the following set of Terms and Conditions:

I. General terms and conditions for Goods and Services (“GTC”)
II. Service specific Special Terms and Conditions (“STC”) contained in this document
III. BID / Reverse Auction specific Additional Terms and Conditions (“ATC”) as maybe specified by the Buyer.

B) The above terms and conditions are in reverse order of precedence i.e. ATC shall supersede Service specific STC which shall supersede GTC, whenever there are any conflicting provisions. 

C) This document represents the Special Terms and Conditions (STC) and the Service Level Agreement (SLA) governing the contract between the Government department/Buyer/ Client and Agency/Service Provider. The purpose of this document is to outline the scope of work, stakeholders’ obligations and terms and conditions of all services covered as mutually understood by the stakeholders.

2. Objectives and Goal

The objective of this document is to ensure that all the special terms and conditions are in place to ensure consistent delivery of services to the Buyer by the Service Provider. The goal of this document is to:

• Provide clear reference to service ownership, accountability, roles and responsibilities of both parties
• Present a clear, concise and measurable description of services offered to the Buyer
• Establish terms and conditions for all the involved stakeholders, it also includes the actions to be taken in case of failure to comply with conditions specified
• To ensure that both the parties understand the consequences in case of termination of services due to any of the stated reasons

This document will act as a reference document that both the parties have understood the above-mentioned terms and conditions and have agreed to comply by the same.

3. Stakeholders

The main stakeholders associated with this agreement are:

1. Buyer:The Buyer/ Client is responsible to provide clear instructions, approvals and timely payments for the services availed as per the contractual terms
2. Service Provider:The service provider is responsible to provide all the required services in timely manner and to the satisfaction of Buyer / its authorized representative. The service provider may also include seller, supplier/bidder/contractor, any authorized agents, permitted assignees, successors, and nominees as per the context and as described in the document.

The responsibilities and obligations of the stakeholders have been outlined in this document. The document also encompasses payment terms and deductions in case of non-adherence to the defined terms and conditions.

4. Service Scope

The standard scope of work for any blockchain project will typically comprise of the following:

1. Stakeholder consultations and consolidation
2. Analysis of existing information system(s) and determining requirements for blockchain module/platform
3. Conceptualization of blockchain platform and design documents
4. Configuration of blockchain network, nodes and any OEM products
5. Selecting the Consensus mechanism
6. Implementation of smart contracts as per use case, Unit Testing, Security testing, performance testing, Integration Testing and User Acceptance Testing (UAT).
7. Determining the data exchange / file upload mechanism for non-blockchain data with each stakeholder
8. Integration of blockchain platform with systems of Buyer and other network participants for smooth data flow using APIs at all relevant touch points
9. Documentation of all APIs of the solution, FAQ, etc.
10. A standardized and configurable User Interface for quality User Experience (UI/UX)
11. End User Training and handholding support to participants for onboarding on the Network
12. Maintenance and technical support

 5. Buyer’s Obligations

• In the event, infrastructure is Buyer’s responsibility,   the Buyer shall be responsible for providing the infrastructure for deployment of the blockchain solution within the timeframe as per the milestone. Any delay in providing the infrastructure to the Service Provider shall not be considered while calculating deductions, if any for Service Provider.
• Buyer must clearly state the duration and activities to be included in O&M period (if applicable)
• Buyer must facilitate consultations of service provider with all stakeholders of the project
• Buyer will bear the expenditure incurred on all value-added services like Aadhaar authentication, eKYC, SMS gateway, payment gateway charges, use of google apps, hosting of mobile apps, etc. which are chargeable, but volume of transactions is not known upfront.

6.         Service Provider’s Obligations

1. A Service Provider would be required to provide sufficient and qualified manpower, capable of supporting the functioning of the project/department in a manner desired by the Buyer. The Service Provider shall designate a Coordinator who will be responsible for maintaining regular contact with the Buyer Department.
2. The Service Provider shall ensure that the team deployed is competent, professional and possesses the requisite qualifications and experience appropriate to the task they are required to perform under this Contract. The Service Provider shall provide to the Buyer, the documentary proof for the qualifications and experience of the manpower deployed for the project, whenever asked for by the Buyer.
3. The Service Provider shall ensure that due diligence of such personnel deployed on the project including satisfactory background checks are completed. Documentary evidence for such background checks would need to be made available to the Buyer or their authorised representatives, whenever required.
4. The Service Provider shall maintain confidentiality during and after the contract, of all the sensitive information received, obtained or gathered by them during the project.
5. Service provider shall ensure that the privacy of the user data must be protected all the time, at rest and during transit.
6. The Service Provider agrees that it shall take adequate measures to protect the secrecy/ confidentiality of and avoid disclosure and unauthorized use of the confidential / sensitive information. The Service Provider shall immediately notify the Buyer, in writing, upon discovery of any threatened breach, actual loss, or unauthorised disclosure of the confidential / sensitive information.
7. Service Provider will provide detailed reports/data to Buyer on the consumption of all value-added services.

7. Standard Terms and Conditions

• The Service Provider shall be responsible for scalability of the platform apart from setting up the production and pre-production environment.
• The Service Provider shall conduct recurrent trainings as and when required or as specified by the Buyer
• Event logging should create an accurate record of user activity such as which users accessed which system, and for how long. The solution should log all types of events especially those related to security. 
• The solution should have appropriate authentication mechanisms, like encryption of transactions, web application firewalls, CERT-In compliance, etc. 
• Service Provider must provide the Buyer with a comprehensive exit management plan or transition plan.
• For applications demanding transaction signing using certificates, it may be ensured that the certificates are issued from licensed Certificate Agencies.
• If the data stored or transactions executed on Blockchain need protection from some stakeholders on account of confidentiality or compliance rules, the Service Provider may take suitable safeguards to address such data privacy concerns of the Buyer. Personal data should not be put on the blockchain directly to ensure compliance with any data protection rules, which may necessitate deletion of such data in future. The data should be stored in such a way that the privacy of an individual is not compromised and appropriate consent mechanisms should be adopted in line with data protection laws.
• Consistency of data across the blockchain network must be ensured by the Service Provider using an appropriate consensus mechanism.
• Immutability of data must be ensured at all times
• Any cloud service provider providing cloud services under the project must be empanelled with MeitY and must be complaint with all the terms and conditions thereof specified by MeitY from time to time.
• All the data shall be hosted / stored by the blockchain technology solution implementation agency within the geographical boundary of India.
• Service Provider must ensure that Security control measures are implemented for guarding against Data leakage / Data corruption /Security breach etc. as well as control measures in place to prevent, detect and react to breaches including data leakage.
• The blockchain platform, the consensus mechanism being used and the nodes authorized to write on the blockchain must be endorsed by the Buyer before implementation.
• Without the Authority's prior written consent, the Service Provider may not transfer, assign, pledge, or subcontract its rights and duties under this Agreement to any other agency or organization, regardless of name.
• Any license procured as part of the project must be in the name of the Buyer.
• The license costs for using any blockchain platform, if applicable, may be borne by service provider, unless explicitly stated by the Buyer.
• All the documentations related to the resources such as license, permissions should be valid throughout the contract.
• The Buyer or its agent shall have the right to inspect and/or test the services/Solution/Technology to confirm that they conform with the contract specifications at no additional expense to the Buyer.
• Service Provider shall ensure requisite support from the Cloud Service Provider/OEM for various aspects of project including configuration, customization, sizing, performance tuning and implementation support.
• The solution must be security audited by a third party before Go-Live.
• All smart contracts must be thoroughly tested before go-live
• The Intellectual Property rights for all proprietary frameworks, tools and solutions of the service provider will remain with service provider, while IP rights for any new and bespoke/customized solution developed under the project will be owned by Buyer.
• The solution should support SSL encryption mechanism for transferring data across network. Provision should be made to ensure that data in any form should not be copied on to any external media without authorization. The data transferred across network should be encrypted using Public Key Infrastructure (PKI). Complete end point data protection should be provided at client site such that any type of data pilferage using unauthorized copying, storing and emailing could be prohibited. Access to all system resources including data files, devices, processes and audit files should be provided to the intended users only. All mobile applications should be designed and developed in a way that it ensures security of the application and data on the device.
• The Service Provider shall at all times ensure that the services being provided under this Contract/ Agreement are performed strictly in accordance with all applicable laws, orders, bye-laws, regulations, rules, standards, recommended practices etc, and no liability in this regard will be attached to the Buyer.
• The Service Provider shall be fully responsible for the acts of their representatives / consultants/ team members and shall fully indemnify the Buyer for any kind of losses or damages caused by its team members/ consultants. The Buyer shall not be responsible for any claim from any consultant / team member employed by the Service Provider. The Service Provider shall wholly and fully be responsible for any such claims.

7. Service Formula

Lump sum value will be quoted by the service provider.

 8. Payment Schedule

• The Payment Procedure shall be as specified in the General Terms and Conditions of GeM.
• Payment schedule to be as per payment terms specified in bid document.

 9. SLAs and Deductions

Unless specified otherwise by the client, the following SLAs and corresponding deductions will be applicable.