Tender for Agrobank Knowledge Management Intranet Portal

Appendix 9
TECHNICAL REQUIREMENTS
This appendix consists of information required for Section Four. There are 11
parts in this appendix: Mandatory System Requirements, General Technical
Requirements,

Data

Center

Requirements,

Infrastructure

&

Network

Requirements, Tools, Integrations, System & Administrative, Security Control,

User ID Management, Access Control, and Logging & Audit Trial.
Vendor may describe the security architecture and security features of the
proposed solution. Security features designed into the Vendors solution can also
be included as referenced appendixes. Please provide details of any security
software and utilities used.
Items within this following table may require elaboration and possibly graphical
representations. Vendors may provide additional information (e.g.: product
brochure, booklet etc). Due to the space constraint, vendor must structure
response on the tender document and must make reference to the items in the
Remarks and Reference (Ref.) columns below.
For Mandatory System Requirements under Part 1 below, vendor is required to
respond either Yes or No.
1

MANDATORY SYSTEM REQUIREMENTS

1.
1

Application program MUST not use hardcoded database user ids and passwords.

Can
comply
(Y/N)

Remarks

For General Technical Requirements under Part 2 to Part 5 below, vendor is

required to respond with a single check mark () in either the Available or Not
Available column.

No

Requirement

2
2.1

GENERAL TECHNICAL REQUIREMENTS

Solutions preferred platform is MS
Windows.
Other
platform
is
also
acceptable.
Solutions preferred database is MS SQL
Server. Other database platform is also
acceptable.
Solutions architecture must be 3-tiered.
Please provide logical and physical

2.2
2.3

Available

Not
Available

Ref.

Page 1 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

2.4
2.5
2.6
2.7

2.8

2.9
2.1
0

2.1
1
2.1
2

2.1
3
3
3.1
3.2
3.3

Requirement

Available

Not
Available

Ref.

diagram
consist
of
production,
development, UAT and Disaster Recovery.
Solution must support Domain Name
Server
(DNS)
capability
for
all
environments.
Vendor must include Disaster Recovery
implementation. Please include costing (if
any) in the Costing template.
Solution must support disaster recovery
situation. Recovery Time Objective (RTO)
for intranet is 4 hours.
Vendor must provide DR testing upon
completion of system implementation
(HQ & DR). Please include costing (if any)
in the Costing template.
Vendor must provide technical personnel
to support DR activity during warranty
period without additional cost at least 2
times a year. Please include costing (if
any) in the Costing template.
The proposal must include version control
process for the solution.
Vendor must provide an option for Bank
to procure source code for future
enhancements / upgrades. Please include
costing in the Costing template under
Other Optional Costs if source code is
available for sale.
Vendor must provide source compare
capability and produce the results of the
source compare before and after
migration activities.
Must include the following environments
in the architecture :
i.
Production
ii.
Development
iii.
UAT
iv.
Disaster Recovery
Solution must include stress test activity
before cut over. Whatever tools required
should be inclusive in the proposal.
DATA CENTER REQUIREMENTS
Solution must include daily back-up
functionalities.
Solution must have a menu driven
program to perform back-up and restore
tasks.
Solutions servers must be rack-mounted
type.
Page 2 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

Requirement

3.4

Solutions servers must be of 13A, 3-pin

power socket. Power voltage must be at
least 16Amp or 32Amp. Solution must
provide for a dual power supply
requirement.
INFRASTRUCTURE & NETWORK
REQUIREMENTS
Must be able to provide at least on the
following specification for HQ and DR: Server Type : Minimum one Host
physical server (VMware Virtual Server
inside)
OS Type : Preferred Windows Server
2012
Database Type : Preferred MS SQL
Server
x1 1Gbe Ports
1 x 1 Gbe Quad Port
At least 2 NIC cards
SAN Storage (Min 1 TB SAS per HDD
Raid 5)
3 years (24x7) of warranty

4
4.1

4.2

Available

Not
Available

Ref.

Minimum requirement for one server

o At least total 4 Cores for the CPU
o Intel Xeon or better for type of
CPU processor
o At least 2.5 Ghz or faster for the
CPU speed
o At least 16GB RAM
o HD size capacity Partition C
(OS) : Minimum 100GB, Partition D
(DATA/APP) : Minimum 600GB.

*We are preferred Dell Server and

Storage
Must
include
below
requirement
CommVault Simpana version 10 software
license for backup solution:
CommVault Simpana version 10
a) Min 1TB license depends on the
system requirement
b) 1TB 2.5in 7.2K 6GB NL SAS HDD for
IBM StorageDS3524

5
5.1

TOOLS
Solution must include a housekeeping
program parameterized by retention
Page 3 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

Requirement

Available

Not
Available

Ref.

period.
For Mandatory System Requirements under Part 6 to Part 11 below, vendor is
required to respond with a single check mark () in ONE of the columns.
Guide:
For Enhancement (C/NC):

C means capability is not available and enhancement is chargeable. For

chargeable enhancements, provide estimated mandays required
(example below there is a chargeable enhancement of 5 mandays).
Man-days information is an estimate only and will be accepted with a

plus/minus 10% degree of accuracy.

NC means capability is not available but vendor i) is willing to provide
enhancements on a non-chargeable basis, ii) has an acceptable
workaround on a non-chargeable basis, iii) able to provide capability in
future releases at no cost to the bank.

Please note that items without a in any of the columns will be assumed to
be Not Available.

No
6
6.1

Requirement

Not
Available

Enhanceme
nt (C/NC)*

Ref.

Available

Not
Available

Enhanceme
nt (C/NC)*

Ref.

INTEGRATIONS

6.2

Solution must be able to integrate with

communications gateways (for email,
sms, etc)
Solution must be able to support
integration to Active Directory. If not
available, please answer 8.1 until
8.4.

No

Requirement

7
7.1

Available

SYSTEM & ADMINISTRATIVE

Solution must provide a real-time webbased administration module for the
complete management of the website.
This includes maintenance of system
privileges like:
Create/Delete Users,
Manage security profiles
Define indexes etc.
Page 4 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

Requirement

7.2

Solutions Admin module must support

Users/Groups/Role definition, granting
access rights, set and manage password
expiry.
Solutions Admin module must provide
interface for purging old audit trail and do
selective logging (i.e. select the system
or application features for which the audit
trails have to be generated).
Solutions Admin module must enable
complete and incremental backups and
be able to integrate with third party
backup solutions.
Solution must be able to provide
maintenance
program
to
manage
(create / view/ update/ delete) database
connection strings, dataset names etc.
SECURITY CONTROL
Solution must have a facility to define
password policy with extensive password
validations. The following areas must be
parameterized and centrally managed by
Security Administrator : Minimum length of password (at least 8
characters).
Alphanumeric password and does not
allow repetitive characters.
Phrase cannot be as part of the
password (eg. name, ID#).
Re-use of old passwords. New password
must be different from the last n
(number) passwords.
Password expiration interval. Forces
change of password at regular
intervals.
Security message must be
customizable for Agrobank. This
message will be displayed on the signon screen. This message must be
parameterized to cater for
modification.
Password expiration notification Alert
user before n (number) days before
expiration and forces to change
password after a predefined interval
from the date of last-changed.
Provides automatic log off of User ID
after a certain period of time.
Suspend ID after n (times) invalid sign-

7.3

7.4

7.5

8
8.1

Available

Not
Available

Enhanceme
nt (C/NC)*

Ref.

Page 5 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

8.2

8.3

8.4

Requirement

Available

Not
Available

Enhanceme
nt (C/NC)*

Ref.

on attempts.
Deactivate user ID that is not used
after n (number) days.
Solutions password policy and validation
may cater to the following:
Password hint (eg. create and store
secret question and answers).
Real-time checking for weak password
(Following can be considered as weak
passwords: abc123, admin123,
password1, password, march28 etc.)
Option to enforce the usage of special
character in password format.
Enforce change of password at first
time login.
Solution must enable the following
password management capabilities: Reset users password.
Prevent passwords from being viewed
or printed by any user.
Password encryption.
Define validity period for temporary
systems user, (from DD/MM/YYYY to
DD/MM/YYYY).
Must not allow the following to be
password or as part of the password:
Users information (e.g. IC number,
employee number, phone number,
etc), branch code, object name (e.g.
program name, library name, etc).
Password for super ID must be able to
be split into two parts. This will only
applicable during password change
activity for Super ID. Two fields are
available for password holders to key
in the first half and second half of the
password.
Solution must provide password mask
using asterisk (*) or other characters
during log in and user registration.

8.5

Upon sign-on, solution must displays the

following information : User ID and user information
Last sign-on date and time
Your solution must comply with OWASP.

9
9.1

USER ID MANAGEMENT
Solution
must
allow

Security
Page 6 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

9.2

9.3

10
10.
1
10.
2
10.
3
10.
4

10.
5

11

Requirement

Available

Not
Available

Enhanceme
nt (C/NC)*

Ref.

Administrator to create, edit and delete

the following: Group profile
User profile
Solution must be capable to tie valid
users to predefined user groups, and
specify the functionalities each group is
authorized to access. Solution must be
able to generate a security matrix
report.
Solution must not enable Security
Administrator
to delete its own
activities
log
using
Security
Administrators own id.
The security administrative logs can
only be deleted either by scheduled
housekeeping
process
or
special
program.
ACCESS CONTROL
Solution must support secure login id
and passwords for each user and
passwords shall be stored in encrypted
format in database.
Solution is preferred to have capability to
encrypt
password
across
data
communication media (eg. Password
authentication).
Solution must not allow same user ID to
have multiple sign-ons at any one time.
Solution must be able to monitor session
login of users ID in real-time (e.g. IP,
user).
Solution must be able to generate an
Access Control Report which shows all
unauthorized or irregular access to the
system including user ID, pc ID, location,
date and time.(E.g. Password rejected,
user not allowed in system, job
submitted to update master file).
Solution must be able to provide the
following information on a daily and
monthly basis:
Creation of new ID/profile
Deletion of existing ID/profile
Change of users profile
Deactivation of User ID
LOGGING & AUDIT TRAIL
Page 7 of 8

Tender for Agrobank Knowledge Management Intranet Portal

No

Requirement

11.
1

Solutions log should at minimum be able

to provide system level logging File
Activity Log (records activities to selected
file in the system), and User Activity Log
(records all activities performed by the
users).
Log must contain user ID, pc
location,date and time information.

Available

Not
Available

Enhanceme
nt (C/NC)*

Ref.

ID,

At the user level, solution must log all the

actions done by individual users with user
name, date and time. This includes logon, log-off and access violations

11.
2

The administrator shall be able to

generate detailed audit logs and history
of the process instance.
Solution must be capable to enable
online view of audit trail report, and
produce audit trail reports.

Page 8 of 8