Tor - BTRC PDF
Tor - BTRC PDF
Tor - BTRC PDF
nclosurc-1
a Page I of 37
i. .1 .
..,,._.t ·
Bangladesh Telecommunication Regulatory Commission (BTRC} an independent Regulatory Commission established
under the Bangladesh Telecommunication Act, 200I, (Act no18 of 200I) published by the parliament in the
Bangladesh Gazette extraordinary in new on April 16, 2001. BTRC started his journey from 31st January 2002 to
conduct the activities of the said act. With an initiation of it activates, necessary authority, responsibilities and related
concern of the ministry of posts and Telecommunications were vested on to BTRC. According to the
Telecommunication act. the Commission is assigned with various responsibilities. Out of those, issuing licenses for
establishing. operating. regulating, maintaining telecommunication establishments and providing various telecom
sen,ices in the countr)- are the major ones. Besides. fixing tariff/charges on the subscribers, ensuring the services for
the subscribers and lo ensure people's right are also tasks of BTRC. The social and economic beha\ ioral pattern of
the telecom service pro\ iders are also monitored by the BTRC to ensure that the users are not subjected to
harassment and not indifferent in nature.
The Bangladesh Telecommunication Regulatory Commission (BTRC), Facilitate Connecting the unconnected through
quality Telecommunication services at an affordable price by introducing new technologies. Now, BTRC wants to
Archive all the data in digital formats from the beginning of the organization.
The objective of the Archive Management System is to establish a comprehensive and efficient platform that
facilitates the digitization, organization, and secure storage of physical documents within our organization. This
system aims to streamline document management processes, enhance accessibility to archived information, and
ensure the long-ter1r preservation of valuable records. By providing a user-friendly interface for document
upload, categorization. and retrieval, the Archive Management System seeks to improve overall operational
efficiency. reduce reliance on ph sical documentation, and enhance data security and accessibility, ultimately
contributing to a more sustainable and digirnll: empowered organizational archive. This assignment is (but not
limited to):
• Establishing a secure and centralized repository for document storage (both physicalI)- and digitalI:) .
• OCR-based scanning of all necessary documents in both Bangla and English.
• The system \,\ill faciIirate the systematic organization, storage. and retrie\aI of archi"'ed in formation.
• Improving collaboration and version control for documents.
• Ensure quick search and retrieval of physical and digital documentation and ""ill provide the necessar referen es
promptly.
• Ensure confidentiality. securit) and restrict unauthorized access to vital information.
• Digitally archive all necessary documents related to the administrative, Financial, Legal. and Telecom Related
documents.
• Digital!)' archive all Commission Meeting Decisions. Telecom Policies, Regulations. Directives. Instruction,. a 1d
Guidelines forthe Commission.
• Digital!) archive all Annual Report, Nev.sletter, News. press release1Press Briefing. Audio\ isual documennr
. Video, Photo, and Telecom event-related data archive.
w
• Perform Dynamical and content-based Search with all over the archived date (Image, pdf, word, PPT. audio. video
etc.). ,---------------------------,
Scannen V
' Fea•u•es o' So W,:l•e
t lr'llemet / lntrar,el
· •
,...--.,
Index Station (OCR)
lnet thentic.tta"'
MM>Ual Oa1a Er"Y
Verify Station
\,JserAl.,: :;C ttOf'l
Ro,v ew F,A;,o=-
ln<k••d ....,.ag••►
l:_Q
, p 1ndex:in1 ,fJ-
-
Fi!wre-0 I: Svstem Work Flow Diagram
, S.,..,,.,& Stonge
Legal
a) Must submit valid Trade License (updated), TrN, VAT, Incorporation & income tax Certificate
Documents/ (updated).
Certificates b) The Tenderer must be an IT/ITES company registered in Bangladesh.
c) The tenderer should have a minimum of 10 (ten) years of general experience in the supply of
goods and related services as a supplier, years counting backward from the date of
publication of IFT in the newspaper.
d) The tenderer must demonstrate its management capacity (website link or brochures and other
documents describing similar assignments, experience, availability of appropriate professional
staff and experience among applicant's staff, resources to carry out the assignment).
e) The tenderer should demonstrate its' logistical capability (well-equipped office space at Dhaka
with necessary facilities).
E:-.periences
a) The Tenderer must have OI (one) successful completion record of contract in government
organization/Bank for Supply, Installation, Commissioning, and Operation of Integrated
Document Archive Management System and related services and has a minimum contract value
of02 (two) Crore BDT in the last 5 (five) years.
b) The Tenderer must have 01 (one) successful completion record of contract in government
organization/Bank for Supply, Installation, Commissioning. and Operation of Active and
Passive infrastructure (Server, Network Switch, Firewall and Storage) and related services and
has a minimum contract value of 0-1 (four) Crore BDT in the last 5 (five) years.
I
c) The bidder must have a minimum of OI similar Contract/PO/Work Order/ Work
Competition Certificate for managing large teams of scanning operation and data entry
operators and archiving with indexing of various page sizes (Lega!/Lener/A4/Maps/lmage etc.)
for providing both bi-tonal and color outputs.
d) The tenderer must have experience \\"ith at least O I (one) Maintenance Contract
(Complete/Ongoing) of Operation of the Integrated Document Archive Management System
and related services and has a minimum value of20 (t\\·enty) Lac BDT in the last 5 (five) years.
Thej Tenderer must have to submit the contract agreement.
Financial a) The tenderer must have a minimum average annual turnover of 10 (Ten) Core BDT in the last
Capabilit1 I
three (3) years and submit financial audit report of last 3 (three) years.
b) The tenderer must have working capital/liquid assets/credit facilities not be less than at least
BDT 0'1- (four) Cores.
R sources A Project Manager, Engineer, and other key staff shall have the following qualifications and
experience: (CV must be submitted)
Number of Total Works Experience in
l'\o Position Resource Experience similar works
(Minimum) (Years) (Years)
I Ce11ifted Professional project manager I ..,
6 .)
(PMP)
2 Senior Software Ene:ineer 2 6 3
., .,.)
J System Analyst I 6
4 Svstem Ene:ineer I 5 2
5 Soft\\are Ene:ineer 5 5 2
6 Security Specialist (EC Council/ ISC2 l 6 2
Security Associate Certified)
7 Senior Network Engineer (CCNP I 6 3
Certified)
8 Network Engineer (CCNA Certified) 2 5 2
9 Documentation Expert I 5 2
10 Data Entry and Scanning Staff 8 2 I I
Page 3 of 37
...
JV JVCA allowed to pa11icipate in the tender process, but number of participations in the JVCA should
I
Partne r
qualification not be more than 02 (two) organization.
I -
The minimum qualification requirements of Leading Partner, other Partner(s) and requirements by
1
Partner(s)
TDS Clauses
References
Requirements by
summation
Requirements for
Leading Partner I
Requirements for other
Summation not Same as stated in Same as for
IIT-14.l(a) applicable TDS Leading Partner I
IIT-14.l(b) 100% Any one par1ner must have
I
IIT-15.l(a) 100% 70% 30% I
IIT-15.l(b) 100% 70% 30% I
a. Project Manager from Leading Partner.
ITT-16.l(a) 100% b. Engineers and other ke'r staff defined bv the oanners.
Others ITT-17.1 100% NIA Letter for the Server,NIA
The bidder must submit the Manufacturer Authorization Storage, I
To reach the ultimate objective of this platform Development and implementation can have following necessar
modules, features and functionalities. However, the selected vendor must perform a detailed requirement stud
and system analysis and prepare the necessary deliverable.
1. Document Management System (D:.\-I )
Supply, installation, resting. customization. and implementation of a Document Management System (D.\1S) to
create, crack, manage and store documents.
2. Document Scanning and archiving Service
• Scanning of backlog documents.
• Indexing of scanned documents to create a future accessible repositol).
• Migration of existing data
3. Physical Record Management
• Establishment of physical document record rooms.
• Supply and installation of barcoded shelf, boxes etc.
• Preserve and track physical document
4. Infrastructure development
• Supply and installation of necessary server, storage, networking equipment, scanners, computer, laptop,
barcode scanner etc.
5. Capacity development
• Providing necessary training
6. Providing Support and maintenance including managed services for 05 (five) years.
Page 5 of37
..
I Requirement Respon e I Bidder
(FC/PC.·q Rcspon e
1.12 j Abilit) to pro\ ide for rapid search and retrieval on multiple \er) large
document repositories.
1.13 Search Criteria should be configurable I
I 1.14 Ability of Full Text Search and Content based searchin!!"ithin the :,\ I
' I. 15 StemDocument management system shall support the definition or Users.
The
Groups. and Role's relation in the system
I 1.16 The system shall suppon access permissions on Folders, documents and object
I
level
1.17 I
I
The S)Stem shall support multiple le"els or access rights (Delete/ Edit/ Vie\'vl
I
Print/ Do\ nload)
..
1.18 The system
inde.\es etc. shall support S)Stem pm lleges 111,:e Create Delete Users. Define I
1
1.19
I The system shall support secure login id and paSS\\Ords for each user andI
passwords shall be stored in encrypted format in database
1.20 The system shall support extensi,e pass,\ord validations like passwords must I
I be of minimum 8 characters, shall be alphanumeric, locking. or user-id after
1 three unsuccessruI attempts. pass,\ord expiry·, pass,"ord histor) so that
pass"ords are not same as pre"ious pass"'ords etc.
1.21 1
The S)Slem shall su ort Disaster reco,erv b_:y replicacing the data.
1.22 a. The system shall support IITTP,SSL for secure data transfer
I b. The S)Stem users from the outside the office net,,orl,: ,, ill acce:,s through a
secure VP:--: tunnel to ensures, stem securit,.
1.23 The system shall provide integration facilit) \\ ith all BTRCs internal
I S)Stem and shall support single sign on
I .2-1 The S)Stem shall support E:,.tensi\e Audit-trails at document. Folder and for
I highest levels for each action done b) particular user,,ith user name. date and
1 time
1.25 Support for rule and roles-based ri2h1:,
1.26 Support for right:, on administrative n.:pons
1.27 Abilit) tu classify the document under sccuril) le,els and restrict document
access through security levels
1
applications.
I . '- The S)Stem shouId have the ability to trad. the physical file location
I .J The S)stem shouId have the ability to send reminders and notifications through
I the dashboard, SMS. and email
1..39 The system should have the capability to assign an unlimited number of
1
categorizations
1.-W The S)Stem shouId have the capability to store, manage, view, and play Word,
IAI
I
E:-.cel, PDF, audio, and video files within the system
Thes, stem must have user-friendly document se arat1on capabil1nes
...
IA2 Thesystem must have a page append facility into an existing PDF document
1. .1l_T_h_ _·
s_.yc....s_te_m_m_u_s_t_h_a_v_e_a_c_o_rn_,_n_e_n_t _fa_c_il_it.z..y_a_,.g'-a_in_s_t_an.v,._..d_o_c_ur_11_e_n_t ...., ...... ;
.I The :.)Stem must ensure the security threats but not limited to the folio\, ing:
.. .., 'l • SQuCode File Injection
• Broken Authentication
• Sensiti"e Data Exposure
• Xi\lL External Entities (XXE)
• Broken Access Control
• Security Misconfiguration
• Cross-Site Scripting XSS
• Lsing Components "ith Kno,, n \'ulnerabilities
• Insufficient Lo22ing & Monitoring
I ..JS I
The system should support authentication '"ith Active Director) (LDAP- I
supported) platforms
I ..!6 The ::.) stem must have 2-factor authentication. Authorization. and a Single
Sign-on f arure to ensure the application's security.
1.r The ::.)Stem must ha,e a Barcode and a content-based document Separation
focilit)
l...!S Image Zone-based auto data e:--traction (English and Bangla both supported
for OCR)
1.-19 The sy tem must h,n e Image-based auto data extraction (English Hand Written
Te:-.t CAPs character" ithout character frame)
1.50 The S}Stem must have an Auto cropping facility for photo and signature
'
1.51 The S)Stem must have a Color to B&W/B&W to Color conversion facilit} on
the ny
- ...,
I : ,_ The sy tern must have Automatic photograph segmentation for black-and-1
! '"hite scanning
I
I 5.3 1 The system must have Auto auto-blank pa!!e dektion facility
1.5-t The scanning profile is centrally configured once
I
1.55 The system must support the P.DF auto compress process without reducing
the file quality from the beginning.
. .., 1
- Version Control I
2.1 A.bilit} tomanage \ersion control of documents including check in, ched.. out,
1
"ie\, history, viev. latest version, write version comments, etc.
..., ..,
-·- S)stem should have the abilit) to keep the older version in case of multiple
\ersions of a document.
.3 Data M1grat1on
Page 7 of 37
I
SIN Requirement Re pon e Bidder
(FC/PC C) I Re ponsc
3.1 Existing data ha\e to be mierated to the ne" OMS
.,3.2
., [ncorporate the active directory or PDS I
I .J ,.J Integration facility through API with any other system
14 Report
I 4.1 The system should have the ability to provide various types of report
generation. I
5 User Licensing and modules for OMS
I 5.1 Unlimited perpetual user license for all modules
I 5.2 Built-in workflow application for any kind of approval I
5.3 Document Indexing and Entry Module I
Various types of documents need to be digitized. Below is the categorizing ofexisting files:
SL Cate(Jon·i'iame
Hard File
2 I E-1 othL D-Nothi
3 GuideIines1Directives/1nstructions
-I Annual Report
s Ne\"S Letter ( uarterlv)
6 Press Release
7
8
1
9 Hard File letter Cop)
10 Contract Agreement
11 l Picture ► 10 TB
12 I Audio
13 DVDNideo
1-1
I Database
I5 News Clips (Print & Online)
16 TV News Monitoring:(Video)
17 Presentations Text. Dara. Video
18 Meeting/Seminer/Symposium document and Videos
19 Others
This entire digitization will be a ser"ice that the vendor needs to pro"ide for ,,.hich belo," are the acti\ ities that need lO
be performed:
Process Flow
..... ...........
@
Cj
Page 8 orf
ill ,..,...........,,t,
LLC=t7 ,...
I r
LLi_J_J
LLLJ_J
LLi_J_J
LL _J
-==-
----m:s--•■
... -r.
SWITCH 02
I
.......
,.. ., lt111° i
.......
/ 0
■ 1111 1
00
11111•• I
■
• 1 1 111•• I ■1111••,
1111 1 11111••
00
Ao;-. Se!"'lller 02
, ,, 1
I 1
Figure-04: Infrastructure High Level Diagram
,
Page9of37
I
Technical pccification of required Hard" :ire:
1. Ethernet s,,
itch (02 i\"os)
I
j Feature ltem Description Bichler
I Response
Qualiry ISO 9001/9002 for manufacturer, FCC for quality assurance
Brand To be mentioned by the bidder I I
i\lodel To be mentioned by the bidder '
Country of Origin To be mentioned by the bidder I
Environmental Maintain International Quality Environmental Safer - standard I I
Enclosure T) pe Rack-mountable I I
1
Industry Proposed solution must be in Leader for Wired and Wireless LA Access
I Certifications and lnfrastruclUre segment in Gartner MQ-20l 9/2020
Evaluations
Part No Bidder should submit BOQ of proposed device including the details· pan
numbers. Bidder should submit the required performance document for the
proposed device.
General Features The S\"itch should have m111Imum 2-l .\ 10 100 I 000 Ethernet and 8 .\ 10
-
Gigabic Ethernet SFP-r- uplink pons,,ith 8 x IO GE Short range modules from
Day l. All the SFP should be OEM original SFP module. All modules are
from the same "S,,itch" brand.
S\\,itch should have stacked feature enabled from Da) I
Should have minimum 8 GB DRAM & 16GB Flash
I
Rt:li.:n.:11-:e reference URL / information of RFP technical specification compliance
should be publicly available and accessible document.
\\"arralll) linimum 5 (Fi,e) years ,,arrant) for OEM. i\lanufacturer·s \\arrant part
number should be mentioned. The OE:VI should have local office in
Bangladesh and 2-h7x365 Global TAC support I
erver (02 1'0
Feature Jtem Description Bidder
Re Jonsc
Brand :--::im To be memioncd b.v. bidder
!odd
e Tobe mentioned bv bidder I
Coumn, of oriQ.in To be mentioned bv bidder
Factor 2U Rack Mountable Server
Proce:,sor 2 x Intel Xeon-Gold Min. 2.8GHz 22C 28\.IB Cache I
Chip5el tin. Intel C620 Chipset I
,\kmon Min. 256GB DDR4 RAM and Scalable uoto I TB in future
I
Graphic5 lnte ated !?.raphics controller \\ith 8 MB of Video Memor" I
Internal Storage Min. 2 x 960GB SSD from Day I
• Server should have at least 8 hot-swappable I2Gbp5 SAS HOD and SSD
drives
Storage Arra Sen,er 5hould be configured array controller,, ith a minimum 2GB nash
Controlkr cache memory th:it should suppon for RAID 0, I. 5. 6, I 0. 50, 60
q Page 11 of 37
Expansion slots and I -
Should supplv Smart Stora0e Batter\. with cable
Server should come with three (03) standard PClc slots and Up 10 eight (08)
1/0 I PCle 3.0 1/0 e:--pansion Slots suooorted as future expansion option.
I Serial, VGA Port, Displa\ Port. Micro SD slot, USB 3.0.
Networl,. Interface •
1 Controller Should be supplied 4 :-- I0G Fiber ports with short range optics.
Management port & • ShouId be supplied 4 :-- I G Coooer oorts.
I
I
The server should support industry standard management protocols like IPMI
features v2 and SNMP vJ I
'
tj' ' e
\ J,
A
--.;;--:, ....
Cache required Offered Storage must be configured with minimum of 40 processor cores
across controllers. Storage must be configured with a minimum 256GB
based Global/Federated Cache/Memory across controllers. Writes in the
cache must be protected in the event of an unplanned power outage by de-
staging to persistent storage or battery-backed cache.
Storage Capacity Offered Storage must be supplied with 40TB (20TB SSD + 20TB SATA)
usable capacity which can be usable Block/File/Object any purpose.
Capacity should be provide using not more 10TB drive with concurrent
Dualffriplc drive failure protection and spare drives as per OEM's best
practices.
Dri\,e Suppo,1 Offered Storage must suppo11 scalability minimum of 700 Drives across
offered controllers.
Front-End and Array must be offered with minimum 8x32Gbps & 8x10Gbps SFP+ pons
Backend across controllers suppo11ing asked protocols. Array must be supplied ,, ith
connecti, i1, -t SAS oorts ,vith each port suppo11in2: 4:xI 2Gbos SAS lanes.
S1ornge Protocols The storage operating system must provide FC, FCoE,iSCSI. p'.\FS, NFS
(NFSv3. NFS..,-1. NFSv4.I ), CIFS/SMB protocols natively to suppo11
heterogeneous application environment. In addition to the above. Object (S3
comoatible) orotocol should also be suooorted nativeh·.
Storage must support data in place conversion of block LUi\ to NYMe
Namespace conversion and vic,eersa for moving \\,Orkloads from traditional
I SCSI orotocols to NVMe Protocols.
Deduplication & Offered Storage must provide lnline as well as Post-Process deduplication.
Compres-ion compression for both Block and File data. Data reduction must be
maintained
while Tiering and replicating the data.
Snap-;hots & images Offered Storage must support minimum of 1000 Redirect on ,Hite snapshots I
per volume. Production SAN andNAS Volumes must be protected with point-
in-time copies. Administrator must be able to setup a policy to take snapshots I
-
even 1 hour and retainin g it for one month ,, ithout a, m performance impact
-
Data Tiering
to host IO.
The s1stem should provide capability ro tier cold file and block data to Object
I
storage within the Data Centre or to the object storage in the public cloud
(A WS, Azure and Google) while preserving data efficiencies and single
name space. Traffic bet,\.een primary to object storage must be encrypted.
Admin
must be able to define the policy for tiering data from Primar) \.Olumc:sto
Replication I Offered
Object Storage
Storagesuch
mustasbe
inactivit) period.%
configured capacity consumption.
,vith required Licenses to configure:
I) Synchronous and Asynchronous RepIication between 2 DCs for bothBlock
and File Protocols.
1) 3DC Replication ,vith Zero RPO across 3 DCs ,,here 2 Sites are within
:Vletro Distance and 3rd Site can be> 1000 m a\vay for both block and
file Protocols.
3) Replication solution must support 6-l arrays replicating to I central DR
storage and replication of I volume to upto-' distinct storage systems spread
across geographical locations.
4) Replication solution must support bi-directional replication to minimum 3
meity compliam public clouds. replication traffic must be encr)pted during
i replication to the public cloud.
Page 13 of 37
Data Protection & The storage system should offer the capability to identify and remediate I
Encr:-ption ransomware attacks using autonomous ransomware protection \\ ithin the
controllers. The offered system should support ransom\,are and insider threat
detection to protect data with early detection and actionable in telIigence on I
ransom,,are and other mah\are incursions. Required HW and SW must be
offered.
Offered Storage must provide application consistent data protection within
the
datacenter (Snapshots & Thin clones) or b) replicating to the remote I
datacenter. lt must support VMware, MS SQL, Mongo DB. Oracle, MS
Exchange, SAP HANA, SAP MaxDB, PostgreSQL. DB2 etc.
Offered Storage replication should be secured by end-to-end encryption and
band,,idth optimization o"er a WA;-.: link. All the necessar:- hard\\arc &
licenses should be quoted from day I in Highl) available configuration.
Page 15of37
Offered Storage must be supplied \\ith 40TB (10TB D + 30TB AT.-\)
usable (10TB SSD & 40TB NL-SAS) capacit) \\hich can be usable
torage Capacit) Block/File/Object any purpose. Capacity should be provide using not
more I OTB dri\e \\ith concurrent Dualffriple dri1,e failure protection
and and s are drives as er OEM's best ractices.
OfTered Storage must support scalabilit} minimum of 140 Drives across
Dri\e Support
offered controllers.
Front-End and Arra: must be offered \\ith minimum -hl6Gbp & -hl0Gbp FP+ ports
Bad.end across controllers supporting asked protocols. Arra) must be supplied \\ ith .i
connecti1,it> SAS ports \\ ith each port supporting 4x I 2Gbps SAS lanes.
The storage operating S}Stem must provide FC, FCoE.iSCSI, p F . 'FS
( FSv3, NFSv-1, NfS\-1.1), CIFS/SMB protocols natively to support
heterogeneous application environment. In addition to the above, Object (S3 I
Storage Protocob compatible) protocol should also be supported natively
Storage must support data in place conversion of block Ll.fl\, to ;--.;V;\,k
Namespace conversion and vice versa for moving \\Orkloads from traditional
SCSI protocols to NVMe Protocols.
Offered Storage must provide lnline as \\Cit as post-process deduplication.
Dcduplicmion &
Compre sion compression for both Block and File data. Data reduction must be
mainrained
\\hile Tiering and replicatin the data.
Offered Storage must support minimum of I 000 Redirect on \Hite snapshots
per\olume. Production S.\'-:and '\AS Volumes must be protected ,, ith
point
Snapshoh & images I in-time copies. Administrator must be able to setup a polic) co cake
snapshots e\er) I hour and retaining it for one month ,, ithout an)
perfom1ance impact
to host 10.
I The system should provide capability to tier cold file and block data co Object
storage ,, ithin the Dara Centre or to the object storage in the public cloud
(A \\'S. Ature and Google) \\hik preser. ing data efficiencit:s and single name
space. Traffic bet,,een primar) to object storage must he encrypted. Admin
mu:>t be able co define the policy for tiering data from Primar: \Olume" w
Object Storage such as inactivit) period. % capacit) consumption.
Offered Storage must be configured with required Licenses to configure:
I) S)nchronous and As) nchronous Replication ber,,een 2 DCs for both Block
and File Protocol .
2) 3DC Replication ,\ith Zero RPO across 3 DCs \\here 2 Site=> are \\
I ithin i\letro Distance and 3rd Site can be > I 000km a\\ a) for both block
RepIic,11ion and file Protocol'.
3) Replication solution must support 64 arra replicating to I ct:ntral DR
storage and replication of I \Olume to upto -I distinct storage S) tern spread
across geographical locations.
-I) Replication solution mtbt support bi-directional replication to minimum 3
meity compliant public clouds, replication traffic mu:>t be encrypted during
I replication to public cloud.
The scorage S)Stem should ofTer capabilit} to identif} and remediate
ransomv,arc anacks using autonomous ransom\1,are protection ,.,,ithin the
Data Pn.'tt:ction controllers The offered !>):>tem should suppon ransom,,are and in:>ider
& Enayption threat detection to protect data \\ith earl) detection and actionable
intelligence on ransom\\are and other mal\1,are incursions. Required 11\\'
and SW must be
offered.
r Offered Storage must provide application consistent data protection within
the datacenter (Snapshots & Thin clones) or by replicating to the remote
datacenter. It must support VMware, MS SQL, Mongo DB, Oracle, MS
Exchange, SAP HA A, SAP MaxDB, PostgreSQL, DB2 etc.
Offered Storage replication should be secured by end-to-end encryption and
bandwidth optmization over a WAN link. All the necessary hard""are &
licenses should be quoted from dav I in Highly available confie:uration.
The proposed storage array must support data-at-rest encryption in
compIiance with FIPS 140-1certification managed by On-board Key
Manager or External Key Manager.
The storage system should offer high-performance compliance solution in
accordance to various industry standards to meet regulationssuch as
Securities and Exchange Commission (SEC) I 7a-4, HfPAA, Financial
Industry Regulatory Authority (FINRA), Commodity Futures Trading
Commission (CFTC), and General Data Protection Regulation(GDPR).
The storage should be configured to comply with SEC Rule I 7a--t for File
data in order to protect the data with WORM protection. ecessary license
should be provided.
Overall SecuriryofSroragesystem should be based on Zero Trust Framework.
which \\ ill broadly cover belO\\ functionalities:-
• Controlling access to File and Block data
• Secure multi-tenancy for all File and Block protocols and Object APis.
• Abnormal access panerns (Anomaly Detection & remediation)
• Integration with Multifactor authentication solution
• Temper Proof snapshots
• Multi-adrnin validation where certain acti\ ities needs to be appro\ed b)
more than I Administrators to secure from internal threats.
• Encryption(At rest and in flight)
• i\lonitoring and logging administrati\.e access
• Role Based Access Control I
Storage system must be offered 111 a ;\o-S111gle-Po111t of Failure offering upto
\\ .1ilabilit: six 9s of,l\ailability \\,ith scale up and scak out architecture for all protocols
asked.
Offered Storage must have integration with Vivlware ecosystem e.g. vVOLs.
Third-party VAAl, it must support Storage Policy based Management as well as vVols.
integration Offered Storage must support integration with OpenStack Cinder for block
and OpenStack Manila for File protocols.
Container torage Offered Storage must provide Latest CSl driver for providing persistent
lnterfa e stroa2e to K8s environments, CSI driver must be a supported by the OEM.
Support for industry-leading Operating System platfonns including: LfNUX.
Microsoft Windows, IBM-AIX, Oracle Solaris, Oracle Enterprise Linux, etc.
0 upport
It shall support connecting hosts over iSCSI or FC and shall be supplied with
anv Multipathing software, if required, with the solution.
Offered Storage must have capability to implement Quality of Service which
I
QoS must allow administrators to limit IOPS and throughput for certain Block
Luns and File shares. Required HW and SW must be offered.
Page 17of37
The storage system must offer management and monitoring la)er supporting
performance monitoring. utilization. pro\1sIomg. monitoring alerts.
configuration and reporting around Data Protection. reporting File system
Management and anal}tics to analyze Capacity usage. File and directory counts, File
Monitoring activity trends. Active and inactive data identification and ageing of tile
data. Management UI must discover and monitor VM\\are infrastructure \\
ith the
granularity of Data stores, VMs. it must support end to end topolog1 vie\\, of
VM\\are environment to the storage.
Support for OS (fr.e)1ears \\ith 4 hrs Part replacement \\arrant . OE t
\\"arrant & SLA should ha.,,e a local art de ort in Bangladesh.
I
I
Secure Wireless \\ith read: Central monitoring and management of APs and,,ireless clients
Appliance throughAPs
Bri?ge the to
built-in wireless
LA:--.:, VLAN,controller
or a separate zone,,ith client
I
isolation options
Multiple SSID support per radio including hidden IDs I I
Page 20 of .r
View personal Internet usa2e
Access quarantined messages and manage user-based block/allow
sender lists
Do\,nload SSL remote access client (\\'indo,vs) and configuration
files (other OS)
Base V p:--; options Site-to-site VPN: SSL, IPsec, 256- bit AES/JDES, PFS, RSA,
X.509 certificates, pre-shared kev
Robust and lightweight RED site-to-site VPN tunnel
L2TP and PPTP
Route-based VPN
Remote access: SSL. IPsec. i Phone'iPad/Cisco /Android VPN
client suooort
IKEv2 Suppo11
SSL client for Windows and configuration download, ia user portal
\'P'\ Client Authentication: Pre-Shared Ke: (PSK).
PK! (X.509). Token and XAUTH
Intelligent split-tunneling for optimum traffic routing
I
1 AT-traversal support
Page 21 of37
Lateral Movement Protection further isolaces compromised systems
by having healthy managed endpoints reject all traffic from
unhealthy endpoints preventing the movement of threats even on
the same broadcast domain
Reporting (Central Central cloud-based Firewall Reporting should be included at no
cloud) (ready on lie) additional cost II
Reporting features should be accessed from anywhere by Admin
without direct access to the device I
Administrators should drill down into the syslog data for a granular
t--v_ie_w_th_a_t_is_... pre_s_e_nt_e_d_i_n_a_v_i_su_a_l_fi_o_rm_at_fo_r_e_a sv, u_n_d_er-=s--'-'ta'-n-=d _in-'-'g-'----J.._---
Pre-defined reports with flexible customization options
Ability to configure flexible reports with a high degree of
customization - each report table, containing dozens of column
choices, allows administrators to add or remove columns of data, to
make report more granular. compressed. or enriched as desired
Application bandwidth report that shows bandwidth usage by I
application and risk. The application and risk columns can be
removed and replaced with source fP to pro\ ide a band\\ idth usage
report broken out bv IP address
Reporting for NG Firewalls - hard\\are. sofn\are. virtual. and cloud
Intuitive user interface provides graphical representation of data
Report dashboard provides an at-a-glance vie\\' of e\ents over the
past 2-t hours
Customizable chart options - can select bet\\een a bar. pie. stacked
area, and Iine chart for any report
I
I
Easily identify net\,ork activities. trends, and potential attacks
Deep insight into user acti\ it). application usage. and securit:
threats on the net\\ ark
Eas} backup of logs \\,ith quick retrieval for audit needs
Simplified deployment without the need for technical expertise
Managed Threat Response (MTR) Connector enables analysts co
1
receive alerts from Fire\\all
Reporting (On-appliance)
l
FirC\\all reporting should be included at no e.\tra cost (on-bo.,
(read: on lie) reports) \\,ith custom reoort oocions
I
Dashboards (Traffic, Secunt), and User Threat Quotient)
Applications reports (App Risk. Blocked Apps. S)nchronizcd I
A s. Search Engines. Web Servers. \Veb Ke ".vord Match. FTP
Network and Threats reports (fPS, ATP. Wireless. Securit:
Heartbeat. Sandstorm)
User Threat Quotient (UTQ) reports to identify risky users based on
recent browsinQ behavior and ATP trigQers
VPN reports
Email reports
Compliance reports (Hf PAA. GLBA, SOX. FIS'.\IA. PCI. NERC
ClP vJ. CIPA)
Current Activity Monitoring: system health. live users, IPsec
connections, remote users, live connections. wireless clients.
quarantine, and DoS attacks
Page 22 of3i
Report anonymization
Report scheduling to multiple recipients b) report group "' ith
flexible frequency options
Expo1t reports as HT IL, PDF, Excel (XLS)
Report bookmarks
Log retention customization by category
Full-featured log viewer with column view and detailed view
,.,.ith powerful filter and search options, hyperlinked rule ID. and
data view customization
1\cxt-Gcn Base firewall Protection includes:
ubscri ption/License from Net,,orking and SD-WAN: Wireless, SD-WAN, Application-
day I Aware Routing, Traffic Shaping.
Protection and Performance: Architecture with Network Flo"
FastPath, TLS 1.3 Inspection, Deep-Packet Inspection.
VPN: [Psec/SSL Site-to-Site and Remote Access VPN
(unlimited), SD-RED Site-to-Site VPl's.
Central i\.lanagement: Group firewall management. backup
management. firmware update scheduling.
Reporting: Historical on-box logging and reporting.
Central Firewall Reporting: Prepackaged and custom report tools
with seven days of cloud storage for no extra charge.
R pvning Extensive web and app reporting.
- Enhanced Support includes:
2-lx7x365 suppo1t,
Advance replacement hardwar,e,arranty,
Direct OEM technical sunnort via oortal /teleohone1 remote access, I
Free security updates and patches,
Free Software features updates & upgrades.
\\ arrant: 05 (five) years from the date of activation of ·the
subscriptions/device registration confirmation "' ith the Enhanced
Support License
Page 23 of 37
1
Paper Thickness & 34--D3 g/m! (9-160 lb.) paper
Weight rear exit for paper> 200 cym! ( 110 lb.)
Maximum Optical 600 dpi
Resolution
Accessories & Carrier Sleeves
Consumables Document Extenders
Feeder Consumables
I
Kits
A3 Size Flatbed Accessory
Enhanced Printer Accessory
Printer Ink Cartridge and Carrier
Rear Exit Trav Accessory
Acoustical Noise Off or Ready mode: < 20 dB(A)
Scanning: <60 dB(A) I
Approvals and Product Argentina (S mark)
Certifications Australia'Ne\v Zealand (RCM)
Canada (cTUVus & !CES-003)
I
I China (CCC)
European Union (CE)
I
European Union (GS Mark)
India (BIS)
Japan (VCC[)
Mexico (NOM) I
I
Bundled Software
I PDF-1I7 QR. UPC-A UPC-E
Caorure Pro Limited Edition Smart Touch
Dara Security The scanners must process scanned data exclusively through volatile
memor: ensuring image data is effectively erased upon shut down.
Dimensions & Weight Height: 25-1 mm/ IO in.
Width: 457.2 mm/ 18 in.
Depth: 370.84 mm/ I-L6 in.
Weight: 15.3 kP. / 33.8 lbs I
Electrical Requirements 100-240 V (International); 50-60 Hz I
Environmental
Certification
2008 EuP
ENERGY STAR Qualified I I
EPEAT Gold
File Fonnat Outputs BMP. JPEG, Single-page TIFF, Microsoft Excel, Microsoft Word.
Multipage TIFF. PDF, Text searchable PDF. PNG, RTF
I
Image Output Resolution DP!: 50, 75. I00, 150. 200. 240, 250. 260. 300. -100. 500. 600. 1200
Options I
Network Protocols DHCP(or static IP)
I TCP/IP I I
Page 2-1 of 37
Operating System \\'INDO\VS 11 (6-4 bit)
Compatibilit) WINDOWS 10 (32- and 6-4-bit)
WINDOWS Server 2012 R2 X64 Editions
WINDOWS Server 2016 X64 Editions
WLNDOWS Server 2019 X64 Editions
WINDOWS Server 2022 X6-I Editions
Ubuntu 18.0-4 64-bit
Ubuntu 20.0-4 6-4-bit
Open SUSE Leap-I5.2 & 13.1
SUSE Enterprise Desklop-I5.2 & 12.4
SUSE Linux Enterprise Desktop 12 SP2 6-4-bit
Operating Temperature 1 Operating Temperature 10-35° C (50-95° F)
Orerating Humidity Operating Humidity 15% - 80% RH
Operator Control Panel 3.5 inch (89 mm) graphical color touchscreen LCD\,\ ith operator control
buttons
Capture Pro Soth..,are
I
Optional Soft,,are
lnfo Input Solution
Paper Path Options Documents should e.,it into the front output tra). or at the rear of the
scanner if the straight-through paper path opcion is manual!: selected
Page 25 of 37
Scanning Technolog), Dual RGB LED Illumination CIS (CMO ): Gra scale output bit depth
is 256 levels (8-bit): color output bit depth i:, :!-I bits (8 , J): color
capture bit depth is 48 bits (16 x 3)
Standard Sofl\\are And ISIS Drivers
Drhers LINUX (TWAI. and SA 'E) Drivers
TWAIN Drivers
\VIA Drivers
Citri, certified
KOFAX certified
I
Warrant: The vendor must provide I (One) year \\,arrant) and 4 Year
Maintenance Contract (v,ithout parts and Consumables) and BTRC \\ ill provide
separate PO for parts and consumables as required for the document
scanner maintenance. I
portable USB drives. secure login \ia LD.-\P, acti\ it) logging b) Login ID.
I IP port blockin!!
Secure login '"ith a customizable pasS\\Ord. abilit to create and
manage lists of Scan Station 730EX Plus de-.ices. group and casil
classify managed de, ices. update the configuration and'or embedded
soft\\,are of
Remote Adminisrraiion one. some or all managed devices. vie" the status of managed de"ice:,.
(for s:,,stem remotely access and manage the logs of a single managed de\ ice. restart or
administrator:, onlv) po,\er off a sin2.le mana!!ed device
Embedded Operaiing Wl'.'.DOWS 10 loT Enterprise LTSC 2019 'version
S\ stem
Te:-.t searchable PDF using the indust1; leading ABBYY OCR engine.
Single and multipage TIFF. JPEG. PDF. PDF, PDF/A. IICROSOFT
WORD, MICROSOFT EXCEL. RTF. cnc1;pted PDF, JPEG-comprc:,seJ
File Format Outputs I TIFF, \VAV audio files
Up to 70 ppm/1-10 ipm at 200 dpi (portrait. letter size. black-and
Throughput Speeds \\ hicetgrayscale'color)
\.lultifeed Detection I With ultrasonic technolog>
Feeder Ca acit'v C to -5 sheets of20 lb. 80 2. m2) a
Recommended Dail:,, er
Volume Up 10 6.000 pa2.es per da"
Page 26 ofr
\\.'eight: 10.5 kg (23 lbs.); Depth: 38.2 cm (l5 in.): \Vidth: 35.6 cm (I-LO
Dimensions in.): Hei2ht: 20.6 cm 8.1 in.)
Recommended PC [NTEL Core2 duo 6600@ 2.4 GHz Duo Processor or equivalent, 4 GB
Configuration for RAM, USB 2.0, running \Vl1 DOWS 8 (32-bit and 64-bit), WINDOWS
Scanner Administration 8.1 (32-bit and 64-bit), WI1 DOWS 10 (32-bir and 64-bit), WlNDO\VS
Software 11
64-bit)
Accessories A vailable Portable USB drives, Kodak A3 Size Flatbed Accessory
Operating temperature: I0-35° C (50-95° F);
Environmental Fact0rs 0 eratin° humidit : I 0% to 85% RH. Altitude <W0OM or 6562 feet
Off mode: <0.J \\iatts; ENERGY STAR 3.0/ Sleep mode:5.26 Watts;
PO\.\.Cr Consum tion 0 erating mode: <50 Watts
The vendor must provide I (One) year warranty and 4 Year Maintenance
Contract (without parts and Consumables) and BTRC will provide
separate PO for parts and consumables as required for the
document
scanner maintenance.
• . button
Output single- and multi-page TIFF, JPEG. RTF. B\'IP. PDF and
searchable PDF formats are all available \\.hen using Smart Touch or
Warrant
.The Compact
Kodak Capture Pro Software
design with a small footprint
vendor must provide I (One) year warranty and 4 Year Maintenance
Contract (without parts and Consumables) and BTRC will provide separate
PO for parts and consumables as required for the document
scanner maintenance.
Page 27 of 37
Print i\lethods: Thermal transfer and direct thermal printing I
Construction: Metal frame and bi-fold metal media cover ,, ith enlarged
clear viewing window
Side-loading supplies path for simplified media and ribbon loading
Standard Features Thin film printhead with E3rn Element Energyrn Equalizer for superior I
print quality
4.3-inch color touch display with intuitive menu for quick operation and
settings
I Mirror & Ve11ical Printing
Resolution Minimum 300 dpi
256 MB SDRAM memory
Memory
5L2 MB on-board linear Flash memorv
I Maximum Print Width Minimum 4.09 in./ I 04 mm I
Maximum Print Speed Minimum 356 mm per second or less
Maximum Tape Width 110mm I
Max. Label Length 991 mm
Memor'y 256MB RAM. Storage: 512 MB
Media Sensors Adjustable dual media sensors: transmissi\e and retlective
Rewind: lntemally re,,inds a full roll of printed labels on 3.. core. or peels
and rewinds Iiner (factory installed only) I
i\ledia Handling Peel: Front-mount. passive peel option
Peel: Liner take-up - additional fuII-roll liner takeup spindle
accommodates standard printer base
Cutter: Automatic
USB 2.0. high-speed. RS-232 Serial. IO I 00 Ethernet. Bluetooth -l. I. Dual
Communications USB Host
Page 28 of 3-
I
amc of Item Description Bidder's
Response
Brand To be Mentioned bv the Bidder
Model To be Mentioned by the Bidder
Countrv ofOri!.?.in To be Mentioned by the Bidder
Country of To be Mentioned by the Bidder
i\ lanufacturer
Processor Intel Core iS-I2500 Processor (Minimum I 2th Generation)
Processor Physical Minimum 4 cores or higher
Cores
Chipser Intel Chioset or equivalent
Clock Speed Minimum 2.5 GHz or higher
Cache ivlemor.., Minimum 16 MB or higher
BIOS Machine SI. No. & Brand lo!.?.o must be shown in 81OS setup.
RA\! Minimum 16GB DDR4 3200MHz (Single Stick)
Stora!.?.e I Minimum 512GB M.2 SSD
I
Graohic:,
Pons and I lnte2rated Intel UHD Graphics or Equivalent
Headphone/microphone combo. USB Type-A. HDMl, RJ---l5, Displa: 'VGA
l
Connectors
Cornmunicarions Integrated 101100/1000 Mbos Gigabi1 Ethernet. Wi-Fi and Bluetooth I
t\utlio Hi!!h-Definition lnre2.rated Audio and internal speaker I I
;\krnitor Minimum 18.5 inch I
Ke\board Same Brand USB business keyboard.
\louse Sarne Brand USB Optical Mouse.
Form Fac1or TO\\er
Operating S:,s1e111 I
Genuine WindO\vS 11 Pro 6--lbit (FQC-I0528 WI PRO 11 6-iB E:--:G !NTL
I I PK DSP OEI DVD)
PO\\cr Suooh To be Mentioned bv the Bidder
Catiti.::ation Manufacrurer' s Authorization lener (third-party authorization \\ iII not be
accepted) & Distributorship/ Agency Cerrificate. Original
Catalogue/Brochure/User's manual.
\\ arrant, 3 (Three) years full \Varrantv with faultv parts replacement and other services.
l 'PS
I Capacity Minimum I 200VA
Load Caoacitv Minimum 720\V
Backuo Time Minimum 15 minutes
Battery Type Maintenance free sealed lead acid
banerv
Battery Capacity Minimum 7 Ah
Number of batteries Minimum 2 units
Warranty 0 I (One) year full Warranty,..,ith
' faulty pans replacement
I
Page 29 of 37
Country of Origin
To be Mentioned by the Bidder
Country of
To be Mentioned by the Bidder
I
Manufacturer
BIOS Machine SI. No. & Brand lo_go must be shown in BIOS setup
. I
I Processor Intel Core i5- I 235U Processor (Minimum 12th Generation) \,\,ith 1.3 GHz base
Graphics
frequency, 12 M 8 L3 cache, IO cores
Intel Iris X Graphics/Intel UHD Graphics
I
I
Memorv Minimum 16GB DDR4 (Single Stick) 3200MHz with 2 slots I
Storage Minimum S12GB M.2 SSD I
Displav 14" diagonal !PS FHD anti-glare LED-backlit (narro,\, bezel) I
Color SiIver/Grav I
Communications I
I
1
Integrated I 0/100/1000 MbpsGigabit Ethernet, Intel Dual Band(:?. :?.)
Wireless Wi-Fi 6 and Bluetooth 5.2 Combo
Webcam Minimum FHD camera or hie:her I
Keyboard Spill resistant backlit keyboard I
Ports and HOM!, RJ-45, USB Typc-C, Hi-Speed USB 3.0. Headphone/ Microphone
Connectors
Pointing Device
Combo I
Click-pad ""ith multi-touch e:esture support I I
Security TPM 2.0 Embedded Securitv Chip I I
Operating Genuine Windo",s l I Pro 64bit (FQC-I05:?.8 \\'IN PRO 11 6-l-B ENG INTL
System I PK DSP OE! DVD) I
Minimum 65\V External AC po,\er adapter or more I
Po,ver
Batten, Minimum 3-cell 48\Vh Long Life Battery or more I I
Weight I .6 kg or less I
Carry I Original Laptop carry Case(Same Brand)
1 Integrated High Definition (HD) Audio duel channel "' ith stereo speakers
Case
I
Audio
Certification (\Iust MIL-STD. Manufacturer's Authorization letter (third-part: authorization \\,i II 1
be not be accepted) & Distributorship/ Agency Certificate. Original Catalogue
submitted) Brochure/ User"s manual.
\\'arrant1, J (Three) ;ears full WaiTant\. ,, ith fault\ parts replacement and other services.
<
Page 30 of 37
• Usability testing
• Accessibilit)' testing
• Securit, testing
• User Acceptance Test {UAT)
\ tier the \\ arrant, period, the Selected Vendor has to sign a separate SLA for the Maintenance Service, if BTRC
,..ants.
fnput Validation: There must be proper Input Validation with the protection of cross-site scripting (XSS), SQL
injection. buffer overflo""• etc. Bad input can also lead to Denial of Service (OoS) attacks on the application.
Output Escaping/Encoding: Output escaping.tencoding is required to handles output. All output data must be escaped/
.=n oded unless the} are knO\\.n to be safe for the intended destination. Must ha've to consider for implementing Content
Securit} Policy (CSP) if possible.
Authentication & Password Management: Must be used password polic} to document and address ke" concerns
,, hen it comes to authentication and password management including proper password strength controls: pasrnord
lifecycle, password reset process, password storage, protecting credentials in transit, browser caching, number of
login auempts. etc. For unauthenticated/anon,mous page submits, consider using CAPTCHA technology to prevent
spam and automated attacks. Enforce multi-factor authentication in high-risk areas \.vhere possible.
·e ·ion Ylanagement: Session should be managed that ensures that authenticated users have a robust and
Cr) ptographicall} secure association with their session. It is recommended to use the server or framework's session
management controls whenever possible. Also, the following areas should be considered: session invalidation during
authentication.re-authentication, logout, and s,..,itching from HTTPS to HTTP. HTTP header tags like timeout,
domain, path. http only, and secure should also be considered with regards to session management. If using single-
sign-on, make sure the application logout function calls the single-sign-on logout function. Force user re-
verification,not relying only on current session state, for high-risk user transactions to prevent CSRF.
.\uthorization & Access Control: Must be implemented authentication, authorization for the decision process where
r..:q.i..::.ts to (create. read, update, delete, etc) a particular resource (object) should be granted or denied. Access control
ho ild be used for authorization enforcement with the most popular being role-based access control (RBAC).
C..:ntralized authorization system should be used ,\here role membership is central!) managed and audited, then
map
,,.,.._ Page 33 of 37
..
•
•
those roles to specific permissions within the application. Implement least privilege policy between all subjects
and objects. Ensure that the access control list covers all possible scenarios. Enforce timely authorization checks on
ever) request (from both server and client side) to prevent "time of check"f'time of use·' (TOCffOU) attacks.
Cryptographic Practices: Proper encryption should be used when handling sensitive data at any tier of the application.
Choose carefully whether "t:wo-way" shared key symmetric encryption, "two-way" public/private key asymmetric
encryption, or "one-way•· salted hash encryption is best for each case. Ensuring cryptographic modules is used by the
application. Using of approved cryptographic modules for random number generators.
Error Handling, Auditing & Logging: The application should handle its own application errors and not rely on the
server. Do not display sensitive, debug or stack trace information in the production environment. Ensure audit logging
controls are in place to log both successful/failure security events, especially authentication/authorization attempts and
access to sensitive data with useful audit information based on the "Who/What/When/Where" principal. Sensitive data
should never be logged, instead use other unique and traceable identifiers.
Data Protection: Limit access to data based on the least privilege principal. Encrypt sensitive data and information like
stored passwords, connection strings and properly protect decryption keys. All cached or temporary copies of
sensitive data should be protected from unauthorized access and get purged as soon as they are no longer required.
Nor to allo,\ sensitive production data in non-production environments.
Communication Security: When transmitting sensitive information, at any tier of the application or ner,,ork
architecture, encryption-in-transit should be used. SSLffLS must be supported for data communication. Uses of
trusted certificate authorit) to generate pubIic and private keys whenever possible.
System Configuration/Hardening: Making sure that every piece of software from the OS, system components.
software libraries, software framework, web servers. etc. are running the latest version and they are parched with
latesr security patches. Lock down the server and remove any unnecessary files and functions. Isolate implementation
environments from production environments. Uses of version control software so that all code changes deployed to
production are reviewed and have an audit trail.
Database SecuritJ: The application should use the lowest possible level of privilege when accessing the database.
Locking down the database by turning off any unnecessary features. Connection strings and database passwords
should be kept in secure, separate and encrypted configuration files.
File Management: Ensure authentication is required before file uploads. Limit file types & prevent any file r1pes
that may be interpreted by the " eb server as well as validate the tile types by checking the file header. Scanning of
uploaded
files for malware where possible.
fY
•
•
Lo2
- the users ,vho are accessin2-. the svstem
,
Page 35 of 37
Log the parts of the application that are being accessed
Log the fields that are being modified
Log the resuIts of these modifications
Log attempted breaches of access
• Log attempted breaches of modification rights
Timestamp
Ensure an audit trail is kept for all transactions and all audit transactions logged are kept on the trail file or trail database
from where the system can generate different audit reports as and when required.
. . ,,; .. ,...
The vendor must propose a UI/UX plan containing Ul designing method and tools, prototype or Mockup design
(if applicable), UI review method, the process for studying and analyzing UX, collaboration of basic web and mobile UX
issues, and expected result and outcome ofUX, finalizing theUI/UX design. Apart from this, the vendor should consider
the following issues as requirements at the time of the UI/UX plan.
• The system interfaces should be highly user-friendly, easy to navigate, and ensure fast loading
• The Ul shall be designed by using a well-established, suppo11ed and lightweight UI framework so that it follo,\S
widely used industry flow patterns
• U1 shalI be easily configurable if any changes are needed
• Menu, content, and navigation shall be based on the user entitlements, roles and permissions.
Detail and proper documentation of such JCT-based project development and implementation for the Government is
vital. Documentation is required for any such project as reference, knowledge transfer, analysis of development and
implementation history, baseline information for any modification or change, guidance etc. In this issue, Vendor is
expected the highest level of professionalism for delivering the standard documentation approach at each phase of the
system development and implementation project. The vendor is requested here to include and extensive
documentation plan of this project in their technical proposal which may cover the following,
• Documents titles phase or activity-wise
• Purpose of document
• About the format of documents (if possible, only index or fields)
• Type of expert and skilled resource will be used for documentation
• Document priority and dependency
• Time requirement for preparation (If applicable)
The quality attributes and assurance plan will describe the standards, processes and procedures in this system
development life cycle which will be used to support the consistent delivery of high-quality, professional standard
applications and services provided in the support of an automated environment. The quality assurance process will be
concerned with establishing the authority of the QA function, quality assurance standards, procedures, policies.
and monitoring, and evaluation processes to determine the quality of established standards. Quality assurance activities
\.\ i 11
Page 36 of 37
. t
To provide high-quality products and services, each support team will adhere to processes procedures and standards.
Quality Assurance (QA) is a process used to monitor and evaluate the adherence to processes, procedures and
stindards to determine potential product and service quality. lt will involve reviewing and auditing the products and
activities to verify that they comply with the applicable procedures and standards and will ensure the appropriate
visibility for the.
results of the revievls and audits.
The vendor is requested to provide an extensive quality assurance plan with measurable attributes for each phase of
this sy:)tem development life cycle in their technical proposal.
The vendor must properly deliver all the approved source codes and other deliverables to the authority. The vendor
cannot claim any royalty or authority of any sort in case of replicating the source code or database or any other
deliverables under this TOR.
Page 37 of 37