Are you able to If yes, will this

Functional
meet the requirement be
Requirement Level 1 Requirement Level 2 Requirement MoSCoW Requirement Description If no, please provide comment
Requirement? standard or
Reference
Yes/No customised?
Input of Accounts Payable The package records who must approve the invoice and within which period. Evidence of an approval hierachy with approval
1.1 Accounts Payable Must
Transactions rules (e.g. start/end date for approvers/thresholds by category of spend) and role based access control
Input of Accounts Payable Scanned documents can be linked to transactions and accesible at the time of approval.
1.2 Accounts Payable Should
Transactions
Input of Accounts Payable It is possible to drill down from the general ledger to the scanned invoice
1.3 Accounts Payable Should
Transactions
Processing of Accounts Payable Proposes payment runs based on due date. Generate payment advice from approved payment runs
1.4 Accounts Payable Must
Transactions
The system will support creation of BACS and faster payment files as required and interface with bank account technology
- Ability to support standard payment instructions (templates)
- Ability to interface directly to bank systems EBS (including creation of BACS files)
2 Cash Management Payments Must - Ability to support four eyes payment release
- Ability to support payments in 10s of billions of pounds

3 Fixed Assets Fixed Assets Must The package should provide a standard fixed assets module
Accounting periods must be able to be freely defined - e.g. next period can be opened before close of previous period and
the package must provide the ability to include a 13th calender period for year end adjustments. The package must also
4.1 General Ledger General Ledger Control Must support the assignment of a validity period to general ledger accounts, outside of which postings cannot be made.

The package must allow free definition of different dimensions (e.g. Cost centre, cost unit, project, product group, analysis
4.2 General Ledger General Ledger Control Must
codes) and provide effective dates for CoA elements and combinations.
The package must allow us to facilitate 200 general ledger codes and several different levels of hierachy attached to each of
4.3 General Ledger General Ledger Chart of Accounts Must
these codes.
Different budget versions (e.g. Original budget, adjusted/flexed budget, forecast). This will be made up of a minimum of 13
5.1 Management Accounting Budget Management Must
reforecasts
The package to support the capability to perform budget virements in order to enable the administrative transfer of funds from
5.2 Management Accounting Budget Virement Should
one budget to another
The package must provide requisitions, simple workflows with approval limit hierarchies, segregation of duties, PO, GRN, 3-
6.1 Procure to Pay Purchase Order Processing Must way matching to Invoice

Catalogues, reminders/notifications by e-mail, complex workflows involving multiple approvals (eg financial, technical,
6.2 Procure to Pay Purchase Order Processing Should contract)

7 Standing Data
8 Treasury
9 Reporting
The package should be able to hold calendar and holiday information e.g for delegation of authority level resources and bank
Calendars Should holiday processing
Cash book Must The package must have the ability to upload bank statements for reconciliation and cashflow management purposes
The package should provide flexible reporting with industry standard functionality. This should include but is not limited to:
- Reporting on different levels of cost (i.e plan, actual, forecast, flexed budget, etc)
- Budget reporting (i.e. monthly, quarterly, variance, etc)
- Other standard reporting (i.e profit and loss, balance sheet, account statement, number of invoices, asset accounting, etc)
Reporting Must
- Cross-module reporting (e.g. AP with GL)
 Are you able to If yes, will this
Non functional
Managed Service meet the requirement be
Requirement Level 1 Requirement Level 2 Requirement MoSCoW Requirement Description If no, please provide comments
Option? Yes/No Requirement? standard or
Number
Yes/No customised?

The Supplier shall record, maintain and verify configuration information regarding each of the configuration
Asset & Configuration items required to deliver the service / system, detailing the attributes and the history of each configuration item
1.1 Configuration Management No Must
Management and the relationship between items.
Asset & Configuration The Supplier shall ensure that all software products used within the system are properly licensed, and are at all
1.2 Software Licensing No Must
Management times used within the terms of their respective licensing agreements.
The Supplier shall integrate into the Company's existing change control procedures and policies where
possible, and shall assist the Company in co-developing such procedures and policies where they are
2.1 Change Management Change Control Processes No Must fundamentally changed by the introduction of the System (e.g. to generate shared awareness of change control
issues between Delivery Bodies that do not currently share ICT resources).
The Supplier shall cooperate with the Company and any and all of the Company's other existing and/or future
2.3 Change Management Transition Planning No Must contractor(s) in transitioning the Service / system to another contractor at the end of the Contract, should the
Company wish it.
The Supplier shall provide the Company with automated User Access Management tooling wherever possible,
such that the Company can manage its internal users' privileges and cater for 'leavers and joiners' in the most
3.1 Data Management Access Management No Must streamlined and effective manner possible, without relying on the Supplier for support.

The Supplier shall, in conjunction with the Company, identify the availability criteria required of each Service
component in order to reliably deliver the Company's business outputs and objectives. The Contractor shall
3.2 Data Management Availability Management No Must agree the identified availability levels with the Company. The Supplier shall produce an Availability Plan which
details how it intends to achieve the agreed level of availability for each of the Service's components within the
design phase .
The Supplier must have comprehensive, tested and proven Business Continuity in place which (in the event of
an interruption to business services occurring) will allow it to continue to deliver the services specified in the
Functional and Non Functional Requirements within a reasonable and (business) sustainable period of time.

The Company must have full visibility (on request) of the Supplier's Business Continuity plans and those of any
involved contractors or third parties.

The Supplier must demonstrate its Business Continuity capabilities on demand by the Company. This is
currently expected to be at least once a year.

3.3 Data Management Business Continuity No Must To allow response to changing business needs and risk appetites both parties on an annual basis will have the
ability to propose and agree alterations to the requirements for and corresponding provision of Business
Continuity and Disaster Recovery services. Any agreed alteration will be enacted by the Supplier within a
timescale agreed with the Company but envisaged to be no more than more than 14 days.

This will need to be reviewed and tested on an annual basis including signing a letter of acknowledgement

The Supplier shall ensure that capacity for IT resources is planned and scheduled to provide a consistent level
of service that is matched to the future needs of the business. The Supplier shall plan Capacity Management
3.4 Data Management Capacity Management No Must processes across all stages of the Service Lifecycle from Strategy and Design, through Transition and
Operation to Continuous Improvement.
The Supplier shall integrate the Capacity Management process with other relevant Service Management
3.5 Data Management Capacity Management Yes Must processes, in particular Configuration, Availability, Incident, Problem and Change Management.
The Supplier will provide the ability to import data from other systems (in standard formats such as XML, XLS,
CSV) as requested by the Company
3.6 Data Management Data Import/Export No Must
- Low transactional volumes from April 2014 to be brought across
Upon import, the Finance System will perform:
- Validation (checking the data in fields is of the correct format and parameters) of the import data to preserve
3.7 Data Management Data Cleansing No Must the integrity of the system and;
- Verification (checking the data complies with the business rules) to assure compliance with business rules
and policies.

The Finance System shall maintain a record of that data which originated in other systems and the original
3.8 Data Management Data Records& Retention No Must source of that data and shall retain data for 7 years from the date the transaction is entered
The Supplier shall ensure that system functionality is fully Operational and Available to respective users 24/7
with the exception of agreed scheduled downtime.

3.9 Data Management Functionality Yes Must Maintenance for this system functionality will be outside of these operational hours and account for the needs
of data back ups and any necessary testing and quality assurance activities.

The Supplier shall ensure that all interfaces and all of the functionality behind these are fully operational and
available to their respective user groups based on the operating regime as a minimum.
3.10 Data Management Interfaces Yes Must
Maintenance for these interfaces will be an agreed maintenance period and frequency, which must be
publicised in advance and a managed appropriately during the maintenance periods.

The Supplier must agree with the Company a schedule of service downtime for the maintenance, patching,
upgrade or fix of all services at least two weeks before the beginning of each operational year. The Supplier
must agree with a grading notation for maintenance, patching, upgrades and fixes which describes the size of
the change and risk associated with its implemenation at least two weeks before the beginning of each
operational year.

Maintenance for will be an agreed [x] hour over night period on[ x frequency], which must be publicised in
advance and a managed appropriately during the maintenance periods, and account for the needs of data
back ups and any necessary testing and quality assurance activities. The Supplier must agree an exception
process with the Company to account for emergency or priority work two weeks before the beginning of each
operational year.

The Supplier must ensure that:

- All system changes are subject to good governance and management process and practices;
- All maintenance is subject to prior approval and scheduling through this governance process;
3.11 Data Management Maintenance Yes Must - Appropriate testing, acceptance and roll back processes, tools and capabilities are in place in order to assure
all maintenance activities; and
- In accordance with the agreed grading for maintenance, patching, upgrades and fixes, all significant and high
risk changes must be also agreed in advance with the Company.

The Supplier on request from the Company will provide visibility of maintenance and service management
documentation within 1 working day of a request being submitted. This documentation will include but not
limited to:
- Maintenance policy, processes, plans;
- Activity logs, Issue and Risk logs, Incident logs and Problem logs;
- Defect logs; and
- Lessons Learned Logs.

The Supplier shall design, develop, test, implement, maintain and support the necessary interfaces to export
data (including any necessary transformation) between the Finance System and one or more Data
3.12 Data Warehouse Data Warehouse No Must Warehouse..

•We do not anticipate specifying the requirements for our Extract/Transform/Load (ETL).

The system should support integrated workflow management. The package must be able to
- Define workflow based on rules or roles
4.2 Integration Workflow Management No Should - Assign event priorities
- Initiate workflows based on events or time
- E-mail systems integrated into the workflow management

The Supplier shall, when nominated as the Interface Owner by the Company, develop an Interface Control
Document (ICD) for each interface, when any of the following criteria apply to the exchange of data between
systems:
- Exchanges of data via automated system to system interfaces; and
4.3 Interfaces Interface Documentation Yes Must
- Exchanges of data via manual process between system to system interface(s).
The Supplier shall make any revisions necessary to the ICDs with the approval of the Company. The Supplier
shall produce ICDs for the duration of the Service Agreement

The Supplier shall ensure that if an enhancement to an interface is required and a new version of the interface
4.4 Interfaces Interface Enhancement Yes Must is provided, there is no impact on previous versions of that interface or on other interfaces used by External
Systems.
The Supplier shall analyse all errors or deficiencies identified by or notified to the Suppliers with respect to the
4.5 Interfaces Interface Operation Yes Must Services provided, and shall resolve these to the extent the error is caused by the operation of the Service. In
all cases the Supplier shall cooperate with the Company and any third parties to resolve errors.
The Supplier (nominated as the Interface Owner by the Company), shall design, build, test and deploy all
4.6 Interfaces Interface Scope and Definition No Must interfaces necessary to meet the Company's Requirements.
The Supplier shall provide a capability to interface all Finance System components with the reporting capability.
4.8 Interfaces Reporting Interface No Must
The Supplier shall provide written documentation to support the operational use of the Service in the form of
5.1 Knowledge Management Documentation No Must user guidance, reference material and work instructions. The Supplier shall maintain such documentation,
updating as required any subsequent Service change.
The Supplier shall work with the Company to develop and implement a training programme that will deliver the
requisite number of trained Company resources, as agreed with the Company, required to deliver services to
customers in accordance with the agreed release plan. The Supplier shall work with the Company to complete
a training needs analysis. In conducting the training needs analysis, the Supplier shall consider:

(a) The relevant audience (Company staff and their associated roles);
(b) The re-use of any existing systems, services or infrastructure;
(c) The existing and required capability of different staff in different roles; and
5.2 Knowledge Management Training Programme No Must (d) the Company's training objective(s).

The Supplier shall work with the Company to develop a streamlined means of collecting feedback from training
participants in order to measure training effectiveness; and to subsequently refine training content, materials
and delivery.

The end to end process must be compliant with [relevant legal obligations for the Company], including all
components provided by the Supplier.
Legislative and Regulatory
6.1 Legal Compliance No Must
Compliance The Supplier must have capable Data Protection function.
 The Supplier shall ensure its regulatory compliance.

The Supplier shall support the Company, the third parties and other stakeholders compliance activities on
request.

If the Supplier receives any correspondence or requests from any Regulatory Authority that relate to the
performance of its obligations under this Agreement (including requests to access or copy the Company Data),
it must provide a copy of that correspondence or request to the Company unless it is prevented from doing so
Legislative and Regulatory by the Regulations or a Regulatory Authority.
6.2 Regulatory Compliance No Must
Compliance
The Supplier must consult with the Company over such correspondence or request and shall only respond to
the Regulatory Authority if:
(i) the terms and nature of the response have been approved by the Company (such consent not to be
unreasonably withheld or delayed); or
(ii) the Supplier is required by Regulations to respond to the Regulatory Authority without the Company's
consent

The Supplier shall comply with any audit, risk and/or compliance assessments deemed necessary by:
- The Company
- Third Parties; or,
- As deemed necessary by law or regulation.

7.1 Security Audit Requirements No Must Any identified issues must be brought to the attention of the Company within 5 working days of these being
made known by the Supplier.

Any identified remedial activities must be discussed with the Company and the agreed activities actioned within
any agreed time limits as determined by the Company.

The system supports the Company's user access / segration of duty requirements i.e. it supports set up of
7.2 Security Authorisation No Must standard and group profiles. User rights can be granted at the following levels: group profiles, user profiles, per
function, per field within a function
The supplier must comply with the requirements specified by the accredited outsourced Hosting Tower. To
7.3 Security Compliance No Must meet these requirements the system needs to be configured to reflect appropriate role based access controls,
appropriate segregation of data, activity audit trails and backup / recovery processes.
Where providing a Managed Service Option by remote access to a Hosting Tower, the supplier's staff with
7.4 Security Compliance Yes Must admin rights must be SC cleared.
The Supplier must give an authorisation of disclosure of all relevant terms of the contract, including identity, for
7.5 Security Disclosure No Must the sole purposes of internal and external audit.
The Supplier must have appropriate security policies and accreditations covering people property, technology,
communications and partners in place and operational across its organisation and operating model.

Supplier staff members who will have administration/configuration rights will be required to undertake Baseline
Personnel Security Standard and Disclosure Scotland checks and obtain SC clearance in accordance with the
Company's security measures.
7.6 Security Policies & Accreditations No Must
Supplier staff members are able to commence work on the Finance System whilst these checks are in progress
but any individual that fails these checks will be required to withdraw from their position on the project
immediately.

The Supplier must provide and maintain high level and detailed descriptions of its Solution Architecture which
Service Architecture & clearly demonstrate how it will deliver the required services set out in the Functional and Non Functional
8.1 Service Architecture No Must
Design Requirements Catalogue.
Service Delivery & The Supplier must be open, co-operative and provide reasonable assistance to any third party providing
8.2 3rd Party Cooperation No Must services to the Company
Management
Service Delivery & The Supplier must strictly manage and control changes to Production Services in order to minimise the risk of
8.3 Configuration Management Yes Must Service disruption.
Management
The Supplier shall utilise Commercial Off-The-Shelf (COTS) products, including software, where it is possible to
Service Delivery & COTS (Commercial Off-the-shelf do so to reduce system costs and to aid supportability without detriment to the delivery to the Company
8.4 No Must
Management Components)

The Supplier must provide the Company with Service Delivery Documentation no later than 60 days after the
agreed Go Live date for the Service and thereafter within 1 day of Company request.

The Documentation must be in English and contain sufficient information to enable the Customer to understand
how the Services are delivered including (but not limited to):
(i) details of the System (including software) and other details necessary for the Customer to understand the
technology used to provide the Services;
(ii) details of the procedures and processes used by the Personnel to provide the Services;
(iii) the mechanisms used by the Supplier to measure the Service Levels; and
(iv) the measures taken to protect the Customer Data and any Personal Data processed as part of the
Services.

The Supplier must maintain the Service Delivery Documentation and issue the Company with an updated copy
Service Delivery &
8.5 Documentation No Must within 10 days of any major system or process change .
Management
An updated copy of the documentation must be provided to the Company within:
(i) 30 days of the end of each Contract Year; and
(ii) 10 days of a Termination Notice being served.

The Company will review the Documentation from time to time and the Supplier shall amend the Service
Delivery Documentation promptly in accordance with any reasonable recommendation made by the Customer,
including adding further detail to the Service Delivery Documentation where requested.

The Supplier shall assess the environmental impact of its solution, including on initial introduction to Service
(including any equipment purchases, infrastructure construction, etc), on an ongoing basis (including energy
consumption/efficiency, heat output, etc) and on disposal (including toxicity/recycleability of components).

To clarify, the environmental impact of the Hosting Tower is outside the responsibility of the supplier. The
Service Delivery & supplier will be responsible for the environmental impact of the provision of the Finance system and related
8.6 Environmental Impact No Should
Management services. The supplier shall comply in all material respects with all applicable environmental laws and
regulations in force from time to time in relation to the delivering of the Finance System and other related
services.

Service Delivery & The Supplier shall identify a solution with a minimised environmental impact, in accordance with the Company's
8.7 Environmental Responsibilities No Should environmental responsibilities.
Management
The Supplier shall document and implement procedures to identify, report, investigate, assess and follow up on
security incidents in a time-specific and timely manner. The Supplier shall engage closely with the Company to
Service Delivery & Information Security Incident communicate all relevant security incidents in a timely manner. The Supplier shall securely hold documentation
8.8 Yes Must
Management Management and audit information in suitable formats to enable later review and if necessary support criminal prosecution.

The Supplier shall integrate the Service Solution with the Company's existing systems (and those of its
suppliers and business partners) wherever it is both viable and cost-effective to do so, in order to provide
Service Delivery & Company users with the functionality they require. The Supplier shall integrate systems with a view to
8.9 Integration Yes Must
Management achieving the greatest possible performance, reliability and simplicity of operating and maintaining the Service
for Company users.

The Supplier shall provide the design of the solution to the specified detail and time scale.
Service Delivery &
8.10 Provide Design No Must
Management

Service Delivery & business

8.11 Security and Compliance No Must
Management
Service Delivery & The Supplier shall provide a single point of contact function that shall be capable of handling and resolving
8.12 Service Desk No Must Incidents, queries and requests from the Company and other relevant Contractors within an agreed period
Management
The Supplier must at all times seek to improve its Services to the Company.

The Supplier must prepare and deliver a report to the Customer annually setting out details of any new Service
Improvement opportunities.

The Company will determine if any changes should be made to the Services in accordance with the agreed
Change Control Procedure.
Service Delivery &
8.13 Service Improvement No Must
Management The Change Control Procedure is detailed as follows:

• All changes will go through a change control process and will be subject to an impact assessment and
approvals process in order to meet the Company's Controls and Assurance Framework standards, as required
by DECC as the shareholder.

The Supplier shall provide monthly service performance management information and exception reports,
including (but not limited to):
- Service Availability;
- IT System Responsiveness
- Number of minor and major degradations of service;
Service Delivery & - Service Recovery times;
8.14 Service Reports Yes Must
Management - Recovery times;
- Diagnostics and Lessons Learned;
- Failures in Regulatory and/or Security compliance;
- Data integrity.

Service Delivery & The Supplier shall manage and shall be accountable for its subcontractors, their actions and their compliance
8.15 Supplier Management No Must with the Company's requirements and mandates.
Management
The Supplier will design and build systems with supportability in mind. The Company requires that the following
be provided / configured as part of system delivery:
- Help desk notification of exceptional service problems, incidents, and performance indicators from the system
which may indicate a forthcoming incident,
- Availability monitoring and logging,
Service Delivery & - Capacity monitoring and logging,
8.16 Supportability No Must - Graceful degradation (the ability to recover from service incident without technical staff intervention); and,
Management
- Upgrade planning.

In addition the Supplier should provide the typical KPIs and thresholds they view appropriate for the Company
business to inform availability and capacity management.

The Supplier shall provide a readily and affordably supportable Service that is capable of being operated and
Service Delivery & supported. The Supplier shall provide a system that behaves reliably and in a predictable, repeatable manner
8.17 Supportability No Must
Management with the minimum of intervention required
Service Delivery & The Supplier shall ensure that automated validation of user-supplied data occurs in real-time.
8.18 System Performance Validation Yes Must
Management
Service Delivery & The Supplier shall ensure that automated verification of user-supplied data occurs in real-time.
8.19 System Performance Verification Yes Must
Management
The Supplier must provide:
Service Delivery & (1) System Training prior to go live of the system; and
8.20 System Training No Must (2) System Training in support of [third party users];
Management
(3) System Training in support of post go-live delivery of changes to business process and systems.
 The Supplier must agree a Test Strategy, Approach and Plan for testing, assuring and signing off its required
Service Delivery & Test Strategy, Approach and services prior to the outset of any testing.
8.21 No Must
Management Planning

Service Delivery & The Supplier shall carry out testing, including User Acceptance Testing, during Service development and during
8.22 Testing No Must the development of any subsequent major Service releases.
Management
The Supplier must meet all legal requirements for making the specified system accessible to the Company and
9.1 Usability & Accessibility Compliance No Must other parties as required in the Functional Requirements and Service Definition.
The Supplier shall design and implement the Service such that it is intuitive to use, and requires the user to
9.2 Usability & Accessibility Intuitiveness No Must have the minimum possible level of skill and experience with using technology, as confirmed through User
Acceptance Testing
Communication of data over the Internet and/or Web must be via a secure, encrypted channel.
9.3 Usability & Accessibility Service Access No Must
The Supplier shall design and implement the Service to be both usable and user-friendly to the widest possible
9.4 Usability & Accessibility Usability No Must audience; including making sensible and cost-effective allowances for users with single-sensory impairments in
accordance with the Equality Act 2010 and any additional/successor legislation.
Yes
No