Professional Documents
Culture Documents
Specifications: Item UOM Frequency / Measuring Unit No. Unit One Day Size No. Unit One Month Size Quantity Specifications
Specifications: Item UOM Frequency / Measuring Unit No. Unit One Day Size No. Unit One Month Size Quantity Specifications
Specifications
Specifications
2. The tenderer must complete the first phase (go live) within 12 months
from the date of SST and please state the development proposal period (months).
Page 1/60
Page 2
10. The tenderer must implement the analysis process for the i-SPKP System
according to the Civil Sector Application System Engineering Guide (KRISA) which
published by the Administrative Modernization and Management Planning Unit
Malaysia (MAMPU).
11. The tenderer shall ensure the production of system requirements specifications
or 'System Requirement Specification' (SRS) through a detailed study
on the business needs information that has been obtained. Needs information
business is available not limited to BRS documents that have been
provided by the Government. Successful tenderers will receive a copy
BRS document as a reference to prepare the SRS. Everything
findings and recommendations during the analysis phase should be documented.
12. The tenderer shall develop the SRS document and obtain
confirmation and approval by the Government. The tenderer shall
submit SRS table of contents as well as SRS overview
proposed.
15. SRS documents shall include but are not limited to: a)
Functional Needs b) Non-Functional Needs
16. In the Function Specification, the tenderer must describe the function
available in the system (not limited to): a) The best design
technique for the i-SPKP (eg process or data driven, etc.) b) The description
on the design technique and how its going to be implemented. c) Business
rules for SPKP. d) Process diagrams. e) Other related documentation.
Page 2/60
Page 3
7. The i-SPKP system is located in the MAMPU Public Sector Data Center (PDSA)
in a 'virtualization' environment. Tenderers should recommend
comprehensive and secure system design. (Please complete
Appendix A1: Proposed i-SPKP System Development)
9. The tenderer shall carry out the design walk-through with the parties
Government as part of the verification and approval process.
Tenderers can only start system development after earning
design approval from the Government.
10. Tenderers need to develop online applications for the i-SPKP System
so that the application can support the licensing process and processes
government-determined enforcement. The i-SPKP system
proposed should be able to make an analysis (report) for
aims to support the formulation of new government policies. The i-SPKP system
proposed should improve the delivery of government services
through the provision of end-to-end and comprehensive online services.
The application system can be accessed by the user at all times without any hassle
interference in accordance with SLA as in Appendix A10: Service Level
Agreement. General Features of the Application - Proposed system development
must be flexible, scalable and easy to maintain where augmentation
new processes can be easily developed by the Government. Developed
with two languages, namely Bahasa Melayu and English.
Page 3/60
Page 4
13. The proposed i-SPKP system should assist APAD and LPKP
collect results more efficiently, controlled and efficiently: a) All results
the government must be coordinated with the government accounting system
federation (iGFMAS); b) The system complies with all regulations
finance agencies and the Accountant General's Department; c) System necessary
able to manage the financial process for 3 different agencies namely APAD,
LPKP Sabah and LPKP Sarawak
15. The system is able to integrate with other systems flexibly and easily
to be improved. The implementation approach adopts technology no
limited to web-based, mobile web, mobile apps. Setting up the site
interactive with the user submitting the application,
information updates, status checks and online payments.
The system notifies notifications via email or other communication media
on the status of the application or related actions.
18. The tenderer must ensure that the system developed can
supports any changes / improvements to the operating system,
hardware and networks with minimal change. Petender
must review and recommend data field addition management
or information
have a checklistinthat
the there
relevant
are modules especially
always changes the modules
or additions
without involving programming. Checklist updates are possible
by own users who have access.
Page 4/60
Page 5
19. The tenderer must ensure that the form (e-form) is completed with
help index in the following forms (but not limited to): a) FAQ b)
Mouse over c) Tool tips
Page 5/60
Page 6
Page 6/60
Page 7
has the following conditions (but is not limited to): a) This system
expected to provide acceptable level of performance during peak load
b) This system is expected to handle burst levels of activity at any duration
without crashing
28. Extensibility / Flexibility The tenderer must ensure that the system
provided has the following flexibility (but not limited
to): a) The solution shall be extensible in order to address future
functionality and changes without having to be completely rewritten b) The
architecture shall be innovative and flexible enough to accommodate related
technological changes that could be leveraged in the future c) Additional
channels of information delivery should be supported in the future with no
significant changes to the architecture.
31. Secure Sockets Layer (SSL) SSL / TLS Digital certificate used by the server
the application system must be supplied by a licensed Certification Authority
and registered with the Malaysian Communications and Multimedia Commission
(MCMC) so that the digital signature is valid under the Signature Act
Digital 1997
Page 7/60
Page 8
Page 8/60
Page 9
12. The tenderer shall work with the Agency and the company
represent the agency and implement integration on both sides (end to
end) until successful and provide a comprehensive solution for
successful System Integration Plan.
13. Tenderers need to ensure data integration strategy (not limited to):
a) Develop data integration action framework and integration plan b)
Provide data that needs to be integrated c) Develop a program
integration d) Integration Testing e) Implement data integration
using programs that will be developed in a production environment
14. Tenderers need to ensure that the integration between i-SPKP and agencies /
the system is not interrupted in the event of a disruption to an integration
with the agency / system involved.
18. The tenderer must use the tools suggested by the tenderer
for the purpose of implementing integration in this project. If the tool
inappropriate and does not meet the integration requirements for this project, the Government
reserves the right to suggest tenderers using other tools more
accordingly.
Page 9/60
Page 10
21. Tenderers need to bear the cost of integration with a third party (if any)
until the expiration of the i-SPKP system warranty
23. Road Transport Department (JPJ) 23.1 General Requirements 23.1.1 Parties
Tenderers need to provide System improvement services
mySIKAP JPJ to meet the needs of the i-SPKP System in a period
agreed by JPJ including 2 months warranty period (warranty). Cost calculation
services are based on mandays. 23.1.2 The Tenderer needs
provide and implement services in the Digital Technology Division JPJ,
Cyberjaya. Any implementation requirements in other locations need to be obtained
written permission from the Government. 23.1.3 The Tenderer shall
work with existing JPJ contractors to ensure that none
interference with the mySIKAP JPJ System. 23.1.4 The Tenderer needs
responsible for any damage / bugs that occur
due to the improvements that have been made
23.1.5 The Tenderer must submit all sources and source code
developed by Tenderer or jointly with staff
Government in accordance with existing system development environment and procedures
(development, testing and production environment) and all resources
and the source code is the property of the Government. 23.1.6 Parties
The tenderer shall conduct tests on each application unit for
proves that the app can work and maintain performance
designated. Next, a thorough test on the system should
carried out to prove that the application system has been synchronized
and well corrected to produce guaranteed performance
as in this tender specification. 23.1.7 The Tenderer is required
conduct the initial test (System Integration Test Provisional Acceptance Test)
which involves the Government before asking the Government
witnessed final accreditation (User / Final Acc
23.2 Technical Requirements And Scope Of Work 23.2.1 The Tenderer needs
provide mySIKAP JPJ System improvement services for
meet the requirements of the i-SPKP System which is NOT LIMITED to
requirements as follows: i) Development of integration point
new in mySIKAP System; ii) Amendment of existing integration points in the System
mySIKAP; iii) Development of new screens in mySIKAP System; iv) Amendment
existing screen in mySIKAP System; and v) Development / amendment at all
JPJ delivery channels involved;
Page 10/60
Page 11
Page 11/60
Page 12
24. The Accountant General's Department of Malaysia (AGD) Tenderers must provide
integration with the iGFMAS system as follows (not limited to): a)
Batch integration (SFTP) b) Encryption and Decryption Method c) File Naming
Convention as stipulated d) Email notification
7. The tenderer must ensure that the system that has been developed meets
user-defined functional and non-functional requirements.
Page 12/60
Page 13
UAT and PAT testing. This includes application software, hardware and data
tests required by the Government to conduct tests.
10. The tenderer must ensure that the test environment is environmentally friendly
controlled (control environment)
11. The tenderer must ensure the system is free from critical errors (quality
severity bugs) which can affect system operation before submitting
system to the Government. The tests that need to be performed are
as follows (not limited to): a) Installation testing b) Unit Testing c)
Function testing d) System testing e) System Integration testing f) Exception
testing g) Business scenario testing h) Usability testing i) Connectivity testing j)
Backup and restore testing k) Disaster Recovery testing l) High Availability
Failover testing m) Clustering / Load Balancing / Failover testing n) Others (If
any)
12. The tenderer must explain the objectives of the necessary tests
implemented as listed above and the approach used
to perform the test.
13. The tenderer should explain the test methodology and approach
will be used to test the i-SPKP system. (Please complete Appendix A1:
Proposed i-SPKP System Development)
16. The tenderer must provide all the requirements, utilities, testing tools
required by the Government for the purpose of testing UAT PAT.
3. The warranty period for the i-SPKP System that has been developed is
at least twelve (12) months after FAT. Please state
proposed warranty period.
Page 13/60
Page 14
transition management.
10. The tenderer must have a hotline (Single Point of Contact) and
helpdesk that can be contacted 24/7 by the Government in the matter
project related and support throughout the warranty period and
maintenance
Page 15
20. Tenderer must state the cost of Change Request for 1 manday.
Please state.
Frequency
No. Unit No. Unit
/
UOM Size Size Quantity
Item Unit
A day A month
Size
Specifications
Page 15/60
Page 16
The tenderer shall ensure that the development of the system shall
using best practices Secured Software Development Life Cycle
(SSDLC) with reference to The Open Web Application Security
Project (OWASP) Top Application Risks - 2017
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New Registration / add b)
Page 16/60
Page 17
v) The location for the system demonstration session will be held in the Klang Valley.
vi) The description of the demo is as in Appendix A11 -
Demonstration vii) 'Tenderer MUST ensure the system is developed
for the purpose of this demonstration be able to perform
processes for New applications on an 'end-to-end' basis
2.3.2 Activity
1 1
Management unit
Profile
The tenderer MUST propose a Profile Management function
includes (not limited to) the following: a) Profile registration
b) Updating information
Page 18
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New Registration b) Update c)
Deactivate (delete) d) Save e) Reject f) Confirmation
between users (between agents Operators) - cross reference /
acknowledgment g) Does not allow multiple applications as long as
the original application has not been completed or completed
2.3.3 Activity
1 1
Management unit
Licensing
The tenderer MUST propose a Licensing Management function
Transportation
includes (not limited to) the following: a) Application
Land Public
New (New application) / Addition of License / Vehicle permit b)
Renewal Application c) Application for Change of Conditions d)
License Revocation Application e) Duplicate Application f) Withdrawal
Read
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New / added b) Update c)
Deactivate (delete) d) Save e) Do not allow
multiple applications as long as the original application has not been completed
or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 19
Page 20
2.3.4 Activity
1 1
Card Management unit
Driver
The tenderer MUST recommend the Driver Card Management function
includes (not limited to) the following: a) Application
New b) Renewal Application c) Application
Cancellation
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New / added b) Update c)
Deactivate (delete) d) Save e) Do not allow
multiple applications as long as the original application has not been completed
or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 21
2.3.5 Activity
1 1
Management unit
Read
The tenderer MUST recommend the Business License Management function
Business
Intermediaries include (not limited to) the following: a)
Intermediary
E-Hailing Operator Management (EHO) b) Permit Management
Vehicle (EVP)
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New / added b) Update c)
Deactivate (delete) d) Save e) Do not allow
multiple applications as long as the original application has not been completed
or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 21/60
Page 22
2.3.6 Activity
1 1
Management unit
Compliance
Tenderer MUST recommend a compliance Management function
includes (not limited to) the following: a) Management
Compliance Action b) Withdrawal / Termination Management
Suspension / Cancellation c) Training Preparation Management
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New b) Update c) Save d)
Does not allow multiple applications as long as the application
the original has not been completed or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 22/60
Page 23
Page 23/60
Page 24
2.3.7 Activity
1 1
Management unit
Licensing and
The tenderer MUST recommend the Licensing Management function and
Enforcement
Railway Enforcement includes (not limited to)
Train
the following: a) New Railway License Application b)
Train License Renewal Application c) Registration Notice
Train Accidents / Service Interruptions d) Application for Activities
in the Railway Protection Zone e) Quality Assurance Management
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New Registration b) Update c)
Deactivate (delete) d) Save e) Do not allow
multiple applications as long as the original application has not been completed
or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 24/60
Page 25
Page 25/60
Page 26
2.3.8 Activity
1 1
Management unit
Payment
The tenderer MUST recommend the Payment Management function, which
includes (not limited to) the following: a) Payment
online b) Counter Payment c) Collection Adjustment
Results
The tenderer MUST ensure that the Profile Management Function is in order
it is essentially a shared functionality of the three implementing agencies
(APAD, LPKP Sabah LPKP Sarawak), but the supervision is
separately at the level of the respective implementing agencies.
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 26/60
Page 27
archiving / data archiving h) Check data / cross reference (Cross
Reference) with the application criteria that have been set i)
Issuance of digital receipts and digital security features j)
Management of uploaded documents
2.3.9 Activity
1 1
Management unit
Licensing
The tenderer MUST recommend the Licensing Management function
Terminal /
Terminal / Depot / Ticket Agent which includes (not limited to)
Depot / Agent
the following: a) New Application for Terminal / Depot / Agent License
Tickets
Tickets b) Application for Renewal of Terminal / Depot / Ticket Agent License c)
Application for Change of Terminal / Deposit License / Ticket Agent Conditions d)
Audit / Rating Registration for Terminal / Depot License / Ticket Agent e)
Terminal / Depot / Ticket Agent Cancellation Application
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 27/60
Page 28
ask questions interactively and responses are also provided
interactive to help with online applications.
2.3.10 Activity
1 1
Management unit
Meeting
The tenderer MUST propose a Meeting Management function
includes (not limited to) the following: a) Member Management
Page 28/60
Page 29
Meeting Committee b) Registration of Meetings c) Updates
Meeting Information d) Review and Display of Meeting Information e)
Management of Confirmation of Meeting Results
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) New Registration / add b)
Update c) Deactivate / delete (delete) d) Save e) No.
allows multiple applications as long as the original application
has not been completed or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 29/60
Page 30
Confirmation of Meeting Results, which includes (unlimited)
to) the following: a) Implement decision verification
meetings according to the approved approval level c)
Check the application data in the system and make sure there are none
duplication of applications presented in the meeting d)
Provide reporting on results from previous meetings
e) Print f) Storing data (historical data) as well as auto archiving function
/ data archiving g) Issue meeting notifications to members
2.3.11 Activity
1 1
Management unit
Dashboard and
Tenderer MUST recommend the Dashboard Management function and
Report
Reports that include (not limited to) the following: a)
Dashboard Maintenance b) Dashboard Display c) Trend View
d) Report Generation e) Export Report
Page 30/60
Page 31
Reports - Export Reports, which include (not limited to)
the following: a) Ability to 'export' reports in format
excel, PDF, csv b) Review data / cross reference (Cross Reference)
with predetermined application criteria c) Data integration
in the system d) Print e) Store data (historical data) as well as functions
auto archiving / data archiving f) Generate reporting regularly and
'ad-hoc'
2.3.12 Activity
1 1
Management unit
Counter
The tenderer MUST propose a Counter Management function
includes (not limited to) the following: a) Review and
Application Status Search b) Payment c) Print
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) Review b) Update c) Deactivate /
Delete d) Save e) Do not allow applications
double as long as the original application has not been completed or
completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
Page 31/60
Page 32
This
theseprint is specifically
agencies for Sabah
will continue CVLB
to practice and Sarawak
vehicle CVLB because
license printing
manually using serial paper and security features b)
Storing data (historical data) as well as auto archiving / data function
archiving c) Check data / cross reference with
predetermined application criteria
2.3.13 Activity
1 1
Management unit
Application
The tenderer MUST propose the Cross-Application Management function
Rentas
Boundaries that include (not limited to) the following: a)
Borders
New Application for Cross-Border
The tenderer MUST suggest a system that takes into account (no
limited to) the following features: a) Registration of new applications b)
Update c) Deactivate / delete (delete) d) Save e) No.
allows multiple applications as long as the original application
has not been completed or completed
The tenderer MUST suggest a system that takes into account the method
approval (not limited to) the following features: a)
Use of GPKI Affordable tokens b) Use of PKI (purpose
digital signature) b) Approval implemented according to stage
power of approval
2.3.14 Activity
1 1
Management unit
Car Applications
The tenderer MUST recommend the Mobile Application Management function
includes (not limited to) the following: a) Revision For
Enforcement b) Application Status Check c) Update process
audit (Railway Enforcement Terminal Licensing Management)
Page 32/60
Page 33
The tenderer
limited to) theMUST suggest
following a system
features: that takes
a) Reach into
access to account (no
the profile
operator b) Access to check status of application c) Access to
audit process update (Terminal Licensing Management
Railway Enforcement) d) Delivery of any notification
regarding the profile of the operator / application made
The proposed solution must come with a minimum of 2 x 1GB Ethernet Copper
ports with bypass capability for data path and 1 dedicated 1GB Ethernet
Copper port for management purposes.
Page 33/60
Page 34
The proposed solution must have recognition from the body / orgatization as
below: 1) Latest / current ICSA Lab certification. 2) Recommendation status
from NSS Labs. 3) Leader or strong performers in FORRESTER WAF WAVE
2020 4) LEADERS or CHALLENGERS in GARTNER MAGIC QUADRANT for
WAF 2019
The proposed solution must support Proxy Protocol support for HTTPS and
WebSocket services. The proposed solution must provide form input protection
which include the ability to validate parameter types, input sizes, input
characters and other form input values. The proposed solution must provide
server cloaking that suppresses identifiable server information in web
application responses. The proposed solution must provide data theft and data
loss protection to inspect outgoing data and to either mask sensitive
information or to block the entire response. Data theft can be configured to
protect Card information, Identity numbers or even Custom patterns. The
proposed solution must provide request forgery protection to identify and block
unsolicited requests from spoofing clients.
The proposed solution must be able to apply Geo IP and IP Reputation Policy
enforcement at both network layer and Layer 7. The proposed solution must
provide Finger Print Evasion where administrators can change the system
generated tokens. The proposed solution must be able to employ both negative
and positive security models. The proposed solution must provide Client
Page 34/60
Page 35
The proposed solution must provide admin account password complexity which
combines password policies like minimum strength, expiry and maximum
retries before account lockout. The proposed solution must provide Role-Based
Access Control for REST APIv3 The proposed solution must be able to be do
Two-Factor Authentication for Administrator Access and Role-Based Access
Control. The proposed solution must provide load balancing feature to
distribute Layer4 / Layer 7 traffic to multiple backend servers with integrated
application monitoring. The proposed solution must also support layer 7
persistence method. The proposed solution must support Load Balancing
across Server Name Resolution The proposed solution must provide Layer 7
content routing capabilities that allow administrators to map URL domains to
different backend servers. The proposed solution must provide SSL offloading
capabilities, thereby freeing up the processing power of the servers and
making them more efficient.
The proposed solution must provide Instant SSL capabilities to convert HTTP
based applications to HTTPS without having to touch the application code. The
proposed solution must provide a mode where it can encrypt plaintext HTTP on
behalf of the web applications, redirecting incoming HTTP requests to the
HTTPS service and rewriting http hyperlinks in the response to https. No
changes should be required to the backend servers or application code. The
proposed solution must provide the following blocking capabilities: 1.
connection reset 2. send custom error response page 3. redirect the request or
4. block the offending client IP (s) for a time period.
The proposed solution must provide capability to selectively release Locked out
client IP address from the lockout client list. The solution must provide HTML
rewriting functionality. It should be possible to add, delete and edit request and
response headers, translate URL spaces, rewrite or redirect the URL in the
request, and rewrite the response body. Regular expression like syntax should
be available for the required text manipulations. The proposed solution must
provide the ability to define different policies for different applications and
provide canned policies for common applications like Outlook Web Access,
SharePoint and Oracle. The proposed solution management components must
include facilities to develop custom signatures that identify specific, unique
risks associated with protected applications, preferably assisted through a
regex tool.
The proposed solution must provide integrated file caching to cache selected
outgoing responses, outbound response compression and connection
Page 35/60
Page 36
The proposed solution must provide advanced protection against web scraping
or harvesting threats. The proposed solution must provide URL profile
optimization. Many applications generate different URLs for similar content.
URL optimizers can be used to coalesce such URLs into a single profile for
easier management and better system performance. The proposed solution
must be able to integrate with suggested HSM for added security in SSL / TLS
transactions in a hardened physical device that stores all SSL / TLS certificates
in tamper-proof hardware for additional security. The proposed solution must
provide HTTP Strict Transport Security (HSTS) protection. The proposed
solution must provide Subject Alternative Name (SAN) Certificate CSR support.
The proposed solution must support granular binding of security policies,
where security Policies can now bind at a URL or domain level. This allows
having separate policies for applications that are on the same server and IP.
The proposed solution must come with predefined security policy for known
applications but not limited to the below: 1. Drupal 2. Joomla 3. SharePoint
2010/2013/2016/2019 4. OWA 2007/2010/2013/2016 5. Oracle Web
Application 6. SAML
Page 36/60
Page 37
as well as Client Risk scoring mechanism. The proposed solution must support
Comment Spam / Referrer Spam detection by Inspection of links sent in HTML
Form parameters (as POST requests) or injected in HTTP Referer headers.
COMPREHENSIVE SYSTEM MANAGEMENT The proposed solution must
come with attack source Geo Heat map that provide the geo location of attacks
originated along with the no of attacks detected. The proposed solution must
be able to work entirely by itself in providing full security features, full
management and full logging capabilities without the needs of a separate
management device / appliance. The proposed solution must also provide full
reporting and analysis capabilties without the needs of a separate
reporting / analysis device / appliance. The proposed solution must provide easy
tuning with useful non-invasive state that allows administrators to test security
policies before actively applying them against live traffic. The proposed solution
must provide a single click fix button that shall provide explaination of the
attack, recommended fix to the attack and dedicated fix according to the
recommendation given.
Page 37/60
Page 38
The proposed solution must support REST APIv3 or a fully compliant OpenAPI
Standard. The proposed solution must support configuration JSON checkpoints
that provide administrators a human-readable configuration file. These files are
JSON formatted files which can be modified and downloaded from the
proposed solution. Furthermore, they can also be stored in a version-controlled
repository, such as Git or CVS.
The proposed solution must come with 3 years principle support (inclusive
security and firmware updates, with hardware / replacement support) Service
level agreement (SLA) for the proposed solution must tight back with the
application SLA as per mention in Appendix A10: SLA The tenderer shall
provide letter of authorization from the technology principle (Appendix A9:
Principal / Technology Partner Confirmation Letter)
API Support • PKCS # 11, Java (JCA / JCE), Microsoft CAPI and CNG, OpenSSL
• REST API for administration
Page 38/60
Page 39
The proposed solution must come with 3 years principle support (inclusive
onsite support, parts, labor, security update and firmware update) Service
level agreement (SLA) for the proposed solution must tight back with the
application SLA as per mention in Appendix A10: SLA The tenderer shall
provide letter of authorization from the technology principle. (Appendix A9:
Principal / Technology Partner Confirmation Letter)
The proposed solution must be able to guide user to ensure good finger
placement. Security Requirements The proposed solution must be able to
detect fake finger including but not limited to paper, latex or transparent film.
The proposed solution must have security mode to secure communication
between device and host. The proposed solution must have image and
template encryption for confidentiality
Warranty and Maintenance The proposed solution must come with 3 years
hardware replacement. The tenderer shall provide letter of authorization from
the technology principle. (Appendix A9: Principal Confirmation Letter /
Technology Partner) The proposed distribution location as per APPENDIX A12
- Proposed Biometric Card Reader Distribution Location. The Government
reserves the right to change the distribution location and it will be finalized in
user requirement phase.
Page 39/60
Page 40
The subscription for licenses shall include support from the principle. (Please
provide support letter from principle, Appendix A9: Letter of Confirmation
Principal / Technology Partner)
The Tenderer shall supply, install and configure proposed operating system
for the VM provided by government.
The proposed solution must include license for Production, Staging and
Development.
Page 40/60
Page 41
warehousing. The ability to access and integrate disparate data from multiple
applications and databases. The ability to scale up, cluster, optimized, cache
in order to meet large data requirements. Intuitive drag-and-drop interface to
simplify the creation of analytic data pipelines Direct access to complete
analytics, including charts, visualizations and reporting from any step of data
integration
Integration of advanced analytic models from R, Python, Scala and Weka that
incorporate libraries, such as scikit-learn, Spark MLlib, Tensorflow and Keras,
into the data flow Enterprise-grade administration, scalability, load balancing,
containerization and security capabilities Filtering and contextual analysis of
streaming data in AWS Kinesis and Kafka The ability to trigger or alert users
based on business rules through email or any other communications.
The ability to mix or combine chart types on a single chart eg a Bar chart
having a Line Chart superimposed on it. The ability to produce 2D and 3D
chart views. The ability to provide out of box support or integrate seamlessly
with Google Map. It MUST include the simple way to mark or update location
of project for users with the correct permissions. The user SHOULD be able
to do so with a combination of entering general search terms (eg location of
a town), longitude / latitude and using the map overlay itself (used in the
dashboard). The ability to support print function eg print to file or screen
capture. The ability to allow users to drill down from interactive graphical view
into underlying report and analysis. The ability to be updated automatically
and dynamically to reflect new information on chart when the data changes.
Rich graphical pixel-perfect report designer for power users The ability for the
system administrator to do housekeeping, fine tuning and performance
optimization for the report template set by the users.
Page 41/60
Page 42
System Security Users under this system would NOT have to use two
different systems to log on. There MUST be one set of security credentials.
The system and its components MUST shield themselves from malicious
internet attacks. The system MUST be able to handle common web
application attacks and to be mitigated by the system, specifically SQL
injection, XSS. The system MUST have mechanisms to avoid phishing
attacks.
Page 42/60
Page 43
Page 43/60
Page 44
The database MUST provide facility to take backup from the Standby
database The database MUST provide Online operations The subscription
MUST include tools for setting up database level redundancy and
auto-failover to standby database in case Primary / Master database fails. The
High Availability tool MUST allow the setup with 2 database nodes (or more if
needed) The HA setup (with 2 database nodes or more) should provision
facility to avoid split brain scenario
Page 44/60
Page 45
Tenderer's must have experience and familiar with enterprise systems, and
government systems Tenderer's must have their own local enterprise
architect to advise on strategic APM deployment in order to work effectively
with the banking systems, platforms and technologies Tenderer must be able
to advise and support in DevOps implementation
Integrate to monitoring from outside the data center into a single integrated
Dashboard that provides quick domain isolation whether the problem is within
Page 45/60
Page 46
or outside of the data center. Users should be able to define their own
specific reporting views and make them available to others
Page 46/60
Page 47
The tenderers shall design, supply, deliver, implement, maintain and support
Digital Document Signing for APAD, LPKP Sabah LPKP Sarawak and
provide warranty for the hardware if there is any. The proposed design and
deployment plan should be adapted in Production / Development / Staging and
Disaster Recovery (DRC). The design of the proposed PKI solution should
cover but not limited to the following entities / components or similar: a.
Software License b. Software Integration API c. Digital Organization
Certificate issued under Adobe Approved Trust List (AATL) program for
APAD, LPKP Sabah and LPKP Sarawak (should be valid for 3 years) d.
Government issued GPKI digital certificate and must support latest version of
GPKI Agent that provided by government (MAMPU)
The tenderer MUST include certificate lifecycle for requesting and renewal of
AATL digital certificate, which shall cover but not limited to: a. Key Generation
b. Creating Certificate Signing Request c. Installation of digital certificate
The tenderer MUST ensure that this process will not require the Digital
Document Signing solution to be offline for unreasonable period.
Page 47/60
Page 48
Must use MAMPU Date / Time Stamp service if there is any or Must use a
Malaysian Recognized Date / Time Stamp Service The digitally signing
document must be appeared as a valid document even though the digital
certificate is expired or revoked in the future. A digital certificate used in the
solution must be valid at the time of signing. It must be verified using a valid
CRL for MAMPU GPKI issued digital certificate and OCSP for the AATL
Organization Certificate. The solution MUST be able to integrate with
proposed system, MAMPU GPKI and other required services that required to
complete proposed system
The proposed tender MUST support the usage of both RSA (minimum
2048-bit key) and ECC (minimum 256-bit key) type of digital certificate. The
tenderer must provide an ECC type of AATL Organization digital certificate
The proposed tender may use hash function of SHA2 with 256-bit digest size,
however the use 384 or 512 digest size is encouraged. SHA-3 with 224, 256,
284 or 512 is also permittable. The use of SHA-1 and SHA-2 with 224 digest
size are prohibited in any part of the solution. The tenderer must ensure that
the proposed solution shall have the ability to cover various type of digital
certificates and keypairs storage such as crypto usb token or roaming. The
tenderers must be able to use digital certificate issued by MAMPU
Government PKI in their proposed Digital Document Signing solution. The
solution must be able to support TLS 1.3. The use of SSLv2, SSLv3, TLS 1.0
and TLS 1.1 are prohibited in any part of the solution.
Page 48/60
Page 49
A virtual appliance must be available for scan engines and for centralized
console at no additional cost, ie, included within the licensed bundle. Virtual
appliance must be available for HyperV and VMware platform. The proposed
Vulnerability Assessment solution must support fully automate updating of
vulnerability feeds from the vendor on a daily schedule. The proposed
Vulnerability Assessment solution must provide an offline update process to
update the vulnerability feeds in air gapped networks. The proposed
Vulnerability Assessment solution must support secure web-based
administration / console. The proposed Vulnerability Assessment solution must
support the ability to produce reports in the following report formats: PDF,
HTML, CSV and XML The proposed Vulnerability Assessment solution must
provide the ability to automatically email reports.
Specifications
4.1 Months 1 24
Management
The tenderer must work with the Government Project Team
Project
will be appointed by the Government to manage the implementation of the Project.
The tenderer must complete the project within 24 months and fail
the tenderer adheres to the project period, may cause the tenderer to be charged
fines for each day late based on the following formula:
((BLR + 1%) / 365) x value scope of delayed work x no of days delayed
Page 49/60
Page 50
The project team structure is not limited to the following: a) Certified Project
Manager b) SME for business solution needs (Business Solution) c)
SME for technical solution requirements (Technical Solution) d) Team
development e) Change management team
team) f) Integration team g) Migration team h) PMO team i) Team
Quality Testing / Assurance j) Infrastructure and Security Team
The proposed structure for the Development Team should have a role
but not limited to: a) Lead Business Analyst b) Business Analysts
c) Lead Solutions Architect d) Solution Designers (In the areas of Security,
Database, Network) e) Developers f) Testers g) Infrastructure Engineers
h) Integration Engineers i) Trainers (Management, Technical and End-User)
j) Technical Writers k) Others (Please specify)
Page 50/60
Page 51
Page 51/60
Page 52
All source code that has been developed, documentation and manual
the operations provided will be the property of the Government. It must be
supplied in the form of hardcopy and also soft copy.
The tenderer must present and submit the Data Migration Plan
from existing APP LPKP systems to i-SPKP System as well
obtain system owner confirmation to ensure strategies, methods
and data migration implementation schedule meets user needs.
Page 52/60
Page 53
Data migration strategies must take into account (not limited to); a. Volume
of data to be converted to i-SPKP. b. Feasibility of data to be converted to
SPKP. c. Availability of data to be converted to SPKP.
The tenderer must ensure that all data involved in the process
data migration has been reviewed, tested and usable within the system
SPKP. The tenderer must give full cooperation to any
the contractor who maintains the existing system owned by the Government of Consumption
any tools in the data migration process are under the responsibility
fully Tenderer.
Page 53/60
Page 54
version control process as well as need to get approval from the party
Government. For any changes to the application, the tenderer is required
provide full documentation including proposed changes, impacts
to the system in terms of outcome functions / additional features to the system.
The tenderer must obtain approval from the Government for
all proposed changes before implementing those changes at
in a production environment. Tenderers must perform testing
comprehensive for any changes / improvements to the system
implemented during operation and warranty period to ensure
changes in the system meet the needs of the Government and none
impact on other functions of the System.
The tenderer MUST provide a roadshow requirement for the number of participants
(not limited to) as follows: APAD Estimated 38 sessions, 1 session
maximum 50 people Session location at least in 4 places (North
(Penang), Central (Klang Valley), South (Johor Bahru) East (Kuala
Trengganu) Target Group: Bus Operator, Truck Operator, Taxi Operator,
Train Operator, LPKP Sabah Terminal Operator Estimated 15 sessions, 1 session
maximum 50 people Session location at least in 3 branches (City
Kinabalu, Sandakan and Tawau) Target Group: Bus Operators, Operators
truck, Taxi Operator LPKP Sarawak Estimated 15 sessions, 1 session maximum 50
people Minimum number of participants per session: 750 pax Session location
at least in 3 branches (Kuching, Miri and Sibu) Group
Target: Bus Operator, Truck Operator, Budget General Taxi Operator Budget 1
session, maximum 100 people Klang Valley Location Target Group:
Various categories such as the Public, etc.
The tenderer must bear all the costs of implementing the roadshow
such as the provision of booths, materials, etc.
Page 54/60
Page 55
Page 55/60
Page 56
The tenderer MUST take note that the materials / documents are
provided will be used as a reference to officers and
also users outside this system. The tenderer MUST ensure the materials
training / reference specifically produced for the use of each agency - APAD,
LPKP Sabah and LPKP Sarawak. Any diversity / variation of the system in
between the three Agencies needs to be detailed.
Page 56/60
Page 57
If more than 30% of the participants are dissatisfied with the training
such, the tenderer needs to improve the training module and implement
re-training at no cost.
Page 57/60
Page 58
limited to) JPJ, Puspakom, SSM and others, which need to be detailed in
in Appendix A5 - Customer Consumer Training. The purpose of the training session
is to provide introductory training to officers
licensing APAD, Sabah CVLB, Sarawak CVLB and related agencies
others on how to use the iSPKP system.
'The tenderer MUST provide training requirements for the number of participants (no
limited to) as follows: APAD Estimated 20 sessions, 1 session
at least 25 people Training location at least at 4 (North
(Penang), Central (Klang Valley), South (Johor Bahru) East (Kuala
Trengganu) LPKP Sabah Estimated 6 sessions, 1 session at least 20
people Training Location: Sabah LPKP Sarawak Estimated 6 sessions, 1 session
at least 25 people Training Location: Sarawak Other Related Agencies
Estimated 4 sessions, 1 session of at least 30 people Training Locations:
Klang Valley Tenderer must bear all training costs
including food and drink for the participants. Priority will be given
for this session this will be held at Government-owned premises / locations.
The tenderer MUST provide training requirements for the number of participants (no
limited to) as follows: Estimated 5 sessions, 1 session at least
10 people, 1 session for at least 5 days
Page 58/60
Page 59
The tenderer MUST provide training requirements for the number of participants (no
limited to) as follows: Estimated 4 sessions, 1 session at least 5
people 1 session at least 5 days
The tenderer MUST provide training requirements for the number of participants (no
limited to) as follows: Estimated 6 sessions, 1 session maximum 15 people 1
session for at least 3 days
Page 59/60
Page 60
Submit a copy of the certificate for the third party implementing the SPA
to the Government; (b) The appointed third party shall have
at least seven (7) years of experience in ICT security;
(c) A third party appointed to implement the SPA will report directly
to the Government Project Manager; and (d) Appointed third parties
implement SPA activities in project implementation to ensure
developed configurations and systems are safe to use.
Page 60/60