Download - Invitation to Tender (Appendix A)
Appendix A
Page 1/46
The Hong Kong Institute of Architects (HKIA)
Total Solution of HKIA CMS Web System with Membership Administration
Invitation to Tender (Appendix A)
Copyright © 2020 by The Hong Kong Institute of Architects. All rights reserved. This document is supplied purely for the purpose of assisting vendor to respond to this invitation to tender, no part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) for any other purpose.
Contents
1 Introduction
1.1 Project Goals and Objectives 1.2 Purpose of this Invitation to Tender 1.3 Procurement Timetable 1.4 Tender Evaluation 1.5 Proposal Submission and Enquiry 1.6 Proposal Content
2 Background
2.1 Institute’s Background related to the HKIA Web 2.2 Current HKIA Website with Membership System 2.3 Proposed Technical Environment
2.3.1 The proposed minimum hardware requirements of the CMS System 2.3.2 The proposed minimum software requirement of the CMS System 2.3.3 The proposed minimum Firewall specification 2.3.4 The proposed minimum backup solution
3 Scope, Tentative Programme and Scale of Systems
3.1 Scope 3.2 Tentative Programme 3.3 Scale
4 Key Requirements
5 Technical/ Hardware Requirements
6 Demonstration and Proof-of-Concept
Appendix A
Page 2/46
7 Cost Information Requirements
7.1 Detail Cost 7.2 Payment Terms and Determination
7.3 Warranty 7.4 Liabilities of the Vendor
8 Operation and Technical Support Service
9 Implementation Services
10 Use of third parties
11 Supplier Information Requirements
11.1 General Information 11.2 Proof of Supplier's Sound Financial and Company Standing 11.3 Evidence of Capacity to Deliver Contract Requirements 11.4 Other
12 Implementation Requirements
13 Collusion and Inducements
14 Confidentiality
Appendix A
Page 3/46
1 INTRODUCTION
1.1 Project Goals and Objectives
The Hong Kong Institute of Architects (HKIA) requires a single, comprehensive and holistic centralized and computerized system for the Membership Administration for members’ data submission or others. Such web site must be designed as Content Management System (CMS) approach.
Scope of work:
- Provide total solution for system development, online payment, membership operations, database and websites revamp services and technical support.
- Visual and architecture design of the system(s) - Build the online payment (Should be based on HKIA payment rules/policies) - Database must be migrated and restructured at new system to match the
news features and enhance the existing functions. Remark: The new system must migrate all existing features with better approaches.
- Must synchronize data from new Database server to original MMS with necessary data and files (included photo and e-documents) to keep operation of other internal systems
- Member Area must include the following features: ➔ Membership information (For details, please check section 3.1 Phase1) ➔ Online Payment (For details, please check section 3.1 Phase1) ➔ Documents sharing to members (For details, please check section 3.1
Phase2) ➔ Location for external web page for questionnaire or other e-Forms (For
details, please check section 3.1 Phase2) ➔ Can record personal history of taking up positions in HKIA such as OBs,
Council Members, Board Members or other committees / taskforces / workgroups, etc (with date/year)
➔ Can filter with records and extend the periods for specific members for HKIA servicing
➔ Can record for any donation or contribution to HKIA - All the membership Area features can be modified and updated through
Administration page - Can bulk export membership data inside database with filtering criteria as e-
document format (e.g. CSV) AND bulk import data into database - Prepare a Users’ Acceptance Test (UAT) plan for testing and fixing
bugs/problems after the product(s) delivery and within 1 year after the launch of the system
- Provide detailed plans for security test and load test for the systems - Provide detailed plans for backup/restore solutions and proceed testing - Provide area for the following features: ➔ Job Posting ➔ Membership Benefit
Appendix A
Page 4/46
➔ Documents Sharing ➔ Essential message alert (e.g.: Alert for event or upload missing
documents) ➔ Consultation (Has area for members to leave comments) ➔ CPD event handling (Included CPD event/Video automation, online data
upload and registration, new records generation) All be based on HKIA’s further information provided for Awarded Vendor.
➔ “JoinHKIA” ➔ Area to post and link with HKIA related 3rd sources websites ➔ Change some standard hardcopies to E-forms with specific level of
content management about the related E-forms or templates (e.g.: http://old.hkia.net/en/Resources/PC_%20Stage_HKIA_Complaint_Form_160312.pdf) Subjected to HKIA provided to Awarded Vendors
List of general requirements:
- Website should be run on personal computer in mainstream version of MS Windows (with the latest updates from Microsoft), Apple MacOS, Tablet and mobile phone (Windows, Apple, Android, IOS)
- Website should adopt web accessibility design and conform to the World Wide Web Consortium’s (W3C) internationally recognized Web Content Accessibility Guidelines to the level AA (Double A conformance)
- Web code used should not be easy clone (e.g. PHP) instead of HTML - Such website must run on Microsoft IIS platform. - Web content can be updated by End-users themselves instead of amended
web coding (i.e.: CMS approach may be the case) - Change in using HTTPS instead of HTTP for web operations. Data transfer in
between network devices should be protected or encrypted (if any) and/or propose with no data leakage way for data transfer. Remark: Cost must be listed in proposal for the related solutions
- All design should be in secure approach (e.g.: URL variable must be as hidden or encrypted format) i.e. Web code should not be leakage of membership related parameters (even shown error page)
- Utility the latest software system/version for the CMS system which can be compatible to the HKIA current system but allow graduate update of the HKIA computerizes system
- Should provide the total solutions for Backup/Restore the websites/Database - Should provide the total solutions for Disaster Recovery about the
websites/Database - Maintain the data and system in security (for both hardware and software level) - Enhance the professional image of the HKIA - All necessary hardware and software with license should be included (e.g.:
Windows, Antivirus) in the project (if any). Remark: Antivirus application selection must be matched with HKIA existing or planning usage.
Appendix A
Page 5/46
1.2 Purpose of this Invitation to Tender
Vendors are invited to tender for this project. Vendors will be evaluated according to their past experience, company profile and client reference. HKIA is not bound to accept the lowest or any tender we receive. Vendors are abided by the anti-bribery and anti-collusion clauses attached in the Appendices to the Tender Invitation Letter. Vendors are invited to submit the tender with the required documents listed in Appendix A, B, C and TVP related document for the evaluation and decision by the Selection Panel.
1.3 Procurement Timetable
Action Schedule
Tender open for submission 4 May 2020
Tender Submission Deadline 7 May 2020,
12:00pm noon (Hong Kong Time)
Evaluation by Selection Panel May 2020
Shortlisted vendor will be contacted for interview
May 2020
Final Discussion Meeting by Selection Panel (if any)
May 2020
Further clarification with shortlisted vendor (if required)
May 2020
HKIA reserves all rights to change the above schedule due to unexpected situation and will notify the vendors or short-listed vendors on HKIA’s discretion.
1.4 Tender Evaluation
Tenders will be evaluated according (but not limited) to:
• Company relevant IT project experience
• Company profile
• Proposed team structure responsible for this project with their CVs
• System security
• System stability
Appendix A
Page 6/46
• System extendibility
• System support and maintenance
• Customer services
• Source code management
• Hardware requirement
• Development and implementation schedule
• Costs of the software including firewall system and related hardware required
• Compatibility among different OS, ie. Windows, android, iOS and/or Mac
• System maintenance and software upgrade requirements and its cost
• Annual recurrent running cost and the escalation formula for 5 years
1.5 Proposal Submission and Enquiry
The vendor has to submit the proposal and required document (as stated in Appendix B & C) in 2 full sets and TVP related document (Model Clauses in Probity and Non-Collusive), plus a soft copy in PDF format (CD/DVD). The proposal has to be in a maximum of 50 A4 pages, single line spacing typed with Arial font type and 12 point font size.
The proposal shall be email to [email protected] or submitted in a sealed envelope marked conspicuously Confidential – Tender Document for the CMS Revamp for The Hong Kong Institute of Architects and send to the tender box at 19/F, One Hysan Avenue, Causeway Bay, Hong Kong on or before 12:00pm on 7 May 2020 (Thursday) in Hong Kong Time. Late submission will not be considered.
Remark: The Technical document and Price-List document must be submitted separately.
For enquiry
Contact Person: Mr. Alex Lo, IT Manager
Tel.: 2805 7306
Email: [email protected]
Address: 19/F, One Hysan Avenue, Causeway Bay, Hong Kong
1.6 Proposal Content
The vendor proposal must be concise and stated clearly on how the vendor will provide the services for the development and implementation of the website to
Appendix A
Page 7/46
achieve the objective of the project and fulfill the requirements stated in this document.
i. Proposed Solution Vendor shall give a clear overview of the proposed solution to identify key features and functionality as stated in the requirement. All possible growth and integration considerations as well as the possible project risk must be stated. Vendor shall show at least 3 pages of web design to show the concept of the solution plus 1 page of Membership area and 1 page of Administration page. HKIA reserves all rights for design change after the award of tender based on the actual operation needs.
ii. Response to the Functional Requirements Vendor shall respond to the compliance of each specified requirement listed in the section of the “Functional Requirements”. Vendor shall describe how each specified requirement will be fulfilled. Vendor shall propose the preliminary screen layout design, work flow diagrams and narrative explanation. Failure to supply the information will be considered in the evaluation as a measure of the vendor’s ability to deliver a qualify service. Vendor should provide clear and professional consultation for HKIA if found predicable issues or possible/potential problems from HKIA’s suggestion.
iii. Response to the Technical Requirements Vendor shall respond to the compliance of each specified requirement listed in the section of the “Technical / Hardware Requirements”. Vendor shall describe how each specified requirement will be fulfilled. Vendor shall propose the preliminary system architecture report with schematic diagram with narrative explanation. Failure to supply the information will be considered in the evaluation as a measure of the vendor’s ability to deliver a qualify service. Vendor should provide clear and professional consultation for HKIA if found predicable issues or possible/potential problems from HKIA’s suggestion.
iv. Limitations Vendor shall provide information on any known limitations and/or issues with the product(s) and service(s) being offered. Contract/Services Agreement for awarded Tender MUST fulfill all criteria from HKIA Tender and/or HKIA Supplementary documents (if any). If a requirement
Appendix A
Page 8/46
is only “partially” met, vendor shall clearly specify in proposal and explain in details. Failure to do so, it will impact the score for the evaluation.
v. Dependencies If there are any potential or known events that might affect the delivery of the services(s) including the requirements, the implementation and support services, schedule, cost and etc., vendor shall clearly state in the proposal.
vi. Future Requirements Vendor shall clearly state the process of future upgrades, including how it will be managed and how it will be integrated with other hardware or software systems. There is an easy and simple interface to reset the passwords for all related system accounts (e.g. SQL database connection account). As the database with all data and tables are owned by HKIA, HKIA has full rights to implement for other systems’ usage.
vii. Price/Cost Vendor shall clearly state the price/cost of the services for the project. All price/cost MUST be counted with each milestone/service/section completion*. The price/cost shall be broken down by major milestones and services themselves of the project. The standard hardware and system software shall be clearly stated, but their price/cost can be excluded from the price/cost to be charged by the vendor if those items can be purchased from the 3rd party vendor(s) by ARB with discount. Vendor shall propose the price/cost which is stated on the section “Cost information Requirements”. Beside of the preparation cost, payment should be settled only if the Vendor’s output can be passed from User Acceptance Test (UAT). At least 10 - 15% of total contract payment should be hold and paid AFTER warranty period(s) without non-settled issues. i.e. if defect or outstanding items cannot be completed within the warranty period, the related payment will NOT be released even expired warranty period (until ALL settled). For example: Suggested payment schedule as follows: (Can be negotiated as items may be changed on or before awarded the contract)
Payment Schedule % of Contract Price
Upon Tender Award 10%
Confirmation Layout Design and System Configuration
10%
Completion of UAT (Should break down to components) - Migrate/Restructure Database - Migrate current website (included content) to new
70%
Appendix A
Page 9/46
- Built/migrate membership/RA Area with related profiles
- Online Payment - Bulky Data Export/Import - Email feature (link to our existing email system) - Change/amend hardcopies/existing e-forms to new - API to 3rd Parties - Searching Engine - Job Posting - HKIA Daily New - CPD (Event Management) - Consultation - Reference Material - Members Benefits - Advertisement
6 months after System Go Live (warranty period(s)) 10%
viii. Implementation Schedule
Vendor shall submit a project plan to cover the following key milestones for each stage of the project. (All schedule MUST be counted the period by using the DATE instead of DAYS)
A. Delivery of functional and design specification B. Delivery of system architecture report C. Delivery of data dictionary D. Delivery of test plans for system integration test, stress test and user
acceptance test E. Delivery of service level agreement F. Delivery of operation manual G. Completion of hardware configuration H. Completion of software configuration and customization I. Submission of system integration test result for review and verification J. Submission of stress test result for review and verification K. Submission of any other project deliverables which include, but not
limited to, source codes, executables and etc. L. Provide training and submission of training document. M. Commencement and completion of user acceptance test (UAT) N. System in production
ix. Operating and Technical Support Service Arrangements Vendor’s level of performance shall, at all times, be consistent with acceptable industry “best practice” standards. Vendor shall describe the approach to service management including: proposed service level
Appendix A
Page 10/46
agreement, strategy for documenting service levels and performance against such service levels; and format and frequency of reporting.
x. Security Vendor shall state clearly what level of security will be implemented in the website and OS platform level and how it will be achieved and tested.
xi. Vendor Qualifications Vendor shall provide its company background, experience, qualification and a list of previous customers with contacts and description of the products/services provided for HKIA’s reference check (if required). Vendor shall assign its staff to provide the development, implementation and support services to the system.
xii. Resource Deployment Plan Vendor shall submit the resource deployment plan to list out the roles of the staffs with their names, qualification and experience. The roles of staff shall include, but not limited to, the project manager, systems analyst(s), programmer(s), operation support, technical support and service centre staff. HKIA should be updated at the earliest availability if there are any changes on the details of the above listed members during the project period.
xiii. Assumptions Vendor shall clearly identify any assumptions made in order to fulfill all the requirements of the project.
xiv. Alternative Offerings/Suggestions Vendor is welcomed to propose alternative offerings/suggestions, but those alternative offerings/suggestions shall be proved to give a better quality of service in respect to the efficiency and functionality. Vendor shall clearly state if the proposed alternative offerings/suggestions will incur any additional price/cost of the project and/or annual maintenance service.
xv. Any optional hardware, software and services Vendor is welcomed to propose any optional hardware/software and services and state clearly the pros and cons of each item in compared to the original proposed item. Vendor shall clearly state if the proposed
Appendix A
Page 11/46
optional hardware, software and services will incur any additional price/cost of the project and/or annual maintenance service.
xvi. Website ownership HKIA should own all the related asset, including source code, database, servers for the whole website as it is the basic requirement of this project. HKIA should have full rights to use, add, delete, modify and any re-engineering work on the website (including the source code). Vendor should NOT place its company logo or related information on HKIA website without HKIA’s official written approval.
xvii. Any other relevant information Vendor may add any other relevant information that will facilitate HKIA to make a decision for vendor selection.
xviii. Progress submission Vendor should provide the breakdown progress (counted by DATE) to HKIA as project timing control. For any updates/changes of progress timeline, it should be approved by HKIA. HKIA reserves all rights for project extension, penalty or termination if project overruns.
xix. User Acceptance Test (UAT) For each milestone/function/service, Vendor must pass the User Acceptance Test (UAT) with HKIA’s signature and confirmation before HKIA arranging the payment. The format and “approval” content items for UAT Form should be submitted to HKIA for verification before using for testing. HKIA should have full rights to accept or reject the output from Vendor.
xx. Penalty
HKIA reserves all rights to terminate the contract and/or charge the loss from Vendor.
List of some sample cases but NOT limited to the followings:-
- Expired the agreed schedule
- Re-sales any HKIA CMS concept (with the similar/closed layout) for other companies)
- Leakage of Data related to HKIA information and other related data to external parties
Appendix A
Page 12/46
- Design cannot fulfill HKIA’s requirement
- Found the poor financial/management status about Vendor which may affect the completion of the project (Example but not limited to.: bankrupt)
- Identified with worst performance about project (e.g.: Failure to capture end-user’s requirement clearly but work with negative result. After warning through warning letter or other channels, the case cannot be improved)
- Found essential cases that need to report/approve from HKIA (Please see Section 10 as sample, but not limited to)
- Found illegal action for the project (e.g.: installation of non-license or illegal software(s)
- Found illegal results about company or co-linked company for other project non-related issues (e.g. have legal actions from other companies to such Vendor or Vendor related companies, e.g.: the same person as ownership for both companies)
HKIA also reserves all rights to claim over-paid from Vendor as if Vendor cannot complete the project AND/or HKIA has confirmed to terminate the project including but not limited to the above-mentioned cases.
2 BACKGROUND
2.1 Institute's Background related to the CMS system
The Hong Kong Institute of Architects (HKIA) has around 4,000 members.
Our existing membership area cannot fulfill existing operational requirement and data have to be updated in 2 different databases. It is a lack of common environment for existing web link to share membership information through the member’s Area with online payment and allow members to amend specific personal information. There is an absence of functions to handle Registered Practices (RP) issues. The design of the web content is using an outdated design format with insecure and inflexible content update approach.
2.2 Current HKIA Membership System
Appendix A
Page 13/46
Current HKIA Membership database system is running on a VM server with Windows Server 2000 and MS SQL 2000. The hardware specification is as follows :
• CPU : Intel Xeon E5606 2.13Ghz, 1U
• RAM : 2GB DDR3
• Drive : 150GB
• Database file size: ~ 10GB
Current HKIA web system is running on a VM server with Windows Server 2016. The hardware specification is as follows :
• CPU : Intel Xeon E5606 2.13Ghz
• RAM : 8GB
• Drive : 500GB
Current HKIA membership system is running on a physical server with Windows Server 2003 SP2. The hardware specification is as follows :
• CPU : Intel Xeon E5405 2Ghz
• RAM : 3GB
• Drive : 500GB
The software specification is as follows :
• Web and Membership System is running with PHP script
• Database Records : all HKIA members (all types) with CPD or other records
ExistingExisting Database Functions:
1. Membership data (HKIA members, Registered Architects, Corporate member) modification
2. CPD (video) Hours and CPD Declaration form data modification 3. Export function of membership data 4. General membership data analysis 5. Membership data report 6. Import function of various membership data 7. Import variable for membership renew or registration
2.3 Proposed Technical Environment
The vendor’s proposed system should be based on the latest OS system in the market such as Mac, Window 7/8/10 and iOS 12 and 13 (or latest version before the project completed). The proposed system should be compatible to the main stream OS in the market, at least the users can view the system in mobile and different platforms, e.g. tablet, android, iPad and different iOS/Android devices and
Appendix A
Page 14/46
on different versions of web browser, e.g. IE 11 or above. Also the System could be compatible in plugging in to our current membership system and website; and for the future growth, to easily plug in to the revamped website or other systems.
Web server and database server are proposed to be hosted in HKIA office or Data Centre for better and secure hosting environment of 7x24 unlimited power supply, with backup device for web and database servers’ backup and recovery, firewall for servers and network security.
If it is necessary to host with cloud-based platform, Vendor should list and show the proof for protection against data leakage and all possible potential security risks. If it is found failure about the protection, HKIA should reserve full rights to request Vendor to fix the related issue without any additional payment to Vendor.
Vendor has to propose the hardware and software at the beginning of the project for end-user’s preparation and is responsible for the setup, installation and migration/revamp of data/database;
If it is needed to set at cloud-based environment, Vendor should be responsible for the setup and installation of servers and Firewall. Remark: All the hardware, software (included cloud-based system), registration domain and other items within the project MUST use “The Hong Kong Institute of Architects” as registrar and owner and HKIA must own passwords for all accesses.
HKIA staffs have full access right for the mentioned system/OS Platform during the project period to housekeep and supervising.
Remark: For on-premise solution, hardware/solution may not need to quote BUT Vendor should suggest the possible hardware/software configuration for HKIA’s preparations.
For cloud-based solution, the firewall MUST be proposed which need to fulfill the basic requirement for section: 2.3.3.
Vendor should cover all the cost of items which are missed to propose at the beginning stage about project at the vendor’s own expenses.
2.3.1 The proposed minimum hardware requirements of the CMS System :
(If Cloud-based)
• CPU: 2x Intel Xeon Processor Silver 4214 2.2G 12C/27T Turbo DDR4-2400
• RAM: 8GB
• Harddisk: at least 1TB or the predicable size for at least 5 years usage
Appendix A
Page 15/46
2.3.2 The proposed minimum software requirement of the CMS System :
• Microsoft Windows Server 2019 (or higher)
• Microsoft SQL Server 2019 Standard Edition (or higher)
• (running PHP script is preferable)
• Implement with SSL Certificate (https)
• Running under VM environment
2.3.3 The proposed minimum Firewall specification: (if Cloud-based)
• Fortigate 200E (or equivalent model (should be decided by HKIA in final)
• Firewall inspection throughput 20Gbps
• Application inspection throughput 3.5Gbps
• IPS throughput 2.2 Gbps
• Anti-malware inspection 1.8Gbps
• Threat Protection 1.2Gbps
• VPN throughput 7.2 Gbps
• Connections per second /sec
• Maximum connections (Sessions) 2 Million
• SSLVPN support
• SD-WAN support
• Token (or 2 factor authentication) support
• Virtual Firewall (or Virtual Domain) support
• Traffic log should be stored more than 7 days
Hardware firewall is preferable, in order to secure: (If cloud-based solution, additional cloud-based firewall should be proposed. It is not allowed to use original cloud provided firewall as solution)
1. Higher performance – by using independent processing cores and do not occupy server’s resources
2. More capability to protect against network risks such as viruses, worms, Trojans, spyware and threats etc.
3. Optimize network bandwidth and load balancing
IP address assignment
• Static, (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server,
DHCP Relay
Appendix A
Page 16/46
NAT modes
• 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent
mode
Routing protocols
• BGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast
QoS
• Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP
marking, 802.1p
Authentication
• XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user
database, Terminal Services, Citrix
Standards
• TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP,
PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3
Certifications
• VPNC, ICSA Firewall, ICSA Anti-Virus
Form Factor
• 1U Rack Mountable
2.3.4 The proposed Total solution for backup/restore and disaster recovery (DR) solution
• Backup data & system info to local backup server or cloud environment
• Support Incremental/Differential/Full VM or Data backup
• Daily, weekly & monthly backup
• Daily backup reports
• Web Based Administration
• Automatic alerts & warnings
• Easy data recovery or disaster recovery at other locations
• Provide documents for backup and restore (and retrieve specific data)
• Provide disaster recovery (DR) documents
• Both Backup/Restore and DR solution MUST proceed trial-run before launched to production
Appendix A
Page 17/46
3 SCOPE, TENTATIVE PROGRAMME AND SCALE OF SYSTEMS
3.1 Scope
The proposed system will be composed of two phases:
Phase 1 Setup Member Area with online Payment and CPD functions
Phase 2 Revamp of existingexisting web site and enhancement of the features of Member Area
Under such composed arrangement, the features shall be, but not limited to the followings:
Phase 1:
Database
As database is correlated to ARB system, database migration may be
needed upon HKIA’s request Remark: restructuring the current database
to enhance features should be necessary in this project. Under such
migration, it should be redesigned in splitting with different databases/tables
for ARB, HKIA and some common data for both.
The updated data must be sync back to original membership system
(Win2000, Ms SQL2000) for other usage (included all related e-files, e.g.
Photo, PDF). System also need to keep checking from original membership
system. If found the data different in between new CMS and original
membership system, the data will be retrieved from original membership
system for operations. Data migration from previous database should be
included.
Remark:
1. As current used MMS database is out of date and most of feature
could not fulfill HKIA’s up-to-date operational requirement, Vendor
MUST amend and re-construct the database with data/tables to
match HKIA’s needs. All should base on HKIA’s information and
further comments.
2. Awarded Vendor should help to implement the related HKIA/ARB
web pages to this new database as part of this project task.
3. It is needed to migrate all data inside the existing database
(including but not limited to: CPD Event) and from another web site
(for CPD Video)
Appendix A
Page 18/46
4. Awarded Vendor should enhance the existing structure of database
to fit HKIA needs. For example: Added tables (or others) to enhance
the existing workflow about CPD Events and added Membership
Benefit feature. All details should base on HKIA’s further information.
Servers/Web pages’ migration/relocation
As concern of UAT and production environment issue, Awarded Vendor
should agree to migrate all the current web pages’ OR re-migrate the project
web/database servers into new one. The number of migrations should have
no limit within the project period. HKIA reverses all rights to change location
of website to other servers at any time within the project period (Phase 1
and 2).
Data export/import
Web interface at BackEnd shall be allowed to upload single or bulk data into
system. It has the flexibility to extract the data in CSV or other Excel format
with selective combination by HKIA staffs. Such combination can also be
stored as template for future usage.
Data import/update through CSV or web interface must be supported in
Multiple language (i.e.: English, Traditional Chinese, Simplified Chinese) for
both CMS and original membership system.
Member Area
All features about original membership systems shall be kept the same or
better (based on criteria from this Tender). All members’ profiles data can
be updated by HKIA staffs in BackEnd and/or member(s) can update
specific profile information in FrontEnd (included photo and document, e.g.
Certificate PDF). It needs to enhance the features by added additional fields
per HKIA request.
CPD Declaration and Membership Renewal
In FrontEnd, it should provide step-by-step procedure to guide the members
to fill in the E-forms for renewal. HKIA should has freedom to set Mandatory
information based on different cases. New CPD declaration section MUST
Appendix A
Page 19/46
be included existing features with advanced enhancement based on HKIA’s
further request, i.e.:
o Issuance of email reminders to members with outstanding forms
o Issuance of CPD certificate
o Linkage with membership database in calculating the no. of CPD hours
required
o Import no. of CPD hours outstanding / extra from the last year to the
database as a first start
In BackEnd, HKIA can set the data manually as if such members provided
information from emails or other non-web medium Information will be
provided to Awarded Vendor.
e.g.:
Member renew the members with the following cases:
o no need to apply the membership card
o Need to apply Membership card (Green Card)
o Need to apply Membership card (Non-Green Card)
Searching
All sections should have their own searching mechanism which subjected
to HKIA’s requirement. HKIA reverses all rights to amend the arrangement
for any time within the project period.
Security
The BackEnd System login from HKIA staffs should be supported with local
login and/or LDAP login (optional). Remark: If LDAP login can be used, AD
account for LDAP shall be used as the lowest authentication level. (“Domain
Admin” must not be permitted to use as authentication or other purposes)
System can provide the flexibility to grant related HKIA staffs with different
security level and created roles for different functions manually. There has
individual web page to amend HKIA users’ login password rather than using
the User Administration Page. Password shall be in complex format with
history. (Similar as Windows Domain Policy)
For FrontEnd Member Area, system provide location to amend login password with the complex format. If members forgot password, it has mechanism to email to members with auto-generation and force changing. OR other ways which be subjected to Vendor’s proposal.
Appendix A
Page 20/46
As Members may need to use such login account for multiple web login, Vendor should propose the solution to handle this case. Reminded that “Email address” as login name should not be used as such information may be changed.
HKIA staffs at the BackEnd also can reset the related members’ password
and/or force member to change for initial login after reset. HKIA has
mechanism to enable/disable such login account.
URL link for members’ AREA must be in secure approach. It is similar as
Google Drive (link share) or hidden parameter as no chance to decrypt or
access other members’ records through the link amendment.
System also needs to set idle period as to expire the login section.
SSL Certificate with HTTPS link should be implemented for ALL
membership related pages and can redirect the related pages to HTTPS
page as if member tried access in using HTTP.
Online Payment
Such payment can be used for members and public area. Multiple Gateway can be handled as it must support Visa/Master Gateway
and/or some China used gateway (e.g.: AliPay, weChat pay).
Remark: Awarded Vendors should propose method(s) to collect logging/record from payment as such payment gateway can send standard notification (e.g.: email) for completion of each transaction.
All depends on HKIA’s further information provided for Awarded Vender. Such online Payment can be worked for different issues:
o Membership and Registered Practices (RP) Payment o Job Posting o CPD Event/Video o Other payment related issues per HKIA’s request
1. Online Membership and Registered Practices (RP) Payment
Appendix A
Page 21/46
➔ HKIA Members can pay the online membership fee. After paid, the members cannot be re-paid except HKIA staffs release the session for re-paid with specific amounts manually.
➔ Members can receive auto generated confirmed email as the payment be successful and HKIA also receive email for such payment status (successful or not).
➔ HKIA staffs can check the single/group/specific payment(s) result with report(s) generation for export or searching at the BackEnd Administration Page/console.
➔ HKIA staffs can adjust the payment values under administration GUI with simple approach. (It is not acceptable for solution to change the data for each account one-by-one only)
➔ System also need for some automatic calculation based on details from HKIA staffs (e.g.: online payment value based on membership criteria)
➔ Online payment will be recorded/logged and check from BACKEND Administration Page through specific criteria searching.
➔ Online payment must handle some special issue, e.g.: duplicate request for payment within the short period. All based on HKIA’s comments and Vendor should be responsible to share the possible issues for HKIA.
➔ The Payment through online payment or bank pay slip confirmed, it can provide interface to print the receipts per single member or bulk-printing. OR
➔ Email the receipts to members’ registered Email addresses
2. Job Posting ➔ Awarded Vendor should propose simple authentication method as HKIA
sent the related link to customer for online payment. (Remark: such link cannot be reused after the transaction)
➔ Payment logging can be filtered and searched through Administration interface (which be separated from other types of payment)
➔ Notification Email can be sent to customer(s) and HKIA staffs. ➔ Payment workflow should be based on HKIA’s further information
3. CPD Event / Video
CPD Event For CPD Event, it can allow members and non-members to attend. i.e. System should handle the online payment for members and non-members. For details, it will be described under CPD Event Workflow. CPD Video
Such function is only allowed members to access.
Appendix A
Page 22/46
➔ Under this section, members need to process online payment for some video which need payment before browsing.
➔ Within specific period, it is no need additional payment to re-access such video
➔ Payment workflow should be based on HKIA’s further information. Continuing Professional Development (CPD)
Awarded Vendor should proceed:
- Migrate ALL CPD related data and features from existing membership
area to new.
- Change CPD standard documents into E-forms/Template for members
to update related data themselves
- Amended existing E-forms to fit our needs (Amended database/tables
structure must be required)
- HKIA Staffs should has flexibility to set specific events to TOP level for
notification
- Workflow for CPD event
1. HKIA generate new Event (Remark: all variables (e.g.: cost for
members with different types and non-members) should be
subjected on HKIA’s further information)
2. It can send bulky emails to related list of email addresses. (included
non-members’ email addresses)
Case HKIA Suggested Workflow (Vendor should propose if any better solutions)
A) Is HKIA Members and Event Quota is not full (Remark: Each event should have quota arrangement for members and non-members)
1. After login “Member Area”, members can register the event 2. If event is not be over quota, it will check whether such event need
to be paid or not. IF needed payment, it will go to online payment page to complete the settle first
3. As payment settled or no needed payment, it will send invitation email to registered email addresses with QR code generation.
4. Members attend the event and show the QR code. Remark: Such QR scanning or other solutions MUST work at non-HKIA office area
5. After scanned the QR code, members attendance record with “CPD hours” (Duplicate record can be detected)
6. Such record also be updated to members’ profile to accumulate their CPD hours
7. System can calculate the members who can fulfill the CPD in next year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided
8. HKIA Staff can generate/export specific report or log to list the CPD hours fulfillment status for members
Remark:
Appendix A
Page 23/46
- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed through member account first.
- Interface provide the mechanism for adding flyers and other description for videos
- Quota allocation for video storing. - CPD coupon arrangement which be subjected to HKIA’s
further information
B) Is HKIA Members but Event is over quota
1. After login “Member Area”, members can register the event 2. If event is over quota, it will show the message for “Over Quota” and
ask whether place to “Waiting List”. 3a. If say “No”, then the registration process ENDED. 3b. If say “Yes”, it will place the related member to “Waiting List”.
On reasonable period before the event (Let’s say 3 office days before event) 3. HKIA Staffs can check any quota as some registrars abandon to
attend the related event. 4. If have quota, HKIA staffs can send email to related member to re-
register from “Waiting list” and .re-run CASE A (Step 3 – 8)
C) Is non-HKIA Members and If they are from some recognized institutes or organization
1. People can register through specific public page or link 2. It will check whether such non-members come from specific
Institutes or organization 3. They need to provide related member ID and specific information
(e.g.: Email addresses) for further verification (Such checking is based on HKIA further information provided to Awarded vender)
4. Reply with notification and place such registration into Waiting List 5. After deadline and found no over quota, HKIA staffs will verify the
request and press button to information for payment info (if need payment) Remark: the payment rate about this kind of recognized institutes/organizations should be different from public
6. As payment settled or no needed payment, it will send invitation email to registered email addresses with QR code generation.
7. Such registrar attends the event and show the QR code Remark: Such QR scanning or other solutions MUST work at non-HKIA office area
8. After scanned the QR code, system has marked the attendance 9. HKIA Staffs can check the attendance records (for all members and
registrars) after.
D) Is non-HKIA Members and Event is over quota
1. People can register through specific public page or link 2. If event is already over quota, it will show the message for “Over
Quota” 3. Process ENDED
E) If found the no of registered members for such event to be less than specific number (before specific days from event)
AS checked with less than specific limit of members registered the event, HKIA staffs can send BULKY or single notification emails to registered email addresses to notify for cancelled event. Such event will be recorded as “CANCELLED” status
F)
IF the event is at expired period, it will show the message and not allow further registration
Appendix A
Page 24/46
If expired period about the event (before designed period)
G) Registrar CANCEL the registration
Registrar can CANCEL the registration through phone, emails or through Members AREA before the event Remark: It should have refund procedure based on HKIA’s further information
H) CPD Event period Extend, delay or change
System can allow to extend, delay or change the CPD event period and send the notification to related parties Remark: Such procedure should be based on HKIA’s further information.
I) CPD Event raised on Virtual Environment, e.g.: Video Conferencing For Members
1. For registration in between Members and Non-members, they are the same operations from Case A (step 1-2) and C (step 1-2)
2. Email will be generated to guide Members and Non-members: Members: (For example only) Vendors can propose other ways. Request members to login “Members Area” in specific period and click the provide link to access and update CPD record
3. For members, members attendance record with “CPD hours” (Duplicate record can be detected) after clicked links at step 2,
4. Such record also be updated to members’ profile to accumulate their CPD hours
5. System can calculate the members who can fulfill the CPD in next year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided
6. HKIA Staff can generate/export specific report or log to list the CPD hours fulfillment status for members
It should have warning statement about the Email for quota about each CPD event through VC
J) CPD Event raised on Virtual Environment, e.g.: Video Conferencing For Non-Members
1. For registration in between Members and Non-members, they are the same operations from Case A (step 1-2) and C (step 1-2)
2. Email will be generated to guide Members and Non-members: Non-Members: Provide access details about VC access at Email only.
3. It will provide the hidden link/ regenerated link for registration and access the VC based on HKIA’s further information.
It should have warning statement about the Email for quota about each CPD event through VC
(Remark: Such workflow is the basic requirement. HKIA has reversed
right to amend the above-mentioned flow for any time within the project
period (Phase 1 and 2)).
- Workflow for CPD Video
➔ Video stored location should have quota size which can proceed
notification and recycling
➔ Video formal must be supported Microsoft/Common device basic
viewing requirement
Appendix A
Page 25/46
➔ It is needed to use the latest approach (Flash player or other (closed
to) outdate format should not be accepted)
➔ The size of each video should be kept to acceptable minimum size.
Case HKIA Suggested Workflow (Vendor should propose if any better solutions)
A) Need to pay before access
1. After login “Member Area”, members can register for video 2. Go to online payment page for member to settle first 3. After payment settled, it will allow member to access (for SPECIFIC
period). As over the period, such member need to re-paid before access again
4. Members can run such video 5. If completed the video, system will record and count with “CPD
hours” (Duplicate record can be detected) 6. Such record also be updated to members’ profile to accumulate their
CPD hours 7. System can calculate the members who can fulfill the CPD in next
year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided
8. HKIA Staff can generate/export specific report or log to list the CPD hours fulfillment status for members
Remark:
- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed such member account first
- Interface provide the mechanism for adding fryers and other description for videos
- Quota allocation for video storing.
B) No need to pay before access
1. After login “Member Area”, members can register for video 2. Members can run such video 3. If completed the video, system will record and count with “CPD
hours” (Duplicate record can be detected) 4. Such record also be updated to members’ profile to accumulate their
CPD hours 5. System can calculate the members who can fulfill the CPD in next
year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided
6. HKIA Staff can generate/export specific report or log to list the CPD hours fulfillment status for members
Remark:
- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed such member account first
- Interface provide the mechanism for adding fryers and other description for videos
- Quota allocation for video storing.
(Remark: Such workflow is the basic requirement. HKIA has reversed
right to amend the above-mentioned flow for any time within the project
period (Phase 1 and 2))
Appendix A
Page 26/46
Phase 2:
Email feature
System can send email from interaction with HKIA email server for
single/bulk email (with attachment) sending to members (based on
registered email address inside the database) at BACKEND Administration
Page. The Email server can be changed to other medium source from
administration GUI.
Under such feature, it can set specific template(s) to send debit note, receipt
or other necessary to Members and specific email addresses which may not
be included in database. It can support for some automation operations.
(e.g.: send Email with QR code for CPD event registration, Email reminder
notification for membership fee, CPD fulfilment email reminder, Job Posting
notification). All shall base on HKIA’s comment.
Under such email function, it can control as splitting a bulk list of emails into
specific small groups of emails each time.
Change hardcopy to E-Form for standard input
As trend of paperless for information submission, it is requested for change
some HKIA standard forms into AREA as web pages to input. The standard
forms will be subjected to HKIA provided sources. Remark: It has the
flexibility for HKIA to change with different E-form for posting.
Dashboard
This function shall comprise the following sub-functions and features:
A. User can view the important message when logged the system (e.g.:
HKIA specific announcement, membership related alert)
B. History for previous data update for checking
C. Field for unsubscribed but need to set specific type to opt-out
Appendix A
Page 27/46
D. Membership dashboard is able to show the payment status, payment
history, debit note and official receipt for members to download
E. Membership dashboard is able to show members history for servicing
HKIA (Can be searchable)
F. Membership dashboard is able to show donation records (Can be
searchable)
G. Online form for members to submit the necessary documents for
competition or other events, which can be notified and verified from
HKIA
H. Content Management System (CMS) users can check the missing
documents and set the event start/expired period
I. There is a fast button to redirect ARB/HKIA RA/Membership page(s)
Web content management
Specific membership sharing documents should be migrated from original
HKIA web site to new CMS system. ALL content can be updated from
BackEnd administration interface with multiple languages Pages (English,
Traditional Chinese, Simplified Chinese). Remark: The design of all the
pages must be the latest common practices as such technical
approaches should NOT be outdated within 5 years from completion
of project. (e.g.: “Flash player” design will be outdated on end of Dec 2020)
Content can be updated with either for one language or multiple. Contents
for all language should be designed to update in the same page (subjected
to HKIA’s comment)
If system found record missing from existing data, it can re-direct to some
HKIA warning page(s) instead to show “Error code 404” or other standard
error page.
It can allow the flexibility to add external link to 3rd parties at “Optional bar”
or other locations (subjected to HKIA’s request)
For Example:
Content has only with English version. It has button for Traditional Chinese
and Simplified Chinese side to show the message which be meaning as
“English version only”.
Remark:
Appendix A
Page 28/46
1. Awarded vendor should not only migrate the existing page to new
system. The existing documents and related files also need to be
migrated by Vendor as part of the project tasks.
2. Awarded vendor should has responsible to collect clear requirement
from HKIA. All output should be passed from User Acceptance Test
(UAT) before HKIA confirms as acceptance output.
Data export/import
Web interface at BackEnd shall be allowed upload single or bulky data into
system. It has the flexibility to extract the data in CSV or other Excel format
with selective combination by HKIA staffs. Such combination can also be
stored as template for future usage.
Data import/update through CSV or web interface must be supported in
Multiple language (i.e.: English, Traditional Chinese, Simplified Chinese) for
both CMS and original membership system.
Design Enhancement
To improve the image of HKIA, the overview of the web shall be re-designed
(Vendor should propose for HKIA’s approval but HKIA reserve right for
amendment upon project development). Awarded Vendor should be
responsible to propose the possible designs (at least 5 types) for HKIA’s
selection.
Security
HTTPS link should be implemented to ALL pages and can redirect the
related pages to HTTPS page as if member tried access in using HTTP.
All the contents inside membership area cannot be easy cloned/extracted
with ALL codes or data through the pages.
OS Platform also need to maintenance under Secure status.
No hidden web page should be allowed as backdoor about website without
notification to HKIA. IF it is found such page(s) to be existing from the
related website(s) without any notification to HKIA, HKIA should reserve
rights to terminate the contract, treat as criminal actions, proceed legal
actions, claim for all associates loss and/or other actions.
Appendix A
Page 29/46
3rd source
System can interact with 3rd party hyperlink where be set at BackEnd
Administration GUI. AND it is needed to interact with 3rd parties’ vendors
who worked with other HKIA related web and/or system to link or
send/receive data in between. The format about links will be shown based
on HKIA’s comment.
Job Posting
System can handle the requests from customers for Job Posting as follows:
- Allow customer to send the request for Post (remark: it can detect for 1
job per post)
- Can feedback message with Email notification to customers and HKIA
staffs about the post
- Record history can be reused for HKIA (Customers may have many posts
at the same moment)
- After HKIA staffs approved the request, it can generate one online
payment link to customer (Can provide channel for customer with the
following payment:
➔ Online payment
➔ Bank Slip and upload to our system page
➔ Set email with bank slip for HKIA staffs to update the record
- After approved payment, the post can be launched for specific periods
(Remark: Such workflow is the basic requirement. HKIA has reversed
rights to amend the above-mentioned flow for any time within the project
period (Phase 1 and 2))
Reference Material/Information Sharing
System can have location to share message/information to Public and
Members Area. HKIA should have flexibility to mark specific
message/information to static locations for posting. Some posting features
should have different level of message sharing. HKIA has reverse rights to
amend the arrangement for any time within the project period (Phase 1 and
2).
Consultation
System can allow posting information or message at Members’ Area for
members to leave comments based on specific topics. The related
Appendix A
Page 30/46
comments will be sent to specific Email addresses AND records for future
searching and filtering. HKIA has reverse rights to amend the arrangement
for any time within the project period (Phase 1 and 2).
Membership Benefit
System should allow to post information for members’ benefit inside
members Area. Awarded Vendor should propose the design for selection.
HKIA has reverse rights to amend the arrangement for any time within the
project period (Phase 1 and 2).
HKIA Daily new
Awarded Vendor should design for launch the HKIA Daily news as page.
And it can update to Facebook HKIA related section, bulky email sending
with photos (if necessary). Remark: Such feature only be released to
members Area only. HKIA has reserved rights to change location of website
to other servers for any time within the project period (Phase 1 and 2).
Advertisement
Awarded Vendor should post the way for advertisement and its payment
flow. The proposed mechanism should require HKIA with minimum man
power to operate. HKIA has reverse rights to amend the arrangement for
any time within the project period (Phase 1 and 2).
Link for HKIA related websites
Awarded Vendor should design the area to link to all HKIA co-related
websites and/or materials at public and/or members page. Such linkage can
be added from using CMS administration GUI by HKIA staffs.
3.2 Tentative Programme
The overall programme for the above- mentioned criteria shall be 9 months tentatively with the Vendor proposed schedule for HKIA’s approval. The schedule shall be submitted during tendering period.
Appendix A
Page 31/46
Awarded Vendor MUST provide the detail schedule for each function (Counted by date). For any amendment of schedule, it is subjected to HKIA’s formal approval.
3.3 Scale
Number of users for the system:
BackEnd Administration System – HKIA Secretariat internal use
Currently around 35 users
For the back-end users, currently they are mainly using Windows 7/8/10
with different kinds of browser (IE9, IE11/Edge, Chrome version 30, Firefox
version 24). As mention in section 2.3, software compatibility is one of the
main concerns. Any future upgrade of OS and browser could be compatible
to the proposed back-end CMS system.
Front End Membership e-Self Service Online System
Current HKIA full membership data (minimum 4,000 membership data with
HKIA membership and around 40 membership data with non-HKIA
membership) is required to migrate from ARB/HKIA’s existing membership
system for checking of data.
Full Membership System
Currently, there are minimum 4,000 full members (including Member, Fellow, Hon Member, Hon Fellow, Retired Member, Retired Fellow, Non-Resident Member, Associate, Affiliate, Graduate Member, Student Member and ARB Member) and 40 members without HKIA membership are in the existing ARB/HKIA membership system.
Minimum 300 new full members are expected to increase yearly. Besides, there are minimum 170 Registered Practice (RP)s as our Practice Members.
Appendix A
Page 32/46
HKIA has an internal membership system at the moment and the data and information has to be migrated for development and usage
4 KEY REQUIREMENTS
FR4 Core Functions
FR4.1 Account Management
Requirement details Requirement Compliance
1. Create the new HKIA accounts with different roles Mandatory
2. Suspend the user accounts by back-office staff and system administrator
Mandatory
3. Product the members/internal staffs’ access, status, data report
Mandatory
4. Produce the membership fee payment reports Mandatory
5. Password: - Issue an initial password with complex format.
Similar as Domain accounts’ approach. - It has flexibility to back end to set password
expired date, history password, force to change password after reset or initial login by members.
- BackEnd staffs can also reset the passwords and force/bypass members to change passwords
- Members at FrontEnd can receive re-generate passwords and sent to registered Email addresses (even mark as “unsubscribed” when forgot passwords
Mandatory
6. All passwords MUST be stored in database with ENCRYPTION formats
Mandatory
7. Roles about BackEnd Staff accounts should be assigned by group-based and such group members can be easy been located through simple web interface
Mandatory
8. Database account must not be used of “sa” SQL default system account and data sync usage
Mandatory All database accounts’ password should be provided and owned by HKIA
9. All System accounts (inc. Database connection account, Web interface access or others OS Platform account which be related to this System should be simple reset from one specific design web interface
Mandatory All database accounts’ password should be provided and owned by HKIA
10. No plain-text password at FrontEnd/BackEnd GUI and all related interfaced can be shown
Mandatory
Dependence
Appendix A
Page 33/46
Additional info.:
i. System administrators can manage back-office staff accounts only
FR4.2 Membership/RP Record Management
Requirement details Requirement Compliance
1. Provide functions to create/amend/delete records, activity and related with members/RP through the FrontEnd/BackEnd based on HKIA’s info
Mandatory
2. Support multiple membership classes of individual and corporate (RP) memberships
Mandatory
3. The membership/RP record management events above should be auditable
Mandatory
4. Provide members/RP search functions with filtering/wild cards features (all types of members)
Mandatory
5. Standard forms shall be implemented into system for members’ and/or HKIA staffs input or retrieve
Mandatory Some of the forms should be included to change as e-form per HKIA’s information
6. Add additional fields (e.g.: Any OB or other committee servicing information, donation/contribution records)
Mandatory Subjected to HKIA’s information
Dependence FR4.1
Additional info.: i. The system MUST accept bulk input via a file with pre-defined format
FR4.3 News/Event Management
Requirement details Requirement Compliance
1. Maintain the news/event info Mandatory Awarded Vendor should migrate all contents and documents from existing web to new
2. Provide a sorting function by keywords(s) on Title, Event (Boards/Supporting), Range of Dates
Mandatory
3. Provide an agenda list and calendar view in presentation
Desirable
4. Place specific topics at TOP static locations Mandatory
5. Standard hardcopies and HKIA documents should be changed as E-forms which can update the database directly
Mandatory Subjected to HKIA’s further request
Dependence FR4.1
Additional info.: i. Related data update can accept bulk input via a file with pre-defined format
FR4.4 Online Payment Management
Requirement details Requirement Compliance
Appendix A
Page 34/46
1. Integrate with payment gateways for various activities in HKIA
Mandatory
2. Provide an online shopping cart to members for order placements of value-added membership services and products
Desirable
3. Maintain the payment records for audit trail Mandatory
4. Membership renewal should be linked with the payment gateway when selection of online method
Mandatory
5. Members can receive Email/SMS and/or other types of alerts about the payment successful
Mandatory
6. Provide API interface for Account system to integrate Mandatory
7. Have interface to change the online payment gateway Mandatory Can support multi-gateway e.g.: AliPay
8. Logging/Recording for each payment transaction must be kept and be available for criteria searching
Mandatory
9. Register with payment info (will notify for payment for specific issues, e.g.: upgrade the membership type)
Mandatory
10. Provide an acknowledge for registration and payment Mandatory
11. Provide GUI for single and/or bulk printing of Debit note/Receipts with specific template(s)
Mandatory Such template can be changed by HKIA for any time
12. Provide GUI for single and/or bulk email sending for Debit note/Receipts with specific template(s)
Mandatory Such template can be changed by HKIA for any time
Dependence FR4.1
Additional info.: i. Online payment shall not limit to online membership payment. ii. All related ARB/HKIA with all type of services should be included
FR4.5 Questionnaire Management
Requirement details Requirement Compliance
1. Create the questionnaire for users participation Desirable
2. Questionnaire can be distributed to members in printed and electronic media
Desirable
3. Produce an analysis reports for the results in spreadsheets and via other channels and media
Desirable
Dependence FR4.1
Additional info.:
FR4.6 Membership Area
Requirement details Requirement Compliance
1. Provide an interface for members’ operations:
a. View of members’ profile, forms downloads & submission
Mandatory
Appendix A
Page 35/46
b. Event registration, view & download post-event materials for membership sharing
Mandatory
c. Access to value-added and paid membership services
Mandatory
d. Membership renewal Mandatory
e. Allow members to change specific profile information
Mandatory Subjected to HKIA’s comment
2. Customize the portal layout, organization, language, etc
Mandatory
3. Integrate with popular social media (Facebook/Linkedin) and professional website
Desirable
4. Allow HKIA to send emails (or auto-send) to registered members’ email addresses for notification/online payment and/or other purposes
Mandatory
5. All membership related forms with workflow should be set (e.g.: Apply membership Card)
Mandatory Subjected to HKIA’s comment
Dependence FR4.1
Additional info.:
FR4.7 BackEnd Administration Management
Requirement details Requirement Compliance
HKIA staffs can add, amend, delete content, documents, logo, images at BackEnd interface
Mandatory
All related Database data can be bulky imported through specific format
Mandatory
All related Database data can be extracted as CSV or other format with selective actions
Mandatory
Exported format can be saved as template for further used Mandatory
Upload folder(s) MUST be locked to specific designated folder(s) for different sections
Mandatory
Can assign different features for groups of members (e.g.: HKIA members can view all features)
Mandatory
Dependence FR4.1
Additional info.:
FR4.8 Secure Internet Connection
Requirement details Requirement Compliance
1. All traffic should be transmitted on HTTPS Mandatory
2. All members must be authentication (i.e. Login/password)
Mandatory
Appendix A
Page 36/46
3. Password should be in complex format Mandatory System can check and detect
4. URL link must not release any variables (need to be encrypted like Google Drive link or hidden variables)
Mandatory
5. OS platform in local servers’ or cloud must be kept security stage (Should propose in solution)
Mandatory
6. System must not use top level of rights (e.g.: “Domain admin”) as service right
Mandatory
7. Database connections must not be in used of “System admin” role
Mandatory
8. All system, Database connection and/or services accounts can be amended through simple web/console operations
Mandatory
9. The design shall be easy managed for database and Server even the related devices changed their hostname or IP
Mandatory
Dependence
Additional info.:
FR4.9 Information Security
Requirement details Requirement Compliance
1. All HKIA data should be kept confidentially and maintained in integrity. Information should be available to the authorized personnel only
Mandatory
2. Personal information in the HKIA data should be handled within the system, such that the data privacy could be observed
Mandatory
3. SSL certificate is subscribed by HKIA but the vendor is required to apply it in server
Mandatory
4. HKIA staffs MUST has ownership for any platform which be used for implementation of the system even proposed from Vendor (i.e.: HKIA staffs must have the FULL access right for the solution of system platform for any time included the project implementation period)
Mandatory
5. All assets (include source code) within the project related which should be owned by HKIA
Mandatory
6. For any solution proposed, Vendor shall bear responsible to ensure the security for Platform, network and System itself. Vendor have responsibility
Mandatory
Appendix A
Page 37/46
to report for any issue included security case for HKIA’s concern and decision.
Dependence
Additional info.:
FR4.10 System Audit
Requirement details Requirement Compliance
1. All system and user activities must be logged for information integrity
Mandatory
2. Provide access of audit log to authorize user accounts Mandatory
3. Produce detailed audit log report, system usage report, unauthorized and failed access reports, etc, in printed and electronic media
Mandatory
Dependence
Additional info.:
FR4.11 Hardware, software and documentation
Requirement details Requirement Compliance
1. Vendor shall propose necessary hardware and software (include license) which should be included for this project.
Mandatory
2. Vendor shall propose the DR and backup/restore procedure
Mandatory
3. Vendor shall provide the necessary documents (include Backup/Restore steps, Disaster recovery steps, users and Administration operation manual and others within the project period, data flow diagram in between databases)
Mandatory
4. Vendor shall provide the procedure for reset the key login password and IP/hostname amendment
Mandatory
5. Vendor shall provide the database sa and other essential password (included System and/or Windows) before project completed
Mandatory
Dependence
Additional info.:
FR4.12 Continuous Professional Development Management
Requirement details Requirement Compliance
1. All CPD features from current system MUST be migrated to new
Mandatory
Appendix A
Page 38/46
2. Hardcopies should be changed as E-forms to link with Database to update automatically
Mandatory
3. All system operations and calculation should be based on HKIA’s further requirement
Mandatory
4. Existing e-forms must be amended per HKIA’s further requirement
Mandatory
5. CPD Event workflow must be built Mandatory Subjected to HKIA’s further requirement
6. CPD Video workflow must be built Mandatory Subjected to HKIA’s further requirement
7. Can send bulky emails to all CPD related (e.g.: CPD fulfilment email reminder
Mandatory
8. Must manual add and check and report generate for CPD issue
Mandatory
9. CPD declaration / Membership Renewal Mandatory Subjected to HKIA’s further requirement
Dependence FR4.1
Additional info.:
4.1 Training and Document
User training at each phase of completion is required and should be provided by the vendor to the HKIA Secretariat for knowledge transfer for the effective use of the required CMS membership administration system.
The selected vendor shall provide users, administration and setup training and documentation to the system, administrator, secretariats and project manager of HKIA.
5 TECHNICAL/ HARDWARE REQUIREMENTS
Scalability
The website shall be scalable by upgrading to a higher end server. The vendor shall provide performance figures together with proposed system configuration to substantiate this capability.
Availability
The website shall be available 99.9% except for scheduled maintenance. The vendor shall specify in the operation manual of any application functions, administration activities or tasks that require stoppage of either particular services or the complete system.
Appendix A
Page 39/46
The vendor shall specify describe in details in the operation manual of the approach adopted, hardware and software configuration required, and other assumptions used to achieve the aforesaid level of availability.
Maintainability
The vendor shall specify the daily operation, disaster recovery and contingency of the website, which requires supports from the vendor or HKIA technical staffs.
5.1 Proposed Technical Environment The vendor’s proposed system should be based on the latest operating system (i.e. Windows Servers with IIS) The proposed system should be compatible to different platforms, such as: PC, tablet, mobile. Also, the system count be compatible to plug into our current membership system and website; for the future growth, to easily plug into the revamped website or other systems. For any case and any situation, the ownership about OS platform for the system MUST be belonged to HKIA. And HKIA staffs must have FULL right to access the related OS for any time. For this project, the source code owner MUST be belonged to HKIA with no dispute. Web server and database server are proposed to be hosted in any location based on the security network, hosting environment. Vendor has to purchase the hardware and software and be responsible for setup, installation and migration of all data (included database).
The website shall be operated under the multi-users, multi-tier client/server architecture. The vendor shall describe in full details, with schematic diagrams where appropriate, the operating architecture of the website including the physical distribution of databases and servers in the technical architecture report.
6 DEMONSTRATION AND PROOF-OF-CONCEPT
Vendors will be short-listed by HKIA and invited to conduct a demonstration and proof-of-concept. HKIA requires a demonstration on functionality and the capability of vendor’s existing and/or customized systems to indicate a reasonable level of requirements matching. The objective of the demonstration is to make comparisons between short-listed vendors’ proposal and/or systems for the vendor selection process. The short-listed vendors will be provided with test scripts to be executed during the demonstration. HKIA reserves right to ask about any additional functions during the demonstration. The short-listed
Appendix A
Page 40/46
vendor(s) shall be notified for the schedule of the demonstration within the period specified on the section “Tender Key Activity and Date” on this document. The short-listed vendor(s) shall also brief the proposal and be prepared to answer the questions from HKIA during the demonstration.
7 COST INFORMATION REQUIREMENTS
7.1 Detail Cost
The vendor shall provide a comprehensive breakdown of all related costs of the project in the proposal, categorized by a one-off cost and recurring cost per annum. Vendor shall show unit cost, quantity and total cost for each detail component of the project. The components shall be included:
• Software development
• Software license (included 3rd software e.g. antivirus)
• Hardware requirement (if any)
• Hardware license (if any)
• Firewall system (if any)
• Firewall system annual maintenance cost (if any)
• Backup solution (if any)
• Implementation (separated fee for each stage)
• Other configuration tools
• Operating support service
• Web hosting service
• Other proposal (if any)
The pricing shall also include the 1st year total cost of ownership and list the price for maintenance cost for next year as options.
7.2 Payment terms and determination
It is expected that the proposed CMS System will be developed features by features. Payment will be paid for each feature with the satisfaction of the User Acceptance Test respectively. HKIA should reverse right for partial payment upon to User Acceptance Test result and Vendor’s performance.
User Acceptance Test (UAT) form MUST be submitted by Vendor as the format of UAT form must be approved by HKIA. UAT form must be signed by HKIA with no outstanding issue and/or detects as the result for confirmation.
Appendix A
Page 41/46
HKIA can determine the project at the end of any Phase and only the work done for the completed stages will be compensated as per the payment schedule. Vendor must inform HKIA in written upon completion of each function and obtain approval from HKIA prior to commencement of next Phase.
Part of cost shall be paid after completion of warranty period (without any issues or have already fixed ALL issues within the warranty period)
Payment may be paid in advanced in some conditions but Vendors should complete the related features with User Acceptance Test (UAT) passed in final. Otherwise, HKIA should reverse rights for Vendor to return the over-paid amounts (plus any loss) with no dispute.
7.3 Warranty
HKIA requested for a 6-month warranty from project completion after it is launched to public or internal formally. Temporarily launched about the web site (or just included partial features launched) cannot be counted as warranty. And the tender has the responsibility to restore the backup as soon as possible. And the specific ratio of cost will be hold and will be paid after warranty end.
Remark: Vendor shall have responsibility to fix ALL the issues which be found within the project and warranty period. i.e.: Vendor MUST need to fix all of the identified or new found issues within the warranty period. After issues reported to Vendor, Vendor should be responsible for fixing even expired the warranty periods with UAT or formal confirmation before settled such payment.
For Example (but not limited)
If the bugs found on the last day of the warranty, Vendor shall fix it even after passed the warranty. Otherwise, HKIA should reserve rights to hold the payment until the case be settled.
7.4 Liabilities of the Vendor
For the development and maintenance of the CMS System, many confidential privacy data (data processor) has to observe and work according to the Personal Data (Privacy) (Amendment) Ordinance 2012 by the Office of the Privacy Commissioner for Personal Data).
Appendix A
Page 42/46
The vendor has to obligate the followings when processing and handling the data:
a. Security measures required to be taken by the data processor to protect the personal data entrusted to it and obligating the data processor to protect the personal data by complying with the data protection principles;
b. Timely return, destruction or deletion of the personal data when it is no longer required for the purpose to HKIA;
c. Prohibition against any use of disclosure of the personal data by the data processor for a purpose other than the purpose for which the personal data is entrusted to it by HKIA;
d. Absolute prohibition or qualified prohibition (unless with the consent HKIA) on the data processor against sub-contracting the service that is engaged to provide;
e. Where sub-contracting is allowed by the HKIA, the data processor’s agreement with the sub-contractor should impose the same obligations in relation to processing on the sub-contractor as are imposed on the data processor by the HKIA; where the sub-contractor fails to fulfill its obligations, the data processor shall remain fully liable to the HKIA for the fulfillment of its obligations;
f. Immediate reporting of any sign of abnormalities (e.g. audit trail shows unusual frequent access of the personal data entrusted to the data processor by a staff member at odd hours) or security breaches by the data processor;
g. Measures required to be taken by the data processor (such as having personal data protection policies and procedures in place and providing adequate training to its relevant staff) to ensure that its relevant staff will carry out the security measures and comply with the obligations under the contract regarding the handling of personal data;
h. HKIA’s right to audit and inspect how the data processor handles and stores personal data; and
i. Consequences for violation of the contract.
If the vendor breaches the Personal Data (Privacy) (Amendment) Ordinance, the vendor is liable to the consequences of the damages to the HKIA.
Appendix A
Page 43/46
8 OPERATION AND TECHNICAL SUPPORT SERVICE I. Help Desk Service
The selected vendor shall provide the help desk staff to answer any problems or queries over the phone or by email to the users. If necessary, on-site service shall be required.
II. Software Upgrade When a new version of the software is released or add-on software, the selected vendor shall make assessment and recommendation whether website should be upgraded to the new version or add-on software. HKIA shall have the absolute discretion on whether to upgrade the software or not. The selected vendor shall provide technical support on software upgrade or add-on software, and also assist HKIA to conduct testing and trial run after the software upgrade. The selected vendor shall revise the documentations of website for the upgrade software whenever applicable.
III. Problem Resolution and Bug Fixing The selected vendor shall perform bug fixing and provide on-site support, if necessary, to resolve all system related problems. The selected vendor shall liaise and co-ordinate on bug fixing.
IV. Disaster Recovery Support Selected vendor shall provide on-site support, if required by HKIA, for disaster recovery.
V. System Technical Support The selected vendor shall provide technical support to the system administrator or HKIA technical staff. On-site investigation, if necessary, shall be provided.
VI. Operating Service All the implementation shall be proceeded in HKIA Office or remote access from vendor office. Vendor shall provide the fixed WAN IP for HKIA to lock the access for the project.
VII. Web Hosting Service The selected vendor shall provide the price/cost of the Web Hosting service of the HKIA.NET. And HKIA staffs have FULL right to access such hosting server(s) in any time.
9 IMPLEMENTATION SERVICES
Appendix A
Page 44/46
The selected vendor shall provide the following implementation services:
a. System Installation Service The system installation services shall be provided by the selected vendor for each stage of the HKIA.NET
b. Disaster recovery plan and drill service The selected vendor shall provide a disaster recovery plan for recovering the system in case of failure. The selected vendor shall perform and complete a disaster recovery drill successfully before system launch.
c. System nursing support The selected vendor shall provide on-site system nursing service during the first two week of system go live. The service shall focus on monitoring all application and technical issues, system performance and error. The nursing service shall include answering all queries raised during this period. The selected vendor shall fine-tune the performance of the system if necessary.
d. System migration support
Within the project and warranty period, Vendor shall support for ANY types of system migrate per HKIA request.
10 USE of THIRD PARTIES The vendor shall indicate clearly in its proposal if the vendor intend to delegate or subcontract any of its responsibility. If the selected vendor does not indicate the use of the third parties in its proposal, the selected vendor shall not delegate or subcontract any of its responsibility without the prior written agreement from HKIA. If above mentioned issue found during the project running for selected vendor, HKIA shall has right to terminate the contract and charge the cost of remain contract.
11 SUPPLIER INFORMATION REQUIREMENTs
11.1 General Information
This to include information such as contact details, registered vendor address, web address, name and address of bankers, name of ultimate holding company,
Appendix A
Page 45/46
organization chart indicates key project staff with their CVs, etc. For details, please refer to Appendix B.
11.2 Proof of Supplier's sound Financial and Company Standing
This to include details of vendor's ownership and financial backing, copies of published and audited accounts over three financial years, statement of turnover, etc.
11.3 Evidence of Capacity to Deliver Contract Requirements
Solid experience the vendor has gained of dealing with similar contracts. Details of reference sites of comparable size and sector type is required.
11.4 Other
Any reference If not already covered in any of the other sections, the vendor may wish to include specific reference to. Data protection, quality assurance - details on standards, approach and accreditations such as ISO9000, etc could be submitted in this part.
12 IMPLEMENTATION REQUIREMENTS
Details of implementation approach, project management methodology used and time scales. Details of roles and responsibilities between the HKIA and the vendor have to be stated in the technical submission for HKIA evaluation.
13 COLLUSION AND INDUCEMENTS
Any collusion with other potential suppliers will invalidate your tender. By submitting a tender, you declare that it is a bona fide tender, intended to be competitive and that you have not fixed or adjusted the amount of the tender by or in accordance with any agreement or arrangement with any other person.
Offering an inducement of any kind in relation to obtaining this or any other contract with, The Hong Kong Institute of Architects will disqualify your tender from being considered and may constitute a criminal offence.
14 CONFIDENTIALITY
Vendor should not approach any HKIA staff or other vendor to obtain any technical or commercial information for the preparation of this tender.
Appendix A
Page 46/46
This document is supplied purely for the purpose of assisting vendor to respond to this invitation to tender, no part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) for any other purpose. All information printed in this invitation of tender has to be kept confidential and could not release to the third party.
The Vendor hereby agree as follows :
1. For purposes of this tender invitation and the enclosed documentations, "Confidential Information" shall mean any and all non-public information the HKIA has disclosed or may disclose to the Vendor, including but not limited to information related to : production of legal materials, software development and design, business or software architecture, software not yet known to the public, clients or prospective clients, internal communications, events, or meetings, or any other research, development, operations, marketing, transactions, regulatory affairs, discoveries, inventions, methods, processes, articles, materials, algorithms, formulas, specifications, designs, drawings, data, strategies, plans, prospects, know-how and ideas, whether tangible or intangible, and including all copies, analyses and other derivatives thereof.
2. The Vendor agrees (i) not to disclose any Confidential Information or any information derived there from to any third person, (ii) to keep the HKIA’s Confidential Information confidential and take all the reasonable precautions to protect the confidentiality of such Confidential Information with the same degree of care with which it protects the confidentiality of its own confidential information, but in no event with less than a reasonable degree of care, and (iii) not to use any Confidential Information for any purpose whatsoever except to advance the legitimate business interests of the HKIA under written or oral instruction of the HKIA’s authorized officers.
3. All right, title, and interest in and to the Confidential Information shall remain with HKIA or its licensors. Nothing in this tender invitation and enclosed documentations are intended to grant any rights to Vendor under any patents, copyrights, trademarks, or trade secrets of HKIA.
Total Solution of HKIA Membership Taskforce
Latest draft: 4 May 2020