Professional Documents
Culture Documents
Securities and Exchange Board of India Page 1 of 54
Securities and Exchange Board of India Page 1 of 54
In this regard SEBI invites expression of interest for "Request for Proposal" from leading Solution
Providers of international class and standing to provide an end-to-end solution for building the said
project on a total turnkey basis.
The scope of work shall include following but not limited to:
1. Supply, installation, integration and post-installation support of required IT infrastructure
(Servers, Storage), Networking, Security solution and necessary associated
hardware/software components.
2. Implementation of Enterprise Portal Solution including but not limited to
a. Portal Solution
b. Enterprise Resource Planning (ERP) solution,
c. Business Process Management (BPM),
Page 1 of 54
Page 2 of 54
The application along with the above required documents and contact persons name, email-id,
contact no shall be delivered to the following address on or before July 22, 2013 in a sealed
envelope super-scribing "Enterprise SEBI Portal"
The Chief General Manager
Information Technology Department,
5th Floor, SEBI BHAVAN, Plot No.C4-A,
G-Block, Bandra Kurla Complex, Bandra (E)
Mumbai- 400 051
SEBI will scrutinise all the submitted applications and issue the RFP to the qualified solution
provider meeting the above mentioned eligibility criteria within 2-3 working days.
For any queries, you may contact Information Technology Department, SEBI at phone no. 02226449592 and 022-26449523
Please note that Request for Proposal (RFP) shall be issued only to the eligible Solution
Providers.
The Last Date of submitting the response to RFP is: August 19, 2013
SEBI reserves the right to accept/reject any or all expressions of interest received in response to
this advertisement without assigning any reasons, whatsoever. SEBI also reserves the right to
raise the eligibility criteria for short listing the Solution Providers.
Page 3 of 54
Important Note: "SEBI does not favour any particular proprietary standard, protocol,
software, hardware, etc. All product terms in this RFP are meant to be vendor neutral. In
case any proprietary technology terms are inadvertently used, by omission or commission,
vendors should quote any industry equivalent standard product with supporting technical
documents."
Page 4 of 54
Table of Contents
Table of Contents............................................................................................................................ 5
Abbreviations & Definitions ............................................................................................................. 8
SECTION I INTRODUCTION ....................................................................................................... 9
1.1.
1.2.
1.3.
Objective ........................................................................................................................9
SECTION II PRESENT IT SETUP ............................................................................................. 10
2.1
Infrastructure Setup ...................................................................................................... 10
SECTION III BUSINESS REQUIREMENTS ............................................................................... 11
3.1.
Objective of Proposed Solution..................................................................................... 11
3.1.1.
Essential Business Requirements ............................................................................ 11
3.1.2.
ERP ......................................................................................................................... 12
3.1.3.
3.1.4.
3.1.5.
3.1.6.
3.1.7.
3.1.8.
Access Control......................................................................................................... 16
3.1.9.
3.1.10.
3.1.11.
3.1.12.
Workflows ................................................................................................................ 17
3.1.13.
3.1.14.
Dashboards/Reports/Analytics ................................................................................. 20
3.1.15.
3.1.16.
3.1.17.
3.1.18.
3.1.19.
3.1.20.
3.1.21.
Security ................................................................................................................... 28
3.1.22.
3.1.23.
Page 5 of 54
4.1.3.
4.1.4.
4.1.5.
4.1.6.
4.1.7.
Interfaces ................................................................................................................. 36
4.1.8.
Support .................................................................................................................... 37
4.1.9.
4.1.10.
4.2.
Networking, Security and Controls ................................................................................ 38
4.2.1.
Specifications for Network, firewall and switches ..................................................... 38
4.2.2.
4.2.3.
4.2.4.
4.2.5.
Audit Trails............................................................................................................... 39
4.2.6.
Reports .................................................................................................................... 40
4.2.7.
4.2.8.
Connection Security................................................................................................. 40
4.2.9.
4.2.10.
4.2.11.
Access Control......................................................................................................... 41
4.2.12.
Change Control........................................................................................................ 41
4.2.13.
4.3.
4.4.
Business Continuity Planning (BCP) ............................................................................. 42
4.4.1.
Documentation of the Disaster recovery plans should include following, but not
limited to: ............................................................................................................................... 43
4.4.2.
4.4.3.
4.4.4.
4.4.5.
The proposed BCP/DR solution should have following features but not limited to .... 44
4.5.
Implementation Requirements ...................................................................................... 44
4.5.1.
Implementation Plan: Delivery of hardware and solution .......................................... 44
4.5.2.
4.5.3.
Documentation ........................................................................................................ 46
4.5.4.
Source Code............................................................................................................ 46
4.5.5.
4.5.6.
Training ................................................................................................................... 47
4.5.7.
Testing ..................................................................................................................... 48
Page 6 of 54
4.6.
4.7.
Change Management Procedure .................................................................................. 49
SECTION V EVALUATION PROCESS AND TECHNICAL CRITERION .................................... 51
5.1.
5.2.
5.3.
Technical Evaluation .................................................................................................... 52
5.3.1.
Proof of Concept (PoC)............................................................................................ 52
5.3.2.
Page 7 of 54
Page 8 of 54
SECTION I INTRODUCTION
1.1. About SEBI
Securities and Exchange Board of India (SEBI) is a statutory body, which operates within the
legal frame work of Securities and Exchange Board of India Act 1992. Its statutory objectives
are:
Protection of Investors Interest in Securities Market
Promotion and Development of the Securities Market
Regulation and Supervision of Securities Market and Matters incidental thereto.
Detailed information on the functions of SEBI is provided on the website, www.sebi.gov.in.
1.2. Location of Offices
SEBI has its offices in following locations:
Head Office
Bandra Kurla
Complex,
Mumbai
Regional Offices
Chennai, Kolkata, New Delhi ,
Ahmedabad and Mittal Court,
Mumbai
Local Offices(#)
Guwahati,
Patna,
Kochi,
Bhubaneswar,
Hyderabad,
Bangalore, Lucknow, Jaipur,
Indore, Chandigarh, Raipur,
Srinagar, Shimla, Dehradun,
Panaji, Ranchi
(#)As per the expansion of activities in SEBI, more Local Offices may be opened.
1.3. Objective
Supply, installation, design, development and implementation of Enterprise Portal Solution
(includes Portal, Enterprise Resource Planning (ERP) solution, Business Process
Management (BPM), Custom applications development, Enterprise search engine, Business
intelligence and analytics, and necessary associated software may be provided),IT
infrastructure(Servers, Storage, Networking and Security Solution)).Project also includes
migration of data, integration of enterprise portal with other internal applications and postimplementation support for Enterprise Portal Solution, System Software and IT Infrastructure
(Server, Storage, Networking, Security Components and necessary associated hardware and
software).
Page 9 of 54
2.1
Infrastructure Setup
Present IT Infrastructure including their corresponding versions is as follows:
S.No
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Product/Application
Oracle Portal
Oracle ERP
Oracle Database
Custom-built Applications
EMCs Documentum
WebContent Management
MSs Mail and Messaging
Anti-Virus(McAfee)
SEBI Website
Visitor Management System
IP Telephony(VCX server)
Scores System(website)
DBWIS
IMSS
Business Objects
SAS
Version
10.1.2.0.2
11.5.9
10.1.0.4.2
J2EE 1.3
Exchange 2010
4.6
9.85
Netezza 12.12
SMARTS
Page 10 of 54
Page 11 of 54
9. Password reset functionality shall be provided so that employee shall be able to reset
the password by his/her own
10. Bookmarks Facility for portal with following features.
(a) Quick links to favorite websites-Use Web History to find the frequently visited
sites and bookmark favorites.
(b) Get your bookmarks on any computer-No matter where one may be surfing the
web, bookmarks should be available to user just by signing in.
(c) Keep bookmarks organized-add searchable labels and notes to bookmarks to
find them easily and keep them organized.
11. Application response time should not exceed 3 seconds threshold for any delivered
applications (Portal, ERP and Custom Applications)
Please Note: Solution Provider needs to warrant that the solution implemented shall meet
the performance requirements as mentioned in the RFP. Solution Provider shall augment
the system at its own cost and expenses, if these performance requirements are not met by
the supplied systems as per this RFP.
3.1.2. ERP
It may be noted that all the modules offered should be from same OEM. The following
modules to be developed as per SEBI's requirements:
3.1.2.1 HRMS Modules
These modules shall include but not limited to the following:
1. Existing modules
i. Leave module
ii. Training module
iii. HR module
2. Payroll module
3. Provident Fund module
4. Claims modules
5. Loan module
6. Taxation module: Proper logics need to be programmed in the salary package for
each taxable claim.
7. Attendance Management System.
8. Performance Appraisal Management System
9. Attrition Management System
10. Training System
11. Recruitment System
12. Tour Approval/ticket booking/claim for both foreign and domestic tours.
3.1.2.2 Finance Modules
In addition to the existing features in the present Finance package, following but not
limited to features shall be implemented by the Solution provider (AR, AP, GL, Treasury,
Fixed Asset, Cash Management, Purchase order, Budgetary, Procurement,
Reimbursement module(30 types of reimbursement), Inventory and Vendor Payment
System etc.)
Page 12 of 54
Type
Interfaces(ERP)
Workflows
Data Entry Users
Admin Users
Set of Books
Total no of objects
15
10
30
5
2 (SEBI, PF Trustee)
Implementation of all modules will be carried out across all offices (Head Office,
Regional Offices and Local Offices).
3.1.2.5 ERP Integration with Other Applications
ERP should be integrated with other applications; however these applications shall not be
limited to the following:
1.
2.
3.
4.
5.
6.
7.
DMS
Custom Applications
Business Intelligence and Analytics
Mail & Messaging
Active Directory
SSO
Printers
Data flow for the integrated applications should be bi-directional i.e. application will
push the data in ERP and vice versa
Page 13 of 54
Page 14 of 54
12. Provide features for emailing of newsletters to the users when content is updated.
13. Support versioning of content and provide options to view/revert to the previous
versions of the content.
14. Provide facility for the archival of contents.
15. Provide facility for published content to be displayed on web browser (HTML) or PDA
(WML) natively.
3.1.5. Portal Collaboration and Social Features
Portal shall not be limited to the following collaborative features:
1. Should have Instant messaging / Chat functionalities.
2. Should have Web conferencing functionalities.
3. Should have Team-based document sharing and versioning functionalities.
4. Should have Discussion threads/forums functionalities.
5. Should have Team Calendar functionalities.
6. Should have Web-based white-boarding functionalities.
7. Should have a People Finder Portlet/web part to search the employees and their
Organizational Hierarchy.
8. Team Collaboration
a. Describe and explain the components that are available in the product.
b. The solutions shall encompass the followingi.
Team Blog
ii.
Team WiKi
Page 15 of 54
1. A site framework consists of a set of Web Content Management items. Each site
framework consists of a single site under which a set of site areas and content items are
grouped.
2. Use taxonomies to group categories and have a predefined list of categories when
profiling a Content item.
3. Use Keywords to profile content.
4. Authoring templates to group content items and, similar categories and keywords that
can be used as search parameters in a menu element.
3.1.8. Access Control
Access Control for the new portal shall include the following features; however these
features shall not be limited to the following:
1. Restrict access to selected users and groups to the views within an authoring portlet,
the items managed by the authoring portlet, and to elements and pages displayed within
a Web site.
2. Assign roles to both a whole library, and the item types within a library using either an
additive or subtractive methodology.
3. Apply the Manager or Administrator role to the entire library.
4. Apply Editor, Contributor or User roles to specific item types and deselect the
inheritance check-box.
3.1.9. Web Sites for Different Localities
Maintain separate libraries and sites within Workplace Web Content Management for
different localities. New portal shall provide the following features but these features shall
not be limited to the following:
1. Create a separate library for each locality.
2. Create another library for any content that will be shared across localities.
3. Create a separate site for each locality.
4. Create a separate search collection for each locality.
3.1.10.Authentication and Single Sign on (SSO)
The portal system shall have following authentication and SSO features; however these
features should not be limited to the following:
1. Provide a facility to authenticate the users with two factor authenticate. The portal
system shall recognize users and their personalized requirements.
2. Support time out features that will automatically lock user account similar to the lock
facility available in windows after a specified amount of time. The system shall allow the
portal administrator to configure the time out settings.
3. Only single session per user at a time.
Page 16 of 54
4. Provide built-in single sign-on capabilities that enable users to sign-on once to the portal
and seamlessly connect the users to the enterprise applications.
5. User access shall depend upon his/her entry point i.e. whether the user is accessing the
portal from SEBI LAN or Internet.
3.1.11.Employee Directory
Employee Directory shall have the following features; however these features shall not be
limited to the following:
1. Search for people within the organization.
2. View recent changes to directory.
3. Birthday messages on SEBI Portal Home page for logged on user.
4. Contact and location details for all employees.
5. Presence Indicator with status information such as busy/away/available etc.
6. User shall be able to generate organization hierarchy for each employee both up and
down without any coding.
7. Employee shall be able to update his profile i.e. he/she can update location, extension,
mobile number, photographs etc, which will require approval through workflow.
3.1.12.Workflows
New portal shall support both generic and customized workflows. All the existing workflow
data shall be migrated to the new system. New portal shall not be limited to the following
workflow features:
New portal shall support both generic and customized workflows. All the existing workflow
data shall be migrated to the new system. New portal shall not be limited to the following
workflow features:
1. Use workflows to control the access to, verification and eventual approval of Web
content. If an item is approved at all stages up to a published stage than only it could be
viewed on the web site.
2. Changing an item's Status from Draft to Published. I.e., the item is available on the
rendered site.
3. An item will only be published once it has entered a workflow stage containing a publish
action, and when the selected published date and time has been reached.
4. Changing an item's Status from Published to Expired. This means the document is no
longer available on the site.
5. An item will only be expired once it has entered a workflow stage containing an expiry
action, and when the selected expired date and time has been reached. It will create
appropriate alert to notify the user. One could be able to create new email actions and
specify who the recipients will be.
6. Capability to select e-mail approvers, authors and owners. Capability to create list of
other users or groups to e-mail.
Page 17 of 54
Page 18 of 54
and the SEBI user is sent reminder in case it is not closed on time. Responses
sent back by applicant for clarifications are auto attached to workflow. This action
has due date defaulted to 45 days.
i. Perform ATR (Action Taken Report) Search User can perform ATR search
and attach the results to the application (case). Once the required results are
obtained, the user can save the search results into system with date and time
stamp.
j. Approve Allows the user, depending upon Intermediary and the type of
operation being performed, to Approve the application. User can perform the
approval action in bulk. Also in case the user does not have the authority to
Approve, the request can be further Recommended to higher authority. The
Recommendation option can also be performed in bulk.
k. Conditionally Approve - Allows user to Conditionally Approve. (User approves
the applications based on conditions). There shall be a periodic report sent to
Dos for applications conditionally approved. This report shall be sent to Dos and
copied to DCs every month.
l. Reject In case the application is rejected, notification will be sent to the
applicant for the same. The applicant can reply back within 30 days. If applicants
do not come back within 30 days, then workflow will be stopped, else it will be as
it is.
m. Reopen - Reopen option is present for use where the application has been
previously closed, but a new workflow is being started for existing application
internally. This has to be initiated by SEBI. The reason for reopen needs to be
provided and captured in flow. The status of application needs to be checked;
once approved, a new registration number shall not be allowed to be generated.
The reopen option can also be used for converting the application status from
conditionally approved to approved or for extending the period of conditional
approval for the application.
n. Return back to DO DC/authorized Users can send the application back to DO
for further refinement by providing his comments. This option will be visible to
everyone above DO.
o. Suspension In case of any discrepancy (fraud, court orders, legal
investigation), DO can suspend the registration. The Suspension can be for a
defined period or for indefinite period. The registration entries and related entries
to registration (schemes, certificates, sub-brokers in case of brokers,
subaccounts in case of FII etc) are updated in database and reflected as
Suspended. In case of Broker, the suspension will result in cascading effect on
Sub-Brokers / Derivatives / Currency Derivatives.
p. Revocation Revocation occurs for the suspended registrations.
q. Fees Before/ After Approval Fees module is initiated and user is intimated
about the amount with a link to fees form in notification.
r. Cancel The registration entries and related entries to registration (schemes,
certificates, sub-brokers in case of brokers etc) are updated in database and
reflected as cancelled. In case of Broker, the Cancellation will result in
cascading effect on Sub-Brokers / Derivatives / Currency Derivatives.
s. On-Hold The DO can put the current application processing on-hold by
stating the reasons.
8. In case of updates or surrender process no processing fees are required.
Page 19 of 54
9. The application is rejected in case the Application is incomplete, and user is request to
perform necessary actions. The application can be closed once the request is approved
and processing is complete.
10. An FYI mail is sent to the concerned Intermediary once the registration or certificate
number generation / rejection has been provided.
3.1.13.Business Process Monitor (BPM)
Generic BPM engines shall be in the place for designing and customizing the workflows as
per the SEBI requirements i.e.
Proper process engine shall be in place for modelling and executing the process
based application including different business rules.
Proper business analytics shall be in place to generate customized reports on the
basis of individual requirements in addition to the readymade reports. Dashboards
shall be provided to view different statistics.
Proper content management system shall be in place for storing and securing
various attachments submitted with the workflow.
Proper collaboration tools must be there so as to provide discussion forums, dynamic
workspaces and message boards.
Page 20 of 54
Automatically generate fully functioning user interfaces for each of the portlet
modes, including view, edit, and configure.
4. Dynamic Profiling:
a. The tool must have the capability to helps developers quickly and easily create
multiple, highly customized applications from one code base, all without
requiring additional code changes, redeployment of files, or publishing of HTML
and JSP. The tools must allow developer to apply different profile values to the
Builders to generate multiple applications with varying presentation, business
logic, data sources, and workflows.
b. The tools must allow creation of unlimited number of adaptive, role-driven
applications that change on demand.
3.1.16.XML Based Data Exchange Forms
Tools must be provided to IT as well as Non-IT users to design XML based offline
interactive forms so as to allow the users (both internal and external) to provide data for the
various purposes according to respective roles and responsibilities. These forms will store
data XML form which could be easily uploaded in the existing databases i.e. tool should
describe a machine-interactive form that consumes data produced by another machine,
performs some calculations and scripts, and then submits the updated data to another
machine. The sources of data could be a data base front-end, a barcode reader, or a client
application submitting data.
XML forms generated by the tool should provide the following capabilities, but should not be
limited to the following:
1. Workflow: Data presentation, data capture and data editing, application front-end,
printing.
2. Dynamic interactions: From interactive, human edited forms with dynamic calculations,
validations and other events to server-generated machine-filled forms.
3. Dynamic layout: Forms can automatically rearrange themselves to accommodate the
data supplied by a user or by an external data source, such as a database server.
4. Scalability: Single-page static forms, dynamic document assemblies based on data
content, large production runs containing hundreds of thousands of transactions
Page 21 of 54
Users should be able to trigger the following action via these forms; however these actions
should not be limited to the following:
1. Calculations. Entering data into a field should cause the values of other fields to be
recalculated.
2. Data checks. Entering data into a field should initiate a series of validity checks on the
entered value.
3. Web Services interactions.
4. Submission of data to a server.
Forms should have the following accessibility and navigation features; however these
features shall not be limited to the following:
1. Visual clues. Fields should display default values that provide hints about the desired
input values. In addition to fields, XML form may aid the user, by providing radio
buttons, check boxes, and choice lists.
2. Accelerator keys. An XML form should include accelerator keys that allow users to
move from field to field, by typing in a control sequence in combination with a fieldspecific character.
3. Traversal order. An XML form should be defined with a traversal order, which allows the
user to tab from one field to the next.
4. Visual aids. XML form should specify text displayed when the tooltip hovers over a field
or a subform.
An XML form processing application can be requested to print both a blank and filled form
as well. The data for the filled-out form can come from a database, from an XML data file
generated by an application, or from a previous interactive session or sessions in which
data was manually entered. During this process, the form may be printed with print view
which differs from the view seen by users in interactive sessions. For example the print view
might have the following differences; however it should not be limited to the following:
1. Signature fields appear as underlines for hand-signing rather than as widgets for digital
signing.
2. Some of the data on the form is printed as barcodes rather than text.
3. Summary data is computed and printed on the first page of the form.
Solution Partner needs to design the various XML forms using the tool as per the SEBIs
requirement, which will be discussed during the requirements gathering phase.
3.1.17. Custom Applications Development
Solution Provider (SP) would be required to develop the following custom applications with
migration of existing data:
1. Applications catering to Intermediaries requirements:
i. Registration: Fresh registration, Renewal and Cancellation
ii. Payment and computation of fess payable by intermediaries
iii. Filing of compliance reports
Page 22 of 54
Page 23 of 54
3.1.18.Data Sources
New portal shall be able to integrate with various data sources; however these data sources
shall not be limited to the following:
1. Microsoft Mail & Messaging System: Workflow shall be integrated to send mail to
outside and inside domain in addition to the essential business requirements.
2. Enterprise wide databases: Integration with enterprise wide databases as illustrated at
Custom Application (3.1.16).
3. EMC Documentum: Following but not limited to features shall be implemented while
integrating the new portal with EMC Documentum:
a. It shall be integrated with the ERP in such a way that user can see the scanned
documents in ERP uploaded through documentum.
b. Workflow notifications received in DMS shall trigger alert/pop-up in Portal.
4. Visitor Management System (VisiteX System): Calendar integration with the VisiteX
system.
5. ERP: HRMS and Finance.
6. Library System:
a. Integration with the Libsys.
b. Search/request books.
c. Alert for pending library books shall come on portal.
d. Request for procurement of new books via workflow approval.
7. Microsoft Active Directory: Integration with the existing Active Directory.
a. Scores System: Programming the entire workflow.
8. SEBIs Website New portal shall be integrated with the SEBI website www.sebi.gov.in
so as to upload the information from database and portal.
9. Data-Warehouse Business Intelligence System (DWBIS): SSO shall be provided with
the appropriate dashboards and analytics.
10. 3 COM VCX SYSTEM:
a. Integration should be done in such a way that end user can call directly from
portal.
b. Call history integrated with the employee self-service.
The integration shall be bi-directional and data-flow based. The Solution provider may
provide & implement prevalent and proven technology to achieve the comprehensive,
effective and efficient integration between heterogeneous systems as per SEBI's
requirements.
Page 24 of 54
3.1.19.Search Facility
There shall be enterprise search facility available on Portal that enables the end user to
search structured and unstructured data. Data Sources could be but not limited to ERP
system, enterprise wide databases, EMC's Documentum, Mail and Messaging, Databases,
file-system, websites, within portal, Internet, user desktop, visiteX system, Library systems
etc. User shall be able to search in a single search command. Response time to these
searches shall not exceed 3sec, if all the option is selected; this time shall be estimated on
fully populated data capacity. When user is typing to search any text, suggestions shall
automatically be displayed to user. Information searched shall be in presentable form as
decided by SEBI. Search engine shall have the following features; however these features
shall not be limited to the following:
1. Intelligent Search: The proposed portal system must have a built-in search engine that
shall be able to:
a) Crawl web sites, portal document manager, file systems etc different data sources for
the purpose of indexing the content/pages. It shall be able to configure periodic
crawls per content source, and collect documents from multiple content sources into
a single collection.
b) Provide internet style search capabilities, for example:
i.
ii.
iii.
iv.
v.
c) Supply enriched result page view including summaries and other relevant metadata.
For example, this can be the author, description, and keywords of the document, if
available.
d) Allow for categorization of incoming documents using either a predefined static
taxonomy, or a simple rules based taxonomy which can be defined by the user.
e) Apply filter rules for the crawler to determine what pages are to be fetched and
indexed and allow for optionally approve documents before they are added to the
collection and the index.
f)
Allow editing of document metadata, including the title, author, description, date, and
categories.
g) Search content/pages using Portal supported local language, e.g. Hindi etc.
h) Summarizer. The Portal Search Engine shall returned a summary for documents
which have a certain narrative quality, that is, they are coherent, and above a certain,
'telegraphic', length. The summary consists of the most salient sentences of the
original document. You can set the number of sentences which the summarizer
returns in the summary.
Page 25 of 54
i)
Predefined static taxonomy and categorizer. Portal users can use the Categorization
Facility to build applications that automatically determine the subject of documents
which fall within any of these areas.
j)
Have available easy to use search centre that provides tabs for users to select
different sources. These sources shall be protected by portal security based on
access permissions given to users on them and thereby make different search
sources available to different users or user groups. Hence, users shall see only the
tabs for search collections for which they have access.
2. Search Broker: The portal system must include a search broker that support searching
across distributed, heterogeneous, structured, and unstructured data sources through a
single point of access, without having to create its own indexes. It must include the
following capabilities :
a) Be able to rank the search results according to relevancy. The SP shall specify how
the ranking mechanism works and whether users or system administrator can make
adjustments to the ranking criteria.
b) Able to return summary content for each search result via portlets.
3. Federated Search:
a) Be capable to perform search and retrieval, but not limited, to the following sources
(in addition to the data sources mentioned above):
File servers (Both Unix and Windows file server, PDF, Text file, PostScript).
Web-based Intranet
Subscription websites
Media File (JPEG, GIF, TIFF, MP3, WAV, MIDI, MPEG, MOV, AVI)
Desktop
b) Provide data listener for external content, this would provide open API to allow the
product to access nonstandard data sources and also provide ability to quickly build
a bridge to non-supported data sources.
c) Allow users to save a search.
d) Provide the ability to hide results from a particular source.
e) Provide the ability to perform complex & sophisticated queries using special query
operators like +, -, and ().
f)
Page 26 of 54
g) Be able to present the search results with respect to the access control rights set in
the source databases.
h) Be able to get result coming from different sources on the same page.
i)
j)
Be able to find the most relevance and most relevance document on the first page
and rank the search results according to relevancy. The SP shall specify how the
ranking mechanism works and whether users or system administrator can make
adjustments to the ranking criteria.
m) Be able to track top searches and top visited documents or links. For example, the
search engine will display top 10 searches in a portlet
n) Specify whether the search engine supports, but not limited to, the following search
methods :
Context-based search.
Federated search
Boolean search
Wildcard search
Fuzzy search
Metadata search
Aggregated search
o) Provide details on how the search method works and list all the file format supported
by the search engine.
p) Provide details on how the search crawler works. The search crawler shall support
ad-hoc crawls, schedule crawls and incremental crawls.
q) Describe the indexing method used by the search engine and where the indexes are
stored.
r) The search engine support related search suggestion or hyper linking. This means
that a search on a particular keyword will invoke searches on other related topics.
The search engine shall display the related search suggestion results in a portlet.
s) The search engine support content aggregation.
3.1.20.Audit, analysis and reporting tools
Audit, analysis and reporting tools shall have the following features however these features
shall not be limited to the following:
1. Provide audit, analysis and reporting tools to track the portal system usage.
2. Be able to track, analyse and generate reports on, but not limited to, the following area :
Page 27 of 54
Error conditions
g) Security violations
h) User account management
i)
3. The audit tools must allow the admin user to generate and view report by schedule or
ad-hoc.
4. The audit tools must allow the admin user to display report using user ID or IP
addresses.
5. Different types of reports shall be available. These reports shall not be limited to the
following:
j)
Workflow Report
k) Module Report
l)
Visitors Report
Page 28 of 54
d. Business rule creation module shall provide authorized users to create business
rule.
However SP is free to explore other authentication mechanism options as well instead
of integrating RSA with the new portal.
2. User Management: User accounts and their password management shall be possible
using either
local database
of appliance or
through integration
with
LDAP/AD/Radius/Oracle OID existent in the organisation.
3. Certifications: The entire appliance shall have third party certifications and ICSA lab
certifications.
4. New Portal shall support the VPN SSL for different type of users for example internal
users, external users, retired employees etc.
5. New portal shall be integrated with the DMS OID.
6. Portal framework must support user authentication with multiple user repositories (e.g.
LDAP servers) at the same time out of the box without requiring custom development.
7. Provide role based security features.
8. Support objects level security (e.g. portlets, pages etc.).
9. Support document level security.
10. Respect and inherit the access control rights imposed by the underlying application,
database or repository when integrate with enterprise application.
11. Provide facility for portal administrator to configure the login attempts and portal timeout.
12. Allow for user password to contain at least eight alphanumeric characters.
13. Support encryption such as SSL.
14. Password tool shall be provided to analyse the password strength.
3.1.22.Portal and User Administration
Portal Administration shall not be limited to:
1. Provide web-based administration interface.
2. Allow portal administrator to create, update and delete ad-hoc users and user groups
without affecting the actual users in LDAP. Allow portal administrator to assign users to
groups.
3. Allow portal administrator to delegate the administration function to authorized users
and user groups to specific virtual portals and pages. The authorized users and user
groups will in turn define the content, themes, skins, page layout, portlets of the virtual
portals and pages presented to the other users or user groups.
4. Allow portal administrator and those authorized personnel to define the access control
for each user and user groups to virtual portal, pages, links, portlets.
Page 29 of 54
3.1.23.Miscellaneous Requirements
1. Personalisation: User shall be able to personalise his Portal page according to his/her
choice by rearranging/reordering/hiding/showing of menu item/tab. Personalisation
shall not be limited to the following:
a. Be capable of presenting personalized content based on individual user's profile
or role.
b. Allow portal administrator to create and assign users to groups; group
memberships will in turn define the content and layout of the portal.
c. Allow users to customize their portal page layout and the process shall be simple
and user-friendly. This includes, but not limited to, manipulation of portlets
layout, add and remove portlets, change portal themes and skins.
d. Allow users to configure themes, skins and page layout based on the role of the
users.
e. Allow users to customize their portal page by selecting the list of available
portlets from the portlets catalogue. The available portlets shall be readily
integrated with the SEBIs existing applications.
f.
g. Support multi-languages. The portal systems shall also allow users to select
their language preference and automatically convert portal user interface to the
language preference.
h. The portal shall support tagging feature for Portal pages and must have a tag
center to organize user tags.
2. Rich Content Management: Live feeding of telecast, like our Chairmans address, and
shall be able to play any media (.avi, mpeg etc.) file.
3. Chat/Blog/Discussion /forum: Solution provider shall provide and implement these
features for end users.
4. Database: All running databases with entire data have to be upgraded to available latest
version of Database. Importing of all data, customisations etc from previous version is
also to be carried out. Solution Provider has to tune the database so that it can perform
to its optimal performance. They may redesign the database to enhance the
performance.
5. Live RSS feeds from external website. User shall be provided the option to subscribe
particular feeds based upon his/her requirements.
Page 30 of 54
3. Flexibility
Page 31 of 54
The solution should have the ability to design and develop new application and reports with
minimal customisation. Configuration may be accomplished with a robust metadata-driven
design as well as tools for adapting the user interface and navigation without programming.
Rules/Role based access and authentication methods to adapt the solution to business
process requirements.
4. Usability
The solution should be modular and component based so that an existing component can
be used to design new functionality or to interface other solutions.
5. Accessibility
The Solution should be accessible and workable from any operating system, browsers and
their corresponding updated versions.
6. Redundancy
The solution should be redundant enough in areas of servers, usable ports on switches,
firewall etc.
7. Portability
The Entire solution should be workable from any hardware, operating system, browser,
mobile device and their corresponding upgraded versions. Transition of solution shall be
completed as soon as possible when latest versions are available.
4.1.2. Solution components
The components required to supply, install, develop and maintain are, but not limited to:
1. Hardware (servers, storage, backup devices etc.).
2. Network and Security solution (switches, firewall, two factor authentication solution,
Single sign on etc.).
3. Systems software (operating systems, interface software etc.)
4. Packaged Portal and ERP Solution
5. Custom application software
6. Integrated development platform
7. Ancillary services (documentation, training, structured cabling, racks and associated
cabling, support etc.)
8. Version Control Software
9. Performance Monitoring tool
10. Integration middleware between different applications
11. Application server/Web server etc.
Page 32 of 54
It is envisaged that the proposed SEBI PORTAL system will be accessed by the users from
SEBI LAN, WAN and mobile devices. Solution Provider shall provide the necessary solution
to meet the objective
If SEBI desires to relocate the data centre for SEBI PORTAL to any other location during
the implementation/post implementation, the Solution Provider shall assist in de-installation
and reinstallation for entire solution. However, this exercise may be on chargeable basis
4.1.4. Hardware/ Sizing/ Performance Requirements
The Solution Provider must size the components of the proposed SEBI PORTAL to meet
the throughput, capacity and performance.
The solution should be able to handle the volume of data as per number of users given in
below table and the response time as given in business requirements shall be met as a
minimum requirement.
Further, the performance requirements with respect to various components of the solution
architecture are as follows, but not limited to:
1. Data acquisition
a. Data which is required for application will be collected and uploaded by
internal and external users to the SEBI Portal on a daily basis using XML
technology.
b. Any additional data required will be identified at the time of System
Specification and
suitable collection and loading procedures will be
finalized.
2. Current data size
a. Existing application data size is 2.5 TB (Primary Site).
Page 33 of 54
Active sessions:1000
Active Users:50% of Active sessions
Mobile Users:50%
Peak Users:70% of Active sessions
Year on Year(YOY) growth:30%
Current Strength:20000
Active sessions :5%
Active Users:50% of Active sessions
Peak Users:70% of Active sessions
YOY:10%
Investors
Data Access
Number of complaints:10000 pm
YOY:10%
Page 34 of 54
5. There will be other users also accessing the system in a limited way. The system
should support additional users with limited access provisions. These users will be part
time users to support audit, intermediary registration etc.
6. Scalable and upgradeable architecture: SEBI envisages in-box scalability with the
provision to enhance the capacity of the proposed solution on demand. It is to be noted
that the configuration proposed by the Solution Provider completely meets all the stated
requirements and in addition should be field upgradeable to handle the future
requirements. Proposed Solution should be upgradable in both horizontal (ease of
plugging the new applications) as well as vertical (adding more number of users)
manner.
7. Maximum permissible start-up time for the complete portal solution should not exceed
thirty minutes threshold.
4.1.5. Functionality of the solution components
SEBI proposes to segregate the logical functionality from the physical servers, e.g. separate
servers for applications, authentication-authorisation-access, databases & business
intelligence etc. Following is an indicative list of components and features envisaged,
however Solution Provider may alter the list as per their proposed solution but not limited to:
1. Servers/Environment
a. Production Environment
b. Development Environment
i. Quality Control and Testing servers
ii. UAT server
iii. Disaster recovery servers
2. Software
a. ERP, Portal and Databases
b. System software
c. Application server, authorisation servers software
d. Business Intelligence tools, Reporting, Charting tools
e. Identity management, secure login, authentication & authorisation
f.
Custom applications
Page 35 of 54
Page 36 of 54
Any additional data required will be identified at the time of system specification and
suitable collection and loading procedures will be finalized. This includes data collection
from exchanges, market intermediaries, investors, regulatory database, Ministry of
Corporate affairs (MCA).
4.1.8. Support
Solution Provider must demonstrate capability to provide a high standard of on-going
product support.
1. The location from which support is provided.
2. How support is to be provided (on-site, call basis, telephone, fax, e-mail etc.).
3. Number and skill levels of support staff.
4. Tools used to record and monitor support calls.
5. The problem escalation process for unresolved cases.
6. Ability to provide support for problem diagnosis and rectification.
7. The standard service levels for support provided.
8. Committed response times from call-out, to expert-on-site and commitments for time-to
rectify.
9. Onsite resident engineers support strategy.
4.1.9. Performance Monitoring & Tuning Tools
1. The proposed solution must be able to perform infrastructure aware application triage,
i.e. pin point network issues causing application degradation.
2. The proposed solution must determine if the root cause of performance issues is inside
the monitored application, in connected back-end systems or at the network layer from a
single console view.
3. The proposed solution must proactively monitor 100%of real user transactions; detect
failed transactions; gather evidence necessary for triage and diagnosis of problems that
affect user experiences and prevent completion of critical business processes.
4. The proposed solution must gather available performance indicator metrics from all
within real-time production environments and real user transactions 24x7 with minimal
overhead on monitored applications without sampling.
5. The proposed solution must provide for easy dynamic instrumentation of application
code, i.e. be able to enhance out of the box monitoring with extra monitoring definitions
without having to restart application.
6. As a means of detecting poorly performing SQL, the solution must be able to proactively
record all SQL calls, and report on the slow performing ones. The SQL measurements
must be made from within the monitored application not using an external database
agent.
Page 37 of 54
7. The proposed solution must be able to report on any application errors occurred while
executing application functionalities and pinpoint exact place of error within transaction
call stack.
8. The proposed solution must provide for at least 2 levels of thresholds which can be set
on alerts and provide for actions so that alerts can automatically trigger other processes
when thresholds are breached. The proposed solution must not necessitate any
changes to application source code.
9. The proposed solution must proactively identify any thread usage problems within
applications and identify stalled (stuck) threads.
10. The proposed solution should allow SQL statement normalization by aggregating
hundreds of related SQL statements into a single performance metric using regular
expressions and pattern matching.
11. The proposed solution must monitor individual web service and performance transaction
debugging for web services. The proposed solution must also monitor web services
across multiple processes.
4.1.10.Development Environment
Since SEBI is envisaging long term development scenario, a separate development,
environment for Development, UAT and quality control (QC) is requested for SEBI. The
Solution Provider shall provide its own project accommodation and facilities, however
reasonable access to the SEBI facilities during development, installation and testing phases
will be provided. Access to the development environment during development, testing and
implementation shall be provided by the Solution Provider for SEBIs technical team. SEBI
reserves the right to take a final decision on this at the time of award of contract.
The Solution Provider must propose adequate solution including, but not limited to
1. Development site.
2. Hardware infrastructure (typically a scale-down environment with computing platform
identical to the production environment).
3. Relevant software.
4. Software development life cycle tools/database development kit.
5. Software testing tools.
6. Version control, software deployment and change management tools.
7. Any other tools that may assist the development.
8. Training in all the proposed tools.
9. Access and facility for SEBI IT project team.
4.2. Networking, Security and Controls
4.2.1. Specifications for Network, firewall and switches
SEBI envisages connectivity to its portal through LAN/WAN/VPN/Internet/Mobile
accordingly the Solution provider should provide networking equipments.
Page 38 of 54
Page 39 of 54
Page 40 of 54
4.2.11.Access Control
The Solution Providers response shall specify in detail the proposed access control regime,
including administration, operational and audit operations both at system and application
level. The requirements for access control are as follows
1. secure, auditable management of user-ids, access rights, passwords and tokens
2. passwords to be a minimum of eight characters and to have a parameter driven lifespan
after which users will be required to change their passwords
3. there will be a parameter driven inactivity delay after which users will be logged off
4. the ability to setup user groups of users with access to the same functionality and to
limit the functionality of users to just those functions that they have a need to perform
(roles and rules based)
5. detection and reporting of illegal attempts to access the system or functions within the
system
6. the maintenance of a secure, auditable log of access to the system, identifying user-id,
date, time, functions accessed, operations performed etc
4.2.12.Change Control
The solution must provide mechanisms to prevent fraud or error arising in the course of
implementing changes to the system. These mechanisms would be expected to include
segregation of duties, acceptance testing and computerised processes for introducing and
authorising new applications or changes
4.2.13.Database Access and Control
Solution Providers response should describe how the following features are implemented in
the system.
1. the confidentiality of information
2. data protection and database access controls
3. database security
4. user privileges
4.3. Enterprise Backup & Recovery Solution
The Solution Provider shall supply and implement proper enterprise backup and recovery
system that will cover entire SEBI PORTAL and its associated components. The Solution
Provider shall identify, supply, install, maintain and document the system components
required for adequate backup and recovery mechanism for the proposed solution including
DR site.
The backup and recovery solution may include but not limited to:
1. backup of all networked servers & storage
a. data backup
b. system backup
Page 41 of 54
2. periodic archives
3. hardware devices
a. tape libraries
b. auto-loaders
4. backup management software
5. secure storage of backup media
6. backup and recovery procedures including off-site storage
The estimated backup time for:
1. entire data backup (raw and associated secondary data) is 30 minutes
2. Entire data recovery and system restoration (complete data, system, etc.) is 60 minutes.
4.4. Business Continuity Planning (BCP)
The Solution Provider shall analyse all the processes and categorise them as critical and
non- critical (non-urgent) functions/ activities. A function may be considered as critical if its
functionalities affect the smooth functioning of the SEBI processes. Accordingly, the
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for both critical and
non-critical components should be considered as mentioned below:
During the disaster, staff will access the SEBI portal through Internet/broadband with limited
functionality so that optimum utilisation of the band-width can be achieved. It is required that
disaster site will be replica of the primary site .SEBI envisage that following applications will
be available as per given scenarios.
The identified scenarios that form the basis of the business recovery plan should be
recommended and documented. The business and technical plan requirements should be
documented in order to commence the implementation phase. The plan requirements should
cover, but not limited to the following elements which may be classified as ICE (In Case of
Emergency) Data:
1. The numbers and types of desks, whether dedicated or shared, required outside of the
primary business location in the secondary location
2. The individuals involved in the recovery effort along with their contact and technical
details
3. The applications and application data required from the secondary location desks for
critical business functions
4. The manual workaround solutions
5. The maximum outage allowed for the applications
Page 42 of 54
6. The Solution Provider should design the most cost effective disaster recovery solution
that meets at least two main requirements from the impact analysis stage, but not limited
to:
a. The minimum no of application and application data requirements
b. The time frame in which the minimum no of application and application data must
be available
4.4.1. Documentation of the Disaster recovery plans should include following, but not
limited to:
1. The crisis management command structure
2. The location of a secondary work site (where necessary)
3. Telecommunication architecture between primary and secondary work sites
4. Data replication methodology between primary and secondary work sites
5. The application and software required at the secondary work site, and
6. The type of physical data requirements at the secondary work site.
4.4.2. Implementation and Testing
After implementing the analysed solution plan, solution provider should test all the
process / applications individually, in group and in totality. Following should be included in
the testing of the BCP, but not limited to:
1. Crisis command team call-out testing
2. Technical swing test from primary to secondary work locations
3. Technical swing test from secondary to primary work locations
4. Application test
5. Business process test
4.4.3. BCP testing Schedule
Solution design should include BCP/DR test / drill quarterly after successful implementation
of BCP/DR to be carried out by Solution Provider. Problems identified in initial testing phase
or any test/drill should be rolled in planned and time bound manner
4.4.4. Maintenance of BCP
Maintenance of a BCP manual should be categorized into three periodic activities, but not
limited to:
1. Confirmation of information in the manual, roll out to all staff for awareness and specific
training for individuals whose roles are identified as critical in response and recovery. To
keep data accuracy changes that should be identified and updated in the manual should
include following, but not limited to:
2. Staffing changes
3. Changes to important Solution Providers/suppliers and their contact details.
Page 43 of 54
4. Departmental changes
5. Testing and verification of technical solutions established for recovery operations should
include following, but not limited to:
a.
b.
c.
d.
e.
The solution provider is expected to prepare acceptance test plan and test cases for user
acceptance test and obtain sign-off from SEBI before starting UAT. The solution provider is
also expected to bring their domain expertise and should share that with SEBI team while
collecting requirement from SEBI users.SEBI envisages this project shall not take more
than fifteen months to complete all phases. First deliverable should come within five months
of LOI
Page 44 of 54
Solution provider may evaluate the dependencies and may propose earlier implementation
methodology. The Solution Provider must submit a detailed phase wise implementation
plan identifying project tasks and milestones. These would include, amongst other things
but not limited to:
1. contract negotiation
2. project establishment
3. site preparation
4. Infrastructure (hardware, network, business intelligence system etc.) deployment.
5. tasks required to complete detailed design/specification
6. tasks required to complete build/customization
7. tasks required to complete software installation and testing
8. data migration processes
9. tasks required to complete each testing phase.
10. tasks required to complete documentation.
11. tasks required to complete procedures development.
12. tasks required to complete technical and user staff training.
The Solution Providers plan should identify duration of the customisation design phase
and the nature of the outputs that phase will produce:
1. Nature and duration of each proposed testing phase (Preparation of test plans is a
project deliverable. Preparation of a test plan for user acceptance for agreement and
execution by the SEBI is a project deliverable.)
2. Nature and duration of each proposed conversion phase.
4.5.2. Evaluation of Time Frame & Effort Estimation
The Solution Providers response should make detailed recommendations as to stages of
project implementation. The Solution Provider is also required to submit the details of the
effort estimation in person months for undertaking the various activities envisaged under
implementation. The Solution Provider shall also furnish the list of profile of the
professionals identified by the Solution Provider for the implementation of the proposed
solution. The said profile of the professionals shall include but not limited to:
1. Titles
2. Qualifications
3. Experience
a. project of similar nature
b. overall
Page 45 of 54
4. Domain expertise
5. Skill sets
6. Certifications etc.
4.5.3. Documentation
The Solution Providers response must identify the documentation that it proposes to
provide. Full document shall be provided to address the following areas:
1. technical/system manuals for software products to be supplied by the Solution Provider
2. any technical manuals required for the operation of the interfaces
3. user operations manuals for the developed applications
4. software requirement specifications
5. data models and data mapping documents
6. data modelling and ER diagrams
7. data flow documents
8. operational manual for systems administration
9. check lists, data reports and process manuals for daily operations support
10. design documents both HLD as well as LLD, with proper details of database design,
algorithm and data structures used.
11. requirement traceability matrix to show the requirement mentioned in the RFP, and its
corresponding mapping with the section number in the proposal, SRS, design docs,
implementation details, hardware info, function names and file name in the source code
if applicable, corresponding test cases numbers and section number in the document
manuals.
All manuals shall be supplied in English, in 3 hard copies and soft copy.
The Solution Providers method for updating documentation to reflect changes should be
explained.
4.5.4. Source Code
The Solution Provider shall provide the source code of the application software developed
for the proposed solution to SEBI. All source code shall be provided with all relevant
information such as SRS, Design doc etc. with proper details and mappings.
4.5.5. User Procedures
The Solution Providers response must identify how the it proposes to work with the SEBI to
write the user and technical procedures required to support the operation of the system and
shall specify the procedures that the Solution Provider proposes to provide. Fully
documented procedures shall be provided to address at least the following areas:
1. Technical procedures for the installation, updating and operation of software products to
be supplied by the Solution Provider.
Page 46 of 54
2. technical procedures for the installation, updating and operation incorporating any
Solution Provider customisations for the SEBI, and including procedures for recovery
from failures and migration to the DR site.
3. User procedures for the operation of, data entry to, enquiring of and reporting from the
SEBI Portal.
4. Procedures for system shut down, start-up, backup and recovery.
5. Procedures for data archival and data restoration and generating reports from these
data.
Solution Providers proposal shall also include the necessary documents for user and
operational procedures for basic system operation.
All manuals shall be supplied in English, in 3 copies and soft copy.
The Solution Providers method for updating procedures to reflect changes should be
explained.
4.5.6. Training
The Solution Providers response must identify how the Solution Provider proposes to
develop and provide training to the SEBIs user and technical staff to ensure that they are
fully conversant with, and capable of undertaking, the roles that they will be required to fulfil.
The training on system administration, databases, data warehousing, data mining, business
intelligence tools etc. should be provided by principal / OEM vendor.
The Solution Providers response shall clearly indicate the following details but not limited
to:
1. topic of the training
2. number of days
3. location
4. nature of training (technical / functional / both)
It may be noted here that in case of any training to be conducted outside Mumbai, the
expenses arising out of travel, lodging, boarding, incidental etc. will be borne by SEBI.
Since there is a need to train large set of users, train the trainer concepts shall be
considered.
All documentation, training materials including trainer guides, user guides, workbooks and
other materials shall be provided with the training. The Solution Providers response shall
propose how on-going training of new user and technical staff shall be conducted.
The Solution Provider shall propose the method by which technology transfer to the SEBIs
Information Technology Department and user staff will be maximised over the life of the
project. The SEBI regards this as an important component of the project. Training module
should be designed for each category of user (Information Technology Department and
user staff).
Page 47 of 54
4.5.7. Testing
The following tests (where applicable) must be conducted and the results of each test must
be documented in the test manual
1. Application tests on all applications
2. Redundancy failover (Boot, Power, Network & Fiber test as applicable etc.)
3. Server failover
4. Cluster functionality
5. Load sharing test
6. BCP/DR
7. Response test for Enterprise search as mentioned in business requirements
8. Performance Testing
a. Stress test
b. Volume testing
c. Configuration testing
d. Compatibility test
e. Timing testing
f.
Environmental test
g. Recovery testing
h. Vulnerability test
i.
9. System Integration test of all existing & new equipment involved in this network project
a. Application response time test
b. Robustness Test
c. Maintain a log of any problems after commissioning. The log shall indicate
the date, time of occurrence, measures taken in resolution, preventive
measures and classification of problem into critical, major and minor.
Test team will comprise of various users
The test must be able to simulate the existing and future application profile & characteristics
of the applications
4.6. Other Technical Requirements
1. The components proposed for this project should support IPv4 and IPv6 and should be
configured and implemented based on these two technologies/protocols
Page 48 of 54
2. Proposed solution will have its own network, racks, server, etc. and will be implemented
on different network IP address. However, it has to be integrated functionally and
operationally with existing setup by the Solution Provider.
3. Solution Provider should submit health status
server/storage/portal/ERP etc. quarterly till AMC period
report/capacity
utilisation
for
4. Upgrade & update: The entire software / hardware / networking / etc. product proposed in
the solution should include the updates for the entire warranty & support period as
mentioned in the RFP. For upgrade of the software/ hardware/ licenses / memory/ hard
disk / CPU/ etc. Solution Providers should provide the list price for all such equipment/
software/ hardware/ licenses / memory/ hard disk / CPU /etc. along with final price; SEBI
will calculate the discount offered on each item. SEBI will avail of such discount while
placing order for such upgrade in future, and these would be applicable for the entire
warranty & support period as mentioned in the RFP.
5. All the custom applications label should be displayed in dual language (English and
Hindi). (Dual labels are already implemented in custom applications)
6. The timings of all the servers, applications and appliance clock should be synchronized
and it should be in sync with existing IT setup
7. All servers should be rack-mountable, and on dual supply mode of electricity
8. Solution Provider should perform performance tuning of this project in entirety as may be
needed to comply with SLA requirements on a continuous basis.
9. Solution Provider should perform data storage management activities including hardware
storage configuration, taking regular backup, restore and archival etc.
10. The Solution Provider will be required to conduct system audit for this project annually
and the audit report should be submitted to SEBI
11. All the proposed servers/hardware/storage and network components should support
SNMP for monitoring.
12. File System Management
13. Solution Provider should provide and implement the version control software
14. Dedicated load balancer: The Solution provider has to provide a dedicated multi DMZ
load balancer with multiport support for the Load balancing of various applications of
SEBI Portal's Firewall. This load balancer will be used for load balancing existing and all
the new applications. This will act as a main load balancer for multiple applications.
Therefore the solution provider should consider high availability, robustness, support for
multiple applications, support for accessing virtual desktops, high throughput, failovers
etc. while designing the dedicated load balancing solution.
4.7. Change Management Procedure
During the course of implementation, it may be found that certain functionalities have been
missed out in the Requirement Gathering Phase. The Solution Provider would be required to
incorporate these functionalities as part of this project. We estimate that effort for such
functionalities would be 10% of the total effort estimated for the implementation of the project
and the Solution Provider shall provide these services at no additional charge to SEBI.
Page 49 of 54
Solution Provider shall be responsible for collation of all such enhancement requests
submitted by SEBI. The process for entering an enhancement request shall be agreed and
set out in the contract. Change Control Requests (CCR) for enhancements will be generated
by SEBI clearly defining the functionality and desired calendar time for the implementation.
The Solution Provider shall provide SEBI with a written estimate of the effort necessary for
the implementation of the requested enhancements. Upon approval by SEBI, the Solution
Provider shall prioritize development and carry out implementation of the enhancements in a
controlled and efficient fashion.
Any enhancement effort in addition to the included Enhancement Effort shall be provided on a
time and materials basis at the rates agreed by the parties in this regard and set forth in the
agreement that would be entered with Solution Provider.
The Solution Provider should provide details of effort estimation methodology followed
internally to calculate the effort estimates including the tools and strategy used.
The Solution Provider shall also provide a detailed post-implementation / post go-live change
management system including but not limited to:
1. change request procedures
2. software development/customization
3. software testing
4. quality control
5. version control
6. Documentation which includes design details, test cases executed vulnerability analysis
etc. in addition to the user documentation.
In order to ascertain the road map of the proposed solution, the Solution Provider shall submit
an assessment of following items but not limited to:
i.
ii.
iii.
Page 50 of 54
Criteria
%age
Marks
(200)
Solution Provider
capability including
proven relevant
experience
20%
40
Understanding of SEBIs
requirement
20%
40
Proposed IT
infrastructure Hardware,
Software, Network and
Security etc.
30%
60
Proof of Concept(PoC)
30%
60
TOTAL
100%
200
%age
Marks
(200)
Solution Provider
capability including
proven relevant
experience
20%
40
Understanding of SEBIs
20%
40
Criteria
Vendor
B
Vendor
A
..
Marks scored
Vendor
N
Vendor
A
Page 51 of 54
requirement
Proposed IT
infrastructure Hardware,
Software, Network and
Security etc.
30%
60
Proof of Concept(PoC)
30%
60
TOTAL
100%
200
1. Portal Home Page: Features and functionality offered in the PoC shall be aligned to
2.
the responses to the RFP. A representative home page featuring (a) to (j) as describe
below.
a. SSO feature
b. Two factor authentication solution
c. Multi-device (channel) support e.g. Desktop, iPad, mobile etc.
d. Ease of addition/modification/deletion/expiring of new portlet.
e. The ease of navigation and personalisation by the end-users.
f. Suitable notifications feature.
g. Multi-language support.
h. Portlets
i. Live feeds
j. Dashboards
ERP
a. Employee Self Service (ESS):
i. Dynamic org chart with suitable search facility.
ii. Demonstration of a leave (casual and ordinary) application workflow (rules
are provided below).
iii. Integration of leave record with calendar (e.g. availability of officers for
scheduling the meeting)
iv.Leave record integration with Regulatory workflow (concept of link officer)
v. Book reimbursement claim for an employee with uploading any pdf/doc
files.
Page 52 of 54
file attached
Regulatory Workflow
a. Prototype for registration workflow
i. Interface for intermediary to load XML based registration form with
validations (A sample form is provided below).
ii. Regulatory approval of registration.
iii. Application will be validated by Dealing officer (During this step, DO should
be able to verify the details from action taken database). After verification,
it will come to Division Chief(DC).DC will peruse it and forward to Head of
the Department (HOD)
iv. Application will be approved /rejected by the Head of the Department. He
may seek more info before approving/or rejecting the application
b. Free-Form reports on Action Taken Database.
DropDown List
Page 53 of 54
Workflow descriptions
Please refer to workflow section in Business Requirements
5.3.2. Commercial Evaluation
The commercial proposals will be opened only for the Solution Providers who will be
technically qualified. Solution Provider will be selected under the L1 criterion.
**********************************************
Page 54 of 54