Professional Documents
Culture Documents
Non Functional Requirement
Non Functional Requirement
Non Functional Requirement
Please share documents / diagrams to explain and describe your technical set up (logical architecture and
SA1
integration architecture).
Describe which elements of your solution are provided or managed by other suppliers and how you will
SA2
ensure a joined up end‐to‐end solution for Kenya Airways?
Solution Architecture
SA3 Describe what elements of your solution are configurable.
SA4 What is your roadmap for the next 36‐months?
Licensing
What is the Licensing model of the proposed solution? In that can you subscribe to differing license
LI1 Licensing
types in details and the difference
Scalability
SC1 Describe how your services can scale to meet the needs of Kenya Airways?
Can we dynamically change the number of subscriptions and how is this reflected in the charging
SC2 structure? If not, how often can we vary the number of users that we pay for and what is the minimum
increment?
Scalability
How have you built resilience into your system? What options are available to us, and are there any areas
SC3
of weakness we should be aware of in the end‐to‐end user experience?
Can we dynamically change the number of subscriptions and how is this reflected in the charging
SC4 structure? If not, how often can we vary the number of users that we pay for and what is the minimum
increment?
Project Implementation Strategy
PM 1 Demonstrate the approach for successful implementation of the proposed solution
PM 2
Demonstrate you commitment to involve appropriate resources by enclosing the resource matrix in the
response to this scope.
PM 3
Implementation Strategy Clearly defined plan for deployment and ongoing management that minimizes complexity and business
risk
PM 4
Provide details of local representatives along with a tentative plan for planning, designing, testing and
deploying the proposed solution.
PM 5
Describe the project management tools that are typically used during your implementations (e.g., work
plans, meetings, conference calls, status reports, work flow charts, issues log and resolution, staff
management, etc.). Attach examples of your project management tools to your Proposal submission.
PM 6
Describe Proposed problem resolution/escalation process, including identification of the Engagement
Manager.
PM 7
Describe your process for change control; cost management approach, risk management plan and
communication plan
Project Management
PM 8
If your fit/gap analysis determines gaps, how do you handle those gaps? Provide examples of gaps you
have found and solutions you have implemented.
PM 9
Please provide a detailed explanation of the data migration process.
PM 10
Explain your testing process including types of testing, methods for resolving discrepancies, tools, and
criteria for ensuring the testing is complete.
PM 11
Describe how you have addressed communications and change management during other
implementations, suggest how this might best be managed during this project and the resources and skill
sets needed to be allocated towards this effort both by Contractor and Kenya Airways
Change Management
PM 12
Do you have a range of change management offerings? If so, please explain what is included within them,
and a cost range associated with each if any
PM 13 Indicate your involvement in process review and re‐engineering for Kenya Airways Consulting? Its at a
cost or part of the project implementation fees?
Development and Testing Environment
Describe the number of environments provided during implementation and after go live at no extra cost
DT1
(I.e Development; Test; Pre‐production; Production, DR)
Describe the development and testing environments that are provided. Include limitations in terms of
DT2
number of users and data?
Is it possible to have multiple operating and testing environments – for example by subsidiaries within a
DT3 holding company of Kenya Airways? Are there any additional costs involved in having these additional
environments?
DT4 Describe how we would load test data in the pre‐production environment?
DT6 What is the SLA for the environments?
DT7 Describe how developments are released to live (and approximate downtime)?
DT8 Can changes be rolled back? How is this done?
Can you outline how you ensure how our configuration would continue to work after a major platform
DT9
release (include testing strategies etc.)
DT10 Is there any cost to us whilst the application is not live / is being developed?
What type of scalability is provided for additional computing power – CPU, RAM, Storage? Costs? Time to
DT11
implement?
Network
NW1 What are the typical network bandwidth requirements for a user to use your system?
NW2 Please explain your approach to the reduction of network traffic?
NW4 Please provide a network profile of a standard user interaction including turnaround times?
NW5 What is the minimum latency expected for the application to work
Hosting Provider & Data Location
Please tell us the physical address location(s) of the Data Centre(s) where any backups are
HP 1
stored?
Who provides the infrastructure on which our solution will run (trading names of your permitted
HP 2 subcontracted supplier(s))? What choices do we have about where this is, and how it is set up
and managed?
Provide the architecture diagrams for all layers? Business, Application, Integration, Data &
HP 3
infrastructure layer diagrams?
HP 4 What is your approach to configuration management?
Hosting Provider &
Data Location How do you ensure safe change management of your software and hardware solutions? Provide
HP 5
details on whether backups are encrypted and who holds/manages the encryption keys?
What is your business continuity plan – to manage catastrophic events? What is the name of
HP 6
your disaster recovery (DR) provider and the location address of the DR DC?
HP 7 What is the retention period of data if we stopped using your services?
HP 8 Is data stored in a proprietary or non‐ proprietary format?
HP 9 Are we able to access this data format, e.g. using open source / non‐proprietary tools?
We would test to access this data using these tools at regular intervals. Please confirm that you
HP 10
agree to this?
Usability and Compatibility
UC1 Describe your browser Support & Compatibility policy?
UC2 What is your mobile browser and device policy (and on which operating systems/versions)?
UC3 How do you cope with conflicting data changes – i.e. 2 users update the same data?
Does your system require any specific software (or plugins ‐ like Flash) to run and if so what
UC4
versions are supported?
Describe any limitations around device usages with your account – i.e. using iPhone + iPad +
UC5
desktop
UC6 Describe your process for deleting data from redundant devices.
Usability &
Describe how your system supports people with disabilities. Does it comply with various
UC7 Compatibility
legislations?
Describe what level of training can be offered to users and administrators (and where?) Describe
UC8
the training approach in detail.
UC9 Describe how your system supports multi‐language and what are these languages?
UC10 In terms of development, how are these able to support multi‐languages?
Do you support personalisation for the user? that is they can set up their profile and personal
UC11
settings as they choose?
UC12 If a restore is needed, would any user settings also be restored?
Data, Backup and Recovery
BU1 Describe your business continuity plan
Describe your capabilities around backup and restore at system and partial data level and under
BU2
what time periods?
BU3 Describe any restrictions (freezes) to the system associated with backups?
BU4 Who is responsible for backup and recovery? Frequency of Back up?
Can you describe how a backup can be automatically scheduled and can it be parameterised /
BU5
tailored?
BU6 How does your platform manage referential integrity of its data?
Are there constraints for example data/API (application programming interface) limits? What
BU7
happens when a data/API limit is approaching? For example does it notify an administrator?
BU8 Describe your process for data archiving / purging?
Provide details of your ability to allow off‐site/on‐premise archive capability to allow Kenya
BU9 Airways to operate with “last archived/synced” data set in the event there is disruption to
service provider offerings and/or connectivity?
BU10 Data, Backup and Describe how data is permanently deleted from your systems?
BU12 Does the application sit in a dedicated or a shared environment?
BU13 If it a shared environment, how is the data segregated from other shared environments?
BU14 What type of data architecture is implemented? Diagrams?
BU15 How is security managed in the shared environment? What controls are in place?
Who has access to the infrastructure, hardware, software, data? Ask for specific info on the roles
BU16
& responsibilities of administrators, profiles, hiring practices etc
BU17 What application & data access audit logs are available? How often can you get this?
How is the primary data encrypted? What encryption schemes are used? Who has access to the
BU18
decryption keys? How often is this tested?
How is the backup data stored? Is the data in raw files or encrypted format? What locations are
BU19
the backup data stored? Who has access to this backup data?
BU20 What type of investigative support is provided in cases of breach?
Is the vendor is acquired, sold or dissolved? What options are available to get the data? Costs?
BU21
How is the data wiped out of the environment?
Ownership and Security
OS1 Who would “own” the data that we might hold in your systems?
If your platform is a Multi‐tenant architecture describe how you can ensure that no “data bleed”
OS2
happens between companies on your systems?
OS3 Please describe the granularity of roles and the level of access each role has?
Does your Application provide for some sort of role management, such that one user can take
over the functions of another without having to know the other's password.
As a Cloud based system, describe your Security model from both application access and
OS4
database?
OS5 Describe your audit capability in terms of user and data activity?
Ownership & Security
OS6 Following on from the last question, does audit activity contribute to the user data allowance?
OS7 Can you restrict access to certain audit and logging views to ‘privileged’ users?
OS8 What is the retention period for audit / activity logging? Is it configurable?
OS9 What is the retention period for collaboration data? Is it configurable?
Describe what the data allowance is comprised of? for example audit, collaboration, data,
OS10
activity, logging and so forth
Describe how Kenya Airways might choose/configure (geographically) where our data is held?
OS11
For example to meet with data and EU regulations?
Integration
IN 1
Describe how data is migrated/imported into your system ?
IN 2
What mechanisms of Integrations do you support?
IN 3 Describe the application programming interface (API’s) and web‐services you provide that can be
used by developers or for integration to pull and push data and how do you do this
IN 4
Are the APIs secured and encrypted?
Can you outline how we extract/export data from your system back into our own and what
IN 5
format/protocols do you support?
Integration
Over and above the user/month cost, are there associated fees for making system‐>system calls?
IN 6
For example limits to bandwidth/data transferred or API calls made?
Describe how we can share data with other organisations associated with Kenya Airways
IN 7
(holding company and subsidiaries) both on and off platform?
Describe how we can stop sharing data with other organisations associated with Kenya Airways
IN 8
(holding company and subsidiaries) on the platform?
How do you support integration with other software systems, specifically provide information
IN 9 regarding Tableau Software and Splunk? Please indicate a typical solution architecture for
integration and a typical cost per interface?
Transition Services
Describe your approach to implement cut‐over to the new services including configuration, system and
TR1 scenario testing, data migration, network and security set‐up and any dependency on Kenya Airways
business or IT resources?
TR2 Describe how you will provide training on a “train the trainer” basis?
TR4 How will you provide support to ensure the stabilisation of the new solution after go live?
Describe the environments that will be used for transition and your roll back strategy to ensure business
TR5
continuity
TR6 Describe transition team composition
What types of credits are available if SLAs are not met?
SL 2
Are the terms & conditions of the contract tied to the SLAs?
SL 3
SLA
Is the exit strategy tied to the SLAs?
SL 4
Is there a regular meeting (monthly/quarterly) to review the SLAs, issues, requests?
SL 5
Who will be part of the SLAs meetings?
SL 6
How are the issues escalated if the SLAs are not complied? Who can we escalate to in the
SL 7 management team?
Support
Explain how your standard telephone support and escalation process works.
SU 1
Is it possible to bypass first level support and gain immediate access to more experienced engineers?
SU 2
Are you providing this service to any of your current customers?
SU 3
Please describe your escalation process for unresolved issues.
SU 4
Please provide an overview of your Technical Support department and processes
SU 5
Support
What are your normal hours of support should our users or Administrators need assistance? How are
questions outside of normal hours of support handled?
SU 6
Please describe how you plan to ensure that Kenya Airways receives high service levels, immediate
responsiveness and prompt turnaround.
SU 7
Can you provide a single point of contact and telephone number for all service inquiries?
SU 8
Please describe your options and process for submitting the following:
•Service /IncidentsRequests
SU 9
Describe the reports to be configured to show performance,resource utilzation and database uptime
SU 10
Performance Metrics and
Include any additional material referenced in your proposal that is essential to Kenya Airways informed
Reporting
review,
SU 11
Proposed Name Level 1
Name
Proposed Name Level 2
Proposed Name Level 3
SU 12 Escallation Contacts ??
Proposed Name Level 4
??
Proposed Name Level 5
??
Performance
As a “Software as a Service” (SaaS) provider, can you describe your software release process and how it
PF1
affects service availability levels?
PF2 Describe any limits of concurrent user usage in the system?
What controls do you have in place to monitor and flag performance issues and what access would we
PF3
have to that information?
PF4 How do you ensure we meet our SLAs across the world and on the network edge?
Performance
What kind of measures can be made to performance tune an instance and who would undertake them
PF5
(with associated cost)?
PF6 Does your platform provide any analytical tools for the user if so, describe them?
PF7 How many Severity Incidents have you had in the last 3 years. Outline in detail each incident
PF8 What SLAs do you offer on performance as standard?