Request for Proposal (RFP): CrewWatch Application Rewrite

1. Introduction
This RFP invites proposals from vendors for the modernization of the CrewWatch application, shifting
from an Apache Wicket application with an Oracle backend to a more modern, scalable architecture.

2. Project Overview
CrewWatch, integral to our operations, currently operates on three different code bases for our distinct
customers. The application requires modernization to address existing limitations and to streamline its
architecture.

3. Objectives
The primary objectives of the rewrite are:

 Transition from the current monolithic architecture to a microservices-based approach.

 Replace the front-end technology with React.js for a more responsive and maintainable user
interface.
 Migrate the backend database from Oracle to an ANSI-Compatible version with a proof-of-
concept instance of CrewWatch running in PostgreSQL.
o Migration process for existing customers from Oracle to an updated ANSI-Compatible
version of Oracle as well as being able to support PostgreSQL
 Merge the three existing code bases into a single unified code base.
 Implement configurable modules to cater to individual customer requirements.
 Enhance scalability, performance, and maintainability.

4. Technical Requirements
Front-end: Implementation of React.js with MUI design system.

Back-end: Update to latest Spring Boot with database migration to an ANSI-Compatible version with a
proof-of-concept instance of CrewWatch running in PostgreSQL, with a focus on data integrity and
seamless transition.

Code Unification: Strategies for merging the three distinct code bases into one, ensuring minimal
disruption.
Customizability: Develop configurable modules or settings to tailor the application according to each
customer's specific needs.

Architecture: Shift to microservices to improve scalability and maintenance.

Security and Compliance: Adherence to the latest security standards and compliance requirements.

Testing and Deployment: Comprehensive testing, including unit, integration, and system tests, and a
robust CI/CD pipeline.

Below is a high level overview of the existing application size and structure.

Number Description Notes

Product
1 Current tech stack is outdated with no support for some,
architecture/design
· Wicket
· Spring 2.x [milestone version]
· JDK 1.8
· SOAP
· Oracle
· IBM MQ
· Jboss 6.3/7.4 Tomcat 9.54
Current UI framework is outdated and hard to maintain. Wicket
2 UI redesign
Responsive design for better mobile experience
3 UX architecture Screen mockups, BA review
5 Upgrade JDK As tech stack is upgraded, codebase needs to support latest JDK
Upgrade Quartz
6 26 jobs
scheduler/background jobs
7 Collection screens Most widely used screens in CrewWatch
8 Admin screens 33 Screens
9 IT Admin screens 5 screens in total
10 Random Screen 7 Screens
11 Follow Up Screens Screens 8 Screens
12 P-R-O Screens 2 screens
13 A-C-S Screens 2 Screens
14 Agency Screen 1 screen
15 DER screens 9 Screens
16 Manager screens 1 screen
Train And Employee
17 2 screens in total
Random screens
18 Assing Manager screens 2 screens in total
19 Guides Screns 5 screens in total
If we go with Postgres, make sure it is ANSI compatible; Some
20 SQL optimizations
performance tuning
Existing security model is hard to maintain. 8 roles. IDS
21 Role security redesign (AD/SM)integration(AuthN) AuthZ - RABC - Model after CrewPro
security
 22 Code coverage Minimal or NO code coverage
23 Code Quality/Linting Run sonar scan to determine the code quality/linting.
24 Static Code analysis Fortify scans
25 Dynamic Code analysis GitHub advanced security - to address medium, high and critical CVEs
26 External Pen testing Penetration testing by internal & 3rd party certification
Comparative Testing -
27 Legacy vs New QA Automation to validate primary functions in both versions
28 External Integration Around 7 Integrations

5. Software Development Standards and KPIs

• Code coverage -> 60%

• Pass Sonar Scan for Critical and Blocker Issues

• Pass Fortify and Tenable (Static and Dynamic) Scan with no High & Critical issues

• No CVE vulnerability issues

• All CVEs > 9 are resolved

• All CVEs > 7 that are only library changes are resolved

• Branch code coverage > 60%

• No secrets (requires utilization of CyberArk at UP)

• All test cases reviewed and signed off by PST

• All automated test cases pass

• Automated test coverage of 100% depending on if all are automatable

• Artifacts - Documentation related to the project - Architecture, Design, any screen mockups, test
cases and /scenarios and monthly progress reports

6. Vendor Requirements
Expertise in React.js, Spring Boot, microservices architectures, and PostgreSQL.

Experience in merging multiple code bases into a unified system.

Ability to create customizable solutions for different clients within a single application.

Proven track record in similar modernization projects.

7. Proposal Submission
Proposals should include:

 Methodology for the front-end, back-end migration, and code unification.

  Plan for creating customizable modules for different clients.
 Proposed project timeline, milestones, and cost breakdown.
 Case studies of similar projects.
 Team composition and experience.

8. Evaluation Criteria
Proposals will be evaluated based on:

 Compliance with technical and customization requirements.

 Experience in similar projects.
 Cost-effectiveness and project timeline.
 Innovation and approach to problem-solving.