Invitation to Tender (Appendix A)

Appendix A

/46

The Hong Kong Institute of Architects (HKIA)

Total Solution of HKIA CMS Web System with Membership Administration

Invitation to Tender (Appendix A)

Copyright © 2020 by The Hong Kong Institute of Architects. All rights reserved. This document is supplied purely for the purpose of assisting vendor to respond to this invitation to tender, no part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) for any other purpose.

Contents

1 Introduction

1.1 Project Goals and Objectives 1.2 Purpose of this Invitation to Tender 1.3 Procurement Timetable 1.4 Tender Evaluation 1.5 Proposal Submission and Enquiry 1.6 Proposal Content

2 Background

2.1 Institute’s Background related to the HKIA Web 2.2 Current HKIA Website with Membership System 2.3 Proposed Technical Environment

2.3.1 The proposed minimum hardware requirements of the CMS System 2.3.2 The proposed minimum software requirement of the CMS System 2.3.3 The proposed minimum Firewall specification 2.3.4 The proposed minimum backup solution

3 Scope, Tentative Programme and Scale of Systems

3.1 Scope 3.2 Tentative Programme 3.3 Scale

4 Key Requirements

5 Technical/ Hardware Requirements

6 Demonstration and Proof-of-Concept

Appendix A

/46

7 Cost Information Requirements

7.1 Detail Cost 7.2 Payment Terms and Determination

7.3 Warranty 7.4 Liabilities of the Vendor

8 Operation and Technical Support Service

9 Implementation Services

10 Use of third parties

11 Supplier Information Requirements

11.1 General Information 11.2 Proof of Supplier's Sound Financial and Company Standing 11.3 Evidence of Capacity to Deliver Contract Requirements 11.4 Other

12 Implementation Requirements

13 Collusion and Inducements

14 Confidentiality

Appendix A

/46

1 INTRODUCTION

1.1 Project Goals and Objectives

The Hong Kong Institute of Architects (HKIA) requires a single, comprehensive and holistic centralized and computerized system for the Membership Administration for members’ data submission or others. Such web site must be designed as Content Management System (CMS) approach.

Scope of work:

- Provide total solution for system development, online payment, membership operations, database and websites revamp services and technical support.

- Visual and architecture design of the system(s) - Build the online payment (Should be based on HKIA payment rules/policies) - Database must be migrated and restructured at new system to match the

news features and enhance the existing functions. Remark: The new system must migrate all existing features with better approaches.

- Must synchronize data from new Database server to original MMS with necessary data and files (included photo and e-documents) to keep operation of other internal systems

- Member Area must include the following features: ➔ Membership information (For details, please check section 3.1 Phase1) ➔ Online Payment (For details, please check section 3.1 Phase1) ➔ Documents sharing to members (For details, please check section 3.1

Phase2) ➔ Location for external web page for questionnaire or other e-Forms (For

details, please check section 3.1 Phase2) ➔ Can record personal history of taking up positions in HKIA such as OBs,

Council Members, Board Members or other committees / taskforces / workgroups, etc (with date/year)

➔ Can filter with records and extend the periods for specific members for HKIA servicing

➔ Can record for any donation or contribution to HKIA - All the membership Area features can be modified and updated through

Administration page - Can bulk export membership data inside database with filtering criteria as e-

document format (e.g. CSV) AND bulk import data into database - Prepare a Users’ Acceptance Test (UAT) plan for testing and fixing

bugs/problems after the product(s) delivery and within 1 year after the launch of the system

- Provide detailed plans for security test and load test for the systems - Provide detailed plans for backup/restore solutions and proceed testing - Provide area for the following features: ➔ Job Posting ➔ Membership Benefit

Appendix A

/46

➔ Documents Sharing ➔ Essential message alert (e.g.: Alert for event or upload missing

documents) ➔ Consultation (Has area for members to leave comments) ➔ CPD event handling (Included CPD event/Video automation, online data

upload and registration, new records generation) All be based on HKIA’s further information provided for Awarded Vendor.

➔ “JoinHKIA” ➔ Area to post and link with HKIA related 3rd sources websites ➔ Change some standard hardcopies to E-forms with specific level of

content management about the related E-forms or templates (e.g.: http://old.hkia.net/en/Resources/PC_%20Stage_HKIA_Complaint_Form_160312.pdf) Subjected to HKIA provided to Awarded Vendors

List of general requirements:

- Website should be run on personal computer in mainstream version of MS Windows (with the latest updates from Microsoft), Apple MacOS, Tablet and mobile phone (Windows, Apple, Android, IOS)

- Website should adopt web accessibility design and conform to the World Wide Web Consortium’s (W3C) internationally recognized Web Content Accessibility Guidelines to the level AA (Double A conformance)

- Web code used should not be easy clone (e.g. PHP) instead of HTML - Such website must run on Microsoft IIS platform. - Web content can be updated by End-users themselves instead of amended

web coding (i.e.: CMS approach may be the case) - Change in using HTTPS instead of HTTP for web operations. Data transfer in

between network devices should be protected or encrypted (if any) and/or propose with no data leakage way for data transfer. Remark: Cost must be listed in proposal for the related solutions

- All design should be in secure approach (e.g.: URL variable must be as hidden or encrypted format) i.e. Web code should not be leakage of membership related parameters (even shown error page)

- Utility the latest software system/version for the CMS system which can be compatible to the HKIA current system but allow graduate update of the HKIA computerizes system

- Should provide the total solutions for Backup/Restore the websites/Database - Should provide the total solutions for Disaster Recovery about the

websites/Database - Maintain the data and system in security (for both hardware and software level) - Enhance the professional image of the HKIA - All necessary hardware and software with license should be included (e.g.:

Windows, Antivirus) in the project (if any). Remark: Antivirus application selection must be matched with HKIA existing or planning usage.

http://old.hkia.net/en/Resources/PC_%20Stage_HKIA_Complaint_Form_160312.pdf

http://old.hkia.net/en/Resources/PC_%20Stage_HKIA_Complaint_Form_160312.pdf

Appendix A

/46

1.2 Purpose of this Invitation to Tender

Vendors are invited to tender for this project. Vendors will be evaluated according to their past experience, company profile and client reference. HKIA is not bound to accept the lowest or any tender we receive. Vendors are abided by the anti-bribery and anti-collusion clauses attached in the Appendices to the Tender Invitation Letter. Vendors are invited to submit the tender with the required documents listed in Appendix A, B, C and TVP related document for the evaluation and decision by the Selection Panel.

1.3 Procurement Timetable

Action Schedule

Tender open for submission 4 May 2020

Tender Submission Deadline 7 May 2020,

12:00pm noon (Hong Kong Time)

Evaluation by Selection Panel May 2020

Shortlisted vendor will be contacted for interview

May 2020

Final Discussion Meeting by Selection Panel (if any)

May 2020

Further clarification with shortlisted vendor (if required)

May 2020

HKIA reserves all rights to change the above schedule due to unexpected situation and will notify the vendors or short-listed vendors on HKIA’s discretion.

1.4 Tender Evaluation

Tenders will be evaluated according (but not limited) to:

• Company relevant IT project experience

• Company profile

• Proposed team structure responsible for this project with their CVs

• System security

• System stability

Appendix A

/46

• System extendibility

• System support and maintenance

• Customer services

• Source code management

• Hardware requirement

• Development and implementation schedule

• Costs of the software including firewall system and related hardware required

• Compatibility among different OS, ie. Windows, android, iOS and/or Mac

• System maintenance and software upgrade requirements and its cost

• Annual recurrent running cost and the escalation formula for 5 years

1.5 Proposal Submission and Enquiry

The vendor has to submit the proposal and required document (as stated in Appendix B & C) in 2 full sets and TVP related document (Model Clauses in Probity and Non-Collusive), plus a soft copy in PDF format (CD/DVD). The proposal has to be in a maximum of 50 A4 pages, single line spacing typed with Arial font type and 12 point font size.

The proposal shall be email to [email protected] or submitted in a sealed envelope marked conspicuously Confidential – Tender Document for the CMS Revamp for The Hong Kong Institute of Architects and send to the tender box at 19/F, One Hysan Avenue, Causeway Bay, Hong Kong on or before 12:00pm on 7 May 2020 (Thursday) in Hong Kong Time. Late submission will not be considered.

Remark: The Technical document and Price-List document must be submitted separately.

For enquiry

Contact Person: Mr. Alex Lo, IT Manager

Tel.: 2805 7306

Email: [email protected]

Address: 19/F, One Hysan Avenue, Causeway Bay, Hong Kong

1.6 Proposal Content

The vendor proposal must be concise and stated clearly on how the vendor will provide the services for the development and implementation of the website to

mailto:[email protected]

mailto:[email protected]

Appendix A

/46

achieve the objective of the project and fulfill the requirements stated in this document.

i. Proposed Solution Vendor shall give a clear overview of the proposed solution to identify key features and functionality as stated in the requirement. All possible growth and integration considerations as well as the possible project risk must be stated. Vendor shall show at least 3 pages of web design to show the concept of the solution plus 1 page of Membership area and 1 page of Administration page. HKIA reserves all rights for design change after the award of tender based on the actual operation needs.

ii. Response to the Functional Requirements Vendor shall respond to the compliance of each specified requirement listed in the section of the “Functional Requirements”. Vendor shall describe how each specified requirement will be fulfilled. Vendor shall propose the preliminary screen layout design, work flow diagrams and narrative explanation. Failure to supply the information will be considered in the evaluation as a measure of the vendor’s ability to deliver a qualify service. Vendor should provide clear and professional consultation for HKIA if found predicable issues or possible/potential problems from HKIA’s suggestion.

iii. Response to the Technical Requirements Vendor shall respond to the compliance of each specified requirement listed in the section of the “Technical / Hardware Requirements”. Vendor shall describe how each specified requirement will be fulfilled. Vendor shall propose the preliminary system architecture report with schematic diagram with narrative explanation. Failure to supply the information will be considered in the evaluation as a measure of the vendor’s ability to deliver a qualify service. Vendor should provide clear and professional consultation for HKIA if found predicable issues or possible/potential problems from HKIA’s suggestion.

iv. Limitations Vendor shall provide information on any known limitations and/or issues with the product(s) and service(s) being offered. Contract/Services Agreement for awarded Tender MUST fulfill all criteria from HKIA Tender and/or HKIA Supplementary documents (if any). If a requirement

Appendix A

/46

is only “partially” met, vendor shall clearly specify in proposal and explain in details. Failure to do so, it will impact the score for the evaluation.

v. Dependencies If there are any potential or known events that might affect the delivery of the services(s) including the requirements, the implementation and support services, schedule, cost and etc., vendor shall clearly state in the proposal.

vi. Future Requirements Vendor shall clearly state the process of future upgrades, including how it will be managed and how it will be integrated with other hardware or software systems. There is an easy and simple interface to reset the passwords for all related system accounts (e.g. SQL database connection account). As the database with all data and tables are owned by HKIA, HKIA has full rights to implement for other systems’ usage.

vii. Price/Cost Vendor shall clearly state the price/cost of the services for the project. All price/cost MUST be counted with each milestone/service/section completion*. The price/cost shall be broken down by major milestones and services themselves of the project. The standard hardware and system software shall be clearly stated, but their price/cost can be excluded from the price/cost to be charged by the vendor if those items can be purchased from the 3rd party vendor(s) by ARB with discount. Vendor shall propose the price/cost which is stated on the section “Cost information Requirements”. Beside of the preparation cost, payment should be settled only if the Vendor’s output can be passed from User Acceptance Test (UAT). At least 10 - 15% of total contract payment should be hold and paid AFTER warranty period(s) without non-settled issues. i.e. if defect or outstanding items cannot be completed within the warranty period, the related payment will NOT be released even expired warranty period (until ALL settled). For example: Suggested payment schedule as follows: (Can be negotiated as items may be changed on or before awarded the contract)

Payment Schedule % of Contract Price

Upon Tender Award 10%

Confirmation Layout Design and System Configuration

10%

Completion of UAT (Should break down to components) - Migrate/Restructure Database - Migrate current website (included content) to new

70%

Appendix A

/46

- Built/migrate membership/RA Area with related profiles

- Online Payment - Bulky Data Export/Import - Email feature (link to our existing email system) - Change/amend hardcopies/existing e-forms to new - API to 3rd Parties - Searching Engine - Job Posting - HKIA Daily New - CPD (Event Management) - Consultation - Reference Material - Members Benefits - Advertisement

6 months after System Go Live (warranty period(s)) 10%

viii. Implementation Schedule

Vendor shall submit a project plan to cover the following key milestones for each stage of the project. (All schedule MUST be counted the period by using the DATE instead of DAYS)

A. Delivery of functional and design specification B. Delivery of system architecture report C. Delivery of data dictionary D. Delivery of test plans for system integration test, stress test and user

acceptance test E. Delivery of service level agreement F. Delivery of operation manual G. Completion of hardware configuration H. Completion of software configuration and customization I. Submission of system integration test result for review and verification J. Submission of stress test result for review and verification K. Submission of any other project deliverables which include, but not

limited to, source codes, executables and etc. L. Provide training and submission of training document. M. Commencement and completion of user acceptance test (UAT) N. System in production

ix. Operating and Technical Support Service Arrangements Vendor’s level of performance shall, at all times, be consistent with acceptable industry “best practice” standards. Vendor shall describe the approach to service management including: proposed service level

Appendix A

/46

agreement, strategy for documenting service levels and performance against such service levels; and format and frequency of reporting.

x. Security Vendor shall state clearly what level of security will be implemented in the website and OS platform level and how it will be achieved and tested.

xi. Vendor Qualifications Vendor shall provide its company background, experience, qualification and a list of previous customers with contacts and description of the products/services provided for HKIA’s reference check (if required). Vendor shall assign its staff to provide the development, implementation and support services to the system.

xii. Resource Deployment Plan Vendor shall submit the resource deployment plan to list out the roles of the staffs with their names, qualification and experience. The roles of staff shall include, but not limited to, the project manager, systems analyst(s), programmer(s), operation support, technical support and service centre staff. HKIA should be updated at the earliest availability if there are any changes on the details of the above listed members during the project period.

xiii. Assumptions Vendor shall clearly identify any assumptions made in order to fulfill all the requirements of the project.

xiv. Alternative Offerings/Suggestions Vendor is welcomed to propose alternative offerings/suggestions, but those alternative offerings/suggestions shall be proved to give a better quality of service in respect to the efficiency and functionality. Vendor shall clearly state if the proposed alternative offerings/suggestions will incur any additional price/cost of the project and/or annual maintenance service.

xv. Any optional hardware, software and services Vendor is welcomed to propose any optional hardware/software and services and state clearly the pros and cons of each item in compared to the original proposed item. Vendor shall clearly state if the proposed

Appendix A

/46

optional hardware, software and services will incur any additional price/cost of the project and/or annual maintenance service.

xvi. Website ownership HKIA should own all the related asset, including source code, database, servers for the whole website as it is the basic requirement of this project. HKIA should have full rights to use, add, delete, modify and any re-engineering work on the website (including the source code). Vendor should NOT place its company logo or related information on HKIA website without HKIA’s official written approval.

xvii. Any other relevant information Vendor may add any other relevant information that will facilitate HKIA to make a decision for vendor selection.

xviii. Progress submission Vendor should provide the breakdown progress (counted by DATE) to HKIA as project timing control. For any updates/changes of progress timeline, it should be approved by HKIA. HKIA reserves all rights for project extension, penalty or termination if project overruns.

xix. User Acceptance Test (UAT) For each milestone/function/service, Vendor must pass the User Acceptance Test (UAT) with HKIA’s signature and confirmation before HKIA arranging the payment. The format and “approval” content items for UAT Form should be submitted to HKIA for verification before using for testing. HKIA should have full rights to accept or reject the output from Vendor.

xx. Penalty

HKIA reserves all rights to terminate the contract and/or charge the loss from Vendor.

List of some sample cases but NOT limited to the followings:-

- Expired the agreed schedule

- Re-sales any HKIA CMS concept (with the similar/closed layout) for other companies)

- Leakage of Data related to HKIA information and other related data to external parties

Appendix A

/46

- Design cannot fulfill HKIA’s requirement

- Found the poor financial/management status about Vendor which may affect the completion of the project (Example but not limited to.: bankrupt)

- Identified with worst performance about project (e.g.: Failure to capture end-user’s requirement clearly but work with negative result. After warning through warning letter or other channels, the case cannot be improved)

- Found essential cases that need to report/approve from HKIA (Please see Section 10 as sample, but not limited to)

- Found illegal action for the project (e.g.: installation of non-license or illegal software(s)

- Found illegal results about company or co-linked company for other project non-related issues (e.g. have legal actions from other companies to such Vendor or Vendor related companies, e.g.: the same person as ownership for both companies)

HKIA also reserves all rights to claim over-paid from Vendor as if Vendor cannot complete the project AND/or HKIA has confirmed to terminate the project including but not limited to the above-mentioned cases.

2 BACKGROUND

2.1 Institute's Background related to the CMS system

The Hong Kong Institute of Architects (HKIA) has around 4,000 members.

Our existing membership area cannot fulfill existing operational requirement and data have to be updated in 2 different databases. It is a lack of common environment for existing web link to share membership information through the member’s Area with online payment and allow members to amend specific personal information. There is an absence of functions to handle Registered Practices (RP) issues. The design of the web content is using an outdated design format with insecure and inflexible content update approach.

2.2 Current HKIA Membership System

Appendix A

/46

Current HKIA Membership database system is running on a VM server with Windows Server 2000 and MS SQL 2000. The hardware specification is as follows :

• CPU : Intel Xeon E5606 2.13Ghz, 1U

• RAM : 2GB DDR3

• Drive : 150GB

• Database file size: ~ 10GB

Current HKIA web system is running on a VM server with Windows Server 2016. The hardware specification is as follows :

• CPU : Intel Xeon E5606 2.13Ghz

• RAM : 8GB

• Drive : 500GB

Current HKIA membership system is running on a physical server with Windows Server 2003 SP2. The hardware specification is as follows :

• CPU : Intel Xeon E5405 2Ghz

• RAM : 3GB

• Drive : 500GB

The software specification is as follows :

• Web and Membership System is running with PHP script

• Database Records : all HKIA members (all types) with CPD or other records

ExistingExisting Database Functions:

1. Membership data (HKIA members, Registered Architects, Corporate member) modification

2. CPD (video) Hours and CPD Declaration form data modification 3. Export function of membership data 4. General membership data analysis 5. Membership data report 6. Import function of various membership data 7. Import variable for membership renew or registration

2.3 Proposed Technical Environment

The vendor’s proposed system should be based on the latest OS system in the market such as Mac, Window 7/8/10 and iOS 12 and 13 (or latest version before the project completed). The proposed system should be compatible to the main stream OS in the market, at least the users can view the system in mobile and different platforms, e.g. tablet, android, iPad and different iOS/Android devices and

Appendix A

/46

on different versions of web browser, e.g. IE 11 or above. Also the System could be compatible in plugging in to our current membership system and website; and for the future growth, to easily plug in to the revamped website or other systems.

Web server and database server are proposed to be hosted in HKIA office or Data Centre for better and secure hosting environment of 7x24 unlimited power supply, with backup device for web and database servers’ backup and recovery, firewall for servers and network security.

If it is necessary to host with cloud-based platform, Vendor should list and show the proof for protection against data leakage and all possible potential security risks. If it is found failure about the protection, HKIA should reserve full rights to request Vendor to fix the related issue without any additional payment to Vendor.

Vendor has to propose the hardware and software at the beginning of the project for end-user’s preparation and is responsible for the setup, installation and migration/revamp of data/database;

If it is needed to set at cloud-based environment, Vendor should be responsible for the setup and installation of servers and Firewall. Remark: All the hardware, software (included cloud-based system), registration domain and other items within the project MUST use “The Hong Kong Institute of Architects” as registrar and owner and HKIA must own passwords for all accesses.

HKIA staffs have full access right for the mentioned system/OS Platform during the project period to housekeep and supervising.

Remark: For on-premise solution, hardware/solution may not need to quote BUT Vendor should suggest the possible hardware/software configuration for HKIA’s preparations.

For cloud-based solution, the firewall MUST be proposed which need to fulfill the basic requirement for section: 2.3.3.

Vendor should cover all the cost of items which are missed to propose at the beginning stage about project at the vendor’s own expenses.

2.3.1 The proposed minimum hardware requirements of the CMS System :

(If Cloud-based)

• CPU: 2x Intel Xeon Processor Silver 4214 2.2G 12C/27T Turbo DDR4-2400

• RAM: 8GB

• Harddisk: at least 1TB or the predicable size for at least 5 years usage

Appendix A

/46

2.3.2 The proposed minimum software requirement of the CMS System :

• Microsoft Windows Server 2019 (or higher)

• Microsoft SQL Server 2019 Standard Edition (or higher)

• (running PHP script is preferable)

• Implement with SSL Certificate (https)

• Running under VM environment

2.3.3 The proposed minimum Firewall specification: (if Cloud-based)

• Fortigate 200E (or equivalent model (should be decided by HKIA in final)

• Firewall inspection throughput 20Gbps

• Application inspection throughput 3.5Gbps

• IPS throughput 2.2 Gbps

• Anti-malware inspection 1.8Gbps

• Threat Protection 1.2Gbps

• VPN throughput 7.2 Gbps

• Connections per second /sec

• Maximum connections (Sessions) 2 Million

• SSLVPN support

• SD-WAN support

• Token (or 2 factor authentication) support

• Virtual Firewall (or Virtual Domain) support

• Traffic log should be stored more than 7 days

Hardware firewall is preferable, in order to secure: (If cloud-based solution, additional cloud-based firewall should be proposed. It is not allowed to use original cloud provided firewall as solution)

1. Higher performance – by using independent processing cores and do not occupy server’s resources

2. More capability to protect against network risks such as viruses, worms, Trojans, spyware and threats etc.

3. Optimize network bandwidth and load balancing

IP address assignment

• Static, (DHCP PPPoE, L2TP and PPTP client), Internal DHCP server,

DHCP Relay

Appendix A

/46

NAT modes

• 1:1, many:1, 1:many, flexible NAT (overlapping IPS), PAT, transparent

mode

Routing protocols

• BGP, OSPF, RIPv1/v2, static routes, policy-based routing, multicast

QoS

• Bandwidth priority, max bandwidth, guaranteed bandwidth, DSCP

marking, 802.1p

Authentication

• XAUTH/RADIUS, Active Directory, SSO, LDAP, Novell, internal user

database, Terminal Services, Citrix

Standards

• TCP/IP, ICMP, HTTP, HTTPS, IPSec, ISAKMP/IKE, SNMP, DHCP,

PPPoE, L2TP, PPTP, RADIUS, IEEE 802.3

Certifications

• VPNC, ICSA Firewall, ICSA Anti-Virus

Form Factor

• 1U Rack Mountable

2.3.4 The proposed Total solution for backup/restore and disaster recovery (DR) solution

• Backup data & system info to local backup server or cloud environment

• Support Incremental/Differential/Full VM or Data backup

• Daily, weekly & monthly backup

• Daily backup reports

• Web Based Administration

• Automatic alerts & warnings

• Easy data recovery or disaster recovery at other locations

• Provide documents for backup and restore (and retrieve specific data)

• Provide disaster recovery (DR) documents

• Both Backup/Restore and DR solution MUST proceed trial-run before launched to production

Appendix A

/46

3 SCOPE, TENTATIVE PROGRAMME AND SCALE OF SYSTEMS

3.1 Scope

The proposed system will be composed of two phases:

Phase 1 Setup Member Area with online Payment and CPD functions

Phase 2 Revamp of existingexisting web site and enhancement of the features of Member Area

Under such composed arrangement, the features shall be, but not limited to the followings:

Phase 1:

Database

As database is correlated to ARB system, database migration may be

needed upon HKIA’s request Remark: restructuring the current database

to enhance features should be necessary in this project. Under such

migration, it should be redesigned in splitting with different databases/tables

for ARB, HKIA and some common data for both.

The updated data must be sync back to original membership system

(Win2000, Ms SQL2000) for other usage (included all related e-files, e.g.

Photo, PDF). System also need to keep checking from original membership

system. If found the data different in between new CMS and original

membership system, the data will be retrieved from original membership

system for operations. Data migration from previous database should be

included.

Remark:

1. As current used MMS database is out of date and most of feature

could not fulfill HKIA’s up-to-date operational requirement, Vendor

MUST amend and re-construct the database with data/tables to

match HKIA’s needs. All should base on HKIA’s information and

further comments.

2. Awarded Vendor should help to implement the related HKIA/ARB

web pages to this new database as part of this project task.

3. It is needed to migrate all data inside the existing database

(including but not limited to: CPD Event) and from another web site

(for CPD Video)

Appendix A

/46

4. Awarded Vendor should enhance the existing structure of database

to fit HKIA needs. For example: Added tables (or others) to enhance

the existing workflow about CPD Events and added Membership

Benefit feature. All details should base on HKIA’s further information.

Servers/Web pages’ migration/relocation

As concern of UAT and production environment issue, Awarded Vendor

should agree to migrate all the current web pages’ OR re-migrate the project

web/database servers into new one. The number of migrations should have

no limit within the project period. HKIA reverses all rights to change location

of website to other servers at any time within the project period (Phase 1

and 2).

Data export/import

Web interface at BackEnd shall be allowed to upload single or bulk data into

system. It has the flexibility to extract the data in CSV or other Excel format

with selective combination by HKIA staffs. Such combination can also be

stored as template for future usage.

Data import/update through CSV or web interface must be supported in

Multiple language (i.e.: English, Traditional Chinese, Simplified Chinese) for

both CMS and original membership system.

Member Area

All features about original membership systems shall be kept the same or

better (based on criteria from this Tender). All members’ profiles data can

be updated by HKIA staffs in BackEnd and/or member(s) can update

specific profile information in FrontEnd (included photo and document, e.g.

Certificate PDF). It needs to enhance the features by added additional fields

per HKIA request.

CPD Declaration and Membership Renewal

In FrontEnd, it should provide step-by-step procedure to guide the members

to fill in the E-forms for renewal. HKIA should has freedom to set Mandatory

information based on different cases. New CPD declaration section MUST

Appendix A

/46

be included existing features with advanced enhancement based on HKIA’s

further request, i.e.:

o Issuance of email reminders to members with outstanding forms

o Issuance of CPD certificate

o Linkage with membership database in calculating the no. of CPD hours

required

o Import no. of CPD hours outstanding / extra from the last year to the

database as a first start

In BackEnd, HKIA can set the data manually as if such members provided

information from emails or other non-web medium Information will be

provided to Awarded Vendor.

e.g.:

Member renew the members with the following cases:

o no need to apply the membership card

o Need to apply Membership card (Green Card)

o Need to apply Membership card (Non-Green Card)

Searching

All sections should have their own searching mechanism which subjected

to HKIA’s requirement. HKIA reverses all rights to amend the arrangement

for any time within the project period.

Security

The BackEnd System login from HKIA staffs should be supported with local

login and/or LDAP login (optional). Remark: If LDAP login can be used, AD

account for LDAP shall be used as the lowest authentication level. (“Domain

Admin” must not be permitted to use as authentication or other purposes)

System can provide the flexibility to grant related HKIA staffs with different

security level and created roles for different functions manually. There has

individual web page to amend HKIA users’ login password rather than using

the User Administration Page. Password shall be in complex format with

history. (Similar as Windows Domain Policy)

For FrontEnd Member Area, system provide location to amend login password with the complex format. If members forgot password, it has mechanism to email to members with auto-generation and force changing. OR other ways which be subjected to Vendor’s proposal.

Appendix A

/46

As Members may need to use such login account for multiple web login, Vendor should propose the solution to handle this case. Reminded that “Email address” as login name should not be used as such information may be changed.

HKIA staffs at the BackEnd also can reset the related members’ password

and/or force member to change for initial login after reset. HKIA has

mechanism to enable/disable such login account.

URL link for members’ AREA must be in secure approach. It is similar as

Google Drive (link share) or hidden parameter as no chance to decrypt or

access other members’ records through the link amendment.

System also needs to set idle period as to expire the login section.

SSL Certificate with HTTPS link should be implemented for ALL

membership related pages and can redirect the related pages to HTTPS

page as if member tried access in using HTTP.

Online Payment

Such payment can be used for members and public area. Multiple Gateway can be handled as it must support Visa/Master Gateway

and/or some China used gateway (e.g.: AliPay, weChat pay).

Remark: Awarded Vendors should propose method(s) to collect logging/record from payment as such payment gateway can send standard notification (e.g.: email) for completion of each transaction.

All depends on HKIA’s further information provided for Awarded Vender. Such online Payment can be worked for different issues:

o Membership and Registered Practices (RP) Payment o Job Posting o CPD Event/Video o Other payment related issues per HKIA’s request

1. Online Membership and Registered Practices (RP) Payment

Appendix A

/46

➔ HKIA Members can pay the online membership fee. After paid, the members cannot be re-paid except HKIA staffs release the session for re-paid with specific amounts manually.

➔ Members can receive auto generated confirmed email as the payment be successful and HKIA also receive email for such payment status (successful or not).

➔ HKIA staffs can check the single/group/specific payment(s) result with report(s) generation for export or searching at the BackEnd Administration Page/console.

➔ HKIA staffs can adjust the payment values under administration GUI with simple approach. (It is not acceptable for solution to change the data for each account one-by-one only)

➔ System also need for some automatic calculation based on details from HKIA staffs (e.g.: online payment value based on membership criteria)

➔ Online payment will be recorded/logged and check from BACKEND Administration Page through specific criteria searching.

➔ Online payment must handle some special issue, e.g.: duplicate request for payment within the short period. All based on HKIA’s comments and Vendor should be responsible to share the possible issues for HKIA.

➔ The Payment through online payment or bank pay slip confirmed, it can provide interface to print the receipts per single member or bulk-printing. OR

➔ Email the receipts to members’ registered Email addresses

2. Job Posting ➔ Awarded Vendor should propose simple authentication method as HKIA

sent the related link to customer for online payment. (Remark: such link cannot be reused after the transaction)

➔ Payment logging can be filtered and searched through Administration interface (which be separated from other types of payment)

➔ Notification Email can be sent to customer(s) and HKIA staffs. ➔ Payment workflow should be based on HKIA’s further information

3. CPD Event / Video

CPD Event For CPD Event, it can allow members and non-members to attend. i.e. System should handle the online payment for members and non-members. For details, it will be described under CPD Event Workflow. CPD Video

Such function is only allowed members to access.

Appendix A

/46

➔ Under this section, members need to process online payment for some video which need payment before browsing.

➔ Within specific period, it is no need additional payment to re-access such video

➔ Payment workflow should be based on HKIA’s further information. Continuing Professional Development (CPD)

Awarded Vendor should proceed:

- Migrate ALL CPD related data and features from existing membership

area to new.

- Change CPD standard documents into E-forms/Template for members

to update related data themselves

- Amended existing E-forms to fit our needs (Amended database/tables

structure must be required)

- HKIA Staffs should has flexibility to set specific events to TOP level for

notification

- Workflow for CPD event

1. HKIA generate new Event (Remark: all variables (e.g.: cost for

members with different types and non-members) should be

subjected on HKIA’s further information)

2. It can send bulky emails to related list of email addresses. (included

non-members’ email addresses)

Case HKIA Suggested Workflow (Vendor should propose if any better solutions)

A) Is HKIA Members and Event Quota is not full (Remark: Each event should have quota arrangement for members and non-members)

1. After login “Member Area”, members can register the event 2. If event is not be over quota, it will check whether such event need

to be paid or not. IF needed payment, it will go to online payment page to complete the settle first

3. As payment settled or no needed payment, it will send invitation email to registered email addresses with QR code generation.

4. Members attend the event and show the QR code. Remark: Such QR scanning or other solutions MUST work at non-HKIA office area

5. After scanned the QR code, members attendance record with “CPD hours” (Duplicate record can be detected)

6. Such record also be updated to members’ profile to accumulate their CPD hours

7. System can calculate the members who can fulfill the CPD in next year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided

8. HKIA Staff can generate/export specific report or log to list the CPD hours fulfillment status for members

Remark:

Appendix A

/46

- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed through member account first.

- Interface provide the mechanism for adding flyers and other description for videos

- Quota allocation for video storing. - CPD coupon arrangement which be subjected to HKIA’s

further information

B) Is HKIA Members but Event is over quota

1. After login “Member Area”, members can register the event 2. If event is over quota, it will show the message for “Over Quota” and

ask whether place to “Waiting List”. 3a. If say “No”, then the registration process ENDED. 3b. If say “Yes”, it will place the related member to “Waiting List”.

On reasonable period before the event (Let’s say 3 office days before event) 3. HKIA Staffs can check any quota as some registrars abandon to

attend the related event. 4. If have quota, HKIA staffs can send email to related member to re-

register from “Waiting list” and .re-run CASE A (Step 3 – 8)

C) Is non-HKIA Members and If they are from some recognized institutes or organization

1. People can register through specific public page or link 2. It will check whether such non-members come from specific

Institutes or organization 3. They need to provide related member ID and specific information

(e.g.: Email addresses) for further verification (Such checking is based on HKIA further information provided to Awarded vender)

4. Reply with notification and place such registration into Waiting List 5. After deadline and found no over quota, HKIA staffs will verify the

request and press button to information for payment info (if need payment) Remark: the payment rate about this kind of recognized institutes/organizations should be different from public

6. As payment settled or no needed payment, it will send invitation email to registered email addresses with QR code generation.

7. Such registrar attends the event and show the QR code Remark: Such QR scanning or other solutions MUST work at non-HKIA office area

8. After scanned the QR code, system has marked the attendance 9. HKIA Staffs can check the attendance records (for all members and

registrars) after.

D) Is non-HKIA Members and Event is over quota

1. People can register through specific public page or link 2. If event is already over quota, it will show the message for “Over

Quota” 3. Process ENDED

E) If found the no of registered members for such event to be less than specific number (before specific days from event)

AS checked with less than specific limit of members registered the event, HKIA staffs can send BULKY or single notification emails to registered email addresses to notify for cancelled event. Such event will be recorded as “CANCELLED” status

F)

IF the event is at expired period, it will show the message and not allow further registration

Appendix A

/46

If expired period about the event (before designed period)

G) Registrar CANCEL the registration

Registrar can CANCEL the registration through phone, emails or through Members AREA before the event Remark: It should have refund procedure based on HKIA’s further information

H) CPD Event period Extend, delay or change

System can allow to extend, delay or change the CPD event period and send the notification to related parties Remark: Such procedure should be based on HKIA’s further information.

I) CPD Event raised on Virtual Environment, e.g.: Video Conferencing For Members

1. For registration in between Members and Non-members, they are the same operations from Case A (step 1-2) and C (step 1-2)

2. Email will be generated to guide Members and Non-members: Members: (For example only) Vendors can propose other ways. Request members to login “Members Area” in specific period and click the provide link to access and update CPD record

3. For members, members attendance record with “CPD hours” (Duplicate record can be detected) after clicked links at step 2,

4. Such record also be updated to members’ profile to accumulate their CPD hours

5. System can calculate the members who can fulfill the CPD in next year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided


It should have warning statement about the Email for quota about each CPD event through VC

J) CPD Event raised on Virtual Environment, e.g.: Video Conferencing For Non-Members

1. For registration in between Members and Non-members, they are the same operations from Case A (step 1-2) and C (step 1-2)

2. Email will be generated to guide Members and Non-members: Non-Members: Provide access details about VC access at Email only.

3. It will provide the hidden link/ regenerated link for registration and access the VC based on HKIA’s further information.

It should have warning statement about the Email for quota about each CPD event through VC

(Remark: Such workflow is the basic requirement. HKIA has reversed

right to amend the above-mentioned flow for any time within the project

period (Phase 1 and 2)).

- Workflow for CPD Video

➔ Video stored location should have quota size which can proceed

notification and recycling

➔ Video formal must be supported Microsoft/Common device basic

viewing requirement

Appendix A

/46

➔ It is needed to use the latest approach (Flash player or other (closed

to) outdate format should not be accepted)

➔ The size of each video should be kept to acceptable minimum size.

Case HKIA Suggested Workflow (Vendor should propose if any better solutions)

A) Need to pay before access

1. After login “Member Area”, members can register for video 2. Go to online payment page for member to settle first 3. After payment settled, it will allow member to access (for SPECIFIC

period). As over the period, such member need to re-paid before access again

4. Members can run such video 5. If completed the video, system will record and count with “CPD

hours” (Duplicate record can be detected) 6. Such record also be updated to members’ profile to accumulate their

CPD hours 7. System can calculate the members who can fulfill the CPD in next

year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided


Remark:

- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed such member account first

- Interface provide the mechanism for adding fryers and other description for videos

- Quota allocation for video storing.

B) No need to pay before access

1. After login “Member Area”, members can register for video 2. Members can run such video 3. If completed the video, system will record and count with “CPD

hours” (Duplicate record can be detected) 4. Such record also be updated to members’ profile to accumulate their

CPD hours 5. System can calculate the members who can fulfill the CPD in next

year (or not). Remark: Each member may need to fulfill different number of CPD hours per HKIA case provided


Remark:

- If member tried to share the link to other (after paid), such link cannot be accessed directly. It should be accessed such member account first

- Interface provide the mechanism for adding fryers and other description for videos

- Quota allocation for video storing.


right to amend the above-mentioned flow for any time within the project

period (Phase 1 and 2))

Appendix A

/46

Phase 2:

Email feature

System can send email from interaction with HKIA email server for

single/bulk email (with attachment) sending to members (based on

registered email address inside the database) at BACKEND Administration

Page. The Email server can be changed to other medium source from

administration GUI.

Under such feature, it can set specific template(s) to send debit note, receipt

or other necessary to Members and specific email addresses which may not

be included in database. It can support for some automation operations.

(e.g.: send Email with QR code for CPD event registration, Email reminder

notification for membership fee, CPD fulfilment email reminder, Job Posting

notification). All shall base on HKIA’s comment.

Under such email function, it can control as splitting a bulk list of emails into

specific small groups of emails each time.

Change hardcopy to E-Form for standard input

As trend of paperless for information submission, it is requested for change

some HKIA standard forms into AREA as web pages to input. The standard

forms will be subjected to HKIA provided sources. Remark: It has the

flexibility for HKIA to change with different E-form for posting.

Dashboard

This function shall comprise the following sub-functions and features:

A. User can view the important message when logged the system (e.g.:

HKIA specific announcement, membership related alert)

B. History for previous data update for checking

C. Field for unsubscribed but need to set specific type to opt-out

Appendix A

/46

D. Membership dashboard is able to show the payment status, payment

history, debit note and official receipt for members to download

E. Membership dashboard is able to show members history for servicing

HKIA (Can be searchable)

F. Membership dashboard is able to show donation records (Can be

searchable)

G. Online form for members to submit the necessary documents for

competition or other events, which can be notified and verified from

HKIA

H. Content Management System (CMS) users can check the missing

documents and set the event start/expired period

I. There is a fast button to redirect ARB/HKIA RA/Membership page(s)

Web content management

Specific membership sharing documents should be migrated from original

HKIA web site to new CMS system. ALL content can be updated from

BackEnd administration interface with multiple languages Pages (English,

Traditional Chinese, Simplified Chinese). Remark: The design of all the

pages must be the latest common practices as such technical

approaches should NOT be outdated within 5 years from completion

of project. (e.g.: “Flash player” design will be outdated on end of Dec 2020)

Content can be updated with either for one language or multiple. Contents

for all language should be designed to update in the same page (subjected

to HKIA’s comment)

If system found record missing from existing data, it can re-direct to some

HKIA warning page(s) instead to show “Error code 404” or other standard

error page.

It can allow the flexibility to add external link to 3rd parties at “Optional bar”

or other locations (subjected to HKIA’s request)

For Example:

Content has only with English version. It has button for Traditional Chinese

and Simplified Chinese side to show the message which be meaning as

“English version only”.

Remark:

Appendix A

/46

1. Awarded vendor should not only migrate the existing page to new

system. The existing documents and related files also need to be

migrated by Vendor as part of the project tasks.

2. Awarded vendor should has responsible to collect clear requirement

from HKIA. All output should be passed from User Acceptance Test

(UAT) before HKIA confirms as acceptance output.

Data export/import

Web interface at BackEnd shall be allowed upload single or bulky data into

system. It has the flexibility to extract the data in CSV or other Excel format

with selective combination by HKIA staffs. Such combination can also be

stored as template for future usage.

Data import/update through CSV or web interface must be supported in

Multiple language (i.e.: English, Traditional Chinese, Simplified Chinese) for

both CMS and original membership system.

Design Enhancement

To improve the image of HKIA, the overview of the web shall be re-designed

(Vendor should propose for HKIA’s approval but HKIA reserve right for

amendment upon project development). Awarded Vendor should be

responsible to propose the possible designs (at least 5 types) for HKIA’s

selection.

Security

HTTPS link should be implemented to ALL pages and can redirect the

related pages to HTTPS page as if member tried access in using HTTP.

All the contents inside membership area cannot be easy cloned/extracted

with ALL codes or data through the pages.

OS Platform also need to maintenance under Secure status.

No hidden web page should be allowed as backdoor about website without

notification to HKIA. IF it is found such page(s) to be existing from the

related website(s) without any notification to HKIA, HKIA should reserve

rights to terminate the contract, treat as criminal actions, proceed legal

actions, claim for all associates loss and/or other actions.

Appendix A

/46

3rd source

System can interact with 3rd party hyperlink where be set at BackEnd

Administration GUI. AND it is needed to interact with 3rd parties’ vendors

who worked with other HKIA related web and/or system to link or

send/receive data in between. The format about links will be shown based

on HKIA’s comment.

Job Posting

System can handle the requests from customers for Job Posting as follows:

- Allow customer to send the request for Post (remark: it can detect for 1

job per post)

- Can feedback message with Email notification to customers and HKIA

staffs about the post

- Record history can be reused for HKIA (Customers may have many posts

at the same moment)

- After HKIA staffs approved the request, it can generate one online

payment link to customer (Can provide channel for customer with the

following payment:

➔ Online payment

➔ Bank Slip and upload to our system page

➔ Set email with bank slip for HKIA staffs to update the record

- After approved payment, the post can be launched for specific periods


rights to amend the above-mentioned flow for any time within the project

period (Phase 1 and 2))

Reference Material/Information Sharing

System can have location to share message/information to Public and

Members Area. HKIA should have flexibility to mark specific

message/information to static locations for posting. Some posting features

should have different level of message sharing. HKIA has reverse rights to

amend the arrangement for any time within the project period (Phase 1 and

2).

Consultation

System can allow posting information or message at Members’ Area for

members to leave comments based on specific topics. The related

Appendix A

/46

comments will be sent to specific Email addresses AND records for future

searching and filtering. HKIA has reverse rights to amend the arrangement

for any time within the project period (Phase 1 and 2).

Membership Benefit

System should allow to post information for members’ benefit inside

members Area. Awarded Vendor should propose the design for selection.

HKIA has reverse rights to amend the arrangement for any time within the

project period (Phase 1 and 2).

HKIA Daily new

Awarded Vendor should design for launch the HKIA Daily news as page.

And it can update to Facebook HKIA related section, bulky email sending

with photos (if necessary). Remark: Such feature only be released to

members Area only. HKIA has reserved rights to change location of website

to other servers for any time within the project period (Phase 1 and 2).

Advertisement

Awarded Vendor should post the way for advertisement and its payment

flow. The proposed mechanism should require HKIA with minimum man

power to operate. HKIA has reverse rights to amend the arrangement for

any time within the project period (Phase 1 and 2).

Link for HKIA related websites

Awarded Vendor should design the area to link to all HKIA co-related

websites and/or materials at public and/or members page. Such linkage can

be added from using CMS administration GUI by HKIA staffs.

3.2 Tentative Programme

The overall programme for the above- mentioned criteria shall be 9 months tentatively with the Vendor proposed schedule for HKIA’s approval. The schedule shall be submitted during tendering period.

Appendix A

/46

Awarded Vendor MUST provide the detail schedule for each function (Counted by date). For any amendment of schedule, it is subjected to HKIA’s formal approval.

3.3 Scale

Number of users for the system:

BackEnd Administration System – HKIA Secretariat internal use

Currently around 35 users

For the back-end users, currently they are mainly using Windows 7/8/10

with different kinds of browser (IE9, IE11/Edge, Chrome version 30, Firefox

version 24). As mention in section 2.3, software compatibility is one of the

main concerns. Any future upgrade of OS and browser could be compatible

to the proposed back-end CMS system.

Front End Membership e-Self Service Online System

Current HKIA full membership data (minimum 4,000 membership data with

HKIA membership and around 40 membership data with non-HKIA

membership) is required to migrate from ARB/HKIA’s existing membership

system for checking of data.

Full Membership System

Currently, there are minimum 4,000 full members (including Member, Fellow, Hon Member, Hon Fellow, Retired Member, Retired Fellow, Non-Resident Member, Associate, Affiliate, Graduate Member, Student Member and ARB Member) and 40 members without HKIA membership are in the existing ARB/HKIA membership system.

Minimum 300 new full members are expected to increase yearly. Besides, there are minimum 170 Registered Practice (RP)s as our Practice Members.

Appendix A

/46

HKIA has an internal membership system at the moment and the data and information has to be migrated for development and usage

4 KEY REQUIREMENTS

FR4 Core Functions

FR4.1 Account Management

Requirement details Requirement Compliance

1. Create the new HKIA accounts with different roles Mandatory

2. Suspend the user accounts by back-office staff and system administrator

Mandatory

3. Product the members/internal staffs’ access, status, data report

Mandatory

4. Produce the membership fee payment reports Mandatory

5. Password: - Issue an initial password with complex format.

Similar as Domain accounts’ approach. - It has flexibility to back end to set password

expired date, history password, force to change password after reset or initial login by members.

- BackEnd staffs can also reset the passwords and force/bypass members to change passwords

- Members at FrontEnd can receive re-generate passwords and sent to registered Email addresses (even mark as “unsubscribed” when forgot passwords

Mandatory

6. All passwords MUST be stored in database with ENCRYPTION formats

Mandatory

7. Roles about BackEnd Staff accounts should be assigned by group-based and such group members can be easy been located through simple web interface

Mandatory

8. Database account must not be used of “sa” SQL default system account and data sync usage

Mandatory All database accounts’ password should be provided and owned by HKIA

9. All System accounts (inc. Database connection account, Web interface access or others OS Platform account which be related to this System should be simple reset from one specific design web interface

Mandatory All database accounts’ password should be provided and owned by HKIA

10. No plain-text password at FrontEnd/BackEnd GUI and all related interfaced can be shown

Mandatory

Dependence

Appendix A

/46

Additional info.:

i. System administrators can manage back-office staff accounts only

FR4.2 Membership/RP Record Management


1. Provide functions to create/amend/delete records, activity and related with members/RP through the FrontEnd/BackEnd based on HKIA’s info

Mandatory

2. Support multiple membership classes of individual and corporate (RP) memberships

Mandatory

3. The membership/RP record management events above should be auditable

Mandatory

4. Provide members/RP search functions with filtering/wild cards features (all types of members)

Mandatory

5. Standard forms shall be implemented into system for members’ and/or HKIA staffs input or retrieve

Mandatory Some of the forms should be included to change as e-form per HKIA’s information

6. Add additional fields (e.g.: Any OB or other committee servicing information, donation/contribution records)

Mandatory Subjected to HKIA’s information

Dependence FR4.1

Additional info.: i. The system MUST accept bulk input via a file with pre-defined format

FR4.3 News/Event Management


1. Maintain the news/event info Mandatory Awarded Vendor should migrate all contents and documents from existing web to new

2. Provide a sorting function by keywords(s) on Title, Event (Boards/Supporting), Range of Dates

Mandatory

3. Provide an agenda list and calendar view in presentation

Desirable

4. Place specific topics at TOP static locations Mandatory

5. Standard hardcopies and HKIA documents should be changed as E-forms which can update the database directly

Mandatory Subjected to HKIA’s further request

Dependence FR4.1

Additional info.: i. Related data update can accept bulk input via a file with pre-defined format

FR4.4 Online Payment Management


Appendix A

/46

1. Integrate with payment gateways for various activities in HKIA

Mandatory

2. Provide an online shopping cart to members for order placements of value-added membership services and products

Desirable

3. Maintain the payment records for audit trail Mandatory

4. Membership renewal should be linked with the payment gateway when selection of online method

Mandatory

5. Members can receive Email/SMS and/or other types of alerts about the payment successful

Mandatory

6. Provide API interface for Account system to integrate Mandatory

7. Have interface to change the online payment gateway Mandatory Can support multi-gateway e.g.: AliPay

8. Logging/Recording for each payment transaction must be kept and be available for criteria searching

Mandatory

9. Register with payment info (will notify for payment for specific issues, e.g.: upgrade the membership type)

Mandatory

10. Provide an acknowledge for registration and payment Mandatory

11. Provide GUI for single and/or bulk printing of Debit note/Receipts with specific template(s)

Mandatory Such template can be changed by HKIA for any time

12. Provide GUI for single and/or bulk email sending for Debit note/Receipts with specific template(s)

Mandatory Such template can be changed by HKIA for any time

Dependence FR4.1

Additional info.: i. Online payment shall not limit to online membership payment. ii. All related ARB/HKIA with all type of services should be included

FR4.5 Questionnaire Management


1. Create the questionnaire for users participation Desirable

2. Questionnaire can be distributed to members in printed and electronic media

Desirable

3. Produce an analysis reports for the results in spreadsheets and via other channels and media

Desirable

Dependence FR4.1

Additional info.:

FR4.6 Membership Area


1. Provide an interface for members’ operations:

a. View of members’ profile, forms downloads & submission

Mandatory

Appendix A

/46

b. Event registration, view & download post-event materials for membership sharing

Mandatory

c. Access to value-added and paid membership services

Mandatory

d. Membership renewal Mandatory

e. Allow members to change specific profile information

Mandatory Subjected to HKIA’s comment

2. Customize the portal layout, organization, language, etc

Mandatory

3. Integrate with popular social media (Facebook/Linkedin) and professional website

Desirable

4. Allow HKIA to send emails (or auto-send) to registered members’ email addresses for notification/online payment and/or other purposes

Mandatory

5. All membership related forms with workflow should be set (e.g.: Apply membership Card)

Mandatory Subjected to HKIA’s comment

Dependence FR4.1

Additional info.:

FR4.7 BackEnd Administration Management


HKIA staffs can add, amend, delete content, documents, logo, images at BackEnd interface

Mandatory

All related Database data can be bulky imported through specific format

Mandatory

All related Database data can be extracted as CSV or other format with selective actions

Mandatory

Exported format can be saved as template for further used Mandatory

Upload folder(s) MUST be locked to specific designated folder(s) for different sections

Mandatory

Can assign different features for groups of members (e.g.: HKIA members can view all features)

Mandatory

Dependence FR4.1

Additional info.:

FR4.8 Secure Internet Connection


1. All traffic should be transmitted on HTTPS Mandatory

2. All members must be authentication (i.e. Login/password)

Mandatory

Appendix A

/46

3. Password should be in complex format Mandatory System can check and detect

4. URL link must not release any variables (need to be encrypted like Google Drive link or hidden variables)

Mandatory

5. OS platform in local servers’ or cloud must be kept security stage (Should propose in solution)

Mandatory

6. System must not use top level of rights (e.g.: “Domain admin”) as service right

Mandatory

7. Database connections must not be in used of “System admin” role

Mandatory

8. All system, Database connection and/or services accounts can be amended through simple web/console operations

Mandatory

9. The design shall be easy managed for database and Server even the related devices changed their hostname or IP

Mandatory

Dependence

Additional info.:

FR4.9 Information Security


1. All HKIA data should be kept confidentially and maintained in integrity. Information should be available to the authorized personnel only

Mandatory

2. Personal information in the HKIA data should be handled within the system, such that the data privacy could be observed

Mandatory

3. SSL certificate is subscribed by HKIA but the vendor is required to apply it in server

Mandatory

4. HKIA staffs MUST has ownership for any platform which be used for implementation of the system even proposed from Vendor (i.e.: HKIA staffs must have the FULL access right for the solution of system platform for any time included the project implementation period)

Mandatory

5. All assets (include source code) within the project related which should be owned by HKIA

Mandatory

6. For any solution proposed, Vendor shall bear responsible to ensure the security for Platform, network and System itself. Vendor have responsibility

Mandatory

Appendix A

/46

to report for any issue included security case for HKIA’s concern and decision.

Dependence

Additional info.:

FR4.10 System Audit


1. All system and user activities must be logged for information integrity

Mandatory

2. Provide access of audit log to authorize user accounts Mandatory

3. Produce detailed audit log report, system usage report, unauthorized and failed access reports, etc, in printed and electronic media

Mandatory

Dependence

Additional info.:

FR4.11 Hardware, software and documentation


1. Vendor shall propose necessary hardware and software (include license) which should be included for this project.

Mandatory

2. Vendor shall propose the DR and backup/restore procedure

Mandatory

3. Vendor shall provide the necessary documents (include Backup/Restore steps, Disaster recovery steps, users and Administration operation manual and others within the project period, data flow diagram in between databases)

Mandatory

4. Vendor shall provide the procedure for reset the key login password and IP/hostname amendment

Mandatory

5. Vendor shall provide the database sa and other essential password (included System and/or Windows) before project completed

Mandatory

Dependence

Additional info.:

FR4.12 Continuous Professional Development Management


1. All CPD features from current system MUST be migrated to new

Mandatory

Appendix A

/46

2. Hardcopies should be changed as E-forms to link with Database to update automatically

Mandatory

3. All system operations and calculation should be based on HKIA’s further requirement

Mandatory

4. Existing e-forms must be amended per HKIA’s further requirement

Mandatory

5. CPD Event workflow must be built Mandatory Subjected to HKIA’s further requirement

6. CPD Video workflow must be built Mandatory Subjected to HKIA’s further requirement

7. Can send bulky emails to all CPD related (e.g.: CPD fulfilment email reminder

Mandatory

8. Must manual add and check and report generate for CPD issue

Mandatory

9. CPD declaration / Membership Renewal Mandatory Subjected to HKIA’s further requirement

Dependence FR4.1

Additional info.:

4.1 Training and Document

User training at each phase of completion is required and should be provided by the vendor to the HKIA Secretariat for knowledge transfer for the effective use of the required CMS membership administration system.

The selected vendor shall provide users, administration and setup training and documentation to the system, administrator, secretariats and project manager of HKIA.

5 TECHNICAL/ HARDWARE REQUIREMENTS

Scalability

The website shall be scalable by upgrading to a higher end server. The vendor shall provide performance figures together with proposed system configuration to substantiate this capability.

Availability

The website shall be available 99.9% except for scheduled maintenance. The vendor shall specify in the operation manual of any application functions, administration activities or tasks that require stoppage of either particular services or the complete system.

Appendix A

/46

The vendor shall specify describe in details in the operation manual of the approach adopted, hardware and software configuration required, and other assumptions used to achieve the aforesaid level of availability.

Maintainability

The vendor shall specify the daily operation, disaster recovery and contingency of the website, which requires supports from the vendor or HKIA technical staffs.

5.1 Proposed Technical Environment The vendor’s proposed system should be based on the latest operating system (i.e. Windows Servers with IIS) The proposed system should be compatible to different platforms, such as: PC, tablet, mobile. Also, the system count be compatible to plug into our current membership system and website; for the future growth, to easily plug into the revamped website or other systems. For any case and any situation, the ownership about OS platform for the system MUST be belonged to HKIA. And HKIA staffs must have FULL right to access the related OS for any time. For this project, the source code owner MUST be belonged to HKIA with no dispute. Web server and database server are proposed to be hosted in any location based on the security network, hosting environment. Vendor has to purchase the hardware and software and be responsible for setup, installation and migration of all data (included database).

The website shall be operated under the multi-users, multi-tier client/server architecture. The vendor shall describe in full details, with schematic diagrams where appropriate, the operating architecture of the website including the physical distribution of databases and servers in the technical architecture report.

6 DEMONSTRATION AND PROOF-OF-CONCEPT

Vendors will be short-listed by HKIA and invited to conduct a demonstration and proof-of-concept. HKIA requires a demonstration on functionality and the capability of vendor’s existing and/or customized systems to indicate a reasonable level of requirements matching. The objective of the demonstration is to make comparisons between short-listed vendors’ proposal and/or systems for the vendor selection process. The short-listed vendors will be provided with test scripts to be executed during the demonstration. HKIA reserves right to ask about any additional functions during the demonstration. The short-listed

Appendix A

/46

vendor(s) shall be notified for the schedule of the demonstration within the period specified on the section “Tender Key Activity and Date” on this document. The short-listed vendor(s) shall also brief the proposal and be prepared to answer the questions from HKIA during the demonstration.

7 COST INFORMATION REQUIREMENTS

7.1 Detail Cost

The vendor shall provide a comprehensive breakdown of all related costs of the project in the proposal, categorized by a one-off cost and recurring cost per annum. Vendor shall show unit cost, quantity and total cost for each detail component of the project. The components shall be included:

• Software development

• Software license (included 3rd software e.g. antivirus)

• Hardware requirement (if any)

• Hardware license (if any)

• Firewall system (if any)

• Firewall system annual maintenance cost (if any)

• Backup solution (if any)

• Implementation (separated fee for each stage)

• Other configuration tools

• Operating support service

• Web hosting service

• Other proposal (if any)

The pricing shall also include the 1st year total cost of ownership and list the price for maintenance cost for next year as options.

7.2 Payment terms and determination

It is expected that the proposed CMS System will be developed features by features. Payment will be paid for each feature with the satisfaction of the User Acceptance Test respectively. HKIA should reverse right for partial payment upon to User Acceptance Test result and Vendor’s performance.

User Acceptance Test (UAT) form MUST be submitted by Vendor as the format of UAT form must be approved by HKIA. UAT form must be signed by HKIA with no outstanding issue and/or detects as the result for confirmation.

Appendix A

/46

HKIA can determine the project at the end of any Phase and only the work done for the completed stages will be compensated as per the payment schedule. Vendor must inform HKIA in written upon completion of each function and obtain approval from HKIA prior to commencement of next Phase.

Part of cost shall be paid after completion of warranty period (without any issues or have already fixed ALL issues within the warranty period)

Payment may be paid in advanced in some conditions but Vendors should complete the related features with User Acceptance Test (UAT) passed in final. Otherwise, HKIA should reverse rights for Vendor to return the over-paid amounts (plus any loss) with no dispute.

7.3 Warranty

HKIA requested for a 6-month warranty from project completion after it is launched to public or internal formally. Temporarily launched about the web site (or just included partial features launched) cannot be counted as warranty. And the tender has the responsibility to restore the backup as soon as possible. And the specific ratio of cost will be hold and will be paid after warranty end.

Remark: Vendor shall have responsibility to fix ALL the issues which be found within the project and warranty period. i.e.: Vendor MUST need to fix all of the identified or new found issues within the warranty period. After issues reported to Vendor, Vendor should be responsible for fixing even expired the warranty periods with UAT or formal confirmation before settled such payment.

For Example (but not limited)

If the bugs found on the last day of the warranty, Vendor shall fix it even after passed the warranty. Otherwise, HKIA should reserve rights to hold the payment until the case be settled.

7.4 Liabilities of the Vendor

For the development and maintenance of the CMS System, many confidential privacy data (data processor) has to observe and work according to the Personal Data (Privacy) (Amendment) Ordinance 2012 by the Office of the Privacy Commissioner for Personal Data).

Appendix A

/46

The vendor has to obligate the followings when processing and handling the data:

a. Security measures required to be taken by the data processor to protect the personal data entrusted to it and obligating the data processor to protect the personal data by complying with the data protection principles;

b. Timely return, destruction or deletion of the personal data when it is no longer required for the purpose to HKIA;

c. Prohibition against any use of disclosure of the personal data by the data processor for a purpose other than the purpose for which the personal data is entrusted to it by HKIA;

d. Absolute prohibition or qualified prohibition (unless with the consent HKIA) on the data processor against sub-contracting the service that is engaged to provide;

e. Where sub-contracting is allowed by the HKIA, the data processor’s agreement with the sub-contractor should impose the same obligations in relation to processing on the sub-contractor as are imposed on the data processor by the HKIA; where the sub-contractor fails to fulfill its obligations, the data processor shall remain fully liable to the HKIA for the fulfillment of its obligations;

f. Immediate reporting of any sign of abnormalities (e.g. audit trail shows unusual frequent access of the personal data entrusted to the data processor by a staff member at odd hours) or security breaches by the data processor;

g. Measures required to be taken by the data processor (such as having personal data protection policies and procedures in place and providing adequate training to its relevant staff) to ensure that its relevant staff will carry out the security measures and comply with the obligations under the contract regarding the handling of personal data;

h. HKIA’s right to audit and inspect how the data processor handles and stores personal data; and

i. Consequences for violation of the contract.

If the vendor breaches the Personal Data (Privacy) (Amendment) Ordinance, the vendor is liable to the consequences of the damages to the HKIA.

Appendix A

/46

8 OPERATION AND TECHNICAL SUPPORT SERVICE I. Help Desk Service

The selected vendor shall provide the help desk staff to answer any problems or queries over the phone or by email to the users. If necessary, on-site service shall be required.

II. Software Upgrade When a new version of the software is released or add-on software, the selected vendor shall make assessment and recommendation whether website should be upgraded to the new version or add-on software. HKIA shall have the absolute discretion on whether to upgrade the software or not. The selected vendor shall provide technical support on software upgrade or add-on software, and also assist HKIA to conduct testing and trial run after the software upgrade. The selected vendor shall revise the documentations of website for the upgrade software whenever applicable.

III. Problem Resolution and Bug Fixing The selected vendor shall perform bug fixing and provide on-site support, if necessary, to resolve all system related problems. The selected vendor shall liaise and co-ordinate on bug fixing.

IV. Disaster Recovery Support Selected vendor shall provide on-site support, if required by HKIA, for disaster recovery.

V. System Technical Support The selected vendor shall provide technical support to the system administrator or HKIA technical staff. On-site investigation, if necessary, shall be provided.

VI. Operating Service All the implementation shall be proceeded in HKIA Office or remote access from vendor office. Vendor shall provide the fixed WAN IP for HKIA to lock the access for the project.

VII. Web Hosting Service The selected vendor shall provide the price/cost of the Web Hosting service of the HKIA.NET. And HKIA staffs have FULL right to access such hosting server(s) in any time.

9 IMPLEMENTATION SERVICES

Appendix A

/46

The selected vendor shall provide the following implementation services:

a. System Installation Service The system installation services shall be provided by the selected vendor for each stage of the HKIA.NET

b. Disaster recovery plan and drill service The selected vendor shall provide a disaster recovery plan for recovering the system in case of failure. The selected vendor shall perform and complete a disaster recovery drill successfully before system launch.

c. System nursing support The selected vendor shall provide on-site system nursing service during the first two week of system go live. The service shall focus on monitoring all application and technical issues, system performance and error. The nursing service shall include answering all queries raised during this period. The selected vendor shall fine-tune the performance of the system if necessary.

d. System migration support

Within the project and warranty period, Vendor shall support for ANY types of system migrate per HKIA request.

10 USE of THIRD PARTIES The vendor shall indicate clearly in its proposal if the vendor intend to delegate or subcontract any of its responsibility. If the selected vendor does not indicate the use of the third parties in its proposal, the selected vendor shall not delegate or subcontract any of its responsibility without the prior written agreement from HKIA. If above mentioned issue found during the project running for selected vendor, HKIA shall has right to terminate the contract and charge the cost of remain contract.

11 SUPPLIER INFORMATION REQUIREMENTs

11.1 General Information

This to include information such as contact details, registered vendor address, web address, name and address of bankers, name of ultimate holding company,

Appendix A

/46

organization chart indicates key project staff with their CVs, etc. For details, please refer to Appendix B.

11.2 Proof of Supplier's sound Financial and Company Standing

This to include details of vendor's ownership and financial backing, copies of published and audited accounts over three financial years, statement of turnover, etc.

11.3 Evidence of Capacity to Deliver Contract Requirements

Solid experience the vendor has gained of dealing with similar contracts. Details of reference sites of comparable size and sector type is required.

11.4 Other

Any reference If not already covered in any of the other sections, the vendor may wish to include specific reference to. Data protection, quality assurance - details on standards, approach and accreditations such as ISO9000, etc could be submitted in this part.

12 IMPLEMENTATION REQUIREMENTS

Details of implementation approach, project management methodology used and time scales. Details of roles and responsibilities between the HKIA and the vendor have to be stated in the technical submission for HKIA evaluation.

13 COLLUSION AND INDUCEMENTS

Any collusion with other potential suppliers will invalidate your tender. By submitting a tender, you declare that it is a bona fide tender, intended to be competitive and that you have not fixed or adjusted the amount of the tender by or in accordance with any agreement or arrangement with any other person.

Offering an inducement of any kind in relation to obtaining this or any other contract with, The Hong Kong Institute of Architects will disqualify your tender from being considered and may constitute a criminal offence.

14 CONFIDENTIALITY

Vendor should not approach any HKIA staff or other vendor to obtain any technical or commercial information for the preparation of this tender.

Appendix A

/46

This document is supplied purely for the purpose of assisting vendor to respond to this invitation to tender, no part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying, recording or otherwise) for any other purpose. All information printed in this invitation of tender has to be kept confidential and could not release to the third party.

The Vendor hereby agree as follows :

1. For purposes of this tender invitation and the enclosed documentations, "Confidential Information" shall mean any and all non-public information the HKIA has disclosed or may disclose to the Vendor, including but not limited to information related to : production of legal materials, software development and design, business or software architecture, software not yet known to the public, clients or prospective clients, internal communications, events, or meetings, or any other research, development, operations, marketing, transactions, regulatory affairs, discoveries, inventions, methods, processes, articles, materials, algorithms, formulas, specifications, designs, drawings, data, strategies, plans, prospects, know-how and ideas, whether tangible or intangible, and including all copies, analyses and other derivatives thereof.

2. The Vendor agrees (i) not to disclose any Confidential Information or any information derived there from to any third person, (ii) to keep the HKIA’s Confidential Information confidential and take all the reasonable precautions to protect the confidentiality of such Confidential Information with the same degree of care with which it protects the confidentiality of its own confidential information, but in no event with less than a reasonable degree of care, and (iii) not to use any Confidential Information for any purpose whatsoever except to advance the legitimate business interests of the HKIA under written or oral instruction of the HKIA’s authorized officers.

3. All right, title, and interest in and to the Confidential Information shall remain with HKIA or its licensors. Nothing in this tender invitation and enclosed documentations are intended to grant any rights to Vendor under any patents, copyrights, trademarks, or trade secrets of HKIA.

Total Solution of HKIA Membership Taskforce

Latest draft: 4 May 2020

Invitation to Tender (Appendix A)

Documents

Transcript of Invitation to Tender (Appendix A)