Standard Minimum Requirements for the Government e-Market Place II Tender

ahemcurrentNetworking and Communications

Nov 21, 2013 (3 years and 6 months ago)

93 views

Standard
Minimum
Requirement
s

for the Government e
-
Market Place II Tender

High Level Requirement

Detail

P
2
P Lite


Purchase and Payment; light system.











GSi Adaptor

1.

Catalogue and Buyer set up/configuration
.


2.

Purchase
2 P
ay/ Lite
:






Electronic
requisition incorporating catalogue search and selection and workflow approvals;



Purchase Order auto
-
creation and distribution;



Direct links to supplier Sales Order Processing (SOP) systems e.g. via XML;



Stand
-
alone payment capability e.g. built in card p
ayment platforms;



Electronic invoice handling including “PO flip” and bulk invoice upload via supplier portal and or
XML transmission;



Receipting functionality and invoice match (2/3way).



Pre
-
matching of invoices



AP output for upload into end user finance
systems.


The GSI Hub is a transaction system embedded in the GSI network that enables the passing of data (step
-
up and step
-
down) between the Internet and the GSI.

This system must be accredited at IL3 (RESTRICTED) and authorised to connect to GSI for pa
n
-
Government use by the GSI AWG (with CESG representation). It is accredited by Cabinet Office.


Catalogues


1.

Hosted catalogue management services with appropriate security and resilience;

2.

Search and compare functionality via intuitive interface i.e.
basket comparison over multi
suppliers.

3.

Electronic Request for Quotation (e
-
RFQ) tools allowing real
-
time competitive activity for both
catalogue and non
-
catalogue items within defined financial limits (higher value items will require
formal tendering proc
esses to be employed via eSourcing tools).

4.

Dynamic


real time inventory management; punch out.

5.

Ability to assign views and permissions across users; Organisations; local and global.


Content/ Content management


1.

Content (data) management services incorporating capability to handle

a.

complex products and services;

b.

rich data content with live links to external data from suppliers;

c.

automated tools enabling robust and efficient data management processes for buyers;

d.

dat
a mapping functions
-

alignment of data to identified standard categorisations
[UNSPSC} and multi
-
level (user, department, organisation) flags to identify
preferred/restricted suppliers, products or categories.

e.

Supplier catalogue updates workflow.

f.

Validati
on process workflow; proof workflow [copy for approval].

g.

Sharing functionality


validation workflow; content data sharing.

Supplier adoption



1.

Supplier on
-
boarding / registration workflow;

2.

S
upplier “rating” capability with links to supporting validation

i.e. certificates; reports;

3.

Self supplier set up; configuration;

4.

S
upport of supplier interfaces;

5.

B
ulk loading and support;

6.

Coding


DUNS registration link [DUNS standard supplier identification code]

7.

Mail shots; advertising; supplier engagement capability
.


Integrated / non
-
integrated including
solution

1.

Integration capabilities utilising industry standard technologies (e.g. Open Interface);

2.

Stand alone system and workflows with capability to upload payment file directly into end user
finance systems for
reconciliation;

3.

Modular provision of functions and services allowing a flexible take
-
up based on individual
customer needs;

4.

Integration needs to be quick/flexible and affordable.


M
anagement
I
nformation


1.

Standard suite of reports based on end user require
ments
; spend; product; transaction [including
RFQ]; contract ; supplier; customer; end user; permissions; combination of many; all.

2.

Ad
-
hoc reports as requested;

3.

Identification and reporting of SME’s; by UNSPSC; by supplier/DUNS.

4.

Flexible query and
reporting;

5.

Provide overview; dashboard by any /all combinations;

6.

Spend
analysis
;

7.

Export to CSV; XML

8.

Local and global views; controlled views and permissions. Aggregation of data across families;
user groups.

9.

Capability to record transactions against the list of contracts to facilitate reporting on “Spend
under Management”.

Systems

1.

Backward compatible to IE6 / Oracle 11
-
12.

2.

Integration to other systems i.e. Contracts Finder (or its replacement) Dunn and
Bradstreet

&
eSourcing systems (e.g. Emptoris / BravoSolution)
.

3.

Jointly agreed development roadmap and processes


RFC; upgrades; identified release dates etc.

4.

First line support service and helpdesk with agreed KPI’s

and SLAs
.


Security Level

1.

Please see a
ttached appendix which outlines the current security requirements which will be
necessary from contract start.













Appendix A

Security Requirements for Government eMarketplace Provision


The security accreditation requirements for the Government
eMarketplace were initially developed as part of the risk assessment undertaken prior to the
process of letting the original Framework Agreement. They have been further modified and developed during the life
-
time of the contract in response to
both changes

in HMG Security Policies and the requirements of the existing user community who have their own particular needs i
.
e
.

Police Forces and NHS
organisations.


At the heart of these requirements is the ability to pass data securely into and out of a number of

secure Government networks including GSi, CJX, N3 and
PSBA.


Due to the on
-
going security requirements for any replacement system and the exit arrangements within the current Framework Agreement, any
incoming
service provider must be able to demonstrate t
hat they can provide equivalently accredited services to the current service provider (ProcServe).


T
he timescales for a new service provider to achieve the necessary levels of accreditation for these systems is
likely to be,
lengthy with the current estim
ate
being that this
c
ould take a service provider a minimum of 18 months

to achieve
.



Systems and Associated Accreditations


Whilst the main Government eMarketplace platform must be accredited at
IL2 (PROTECT),

there are a number of peripheral systems that are required to
deliver the full Government eMarketplace functionality. These are listed below along with their security accreditations:


GSI Hub

The GSI Hub is a transaction system embedded in the GSI networ
k that enables the passing of data (step
-
up and step
-
down) between the Internet and the
GSI.

This system must be accredited at
IL3 (RESTRICTED)

and authorised to connect to GSI for pan
-
Government use by the GSI AWG (with CESG representation).
It is accred
ited by Cabinet Office.


CJX Hub

The CJX Hub is a transaction system embedded in the GSI network that enables the passing of data (step
-
up and step
-
down) between the Internet and CJX
via the Public Sector Interconnect (PSI). This system must be accredited
at
IL3 (RESTRICTED)

and its authorisation for connection into CJX is provided by the
Police National Accreditor and to GSI by GPS and CESG
.


N3 Hub

The N3 Hub is a transaction system embedded in the N3 network that enables the passing of data (step
-
up and
step
-
down) between the Internet, NHS N3
network and the Public Sector Broadband Aggregation network (Welsh WAN). This system must be accredited at
IL3 (RESTRICTED)

and its authorisation for
connection into N3 is provided by the N3 PSI Change Board

and to
GSI by GPS and CESG

(Communications Electronic Security Group).



NHS Supply Chain Secure Channel

The NHS Supply Chain Secure Channel is a transaction system embedded in the N3 network that provides a secure network solutio
n to integrate with NHS
Supply Ch
ain systems which can only operate with
unencrypted transfers
. This system also provides HMRC compliant e
-
invoices for use within the NHS
community.


XML Firewall

The XML Firewall is a system to provide inspection of data for malicious content and also st
ructural integrity checks on data passing through all of the above
platforms plus the Government eMarketplace core IL2 system. This is a new requirement to align to the CESG Architectural Patt
ern


“Data Import between
Security Domains Issue 1, September 2
011”. This system must be accredited at
IL3 (RESTRICTED)

and is required for assurance purposes to support the
connection via CJX provided by the Police National Accreditor and CESG into Police Force Finance systems operating at
IL2, 3 and 4
.




Security C
learances Personnel


Due to the nature of the security accreditation of the system, this requires that staff at the service provider and their ass
ociated sub
-
contractors with access
to the system and/or documentation require the following security clearanc
es:




All staff

with access to any part of the Government eMarketplace system or documentation requires a minimum of
L1 clearance
.



Any staff designated as a Super User including Application Support, Helpdesk, Implementation Consultants, Developers, Securit
y Officers and any
MIS Users with access to more than one Buying Organisations data will require a minimum of
L2 clearance
.



All sta
ff with access to the Police implementation on Government eMarketplace and its associated data must have both an
NPPV L3 clearance and
an up
-
to
-
date FCO issued L2 (SC) clearance
.



Implementation Timescales


Current estimates are that it would take a servi
ce provider that already has the knowledge of how to implement such systems, a minimum of 18 months to
achieve the required accreditation standards and staff clearances if these are not already in place. These estimates are base
d upon the timescales taken
to
accredit the existing service provider’s systems which included the following activities:




Initial design submission and approvals by GSI AWG, Police National Accreditor and N3 Change Board and CESG IA teams



Production and approval of associated RMADS d
ocuments



Development, system and security testing and transfer to live operations



Formal submission and approval of security accreditation



Formal residual risk assessments by
GPS

and NPIA CLAS Consultants