Request for expressions of interest regarding the provision of technical assistance for the development of the new State Tax Service website

Distribuie prietenilor:


REQUEST FOR EXPRESSIONS OF INTEREST

(CONSULTING SERVICES – FIRMS SELECTION)

 

Republic of Moldova

Tax Administration Modernization Project

Project ID Number: P127734

Loan No./Credit No./ Grant No.: IDA Credit No. 5829-MD, IBRD Loan No. 8625-MD

Reference No.: TAMP/2/CQS-5

 

Title of Assignment: Technical assistance for the development of the new State Tax Service website

The State Tax Service has received financing from the World Bank toward the cost of the Tax Administration Modernization Project and intends to apply part of the proceeds for technical assistance for the development of the new State Tax Service website.

The technical assistance consists of developing the new STS website www.sfs.md, where taxpayers will be able to find useful information on tax administration and will be able to access all the electronic services provided by the authority.

Detailed information is provided in Terms of References (Appendix 1).

The State Tax Service now invites eligible consulting firms to indicate their interest in providing the Services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience mentioned in the attached Terms of Reference to perform the Services. The shortlisting criteria are:

Criteria

Points

1.       

Company’s experience as a web designer and developer using open source technologies proven by at least three (3) contracts with the development phase finalized in the last five (5) years (experience for public institution will be an asset), including inter alia company’s proven experience in:

- required technology stack;

- web UI design and development using responsive frameworks, progressive web apps;

- unit testing, continuous integration, DevOps;

- database design, development and optimization;

- systems’ integration, API design and development using SOAP/REST;

- IT and information security audit (GDPR, ISO / IEC 27002 etc.);

- conducting training sessions for end-users and IT specialists and in on-line training development using e-learning system;

- writing technical and end-user documentation.

70

2.       

Experience in software development using agile software development principles.

30

The attention of interested Consultants is drawn to paragraph 1.9 of the World Bank’s Guidelines: Selection and Employment of Consultants (under IBRD Loans and IDA Credits & Grants) by World Bank Borrowers, dated January 2011, revised July 2014, setting forth the World Bank’s policy on conflict of interest. 

Consultants may associate with other firms in the form of a joint venture or a subconsultancy to enhance their qualifications.

It is expected, that the services will be provided starting from May 2020 and continuing through December 2020, including 4 months for development and 3 months of warranty period.

The Consultant will be selected in accordance with the Consultants’ Qualifications selection method set out in the Consultant Guidelines.

Further information can be obtained at the address below during office hours 08:00 to 17:00 hours (Chisinau time).

Expressions of interest must be delivered in a written form to the address below (in person, or by mail, or by e-mail) by March 13, 2020.

State Tax Service

Attn: Anastasia Movilă, Head of Organizational Management Department

9 Constantin Tanase, Street, 2nd Floor, 224 office, MD-2005,

Chisinau, Republic of Moldova

Phone: +373 (22) 82-33-75

Email: tamp@sfs.md.


 

Republic of Moldova

Tax Administration Modernization Project (TAMP) (P127734)

 

Terms of reference

Technical assistance for the development of the new State Tax Service website

Reference No: TAMP/2/CQS-5

 

      1. GENERAL INFORMATION

Background

The Government of the Republic of Moldova is implementing a comprehensive Tax Administration Modernization Project (TAMP), aimed at reforming the State Tax Service (STS), funded by the International Development Association and the International Bank for Reconstruction and Development. 

The long-term vision supported by the project is a tax administration with simplified business processes, supported by risk-based compliance management, efficient use of electronic communication with taxpayers, qualified and professional staff, contributing to inefficient taxpayer-oriented tax administration. The modernized tax administration will improve the business environment and improve the country's competitiveness.

Electronic communication with taxpayers is done through the STS web page and the electronic services accessible through it. At the moment, the web page is simultaneously a useful information space for taxpayers and a window of electronic services offered by STS, based on two separate solutions and two separate domains. The gradual transition to the expanded digital interaction with the taxpayers requires the combination of these spaces and elaboration of a single counter with a set of useful components for individuals, legal entities, authorities and public institutions and, at the same time, with a set of tools for integration with the future system information of the STS.

Mission objective

The project development objective is to improve revenue collection, tax compliance and taxpayer services.

The objective will be partially achieved by designing and launching a new STS website. In order to accomplish the proposed task, SFS is seeking an ICT consulting company to develop the new STS website www.sfs.md, where taxpayers will be able to find useful information on tax administration (for example, tax law, list of documents the contact addresses of the institution) and will be able to access all the electronic services provided by the authority.

STS is seeking a consultancy company with experience in designing and implementing projects of similar complexity to provide continuous maintenance and technical support services.

Parties involved

The Company that will develop the new STS website (Consultant) will be responsible for execution of this assignment in the process of interacting with the following stakeholders (through STS) in order to achieve the objectives set forth in this document, including:

  • the STS – the client and the effective beneficiary of the new website. The STS will approve / accept the deliverables from consultant.
  • P.I. Center for Information Technologies in Finance - Administrator of the tax information system.

Warranty

The Consultant shall provide 3 months of warranty for the developed solution. The warranty period starts after final release. During the warranty period the Consultant shall fix any identified defects.

Duration of the assignment

It is expected, that the technical assistance for the development of the new STS website will be provided within three months from the contract signing date (7 months: 4 months for development and 3 months of warranty period), estimated period is May 2020 - December 2020.

 

 2. SCOPE OF ASSIGNMENT

The scope of this assignment is to design, develop, configure and deploy the web site as a fully functional product with all functionalities in place, according to the specifications defined by the STS (the set of requirements are listed in Annex 1 and Annex 2) and following the development approach described below.

The portal will have a multi-dimensional structure and allows searching the services by a number of criteria, e.g taxpayers (individual and legal entities, individuals- residents, patent holders, residents and non-residents of the Republic of Moldova, etc.)  category, tax code, fiscal practice database, legislative acts, international treaties, electronic tax service, news, chat bot etc.

The portal will serve as a one-stop space for accessing public information and electronic services provided by STS, accurate, and accessible information to visitors about public electronic tax services.

The development of the solution will be based on following software development principles and must be in compliance with the legal and regulatory documents listed in Annex 3.

Iterative development

The solution shall be developed in iterations named sprints, implementation of different functionalities will take place in phases with some modules being in production while others still being in development. The priorities of functionalities which are included in a sprint will be determined by the STS. Sprint duration will be determined by the STS together with the Consultant.

Agile development

The development shall follow agile principles by allowing change and flexibility in implementation. STS will maintain the master list of generic requirements for the solution– product backlog, which consists of ordered business and technical requirements as seen by the STS. Items in product backlog are ordered by the STS by their priorities. STS is free to manage the product backlog by adding new items to it, removing items and reordering them as it is desired. At the beginning of each sprint, the topmost number (N) of items that fit into a sprint are taken, and a sprint backlog is built out of them. Items in sprint backlog are further detailed and distributed to developers. Sprint backlog is not changed during the sprint.

Working product in each iteration

Each sprint ends up in a working product which is presented to the STS for acceptance in the last day(s) of sprint then uploaded, released and then it will move on to the next sprint. The working product shall meet the agreed criteria – Definition of Done (e.g. it must be fully functional, fully tested, accompanied with relevant unit tests, accompanied with relevant documentation where necessary, complete commented source code supplied etc. as well as uploaded / launched on the new page).

Technology stack

To preserve STS, the solution shall be developed using the latest versions of the following technology stack:

Category

Technology

1

OS

Linux

2

Web server

Apache / NGINX

3

Language

PHP / JAVA / Python/ Ruby

4

Data Base

MySQL / MongoDB/ PostgreSQL

5

Framework

Drupal / Symphony / Laravel / Ruby on rails/ Struts, etc

During the development process, the Consultant or the STS may propose use of additional components required for the development and proper functionality of the solution in production.

 

3. DELIVERABLE

ID

Deliverable

Description

Delivery term

The following reports will be provided during the assignment by the Consultant for each sprint:

1

"Next Sprint Backlog"

Includes the breakdown and estimated duration of the proposed tasks, the resources that STS will provide to the Consultant and / or actions to be undertaken by STS, to be implemented in the first sprint. The document will be delivered electronically and on paper in Romanian.

within 5 days of signing the contract

and

 on the day of submission and reporting of the works performed from the previous sprint

2

Sprint Report

Includes release notes, sprint acceptance minutes, breakdown and duration of tasks implemented during the sprint, velocity, issues and outstanding problems, proposed actions to be taken. The document will be delivered electronically and on paper in Romanian.

within 5 days from the reporting and actual presentation of the works of the sprint

3

The Program / Plan of training sessions

Includes training sessions for target groups, such as web site administrators, service providers, portal managers. Documents will be delivered electronically and on paper in Romanian.

within 5 days from the date of the last sprint presentation

The consultant will provide the following final deliverables for the execution of the contract:

1

Information system

A fully functional information system with all functionalities developed and deployed according to the requirements defined by the STS during the assignment. The Consultant will deliver compliable and documented source code (including third-party tools and libraries, licenses, where applicable and automation scripts). Information and functionalities of the system will be delivered in Romanian, Russian and English.

within 3 months from the signing of the contract

2

Technical and End-user documentation

Documentation developed according to the STS’s documentation requirements defined in Annex 2. It will be delivered electronically (Word, PDF etc.) and in two copies on paper in Romanian, Russian and English.

3

Training reports

Reports developed in accordance with the training requirements of the STS mentioned in Annex 2), like:

-          Materials related to training;

-          Minutes of the training, the lists of participants, test results.

Documents will be delivered electronically and on paper in Romanian.

 

4. QUALIFICATION REQUIREMENTS

Consultant qualifications requirements

The Consultant shall furnish documentary evidence (including information about the completed contracts and contact information of clients from whom the references could be taken or whom the STS may, when necessary, visit to familiarize themselves with the systems put into operation by the Consultant) to demonstrate that it meets the following experience requirements:

  1. Experience as a web designer and developer using open source technologies proven by at least three (3) contracts with the development phase finalized in the last five (5) years.
  2. Experience as a web designer and developer using open source technologies for public institution will be an asset.
  3. Experience in software development using agile software development principles. This qualification shall be demonstrated by presenting the project methodology describing the role of the company.
  4. Certifications in any technology from the required technology stack;
  5. Demonstrated experience using required technology stack;
  6. Experience in web UI design and development using responsive frameworks, progressive web apps;
  7. Experience with unit testing, continuous integration, DevOps;
  8. Proven experience in database design, development and optimization;
  9. Proven experience in systems’ integration, API design and development using SOAP/REST;
  10. Experience of IT and information security audit (GDPR, ISO / IEC 27002 etc.);
  11. Proven experience in conducting training sessions for end-users and IT specialists and in on-line training development using e-learning system;
  12. Proven experience in writing technical and end-user documentation;

Staff qualifications requirements

The Consultant shall provide a team of the following key experts:

  • Key expert 1. Team Leader/Scrum master
  • Key expert 2. Web Developer/ Designer
  • Key expert 3. Integration Specialist
  • Key expert 4. Database Developer/ Software Developer
  • Key expert 5. DevOps Specialist/Software Developer
  • Key expert 6. Data Protection Specialist/Trainer
  • Key expert 7. Software Tester/Trainer

 

5. CLINT"S INPUT

The STS will provide support for the meeting space, meeting agenda and logistics. In order to enable the Consultant to achieve the objective of the consultancy, the STS will provide the Consultant with the:

  • infrastructure resources for testing and production environments;
  • code deposit, issue tracking system, CI/CD environment.
  • Training facilities.
  • The content of the web page (such as: tax forms, newsletters, guides, files, etc.) can be taken from the existing web page, consisting the approximate amount of:

- over 2,000,000 symbols

- 5000 grid tables

- 2000 news

- 5000 pdf files - tax reports, instructions, laws, orders etc.

- 1000 text files - Word, Notepad

- 1000 table files - Excel

- 500 presentation files - Powerpoint

- 5000 photo files - jpg, png, gif, tiff, bmp, etc.

- 500 video and audio files - mpeg, avi, mkv, mp3, flac etc.

During the definition of the sprinting and reporting requirements, amount of information and files can be adjusted, according to the needs found during the implementation.

 

6. WORKING ARRANGEMENTS

The Consultant shall be responsible for all logistics and accommodations that will be required to perform the assignment, as well as interpretation and translation services, if needed.

The Consultant will ensure visits to the STS site to provide training to end users.

The language of communication during the assignment is Romanian.

The Consultant shall demonstrate a high-level professional behavior in its working relationships with all relevant stakeholders in performing this assignment.

To ensure that Consultant is in position to deliver on time working products, a STS team will interact with Consultant for answering eventual questions and coordinate all issues related to the technical elements of the assignment.

The documents will be delivered to the State Tax Service, indicating the name of the head of the institution, which will further ensure the dissemination of the information to the parties involved in the process.

The Consultant will report directly to the person designated by the STS, supervising the project implementation work.

Consultant will deliver the Technical and End-user Documentation for acceptance. STS will review the Documentation internally and prepare the list of comments or accept the document.

STS will deliver to Consultant the consolidated list of comments within 10 days after receipt of the Consultant’s Technical and End-user documentation.

Consultant will review the list of comments and modify/complete the report within 5 days after receipt.

 

Annexes

Annex 1. Business Requirements

This Annex describes the Functional Requirements of web site. Functional requirements identify what the system does, they define a specific function that sets what the system is supposed to accomplish.

The Functional Requirements are defined using User Stories. Each user story is described as a need of an identified user.

Public User

     ID

DescriptioN

US-PU-  1.001

Public User should be able to search for services through a list of pre-defined filters so that I can identify the needed service without entering any search criteria.

US-PU-1.002

Public User should be able to apply filters in any of the available languages (at least Romanian and Russian) so that I can understand all the results.

US-PU-1.003

Public User should be able to view and read the results of the query so that I can assess if they correspond to what I needed.

US-PU-1.004

Public User should be able to return to previous levels of the filters hierarchy so that I can re-submit the search query if the results are not satisfactory.

US-PU-1.005

Public User should be able to access the links included in the results obtained so that I can retrieve the information I need.

US-PU-1.006

Public User should receive an ‘’Error 404: Not found’’ in case the result of my search query is a broken link so that I can be aware of that fact.

US-PU-1.007

Public User should be able to provide his feedback anonymously so that he can protect his personal information.

US-PU-1.008

Public User should be able to provide my feedback in any of the available languages (at least RO, RU, EN) so that he can use the language he feel more comfortable with.

US-PU-1.009

Public User should input a search query expressed by providing relevant keywords so that he can get relevant results.

US-PU-1.010

Public User should be able to use a list of autocomplete/suggestion keywords so that he can express my query easily.

US-PU-1.011

Public User should be able to use any of the available languages (at least RO and RU) so that I can express my query.

US-PU-1.012

The results of Public User queries to be structured so that he get it in the shape of a result list that shows the metadata and links to the relevant web resource on a Service Provider website, ordered by relevancy.

US-PU-1.013

Public User should be able to use custom filters, so he can query in a more specific way.

US-PU-1.014

The results of Public User queries to contain a link to corresponding services so that he can access the corresponding services information.

US-PU-1.015

The results of Public User queries to be ordered by relevancy so that he can perform a helpful search.

US-PU-1.016

Public User should be able to filter his query by any of the web site registered classification (ex. Service, Service Type, STS Service Provider, last update date, type of document, most rated) so that he just retrieve the filtered information.

US-PU-1.017

Public User should be able to save locally or print any of the search result so that he can use the information offline.

US-PU-1.018

Public User should be able to authenticate to web site, so that he can acces the Authenticated user functionalities.

US-PU-1.019

Public User should be able to search for life event through a list of pre-defined life events so that he can identify the needed services.

US-PU-1.020

Public User should be able to search for business event through a list of pre-defined business events so that I can identify the needed services.

US-PU-1.021

Public User should be able to interact with a chatbot tool using natural language so that I can find general information about services, life events and business events based on provided information such as age, social status, marital status etc.

US-PU-1.022

Public User should be able to give access to my location, so that he can get personalize information about Service Providers working hours and locations near me.

 
Authenticated User

ID

Description

US-AU-2.001

Authenticated User should to be able to provide my feedback on quality and availability of the services provided through the web site and of the common user interface, so that my feedback can be considered for future improvements.

US-AU-2.002

Authenticated User should  be able to interact with a chatbot tool using natural language so that he can find information about services, life events and business events related to my status (age, social status, marital status etc.)

US-AU-2.003

Authenticated User should  be able to configure my own workspace in portal so that he can setup and configure some preferences using web site (ex. notifications, favorites).

 
 
Service Provider

ID

Description

US-SP-3.001

STS Service Provider should be able to login into the web site, so that he can have access to all functionalities associated to my role.

US-SP-3.002

STS Service Provider should be able to manage services he is responsible in any of the available languages so that others can understand them.

US-SP-3.003

STS Service Provider should be able to upload items to a service so that others can access or download them.

US-SP-3.004

STS Service Provider should be able to view uploaded service items so that he can consult them.

US-SP-3.005

STS Service Provider should be able to communicate with other Service Providers through a communication system so that he can exchange information.

US-SP-3.006

STS Service Provider should be able to request and have access to a report on feedbacks on quality of services managed by me so that he can have information to support my decisions.

US-SP-3.007

STS Service Provider should be able to print the reports and download the data so that he can work offline.

US-SP-3.008

STS Service Provider should be able to manage the service links (legal, corresponding services etc.) so that the links can be crawled.

US-SP-3.009

STS Service Provider should receive a notification of approved changes of services managed by me so that he can get information that my changes were approved.

US-SP-3.010

STS Service Provider should receive a notification of rejected changes of services managed by me so that he can revise and change them.

US-SP-3.011

STS Service Provider should be able to deliver to the web site the user feedback data collected at Institution level, so that it can be taken into account to improve quality and availability of the services.

US-SP-3.012

STS Service Provider should be able to indicate georeferenced locations, so that the Users are displayed information about the locations closest to them (working hours, Address, etc.)

US-SP-3.013

STS Service Provider should be able to manage life and business events by adding or removing life event related services and relations between them so that they will be available to users.

 

Portal administrator

ID

Description

US-PA-4.001

Portal Administrator should be able to login into the web site System so that I can have access to all functionalities associated to my role.

US-PA-4.002

Portal Administrator should be able to view, create, delete or update role assignments for users so that the user's interaction with the system is controlled.

US-PA-4.003

Portal Administrator should be able to create, view update or delete languages so that the languages can be available and used for localization by the system.

US-PA-4.004

Portal Administrator should be able to create, view, update or delete classifications so that the classifications are available to be used by the system.

US-PA-4.005

Portal Administrator should be able to create, view, update or delete links to a web resource on a Service Providers website so that the classifications are available to be used by the system.

US-PA-4.006

Portal Administrator should be able to create, view, update or delete classification of feedback on quality so that the classifications are available to be used by the system.

US-PA-4.007

Portal Administrator should be able to CRUD (Create, Read, Update, and Delete) classifications of statistics so that the statistics can be analyzed more easily

US-PA-4.008

Portal Administrator should be able to communicate with other users through a communication platform so that he can exchange information.

US-PA-4.009

Portal Administrator should be able to request and have access to a report on statistics of defined indicators so that he can have information to support my decisions.

US-PA-4.010

Portal Administrator should be able to request and have access to a report on feedbacks on quality of published services so that he can have information to support my decisions.

US-PA-4.011

Portal Administrator should be able to print the reports and download the data so that he can work offline.

US-PA-4.012

Portal Administrator should be able to manage feedbacks so that the feedbacks can be analyzed more easily.

 
 
Portal Manager

ID

Description

US-PM-5.001

Portal Manager should be able to login into the web site, so that he can have access to all functionalities associated to my role.

US-PM-5.002

Portal Manager should be able to view, create and delete role assignments for Service Providers so that the user's interaction with the system is controlled.

US-PM-5.003

Portal Manager should be able to view the complete or filtered users’ lists so that he can have necessary information about users.

US-PM-5.004

Portal Manager should be able to approve Service Providers’ requests for submitting service passport changes so that the updated information can be available in ITMS System.

US-PM-5.005

Portal Manager should be able to reject Service Providers’ requests for submitting service passport changes indicating the reason so that Service Provider will be able to correct the errors.

US-PM-5.006

Portal Manager should be able to communicate with other users through a communication system so that he can exchange information.

US-PM-5.007

Portal Manager should be able to track each Service Providers' progress towards publishing and updating the provided services passports so that he can have complete information about the progress.

US-PM-5.008

Portal Manager should be able to generate a report on feedbacks on quality of the published services so that he can have information to support my decisions.

US-PM-5.009

Portal Manager should be able to print the reports and download the data in an open format (ex. *.csv) so that he can work offline.

US-PM-5.010

Portal Manager should be able to forward the feedbacks on obstacles accessed to a Service Providers so that they can analyze them.

US-PM-5.011

Portal Manager should be able to consult an online overview on the obstacles identified through the End users’ feedbacks, so that he can verify that the information is provided correctly to the End users.

US-PM-5.012

Portal Manager should he want to be able to export the reports in a PDF format, so that he can save it for myself and share it.

US-PM-5.013

Portal Manager should register new Service Providers, so they will be able to manage their services.

US-PM-5.014

Portal Manager should be able to assign new users to web site, so they can be assigned to one role.

US-PM-5.015

Portal Manager should be able to visualize and export the complete user list, users’ lists filtered by Service Providers, by Services and by role so that he can search easily a user.

US-PM-5.016

Portal Manager should be able to manage service categories so that Service Providers will be able to add their services to available categories. 

US-PM-5.017

Portal Manager should be able to manage life and business events by adding or removing life event related services and relations between them so that they will be available to users.

 

Annex 2. Technical Requirements

1.      Documentation requirements 

User Documentation 

The Consultant will prepare and deliver the following documentation for end-users: 

  • Interactive guidance included in user interface of web site adjusted to user role (Public user, Authenticated User, Service provider, Web site Administrator, Web site Manager) 
  • Downloadable user manuals in PDF format for Service Provider, Portal Administrator, etc. 

How-To video tutorials 

The Consultant will prepare How-To video tutorials for ITMS main functions. 

Technical documentation 

The Consultant will prepare and deliver the following technical documentation: 

  • System architecture documentation (including description of models in UML language, which will include a sufficient level of details of the system architecture) 
  • Test strategy document
  • Compilable and documented source code for applications, components and unit tests developed within the project  
  • System installation and configuration manual (including code compilation, container image build scripts, system installation, hardware and software requirements, platform description and configuration, backup and disaster recovery procedures) 

API documentation 

The Consultant will prepare and deliver: 

  • API integration guide  
  • Integration samples in PHP and JavaScript  
  • Human and machine-readable description in a standard description language (e.g. WSDL or Swagger). 

Sprint documentation

The consultant will prepare and provide the following sprint documentation:
"Next Sprint Backlog", which includes the breakdown and estimated duration of the proposed tasks, the resources that STS will provide to the Consultant and / or actions to be undertaken by STS.


Sprint report, including release notes, sprint acceptance minutes, breakdowns and duration of tasks implemented during the sprint, outstanding issues, proposed actions to be implemented

    
2. Training requirements 

Training sessions 

The Consultant will provide training sessions for target groups such as web site Administrators, Service Providers, Portal Managers. 

Training reports

Training programs– minutes of training, lists of participants, (manuals, video tutorials, quizzes, PowerPoint etc.) for administrators, services providers, portal managers and end-users (individuals and businesses). 

All training content/materials will be provided in Romanian. 

 
3.  Rights requirements 

Perpetual software license 

The Consultant grants to the STS the rights to run and use entire solution with all included software components with no constraints on time, location and offered functionality.  

Redistribution rights 

The Consultant shall grant to the STS the right to re-distribute the solution.  

While the STS does not intend to re-distribute at a massive scale it still envisions the need to transfer the software solution to another state agency due for example to potential reorganization. Also, the STS might get the opportunity to re-deploy the entire e-Government platform elsewhere. 

Full data rights 

The STS keeps full rights on data created by the means of this solution. 

Open data format 

The solution preserves the data in an open format or includes mechanisms to extract data from the system in an open format thus enabling the capability to transfer/migrate the data into another system. 

 
4.   Architecture requirements 

Open standards 

The solution architecture shall be based on relevant open standards. The solution architecture shall not use proprietary standards. 

Service Oriented Architecture 

The solution shall be based on a Service Oriented Architecture. 

Hosting environment 

The solution shall not include any hardware components and upon finalization will be deployed on governmental cloud environment (MCloud). 

Running environment 

System shall run on Docker container engine and shall not depend on specific host OS instance. Building container images shall be automated. (refer to the following link for details: https://docs.docker.com/develop

Running in a container-based environment, the application must be elastic, including when adding/removing application container instances (above minimum required instances for HA), changing of configurations and system parameters has no impact on any work in progress, such as any active sessions, requests, etc. 

Multiple sites 

The solution architecture shall ensure high availability (functional availability will be provided by CTIF, therefore, the availability is on average 96%, and their accessibility is 24/24, 7 days a week, 365 days a year.) including during new versions deployment and the possibility to run simultaneously on multiple sites 

Browser compatibility requirements 

The system shall be compatible with latest two major versions (to be considered at the time of system acceptance) of following web browsers: Chrome, Safari, FireFox and Edge. 

Detailed data model 

System's detailed data model shall be described fully in a machine-readable data scheme for example using a DDL language for relational databases.  

The Consultant shall coordinate the detailed data model schema format with the STS in advance. 

 
5.   System Integration requirements 

Governmental platform services integration 

MPass shall be used to authenticate users;

MLog shall be used to journal business critical events. The events that are business critical will be defined at analysis and design stages and must be configurable;

MNotify shall be used for notifications.

Open data integration 

Web site shall publish agreed sets of data in a machine-readable format to Open Data portal located at date.gov.md using its API. 

Web site shall provide integration between Fiscal practice database and Telegram chatbot.

Integration with electronic services

The site will be the gateway to the electronic tax services provided by STS to taxpayers.

Access to the electronic tax services will be performed from the compartment intended for them, from the personal tax office of the taxpayer, depending on the status, role, etc.

The system will be integrated with each existing electronic service in the current STS system, available on the portal.  www.servicii.fisc.md. The integration of the portal with the current services will be realigned by the Consultant, including IP Center for Information Technologies in Finance.

Integration with social media platforms

Ability to incorporate all the network’s social media platforms (Facebook, Twitter, YouTube, etc.) with live update options.

Incorporate Google analytics

 

6.   System Performance requirements  

Asynchronous processing 

System shall use asynchronous processing whenever possible to perform any input-output.  

Concurrent users 

The system standard load and performance shall be guaranteed for 100 concurrent human users. 

Response time 

Response time for system functions shall be under 3 (three) second. The Consultant shall list the exceptions, if any, and discuss/agree them with the STS at analysis and design stages. 

Key performance Indicators 

The system shall meter and expose its key performance indicators. The Consultant shall propose the list of indicators and discuss/agree them with the STS. 

 
7.   User Interface requirements 

Multilanguage User Interface 

The system shall support multilanguage user interface. This support includes data type specific formats (such as date, time, time spans, currencies, etc.). The system front-end interface will be delivered with at least Romanian, Russian and English interfaces. The system back-end shall be delivered at least in Romanian. The default language for User interface shall be the Romanian.  

User Interface accessibility  

User interface shall conform at least to Level A of Web Content Accessibility Guidelines 2.0. 

https://www.w3.org/TR/WCAG20/ 

The accessibility of the website will be ensured for different categories of users with deficiencies (visual impairments, hearing impairments, etc.).

Responsive/Adaptive design 

The system user interface shall automatically adapt to various display resolutions. Minimal display width is 480px. 

The system’s UI shall be implemented using progressive web application (PWA) technologies and shall be functional on mobile devices.  

Contextual help 

User Interface elements shall include Tips and Hints for user interface elements.  

STS support 

All pages shall include STS support contacts. 

Bookmarks 

All major web site pages shall be bookmarkable and the User shall be able to access bookmarked pages later. 

The bookmarkable pages will be defined at analyzing stage. 

Friendly URLs 

Web site shall use friendly URLs for accessing its pages. 

 
8.   System maintenance requirements 

System logs 

The system shall log its various actions and events in a structured manner. Logging shall be configurable and based on extensible logging framework (such as log4net, nlog, etc.). Logging framework shall minimally support JSON format and the following targets: console, rolling files, UDP and HTTP POST. 

Log levels and event log records 

The system shall differentiate events and actions it logs into at least following levels: Critical, Error, Warning, Info, Debug 

Critical and Error level events shall be logged only for non-recoverable error that require human intervention. 

Event log records will include at least: 

  •  the type of the event 
  •  timestamp when the event took place 
  •  event level 
  •  system component that produced the event 
  •  user/user agent, IP that triggered the event 
  •  information object identifier affected 
  •  textual details about the produced event 

Graceful shutdown 

The system shall implement graceful shutdown, i.e. shutting down an application container instance at any time shall not impact any work in progress, such as any active sessions, requests, event logs, etc.  

Source code 

The Consultant shall supply all the source code for system components that are not available as COTS from third parties. 

The source code shall use package managers for dependencies to 3rd party libraries. All prerequisite software must be part of container image definition and based on public container repository. 

System deployment 

The Consultant shall supply the deployment procedure and supporting tools for this. Deployment procedure shall cover all the prerequisites before proceeding to system installation. The deployment shall be automated and include database structure initialization and seeding. 

System upgrades 

System upgrades shall be automated, including database upgrade/downgrade scripts or code. To enable rolling upgrades in production environment, the recommended practice is to perform database breaking changes in incremental changes. 

 
9.    Security requirements 

Secure architecture

The system shall be secure by design and comply with the relevant requirements specified in GD 201 from 28.03.2017 (http://lex.justice.md/md/369772/).  

The Consultant shall supply documentation describing this design and supporting evidences that such a design is secure.  

the Consultant will coordinate with the STS the format of the documentation, supporting evidence and list of requirements to comply with. 

Least privilege principle enforcement

The system's components shall rely on the least privilege principle and run under such a limited privilege account under the OS rights model. 

The documentation shall highlight each of the system's components required privilege level and considerations that force use of that level or access. 

Secrets and addresses

Secrets (passwords, private keys and certificates, connection strings) and addresses of external services shall be clearly delineated in configuration documentation and easily modifiable via automated scripts. 

Secure communication channels

All system's communication with external systems or users takes place over encrypted communication channels.  

No Username/Password authentication

The system shall rely on authentication via MPass for tax digital services. and other forms of user authentication for public acces information.  

Minimize personal information storage

The system shall minimize the amount of personally identifiable information stored. For example, there is no need to store a user's First and Second names since this will be provided after authentication by MPass. 

The system shall comply with the relevant requirements related to personal data processing specified in GD 1123 from 14.12.2010 (http://lex.justice.md/md/337094/

the Consultant shall coordinate with the STS the list of requirements to comply with. 

Secure against OWASP Top 10 vulnerabilities 

The system shall include security controls for all its components for at least OWASP Top 10 vulnerabilities. Refer https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project 

Health-check API  

The system shall expose readiness and health-check API via a HTTP GET requests. The health-check shall check the health of as many system components as possible. In case of health check error, a human-readable error message shall be returned. 

Users’ roles management 

The users and their roles will be managed in MPass. The system shall retrieve the users’ roles from MPass.  

Session expiration 

The system shall include a session expiration mechanism when after a specific period of inactivity, the user is required to authenticate again. The period of inactivity shall be configurable and by default it is 15 mins. 

Input validation 

All input data shall be validated on STS server side.  

User content 

User content can be captured in text format only. The system shall forbid entry of special characters used for formatting and markup of special Web content. 

Otherwise all UNICODE characters shall be possible to enter/view by system's components. 

Unauthorized access attempts 

Unauthorized access attempts 

When the system registers unauthorized access attempts it shall: 

  • log such attempts with at least ERROR level 
  • provide users with a warning message that access is not authorized and that abuse will be investigated 

Data integrity 

The Consultant will ensure data integrity by providing appropriate solution for prevention of unauthorized internal activities (for ex. deletion of authorizations records directly from database). 

 
10.  Support and Warranty requirements  

Support 

  During the warranty period the Consultant shall provide necessary technical assistance to the STS; 

Warranty 

  During the warranty period the Consultant shall: 

  • fix all defects reported by the STS; 
  • solve all incidents reported by the STS according to the agreed SLAs; 

Note: The response and resolution time shall not exceed 60 minutes for non-critical errors and 15 minutes in case of critical errors. 

The incidents shall be solved within 2 working days for non-critical errors and within 4 working hours for critical errors starting from escalation time. Hourly progress report will be provided for critical errors. 

 

Annex 3.Relevant legal codes and regulations 

  1. Tax Code No. 1163-XIII of 24.04.1997

https://www.fisc.md/Upload/LinkedPDF/Tax%20Code2.pdf

  1. Law nr.71/2007 on registries - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=325732.
  2. Law nr.1069/2000 on informatics - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=312902.
  3. Law nr.467/2003 on informatics and state informational resources - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=313189.
  4. Law nr.982/2000 on access to information - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=311759.
  5. Law nr.133/2011 on personal data protection - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=340495.
  6. Law nr.142/2018 on data exchange and interoperability - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=376762.
  7. Government Decision nr.710/2011 on approving strategic Programme of technological modernization of government (e-Transformation) - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=340301;
  8. Government Decision nr.1140/2017 on approving the Regulation
    of the activity of the certification service providers in the field 
    application of the electronic signature - http://lex.justice.md/md/373494/. 
  9. Government Decision nr.1141/2017 on approving the Regulation on modality of application of the electronic signature on electronic documents by functionaries of legal persons governed by public law in the electronic document circulation - http://lex.justice.md/md/373495/. 
  10. Government Decision nr.1123/2010 on approving requirements regarding security of personal data during its processing by systems designed to work with personal data - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=337094.
  11. Government Decision nr.128/2014 on Government single technological platform (MCloud) - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=351760.
  12. Government Decision nr.1090/2013 on the governmental electronic service of authentication and access control (MPass) - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=351035.
  13. Government Decision nr.405/2014 on the governmental electronic integrated service for digital signature (MSign) - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=353239.
  14. Government Decision nr.708/2014 on the governmental electronic journaling service (MLog) - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=354589.
  15. Government Decision nr.916/2007 on the concept of a Government Portal - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=324962.
  16. Government Decision nr.330/28.05.2012 on development and administration of a single public services portal - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=343406.
  17. Government Decision nr.701/2014 approving the Methodology of government open data publication - http://lex.justice.md/index.php?action=view&view=doc&lang=1&id=354534.
Alte articole:

Distribuie prietenilor:


Articolele publicate din 1 iunie 2020 nu au fost supuse verificarilor

Administratorii portalului nu poartă răspundere pentru conţinutul postărilor şi materialelor plasate de utilizatorii site-ului. Utilizaţi informaţia din acest articol pe propriul risc.

logoStarNet

Hostingul si serviciile internet pentru administrarea portalului CIVIC.MD sunt oferite gratuit de compania Starnet