 |
 |
 |
 |
 |
 |
 |
 |
 |
|
QUESTIONS AND ANSWERS - Summary NOTE: Only questions submitted on line to info (at) eGov dot org dot mk can be answered.No discussion with any staff member of the team, or the Parnter insitution identified in the request for proposal document, is allowed in order to clarify any issues related to the tender. Online Registration/ Termination of Employment within the private sector -June 28, 2007 1. You are mentioning several institutions that will use the system. Also (on page 4), you are mentioning “The submitted information is stored in a central database and simultaneously distributed by the system to all institutions involved.” Would you expect that the data is distributed by, for example, sending e-mail, or by other data exchange technologies. If latter, could you please explain what kind of technologies for data exchange are available in these institutions? A. By other data exchange technologies. It is expected that the bidder propose possible data exchange protocols over the Internet. 2. On page 5, chapter Access Rights, you are mentioning “No registration into the system is foreseen by the entity submitting information about new or terminated employment.” Could you please advise if the system is planned to cope with the possible abuse ? If positive, which mechanisms are foreseen in system design to avoid abuse. A The bidder is encouraged to propose solutions how to secure the system from abuse 3. What is the expected number of users (accounts)
in the system? A: There will not be any user accounts for
the companies. All companies in Macedonia should have possibility
to send data without any prior registration in the system.
4. Roughly, what is the expected number of
accounts per institution? A: Institutions will receive information
in standard XML format. There will not be need for classical user
accounts. The processing of received information at each individual
institution should not be part of this application. 5. How many users should be expected to be
trained? A: Please refer to the section XI. Training
from the SD. Training materials (manuals) for the system administrators and for the administration officers shall be provided both in paper and electronic form in Macedonian language. The software developer shall provide user manuals and simple demo instructions for the end users companies/employers which will be available at the Web site of the ESA.” 6. Can you explain how the information shall be submitted over the mobile phones? Is SMS registration/termination acceptable/sufficient or more sophisticated mobile service is required and needs to be developed in addition to the WEB solution? A: The bidders are welcomed to propose any solution. 7. Which system role will be responsible for administering all the institutions (e.g. adding / removing other institutions, etc)? A: Administrator from the hosting institution. 8. Do you have any particular requirements regarding the GUI design? A: Simple and user friendly. 9. What is the hardware infrastructure at the Agency that will host the solution? A: This will be additionally determined, when the hosting institution is identified. 10. Because the system will be integrated with other external systems, please provide us with information about those systems (if available), and what kind of interfaces for integration do they support? A: The application should submit employment registration/termination data in standard XML format. Each institution is responsible for receiving and further processing of the data. 11. In page 4 in SD – “The system
will not cover any further processing of the information within
any of the connected institutions but should permit easily added
modules for further processing”. Could you describe if possible,
in short what kind of processing is planned for future? A: The application should be designed to
be open for further upgrades and integration with other systems. 12. Does the system need to generate some
specific output file or it need to have some specific interfaces
in order to make synchronization with other systems (e.g. State
Institutions)? A: File or interface, the bidders are encouraged to propose what they consider appropriate. 13. The current procedure for registering/terminating employment includes 3 paper forms (M1, M2 and M1/M2). The M1/M2 form is presented in original form in visa applying process for Macedonian citizens to confirm employment, and sometime in tender procedure to provide evidence for some employee. Do the proposed system should provide services for third parties for confirming employment contract of some person with the employer, in electronic or/and paper form? A: The bidders are encouraged to propose additional features which can be beneficiary for the companies and citizens. STUDENTS' BENEFITS ON-LINE - March 2007 1. From where will this system will be accessible
or be a part of? - Not decided at this stage. 2. This system should exist as a separate website or should be integrate with some other system? - The bidder is invited to offer suitable solution. 3. Can you describe how the Personal Identification Number (PIN) shall be use in verification of the submitted application form? - The system should give possibility to applicant to you his/her PIN number as identification, and the system shall automatically check validity of this number. 4. What type of data, privacy policy should
contain? - Text display. - The system should provide just a list of students granted for
lodging. - The system only gives a list of students granted for lodging not the specific rooms. 5.2 How the system should handle exchange
in case two students decide to switch the dormitory or rooms? - The system will not cover possible exchange of lodging between students 6. The documentation should be on Macedonian
or English language? - The Bidding documentation in English. 7. Do you plan to upgrade to Microsoft Office
SharePoint Server 2007? - No plans for upgrade for the time being. 7.1 If yes will it be an Intranet or public Internet type license? 7.2 Do you plan to upgrade MS Office version
to 2007? (including InfoPath 2007)? - NO plans for upgrade for the time being. 7.3 Do you plan to use MS InfoPath as form
designer with combination with SharePoint? - The bidder is invited to offer suitable solution. 7.4 Do you plan to use workflows for publishing
the forms and reports? - The bidder is invited to offer suitable solution. CENTRAL REGISTER - ONLINE SUBMISSION AND PROCESSING OF ANNUAL ACCOUNTS - February'07 1. Can the bidder use personal references instead of company ones? If yes, can these references be presented in the company reference list form published on your web site? For example, in the Summary of Project field, can we along the project summary explain the role of our current employee in that particular project? The e-Gov Project cannot accept references from the individual software developers that had previously worked in other companies and now are working for the bidder. 2. Since the bidder must be a Macedonian company, can we use the references of our foreign contracting partners? The e-Gov Project will accept references from the foreign company-member of the consortia (contracting partner), regardless of the facts that the Macedonian company is the leading partner and has no references of its own. 3. What type of relation with our foreign partners should we present (joint venture, subcontracting agreement, etc.) The type of relationship between the Macedonian and foreign company
is irrelevant, as long is the following has been respected: 4. When the annual accounts are submitted in a paper form 2 signatures are required, one from the authorised person from the legal entity, the other one from the authorised accountant. Should this principle of double signature be implemented in the online system for submission of annual accounts, i.e. will 2 digital certificates be necessary? Depends on the proposed solution by the bidder. CR has no firm opinion on this and it is up to the bidder to propose. However, the possibility of compulsory usage of digital certifies should be taken into consideration in the proposed solution. 5. Should the e-mail communication between
the CR and the end users (entities) for confirmation of submission
of annual account be verified by digital certificates? Yes, it should be verified that the e-mail confirmation is sent
by CR, in other words, it should be digitally signed and certified. 6. Will the user (entity) that will register
to submit annual accounts for several companies/legal entities need
to pay the annual fee for each company? Yes, the annual fee should be paid by the registered user for each company. 7. Is the payment per company/legal entity
or per user? The payment of the annual fee for submission of the annual account is per company/legal entity, not per user, since it is possible one user to submit annual accounts for several legal entities. 8. Will the registered user for several companies
have one user/pass account or the user will have different user/pass
for each company? The user should have one user/pass account regardless whether it
is authorized to submit only one or annual accounts for several
legal entities. But the system should be able to identify/ to know
for which companies/legal entities the user can submit annual account,
in other words, to permit or to deny submitting. 9. What does the unique reference number mean? Is it the CR responsible for its generation? Does the system have to implement the logic for its generation? For every form there is Unique ref.number (URN) prescribed that identifies the form. For example, 451 is URN of the annual account form for the small companies. The text/number fields in every form also have its own URN (for example, AOP278 describes the total loss for the current year). No, the URN is prescribed by the Ministry of Finance. No, the system
should have logic for checking different "AOP" - arithmetically
and logically. 10. Do the forms once archived can be re-used
in the future? Theoretically yes. It is the Ministry of Finance that decides upon
this. 11. Is there a possibility for editing the
database of the already existing application for the needs of the
e-submission application? If yes, what kind of possibilities will
be included? 12. Is the digital signature required? If yes, do we need to provide them or CR will supply them? Digital certificates as a method of authentication in the online
system should be implemented, but the Contractor will not be required
to provide certificates for the users.
IT SECURITY AUDIT - e-TAX February 2006 1. Our firm is a globally integrated
network of firms. When we apply for a tender in a specific country,
our usual strategy is to use our local branch as the legal bidder
and to bring in credentials and experience from our As long as the by the bidder proposed contractor is either registered in USA or in Macedonia that company may use partners from other countries, except of course from countries any USAID project is prohibited from working with. It must be clear by the submitted information that no partner comes from any of those countries. The requested information about registration should focus on the partner to be the contractor. Any relevant reference from previously conducted work or international competence that will positively affect the completion of the task here can be used. 2. The offer and the audit report shall be both written in English. Please explain what do you mean by audit report? Shall an example of the audit report be submitted as part of the offer? The final audit report will be prepared after the whole audit is finished. The Contractor will be requested to document its finding by the audit in a written report. The information in the Invitation to Bid states that this document shall be written in English. The Invitation to bid does not include any request for any example of audit report to be submitted together with the bid. 3. Our company is a local provider
of IT services and consulting for IT systems, and part of this is
the IT Security Check. Please explain what do you mean by auditing
companies? Only companies duly registered as having auditing as its main activities are invited to submit bids. “Auditing” in this context is not restricted to IT security auditing but the Invitation to Bid requests the bidder to document its experience of such auditing. 4. Do you limit the penetration testing to the infrastructure layer, therefore application level security tests are not included? Penetration test should be performed on the infrastructure and application level. 5. In your document it states that the auditors should master the Macedonian language in written form. Is the application written using the Macedonian language? Yes There are 8 external IP addresses 7. Approximately how many hosts are expected
to be found? Two hosts 8. Do you wish to have Client-Side attacks
performed? Not at this stage 9. What language is the application written
in? e-Tax services application is developed in Java, with Websphere application server. 10. What type of profile are you looking
to have the auditor use during the assessment? Anonymous or Authenticated? Both 11. For Anonymous profile: How many input
pages will the examiner have access to before being prompted with
log in? Only one page 12. For Authenticated: How many different
user profiles are there? In eTax services application there are two different profiles: system administrators and tax payers. Within each profile, users with different privileges are assigned. 13. How many different user profiles do you
want tested? Both, system administrator and tax payers 14. Will the auditor be expected to perform examination of the application design and support documentation or source code? The auditor should examine the functionality of the software application, not the source code. 15. Please clarify what you mean by “historical data” including the period for which historical data is available? This means analysis of data stored on the server since the official launch of the system in July 2006 (excluding data submitted by the taxpayers) which can be related with security issues. 16. Will the auditor be expected to include, in the scope of penetration testing, wireless networking or remote access servers, if such exists. Wireless networks or remote access servers should not be included in the penetration test. 17. Do system administrators and taxpayers use separate clients for login and working with the system? The e-Tax application is web based application and the only one client for all users is any web browser.
ACCOUNTABILITY THROUGH TRANSPARENCY November 2006 1. Can the bidder base the offer on a ready
made software solution commercially available on the market, for
which source code is not available? 2. Regarding deployment, should it be implemented
on one central server for all municipalities, or on more local servers,
one for each municipality? 3. Do the municipalities have licenses for
SQL Server? (If yes, for which version of SQL Server they have licenses? 4. Do the municipalities already have an
existing Back-Up system or the idea is to make it centrally, for
all municipalities? 5. Will the municipality's infrastructure
be used for hosting, too? 6. Should there be an administrator's approval
before putting all the posts from the citizens on the site, or they
should be put on-line immediately? 7. Who will approve the proposed issues (by
the Council members and the citizens) for the next Council meeting? 8. Which municipalities will be covered?
Are they in Skopje or across Macedonia? 9. You are mentioning the implementation
in one municipality, and after that in 5 more. What about additional
municipalities? Implementation? Training? e-CEMT LICENSES October, 2006 1. In Phases Diagram (System Description
document, page 8) there are some functionalities which are not specified/described
in the chapter 5 "Architecture of the software solution"
paragraph 5.1.6 Module VI - Inputting granted CEMT license into
system (i.e. Phase 3.1 - Intermediate for additional requests from
transporters - Internet web page of the Ministry, Submitting request
for exchanging licenses between transporters (electronic board)).
Chapter 5 of the System Description, Architecture of the Software Solution, described modules in that chapter is what has to be developed and implemented. Other chapters and charts only describe the present process as reference to the bidders. 2. In System Description document, 5.1.1
"Module I Planning and ordering of CEMT licenses", page
9 is specified that one of parameters used for planning is ""...-
criteria/formulas determined and sent by the CEMT organization;".
"Criteria/formulas determined and sent by the CEMT Organization" means that the criteria which actually are mathematical formulas, change every year by CEMT Organization, and every year CEMT Organization send this criteria, that is, formulas to its member countries to plan their request/order of CEMT licenses. 3. In the System Description document, page 12, 7.1 Possible Authentication mechanisms it is specified that the system should support also Digital Certificates. Does the MoTC have a Digital Certificates solution already implemented? MoTC does not have any PKI software. The software solution should support digital certificates issued by CAs registered in Macedonia. 4. In the System Description document, page
12, 9. "Archiving, Back up and Recovery" it is mention
that "A complete subsystem or module should be devised that
will deal with the issues of data archiving, back and recovery". A complete subsystem or a module should be proposed that will deal with the issues of data archiving, back-up and recovery of the data processed during distribution of CEMT licenses. The hardware is not part of this project, beneficiary, in this case Ministry of Transport and Communication is responsible for providing hardware. 5. Does the system have to have multi-language support? If so, which are the (possible) languages for supporting, who is responsible for the translation and who shall supply the official translated texts? As stated in the System Description, Chapter 8, the interface language of the software application will be Macedonian only. 6. Can the bidder base its offer on some ready made software solution available on the market as infrastructure for the CEMT software? For example, the bidder has developed its own web based product that can be used as an infrastructure for the project (ID management, Web infrastructure etc.) The bidder can propose any solution considered to be adequate to the requirements. If additional off-the-shelf software is part of the offer the price for the licenses should be included. 7. Is creation of the official public web site of the Ministry of Transport and Communication in the scope of this project? If so, in which module/phase should it be delivered? Web Site of the Ministry of Transport and Communication is not part of this project. 8. Should existing documents enter the System (assuming that they are hard copies) and if that is the case, how will they enter the system? As stated in the System Description, for this year only, data from the documents received with application will be input in the system manually through corresponding input forms. 9. Regarding point 4. Current infrastructure, should the bidder assume that all HW and SW will be installed and configured, and the bidders job is only to implement/install the application, or the bidder should offer installation and configuration of whole system (installation of Win 2003 Server Standard edition, MS SQL Server etc.) and price for licenses (as the request is for unlimited for both products)? Current infrastructure exists and is implemented in the MoTC and the bidder is responsible for full implementation and installation of the developed solution.
|
