Appendix A
advertisement
Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 1. Certification The system shall provide an online registration pro- Yes cess for businesses to apply for DBE/ACDBE/LDBE/SBE certification. 2. Certification The system shall provide definitions of all business terms and acronyms to the certification applicants. Yes 3. Certification The system shall provide a DBE/ACDBE application template compliant with 49 CFR Part 23 and Part 26. Yes 4. Certification They system shall allow document uploads by certi- Yes fication applicants as part of the certification application processes including for tax returns and affidavit. 5. Certification The system shall provide an online registration pro- Yes cess for businesses to apply for LDBE certification. 6. Certification The system shall allow businesses to save incomplete certification applications and complete them at a later time. Yes 7. Certification The system shall purge incomplete applications that were last saved more than 3 months in the past. Yes 8. Certification The system shall prevent the submission of incom- Yes plete certification applications based on incomplete data fields and failure to upload the necessary documents. 9. Certification The system shall prevent changes to a certification application by the applicant once the application has been successfully submitted. Yes A-1 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 10. Certification The system shall allow the MWAA certification spe- No cialist to allow a certification application to be revised by the applicant by indicating application deficiencies exist. 11. Certification The system shall track all types of applications (DBE, ACDBE, SBE, and LDBE) from receipt to approval. Yes 12. Certification The system shall give MWAA certification specialists the ability to review, approve, and deny certification applications. Yes 13. Certification The system shall track the certification application review process duration. The review process starts upon successful submission of an application by a business. Yes 14. Certification The system shall notify MWAA certification special- Yes ists when new certification applications have been submitted and are ready for review. 15. Certification The system shall notify MWAA certification special- Yes ists when a DBE/ACDBE application review is 30, 60, 90 days old, when an interstate DBE/ACDBE application review is 30, 50, 60 days old, and when a LDBE application review is 10, 20, 30 days old. 16. Certification The system shall allow MWAA certification specialists the ability to generate deficiency notices for a certification application. Deficiencies include, but are not limited to, un-notarized affidavits and incomplete documents. Yes 17. Certification The system shall provide status reports detailing the number of deficiency notices sent to certification applicants. No A-2 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 18. Certification The system shall determine if a LDBE certification Yes applicant’s address is more than 100 miles away from the Washington DC zero mile-marker. The system shall notify the MWAA certification specialist if the applicant’s address is over 100 miles away from the Washington DC zero mile-marker. 19. Certification The system shall calculate Annual Gross Receipts Yes (AGR) for a certification applicant including its affiliates and subsidiaries. 20. Certification The system shall determine if an applicant’s AGR is Yes above the allowable threshold for the corresponding certification small business size standard. 21. Certification The system shall notify the MWAA certification spe- Yes cialist if an applicant’s AGR is above the threshold value for the corresponding certification. 22. Certification The system shall generate certification denial letters with signatures of appropriate MWAA officials and send them to certification applicants. No 23. Certification The system shall track when a certification denial notification was sent to the certification applicant and indicate if the denial can still be appealed. No 24. Certification The system shall generate certification approval letters with certification type, approved NAICS codes, and signatures of appropriate MWAA officials and send them to certification applicants. Yes 25. Certification The system shall track all suppliers’ present net No worth (PNW) and Annual Gross Receipts (AGR) by year for up to 10 years. 26. Certification The system shall provide a real‐time, online directo- Yes ry of xDBE-certified suppliers searchable by supplier name, current certification type, keyword, NAICS and NIGP codes, description, and last certification date. A-3 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 27. Certification The system shall generate a downloadable version of certification directory searches upon request by the user. Yes 28. Certification The system shall have the capability to crossreference and automatically track contracts and vendors based on NAICS and NIGP codes, and owner names. No 29. Certification The system shall have computerized and/or mobile No capability to take notes and otherwise complete the site visit report. 30. Certification The system shall monitor the appeals process of an No application. 31. Certification The system shall have one centralized database used by all parties (DSD, Procurement, and Business Owners). Yes 32. Certification The system shall notify certified suppliers 90 days, 60 days, and 30 days before LDBE certification expiration and 90 days, 60 days, and 30 days before DBE annual update anniversary. The notification should include instructions for maintaining certification. Yes 33. Certification The system shall track the certification status of all Yes businesses in the certification database including businesses denied certification and businesses that have allowed their certification to lapse. 34. Compliance The system shall provide a data collection and retrieval tool to calculate overall 3 year DBE and ACDBE goals reported to the FTA. No 35. Compliance The system shall track all solicitations released by MWAA. No 36. Compliance The system shall track all bids on a solicitation including the prime bidder and all sub bidders on a bid. Yes A-4 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 37. Compliance The system shall track contracts awarded by Yes MWAA including, but not limited to the following information: contract #, prime Contractor, program type, contract type (LDBE/DBE), award date, period of performance, contract value, and LDBE/DBE participation goal. 38. Compliance The system shall track task orders awarded under task order contracts. 39. Compliance The system shall submit automatic alerts to DSD of No contracts awarded by Procurement. 40. Compliance The system shall allow MWAA compliance specialists to link contracts to their corresponding solicitations. 41. Compliance The system shall allow Airports Authority personnel No to search for LDBE suppliers using the directory (limited access). 42. Compliance The system shall allow online submission for prime bids to submit Exhibit D. Yes 43. Compliance The system shall generate Exhibit E document for each sub bidder identified in an Exhibit D. Yes 44. Compliance The system shall create PDF files of the Exhibit D and Exhibit E that can be downloaded by the prime bidder. No 45. Compliance The system shall allow updates to Exhibit D and Exhibit E documents when a contract modification is made. Yes 46. Compliance The system shall provide an Exhibit J form online for prime Contractors to enter on a monthly basis for each active contract or task order. Yes 47. Compliance The system shall auto-populate appropriate Exhibit J information from corresponding Exhibit D. Yes Yes Yes A-5 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 48. Compliance The system shall notify the MWAA compliance specialist when a new Exhibit J is submitted. Yes 49. Compliance The system shall allow the MWAA compliance spe- Yes cialist the ability to review and approve Exhibit J submissions. 50. Compliance The system shall generate approve/denial notifications based on the MWAA compliance specialist’s review and send to CO and COTR. No 51. Compliance The system shall, upon approval of an Exhibit J, notify subcontractors identified in Exhibit J that payment verification is required. Yes 52. Compliance The system shall provide an online form for subcontractors to verify payment including the date of receipt and amount received. Yes 53. Compliance The system shall notify the MWAA compliance specialist when payments are not received by subcontractors within deadline. No 54. Compliance The system shall have the ability online to produce Yes accurate reports on all contracts awarded such total amount for all contracts vs amount to DBE, LDBE, ACDBE, SBE, MBE, WBE firms. 55. Compliance The system shall provide an online module for Yes Primes to enter monthly payments. Payments can be tracked in real-time and verified with subcontractors. 56. Compliance The system shall provide an online module with capability to produce customized reports on compliance with DBE/LDBE financial goals. Yes 57. Compliance The system shall provide an online dashboard reporting current status of DBE/LDBE goals. Yes 58. Outreach The system shall send e-mails to businesses for upcoming and future outreach events. Yes A-6 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-1-SDMS Functional Requirements Req. # Focus Area Must Have Requirements Description 59. Outreach The system shall allow prime Contractors and No MWAA purchasing agents to search the certified supplier directory by supplier attributes including, but not limited to, NAICS code, NIGP code, supplier’s number of employees, and location. The output of these searches must include the suppliers’ contact information. 60. Outreach The system shall have an outreach module that allows the planning and status of outreach events such as budget, contacts, mailing list, timeline, and documents. No 61. Outreach The system shall have the ability to follow-up and conduct a survey of outreach events. No 62. Outreach The system shall create campaigns and add suppliers based upon certification status, NAICS/NIGP code, location. No 63. Outreach The system shall track other small/disadvantaged No business certifications from accredited certifying agencies including, but not limited to, the National Minority Supplier Development Council, Women’s Business Enterprise National Council, National Gay and Lesbian Chamber of Commerce, Small Business Administration, and Department of Transportation. 64. Vendor Management The system shall provide self‐management and registration by vendors. Yes 65. Vendor Management They system shall search the extensive vendor database and generate comprehensive reports. Yes A-7 In Existing COTS SaaS Software Requires Software Configuration Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 1. The system shall maintain a virtual private network (VPN) connection to MWAA’s network to allow for system interfaces. Compatibility Interoperability 2. The system shall include documented Compatibility application programming interfaces (APIs) to support system interfaces. The APIs must support one or more of the following: REST, SOAP, or JSON-based web services. Interoperability 3. The system shall exchange any XML Compatibility content using an industry standard schema or a custom schema that is fully documented. Interoperability 4. The system shall use MWAA’s ETL solu- Compatibility tion when needed to implement interfaces to MWAA systems. Interoperability 5. The system shall generate a log of all system errors during system operation. This log shall be made accessible to MWAA’s system administrators. Maintainability Analyzability 6. The system shall allow MWAA system administrators to create, update, and delete new data fields, workflows, and related business rules without the need to modify base software code. Maintainability Modifiability A-8 In the Service Offering Requires Configuration of the Service Offering Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 7. The system shall have a production en- Maintainability vironment, a test environment, and a development environment. The production environment will serve as the operational environment for end users. The test environment will be used to perform unit testing as well as user-acceptance testing. The development environment will be used by system administrators to create new customizations. Modifiability 8. The system shall support customization migration between the development environment, test environment, and production environment. Maintainability Modifiability 9. The system shall support replication of Maintainability environment between the development environment, test environment, and production environment. Modifiability 10. The system shall support 175 concurrent Performance Efficiency users without noticeable performance degradation. Capacity 11. The system shall support a minimum of Performance 5000 transactions a day including certifi- Efficiency cation application transactions. Capacity 12. The system shall provide usage statistics reports on a weekly, monthly, and yearly basis. Performance Efficiency Capacity 13. The system shall be fully compatible with future updates to common PC web browsers including, but not limited to, Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari. Portability Adaptability A-9 In the Service Offering Requires Configuration of the Service Offering Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 14. The system shall be fully compatible Portability with all common PC web browsers including, but not limited to, Microsoft Internet Explorer, Google Chrome, Mozilla Firefox, and Apple Safari. Installability 15. The system vendor shall recognize that all MWAA certification data, contract data, and reports stored in the system are the property of MWAA. Portability Replaceability 16. The system shall maintain an up-time availability of 99%. Reliability Availability 17. The system shall provide downtime noti- Reliability fication details including time and duration for all scheduled downtimes. The downtime notification shall be provided at least 7 days before scheduled downtime. Availability 18. The system shall maintain all vendor certification records and reports in accordance with MWAA record retention policy. Reliability Availability 19. The system shall integrate with MWAA printers to allow the printing of records and other relevant information. Reliability Availability 20. The system shall support redundant Reliability hosting with failover in the event of infrastructure failure at one hosting site. Fault Tolerance 21. The system shall roll-back any database Reliability changes associated with a transaction if that transaction does not complete successfully. Fault Tolerance A-10 In the Service Offering Requires Configuration of the Service Offering Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 22. The system shall support redundant Reliability hosting in geographically separated locations to support recovery from disaster in one geographic location. Recoverability 23. The system shall perform database back-ups to support a recovery point objective (RPO) of 1 day. The database back-ups should be stored in at least 2 geographically separated locations. Recoverability 24. The system shall authenticate MWAA Security users by integrating with Microsoft Azure Active Directory, MWAA’s Identity and Access Management System. Authenticity 25. The system shall support user-created Security accounts for suppliers in support of certification application, certification renewal, and contract reporting. The user-created accounts shall be password protected. Authenticity 26. The system shall employ HTTP over TLS communications protocol (https or secure http). Security Confidentiality 27. The system shall employ role-based access controls to data. Security Confidentiality 28. The system shall employ user-based access controls to data. Security Confidentiality 29. The system shall encrypt all data both in Security the operational database and data backups. Confidentiality 30. The system shall encrypt all data during transit between systems and to client computing devices. Confidentiality Reliability Security A-11 In the Service Offering Requires Configuration of the Service Offering Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 31. The system shall transfer all files using the SFTP protocol. Security Confidentiality 32. The system shall employ role-based access controls to define transaction permissions such as data CRUD permissions. Security Integrity 33. The system shall detect and log intrusion attempts. The log shall be accessible by MWAA system administrators. Security Integrity 34. The system shall include intrusion prevention system technology. Security Integrity 35. The system shall include virus and malware prevention technology. Security Integrity 36. The system shall maintain metadata on Security all transactions for the lifetime of the effected record. The metadata should include the User ID executing the transaction, the timestamp of the transaction, and what was changed. Non-repudiation 37. The system shall support electronic signature for all necessary approvals and signatory actions. Security Non-repudiation 38. The system shall comply with all accessibility standards regarding web-based intranet and internet systems enumerated in Section 508 of the Rehabilitation Act. Usability Accessibility 39. The system shall be accessible from both the MWAA intranet and world wide web. Usability Accessibility A-12 In the Service Offering Requires Configuration of the Service Offering Comments Appendix A – Detailed Requirements Table A-2. SDMS Technical Requirements Req. # Requirement ISO 25010 ISO 25010 Sub Characteristic characteristic 40. The system shall be accessible from personal computers, tablets, and smart phones. Usability Accessibility 41. The system shall allow system adminis- Usability trators to add custom MWAA branding to the user interface. Appropriateness Recognizability 42. The system shall allow system administrators to edit data field names to terms recognized by MWAA staff. Usability Appropriateness Recognizability 43. The system shall include self-help training materials. Usability Learnability 44. The system shall allow system administrators to customize the color palette of the user interface to correspond with MWAA preferences. Usability User Interface Aesthetics A-13 In the Service Offering Requires Configuration of the Service Offering Comments
