files.iaa.gov.il web viewa.the relevant screens' sequence flow will lead the user through ......
TRANSCRIPT
E-Commerce Car Park – Table of Compliance for System Requirements
This document specifies the main technical and functional requirements for the E-Commerce Platform designed for the IAA car park Pre-booking and ancillary services.
For each line the Bidders shall specify one of the following: Full Compliance / Partial Compliance / Non-Compliance / Not Applicable and shall provide details and explanations regarding their response. Additional detailed information per compliance and the technical data that is required can be attached in external document with proper reference per item.
Par.
Subject Description of the requirement Mandatory requirement
Compliance Technical Data required from respondent
Data to be filled out by respondent
1 Commercial Aspects
1. A payment interactive platform for car park booking and its respective management systems.
NO
2. Cloud based system, complying with requirements and recommendations for human-centered design principles and activities (ISO 9241-210:2010).
NO Specify cloud architecture
3. The system will support Customers accounts (member)login with member's credentials, and Non-member as a guest, both with secured environment for payment transactions. The offerings will be identical while members will enjoy additional membership benefits.
YES State machine flow of both offering
4. Members will be able to view past bookings and payment history, and change/edit/modify existing bookings they have made
YES
a. Member will have context oriented access permission per system definition
YES
b. Non- member will have access permission only to his last transaction.
YES
5. Payment method for all will follow the known standard PCI for credit cards, and electronic payment systems (like PayPal).
YES Full description of the target implementation
6. The system will be fully branded to the IAA, with seamless experience while transitioning from the IAA web site (home page or any other page) to the car park booking subsystem.
NO
7. The system will be extensible for add-ons per IAA request with Supplier responsible for any required installations training etc., at no additional charge.
NO
8.The system should offer a variety of products and services. In order to simplify this, the requirements in this document will use the word product for both.
NO
9. The system shall allow the customer to make multiple transactions (the purchase of a single or multiple products) within one global business transaction.
YES Describe flow
10. Product handling will include linkage to the booking engine promotion's repository list for automatic enabled promotions.
NO
11. The booking engine will allow print of coupons and/or tickets (with QR) .
YES Screen capture/sketch
12. The system will allow edit/delete/change during transaction within a pre-defined time window from the start of the transaction, and will follow the Israeli law, upon completion of transaction.
YES Screen capture/sketch
13. Changes made to advanced transactions may be modified up to 10 minutes prior to the event time.
NO
14. Refund procedure will be handled directly between the customer and the service provider.
NO State machine flow
15. The flowchart (SEE Technical document) Confirm compliance16. The following will take place upon customer login: YESa. The relevant screens' sequence flow will lead the user through the actions.
YES
b. The system will issue a single receipt statement per occurrence.
YES
c. The system will conclude the transaction by issuing the respective vouchers to the customer.
YES
17.The system will interact with respective business, per transaction, from start to end concluding with sending invoice e-mail to the customer.
YES Description of multi business fellow
18.All financial data will be directly transferred to the Parking Management System (PMS) including the accounting and bank clearance transactions, and invoices will present the ID of the parking operator
YES
19.Additional commercial requirements should comply with the following:
YES
a. During a transaction operation, the customer’s identifiable data record will be pushed into a database that will allow future usage of the saved data. This must comply with all Israeli legal requirements and regulations in regards to security, privacy, Credit Card information in accordance with PCI STD, user information etc. The user will be required to agree to a EULA describing this. Registered users will be required to agree once and upon changes, while non-registered users will be required to agree on every transaction.
YES Database description & interface with external
systems
b. The stored data including the transactions will be the property of the IAA. The database itself will be owned by the IAA and will be operated under full responsibility of the Supplier, including all legal aspects and in accordance with the requirements guidance stated by the IAA (see "IT Aspects"). The Supplier can decide whether to locate the database on premise (his) or in the cloud, in either case, the Supplier will have to comply fully with specific security and regulation directives as will be dictated by the IAA. Financial transactions will be directed to the bank account of the individual supplier based on the product involved within the transaction (i.e operator of the PMS for booking parking) (Not including credit card information used to make payment). The Supplier shall acquaint itself and shall be responsible for compliance with all local laws and regulations applicable to this kind of transactions. The
YES Database location & security guideline
Supplier shall obtain all licenses necessary for its operation.c. The supplier will be the sole responsible entity on the success or the failure of the operation, the transaction and the clearance with the clearance institutes involved in the transaction. This will include, but not be limited, to changes or cancelation of parts or the complete transaction, failure to receive the service, failure at clearance stage of the transaction etc., to the complete satisfaction of the customers.
YES Specify clearance institution & describe flow
of transaction.
d. Financial transaction data will be maintained by the Supplier for at least 7 years, operational transaction data will be maintained by the Supplier for at least 7 years, both in a fully protected and secured environment.
YES
e. The system must be fully redundant as far as its ability to perform banking transactions process by maintaining a fully redundant link to the banking network.
YES Technical description
f. Data records will be encrypted using a strong well known and market acceptable encryption scheme. The IAA must approve this scheme in advance.
YES Technical description
g. The Supplier will provide a description of the method and encryption scheme for storing credit card information. The Supplier will have to comply with PCI STD and any directives of the IAA.
YES Provide a description method
h. The data in the system, owned by the IAA, will have set access rules to allow access only by authorized IAA users.
YES
i. The basic access permission will be of the following: 1. Super Administration - with full permissions of Read & Write access;
2. Operator- with full Read Only access (viewer);3. Technician- with Limited Read Only access to
pre-defined scope of the system;4. End-user with access to user pre-defined area;
YES
j.The system should allow the access rules to be extended in the future to support approved vendors (ex: airline
YES Technical description
tickets office, Travel Agent platform, etc.).2 Functional
AspectsThe system should comply with the currently deployed IAA system of- the Scheidt & Bachmann Parking
Management System.
(1) Operational Aspects
1.The system must have an attractive design, with current deployed look and feel of the IAA website, using the same three languages (English, Hebrew and fully integrated into the Airport’s Parking Management Systems (PMS). Any flow between the system and the IAA site will be smooth & seamless with the same conceptual flow of the IAA system
YES Screen Capture/sketch
2.The system must have easy & intuitive UX navigation across.
Screen Capture/sketch
3.The system must have an exceptionally fast response time.
Specify response in msec
4.The system will be optimized for desktop, tablet and mobiles making the browsing experience smooth and seamless, making it efficient and attractive.
YES
5.The system should have high speed processing of all transactions:
yes Description of hardware dependency &impact on
response timea. Remote devices will have a maximal delay of (1) second from the user's last input and the system's response to that action (If one is required)
YES Benchmark
b. 10000 concurrent users and 1000 users within an hour will be able to request product within a 2 seconds interval between requests
YES Benchmark
c. 95% of all transactions will have no more than (0.5) second delay between the user's last input and the system's response to that action (If one is required)
YES Benchmark
d. The remaining 5% of transactions will have up to (1) second delay between the user's last input and the system's response to that action (If one is required)
YES Benchmark
6.The system will consist of 4 access permission profiles: YES Descriptive table of access
Administrator, Operators, User and Customer’s permission vs activities7.The system will require a username and password for login to the management system, and to member's accounts.The system will have a 2 factors authentication scheme.
YES
8.The system must implement a hard password scheme requiring passwords with at least 7 characters, at a combination of capital letters, small letters, numbers or special characters (three of four)
NO Description
9.The system will force password change at least once every 180 days (6 months)
NO
10.(M) The system will be locked after 3 login failures. Management users will get their user released by the system administrator, while customers will be self- released using built in mechanism.
YES
11.The system will Interface with the current active and future IAA parking systems.
NO
InterfaceProvider
Parking Management SystemScheidt & Bachmann
Web SiteIAAMobile Application URLIAAVarious Franchisees (Airlines, Travel Agencies, Coffee, restaurants, Duty Free shops, etc.)
TBD
12.The system must be able to integrate with the following systems:
YES
Management System
13.The management system will have local & remote Web interactive interface
NO
14.The web management interface will include a YES Layout & descriptive info
Interaction comprehensive range of operational actions, including pre-defined graphical reports and dashboards to track real-time management, sales, and finance (for example):a. Handling customers online based on defined criteria profile;
YES
b. Handling the capacity and occupancy online (average occupancy, peak, uptime);
YES
c. View the currently pre-booked capacity; YESd. View projected pre-booking capacity; YESe. View sales (orders) based on defined criteria;
i. Sales trends by product (top performance);
ii. Sales trends by hour[s] or date[s];
iii. Sales trends by customer profile;iv. Revenue;v. Average transaction value;
vi. Revenue per passenger;vii. Historical and current peaks and
averages;viii. Transactions reports by month;
ix. Daily list of all financial transactions per suppliers including the specific customer name per transaction
x. Daily list of all financial transactions per customers, divided according to respective suppliers
YES
f. View customer profile base on past usage and purchasing;
YES
g. Customer value on past system used; YESh. Forecast future sales based on criteria to maximize revenue
YES
15.The system will send alerts to the PMS such as the following:
YES
a. Crossing threshold on predefined capacity of parking space
YES
b.Multiple reservation for the same car at the same time/date
YES
16.The system will send an indication to the PMS identifying customers with active transactions at the entrance and exit from the parking lots,
NO
17.The system will maintain audit trails of all user actions YES18.The audit trail will allow an operator with specific rights to search for records based on dates, times, event type, users and keywords
NO
19.The system will have a build in mechanism for Localization, starting with the English LTR, and Hebrew RTL.
NO
20.The system will support recognition of various technologies including but not limited to: ANPR, credit card, bar-code, QR code and PIN access.
YES Describe technology
21.The system will Support changeable hourly pricing tariffs.
NO Describe logistic
22.The system will provide dynamic pricing being configured interactively or via a file upload capability (CSV or XML)
YES
23.The system will allow full control and flexibility on the availability & pricing of the Add-on through configurable business rules variable by product, car park and location at any desirable time. (LOOK AT TABLE)
YES Describe mechanism
Customer end Interaction
24.The system will support memberships and guest customers.
NO
25.The system will provide members with a user account to manage online purchases, anytime, anywhere, from any
YES
device by login via a Self-Manage entry called “My Account/My space”.26.Members will log in with: YESa. Full name/Company name & registration ID, email address, credit card number and password
YES
b. Some form of secondary authentication mechanism such s DUO or Symantec's "VIP Access" system
YES Describe mechanism
27) .Casual (customers will be supported via multiple customer identification methods like: e-mail, license plate number, credit card details, QR/bar code, booking reference etc.Registration will require an email be sent to the customers entered email address and the customer will then be required to click a link to authorize the registration process
YES Describe specification
28.The system must implement a hardened password scheme with at least 7 characters, combining capital letters, small letters, numbers or special characters (three of four
YES
29.The system will be locked after three login failures YES30.The system will retrieve or renew password for customer based on members' credential (i.e. an email address as well as a secured questions, or via an SMS code sent to the customers’ cell phone.
NO Describe mechanism
31.2-factor authentication for password retrieval or release should be utilized (sending a code to the cell phone, sending a code via email etc.)
NO
32.Simple, fast & minimal booking procedure for any transaction collecting the following details:
a. Full Name,b. Mobile number,c. Departure and arrival dates and times,d. Car plate number,e. E-mail.
YES Screen flow
33.Customers will have link to the booking engine for printing of applicable promotion's coupon or ticket
NO
34.Members can view their list of bookings, payment history and future bookings
YES
35.The system will display real time parking availability for pre-booking.
NO
36.The system will recommend the most suitable parking products based on value and convenience
NO
37.The system will allow the Customer to check for parking space availability
YES
38.The system will offer the customer an upgrade service such as parking outdoor vs. indoor
NO
39.The system will enforce prepay in advance when a booking is made
YES
40.The system will Provide a booking confirmations via email and/or SMS, dependent on the customer's request
YES
41.The system will support passing the booking information to the PMS in order to automated entry and exit to and from the parking area
YES
42.The system will have the ability to provide credit/refund to the customer in case of cancelation or transaction that has not been executed.
NO
3. IT Aspects 1. The system will be an off the shelf core system customized to meet the functionality and commercial requirements of the IAA.
NO Provide description
2.The system is expected to be fully functional under all operational and environmental conditions, with High Availability and 99.99% uptime target
YES
3.The system will be fully redundant with no single point of failure at all layers of internal architecture
YES Describe internal architecture
a. Geographical Redundancy is expected for hardware components, data base, servers, and external interfaces, the system will be implemented using two complete physical units configured in full redundancy
YES
(Active\Passive).b. Redundancy is expected for network connectivity. YES4.Maintenance and service activities (installations and configurations) will not cause interruptions to the normal operation and no downtime. The service will have a high level of tolerance to partial failure.
NO Describe service
5.The system redundancy, resiliency and reliability should be described in detail with proof of actual measurements.
YES Provide descriptions
a. “Switch over procedure” at failure will be handled automatically, but should allow for manual handling by an operator as well.
YES
b. There must be no service loss during the above occurrence.
YES
c. All End Point Devices and interfaces will continue to operate automatically and seamlessly when a switch over occurs
YES
d. The system will have an internal self-restart mechanism, returning the system to the last healthy state of operation, with internal self-testing mechanisms to confirm full health status
YES
6. The system will include a test environment (staging) that is based on a separate set of HW elements.
NO
7.The system will be designed with high standards and state of the art equipment, fully certified and in compliance with well-known acceptable standards (e.g. servers, workstations, displays, peripherals, database, communication protocols, networking devise, etc.),
YES Describe system components
8.All communication protocols will be based on standard protocols; preferred interface among components (SOAP/XML or REST/JSON) and file transferred using SFTP
YES Specify protocols
9.The Testing environment (staging) will allow for the following:
a. Installation of new versions,b. Replacement of any “EOL” component
NO
with its respective certified component that complies with all criteria.
c. Connectivity to external interfaces to verify new versions and compatibility aspects,
d. Support training sessions,
10. The system will be cloud based and will be acquired as a service. The cloud server's farm is preferably be located in Ireland. (The technology infrastructure will be defined by the bidder at the time of architecture planning specifying all expected components, and considering and complying with all security guidelines and regulations followed by IAA). [IAA reserve the rights to perform black box penetration test at any given time to verify the system level of protection]. In any event the storage facilities must be approved in advance by the IAA, and the IAA will maintain the right to request a change of venue if the storage facilities sit in countries that are not "friendly" by the IAA
YES Provide descriptions
11) The system will have the ability to define what geographical area the data is stored in
NO
12.a. The cloud solutions will leverage the latest hardware, virtualization and software solutions, with any data center's infrastructure
YES Provide details
13.The following Browsers and devices operating systems should be supported:
YES
a.Internet Explorer, Chrome, Firefox, Safari, Microsoft Edge
YES
b. Mobile O/S support iOS, and Android, three recent versions in all platforms
YES
14.The system will be design with the capacity for growth without the need for any financial investment and or replacement of essential components
NO Specify capacity & method of growth
15.The system storage will store all applications, YES
configurations, audit logs, data base and system events16.The system is expected to grow at a pace of 30%- 40% per year. Upon having persistence alert (more than 5 times per day at interval of 60 min) of capacity usage of any component, the respective component will undergo upgrade or similar process to continue and maintain operational status below the threshold level
YES Describe capacity handling
17.Backup dataData will be maintained for 7 years
YES
18.Licenses, Upgrade YES Describe upgradea. The system will send an alarm within 4 hours of occurrence of any hacking or suspected event of hacking
YES
b. Upgrades policy: The Bidder will ensure periodic upgrades for Patches, Minor and Major Software Releases, Add-On Enhancement and installation- all continuous usage of the system and at no additional cost. The above will be provided and pre coordinated from time to time with the IAA in writing.
YES
c. Additional upgrades for smooth compatibilities with upgraded interfaced add on systems will be committed and coordinated at no additional cost to the IAA as well
YES
d. The supplier will ensure continues maintenance and support of the hardware and software components to comply with state of the art offering and smooth migration in case of end of life “EOL” of any component within the system Hardware or Software
YES
e. The license will be provided in the form of a Site License as needed in accordance with the number of seats and the user volume per seat
YES
19.Service (SLA)- see technical Document YES Provide comments