requirements - amazon web services… · web viewconfiguration as code: any managed code required...
TRANSCRIPT
OFFICIAL
OFFICIAL
Requirements Document
myGov update: delivering a better experience for Australians
OFFICIAL
Requirements
About our requirementsWe are seeking an experienced seller(s) who has the capability to design and deliver a digital platform, with supporting documentation. This digital platform will offer government services across portfolios and jurisdictions and eventually will integrate these around the events that people experience in their life, such as experiencing a national disaster.
This document sets out the specific systems integrator services sought under this request. The seller is required to propose a suitable package of systems integrator services, with separate options for base software product(s) and hosting platform(s). The DTA reserves the right to accept the software product(s) and platform(s) offered but may require the systems integrator to use different software or platforms at any stage of the project.
It is expected that, in addition to the current myGov offering, an existing, parallel platform will be in production prior to the commencement of this work, delivering foundational pieces of functionality (for example, authenticated and unauthenticated content, notification systems). This functionality is expected to be maintained and built upon in subsequent stages.
The successful seller will be required to work closely with the DTA and other government agencies involved in this work but will still be ultimately responsible for delivering the project in accordance with the work order. The DTA will bring together a multi-disciplinary team, including the seller, the seller’s delivery partners, and other government and private sector specialists, to deliver this work. The seller may be required to co-locate with the DTA’s project team on-site. The DTA will specify its collaboration requirements in the work order issued as a result of this request.
Addenda may be issued throughout the RFQ open period as requirements are refined.
2
OFFICIAL
OFFICIAL
About the Project
The Minister for Government Services, the Hon Stuart Robert MP, released the Government’s vision of the future for government services on 29 November 2019. A transcript of the announcement is available at:
https://www.mhs.gov.au/transcripts/2019-11-29-aiia-address
The vision for the future of Government services is communicated in a video which is available here:
https://www.dta.gov.au/news/committed-reforming-service-delivery
Life events and life event journeysAustralians expect Government services to be simple, seamless, and secure. They want services organised around their lives and needs. During important life event journeys – such has having a baby or looking for work – Australians need to interact with many services across all levels of Government to achieve an outcome. A life event journey describes the set of activities people must engage in to reach their desired outcome or have their needs met from the user’s perspective. There are common systemic issues/pain points people face when dealing with Government during these journeys.
Delivering services based on the journey that a customer goes through during key events in their lives, rather than based on siloed Government structures, creates a seamless, easy, intuitive customer experience. The GovX team in the DTA uses a life event journey-based approach to understand people’s experience interacting with multiple services delivered by several Government agencies. They consider how services might be re-designed to better meet a customer’s needs.
The graphic below shows the high-level life events that have been identified by the DTA by life stage. In addition to the life events captured below are the life events experienced in the preparation for, during and following a natural disaster which cut across all three age cohorts.
Digital IdentityLife Events
Digital IdentityLife Events
AdulthoodYouth
Get a birth certificateRegister forimmunisationEnter child care
Enrol in a schoolOpen a bankaccount
Get a prepaidmobile Apply for a credit card
Travel overseas
Get married
Get a job
Learn to drive
Turn 18
Enrol to vote
Enter higher educationStart anapprenticeship
Childhood
Have a baby
Experience financialhardship
Become anAustralian citizenBuy a house
Apply for theAge Pension
Experience disability
Apply for arental property
Enter aged care
Figure 1 Key life event journeys throughout a person’s life
3
OFFICIAL
OFFICIAL
The myGov update platform provides an opportunity to address these issues/pain points by reorganising, personalising and integrating services around life event journeys. For example, the myGov update platform could reduce the number of times customers provide the same information to different agencies and will provide a single source of truth across connected services, making it easy for users to find the information they need, when they need it — such as understanding their entitlements and obligations. The program is not seeking to resolve all pain points across an entire end-to-end life event journey, it will focus on resolving the major pain points that customers currently experience.
Key DeliverablesThe key deliverable of this project is an online platform to deliver simple, smart and personalised government services to customers.
The overall solution must support the government’s Digital Transformation Strategy and Services Australia vision. The solution must meet user needs and resolve pain points identified in prior DTA and Services Australia research.
The platform will be used by government to deliver a whole of government approach to dramatically uplift the customer digital experience of government services.
Sellers should ensure that their response to this RFQ addresses how it will achieve the Government’s vision outlined above.
Target OutcomesDelivery of this solution is expected to achieve the following primary outcomes:
meet the needs of customers during key life events,
increase customer’s confidence and trust in government services,
meet the needs of staff to deliver services and help resolve systemic user pain points, and
demonstrate alignment to the Services Australia vision and strategy.
The DTA expects that these outcomes will be achieved through delivery of a modern, experience-led and data-driven place for Australians to discover and access personalised services when and where they need them that delivers the secondary outcomes of:
Reduced footprint and call volumes from increased digital access and decreased customer complaints.
Reduced manual processing through automation and increased customer self-service.
Ability for help desk agents to better support customers.
Reduced errors and re-work from automation, standard tools and processes and better service integration.
Improved user authentication and information reconciliation across agencies.
4
OFFICIAL
OFFICIAL
Key Dates
ACTIVITY DATE
Closing time and date 15 April 2020
All briefs on the Digital Marketplace close at 6pm (Canberra time).
Anticipated start date 1 July 2020
Date the provision of services is required to be completed on or before
The DTA is using the Agile method for delivery of the service. DTA will work with seller to determine such timeframes.
Contract term 2 years initial contract term
Note: DTA may create separate work orders, under this initial contract, for shorter stages with defined scopes of work.
Contract extension option 2 x up to 12 months
How to responda. You must comply with all requirements set out in this request, the Master Agreement and
terms of use of the Digital Marketplace.
b. Responses must be lodged on the Digital Marketplace before the opportunity closes.
c. The Digital Marketplace may not accept late responses and sellers may be unable to submit a response once the opportunity has closed.
d. The Digital Marketplace will accept responses in .DOC .XLS .PPT or .PDF format.
e. If there are technical issues within the Digital Marketplace platform which prevents the seller(s) from submitting a response before the closing date of this RFQ, seller(s) should email its response to [email protected]. DTA may not accept responses submitted to this address, unless the seller(s) has made significant attempts to first submit its response through the Digital Marketplace platform.
f. Any clarification questions should be submitted through the Digital Marketplace platform. The available window to ask questions will close 3 days before the close date of the RFQ at 6pm AEDT.
Validity PeriodYour response remains valid for a period of up to 12 months from the opportunity closing datetime.
5
OFFICIAL
OFFICIAL
Conditions of Participation and Mandatory Requirements No conditions of participation or mandatory requirements.
Technical Capability The seller must have the technical capability and expertise to design and deliver a secure, contemporary, digital experience for users of government services capable of meeting current and future needs of the community.
The technical solution will be subject to IRAP assessments against PROTECTED-level controls from the ISM.
Service Requirements
The DTA has already commenced the design and delivery of foundational layers for the myGov update platform.
The seller’s proposal should demonstrate how it will support the accelerated delivery of the myGov update platform capable of integrating with the technology and services currently delivered by a range of agencies and third party providers (for example, employment services, disability services, licenses), including those delivered by state governments.
The seller’s implementation approach should consider the significant government modernisation strategies and programs such as whole of government platforms (for example, my.gov.au, notify.gov.au, designsystem.gov.au), National API Standards (available via api.gov.au) and AI driven assistants and calculators. The seller will be required to deliver a cohesive approach to system integration between their proposed system solution and existing platforms, services and endpoints.
The seller will be part of a team performing ongoing user research and service design activities. These will ensure the system continuously delivers services and functionality that demonstrate how user needs are being met in a prioritised fashion. The seller should outline its approach to these activities in its proposal.
The successful seller will be required to meet regularly with the DTA and government agencies and participate in day to day agile delivery activities (for example, sprint planning, daily stand-ups). It is desirable for the Seller to work from the DTA office, allowing them to be quickly available to participate in face to face and other means of communications with the DTA, other government agencies and external stakeholders. If required this can be done via video call.
The seller’s proposal must reflect all requirements in this RFQ.
Scale
It is expected that the myGov update platform will operate in parallel with existing myGov services during a transition period.
The current myGov service supports over 17 million user accounts. The existing myGov service averages 500K logins daily, with daily peaks at 2.7M logins. Approximately 130M mail items are sent using the existing myGov Inbox service annually.
6
OFFICIAL
OFFICIAL
High-volume spikes for existing unauthenticated content published elsewhere by government (for example, COVID-19 information on SmartTraveller.gov.au) have experienced ~1.3M page views between 1 January and 11 March 2020.
Risks
The seller should outline the risks associated with its proposal, including any mitigations, interdependencies and inputs required from the DTA that may affect service delivery. The seller should also outline any assumptions used to calculate pricing, and to arrive at the design of the proposal.
Design
The platform will allow customers to access personalised government services, see how they can progress receiving them, and view information on what obligations they have in the process.
The intent is to continually enhance the product and productionise features, to support the end state future myGov update platform.
Design principlesThe seller’s proposal should demonstrate how they intend to apply the design principles:
Progress: customers will be guided to, and through, relevant content and tasks simply and transparently
Proactive: we will show customers we know them by presenting personalised and helpful information
Accessible: we will offer multiple ways to find content so interacting with government is easy and efficient for everyone
7
OFFICIAL
OFFICIAL
Functional Requirements
The seller should demonstrate how it will deliver the functionalities below, listed underneath the five major benefits to customers they are designed to achieve:
1. Convenient
Dashboard with single view of services
Inbox, notifications and tasks
Channel of choice
Service finder
Service provider bookings
Geotagging and check ins
2. Personalisation and Proactivity
Predictive notifications
3. Transparent
Progress trackers
Facial recognition
4. Tell Us Once
Pre-population of forms
Data sharing
5. Accessible and Secure
Conversational user interface
Authorisations on behalf of users
Plain language content
Multi-lingual support/ translations
Several foundational functions are expected to be operational prior to the commencement of this work:
Content Management: Content can be authored, approved and published to the platform in multiple languages
Notifications: Receive and view unauthenticated via alerts sent using SMS or email
The seller’s proposal should demonstrate how it will deliver the following additional functionality:
Login/Authentication: authentication with myGov credentials or Digital Identity
Customer Profile: Use a customer profile, sourced from existing services, to personalise the experience and pre-fill forms
Notifications: Receive and view secure notifications, authenticated and unauthenticated, synced in the myGov inbox with alerts sent using SMS or email
Track In-Progress Claims: Display customer application and claim status, retrieved from linked services
Display content: Present and arrange personalised content in both authenticated and unauthenticated modes
Display Ongoing Services: Display key information on the service and payments the customer receives
Lightweight Integration: Generate data requests to back end government IT systems to retrieve and save customer data, claims and services/payment information.
Search: Search across information and services
Trending Services: Publish content from relevant services and personalise based on customer profile
Application Forms: Allow customers to complete and submit applications and claims using conversational interfaces and question and answer form systems
View Payment History: Present a summary of payment sourced from data services
Consent: Provide customers with detailed controls to manage consent when sharing their data across government organisations and programs, accurately recording users’ provision of consent
8
OFFICIAL
OFFICIAL
Background: functional component overview
myGov update platform components: ICT Component ModelThis section provides a high-level view of a potential ICT Component Model. The Services Australia Strategic taskforce has identified that all components within the Services Australia portfolio can be leveraged to support the new experience with moderate levels of configuration and re-purposing.
The myGov update platform requires a relatively complex ICT Component Model to support delivery. The model below illustrates the services and service components which could be delivered through a digital platform to enable an improved customer experience.
9
OFFICIAL
OFFICIAL
ApplicationsThe Applications component provides user interfaces and digital utilities that a user will interact with as part of their journey experience. These are the physical touch points for a user.
Applications Components
Description of ComponentsComponent Description
Digital Services These are the major applications that a customer will see and use.
Frontends These are the different methods of delivering digital services. This includes “channels” and different ways of interacting within a channel.
Content ManagementThe content management component will provide a set of processes and technologies to support the collection, management and publishing of digital content.
Content Management Components Description of Components
Component Description
Authoring Services
Authoring is the capability of creating digital content using standard workflows and templates
Publish/Deploy/Diffuse
Knowledge Management is the way in which content is structured and the associated toolkits.
Content Metadata Management
Content Metadata Management is the methods of management of content data metadata
Digital Asset Management
Digital Asset Management is the process of organising,
10
OFFICIAL
OFFICIAL
storing and retrieving digital content
Experience DeliveryExperience Delivery is the process of delivering the customer experience to the customer. It includes the personalisation of the customer experience and delivering different experiences to different customers based on their needs.
Experience Delivery Components
Description of ComponentsComponent Description
Personalisation and Context Awareness
Personalisation is the process of creating an individualised customer experience based on the user’s personal and behavioural data. Context Awareness is the process of enhancing a user’s experience based on their circumstances and/or objectives.
Experience Orchestration
Experience Orchestration is the process of bringing data and flows together to deliver the customer experience.
Experience Management
Experience Management is the process of organising and delivering experiences to the Customer.
11
OFFICIAL
OFFICIAL
OFFICIAL
SearchThe search component provides the ability for users to locate digital content and services related to their life event journey (using natural language).
Search ComponentsDescription of ComponentsComponent Description
Search Services
Search Services are the methods of searching through digital content and the optimisation of the search processes.
Indexing Indexing collects and stores data to enable fast and accurate searching
12
OFFICIAL
OFFICIAL
Experience AnalyticsThe Experience Analytics component involves the collection of data and performing analysis and reporting with the goal to improve and optimise a Customer’s digital experience. It also provides staff members with valuable insight into customer needs.
Experience Analytics ComponentsDescription of ComponentsComponent Description
Analytics Types
A range of different analytics types will be supported
Data Collection
Data will be collected to perform analysis and reporting on.
Reporting Reporting capabilities will be provided in order to provide information in an easy to read format that can be used to refine customer experiences.
Analysis Usage
Analysis Usage are the processes that use analytics and reporting in order to improve a customer experience.
13
OFFICIAL
OFFICIAL
Common PlatformsThe Common Platforms component are reusable common components that will be utilised by the myGov update platform.
Common Platforms ComponentsDescription of ComponentsComponent Description
Digital Identity (GovPass)
Digital Identity is the method by which customer users will be identified and authenticated
Service Connect
Service Connect is a Whole of Government Digital Platform that enables customers to connect with accredited providers who they can purchase products and services from; and make use of Government funds/entitlements for payments.
14
OFFICIALOFFICIAL
OFFICIAL
Common ServicesThe Common Services component provides supporting services used by user experiences delivered by the myGov update platform .
Common Services ComponentsDescription of Components
Component Description
Cognitive Services Cognitive Services are Artificial Intelligence systems that assist humans in their decision-making processes.
Language Services Language Services provide tools to assist users with limited ability to communicate in English.
15
OFFICIALOFFICIAL
OFFICIAL
SecurityThe Security component provides the protection of the myGov update platform from malicious exploitation.
Security ComponentsDescription of ComponentsComponent Description
Cyber Cybersecurity is the protection of internet-connected systems, networks and applications from cyber-attacks.
16
OFFICIAL
OFFICIAL
IntegrationThe integration component provides the connections between systems and applications that are either part of the myGov update platform or are integrated with to provide services (such as host systems etc.)
Integration ComponentsDescription of Components
Component Description
Integration Services Integration Services provide control over data flow to/from computer systems
FraudThe Fraud component provides supporting services used by user experiences delivered by the myGov update platform.
Fraud ComponentsDescription of Components
Component Description
Fraud Management Fraud Management provides the tools required to detect, investigate and prevent fraud. For the myGov update, these components do not include the staff user interface.
17
OFFICIAL
OFFICIAL
Customer Services HubThe Customer Services Hub component provides supporting services used by user experiences delivered by the myGov update platform.
Description of Components
Component Description
Customer Management Customer Management provides a single view of customer for the Government.
CI/CD PipelinesThe CI/CD Pipelines component provides supporting services used by user experiences delivered by the myGov update platform.
Description of componentsComponent Description
CI/CD Pipelines CI/CD Pipelines are automated software delivery processes used in the development, testing and deployment of software.
Change Management / Release Management
Change Management is the set of processes defined to control the lifecycle of IT changes.Release Management is the process of managing and controlling the release of software through different lifecycle stages and environments.
Cloud Management Cloud Management is the software and tools use to operate and monitor and
DTA | 18
OFFICIAL
OFFICIAL
manage applications, data and services in the cloud.
Service Operations Service Operations are the processes and procedures that manages software services at agreed levels to users.
DTA | 19
OFFICIAL
OFFICIAL
Maintenance and Support
The seller’s proposal should include appropriate maintenance and support arrangements to cover:
Configuration of hosting environments and related infrastructure
Patching and upgrades of SaaS / COTS and middleware products that may form part of the solution
Maintenance of custom code required to maintain security, availability and integration requirements
Technical changes required to maintain status as a myGov member service
Technical changes required to maintain status as a Digital Identity relying party
Training
Staff from DTA and Services Australia are expected to perform ongoing BAU tasks (for example, deriving insights from analytics, constructing and managing campaigns, content design, service design) and technical operational tasks (for example, SecOps, DevOps) using the proposed solution.
Frontline support staff from Services Australia will need to be trained to support end users transitioning to new or enhanced myGov-related functionality.
Sellers should include facilitated training workshops and / or material to support these BAU tasks as part of their proposal.
DeliverablesThe Seller in its response should recommend any other deliverables it believes would add value to this project. The DTA reserves the right to include/ exclude such deliverables in the work order. Additional deliverables included in the Seller’s proposal should be scoped and priced separately.
Documentation
The seller’s proposal should include how they plan to deliver:
Documentation: Transition In Plan - detailed plans for supporting the transition in of a new solution and/or new approaches to an existing solution.
Documentation: Transition Out Plan - detailed plans for supporting the transition out and handover to a new solution provider for subsequent phases.
Customer Service Plan – document how support enquiries from DTA or Services Australia will be triaged, managed and resolved
DTA | 20
OFFICIAL
OFFICIAL
Member Services onboarding plan and processes – document how members services are onboarded to the platform. This plan will change over time as more of the functions and features of the current myGov platform are built into the myGov update version.
Documentation: System Architecture documentation
Documentation: System Security documentation (for example, System Security Plan, Security Risk Management Plan, Incident Response Plan, Standard Operating Procedures)
Documentation: Stakeholder engagement / management plan
Documentation: Risk management plan and register
Documentation: Privacy Impact Assessment
Documentation: Change Management Plan
Documentation: Administration user guides and material from training activities
System
The seller’s proposal should include how they plan to deliver:
Service Levels: 99.99% or above availability for production environments. Additional service levels may be negotiated for the work order including in connection with security and customer experience
Operational environments: high-availability production environments and other environments required to support best-practice deployments (this may include development, test, staging, pre-prod and disaster recovery environments)
User Access Controls: demonstrated application of fine-grained controls for several administrative user roles (for example, developer, administrator, content author, approver, etc.)
Configuration as Code: any managed code required to configure applications, environments or infrastructure and support migration of a solution between environments or providers.
Custom Application Code: any bespoke code required to bridge proposed SaaS / COTS products and target integration endpoints from Services Australia, target agencies and existing whole-of-government platforms. Code is expected to meet relevant quality and documentation standards.
Design System Code: any extensions to the Australian Government Design System required to deliver front-end functionality
Reporting
The seller’s proposal should include how they plan to deliver:
Reporting: log files supporting security monitoring activities.
Reporting: analytics services required to deliver quantitative measures of users’ experiences with the solution
DTA | 21
OFFICIAL
OFFICIAL
Delivery and AcceptanceThe Buyer may accept or reject any recommended deliverables in accordance with the work order.
Milestone payments are not proposed for the initial work package.
The initial package is expected to be used to define scope of future releases, work sequencing, high-level epics and subsequent work packages required. DTA reserves the right to include requirements for a team of skilled personnel only for the first stage of the work order with additional work packages to be applicable for subsequent stages. These details will be negotiated with the preferred Seller.
StandardsSellers should note that the following standards should apply to the proposal:
Digital Service Standard (https://www.dta.gov.au/standard)
Web Content Accessibility Guidelines 2.0 AA (https://www.w3.org/TR/WCAG20/)
National API Design Standards (https://api.gov.au/standards/)
Australian Government Design System (https://www.designsystem.gov.au)
Relevant LegislationSellers should note that the following legislation should be considered as part of the proposal:
Privacy Act 1988 (Privacy Act) (https://www.legislation.gov.au/Series/C2004A03712 )
Freedom of Information Act 1982 (FOI Act) (https://www.legislation.gov.au/Series/C2004A02562 )
Australian Information Commissioner Act 2010 (AIC Act) (https://www.legislation.gov.au/Series/C2010A00052)
Disability Discrimination Act 1992 (DDA Act) (https://www.legislation.gov.au/Details/C2018C00125)
Archives Act 1983 (https://www.legislation.gov.au/Details/C2019C00179)
Security RequirementsThe solution is expected to apply and maintain all necessary controls required to deliver a PROTECTED-level system, as specified by the Australian Government’s Information Security Manual (https://www.cyber.gov.au/ism), reviewed monthly.
Personnel (including those from third party providers) designing and developing the solution are expected to meet relevant security clearance requirements included in the work order. The Seller’s personnel delivering the project will be required to hold and maintain baseline security clearances throughout the duration of the work. Some aspects of the project may require the Seller’s personnel to hold and maintain a Negative Vetting Level 1 (Secret) clearance.
DTA | 22
OFFICIAL
OFFICIAL
The solution is expected to comply with the Protective Security Policy Framework (https://www.protectivesecurity.gov.au/).
Capacity
Experience
The Seller’s proposal should demonstrate the extent of its relevant experience delivering similar projects with comparable scope and target user bases, with highly desirable experience being:
Significant systems integration experience within the Australian Government service delivery context and deep knowledge of cloud-based and other emerging technologies.
Experience integrating with myGov and other APIs operated by Services Australia.
Experience working with a broad network of technical delivery partners with specialised technical and/or product knowledge.
Strong track record of user-centred co-design and implementation of digital customer experience initiatives with multiple parties and layers of government.
Practical application of government policy and legislation in the delivery of digital services.
Key Personnel Expertise
Key personnel are expected to demonstrate experience in the design and delivery of user-centric, secure, highly-
available, authenticated digital solutions with complex integration requirements.
Quality Systems
The Seller’s proposed approach to quality management should demonstrate how they will meet quality standards
including:
Relevant controls from the Australian Cyber Security Centre’s Information Security Manual (ISM)
Product Health Checks: Health checks assess how well the product is performing against its vision and objectives.
Delivery: The approach is to iteratively build product features which contribute to the delivery of the myGov ecosystem. Delivery quality is linked to a range of existing controls such as governance, planning, benefits, user experience, risks, issues and reporting.
Risks and Issue Management: The Risk and Issues Management Plan explaining the approach and framework under which risk and issue management is undertaken across the product. The risk and issue registers are to be updated to monitor, review and report risks and issues and their associated treatments on an on-going basis.
DTA | 23
OFFICIAL
OFFICIAL
This ensures transparency and efficient reporting of risks and issues to the relevant stakeholders and governance bodies.
Information Management: All information created, sent and received as part of working for the Australian Government is a record. The seller is required to adhere to all stringent government and DTA specific information, security and privacy requirements. The records management system will act as the central repository of information for effective management of the product, a source of knowledge and demonstrate adherence to government information management policies.
Privacy management plan and Privacy Impact Assessments: Privacy requirements are to be designed into every part of the solution.
System Security documentation and Reviews: Security is to be designed into every part of the myGov product. The Product will be managed in multi-phases each with independent Security Impact Assessment process and reviews.
Digital Service Standard: The Digital Service Standard is a set of best-practice principles for designing and delivering government services. The Product will be delivered in line with the Digital Service Standard’s 13 criteria.
Change Management Processes and Protocols: During the development of the solution the seller will formally document and track approved scope changes, including change control management, processes and protocols.
Work, Health and SafetyWHS requirements in accordance with the Digital Marketplace Comprehensive Terms.
Additional TermsSee the attached ‘Additional Terms’ document enclosed with this RFQ.
DTA | 24