Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Vendor should mark (P) either Supported as Standard / Customize / Enhancement / Additional / Unavailable with an
appropriate remark if any in the Selection Criteria Form.
Standard (S) : The feature/function is fully supported by the system without change.
Custom (C) : The feature/function is partially available in the vendor’s system, however to fully support all the
requirements of the Bank, customization is required. Include in the “Vendor Comments” column the estimated effort
and cost required for completing the customization and any other relevant information. Provide your understanding of
AUB's requirements. feature/function is totally not available in the current system, full development is required;
Enhancement (E) : The
include in the “Vendor Comments” column the estimated effort required developing this requirement. Provide your
understanding of AUB's requirements. For requirement that is not available now but is in the plan for next release, use
the “Vendor(A) : The feature/function is notthe expectedthe current system, but an alternative can be provided in the
Alternative Comments” column to specify available in delivery date.
system through another functionality. The alternative should be explained properly in the “Vendor Comments” column.
Unavailable (U) : The feature / function is not available in the current system and it would not be possible for the
vendor to offer as customized /Alternative/Enhancement.
Instructions - Total 14 Subjects 1/19/2012 1 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions Vendor Comments
Describe the software functionality and capabilities in each sector, both from a static data perspective i.e. standard templates available and a transactional perspective i.e.
standard fields available to map data to or from a source system or for manual completion. Provide details of standard views / tabs / templates etc provided. Also, include
details of any calculators that are available as standard such as profitability or turnover calculations
1-1 Treasury & Capital markets
1-1-1 Support for Foreign Exchange
1-1-2 Support for Money Market products
1-1-3 Support for Derivative products such as
Interest Rate Swaps, Fixed Income Bond
holdings etc
1-1-4 Feeds for Market Rates from Reuters /
Bloomberg. Specify which vendors are
supported and any licensing issues in the
comments column
1-2 Commercial Banking
1-2-1 Corporate and Commercial Lending etc
1-3 Retail Banking
1-3-1Deposit and Current Accounts
Credit Card details
1-3-2
Mortgages
1-3-3
Provide details of any further Retail
1-3-4
Banking products that are covered as
standard
1-4 Wealth management
1-4-1 Structured Investments
1-4-2 Fund Investments
1-4-3 Provide details of any further Wealth
Management products that are covered
as standard
1-5 Other Financial sectors - Provide Details
1 - Financial industry focus - Total 14 Subjects 1/19/2012 2 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions Vendor Comments
2-1 Create and maintain basic customer
details
(Store customer details such as name
address details, telephone, fax, email,
contact persons and company features)
2-2 Create additional customisable tabs for
customer contact details specifically for
Treasury or other departments.
2-3 Support for International address
formats with ability to create standard
and custom mailing labels
(Process international address formats
automatically in labels, templates and
mailings)
2-4 Flexible search feature using all fields in
the CRM database with ranking
(Each field in the database can be used
for searching, sorting, selection and
mailings). Describe the flexibility of the
searching functionality
2-5 Organizational structure and charts
(Specify parent-child relationships
between accounts and their subsidiaries
or other divisions and envelop this
information into a hierarchical and
interactive organization chart)
2- Customer data - Total 14 Subjects 1/19/2012 3 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
2-6 Automatic validation feature
preventing identical company records
(Prevent identical records from being
entered into the database)
2-7 Merge duplicate accounts automatically
into one account
2-8 Automatically move contact associated
with one account to another account
2-9 Ability to provide a contact list by
names, company, common activities,...
with many to one account viewing
2-10 Assign industry segments to customers
2-11 Assign credit ratings to customers
(We have several ratings assigned to
customers therefore we would require a
number of different ratings fields)
2-12 Ability to limit field inputs to values in a
drop down list
2-13 Ability to store scanned documents such
as dealing mandates
2-14 Provide the standard KYC fields (Are
these fully customizable?)
2-15 Provide details of further functionality
that the CRM offers that would add
value to managing customer data?
2- Customer data - Total 14 Subjects 1/19/2012 4 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions Vendor Comments
3-1 Ability to track customer activities
received by:
3-1-1 Email
3-1-2 mail
3-1-3 fax
3-1-4 Phone
3-1-5 Describe the tracking technique
3-2 Integrated and consolidated Calendar
functionality to share CRM calendar
with the team in Microsoft Outlook.
(A user may want to create an
appointment for another member of the
team to call or visit a client.)
3-2-1 Single view to track all user tasks
3-2-2 Customizable tasks or To do list per user
3-3 Synchronization with Microsoft Outlook
(How is this achieved?)
3-3-1 One-way
3-3-2 Full two way
3-4 Provide details of further functionality
that the CRM offers that would add
value to contact management?
3 - Contact management - Total 14 Subjects 1/19/2012 5 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions Vendor Comments
4-1 Create mailings to target groups for
marketing purposes
4-1-1 Send personalized email to defined
group of clients based on certain
selection criteria (in specific industry,
activity/inactivity, customer type ….)
4-1-2 Create emails using word mail merge
from selected CRM fields and with ability
to add attachments
4-1-3 Send FAX and email broadcast to defined
target groups
4-1-4 Control campaign distributions based on
each customer preferences
4-2 E-mail marketing using predefined
email and fax templates
4-2-1 Execute
4-2-2 Measure
4-2-3 HTML email marketing campaigns
4-2-4 Simple way to create fax, email printed
version
4-3 Campaign management
4-3-1 Select target groups
4-3-2 Create and customize campaign steps,
dates, resources,…
4-3-3 Assign resources
4-3-4 Track campaign progress and manage
results
4-3-5 Target specific market
4-3-6 Define the promoted products for each
campaign
4-3-7 Forecast campaign benchmarks
4 - Marketing - Total 14 Subjects 1/19/2012 6 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
4-3-8 Budget campaign financial results in
advanced
4-3-9 Maintain fixed target list once campaign
is started
4-3-10 Schedule multiple distribution events for
each campaign
4-4 Telemarketing
(Process and manage marketing related
outbound call center activities)
4-4-1 Customisable call scripts
4-4-2 Manage call scripts, questions, answers,
information,…
4-4-3 Call timing and measure results
4-4-4 Maintain call script results linked to
customer record
4-5 Internet marketing
(Link CRM to the public and internet
banking web sites)
4-5-1 Capture requests
4-5-2 Visitor Data
4-5-3 Click behaviour
4-6 System calculates figures of each
campaign
4-6-1 Gross margin
4-6-2 Net contribution
4-6-3 ROI (return on investment)
4-6-4 IRR (internal rate of return)
4-7 Campaign financial results presented in
P&L (Profit and Loss) format including:
4-7-1 Budgeted performance
4-7-2 Actual performance
4-7-3 Variance
4-7-4 Variance analysis explanations
4-7-5 Analysis by competitor, salesperson,
products,….
4-8 Competitor information management
4 - Marketing - Total 14 Subjects 1/19/2012 7 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
4-8-1 Maintain competitor product
information
4-8-2 Analyze competitor products against our
products based on user defined aspects
4-9 Provide details of further functionality
that the CRM offers that would add
value to marketing bank products?
4 - Marketing - Total 14 Subjects 1/19/2012 8 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Custom (C)
Standard (S)
Alternative (A)
Unavailable (U)
No. Features/ Questions Vendor Comments
5-1 Lead and Opportunity Management
Lead and opportunity user- defined
management to track all related data
including and not limited to:
5-1-1 Milestones
5-1-2 Decision makers
5-1-3 Interactions
5-1-4 Product level information
5-1-5 Incorporate internal sales methodologies
5-1-6 Competition
5-1-7 Multiple sales quotas for each sales
resources during the same period
5-2 Quotation management
Create and track quotes for:
5-2-1 Prospects
5-2-2 Current Customers
5-2-3 User defined period (For instance a
quote may only be available for 1 hour
or 1 day.)
5-2-4 User defined products
5-3 Ability to create a product information
list
5-3-1 Create a 'Wikipedia' type area for
detailed explanations of products and
what these offer to customers
5-3-2 Product Catalogue
5-3-3 Ability to link or attach knowledge base
articles to any CRM pages
5-4 Consolidation of quotation and
turnover data at concern level
5-5 Order management
5-5-1 Covert quotes to orders
5-5-2 Modify and save orders till they are
ready to be submitted
5-6 Pipeline analysis
Analyze anticipated revenue based on:
5 - Sales - Total 14 Subjects 1/19/2012 9 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
5-6-1 Opportunities
5-6-2 Quotations
5-6-3 Sub-analyses of
(for example, forecasts by region,
branch, employee and product)
5-7 Visit planning
Determine required frequency of visits
based on criteria, such as:
5-7-1 Turnover
5-7-2 Potential
5-7-3 Location, etc
5-8 Customer value management
5-8-1 Measure
5-8-2 Optimize the value of bank customer's
by assigning the costs of sales activities
to individual clients
5-9 Territory management
5-9-1 Optimize account coverage
5-9-2 Distribution of sales resources across
defined territories
5-10 Incentive and commission management
5-10-1 Develop compensation plans
5-10-2 Implement compensation plans
5-10-3 Manage compensation plans
5-11 Distribute workload automatically
5-11-1 New leads can be automatically assigned
to treasury sales staff based on various
criteria such as territory, products, sales
type,…
5-11-2 Accounts can be automatically assigned
to treasury sales staff based on various
criteria such as territory, products, sales
type,…
5-12 Ability to insert and assign a specific
sales plan to a lead or customer based
on the type of sale opportunity
5-13 Provide details of further functionality
that the CRM offers that would add
value to managing sales activities?
5 - Sales - Total 14 Subjects 1/19/2012 10 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions
Vendor Comments
6-1 Track customers incidents
Ability to search across all fields
6-2 Contract management
6-2-1 Manage service contracts
6-2-2 Verify entitlement
6-2-3 Manage service-level agreements
6-2-4 Receive alerts when contracts expire
6-3 Complaint management
6-3-1 Record, handle and analyze complaints
or issues
6-3-2 Create a workflow to ensure issues are
tracked and resolved
6-4 Helpdesk support
(Supports call centre functionality to
process inbound service or support calls)
6-4-1 Use received request or template to
create new incident or service requests
6-4-2 Provide a common, automatic, and
personalised response to recurring
customers requests or questions
6-4-3 Assign resources automatically
6-4-4 Link support incidents to other incidents
and resolve as a group
6-4-5 Link incidents to customers, products,..
6-4-6 Live log of events and results of each
incident
6-4-7 Consolidated view of all incident
information in one page
6 - Service - Total 14 Subjects 1/19/2012 11 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
6-4-8 Automatic escalation capability based on
defined criteria
6-4-9 Distribute incident surveys automatically
6-4-10 Survey responses can be automatically
forwarded or escalated based on
responses
6-4-11 Suggest questions based on service
incident type, product, or user defined
criteria
6-4-12 Emails responding to customers incident
could copy customer account manager,
or sales manager
6-4-13 Allow customers to enter incident to
customer portal and link it automatically
to customer account
6-4-14 Allow customer to initiate messaging
from customer portal
6-4-15 Customer portal contains searchable
knowledge base and FAQs
6-5 Service planning
(Organize plan and dispatch service
resources to meet service demands)
6-6 Service Analytics
(Identify problems and trends and
compare actual values with target values)
6-7 Is there any other functionality that the
CRM offers that would add value to
managing services activities?
6 - Service - Total 14 Subjects 1/19/2012 12 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Alternative (A)
Standard (S)
Custom (C)
Enhancement (E)
Unavailable (U)
No. Features/ Questions Vendor Comments
7-1 Consolidated dashboard could cover all
aspects of sales, marketing, services
modules
7-2 Integrated analysis module
7-2-1 Out of the box feature
7-2-2 Need a third party analysis software
(cost?)
7-3 Dynamic data models
(Change the structure of the CRM
database without requiring database
administrators or the vendor to modify
physical tables and indexes)
7-4 Multiple language support
7-4-1 Support for Arabic fonts
7-4-2 Handle multiple languages on the same
view
7-5 Multiple currency support
Ability to manage different currency
accounts with different decimal places
standards)
for example BHD has 3 decimal places
and USD has 2 decimal places
7-6 On premise solution
7-6-1 Implement
7-6-2 Develop
7-6-3 Administer
7-6-4 Maintain
7-7 Solution client access
7-7-1 Using web browser
7-7-2 Using client software
7-8 Triggers and alerts
Add user defined automatic responses to
all events in your CRM
7-8-1 Create alerts by IT users
7-8-2 Create alerts by business users
7-9 Automated Workflow support for multi-
stage entry and verification
(Standard functionality cover all CRM
aspects to automate internal business
processes by creating workflows to carry
out routine tasks that involve daily
business operations)
7-10 Creation of workflows on the customer
level
(for example any outbound emails to a
particularly sensitive customer may
require reviewing by another user before
they are sent)
7 - General - Total 14 Subjects 1/19/2012 13 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
7-10-1 Drag and drop wizard for workflow
creation (no need for development skills
to create new workflows)
7-11 Scalability to accommodate future
business growth
(Ability to add business unites and more
departments)
7-11-1 Vertically
7-11-2 Horizontally
7-12 Provide a record and field level security
7-12-1 Out of the box feature
7-12-2 Based on script
7-12-3 Override global security
7-13 Configure screens and templates for
each
7-13-1 Department
7-13-2 Business units
7-13-3 Each entity
7-14 Availability of document and form
templates to be delivered along with
the standard product
7-15 Ability to easily customize the solution
by business team to fit current and
future needs (change fields, columns,
tables…)
7-16 Solution Connection
7-16-1 Non business users could connect or link
CRM to other web application
7-16-2 How will CRM connect to the Treasury
and Core Banking systems to extract
data?
7-16-3 Does the solution provide real time,
scheduled or nightly integration?
7-16-4 Is data stored within CRM database or
can the data in the base system be
interrogated upon request?
7-16-5 Describe the various options available
with the pros and cons of each option.
7-19 Trigger alerts based on market data
For example when GBP/USD reaches
1.6000 we may want to trigger an alert to
call a particular customer(s)
7-20 Manage Rates
7-20-1 Upload rates from Excel spreadsheet
7-20-2 Ability to build a matrix around these
rates to apply spreads to prices based on
customer or size of trade
7-21 Embed Reuters news pages into:
7-21-1 Dashboards
7-21-2 View within the CRM pages
7-22 Embed Internet pages to:
7-22-1 CRM dashboards
7-22-2 Views
7-22-3 Customer contact screens
7 - General - Total 14 Subjects 1/19/2012 14 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
7-23 Data Import wizard of customer records,
tasks, activities, campaign lists,…. with
validation capability
(Wizard to import data and validate
results before committing to CRM
database)
7-24 Customizable knowledge base for Sales,
Marketing, and Services modules
Business users could include and upload
internal, policies, manuals, FAQs,
Instructions,…
7-25 Customized interface
ability to show the required fields in a
different color, reorganize section
placing,…
7-26 Ability to mass modify number of CRM
records, activities, tasks (out of box
feature or add on tool)
7-27 Ability to define and manage user role or
profile
7-28 System is capable of supporting multiple
legal entities and business units within
legal entities using a single instance of
the application
7-29 System support logical partitioning of the
database by legal entities /business units
codes to allow for secured and restricted
access of the system to bonafide users of
the legal entities/business units
7-30 System support authorized Group/HQ
users to see data/information across
legal entities/business units and able to
get a consolidated view of information
on a need basis
7-31 System support very low bandwidth
consumption for providing high
performance for access from remote
locations with the application hosted in
Bahrain and accessed across the group
entities in different geographies
7-32 Support for a fully browser based end
user access along with offline and mobile
user access with capability of auto-
syncing when in online mode
7-28 Is there any other functionality that the
CRM offers that would add value in
general?
7 - General - Total 14 Subjects 1/19/2012 15 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Unavailable (U)
Standard (S)
Custom (C)
Alternative (A)
No. Features/ Questions
8-1 Availability of one consolidated console
to manage the solution
(single tool to manage the daily bases
activities to support business users)
8-2 What is the required development skills
or knowledge required to customize the
solution by our development team?
8-3 Active directory integration
(Describe the used integration technique)
8-3-1 Full automatic integration
8-3-2 Require some manual setup
8-4 Mobile access
8-4-1 Access and modify CRM data on mobile
devices like PDA’s and Smart Phones
8-4-2 Out of the box encryption capability
8-5 Send alerts via a SMS gateway
8-6 Offline Mode
(ability to maintain a full local - offline
copy for defined number of CRM records
and fields data with two way
synchronization)
8-7 MS SQL support
8-8 Integration API support for Java class
8-9 MS-Outlook integration
(Describe the integration technique and
what versions of Microsoft office are
supported)
8-10 Export data for interfacing to other
systems
(What options are available for
extracting data?)
8 - Technical requirements - Total 14 Subjects 1/19/2012 16 of 31
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
8-11 Web services module (Application has a
web services module to interface with
other applications)
8-12 link to 'MynaVoice'
(http://www.cybertech-
int.com/10117/1/mynavoice.html)
so that voice recordings can be accessed?
8-13 What are the recommended hardware
requirements. On what basis are these
recommendations made? How easy
would it be to expand the environment
in future
8-14 Cisco IP Phone integration
What features does CRM have that can
be linked to a Cisco IP telephony system?
8-15 Network bandwidth requirements to
access the solution in Bahrain from other
banks in UK, Egypt, Kuwait, Qatar, Oman,
Iraq)
8-16 Chat or messaging capability
8-16-1 OCS integration
8-16-2 Third party integration (cost?)
8-17 Can you provide details on bandwidth
usage when running queries or reports?
8-18 Mapping tool to extract data from an
existing CRM solution
Describe if there is a facility provided to
upload data as part of an initial take on.
What method is used for this?
8-19 Monitor and diagnose the CRM
environment with SCOM
8-20 Avilability of SDK to help AUB developer
to customize the solution
8 - Technical requirements - Total 14 Subjects 1/19/2012 17 of 31
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Vendor Comments
8 - Technical requirements - Total 14 Subjects 1/19/2012 18 of 31
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
8 - Technical requirements - Total 14 Subjects 1/19/2012 19 of 31
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
No. Features/ Questions Vendor Comments
9-1 How the solution could offer a low TCO
compared to other CRM providers?
9-2 What modules come as standard and
which are licensed separately?
9-3 What is the estimated ROI of this project
considering costs of software, hardware,
consulting, personnel, training, and
other investments over a 3-year period?
9-4 Specify the licensing basis for the S/w
9-5 Typical cost of the future development
request (Cost of adding new fields, tabs,
forms,…)
9 - Cost - Total 14 Subjects 1/19/2012 20 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
No. Features/ Questions Vendor Comments
10-1 Support options (Cost, Time coverage,
availability of local or regional support)
10-2 Upgrade
10-2-1 Provide details about the upgrade path
10-2-2 Frequency of updates
10-2-3 How would an upgrade of integration
tools such as Outlook affect the CRM?
10-2-4 Will installing Windows service packs
have any impact on the CRM?
10-3 What is the solution training plan?
10-4 Is there any certification available for the
solution for IT support staff? i.e. training
certification and exams?
10 - Support & Training - Total 14 Subjects 1/19/2012 21 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Custom (C)
Alternative (A)
Standard (S)
Unavailable (U)
No. Features/ Questions Vendor Comments
11-1 Create informal relationships between
customers
(For example two legally separate
entities may have employees working
for them that are related. Users will
need to be aware of this informal link)
11-2 Provide Multi legal entity support with
a single instance of the application,
with the capability to allow for Group
users to view/modify items at
enterprise level.
11-3 Support for profitability calculations on
deals
Are the calculations provided with the
solution or will these require
customization by AUB?
11-4 How much customisation can be done to
the solution?
11-5 Ability to create tabs, fields, views by
AUB team
11-6 Can we specify the attributes of a field
(i.e. make a field a numerical field with 8
decimal places)
11-7 Full configuration features (Tailor the
application by adapting interface,
navigation, process and workflow)
11-8 Full workflow creation and
customization by users.
(Provide details of how much support
may be needed by the vendor or it can
be done by AUB developers?)
11-9 Full search/inquiry customisation by
business users
11 - Customisation - Total 14 Subjects 1/19/2012 22 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
11-10 Full sharing of customised searches /
inquiries across the business users.
(Provide details of how much this
requires AUB administrator to make
them sharable if not fully supported
11-11 Full support for users customisation of
their own screens / views.
Provide details of how much support is
required if not supported
11-12 Full sharing capabilities to easily share
across the users without support of the
CRM administrator
11-13 Creation of fields on a view that picks
certain rates from the market data.
(For example a customer screen may be
customized to show the GBP/USD rate
that is refreshed periodically or
dynamically)
11-14 Store transaction data on the CRM
database
What changes will need to be made to
the database to accommodate these?
11-15 Add extra fields to a transaction view
or a customized view where the value
is calculated from one or more other
values in the view
For example a profit field may be added
to a view that is calculated from the
((price field - market value field) *
currency amount field) * base currency.
Does the solution provide for expression
based calculations as well as simple
arithmetic?
11-16 Use mathematical expressions to limit
field inputs to values meeting that
criteria
For example, can we limit fields so that
values have to be greater than zero, or
less than today or between a range of
numbers?
11-17 Ability to migrate the software in-house
customisation when upgrading to new
version
11 - Customisation - Total 14 Subjects 1/19/2012 23 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
Enhancement (E)
Standard (S)
Unavailable (U)
Custom (C)
Alternative (A)
No. Features/ Questions Vendor Comments
12-1 Kerberos as a default authentication
method
if not, what is the used authentication
method?
12-2 Auditing all CRM events, activities,...
(Describe the auditing capabilities of the
CRM)
12-2-1 Different levels of auditing
12-2-2 Describe if there is any performance
12-2-3 degradation fromaudit
Document usage auditing at different
12-2-4 Check-in / Checkout document
management
12-3 Full configuration of user rights
(Define fine-grained access rights for
users and groups to the CRM modules,
records and fields within each module).
Describe the process of applying security
at the various levels
12-4 Support for a user existing in multiple
business groups.
12-5 User can be assigned a higher role in
one group than another?
(For example you may want a user in one
entity to have full read/write rights in a
screen but have read only rights in the
same screen for a different entity)
12-6 Manage security features to hide
12-6-1 Views
12-6-2 Tabs
12-6-3 Fields, etc
12 - Security - Total 14 Subjects 1/19/2012 24 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
12-7 Fully access controlled security for
segregation both within entity for
business units and across entities
to ensure data confidentiality and
protection laws as per jurisdictions can
be adhered to
12-8 Encrypt the offline data
12-8-1 Purge office data remotely
12-9 Access Control
12-9-1 Unique User Identification
(The application should identify each
user by a unique user id)
12-9-2 Access Security
(The application should provide File,
Record and Field Level Access Security)
12-9-3 User Classes
(The application should support different
user classes like manager, clerical staff
etc)
12-9-4 Role Based Access Control
(User privilege should be assigned on the
basis of their "role")
12-9-5 Inactivity Timeout/Automatic logout
(The application should logout the user
after "n" minutes of inactivity. (The
vendor should clearly mention how the
unsaved data will be protected during
the "inactivity timeout"))
12-9-6 Segregation of Duties
(no single individual should have control
over two or more phases of a
transaction or operation)
12-10 Integrity
12 - Security - Total 14 Subjects 1/19/2012 25 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
12-10-1 Integrity of data while at rest
(The application should prevent/identify
the data from being modified by
database administrator)
12-10-2 Access to Data through application
(The application should ensure that the
data is accessible only through the
application. A database call by users
should not provide access to data.)
12-11 Integration with SSO and ADS
(Application should have the feature to
integrate with Single Sign On like MS
Active Directory Service)
12-12 Transmission Security
(Application should have the following
security controls for the data while in
transmission)
12-12-1 Integrity Controls while in transmission
(Data integrity should be ensured while
the data is in transit through a LAN or a
slow WAN link and the event of
link/system failures)
12-12-2 Encryption while in transmission
(Encryption mechanism should be
available in the software for protecting
the data while in transit)
12-13 Encryption
12-13-1 Encryption Strength and algorithm used
(Application should support encryption
strength of 128 bits at minimum.
Application should support strong
encryption algorithm such as 3DES, AES
etc)
12 - Security - Total 14 Subjects 1/19/2012 26 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
12-13-2 Message Encryption
(All messages from the application
should be encrypted)
12-13-3 Data encryption
(Data should be encrypted using 3DES or
AES with a minimum of 128-bit
encryption)
12-13-4 Password Encryption
(All passwords within the application
should be encrypted with 3DES or AES
with a 128-bit encryption at the
minimum)
12-14 Password Security
12-14-1 Minimum password length
(Application should support a minimum
password length 8 characters)
12-14-2 Password Expiry
(The account should be locked after 3
invalid logon attempts)
12-14-3 Account Lockout after invalid logon
attempts
(In the event of 3 invalid logon attempts,
the user id should be disabled or the
workstation should be disabled)
12-14-4 Support/enforcement of complex
passwords
(The application should force the users
to use complex passwords that has
mixture of alphanumeric, upper case,
lower case and special characters)
12-14-5 Password history
(While changing the passwords, the
system should not accept 12 previously
used passwords)
12-15 System Logging Features
12 - Security - Total 14 Subjects 1/19/2012 27 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
12-15-1 Logon success/failures
(Application should log all logon
successes and logon failures)
12-15-2 Data access failures
(Any data access failures should be
logged)
12-15-3 Privilege escalation attempts
Privilege escalation attempts should be
logged and prevented. (Privilege
escalation attempts means that after
logging in as normal user, the user could
elevate his/her privilege through some
means and access the data for which
he/she has no authority.))
12-15-4 Unauthorized access attempts
(Users attempting to access the data for
which he/she is not given the authority)
12-16 Reporting
12-16-1 Unsuccessful login attempts
12-16-2 List of roles/profiles
12-16-3 List of user profiles by
department/branch, user id in
alphabetical order
12-16-4 List of locked or deactivated users
12-16-5 List of access to a specific
screen/function or utility
12-16-6 List of changes to parameter /
configuration files, static data
12-17 PCI DSS
12-17-1 Card Information Exposure Points
(Card information, if any, should be
masked at all exposure points --like
display, reports, etc)
12 - Security - Total 14 Subjects 1/19/2012 28 of 29
Ahli United Bank Treasury Sales Platform
a176a08f-cfd4-41af-b93d-52e6ae0c21ba.xls
12-17-2 Card Information Data at rest
(Similarly provision should be in place to
have masking/encryption for card
information data at rest.)
12-17-3 Sensitive Customer Information
(Strict access controls and encryption
should be in place for customer sensitive
information.)
12-18 Data Sanitization and error handling
12-18-1 Cross Site Scripting
(Cross site scripting (XSS) should be
checked within URL query strings, user
cookies and form fields value.)
12-18-2 SQL Injection Attack
(Application should perform data
validation to protect SQL injection attack)
12-18-3 Hidden Field Manipulation
(Application should prevent Hidden field
manipulation)
12-18-4 Output Sanitization
(Application should be carrying out
appropriate data sanitization before
delivering the output)
12 - Security - Total 14 Subjects 1/19/2012 29 of 29