Quotation Template Consulting

Document Sample
Quotation Template Consulting Powered By Docstoc
					Ahli United Bank                                                      Treasury Sales Platform
                                                            bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




            Vendor should mark (P) either Supported as Standard / Customize / Enhancement / Additional / Unavailable with an
            appropriate remark if any in the Selection Criteria Form.

            Standard (S) : The feature/function is fully supported by the system without change.

            Custom (C) : The feature/function is partially available in the vendor’s system, however to fully support all the
            requirements of the Bank, customization is required. Include in the “Vendor Comments” column the estimated effort
            and cost required for completing the customization and any other relevant information. Provide your understanding of
            AUB's requirements. feature/function is totally not available in the current system, full development is required;
            Enhancement (E) : The
            include in the “Vendor Comments” column the estimated effort required developing this requirement. Provide your
            understanding of AUB's requirements. For requirement that is not available now but is in the plan for next release, use
            the “Vendor(A) : The feature/function is notthe expectedthe current system, but an alternative can be provided in the
            Alternative Comments” column to specify available in delivery date.
            system through another functionality. The alternative should be explained properly in the “Vendor Comments” column.

            Unavailable (U) : The feature / function is not available in the current system and it would not be possible for the vendor
            to offer as customized /Alternative/Enhancement.




Instructions - Total 14 Subjects                                             7/28/2011                                                    1 of 28
Ahli United Bank                                                                                              Treasury Sales Platform
                                                                                                    bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                  Enhancement (E)
                                                      Standard (S)




                                                                                                                      Unavailable (U)
                                                                     Custom (C)


                                                                                                    Alternative (A)
No.           Features/ Questions                                                                                                                   Vendor Comments




Describe the software functionality and capabilities in each sector, both from a static data perspective i.e. standard templates available and a transactional perspective i.e.
standard fields available to map data to or from a source system or for manual completion. Provide details of standard views / tabs / templates etc provided. Also, include
details of any calculators that are available as standard such as profitability or turnover calculations
1-1         Treasury & Capital markets
    1-1-1 Support for Foreign Exchange
    1-1-2 Support for Money Market products
    1-1-3 Support for Derivative products such as
            Interest Rate Swaps, Fixed Income Bond
            holdings etc
    1-1-4 Feeds for Market Rates from Reuters /
            Bloomberg. Specify which vendors are
            supported and any licensing issues in the
            comments column
1-2         Commercial Banking
      1-2-1 Corporate and Commercial Lending etc

1-3       Retail Banking
      1-3-1Deposit and Current Accounts
          Credit Card details
      1-3-2
          Mortgages
      1-3-3
          Provide details of any further Retail
      1-3-4
          Banking products that are covered as
          standard
1-4       Wealth management
    1-4-1 Structured Investments
    1-4-2 Fund Investments
    1-4-3 Provide details of any further Wealth
          Management products that are covered
          as standard
1-5       Other Financial sectors - Provide Details




1 - Financial industry focus - Total 14 Subjects                                                                                        7/28/2011                                 2 of 28
Ahli United Bank                                                                                                Treasury Sales Platform
                                                                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                    Enhancement (E)
                                                        Standard (S)




                                                                                                                        Unavailable (U)
                                                                       Custom (C)


                                                                                                      Alternative (A)
No.       Features/ Questions                                                                                                                         Vendor Comments




2-1       Create and maintain basic customer
          details
          (Store customer details such as name
          address details, telephone, fax, email,
          contact persons and company features)

2-2       Create additional customisable tabs for
          customer contact details specifically for
          Treasury or other departments.

2-3       Support for International address
          formats with ability to create standard
          and custom mailing labels
          (Process international address formats
          automatically in labels, templates and
          mailings)
2-4       Flexible search feature using all fields in
          the CRM database with ranking
          (Each field in the database can be used
          for searching, sorting, selection and
          mailings). Describe the flexibility of the
          searching functionality

2-5       Organizational structure and charts
          (Specify parent-child relationships
          between accounts and their subsidiaries
          or other divisions and envelop this
          information into a hierarchical and
          interactive organization chart)




2- Customer data - Total 14 Subjects                                                                                                      7/28/2011                     3 of 28
Ahli United Bank                                                   Treasury Sales Platform
                                                         bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



2-6       Automatic validation feature preventing
          identical company records
          (Prevent identical records from being
          entered into the database)

2-7       Merge duplicate accounts automatically
          into one account
2-8       Automatically move contact associated
          with one account to another account

2-9       Ability to provide a contact list by names,
          company, common activities,... with
          many to one account viewing

2-10      Assign industry segments to customers

2-11      Assign credit ratings to customers
          (We have several ratings assigned to
          customers therefore we would require a
          number of different ratings fields)

2-12      Ability to limit field inputs to values in a
          drop down list
2-13      Ability to store scanned documents such
          as dealing mandates
2-14      Provide the standard KYC fields (Are
          these fully customizable?)
2-15      Provide details of further functionality
          that the CRM offers that would add value
          to managing customer data?




2- Customer data - Total 14 Subjects                                    7/28/2011                   4 of 28
Ahli United Bank                                                                                                  Treasury Sales Platform
                                                                                                        bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                      Enhancement (E)
                                                          Standard (S)




                                                                                                                          Unavailable (U)
                                                                         Custom (C)


                                                                                                        Alternative (A)
No.           Features/ Questions                                                                                                                       Vendor Comments




3-1           Ability to track customer activities
              received by:
      3-1-1   Email
      3-1-2   mail
      3-1-3   fax
      3-1-4   Phone
      3-1-5   Describe the tracking technique
3-2           Integrated and consolidated Calendar
              functionality to share CRM calendar
              with the team in Microsoft Outlook.
              (A user may want to create an
              appointment for another member of the
              team to call or visit a client.)
      3-2-1   Single view to track all user tasks
      3-2-2   Customizable tasks or To do list per user

3-3       Synchronization with Microsoft Outlook
          (How is this achieved?)
    3-3-1 One-way
    3-3-2 Full two way
3-4       Provide details of further functionality
          that the CRM offers that would add value
          to contact management?




3 - Contact management - Total 14 Subjects                                                                                                  7/28/2011                     5 of 28
Ahli United Bank                                                                                               Treasury Sales Platform
                                                                                                     bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                   Enhancement (E)
                                                       Standard (S)




                                                                                                                       Unavailable (U)
                                                                      Custom (C)


                                                                                                     Alternative (A)
No.         Features/ Questions                                                                                                                      Vendor Comments




4-1         Create mailings to target groups for
            marketing purposes
      4-1-1 Send personalized email to defined group
            of clients based on certain selection
            criteria (in specific industry,
            activity/inactivity, customer type ….)

    4-1-2 Create emails using word mail merge
          from selected CRM fields and with ability
          to add attachments
    4-1-3 Send FAX and email broadcast to defined
          target groups
    4-1-4 Control campaign distributions based on
          each customer preferences
4-2       E-mail marketing using predefined email
          and fax templates
    4-2-1 Execute
    4-2-2 Measure
    4-2-3 HTML email marketing campaigns
    4-2-4 Simple way to create fax, email printed
          version
4-3       Campaign management
    4-3-1 Select target groups
    4-3-2 Create and customize campaign steps,
          dates, resources,…
    4-3-3 Assign resources
    4-3-4 Track campaign progress and manage
          results
    4-3-5 Target specific market
    4-3-6 Define the promoted products for each
          campaign
    4-3-7 Forecast campaign benchmarks




4 - Marketing - Total 14 Subjects                                                                                                        7/28/2011                     6 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



    4-3-8 Budget campaign financial results in
          advanced
    4-3-9 Maintain fixed target list once campaign
          is started
   4-3-10 Schedule multiple distribution events for
          each campaign
4-4       Telemarketing
          (Process and manage marketing related
          outbound call center activities)

    4-4-1 Customisable call scripts
    4-4-2 Manage call scripts, questions, answers,
          information,…
    4-4-3 Call timing and measure results
    4-4-4 Maintain call script results linked to
          customer record
4-5       Internet marketing
          (Link CRM to the public and internet
          banking web sites)
    4-5-1 Capture requests
    4-5-2 Visitor Data
    4-5-3 Click behaviour
4-6       System calculates figures of each
          campaign
    4-6-1 Gross margin
    4-6-2 Net contribution
    4-6-3 ROI (return on investment)
    4-6-4 IRR (internal rate of return)
4-7       Campaign financial results presented in
          P&L (Profit and Loss) format including:

    4-7-1   Budgeted performance
    4-7-2   Actual performance
    4-7-3   Variance
    4-7-4   Variance analysis explanations
    4-7-5 Analysis by competitor, salesperson,
          products,….
4-8       Competitor information management




4 - Marketing - Total 14 Subjects                                    7/28/2011                   7 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



      4-8-1 Maintain competitor product
            information
      4-8-2 Analyze competitor products against our
            products based on user defined aspects

4-9        Provide details of further functionality
           that the CRM offers that would add value
           to marketing bank products?




4 - Marketing - Total 14 Subjects                                    7/28/2011                   8 of 28
Ahli United Bank                                                                                                              Treasury Sales Platform
                                                                                                                    bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                     Enhancement (E)
                                                                        Custom (C)
                                                         Standard (S)




                                                                                                       Alternative (A)
                                                                                                                         Unavailable (U)
No.           Features/ Questions                                                                                                                         Vendor Comments




5-1           Lead and Opportunity Management
              Lead and opportunity user- defined
              management to track all related data
              including and not limited to:
      5-1-1   Milestones
      5-1-2   Decision makers
      5-1-3   Interactions
      5-1-4   Product level information
      5-1-5   Incorporate internal sales methodologies

      5-1-6 Competition
      5-1-7 Multiple sales quotas for each sales
            resources during the same period
5-2         Quotation management
            Create and track quotes for:
      5-2-1 Prospects
      5-2-2 Current Customers
      5-2-3 User defined period (For instance a quote
            may only be available for 1 hour or 1
            day.)
      5-2-4 User defined products
5-3         Ability to create a product information
            list
      5-3-1 Create a 'Wikipedia' type area for
            detailed explanations of products and
            what these offer to customers
      5-3-2 Product Catalogue
      5-3-3 Ability to link or attach knowledge base
            articles to any CRM pages
5-4       Consolidation of quotation and turnover
          data at concern level
5-5       Order management
    5-5-1 Covert quotes to orders
    5-5-2 Modify and save orders till they are ready
          to be submitted
5-6       Pipeline analysis
          Analyze anticipated revenue based on:




5 - Sales - Total 14 Subjects                                                                                                              7/28/2011                        9 of 28
Ahli United Bank                                                    Treasury Sales Platform
                                                          bc4d6a9f-4e89-474a-b6d4-55048b150590.xls
    5-6-1 Opportunities
    5-6-2 Quotations
    5-6-3 Sub-analyses of
           (for example, forecasts by region,
          branch, employee and product)
5-7       Visit planning
          Determine required frequency of visits
          based on criteria, such as:
    5-7-1 Turnover
    5-7-2 Potential
    5-7-3 Location, etc
5-8       Customer value management
    5-8-1 Measure
    5-8-2 Optimize the value of bank customer's by
          assigning the costs of sales activities to
          individual clients
5-9       Territory management
    5-9-1 Optimize account coverage
    5-9-2 Distribution of sales resources across
          defined territories
5-10        Incentive and commission management

   5-10-1   Develop compensation plans
   5-10-2   Implement compensation plans
   5-10-3   Manage compensation plans
5-11        Distribute workload automatically
   5-11-1   New leads can be automatically assigned
            to treasury sales staff based on various
            criteria such as territory, products, sales
            type,…
   5-11-2 Accounts can be automatically assigned
          to treasury sales staff based on various
          criteria such as territory, products, sales
          type,…
5-12        Ability to insert and assign a specific
            sales plan to a lead or customer based
            on the type of sale opportunity

5-13        Provide details of further functionality
            that the CRM offers that would add
            value to managing sales activities?




5 - Sales - Total 14 Subjects                                            7/28/2011                   10 of 28
Ahli United Bank                                                                                                  Treasury Sales Platform
                                                                                                        bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                      Enhancement (E)
                                                          Standard (S)




                                                                                                                          Unavailable (U)
                                                                         Custom (C)


                                                                                                        Alternative (A)
No.           Features/ Questions

                                                                                                                                                        Vendor Comments



6-1           Track customers incidents
              Ability to search across all fields
6-2           Contract management
      6-2-1   Manage service contracts
      6-2-2   Verify entitlement
      6-2-3   Manage service-level agreements
      6-2-4   Receive alerts when contracts expire
6-3           Complaint management
      6-3-1   Record, handle and analyze complaints
              or issues
      6-3-2   Create a workflow to ensure issues are
              tracked and resolved
6-4           Helpdesk support
              (Supports call centre functionality to
              process inbound service or support calls)

      6-4-1 Use received request or template to
            create new incident or service requests

      6-4-2 Provide a common, automatic, and
            personalised response to recurring
            customers requests or questions
      6-4-3 Assign resources automatically
      6-4-4 Link support incidents to other incidents
            and resolve as a group
      6-4-5 Link incidents to customers, products,..

      6-4-6 Live log of events and results of each
            incident
      6-4-7 Consolidated view of all incident
            information in one page




6 - Service - Total 14 Subjects                                                                                                             7/28/2011                     11 of 28
Ahli United Bank                                                   Treasury Sales Platform
                                                         bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



       6-4-8 Automatic escalation capability based on
             defined criteria
       6-4-9 Distribute incident surveys automatically

      6-4-10 Survey responses can be automatically
             forwarded or escalated based on
             responses
      6-4-11 Suggest questions based on service
             incident type, product, or user defined
             criteria
      6-4-12 Emails responding to customers incident
             could copy customer account manager,
             or sales manager
      6-4-13 Allow customers to enter incident to
             customer portal and link it automatically
             to customer account
      6-4-14 Allow customer to initiate messaging
             from customer portal
      6-4-15 Customer portal contains searchable
             knowledge base and FAQs

6-5          Service planning
             (Organize plan and dispatch service
             resources to meet service demands)
6-6          Service Analytics
             (Identify problems and trends and
             compare actual values with target values)

6-7          Is there any other functionality that the
             CRM offers that would add value to
             managing services activities?




6 - Service - Total 14 Subjects                                         7/28/2011                   12 of 28
Ahli United Bank                                                 Treasury Sales Platform
                                                       bc4d6a9f-4e89-474a-b6d4-55048b150590.xls
7-25      Customized interface
          ability to show the required fields in a
          different color, reorganize section
          placing,…
7-26      Ability to mass modify number of CRM
          records, activities, tasks (out of box
          feature or add on tool)
7-27      Ability to define and manage user role or
          profile
7-28      System is capable of supporting multiple
          legal entities and business units within
          legal entities using a single instance of
          the application
7-29      System support logical partitioning of the
          database by legal entities /business units
          codes to allow for secured and restricted
          access of the system to bonafide users of
          the legal entities/business units

7-30      System support authorized Group/HQ
          users to see data/information across legal
          entities/business units and able to get a
          consolidated view of information on a
          need basis

7-31      System support very low bandwidth
          consumption for providing high
          performance for access from remote
          locations with the application hosted in
          Bahrain and accessed across the group
          entities in different geographies

7-32      Support for a fully browser based end
          user access along with offline and mobile
          user access with capability of auto-
          syncing when in online mode

7-28      Is there any other functionality that the
          CRM offers that would add value in
          general?


7 - General - Total 14 Subjects                                       7/28/2011                   13 of 28
Ahli United Bank                            Treasury Sales Platform
                                  bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




7 - General - Total 14 Subjects                  7/28/2011                   14 of 28
Ahli United Bank                                                                  Treasury Sales Platform
                                                                        bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                    Enhancement (E)


                                                                                                                        Unavailable (U)
                                                        Standard (S)
                                                                       Custom (C)


                                                                                                      Alternative (A)
No.        Features/ Questions




8-1        Availability of one consolidated console
           to manage the solution
           (single tool to manage the daily bases
           activities to support business users)
8-2        What is the required development skills
           or knowledge required to customize the
           solution by our development team?

8-3        Active directory integration
           (Describe the used integration technique)

    8-3-1 Full automatic integration
    8-3-2 Require some manual setup
8-4       Mobile access
    8-4-1 Access and modify CRM data on mobile
          devices like PDA’s and Smart Phones

    8-4-2 Out of the box encryption capability
8-5       Send alerts via a SMS gateway
8-6       Offline Mode
          (ability to maintain a full local - offline
          copy for defined number of CRM records
          and fields data with two way
          synchronization)
8-7       MS SQL support
8-8       Integration API support for Java class
8-9       MS-Outlook integration
          (Describe the integration technique and
          what versions of Microsoft office are
          supported)
8-10       Export data for interfacing to other
           systems
           (What options are available for extracting
           data?)

8 - Technical requirements - Total 14 Subjects                                                                                            7/28/2011   15 of 30
Ahli United Bank                                                  Treasury Sales Platform
                                                        bc4d6a9f-4e89-474a-b6d4-55048b150590.xls
8-11      Web services module (Application has a
          web services module to interface with
          other applications)
8-12      link to 'MynaVoice'
          (http://www.cybertech-
          int.com/10117/1/mynavoice.html)
          so that voice recordings can be accessed?

8-13      What are the recommended hardware
          requirements. On what basis are these
          recommendations made? How easy
          would it be to expand the environment in
          future
8-14      Cisco IP Phone integration
          What features does CRM have that can
          be linked to a Cisco IP telephony system?

8-15      Network bandwidth requirements to
          access the solution in Bahrain from other
          banks in UK, Egypt, Kuwait, Qatar, Oman,
          Iraq)
8-16      Chat or messaging capability
   8-16-1 OCS integration
   8-16-2 Third party integration (cost?)
8-17      Can you provide details on bandwidth
          usage when running queries or reports?

8-18      Mapping tool to extract data from an
          existing CRM solution
          Describe if there is a facility provided to
          upload data as part of an initial take on.
          What method is used for this?

8-19      Monitor and diagnose the CRM
          environment with SCOM




8 - Technical requirements - Total 14 Subjects                         7/28/2011                   16 of 30
Ahli United Bank                                             Treasury Sales Platform
                                                   bc4d6a9f-4e89-474a-b6d4-55048b150590.xls
                                      Vendor Comments




8 - Technical requirements - Total 14 Subjects                    7/28/2011                   17 of 30
Ahli United Bank                                           Treasury Sales Platform
                                                 bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




8 - Technical requirements - Total 14 Subjects                  7/28/2011                   18 of 30
Ahli United Bank                                                 Treasury Sales Platform
                                                       bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



No.       Features/ Questions                                                         Vendor Comments
9-1       How the solution could offer a low TCO
          compared to other CRM providers?

9-2       What modules come as standard and
          which are licensed separately?
9-3       What is the estimated ROI of this project
          considering costs of software, hardware,
          consulting, personnel, training, and other
          investments over a 3-year period?

9-4       Specify the licensing basis for the S/w

9-5       Typical cost of the future development
          request (Cost of adding new fields, tabs,
          forms,…)




9 - Cost - Total 14 Subjects                                          7/28/2011                         19 of 28
Ahli United Bank                                                   Treasury Sales Platform
                                                         bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



No.        Features/ Questions                                                          Vendor Comments
10-1       Support options (Cost, Time coverage,
           availability of local or regional support)

10-2      Upgrade
   10-2-1 Provide details about the upgrade path

   10-2-2 Frequency of updates
   10-2-3 How would an upgrade of integration
          tools such as Outlook affect the CRM?
   10-2-4 Will installing Windows service packs
          have any impact on the CRM?
10-3      What is the solution training plan?
10-4      Is there any certification available for the
          solution for IT support staff? i.e. training
          certification and exams?




10 - Support & Training - Total 14 Subjects                             7/28/2011                         20 of 28
Ahli United Bank                                                                                                             Treasury Sales Platform
                                                                                                                   bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                    Enhancement (E)
                                                                       Custom (C)
                                                        Standard (S)




                                                                                                      Alternative (A)
                                                                                                                        Unavailable (U)
No.       Features/ Questions                                                                                                                            Vendor Comments




11-1      Create informal relationships between
          customers
          (For example two legally separate
          entities may have employees working for
          them that are related. Users will need to
          be aware of this informal link)
11-2      Provide Multi legal entity support with a
          single instance of the application, with
          the capability to allow for Group users
          to view/modify items at enterprise
          level.
11-3      Support for profitability calculations on
          deals
          Are the calculations provided with the
          solution or will these require
          customization by AUB?
11-4      How much customisation can be done to
          the solution?
11-5      Ability to create tabs, fields, views by
          AUB team
11-6      Can we specify the attributes of a field
          (i.e. make a field a numerical field with 8
          decimal places)
11-7      Full configuration features (Tailor the
          application by adapting interface,
          navigation, process and workflow)

11-8      Full workflow creation and
          customization by users.
          (Provide details of how much support
          may be needed by the vendor or it can
          be done by AUB developers?)

11-9      Full search/inquiry customisation by
          business users




11 - Customisation - Total 14 Subjects                                                                                                    7/28/2011                        21 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls
11-10     Full sharing of customised searches /
          inquiries across the business users.
          (Provide details of how much this
          requires AUB administrator to make
          them sharable if not fully supported
11-11     Full support for users customisation of
          their own screens / views.
          Provide details of how much support is
          required if not supported
11-12     Full sharing capabilities to easily share
          across the users without support of the
          CRM administrator
11-13     Creation of fields on a view that picks
          certain rates from the market data.
          (For example a customer screen may be
          customized to show the GBP/USD rate
          that is refreshed periodically or
          dynamically)
11-14     Store transaction data on the CRM
          database
          What changes will need to be made to
          the database to accommodate these?
11-15     Add extra fields to a transaction view or
          a customized view where the value is
          calculated from one or more other
          values in the view
          For example a profit field may be added
          to a view that is calculated from the
          ((price field - market value field) *
          currency amount field) * base currency.
          Does the solution provide for expression
          based calculations as well as simple
          arithmetic?
11-16     Use mathematical expressions to limit
          field inputs to values meeting that
          criteria
          For example, can we limit fields so that
          values have to be greater than zero, or
          less than today or between a range of
          numbers?
11-17     Ability to migrate the software in-house
          customisation when upgrading to new
          version


11 - Customisation - Total 14 Subjects                               7/28/2011                   22 of 28
Ahli United Bank                                                                                                 Treasury Sales Platform
                                                                                                       bc4d6a9f-4e89-474a-b6d4-55048b150590.xls




                                                                                     Enhancement (E)
                                                         Standard (S)




                                                                                                                         Unavailable (U)
                                                                        Custom (C)


                                                                                                       Alternative (A)
No.         Features/ Questions                                                                                                                        Vendor Comments




12-1        Kerberos as a default authentication
            method
            if not, what is the used authentication
            method?
12-2        Auditing all CRM events, activities,...
            (Describe the auditing capabilities of the
            CRM)
   12-2-1   Different levels of auditing
   12-2-2   Describe if there is any performance
   12-2-3   degradation fromaudit
            Document usage auditing at different
   12-2-4   Check-in / Checkout document
            management
12-3        Full configuration of user rights
            (Define fine-grained access rights for
            users and groups to the CRM modules,
            records and fields within each module).
            Describe the process of applying security
            at the various levels
12-4        Support for a user existing in multiple
            business groups.
12-5        User can be assigned a higher role in one
            group than another?
            (For example you may want a user in one
            entity to have full read/write rights in a
            screen but have read only rights in the
            same screen for a different entity)

12-6        Manage security features to hide
   12-6-1   Views
   12-6-2   Tabs
   12-6-3   Fields, etc




12 - Security - Total 14 Subjects                                                                                                          7/28/2011                     23 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



12-7      Fully access controlled security for
          segregation both within entity for
          business units and across entities
          to ensure data confidentiality and
          protection laws as per jurisdictions can
          be adhered to
12-8      Encrypt the offline data
   12-8-1 Purge office data remotely
12-9      Access Control
   12-9-1 Unique User Identification
          (The application should identify each
          user by a unique user id)
   12-9-2 Access Security
          (The application should provide File,
          Record and Field Level Access Security)

   12-9-3 User Classes
          (The application should support different
          user classes like manager, clerical staff
          etc)
   12-9-4 Role Based Access Control
          (User privilege should be assigned on the
          basis of their "role")
   12-9-5 Inactivity Timeout/Automatic logout
          (The application should logout the user
          after "n" minutes of inactivity. (The
          vendor should clearly mention how the
          unsaved data will be protected during
          the "inactivity timeout"))

   12-9-6 Segregation of Duties
          (no single individual should have control
          over two or more phases of a transaction
          or operation)
12-10     Integrity




12 - Security - Total 14 Subjects                                    7/28/2011                   24 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



  12-10-1 Integrity of data while at rest
          (The application should prevent/identify
          the data from being modified by
          database administrator)
  12-10-2 Access to Data through application
          (The application should ensure that the
          data is accessible only through the
          application. A database call by users
          should not provide access to data.)

12-11     Integration with SSO and ADS
          (Application should have the feature to
          integrate with Single Sign On like MS
          Active Directory Service)
12-12     Transmission Security
          (Application should have the following
          security controls for the data while in
          transmission)
  12-12-1 Integrity Controls while in transmission
          (Data integrity should be ensured while
          the data is in transit through a LAN or a
          slow WAN link and the event of
          link/system failures)

  12-12-2 Encryption while in transmission
          (Encryption mechanism should be
          available in the software for protecting
          the data while in transit)
12-13     Encryption
  12-13-1 Encryption Strength and algorithm used
          (Application should support encryption
          strength of 128 bits at minimum.
          Application should support strong
          encryption algorithm such as 3DES, AES
          etc)




12 - Security - Total 14 Subjects                                    7/28/2011                   25 of 28
Ahli United Bank                                                 Treasury Sales Platform
                                                       bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



  12-13-2 Message Encryption
          (All messages from the application
          should be encrypted)
  12-13-3 Data encryption
          (Data should be encrypted using 3DES or
          AES with a minimum of 128-bit
          encryption)
  12-13-4 Password Encryption
          (All passwords within the application
          should be encrypted with 3DES or AES
          with a 128-bit encryption at the
          minimum)
12-14     Password Security
  12-14-1 Minimum password length
          (Application should support a minimum
          password length 8 characters)

  12-14-2 Password Expiry
          (The account should be locked after 3
          invalid logon attempts)
  12-14-3 Account Lockout after invalid logon
          attempts
          (In the event of 3 invalid logon attempts,
          the user id should be disabled or the
          workstation should be disabled)

  12-14-4 Support/enforcement of complex
          passwords
          (The application should force the users to
          use complex passwords that has mixture
          of alphanumeric, upper case, lower case
          and special characters)

  12-14-5 Password history
          (While changing the passwords, the
          system should not accept 12 previously
          used passwords)
12-15     System Logging Features




12 - Security - Total 14 Subjects                                     7/28/2011                   26 of 28
Ahli United Bank                                                Treasury Sales Platform
                                                      bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



  12-15-1 Logon success/failures
          (Application should log all logon
          successes and logon failures)
  12-15-2 Data access failures
          (Any data access failures should be
          logged)
  12-15-3 Privilege escalation attempts
          Privilege escalation attempts should be
          logged and prevented. (Privilege
          escalation attempts means that after
          logging in as normal user, the user could
          elevate his/her privilege through some
          means and access the data for which
          he/she has no authority.))
  12-15-4 Unauthorized access attempts
          (Users attempting to access the data for
          which he/she is not given the authority)

12-16       Reporting
  12-16-1   Unsuccessful login attempts
  12-16-2   List of roles/profiles
  12-16-3   List of user profiles by
            department/branch, user id in
            alphabetical order
  12-16-4 List of locked or deactivated users
  12-16-5 List of access to a specific
          screen/function or utility
  12-16-6 List of changes to parameter /
          configuration files, static data
12-17     PCI DSS
  12-17-1 Card Information Exposure Points
          (Card information, if any, should be
          masked at all exposure points --like
          display, reports, etc)




12 - Security - Total 14 Subjects                                    7/28/2011                   27 of 28
Ahli United Bank                                                  Treasury Sales Platform
                                                        bc4d6a9f-4e89-474a-b6d4-55048b150590.xls



  12-17-2 Card Information Data at rest
          (Similarly provision should be in place to
          have masking/encryption for card
          information data at rest.)
  12-17-3 Sensitive Customer Information
          (Strict access controls and encryption
          should be in place for customer sensitive
          information.)
12-18     Data Sanitization and error handling
  12-18-1 Cross Site Scripting
          (Cross site scripting (XSS) should be
          checked within URL query strings, user
          cookies and form fields value.)
  12-18-2 SQL Injection Attack
          (Application should perform data
          validation to protect SQL injection attack)

  12-18-3 Hidden Field Manipulation
          (Application should prevent Hidden field
          manipulation)
  12-18-4 Output Sanitization
          (Application should be carrying out
          appropriate data sanitization before
          delivering the output)




12 - Security - Total 14 Subjects                                      7/28/2011                   28 of 28

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:175
posted:7/28/2011
language:Malay
pages:28
Description: Quotation Template Consulting document sample