Deposit and Credit Guarantee Fund (DCGF) Naxal, Kathmandu ...dcgf.org.np/uploaded/Credit Software Document/TOR_CGMIS.pdf3. Nepal Rastra Bank 4. Ministry of Finance (MOF) 5. INGOs 6

Deposit and Credit Guarantee Fund (DCGF)

Naxal, Kathmandu, Nepal

Terms of Reference (TOR)

For

"Development of Centralized Web Based MIS system for

Credit Guarantee Fund (DCGF)"

Issued By

Department of Information Technology

April, 2018

Page 2

Table of Contents

Glossary .......................................................................................................................................... 5

Introduction ..................................................................................................................................... 7

Objectives: ...................................................................................................................................... 7

Scope of Work ................................................................................................................................ 8

Key Stakeholders ............................................................................................................................ 9

Data Services and facilities to be provided by Client PMU ......................................................... 10

Major Actors of CGFMIS ............................................................................................................. 10

Components of CGFMIS .............................................................................................................. 10

Subsystem and Modules of CGFMIS ........................................................................................... 11

1. Credit Guarantee Subsystem Module ................................................................................... 11

i. Livestock Guarantee Module ......................................................................................... 11

ii. Micro-Finance And Deprived Sector Credit Guarantee Module ................................. 11

iii. SME Guarantee Module .............................................................................................. 11

iv. Agriculture Guarantee Module .................................................................................... 12

2. Investment Sub System Module ............................................................................................. 12

3. Administration, Accounting and Inventory Subsystem ......................................................... 13

4. Cross Cutting Modules ......................................................................................................... 14

5. Financial Management Information Systems (FMIS)........................................................... 15

High Level Diagram for CGFMIS ................................................................................................ 17

....................................................................................................................................................... 17

Investment Module Investment Process Flow ........................................................................... 18

Credit Guarantee Module Process Flow .................................................................................. 19

General Guidelines for System Architecture DCGF .................................................................... 19

Service Oriented Architecture and Loose Coupling ................................................................. 20

Key Non Functional Requirement ............................................................................................. 20

Requirement for Application Software...................................................................................... 22

Requirement for Programming Language ................................................................................ 22

Requirement for Software Interface Language ......................................................................... 22

Requirement for Input Data Language ..................................................................................... 22

Requirement for System Configuration and Management ........................................................ 23

Page 3

Requirement for Compatibility with Operating System ............................................................ 23

Requirement for Browser support ............................................................................................. 23

Requirement for GUI Design .................................................................................................... 23

Requirement for Development Tools ........................................................................................ 23

Requirement for Database Software and Design...................................................................... 23

Requirement for Database Management System ...................................................................... 24

Requirement for Database Security .......................................................................................... 24

Requirement for Web Services .................................................................................................. 25

Requirements for Scalability ..................................................................................................... 25

Requirement for Modularity and Flexibility ............................................................................. 26

Requirement for Logging and Audit Trails ............................................................................... 26

Requirement for Searching and Reporting ............................................................................... 27

Backup and Recovery ................................................................................................................ 27

Requirement for Security: ......................................................................................................... 27

Requirement for Session Management...................................................................................... 28

Requirements for PKI Based Authentication and Authorization .............................................. 28

System interfacing and integration Requirement ...................................................................... 29

Test Data Generation .................................................................................................................... 29

Response Time .............................................................................................................................. 29

Data Center & Infrastructure ........................................................................................................ 30

Quality Assurance Plan ................................................................................................................. 30

Change Request Management ................................................................................................... 31

Requirement for Multi User Environment .................................................................................... 31

Requirement for User Interfaces Design .................................................................................. 32

Software Standards and Performance ........................................................................................... 33

Open Standards ......................................................................................................................... 33

Government Enterprises Architecture (GEA) ........................................................................... 33

Government Interoperability Framework (NeGIF) .................................................................. 33

System Performance ..................................................................................................................... 33

Software Performance and key cross cutting characteristics ........................................................ 34

Page 4

Input/output Validation ............................................................................................................. 34

Capacity Building, knowledge transfer and Training ................................................................... 35

Testing........................................................................................................................................... 36

Security testing of the System .................................................................................................... 36

Stress and Performance testing ................................................................................................ 37

Installations, Commissioning and User Acceptance Testing (UAT) ........................................ 37

Data Archival and Housekeeping ................................................................................................. 38

Licensing and Intellectual Property .............................................................................................. 38

CGFMIS Documents and Deliverables ........................................................................................ 39

Technical/User Manual Content ................................................................................................... 39

Technical Manual (For Engineers/ Developers) ...................................................................... 39

User Manual (Operator/Users) ................................................................................................ 40

Consultant Qualifications.............................................................................................................. 40

Legal Document ........................................................................................................................ 41

Qualification and Experience Required for the Proposed Personnel ...................................... 41

Consultant’s Personnel ............................................................................................................. 44

Proposal Requirement ................................................................................................................... 45

Duration of the Work and support: ............................................................................................... 46

Duration of Work ...................................................................................................................... 46

Support ...................................................................................................................................... 46

DCGF Related Laws & Bye Laws ................................................................................................ 47

Appendix ....................................................................................................................................... 48

Page 5

Glossary

ACL Access Control Level

BFIs Banks and Financial Institutions

BoQ Bill of Quantity

DC Data Center

DCGF Deposit and Credit Guarantee Fund

CGFMIS Credit Guarantee Fund Management Information Systems

DR Disaster Recovery

EOI Expression of Interest

FMIS Financial Management Information Systems

GEA Government Enterprise Architecture

GoN Government of Nepal

GUI Graphical User Interface

HTTP Hypertext Transfer Protocol

HTTPS Hypertext Transfer Protocol Secure

ICT Information and Communication Technologies

INGO International Non-Government Organization

IP Internet Protocol

LOI Letter of Intent

MIS Management Information System

NASCII Nepal Analysis Standard Code for Information Interchange

NeGIF Nepal Government Interoperability Framework

NGO Non-Government Organization

NRB Nepal Rastra Bank

ODBC Open Database Connectivity

OPSEC Open Platform For Security

OWASP The Open Web Application Security Project

PMU Project Management Unit

RFP Request for Proposal

SOA Service-Oriented Architecture

Page 6

SOAP Simple Object Access Protocol

SRS Software Requirements Specification

SSL Secure Socket Layer

TB Terra Byte

TCP Transmission Control Protocol

TFA Two-Factor Authentication

TOGAF The Open Group Architecture Forum

TOR Terms of Reference

UAT User Acceptance Test

UDDI Universal Description, Discovery, and Integration

UI User Interface

W3C World Wide Web Consortium

WSDL Web Services Description Language

WMI Windows Management Instrumentation

Page 7

Introduction

Financial stability is one of the topical issues that has been accorded increased attention from

central bank, government, market players, borrowers and deposit insurer. As a deposit insurer,

Deposit and Credit Guarantee Fund (DCGF) has started the deposit guarantee scheme in Nepal

from the year 2010. Deposit guarantee/insurance is recognized globally as an important component

of a country's financial safety net and has been implemented in more than 120 countries around

the world. It is a system that protects depositors against the loss of their guaranteed deposits placed

with banks and financial institutions (BFIs) in the case of unlikely event of the BFIs failure. DCGF

has given the statutory responsibility to perform both the deposit guarantee and credit guarantee

function through it's own "Deposit and Credit Guarantee Fund Act, 2073". In the DCGF Board

there has been representation of six from the government and one from Nepal Rastra Bank.

Obviously, DCGF is a government sponsored and administered separate entity. Generally, deposit

guarantee system is a government-sponsored scheme. In Nepal, deposit guarantee scheme is

confined to BFIs namely

Commercial Banks

Development Banks

Finance Companies and

Micro Credit Development Banks

Objectives:

Main Objectives

Design and implementation of the MIS system which helps to guarantee the credit

advanced by the banks and financial institutions presently in livestock, SMEs including

priority sector, deprived and micro-finance sector and to compensate the loss under a risk

sharing modality as per the concerned regulation in case of the proven death and

permanently infertile of livestock and indisputable default of other loans.

The other objectives of the system are:

1. To identify the key components to be designed and developed in the CGFMIS.

Page 8

2. Analysis, design and implement the different modules identified and mentioned in

CGFMIS.

3. Develop an interactive client web interface and mobile application (if necessary) for the

different CGFMIS stakeholders and users.

4. To enhance the capability of the system so as to make monitoring and supervision of the

DCGF work more effective.

5. To enhance the capability of the system so as to make it more interactive and responsive to

the stakeholders.

6. To make the system more user-friendly and faster.

7. To ensure high availability of the system.

8. To ensure the stability of the system.

Scope of Work

The consultant shall undertake to perform the services with the highest standards of professional

and ethical competence and integrity. The consulting agency is required to:

1) Consult to DCGF Staff on the most appropriate policy and system architecture and central

system requirement gathering. Also Consult DCGF staff for all related task during the

requirement gathering, system analysis, designing, development and deployment.

2) Detailed requirement gathering and analysis of existing of documents types and

applications generating such documents.

3) Design, development and deployment of solution.

4) Migration of existing data into to new system.

5) System documentation covering technical design, configuration details, administrative task

and operational aspect of the system.

6) Knowledge transfer and training to DCGF Users.

7) Technical support for one year after deployment of the system in the server.

8) Additional requirements may be covered during the analysis phase.

9) Recommend hardware and software requirement.

Page 9

Key Stakeholders

The following section describes the key stakeholders for the CGFMIS Implementation

1. Project Management Unit (PMU)

2. Application Development Agency (Consultant)

3. Nepal Rastra Bank (NRB)

4. Ministry of Finance

The PMU consists of the CGFMIS Design consultant and representative from DCGF. The

responsibility of the PMU includes the following

Overall project planning and management in collaboration with DCGF, includes planning

supervising and overall progress of the project, monitor conformance with the timeliness,

budgets and serve levels

Review the scope and technological solutions covering all components by the CGFMIS

Acceptance testing and Acceptance

Perform structural transition and rollout

Post Deployment reviews

Confirm and monitor service levels through the engagement with the CGFMIS through

periodic reviews

Monitor the implementation of the project according to the project plan and report to the

DCGF Board

Review the request for proposals

Issue the LOI to the Selected Consultant

Contract signing with Selected Consultant

Ensures proposer training arrangements

Page 10

Data Services and facilities to be provided by Client PMU

Nominate the counterpart in all areas of works in order to facilitate execution of project in

a timely manner

Provide the relevant reports and the information /data available with DCGF, however

collection of the data from different sources if required will be done by the consultant with

the consent of DCGF.

Timely review inputs on the deliverables submitted by the Application Development

Agency

Provide Access to the system and documentation related to the project

Facilitate necessary meetings /discussions with the external stakeholders

Administrative support in setting up meetings with other project organization

Major Actors of CGFMIS

1. Development Banks / Banks

a. "A" Class Commercial Banks

b. "B" Class Development Banks

c. "C" Class Finance Companies

d. "D" Class Micro Finance Institutions

2. DCGF branch staffs

3. Nepal Rastra Bank

4. Ministry of Finance (MOF)

5. INGOs

6. NGOs

Components of CGFMIS

The proposed CGFMIS will have following components:

1. Credit Guarantee Subsystem

2. Investment Sub System

3. Administration, Accounting, Human Resource and Inventory Subsystem

4. Subsystem for Cross Cutting Modules

Page 11

5. Financial Management Information System

Subsystem and Modules of CGFMIS

1. Credit Guarantee Subsystem Module

i. Livestock Guarantee Module

Membership Registration

Contract Management

Credit Guarantee Process Management

o By Member Organization

o By Non Member Organization (BFIs, INGO, NGO)

Livestock Type, Credit Limit, Numbers

Livestock Guarantee Fee management

Tag Management

Document and Report management

Claim and Payment Management

Form and Report Management according to Schedule (Anusuchi) of related

product

ii. Micro-Finance And Deprived Sector Credit Guarantee Module


Contract Management


Fee management




product

iii. SME Guarantee Module


Contract Management

http://dcgf.org.np/home/pages/41/1

Page 12


Fee management




product

iv. Agriculture Guarantee Module


Contract Management


Fee management




product

2. Investment Sub System Module

DCGF will call for an investment proposal to different banks in which all the investment fund and

time for investment will be provided. The Banks that will quote for higher interest will be awarded

to use the fund provided by DCGF.


Contract Management

Investment Interest Management

Bid Document Management

Report management

Form and Report Management according to Schedule (Anusuchi) of related product

Investment Notice Management

Investment Application Management

Investment Record Management

Page 13

Investment Comparative Bid Analysis Management

Investment Board User Management

3. Administration, Accounting and Inventory Subsystem

i. Administration Module

o Darta

o Chalani

o Tippani

o Board Members Management

o Office Minute

ii. Accounting Module

a. Charts of Accounts

b. Voucher

c. Ledger

d. Tax

e. Payroll

iii. Procurement and Contract Management Module

iv. Stock and Inventory

a. Item Entry and Opening Stocks

b. Item and Category Management

c. Demand Collection and Approval

d. Demand Disbursement

e. Purchase Order

f. Purchase Entry

g. Vendor/Supplier Management

h. Action Management

i. Vehicle and Fuel Management

j. Store Ledger

v. HR Module

a. Recruitment and Selection

b. Employee Details

Page 14

c. Attendance Record

d. Leave

e. Overtime

f. Training

g. Awards

h. Punishment

i. Deputation

j. Transfer

k. Retirement

4. Cross Cutting Modules

i. Security Management Module

a. User Role Management

b. User Management

c. Module / Sub Module Based Access Control Level (ACL)

ii. Reporting Module

a. Account and Inventory Related Reports

i. All the Voucher entry

ii. Issued Receipt

iii. Monthly Report

iv. Total Ledger & Product Wise Ledger

v. Minute

b. Loan wise report

i. Product wise Loan report

c. District wise report

i. Number of loans in number of district according to product

d. Pradesh wise report

i. Number of loans in number of Pradesh according to product

e. Business wise Report

i. Agriculture

ii. Service

Page 15

iii. Industry

f. Animal Wealth wise ledger report

i. Buffalo, Cow, Goat, Pig, etc. wealth wise ledger report etc.

g. Money Capping Wise Loan Ledger Report

i. Money Capping Wise Loan Ledger Report i.e.

1. Within 10000

2. Within 100000

3. Within 200000

4. Within 300000

5. Within 500000, etc.

h. Member Institutions Branch wise report

i. Member Institutions Branch wise loan / claim

i. Animal Wise ledger report

iii. Lookup, System Setting and Configuration Module

5. Financial Management Information Systems (FMIS)

FMIS accumulate and analyze financial data in order to make good financial management

decisions in running the business of DCGF. FMIS shall be integrated with various other Sub

Systems like Procurement and Contract, Investment, Inventory, HR and Payroll and accounting

subsystem for proper working. DCGF FMIS includes the following Module.

Source of Fund Management

Fiscal Year Setup – Link with Accounting

Accounts Heads and Charts of Accounts - Link with Accounting

Expenditure Management

o Expenditure Statements

o Recurrent Expenditure Statements

o Capital Expenditure Statements

Revenue Management

o Statement of Revenue Collection

o Source of Revenue

General ledger Management

Program and Activity Formulation

Budget Planning

Page 16

Budget Formulation /Allocation

Budget Disbursement

Budgetary Status

Cash Flow

Financing – Loan, Debt, Investment, Advance Payments,

Reimbursement etc.

Financial Statements

o Revenue vs. Expenditure

Interlink with / Integration with

o Integration with Procurement and Contract

o Integration with Accounting and Payroll System

o Integration with Investment Module

o Integration with Credit Module

o Integration with Inventory Module

Financial Audit Record

Beruju Farchaut according to the policy of DCGF

Foreign Aid Management

Security Deposits

Budget Heading Change / Rakamantar

Budget Source Change / Srotantar

Reporting

o Revenue Collection Summary and Detail Reports, Months, Year Wise

Revenue Collection

o Expenditure Summary and Detail Reports, Months, Year Wise

Expenditure

o Expenditure Type wise Report – Recurrent Expenses, Capital

Expenditure

o Source of Fund wise

o Budget Head Wise

o Sector Wise

o Investment Sector Wise

Page 17

High Level Diagram for CGFMIS

Member

Organization Web

Portal

Database

Data

Interface

Input Data Processing

Raw Import

Clean Up

Validate

MIS

Report Generation

Configuration

CGFMIS

Credit

Investment

Claim & Payment

Filtering

Parameter

List Generation

Accounting

DCGF Users

Data Verification

Retrieve Data for

Verification

Batch Data File

Fig: High Level Diagram for CGFMIS

Page 18

Investment Module Investment Process Flow

Page 19

Credit Guarantee Module Process Flow

General Guidelines for System Architecture DCGF

1. DCGF shall be designed as Web Based n-tired solution with informational, collaborative

and transaction services

2. Shall be unified solution for all DCGF services which provides interface for managing and

operating all the functionalities of the system

3. The solutions follow the tired approach allowing for horizontal and vertical scalability at

the access tier. Integration tier and database and hardware level. Possibly to provide for

redundancy at the web level or add another DBMS at the Database layer without making

changes to other tiers

4. Shall provide role based access to various stakeholders with associated role based

functionalities

5. Solution shall be designed to handle exception with meaningful messages

Page 20

6. Solution shall be designed through use case scenarios which shall be part of the functional

requirement specification

7. Shall allow for independent components registration and availability

8. Shall enabled ad-hoc MIS report generation

9. Integration Mechanism shall conform to GEA guidelines, the NeGIF and TOGAF

framework for SOA Approved by GoN

10. Shall be accessed from remote locations with minimal connectivity and the architecture

shall be designed to be operated in low bandwidth environment

11. Solution shall have to capacity to handle at least 10,000 users and should support at least

200 concurrent connects to the applications

12. Solution implement best practices for online security based on the transaction type and the

architecture should be designed to enable imaging security, secure socket layer (SSL), one

time Passwords and Digital Signature for signing/approval of documents.

Service Oriented Architecture and Loose Coupling

The System architectures shall be developed following SOAs based loosely coupled components,

for System resiliency, stability and maintainability of the proposed solutions, which leads

1. Easy way to add or change made in components without having to make reflective changes

to other components in the architecture/systems.

2. Choose the right enabling technology for the processes without concerning themselves with

technical dependencies, such as Database Technology, security models.

3. Components are protected from each other and can better recover from component failure.

4. The failure of a single component should not take down other components in the system

5. Creating a failover subsystem, moving from one instance of a component to another without

affecting the other components in the SOA.

Key Non Functional Requirement

Openness The developed system shall be open standard where possible. It should not be

vendor specific and depend on some vendor specific technology. There should not be

implementation of any vendor specific component, software, middleware, and firmware to

Page 21

avoid the vendor-locking situation. The proposed architecture, database, programming

language and any technology used to develop and implement system should use 'Open

Standard' whenever such standards are available and applicable to meet the specification.

Standards: The system shall be centralized web enabled system and the application

architecture of the system should be platform and vendor independent. The system should

be designed by following the open standards like SOA i.e. interoperable in nature and

design and development should be based on SOA. Shall be adherence with GEA, NeGIF.

Modularity: The designed modules of the system should be highly granular and highly

cohesive, loosely coupled which supports easy addition/removal of one more modules as

and when required. The solution architecture should have multi-tired architectures that

allow infrastructure simplicity and standardization.

Integrity and reliability: The solution shall ensure data safety and integrity in the event

of communication channels operation failures, software and hardware operability failures.

Availability: The availability of the system shall be high, solution should be designed to

remove all single points of failure and the solutions should provide the ability to recover

from failures.

Scalability and performance: The system shall have ability to scale up as and when the

new business applications and services are added without compromising the performance

of the overall solution. The chosen Architecture pattern and framework should be proven

to be highly scalable and capable of delivering high performance as and when transaction

volumes increase. Master Database for modules should be properly indexed so that

searching performance of the system provides high performance.

Error Messages and Handling: The system shall display appropriate warning messages.

System should display alerts and reminders for the user.

Usability: The home screen shall be designed with a better user interface. The System

should allow user to organize the Search results sort by clicking on table header. The

System should facilitate easy navigation of the screen i.e. back, forward, refresh options

should be made available to the user. Whenever the user enters the modules the system

should have a provision to display the description for all modules and sections

Page 22

Extensibility and Integration Support: The solution shall support Plugging in of other

authentication methods in the future. The Solutions must be capable of integration with a

payment gateways for paid user services

Requirement for Application Software

The software should be developed in reliable programming languages and programming standard

must be generic data acquisition, access coding using web based application technology. The

programming language should be selected so that it can easily communicate with printer for

printing.

Requirement for Programming Language

The software should be Web Based Application. The chosen programming language must have

readily available compiler and host environments for windows based operating system.

Applications for the web server would be developed in JavaScript, Asp.Net with appropriate

languages (C# etc.)

Requirement for Software Interface Language

The web-based application shall have Nepali and English Languages, words and characters. The

application should use Nepali Language for Interface, instructions and messages. English

Language should be used where Nepali language is not possible. The system should have provision

to use both Nepali and English Date values in standard format. There should be a module to change

date from Nepali to English Date format and vice versa.

Requirement for Input Data Language

The System Database consists of data values both in Nepali and English language. Hence, the

forms and related interfaces should be designed to input, store and process both Nepali and English

languages. For Nepali language input data values, Nepali Unicode should be used. All the Static

and Dynamic text should be displayed and saved in English and Nepali

Page 23

Requirement for System Configuration and Management

The Application should be highly configurable; there should be minimal hard coded options. The

developed application should be parameter driven. The options, choices, popup for various data

should be configurable using software option and database configuration.

Requirement for Compatibility with Operating System

The developed system should be compatible and could be hosted and compatible to any widely

used operating system. The Windows system is more preferable and should avoid any vendor

specific system. The consultant should provide the detail hardware specification required to install

the system.

Requirement for Browser support

The developed web based system should be run at client end using most popular browsers. The

system should be compatible to at least following browsers. Mozilla Firefox, Internet Explorer,

Google Chrome, Opera, Safari, Edge. A personalized local access directory must be maintained.

Requirement for GUI Design

The system should facilitate full utilization of screen space (Adjustable to type of device, screen

resolution). There should be a facilitate access control, the user should be able to view / work on

the screens which are applicable for his/her role.

Requirement for Development Tools

The consultant will be responsible for development software and tools required to develop the

proposed task. Consultant should fulfil the license, API development and any other requirement

themselves. There should not be any cost in the implementation of the system.

Requirement for Database Software and Design

The database should be selected so that it can handle very large amount data. The database must

be RDBMS. The Database server would be having Oracle etc.

Page 24

The database should contain the following features

1. Good design/planning, Normalization

2. Good naming standards and documentation

3. Domain values should be properly handled and maintain proper data integrity

4. Maintain recovery, concurrency control, Automatic Backup and others

5. Maintain integrity

6. Stored procedures to access data

7. Proper testing

8. Recovery pattern/schedule

Requirement for Database Management System

1. The system should be able to support high level of concurrent usage and should be scalable

2. The system should be configured in a clustered mode at the data center to ensure high

availability and failover

3. The system should be able to currently store at least 20 TB of data and should be scalable

4. The Database Schema should be designed in an efficient manner and should have ability

to incorporate the appropriate normal form of database design

5. The System should have proper facilities to define backup schedules

Requirement for Database Security

1. The system should not allow direct access to the data from any non-application software

platform, such as Database prompt

2. The system should not provide access to the database prompt for accessing the application

data. Access to the database should be restricted only through the application software

interface

3. Whenever, the database is accessed for administration related purpose, the access should

be audit trailed or logged

Page 25

Requirement for Web Services

1. System shall based on industry standards (e.g. W3C) and should not be limited by

proprietary platforms of any kind

2. The system shall be designed with the objectives of efficient delivery of other solution

components

3. The system shall be open to interface with Other Departments systems for required data

exchanges and validations

4. The system shall be able to expose its service delivery functionality on request from other

departments and on approval of the same by DCGF

5. The system shall have the capacity of being deployed in load balanced clusters to provide

availability and scalability

6. The system shall be built on Open Standards and have Web Interfaces for the client access

7. The system shall have scalability to meet future transactions so that change or upgrade in

Operating System, Software Platform and Tools or any other components used, must not

render the system incompatible and limited use

8. System shall provide for necessary validations/ alerts to avoid wrong entries or to prompts

in case of wrong entries

9. The system shall have capability to logically partitioning the switching system to avoid

interfaces with other set of users

Requirements for Scalability

1. The system architecture shall be scalable and capable of delivering high performance as

and when the number of users and transactions increase

2. The system shall sustain the increased number of transactions in future

3. The Application and deployment architecture shall provide for Scale up and Scale out on

the Application and Database Servers and all their solutions components

Page 26

Requirement for Modularity and Flexibility

1. The system shall cover a range of business processes modules within application and it

should be capable of adding more functionality, modules or number of users. The system

should be able to integrate with other system / products / applications on open standards

2. The system shall be adoptable to changing practices and in case need arises to customize

specific needs, the system should be flexible to integrate with new add-ons and processes

that can be plugged-in with the existing system

Requirement for Logging and Audit Trails

1. The system must keep an un-modifiable audit trail capable of automatically capturing and

storing information about All the Actions (Create/ Update/Delete), The user initiating and

carrying out the actions, Date and time of the events.

2. Once the audit trail functionality has been activated the system must track events without

manual intervention and store in the audit trail information about them.

3. The system shall have a timeframe for which old audit logs will be maintained for ready

reference in the system. The old records should be archived in the DCGF database.

4. The system shall have the functionality to log all application transaction details including

time stamps, operators, approver, Update/ Modification trails etc., Browser information, IP

Address etc.

5. Any critical log information, which requires urgent attention, such as issues can lead to

downtime, shall be captured properly and an appropriate alert be generated and sent to

department officials as well as the technical support team.

6. The system shall have a secure and preferably embedded log repository to store logs that

do not require separate database expertise to administer and manage.

7. The System shall support the following methods for log collection

a. Windows Management Instrumentation (WMI) for remote collection from the

Windows Events log

b. Syslog

c. Open Database Connectivity (ODBC) Text Log

Page 27

d. Open Platform For Security (OPSEC)

Requirement for Searching and Reporting

1. The system should have the provision to store, load and delete customer queries to each

user for easy retrieval

2. In the Query builder reports, the reports should have features to save the report data and

retrieve the saved report and also delete the same

3. System should provide the user with search hints/ tips on the data fields such as Names,

Locations and Objects

4. Users should be able to choose a search options. Users should be provisioned on option to

add additional filtering criteria to that search such as adding AND OR conditions

Backup and Recovery

1. The system should have the backup solution for regular/ scheduled backups

2. The system should have the facility to backup the data and stored within the CGFMIS

database in accordance with backup policy

3. The system shall have asymmetric encryption of data backup files such that encryption can

be done using a public key of the authorized user and decryption can be done using the

private key of the same user.

4. Consultant should provide the Data Recovery Plan for the backup data and there should be

no effect in the system after data recovery.

Requirement for Security:

1. Configurable Two factor authentications (TFA) will be used for security purpose

(Administrator can configure either TFA enable or disable).

2. The system shall develop according to the OWASP Web Security Guideline. The system

should be free from security vulnerability like SQL Injection, XSS, CSRF, Session

Hijacking, Google Hacking, Directory Traversal, Broken Session, IDS /IPS.

3. There should be Audit trails mechanism.

Page 28

4. The System shall have a Role Based / Module Based ACL.

5. There should be a Password Validation Requirement Checking.

6. The system shall force to change the password of users in every 3 months (it should be

parameterization based i.e. Administrator can set the period of forced password change

policy.

7. Consultant is not allowed to use any existing CMS for the development, however, can use

Existing Security proven and scalable Software architectural, Design Patterns, Framework

or Class Libraries.

8. Before launching the system, the Consultant should perform the independent Third party

Audit and Vulnerability Assessment and Penetration Testing (VAPT) of the system and

must submit the report. After the Security Audit report evaluation, if the Consultant is

passed in Security Audit then only the final instalment of payment will be released to the

consultant.

Requirement for Session Management

1. The system shall limit more than one session per user or Process ID

2. The system Shall limit on the maximum time length of an idle session

3. The system, users should be able to explicitly terminate the session

4. The system should not store authentication credentials on client computers after a session

terminates

5. The system shall map the sessions with the client machines and should store the appropriate

data

Requirements for PKI Based Authentication and Authorization

System should support PKI based Authentication and Authorization, in accordance with Electronic

Transaction Act of Nepal, using the Digital Certificates issued by the Certifying Authority

Approved by Govt. of Nepal

Page 29

System interfacing and integration Requirement

1. The DCGF portal shall bring all of its services under one umbrella and provide a unified point

of access to citizens, internal users and other intended users to avail services.

2. The System shall support TCP/IP, HTTP, and HTTPS for all traffic between user screens and

the applications.

3. The Proposed solutions shall provide interfaces and formats for data transfer between external

agencies and relevant stakeholders as per the requirement.

4. The DCGF shall include various tools /adaptors to interface with various software applications

implemented and used by the various departments.

5. Provide integration capabilities to support data collection and data synthesis services related

to DCGF used by various departments to provide the services specified in the modules of the

DCGF portal.

Test Data Generation

Consultant should generate the automated test data to verify the smooth operation of the system

before the implementation of the system in DC & DR site.

Response Time

The response time of the system should be as under:

For data transaction like – add, update, edit, delete etc. Response time shall be less than

one second or less.

For complex transactions: Response time will be two seconds but in any case time for

completion of the transaction shall not exceed five seconds

Response time for “help, exit/entry of menus, scrolling or paging, error processing etc.

shall be one second or less.

The response time of the system shall be less and the system shall be workable within 512

Kbps Bandwidth.

Page 30

Data Center & Infrastructure

1. Server will be hosted in Data Center within DCGF premises and Disaster Recovery Center

(Out of Kathmandu Valley, will be reveled later). Consultant shall implement the system

in DR site as well.

2. All the configuration and system implementation shall be carried out in DCGF premises

and DR Site thus consultant shall manage all the expenses for transportation and other

arrangements.

3. Currently DCGF has following infrastructure

a. Database Server – 300 GB x 6 (RAID 5)

b. Application Server – 300 GB x 3 (RAID 5)

c. CISCO 2960 G Catalyst Switch (24 Ports)

d. KVM Layout Device

e. KVM Switch

f. ATS

g. NVR

h. Cisco ASA 5505 Series Firewall

i. Reverse Cable PDU x 2

j. Universal PDU x 1

4. Through study of existing infrastructure Consultant shall provide the detail of additional

hardware (including Server, Network, UPS, Racks and other necessary equipment) and

system requirement for smooth operation of CGFMIS including Bill of Quantity (BoQ) for

hardware for DC and DR site.

Quality Assurance Plan

To ensure the final system is of the utmost quality, consulting firm must develop and approve the

following documentation as part of quality assurance during system design and development. The

Plan must contain stakeholders responsible for Quality Assurance, Tasks and Responsibilities of

each stakeholders, Standards and Guidelines followed, Quality Measurement metrics, Tools,

Page 31

Techniques, and Methodologies used to ensure quality of the system and Frequency of Quality

assurance program

1. Formal Technical Review plan, Walk through, Inspection and Audit (Process and Product)

Plan

2. Process and Product Audits

3. Verification and Validation Plan

4. Test Plan

5. Software Development and deployment Plan

6. Configuration and Change Request Management Plan

7. Risk Resolution Plan

8. Resolution and Corrective Action for Deviations and Non – Compliances

9. Recording and Analyzing Deviations and Noncompliance Items

10. Documentation Plan

Change Request Management

1. Changes may be generated by the identification of new required functionalities during design,

errors or defects in the current implementation and high priority requests to enhance existing

functionalities. Consulting firm must define the appropriate Change Request Management

process to incorporate the changes occurred during system design and development phase.

Information about the change, including scope, feasibility, and impacts to existing

requirements and technical architecture, shall be needed for the reviewed and approved by the

DCGF.

2. Consulting firm shall develop the well-managed mechanism to incorporate the changes in the

system using standard configuration and version management systems like GIT/SVN. It

creates an ease to make any modification or changes in the requirement as well as particular

functionality or even in a single file of the system.

Requirement for Multi User Environment

The developed application should be multi user web based application. The application should

support multiple user login and work on the system concurrently. The developed application

Page 32

should be designed and developed in such a way the administrator can create and assign a differ

roles and assign users to that role i.e. Role based ACL (Access Control system) on modules.

Requirement for User Interfaces Design

1. The system should have unified, easy, flexible and user friendly interface enabling the

following settings

a. Personnel User Menu

b. Personnel user settings

c. Field composition on Screen

d. Webpage Navigation on the Screen

2. The Chosen technical platform for UI should adhere to GEA/ NEGIF and Other Standards

developed by GON

3. Should include the latest web integration features

4. Should support latest industry standards for Portal Development

5. Should support personalization of UI if required at user level

6. Should able to initiate appropriate workflows based on applicable business rules

7. Should provide contextual online help to users

8. The System should have uniformity in screen resolution. The Pictures and documents

should be displayed in optimum resolution for the user to view it properly

9. The GUI Form Administration should support the following without coding effort:

a. Changing Fields or tab labels

b. Hiding fields or tabs

c. Changing the Position or size of the fields or labels

d. Adding restrictions like mandatory or not

e. Setting default value in a field

Page 33

Software Standards and Performance

Open Standards

GEA recommends Service-Oriented Architecture (SOA) as an architecture style to deliver services

to any stakeholders. Hence, the DCGF shall be designed and developed following the underlying

principles of SOA.

1. Should Support Service Oriented Architecture

2. Portal platform should support SSL for Secure Communication over web

3. Support for a broad range of web services technology adhering to standards including but

not limited to SOAP, WSDL, UDDI

Government Enterprises Architecture (GEA)

System shall be developed following the standards and compliance defined by GEA and generic

dataset published in NeGIF for development and implementation of ICT systems. The system

should adopt, comply and adhere with the recommended standards for data, design, architecture,

security architecture etc. The main system, subsystem, component, design, document and any part

that is implemented and used for this task will comply with following guideline documents where

applicable.

Government Interoperability Framework (NeGIF)

System shall be developed following the standards and compliance defined by generic

dataset published in NeGIF for development and implementation of ICT systems.

System Development shall adopt the coding standards given in Nepal Analysis Standard

Code for Information Interchange (NASCII)

System Performance

- The Consulting firm is required to devise performance test criteria to ensure that the system

functions as required in the production environment.

Page 34

- The Consulting firm must indicate the average response time for the various functions of

the system. The response time refers only to server and network response time (i.e.

transaction time) – not to the functional time required to process the actual transactions

Software Performance and key cross cutting characteristics

The Application /system should offer in memory caching minimizing un-necessary

regeneration of Application portal pages for performance improvements.

The System solution shall follow the ISO 27001 / BS 7799 Standards for information,

Network and Application Level security

The System architecture shall be designed in such a way that the system responses time of

the system shall be fast, the system must support comprehensive analytics module to track

portal community traffic, searched keywords, system responses time, document

downloads, user turnover, visit duration etc.

Input/output Validation

1. The developed system shall be properly validated on the client side as well as server side

also, consultant shall ensure that any input validation performed on the client is also

performed on the server

2. Input validation should be applied on both syntactical and semantic level

3. Input validation should be based on Calculation of Premium Value and Rate of the Product

of DCGF

4. Input validation can be implemented using effective enforcement of syntactic and semantic

correctness which shall cover

a. Data type validators

b. Type conversion

c. Minimum and maximum value range check for numerical parameters and dates,

minimum and maximum length check for strings

d. Array of allowed values for small sets of string parameters

e. Regular expressions for any other structured data

f. File Upload

5. Client-side validation to provide interactive UI

Page 35

6. Server-side validation to validate the data securely within our system.

7. The following common strategies for data validation can be used:

Accept known good (allow list or positive validation): Accept only data that satisfies

specific criteria, and reject all other. It is the most secure approach. So our design

considers this Strategy as primary validation strategy for CGFMIS system validation.

Reject known bad (block list or negative validation)

Sanitize: Eliminate or translate characters in an effort to make the input safe.

Capacity Building, knowledge transfer and Training

The Consulting firm shall bear all the expenses cost which may include Logistics, training

resource person and manuals and hands out. DCGF will not bear any type of cost related

to training and knowledge transfer however DCGF will facilitate to arrange the participant

and trainee.

The Consulting firm shall develop training materials illustrated with screen shots of all user

interfaces of the application.

The Consulting firm shall conduct needs-based training sessions for the staff of DCGF and

other concern stakeholders to fully acquaint them with the operation and maintenance of

the system along with application features and functionality.

The Consulting firm is required to develop standard operating policies to ensure smooth

handover following completion of the project. The operating policies should include

guidance to DCGF on standards of performance for and maintenance of all aspects of the

system, backups, changes to the system, and access controls including roles.

The Consulting firm shall prepare written operations, and system’s management

procedures. Full system documentation will be provided in electronic version in

English/Nepali.

The training of users must be conducted in batches of fifteen (7) days to ensure the DCGF

stakeholders and users feels comfortable in using the new system.

The training materials must also facilitate training for trainers, and must be developed with

a view that relevant authorities' staff in conducting future trainings can use them.

Page 36

For system administrators, it is expected that within one (1) month from post-

implementation, knowledge transfer will be completed and at least two (2) officials from

DCGF will be fully trained so that competent authorities are able to maintain and operate

the system independently without Consulting Firm support.

The Consulting firm will work to put in place a support-desk mechanism that the DCGF

can use to foster long-term sustainability of the project. This includes:

Structure and organization of a support infrastructure

Development of knowledge base and frequently asked-questions resources that are

online and searchable.

Testing

Test Plan

The Consulting firm will submit to Test Plan for Security Testing, Stress, Performance and User

Acceptance Testing (UAT) for review and approval.

Security testing of the System

The Consulting firm will perform a full characterization of the System for the purposes of

information security to identify the boundaries, resources and information that are part of

the System for the purposes of developing a systematic penetration test strategy. This will

form a key component of the Security Test Plan

The Consulting firm will submit to Security Test Plan for review and approval.

The Consulting firm will develop a cyber-incident response plan that covers:

o Procedures for mitigating and protecting against cyber attack

o Procedures for mitigation and isolation of affected systems, systems cleanup

o Procedures to minimize loss of data during attack

o Cross-reference to any business continuity plans that need to be activated during

cyber attack

Page 37

Stress and Performance testing

The Consulting firm will perform stress testing of the system in order to determine the

operating limits of the environment deployed.

The Consulting firm will perform performance testing of the system in order to determine

the response characteristics of the system under load.

Before commencing with performance and stress testing the Consulting firm will develop

test plans, in coordination with the competent authorities, which will be approved by the

DCGF. These plans should, at minimum, include the following:

o Identification and characteristics of the test environment

o Identification of performance acceptance criteria

o Plan and design of tests to be carried out. Tests should approximate anticipated

workloads and follow commonly accepted test methodologies. The Consulting firm

should explain in detail each of the tests to be run.

o Test execution

o Analysis of test runs

o Reporting and recommendations for remediation as needed

Upon completion of the tests, the Consulting firm will deliver a report that summarizes

results and as appropriate, suggest remediation

Installations, Commissioning and User Acceptance Testing (UAT)

The software system provided shall undergo a proper testing plan to make sure that the

software when signed off to DCGF is free from deficiencies. The DCGF shall inspect, test,

and approve functionality of each module in the system before signing it off as complete.

The complete system shall be declared “Go Live” after completion of the final User

Acceptance Test (UAT) and approved by DCGF. The consulting firm is responsible for

developing the UAT Plan and Approved from DCGF before starting the UAT. The UAT

plan shall be include the following

o Test cases demonstrating all functionality and system requirements stated in the

System Design Document

Page 38

o Test cases and procedures to demonstrate integrated functioning of system

components and sub components of this TOR and SRS document that is to be

prepared including external systems (if any identified during requirement analysis)

o Test procedure to demonstrate high availability, performance, manageability and

security of the System

o Test procedure to demonstrate the process and tools deployed for measurement and

enforcement of parameters related to standards to be followed

The consulting firm shall co-ordinate with the PMU for completion of installation and

commissioning of CGFMIS solution and the system software.

Consulting agency shall be responsible for ensuring operational readiness for the developed

system.

Both consulting firm and DCGF shall sign the report of the installation and commissioning

inspection, which shall be part of the User Acceptance Test (UAT).

Data Archival and Housekeeping

For the high availability of the data and the system there should be proper:

a. Provision for data archival and housekeeping

b. Provision for configuring data archival and housekeeping method, device type, time of

archiving and retrieval situation.

c. Provision for storing achieved requests separately from the active requests and shall have

separate search and reporting options. However, it shall be noted that the requests, once

archived, cannot be modified, deleted, or moved back to the active state.

Licensing and Intellectual Property

All source code, database files and all the documentation related to this system shall be the

ownership of DCGF and it has intellectual property. However we will manage the license

of Operating System, Database Server and infrastructural related licenses.

Ownership of the system shall be the transferred to DCGF and there will be no any claim

of any Intellectual property by consultant for this system.

Page 39

CGFMIS Documents and Deliverables

The project reporting must be performed in continuity throughout the project, these

include, among others, progress reports and documentation of mid-project change requests

and impact assessments.

The Consulting firm will deliver the complete source code and technical documentation,

including the right to use, modify and study without any limitation to DCGF.

The consulting firm is required to handover all source code and documentation and the

ownership of which shall rest on DCGF. System documentation shall be descriptive with

snapshots. Such documents should cover:

S.N. Document/Deliverables Type Form of Submission

1 Inception Report Duly Signed and stamped Hardcopy

2 System Requirement Specification

(SRS)

Duly Signed and stamped Hardcopy +

Editable version on CD or on USB

3 Technical design and diagrams

(System Design Specification- SDS)

Duly Signed and stamped Hardcopy +

Editable version on CD or on USB

4 System configuration and setup

documentation, User Documentation

Hardcopy + Editable version on CD or

on USB

5 Administrative support

documentation

Hardcopy + Editable version on CD or

on USB

6 Source Code (Both application and

database Level)

Ready to deployed/ Executable Editable

version on CD or on USB

Technical/User Manual Content

Technical Manual (For Engineers/ Developers)

Consulting firm shall prepare a descriptive technical manual with detail of the process and modules

of the software. The prepared manual will contain following:

Page 40

a) Requirement of the software (like hardware requirement, software requirement, third

party/ middleware if necessary etc.)

b) Installation process

c) Components/Function/ Modules of developed system with input/output parameters

d) Troubleshooting and maintenance procedures (bug fixing, performance enhancement

and up gradation), A troubleshooting section detailing possible errors or problems that

may occur, along with how to fix them

e) Data exchange procedures (Data import / export)

f) Data Backup and restoration procedures

g) Some Frequently asked question about the System

User Manual (Operator/Users)

A consulting firm shall prepared a comprehensive user manual and submit to DCGF which

containing the overall operation of the software, so that it can be used for future reference.

Basically data entry, processing and report generation manual will be sufficient for operation level

staffs. The major content of the user manual will be as follows:

a. A description of form data entry and processing

b. A guide on how to use main functions of the system

c. Creating User / Assigning Roles and responsibilities (Only for top authorized level

executives)

d. System login, using system menus and their functions.

e. List of module of the system

a. Data/Form Entry,

b. Form Processing/Modifications

c. Report Generation

Consultant Qualifications

The consultant shall:

Be a registered company/firm in Nepal.

Have submitted tax clearance certificate for the last 3 fiscal years i.e. 073/74, 072/073.

071/072.

Page 41

The consultant shall submit certificate stating that they have been providing similar

services for the last 7 years.

The consultant should have supplied similar solutions and services to at least two different

clients (of similar scale: NRs. 7 million each) in the last 3 year. Authentic user certificate

or proof from the end user should be provided in the proposal.

Have permanent operational office in Nepal and should be available to respond to post

implementation, guidance and support.

The consultant should have an average annual turnover of at least NRs. 17 million in the

at least 3 years with positive Net-worth in last fiscal year. Financial Audited Report should

be submitted for the 3 years. Consultant must submit the audited financial reports (Balance

Sheet and Profit & Loss Account) of last 3 fiscal years.

Legal Document

The consultant shall submit notarized copy of

Firm Registration Certificate

Business Registration Certificate

VAT and PAN Registration Certificate

Copy of Tax Clearance Certificate / Tax return submission evidence for last Fiscal Year

(2073/74)

A written declaration made by the consultant, with a statement that s/he is not ineligible to

participate in the procurement proceedings; has no conflict of interest in the proposed

procurement proceedings, and has not been punished for a profession or business related

offense

Power of Attorney letter

Qualification and Experience Required for the Proposed Personnel

The following key personnel are required during the project period:

Page 42

SN Expertise Qualification Minimum Experience

1 Project Manager /

Team Leader

Master’s degree in IT

or Management

related subject

The Project Manager/Team Leader

shall have minimum 12 years of general

experience in management of IT

projects.

2 System Analyst Master’s degree in IT

or equivalent

The System Analyst shall have at least

12 years’ experience in System

Analysis, Design and Development.

3 Web Programmer Bachelor’s degree in

IT or equivalent

The Web Programmer shall have

minimum 5 years’ experience in Web

based System Development.

4 Graphic Designer Bachelor’s degree in

IT or equivalent

The Graphic Designer shall have

minimum 5 years’ experience in graphic

design.

5 Database Designer Bachelor’s degree in

IT or equivalent

The Database Designer shall have

minimum 5 years of general experience

in RDBMS.

6 Budgetary and

Finance Expert

Master’s degree in

Finance or equivalent

The Budgetary and Finance Expert


experience in Nepal Government

Budgetary or Financial Institution.

7 SOA / GEA Expert Bachelor’s degree in

IT or equivalent

The SOA / GEA Expert shall have

minimum 5 years of general experience

in SOA / GEA.

8 Quality Assurance

Expert

Bachelor’s degree in

IT or equivalent

The Quality Assurance Expert shall

have minimum 5 years of general

experience in Quality Assurance /

Quality Control.

9 Network / System

Administrator


IT or equivalent

The Network / System Administrator


Page 43

SN Expertise Qualification Minimum Experience

experience in Networking / System and

Server Administration with certification.

10 Insurance Domain

Expert


Management or

equivalent

The Insurance Domain Expert shall

have minimum 5 years of general

experience in Insurance.

11 Documentation/

Technical Writer


any field

The Documentation / Technical

Writer shall have minimum 2 years of

general experience in Technical Writing.

12 System Support

Staff


IT or equivalent

The System Support Staff shall have

minimum 2 years of experience in

system development and support.

13 Administrative Staff Intermediate Level or

equivalent

The Administrative Staff shall have

minimum 1 year of experience in

administrative.

Page 44

Consultant’s Personnel

The input of the consultant’s key personnel has been envisaged to be as follows.

SN Expertise Jobs to be Done Total man-hr

1 Project Manager /

Team Leader

Supervise the project team to ensure

quality and prompt services to the project.

Plan, execute and finalize the project.

2100

2 System Analyst Requirement gathering, Preparation of

SRS and SDS as part of system analysis

and design.

875

3 Web Programmer Coding, Debugging and pre/post System

Testing as part of system implementation.

8400

4 Graphic Designer Design a suitable user-friendly web

interface for both end user as well as

system administrators.

1050

5 Database Designer Design of relational database and

document archive.

525

6 Budgetary and

Finance Expert

Design of required form, report formats for

the entire financial and accounting module.

350

7 SOA / GEA Expert Design of SOA and GEA for the system. 175

8 Quality Assurance

Expert

Design of Test Plan, Functionality Testing

to ensure the quality of the system.

1400

9 Network / System

Administrator

Design of Network to DC and DR site,

Planning of Failover, Clustering and

perform the security in the server to secure

the system.

175

10 Insurance Domain

Expert

Understanding the policy of various

products of DCGF and providing

knowledge to the team.

525

Page 45

SN Expertise Jobs to be Done Total man-hr

11 Documentation/

Technical Writer

Preparation of inception report, technical

manuals for system administrator, end-

user, training manuscripts and help

manuals.

700

12 System Support

Staff

System Installation, Configuration, User

Orientation, Post implementation support.

2100

13 Administrative Staff Logistics management, coordination and

support during system development.

1400

Proposal Requirement

Application Process

Interested Consulting Firm, kindly submit the following documents:

a. Duly accomplished Letter of Confirmation of Interest and Availability using the template

provided by DCGF.

b. Personal CV, indicating all past experience from similar projects, as well as the contact details

(email and telephone number) of the Candidate.

c. After the received EOI document evaluation by DCGF team only 3-6 numbers of qualified

consultants with minimum obtained marks will be selected and DCGF will call for RFP

(Request for Proposal) to only those qualified consultants.

d. In RFP the consultant shall submit the Technical and Financial Proposal in sealed envelope

separately.

e. Financial Proposal indicates the entire inclusive fixed total contract price, supported by a

breakdown of costs, as per template provided.

Page 46

Duration of the Work and support:

Duration of Work

Total Contract Period is 24 Months. 12 Months period is estimated for System Analysis, design

and Development and 15 Months period is estimated for post implementation support activities

i.e. for maintenance phase)

Support

The Consulting Firm must assist in running the system on a daily basis until the end of the contract.

The Consulting Firm shall remain available for on-call support, by ensuring physical presence of

at least 2 staff, until the deployment of the system.

Once the new system is complete and handed over, the Consulting Firm and DCGF staff shall be

responsible for monitoring and reporting on all aspects of the operations of the system (including

uptime, availability, and response time) for the duration of the contract.

The following scenarios and activities must be scheduled and coordinated with DCGF’s staff:

Operational procedures including Archival/backup (on-site and off-site) / restore

procedures.

Systems Management housekeeping routine tasks (scheduled software and hardware

maintenance, security support activities for servers including patches for server

software, troubleshooting, maintaining logs and journals).

Security probing (Access Controls, Network availability, Database and Application).

Access control management and reports (access log, controls on username/password,

application controls, and audit logs).

Business continuity (including drills and simulations) in order to enhance competent

authority’s capacity to prevent or reduce systems downtime or outages.

Page 47

DCGF Related Laws & Bye Laws

निक्षेप तथा कर्ाा सुरक्षण कोष ऐि, २०७३

बार्षाक प्रनतवेदि २०७१/७२

निक्षेप सुरक्षण निदनेिका, २०७३

पिुधि सुरक्षण नवनियमावली, २०७३

लघु नवत्त तथा नवपन्न वर्ा कर्ाा सुरक्षण नवनियमावली, २०७३

सािा तथा मझौला उद्यम कर्ाा सुरक्षण नवनियमावली, २०७३

कृनष कर्ाा सुरक्षण नवनियमावली, २०७३

कमाचारी सेवा नवनियमावली, २०७३

लर्ािी निदनेिका, २०७३

आन्तररक लेखा परीक्षण काया निदनेिका, २०७३

कार्र्ात धुल्याउिे नवनियमावली, २०७३

नललाम सम्बन्धी नवनियमावली, २०७३

कमाचारीहरुकाको काया नववरण

खररद तथा आर्थाक प्रिासि नवनियमावली, २०७३

सुरनक्षत निक्षेपकाको नववरण पठाउँदा प्रयोर् र्िुापिे तानलका

http://dcgf.org.np/uploaded/Annual_Report_2071_2072.pdf

Page 48

Appendix

List of Reference Documents for Different modules requirement

1. Livestock Guarantee Module

[http://dcgf.org.np/uploaded/biniyamawali/samsodhan/pashudhan_samsodhan.pdf]

2. Micro-Finance And Deprived Sector Credit Guarantee Module

[http://dcgf.org.np/uploaded/biniyamawali/samsodhan/laghubitta_samsodhan.pdf]

3. SME Guarantee Module

[http://dcgf.org.np/uploaded/biniyamawali/samsodhan/sme_samsodhan.pdf]

4. Agriculture Guarantee Module

[http://dcgf.org.np/uploaded/biniyamawali/samsodhan/krishi_samsodhan.pdf]

5. Security Deposit Module

http://dcgf.org.np/uploaded/biniyamawali/Deposit_guarantee_directive.pdf

6. Investment Module

[http://dcgf.org.np/uploaded/biniyamawali/dcgf-lagani-nirdeshika-full-2073.pdf]

7. Procurement and Contract Management Module

[http://dcgf.org.np/uploaded/biniyamawali/kharid-arthik-prasasan-biniyamawali.pdf]

8. Auction Management Module

http://dcgf.org.np/uploaded/biniyamawali/Lilami-biniyamawali-full.pdf

9. HR Module

http://dcgf.org.np/uploaded/biniyamawali/Karmachari-biniyamawali-full.pdf