* The SOLUTION PROVIDER shall be responsible for the over-all management of the system including the core application software and entire related IT Infrastructure (as per “Bid” – if any). The following describe some prominent items of responsibility but the list need not to be treated final.
o Web Portal
o Application Software including the Integration Component for integrating with external agencies and any 3rd party component used in the application software
o Hardware and Software Server System including COTS software systems like OS and RDBMS at state data centre
The SOLUTION PROVIDER shall ensure compliance to uptime and performance requirements of system as indicated in the SLA in the RFP and any upgrades/major changes to the software shall be planned accordingly by SOLUTION PROVIDER for ensuring adherence to the SLA requirements.
Application Support & Maintenance
o During the contract period, SOLUTION PROVIDER shall be completely responsible for defect free functioning of the application software and shall resolve any issues that include bug fixing, improvements in presentation and/or functionality and others at no additional cost during the operations & maintenance period within a duration agreed between MG NREGS, RDPR Dept and the SOLUTION PROVIDER, any additional time will attract penalty. o SOLUTION PROVIDER shall provide the latest updates, patches/ fixes, version
upgrades relevant for the solution components agreed upon by the MG NREGS, RDPR Dept.
o The SOLUTION PROVIDER shall be responsible for software version management, and software documentation management reflecting current features and functionality of the solution. All planned changes to application systems shall be coordinated within established Change Control processes to ensure that:
Appropriate communication on change required has taken place Proper approvals have been received
Schedules have been adjusted to minimize impact on the production environment
o The SOLUTION PROVIDER shall define the Software Change Management & Version control process and obtain approval for the same from the MG NREGS, RDPR Dept. For any changes to the software, SOLUTION PROVIDER has to prepare detailed documentation including proposed changes, impact to the system in terms of functional outcomes/additional features added to the system etc. SOLUTION PROVIDER is required to obtain approval from the MG NREGS, RDPR Dept for all the proposed changes before implementation of the same into production environment and such documentation is subject to review at the end of each quarter of operations & maintenance support.
o For performing of any functional changes to system, which are deviating from the signed-off Functional Requirements/System Requirements, a separate Change Control Note (CCN) shall be prepared by the SOLUTION PROVIDER and effort estimates shall be mutually agreed between SOLUTION PROVIDER and MG NREGS, RDPR Dept. This is applicable to the change requests
coming up after the Go-live stage. Before, the go-live stage, such changes and feedbacks from MG NREGS, RDPR Dept pertaining to functional specifications will be incorporated by the SOLUTION PROVIDER without any additional costs to MG NREGS, RDPR Dept.
o Any changes/upgrades to the software performed during the operations & maintenance phase shall be subjected to the comprehensive & integrated testing by the SOLUTION PROVIDER to ensure that the changes implemented in the system meets the desired and specified requirements of MG NREGS, RDPR Dept and doesn’t impact any other function of the system
The SOLUTION PROVIDER shall review security advisories (such as bulletins generally available in the industry) on a regular basis to determine vulnerabilities relevant to the IT assets and take necessary preventive steps.
Infrastructure Maintenance: This clause would come into force only if the SOLUTION
PROVIDER has been mandated with the purchase of hardware required for the application (if any). In case, MG NREGS, RDPR Dept has accepted the mandate of purchasing hardware, as per the specifications of the SOLUTION PROVIDER, for the application, then SDC would be in charge of maintaining the hardware.
o The essence of the hardware maintenance contract is to ensure that all the components of hardware work perfectly in unison and deliver rated performance during the period covered by the agreement between the SOLUTION PROVIDER and the MG NREGS, RDPR Dept and that the systems uptime is upto the standards prescribed in the RFP.
o The SOLUTION PROVIDER would be responsible for guarding the systems against virus, malware, spyware and spam infections using the latest Anti virus enterprise / corporate edition suites which include anti-malware, anti-spyware and anti-spam solution for each Server. The Anti-virus suite and updates will have to be provided by the SOLUTION PROVIDER at regular intervals as and when the new signatures are released by the OEM. The cost of the software suite shall also be mentioned in the commercial bid. The SOLUTION PROVIDER for the purpose of support on new upgrades & patches shall have a back to back arrangement with the vendors/SOLUTION PROVIDER from whom the software suite is purchased. The copy of the same shall be submitted to MG NREGS, RDPR Dept.
o The anti virus should have the subscription for three years server download real-time updates and upgrades from the OEM site. The anti virus patches and updates will be pushed from State Data Centre (SDC). During the preventive maintenance visits, the SOLUTION PROVIDER will make sure that the latest updates is loaded in all the systems.
o The SOLUTION PROVIDER shall have the back to back agreement with 24/7 premier support with antivirus OEM, which shall ensure that any critical issues w.r.t. virus/antivirus/backup recovery/Application related issues are addressed within the 24 hrs. The copy of such agreement shall be provided by the SOLUTION PROVIDER to the MG NREGS, RDPR Dept. Such agreement shall be valid throughout the contract period.
o SOLUTION PROVIDER should provide solution to virus alerts when they occur (with in 24 hrs) or earlier in case of emergency. SOLUTION PROVIDER has to take corrective action in case systems get affected due to virus activity.
o The SOLUTION PROVIDER shall maintain the Hardware and Software
(including Applications, Databases, OS, Antivirus, Backup s/w or any s/w related for application deployment & maintenance/support etc) for a period of 3 years from the formal Go-Live.
o The SOLUTION PROVIDER shall perform rectification of system software problems due to crashing or malfunctioning of the OS; within the time limits prescribed in the SLAs.
o The SOLUTION PROVIDER shall perform installation of upgrades of system software, which should be under taken as part of preventive maintenance. The critical updates shall be implemented immediately. Rectification of system software problems due to crashing or malfunctioning of the OS; within the time limits prescribed in the SLAs.
o The successful bidder shall procure licenses as required for the complete IT infrastructure supplied under this contract. The license certificate has to be procured in the name of the MG NREGS, RDPR Dept, GOK.
o The essence of the software maintenance contract is to ensure that the entire systems software works perfectly in unison and delivers rated performance during the period covered by the agreement between the SOLUTION PROVIDER and the MG NREGS, RDPR Dept and that the systems uptime is up to the standards prescribed in SLAs.
o This includes the design of an appropriate System Administration policy with precise definition of duties, adequate segregation of responsibilities and obtaining the approval for the same from the MG NREGS, RDPR Dept. System Administration includes the activities listed below:
Performance tuning of the system (application and database) to enhance system’s performance and comply with SLA requirements on a continuous basis
24x7 monitoring & management of availability & security of the infrastructure & assets (including data, network, servers, systems etc). o The SOLUTION PROVIDER shall monitor security and intrusions into the
system, which include taking necessary preventive and corrective actions. o The SOLUTION PROVIDER shall monitor and record, server & network
performance and take corrective actions to ensure performance optimisation on a daily basis.
o Escalation and co-ordination with other vendors for problem resolution wherever required.
o System / Database administration tasks such as managing the access control system, creating and managing users and other related work
o SOLUTION PROVIDER is required to study the detailed data storage and backup & Recovery requirements of the MG NREGS, RDPR Dept including the
storage space required with necessary specifications and document it as part of SRS.
o SOLUTION PROVIDER shall design and implement adequate data backup and restoration procedures for new data (including the database and all other data elements generated by the system and users). SOLUTION PROVIDER shall ensure that Data backup is maintained till the last transaction occurring in the system. The data synchronization between the Data Centre and DR site shall also be designed and implemented by SOLUTION PROVIDER. SOLUTION PROVIDER shall also maintain the monthly data backup on the external backup tapes, in an encrypted form, which should be moved to a secured location agreed with the MG NREGS, RDPR Dept on a quarterly basis. The SOLUTION PROVIDER shall maintain the adequate stocks of spares to meet the requirements. The MG NREGS, RDPR Dept reserves the right to verify the stocks at any time.
o The SOLUTION PROVIDER shall enable audit logs for the server/system activities and such audit logs shall be analysed at regular intervals to identify and address the security and performance issues. The SOLUTION PROVIDER shall also produce and maintain system audit logs on the system for a period agreed to with the MG NREGS, RDPR Dept. On expiry of the said period the audit logs should be archived and stored off-site at a location agreed with the MG NREGS, RDPR Dept.
o Support to system users with respect to attending to their requests for assistance in usage and management of the application
o The SOLUTION PROVIDER shall proactively deploy any s/w agent to monitor the hardware and software for any signs of a breakdown/failure and plan maintenance accordingly. The SOLUTION PROVIDER shall undertake scheduled maintenance for as per a predetermined plan.
o Develop the Standard Operating Procedures (SOPs), in accordance with the ISO 27001 & ITIL standards, for PD Infrastructure management. These SOPs shall cover all the aspects including Infrastructure installation, monitoring, management, data backup & restoration, security policy, disaster recovery, operational procedures etc. The SOLUTION PROVIDER shall obtain sign-offs on the SOPs from the MG NREGS, RDPR Dept and shall make necessary changes, as and when required, to the fullest satisfaction of MG NREGS, RDPR Dept.
o Whenever a component has to be replaced because of technical, functional, manufacturing or any other problem, it shall be replaced with a component of the same make and configuration. In case the component of same make and configuration is not available, the replacement shall conform to open standards and shall be of a higher configuration specifically approved by MG NREGS, RDPR Dept. Other important activities shall include but not limited to:
Daily maintenance of system configuration
Implementation of system security features
Overall security of the network (excluding KSWAN)
Database tuning for performance
Tracking the servers’ performance taking remedial and preventive actions in case of problems
Proper upkeep of storage media for taking backups
o SOLUTION PROVIDER will undertake preventive maintenance measures as a part of overall responsibility for maintenance of the System. It will include the following activities:
Form PM policy in consultation with MG NREGS, RDPR Dept
Frame PM schedules
PM must cover entire system
PM activities must be conducted at least once in a quarter
o The SOLUTION PROVIDER shall be eligible to claim the cost of replacement of components lost or damaged due to theft, arson, natural calamities or proven mishandling of the equipment by the operators of the MG NREGS, RDPR DEPT, at the published rates thereof, based on the certificate given by the MG NREGS, RDPR Dept.
o The SOLUTION PROVIDER, may, if so advised technically and if applicable due to “Bid”, get a dysfunctional hardware component repaired in lieu of its replacement, subject to ensuring the overall compliance of the requirement of uptime.
o As a part of infrastructure and facility management reporting, the SOLUTION PROVIDER will provide following, but not limited to, system generated reports.
Daily health check up report to be part of the monthly maintenance report
Daily performance status including downtime for servers
Daily, weekly and monthly reports on activities related to system administration
Daily, weekly and monthly reports on activities related to database administration
PM report with date, time, name of personnel, his observations and action taken
List of issues faced, action taken and their status
User Profiles and Account Management
o SOLUTION PROVIDER is required to design and implement the user management processes and obtain sign-off from the MG NREGS, RDPR Dept for such process.
o The user-id naming & protocol shall be designed and implemented for all the user ids. Such naming convention and protocol shall be signed-off with the MG NREGS, RDPR Dept, which shall be adopted across the State.
o Necessary user account creation, management polices and procedures shall be defined and implemented by the SOLUTION PROVIDER including obtaining approval for each user id created in the systems. Separate user id shall be created or each employee, which uniquely identifies that employee across the network.
o The end users shall only be provided with role based privileges and access. Such roles, privileges shall be signed-off with the MG NREGS, RDPR Dept MG NREGS, RDPR Dept.
o System administration tasks should include tasks such as managing the access control system, creating and managing users, etc.
o Produce and maintain system audit logs on the system for a period agreed to with the MG NREGS, RDPR Dept. The audit logs should be archived and stored as per the Mandatory security requirements given in the Section 12 of the RFP.
o The SOLUTION PROVIDER shall perform system hardening which involves assessment and review of threats to various entities such as Operating System environment, Database tier/Application Tier or Webservers, end user systems, etc from non-authorized personnel and creation of a Security Policy to specifically mitigate these threats. The Security Policy should then be applied on all entities of the system.
o The systems would be subjected to a suitable audit by the MG NREGS, RDPR Dept and all the recommendations provided by the auditor should be addressed by the SOLUTION PROVIDER to the complete satisfaction of the MG NREGS, RDPR Dept.