Securities and Exchange Board of India Page 1 of 54

Securities and Exchange Board of India
Information Technology Department,

5th Floor, SEBI BHAVAN, Plot No.C4-A,
G-Block, Bandra Kurla Complex, Bandra (E)
Mumbai- 400 051
Invitation for Request for Proposal
INVITATION FOR REQUEST OF PROPOSAL FROM LEADING SOLUTION PROVIDERS FOR a
turnkey project of supply, installation, design, development and implementation of Enterprise
Portal Solution (includes Portal, Enterprise Resource Planning (ERP) solution, Business Process
Management (BPM), Custom applications development, Enterprise search engine, Business
intelligence and analytics, and necessary associated software may be provided),IT
infrastructure(Servers, Storage, Networking and Security Solution)).Project also includes migration
of data, integration of enterprise portal with other internal applications and post-implementation
support for Enterprise Portal Solution, System Software and IT Infrastructure (Server, Storage,
Networking, Security Components and necessary associated hardware and software).
Specifically the project requires developing infrastructure and processes for a comprehensive
Enterprise SEBI Portal to offer a role based access to information, enterprise applications to its
employees and intermediaries. Enterprise Portal shall have user-friendly, intuitive and easy to
navigate GUI with appropriate notification mechanism. It shall be designed, configured, integrated
and implemented as per SEBIs requirements.
Securities and Exchange Board of India (SEBI) is a statutory body, which operates within the legal
frame work of Securities and Exchange Board of India Act 1992. Its statutory objectives are:
Protection of Investors Interest in Securities Market

Promotion and Development of the Securities Market
Regulation and Supervision of Securities Market and Matters incidental thereto.
In this regard SEBI invites expression of interest for "Request for Proposal" from leading Solution
Providers of international class and standing to provide an end-to-end solution for building the said
project on a total turnkey basis.
The scope of work shall include following but not limited to:
1. Supply, installation, integration and post-installation support of required IT infrastructure
(Servers, Storage), Networking, Security solution and necessary associated
hardware/software components.
2. Implementation of Enterprise Portal Solution including but not limited to
a. Portal Solution
b. Enterprise Resource Planning (ERP) solution,
c. Business Process Management (BPM),
Page 1 of 54
d. Customs applications development

e. Collaboration and social networking solution
f. Mobility solution with apps on mobile devices
g. Integration with existing applications
h. Enterprise Search Engine
i. XML based data interchange
j. Business intelligence and analytics
3. Migration of data
4. Disaster recovery and business continuity solution
5. Post Go-live onsite support including but not limited to Patch Management of OS, Database
management, management of custom applications, application software and upgrade of
OS ,Database, Application Software and associated components),Systems and Network
monitoring, File system Management, Backup /Recovery of existing data before or after any
activity) during the entire duration of the project.
Note: Detailed scope of the work can be found at link
Application process
Interested Solution Providers are required to submit their application along with non-refundable
application fees of Rs. 5000.00 (Rupees five thousand only) by way of demand draft in favour of
"Securities and Exchange Board of India", payable at Mumbai and the necessary documentary
proof confirming their compliance with the following eligibility criteria.
1. Solution Provider should have valid SEI CMMI level 5 and ISO 9001 certification or above.
2. At least one similar kind of project based on Portal technology comprising at least three of
the following components viz. ERP(Enterprise Resource Planning), BPM(Business Process
Management), collaboration and social networking, mobility via apps on mobile devices,
integration with legacy applications, enterprise search engine, XML(eXtensible Markup
Language) based data interchange; executed for leading financial institutions, SROs(SelfRegulatory Organisations) or stock exchanges along with project details, approach, scope,
timelines, technologies used and current status. Solution Provider must mention the name
of the contact person, email-ID and contact number for verification purposes.
3. The Solution Provider should have technical support office at Mumbai and Chennai.
4. Solution Provider should have a competency centre in India for the proposed solution.
5. The solution provider should have valid authorization from and active relationship with OEM
for a minimum period of one year prior to the date of the advertisement.
Applications without necessary documentary proof and applicable fee, as stated above
shall be rejected.
Page 2 of 54
The application along with the above required documents and contact persons name, email-id,
contact no shall be delivered to the following address on or before July 22, 2013 in a sealed
envelope super-scribing "Enterprise SEBI Portal"
The Chief General Manager
Information Technology Department,
5th Floor, SEBI BHAVAN, Plot No.C4-A,
G-Block, Bandra Kurla Complex, Bandra (E)
Mumbai- 400 051
SEBI will scrutinise all the submitted applications and issue the RFP to the qualified solution
provider meeting the above mentioned eligibility criteria within 2-3 working days.
For any queries, you may contact Information Technology Department, SEBI at phone no. 02226449592 and 022-26449523
Please note that Request for Proposal (RFP) shall be issued only to the eligible Solution
Providers.
The Last Date of submitting the response to RFP is: August 19, 2013
SEBI reserves the right to accept/reject any or all expressions of interest received in response to
this advertisement without assigning any reasons, whatsoever. SEBI also reserves the right to
raise the eligibility criteria for short listing the Solution Providers.
Page 3 of 54
REQUEST FOR PROPOSAL (RFP)

FOR
Supply, installation, design, development and implementation of Enterprise Portal Solution

(includes Portal, Enterprise Resource Planning (ERP) solution, Business Process
Management (BPM), Custom applications development, Enterprise search engine,
Business intelligence and analytics, and necessary associated software may be
provided),IT infrastructure(Servers, Storage, Networking and Security Solution)).Project
also includes migration of data, integration of enterprise portal with other internal
applications and post-implementation support for Enterprise Portal Solution, System
Software and IT Infrastructure (Server, Storage, Networking, Security Components and
necessary associated hardware and software)
Important Note: "SEBI does not favour any particular proprietary standard, protocol,
software, hardware, etc. All product terms in this RFP are meant to be vendor neutral. In
case any proprietary technology terms are inadvertently used, by omission or commission,
vendors should quote any industry equivalent standard product with supporting technical
documents."
Page 4 of 54
Table of Contents
Table of Contents............................................................................................................................ 5
Abbreviations & Definitions ............................................................................................................. 8
SECTION I INTRODUCTION ....................................................................................................... 9
1.1.
About SEBI .....................................................................................................................9
1.2.
Location of Offices ..........................................................................................................9
1.3.
Objective ........................................................................................................................9
SECTION II PRESENT IT SETUP ............................................................................................. 10
2.1
Infrastructure Setup ...................................................................................................... 10
SECTION III BUSINESS REQUIREMENTS ............................................................................... 11
3.1.
Objective of Proposed Solution..................................................................................... 11
3.1.1.
Essential Business Requirements ............................................................................ 11
3.1.2.
ERP ......................................................................................................................... 12
3.1.3.
Portal Front End....................................................................................................... 14
3.1.4.
Content Management and Publishing: ..................................................................... 14
3.1.5.
Portal Collaboration and Social Features ................................................................. 15
3.1.6.
Portal Workplace Web Content Management .......................................................... 15
3.1.7.
Profiling of Content .................................................................................................. 15
3.1.8.
Access Control......................................................................................................... 16
3.1.9.
Web Sites for Different Localities ............................................................................. 16
3.1.10.
Authentication and Single Sign on (SSO) ................................................................ 16
3.1.11.
Employee Directory ................................................................................................. 17
3.1.12.
Workflows ................................................................................................................ 17
3.1.13.
Business Process Monitor (BPM) ............................................................................ 20
3.1.14.
Dashboards/Reports/Analytics ................................................................................. 20
3.1.15.
XML Based Portlet Applications ............................................................................... 20
3.1.16.
XML Based Data Exchange Forms .......................................................................... 21
3.1.17.
Custom Applications Development .......................................................................... 22
3.1.18.
Data Sources ........................................................................................................... 24
3.1.19.
Search Facility ......................................................................................................... 25
3.1.20.
Audit, analysis and reporting tools ........................................................................... 27
3.1.21.
Security ................................................................................................................... 28
3.1.22.
Portal and User Administration ................................................................................ 29
3.1.23.
Miscellaneous Requirements ................................................................................... 30
SECTION IV TECHNICAL REQUIREMENTS ............................................................................ 31

4.1.
Technical requirements ................................................................................................ 31
4.1.1.
Technical architecture of the proposed solution ....................................................... 31
4.1.2.
Solution components ............................................................................................... 32
Page 5 of 54
4.1.3.
Data centre / Server Room (Site Preparation) .......................................................... 33
4.1.4.
Hardware/ Sizing/ Performance Requirements ........................................................ 33
4.1.5.
Functionality of the solution components ................................................................. 35
4.1.6.
Analytical Tools for Business Intelligence ................................................................ 36
4.1.7.
Interfaces ................................................................................................................. 36
4.1.8.
Support .................................................................................................................... 37
4.1.9.
Performance Monitoring & Tuning Tools .................................................................. 37
4.1.10.
Development Environment ....................................................................................... 38
4.2.
Networking, Security and Controls ................................................................................ 38
4.2.1.
Specifications for Network, firewall and switches ..................................................... 38
4.2.2.
Security and Administration ..................................................................................... 39
4.2.3.
Protection of Information .......................................................................................... 39
4.2.4.
Security Domains and Authentication ...................................................................... 39
4.2.5.
Audit Trails............................................................................................................... 39
4.2.6.
Reports .................................................................................................................... 40
4.2.7.
Controls within the Application ................................................................................. 40
4.2.8.
Connection Security................................................................................................. 40
4.2.9.
Vulnerability Assessment and Penetration Testing (VAPT) testing .......................... 40
4.2.10.
Support for multiple 2-factor /3-factor authentication systems .................................. 40
4.2.11.
Access Control......................................................................................................... 41
4.2.12.
Change Control........................................................................................................ 41
4.2.13.
Database Access and Control.................................................................................. 41
4.3.
Enterprise Backup & Recovery Solution ....................................................................... 41
4.4.
Business Continuity Planning (BCP) ............................................................................. 42
4.4.1.
Documentation of the Disaster recovery plans should include following, but not
limited to: ............................................................................................................................... 43
4.4.2.
Implementation and Testing ..................................................................................... 43
4.4.3.
BCP testing Schedule .............................................................................................. 43
4.4.4.
Maintenance of BCP ................................................................................................ 43
4.4.5.
The proposed BCP/DR solution should have following features but not limited to .... 44
4.5.
Implementation Requirements ...................................................................................... 44
4.5.1.
Implementation Plan: Delivery of hardware and solution .......................................... 44
4.5.2.
Evaluation of Time Frame & Effort Estimation .......................................................... 45
4.5.3.
Documentation ........................................................................................................ 46
4.5.4.
Source Code............................................................................................................ 46
4.5.5.
User Procedures ...................................................................................................... 46
4.5.6.
Training ................................................................................................................... 47
4.5.7.
Testing ..................................................................................................................... 48
Page 6 of 54
4.6.
Other Technical Requirements ..................................................................................... 48
4.7.
Change Management Procedure .................................................................................. 49
SECTION V EVALUATION PROCESS AND TECHNICAL CRITERION .................................... 51
5.1.
Evaluation Process ....................................................................................................... 51
5.2.
Evaluation criteria ......................................................................................................... 51
5.3.
Technical Evaluation .................................................................................................... 52
5.3.1.
Proof of Concept (PoC)............................................................................................ 52
5.3.2.
Commercial Evaluation ............................................................................................ 54
Page 7 of 54
Abbreviations & Definitions

As used in this Request for Proposal, the following capitalized terms have the following
respective meanings & definitions set forth below:
API
AD
BCP
PROPOSAL
BKC
BROWSER
CERT-IN
DoS
DR
EMD
OS
PKI
DMS
OID
IMSS
DBWIS
LO
RO
ERP
ESS
PROJECT
QC
RFP
SEBI
SEBI Portal
SOLUTION
PROVIDER(SP)
UPS
VPN
WAN
XML
Application Program Interface

Microsoft's Active Directory
Business Continuity Plan
A generic term covering Proposal or Tender submitted in
response to this RFP
Bandra Kurla Complex
To access the applications available on the web (Internet
Explorer, Mozilla Firefox, Google Chrome, Opera)
Indian Computer Emergency Response Team
Denial of Service
Disaster Recovery
Earnest Money Deposit
Operating System (like UNIX, Linux, Windows)
Public Key Infrastructure
Document Management System
Oracle Internet Directory
Integrated Market Surveillance System
Data warehouse and Business Intelligence System
SEBIs Local Offices
SEBIs Regional Offices
Enterprise Resource Planning
Employee Self Service
The objective of the Contract as a whole; the sum total of all
elements of the contract
Quality Control
Request for Proposal
A comprehensive and integrated Portal solution comprising
Portal, ERP, Custom applications and integrated applications
A generic term meaning a respondent to this RFP
Uninterrupted Power Supply
Virtual Private Network
Wide Area Network
Extensible Mark-up Language
Page 8 of 54
SECTION I INTRODUCTION
1.1. About SEBI
Securities and Exchange Board of India (SEBI) is a statutory body, which operates within the
legal frame work of Securities and Exchange Board of India Act 1992. Its statutory objectives
are:
Protection of Investors Interest in Securities Market
Promotion and Development of the Securities Market
Regulation and Supervision of Securities Market and Matters incidental thereto.
Detailed information on the functions of SEBI is provided on the website, www.sebi.gov.in.
1.2. Location of Offices
SEBI has its offices in following locations:
Head Office
Bandra Kurla
Complex,
Mumbai
Regional Offices
Chennai, Kolkata, New Delhi ,
Ahmedabad and Mittal Court,
Mumbai
Local Offices(#)
Guwahati,
Patna,
Kochi,
Bhubaneswar,
Hyderabad,
Bangalore, Lucknow, Jaipur,
Indore, Chandigarh, Raipur,
Srinagar, Shimla, Dehradun,
Panaji, Ranchi
(#)As per the expansion of activities in SEBI, more Local Offices may be opened.
1.3. Objective
infrastructure(Servers, Storage, Networking and Security Solution)).Project also includes
migration of data, integration of enterprise portal with other internal applications and postimplementation support for Enterprise Portal Solution, System Software and IT Infrastructure
(Server, Storage, Networking, Security Components and necessary associated hardware and
software).
Page 9 of 54
SECTION II PRESENT IT SETUP
2.1
Infrastructure Setup
Present IT Infrastructure including their corresponding versions is as follows:
S.No
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
Product/Application
Oracle Portal
Oracle ERP
Oracle Database
Custom-built Applications
EMCs Documentum
WebContent Management
MSs Mail and Messaging
Anti-Virus(McAfee)
SEBI Website
Visitor Management System
IP Telephony(VCX server)
Scores System(website)
DBWIS
IMSS
Business Objects
SAS
Version
10.1.2.0.2
11.5.9
10.1.0.4.2
J2EE 1.3
Exchange 2010
4.6
9.85
Netezza 12.12
SMARTS
Page 10 of 54
SECTION III BUSINESS REQUIREMENTS

This section sets out the capabilities and functionality expected from the proposed solution.
3.1. Objective of Proposed Solution
SEBI desires to implement a comprehensive Enterprise SEBI Portal to offer a role and rule
based access to information, enterprise applications to its employees and intermediaries.
Portal shall have user-friendly, intuitive and easy to navigate GUI. It shall be designed,
configured, integrated and implemented as per SEBIs requirements.
3.1.1. Essential Business Requirements
Certain business features shall be supported and implemented mandatorily by all the
applications in the proposed portal. These features shall include but not limited to the
following:
1. Single Sign On: SSO shall be supported and implemented by all the applications in the
portal.
2. Icon based approach shall be followed wherever applicable.
3. Calendar integration: Proposed portal shall integrate the employee calendar with
different applications such as ESS, mail and messaging/Visitx etc. so that every task
undertaken by the employee will be reflected in the calendar. For example if an
employee applies leave via ESS then this information shall be reflected in his/her
calendar.
4. Multiple Channel Support: Portal shall be accessible from portable devices/tablet/mobile
devices like Apples IPAD, Samsungs Tablet etc. It shall also support any
upgraded/updated version of their corresponding Operating Systems/browser. For
tablet, there shall be a downloadable and installable native application to access the
portal. Each portal page designed and configured with its each implemented feature
shall efficiently run on leading tablets, any browser, and operating system available in
the market.
5. Accessibility: The proposed portal with its implemented features shall support and be
accessible from any Operating System and Browsers. It shall be ensured that portal
shall be compatible with their new versions during support period. Look & feel of portal
pages shall not change in any manner.
6. Localisation: New Portal shall support and implement multiple languages like Hindi,
Marathi, Tamil, Telugu, and Malayalam in addition to the English. It shall store user
preference of language and display the Portal as per selected choice whenever the user
logs in.
7. Alert/Pop-Up: A message shall pop-up at users screen whenever any new workflow
from internal applications received by the user. Even when his screen is not active. For
example message generated through workflow, custom application, DMS, Mail &
Messaging, Score etc.
8. Personalisation and Customisation: Feature should be available to end user like
iGoogle.
Page 11 of 54
9. Password reset functionality shall be provided so that employee shall be able to reset
the password by his/her own
10. Bookmarks Facility for portal with following features.
(a) Quick links to favorite websites-Use Web History to find the frequently visited
sites and bookmark favorites.
(b) Get your bookmarks on any computer-No matter where one may be surfing the
web, bookmarks should be available to user just by signing in.
(c) Keep bookmarks organized-add searchable labels and notes to bookmarks to
find them easily and keep them organized.
11. Application response time should not exceed 3 seconds threshold for any delivered
applications (Portal, ERP and Custom Applications)
Please Note: Solution Provider needs to warrant that the solution implemented shall meet
the performance requirements as mentioned in the RFP. Solution Provider shall augment
the system at its own cost and expenses, if these performance requirements are not met by
the supplied systems as per this RFP.
3.1.2. ERP
It may be noted that all the modules offered should be from same OEM. The following
modules to be developed as per SEBI's requirements:
3.1.2.1 HRMS Modules
These modules shall include but not limited to the following:
1. Existing modules
i. Leave module
ii. Training module
iii. HR module
2. Payroll module
3. Provident Fund module
4. Claims modules
5. Loan module
6. Taxation module: Proper logics need to be programmed in the salary package for
each taxable claim.
7. Attendance Management System.
8. Performance Appraisal Management System
9. Attrition Management System
10. Training System
11. Recruitment System
12. Tour Approval/ticket booking/claim for both foreign and domestic tours.
3.1.2.2 Finance Modules
In addition to the existing features in the present Finance package, following but not
limited to features shall be implemented by the Solution provider (AR, AP, GL, Treasury,
Fixed Asset, Cash Management, Purchase order, Budgetary, Procurement,
Reimbursement module(30 types of reimbursement), Inventory and Vendor Payment
System etc.)
Page 12 of 54
3.1.2.3 Employee Self Service Module

In addition to the existing features in the present ESS (Employee Self Service) package
new features shall be implemented by the SP. These features shall include but not limited
to the following:
1. Employee profile creation/updation option shall be provided to the employee so that he
can create /update his/her own profile.
2. Employee shall be able to enter his/her personal information which includes but not
limited to address, contact number, emergency contact number, bank account etc.
3. Employee shall be able to enter the dependent details using the Self-Service.
4. Leave Balance shall display by default for CL, OL and SL. If an employee has availed
any other leave like Study Leave/Extraordinary Leave/Accident Leave/ Special Leave
/Special Casual Leave/ Joining Time/Not in Service / Maternity Leave/Paternity Leave,
then same report shall display availed leave with information.
5. Entry Provision for Annual Return.
6. Provision shall be provided through self-service to submit Provident Fund settlement
details which shall reach the concerned department such as HRD, Establishment and
T&A.
7. ESS shall be integrated with the unified calendar in such a way so that employee on
leave/tour etc shall be reflected in the corresponding calendar of the employee.
3.1.2.4 Parameters with regard to ERP development
S.No
1.
2.
3.
4.
5
Type
Interfaces(ERP)
Workflows
Data Entry Users
Admin Users
Set of Books
Total no of objects
15
10
30
5
2 (SEBI, PF Trustee)
Implementation of all modules will be carried out across all offices (Head Office,
Regional Offices and Local Offices).
3.1.2.5 ERP Integration with Other Applications
ERP should be integrated with other applications; however these applications shall not be
limited to the following:
1.
2.
3.
4.
5.
6.
7.
DMS
Custom Applications
Business Intelligence and Analytics
Mail & Messaging
Active Directory
SSO
Printers
Data flow for the integrated applications should be bi-directional i.e. application will
push the data in ERP and vice versa
Page 13 of 54
3.1.3. Portal Front End

Portal front end features shall not be limited to the following:
1. User shall be having his/her choice of themes, skins, URL, pages, portlets, and page
layout.
2. Allow easy manipulation of portlets by administrator or authorized users. This includes
minimizing, maximizing, moving, resizing, closing and refreshing of portlets individually.
The SP shall pre-configure the portlets to integrate with the SEBI applications and made
available them in the portlets factory for user's selection.
3. Allow administrator and authorized users to create and deploy portlets and share
portlets with other users.
4. Provide an integrated facility to provide inter portlet communication.
5. Provide form-based portlet builders to build portlets that connect to various data and
application sources without coding. Sources include especially relational databases &
Web Services.
6. Have multi-lingual support for UI display input entries to happen in English
3.1.4. Content Management and Publishing:
Content management and publishing shall include the following features; however these
features shall not be limited to the following:
1. Provide rich text body field for users to author web pages that contain text, tables,
images and URL links without having to code any HTML.
2. Provide features for importing of contents from HTML documents.
3. Allow authorized content owners to edit web content within the Portal.
4. Allow content owner to sort and filter content , to easily locate a web content to be
modified.
5. Allow content owner to see only those web content that he has access to.
6. Provide workflows features that allow users to automate content review and approval
process. The workflow engine must be able to notify users alerts. The SP shall describe
how this can be accomplished and to implement the best workable solution as agreed
by SEBI.
7. Support scheduled publishing and expiry of contents.
8. Provide features for content management and provide tools to facilitate the creation,
publication and management of content.
9. Integrate with the personalization engine to facilitate content publishing to specific users
or user groups.
10. Provide facility to profile documents or contents, based on meta-data information such
as title, author, date, version, document format, category, keywords, etc.
11. Allow one content to be easily published into multiple places or pages on the portal.
Page 14 of 54
12. Provide features for emailing of newsletters to the users when content is updated.
13. Support versioning of content and provide options to view/revert to the previous
versions of the content.
14. Provide facility for the archival of contents.
15. Provide facility for published content to be displayed on web browser (HTML) or PDA
(WML) natively.
3.1.5. Portal Collaboration and Social Features
Portal shall not be limited to the following collaborative features:
1. Should have Instant messaging / Chat functionalities.
2. Should have Web conferencing functionalities.
3. Should have Team-based document sharing and versioning functionalities.
4. Should have Discussion threads/forums functionalities.
5. Should have Team Calendar functionalities.
6. Should have Web-based white-boarding functionalities.
7. Should have a People Finder Portlet/web part to search the employees and their
Organizational Hierarchy.
8. Team Collaboration
a. Describe and explain the components that are available in the product.
b. The solutions shall encompass the followingi.
Team Blog
ii.
Team WiKi
3.1.6. Portal Workplace Web Content Management

Portal workplace web content management shall include the following features; however
these features shall not be limited to the following:
1. End-to-end Web content management Content can be created (using a WYSIWYG
rich text editor), managed and published to multiple Web sites. There shall be
programmed template for data uploading.
2. A collaborative environment that makes it easy for users of all levels to work together
and complete review and approval workflow processes.
3. Built-in content lifecycle workflow - review and approval capabilities, automatic
expiration of old content to be dynamically delivered to the users.
3.1.7. Profiling of Content
The profiling features group similar contents together. Profiling methods to group content
items shall include the following features; however these features shall not be limited to the
following:
Page 15 of 54
1. A site framework consists of a set of Web Content Management items. Each site
framework consists of a single site under which a set of site areas and content items are
grouped.
2. Use taxonomies to group categories and have a predefined list of categories when
profiling a Content item.
3. Use Keywords to profile content.
4. Authoring templates to group content items and, similar categories and keywords that
can be used as search parameters in a menu element.
3.1.8. Access Control
Access Control for the new portal shall include the following features; however these
1. Restrict access to selected users and groups to the views within an authoring portlet,
the items managed by the authoring portlet, and to elements and pages displayed within
a Web site.
2. Assign roles to both a whole library, and the item types within a library using either an
additive or subtractive methodology.
3. Apply the Manager or Administrator role to the entire library.
4. Apply Editor, Contributor or User roles to specific item types and deselect the
inheritance check-box.
3.1.9. Web Sites for Different Localities
Maintain separate libraries and sites within Workplace Web Content Management for
different localities. New portal shall provide the following features but these features shall
not be limited to the following:
1. Create a separate library for each locality.
2. Create another library for any content that will be shared across localities.
3. Create a separate site for each locality.
4. Create a separate search collection for each locality.
3.1.10.Authentication and Single Sign on (SSO)
The portal system shall have following authentication and SSO features; however these
features should not be limited to the following:
1. Provide a facility to authenticate the users with two factor authenticate. The portal
system shall recognize users and their personalized requirements.
2. Support time out features that will automatically lock user account similar to the lock
facility available in windows after a specified amount of time. The system shall allow the
portal administrator to configure the time out settings.
3. Only single session per user at a time.
Page 16 of 54
4. Provide built-in single sign-on capabilities that enable users to sign-on once to the portal
and seamlessly connect the users to the enterprise applications.
5. User access shall depend upon his/her entry point i.e. whether the user is accessing the
portal from SEBI LAN or Internet.
3.1.11.Employee Directory
Employee Directory shall have the following features; however these features shall not be
1. Search for people within the organization.
2. View recent changes to directory.
3. Birthday messages on SEBI Portal Home page for logged on user.
4. Contact and location details for all employees.
5. Presence Indicator with status information such as busy/away/available etc.
6. User shall be able to generate organization hierarchy for each employee both up and
down without any coding.
7. Employee shall be able to update his profile i.e. he/she can update location, extension,
mobile number, photographs etc, which will require approval through workflow.
3.1.12.Workflows
New portal shall support both generic and customized workflows. All the existing workflow
data shall be migrated to the new system. New portal shall not be limited to the following
workflow features:
New portal shall support both generic and customized workflows. All the existing workflow
data shall be migrated to the new system. New portal shall not be limited to the following
workflow features:
1. Use workflows to control the access to, verification and eventual approval of Web
content. If an item is approved at all stages up to a published stage than only it could be
viewed on the web site.
2. Changing an item's Status from Draft to Published. I.e., the item is available on the
rendered site.
3. An item will only be published once it has entered a workflow stage containing a publish
action, and when the selected published date and time has been reached.
4. Changing an item's Status from Published to Expired. This means the document is no
longer available on the site.
5. An item will only be expired once it has entered a workflow stage containing an expiry
action, and when the selected expired date and time has been reached. It will create
appropriate alert to notify the user. One could be able to create new email actions and
specify who the recipients will be.
6. Capability to select e-mail approvers, authors and owners. Capability to create list of
other users or groups to e-mail.
Page 17 of 54
7. Performing a scheduled move to the next stage on a specified date.

Detailed requirements will be provided during the requirement gathering stage.
For quick reference requirements pertaining to registration workflow are given below:
The Registration flow is for the departments in SEBI interacting with intermediaries and
working registration operations like - Fresh Registration, Updates, Surrender, Withdrawal,
Cancellation and Revocation. Following sequence of events occur for a fresh registration:
1. Intermediaries / Users provide information through the Registration forms provided
online.
2. On submission of the application notification is displayed to user with bulk upload
number/ application number for applications submitted by intermediary.
3. Uploaded information is processed and the registration workflow is triggered.
4. The task is sent to the division inbox, post which depending upon the configuration alphabetically /manually/sequentially/ load balanced the task is sent to the inbox of the
officer.
5. The user receives an alert notification for the applications received.
6. If the preference is set to perform manual assignment, a task is assigned to DC for
assignment of DO.
7. The DO can perform activities below to process the application at any given point of
time.
a. Comments Given Displays the user all the comments provided in past for the
request being processed.
b. Get Comments Provides user interface where task can be forwarded to
another officer for comments.
c. Please Discuss DC can ask DOs to discuss and give comments on the
specific registration application. This option is always for officers one level down
the hierarchy.
d. Meetings Initiate meetings for decision to be taken. The MOM processed as
part of the meetings needs to be filed in Registration File for reference.
e. Fees Module Sends out request to user for processing of fees. A link is sent in
notification for viewing amount to be paid.
f. Recommend/Put-up for DO can Recommend/Put-up for following option to
DC with respect to registration application.
i.Recommend/Put-up for Approval
ii. Recommend/Put-up for Rejection
iii. Recommend/Put-up for Conditional Approval
iv. Recommend/Put-up for Suspension
v. Recommend/Put-up for Revocation
g. Assign to DO for clarification Assigns task to selected DO for getting
clarifications. This action has the due date defaulted to 90 days, which can be
updated if required.
h. Get Clarification from Intermediary Sends out (multiple) emails to
intermediary for getting clarification. All the clarifications are timed for response
Page 18 of 54
and the SEBI user is sent reminder in case it is not closed on time. Responses
sent back by applicant for clarifications are auto attached to workflow. This action
has due date defaulted to 45 days.
i. Perform ATR (Action Taken Report) Search User can perform ATR search
and attach the results to the application (case). Once the required results are
obtained, the user can save the search results into system with date and time
stamp.
j. Approve Allows the user, depending upon Intermediary and the type of
operation being performed, to Approve the application. User can perform the
approval action in bulk. Also in case the user does not have the authority to
Approve, the request can be further Recommended to higher authority. The
Recommendation option can also be performed in bulk.
k. Conditionally Approve - Allows user to Conditionally Approve. (User approves
the applications based on conditions). There shall be a periodic report sent to
Dos for applications conditionally approved. This report shall be sent to Dos and
copied to DCs every month.
l. Reject In case the application is rejected, notification will be sent to the
applicant for the same. The applicant can reply back within 30 days. If applicants
do not come back within 30 days, then workflow will be stopped, else it will be as
it is.
m. Reopen - Reopen option is present for use where the application has been
previously closed, but a new workflow is being started for existing application
internally. This has to be initiated by SEBI. The reason for reopen needs to be
provided and captured in flow. The status of application needs to be checked;
once approved, a new registration number shall not be allowed to be generated.
The reopen option can also be used for converting the application status from
conditionally approved to approved or for extending the period of conditional
approval for the application.
n. Return back to DO DC/authorized Users can send the application back to DO
for further refinement by providing his comments. This option will be visible to
everyone above DO.
o. Suspension In case of any discrepancy (fraud, court orders, legal
investigation), DO can suspend the registration. The Suspension can be for a
defined period or for indefinite period. The registration entries and related entries
to registration (schemes, certificates, sub-brokers in case of brokers,
subaccounts in case of FII etc) are updated in database and reflected as
Suspended. In case of Broker, the suspension will result in cascading effect on
Sub-Brokers / Derivatives / Currency Derivatives.
p. Revocation Revocation occurs for the suspended registrations.
q. Fees Before/ After Approval Fees module is initiated and user is intimated
about the amount with a link to fees form in notification.
r. Cancel The registration entries and related entries to registration (schemes,
certificates, sub-brokers in case of brokers etc) are updated in database and
reflected as cancelled. In case of Broker, the Cancellation will result in
cascading effect on Sub-Brokers / Derivatives / Currency Derivatives.
s. On-Hold The DO can put the current application processing on-hold by
stating the reasons.
8. In case of updates or surrender process no processing fees are required.
Page 19 of 54
9. The application is rejected in case the Application is incomplete, and user is request to
perform necessary actions. The application can be closed once the request is approved
and processing is complete.
10. An FYI mail is sent to the concerned Intermediary once the registration or certificate
number generation / rejection has been provided.
3.1.13.Business Process Monitor (BPM)
Generic BPM engines shall be in the place for designing and customizing the workflows as
per the SEBI requirements i.e.
Proper process engine shall be in place for modelling and executing the process
based application including different business rules.
Proper business analytics shall be in place to generate customized reports on the
basis of individual requirements in addition to the readymade reports. Dashboards
shall be provided to view different statistics.
Proper content management system shall be in place for storing and securing
various attachments submitted with the workflow.
Proper collaboration tools must be there so as to provide discussion forums, dynamic
workspaces and message boards.
Solution provider is expected to submit in detail the generic BPM implementation

methodology including architecture.
3.1.14.Dashboards/Reports/Analytics
Dashboards/Reports shall be created as per the SEBIs requirements. Dashboards shall be
able to reflect real time updation of data for different kind of statistics. For example one such
requirement is to show statistics regarding the number of new registration requests
received.
User can set his preferences to arrange dashboards according to his/her own preferences.
In addition to already designed canned dashboards, generic interface shall be provided to
the users to create their own dashboards according to their respective business needs in
various tabular as well as graphical formats. Same applies for reports and other analytics.
3.1.15.XML Based Portlet Applications
Application creation tools shall be provided to the general users (IT as well as Non IT) so as
to enable them to create small XML based applications i.e. application could be designed
with drag and drop kind of interface in the application creation tool. These applications will
store data in the corresponding XML based database which could be integrated with the
main database at any point of time. Application creation tools shall not be limited to the
following:
1. The development tools must allow user to design portal pages by drag-and-drop
portlets, labels into the page.
2. The development tools must allow user to design portal themes and skins visually.
3. Rapid Application Developer for Custom Portlets: The tool must have a rich portlet
creation and customization features to build adaptive, robust portlets in a fraction of the
time and at a fraction of the cost. It must deliver native integration with the proposed
Portal, it must support the key Portal-specific features, however these features shall not
be limited to the following:
Page 20 of 54
a. Seamlessly integrate collaboration into your portal, enabling users to send

instant messages and e-mail simply by clicking on a person's name.
b. Easily leverage the Portal Credential Vault or LTPA tokens to provide single
sign-on capabilities.
c. Create a richly integrated portal experience by enabling portlets to interact and
share relevant information, even if they are accessing data from disparate
databases and systems.
d. Automatically deploy and redeploy portlet WAR files to Portal - without having to
touch ANT scripts or XML deployment descriptors.
e. Easily deploy portlets that adapt depending on the user's portal group.
f.
Automatically generate fully functioning user interfaces for each of the portlet
modes, including view, edit, and configure.
4. Dynamic Profiling:
a. The tool must have the capability to helps developers quickly and easily create
multiple, highly customized applications from one code base, all without
requiring additional code changes, redeployment of files, or publishing of HTML
and JSP. The tools must allow developer to apply different profile values to the
Builders to generate multiple applications with varying presentation, business
logic, data sources, and workflows.
b. The tools must allow creation of unlimited number of adaptive, role-driven
applications that change on demand.
3.1.16.XML Based Data Exchange Forms
Tools must be provided to IT as well as Non-IT users to design XML based offline
interactive forms so as to allow the users (both internal and external) to provide data for the
various purposes according to respective roles and responsibilities. These forms will store
data XML form which could be easily uploaded in the existing databases i.e. tool should
describe a machine-interactive form that consumes data produced by another machine,
performs some calculations and scripts, and then submits the updated data to another
machine. The sources of data could be a data base front-end, a barcode reader, or a client
application submitting data.
XML forms generated by the tool should provide the following capabilities, but should not be
1. Workflow: Data presentation, data capture and data editing, application front-end,
printing.
2. Dynamic interactions: From interactive, human edited forms with dynamic calculations,
validations and other events to server-generated machine-filled forms.
3. Dynamic layout: Forms can automatically rearrange themselves to accommodate the
data supplied by a user or by an external data source, such as a database server.
4. Scalability: Single-page static forms, dynamic document assemblies based on data
content, large production runs containing hundreds of thousands of transactions
Page 21 of 54
Users should be able to trigger the following action via these forms; however these actions
should not be limited to the following:
1. Calculations. Entering data into a field should cause the values of other fields to be
recalculated.
2. Data checks. Entering data into a field should initiate a series of validity checks on the
entered value.
3. Web Services interactions.
4. Submission of data to a server.
Forms should have the following accessibility and navigation features; however these
1. Visual clues. Fields should display default values that provide hints about the desired
input values. In addition to fields, XML form may aid the user, by providing radio
buttons, check boxes, and choice lists.
2. Accelerator keys. An XML form should include accelerator keys that allow users to
move from field to field, by typing in a control sequence in combination with a fieldspecific character.
3. Traversal order. An XML form should be defined with a traversal order, which allows the
user to tab from one field to the next.
4. Visual aids. XML form should specify text displayed when the tooltip hovers over a field
or a subform.
An XML form processing application can be requested to print both a blank and filled form
as well. The data for the filled-out form can come from a database, from an XML data file
generated by an application, or from a previous interactive session or sessions in which
data was manually entered. During this process, the form may be printed with print view
which differs from the view seen by users in interactive sessions. For example the print view
might have the following differences; however it should not be limited to the following:
1. Signature fields appear as underlines for hand-signing rather than as widgets for digital
signing.
2. Some of the data on the form is printed as barcodes rather than text.
3. Summary data is computed and printed on the first page of the form.
Solution Partner needs to design the various XML forms using the tool as per the SEBIs
requirement, which will be discussed during the requirements gathering phase.
3.1.17. Custom Applications Development
Solution Provider (SP) would be required to develop the following custom applications with
migration of existing data:
1. Applications catering to Intermediaries requirements:
i. Registration: Fresh registration, Renewal and Cancellation
ii. Payment and computation of fess payable by intermediaries
iii. Filing of compliance reports
Page 22 of 54
iv. Investment monitoring

v. Canned and flexible reports
2. Applications for corporate finance:
i. Mutual Funds - Filing of draft offer documents, new scheme reports, Investment
Monitoring, advertisement etc.
ii. Issue Listing - Processing applications related to new issues, rights issues,
follow-up offers, buyback of shares, takeovers, mergers and acquisitions.
iii. Canned and flexible reports
3. Regulatory and Surveillance:
i. Action taken database for all the intermediaries, enquiry and adjudication,
Payment of fees for lawyer, addition/deletion of new lawyer etc
ii. Initiation and processing of Pre-01, 01 and 02 cases, complaints, alerts etc.
4. Committee of Executive director module:
i. Meeting Agenda, Inputs, Approval of Minutes etc.
ii. Digital signature shall be provided and implemented.
5. Applications catering to allocation of resources available with SEBI:
i. Conference hall booking, holiday-home booking, Monthly-seminar booking,
weekly seminar booking, Flat Allocation, issue of stationery, flat allocation and
guest house allocation etc.
ii. Canned and flexible reports
6. SCORES system: New portal needs to integrate SCORES (scores.gov.in) along with
necessary BPM for complaint resolution. The system would include the following:
i. Addition and Updation of Complaints.
ii. Addition of Response to the Complaints.
iii. Initiation and Updation of Vanishing Company Cases.
iv. Maintain Region Heads for Complaints, Analysis, and Investor Education
Workshop etc.
v. Canned and flexible reports
Various categories of intermediaries are:
(FII, Sub Accounts ,Custodian, Portfolio Managers ,Mutual Fund ,Venture Capital Funds
,Foreign Venture Capital Funds ,Collective Investment Scheme ,Broker ,Sub broker
,Derivative Broker ,Currency Derivative Broker ,Merchant Banker ,Debenture Trustee
,Under Writer ,Bankers to the Issue ,Registrars and share transfer agents ,Credit Rating
agency ,Corporation Finance Department ,Depository ,Depository Participants)
SP is expected to demonstrate adequate domain knowledge and is required to submit a
detailed data model and ER diagram of the proposed solution clearly mentioning the data
flow within custom applications, between ERP and custom applications. SP shall also
highlight the methodology for the portal integration with other existing applications e.g.
DBWIS/Scores/IMSS/DMS/Mail & Messaging etc.
Page 23 of 54
3.1.18.Data Sources
New portal shall be able to integrate with various data sources; however these data sources
shall not be limited to the following:
1. Microsoft Mail & Messaging System: Workflow shall be integrated to send mail to
outside and inside domain in addition to the essential business requirements.
2. Enterprise wide databases: Integration with enterprise wide databases as illustrated at
Custom Application (3.1.16).
3. EMC Documentum: Following but not limited to features shall be implemented while
integrating the new portal with EMC Documentum:
a. It shall be integrated with the ERP in such a way that user can see the scanned
documents in ERP uploaded through documentum.
b. Workflow notifications received in DMS shall trigger alert/pop-up in Portal.
4. Visitor Management System (VisiteX System): Calendar integration with the VisiteX
system.
5. ERP: HRMS and Finance.
6. Library System:
a. Integration with the Libsys.
b. Search/request books.
c. Alert for pending library books shall come on portal.
d. Request for procurement of new books via workflow approval.
7. Microsoft Active Directory: Integration with the existing Active Directory.
a. Scores System: Programming the entire workflow.
8. SEBIs Website New portal shall be integrated with the SEBI website www.sebi.gov.in
so as to upload the information from database and portal.
9. Data-Warehouse Business Intelligence System (DWBIS): SSO shall be provided with
the appropriate dashboards and analytics.
10. 3 COM VCX SYSTEM:
a. Integration should be done in such a way that end user can call directly from
portal.
b. Call history integrated with the employee self-service.
The integration shall be bi-directional and data-flow based. The Solution provider may
provide & implement prevalent and proven technology to achieve the comprehensive,
effective and efficient integration between heterogeneous systems as per SEBI's
requirements.
Page 24 of 54
3.1.19.Search Facility
There shall be enterprise search facility available on Portal that enables the end user to
search structured and unstructured data. Data Sources could be but not limited to ERP
system, enterprise wide databases, EMC's Documentum, Mail and Messaging, Databases,
file-system, websites, within portal, Internet, user desktop, visiteX system, Library systems
etc. User shall be able to search in a single search command. Response time to these
searches shall not exceed 3sec, if all the option is selected; this time shall be estimated on
fully populated data capacity. When user is typing to search any text, suggestions shall
automatically be displayed to user. Information searched shall be in presentable form as
decided by SEBI. Search engine shall have the following features; however these features
1. Intelligent Search: The proposed portal system must have a built-in search engine that
shall be able to:
a) Crawl web sites, portal document manager, file systems etc different data sources for
the purpose of indexing the content/pages. It shall be able to configure periodic
crawls per content source, and collect documents from multiple content sources into
a single collection.
b) Provide internet style search capabilities, for example:
i.
Free text search.
ii.
Use of internet style plus ( + ) and minus ( - ) symbols.
iii.
Use of internet style double quotes ( " ) for phrases.
iv.
Specification of trailing wild card character.
v.
Enable browsing of collections.
c) Supply enriched result page view including summaries and other relevant metadata.
For example, this can be the author, description, and keywords of the document, if
available.
d) Allow for categorization of incoming documents using either a predefined static
taxonomy, or a simple rules based taxonomy which can be defined by the user.
e) Apply filter rules for the crawler to determine what pages are to be fetched and
indexed and allow for optionally approve documents before they are added to the
collection and the index.
f)
Allow editing of document metadata, including the title, author, description, date, and
categories.
g) Search content/pages using Portal supported local language, e.g. Hindi etc.
h) Summarizer. The Portal Search Engine shall returned a summary for documents
which have a certain narrative quality, that is, they are coherent, and above a certain,
'telegraphic', length. The summary consists of the most salient sentences of the
original document. You can set the number of sentences which the summarizer
returns in the summary.
Page 25 of 54
i)
Predefined static taxonomy and categorizer. Portal users can use the Categorization
Facility to build applications that automatically determine the subject of documents
which fall within any of these areas.
j)
Have available easy to use search centre that provides tabs for users to select
different sources. These sources shall be protected by portal security based on
access permissions given to users on them and thereby make different search
sources available to different users or user groups. Hence, users shall see only the
tabs for search collections for which they have access.
2. Search Broker: The portal system must include a search broker that support searching
across distributed, heterogeneous, structured, and unstructured data sources through a
single point of access, without having to create its own indexes. It must include the
following capabilities :
a) Be able to rank the search results according to relevancy. The SP shall specify how
the ranking mechanism works and whether users or system administrator can make
adjustments to the ranking criteria.
b) Able to return summary content for each search result via portlets.
3. Federated Search:
a) Be capable to perform search and retrieval, but not limited, to the following sources
(in addition to the data sources mentioned above):
World Wide Web (HTML, XML, newsgroup, HTTP, HTPPS).
File servers (Both Unix and Windows file server, PDF, Text file, PostScript).
Databases (Oracle, DB2, Microsoft SQL Server).
Content management repository (Documentum).
Web-based Intranet
Subscription websites
Microsoft office (MS Word, MS Excel and MS Power Point)
Media File (JPEG, GIF, TIFF, MP3, WAV, MIDI, MPEG, MOV, AVI)
Desktop
b) Provide data listener for external content, this would provide open API to allow the
product to access nonstandard data sources and also provide ability to quickly build
a bridge to non-supported data sources.
c) Allow users to save a search.
d) Provide the ability to hide results from a particular source.
e) Provide the ability to perform complex & sophisticated queries using special query
operators like +, -, and ().
f)
Be able to filter search results based upon user role.
Page 26 of 54
g) Be able to present the search results with respect to the access control rights set in
the source databases.
h) Be able to get result coming from different sources on the same page.
i)
Be able to narrow down search result by easily restricting searches by specific

languages, file types, web sites / data sources or specific field values
j)
Be able to find the most relevance and most relevance document on the first page
and rank the search results according to relevancy. The SP shall specify how the
ranking mechanism works and whether users or system administrator can make
adjustments to the ranking criteria.
k) Allow sorting of search results.

l)
Have available portlets to display search results.
m) Be able to track top searches and top visited documents or links. For example, the
search engine will display top 10 searches in a portlet
n) Specify whether the search engine supports, but not limited to, the following search
methods :
Full-text index search
Context-based search.
Federated search
Boolean search
Wildcard search
Fuzzy search
Metadata search
Aggregated search
o) Provide details on how the search method works and list all the file format supported
by the search engine.
p) Provide details on how the search crawler works. The search crawler shall support
ad-hoc crawls, schedule crawls and incremental crawls.
q) Describe the indexing method used by the search engine and where the indexes are
stored.
r) The search engine support related search suggestion or hyper linking. This means
that a search on a particular keyword will invoke searches on other related topics.
The search engine shall display the related search suggestion results in a portlet.
s) The search engine support content aggregation.
3.1.20.Audit, analysis and reporting tools
Audit, analysis and reporting tools shall have the following features however these features
1. Provide audit, analysis and reporting tools to track the portal system usage.
2. Be able to track, analyse and generate reports on, but not limited to, the following area :
Page 27 of 54
a) Portal pages hit

b) Portlets usage
c) Virtual portals usage
d) User's usage
e) Login & logout
f)
Error conditions
g) Security violations
h) User account management
i)
Group trend by hours
3. The audit tools must allow the admin user to generate and view report by schedule or
ad-hoc.
4. The audit tools must allow the admin user to display report using user ID or IP
addresses.
5. Different types of reports shall be available. These reports shall not be limited to the
following:
j)
Workflow Report
k) Module Report
l)
Visitors Report
m) Portal Activity Report

6. In addition to the reports available user shall be able to generate customized reports as
per the needs.
7. Tool shall be integrated with the SMS gateway to send alerts regarding critical system
updates.
3.1.21.Security
The following features shall be implemented by the SP; however these features shall not be
1. Integration with the RSA two factor authentication i.e. RSA tokens (already procured
and issued to end user by SEBI) have to be integrated with Portal for two factor
authentication with the following features:
a. Single sign on to all hosted Portal applications (role/rule based).
b. Creation/deletion of users profile features to be provided to the authorized users.
c. Hierarchal administration down to database/report level shall be provided
independent of system administrator.
Page 28 of 54
d. Business rule creation module shall provide authorized users to create business
rule.
However SP is free to explore other authentication mechanism options as well instead
of integrating RSA with the new portal.
2. User Management: User accounts and their password management shall be possible
using either
local database
of appliance or
through integration
with
LDAP/AD/Radius/Oracle OID existent in the organisation.
3. Certifications: The entire appliance shall have third party certifications and ICSA lab
certifications.
4. New Portal shall support the VPN SSL for different type of users for example internal
users, external users, retired employees etc.
5. New portal shall be integrated with the DMS OID.
6. Portal framework must support user authentication with multiple user repositories (e.g.
LDAP servers) at the same time out of the box without requiring custom development.
7. Provide role based security features.
8. Support objects level security (e.g. portlets, pages etc.).
9. Support document level security.
10. Respect and inherit the access control rights imposed by the underlying application,
database or repository when integrate with enterprise application.
11. Provide facility for portal administrator to configure the login attempts and portal timeout.
12. Allow for user password to contain at least eight alphanumeric characters.
13. Support encryption such as SSL.
14. Password tool shall be provided to analyse the password strength.
3.1.22.Portal and User Administration
Portal Administration shall not be limited to:
1. Provide web-based administration interface.
2. Allow portal administrator to create, update and delete ad-hoc users and user groups
without affecting the actual users in LDAP. Allow portal administrator to assign users to
groups.
3. Allow portal administrator to delegate the administration function to authorized users
and user groups to specific virtual portals and pages. The authorized users and user
groups will in turn define the content, themes, skins, page layout, portlets of the virtual
portals and pages presented to the other users or user groups.
4. Allow portal administrator and those authorized personnel to define the access control
for each user and user groups to virtual portal, pages, links, portlets.
Page 29 of 54
3.1.23.Miscellaneous Requirements
1. Personalisation: User shall be able to personalise his Portal page according to his/her
choice by rearranging/reordering/hiding/showing of menu item/tab. Personalisation
a. Be capable of presenting personalized content based on individual user's profile
or role.
b. Allow portal administrator to create and assign users to groups; group
memberships will in turn define the content and layout of the portal.
c. Allow users to customize their portal page layout and the process shall be simple
and user-friendly. This includes, but not limited to, manipulation of portlets
layout, add and remove portlets, change portal themes and skins.
d. Allow users to configure themes, skins and page layout based on the role of the
users.
e. Allow users to customize their portal page by selecting the list of available
portlets from the portlets catalogue. The available portlets shall be readily
integrated with the SEBIs existing applications.
f.
Have a catalogue of pre-built or pre-packaged portlets to back end applications,

which is downloadable by administrator. Administrator can install the portlets,
and assign access control to the portlets.
g. Support multi-languages. The portal systems shall also allow users to select
their language preference and automatically convert portal user interface to the
language preference.
h. The portal shall support tagging feature for Portal pages and must have a tag
center to organize user tags.
2. Rich Content Management: Live feeding of telecast, like our Chairmans address, and
shall be able to play any media (.avi, mpeg etc.) file.
3. Chat/Blog/Discussion /forum: Solution provider shall provide and implement these
features for end users.
4. Database: All running databases with entire data have to be upgraded to available latest
version of Database. Importing of all data, customisations etc from previous version is
also to be carried out. Solution Provider has to tune the database so that it can perform
to its optimal performance. They may redesign the database to enhance the
performance.
5. Live RSS feeds from external website. User shall be provided the option to subscribe
particular feeds based upon his/her requirements.
Page 30 of 54
SECTION IV TECHNICAL REQUIREMENTS

4.1. Technical requirements
infrastructure(Servers, Storage, Networking and Security Solution)).Project also includes
migration of data, integration of enterprise portal with other internal applications and postimplementation support for Enterprise Portal Solution, System Software and IT Infrastructure
(Server, Storage, Networking, Security Components and necessary associated hardware and
software).
This section specifies the solution components required for developing the requisite
infrastructure (servers, storages solution and networking etc.), software products, security
and developing interactive, dynamic and interoperable SEBI Portal.
4.1.1. Technical architecture of the proposed solution
The Solution provider shall provide comprehensive technical solution architecture of the
proposed solution including, but not limited to:
1. Data model including the ER diagram for the entire solution.
2. Schematic diagram, network architecture and interfaces.
3. Backup management including media storage, disaster recovery & business continuity.
4. Development, version and quality control.
5. Business Intelligence Solution.
6. Integration and support strategy.
The native architecture and design of the proposed solution should be based on the stateof-art technology and open component standards. The architecture should be scalable,
interoperable, redundant and flexible enough to support seamless integration of any useful
system for SEBI Portal in future. The solution architecture should be based on, but not
limited to:
1. Integration and Openness
The solution should have ability to integrate and interoperate with other applications using
open standards and integration methods. In terms of the openness of the technology
architecture, applications should be able to operate on multiple operating system, browsers
and database platforms.
2. Scalability
Solution must scale in terms of addition of new applications as well as increase in number
of users in the future.
3. Flexibility
Page 31 of 54
The solution should have the ability to design and develop new application and reports with
minimal customisation. Configuration may be accomplished with a robust metadata-driven
design as well as tools for adapting the user interface and navigation without programming.
Rules/Role based access and authentication methods to adapt the solution to business
process requirements.
4. Usability
The solution should be modular and component based so that an existing component can
be used to design new functionality or to interface other solutions.
5. Accessibility
The Solution should be accessible and workable from any operating system, browsers and
their corresponding updated versions.
6. Redundancy
The solution should be redundant enough in areas of servers, usable ports on switches,
firewall etc.
7. Portability
The Entire solution should be workable from any hardware, operating system, browser,
mobile device and their corresponding upgraded versions. Transition of solution shall be
completed as soon as possible when latest versions are available.
4.1.2. Solution components
The components required to supply, install, develop and maintain are, but not limited to:
1. Hardware (servers, storage, backup devices etc.).
2. Network and Security solution (switches, firewall, two factor authentication solution,
Single sign on etc.).
3. Systems software (operating systems, interface software etc.)
4. Packaged Portal and ERP Solution
5. Custom application software
6. Integrated development platform
7. Ancillary services (documentation, training, structured cabling, racks and associated
cabling, support etc.)
8. Version Control Software
9. Performance Monitoring tool
10. Integration middleware between different applications
11. Application server/Web server etc.
Page 32 of 54
4.1.3. Data centre / Server Room (Site Preparation)

SEBI is planning to Mittal Court's Data Centre (Mumbai)as server room for hosting the
envisaged SEBI Portal and would like the Solution provider to specify the necessary site
preparation and associated infrastructure requirements so as to ensure and adhere to
International Level 3 standards.
Accordingly, the Solution Providers response shall include the following aspects for the
data centre, but not limited to
1. Rack space requirement
2. UPS power requirement
3. AC requirement
4. WAN/LAN and electrical Cabling
5. Power supply points required etc.
6. User connectivity requirement
It is envisaged that the proposed SEBI PORTAL system will be accessed by the users from
SEBI LAN, WAN and mobile devices. Solution Provider shall provide the necessary solution
to meet the objective
If SEBI desires to relocate the data centre for SEBI PORTAL to any other location during
the implementation/post implementation, the Solution Provider shall assist in de-installation
and reinstallation for entire solution. However, this exercise may be on chargeable basis
4.1.4. Hardware/ Sizing/ Performance Requirements
The Solution Provider must size the components of the proposed SEBI PORTAL to meet
the throughput, capacity and performance.
The solution should be able to handle the volume of data as per number of users given in
below table and the response time as given in business requirements shall be met as a
minimum requirement.
Further, the performance requirements with respect to various components of the solution
architecture are as follows, but not limited to:
1. Data acquisition
a. Data which is required for application will be collected and uploaded by
internal and external users to the SEBI Portal on a daily basis using XML
technology.
b. Any additional data required will be identified at the time of System
Specification and
suitable collection and loading procedures will be
finalized.
2. Current data size
a. Existing application data size is 2.5 TB (Primary Site).
Page 33 of 54
3. Availability of SEBI Portal

a. High availability / Cluster solution in active/active for critical components and
n+2 configuration for non-critical components.
b. To ensure the all-time availability; design should be based on failover
architecture.
c. Maximum permissible down time of the system in any single event is thirty
minutes.
4. Users accessing the SEBI Portal
Internal
Employees
Active sessions:1000
Active Users:50% of Active sessions
Mobile Users:50%
Peak Users:70% of Active sessions
Year on Year(YOY) growth:30%
The above mentioned users are for entire portal

including ERP, Custom Apps, Search, BMP etc.
Intermediaries
Current Strength:20000
Active sessions :5%
Active Users:50% of Active sessions
Peak Users:70% of Active sessions
YOY:10%
Investors
Data Access
Number of complaints:10000 pm
YOY:10%
Page 34 of 54
5. There will be other users also accessing the system in a limited way. The system
should support additional users with limited access provisions. These users will be part
time users to support audit, intermediary registration etc.
6. Scalable and upgradeable architecture: SEBI envisages in-box scalability with the
provision to enhance the capacity of the proposed solution on demand. It is to be noted
that the configuration proposed by the Solution Provider completely meets all the stated
requirements and in addition should be field upgradeable to handle the future
requirements. Proposed Solution should be upgradable in both horizontal (ease of
plugging the new applications) as well as vertical (adding more number of users)
manner.
7. Maximum permissible start-up time for the complete portal solution should not exceed
thirty minutes threshold.
4.1.5. Functionality of the solution components
SEBI proposes to segregate the logical functionality from the physical servers, e.g. separate
servers for applications, authentication-authorisation-access, databases & business
intelligence etc. Following is an indicative list of components and features envisaged,
however Solution Provider may alter the list as per their proposed solution but not limited to:
1. Servers/Environment
a. Production Environment
b. Development Environment
i. Quality Control and Testing servers
ii. UAT server
iii. Disaster recovery servers
2. Software
a. ERP, Portal and Databases
b. System software
c. Application server, authorisation servers software
d. Business Intelligence tools, Reporting, Charting tools
e. Identity management, secure login, authentication & authorisation
f.
Custom applications
g. Performance monitoring & tuning tools

h. Application and database development tools
3. Network
a. Switches, Firewalls and routers
Page 35 of 54
b. Structured cabling (rack connectivity, data centre connectivity and

connectivity to hub for user access)
4. Security solution (two factor authentication)
5. Storage solutions
6. Enterprise backup solution and devices.
4.1.6. Analytical Tools for Business Intelligence
The solution must be capable of doing analysis on data. The characteristics of the business
intelligence tools include but are not limited to
1. Ability to handle and process data from various sources.
2. Ability to build multi-dimensional views and analysis.
3. Visual display of data in forms of tables, graphs, charts etc.
4. Aggregation of data by drill-down queries and reports based on data categories.
5. Ability to transform data into multiple data formats like excel, csv, jpg etc.
6. Free-form/drag and drop reports.
4.1.7. Interfaces
SEBI PORTAL is envisaged to be a main page for all other SEBI applications. The Solution
Provider shall do the interface requirement analysis and develop suitable interoperable
interfaces. The solution should have capability to interface with new systems/ solutions in
future. It needs to be interfaced with the following systems/applications but not limited to
1. Data Warehousing System(DWBIS)
2. Document Management System(DMS)
3. Mail and Messaging (Mail, calendar, Lync etc.)
4. Scores system
5. Library
6. Visitor Management System
7. IP Telephony
8. SEBI Website
9. SEBI Intranet
10. External data sources (NSE, BSE websites etc.)
11. User Desktop
12. Active Directory
13. Integration of enterprise search with various data sources.
Page 36 of 54
Any additional data required will be identified at the time of system specification and
suitable collection and loading procedures will be finalized. This includes data collection
from exchanges, market intermediaries, investors, regulatory database, Ministry of
Corporate affairs (MCA).
4.1.8. Support
Solution Provider must demonstrate capability to provide a high standard of on-going
product support.
1. The location from which support is provided.
2. How support is to be provided (on-site, call basis, telephone, fax, e-mail etc.).
3. Number and skill levels of support staff.
4. Tools used to record and monitor support calls.
5. The problem escalation process for unresolved cases.
6. Ability to provide support for problem diagnosis and rectification.
7. The standard service levels for support provided.
8. Committed response times from call-out, to expert-on-site and commitments for time-to
rectify.
9. Onsite resident engineers support strategy.
4.1.9. Performance Monitoring & Tuning Tools
1. The proposed solution must be able to perform infrastructure aware application triage,
i.e. pin point network issues causing application degradation.
2. The proposed solution must determine if the root cause of performance issues is inside
the monitored application, in connected back-end systems or at the network layer from a
single console view.
3. The proposed solution must proactively monitor 100%of real user transactions; detect
failed transactions; gather evidence necessary for triage and diagnosis of problems that
affect user experiences and prevent completion of critical business processes.
4. The proposed solution must gather available performance indicator metrics from all
within real-time production environments and real user transactions 24x7 with minimal
overhead on monitored applications without sampling.
5. The proposed solution must provide for easy dynamic instrumentation of application
code, i.e. be able to enhance out of the box monitoring with extra monitoring definitions
without having to restart application.
6. As a means of detecting poorly performing SQL, the solution must be able to proactively
record all SQL calls, and report on the slow performing ones. The SQL measurements
must be made from within the monitored application not using an external database
agent.
Page 37 of 54
7. The proposed solution must be able to report on any application errors occurred while
executing application functionalities and pinpoint exact place of error within transaction
call stack.
8. The proposed solution must provide for at least 2 levels of thresholds which can be set
on alerts and provide for actions so that alerts can automatically trigger other processes
when thresholds are breached. The proposed solution must not necessitate any
changes to application source code.
9. The proposed solution must proactively identify any thread usage problems within
applications and identify stalled (stuck) threads.
10. The proposed solution should allow SQL statement normalization by aggregating
hundreds of related SQL statements into a single performance metric using regular
expressions and pattern matching.
11. The proposed solution must monitor individual web service and performance transaction
debugging for web services. The proposed solution must also monitor web services
across multiple processes.
4.1.10.Development Environment
Since SEBI is envisaging long term development scenario, a separate development,
environment for Development, UAT and quality control (QC) is requested for SEBI. The
Solution Provider shall provide its own project accommodation and facilities, however
reasonable access to the SEBI facilities during development, installation and testing phases
will be provided. Access to the development environment during development, testing and
implementation shall be provided by the Solution Provider for SEBIs technical team. SEBI
reserves the right to take a final decision on this at the time of award of contract.
The Solution Provider must propose adequate solution including, but not limited to
1. Development site.
2. Hardware infrastructure (typically a scale-down environment with computing platform
identical to the production environment).
3. Relevant software.
4. Software development life cycle tools/database development kit.
5. Software testing tools.
6. Version control, software deployment and change management tools.
7. Any other tools that may assist the development.
8. Training in all the proposed tools.
9. Access and facility for SEBI IT project team.
4.2. Networking, Security and Controls
4.2.1. Specifications for Network, firewall and switches
SEBI envisages connectivity to its portal through LAN/WAN/VPN/Internet/Mobile
accordingly the Solution provider should provide networking equipments.
Page 38 of 54
4.2.2. Security and Administration

The security features available in the solution should be standards based. It is proposed
that the users will access SEBI PORTAL from the SEBI LAN, WAN and mobile devices.
Information delivery and reporting will be through the servers which will be provided as part
of the SEBI PORTAL. As mentioned earlier a two factor authentication mechanism should
be provided for accessing outside LAN along with the following features but not limited to
1. Single sign on to all SEBI PORTAL applications (role/rule based and entry point based)
2. The hierarchal administration down to database/report level should be provided
independent of system administrator
3. The business rule creation module should provide authorized users to
a. Create business rule
b. Killing (cancelling) run-way queries/process
4.2.3. Protection of Information
The solution must apply rigorous controls to ensure the security of information in the SEBI
PORTAL, access and data transfer by implementing a complete and secure audit trail
mechanism.
4.2.4. Security Domains and Authentication
The SEBI PORTAL is proposed to be on separate LAN at Mumbai and Chennai. User
access to the system should be enabled as per the requirements given in Section III of
business requirements and should be accessible within SEBIs intranet with proper user
access rights
4.2.5. Audit Trails
The solution must capture sufficient information to allow the SEBI to identify and track
events in the proposed solution at both system level and application level, including but not
limited to:
1. users associated with each access and operation
2. identification of repairs and the repairer
3. time of all significant process steps
4. time and details of all user access
5. appropriate system and administration logs
The audit trail and its contents must be of a level that cannot be compromised and should
be indestructible. The Solution Providers response should but not limited to:
1. explain the event logging/safe-storing process and the event log retention and archiving
facilities
2. describe the end-to-end system auditing capabilities as messages /information are
processed through the various components of the system and interfaces
3. describe the information retained in audit logs
Page 39 of 54
4. provide role based access with approval

4.2.6. Reports
The system must provide reports that assist in the early detection and management
oversight of potential fraud or error, including but not limited to reports showing:
1. very high value/ critical alerts (high value threshold / criticality to be parameterized)
using SMS/SNMP traps etc.
2. unsuccessful login attempts
3. unprocessed alerts
4. repeated alerts
5. application privilege change and access
The Solution Providers response should list the types of security management reports that
the system is capable of producing.
4.2.7. Controls within the Application
The solution must provide controls to minimise the potential for fraud and error. These
would include amongst other things:
1. input data validation for SQL injection
2. user authentication
3. restricted user intervention, i.e. limited to low risk fields or processes
4. connection time limitation
5. user access restricted by access type
6. privileges granted on function basis
7. controlled access to functions, e.g. via menus
8. error handling mechanisms
9. automatic cut-offs(Application should be inaccessible)
4.2.8. Connection Security
Connection between remote user and internal resource should be through a web
connection of the application using SSL version 3.0 with minimum 128 bit AES encryption.
4.2.9. Vulnerability Assessment and Penetration Testing (VAPT) testing
Solution provider has to periodically conduct testing.
4.2.10.Support for multiple 2-factor /3-factor authentication systems
The SSL VPN appliance should support 2-factor and 3 -factor authentication systems. Also
the device should be configured for the external 2-factor and 3-factor authentication
systems. The appliance should support configuration of multiple 2-factor /3-factor
authentication systems for different sets of users/groups. There should not be any
restrictions on the configuration of number of external 2-factor/3-factor authentication
system. The necessary licenses should be provided accordingly.
Page 40 of 54
4.2.11.Access Control
The Solution Providers response shall specify in detail the proposed access control regime,
including administration, operational and audit operations both at system and application
level. The requirements for access control are as follows
1. secure, auditable management of user-ids, access rights, passwords and tokens
2. passwords to be a minimum of eight characters and to have a parameter driven lifespan
after which users will be required to change their passwords
3. there will be a parameter driven inactivity delay after which users will be logged off
4. the ability to setup user groups of users with access to the same functionality and to
limit the functionality of users to just those functions that they have a need to perform
(roles and rules based)
5. detection and reporting of illegal attempts to access the system or functions within the
system
6. the maintenance of a secure, auditable log of access to the system, identifying user-id,
date, time, functions accessed, operations performed etc
4.2.12.Change Control
The solution must provide mechanisms to prevent fraud or error arising in the course of
implementing changes to the system. These mechanisms would be expected to include
segregation of duties, acceptance testing and computerised processes for introducing and
authorising new applications or changes
4.2.13.Database Access and Control
Solution Providers response should describe how the following features are implemented in
the system.
1. the confidentiality of information
2. data protection and database access controls
3. database security
4. user privileges
4.3. Enterprise Backup & Recovery Solution
The Solution Provider shall supply and implement proper enterprise backup and recovery
system that will cover entire SEBI PORTAL and its associated components. The Solution
Provider shall identify, supply, install, maintain and document the system components
required for adequate backup and recovery mechanism for the proposed solution including
DR site.
The backup and recovery solution may include but not limited to:
1. backup of all networked servers & storage
a. data backup
b. system backup
Page 41 of 54
2. periodic archives
3. hardware devices
a. tape libraries
b. auto-loaders
4. backup management software
5. secure storage of backup media
6. backup and recovery procedures including off-site storage
The estimated backup time for:
1. entire data backup (raw and associated secondary data) is 30 minutes
2. Entire data recovery and system restoration (complete data, system, etc.) is 60 minutes.
4.4. Business Continuity Planning (BCP)
The Solution Provider shall analyse all the processes and categorise them as critical and
non- critical (non-urgent) functions/ activities. A function may be considered as critical if its
functionalities affect the smooth functioning of the SEBI processes. Accordingly, the
Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for both critical and
non-critical components should be considered as mentioned below:
RPO for each activity of solution should be designed to thirty minutes.

RTO for each activity of the solution should be designed to two hours.
During the disaster, staff will access the SEBI portal through Internet/broadband with limited
functionality so that optimum utilisation of the band-width can be achieved. It is required that
disaster site will be replica of the primary site .SEBI envisage that following applications will
be available as per given scenarios.
The identified scenarios that form the basis of the business recovery plan should be
recommended and documented. The business and technical plan requirements should be
documented in order to commence the implementation phase. The plan requirements should
cover, but not limited to the following elements which may be classified as ICE (In Case of
Emergency) Data:
1. The numbers and types of desks, whether dedicated or shared, required outside of the
primary business location in the secondary location
2. The individuals involved in the recovery effort along with their contact and technical
details
3. The applications and application data required from the secondary location desks for
critical business functions
4. The manual workaround solutions
5. The maximum outage allowed for the applications
Page 42 of 54
6. The Solution Provider should design the most cost effective disaster recovery solution
that meets at least two main requirements from the impact analysis stage, but not limited
to:
a. The minimum no of application and application data requirements
b. The time frame in which the minimum no of application and application data must
be available
4.4.1. Documentation of the Disaster recovery plans should include following, but not
limited to:
1. The crisis management command structure
2. The location of a secondary work site (where necessary)
3. Telecommunication architecture between primary and secondary work sites
4. Data replication methodology between primary and secondary work sites
5. The application and software required at the secondary work site, and
6. The type of physical data requirements at the secondary work site.
4.4.2. Implementation and Testing
After implementing the analysed solution plan, solution provider should test all the
process / applications individually, in group and in totality. Following should be included in
the testing of the BCP, but not limited to:
1. Crisis command team call-out testing
2. Technical swing test from primary to secondary work locations
3. Technical swing test from secondary to primary work locations
4. Application test
5. Business process test
4.4.3. BCP testing Schedule
Solution design should include BCP/DR test / drill quarterly after successful implementation
of BCP/DR to be carried out by Solution Provider. Problems identified in initial testing phase
or any test/drill should be rolled in planned and time bound manner
4.4.4. Maintenance of BCP
Maintenance of a BCP manual should be categorized into three periodic activities, but not
limited to:
1. Confirmation of information in the manual, roll out to all staff for awareness and specific
training for individuals whose roles are identified as critical in response and recovery. To
keep data accuracy changes that should be identified and updated in the manual should
include following, but not limited to:
2. Staffing changes
3. Changes to important Solution Providers/suppliers and their contact details.
Page 43 of 54
4. Departmental changes
5. Testing and verification of technical solutions established for recovery operations should
include following, but not limited to:
a.
b.
c.
d.
e.
Application security and service patch distribution

Hardware operability check
Application operability check
Process operability check
Data verification
6. Quarterly testing and verification of documented organization recovery procedures

should be clearly defined and implemented.
4.4.5. The proposed BCP/DR solution should have following features but not limited to
1. It must offer a management capability for the real time monitoring of a DR solution
parameters like RPO, RTO, and replication status and should provide alerts on any
deviations.
2. It should provide a single dashboard to track DR readiness status of all the applications
under DR.
3. It should be capable of reporting important parameters like disk space, password
changes in databases, file addition/deletion etc to ensure DR readiness.
4. It should facilitate out-of-the-box switchover and switchback workflows for DR.
5. It should be capable of generating reports on RPO, RTO deviations and DR Drills from a
centralized location.
6. It should support notification using SMS/email and also support for notification list to
handle groups of users at a time.
4.5. Implementation Requirements
4.5.1. Implementation Plan: Delivery of hardware and solution
Solution providers are expected to undertake development of applications at their own
development center and adhere to the following implementation plan.
SEBI expects the implementation of proposed solution in four phases:
i.
ii.
iii.
iv.
v.
Delivery of hardware: within four months of letter of Intent(LOI)

Phase I- PORTAL and ERP : within five months of LOI
Phase II Custom Applications : within nine months of LOI
Phase III- Integration with other systems : within fifteen months of LOI
Phase IV-Business Continuity Planning and Disaster Recovery :should
coincide with corresponding phases in primary site
The solution provider is expected to prepare acceptance test plan and test cases for user
acceptance test and obtain sign-off from SEBI before starting UAT. The solution provider is
also expected to bring their domain expertise and should share that with SEBI team while
collecting requirement from SEBI users.SEBI envisages this project shall not take more
than fifteen months to complete all phases. First deliverable should come within five months
of LOI
Page 44 of 54
Solution provider may evaluate the dependencies and may propose earlier implementation
methodology. The Solution Provider must submit a detailed phase wise implementation
plan identifying project tasks and milestones. These would include, amongst other things
but not limited to:
1. contract negotiation
2. project establishment
3. site preparation
4. Infrastructure (hardware, network, business intelligence system etc.) deployment.
5. tasks required to complete detailed design/specification
6. tasks required to complete build/customization
7. tasks required to complete software installation and testing
8. data migration processes
9. tasks required to complete each testing phase.
10. tasks required to complete documentation.
11. tasks required to complete procedures development.
12. tasks required to complete technical and user staff training.
The Solution Providers plan should identify duration of the customisation design phase
and the nature of the outputs that phase will produce:
1. Nature and duration of each proposed testing phase (Preparation of test plans is a
project deliverable. Preparation of a test plan for user acceptance for agreement and
execution by the SEBI is a project deliverable.)
2. Nature and duration of each proposed conversion phase.
4.5.2. Evaluation of Time Frame & Effort Estimation
The Solution Providers response should make detailed recommendations as to stages of
project implementation. The Solution Provider is also required to submit the details of the
effort estimation in person months for undertaking the various activities envisaged under
implementation. The Solution Provider shall also furnish the list of profile of the
professionals identified by the Solution Provider for the implementation of the proposed
solution. The said profile of the professionals shall include but not limited to:
1. Titles
2. Qualifications
3. Experience
a. project of similar nature
b. overall
Page 45 of 54
4. Domain expertise
5. Skill sets
6. Certifications etc.
4.5.3. Documentation
The Solution Providers response must identify the documentation that it proposes to
provide. Full document shall be provided to address the following areas:
1. technical/system manuals for software products to be supplied by the Solution Provider
2. any technical manuals required for the operation of the interfaces
3. user operations manuals for the developed applications
4. software requirement specifications
5. data models and data mapping documents
6. data modelling and ER diagrams
7. data flow documents
8. operational manual for systems administration
9. check lists, data reports and process manuals for daily operations support
10. design documents both HLD as well as LLD, with proper details of database design,
algorithm and data structures used.
11. requirement traceability matrix to show the requirement mentioned in the RFP, and its
corresponding mapping with the section number in the proposal, SRS, design docs,
implementation details, hardware info, function names and file name in the source code
if applicable, corresponding test cases numbers and section number in the document
manuals.
All manuals shall be supplied in English, in 3 hard copies and soft copy.
The Solution Providers method for updating documentation to reflect changes should be
explained.
4.5.4. Source Code
The Solution Provider shall provide the source code of the application software developed
for the proposed solution to SEBI. All source code shall be provided with all relevant
information such as SRS, Design doc etc. with proper details and mappings.
4.5.5. User Procedures
The Solution Providers response must identify how the it proposes to work with the SEBI to
write the user and technical procedures required to support the operation of the system and
shall specify the procedures that the Solution Provider proposes to provide. Fully
documented procedures shall be provided to address at least the following areas:
1. Technical procedures for the installation, updating and operation of software products to
be supplied by the Solution Provider.
Page 46 of 54
2. technical procedures for the installation, updating and operation incorporating any
Solution Provider customisations for the SEBI, and including procedures for recovery
from failures and migration to the DR site.
3. User procedures for the operation of, data entry to, enquiring of and reporting from the
SEBI Portal.
4. Procedures for system shut down, start-up, backup and recovery.
5. Procedures for data archival and data restoration and generating reports from these
data.
Solution Providers proposal shall also include the necessary documents for user and
operational procedures for basic system operation.
All manuals shall be supplied in English, in 3 copies and soft copy.
The Solution Providers method for updating procedures to reflect changes should be
explained.
4.5.6. Training
The Solution Providers response must identify how the Solution Provider proposes to
develop and provide training to the SEBIs user and technical staff to ensure that they are
fully conversant with, and capable of undertaking, the roles that they will be required to fulfil.
The training on system administration, databases, data warehousing, data mining, business
intelligence tools etc. should be provided by principal / OEM vendor.
The Solution Providers response shall clearly indicate the following details but not limited
to:
1. topic of the training
2. number of days
3. location
4. nature of training (technical / functional / both)
It may be noted here that in case of any training to be conducted outside Mumbai, the
expenses arising out of travel, lodging, boarding, incidental etc. will be borne by SEBI.
Since there is a need to train large set of users, train the trainer concepts shall be
considered.
All documentation, training materials including trainer guides, user guides, workbooks and
other materials shall be provided with the training. The Solution Providers response shall
propose how on-going training of new user and technical staff shall be conducted.
The Solution Provider shall propose the method by which technology transfer to the SEBIs
Information Technology Department and user staff will be maximised over the life of the
project. The SEBI regards this as an important component of the project. Training module
should be designed for each category of user (Information Technology Department and
user staff).
Page 47 of 54
4.5.7. Testing
The following tests (where applicable) must be conducted and the results of each test must
be documented in the test manual
1. Application tests on all applications
2. Redundancy failover (Boot, Power, Network & Fiber test as applicable etc.)
3. Server failover
4. Cluster functionality
5. Load sharing test
6. BCP/DR
7. Response test for Enterprise search as mentioned in business requirements
8. Performance Testing
a. Stress test
b. Volume testing
c. Configuration testing
d. Compatibility test
e. Timing testing
f.
Environmental test
g. Recovery testing
h. Vulnerability test
i.
Response time test
9. System Integration test of all existing & new equipment involved in this network project
a. Application response time test
b. Robustness Test
c. Maintain a log of any problems after commissioning. The log shall indicate
the date, time of occurrence, measures taken in resolution, preventive
measures and classification of problem into critical, major and minor.
Test team will comprise of various users
The test must be able to simulate the existing and future application profile & characteristics
of the applications
4.6. Other Technical Requirements
1. The components proposed for this project should support IPv4 and IPv6 and should be
configured and implemented based on these two technologies/protocols
Page 48 of 54
2. Proposed solution will have its own network, racks, server, etc. and will be implemented
on different network IP address. However, it has to be integrated functionally and
operationally with existing setup by the Solution Provider.
3. Solution Provider should submit health status
server/storage/portal/ERP etc. quarterly till AMC period
report/capacity
utilisation
for
4. Upgrade & update: The entire software / hardware / networking / etc. product proposed in
the solution should include the updates for the entire warranty & support period as
mentioned in the RFP. For upgrade of the software/ hardware/ licenses / memory/ hard
disk / CPU/ etc. Solution Providers should provide the list price for all such equipment/
software/ hardware/ licenses / memory/ hard disk / CPU /etc. along with final price; SEBI
will calculate the discount offered on each item. SEBI will avail of such discount while
placing order for such upgrade in future, and these would be applicable for the entire
warranty & support period as mentioned in the RFP.
5. All the custom applications label should be displayed in dual language (English and
Hindi). (Dual labels are already implemented in custom applications)
6. The timings of all the servers, applications and appliance clock should be synchronized
and it should be in sync with existing IT setup
7. All servers should be rack-mountable, and on dual supply mode of electricity
8. Solution Provider should perform performance tuning of this project in entirety as may be
needed to comply with SLA requirements on a continuous basis.
9. Solution Provider should perform data storage management activities including hardware
storage configuration, taking regular backup, restore and archival etc.
10. The Solution Provider will be required to conduct system audit for this project annually
and the audit report should be submitted to SEBI
11. All the proposed servers/hardware/storage and network components should support
SNMP for monitoring.
12. File System Management
13. Solution Provider should provide and implement the version control software
14. Dedicated load balancer: The Solution provider has to provide a dedicated multi DMZ
load balancer with multiport support for the Load balancing of various applications of
SEBI Portal's Firewall. This load balancer will be used for load balancing existing and all
the new applications. This will act as a main load balancer for multiple applications.
Therefore the solution provider should consider high availability, robustness, support for
multiple applications, support for accessing virtual desktops, high throughput, failovers
etc. while designing the dedicated load balancing solution.
4.7. Change Management Procedure
During the course of implementation, it may be found that certain functionalities have been
missed out in the Requirement Gathering Phase. The Solution Provider would be required to
incorporate these functionalities as part of this project. We estimate that effort for such
functionalities would be 10% of the total effort estimated for the implementation of the project
and the Solution Provider shall provide these services at no additional charge to SEBI.
Page 49 of 54
Solution Provider shall be responsible for collation of all such enhancement requests
submitted by SEBI. The process for entering an enhancement request shall be agreed and
set out in the contract. Change Control Requests (CCR) for enhancements will be generated
by SEBI clearly defining the functionality and desired calendar time for the implementation.
The Solution Provider shall provide SEBI with a written estimate of the effort necessary for
the implementation of the requested enhancements. Upon approval by SEBI, the Solution
Provider shall prioritize development and carry out implementation of the enhancements in a
controlled and efficient fashion.
Any enhancement effort in addition to the included Enhancement Effort shall be provided on a
time and materials basis at the rates agreed by the parties in this regard and set forth in the
agreement that would be entered with Solution Provider.
The Solution Provider should provide details of effort estimation methodology followed
internally to calculate the effort estimates including the tools and strategy used.
The Solution Provider shall also provide a detailed post-implementation / post go-live change
management system including but not limited to:
1. change request procedures
2. software development/customization
3. software testing
4. quality control
5. version control
6. Documentation which includes design details, test cases executed vulnerability analysis
etc. in addition to the user documentation.
In order to ascertain the road map of the proposed solution, the Solution Provider shall submit
an assessment of following items but not limited to:
i.
extent of customisation and integration possible
ii.
available and proposed APIs
iii.
ability to include new features
Page 50 of 54
SECTION V EVALUATION PROCESS AND TECHNICAL CRITERION

5.1. Evaluation Process
Response to this RFP would be evaluated in two phases. Initially technical proposals will be
opened and evaluated. Those Solution Providers who satisfy the technical requirements of
the solution, as per the requirements/specifications and the terms and conditions of this RFP,
shall be short-listed. Commercial proposals shall be opened only for the short-listed Solution
Providers who have qualified in the technical proposal.
5.2. Evaluation criteria
Solution Provider will be required to secure minimum seventy percent marks at individual
head and minimum eighty percent marks in aggregate in technical evaluation to open the
commercial proposals.
Summary of Weightage Pattern for Various Parameters Considered for Technical Bids
Total marks for evaluation marks are 200. Breakup of marks as per the weightages for
each criteria is as under:
Criteria
%age
Marks
(200)
Solution Provider
capability including
proven relevant
experience
20%
40
Understanding of SEBIs
requirement
20%
40
Proposed IT
infrastructure Hardware,
Software, Network and
Security etc.
30%
60
Proof of Concept(PoC)
30%
60
TOTAL
100%
200
%age
Marks
(200)
Solution Provider
capability including
proven relevant
experience
20%
40
Understanding of SEBIs
20%
40
Criteria
Vendor
B
Vendor
A
Percentage marks scored

Vendor
...
Vendor
B
N
..
Marks scored
Vendor
N
Vendor
A
Page 51 of 54
requirement
Proposed IT
infrastructure Hardware,
Software, Network and
Security etc.
30%
60
Proof of Concept(PoC)
30%
60
TOTAL
100%
200
5.3. Technical Evaluation

Initially only the technical proposals submitted by the Solution Providers will be evaluated as
per the evaluation criteria mentioned above.
5.3.1. Proof of Concept (PoC)
The test cases/data would be provided in the form of business scenarios that navigate
through a policy life cycle to allow solution providers to demonstrate their delivery capability
with respect to the RFP. The PoC will not be utilised to test all capabilities/functionalities
that have been the subject of the RFP document. The delivery of the PoC is in part a minifunctional prototype. It is desirable that solution provider shall include maximum features for
Portal & ERP mentioned in business requirements during this exercise to showcase their
capabilities. For this exercise solution provider is expected to put not more than 20 calendar
days of effort for PoC. The PoC will test the following functionalities/ capabilities:
1. Portal Home Page: Features and functionality offered in the PoC shall be aligned to
2.
the responses to the RFP. A representative home page featuring (a) to (j) as describe
below.
a. SSO feature
b. Two factor authentication solution
c. Multi-device (channel) support e.g. Desktop, iPad, mobile etc.
d. Ease of addition/modification/deletion/expiring of new portlet.
e. The ease of navigation and personalisation by the end-users.
f. Suitable notifications feature.
g. Multi-language support.
h. Portlets
i. Live feeds
j. Dashboards
ERP
a. Employee Self Service (ESS):
i. Dynamic org chart with suitable search facility.
ii. Demonstration of a leave (casual and ordinary) application workflow (rules
are provided below).
iii. Integration of leave record with calendar (e.g. availability of officers for
scheduling the meeting)
iv.Leave record integration with Regulatory workflow (concept of link officer)
v. Book reimbursement claim for an employee with uploading any pdf/doc
files.
Page 52 of 54
3. Financial Processing of book reimbursement claim workflow in payables module with

4.
file attached
Regulatory Workflow
a. Prototype for registration workflow
i. Interface for intermediary to load XML based registration form with
validations (A sample form is provided below).
ii. Regulatory approval of registration.
iii. Application will be validated by Dealing officer (During this step, DO should
be able to verify the details from action taken database). After verification,
it will come to Division Chief(DC).DC will peruse it and forward to Head of
the Department (HOD)
iv. Application will be approved /rejected by the Head of the Department. He
may seek more info before approving/or rejecting the application
b. Free-Form reports on Action Taken Database.
5. Enterprise-wide search on structured and unstructured data including local directory.

SEBI would be sharing the necessary data with solution providers and would also inform the
expected capabilities/functionalities (from within those listed in this RFP) from the POC
within seven days from the issue of this RFP, subject to such conditions as it may deem fit.
The solution provider is requested to host the evaluation of the POC and the products walkthrough. The evaluation and the walk through are expected to be for a maximum of 1
working day. The solution provider is expected to have all subject matter experts available
to respond to SEBI queries promptly. SEBI will be in contact with each eligible solution
provider to finalise the dates of the evaluation and walk through.
Prototype for registration form

Intermediary Name:
Address:
PAN Number:
Contact No:
E-mail id:
Category:
DropDown List
Stock-Exchange Registration No:

Net Worth:
DOB:
Qualification:
Name of the director:
(At-least two fields to be validated)
Page 53 of 54
Workflow descriptions
Please refer to workflow section in Business Requirements
5.3.2. Commercial Evaluation
The commercial proposals will be opened only for the Solution Providers who will be
technically qualified. Solution Provider will be selected under the L1 criterion.
**********************************************
Page 54 of 54

Securities and Exchange Board of India Page 1 of 54

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Securities and Exchange Board of India Page 1 of 54

Caricato da

Copyright:

Formati disponibili

Securities and Exchange Board of India

Information Technology Department,

Protection of Investors Interest in Securities Market