Clarifications: 1) We are asking for a two week extension in order to provide a detailed response to the requirements outlined in the REI.

Transcription

1 ADDENDUM # 02 Thursday, February 06, 2014 REI# Request for Expressions of Interest for Audit & Enforcement Replacement of Nova Scotia Indian Fuel Tax Exemption (NSIFTE) System The following clarifications are provided for this RFP: Clarifications: 1) We are asking for a two week extension in order to provide a detailed response to the requirements outlined in the REI. A ONE WEEK extension has been granted. The REI closing date is now February 13, NOTE: Please see REI Addendum #1 posted on February 3. 2) Does the proposed solution have to comply with the target architectures? This depends on the solution defined by the vendor. Any solution components hosted and managed by the Province need to comply with the Province's architecture standards. 3) We are assuming that Disaster Recovery services are not within the scope of this REI. Is this correct? Disaster Recovery (DR) needs to be addressed for any retailer installed solution components (e.g., the POS system). If there are solution components installed on hardware managed by the Province, then DR processes will be managed by the Province. 4) Is there only 1 POS vendor for all the stores? What services/agreements do these vendors have with the stores currently? Are the POS devices/registers Windows based? There is currently one POS vendor for on-reserve fuel transactions. Any services/agreements are between the retailers and the POS vendor with no involvement by the Province. Some retailers are "pay as you go" with the vendor, some are on annual contracts. The current POS system is Windows based. 1

2 5) Do any of the stores have pay at the pump functionality? Some retailers do have pay at pump. However, NSIFTE transactions cannot occur at the pump as retailer clerks are required to manually verify the customer against the provided Driver's License in order to be eligible for the fuel tax rebate. 6) If the application solution is in store and forward mode, is the business assumption that the purchaser receives the tax exemption anyway? Yes. In this situation, the tax rebate will be provided. Overages/exceptions will be managed within the Province's application once these transactions have been forwarded. NOTE: If the vendor/service provider is unable to resolve the transmission issue within an acceptable defined period (to be defined at a later date), subsequent transactions would be denied at the POS until the communications issue is resolved. Transactional data, including license master number and litres purchased, etc., would be cached locally in an encrypted state until the network connection is restored and the information can be transmitted/deleted. 7) Please clarify the existing SNSMR In-House system component regarding the import/export data format. The data format is CSV flat file. 8) Will the provided solution require the vendor to maintain a server in the Province s Network to run the web service? Or, can the vendor run the web service on an existing server managed by the Province? Either approach is possible. Please indicate your preferred approach in your solution description. 9) Will the vendor be required to supply a physical server? If so will the vendor also be responsible for its maintenance? The province uses VMware so can provide a virtual server instead of using physical hardware. Using a virtual server would be our strong preference. If the vendor solution components run on hardware supplied by the Province, the Province will be responsible for its maintenance. System admin privileges would not be given to the vendor. 2

3 10) Will the vendor be supplying a complete solution to each retailer site inclusive of the prescribed NSIFTE SW as well as POS/Pump Control/BackOffice SW for the operation and management of the sites to an industry standard solution as normally found in a retail fuel site? Yes. There will be a variety of pump technologies to accommodate at the 21 on-reserve fuel retailers. Some additional information on the retailers that may be of interest: - They range from a 1 pump, 2 nozzle island to 4 or more pumps/island. Average would be 4 pumps, 2 islands. - Some retailers use the NSIFTE POS only for NSIFTE transactions, while others use the POS for all retail store sales (it s about 50/50). - All, with one possible exception, have their POS connected to the pumps (e.g., via a PIE box). 11) Are we to supply all retail site HW inclusive of till computers, peripherals (scanners, cash drawers, etc.), backoffice computers as well as needed pump control (dispensers need fuel control HW & SW: PIE Box, Wayne Fusion etc.)? Yes. Whatever retailer components are required to implement the proposed solution must be supplied by the vendor. 12) If the answer to any of question #10 and #11 is yes, then we require detailed store site surveys inclusive of the following: i. Number of tills ii. Type of dispensers iii. Bank card processor iv. BackOffice management needs inventory control, promotions management etc. v. Location and operator name vi. Access to broadband internet vii. PCI assessment status viii. Site operator requirements for POS and BackOffice functionality This information cannot be supplied. It is expected that the vendor, for the purposes of the REI, can provide a high level cost estimate without this detailed information. If the information is deemed absolutely necessary by the vendor, it needs to be retrieved directly from the retailers. 3

4 13) Is the Province or Retailer responsible for paying for the system as well as its maintenance (by way of HW support) and well as SW and technical support as provided by us? The cost of retail site components of the solution (including technical support) is the responsibility of the retailers. Only the components used to interface with the Province's in-house application are the responsibility of the Province. 14) Information as to the current system(s) installed at retailer sites, as this will impact data migration as well as complete site HW and SW needs. This information cannot be provided by the Province. See question #12. 15) We will also need protocol documentation for any available interface (departmental component etc.) that you currently have to determine the exact requirements of the solution/system needed. All existing interfaces are flat files over secure FTP. 16) The Program Eligibility / Fuel Sales Data Broker diagram (Solution Requirements FINAL v5 p. 6.): The following questions relate to the building, deployment and maintenance of the Broker: - The document refers to real-time updates, but the Eligibility Data and Fuel Sales Data in this diagram are labelled Daily. Should these be labelled Real-Time? The Broker receives data daily from the SNSMR in-house NSIFTE application. It is the Province s expectation that the vendor solution at the retailer sites communicates with the Broker in real-time to retrieve eligibility data and send sales data. 17) Do the POS systems run in a Virtual Private Network with the Broker? Or do they communicate with the Broker through intermediate firewalls, proxy servers, etc.? The retailer POS systems communicate with the Broker over the internet (there is no VPN). 4

5 18) Is the Broker itself to be deployed internally to Service Nova Scotia & Municipal Relations, behind a firewall? Or is a hosted / managed / cloud operation an option? Either approach is possible. Please indicate your preferred approach in your solution description. 19) What types of communications are to be used between the Broker and the SNSMR NSIFTE Reporting System? For example, is the Eligibility Data sent to the Broker over web protocols (HTTP or HTTP/S)? And should the Broker send Fuel Sales Data to the SNSMR NSIFTE Reporting System over web protocols? Or is the Broker expected to be connected directly to an Enterprise Service Bus? Secure file transfer protocols are currently used. 20) We assume that redundancy / failover and scalability of the Broker are beyond consideration at this stage. This functionality needs to be accounted for in the proposed solution. 21) FR02 Real-time consumer exemption eligibility information: What is the expected outcome when a POS system fails to query the eligibility data? For example if a network outage prevents the POS system from querying the eligibility data: Should the POS give out no exemption? Or should the POS fall back on a locally stored cache of yesterday s eligibility data, for example? In this situation, the tax rebate will be provided. Overages/exceptions will be managed within the Province's application once these transactions have been forwarded. NOTE: If the vendor/service provider is unable to resolve the transmission issue within an acceptable defined period (to be defined at a later date), subsequent transactions would be denied at the POS until the communications issue is resolved. Transactional data, including license master number and litres purchased, etc., would be cached locally in an encrypted state until the network connection is restored and the information can be transmitted/deleted. 5

6 22) What happens when the customer is close to the litres quota limit? For example, customer has a 100 L limit, has previously pumped 95 L, and now pumps 10 L. Should this customer receive a full tax exemption? Or no tax exemption at all? Or should 50% of the fuel tax be exempted (since 5 L were within quota, and 5 L were beyond quota)? Only 5 litres would be tax exempted since that would expend the 100 litre limit. 23) Is quota information maintained only centrally, province-wide, in real-time? Or does each store need to maintain its own independent quota sales information? For example if the central province-wide quota data is only updated daily, then presumably a single store must maintain its own, up-to-the-transaction quota details. That way a single customer who reaches the quota during a transaction cannot receive further exemptions later the same day. Monthly quota data is to be maintained in real-time via communication between the retailer POS system and the Data Broker. No quota/eligibility data is to be stored locally at the retailer site. 24) IN01 Exemption Eligibility Information Retrieval: Does the POS query the Broker for eligibility data keyed by the customer s driver s license #? Or does the query require additional elements, such as the expiry date? The key for eligibility data is Driver s License Master #. 25) Why is personal information (first and last name) necessary? Do the first and last names need to be printed on the customer s receipt? Consumer first and last name are currently printed on the NSIFTE transaction receipt. 26) Which industry and/or government standards must be adhered to when transmitting driver s license personal data? For example, encryption requirements, retention limits, and so on. Please refer to the WAN security standards in the Target Security and Privacy Architecture V3 document. 6

7 27) Are client- and server-side certificates sufficient for authentication, when the POS connects to the Broker to query eligibility information? Or is some kind of user authentication required for each POS to connect to the Broker (with a user ID and password, session identifier, session timeout, etc.)? Industry standard server side security certificates are sufficient; however other solutions are also acceptable provided they meet government security standards. 28) General: Are there any specific backup and recovery requirements for the Broker and/or the POS systems? Disaster Recovery (DR) needs to be addressed for any retailer installed solution components (e.g., the POS system). If there are solution components installed on hardware managed by the Province, then DR processes will be managed by the Province. 29) Are there any specific data purging requirements for the Broker, to conserve disk space? No. 30) How would the vendor login remotely to maintain and support each POS system? For example, would the vendor have VPN access to the individual stores? Or would each store s firewall require an open port for TeamViewer or a similar application? This functionality would need to be defined and implemented directly with each retailer. 31) How would the vendor login remotely to maintain and support the Broker? For example, would the vendor have VPN access to Service Nova Scotia s server? Or would Service Nova Scotia provide a firewall opening for the vendor to login to the Broker? The Province will grant the required remote access to the Broker. 32) How would Service Nova Scotia staff access the Broker, for running reports, inspecting logs, and so on? 7

8 For example, would all access by Service Nova Scotia staff be through a browser? Or would additional access methods, such as SSH or TeamViewer, be required in order for Service Nova Scotia staff to use the system? SNSMR staff would access the Data Broker via a web application interface. 33) Target Security and Privacy Architecture Supporting Best Practices P. 19 Message security is implemented to the level indicated from the Citizen Online Identity Authentication Framework Is this a formal document? This does not apply to the NSIFTE solution since there is no online citizen facing component. 34) Are you looking at a vendor to write both the backend and the retail side? The Province is looking for a vendor to provide a complete NSIFTE solution that includes both the retailer site components and what is referred to as the Data Broker component of the solution in the diagram on page 5 of the REI document. 35) You mention there are 21 stores. Will the successful bidder get all the stores or a portion of them? The solution vendor would be required to install the retailer solution components (e.g., POS system) at all 21 retail stores. 36) How many terminals (lanes) does each store have? See question #10. This addendum will NOT require a revision to the Closing Date and Time, or other dates given in the Request for Proposal document. On your NSRSO tender document, acknowledge this addendum in section 6. Failure to acknowledge addendums may result in disqualification of your bid. Yours Truly, Wade Whynot Project Manager Service Nova Scotia and Municipal Relations 8

9 ADDENDUM # 01 Monday, February 03, 2014 REI# Request for Expressions of Interest for Audit & Enforcement Replacement of Nova Scotia Indian Fuel Tax Exemption (NSIFTE) System The following changes/clarifications are required for this RFP: 1.0 Document Changes/Clarifications: 1.1 REI Cover Page- delete table in its entirety and insert: Questions & Information Sessions Questions pertaining to the content of this REI and its related documents are asked to be received by SNSMR during the period of January 23, 2014 to February 12, The proponent is invited to schedule a REI Information Session prior to the REI closing date. The Information Session can be either in person or via a conference call and will be scheduled between January 28, February 11, 2014 at a mutually agreed to time. Vendors can contact Wade Whynot, SNSMR REI contact (section 1.4) prior to February 5, 2014 to arrange a time. 1.2 Section 1.4 Delete the following sentence: Questions pertaining to the content of this REI and its related documents are asked to be received by SNSMR between January 23, 2014 and February 5, Insert the following sentence: Questions pertaining to the content of this REI and its related documents are asked to be received by SNSMR between January 23, 2014 and February 12, This addendum WILL require a revision to the Closing Date and Time, or other dates given in the Request for Proposal document. The closing date and time will now close at 2:00 pm on Thursday, February 13, On your NSRSO tender document, acknowledge this addendum in section 6. Failure to acknowledge addendums may result in disqualification of your bid. Yours Truly, Wade Whynot Project Manager Service Nova Scotia and Municipal Relations 1