Digital Signature Application



Similar documents
TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

1. PURPOSE 2. BACKGROUND. 2.1 Functionalities of the Current GCIS ECMS. BID SPECIFICATIONS FOR GCIS SHAREPOINT Page 1 of 9

REQUEST FOR QUOTATION YOU ARE HEREBY INVITED TO SUBMIT QUOTATIONS TO THE WATER RESEARCH COMMISSION. 60 Days (COMMENCING FROM RFQ CLOSING DATE)

Records Information Management System Development and Implementation

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Request for Information Integrated Portfolio, Project & Management Information System Technical Assistance Unit RFI: TAU/01

The Impact of 21 CFR Part 11 on Product Development

CoSign for 21CFR Part 11 Compliance

Business Issues in the implementation of Digital signatures

REQUEST FOR PROPOSAL FOR IT ASSET MANAGEMENT SERVICES

REQUEST FOR PROPOSAL: A NEW AUDITING SOLUTION FOR WINDOWS FILE AND DATABASE SERVERS

Why Use Electronic Transactions Instead of Paper? Electronic Signatures, Identity Credentialing, Digital Timestamps and Content Authentication

CoSign by ARX for PIV Cards

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Length of Contract: 2 months (with an option to extend for a further 5 months).

How To Study Video Conferencing In South Africa

Guidance for the verification of qualified digital signatures following Swiss signature law

Simple Guide to Digital Signatures

REQUEST FOR QUOTATION YOU ARE HEREBY INVITED TO SUBMIT QUOTATIONS TO THE WATER RESEARCH COMMISSION. 60 Days (COMMENCING FROM RFQ CLOSING DATE)

Invitation to Quote (ITQ) for STREET WORKS IT SOLUTION

RFP ADDENDUM NO. 1

Enquiry Ref 034

Full Compliance Contents

Automation for Electronic Forms, Documents and Business Records (NA)

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

REQUEST FOR PROPOSALS

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

SECTION C SCHEDULE A: PROJECT BRIEF PART 1: SCOPE OF SERVICES

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

Project Management Guidelines

MovieLabs Specification for Enhanced Content Protection Version 1.0

Business 360 Online - Product concepts and features

activecho Frequently Asked Questions

Oracle WebCenter Content

REQUEST FOR PROPOSALS DEVELOPMENT OF THE MGSLG WEBSITE AND INTRANET

1. BACKGROUND 2. OBJECTIVES

Department of Industry and Science

R E Q U E S T F O R P R O P O S A L S H U M A N R E S O U R C E S S T R A T E G I C A N D I M P L E M E N T A T I O N S U P P P O R T RFP/JHB/ 037

TERMS OF REFERENCE. Appointment of a service provider to provide of a Mobile Mapping Spatial Solution to Support the 2016 Community Survey Project

IT1T Integrated Recruitment Systems 2015

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

1 Beyond Network CRM (Quotation)

e-signlive for LotusLive Silanis Online e-signature Services e-signdoc User Guide Connect. Collaborate. Close.

Ciphire Mail. Abstract

The biggest challenges of Life Sciences companies today. Comply or Perish: Maintaining 21 CFR Part 11 Compliance

Administration Guide. WatchDox Server. Version 4.8.0

Request for Proposal. Contract Management Software

Centrify Server Suite Health Check

REF: RFP No: ECB/HN/1/2014 TERMS OF REFERENCE

Certification Practice Statement

21 CFR Part 11 Checklist

Report of the Auditor-General

ETSI TS V1.1.1 ( ) Technical Specification

10 Tips for Selecting the Best Digital Signature Solution

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

Version 3.0 May P Xerox Mobile Print Cloud User How To and Troubleshooting Guide

Request for Proposal Environmental Management Software

web3 esourcing Product Paper

Creating Digital Signatures

Request for Proposal Permitting Software

REQUEST FOR QUOTATION YOU ARE HEREBY INVITED TO SUBMIT QUOTATIONS TO THE WATER RESEARCH COMMISSION. 60 Days (COMMENCING FROM RFQ CLOSING DATE)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Request for Proposals

Information security controls. Briefing for clients on Experian information security controls

Request for Quotation (RfQ028) Customer Relationship Management System (CRM)

The Recipe for Sarbanes-Oxley Compliance using Microsoft s SharePoint 2010 platform

Secured Signing for Documents

3.1. Broad Use Presence

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

Concept of Electronic Approvals

esign Online Digital Signature Service

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

JUST INVEST VIRTUAL OFFICE AGREEMENT

TENDER SPECIFICATION DOCUMENT. Mobile Phone Contract. Tender for Mobile Phone Contract for EMB-Group

SECTION C SCHEDULE A: PROJECT BRIEF PART 1: SCOPE OF SERVICES

Neutralus Certification Practices Statement

R E Q U E S T F O R P R O P O S A L S SERVICE PROVIDER TO ASSIST WITH THE SOCIAL FACILITATION AND ENUMERATION WITHIN TANTSABANE MUNICIPALITY

Digital Asset Management

Deadline for submission of completed RFP questionnaire is 8/3/2015.

Filestor Digital Asset Management. The way it works

Request for Proposals for Microsoft Project Server 2013 Implementation

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

Centrify OS X Basic Jump Start

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

ICT OPERATING SYSTEM SECURITY CONTROLS POLICY

Intland s Medical Template

Infrastructure Technical Support Services. Request for Proposal

REQUEST FOR QUOTATION

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

TENDER NUMBER: SACU/004/2015/O Provision of Short-Term Insurance. CLOSING DATE & TIME 12 AUGUST H00 (Namibian Time)

Transcription:

Department of Science and Technology Republic of South Africa Specification Digital Signature Application 1. INTRODUCTION The Department of Science and Technology (DST) has 100 employees in Pretoria and Cape Town responsible for approving documents that are legally binding. As a government department, DST must promote transparent administration and recognise the right of access to information, excluding information that is specifically protected by law. The DST's internal Business Processes move between officials and units for approval, and it is therefore critical to ensure the management of paperless workflow processes, legally binding and compliant electronic transactions that have an audit trail to follow.. 1

2. BACKGROUND The DST procured an electronic signature package that is used to sign documents electronically and save them in the DOC/X format. The current signature package is out dated and is not compliant to the Electronic Communication Transaction (ECT) Act. 3. PURPOSE OF THIS DOCUMENT The purpose of this document is to outline DST Digital Signature Requirements and to acquire quotations from vendors. 4. CONFIGURATION REQUIREMENTS FOR A DIGITAL SIGNATURE APPLICATION The DST digital signature requirements are as stipulated below: 4.1 Signing and Verifying Process a) Must work with all standard file formats stipulated below using certificate IDs: Microsoft word, Outlook & Excel Adobe PDF Open Document, ODT, & ODS (Optional) JPEG & TIFF (Optional) b) Allow a user to embed digital signature anywhere directly into the document. c) The digital signature system must provide a method for specifying which data to include in the data to be signed (e.g., location, I approve.etc.). 2

d) The digital signature system must provide a method for modifying the data to include in the data to be signed without violating the integrity of existing signatures. e) The digital signature system must protect against database object spoofing. f) Allow multiple signatures to be placed into a document. g) If signature verification fails because data was changed, the digital signature system must be capable of identifying for the user which data element was changed. h) The digital signature system must include a timestamp with the signed data to show when the signature was generated. This timestamp must be protected by the digital signature. i) The digital signature system must verify that the signer s certificate was valid at the time of signing. j) The digital signature system must retrieve the current date and time from a central, trusted source such as the database server or a timestamp authority. k) Upon signature verification, the digital signature system must verify that the signer s certificate has not been modified or revoked. The certificate chain should be verified up to and including the root certificate. l) Certify a document with a visible and hidden signature so that recipients can verify authenticity with or without seeing a visible signature on the page. m) Automatically embed certificate data to support long-term validation. n) Certify a document while leaving portions of it available for form filling, signatures, or comments. o) All documents must not leave the DST repository. 4.2 Security and Cryptography a) Audit log - Every action in a document must be logged and secure. b) Allow active directory authentication. c) Allow biometric authentication. 3

d) The digital signature system must be able to use both software and hardware cryptographic tokens. e) The digital signature system must be able to detect any tempering of signing keys. f) The digital signature system must provide an interface that allows the use of third-party security products. g) Signature certificate must have court-admissible validity data (e.g. name, IP address, etc.). h) Validate all signatures, confirming the identity of everyone who signed the document. i) Validate document integrity by tracking all previously signed versions of a document to verify changes made during the document s lifecycle. 4.3 Integration a) The digital signature system must easily integrate into the application to enable signing and verifying automatically (application referred in point 4.1.a). b) Integrate into workflows within our Content Management Systems. c) Must work on a PC and Mac (OS Independent). d) Must support the following browsers (Firefox, Safari, and Internet Explore). e) Must allow users to sign using the following mobile technology (e.g. Ipad, iphone and Galaxy). f) Allow users to use a signature pad option. 4.4 Standards The proposed solution must meet the requirements of the (ECT) Act and can comply with the following standards: a) ISO-IEC 9796 b) ISO-IEC 14888 4

c) ISO-IEC15945 d) ISO-IEC 9798 4.5 Training a) The vendor must train all DST users. b) Must offer classes for administrators. c) Must offer classes for users. d) Must offer training onsite. e) Training material / manuals must be provided for participants during classes. f) Training material must be available in electronic format. g) Training must be customised for our implementation. h) Must offer a train the trainer type of course as well. 5. SERVICES REQUIRED a) To configure and install digital signature application at the DST and all branches. b) To deploy relevant packages to all DST users where necessary. c) To define a user requirements document at the initiation of the project in order for the project to be successful. This will also enable the project team to know exactly what is required during the delivery of the project. d) Provide a technical specification document. e) To ensure the interoperability of the system in a diversified software environment. f) To provide first and second level support to DST. g) To evaluate user acceptance and skills requirements. h) To evaluate administrative skills requirements affecting total cost of ownership. 5

6. DELIVERABLES A comprehensive report that provides the status of the Project: (i) Identifying challenges and best practices in respect of: o Accessibility, performance and turnaround time o Technology equipment and infrastructure o Preventive maintenance plan of equipment 7. TIME FRAMES a) Vendor must submit a project plan. 8. CONSULTANT REQUIREMENTS 8.1 The consultant must: a) Be in a position to assume work as soon as possible. b) Demonstrate strong organizational and project management skills. c) Be appropriately qualified with sufficient background of the digital signature sector. d) Have good strategy development skills. e) Have good business analyst skills. 9. CRITERIA FOR THE EVALUATION OF THE PROPOSALS 6

a) Service providers must note the criteria to be applied in deciding on the successful provider. b) All proposals received will be evaluated by a panel on the basis of functionality (100%). c) The 80/20 preference point system (pps) will be applicable to this bid. With regards to functionality the following criteria and maximum value of each criterion will be applicable: CRITERIA WEIGHTS Experience and implementation reference 20 Integration as per 4.3 20 Interoperability, Platform independent and mobile compatibility Originality, methodology and relevance of the proposed work plan Capacity to deliver within the specified time frames and availability of existing resources 20 20 20 TOTAL SCORE 100 d) Service providers will require 60 points to qualify for further evaluation. e) Service providers might be requested to do an oral presentation of their service should DST deem it necessary. 10. DETAILS OF THE PROPOSAL a) Consultants must submit to the DST, a Project Plan inclusive of milestones and time-scales, as well as the estimated person/days for the completion of the project. 7

b) An analysis of costs must be given to cover the full contract amount in South African Rands (including VAT), and where possible, costs should be linked with specific tasks to be undertaken. c) The application should also include the CVs of the consultants and/or staff who will participate in the project, demonstrating experience in the field of information gathering, information management and information analysis. d) The name and contact details (telephone and/or mobile, fax and email) of the project leader. e) Scope of the study. f) An implementation plan (including timeframes with broad work breakdown structures). g) An outline of the methodology to be applied in carrying out the project. 11. PROCEDURE a) Regular meetings will be held with the DST throughout the duration of the project. b) The payment plan will be negotiated and agreed to between the DST and the consultant. However, the final payment will be made after the completion of the project and acceptance of the final report by both DST and the other party. c) The consultant will solely be responsible for all administrative issues related to the project. d) They will also be informed that copyright rests with the department and the department will decide on the publication of the information, if necessary. 12. SERVICE LEVEL AGREEMENT a) If necessary, short-listed applicants may be requested to make a presentation of their proposal and will be duly informed. 8

b) DST and the appointed consultant will enter into a service level agreement. c) The successful service provider will be expected to conduct a briefing session with the DST and all relevant stakeholders prior to the work being conducted and the whole team of the appointed service provider will be required to attend the briefing session. d) The consultant will be responsible for ensuring that the agreed deliverables are produced to a quality standard, on time and within the budget. e) The consultant will work in close collaboration with the DST so as to ensure that the objectives of the department are accommodated by this project. f) DST will evaluate the draft final report and request the consultant to effect revisions and additions, if necessary, before the final payment is made. g) The consultant will explain and elucidate the final report at a meeting arranged by the DST. 13. PROPRIETARY RIGHTS a) The proprietary rights with regard to copyrights, patents and any other similar rights that may result from the consultant carrying out the assignment shall belong to the DST. b) The final product of all work done shall, on completion of the brief of the assignment, be delivered to the DST. c) The consultant shall agree that all rights, to be acknowledged, understood and adhered to by the consultant on acceptance of the bid by the DST including, without limitation, all intellectual proprietary rights in and to any material or information including all computer programmes, e-data and documentation related to the project belong to the DST. d) The DST will have unrestricted access to all material, data and information. 9

e) The consultant shall deliver any or all such material, data and information to the DST upon request. 14. CONCLUSION The closing date for submission of the quotation to the DST is 23 August 2013 at 12h00, no late proposals will be considered. A briefing session will be held on Tuesday the 20 of August 2013 at the DST from 11: 00 12: 00. Prospective providers are therefore advised to attend the session to clarify the department s specifications. Proposals should be delivered to: Building 53, CSIR Campus, Meiring Naude Road Pretoria, 0001, faxed to 086 681 0013 or emailed to senzod@dst.gov.za. Queries/requests for further information may be directed to Mr S M Dlamini at Tel: 012 843 6611. NB: Please note that the DST reserves the right not to accept the lowest quote or not to proceed with this project. All costs that the consultant may incur due to the preparation of such quotation and project plan for the DST shall be the sole responsibility of the consultant. 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information