Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea.

Similar presentations


Presentation on theme: "Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea."— Presentation transcript:

1 Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea

2 Table of Contents  A brief Overview 2. Structure of the guideline 3. The Body Chapter 2 Development of Project Plan Chapter 3 Procurement of ICT Project Chapter 4 Selection of Provider and Contract Chapter 5 Project Implementation Chapter 6 Software Secure coding Chapter 7 Audit and Operation 2

3 Overview  history Establishment(‘`11.9.5)  Improvement of procurement and contract system  Reflection of the change of other related laws and orders. Change about 30 kinds of contents applicable to all stages of ICT project (plan ‧ procurement ‧ contract ‧ implementation etc.) 1’st Revision(‘`12.3.6)  To decrease the side-effect of preventing big business from attending to IT project  To make an environment friendly to the good small and medium business 2’nd Revision(‘`12.6.27)  To enhance SW secure coding 3

4 Legal structure Parliame nt President Decree Minister order Manual Law Order 4 Manual Training

5 Contents of the Guideline Section 1 : General 1.Purpose 2. Definition of terms 3. Scope to apply the guideline 4. Basic Principle 5. Relation to other laws and orders Section 2 Development of Project Plan 6. Guideline to select proper H/W/ and S/W 7 Guideline for ensuring the use of proper technology and interoperability 8. Evaluation and management of Security 9. Budget plan and cost estimation 10. Special privilege to SME 11. Separate procurement of S/W and H/W 12. Compensation for submitting a proposal 13. Audit 14. Coordination among related entities Section 3 Procurement of ICT project 15. Clear and detail description of service and system requirement 16. Guideline for writing RFP, items to be included in RFP 17. Deletion of sensitive information in RFP 18. Specification of proposal evaluation process, development of standard score sheet 19. How to use sub-contract 20. Presentation of the proposal 21. Use of standard technology(S/W) evaluation 22. Sealing of the estimated price 23 proposed price should be estimated by related government procurement regulation 24 Guideline for Pre- release of RFP 25. Collection of opinion on the pre-released RFP 26. Process to access the RFP 27. Time span for procurement 28. Public explanation of RFP 29. Process to submit proposal 5

6 Contents of the Guideline Section 4 Selection of provider and contract 30 Composition of evaluation committee 31 Process of the pre-release of a proposal to evaluation committee 32 Process of the Evaluation of proposal 33 Sufficient time allowance for evaluation and correction of extraordinary evaluation score 34 Condition and process of public release of evaluation result 35 Release of estimated price and evaluation of the proposed price 36 Process of technology and price negotiation Section 5 project implementa tion 37 Process of request of sub- contract 38 Approval of sub-contract 39 Management of initiation and process report 40 Management of sub-contract 41. Regulation of work place 42. Regulation of workers 43. Monitoring of the abiding the technology use plan 44 Management of standard outcome report 45 Alteration of work scope 46 Process of the alteration of work scope 47 Payment for the alteration of work scope 48 Use of Integrated information resource management (EA) 49 Implementation of audit 6

7 Contents of the Guideline Section 6 S/W Secure coding 50. Principle of S/W secure coding 51. Activity for ensuring S/W secure coding 52. Checklist to evaluate S/W weakness 53. Process to analysis S/W weakness 54. Certificate and training of S/W secure coding analyst Section 7 Audit and operation 55 fine for delaying the completion of project 56 Process of audit 57 Process of hand over 58. Encouraging the private sector to use the public information resource 59. Process for operation and maintenance 60 Regulation on IP arising in implementing the project Special section 61 Specific manual will be released by NIA Appendix 1. Table of special advantage score for the co- participation of SME 2. Number of evaluation committee member by the size of project 3 Checklist for ensuring S/W security 4. Quality requirement for S/W secure coding analyst Template 1. Technology Use Plan, Technology use result 2. Technology evaluation for interoperability, sharing of information resource, efficiency of the system, information accessibility, appropriateness of technology etc. 3. Document to use sub-contract 4. Evaluation committee report sheet 5. Document to start the project 6. Template of system development plan, pledge for ensuring security and abiding law and regulation while doing project 7

8 8 Chap. 2. Development of Project Plan  Standard of HW and SW Acquisition (Sec.6.) Refer to “Guide tor HW Capacity Estimation” for HW Acquisition Check the availability of existing commercial SW products before SW development Obligation of the use of existing commercial SW products  Exception) extraordinary high expenses, difficulty in fulfilling the required functions and maintenance etc. Modify technology evaluation plan to reflect this requirement  Priority to the products developed by small & medium business

9 9 Chap.2. Development of Project Plan  Ref) Technology Application plan/result and Technology evaluation Business Plan (Sec.7) RFP (Sec.16) Proposal Implementation (Sec.43) Auditing (Sec.50) Operation (Sec.52) Technology Application PlanTechnology Application Result OwnerOperatorAuditorOwner Procedure Documents Person In charge Technology Evaluation

10 10 Chap.2. Development of Project Plan  Exam.) Technology application plan/result (attached form) item plan/result comments Application partially Application no-applicationNA Detailed Technology data expressio n o Static expression : HTML 4.01 o Dynamic expression - JSP 2.1 - ASP - PHP

11 11 Chap.2. Development of Project Plan  Exam.) Technology evaluation (attached form) Detailed evaluation item checkcomments Do you describe the background and the goal of the business? Do you describe the problem and the improvement of informatization? ……………… ………….

12 12 Chap. 2. Development of Project Plan  Technology Application Planning and Technology Evaluation of Interoperability (Sec.7) Perform Technology Evaluation prior to the final Business Plan  Big project and national security related project need a special evaluation of technology application in the planning stage  Reflect the result of evaluation to Business Plan and RFP Make Technology Application Planning when owners make Business Plan and RFP Bidding participant must summit Technology Application Plan when submitting a Proposal and it should be re-submitted when implementing the Project

13 13 Chap. 2. Development of Project Plan  Security Review and Management (Sec.8) In the time of making or modifying Information System, Request security review by NIS(National Intelligence Service) according to“Guide to National Information Security” Development security countermeasures applicable in the process of procurement, management, and operation of ICT project etc. Develop countermeasure for protecting personal information Devise SW Vulnerability countermeasure and let business operator comply it  Budget and Estimation (Sec.9) Refer to “Guide to Estimation of SW business expense ” Acquisition expense of HW and commercial SW  1. the price which is registered at the public procurement service  2. the newest purchase price  3. the lowest price among 3 estimates

14 14 Chap. 2. Development of Project Plan  The lowest limit of business expenses which big SW business can participate (Sec.10) State clearly in RFP ※ sales of big business more than 800billion : 8 billion sales of big business less than 800billion : 4billion  Separate Order of SW (Sec.11) Refer to“the objects of Separate Order of SW” ※ more than 1 billion of business expense & more than 50million of SW price  Compensation of Proposal (Sec.12) Refer to“Operation regulation for compensation of SW proposal” ※ compensate for the good proposal with money

15 15 Chap. 2. Development of Project Plan  Audit (Sec.13) Refer to “IT Audit Standard” ※ audit scope, procedure and obligation, registration of audit firm, qualification and education of IT auditor etc. → Sec.50. auditing  Advance Consultation (Sec.14) Refer to “regulation to Advance consultation for e-government business” ※ Main purpose is to filter the duplication among systems

16 16 Chap. 3. Order  Requirement Disambiguation of RFP (Sec.15) State the requirement of RFP clearly though Function list and requirement specification etc. In the time of ISP, Make the requirement of RFP through the business operator of ISP and Apply them to RFP Refer to “The guide to make requirements of RFP” → Sec.16. Making RFP Sec.45. Changing Tasks Sec.46. Procedure of Changing Tasks Sec.47. Payment of Changing Tasks

17 17 Chap. 3. Order  Making RFP (Sec.16.) Include below contents to RFP  1. Tasks and requirements  2. Contract condition  3. Evaluation item and method  4. Size of Proposal sheet·summit method·biding type  5. Compensation of Proposal  6. Items which business operators must comply a. State Price for a subcontract clearly to RFP b. propriety of subcontract c. Technology Application Plan d. SW secure coding compliance e. Obligation of proposal presentation by PM f. Making and submit of standard documents

18 18 Chap. 3. Order  RFP Security (Sec.17) Consider not to include security issues in RFP  1. IP address of Information systems  2. system diagram and current condition of systems like vendors, versions etc.  3. configuration information of systems  4. access authority like user id, password etc.  5. analysis report of system vulnerability  6. current status of information protection products like Firewall ㆍ IPS etc. and NW devices like router ㆍ switch etc.  7. closed objects according to“Public information act”  8. personal information  9. confidential items etc.

19 19 Chap. 3. Order  Evaluation Scale (Sec.18) In the time of negotiated contact, technology : price = 90:10 Exception) technology : price = 80:20  1. HW ratio is more than 50%  2. business expense is less than 0.1 billion etc.

20 20 Chap. 3. Order  Ref) subcontracting management OrderSelection and Contract OwnerOperatorOwner stage Check list Person In charge request of price for a subcontract (Sec.19) Execution Approval Application(S ec.37) Approval(Sec.38) Management (Sec.40) Review of price for a subcontract (Sec.36)

21 21 Chap. 3. Order  Price for a subcontract (Sec.19) State Direct labor cost, overhead expense, and engineering fee clearly in RFP  1. direct labor cost : 100% of unit wages  2. overhead expense + engineering : more than 20% of direct labor cost ※ example The Owner pays for a subcontract directly or Business operator pays for a subcontract within 15 days Calculation basispriceThe lowest price for a subcontract Unit wagesunit wages of SW100 overheadUnit wages of SW X 1.1110 20 Engineering fee(Unit wages of SW+overhead) X 0.2 42 sum252120

22 22 Chap. 3. Order  Price for a subcontract (Sec.19) → Sec.36. Technique and Price Negotiation Sec.37. Approval Application of subcontracting Sec.38. Subcontracting Approval Sec.40. Subcontracting Management

23 23 Chap. 3. Order  Proposal Presentation (Sec.21) PM must make a presentation by himself  Technical Evaluation Standard (Sec.21) Refer to“SW Technology evaluation standard” designate at least 6 Relative evaluation items for discrimination of technology Enlarge evaluation ratio for small & medium business consortium  Furnishing of Predetermined Price (Sec.22) Determine Predetermined price before proposal submit Seal it and Keep it in secrete  Predetermined Price Determination Standard (Sec.23) Refer to “National Contract Act”for determination standard and procedure etc.

24 24 Chap. 3. Order  Advance Publication of RFP (Sec.24) Make public on National procurement service “ww.g2b.go.kr” and homepage of each organization for 5 days (3dyas in urgent case)  1. business name  2. organization name  3. budget  4. expiration date of comment  5. contact number and name  6. delivery deadline  7. RFP etc. Exception of advance publication  1. in case of no time for competition and special appointment contract  2. in case of security products  3. product whose estimated price is less than 0.1 billion  4. in case of second time of publication of RFP → Sec.25. Review on comment of Advance Publication

25 25 Chap. 3. Order  Review on comment of Advance Publication (Sec.25) Review the comment and inform the result to the offerer reflect accepted comment to RFP Composite a committee for the fair review

26 26 Chap. 3. Order  RFP issue and Reading (Sec.26) Refer to“standard for negotiated contract”  Bid Announcement Period (Sec.27) PeriodBusiness type urgent 10days - the urgent system development like law revision, disaster etc. - less than 3 months of project period -audit project -re-bid project 20daysLess than 1 billion of estimated price 25days More than 1 billion of estimated price ~ Less than 4 billion of estimated price 30daysMore than 4 billion of estimated price normal40days

27 27 Chap. 3. Order  Presentation Meeting about RFP (Sec.28) Host Presentation meeting for bidders(option) State date & time, place etc. in RFP  Proposal Submission (Sec.29) Bidders submit RFP and a price bid separately Seal the price bid and and Keep them in secrete until unsealing a bidding price and Evaluation → Sec.35(unsealing a bidding price and Evaluation)

28 28 Chap. 4. Chap. 4. Selection and Contract  Composition of Evaluation Committee (Sec.30) Composite the evaluation committee with experts from public officials, professors, researchers, industrial experts Appoint public officials as committee members within 50%  Advance Distribution of Proposal (Sec.31) In case of detailed review, distribute proposals toe evaluation committee members in advance Make security policy to prevent from leakage of proposals

29 29 Chap. 4. Chap. 4. Selection and Contract  Proposal Evaluation (Sec.32) Evaluate with proposals Check the identity of presenter ※ if the presenter is not PM, he can’t make a presentation  Review Time of Proposal and Adjustment of Evaluation Score (Sec.33) Make Review time of Proposal 1. Less than 1 billion business : 90 Min. 2. Less than 2 billion business : 120 Min. 3. Less than 4 billion business : 150 Min. 4. more than 1 billion business : 180 Min. Adjust Evaluation Score in case of suspicious situation

30 30 Chap. 4. Chap. 4. Selection and Contract  Publication of Technology Evaluation Result (Sec.34) In case of more than 2 billion business, make public the evaluation result  unsealing a bidding price and Evaluation (Sec.35) After the technology evaluation, unseal a bidding price and evaluate it without delay  Technology and Price Negotiation (Sec.36) Refer to “National Contract Act” In case of changing the task, consider price for a subcontract also.

31 31 Chap. 5. Execution  Approval Application of subcontracting (Sec.37) The Business operator summit to get approval for subcontracting  Include approval application of subcontracting, detailed calculation report, business fulfillment plan of subcontracting(include detailed schedule) etc.  Subcontracting Approval (Sec.38) Check price for a subcontract In case of less than the standard of price for a subcontract, refuse it Notice it clearly within 14 days, or It regards as approval

32 32 Chap. 5. Execution  Lunching and Report (Sec.39) The Business operator summit business lunching report within 10 days after contract In case of complementary, complement it within 7 days Ask lunching meeting, if it needs  Subcontracting Management (Sec.40) The Subcontractor summits compliance report of subcontracting In case of unfulfilling, report it to Fair Trade Commision

33 33 Chap. 5. Execution  Workplace (Sec.41) Decide workplace with the business operator Prepare workplace, if budget don’t include the expense for workplace Consider Remote place development, if it is possible  Human Resource Management (Sec.42) In case of FP, don’t use head-counting management  Compliance of Technology Application Planning (Sec.43) The business operator comply with Technology Application Plan and summit the result

34 34 Chap. 5. Execution  Standard Documents (Sec.44) Receive standard documents and keep them consistency to use in the time of operation and maintenance  Changing Tasks (Sec.45) Change task, if it is necessary  Procedure of Changing Tasks (Sec.46) Comply the procedure according to to “industrial development act” and “general condition of service contract”  Payment of Changing Tasks (Sec.47) Adjust the business expense according to “Enforcement decree of national contract act”

35 35 Chap. 5. Execution  Integration Management of Information Resource (Sec.48) Register information resource to “National EA portal (www.geap.go.kr)” Use the system to manage the status and statistics information resource  Auditing (Sec.49) Follow up the action plan for audit according to audit report Auditors write the compliance result between Technology application plan and the result

36 36 Chap.6. Chap.6. Software Secure Coding  Principal of SW Secure Coding (Sec.50) Comply with SW secure coding  In case of new development : all sw codes  In case of maintenance : modified sw codes  Activity of SW Secure Coding (Sec.51) In time of proposal evaluation, evaluate reasonability of the tools, procedures, method etc. Refer to “SW secure coding guide” developers/programmers are trained with secure coding

37 37 Chap.6. Chap.6. Software Secure Coding  Diagnosis standard of Security Weakness (Sec.52) Refer to mandatory diagnosis item  Diagnosis Procedure of Security Weakness (Sec.53) Diagnose to remove the security weakness Include diagnosis to Audit check list Use the tool to remove the security weakness Business operators verify to remove the security weakness  Diagnostician (Sec.54) Qualified experts Registered in Ministry of Security and Public Administration Management of Diagnostician

38 38 Chap.7. Examination and Operation  Compensation of Deferment (Sec.55) Calculate it according to “general condition of service contract”  Examination (Sec.56) Examine it according to “general condition of service contract” Check the compliance between Technology application plan and the result Check the non-conformity of Audit report to be corrected  Private Application of Information Resource (Sec.58) share information resource with the private through “public data portal(www.data.go.kr)”or your own Information system

39 39 Chap.7. Examination and Operation  Operation and Maintenance (Sec.59) In case of modification of systems, make consistency between systems and documents Make manual of operation and maintenance though the business operator  Attribution of Intellectual Property and Deposit of Technical Data (Sec.60) Refer to“general condition of service contract”

40 Ref1) Structure of User Requirement 40 NO Requirement typecode 1 System overview and Function list BR 2 Function requirement FR 3 Performance requirement PR 4 Quality requirement QR 4.1 reliability QRR 4.2 Availability QUR 4.3 Maintenance QMR 4.4 Portability QPR 4.5 Security QSR 5 Interface requirement IR 6 Data requirement DR 7 Operation requirement OR 8constraintsCO

41 Ref2) Flow of CBD documents 41 Analysis Design Implementation Test Integration Test result Acceptance Test Scenario tio Definition and analysis of requirement Use case Specification Requirement Defintiion Testing System test result Acceptance Test result Acceptance Source code Unit test result RFP Proposal Business Fulfillment plan Meeting result … Class design Component component design user interface design Screen Database Entity relationship description Database design Data conversion and initial data design Conversion test plan Test Integration Test scenario System test scenario Unit test case architecture design Architecture Interface design Interface Database Database table User manual Training Operator manual System Installation result Installation Requirement trace

42 42 Q & A


Download ppt "Information System (e-Government) Implementation· Operation Guideline By NIA/MoSPA Korea."

Similar presentations


Ads by Google