E-GOVERNANCE MISSION MODE PROJECT (MMP) …ncrb.gov.in/BureauDivisions/CCTNS/All State RFP/Rajasthan RFP/Final... · 6.5.22 Furniture ... PMIS Project Management Information System

E-GOVERNANCE

MISSION MODE PROJECT

(MMP)

CRIME AND CRIMINAL TRACKING

NETWORK & SYSTEMS

RFP FOR SELECTION OF SYSTEM

INTEGRATOR

VOLUME – I: Technical & Functional

Requirements

RELEASED BY:

Rajasthan Police

Government of Rajasthan

Mission Mode Project-CCTNS Request for Proposal (RFP) Vol-I -CCTNS Rajasthan

Rajasthan Police Page 2 of 211

Table of Contents

1 INTRODUCTION .......................................................................................................10

1.1 PROJECT BACKGROUND ......................................................................................................................... 10

1.2 BACKGROUND OF POLICE SYSTEMS IN INDIA ......................................................................................... 10

1.3 CRIME AND CRIMINALS INFORMATION SYSTEM (CCIS)......................................................................... 10

1.4 COMMON INTEGRATED POLICE APPLICATION (CIPA) ............................................................................ 11

1.5 CRIME AND CRIMINAL TRACKING NETWORK & SYSTEMS (CCTNS) ....................................................... 12

1.6 CCTNS IMPLEMENTATION FRAMEWORK .............................................................................................. 13

1.7 GOALS FOR THE REQUEST FOR PROPOSAL (RFP) .................................................................................. 14

2 PROJECT DETAILS ................................................................................................... 16

2.1 NEED FOR THE PROJECT ....................................................................................................................... 16

2.2 VISION AND OBJECTIVES OF THE PROJECT ............................................................................................ 16

2.3 STAKEHOLDERS OF THE PROJECT .......................................................................................................... 16

2.4 DESIRED OUTCOMES FOR VARIOUS STAKEHOLDERS ............................................................................... 17

3 RAJASTHAN STATE POLICE DEPARTMENT ............................................................ 20

3.1 DEPARTMENT'S ORGANIZATION STRUCTURE ........................................................................................ 20

3.2 EXISTING LEGACY SYSTEMS .................................................................................................................. 22

3.3 EXISTING DATA CENTRE INFRASTRUCTURE .......................................................................................... 22

3.4 EXISTING WAN INFRASTRUCTURE ....................................................................................................... 23

3.5 EXISTING CLIENT SITE INFRASTRUCTURE ............................................................................................. 23

4 SCOPE OF THE PROJECT ......................................................................................... 30

4.1 GEOGRAPHICAL SCOPE: ....................................................................................................................... 30

4.2 SCOPE OF SERVICES DURING IMPLEMENTATION PHASE ........................................................................ 30

4.3 PROJECT PLANNING AND MANAGEMENT ............................................................................................... 31

4.4 PROJECT DOCUMENTATION .................................................................................................................. 32

4.5 PROJECT MANAGEMENT TOOL .............................................................................................................. 32

4.6 CONFIGURATION MANAGEMENT TOOL .................................................................................................. 32

4.7 ISSUE TRACKER..................................................................................................................................... 33

4.8 CONFIGURATION, CUSTOMIZATION AND EXTENSION (DEVELOPMENT OF NEW MODULES AND FEATURES)

OF CAS AND INTEGRATION WITH EXTERNAL AGENCIES THROUGH AGILE SOFTWARE DEVELOPMENT

METHODOLOGY.................................................................................................................................................... 33

4.9 SITE PREPARATION AT POLICE STATIONS AND HIGHER OFFICES ........................................................... 41

4.10 DATA MIGRATION AND DATA DIGITIZATION ......................................................................................... 41

4.11 CAPACITY BUILDING AND CHANGE MANAGEMENT ................................................................................ 42

4.12 HANDHOLDING SUPPORT ...................................................................................................................... 42



4.13 REQUIREMENT ON ADHERENCE TO STANDARDS .................................................................................... 42

4.14 COMPLIANCE WITH INDUSTRY STANDARDS ........................................................................................... 42

4.15 3RD PARTY ACCEPTANCE TESTING, AUDIT AND CERTIFICATION ............................................................ 43

4.16 SCOPE OF SERVICES DURING POST IMPLEMENTATION PHASE ................................................................ 45

5 CAS CUSTOMIZATION AND INTEGRATION WORK PROPOSAL ................................47

5.1 PROJECT MANAGEMENT WORK PROPOSAL ........................................................................................... 47

5.1.1 Project Work Plan and Schedule ...............................................................................................48

5.1.2 Project Work Plan Baselines ......................................................................................................48

5.1.3 Work Breakdown Structure (WBS) ..........................................................................................48

5.1.4 System Environments ................................................................................................................48

5.1.5 Facilities ...................................................................................................................................... 49

5.1.6 Meeting Rooms and Workspace Requirements .......................................................................50

5.1.7 Indicative Customization and Integration List........................................................................50

6 ANNEXURE ............................................................................................................. 52

6.1 ANNEXURE-I SERVICE LEVEL AGREEMENT .............................................................................. 52

6.1.2 Mandatory Qualification Criteria for Key Profiles and Numbers ......................................... 56

6.2 ANNEXURE- II- POST IMPLEMENTATION SERVICES ................................................................ 61

6.3 ANNEXURE- III- FUNCTIONAL REQUIREMENT SPECIFICATIONS ......................................... 67

6.3.1 Core Application Software ........................................................................................................ 67

6.3.2 CAS (Centre) ............................................................................................................................... 67

6.3.3 CAS (State) ..................................................................................................................................68

6.3.4 Development of CCTNS Core Application Software (CAS) ..................................................... 71

6.4 FUNCTIONAL REQUIREMENT SPECIFICATION ........................................................................................ 71

6.4.1 Extended CAS Functional Requirements (Sample): ................................................................ 72

6.5 ANNEXURE- IV- IT INFRASTRUCTURE REQUIREMENTS ......................................................... 77

6.5.1 Introduction ................................................................................................................................ 77

6.5.2 Wide Area Network (WAN) & ISP Services.............................................................................. 77

6.5.3 Proposed Network Architecture ................................................................................................ 77

6.5.4 Data Centre ................................................................................................................................. 79

6.5.5 Architectural Aspect .................................................................................................................. 80

6.5.6 DC Design Description ...............................................................................................................82

6.5.7 Set-up at Data Centre and DR Site ...........................................................................................82

6.5.8 Hardware and Security Components at Data Centre .............................................................83

6.5.9 Network Components at DC ......................................................................................................84

6.5.10 Collation with State Data Center ..............................................................................................84

6.5.11 Hardware at the DC ................................................................................................................... 85

6.5.12 DR Site .........................................................................................................................................89



6.5.13 Hardware and Security Components at DR Site ..................................................................... 91

6.5.14 Co-located with CCTNS DR Site:............................................................................................... 91

6.5.15 Hardware at the DR Site ........................................................................................................... 91

6.5.16 Client/ User Locations ............................................................................................................... 93

Additional Requirements at Client Location to be purchased by SI ...................................................... 95

6.5.17 Requirements at Client Location ............................................................................................... 96

6.5.18 Specification of Proposed Software at DC & DR.................................................................... 103

6.5.19 Minimum Technical Specifications- Hardware at DC & DR ................................................ 139

6.5.20 Minimum Technical Specifications Requirement at Client Site ........................................... 158

6.5.21 Earthling Recommendations: ................................................................................................. 165

6.5.22 Furniture ................................................................................................................................... 166

6.5.23 Fire Extinguisher (5 Kg) .......................................................................................................... 167

6.5.24 Web Based PMIS ...................................................................................................................... 167

6.5.25 Standard Operating Procedure for Hardware Procurement and Quality Assurance ....... 168

6.5.26 Details of Technology Stack CAS (State) and CAS (Center) .................................................. 170

6.6 ANNEXURE- V-DATA CAPTURE AND APPLICATION INTEGRATION .................................................... 176

6.6.1 Types of Data ............................................................................................................................ 176

6.6.2 Migration Strategy .................................................................................................................. 183

6.7 ANNEXURE- VI-CAPACITY BUILDING & CHANGE MANAGEMENT ....................................... 185

6.7.1 Introduction .............................................................................................................................. 185

6.7.2 Overview of the Capacity building Scope ............................................................................... 185

6.7.3 Training and Capacity Building As-Is .................................................................................... 190

6.7.4 Implementation Plan ............................................................................................................... 198

6.7.5 Indicative Training Plan for the Members of Police Department ........................................ 201

6.7.6 Handholding Support ............................................................................................................. 204

6.8 ANNEXURE VII GOVERNANCE STRUCTURE ............................................................................ 206



LIST OF ABBREVIATIONS / ACRONYMS

ADGP Additional Director General of Police

AFIS Automated Fingerprint Identification System

AIG Assistant Inspector General of Police

AMC Annual Maintenance Contract

AT Acceptance Testing

ATS Annual Technical Support

BG Bank Guarantee

BOM Bill of Material

BPM Business Process Management

BPR Business Process Reengineering

BSNL Bharat Sanchar Nigam Limited

CAD Computer Aided Dispatch

CAS Core Application Software

CB Capacity Building

CBI Central Bureau of Investigation

CCIS Crime and Criminals Information System

CCTNS Crime & Criminal Tracking Network and Systems

CID Criminal Investigation Department

CIPA Common Integrated Police Application

COTS Commercial Off The Shelf

CPMU Central Program Management Unit

CrPC Criminal Procedure Code

CUG Closed User Group

DC Data Centre

DCRB District Crime Record Bureau

DG Director General

DG Set Diesel Generator Set

DGP Director General of Police

DHCP Dynamic Host Configuration Protocol

DIG Deputy Inspector General of Police

DeitY Department of Electronics and Information Technology

DMZ Demilitarized Zone



DR Disaster Recovery

DRC Disaster Recovery Centre

DSP Deputy Superintendent of Police

EMD Earnest Money Deposit

EMS Enterprise Management System

FIR First Information Report

FRS Functional Requirement Specifications

GIGW Guidelines for Indian Government Website

GIS Geographical Information System

GO Gazetted Officer

GOI Government of India

GPS Global Positioning System

GRP Government Railway Police

GUI Graphical User Interface

HDD Hard Disk Drive

HLD High Level Design

HQ Headquarters

HTTP Hypertext Transfer Protocol

IB Intelligence Bureau

IC Integration Components

ICT Information & Communication Technology

IGP Inspector General of Police

IIF Integrated Investigation Forms

IO Investigation Officer

IPC Indian Penal Code

ISO International Organization for Standardization

IT Information Technology

LAN Local Area Network

LD Liquidated Damages

LIMS Lawful Interception Monitoring System

LLD Low Level Design

MACs Message Authentication Codes

MHA Ministry of Home Affairs

MIS Management Information System

MMP Mission Mode Project



MPLS Multiprotocol Label Switching

MTBF Mean Time Between Failures

MTTA Mean Time To Attend

MTTR Mean Time To Repair

NCR Non-Cognizable Report

NCRB National Crime Records Bureau

NeGP National eGovernance Plan

NGO Non-Gazetted Officer

NIC National Informatics Centre

NOC No Objection Certificate

NSDG National e-Governance Service Delivery Gateway

OEM Original Equipment Manufacturer

OLAP Online Analytical Processing

QGR Quarterly Guaranteed Revenue

PBG Performance Bank Guarantee

PCR Police Control Room

PHQ Police Headquarters

PKCS Public Key Cryptography Standards

PM Preventive Maintenance

PMIS Project Management Information System

RDBMS Relational Database Management System

RFC Request for Clarification

RFP Request for Proposal

RPO Recovery Point Objective

RTI Right To Information

RTM Requirements Traceability Matrix

RTO Recovery Time Objective

SAN Storage Area Network

SCRB State Crime Records Bureau

SDA Software Development Agency

SDC State Data Centre

SDPO Sub-Division Police Office

SHO Station House Officer

SI System Integrator

SLA Service Level Agreement



SOA Service Oriented Architecture

SOAP Simple Object Access Protocol

SP Superintendent of Police

SPMU State Program Management Unit

SPOC Single Point of Contact

SRS Software Requirement Specifications

SSDG State e-Governance Service Delivery Gateway

SSL Secure Sockets Layer

SWAN State Wide Area Network

SyRS System Requirement Specifications

TCP/IP Transmission Control Protocol/Internet Protocol

UAT User Acceptance Testing

UID Unique Identification

UL Underwriters Laboratories

UT Union Territory

VPN Virtual Private Network

WAN Wide Area Network

XML Extensible Markup Language



Table of Contents

Introduction

1



1 INTRODUCTION

The Ministry of Home Affairs has conceptualized the Crime & Criminals Tracking Network and

Systems (CCTNS) project as a Mission Mode Project under the National e- Governance Plan

(NeGP). This is an effort of the Government of India to modernize the police force giving top

priority to citizen services, information gathering, and its dissemination among various police

organizations and units across the country.

1.1 Project background

Availability of relevant and timely information is of utmost necessity in conduct of business by

police, particularly in investigation of crime and in tracking & detection of criminals. Police

organizations everywhere have been handling large amounts of information and huge volume of

records pertaining to crime and criminals. Information Technology (IT) can play a very vital role

in improving outcomes in the areas of Crime Investigation and Criminal Detection and

other functioning of the Police organizations, by facilitating easy recording, retrieval, analysis

and sharing of the pile of Information. Quick and timely information availability about

different facets of police functions to the right functionaries can bring in a sea change both

in Crime & Criminals handling and related operations, as well as administrative processes.

Creation and maintenance of databases on Crime & Criminals in digital form for sharing by all

the stakeholders in the system is therefore very essential in order to effectively meet the

challenges of crime control and maintenance of public order. In order to achieve this, all the

states should meet a common minimum threshold in the use of IT, especially for crime &

criminals related functions.

1.2 Background of Police Systems in India

Several initiatives have been introduced in the past to leverage IT in police functioning. Some of

these initiatives include centrally initiated programs such as the NCRB-led CCIS (Crime and

Criminals Information System) and CIPA (Common Integrated Police Application), and State-

led initiatives such as e-COPS (in Andhra Pradesh), Police IT (in Karnataka), Thana Tracking

System (in West Bengal), CAARUS (in Tamil Nadu) and HD IITS (in Gujarat).

Presently automation in the area of Civil Police is addressed mainly through the two GOI-led

initiatives – CCIS and CIPA and in some States such as Andhra Pradesh, Karnataka and Gujarat,

through State- led initiatives.

The following section explores the details of the two Government of India (GOI)-led initiatives.

1.3 Crime and Criminals Information System (CCIS)

CCIS was an NCRB-driven program and has been launched in 1990. Since then, it has been

implemented in 35 states and union territories and spans over 700 locations. Most of the state

police headquarters and district headquarters are covered by CCIS and so are some of the

14,000+ police stations in the country.



CCIS was primarily an initiative to create crime and criminals related database that can be used

for crime monitoring by monitoring agencies such as National Crime Records Bureau (NCRB),

State Crime Records Bureau (SCRB) and District Crime Records Bureaux (DCRB) and to

facilitate statistical analysis of crime and criminals related information by these monitoring

agencies and also to be shared by states.

CCIS data was used for publishing online reports such as Missing Persons Report and is also

used as the basis for online query facilities that are available through the NCRB website. In

addition, it is also used by NCRB to publish an annual nation-wide crime report. CCIS focuses

exclusively in crime and criminals information and does not address the other aspects of police

functioning.

CCIS was originally built on Unix OS and Ingres database, but has since been ported to

Windows platform and has released its last three versions on Windows (the last release having

taken place in September 2002).

1.4 Common Integrated Police Application (CIPA)

A feature common to most of the early efforts has been a predominant focus on collection of

data as required by the monitoring agencies and on specific functions such as records

management, statistical analysis and office automation; rather than on police stations, which are

the primary sources of crime and criminals related data generation.

In order to provide an application that supports police station operation and investigation

process, and that is common across all states and union territories, MHA had conceptualized the

Common Integrated Police Application (CIPA) in 2004. It has been initiated as part of the

“Modernization of State Police Forces (MPF)” scheme of the Ministry of Home Affairs. The aim

of CIPA is to bring about computerization and automation in the functioning at the police

station with a view to bringing in efficiency and transparency in various processes and functions

at the police station level and improve service delivery to the citizens. So far about 2,760 police

stations, out of a total of 14,000+ police stations across the country, have been covered under

the scheme.

CIPA is a stand-alone application developed to be installed in police stations and to support the

crime investigation and prosecution functions. CIPA is a centrally managed application: an

application core centrally developed and is installed in police station. Any state-specific

customization would be evaluated and developed on need basis.

The core focus of the CIPA application is automation of police station operation. Its core

functionality includes the following modules: (i) Registration Module (ii) Investigation Module

(iii) Prosecution Module. There is also a Reporting module that addresses basic reporting needs.



CIPA is built on client-server architecture on a NIC Linux platform using Java and PostgreSQL.

Benefits realized from CIPA include the ability to enter registration (FIR) details into the system

and print out copies and the ability to create and manage police station registers on the system,

etc.

It was felt, however, that a standalone application couldn’t provide the enhanced outcomes in

the areas of Crime Investigation and Criminals Detection that are necessary. For this reason,

MHA has decided to launch the Crime and Criminal Tracking Network & Systems (CCTNS)

program.

1.5 Crime and Criminal Tracking Network & Systems (CCTNS)

Crime and Criminal Tracking Network & Systems (CCTNS) is a Mission Mode Project

conceptualized and sponsored by the Ministry of Home Affairs (MHA) towards enhancing

outcomes in Crime Investigation and Criminals Tracking; and in enhancing the efficiency and

effectiveness of police departments in all States and Union Territories.

The CCTNS project aims at creating a comprehensive and integrated system for enhancing the

efficiency and effectiveness of policing at the Police Station level through adoption of principles

of e-Governance, and creation of a nationwide networked infrastructure for evolution of IT-

enabled state-of-the-art tracking system around “investigation of crime and detection of

criminals” in the real time. This is a critical requirement in the context of the present day

internal security scenario.

The following objectives have been defined for CCTNS:

a. Provide Enhanced Tools for Investigation, Crime Prevention, Law & Order Maintenance

and other functions like Traffic Management, Emergency Response, etc.

b. Utilize IT for efficiency and effectiveness of core policing operations.

c. Provide information for easier and faster analysis.

d. Increase Operational Efficiency by:

a. Reducing the necessity to manually perform monotonous and repetitive tasks.

b. Improving the communication e.g. Police messaging, email systems etc.

c. Automating back-office functions, and thereby releasing police staff for greater

focus on core police functions.

e. Create platforms at State and Central level for sharing crime and criminal information/

databases across state and the country. This would enable easy sharing of real-time

information across police stations and districts at the State level/ UT level and across

States/ UTs at the National level, there by resulting in:

a. Improved investigation and crime prevention.

b. Better tracking of criminals, suspects, accused, repeat offenders etc.

c. Create a platform for sharing intelligence across the states, across the country

and across other State-level / UT level and GoI-level agencies.



d. Improved service delivery to the public/ citizen/ stakeholders.

e. Access to police services in a citizen-friendly manner.

f. Provide alternate modes of service delivery such as internet (for general requests

such as NOC, for following up on status, e.g. Ministry of External Affairs,

Ministry of Transport).

The following figure is a simplistic representation of the ‘Change’ in policing system envisaged

under the CCTNS project. In the existing system, most of the police function and systems are

manual and paper based. The interaction of citizen with department and also of various offices

within the department is either through physical presence of individuals or through the post –

commonly known as ‘Daak System”.

Figure 1: Change in Policing System

In CCTNS scenario, certain services of police department for citizens would become online and

could be accessed / requested through web. Also, the associated workflow of police processes

would become automated. The connectivity would be provided at all police station level and all

higher offices with State Data Centre. The department would further be connected centrally with

other police offices in all the States / UTs and centre as well as with NCRB and MHA at the

central level via National Data Centre. This envisaged scenario would lead to integrated policing

system across the country.

1.6 CCTNS Implementation Framework

CCTNS would be implemented in a way where the States and UTs play a major role. CCTNS

would be implemented in alignment with the NeGP principle of “centralized planning and



de-centralized implementation”. MHA and NCRB would play a key role in planning the

program in collaboration with the Police leadership within states, in the development of a few

core components and in monitoring and reviewing the program. It is, however, the States and

UTs that would drive the planning and implementation at the state level.

The role of the Centre (MHA and NCRB) focuses primarily around planning, providing the core

application software (to be configured, customized, enhanced and deployed in States),

managing (from a high level) and monitoring the program. States would drive the

implementation at the state level and would continue to own the system after deployment.

The implementation of CCTNS would be taking an “integrated service delivery” approach rather

than that of procurement of hardware and software.

The central feature of CCTNS implementation at the State level is the “bundling of services”

concept. According to this, each state shall select a System Integrator (SI) who would be the

single point of contact for the State for all the components of CCTNS. These components include

the application (the changes made to the core application provided by MHA), hardware,

communications infrastructure, associated services such as Capacity Building, Handholding etc.

1.7 Goals for the Request for Proposal (RFP)

The primary goal of this RFP is to select a SI for CCTNS Rajasthan project through a competitive

bidding process. This volume of RFP intends to bring out all the details with respect to solution

and other requirements that are deemed necessary to share with the potential bidders. The goals

of RFP are further elaborated below:

a) To seek proposals from potential bidders for providing the “bundle of services” in

implementing and managing the CCTNS solution in Rajasthan.

b) To understand from the bidders how they propose to meet the technical and

operational requirements of CCTNS.

c) To ascertain how potential bidders propose to deliver the services and sustain the

demand and growth in the requirements.

d) To ascertain from bidders on how they will ensure scalability and upgradeability

of the infrastructure and solution proposed to be deployed.

e) To understand from the bidders as to how they intend to innovate further on this service

delivery model.

Project Details

2



2 PROJECT DETAILS

2.1 Need for the Project

A need has been felt to adopt a holistic approach to address the requirements of Rajasthan

Police, mainly with relation to functions in the police stations, traffic management and other

functionaries of the department. There is also a need to strengthen the citizen interfaces with the

police. Interfaces need to be built with external agencies like courts, jails, transport authorities,

hospitals, and municipal authorities etc. to be able to share information between departments.

Therefore, it becomes critical that information and communication technologies are made an

integral part of policing in order to enhance the efficiency and effectiveness of the police

department.

2.2 Vision and Objectives of the Project

Vision: To transform the police force into a knowledge-based force and improve the delivery of

citizen-centric services through enhancing the efficiency and effectiveness of the police stations

by creating a platform for sharing crime and criminal information across the police stations in

the country.

The overall objective of the MMP is based on enhancing the operational efficiency and

effectiveness of the police force in delivering the services. The broad objectives of the project are

as follows:

a) Improve Service Delivery to the Public: Citizens should be able to access police services

through multiple, transparent, and easily accessible channels in a citizen-friendly

manner. The focus is not only to improve the current modes of the service delivery but

also provide alternate modes such as internet for the public to communicate with the

police.

b) Provide Enhanced Tools for Law & Order Maintenance, Investigation, Crime

Prevention, & Traffic Management which are core components of policing. Information

technology can both enable and improve the effectiveness and efficiency of the core

activities of the police. Police should be provided with data amenable for easier and

faster analysis in order to enable them to make better and informed decisions.

c) Increase Operational Efficiency: Police should spend more time on the public facing

functions. Information technology solutions should help in reducing the repetitive

paperwork/records and making the back-office functions more efficient.

d) Create a platform for sharing crime & criminal information across the country: There

is a critical need to create a platform for sharing crime and criminal information across

police stations within and between the different states in order to increase the

effectiveness in dealing with criminals across the state borders.

2.3 Stakeholders of the Project

The impact of the police subject being sensitive, a consultative and a bottom-up approach has to

be adopted in designing the Project impacting the following stakeholders:



1. Citizens and Citizen groups

2. Police Personnel at the police station level (Station House Officers, Investigation

Officers, Station Writers, and Constables etc)

3. Senior Officers in the State Police /State Government

4. Ministry of Home Affairs

5. External Departments such as Jails, Courts, Passports Office, Transport

Department etc.

2.4 Desired outcomes for various stakeholders

The following are the expected benefits envisaged from successful implementation of the CCTNS

project:

S. No Stakeholder Benefits

1. Citizens Simplified process for registering and tracking complaints

and FIRs.

Simplified process for registering grievances against police.

Faster and assured response from police to any emergency

calls for assistance.

Simplified process for tracking the progress of the case

during trials.

Simplified access to view/report unclaimed/recovered

vehicles and property.

Multiple channels to access services from police.

Simplified process for accessing general services such

as requests for certificates, verifications, and permissions.

Improved relationship management for victims and

witnesses.

Greater access to traffic police for registering traffic

complaints.

Ability to view and pay pending traffic challans from

multiple access points.



S No Stakeholder Benefits

2. Police Department Centralized crime and criminal information repository

along with the criminal's images and fingerprints with

advanced search capabilities.

Enhanced ability to analyze crime patterns and modus

operandi.

Reduced workload of the police station back-office

activities such as preparation of regular and ad-hoc reports

and station records management.

A collaborative knowledge-oriented environment where

knowledge is shared across the different regions and units.

Better coordination and communication with external

stakeholders through implementation of electronic

information exchange systems.

Enhanced tools for investigation.

Enhanced ability to analyze accidents and other road

incidents.

Faster turnaround time for the analysis results (crime and

traffic) to reach the officers on the field.

Enhanced tools to optimize resource allocation for patrols,

emergency response, petition enquiries, and other general

duties.

Advanced tools for traffic regulation and enforcement.

3. Police Officials

(via integration

with iHRMS and

Police LMS)

Balanced performance evaluation metrics and framework.

Simplified process for registering grievances within the

department.

Simplified process for personnel’s administrative services

such as leave, pay-roll, loans, and bill claims.

Integrated view of the service record that presents the

performance feedback and training needs.

4. Ministry of Home

Affairs

Standardized means of capturing the crime and criminal

data across the police stations in the country.

Faster and easier access to crime and criminal information

across the country in a manner amenable for trend and

pattern analysis.

Enhanced ability to detect crime patterns and modus

operandi across the states and communicate to the state

police departments for aiding in crime prevention.

5. External

Departments

Seamless integration with police systems for better citizen

service delivery and improved law enforcement.

Table 1: Benefits to Stakeholders



Rajasthan State Police

3



3 RAJASTHAN STATE POLICE DEPARTMENT

3.1 Department's Organization Structure

Rajasthan is divided into 8 ranges, 2 Commissionerates having a total of 45 SP/ DCP offices. At

some of the offices, SP and Addl. SP share the same premise, however, there are 24 locations

where Addl. SP office is different than the SP office.

Figure 2: Range/ Commissionerates and SP & Addl. SP Offices

Following figure gives the sum of Circle offices (210) in all ranges and commissionerates as on

November 2013

Figure 3: Range/ Commissionerates and Circle Offices

Ajmer Bharat

pur Bikane

r GRP

Jaipur Jaipur

Jaipur Commissionerate

Jodhpur

Jodhpur

Commissionerate

Kota Udaip

ur

Sum of no. of SP Offices 4 4 4 2 5 6 6 3 5 6

Sum of no. of Addl. SP Offices 5 2 4 0 5 2 4 1 0 1

0 1 2 3 4 5 6 7

Range/ Commissionerate and SP & Addl. SP Offices

Ajmer Bharatp

ur Bikaner

GRP Jaipur

Jaipur

Jaipur Commissionerat

e

Jodhpur

Jodhpur Commissionerat

e

Kota Udaipur

Total 29 19 22 6 31 18 24 6 24 31

0

5

10

15

20

25

30

35

Range/ Commissionerates and Circle Offices



The following graph depicts the sum of police stations (total of 863 notified police stations):

Figure 4: Range and Police Stations

Ajmer Bharat

pur Bikane

r CID (IB)

GRP Jaipur

Jaipur

Jaipur Commissione

rate

Jodhpur

Jodhpur

Commissione

rate

Kota Udaip

ur SOG SCRB

Total 121 75 87 1 25 120 63 117 26 98 128 1 1

0

20

40

60

80

100

120

140

Division of Police Stations



The following highlights the field establishment of the Rajasthan Police:

Director General of Police (DGP) {Head of the Department}

Additional Director General of Police (Addl. DGP)

Inspector General of Police (IGP) {In-charge of a range}

Deputy Inspector General of Police (Dy. IGP)

Superintendent of Police (SP) {In-charge of a District}

Additional Superintendent of Police (Addl. SP)

Assistant/ Deputy Superintendent of Police (ASP/ Dy. SP) {In-charge of a

Circle in a district}

Inspector of Police {In-charge of some Police Station}

Sub-Inspector of Police (SI) {In-charge/Staff of a smaller Police Station}

Assistant Sub-Inspector of Police (ASI) {Staff of the Police Station}

Police Head Constable (HC) {Staff of the Police Station}

Police Constable {Staff of the Police Station}

Hierarchy of Commissionerate office:

Commissioner of Police

Additional Commissioner of Police

Deputy Commissioner of Police

Assistant Commissioner of Police

Table 2: Rajasthan Police Hierarchy

Detailed information on Police hierarchy is available on www.police.rajasthan.gov.in

3.2 Existing Legacy Systems

The existing Legacy systems are:

Crime and Criminals Information System (CCIS)

Common Integrated Police Application (CIPA)

3.3 Existing Data Centre Infrastructure

The Rajasthan State Data Centre (RSDC) is located at Yojana Bhawan, Jaipur. Partial IT

infrastructure for CCTNS project is already installed at RSDC. Details of indicative network

architecture, specification of deployed IT infrastructure, and specification of remaining IT

infrastructure at RSDC, are given in succeeding sections (Refer: Annexure IV). Disaster

Recovery (DR) Site shall be set up at NIC, Shastri Park, New Delhi by the successful bidder. The

detailed information pertaining to the RSDC and DR Site is available in Annexure IV of this

volume.



3.4 Existing WAN Infrastructure

The Government of Rajasthan wishes to establish a State Wide Area Network (SWAN) as the

backbone network for data, voice and video communications throughout the State. SWAN would

act as the vehicle for effective implementation of Electronic Governance (e-Governance) across

the state.

The state is determined to make efforts to effectively use Information Technology for delivering

quality services to citizens and quicken the overall development of the State through

improvement of G2G and G2C Interface.

The Primary connectivity by BSNL (VPN0BB- 512 kbps) has been provided at all Police Stations

and higher offices. Where the VPNoBB connectivity is not feasible the WiMAX/VSAT (CAR-64

kbps, MAR- 512 kbps) connectivity would be used. BSNL has provided 20 Mbps line at SDC for

aggregation of VPNoBB/WIMAX/VSAT connectivity. The provision of 8 Mbps has been made

for connectivity between SDC and DR (NIC Data Centre at New Delhi). The RSWAN and

SecLAN would be the redundant connectivity for all feasible locations. The RSWAN (Rajasthan-

SWAN) has covered around 450+ CCTNS locations by November 2013. RSWAN is tentatively

scheduled to cover all the CCTNS locations by April 2014 (for details refer). SecLAN would be

providing the network in place of SWAN for Jaipur district.

3.5 Existing Client Site Infrastructure

This section details the infrastructure available at the client site. The sites have been categorized

broadly into 3 major categories, CIPA locations (locations where CIPA has been rolled out and

CIPA infrastructure is available), NON CIPA locations (Locations where CIPA has not been

commissioned) and higher offices (PHQ, SP office, etc).

Following gives the snapshot of the CIPA and Non – CIPA Police Stations as on November, 2013

Figure 5: CIPA Vs. Non – CIPA Police Stations

0

200

400

600

800

1000

Sum Police Stations Sum of CIPA

Sum of Non CIPA

863

566

297



CIPA was made functional at about 69% of the Police stations including SOG.

The following table gives a list of locations where CIPA has been operational

District CIPA-I CIPA-II CIPA-II Total

AJMER 32 32

ALWAR 29 1 30

BARAN 18 18

BARMER 21 21

BHARATPUR 23 1 24

BHILWARA 27 2 29

BIKANER 21 1 22

BUNDI 14 14

CHURU 16 16

DAUSA 13 13

DHOLPUR 13 13

JAIPUR (SOG) 1 1

JAIPUR (EAST) 2 10 2 14

JAIPUR (NORTH) 14 14

JAIPUR (SOUTH) 2 10 1 13

JAIPUR (WEST) 3 8 2 13

JAIPUR RURAL 17 1 18

JALORE 15 15

JHALAWAR 23 23

JODHPUR EAST 9 1 10

JODHPUR RURAL 13 13

JODHPUR WEST 8 8

KARAULI 16 16

KOTA CITY 14 1 15

KOTA-RURAL 15 15

NAGAUR 30 30

PRATAPGARH 2 2

SAWAIMADHOPUR 12 12

SIKAR 19 19

SRI GANGANAGAR 24 1 25

TONK 21 21

UDAIPUR 36 1 37

Grand Total 103 217 246 566

Table 3: CIPA Locations



Following diagram represents Phase wise CIPA implementation

Figure 6: Phase wise CIPA Implementation

CIPA was commissioned at a total of 5 districts in the year 2006, 13 districts in 2007 and 13

districts in 2009.

CIPA

Phase

Year of

Implement

ation

End of

warranty

Count

of

District

Sum of Number

of Police Stations

Sum of Total

available

Computers

First 2006 2009 4 103 430

Second 2007 2010 13 217 910

Third 2009 2013 13 246 978

Grand

Total

30 566 2318

Table 4: Total Computers Available under CIPA locations (Phase wise)

Note:

a) The computers purchased under Phase I and Phase II and Phase III are out of warranty.

Other IT peripherals available at CIPA locations:

Each CIPA location has below peripherals (one unit per location):

UPS 2 KVA

Multifunctional HP Laser Jet Printer

Duplex HP Laser Jet Printer

16 Port Networking Switch

First 2006 Second 2007 Third 2009

Total 4 13 13

0

2

4

6

8

10

12

14

No

. of

Dis

tric

ts

CIPA Phase



Table 5: Total Geographical spread of Police offices

S. No. Location Higher Offices Police Stations Other Offices

No

. of S

P O

ffice

s

No

. of A

dd

l. SP

Offic

e

(ou

tsid

e H

Q)

No

. Dy

SP

(SC

/ ST

/ Wo

ma

n

atr

oc

ities) o

ffice

s

No

. of D

y S

P ( T

ra

ffic) o

ffice

s

Cir

cle

Offic

es

CIP

A

No

n C

IPA

No

. of P

olic

e S

tatio

ns

Oth

er

Offic

es

No

. of C

on

tro

l Ro

om

s

1 Ajmer Range 4 5 4 1 29 112 9 121 1 4

1.1 Ajmer 1 1 1 1 8 32 2 34 1

1.2 Bhilwara 1 2 1 9 29 4 33 1

1.3 Nagaur 1 1 1 7 30 2 32 1

1.4 Tonk 1 1 1 5 21 1 22 1

1.5 Ajmer Range Office 1

2 Bharatpur

Range 4 2 4 0 19 65 10 75 1 4

2.1 Bharatpur 1 1 1 6 24 2 26 1

2.2 Dholpur 1 1 5 13 2 15 1

2.3 Karauli 1 1 4 16 2 18 1

2.4 Sawai

Modhopur 1 1 1 4 12 4 16 1

2.5 Bharatpur Range

Office 1

3 Bikaner Range 4 4 4 0 22 63 24 87 1 4

3.1 Bikaner 1 1 7 22 4 26 1

3.2 Churu 1 2 1 5 16 3 19 1

3.3 Hanumangarh 1 1 1 4 15 15 1

3.4 Sri Ganganagar 1 1 1 6 25 2 27 1

3.5 Bikaner Range Office 1

4 GRP Jaipur 2 0 0 0 6 25 25 1 2

4.1 GRP Ajmer 1 4 17 17 1

4.2 GRP Jodhpur 1 2 8 8 1

4.3 GRP Range Office 1

5 Jaipur Range 5 5 5 1 31 80 40 120 1 5



5.1 Alwar 1 2 1 1 8 30 8 38 1

5.2 Dausa 1 1 5 13 5 18 1

5.3 Jaipur Rural 1 2 1 6 18 3 21 1

5.4 Jhunjhunu 1 1 6 20 20 1

5.5 Sikar 1 1 1 6 19 4 23 1

5.6 Jaipur Range Office 1

6 Jaipur

Commissionerate 6 2 0 4 18 54 9 63 1 5

6.1 Jaipur East 1 1 5 14 2 16 1

6.2 Jaipur North 1 1 5 14 14 1

6.3 Jaipur South 1 4 13 1 14 1

6.4 Jaipur West 1 4 13 3 16 1

6.5 Jaipur (Traffic) 1 4 0 1

6.6 Jaipur (Metro) 1 1 1

6.7 JDA/Tourist 2 2

6.8 Commissionerate

Office 1

7 Jodhpur Range 6 4 6 0 24 49 68 117 1 6

7.1 Barmer 1 1 1 4 21 4 25 1

7.2 Jaisalmer 1 1 3 17 17 1

7.3 Jalore 1 1 1 4 15 1 16 1

7.4 Jodhpur Rural 1 1 1 4 13 4 17 1

7.5 Pali 1 1 1 6 27 27 1

7.6 Sirohi 1 1 3 15 15 1

7.7 Jodhpur Range Office 1

8 Jodhpur

Commissionerate 3 1 0 2 6 18 8 26 1 3

8.1 Jodhpur East 1 1 3 10 3 13 1

8.2 Jodhpur West 1 3 8 5 13 1

8.3 Jodhpur traffic 1 2 1

8.4 Commissionerate

Office 1

9 Kota Range 5 0 5 1 24 85 13 98 1 5

9.1 Baran 1 1 5 18 1 19 1

9.2 Bundi 1 1 5 14 4 18 1

9.3 Jhalawar 1 1 6 23 2 25 1

9.4 Kota City 1 1 1 4 15 4 19 1

9.5 Kota Rural 1 1 4 15 2 17 1

9.6 Kota Range Office 1



10 Udaipur Range 6 1 6 1 31 39 89 128 1 6

10.1 Banswara 1 1 4 16 16 1

10.2 Chittorgarh 1 1 1 8 26 26 1

10.3 Dungarpur 1 1 2 13 13 1

10.4 Pratapgarh 1 1 4 2 13 15 1

10.5 Rajsamand 1 1 4 15 15 1

10.6 Udaipur 1 1 1 9 37 6 43 1

10.7 Udaipur Range Office 1

11 SCRB 1 1

12 SOG 1 0 1

13 CID (IB) 1 1

14 FPB 1

15 PHQ 1 1

16 FSL 1

Grand Total 45 24 34 10 210 566 297 863 14 45


Page 29 of 211

Scope of the Project

4


Page 30 of 211

4 SCOPE OF THE PROJECT

This section will provide detailed information on the scope of each of the component

required for the implementation of this project.

4.1 Geographical Scope:

The table below highlights total locations which are to be considered for CCTNS roll out.

Type of Office Number of Offices

Police Station 760

Circle Office (CO)/ SDPO 188

DySP (SC/ ST/ Women Atrocities/ Traffic) 29

Addl. SP 14

SP office 42

Range office 8

Commissionerates 2

SCRB 1

Forensic Science Laboratory + Fingerprint Bureau 2

Police Control Room (State + District) 43

PHQ 1

Total 1090

Table 6: Total Geographical Scope

4.2 Scope of Services during implementation phase

The scope of the “bundled services” to be offered by the SI includes the following:

Project planning and management: SI should align with the overall Project planning

and management functions as prescribed by Rajasthan Police. The project plan may

be modified on mutual consent between Rajasthan Police and the selected bidder.

Configuration, Customization and Extension (New Modules) of CAS (State) and

Integration with External Agencies through Agile Software Development

methodology. SI shall procure all the necessary underlying solution components

required to deploy the Enhanced CAS for the State.

Site preparation at the Client site locations (Police Stations, Circle Offices, District SP

Office, Range Office, Commissionerate, SCRB and PHQ)

IT Infrastructure at the Client site locations (Police Stations, Circle Offices, District

SP Office, Range Office, Commissionerate, SCRB and PHQ).

Co-ordinate with DoIT&C, SWAN Operator, BSNL, SecLAN operator for ensuring

Network connectivity at all locations.

Installation and Setting up of IT infrastructure at the Data Center and DR Site

including the necessary hardware, software and other networking components.

Setting up of NOC and Helpdesk at SCRB with adequate Communication facilities.

SI shall provide maintenance services for the existing hardware at DC and Pilot

locations.

SI shall provide adequate maintenance services for all the hardware supplied (DC/

DR/ Client locations) to ensure that As-Is CAS is operational at all locations during

the implementation phase.

Deployment of enhanced CAS and ensuring availability in all locations.


Page 31 of 211

Data migration and digitization of historical data.

Migration of data from CIPA Police Stations / Higher Offices to CCTNS.

Handholding support.

3rd party acceptance testing, audit and certification.

Capacity Building and Change Management.

Operation and Maintenance for 3 years after project Go-Live.

In implementing the above, the SI shall strictly adhere to the standards set by the MHA,

NCRB, and State Government.

The project will be managed out of SCRB office at Jaipur. At all points in the execution of the

project, key senior resources including the project manager must be based at SCRB office.

Successful bidders are requested to note that any changes within the scope of work will be

presumed to be included in the overall scope of work.

4.3 Project Planning and Management

This project is a geographically spread initiative involving multiple stakeholders. Its

implementation is complex and though its ultimate success depends on all the stakeholders;

the role of SI is key and hence SI is required to design and implement a comprehensive and

effective project management methodology together with efficient & reliable tools.

To have an effective project management system in place, it is necessary for the SI to use a

Web based Project Management Information System (PMIS). The SI shall address at the

minimum the following using PMIS:

Create an organized set of activities for the project

Establish and measure resource assignments and responsibilities

Construct a project plan schedule including milestones

Measure project deadlines, budget figures, and performance objectives

Communicate the project plan to stakeholders with meaningful reports

Provide facility for detecting problems and inconsistencies in the plan

During the project implementation the SI shall report to the Rajasthan Police, on following

items:

Results accomplished during the period

Cumulative deviations to date from schedule of progress on milestones as specified in

this RFP read with the agreed and finalized Project Plan

Corrective actions to be taken to return to planned schedule of progress

Proposed revision to planned schedule provided such revision is necessitated by

reasons beyond the control of the SI

Other issues and outstanding problems, and actions proposed to be taken

Progress reports on a fortnightly basis

Interventions which the SI expects to be made by the State Nodal Officer and/or

actions to be taken by the State Nodal Officer before the next reporting period

Project quality assurance reports

Provide update on Warranty and AMC of equipment provided under the project


Page 32 of 211

As part of the project management activities, the SI shall also undertake:

o Issue Management to identify and track the issues that need attention and

resolution from the Government of Rajasthan/ NCRB/ MHA.

o Scope Management to manage the scope and changes through a formal

management and approval process

o Risk Management to identify and manage the risks that can hinder the project

progress

4.4 Project Documentation

The SI shall create and maintain all project documents that would be submitted to Rajasthan

Police as deliverables as per the agreed project timelines. The documents created by the SI

will be reviewed and approved by the Governance Structure Setup in the State Mission Team

would also approve any changes required to these documents during the course of the

project. Rajasthan Police will finally sign-off on the documents on the recommendation of

State Mission Team / SPMU.

The SI shall submit a list of deliverables that they would submit based on the methodology

they propose. The SI shall prepare the formats/templates for each of the deliverables upfront

based upon industry standards and the same will be approved by Rajasthan Police prior to

its use for deliverables.

All project documents are to be kept up-to-date during the course of the project. The SI shall

maintain a log of the internal review of all the deliverables submitted. The logs shall be

submitted to State Nodal Officer on request. All project documentation shall conform to the

industry leading standards of documentation.

The SI will also be required to procure commission and maintain Project Management,

Configuration management and Issue tracker tools at the SCRB during the course of project

implementation. The requirements are listed below:

4.5 Project Management Tool

The SI shall keep the project plan and all related artifacts up-to-date during the course of the

project. In order to help with the project management, the SI shall use a suitable standard,

proven off-the-shelf web based project management tool. The SI shall install the project

management software at Rajasthan Police's premises right at the beginning of the project.

The tool shall provide the dashboard view of the progress on project milestones to the Nodal

Officer and other Supervisory Officers of Rajasthan Police.

4.6 Configuration Management Tool

In order to help with the version/configuration management for all documents (including

source code and all other project artifacts), the SI shall use a suitable standard, proven off-

the-shelf configuration management tool. The SI shall install the configuration management

software at Rajasthan Police's premises right at the beginning of the project.


Page 33 of 211

4.7 Issue Tracker

The SI shall employ a suitable and proven tool for tracking issues through the execution of

the project. The SI shall install the Issue Tracking System at Rajasthan Police's premises to

enable State’s users to access and use the same.

The SI shall procure and commission the required infrastructure (software, servers) for

Project Management Tool, Configuration Management Tool and Issue Tracker tool and

maintain the same through the duration of the project. These tools along with the servers on

which they are deployed will become property of the Rajasthan Police and will be used by

Rajasthan Police even beyond the contract period.

The SI would setup an online repository on Project Monitoring / Configuration Management

Tool for providing centralized access to all project documents including manuals and other

materials. The online repository would be maintained by the SI through the engagement

period. The SI should ensure that the repository is built on appropriate security features such

as role- and necessity-based access to documents.

4.8 Configuration, Customization and Extension (Development of New

Modules and Features) of CAS and Integration with External Agencies

through Agile Software Development Methodology

Due to evolving requirements under CCTNS project, integration and interfacing with

external agencies, the Rajasthan Police favors an agile development approach. The Rajasthan

Police defines agile as any process in which system development is performed in an iterative

and incremental manner with collaboration between the System Integrator and the

Rajasthan Police teams, allows for evolving requirements, and demonstrable software is the

measurement of progress. Hereafter, the term Agile is used to encapsulate the above

definition.

The technical proposals must also include an Agile Project Plan that describes, in detail, how

the following will be accomplished.

Creation and support of Agile development environments that will allow

configuration and coding changes to be made and tested in an iterative and

incremental manner, with releases of code to other production environment.

Describe the tools the Agile development environment will use to facilitate

continuous code integration as developers check code into a code repository.

Describe how automated test scripts would be configured to run against the

developed and checked-in code.

Detail how test-driven development will be used to ensure individual unit code passes

testing and how tests then become part of a greater automated testing base.

At a minimum, the proposed system must include Development, Integration, Quality

Assurance (QA) and User Acceptance Testing (UAT), Knowledge transfer, and

Production environments.

Describe when and how code and database changes will be migrated between

environments, and the tools used to perform this migration.

As part of the successful proposal, the Rajasthan Police requires a comprehensive

methodology for system design and a testing plan that facilitates Agile development. The

Rajasthan Police intends to select a Third Party Auditor that will operate as technically,


Page 34 of 211

managerially, and financially independent of the System Integrator (SI). The bidder should

propose the third part agency from the firms empanelled at (Department of Electronics and

Information Technology) DeitY, GoI. The Third Party Auditor will perform the following

functions:

Ensure the software provided by the SI meets the users needs (Validation)

Check that the system is well engineered and meets NCRB guidelines (Verification)

Ensure the quality of deliverables (QA)

Participate in Agile Development Cycle planning, which will be facilitated by the SI

to gather and document detailed requirements

Conduct audits as determined by the Rajasthan Police and contract

The SI is required to study the key process requirements, the functional requirements and

develop the required solution with respect to the requirements, required configuration and

customization specific to the Rajasthan Police. The detailed Functional Requirement

Specifications, Non Functional Requirements of CAS developed as on the date and future

development are detailed in Annexure III. The requirement specific to Rajasthan Police

would be developed, integrated and interfaced with CAS using Agile Development

methodology.

In terms of functionality, Enhanced CAS would cover those police functions that are over and

above the CAS provided by central CAS and specific to the Rajasthan for the CCTNS project.

It is estimated that of the possible police functions that could potentially be part of the

CCTNS application at the State level, the CAS provided by NCRB would cover the core

functionality common to all states of India.

Therefore, Enhanced CAS should be developed as a product-like application that could be

centrally managed and at the same time customized to meet the unique requirements of the

State. SI would be responsible for adding the functionality over and above the core CAS

(State) using Agile Development methodology. An indicative list of functionality is available

at Annexure III.

a) Agile Development Cycle (ADC) Planning

At the beginning of each ADC, the System Integrator must conduct participatory meetings

with Rajasthan Police staff to progressively elaborate the high-level business and systems

requirements and convert this into detailed, programmable requirements associated with the

deliverables in that ADC. This includes concept discussions, design prototyping, test

scenarios required for Rajasthan Police driven development, and validation that the correct

deliverables are included in the ADC.

These planning meetings will ensure the System Integrator understanding is consistent with

Rajasthan Police expectations. During the ADC, Rajasthan Police staff co-located with the

Agile development teams will provide feedback on design, prototyping, development, test

scenarios, and test results to the System Integrator.

The technical proposals should describe, in detail, Rajasthan Police active role in

requirements gathering using an Agile development process, as successive product iterations

are developed and integrated into the complete code base. The System Integrator must

propose how often and in what format (use cases, user stories, or other format) prioritized

requirements are expected from the Rajasthan Police.

Each Agile development team will work to elaborate and document detailed, programmable

requirements and to ensure the development teams have a thorough, detailed understanding

of Rajasthan Police requirements. Planning meetings will also allow the development team


Page 35 of 211

to determine the level of effort required to design, develop, test, and deploy each Rajasthan

Police requirement. This will ensure the appropriate numbers of prioritized requirements are

included in each ADC. At the end of each ADC, the functionality provided by each completed

requirement will be demonstrated to the Rajasthan Police for official acceptance. These

activities will also provide an opportunity for the System Integrator to:

Validate and refine the requirements specified with the Rajasthan Police staff

Elaborate and document the architectural and system requirements of the developed

system

Demonstrate the completed functionality

Demonstrate updated system documentation

The System Integrator, must ensure that the system requirements are continually elaborated

prior to the ADC planning meeting so that Agile development teams are not delayed in

accepting requirements into each ADC at the planning meeting.

An Agile development approach includes a desire to view rapid prototypes of requirements

and design concepts, screens, content, and application flow. Prototypes do not necessarily

need to become operational or be reused during development. Workflow and performance

simulation within the design task of the each ADC is also preferred. Successive iterations will

build on functionality completed during previous iterations, resulting in functionality that

can be exposed to user acceptance testing and validation at each Agile release (group of

ADCs).

The Rajasthan Police must approve the content and format of all deliverables prior to the

System Integrator beginning work on each deliverable. This approval should include both

initial elaborated requirements, in the form of user stories, use cases, or other acceptable

format, and continuous feedback from Rajasthan Police staff assigned to work with each

Agile development team. The Rajasthan Police reserves the right to reject any deliverable

that is not in the proper format or does not appear to address the function of the deliverable

requirement completely.

b) Requirements Traceability Matrix (RTM)

The System Integrator must develop a Requirements Traceability Matrix (RTM).

Requirements must be tracked through each stage of the Agile development life cycle

including Rajasthan Police prioritization, requirements elaboration, design, development,

testing, and deliverable release.

The requirements must be stored in a requirements management repository, using a

requirements management tool, which permits reporting of a specific requirement,

requirements based on type or attributes, and a complete detailed listing of all requirements.

This matrix and the repository will be used throughout the project to assure all requirements

are implemented, tested, and approved by the Rajasthan Police. Reports from the RTM will

be submitted to the Rajasthan Police at the end of each ADC and Agile release. The

requirements management repository must be accessible by the Rajasthan Police, third party

auditor, SPMU and System Integrator.


Page 36 of 211

c) Agile Development Cycles (ADC)

The System Integrator must have open, continuous communication with the Rajasthan

Police during each ADC. Each ADC will include requirements elaboration, system design,

development, testing, and documentation. Domain Experts will be involved with

development teams to ensure requirements are progressively elaborated, System Integrator

understanding of the requirements is consistent with the Rajasthan Police’s intent, and

developed code accurately performs the intended function(s).

The technical proposal must describe, in detail, how version control will be applied to the

system code, including how successive versions of the code will be managed to allow rollback

to a previous code version. The proposal must describe how the System Integrator will

enforce coding standards, including QA processes that will be used to validate System

Integrator coding conforms to standards. Standards must specify a maximum time window

within which a developer must fix a broken build when code is introduced that causes

automated test failure.

d) Detailed System Design (DSD) Documentation

As an Agile project, the Rajasthan Police will value working code over comprehensive

documentation. To facilitate the mutual understanding of the functions to be developed in

each ADC, the System Integrator’s development teams will lead a collaborative meeting with

the Rajasthan Police staff to design the test cases, functional tests, and storyboard the

expected user experience with the features being developed. The use cases, user stories or

other applicable artifacts will be modified and maintained so the functional code resulting

from the ADC can be measured against the initial understanding of the problem.

Architectural or global system changes must be shared across develop teams to ensure and

maintain a common understanding of the system architecture. The System Integrator is

encouraged to hold cross-team design sessions to further the understanding of pending

changes to the system.

e) Configuration and Rules Engine

The System Integrator is responsible for developing, testing, and documenting to meet the

requirements specified in this bidding document for the Rajasthan Police. Key elements

associated with this task are:

Demonstrate that all hardware, software, and communication linkages are functional

and will support the Rajasthan Police requirements

Ensure that the developed solution meets design criteria and satisfies the intended

purpose

Install and enhance or modify modules of the proposed systems, according to the

specifications developed and approved by the Rajasthan Police in the systems design

task

Provide module walk-through and demonstrations to the Rajasthan Police

Present all standard output reports

Demonstrate functionality of all interfaces

Populate the rules engine

Update the CMP


Page 37 of 211

f) Test Management Plan

The System Integrator must submit, for the Rajasthan Police approval, an Agile Test

Management Plan that will be executed during each Agile cycle and includes unit,

integration, regression, load testing (if applicable), user acceptance, and operational

readiness testing. The plan must include an explanation of how these deliverables will be

provided to the Rajasthan Police for the requirements being tested in each Agile cycle and

meet the following conditions:

An explanation of how test-driven development will be used to ensure individual unit

code tests become part of a greater automated testing base

Iterative system integration testing, regression testing, and support for UAT

A description of the active role business users will have in testing code developed in

each Agile cycle

A description of the test environments, methods, and workflow

Inclusion of testing personnel in each Agile development team

Procedures and the proposed tracking tool the System Integrator will use to track and

correct deficiencies and defects discovered during testing

The plan has to test all interfaces.

A listing and description of automated testing tools that will be used

A plan for system performance, measuring, and tuning

A plan for operational readiness testing

Testing Activities

The System Integrator must use test-driven development. Test cases and scenarios must be

created based on use cases and input from Rajasthan Police. Actual test results will be

supplied for all test cases, including any scenarios submitted by the Rajasthan Police. All

discrepancies, deficiencies, and defects must be identified, explained, and corrected before

the completed functionality described in each requirement is delivered to the Rajasthan

Police at the ADC Review meeting.

The System Integrator must track all automated test scenarios and cases and all defects must

be tracked through successful build. All tests results must be acceptable to the Rajasthan

Police and approved before testing is considered complete. The System Integrator must

make the changes necessary to the system to meet all requirements. Reports of metrics from

the testing will be reported at the end of ADC Review meetings. At a minimum, the

automated tracking tool reports must:

Capture or assign a unique ID for each test scenario and case

Organize test scenarios, cases, and results by business process (module)

Cross-reference test scenarios and cases to the RTM

Report metrics for test scenarios and cases to include, but not be limited to, number

of test scenarios and cases per module and status of test scenarios and cases (i.e.,

passed, failed, retested, percentage passed and or failed)

Report metrics for defects to include, but not be limited to:

o Severity of defects

o Status of defects

o Number of defects per module


Page 38 of 211

Separate test environments are required to perform unit, module, integration, and UAT, with

acceptable results approved by the Rajasthan Police, ensuring that all requirements have

been satisfied and successfully tested.

The System Integrator will be working closely with the Rajasthan Police, third party auditor

and SPMU during all testing phases. The System Integrator must permit complete systems

access to the Rajasthan Police and offer timely assistance when requested.

The System Integrator’s responsibilities include the following:

Establish and Implement Testing Environments

Test Plans

Test Cases and Scripts

Test Results

Establish & Implement Testing Environments

The unit and system testing may be done in the System Integrators development

environment. Establishment of these environments is to be identified as milestones in the

applicable work plan, to be approved by the Rajasthan Police.

In addition, the System Integrator must establish the following environments:

UAT Environment: System Integrator will provide a UAT environment as a scaled down

version of the production environment, that allow users to perform system testing to ensure

the system meets the requirements for the user community. Users must be able to mimic

production work to ensure the system performs as expected. The System Integrator will

provide a method to refresh the UAT environment with a full set of data from the production

system at the Rajasthan Police request.

Unit Testing: The System Integrators responsibilities for this deliverable include

programming and unit testing on all requirements. The System Integrator must test all

modules (i.e., programs) as stand-alone entities. Unit testing ensures that a single module is

resilient and will function correctly on a stand-alone basis (e.g., the modified module can

take inputs and produce expected outputs). The System Integrator must submit successful

unit test results to the Rajasthan Police for approval.

Rules Testing: The System Integrator must test all rules populated into the rules engine.

The testing function must be automated through test scenarios and test scripts and during

the course of module and integration testing. Rules testing ensure the Rajasthan Police

policy is accurately reflected in the rules engine.

Module Testing: The System Integrator must update the RTM and repository, verifying

that all requirements have been addressed through test scenarios and test scripts. The

System Integrator must also verify that, during the course of module and integration testing,

system successfully met the requirements.

Integration Testing: The System Integrator must test modifications within the context of

the integrated modules in which it functions. Integration testing helps ensure that a defined

set of interconnected modules will perform, as designed, after additions and/or

modifications to modules. The testing must also ensure that interfaces with external systems

are exchanging data correctly. These tests must use a sample of preliminary converted files.

Additionally, the System Integrator must update the RTM and repository, verifying that all

requirements have been addressed through test scenarios and test scripts. The System

Integrator must also verify that, during the course of Module and Integration testing.


Page 39 of 211

User Acceptance Testing: UAT demonstrates that the system is ready to perform all

required functions, satisfies all requirements, and that all reported defects have been

corrected and accepted by the Rajasthan Police. All system modules will be tested before the

start of operations.

During the UAT activities conducted by each Agile development team in each ADC, few

errors will be found. The requirements developed in the ADC should have been thoroughly

debugged by the System Integrator. Therefore, developed code should regularly perform

correctly, as stated in the requirements documentation.

The System Integrator must provide a letter certifying that all data, user manuals, testing

facilities, and security accesses necessary to perform UAT have been provided.

Beta Testing: For system modules that affect external users, such as web portals, web-

based application submission and data, the System Integrator must have a beta testing plan,

allowing external users to participate in the testing process. The System Integrator must

describe its approach to beta testing. Beta Testing will continue in the Operations &

Maintenance period as well.

Load Testing: The System Integrator performs this test using a load-testing tool. The

System Integrator must conduct load testing to determine online, web-access, and batch

performance levels under expected system loading conditions with production-sized

databases. Load testing must also be conducted to evaluate system performance to verify the

capacity to handle the expected number of citizens and users, within specified performance

levels. The results of the load test may also result in re-work and systems tuning if the

processing schedule negatively affects the Rajasthan Police’s ability to work a normal

business day.

Test Plans

The System Integrator must use structured data tests to create test scenarios based on use

cases or other requirements documentation methodology acceptable to the Rajasthan Police.

Actual test results will be supplied for all test cases including any scenarios submitted by the

Rajasthan Police. Test plans are required for all deliverables included in each ADC and will

be created and delivered as part of each ADC. All discrepancies, deficiencies, and defects

must be identified, explained, corrected, and approved by the Rajasthan Police before

moving to the next ADC.

The System Integrator will perform UAT testing in the UAT environment and will include

scenarios that test all modules and interfaces.

The System Integrator must establish a test plan and schedule for each phase of testing: unit,

rules, integration, user acceptance, operational readiness, and all components. The plans

must include the proposed path for a successful implementation and the System Integrator

must take responsibility for execution of the plans. The test plans must include:

A description of the test environments, methods, workflow, and knowledge transfer

required

A description of test scenarios and expected test results

An organization plan showing System Integrator personnel responsible for testing

A discussion of management of the testing process, including strategies for dealing

with delays in the testing effort, backup plan, and backup personnel

A contingency plan for risk mitigation

A plan for updating the RTM based on test results


Page 40 of 211

List of inputs to the tests

Steps in the testing process

A template progress report that will be issued at intervals approved by the Rajasthan

Police, as well as the content within the progress report

Procedures for notifying the Rajasthan Police of problems discovered in testing,

testing progress, and adherence to the test schedule

A plan for organizing test results for Rajasthan Police review

A plan for system performance measuring and tuning, based on the results of load

testing

A description of how the development of the test scenarios ensures that all modules,

rules, and functions of the UAT are evaluated and accepted

Test Cases and Scripts

The System Integrator must deliver test case and scripts for each phase of testing, unit, rules,

module, integration, user acceptance, and operational readiness for each module in the new

Eligibility System. These test cases and scripts will fulfill all requirements and provide very

thorough testing for all enterprise functionality. Test cases will be tracked for all

requirements and the status of each test will be traced through the RTM to ensure all

requirements are successfully met. Additionally, these scripts must provide step-by-step

instructions for executing the tests. The technical Proposals must specify the preferred

automated testing tools the Bidder intends to use.

Test Results

The System Integrator must deliver test results for each phase of testing: unit, rules, module,

integration, user acceptance, and operational readiness for deliverables produced in each

ADC. The test results must be submitted to the Rajasthan Police for review, accepted as

passed and approved by the Rajasthan Police before proceeding to the next requirement

deliverable, and must follow the proposed path for a successful implementation. The test

results must:

Be submitted at each bi-weekly ADC Review

Contain references to which requirements are fulfilled

Provide an updated RTM

Be in a format acceptable to the Rajasthan Police

Final Testing Reports

At each ADC Review meeting, the System Integrator must summarize the results of the

testing in a final testing report including, but not limited to:

A summary of the testing process including, but not limited to number of test

scenarios and cases tested and pass and/or fail ratio

Number of defects identified and corrected by module

Number of defects identified and not corrected by module

A description of issues outstanding at the end of UAT, the plan for resolution, and the

impact on the Implementation tasks


Page 41 of 211

g) Agile Development Cycle Review Meetings

The System Integrator must facilitate meetings with the Rajasthan Police at the end of each

ADC to demonstrate completed deliverables and discuss progress made during the

completed ADC. Except as otherwise approved, review meetings will be held at the end of

each ADC during the development phase. The SI, SPMU and third party auditor should

participate in ADC review meetings as requested by the Rajasthan Police.

The review and status meeting schedules will be proposed by the System Integrator in its

project management plans and will be mutually agreed upon between the System Integrator,

SPMU, third party auditor, and the Rajasthan Police.

The Rajasthan Police expects ADC Review meetings to be conducted on a bi-weekly basis.

The schedule must include a review and demonstration of teams deliverables at the

conclusion of every ADC to provide the Rajasthan Police with an opportunity to approve each

deliverable. When deliverables do not completely meet Rajasthan Police requirements, the

deliverable will be corrected in the next ADC.

The System Integrator must render all designs and system documentation for formal

approval at the conclusion of each ADC Review meeting. The System Integrator cannot

consider any deliverable complete before it is accepted formally by the Rajasthan Police

during an end of ADC Review meeting.

The System Integrator will conduct walk-through of deliverables at each ADC Review

meeting. A final review and walk-through will be conducted after system implementation

and prior to transition to maintenance and operations.

As the System Integrator provides deliverables at the conclusion of each ADC, the Rajasthan

Police will review the demonstrated code and accompanying documentation during the

Review meeting and either approve or reject each deliverable. The Final System

Documentation, Forms, Source Code, Data, User Manuals, and other Materials will be

submitted by the date indicated in the approved Project Work Plan.

At the ADC Review meeting, the Rajasthan Police will provide feedback necessary to modify

any rejected deliverables during the following ADC. The Rajasthan Police will accept or again

request modification of the deliverable at the conclusion of that ADC Review. When the

Rajasthan Police accepts the deliverable, the Rajasthan Police will provide a signed

acceptance letter to the System Integrator at the conclusion of the ADC Review meeting.

4.9 Site Preparation at Police Stations and Higher Offices

The SI is expected to prepare the client sites for setting up the necessary client site

infrastructure. Site preparation at Police Stations & Higher Offices will include but not

limited to:

Provision of Local area network (Structured LAN cabling, LAN ports)

Provision of computer furniture for Police Stations

Ensure adequate power points in adequate numbers with proper electric earthling.

4.10 Data Migration and Data Digitization

The Data Digitization and Migration requirements is as per Annexure V of this RFP


Page 42 of 211

4.11 Capacity Building and Change Management

SI shall undertake Capacity Building and Change Management of Rajasthan Police personnel

as per the scope defined in Annexure-VI.

4.12 Handholding Support

The System Integrator will provide one qualified and trained person per police station for a

period of 6 months or one trained person for period of 1 year for two Police stations (would

be decided by Rajasthan Police); to handhold the staff in the police station and ensure that

the staffs in that police station are able to use CAS application on their own by the end of the

handholding period. Depending upon the project requirements, SI shall be intimated to

deploy the handholding persons at a later stage. SI should provide manuals and CD’s for

handholding support.

4.13 Requirement on Adherence to Standards

CCTNS system must be designed following open standards, to the extent feasible and in line

with overall system requirements set out in this RFP, in order to provide for good inter-

operability with multiple platforms and avoid any technology or technology provider lock-in.

4.14 Compliance with Industry Standards

In addition to above, the proposed solution has to be based on and compliant with industry

standards (their latest versions as on date) wherever applicable. This will apply to all the

aspects of solution including but not limited to design, development, security, installation,

and testing. There are many standards that are indicated throughout this volume as well as

summarized below. However the list below is just for reference and is not to be treated as

exhaustive.

Particulars Required Standards to be adhered to

Portal development W3C specifications, GIGW

Information access/transfer protocols SOAP, HTTP/HTTPS

Interoperability Web Services, Open standards

Photograph JPEG (minimum resolution of 640 x 480 pixels)

Scanned documents TIFF (Resolution of 600 X 600 dpi)

Biometric framework BioAPI 2.0 (ISO/IEC 19784-1:200 Specification

Finger print scanning IAFIS specifications

Digital signature RSA standards

Document encryption PKCS specifications

Information Security CCTNS system to be ISO 27001 certified and

CERTin certified

Operational integrity & security

Management

CCTNS system to be ISO 17799 compliant

IT Infrastructure management ITIL / EITM specifications

Service Management ISO 20000 specifications

Project Documentation IEEE/ISO specifications for documentation

Table 7: Industry Standards


Page 43 of 211

The SI shall adhere to the standards published by the DeitY, Government of India.

4.15 3rd Party Acceptance Testing, Audit and Certification

The Acceptance Testing, Audit & Certification is to ensure that the system meets

requirements, standards, and specifications as set out in this RFP and as needed to achieve

the desired outcomes. The basic approach for this will be ensuring that the following are

associated with clear and quantifiable metrics for accountability:

ADC requirements review

Test cases and Requirements Mapping

Infrastructure Compliance Review

Availability of Services in the defined locations

Performance and Scalability

Security / Digital Signatures

Manageability and Interoperability

SLA Reporting System

Project Documentation

Data Quality Review

As part of acceptance testing, audit and certification, performed through a third party

agency, state shall review all aspects of project development and implementation covering

software, hardware and networking including the processes relating to the design of solution

architecture, design of systems and sub-systems, coding, testing, business process

description, documentation, version control, change management, security, service oriented

architecture, performance in relation to defined requirements, interoperability, scalability,

availability and compliance with all the technical and functional requirements of the RFP

and the agreement. Here it is important to mention that the bidder should propose the third

party agency from the firms empanelled at DeITY, GoI.

The Rajasthan Police will establish appropriate processes for notifying the SI of any

deviations from defined requirements at the earliest instance after noticing the same to

enable the SI to take corrective action. Such an involvement of the Acceptance Testing &

Certification agencies, nominated by State, will not, however, absolve the operator of the

fundamental responsibility of designing, developing, installing, testing and commissioning

the various components of the project to deliver the services in perfect conformity with the

SLAs. Application audit is part of SI scope.

Following sub sections discusses the acceptance criteria to be adopted for system as

mentioned above:

a) ADC Requirements Review

The system developed/customized by SI shall be reviewed and verified by the agency against

the Agile Requirements signed-off between Rajasthan Police and SI. Any gaps, identified as a

severe or critical in nature, shall be addressed by SI immediately prior to Go-live of the

system. One of the key inputs for this testing shall be the traceability matrix to be developed

by the SI from system. Apart from Traceability Matrix, agency may develop its own testing

plans for validation of compliance of system against the defined requirements. The

acceptance testing w.r.t. the functional requirements shall be performed by both


Page 44 of 211

independent third party agency (external audit) as well as the select internal department

users (i.e. User Acceptance Testing).

b) Infrastructure Compliance Review

Third party agency shall perform the Infrastructure Compliance Review (DC & DR

components and 10% of Total Client locations District wise) to verify the conformity of the

Infrastructure supplied by the SI against the requirements and specifications provided in the

RFP and/or as proposed in the proposal submitted by SI. Compliance review shall not

absolve SI from ensuring that proposed infrastructure meets the SLA requirements.

c) Security Review

The software developed/customized for system shall be audited by the agency from a

security & controls perspective at the cost of SI. Such audit shall also include the IT

infrastructure and network deployed for system. Following are the broad activities to be

performed by the Agency as part of Security Review. The security review shall subject the

system for the following activities:

Audit of Network, Server and Application security mechanisms

Assessment of authentication mechanism provided in the application /components/

modules

Assessment of data encryption mechanisms implemented for the solution

Assessment of data access privileges, retention periods and archival mechanisms

Server and Application security features incorporated etc

d) Performance

Performance is another key requirement for system and agency shall review the performance

of the deployed solution against certain key parameters defined in SLA described in this RFP

and/or agreement between Rajasthan Police and SI. Such parameters include request-

response time, work-flow processing time, concurrent sessions supported by the system,

Time for recovery from failure, Disaster Recovery drill etc. The performance review also

includes verification of scalability provisioned in the system for catering to the requirements

of application volume growth in future.

e) Availability

The system should be designed to remove all single point failures. Appropriate redundancy

shall be built into all the critical components to provide the ability to recover from failures.

The agency shall perform various tests including network, server, security, DC/DR fail-over

tests to verify the availability of the services in case of component/location failures. The

agency shall also verify the availability of services to all the users in the defined locations.

f) Manageability Review

The agency shall verify the manageability of the system and its supporting infrastructure

deployed using the Enterprise Management System (EMS) proposed by the SI. The

manageability requirements such as remote monitoring, administration, configuration,

inventory management, fault identification etc. shall have to be tested out.


Page 45 of 211

g) SLA Reporting System

SI shall design, implement/customize the Enterprise Management System (EMS) and shall

develop any additional tools required to monitor the performance indicators listed under

SLA prescribed in this RFP. The Acceptance Testing & Certification agency shall verify the

accuracy and completeness of the information captured by the SLA monitoring system

implemented by the SI and shall certify the same. The EMS deployed for system, based on

SLAs, shall be configured to calculate the monthly transaction-based payout by Rajasthan

Police to SI.

h) Project Documentation

The Agency shall review the project documents developed by SI including requirements,

design, source code, installation, training and administration manuals, version control etc.

Any issues/gaps identified by the Agency, in any of the above areas, shall be addressed to the

complete satisfaction of Rajasthan Police.

i) Data Quality

The Agency shall perform the Data Quality Assessment for the Data digitized/ migrated by SI

to the system. The errors/gaps identified during the Data Quality Assessment shall be

addressed by SI before moving the data into production environment, which is a key mile

stone for Go-live of the solution.

4.16 Scope of Services during Post Implementation Phase

The SI shall be responsible for the overall management of the system including the

application and entire related IT Infrastructure. SI shall deploy an EMS tool that monitors /

manages the entire enterprise wide application, infrastructure and network related

components.

SI shall provide the Operations and Maintenance Services for a period of 3

years from “Go-Live” of the project.


Page 46 of 211

CAS Customization

and Integration Work

Proposal

5


Page 47 of 211

5 CAS Customization and Integration Work Proposal

5.1 Project Management Work Proposal

The System Integrator must submit a comprehensive Agile Project Management Proposal

describing how the project will be managed for the CAS customization and integration

requirement of Rajasthan Police. The Rajasthan Police State Mission Team will review the

System Integrator’s Agile Project Management proposal. The System Integrator will make

any changes requested by the Rajasthan Police. The System Integrator would submit

separate proposal for every customization or integration requirement identified by Rajasthan

Police during the project implementation period. It has been envisaged that the total

customization effort would be around 180 Man-Month; for the purpose of calculating 180

Man-Month deployment of onsite team (Software Development Team) would be considered.

However it is assumed that onsite team would be supported by services of specialized

resources like that of Business Analyst, Data base Administrator, System architect,

Testing/Quality Assurance team, UI Designers, Technical writers, Business Intelligence stack

experts, Domain experts etc, whenever required for quality assurance and adherence to

industry standards for agile software development. The SI must quote these Man-Months in

a bundled manner.

The Agile Project Management proposal must describe the agile methodologies for managing

project processes and activities. The System Integrator’s Project Management proposal must

include strategies to ensure all quality standards are met and deliverables are provided

according to the priority as agreed to with the Rajasthan Police. The estimated Man-Month

effort shall include resource utilization (team and tools) matrix and expected outcome from

each resource. The 80% payment for the work done by the SI would be payable at the end of

subsequent quarter. The 20 % of remaining payment would be released after the successful

release of that build and testing the product in live environment for 2 months, , in the

subsequent quarter.

The Agile Project Management Proposal must include the proposed number of teams, team

composition, roles of team members, and the proposed project schedule and timelines and

effort estimation. The Project Management Proposal must include a preliminary schedule

that describes the total number of anticipated Agile Development Cycles (ADC), and the

deliverables that are expected to be completed in each release

During the execution phase of the project, the System Integrator must exert control to assure

the completion of all tasks according to the project schedule and project budget. All

variances must be reported to the Rajasthan Police. The System Integrator must work with

the Rajasthan Police to address the priority of each requirement and determine the

appropriate strategy to ensure any variance in scope, or change in required specifications of

each deliverable, does not affect the overall completion of the project within time and budget

constraints. The Rajasthan Police will work with the System Integrator to approve fast

tracking or reallocation of System Integrator resources as necessary.

The Project Management Proposal must include the following project control subsidiary

plans, which must also reflect an Agile methodology.

Project Work Plan and Schedule

Effort Estimation- Man Month


Page 48 of 211

Work Breakdown Structure (WBS)

5.1.1 Project Work Plan and Schedule

The System Integrator will submit the project work plan for developing software for

Rajasthan Police specific customization and integration requirement. The Project Work Plan

will include activities, milestones, and deliverables. The Project Work Plan must be updated

at the conclusion of each ADC to reflect the percentage of completion. The Rajasthan Police,

SPMU and third party auditor will use the Project Work Plan to monitor System Integrator

progress.

5.1.2 Project Work Plan Baselines

The Project Work Plan will include requirements for the Rajasthan Police to be customized

and integrated around the CAS. The estimates provided by the System Integrators proposal

will form the project baseline. Once established, the baseline will only be modified with

approval from the Rajasthan Police. The approved baseline will be used for all project

metrics reported during the end of ADC Review meetings.

5.1.3 Work Breakdown Structure (WBS)

The WBS includes the System Integrator’s suggested priority for each requirement and

identifies the ADC and anticipated release in which each requirement will be included.

Target completion dates for each deliverable must be provided. During project execution, the

System Integrator must measure performance according to the WBS and manage changes

requested by the Rajasthan Police.

The WBS must specify:

The number of ADCs necessary to complete all tasks, with a breakdown of System

Integrator personnel effort

The planned start and end dates for all ADCs, the Rajasthan Police requirements to

be completed in each ADC, a description of the interrelationships of all Agile

development teams, and tasks required to complete the requirements.

A schedule for all deliverables, by ADC, with the System Integrator’s proposed

priority for completion of each requirement

The anticipated level of effort required to complete requirements,

5.1.4 System Environments

The System Integrator must create all required System Environments, as specified below.

The testing and production environments must remain updated and operable for the

duration of the project.

Development Environment: The System Integrator will provide a common and managed

desktop configuration for the developers. Developers will use the same versions of

development tools to ensure consistency between individual and team products. Further, the

System Integrator will provide a pre-integration environment for developers that will be

used as a trial-and-error environment for code modification.


Page 49 of 211

Integration Environment: The System Integrator will create and maintain an automated,

continuous integration environment that collects developer code, unit and functional tests.

Upon code check-in, the code base will be compiled and all available automated unit and

functional tests will run against the full code base, which contains the recently checked code,

to ensure the build is not broken. If a developer breaks the current build, there will be an

established timeframe in which they must correct the problem. Developers will be

encouraged to check in code often throughout the day to encourage iterative and incremental

development practices and avoid lengthy refactoring.

Unit/System Testing Environment: The System Integrator must provide a unit/system

testing environment to be a mirror image of the production environment that allow

developers to perform system testing to ensure the system meets the requirements.

Developers must be able to mimic production work to ensure the system performs as

expected. The System Integrator will provide a method to refresh the unit/system testing

environment with a full set of test data from the production system or other data source at

the Rajasthan Police’s request.

Unit Tests: The System Integrator will establish that developers use test-driven

development and that unit tests are created for every code change. The System Integrator’s

development effort must ensure that unit tests are being created and checked in with code,

so that the automated test library grows in depth and complexity of available tests.

Quality Assurance/UAT Environment: The System Integrator will provide a UAT

environment to be a mirror image of the production environment, that allow users to

perform system testing to ensure the system meets the requirements for the user

community. Users must be able to mimic production work to ensure the system performs as

expected. The System Integrator will provide a method to refresh the UAT environment with

a full set of test data from the production system or other data source at the Rajasthan

Police’s request.

Knowledge Transfer Environment: The System Integrator will create a separate and

stable environment that will be used to train the Rajasthan Police’s workforce, and other

system users. This environment must be created and accessible to support the System

Integrator’s knowledge transfer plan. It is preferred that the System Integrator establish a

method of creating a base of test records, or refreshing this environment from another data

source at the Rajasthan Police’s request

Production Environment: The System Integrator will create a highly available and stable

environment that is used for operating the system for the Rajasthan Police’s workforce, and

other systems users. Production must have access and usage security enabled that does not

allow developers the ability to move code into production without qualification and

migration through development and testing environments.

5.1.5 Facilities

The System Integrator will need to establish a temporary project office at SCRB, Jaipur

Rajasthan. All costs associated with establishing and maintaining temporary project office

space including, but not limited to, office space, network connections, computers, monitors,

printers, phone systems, workstations, secure access, and utilities must be identified

separately in the System Integrators technical and commercial proposal. All costs associated


Page 50 of 211

with the temporary offices are the responsibility of the System Integrator. The systems

integrator key personnel will perform duties at these facilities.

5.1.6 Meeting Rooms and Workspace Requirements

The System Integrator must develop adequate meeting room to accommodate required

System Integrator staff and up to 20 members from Rajasthan Police, as specified by the

Rajasthan Police, attending regular planning, review, status, and strategy meetings. The

System Integrator is responsible for furnishing appropriate equipment that will

accommodate, at minimum, 30 Rajasthan Police, and the System Integrator’s developers,

testers, technical writers, and other staff. The System Integrator is responsible for the

furnishing of the telecom equipment to accommodate phone lines, network access, and

supplies for the facility, for Rajasthan Police staff.

The meeting rooms must have, at a minimum, two computers with Internet and Intranet

access, two projectors for displaying Internet-based and Windows PowerPoint presentations,

telecom equipment with high-quality speakerphones for remote staff to attend meetings by

telephone, and ability to access network printer(s) in the same building for use by meeting

participants. Meeting rooms must also accommodate video conferencing and web-based

application sharing for attendees.

5.1.7 Indicative Customization and Integration List

State Police Portal, e-Sugam, IFMS, e-GRAS (https://egras.raj.nic.in/), RTI, ATS, Business

Intelligence Tool, Jail, e-Courts, ITMS (Integrated Traffic Management System), e-

Office, Motor Vehicle Coordination System, iHRMS, Vahan, Sarthi, Tallash, CCC, e-District,

SSDG, Passport, e-Challan, Dreams (http://dreams.raj.nic.in/), Vidhan Sabha Question

Monitoring System, Inventory Management System, Vehicle Fleet management System,

Files / Letter Monitoring System, Audit Para management System, Zonal Integrated Police

Network (ZIPNET), SmartCop, Budget Monitoring System.

https://egras.raj.nic.in/

http://dreams.raj.nic.in/


Page 51 of 211

Annexures

6


Page 52 of 211

6 ANNEXURE

6.1 ANNEXURE-I SERVICE LEVEL AGREEMENT

Liquidated Damages (LD) shall be applicable for all activities to be completed during

Implementation Phase (Site Preparation, Hardware Commissioning, Capacity Building, Data

Digitization, and CAS Customization). LD shall be calculated as per Implementation Plan

(Clause 3.1, Volume - II) and LD (Clause 3.1 (5) Volume -III) mentioned in this RFP.

The SI has to deploy the mandatory manpower (as per clause 6.1.2) for the smooth execution

of the project and thus monitoring and control of team deployment and continuity needs to

be ensured. In this context, the table below illustrates the penalty applicable on non

availability of resource and replacement of resources during implementation period.

Service Level

Requirement

The mandatory deployment of the following resources will be

required during the Implementation Phase:

1. Project Manager

2. Team Lead - Capacity Building

3. Team Lead - CAS Customization

4. Team Lead - Infrastructure

5. Team Lead - Data Digitization

6. Resources deployed for Agile development

7. Handholding support resources

The replacement of the resources should be done after taking prior

approval from Rajasthan Police. The replaced resource should

provide Knowledge Transfer with an overlapping period of at least 15

days.

Measurement of

Service Level

Parameter

To be measured in Number of Week of delay from the date of

deployment mentioned in the RFP and for the replacement of

resources.

Delay of every Week would attract a penalty per Week as per the

following –

Non Availability of Resources = Per Week Penalty multiplied by No.

of week of delay. (If the resource is not available for 3 or more days

in a week then the entire week would be considered for penalty

calculation).

Delay of 3 day or more days in a particular week would be counted as

full week. The deployed resources should follow the office time and

working days of Rajasthan Police.

The deployed resources are entitled for 1 leave per month, with prior

approval from Nodal Officer. The leave not taken in that month

would be carried forward to next month subject to maximum of 12

leaves in a year.

The Penalty per week is INR 10,000 per Resources.


Page 53 of 211

6.1.1 Post -Implementation Phase SLA

SLA defines the terms of the System Integrator’s (SI) responsibility in ensuring the

performance of the CCTNS project based on the agreed Performance Indicators. This section

defines various Service Levels for various components of CCTNS Project, which shall be

considered by the Rajasthan Police in establishing the performance benchmark of SI.

The selected bidder has to meet the service level norms as defined in this clause, failing

which the SI is liable to be penalized.

Working Days: CCTNS Application has to be made available 24 x 7. The service window

for CCTNS Application Availability shall be as per the Service window defined in table below

Description Prime Hours Non Prime Hours

Working Days 8AM to 8PM 8PM to 8AM

SLA Matrix: MTTR (Mean Time to Repair) to rectify and restore the services will be

calculated from the time of detection of non-availability of services at Help Desk. The SI shall

provide Operations and Maintenance services as per SLA matrix given below:

Location MTTR

At SDC 30 Minutes

At Police Station Within 24 hours for the Police Station situated in District HQ

or location within less than 50 Km from District HQ.

48 hours for the location situated more than 50 Km from the

District HQ.

At other Higher

Offices

Within 24 working hours

a) Availability Management

The SI will have to submit weekly call reports (Closed/ Open) at respective SP/DCP office.

The calls will be closed in two ways (Either mutually agreed between SI and In-charge at

Client Location OR by SI only). The mutually agreed closed tickets (calls) need to be signed

by both parties. In case the In-charge at Client Location does not sign the call closed report,

the same will be submitted unsigned to the respective SP/DCP by SI.

Component availability (Up time) shall be calculated as:

[1-(Downtime / Total time)]*100

S

No

Parameter Description Target Penalty Measureme

nt Tool/

Method

1 DC/DR Servers, Network > 97% No Penalty Reports from


Page 54 of 211

/NOC/

Helpdesk

Components etc.

installed should be

available, for the CAS

Application to run

successfully

<=97% > 96% 5.0% of DC &

DR QGR

SLA

management

Tool

calculated on

monthly basis

<=96% > 95% 10.0% of DC&

DR QGR

<=95% 20% of DC&

DR QGR

2 Application

and System

Software

Availability of

application and

system software as

mentioned in scope of

work

> 97% No Penalty Reports from

SLA

management

Tool

calculated on

monthly basis

<=97% > 96% 5.0% of DC&

DR QGR

<=96% > 95% 10.0% of DC&

DR QGR

<=95% 20% of DC&

DR QGR

3 Resource

Availability

at DC/ DR/

Helpdesk

/NOC

The resources should

be available as per the

agreed project plan

and manpower

deployment plan. No

change of team

structure would be

entertained without

prior approval of

Rajasthan Police.

The deployed

resources

shall be

entitled for 1

leave per

month with

prior approval

from Nodal

Officer

Rs. 15000/-

per week per

person for

number of

week for which

the resource is

absent from

DC & DR QGR.

Attendance

Track

4 Client

location

Hardware

Critical equipments:

Desktops, UPS,

Network switch,

Workstation

Within 24

hours for the

Police Station

situated in

District HQ or

location

within less

than 50 Km

from District

HQ.

48 hours for

the location

situated more

than 50 Km

from the

District HQ.

No Penalty Reports from

SLA

management

Tool

calculated on

24*7 basis

1-3 days after

the breach of

above

mentioned

Rs. 250/- per

equipment per

day from

Client Location


Page 55 of 211

SLA QGR payment

> 3 days Rs. 500/- per

day per

equipment per

day from

Client Location

QGR payment

It is to be noted that if the overall penalty applicable for any of the quarter during the

Operation & Maintenance phase exceeds 50% of QGR payment or if the overall penalty

applicable for any of the successive quarterly periods during the Operation & Maintenance

phase is above 10% of cost of O&M phase (OPEX); then Rajasthan Police shall have the right

to terminate the contract.

b) Service Management

Successful Bidder should setup a centralized IVRS based helpdesk at SCRB. Successful

Bidder shall arrange and maintain within the contract value and throughout the contract

period, all infrastructure necessary for managing the Help Desk including provisioning and

rent charges for One Toll-free number and minimum 3 telephone line(s) at the Help Desk

location. Resources deployed for providing support services should be equipped with mobile

phones. Cost of the same, throughout the contract period shall be borne by the Bidder within

the contract value. Bidder should provide multiple channels to log a complaint such as Toll-

free lines, cell phones, landlines, E-mail, Intranet, direct walk-in etc. Outage of any

component would be calculated as a time between logging the call and closing the call.

Minimum 3 persons should be available at Help Desk on 24X7 basis.

c) Scheduled activities

S.

No.

Parameter Description Target Penalty Measurement

Tool/Method

1 Back up Scheduled

Activities such as

Back up shall be

taken up as per the

policy

As per the

policy

Would be

decided

mutually

during

O&M

From backup

and installation

logs

2 Upgrade and

New release of

CAS at DC & DR

The Successful

Bidder would

inform on any

upgrade released

for CAS and system

software by the

OEM for a period

of 3 years from Go-

Live

< 7days No

penalty

Installation logs

>=7 days <9

days

2.0% of

DC & DR

QGR

>=9 days 5.0% of

DC & DR

QGR


Page 56 of 211

3 Upgrade and

New release at

Client Locations

The Successful

Bidder would

inform on any

upgrade released

for CAS and system

software by the

OEM for a period

of 3 years from Go-

Live

< 7days No

penalty

Installation logs

>=7 days <9

days

2.0% of

Client

Location

QGR

>=9 days 5.0% of

Client

Location

QGR

4 Bugs Successful bidder

shall remove any

bugs in the

customized CAS.

< 7days No

penalty

Tools

>=7 days <9

days

2.0% of

DC & DR

QGR

>=9 days 5.0% of

DC & DR

QGR

6.1.2 Mandatory Qualification Criteria for Key Profiles and Numbers

For each profile, bidder shall comply with the minimum qualification (from recognized

institutions, wherever applicable) requirement as mentioned in the table below.

Noncompliance with any of the mentioned qualification requirement may lead to imposition

of penalty as per Annexure-I of Volume-I.

The bidder is mandatorily required to deploy the following resources during implementation

phase:

1. Project Manager

2. Team Lead CAS Customization

3. Team Lead Infrastructure

4. Team Lead Capacity Building

5. Team Lead Data Digitization

The bidder is mandatorily required to deploy the following resources during O&M phase:

1. Team Lead Operation & Maintenance

2. Network Administrator

3. Database Administrator

4. System Administrator

5. Help Desk Operators

The following table provide details of mandatory qualification to be complied by bidder for

resource deployment.

S.

No.

Key Profile Mandatory Requirement Minimum

Numbers

1. Project Manager

throughout the

The person suggested should have minimum

educational qualification like BE/ B. Tech/

1


Page 57 of 211

project period MCA or equivalent and MBA (Full Time)

The person should be preferably PMP or

Prince 2 certified

The person should have an overall

experience of 10 years or more above

working in projects related to

implementation of IT person experience

should have minimum 5 years in at least two

software implementation projects as a

project manager with a team of 10 or more

members.

Should have minimum 2 or more years of

experience in Government projects

Age not more than 55 years

2. Team Leader

Software

Application and

Development

throughout the

CAS

customization

period

Should possess a minimum educational

qualification of BE / B. Tech (in Computer

Science/ IT) or MCA

Should have had an overall experience of 7

years in software development and

customization out of which past 3 years

should be as working in lead roles

exclusively for at least 1 turnkey software

project leading a team of more than 10

members

1

3. Agile Software

Development

Team

Should possess a minimum educational

qualification of BE / B. Tech (in Computer

Science/ IT) or MCA

Should have an overall experience of 5 years

or more in software development and

customization.

Should have experience in the technology

proposed for software development.

The preference would be given for the

experience on Agile Software Development.

As per

requirement

for agile

development

4. Information

Security Expert

during O&M

phase

Should have minimum educational

qualification of BE/ B. Tech (in Computer

Science/ IT) or MCA


or above full-time work experience in

information security management and/or

related functions (such as IT audit and IT

Risk Management).

At least last 3 years should have been spent

while working as Information Security

Specialist exclusively for at least one project

wherein the person would have been solely

responsible for security planning and design.

As and when

required


Page 58 of 211

5. Quality

Assurance

Leader during

implementation

period



Science) or MCA


or above in software testing and quality

assurance processes

At least 2 years experience exclusively, in

lead roles for software quality assurance

projects while leading a team of 10 members

or above

As and when

required

6. Business

Analyst during

implementation

period


qualification of MBA (Full Time) or MCA


or above in the field of IT & ICT project

implementation

Out of 5 years ,at least the last 2 years should

have been spent exclusively in performing

requirements analysis for e-Governance

project

As and when

required

7. Team Leader

Capacity

Building

throughout

implementation

period

Should have a minimum educational

qualification of a post graduate degree like

MCA / MBA (Full Time)

Should have an overall experience of more

than 7 years or above in training and IT

industry with an exclusive experience of

more than 6 years or above in conducting

training or in teaching topics related to

Information Technology.

1

8. Change

Management

Expert

throughout

implementation

period


qualification of MBA (Full Time) in Human

Resources


than 8 years or above with an exclusive

experience of more than 6 years or above, in

conducting Organization Change

Management & Human Resource

Management

Excellent communication skills with fluency

in Hindi and English

1

9. Team Lead IT

Infrastructure

throughout

implementation

period



Science/ IT/ EC) or MCA


or above in the field of Information

Technology related project implementation,

of which, at least the last 2 years should have

been spent while working as IT

1


Page 59 of 211

Infrastructure Specialist for at least one

relevant project involving Data Center and

DR center

Should have OEM/ Industry Standard

certification in Infrastructure Management

10. Team Leader

Data Migration

throughout

implementation

period

BE/ B. Tech (in Computer Science/ IT) /

MCA or equivalent

Should have overall experience of 5 years or

above with knowledge and experience in

database operations: database setup,

configuration and maintenance

Should have at least one project experience

in data migration involving data mapping

and data cleansing

1

11. Team Leader

Operations

Manager (

during O&M

period)


qualification like BE / BTECH / MCA or

equivalent with an additional MBA (Full

Time) degree


than 8 years or above in maintenance and

operations of IT projects

At least 3 years should be spent, exclusively,

while working in a managerial role in the

maintenance phase of at least one IT

implementation project involving 10

members or more.

1

12. System

Administrator

(during O&M

period )


qualification BE / BTECH (in Computer

Science/ Information Technology/

Electronics & Communications) / MCA or

equivalent.


than 5 years or above as a system

administrator

Should possess Professional Certification

from the OEM / any other industry standard

certification of the proposed technology.

2 in shifts (1

per shift)

available for

24*7

13. Network

Administrator

during O&M

period


qualification like BE / BTECH (in Computer



equivalent


than 5 years or above as Network

administrator in at least 3 projects

Should possess a Professional Certification


2 in shifts (1

per shift)

available for

24*7


Page 60 of 211


14. Database

Administrator

during O&M

period


qualification like BE / BTECH (in Computer



equivalent


than 5 years or above as database

administrator in at least 3 projects

Should possess a Professional Certification



2 in shifts (1

per shift)

available for

24 *7

15. Help Desk

Operator


qualification like B.Sc/BCA/or any

equivalent graduation degree.

Should have good communication skill in

Hindi & English.

Should have exposure to working on web

based applications.

Preference would be given to one having

prior experience of call centre.

Minimum 3

during prime

time and 2

during non

prime time.

Available for

24*7


Page 61 of 211

6.2 ANNEXURE- II- POST IMPLEMENTATION SERVICES

As part of the post implementation services, the SI shall provide support for the software,

hardware, and other infrastructure provided as part of this RFP. SI shall provide Three (3)

years of comprehensive AMC that includes:

a) Warranty support

b) Annual Technical Support (ATS)

c) Handholding Services

i. Operations and maintenance services for the server and related infrastructure

supplied and commissioned by the SI for the application at the Data Center and

Disaster Recovery Center.

ii. Central Helpdesk from the state designated premises (SCRB).

iii. Software maintenance and support services.

iv. Application functional support services

The services shall be rendered onsite from the State designated premises. To provide the

support for the police stations, circle offices, sub-divisional offices, district headquarters /

Commissionerates, ranges, State police headquarters and other locations across the State

where the software, hardware, and other infrastructure will be rolled out. The SI will also

ensure that there is a Service Center available or setup at each district or a group of districts

of the State, as per mutual understanding between Rajasthan Police and the SI. The SI shall

develop a work plan for the knowledge sharing as per scope defined in this RFP for use in

future phases of the project.

a) As part of the warranty services SI shall provide:

SI shall provide a comprehensive warranty and on-site free service warranty for 3

years from the date of Go Live.

SI shall obtain the three year product warranty and three year onsite free service

warranty on all licensed software, computer hardware and peripherals,

networking equipments and other equipment.

SI shall provide the comprehensive manufacturer's warranty in respect of proper

design, quality and workmanship of all hardware, equipment, accessories etc.

covered by the RFP. SI must warrant all hardware, equipment, accessories, spare

parts, software etc. procured and implemented as per this RFP against any

manufacturing defects during the warranty period.

SI shall provide the performance warranty in respect of performance of the

installed hardware and software to meet the performance requirements and

service levels in the RFP.

SI is responsible for sizing and procuring the necessary hardware and software

licenses as per the performance requirements provided in the RFP. During the

warranty period SI shall replace or augment or procure higher-level new

equipment or additional licenses at no additional cost to the Rajasthan Police in

case the procured hardware or software is not adequate to meet the service levels.

Mean Time Between Failures (MTBF) - If during contract period, any equipment

has a hardware failure on four or more occasions in a period of less than three

months or six times in a period of less than twelve months, it shall be replaced by

equivalent or higher-level new equipment by the SI at no cost to state. However, if


Page 62 of 211

the new equipment supplied is priced lower than the price at which the original

item was supplied, the differential cost should be refunded to Rajasthan Police

For any delay in making available the replacement and repaired equipments for

inspection, delivery of equipments or for commissioning of the systems or for

acceptance tests / checks on per site basis, Rajasthan Police reserves the right to

charge a penalty.

During the warranty period SI shall maintain the systems and repair / replace at

the installed site, at no charge to state, all defective components that are brought

to the SI's notice.

The SI shall as far as possible repair the equipment at site.

In case any hard disk drive of any server, SAN, or client machine is replaced

during warranty / AMC the unserviceable HDD will be property of Rajasthan

Police and will not be returned to SI.

Warranty should not become void, if Rajasthan Police buys, any other

supplemental hardware from a third party and installs it within these machines

under intimation to the SI. However, the warranty will not apply to such

supplemental hardware items installed.

The SI shall carry out Preventive Maintenance (PM), including cleaning of

interior and exterior, of all hardware and testing for virus, if any, and should

maintain proper records at each site for such PM. Failure to carry out such PM

will be a breach of warranty and the warranty period will be extended by the

period of delay in PM. The PM should be carried out at least once in six months.

SI shall monitor warranties to check adherence to preventive and repair

maintenance terms and conditions.

The SI shall ensure that the warranty complies with the agreed Technical

Standards, Security Requirements, Operating Procedures, and Recovery

Procedures.

SI shall have to stock and provide adequate onsite and offsite spare parts and

spare component to ensure that the uptime commitment as per SLA is met.

Any component that is reported to be down on a given date should be either fully

repaired or replaced by temporary substitute (of equivalent configuration) within

the time frame indicated in the Service Level Agreement (SLA).

The SI shall develop and maintain an inventory database to include the registered

hardware warranties.

b) As part of the ATS services SI shall provide:

SI shall maintain data regarding entitlement for software upgrades,

enhancements, refreshes, replacements and maintenance.

If the Operating System or additional copies of Operating System are required to

be installed / reinstalled / de-installed, the same should be done as part of ATS.

SI should carry out any requisite adjustments / changes in the configuration for

implementing different versions of Application Software.

Updates/Upgrades/New releases/New versions. The SI shall provide from time to

time the Updates/Upgrades/New releases/New versions of the software and

operating systems as required. The SI should provide free upgrades, updates &


Page 63 of 211

patches of the software and tools to Rajasthan Police as and when released by

OEM.

SI shall provide patches to the licensed software including the software, operating

system, databases and other applications.

Software License Management. The SI shall provide for software license

management and control. SI shall maintain data regarding entitlement for

software upgrades, enhancements, refreshes, replacements, and maintenance.

SI shall provide complete manufacturer’s technical support for all the licensed

software problems and/or questions, technical guidance, defect and non-defect

related issues. SI shall provide a single-point-of-contact for software support and

provide licensed software support including but not limited to problem tracking,

problem source identification, problem impact (severity) determination, bypass

and recovery support, problem resolution, and management reporting.

The manufacturer’s technical support shall at a minimum include online

technical support and telephone support during the state’s business hours

(Business hours in Rajasthan Policeall days (Mon-Sun)) with access for Rajasthan

Policeand SI to the manufacturer’s technical support staff to provide a maximum

of 4 hour response turnaround time. There should not be any limits on the

number of incidents reported to the manufacturer. Rajasthan Police shall have

access to the online support and tools provided by the manufacturer. Rajasthan

Policeshall also have 24x7 accesses to a variety of technical resources including

the manufacturer’s knowledge base with complete collections of technical articles.

c) As part of the Handholding services:

i. To provide Operations and maintenance support for the server and related

infrastructure supplied and commissioned by the SI for the application at the

Data Center and Disaster Recovery Center SI shall provide:

The scope of the services for overall IT infrastructure management as per ITIL

framework shall include 24x7 on site Monitoring, Maintenance and Management

of the server and related infrastructure supplied and commissioned by the SI for

the application at the Data Center and Disaster Recovery Center

The business hours in the Rajasthan Police would be all week days (Mon-Sun). SI will plan

these services accordingly. The SI shall provide the MIS reports for all the devices installed

in the Data Center and Disaster Recovery Center in format and media as mutually agreed

with the Rajasthan Police on a monthly basis. Whenever required by state, SI should be able

to provide additional reports in a pre-specified format. The indicative services as part of this

support are as below:

System Administration, Maintenance & Management Services

Application Monitoring Services

Network Management Services

Backend Services (Mail, messaging, etc)

Storage Administration and Management Services


Page 64 of 211

IT Security Administration Services and Services for ISO 27001 and ISO 20000

compliance

Backup and Restore Services

ii. To provide Centralized Helpdesk and Support for end users at each location SI

shall provide:

The service will be provided in Hindi language.

The help desk service that will serve as a single point of contact for all ICT related

incidents and service requests. The service will provide a Single Point of Contact

(SPOC) and also resolution of incidents. Rajasthan Police requires the SI to

provide Help Desk services to track and route requests for service and to assist

end users in answering questions and resolving problems related to the software

application, network, Data Center, Disaster Recovery Center, Client side

infrastructure, and operating systems at all locations. It becomes the central

collection point for contact and control of the problem, change, and service

management processes. This includes both incident management and service

request management.

SI shall also provide a second level of support for application and technical

support at police stations, circle offices, sub-divisional offices, district

headquarters / Commissionerates, range offices, , state police headquarters and

other locations across the Rajasthan Police where the software, hardware, and

other infrastructure will be rolled out, to meet the SLAs as per RFP.

For all the services of Rajasthan Police within the scope of this RFP, SI shall

provide the following integrated customer support and help.

Establish 24x7 Help Desk facilities for reporting issues/ problems with the

software, hardware and other infrastructure at SCRB premises.

SI shall maintain and support to all client side infrastructure including hardware,

networking components, and other peripherals.

SI shall provide maintenance of Hardware, including preventive, scheduled and

predictive Hardware support, as well as repair and / or replacement activity after

a problem has occurred.

SI shall track and report observed Mean Time between Failures (MTBF) for

Hardware.

SI shall provide functional support on the application components to the end

users.

SI shall also provide system administration, maintenance and management

services, LAN management services, and IT security administration services.

iii. To provide software maintenance and support services SI shall provide:

The Software Maintenance and Support Services shall be provided for all software

procured and implemented by the SI. The SI shall render both on-site and offsite

maintenance and support services to the Rajasthan Police to all the designated

locations. The Maintenance and Support Services will cover, all product upgrades,

modifications, and enhancements.


Page 65 of 211

Updates/Upgrades/New releases/New versions. The SI will implement from time

to time the Updates/Upgrades/New releases/New versions of the software and

operating systems as required after necessary approvals from Rajasthan Police

about the same.

Tuning of application, databases, third party software’s and any other

components provided as part of the solution to optimize the performance.

The SI shall apply regular patches to the licensed software including the operating

system and databases as released by the OEMs.

Software Distribution: SI shall formulate a distribution plan prior to rollout and

distribute/install the configured and tested software as per the plan.

Software License Management. The SI shall provide for software license

management and control. SI shall maintain data regarding entitlement for

software upgrades, enhancements, refreshes, replacements, and maintenance. SI

should perform periodic audits to measure license compliance against the

number of valid End User software licenses consistent with the terms and

conditions of site license agreements, volume purchase agreements, and other

mutually agreed upon licensed software terms and conditions and report to

Rajasthan Police on any exceptions to SI terms and conditions, to the extent such

exceptions are discovered.

The SI shall undertake regular preventive maintenance of the licensed software.

iv. To provide application functional support services SI shall provide:

The Application Functional Support Services shall be provided for all software

procured and implemented by the SI. The SI shall render both on-site

maintenance and support services to Rajasthan Police from the development

center in the state

Enhancements and defect fixes. SI shall incorporate technological changes, and

provide enhancements as per the requests made by state. SI shall perform minor

changes, bug fixes, error resolutions and minor enhancements that are incidental

to proper and complete working of the application.

Routine functional changes that include user and access management, creating

new report formats, and configuration of reports.

SI shall provide user support in case of technical difficulties in use of the software,

answering procedural questions, providing recovery and backup information, and

any other requirement that may be incidental/ancillary to the complete usage of

the application.

The SI shall migrate all current functionality to the new / enhanced version at no

additional cost to Rajasthan Police and any future upgrades, modifications or

enhancements.

The SI shall perform user ID and group management services.

The SI shall maintain access controls to protect and limit access to the authorized

end users of the state.

The services shall include administrative support for user registration, creating

and maintaining user profiles, granting user access and authorization, providing

ongoing user password support, announcing and providing networking services


Page 66 of 211

for users and providing administrative support for print, file, directory and e-mail

servers.

Exit Management and Transition – Capacity Building at state

After the exit of the SI, Rajasthan Police shall take up the management of CAS

(state). Therefore before the exit of the SI, Rajasthan Police must be strengthened

and capacity must be developed for the Rajasthan Police to manage CAS. The SI

must plan the capacity building initiative to enable Rajasthan Police to manage

CAS, and will collaborate with Rajasthan Police to implement the plan.

The SI shall create a detailed plan for Capacity Building (CB) required at

Rajasthan Police to manage CAS and a Transition Plan (implemented over a

minimum period of three months) to affect the handover to state; and implement

the same in collaboration with the Rajasthan Police before the completion of their

engagement.

Other details of Exit management are defined in Volume III of RFP.


Page 67 of 211

6.3 ANNEXURE- III- FUNCTIONAL REQUIREMENT SPECIFICATIONS

The Functional requirements mentioned in this section have been delivered as part of CAS

developed centrally at NCRB. The state specific customization and integration requirement

would be undertaken by the Rajasthan Police.

6.3.1 Core Application Software

The CCTNS application software will contain a “core” for the States/ UTs that is common

across all 35 States and UTs. The CCTNS Core Application Software (henceforth referred to

as CAS) will be developed at NCRB premises and provided to States and UTs for deployment.

States and UTs also have an option to develop and deploy additional applications over and

above the customized CAS. The choice of such applications lies exclusively with the

State/UT.

This section provides the details of the CAS (State) and CAS (Center) that will be developed

by the Software Development Agency at the Center.

The CCTNS application software can be conceptualized as comprising different services that

fall under two broad categories, CAS (Center) and CAS (State).

6.3.2 CAS (Centre)

CAS (Centre): CAS (Centre) would reside at NCRB and would cater to the functionality

that is required at the GOI level (by MHA and NCRB). Like CAS (State), CAS (Centre) would

also be developed by NCRB. CAS (Centre) would enable NCRB to receive crime and

criminals’ related data from States/UTs in order to organize it suitably to serve NCRB’s

requirements and to provide NCRB with the analysis and reporting abilities to meet their

objective as the central level crime and criminals’ data repository of the nation. This would

address the crime- and criminals-related information needs of MHA, NCRB, the Parliament,

and central government ministries and agencies, citizens and citizen groups. CAS (Centre)

also facilitates the flow of crime and criminals information across States/UTs on a need-

basis. CAS (Centre) will be developed and deployed at NCRB. Also, CAS (Centre) is expected

to interface with external agencies such as passports, transport authorities, etc.

Overview of Services for CAS (Centre)

State-SCRB-NCRB Data Transfer and Management

The service shall enable the NCRB to receive, transform, and collate the crime, criminal, and

related data from States/UTs, to organize it suitably to serve NCRB requirements.

Crime and Criminal Reports

The service shall enable authorized personnel to generate the reports and perform analysis

on the central crime, criminals, and related data repository of the nation.

Crime and Criminal Records and Query Management

The service shall enable the authorized personnel to view various registers and perform basic

and advanced queries on the central crime, criminals, and related data repository of the

nation.

Talaash Service

The service will enable the user to search for missing persons across a central/ national

database.


Page 68 of 211

Person of Interest

The service will enable the user to search for persons of interest such as persons wanted on

outstanding warrants, accused, charged, habitual offenders, convicts across the national

database.

Registered Vehicle and Vehicle of Interest Service

The service will enable the user to search for registered vehicles and vehicles of interest such

as, missing / stolen vehicles, abandoned / unclaimed vehicles, and vehicles involved in traffic

incidents across the national database.

Publication Service

This functionality will help the NCRB to publish the periodic crime reviews to the NCRB

portal.

NCRB Citizen Interface

The service shall enable the citizens to access/ search the NCRB National Database on the

data (ex, Stolen Vehicles / Property, Missing Persons, etc.) that is approved to be made

accessible to public.

NCRB Interface for RTI

Due to the sensitivity of the information that pertains to national security and harmony, this

service shall enable a limited and restricted access to the authorized external stakeholders to

search the NCRB National Database, upon submission of any RTI requests.

6.3.3 CAS (State)

CAS (State): CAS (State) covers functionality that is central to the goals of CCTNS and is

common to all States and UTs. It would focus primarily on functionality at police station

with special emphasis on crime investigation and criminals’ detection. This part would be

developed at NCRB and provided to the States and UTs for configuration, customization and

enhancements / extensions. The Rajasthan Police would determine the requirements for

configuration, customization and enhancements / extensions and would get those developed.

The following are the main function blocks that would comprise CAS (State):

Registration

Investigation

Prosecution

Records Management

Search and Basic Reporting

CAS(State) will also include the functionality required at Higher Offices such as State Police

HQ, Range Offices, District HQ and SCRB.

It is envisioned that CAS (State), once operational, will significantly enhance the outcomes in

core police functions at Police Stations. It will do so primarily through its role- and event-

orientation, providing role based user access and controls and an event driven interface that

helps police personnel (playing different roles) in more effectively performing their core

functions and that relieves police personnel from repetitive tasks that claim much of their

time while returning low or no value.


Page 69 of 211

In order for CAS (State) to achieve the above goals, it is envisaged to meet the following

requirements:

It will lay special emphasis on the functions at police stations with focus on usability

and ease of use of the application

It will be designed to provide clear and tangible value to key roles at the Police

Station: specifically the SHO (Station House Officer), the IO (Investigation Officer)

and the Station Writer.

It will be event and role driven. Access controls will be developed and role based

access will be provided in the application.

It will be content/forms-based, with customized forms based on requirements

It will be a flexible application, event and role-driven system where actions on a case

can be taken as required without rigid sequence / workflows

It will eliminate the need for duplicate and redundant entry of data, and the need for

repetitive, manual report preparation – this freeing valuable time and resources for

the performance of core police functions

It will be intelligent and help police perform their roles by providing alerts,

highlighting key action areas, etc.

Ability to view and exchange information amongst Police Stations, between Police

Stations and other Police formations and with external entities including citizens

Reporting and data requirements of higher offices must be met at the State Data

Centre/SCRB level and not percolate to the police station level

Central facilitation and coordination; but primarily driven and owned by States/UTs

where States/UTs can configure and customize the CAS for their unique

requirements without the intervention of the central entity

Overview of Services for CAS (State)

Citizens Portal Service

This service shall enable Citizens to request services from Police through online complaints

and track status of registered complaints and requests online. Citizens requests/services

include passport verification services, general service petitions such as No Objection

Certificate (NOC) for job, NOC for vehicle theft, NOC for lost cell phone/passport, Licenses

for arms, processions etc.

Verification Management Service

The service shall enable the police personnel to register and process the different kinds of

verification service of citizen.

Unclaimed/Abandon Property Register Service

The service shall enable the police personnel to record and maintain unclaimed/abandoned

property registers and match unclaimed/ abandoned property with property in lost/stolen

registers.

Complaint and FIR Management Service

The service shall enable the police personnel to register and process the complaints (FIR for


Page 70 of 211

cognizable complaints, Non-Cognizable Report for non-cognizable, Complaint Report for

genera complaints, etc.) reported by the public.

PCR Call Interface and Management Service

The service shall enable the police personnel to register and process the complaints as

received through the Police Control Room through the Dial 100 emergency contact number.

Investigation Management Service

The service shall enable the police personnel to process the complaints through capturing the

details collected during the investigation process that are required for the investigation

officer to prepare a final report.

Court and Jail Interface and Prosecution Management Service

The service shall enable the police personnel to interface with the courts and jails during the

investigation process (for producing evidence, producing arrested, remand etc) and during

the trial process.

Crime and Criminal Records and Query Management Service

The service shall enable the police personnel to view various registers and perform basic and

advanced queries on the crime and criminal information.

Police Email and Messaging Service

The service shall enable the police personnel to send / receive, official as well as personal

correspondence.

Periodic Crime, and Law & Order Reports and Review Dashboard Service

The service shall enable the police personnel to view relevant reports and dashboards and to

conduct periodic crime, and law & order reviews of the police station(s) under the officer’s

jurisdiction.

Notification of Alerts, Important Events, Reminders and Activity Calendar or

Tasks Service

The service shall capture / generate the required alerts, important events, reminders, activity

calendar and tasks.

State-SCRB-NCRB Data Transfer and Management Service

The service shall enable the States/UTs to collate, transform and transfer the crime,

criminal, and other related data from state to NCRB.

State CAS Administration and Configuration Management Service

The service shall enable the individual State/UT to configure/ customize the application to

suit to their unique requirements.

User Help and Assistance Service

The service shall enable the end user to view the help manuals of the application and in


Page 71 of 211

guiding the end user in using the application.

User Feedback Tracking and Resolution Service

The service shall enable the police personnel in logging the issues/defects occurred while

using the system.

Activity Log Tracking and Audit Service

The service shall capture the audit trail resulting from execution of a business process or

system function.

User Access and Authorization Management Service

The service shall enable the administrative user in setting the access privileges and will

provide authentication and authorization functionality

6.3.4 Development of CCTNS Core Application Software (CAS)

CAS (Centre) and CAS (State) has been developed at NCRB under the overall guidance and

supervision of MHA, and a dedicated team from NCRB. NCRB, on behalf of MHA, engaged a

professional software development agency (SDA) to design and develop CAS (Centre) and

CAS (State) and offer associated services. The SDA would enhance and maintain CAS

(Centre) and CAS (State) until the end of the engagement with NCRB and subsequent to that,

CAS (Centre) would be managed by NCRB under the guidance of NIC, DIT and MHA and

CAS (State) would be managed by the State under guidance of the State IT Department.

CAS (State) has been built as a platform at NCRB addressing the core requirements of the

Police Station that provides a basic framework to capture and process crime and criminal

information at the police station while providing the States/UTs with the flexibility to build

their state specific applications around it and in addition to it. CAS (State) has been provided

to States and UTs for deployment. Each State/UT would customize the CAS according to

their unique requirements and thereafter commission the same.

In order to achieve the above stated goals of simultaneously ensuring consistency and

standardization across States/UTs (where necessary and possible), and enabling States/UTs

to meet their unique requirements, CAS will be built as a highly configurable and

customizable application. CAS is a product-like application that can be centrally managed

and at the same time customized to meet the unique requirements of the States/UTs and

deployed in all States/UTs.

In order to achieve the key CCTNS goal of facilitating the availability of real time information

across police stations and between police stations and higher offices, CAS has been built as a

web application. However, given the connectivity challenges faced in a number of police

stations, especially rural police stations, the application has been built to work in police

stations with low and/or unreliable connectivity.

6.4 Functional Requirement Specification

This Annexure outlines the sample functional requirements for development under CAS

customization activity. Rajasthan Police shall finalize the set of requirements to be developed

in each Agile Development Cycle and convey it on periodic basis.


Page 72 of 211

6.4.1 Extended CAS Functional Requirements (Sample):

S.No Sample Requirements

1 The system should be able to create the Bail form

2 The system should be able to create the Charge sheet

3 System should present the IO dashboard of under trials, under investigation, re-

opened cases, Put to court cases to users based on their roles and their jurisdiction.

4 System should provide the dashboards to higher officials about the case progress and

metrics about U/I cases etc.

5 The system should allow to create, update and maintain general diary, case diary

6

System should allow the CO, SP & Senior Officers to view the summary of Cases

based type of case and cases falling in their jurisdiction also have an access to the

Case Basket

7

System should present the SHO & Senior officials about the details of the cases based

on the status like open, closed, re-open, disposed, unresolved and case pending for

trial.

8 The system should be able to integrate with the Court IT system

9 System should have the capability to link the courts to receive orders for a particular

case. The same should also be updated in the inward and court registers.

10 System should have the capability to link the SP office/Higher office to receive orders

for a particular case

11 System to have the capability to share the case diaries and case files with the courts

12 System should have the facility to generate a case diary for all kinds of cases (NCR

and FIR)

13 System should allow the SHO to assign an Investigating Officer for a registered FIR.

14 System should have the facility to allow the SHO to change the name of the IO for a

particular case.

15

Access rights to a case diary for a particular case should be decided by the

SHO/higher officer. Thus the access of the case diaries for a particular case should

change with the change of IO

16 System should have a system to register all the IOs in a police station for the SHO to

assign access rights to the IO

17 System should allow all the reviewing officers i.e. CO/SP to review the crime/fir

register.

18 System should update all the concerned registers i.e. Case Diary/ Crime Register/

VCNB register based on the events and updates

19 System should have the capability to link the courts to receive summons for a

particular case through the system. The same should also be updated in the inward


Page 73 of 211

and court registers.

The system should be able to integrate with the Court IT system

S.No Traffic Challaning

1 The system should have the facility to enter the challan details in the system

2 The system should be able to generate the challan report

3 The system should allow to update and maintain the bank receipt records

4

The hand held device provided to the police officer will enable to generate the challan

details in the system directly and also authenticate the documents held by the motor

driver

Traffic Challaning at Police Station

5 The system should have the facility to enter the challan details in the system

6 The system should be able to generate the challan report

7 The system should allow to update and maintain the bank receipt records

8

The hand held provided to the challaning officer will enable to generate the challan

details in the system directly and also authenticate the documents held by the motor

driver

Non Functional Requirements

Sl. No Functionality

General Requirements

1. The system should be capable to link to existing state initiatives( Applications

where Rajasthan Police service are availed)

2. At police station will able to work on offline environment and post that data

will synchronization at state level when internet connectivity will available.

3. System should support multilingual interface.

4. System should support multilingual labels.

5. Will provide services to user future

6. The system should ensure easy scalability and extensibility through minimum

effort(this will vary based on the requirements)

7. The system should be designed in manner that operational data will never be

lost until a manual intervention/hardware failure.

8. The system should run on multiple browsers (IE 6.0 and above, Firefox 2.0

and above, and Konqueror)


Page 74 of 211

9. The system should be designed to have minimum satisfactory performance

even in Police Stations connected on low-bandwidth (28 kbps).

10. The solution should be provided along with the product manuals, user

manuals and functional specifications.

11. The solution should maintain a database of frequently asked questions (FAQ).

12. Will provide data dictionary for mandatory fields.

13. This solution will customized state labels

14. The Solution will support following front end modifications: Look & Feel,

Display languages(labels)

15. Solution should follow NIC website development guidelines and standard

guidelines too.

16. The solution should ensure that data deletion is controlled centrally as per the

defined policy or the person having right to do so.

17. The process for removing unnecessary code from the application after it is

released should be documented.

18. Application code should not contain invalid references to network resources

(Pathnames, URLs etc).

19. The solution should not display the entire path of URL in the browser based

application. We will manage through app server and web servers.

20. Solution will prompt proper error messages.

21. All the exceptions will store at DB end and pass the same at state/centre label

for further escalation

22. Application will not failure without manual intervention.

23. This is web based solution, no temporary object will create.

24.

The solution should support e-mail integration(SMS integration in not

inducted in this phase). Upload and download multiple types of documents

(i.e. ms-word, excel and image file formats)

25. Application will maintain audit log for important data transactions like

updation and deletion

26. Data model should be flexible to add more data fields as per changing business

needs

27.

Data should be entered at each police station and this will synchronization at

state level through net connectivity or manually using external devices (pen

drive, CD etc.)

28. At state level application will built in common technology/platform to avoid

any compatible issue.

29. Application will provide facility to export data for further use.

30. Application will provide reporting option.


Page 75 of 211

31. Will provide web services

32. Will provide standard security i.e. roll base, password policy

33. System should provide for data entry in regional scheduled languages (based

on tool from CDAC)

34. System should provide for translation / transliteration of data from regional

scheduled languages to English (based on tool from CDAC)

35. System should provide for data entry in English and Hindi (only, in the

interim till CDAC tool is in place) for all states

System availability , performance and scalability

36. Application will up and running (at least 99% if no other disturbance i.e.

power failure, LAN problem and any other infra-structure issues).

37. System will provide proper adequate response for accessing each of the

modules.

38. System will show quick response in simple search and will take little bit more

time for advance search and this will vary based on input conditions.

39. Application scalability at least 600 will confirm during load testing also.

40. Memory leakage Benchmarks: The memory leakage per request should be less

than 1kb.

41. Application will work based on roles and rights

42. Application will run at secure platform.

43. Application will follow security standard guidelines.

44. Application will work smoothly

Ease of Use

45. All error messages produced by the System must be meaningful,

46. The System will employ a single set of user interface to provide a familiar and

common look and feel for the application.

47. The System must be able to display several entities (cases, suspects)

simultaneously.

48. The interfaces will customizable or user-configurable to the extent possible

(look and feel, logos).

49.

The System user interface must be suitable for users with special needs; that

is, compatible with specialist software that may be used and with appropriate

interface guidelines

50. The System will provide role based access to the application’s modules.

51. The System must allow persistent defaults for data entry where desirable.

52. Frequently-executed system transactions must be designed so that they can be

completed with a small number of interactions (e.g. mouse clicks).


Page 76 of 211

53.

Unique Id for PS and small units like villages have to be made available. NCRB

coding pattern and RGI Master data being collected for location codes for

districts, towns, villages, habitations, etc can be used in CCTNS

Usability Guidelines

54. We will follow standard guidelines for development and designing and will

follow ISO 9241-20,ISO 9241- 171,ISO 9241-110 too.


Page 77 of 211

6.5 ANNEXURE- IV- IT INFRASTRUCTURE REQUIREMENTS

6.5.1 Introduction

This section will outline the minimum technical specifications required for meeting the scope

of hardware supply for CCTNS Rajasthan Project. This will cover, but is not limited to the:

1) Data Center

2) Disaster Recovery Site

3) Client Sites (Police Station and Other Higher Offices)

The System integrator is free to suggest specifications which could be over and above the

minimum specification mentioned below. All products to be proposed and supplied by SI

should be brand new, defect free and of reputed brands/ make.

6.5.2 Wide Area Network (WAN) & ISP Services

The CCTNS project would require a Wide Area Network created exclusively for connecting

smaller computer network at Police stations, Circle Office, SP, and other offices of special

units spread across length and breadth of Rajasthan into one network. The basic purpose of

creating such vast network is to adopt the latest technology to cater to faster and easier mode

of communications within this network to achieve the day-to-day information exchange of

the Rajasthan Police. This network not only caters to the information exchange within the

department but also with the offices outside the department.

The connectivity has been provisioned through BSNL/RSWAN/SecLAN at all client locations

and SDC; thus providing network connectivity is not under the scope of SI.

6.5.3 Proposed Network Architecture

Network architecture is a blueprint of the complete computer communication network,

which provides a framework and technology foundation for designing, building and

managing a communication network. It typically has a layered structure. Layering is a

modern network design principle which divides the communication tasks into a number of

smaller parts, each part accomplishing a particular sub-task and interacting with the other

parts in a small number of well-defined ways. Layering allows the parts of a communication

to be designed and tested without explosion of cases, keeping design relatively simple. In the

centralized architecture, the main site would be known as Data Centre and the alternate

site is known as Disaster Recovery site. The diagram below represents the same:


Page 78 of 211

DC

Switch

Ethernet

Printer

Multi-functional devices

Router

Users

MPLS/ VPNoBB

Users

Switch

Ethernet

Printer

Multi-functional devices Router

Users Users

Switch

Ethernet

Printer

Multi-functional devices

RouterUsers Users

MPLS/ VPNoBB

MP

LS

/ V

PN

oB

B

SP / Add SP Office

CO Office / Range Office

Police Station

Figure 7: Suggested End User Connectivity


Page 79 of 211

The calculation for estimated number of external users is as below.

Figure 8: Estimated Number of External Users

The total number of external users expected to use the CCTNS is application is estimated at

12338 and assuming a 10% concurrency, a total of 1234 Users at a time. This is just a

suggested figure, and the number may rise owing to stabilization of application, increased

internet penetration and increased public awareness.

A MoU was signed between MHA and BSNL on 24th October, 2011; BSNL is providing

connectivity for implementation of CCTNS Networking and Connectivity Solution for

States/Union Territories on Pan India basis. The connectivity provided by the BSNL would

be the primary network. The redundancy has been planned through RSWAN and SecLAN

network connectivity. However some highlights of the network connectivity are given below:

i. VPNoBB/WiMax/VSAT Connectivity from BSNL- Primary Network

ii. SWAN Connectivity (SecLAN for Jaipur locations)- Redundant Network

iii. SWAN Connectivity (SecLAN for Jaipur locations)- Redundant Network

iv. MPLS VPN Connectivity- Primary Network Link for SDC-DR replication

6.5.4 Data Centre

The Data Centre (DC) is situated in DoIT, Jaipur. The DC is partially working as some of the

hardware and software are yet to be deployed. Details of indicative network architecture,

specification of deployed items, and specification of remaining items are given in succeeding

sections. Following are the details for CCTNS data centre in Rajasthan.

S.No. Items Details

1. Address of Data Center

Building

State Data Center IT Building,Yojana Bhawan

Tilak Marg, C-Scheme

Jaipur-302005 (Raj), INDIA

Total Users Estimated is 1% of Internet Penetration 12338

Total Internet penetration in Rajsthan 1233872 (2011: Maps of india)

Total Polpulation in Rajasthan 68548437 (2011: Census Data)


Page 80 of 211

6.5.5 Architectural Aspect

The proposed application will be N-tier Service oriented Architecture – with separation of

business logic from application, database and presentation. The application will be on the

central servers at Data Center in Jaipur and the Disaster Recovery (DR) site as decided by

the department at New Delhi. The proposed application will be on Web services model.

The application shall be architected with traditional 3-tier architecture.

a) Database Tier: This shall be diagonally scaling and deployed on a DC class server as

specified in this document. Database servers shall be deployed in n+1 cluster. If n is 1

(as per ISV sizing) then Data base servers shall be deployed in 1+1 cluster.

b) Application Server: Application servers shall be deployed in multiple servers

(horizontal scaling)

c) Web Tier: Web servers shall be deployed in multiple servers (horizontal scaling) There

should be databases for application servers and web servers. The web servers shall be

deployed with external load balancers for high availability

The proposed network and security architecture solution and diagram for DC is only a

representative and is subject to the overall requirement of all functionalities listed in this

section. The feature of the proposed network and security architecture is as below:


Page 81 of 211

Figure 9: Proposed DC Connectivity


Page 82 of 211

6.5.6 DC Design Description

a) The router at DC has capability to handle the data traffic and multiple SSL/VPN

encapsulations for secured data transfer between any of the department offices. The

router would also connect to the internet and would offer Server connectivity to

external users. The router should be capable to handle both MPLS and Internet

connectivity.

b) The DC- DR replication router would replicate data across MPLS connectivity to the

DR site and vice – versa

c) Intrusion Prevention system (IPS) should detect malicious traffic and further protects

the DC – DR sites. Intrusion system detect (and prevent) any intrusion from

Internet/extranet network.

d) The Network Infrastructure (Switches , firewalls, IDS / IPS , routers, server load

balancer, etc) has been configured in active – active and in high availability mode

e) Firewalls provides next layer of protection between the extranets and DMZ (which has

hosted the application server).

f) Web server Users: All the servers are connected to high capacity L2 Switch, which can

process million of packets within seconds, depending on the Users and Application and

its contents.

g) The Application servers are accessing the database from the backend in order to

process the user / citizens queries/requests.

h) The Database servers (RDBMS) are further hosted in higher security layer, comprising

of components such as Firewall and Intrusion Prevention system.

i) In this secure infrastructure it has been ensured that the security devices in the

network such as Firewalls, are in high-availability mode, and these devices should be

evenly distributed to optimize performance.

j) The set up has Antivirus , web server and DNS servers connected and configured

k) The application can be accessed through VPN over broadband and through MPLS

connectivity

l) The DR replication would happen through MPLS cloud

6.5.7 Set-up at Data Centre and DR Site

The following highlights the different server zone available at the Data Centre

1. Militarized and De-Militarized Zone at Data center:

De-militarized zone will contain the following:

Server Zone: The server zone will host the following applications:

Mail and Messaging solution

Antivirus solution

Single Sign on

Directory Services

Portal Server

Militarized zone will contain the following:

Critical Server Zone: The critical server zone will host the following

applications:


Page 83 of 211

CCTNS Application

EMS Application

Other Module of CAS State

Document Management Systems

6.5.8 Hardware and Security Components at Data Centre

Following server components are proposed at the Data Centre for the CCTNS application:

a) Portal/Web Server: Web based applications are easily accessible from any sort of

the network, Intranet, internet or extranet. Therefore, portal server plays a vital role

this initiative. The portal server has been used for providing access to the CCTNS

application through internet / intranet. Using portal, relevant contents of the

applications can be easily enabled, updated and deployed at the earliest. Portal would

provide a base template to users who want to access the application via internet.

b) Application Server: Application server has been taking care of the necessary

workflow and portal server would be required for the interfacing with the end user.

Both the portal and application server would be seamlessly integrated to provide high

availability and performance. With the use of load balancers, user requests are

distributed among various clustered/common servers. The application servers have

been configured in active – active and in cluster mode and also have the database

configured accordingly.

c) Database Servers: The database/repository provides all the relevant information

required to process the applications. This has been integrated with multiple

applications, residing at the DC.

d) Enterprise Access Server: Using Directory services DC administrator has been able

to define centralized authentication & authorization mechanisms for users. This would

enable associate policies such as security, management etc on all servers/systems from

a centralized console and enhances security, reduces IT complexity and increase overall

efficiency.

e) Staging Server : It would be required to deploy a separate server as Staging server

where all the new services are deployed on this staging server before it is brought on to

the production servers. There shall be provision in the hardware for separate Test &

Development System for each software application so that production system shall not

get affected in case of application of patches, versions change etc. The development

server shall make provision for all different system software platform used along with

all required compilers and libraries. It shall have all application software and utilities

along with the provision to customize and test the applications. It shall also have

provision for version control and version management. Test and Development set up

shall be the exact miniature replication of production environment in 3-tier

architecture with hardware as per sizing from application vendor.

f) Backup server: Backup server has been used for backing up the key data on regular

interval. The backing up of the data would be an automated process. Whenever desired

the backed up data can be restored/retrieved to the desired system configuration

g) Training Server: There is a provision for Training server for CCTNS system. Training

set is the exact miniature replication of production environment in 3-tier architecture

with hardware as per sizing from application vendor.

h) Email Server : The email server has been provide emailing solution to the users of

Rajasthan Police


Page 84 of 211

i) Enterprise Management Server: For overall management of the Data center

components, an Enterprise Management System (EMS) will be provided and would be

integrated with the CCTNS application. SI shall have to prepare a category wise

detailed list of elements to be monitored, monitoring parameters and the monitoring

frequency in terms of critical, semi critical and non-critical categories in each Data

Center and the application.

6.5.9 Network Components at DC

The entire infrastructure at DC & DR should be compatible with 10G enabled

equipments.

a) Router: Router has been installed in a redundant mode at the primary data center.

The entire infrastructure at DC & DR should be compatible with 10G enabled

equipments.

b) Core Switch: Access switch controls and automate network access for both managed

and un-managed users.

c) IDS/IPS: An intrusion detection system is used to detect several types of malicious

behaviors that can compromise the security and trust of a computer system. This

includes network attacks against vulnerable services, data driven attacks on

applications, host based attacks such as privilege escalation, unauthorized logins and

access to sensitive files, and malware (viruses, Trojan horses, and worms). IDS/IPS will

be deployed in a redundant mode at server and critical server zone to provide high

availability and fault tolerance.

d) Firewall: A firewall will be a part of network that is designed to block unauthorized

access while permitting outward communication. Firewall will be installed in

redundant mode at server zone and critical server zone to provide features like high-

availability and fault tolerance.

e) Load Balancer: The load balancer would be required for distributing workloads to a

set of networked computer servers in such a manner that the computing resources are

used in an optimal manner. The load balancer will support segmentation/virtualization

to distribute load for multiple services, servers. This would increase the availability of

the server and will also increase the performance as multiple servers would be sharing

the service load.

The load balancer would be used for the following servers:

Mail Servers

Application Server

Database Servers

Web Server

6.5.10 Collation with State Data Center

Data center will be collocated in the State Data Center. The following components have been

used:

Rack Space

Power and Cooling

SNMP based UPS, DG set power backup

Fire prevention

Physical security surveillance


Page 85 of 211

6.5.11 Hardware at the DC

The details of the hardware, already installed at DC are given below. The remaining

hardware which needs to be deployed by SI is also given, below the existing hardware list.

For minimum specification of the hardware mentioned below please refer to the section

6.5.20.

S.

No.

Environment Server/Box Model OS Quantity Warranty

upto

Servers

1 Development Development

Server

HP BL

460c

G7

Window

Server2008 R2

Enterprise

2 30-Apr-15

2 Test/QA Test/QA

Server

HP BL

460c

G7

Window

Server2008 R2

Enterprise

1 30-Apr-15

3 Training Training

server

HP BL

460c

G7

Window Server

2008 R2

Standard

2 30-Apr-15

4 Production Application

Server

HP BL

460c

G7

Window

Server2008 R2

Enterprise

4 30-Apr-15

5 Database

Server

HP DL

585 G7

Window

Server2008 R2

Enterprise

4 30-Apr-15

6 Email

Server/ Mail

& Messaging

HP BL

460c

G7

Cent OS 2 30-Apr-15

7 Web Server HP BL

460c

G7

Window

Server2008 R2

Enterprise

2 30-Apr-15

8 Backup

Server

HP BL

460c

G7

Window

Server2008 R2

Enterprise

1 30-Apr-15

9 Access

Control

Server/

Single Sign

On

HP BL

460c

G7

Window Server

2012

Datacenter

edition

2 30-Apr-15

10 DMS Server HP BL

460c

G7

Window

Server2008 R2

Enterprise

2 30-Apr-15

11 EMS Server HP BL

460c

G7

Window Server

2008 R2

Standard/Cent

7 30-Apr-15

Common Data Centre facility Maintenance and Support


Page 86 of 211

OS (1 proxy

server)

12 Antivirus

Server

HP BL

460c

G7

Window Server

2008 R2

Standard

1 30-Apr-15

Total 30

Storage

13 Production SAN

(External

Storage) -

List the total

capacity

offered on

FC and

SATA disks

HP F400 3Par storage

with backup software

1 29-May-

2105

14 Tape Library HP MSL 4048 1 23-May-

2013

(Expired)

15 Other

Component

SAN Switch HP SN3000B 2 07-Jun-

2103

(Expired)

Network Component

16 Network Core Switch HP A7510 2 27-Jun-

2013

(Expired)

17 Access

Switch

HP A5120 4 26-May-

2111

18 Internal

Firewall

HP S 1000E VPN

firewall appliance

2 28-Jun-

2013

(Expired)

19 Core Router MSR 50-60 2 28-Jun-

2013

(Expired)

Table 8: Existing Hardware at DC

S. No. Component Make and

Model

Quantity

1 Storage management Software (SMS) HP 3 PAR 1

2 Mail and Messaging Solution X Gen Email

Software

1

3 Document Management System (DMS) Microsoft Share

Point

1

Table 9: Existing Software at DC


Page 87 of 211

Existing Application Software at DC

Product Version Quantity Reorder/Software

Assurance End

Date

Microsoft® Office

2010 Indic

Government OPEN 1

License Level C

2010 125 30-11-2014

Microsoft® Project

Server 2013 Sngl

OPEN 1 License

Level C

2013 1 31-01-2015

Microsoft® Visual

Studio Pro w/MSDN

All Lng License/

Software Assurance

Pack OPEN 1 License

No Level Qualified

Non-specific 6 31-01-2015

Microsoft® Visual

Studio Test Pro

w/MSDN All Lng

License/Software

Assurance Pack

OPEN 1 License No

Level Qualified


Microsoft® Visual

Studio Ultimate

w/MSDN All Lng

License/Software

Assurance Pack

OPEN 1 License No

Level Qualified


Microsoft® Project

Server CAL 2013

Sngl OPEN 1

License Level C User

CAL User CAL

2013 25 31-01-2015

Microsoft®

SharePoint

Enterprise CAL 2013

Sngl OPEN 1 License

Level C User CAL

User CAL

2013 80 31-01-2015

Microsoft®

SharePoint Server

2013 Sngl OPEN 1

License Level C

2013 4 31-01-2015

Microsoft® 2013 125 31-01-2015


Page 88 of 211

SharePoint Standard

CAL 2013 Sngl OPEN

1 License Level C

User CAL User CAL

Microsoft® SQL Svr

Enterprise Core 2012

Sngl OPEN 2

Licenses Level C

Core License

2012 12 31-01-2015

Microsoft® SQL Svr

Standard Core 2012

Sngl OPEN 2

Licenses Level C

Core License

2012 4 31-01-2015

Microsoft®

Windows® Server

CAL 2012 Sngl

OPEN License Level

C User CAL User

CAL

2012 125 31-01-2015

Microsoft®

Windows® Server

Datacenter 2012 Sngl

OPEN 1 License

Level C 2 PROC

2012 15 31-01-2015

Microsoft®

Windows® Server

External Connector

2012 Sngl OPEN 1

License Level C

2012 3 31-01-2015

Microsoft®

Windows® Server

Standard 2012 Sngl

OPEN 1 License

Level C 2 PROC

2012 13 31-01-2015

The remaining IT Infrastructure items are as shown below for procurement:

S.

No.

Environment Component Estimated

number of boxes

1 Network

Component

Global Load Balancer 1

2 Server Load Balancer 1

3 IDS/IPS 2

4 External Firewall 2

5 FC-IP Router (DC-DR Replication) 2

6 KVM Switch 1

Table 10: Remaining Hardware need to be deployed by System Integrator in DC


Page 89 of 211

S.No. Component Estimated number

of boxes

1 Enterprise Management System (EMS) 1

2 Host Intrusion Prevention System (HIPS) 1

3 Backup Software 1

4 Antivirus 2905

Table 11: Remaining Software need to be deployed by System Integrator at DC

Refer to the DC architecture diagram for details of these suggested components.

6.5.12 DR Site

The proposed DR site for Rajasthan Police would be located independently at New Delhi.

The DR site would set up at NIC, New Delhi. The following figure depicts the proposed DR

architecture:


Page 90 of 211

Database ServersApplication Servers

External

Firewall

IDS / IPS

Core Switch

(L3)

Internal

Firewall

Access Switch

(L2)

Web Servers

Core Router

Storage Area

Network

Tape Library

SAN Switch

DC

Connectivity

(MPLS)

Access Switch

(L2)

Mail server / Antivirus / AAA / DNS

Replication server

State DR Site4 Mbps connectivity to DC

CCTNS : Rajasthan Police

Figure 10: Proposed DR


Page 91 of 211

a) Connectivity at DR Site

o DR site will be located in New Delhi and will be connected with an

MPLS/Leased link with the SDC at Jaipur.

b) Militarized and De-Militarized Zone at DR Site:

i. De-militarized zone will contain the following:

o Server Zone

Server Zone: The server zone will host the following applications:

o Mail and Messaging solution

o Single Sign on

o Directory Services

ii. Militarized zone will contain the following:

o Critical Server Zone

Critical Server Zone: The critical server zone will host the following applications:

o CCTNS Application

6.5.13 Hardware and Security Components at DR Site

a) Following hardware components will be deployed at the DR Site:

i. Router

ii. Core Switch

iii. IDS/IPS

iv. Firewall

b) Replication with Data Center: The replication from DC to DR site will happen through

log-shipping. Log shipping will allow automatically sending transaction log backups

from a primary database on a primary server instance to one or more secondary

databases on separate secondary server instances. The transaction log backups are

applied to each of the secondary databases individually. An optional third server

instance, known as the monitor server or log server records the history and status of

backup and restores operations and, optionally, raises alerts if these operations fail to

occur as scheduled.

6.5.14 Co-located with CCTNS DR Site:

Disaster Recovery site is collated with the common CCTNS DR site (NIC Delhi), the

following components may be used commonly:

a) DR Site components (cooling, cabling etc.)

b) Rack space

c) Physical Security

d) WAN Link (DR-DC)

6.5.15 Hardware at the DR Site

NIC Delhi has provided space for 3 Racks for the establishment of DR site at New Delhi.

However Server Racks/ Blade chassis would be provided by SI for DR based on the proposed

BOM in next section.


Page 92 of 211

Environment Server/box Estimated number of boxes

Servers

Production

Application Servers 2

Database Servers 2

Mail and Messaging Solution 2

Access Control Server/ Single Sign

On

1

Antivirus Server 1

Back up servers 1

Web Server 1

Total 10

Storage

Production

External Storage Box 1

Tape Library 1

Other Components

NA

SAN Switch 2

KVM Switch 1

Network Components

Network L3 Core Switch 1

L2 Switch 2

IDS/IPS 2

Firewall (External) 1

Firewall (Internal) 1

Core Router 1

Table 12: Proposed Bill of Material (BoM) for DR

Software at DR Site:

S.

No.

Component Proposed Quantity

1 Storage management Software (SMS) 1

3 Document Management System (DMS) 1

4 Backup Software 1

5 Antivirus As per requirement

6 HIPS 1


Page 93 of 211

The hardware & software of DR site should be compatible with DC hardware & software.

There DC-DR replication and Data recovery should not be affected due to non compatibility

of hardware & software components of DC-DR.

6.5.16 Client/ User Locations

Existing Hardware at Client Location

38 locations from Jaipur west & Jodhpur West have been provided equipped with client side

hardware and would be taken over by SI. The details of existing hardware of the locations are

provided below.

Offices IT Infrastructure

S.

N

o.

Location

Name District

Office

Type

CIPA

/ Non

CIPA

No. of

Client

Syste

m

Instal

led

No.

Multi-

Functio

n

Laser(

PSC)

No.

16

Port

Switc

h

Instal

led

No. of

HDD

160

GB

Hando

ver

1 P S Sadar Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

2 P S

Banipark

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

3 P S Sindhi

Camp

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

4 P S Vaishali

Nagar

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

5 P S Karni

Vihar

Jaipur

West

Police

Station

3rd

Phase 2 No 1 No

6 P S Bagru Jaipur

West

Police

Station

1st

Phase 2 No 1 No

7 P S Chomu Jaipur

West

Police

Station

1st

Phase 2 1 1 No

8 P S

Harmada

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

9 P S

Vishvkarma

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

10 P S

Jhotwara

Jaipur

West

Police

Station

2nd

Phase 2 1 1 No

11 P S Murli

Pura

Jaipur

West

Police

Station

2nd

Phase 2 No 1 No

12 P S Kar

Dhani

Jaipur

West

Police

Station

3rd

Phase 2 1 1 No

13 P S Kalwar Jaipur

West

Police

Station

1st

Phase 2 1 1 No


Page 94 of 211


S.

N

o.

Location

Name District

Office

Type

CIPA

/ Non

CIPA

No. of

Client

Syste

m

Instal

led

No.

Multi-

Functio

n

Laser(

PSC)

No.

16

Port

Switc

h

Instal

led

No. of

HDD

160

GB

Hando

ver

14 PS

Bhankrota

Jaipur

West

Police

Station

Non

CIPA 2 1 1 No

15 PS Mahila

Thana

Jaipur

West

Police

Station

Non

CIPA 2 1 1 No

16 CO Sadar Jaipur

West

Circle

Office N/A 2 1 1 No

17 CO Vaishali

Nagar

Jaipur

West

Circle

Office N/A 2 1 1 No

18 CO Chomu Jaipur

West

Circle

Office N/A 2 No 1 No

19 CO

Jhotwara

Jaipur

West

Circle

Office N/A 2 1 1 No

20 DCP West Jaipur

West

DCP

Office N/A 4 2 1 No

21

Jaipur

Commissio

narate

Jaipur

Commissio

narate

Commissi

oner

Office

N/A 18 No 2 No

22

Control

Room -

Jaipur

West

Jaipur

West

Control

room N/A 2 No No No

23 P S Pratap

Nagar

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

24 P S Soor

Sagar

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

25

P S

Chaupasni

Housing

Board

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

26 P S

Jhanwar

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

27 P S Sardar

Pura

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

28 P S Shastri

Nagar

Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

29 P S Basni Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1


Page 95 of 211


S.

N

o.

Location

Name District

Office

Type

CIPA

/ Non

CIPA

No. of

Client

Syste

m

Instal

led

No.

Multi-

Functio

n

Laser(

PSC)

No.

16

Port

Switc

h

Instal

led

No. of

HDD

160

GB

Hando

ver

30 P S Luni Jodhpur

West

Police

Station

2nd

Phase 2 1 1 1

31 P S

Boranada

Jodhpur

west

Police

Station

Non

CIPA 2 1 1 No

32

P S Kudi

Bhagat Sani

(Newly

Created)

Jodhpur

west

Police

Station

Non

CIPA No No No No

33

CO

Boranada

(Newly

Created)

Jodhpur

west

Circle

Office

Non

CIPA 2 No No No

34

CO

Jodhpur

west

Jodhpur

West

Circle

Office

Non

CIPA 2 1 1 No

35 CO Pratap

Nagar

Jodhpur

West

Circle

Office

Non

CIPA 2 1 1 No

36 DCP West Jodhpur

West

DCP

Office

Non

CIPA 10 1 1 No

37

Jodhpur

Commision

arate

Jodhpur

Commissio

narate

Commissi

oner

Office

Non

CIPA 9 No 1 No

38

Control

Room

Jodhpur

Jodhpur

Commissio

narate

Control

room

Non

CIPA 1 No No No

Total 106 29 35 8

Additional Requirements at Client Location to be purchased by SI

Item Total

Client Systems 2470

Workstation 297

Duplex Printer 297

MFD Printer 1460


Page 96 of 211

Table 13: Proposed Bill of Material (BoM) for Client locations

6.5.17 Requirements at Client Location

The following table highlights the number of locations at client side and also the primary

scope at these sites. The following table should be considered for financials for CIPA/ Non

CIPA locations:

Client Location Scope

Component Number Site

Preparation

Client Side

Infrastructure

Additional

Hardware (Digital

camera, Electronic

pen,

Generator and 16

port switch)

Police Station CIPA Phase 1 103 No Yes Yes

Police Station CIPA Phase 2 217 No No Yes

Police Station CIPA Phase 3 246 No No Yes

Police Station Non- CIPA 194 Yes Yes Yes

Higher Offices 330 Yes As per tables

below

As per tables below

The following table highlights the suggested requirements at the Client Sites; the same may

vary after the SI will conduct a site analysis:

UPS (2 kVA) 1344

UPS (1 kVA) 100

Generator (2.1 kVA) 760

Switch 16 Port 1015

Digital Camera 760

External Hard Disk 752

Electronic Pen 760

Environment Control (AC) 760

Computer Table 2326

Chair 2326

Fire Extinguisher 479

Site Preparation (Networking,

Earthling, Electrification with

Power strips)

479

White board (min 2 ft.X2 ft.) 479

Paper & Toner At all locations


Page 97 of 211

For Non – CIPA location following items should be considered in the financials

Item Quantity

Client Systems 3

Workstation 1

HDD 500 GB 1

Duplex Printer 1

MFD Printer 1

UPS 2 KVA with 120 minute backup 1

Generator 2.1 KVA 1

Switch 16 Port 1

Digital Camera 1

Electronic Pen 1


Site Preparation Yes

Opn Expense (paper / toner) Yes

Additional Hardware for CIPA Locations – CIPA Phase II and III locations.

There are 463 locations covered under phase II and III of CIPA. Approved additional items

have been taken into consideration for CIPA Phase II and III locations.

Item Quantity

Client Systems 0

HDD 500 GB 1

Duplex Printer 0

MFD Printer 0


Generator 2.1 KVA 1

Switch 16 Port 1

Digital Camera 1

Electronic Pen 1

Environment Control 1

Site Preparation No



Page 98 of 211

HARDWARE (POLICE STATIONS) - CIPA phase I

Following has been taken into consideration for CIPA phase I location which are 103 in

numbers. The CIPA phase I hardware is not in usable condition and is agreed to be replaced.

Item Quantity

Client Systems 3

Workstation 1

HDD 500 GB 1

Duplex Printer 1

MFD Printer 1


Generator 2.1 KVA 1

Switch 16 Port 1

Digital Camera 1

Electronic Pen 1


Site Preparation No


HARDWARE (HIGHER OFFICES): The following highlights the number of

higher offices which are considered for financials:

Entity Numbers

Circles office 188

SP Office 42

Addl SP office 14

DySP Office (Traffic/ SC-ST/ Women atrocity) 29

Range office 8

Commissionerates 2

PHQ- Large 1

SCRB 1

Forensic Science Laboratory + Fingerprint bureau 2

Police Control Room (State + District) 43


Page 99 of 211

For Circle Office following items should be considered in the financials

Item Quantity

Client Systems 3

HDD 500 GB 0

Duplex Printer 0

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 1

Digital Camera 0

Electronic Pen 0



For Range Office following items should be considered in the financials

Item Quantity

Client Systems 4

HDD 500 GB 0

Duplex Printer 0

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 1

Digital Camera 0

Electronic Pen 0



For SP / Addl. SP / Dy SP Office following items should be considered in the

financials

Item Quantity

Client Systems 10

HDD 500 GB 0

Duplex Printer 0

MFD Printer 10


Generator 2.1 KVA 0

Switch 16 Port 1

Digital Camera 0

Electronic Pen 0




Page 100 of 211

For Commissionerate following items should be considered in the financials

Item Quantity

Client Systems 25

HDD 500 GB 0

Duplex Printer 0

MFD Printer 25


Generator 2.1 KVA 0

Switch 16 Port 2

Digital Camera 0

Electronic Pen 0



For SCRB following items should be considered in the financials

Item Quantity

Client Systems 4

HDD 500 GB 0

Duplex Printer 0

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 1

Digital Camera 0

Electronic Pen 0



For PHQ following items should be considered in the financials

Item Quantity

Client Systems 50

HDD 500 GB 0

Duplex Printer 0

MFD Printer 50


Generator 2.1 KVA 0

Switch 16 Port 4

Digital Camera 0

Electronic Pen 0




Page 101 of 211

For Forensic Science Laboratory / Finger Print Bureau following items should

be considered in the financials

Item Quantity

Client Systems 2

HDD 500 GB 0

Duplex Printer 0

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 0

Digital Camera 0

Electronic Pen 0

Site Preparation No


For PCR District Level following items should be considered in the financials

Item Quantity

Client Systems 3

HDD 500 GB 0

Duplex Printer 0

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 0

Digital Camera 0

Electronic Pen 0

Site Preparation No


For PCR State Level following items should be considered in the financials

Item Quantity

Client Systems 5

HDD 500 GB 0

Duplex Printer 0


Page 102 of 211

MFD Printer 1


Generator 2.1 KVA 0

Switch 16 Port 0

Digital Camera 0

Electronic Pen 0

Site Preparation No


Other requirements

Description Quantity

Digital Camera

Each Police Station would be equipped with Digital Camera

Electronic Pen Each Police Station would be equipped with Electronic Pen

Others Environment control at the client side (only Police stations) would be

provisioned.

Site

Preparation The LAN cabling/ Electric cabling covered under CIPA locations are

mostly found to be unstructured and would need to be upgraded to

meet the requirements of CCTNS application deployment and hence up

gradation of the same is proposed.

SI shall prepare a platform to install DG set at appropriate location.

Operational

Expenses SI shall be responsible for bearing all operational expenses (which

includes paper and toner) at all client locations, for a period of 3 years.

Operational expenses may vary from location to location, however the

SI can take an assumption of a replacement of 2 toner (OEM compatible

toner of GSM minimum 70) every 3 months, and consumption of at

least 4 paper ream (1000 sheets) in a month, per location. The delivery

of paper and toner will be done at the respective District Head Quarter.

If any changes are required in such distribution, it will be at the

discretion of Rajasthan Police.

The above distribution matrix is indicative, and final distribution details for above hardware

shall be communicated by Rajasthan Police to successful bidder at the time of project

implementation.


Page 103 of 211

6.5.18 Specification of Proposed Software at DC & DR

a) Antivirus specifications

Sr

No

Specifications

1 All the Solutions should be virtualization aware providing flexibility of deploying the

solution both in Virtualization and physical environment.

2 The antivirus solution should have enhanced protection from Network virus/Worms,

Trojans, Key loggers, Intrusions, Conceivably harmful websites/Phishing sites, Malicious

behavior, data loss, web based threats, root kits, mixed threats, real-time compressed

executable files, spyware/gray ware etc.

3 Should have Compressed File Detection and Repair and should also be able to reduce the

risk of virus/malware entering the network by blocking files with real-time compressed

executable files.

4 Should have Unknown Virus Detection & Repair. Should have behavioral & Heuristic

scanning to protect from unknown viruses.

5 Must be capable of cleaning viruses/malware even without the availability of virus

cleanup components. Using a detected file as basis, it should be able to determine if the

detected file has a corresponding process/service in memory and a registry entry, and

then remove them altogether

6 Must have the capability to detect and clean Virus and also perform different Scan

Actions based on the virus type (Trojan/ Worm, Joke, Hoax, Virus, other)

7 Should have buffer overflow protection integrated with AV scan engine for protection

from threats/exploits that uses buffer overflow vulnerability regardless of presence of

signature / OS patches

8 Should have cloud-client infrastructure with Reputation services like File Reputation,

Web Reputation & Email Reputation working in correlation.

9 Should have web based management console to give administrators transparent access to

all clients and servers on the network and also provide automatic deployment of security

policies, AV signatures, and software updates on every client and server.

10 Should support Active Directory integration and also have security compliance to

leverage Microsoft Active Directory services to determine the security status of the

computers in the network and also have logical group based on IP addresses (Subnets).

11 Establish separate configuration for internally versus externally located machines (Policy


Page 104 of 211

action based on location awareness)

12 Should have Configurable Scanning. Should have the ability to control the amount of

CPU resources dedicated to a scan process.

13 Must have behavior monitoring to restrict system behavior and malicious changes in

applications, keeping security-related processes always up and running.

14 Should have device control to regulate the access to external storage devices and network

resources, as well as USB autorun prevention and also provide the granular level access

like No Access, Read Only, Read & write, Full Access etc.

15 Must provide the flexibility to create firewall rules to filter connections by IP address,

port number, or protocol, and then apply the rules to different groups of users

16 Must reduce network traffic generated when downloading the latest signature by

downloading only incremental updates of signatures and scan engine.

17 Reduces network bandwidth consumed during pattern updates. The bulk of pattern

definition updates only need to be delivered to the cloud or some kind of repository and

not to many endpoints

18 Should be able to update definitions & scan engine on the fly, without a need for reboot

or stopping of services on servers.

19 Must have the flexibility to roll back the Virus Pattern and Virus Scan Engine if required

via the web console

20 Should have the capability to assign a client the privilege to act as a update agent for the

update of rest of the agents in the network for AV signatures and hotfix/ service pack/

patch update/upgrade.

21 Should enable administrators to easily move clients (who have changed departments, for

example) from one physical parent server to another simply by dragging and dropping

through the central management console.

22 Should have role based administration with active directory integration to add the

custom role type and also use the predefined roles as per requirement.

23 Should have multiple client deployment options like Web install page, Remote

installation, MSI/EXE package installation, Login Script, Vulnerability Scanner etc.

24 Should have enhanced tamper protection that guards against unauthorized access and

attacks, protecting users from viruses that attempt to disable security measures.


Page 105 of 211

25 Should support 32bit and 64bit operating systems

26 Should have Cache files for scans which can help up to 40% improvement to speed

performance.

27 Should have a feature of scan cache based on digital signatures or on-demand scan cache.

28 It should recognize a missed event on a machine, which was switched off, and restart the

same when machine is turned on.

29 Should have feedback option so that if any threat (new/earlier) is found, then relevant

data can be automatically collected and transferred to the research team for further

analysis to be conducted, and consequently, advanced solutions can evolve and be

provided.

30 Should have enhanced tamper protection that guards against unauthorized access and

attacks, protecting users from viruses that attempt to disable security measures.

31 Should support plug-in modules designed to add new security features without having to

redeploy the entire solution, thereby reducing effort and time needed to deploy new

security capabilities to clients and servers across the network

32 Should have Plug-in solutions - Stateful Inspection Firewall/IPS with Virtual Patching,

VDI, Data Protection, Mac Protection, Mobile Protection without any additional

installation and should provide single console.

33 Should provide Data Loss Protection as an plug-in solution with the capability of data

protection with multichannel monitoring, robust rules, and predefined policy templates.

34 Data Protection must have File Attribute, Key words and Pattern based technology in

single solution.

35 The solution must support IPv6 and must be capable of blocking and detecting of IPv6

attacks.

36 Data Protection should work in both environment - Workgroup and AD with User/

Group/ Domain based policy creation option.

Anti Persistent Threat (APT) specifications

S.No Feature Specifications

1 Hardware The solution should be a dedicated appliance based solution for

AntiSpam security


Page 106 of 211

The Appliance should consist a minimum of 24 GB RAM.

The Appliance should have a minimum of 1 TB Hard disk

The Appliance should have minimum 6 x GE interface

2 Web Threat

Protection

The solution should support deployment in sniffing mode or

through transparent or explicit proxy.

The solution should provide malware inspection for all protocols

tunneled over HTTP and SSL natively.

The solution should natively decrypt SSL packets to inspect

malware on SSL.

The solution should have dual anti-malware engines (Signature

and Heuristics based) and should also have capabilities to inspect

malware embedded in PDF files.

The solution should have analytics to detect and block the various

stages of malware attack including data infiltration

The solution should have comprehensive database of security risk

websites, command and control network, phishing, web and email

scam etc.

The solution should also be able to inspect content downloaded

from any website real time to inspect malicious content.

The solution must detect and block outbound Botnet and Trojan

malware communications. The solution must log and provide

detailed information on the originating system sufficient to enable

identification of infected units for mitigation.

The solution should be capable of dynamically blocking a legitimate

website which has become infected and unblock the site when the

threat has been removed

The solution should have capabilities to detect custom encrypted

payloads, password files and other identified sensitive information

getting stolen through modern malware.

The solution should be able to detect data theft even if the malware

sends the data through image files.


Page 107 of 211

The solution should provide a comprehensive threat dashboard

which provides which machine is compromised, where the malware

is trying to establish connection, Direction of communication, what

data is the malware trying to send and which geography is the

malware trying to send information.

The solution should provide geo destination awareness so the

location where the malware is trying to establish connection can be

tracked.

The solution should have automated support for the Malware

Sandbox to evaluate the malicious code and a detailed report on

analysis needs to be made available.

The solution should be able to integrate with Active directory to

enforce user based policies.

3 Email Threat

Prevention

The solution should be deployed in sniffing mode or as explicit

MTA means in blocking mode.

The solution should be able to analyse links real time on incoming

mails and natively block malicious, phishing, Bot links.

The solution should have dual anti-malware engines(Signature and

Heuristics based) and should also have capabilities to inspect

malware embedded in PDF files.

The solution should be able to quarantine mails with suspicious

files, do sandboxing of files and if the file is detected to have

malicious content, the mail should not be delivered to end user and

a detailed forensic analysis report should be made available.

The solution should also determine if the mail is SPAM through

various detection techniques.

The solution should also have capabilities to do image analysis even

if the mail body is an image.


Sandbox to evaluate the malicious code and a detailed report on

analysis needs to be made available.


Page 108 of 211

The solution should have URL sandboxing to prevent the point of

of click malicious URL link even clicked from outside of corporate

network or from any device like smart phone.

The solution should also have capabilities to monitor and prevent

data theft through email.

4

Administration,

Authentication

and Policy

Controls.

The management console provides Security administrators with a

comprehensive, up-to-date view of threat characteristics and

response, user activity, network load, system stats and more.

The solution should have authentication options for

administration, the specific permissions available depend on the

type of administrator and Administrator activity is logged and

available for auditing or troubleshooting.

The solution should integrate with LDAP, Microsoft Active

Directory to identify users and display user information in reports.

The solution should have a centralized management for both email

and Web

The solution should have support two factor Authentication for

Management Server.

5 Logs and

Reporting

The solution should support real time graphical and chart based

dashboard for the summary of activities over Web

The solution should pre-built report templates which the

administrator can use for generating reports.

The solution should support custom report creation in HTML,

Excel and PDF.

The solution should have capabilities to automatically deliver

reports based on schedule to selected recipients

The solution should be able to consolidate reports from multiple

boxes for centralized logging and reporting.

The solution should provide detailed information on security

incidents to comprehensively investigate individual threat events

The solution should be integrated to third-party SIEM applications

like syslog/CEF (ArcSight), syslog key-value pairs (Splunk and


Page 109 of 211

others), syslog LEEF (QRadar), and Custom.

The solution should have ability to capture data for security

incidents and the captured characteristics include: Source of the

request, destination IP, File name and size, parameters and Body

(CGI and HTML information from the file header).

The solution should provide native system health monitoring,

alerting and troubleshooting capabilities.

The solution should support configuring scheduled automatic

backup of system configuration

The solution should support automatic download of available

patches or fixes

The Solution should have inbuilt reporting feature like real time

monitoring, reporting templates and investigation drill down

report.

The solution should have reporting on the user agent strings of

applications to provide details on application usage and version

details including browser version reports.

6 Support The OEM should provide 24x7 support for the solution

The OEM should have own TAC center in India.

Web Security Specification


1 Hardware The solution should be appliance/Software based solution for web

security.

2 Web Threat

Protection

The solution should provide proxy, caching, on box malware

inspection, content filtering, SSL inspection, protocol filtering on the

same appliance. Its should have malware scanning and content

inspection through third party integration, however all inspection

needs to be local and on-premise.

The Solution should intercepts user requests for web destinations

(HTTP, HTTPS, and FTP)


Page 110 of 211

The solution should have gateway level AV and malware protection.

The solution should have at least 30+ million websites in its URL

filtering database and should have pre-defined 100+ URL

categories,

The solution should have partnerships or third party inputs for web

threat ratings like facebook.

The solution must detect and block outbound Botnet and Trojan

malware communications. The solution must log and provide

detailed information on the originating system sufficient to enable

identification of infected units for mitigation.

The solution should be capable of dynamically blocking a legitimate

website which has become infected and unblock the site when the

threat has been removed

The solution should be able to perform SSL inspection to detect and

block malicious content downloaded through SSL and also blocking

sensitive information uploaded to SSL websites.

The solution should support policy enforcement for users even when

they access Internet outside the corporate network, this should be

enforced through an agent deployment on roaming endpoints. And

this solution should be on premises based, but not with the help of

VPN or complete traffic redirect to corporate network.

The agent on the roaming user machines should be tamperproof, for

example, the agent cannot be uninstalled by the user even with

admin rights to the system or the user cannot stop the services

The solution should have management and validation of SSL

certificates. Validation checking can be set as certificate revocation

(CRL), online certificate status protocol (OCSP).

The solution should have ability to block anonymizer sites or proxy

avoidance tools.


Sandbox to evaluate the malicious code.

The solution should have range based IP spoofing to provide

accurate representation of the IP addresses as it exits the proxy.


Page 111 of 211

3 Web content,

video& social

Media

control

The solution should apply security policy to 100+ protocols in 15

categories. This includes the ability to allow, block, log, and assign

quota time for IM, P2P, and streaming media.

The solution should filter out embedded objectionable or

unproductive content, this includes examination of the source

server, URL, page content, and active content

The solution should support custom allow/deny web ratings. The

administrators can create, modify, and manage URL categories to

accommodate specific needs for controlling users’ web access

The solution should have granular control over popular social web

applications like Facebook, LinkedIn, Twitter, YouTube, and others.

The solution should have social social control Video uploads to

Facebook and YouTube applications.

The solution should have functionality to control web 2.0 and real

time content categorization.

The solution should have support for YouTube for Education, It

should simplifies design and implementation of policy to ensure user

compliance to company AUPs.

4 Content

Control

The solution should have atleast 500+ pre-defined content rules

inbuilt with web Security & embedded in the product

The solution should have pre-defined dictionaries, key phrases to

detect financial terms, offensive language etc.

The solution should have ability to detect slow cumulative data leaks

through web channel.

The solution should have capability to analyse text inside image

going through web channel

The solution should have ability to provide geo-location awareness

for security incidents

The solution should be able to fingerprint files, folders, databases

and prevent the information from being sent over outbound web

channel.


Page 112 of 211

5

Administrati

on,

Authenticati

on and

Policy

Controls.

The management console provides Security administrators with a

comprehensive, up-to-date view of threat characteristics and

response, user activity, network load, system stats and more.

The solution should have authentication options for administration,

the specific permissions available depend on the type of

administrator and Administrator activity is logged and available for

auditing or troubleshooting.

The solution should have authentication options for users/groups, It

should supports authentication of users via Integrated Windows

Authentication (Kerberos), NTLM (NTLM v1 and v2 in Session

Security), and LDAP.

The solution should have support of multiple domains, the

administrators can specify the sequence (domain controllers

checked first, second, next, etc.) used to authenticate users who

login from different locations.

The solution should supports credential caching (for transparent

and explicit proxy) to reduce load on domain controllers.

The solution should have centralized management for multiple web

egress points

The solution should have Multi-Domain authentication to allow the

admin to create rules that authenticate against multiple domain

controllers in a sequence

The solution should have Mac Logon Agent Authentication of

Macintosh users and the ability to apply policy based on the

username.

The solution should have support two factor Authentication for

Management Server.

6 Logs and

Reporting


dashboard for the summary of web filtering activities.



The solution should support custom report creation in Excel and

PDF.


Page 113 of 211

The solution should have capabilities to automatically deliver

reports based on schedule to selected recipients

The solution should be able to consolidate reports from multiple

boxes for centralized logging and reporting.

The solution should provide detailed information on security

incidents to comprehensively investigate individual threat events

The solution should be integrated to third-party SIEM applications

like syslog/CEF (ArcSight), syslog key-value pairs (Splunk and

others), syslog LEEF (QRadar), and Custom.

The solution should have ability to capture data for security

incidents and the captured characteristics include: Source of the

request, destination IP, File name and size , parameters and Body

(CGI and HTML information from the file header).

The solution should provide a Web UI to manage Internet usage

policies, it also should support delegated administration and

reporting capabilities so different roles can be created to manage

policies and view reports.

The solution should provide native system health monitoring,

alerting and troubleshooting capabilities.

The solution should provide reports based on hits, bandwidth and

browse time.

The solution should support configuring scheduled automatic

backup of system configuration

The solution should support automatic download of available

patches or fixes

The Solution should have inbuilt reporting feature like real time

monitoring, reporting templates and investigation drill down report.

The soultuion should have reporting on the user agent strings of

applications to provide details on application usage and version

details including browser version reports.

7 Supports,

Third party

The solution must be present in the latest Gartner's leader quadrant

for Secure Web gateways.


Page 114 of 211

recognitions The OEM should have Standard Support, Premium Support, and

Mission Critical Support options available globally

The OEM should have own TAC center in India.

Email Security


1 Hardware The proposed system should be an dedicated appliance based solution

or Virtual Application image for email security.

2 Malware/A

nti-Virus

Protection

The Solution should have feature of virus scanning engine strip the

infected attachments.

The Solution should detect known or suspect secure-risk URLs

embedded in the email, which are reliable indicators of spyware,

malware or phishing attacks.

The Solution should have multiple AV engines for anti-virus and

malware scanning.

The Solution should provide proactive virus detection methods for

new email-borne virus.

The Solution should have feature of virus scanning engine strip the

infected attachments.

The Solution have the management on virus quarantine and should

have the access and manipulate the quarantined virus emails.

The solution virus engine should support scanning by inbound,

outbound and internal direction and configure the policy per

direction.

The Solution should have close to 100% virus detection rate for

known viruses.

The Solution should provide email attachment sandboxing

3 Antispam The Solution should provide an attachment scanning capability to

detect file-based spam messages

The Solution should support URL classification of the embedded links

and it contributes for SPAM detection.

The solution should support image based spam detection capability,

such as the pornography images within the email and it allow

customer to adjust the sensitivity level.

The solution should support dictionaries scanning and dictionaries are

built-in the product and allow customer to create his own dictionary.

The Solution should report the false positive email and a button in the

quarantine queue thus customer can simply click to have a report.


Page 115 of 211

The solution should also allow users to report SPAM mails.

4 Content

Control

The solution should have atleast 500+ pre-defined content rules

inbuilt with Email Security & embedded in the product

The solution should have pre-defined dictionaries, keyphrases to

detect financial terms, offensive language etc.

The solution should be able to look for content in the email header,

body of message and also attachments.

The solution should be able to restrict incoming, outgoing and internal

mails based on file types, file size and also by file name and also

through a combination of them.

The solution should be able to fingerprint files, folders, databases and

prevent the information from being sent over outbound mails.

The solution should have capabilities to quarantine mails with content

that violates the policy and notify sender or sender's manager

automatically. The mails that are quarantined because of content

control policies should be released if the sender's manager replies to

the notification mail.

The solution should monitor and control sensitive emails downloaded

to mobile devices through ActiveSync.

The solution should perform image based filtering. It’s should use

sophisticated analytical algorithm to analyse image to determine

attributes that indicate the image may be of a pornographic or non-

pornographic nature in known and unknown spams emails.

The solution should have capability to analyse text inside image going

through email.

5 MTA

Functionali

ty

The solution should allow setting SMTP greeting message, delay time

and the full qualified domain name for SMTP session establishment.

The solution should support policy based TLS encryption between

mail domains.

The solution should provide the capability of connection control and

message rates control for inbound and outbound respectively.

The solution should have directory harvesting and DoS prevention

capabilities.

The solution should allow the administrator to specify the re-try time

for a delivery failure.

The solution should provide real time IP reputation system.

The solution should support internal sender authentication.

The solution should support user group(LDAP) or domain based

routing and delivery.


Page 116 of 211

The solution should support message stamping by adding notes or

disclaimer in the message.

The solution should support IP/address/domain based whitelist and

blacklist.

The solution should have capability for Outbound throttling by

IP/address.

The solution should support Inbound mail routing delivery

preferences to accommodate larger, more complex network

6 Manageme

nt

The solution should support centralized management, including policy

configuration, quarantines and logs/reporting.

The solution should support the real-time graphical and chart-based

dashboard for the summary of email filtering activities.

The Solution should support quarantine administrator role. Thus only

the delegated administrator is allowed to access the message in

specific queue.

The solution should search a message in the queue and should have

multiple options.

The Solution should have option for end user notification for email

quarantining letter to be customized and click boxes that enable the

user to release e-mail, report false positives, add senders to allow-or-

block lists and direct links to personal email management portal.

The solution should allow where Administrator can specify which

queues can be accessed by end user.

The Personal management portal should be a web-based UI for end

users.

The solution should allow email reply to release the email quarantined

by solution.

The solution should support native system backup and software

update functionality.

7 Logs and

Reporting


dashboard for the summary of email filtering activities.



The solution should support custom report creation in HTML, Excel

and PDF.

The solution should have capabilities to automatically deliver reports

based on schedule to selected recipients

The solution should be able to consolidate reports from multiple boxes

for centralized logging and reporting.


Page 117 of 211

The solution should provide detailed information on messages to

comprehensively track messages.

The solution should allow parameters to be defined for searching

message logs.

The solution should have True Source IP Detection and Connection

Blocking feature should work even if Email Security is deployed

behind Corporate Email Relay Server/Firewall SMTP .

The solution should have option to monitor traffic in real time for

easier troubleshooting

8 End user

manageme

nt

The solution should provide capabilities for end users to search on

quarantined messages specific to them.

The solution should allow end users to release mails from quarantine

if approved.

Automatic notifications should be sent to end users whenever mails

are quarantined for them.

The notification message to end users should be completely

customizable.

The solution should allow end users to create their own personal allow

and block lists.

The solution should allow administrators to define which queues can

be accessed by end user

The solution should have a central end user management portal for

multiple appliances.

9 Support The OEM should have own TAC center in India.

b) EMS

Sr.

No.

Specifications

Basic Requirements

1. Enterprise Management System should provide for end to end performance,

availability, fault and event correlation and impact management for all enterprise

resources that encompasses the heterogeneous networks, systems, applications and

databases present in the system. OEM should provide this compliance on a letter

head.

2. The Service Management solution namely Service desk (incident and problem

mgmt), Change and Release, Asset, Service Request/Self Service, Knowledge and

Service level management should be built on the same platform/code and leverage

the same common, shared configuration database with a unified architecture. The

same platforms should be used across all modules, requiring no complex


Page 118 of 211

integrations to leverage the combined benefits offered by the integrated platform.

The solution should also have client automation tool.

3. The Service automation solution should be a unified solution supporting

provisioning, configuration management and compliance assurance across servers,

networks, databases and applications and should support end to end full stack and

dynamic server, network and application provisioning. Solution should provide for

future scalability of the whole system without major architectural changes. Solution

should be open, distributed, and scalable and open to third party integration.

Performance Management

4. The solution should provide Agent-based or Agentless Monitoring in a single

architecture – that will allow an organization to choose the level of management

required and deploys the right-sized solution to meet those requirements. The

agent and agentless monitor should be able to collect event/fault, performance and

capacity data and should not require separate collectors.

5. The solution should reduce manual customization efforts and should speed-up

problem identification and resolution of the IT performance anomalies with

intelligent events.

6. The solution should accelerate problem isolation through accurate analysis of

probable cause through end-to-end correlation.

7. The solution should have the capability to identify probable root cause using a

variety of filtering and statistical correlation methods to shift through every metric

to determine their relevance to the issue being researched.

8. The solution should possess capabilities that deliver self-learning capabilities to

virtually eliminate the ongoing costs of manual threshold, rule, and script

maintenance.

9. The solution should be able to generate dynamic performance baselines and

continuously update and refine these normal operational bands by automatically

adapting the changes in enterprise infrastructure.

10. The solution should have predictive analytics and intelligence in-built into it so as

to detect any anomaly before it could potentially hit the threshold thereby giving

enough lead time to users to resolve the issues before the threshold is breached.

11. Solution should carry out automated probable cause analysis by picking up feeds

and scoring to reduce the number of alerts generated thereby helping operations to

identify the probable cause without having to write complex rules for correlation.

12. Solution should carry out auto-diagnosis on occurrence of an type of event and

should provide the ability to extend this based on users knowledge.

13. Should be configurable to suppress events for key systems/devices that are down

for routine maintenance or planned outage.

14. The solution should provide end users with the ability to search for known errors

and knowledgebase.

15. Solution should be able to score the events and display the highest impacting


Page 119 of 211

events in descending order.

16. The Solution should offer the ability to monitor custom/homegrown applications.

17. The solution should integrate network, server, application and database

performance information and alarms in a single console and provide a unified

reporting interface for all network and system components. The current

performance state of the entire network and system infrastructure shall be visible

in an integrated console.

18. Should automatically create Service models to describe how IT infrastructure

supports business services.

Capacity Management

19. The solution should be extensible enough to support capacity planning and

optimization with data collected through the same performance management agent

across Servers (physical / virtual), storage, databases, and Network

20. Should provide flexible integration capabilities, open

data model and proven enterprise scalabilities

21. The Solution should be comprehensive in providing process-level and workloads

data collection capabilities including support for modeling multi-tier application

workloads

22. Should provide user friendly simulation modeling for e.g.: provide automatic

Queue Length calibration

23. Capabilities to provide strong forecasting capabilities for e.g. seasonality,

automated algorithms and by-exception capabilities

24. Should provide support for optimal allocation for dynamic provisioning and well

intgerated with Cloud Lifecycle Management, if needed.

25. Provide sophisticated cost modelling capabilities and chargeback mechanism for

Capacity management

Network Management

26. The Network Management function must monitor performance across

heterogeneous networks from one end of the enterprise to the other.

27. It should proactively analyze problems to improve network performance.

28. The Network Management function should create a graphical display of all

discovered resources.

29. The Network Management function should have extensive reporting facility,

providing the ability to format and present data in a graphical and tabular display

Discovery

30. Discovery solution should do a complete discovery of IT environment across

distributed, virtual and heterogeneous environment and provide a clear and visual

mapping of IT infrastructure to business services.

31. Should support discovery of Physical, virtual, network, application, storage and


Page 120 of 211

mainframe resources.

32. Solution should support complete agent-less discovery requiring no software to be

installed on devices to be discovered.

33. Should Automatically map IT infrastructure to business services and building the

Application relationships completely agent less

34. Should support continuous updates of configuration & dependency data to CMDB

35. The discovery data should be fully auditable as to where it came from and what was

the method to retrieve that.

36. Should support troubleshooting and diagnostics for any discovery scan failures.

Presentation

37. Business owners should be able to graphically view the health of their business

services and its related tickets.

38. The IT organization should be able to view their tickets by business service and

impact from the same solution.

39. Solution should have the ability to display the events in a table, service,

infrastructure, tree views. It should provide each user the ability to select or view

the events as per their convenience.

40. Should support advanced filtering to eliminate extraneous data / alarms in Web

browser and GUI.

IT Service Management

41. The Solution displays the complete ITIL process flow for Incident, Problem, and

Change Management through Service Management Process Model (SMPM). The

solution should have the capability to automatically create a copy of the ticket to an

archival server based on conditions like after a particular date or every

ticket/change or assigned to a particular group etc. The solution should provide

email based interactions allowing ticket creation, update and approval of request.

The support person can interact with the end users through chat in built and add

those chat transcripts in the ticket. The solution should give all the details related

to a particular business services. The system should have graphical interface to

define, visualize and update ITIL processes

42. The solution should have Service Management Process Model in built based on

ITIL v3 best practices.

43. At each stage in the cycle of the incident, the system should prompt users on the

status and the missing information that is required to complete the flow through

Assignment scripts

44. In case any process step is missed, the system prompts users to complete that step

before they move to the next step.

45. Solution should support reporting on the process flow to allow management to

understand how organization is performing in terms of process adherence.

46. Solution should support multi-tenancy with complete data isolation as well as with


Page 121 of 211

ability for analysts based on access rights to view data for one, two or more

organizational units. Also the ability to restrict to particular organizations.

47. Solution should provide L1 engineer an ability to see the list of assets used by the

end user. This list should be displayed within the ticket (incident, Change and

Release, Problem etc).

48. The solution should provide Live as well as Virtual Agent chat capabilities to the

End Users

49. The solution should support social collaboration like Live Twitter feeds, RSS feeds,

Salesforce chatter feeds etc.

50. Should provide relationship viewer to L1 from within the ticket. The relationship

viewer should display the dependencies and impact relationships to other assets

and users.

51. Solution should automatically provide solutions from the knowledge base to L1

52. L1 should be able to view detailed configuration of a selected asset (E.g. - amount of

CPU, RAM, Disk Space, IP address, software installed, software used etc). Should

be possible to do this from within the ticket.

53. The solution should be bundled with a tool that will allow administrators to

customize the GUI using a point-and-click interface to add and change forms,

objects, and fields in forms.

54. Workflow must be able to perform notification via email, pager, SMS and the have

provision to interface with other communication modes. The solution should

provision the administrator to create new or modify existing workflow by using

actions like set fields, push fields, SQL query etc.

55. Provide the ability to develop workflow for data level operations like record create,

update, modify and delete operation. Same workflow could be executed for both

Window and Web client.

56. Provide option for approval engine so that any customized applications developed

could incorporate the hierarchy, role based, level based, ad-hoc approval structure.

Include notification and escalation capability if approval is not performed.

57. The solution should provide the functionality of executing searches to the entire

database. It should be possible to provide query criteria using AND, OR conditions

through Common Data Model database. This allows the users to create and view

workflows/reports based on their needs rather than using only the set of

workflows/reports provided out of the box.

Incident/Problem Management

58. Flexibility of logging incidents via various means - web interface, client interface,

phone, auto integration with EMS tools.

59. Service Desk solution should allow detailed multiple levels/tiers of categorization

on the type of incident being logged.

60. Service Desk solution should provide classification to differentiate the criticality of

the security incident via the priority levels, severity levels and impact levels.


Page 122 of 211

61. It should allow SLA to be associated with a ticket based on priority, severity,

incident type, requestor, asset, location or group individually as well as collectively.

62. Solution should support fast service restoration leveraging previous incident data

through Incident matching

63. It should be possible for L1 to view the 'Health of a selected Service' from within the

ticket.

64. The health view should be consistent across platform (Windows & flavours of

UNIX).

65. Should support automatic assignment of ticket to the right skilled resource based

on business priority Ex - Database crash issue need not be assigned to an L3 DBA

unless the business service is completely down.

66. Asset causing the business failure and business service that has failed should be

automatically related to the ticket.

67. It should be possible to architect a decentralized service operations (across OS,

database and application versions).

68. Should be able to implement a Follow the sun support.

69. Should be able to consolidated view/reports across locations while maintaining

localized views/reports.

70. For integrations with other EMS/NMS tools, various options for integration should

be provided - APIs, web services, SDKs.

71. It should have an updateable knowledge base for technical analysis and further

help end-users to search solutions for previously solved issues. Should support full

text search capabilities.

Change Management

72. Should support Change Impact and change collision detection based on affected

CIs from CMDB.

73. Solution should provide for Change Calendar with periodical views.

74. Should support self service change request and fulfillment with standard change

requests via service catalogue.

75. Should support Incident & problem driven change-release-deployment activities.

End to End Release Management workflows should be supported with in-built

rollback capabilities.

76. Should support unified change and release tools (planning, risk assessment,

scheduling, and execution tools) for complete enterprise across virtual & physical

environments, applications, etc.

Asset Management

77. Should manage complete lifecycle starting with the initiation of the procurement

through to retiring and (if applicable) harvesting unused software.

78. Should be integrated with ITSM Solution (Service Desk, Change and Release


Page 123 of 211

Management, Problem Management, Service Level Management) for maintenance

and support of assets.

79. Should support IT Business Management data and metrics to manage asset

lifecycle TCO, ROI and Depreciation from acquisition to support to retirement.

80. Should support Integration with supplier, contract, e-procurement data.

Configuration Management

81. The Configuration Management Database should support multiple datasets with

federation and reconciliation facilities so as to get data from various discovery tools

and also through manual import process.

82. The Configuration Management should support Definitive Software and Media

Library with content updates on a periodic basis.

83. Normalization of data should be possible along complete definitive media library –

software, hardware with standardization on attributes.

84. Reconciliation of data should be possible with multiple data providers based on

common attributes and ability to define precedence rules on attributes.

85. Federation of external data sources should be possible with ability to store common

attributes inside CMDB and getting other attributes from external data sources in

real time.

86. Should provide best in class integration capabilities with CMDBf compliant APIs.

87. Should Provide a single shared view of services supporting Service Design,

Transition and Operations stages of the lifecycle.

88. Should Provide a Service catalogue (Technical, Business Service Offerings etc.) so

as to establish a framework for Service definitions based on IT and business

alignment.

89. Should Provide Service blueprints to describe functional and deployment models

for the Service definitions.

Service Level Management

90. Solution should support comprehensive SLA management platform that cuts

across Infrastructure Management and Service Management. For e.g. monitors and

reports across different KPIs like infrastructure (CPU utilization, disk space),

response times , resolution times (eg. incident closed on 2 hours) performance and

custom parameters of an enterprise.

91. Have a consolidated, automated graphical report for SLA compliance with ability to

drill down to reason for non-compliance".

92. Manage service levels for delivery and support of business services.

93. Fast, repeatable process for defining and capturing service level measurements.

94. Real-time visualization of service level targets, agreement compliance data,

penalties and rewards.

95. Should support compliance and cost trending to assist in identifying areas for


Page 124 of 211

process and operational improvements.

Service Request Management

96. Should support single service catalogue for requestable services

(Technical/Business Offerings), spanning both IT and non-IT domains.

97. Should provide for Service Requests Workflows and Fulfillment definitions for

commonly used IT/non-IT services.

98. Catalogue based on User profile and Visibility

99. Various types of Customer profiles are supported, for ex: Gold, Platinum, Silver.

100. Integrates with any underlying service management for request fulfillment.

101. Ability to load dynamic information based on the field chosen.

102. Ability to position both Custom-made and Standard Requests

103. Should send notifications to Customers based on the status.

104. Should have the ability to extend and create new service request.

105. Should have predefined catalogues that cover specific use cases

106. Should be completely web based and should be accessible from an unified portal

107. The Solution should provide a centralized Dashboard that picks up relevant

business metrics from the monitoring and service management solution - Business

Perspectives – Business-centric dashboards giving at-a-glance visibility to key

operational initiatives

Business Service Management Dash Board and Analytics

108. Business owners should be able to graphically view the health of their business

services and its related tickets pertaining to Business applications like Motor

Banking, ERP, Messaging, Claims processing, Group banking etc

109. Business owners should have a clear view of the extent of impact to their business

services and if need be the reason behind the impact.

110. The IT organization and business stakeholders should be able to view their tickets

by business service and impact from the same solution

111. Solution should have the ability to display the events in a table, service,

infrastructure, tree views. It should provide each user the ability to select or view

the events as per their convenience

112. Should support advanced filtering to eliminate extraneous data / alarms in Web

browser and GUI.

113. These dashboards need to be dynamic that allows user to drag and drop these

metrics and create custom dashboards without any coding.

114. Apart from built-in sections, users should also be able to create custom sections

that can reference out to custom metrics stored in the monitoring tools databases

or other sources as per the business requirements

115. It should be possible to restrict access to data available in the sections as per the


Page 125 of 211

user rights of the users. Profile based data access.

116. For each section, user should be able to select the time frame to report on data.

This could be monthly, quarterly, half yearly, yearly or custom dates

117. The Dashboards should support rich formatting capabilities to represent the data,

this includes different chart formats and PDF.

118. The Solution should come with standard report on overall business service health

and performance.

Reporting

119. Should provide for OOB Reports for Service Support and Service Delivery processes

through a unified portal

120. Should have ability to have a consolidated view of data collected from different

types of operations (E.g. - SLA compliance for a selected business service, it's

dependent SLAs, OLA and UPCs, it's changes by priority, open incidents by priority

and status, it's assets and individual asset compliance, patches installed and

compliance to patches etc) and displayed in a universal portal.

121. Provide users (based on role) to drill down to specific report/data on a need basis.

122. Ability to create custom KPI metrics and scorecard/compliance reports that are

updated automatically.

123. Single dashboard provides the as-is scenario by consolidating the data across the

organization.

124. Should support and Correlate KPIs from multiple disciplines.

125. Should support top down dashboards with drill down capabilities into detailed

information.

126. Should support multiple views with flexible pod-like structure along with role

based access.

Server Automation

127. Should support all major OS and virtualization platforms.

128. Should Support comprehensive and configuration-level roll-back for changes.

129. Automated provisioning for physical, virtual, and cloud-based environments.

130. Policy-based, Cross-Platform patch support across Windows, Linux, and Unix.

131. Support compliance Policies for regulatory and security standards with integrated

exception documentation.

132. Support Granular and environment-aware configuration policies and deployment.

133. Automated packaging, promotion, and deployment of applications.

134. Should support cross-platform and reusable packaging with built-in rollback

support.

135. Should maintain complete configuration for all managed servers at completely

granular level ensuring any minor change is also tracked and reported on.


Page 126 of 211

136. Should have ability to monitor the parameters in real time and confirm compliance

to security policies.

137. Integrated with Closed loop change Management workflows that monitor and track

these compliance changes.

138. Should have audit capabilities that compare the server status to policies defined in

real time.

Database Automation

139. Should provide automated provisioning of standalone and clustered databases,

including complex dependencies across all platforms

140. Should support automated “Pre‐Flight Checks” against hundreds of prerequisites to

validate environment readiness before changes

141. Should have the capability to provide

automated upgrades and patching for standalone and

clustered database

142. Should be tightly integrated with Change and Release management to deploy and

document the change across multiple databases and database cluster

143. Should have "Model-driven Configurations" to automatically adjust for complex

database interdependencies

Network Automation

144. The solution should be able to support configuration management across the

network infrastructure, including routers, switches, firewalls, load balancers,

wireless access points, and other network devices.

145. The solution should be able to instantly provide the who, what, where, and when of

planned, unplanned, and unauthorized network changes.

146. The solution should be able to audit and enforce configuration standards, such as

those around security, performance, and routing which would help in proactively

assessing the impact of change and also quickly recover from problematic changes".

147. The solution should be able to dynamically create scripts to allow for changes to be

pushed into the device without having to reboot the device (i.e., non-disruptive

rollback).

148. The solution should be able to provide the mechanism to push access control lists

(ACLs) into a device without exposing the device to potential security

vulnerabilities".

149. Should support Standard Authentication Methods, Role Based Access Control

(RBAC), Realms and Groups, Sensitive Data Masking, Telnet SSH proxy.

Storage Monitoring

150. Disk Arrays

151. Detects failures on the disks and controllers

152. Monitors key performance metrics (controller utilization, response time,


Page 127 of 211

cache, etc.)

153. Reports on data traffic and I/Os (physical disks, controllers, LUNs, array)

154. Monitors the environment (temperature, fans, power supplies)

155. Detects fiber links problems (external and internal)

156. Generates instant reports on disk space consumption (total and per volume,

oversubscription, etc.)

157. Reports on the power consumption of the disk array (in Watts and kWh)

158. Fiber Switches

159. Monitors the environment (temperature, fans, power supplies)

160. Monitors the fiber links (port, light, connection, speed, etc.)

161. Reports on the utilization of each fiber link (traffic, total amount of data per

hour or per day, bandwidth utilization)

162. Reports on the power consumption of the switch (in Watts and kWh)

163. Tape Libraries

164. Backup and restore activity and performance

165. Detection of backup and restore errors

166. Devices and media

167. Log and database storage

168. Backup servers, services and daemons

Workflow Automation

169. Tools should support workflows for leading 3rd party vendors including

virtualization and storage vendors.

170. Tool should support process, Data abstraction/ Workflow Reuse.

171. Platform and process upgrades should not require extensive workflow updates.

172. Workflow execution should have both automatic and semi-automatic modes of

execution.

173. The tool should support a flexible architecture that seamlessly incorporates high

availability at a work-flow level.

Batch Job and Workload Automation

174. Solution should allow for batch discovery to ensure the CMDB contains up to date

Batch Service data.

175. Should provide both Agent-based & Agent-less scheduling of batch jobs on all

platforms.

176. Solution should have a single Entry point to schedule, monitor and manage batch

jobs across Distributed environments.

177. Solution should provide a centralized GUI to view colour oriented job status, check


Page 128 of 211

logs and view output for last 5 or more days.

178. Solution should provide user ability to map the key business impacting jobs into a

service and enables the Service Monitoring to integrate into Service Desk and

Service Impact Management for any failure or delays.

179. Solution should have the ability to forecast the schedule for a future date and

simulate the flow of jobs in terms to the estimated start and end times of jobs and

business services with option to add what-if scenarios for better simulation.

180. Solution should have an ability to execute SAP R/3 Programs, BW Programs, Data

Archiving Programs & Business Objects reports and provides specific interface for

it as well as ability to integrate with Oracle, MS SQL & DB2 database to schedule

and run the SQL scripts, open queries, Stored procedures and SSIS packages and

provides out-of-box interface for it and not through wrapper scripts.

181. Solution should have ability to schedule; trigger and monitor file transfers across

the enterprise using sftp, ftp, compression, encryption, decompression and

decryption, restart from point of failure and provides out of box interface for it.

182. Should support workload management by defining policies for efficient job

submission to servers based upon the CPU, Memory usage and time periods.

183. Solution should also Self Service functionalities to Business users and presents a

view of the workload services relevant to them so that they can submit service

request through a service catalog. The proposed solution should also be in the

Gartner Leader Quadrant

Application Performance Management

End User Experience Management

184. Deployment & Ongoing Use

185. Easy to install for on-premise Management Console (in minutes)

186. Software-as-a-Service (SaaS) deployment option for Management Console

187. Ease of integration into existing network infrastructure

188. Deployment as a Virtual Machine on premises if needed

189. No instrumentation needed in application for end user experience - understands

end user behavior from a wire-only perspective

190. Discovery of all sites, urls, requests and responses without requiring rules

191. Ability to define and categorize traffic by any part of url, site, POST, Query, etc.

192. Ability to support compound logic including AND, OR, Boolean and Regex to

categorize traffic

193. Discovery of new sites and urls as soon as they show up on the wire

194. Ability to store/deploy configuration and grouping rules as a simple file

up/download

195. Patch management over the web with appropriate user rights


Page 129 of 211

196. Security Officer role controlling ability to see/not see secure data

197. Ability to deploy multiple collection points focused into a common analysis point

198. Simple SSL key logic for deployment

Performance Impact / Overhead

199. Zero performance impact to web site(s) for end user experience capture

200. Ability to start/stop solution independent of the web site itself.

201. Works with network TAPs, SPANs from switches or load balancers, or can work

with data provided by only Akamai or end-users running javascript, depending on

the customer's need

Business Transaction Detection & Discovery

202. Ability to define custom errors based on any part of the request/response including

HTTP content

203. Ability to discover Usernames from any part of the authentication process - or later

in the session if necessary

204. Flexible Geographic Tracking, choosing client IP, X-Forwarded-For, or other user-

defined value

205. Automatic discovery of all key URLs and the performance (host, network, end-to-

end time) observed for each

206. Build data to full page understanding, not just individual requests (understands

container -> object relationship)

End-to-End Web Performance

207. Sees every user all the time in real time

208. Manages both real user and synthetic transactions with equal visibility

209. Manages both end user and web service (SOAP/XML) visitors with equal visibility

210. Captures end user visit data including ISP, Browser,

211. Understands network performance from a TCP perspective (out-of-orders, drops,

retransmits)

Performance Behavior Learning & Anomaly Detection

212. Automatic detection of what is normal for each key transaction on a web site

213. Self-learning over time, automatically deprecating/de-weighting data over time

214. Provides direct line-of-sight into impacted users during site-wide performance

problems

215. Considers number of impacted sessions as a key determinant in problem severity

216. Permits drill-down into a customer-defined number of dimensions, across

customer-defined dimensions

217. Can produce a full session transcript around impacted users, showing all pages,


Page 130 of 211

with timings, errors and performance indicators as forensic detail for application

development to understand the source of problems

218. Permits the exporting of one or more sessions with an easy 'export' mechanism for

trouble ticketing

219. Performance Data Retention, Trending & Analysis

220. Ability to keep both a near-term store and longer term store to serve different

audiences

221. Ability to keep 90 days of performance data entirely within the solution at 5 minute

summaries

222. Ability to store transcript (end user visit) data securely for as long as client desires

223. Simple HTTP API's to take information to other interfaces both as summary or

transcript data

224. Simple integration with other event management solutions

Diagnostic Data Capture & Granularity

225. Records every request/response pair, including all objects delivered off origin or

from Akamai

226. Captures all security-permitted POST, Query, Cookie details visible on the wire

227. Sessionizes the data for all end users and web services, joining data into transcripts

showing the sequence and performance of all end users

Deep dive application diagnostics

228. Reduced Infrastructure foot-print with centralized dashboards and single pane of

glass encompassing all APM data

229. Fast time to value with quick installation and integration among the APM

components (less than half day)

230. Provide Very quick time to value for applications monitoring - 15 minutes per

application server

231. Provide a common agent for all Java app servers and automatic detection of

application servers and versions

232. Operations team must be able to deploy monitoring agent without extensive

knowledge of the code or involvement of development team

233. Must be able to deploy new applications without extensive manual reconfiguration

of monitoring

234. Support agile release methodology by providing automatic reconfiguration of

monitoring when new application versions are deployed

235. Must be able to deploy monitoring without extensive testing and tuning

236. Provide lightweight application deep-dive monitoring (code-level) , suitable for full

time production so problems don’t need to be recreated with monitoring active or

in a test environment


Page 131 of 211

237. Ability to drill down from real end-user issue to the line of code without losing

context (parameters, etc) without having to switch consoles or using an external

correlation engine

238. Ability to automatically configure monitoring to support different application

frameworks to avoid need for operations to understand technology in use for each

monitored application

239. Automatically provides categorization of framework into “tiers” for ease of use by

operations staff (example: database, web, messaging)

240. Provide ability to define user configuration of custom tiers (example: mainframe

CICS)

241. Provide a single view with application latency, application server resources and

baselines for a captured transaction trace

242. Automatic generation of Application Flow Map for the transaction topology and top

level SQL, web service calls, messaging (MQ), etc

243. Ability to monitor users sessions getting HTTP errors and application exceptions

and drill down to the cause in the application code

244. Ability to identify which end user session was impacted by a specific application

error and see the context

245. Ability to share diagnostics data with development without giving them access to

production monitoring system

Proactive Application Operations correlation and analytics

246. Automatically learn the behavior (anomalies and dynamic baselines) for all service

components, including applications, infrastructure, real users and synthetic

transactions

247. Generate predictive alerts based on application and business impact at least four

hours prior to end user impact

248. Automatically diagnose the root cause of application events leveraging early alerts

derived from behavior learning, configuration changes, service relationships and

end user transactions

249. Automatically correlate real user events to application and infrastructure events

and provide single console one-click access to these linkages

250. Able to display business service models with real-time operational overlay from the

user location to transaction to application tier to the infrastructure

251. Provide a single pane of glass that illustrates graphically what end users are

impacted (if any) by an infrastructure issue

252. Provide a single pane of glass that illustrates graphically which application

infrastructure components are contributing to an end user issue


Page 132 of 211

c) HIPS

Sr

No

Specifications

1 Server Security should perform HIPS along with log inspection, integrity monitoring

and host based firewall with single agent. It should help to detect attacks, software

misuse, policy violations and other forms of inappropriate activities.

2 HIPS should be able to monitor multiple systems, with one system being the HIPS

server and the others the HIPS agents that report back to the server.

3 Should be a complete datacenter and virtualization aware solution that provide

advanced protection for systems in the dynamic datacenter— from virtual

desktops/servers to physical, virtual or cloud server, or a combination of the

environment can be achieved. Should be supported on multiple operating systems.

4 Virtual Patching should be achieved by using a high-performance deep packet

inspection engine to intelligently examine the content of network traffic entering and

leaving hosts. Should provide automatic recommendations against existing

vulnerabilities, Dynamically tuning IDS/IPS sensors (Eg. Selecting rules, configuring

policies, updating policies, etc...)

5 Deep Packet Inspection should protect operating systems, commercial off-the-shelf

applications, and custom web applications against attacks such as SQL injections and

cross-site scripting

6 Solution should be capable of Information gathering about network hosts and their

activities, such as operating system, services, open ports, client applications and

vulnerabilities.

7 The solution OEM should deliver virtual patching updates within 24 hours of an

application vendor announcing a vulnerability in their system

8 DPI should have Application Control rules provide increased visibility into, or control

over, the applications that are accessing the network. These rules will be used to

identify malicious software accessing the network and provide insight into suspicious

activities such as allowed protocols over unexpected ports (FTP traffic on a mail

server, HTTP traffic on an unexpected server, or SSH traffic over SSL, etc.) which can

be an indicator of malware or a compromise.

9 Solution should work in detect only mode and prevent mode. Support automatic and


Page 133 of 211

manual tagging of events.

10 Solution should provide policy inheritance exception capabilities. Also support

creation of custom DPI rule and provision inclusion of packet data on event trigger for

forensic purposes

11 Product should support CVE cross referencing when applicable? The solution shall

protect against fragmented attacks and should allow to block based on thresholds

12 Integrity Monitoring module should be capable of monitoring critical operating

system and application elements (files, directories, and registry keys) to detect

suspicious behavior, such as modifications, or changes in ownership or permissions.

13 Solution should have a Log Inspection module which provides the ability to collect

and analyze operating system, databases and applications for security events.

14 Minimum Features of Host-based Intrusion Prevention: Time to Time Signature

update. Monitoring and prevention from Intrusion attack.

16 In the virtualized environment, Should have an integration with the hypervisor to

achieve an agent less protection such as Antimalware, IDS/IPS and Firewall for all the

systems/ guest VMs running in the virtualization environment. In the Physical

environment, protection such as Antimalware, IDS/IPS and Firewall for all the

systems can be achieved with the single Agent .

17 Should have support for IPv6 and must be capable of blocking and detecting of IPv6

attacks.

18 Detects attacks that network-based systems miss

19 Well-suited for encrypted and switched environments

20 Solution should be EAL 3+ or higher certified .

21 Should have an Anti-malware working Agent based in Physical environment and

Agentless in virtualization with Real-time & Scheduled Scan configurable options like

defining exclusion list for certain file, directories, file extensions from scan, different

scan actions - Quarantine, Clean, Delete, pass etc. and even restoration of quarantined

files is possible.

22 Should provide predefined & customizable log inspection rules out of the box rules for

log collection from standard applications like OS, Database, Web Servers etc.

23 Should be able to generate detailed and summary reports. Reports can be scheduled to

be automatically delivered to the administrator via email.


Page 134 of 211

24 Management Server should be installed on Windows Server 2003 and above,

Management Server should support Active Passive high availability configuration for

DC/DR setup

d) Storage Management Software (SMS)

i. Storage management software should protect the organization from the risks of

data loss and will help in reducing complexity, managing costs and address

compliance with data retention and availability requirements.

ii. Storage Management Software should improve the business continuity by

shortening backup and recovery times and maximizing application availability

with advanced data recovery management technologies.

iii. Storage Management Software should employ data duplication and a hierarchy of

storage to increase efficiencies and conserve resources.

iv. SMS should enhance data security with innovative access and encryption

features.

v. SMS should help the department to adapt to changes within the IT infrastructure

to minimize service disruptions and speed restorations and backups.

vi. SMS should increase the visibility into the data protection environment by

providing advanced features for operational monitoring and historical reporting.

vii. SMS should allow Host based replication and failover to IP based network.

viii. SMS should be able to create, manage and protect file shares and network

application storage.

e) Backup Software

S

No

Requirements

Backup Management Software

1 All backup/restore administration must be controlled by a centralized master

system

2 The master system must support the following systems: Windows

2000/2003/2008/2008R2/2012, Linux (x8664) /Solaris Sparc & Solaris x8664),

HPUX (Itanium) & AIX (PowerPC)

3 Master system must maintain a database for all backup/restore meta-data

Comprehensive reactive database format.

Easy to reconstruct against in the unlikely event of corruption.

Easily protected with an integrated backup and recovery plugin for the database

Bare Metal Recovery option for the Backup Master system.

4 Supported client systems include: Windows, Linux, Netware, Unix and Mac OS X

Platforms

5 Should be able to manage all master systems from different locations


Page 135 of 211

6 The software must be based on Graphical User Interface (GUI) so that all backup

servers can be managed centrally, regardless of location

7 The tape format should be open standard MTF for Windows , and CPIO for Unix

/Linux for portability and independence.

8 The software must provide flexibility to backup to different media. These include

disk-to-tape, disk-to-disk and interoperability.

9 The software should be able to automatically duplicate or migrate data from disk

to alternative target backup media to prepare for offsite storage

10 The software should be able to restore from alternative media without restaging

through the disk.

11 The software must have the ability to perform disk-to-disk backup via iSCSI or FC

SAN in sharing mode

12 The proposed backup solution must be able to support raw device backup – on

both Windows, Linux and Unix (IBM AIX, Sun Solaris & HP UX)

13 The proposed backup solution must be able to support consolidated (synthetic)

backup – for file system data on all platforms.

14 The proposed backup solution must be able to encrypt backup data at source –

and store with 128-bit or greater encryption with an option to encrypt data while

performing duplicate backup jobs from disk to tape.

15 The proposed backup solution must have user level access control list security

function. Each user has different permissions and privileges on the system.

16 The proposed backup solution should be modular in architecture, allowing for

components to be added and removed without requiring the backup system to be

shutdown.

17 Scalable, distributed architecture of Master Server, Media Server and Client,

enabling high-performance backup to direct-attached devices or SAN-attached

devices without scripting.

18 Shows real-time backup progress bar.

19 Feature for reporting on tape utilization, and drive configuration.

20 Systematic, menu-driven procedures for restoring data to alternate paths or

systems to simplify disaster recovery and recovery simulation.

21 Automatic robotic/tape drive configuration. No scripting required.

22 Allows multiple heterogeneous servers to be attached to the SAN switch and these

servers can dynamically share tape and disk devices in a SAN environment.

23 Logging information is filterable and can be output into text, HTML, or

spreadsheet-usable formats to facilitate the creation of graph and pie chart to

enhance the report for storage resource planning.

24 Ability to configure automated backups for specific days and weeks within a

month, while maintaining a simplified methodology for complex date scenarios.


Page 136 of 211

25 Full backup and restoration capabilities management from remote location.

26 Network bandwidth compression for management of network utilization to reduce

loads when backup occurs during production time.

27 Support for leading connectivity protocols :-

a. SANiSCSI / FC

b. NAS

c. Ethernet Technologies 10/100/1000/10000 BaseT

28 Must be capable of “block level” backups for Bare Metal Recovery of Physical

servers

29 Should have specific agents to perform “hot” backups from single vender without

any 3rd party integration. Database agent should have support for below

mentioned platform.

a) oracle on Windows/Linux and Unix

b) Informix on windows/Linux and Unix

c) Sybase on windows/Linux and Unix

d) DB2 on windows/Linux and Unix

e) MS SQL on window

f) MySQL on Linux and Windows

g) Postgres SQL on Linux and Windows

h) Ms Exchange on Windows

i) Lotus Notes in Windows/Linux and Unix

30 Should support server independent restore

31 Must be able to report tape utilization and view drive configuration in multiple

views.

32 Should have reporting capabilities

a. Full job completion report. Overview of the full backup jobs that were

successful, partially successful and failed for each day

b. Full backup data volume report. Overview of the total data volumes that

were backed up for each day

c. Average tape utilization report. Listing of the average amount of data stored

on each media l

d. Storage performance report. Average data throughput

33 Should meet the following Media Management capabilities

a. Allow tape library sharing among media servers

b. Allow individual tape drive sharing among media servers and allow for

reconfiguration without rebooting media servers

c. Tape drive sharing must support both iSCSI and Fiber based connections.


Page 137 of 211

34 The software should be capable of performing latent restores on Windows

systems.

35 The software inbuilt reporting tool must has the ability to create customize reports

without any additional purchase of another reporting module or 3rd party

reporting module

36 Tape media scanning should be quick and easy to perform to rebuild a lost index

or re-import a tape with older backup data.

37 Backup Index /file catalogue should be able to be taken offline and then

compressed.

38 The software must has the ability to provide disaster recovery of Window and

Linux operating systems by use of a bare metal recovery technology.

39 The disaster recovery tool must allow backup of source (Server A) and restore to

target server (Server B) on window and Linux systems.

40 The size of index or catalogue file must be less than 100 bytes per

files/folder/directories that are being backed up.

41 Able to compress the index files automatically or by policy.

42 Able to import/scan the indexes using GUI without having to resort to the use of

CLI operations.

43 Ability to integrate with storage NAS snapshot based protection mechanisms by

providing control GUI module

44 Ability to support and manage snap shot based backup, and file based backup “

under one roof “ while maintaining granular file level recovery.

45 Must support storage protocols such NDMP (version 3 & above). Please provide

interoperability matrix with storage appliance firmware/OS release compliance.

Specify specific features advantages aligned with the storage vendors

46 Must be able to utilize Direct Access Restore for NDMP technologies to facilitate

single file level restore.

47 Capable of providing Check –Point Restart for NDMP backup

48 Support for server virtualization especially VMWare & Hyper-V

49 Must be integrated with VMware VADP with D2D2T layout. Must be synchronized

with VMware VADP for data integrity.

50 Allows full VMware VADP backup by utilizing LAN, SAN and HotAdd advanced

transport mechanisms to optimize data transfer of virtual machine backups.

51 Must support virtual machine backup online and supports file level VADP

backups for virtual machines running Windows.

Continues Data Protection and DR

1 Please state Brand, Built & Version


Page 138 of 211

2 Provides 60 seconds or less ,application-aware recovery for

MSExchange, MSSQL Server and Windows file system data to significantly reduce

downtime

3 Recovered data is uncorrupted and completely usable by the application on first

recovery eliminating the need for multiple, time-consuming manual recoveries

4 Must be able to continuously capture every MS Exchange /MSSQL transaction or

filecsystem write to high value, time-sensitive trail reminder

5 Must be able to recover a complete Exchange Server, individual Storage Group, or

individual file to

any-point-in-time

6 Must provide granular recovery of individual mailboxes or mailbox items without

performing additional brick-level backups which eliminates backup windows

7 Must have advanced search capabilities across all mailboxes without analyzing

individual mailboxes one at a time or using Microsoft Recovery Storage Groups

speeds up individual email restores

8 Must have tight integration with traditional backup technologies including

NetVault: Backup, Symantec Backup Exec, Symantec NetBackup ,EMC Networker

or IBM TSM

9 Must be equipped with Virtual On-Demand Recovery (VODR) to bring the

application up and available to users in seconds.

10 Must provide two-tier data history as such to able to maintain both continuous

history for any point-in-time recovery or long term snapshot history for fixed

point-in-time

11 Must be able to recover protected data to a alternate server or location across a

LAN or WAN. Recovery mechanism must automatically update Active Directory

and Domain Name Service (DNS) entries so users are routed to the standby

server immediately.

12 Must be able to protect virtualized Windows applications running under VMware

ESX, Microsoft Hyper-V or Citrix Xen.

13 Microsoft Cluster Support is mandatory.

14 Must be equipped with simple to use web-based management console with Point-

and-click configuration. Also should provide Wizard-based recovery.

15 Must be able to restore individual mailbox items to PST file .Users should be able

to restore individual items to a PST file for further analysis for discovery or

investigative purposes.

16 Should have support to replicate data with application awareness to Near DR and

DR Site

Host Base Replication

1. Brand, Built & Version


Page 139 of 211

2.. True Cross Platform. Consolidates mixed environments with a single enterprise

wide solution and maintains replica of both file & metadata between

heterogeneous servers.

3. Hybrid Replication support. Security of near synchronous replication over long

distances. Collects changed data synchronously & performs replication

asynchronously.

4. Data Encryption Support. Prevents third-parties from reading sensitive and

important information over network to protect company privacy.

5. Assures data integrity through data journaling and provides resiliency against

network outages.

6. Bandwidth Throttling for Scalability. Allows existing network connections to be

shared with replication and allows for control of bandwidth consumption during

replication.

7. Policy-based Replication. Provides defined replication sets to allow for replication

policies to be set/defined.

8. Tracks changes at the byte level and works at file system level.

10. Must be able to replicate RDBMS based applications with option to do automatic

failover.

Virtualized Backup

1. Brand, Built & Version

2. Provide the support VMware ESX and ESX(i) systems for backup,

replication and recovery

3. Offered solution must be Agent Less and should support the VA cluster and

should also support management server on VM itself.

4. Offered solution must support Storage repository CIFS, SFTP, NFS and FTP as

target storage.

5. Allows full VMware VADP backup by utilizing LAN, SAN and HotAdd advanced

transport mechanisms to optimize data transfer of virtual machine backups.

6. Must support virtual machine backup online and supports file level VADP

backups for virtual machines running Windows/Linux.

6.5.19 Minimum Technical Specifications- Hardware at DC & DR

f. Server Load Balancer

S.No Feature description

1 10/100/1000Mbps Ethernet Ports – minimum 4 ports and should support 2x10Gig

ports

2 Memory: Minimum 8 GB


Page 140 of 211

3 Minimum of 5 Gbps throughput and scalable to 10 Gbps throughput.

4 Minimum of 3 Gbps SSL throughput

5 Minimum of 14000 SSL connections scalable to 25000 SSL connections

6 Appliance should provide full ipv6 support and OEM should be IPv6 gold-certified.

OEM should be listed vendor for ipv6 phase-2 certification.

Server Load Balancing Mechanism

7 The appliance should support server load balancing algorithms i.e. round robin,

weighted round robin, least connection, Persistent IP, Hash IP, Hash Cookie,

consistent hash IP, shortest response, proximity, snmp, SIP session ID, hash header

etc.

8 Extensible policies (epolicies) scripts to implement business logic on network

without any changes in application code.

9 Should support one arm, reverse and transparent proxy mode deployment scenarios

and should support nested layer7 and l4 policies.

Redundancy Features

10 o Supports Active-Active and Active-Standby Redundancy

11 Should provide comprehensive and reliable support for high availability and N+1

clustering with active-active and active-standby support.

Server Load Balancing Features

12 Should maintain server persistency based on source ip and destination ip, http

header, url, cookie and SSL ID.

13 should support layer4 and layer 7 load balancing for HTTP/HTTPS, FTP/FTPS, SIP,

RTSP , RDP, TCP, TCPS and UDP protocols

14 Should maintain server persistency based on source ip and destination ip, http

header, url, cookie and SSL ID.

15 The appliance should support multi port, scripted and custom health check with

content verification

16 Should provide application & server health checks for well known protocols i.e. ARP,

ICMP, TCP, DNS, RADIUS, HTTP/HTTPS, RTSP etc..

17 The appliance should have and/or relationship to check various dependencies for

the application delivery

18 should support layer4 and layer 7 load balancing for HTTP/HTTPS, FTP/FTPS, SIP,

RTSP , RDP, TCP, TCPS and UDP protocols

Load Balancing Applications

19 Should provide performance optimization using TCP connection multiplexing, TCP

buffering and IEEE 802.3ad link aggregation.

20 should support TCP optimization options including windows scaling, timestamp &

Selective Acknowledgement for enhanced TCP transmission speed.

21 TCP optimization option configuration should be defined on per virtual service basis

not globally.

22 Appliance should provide real time Dynamic Web Content Compression to reduce

server load.

23 should provide selective compression for Text, HTML, XML, DOC, Java Scripts,

CSS, PDF, PPT, and XLS Mime types.

24 should provide have provision to define policy to skip compression for selected

trouble URL (RegEx, Web Objects) for the specified Virtual.

SLB should support below Management options


Page 141 of 211

25 Role based access control for granular authentication and authorization.

Administrator should able to define multiple roles namely Admin,Security-admin,

Network-Engineer, Network Monitor, Network Manager on the appliance

26 The appliance should have extensive report and logging with inbuilt tcpdump like

tool and log collecting functionality

27 The appliance should have SSH CLI, Direct Console, SNMP, Single Console per

Cluster with inbuilt reporting.

28 Should support XML-RPC for integration with 3rd party management and

monitoring

29 The appliance should provide detailed logs and graphs for real time and time based

statistics

30 Appliance must support multiple configuration files with 2 bootable partitions for

better availability and easy upgrade / fallback.

31 The system should support led warning and system log alert for failure of any of the

power and CPU issues

g. Blade Chassis Specification

Sl.

No

Features Specifications Required

1 Form Factor Max 10U Rack mounted Chassis to house at least 14 Compute

Nodes. Chassis configured should not only support current

generation of processors but should support future processor

technology.

2 IO Modules Min Four high-speed switch bays capable of supporting I/O

architectures in Ethernet, FiberChannel, FCoE and Infiniband

3 Ethernet IO

Module (10GB)

2 x 10 GBPS Ethernet switch with L2 and L3 capabilities, VM

ready support for 802.1Qbg standards. Each Switch should have

100GB uplink cability and should be scalable to provide atleast

220GB uplink capability. Switch configured should have following

features like

Non-blocking architecture with wire-speed forwarding of traffic,

Media access control (MAC) address learning: automatic update,

support of up to 1,28,000 MAC addresses VRRP for Layer 3

router redundancy, Layer 2 Trunk Failover to support

active/standby configurations of network adapter teaming on

compute nodes, 802.1Q VLAN tagging support on all ports,

VLAN-based, MAC-based, and IP-based ACLs, Support for IEEE

802.1p, IP ToS/DSCP, and ACL-based (MAC/IP source and

destination addresses, VLANs) traffic classification and

processing, IP v4 and IP v6 Layer 3 functions, VMready, Simple

Network Management Protocol (SNMP V1, V2, and V3)

4 Fibre Channel IO

Module

2 x 8Gb FC SAN switches required but IO Bays should support for

both 8Gb and 16Gb FC SAN Switches. SFP shoule be supplied


Page 142 of 211

along with the switch.

5 Midplane Chassis should have a highly reliable mid plane for providing

connectivity of the shared resources to the compute nodes in a

highly reliable manner.

6 Power Modules Redundant power modules t0 provide N+N or N+1 redundancy.

Power supplies configured should be 80 PLUS Platinum certified

and should provide 92% efficiency at 100% load.

7 Chassis

Management

Module

Integrated two redundant chassis Management Modules

providing IP based management of the compute nodes and vital

elements like FC and Ethernet Switches. Should also provide for

controlling Power, Fan management, Chassis and compute node

initialization, Switch management, Resource discovery and

inventory management, Resource alerts and monitoring

management, Chassis and compute node power management and

diagnostics for elements including Chassis, I/O options and

compute nodes.

9 Network

Management

Should provide for the following Network Management

Capabilities for chassis internal switches:

• Management of network switches from a variety of vendors.

• Discovery, inventory, and status monitoring of switches.

• Graphical network topology views.

• Support for KVM, VMware virtual switches, and physical

switches.

• VLAN configuration of switches.

• Integration with server management.

• Per-virtual machine network usage and performance statistics

provided to VMControl.

• Logical views of servers and network devices grouped by subnet

and VLAN.

10 Virtualization

Management

Should provide following Virtualization Management Capabilities

with integration to the Hypervisor manager:

• Support for VMware, Hyper-V, KVM

• Creates virtual servers.

• Edits virtual servers.

• Manages virtual servers.

• Relocates virtual servers.

• Discovers virtual server, storage, and network resources and

visualize the physical-to-virtual relationships.


Page 143 of 211

11 Storage

Management

Should provide for the following Storage Management

Capabilities for integrated storage:

• Discovery of physical and virtual storage devices.

• Support for virtual images on local storage across multiple

chassis.

• Inventory of the physical storage configuration.

• Health status and alerts.

• Storage pool configuration.

• Disk sparing and redundancy management.

• Virtual volume management.

• Support for virtual volume discovery, inventory, creation,

modification, and deletion

12 System Panel LEDs on the front information panel that can be used to obtain

the status of the chassis Identify, Check log and the Fault LED

13 Support for

Multiple

Platform

Should provide support for multiple platforms in x86 and

RISC/EPIC servers within the same enclosure.

14 RACK with TFT

monitor

42U Floor RACK with Dual redundant Power distribution Units &

Foldable 1U 17" TFT flat panel console kit with key board and

integrated pointing device & connecting cable. Rack should be

same make of Servers.

h. Blade Servers Specifications

S.

No

Component Specifications

1 CPU 2 x Intel Xeon six Core E5-4610 CPU @ 2.4 GHz or

better and expandable upto 4 processors.

2 Cache L3 15 MB of L3 Cache

3 Chipset Intel Chipset C600

4 Memory 128GB DDR-3 LR DIMMS Memory Upgradeable to

768GB (24DIMMS Slots)

5 Memory protection support ECC, Memory Mirroring, Memory Sparing

6 SCSI Controllers Integrated Hardware Raid Controller to supports

Hardware Raid RAID 0, 1


Page 144 of 211

7 Disk Drives 2 x 200GB HS SATA MLC SSD Hard Disk Drive, Server

should support Hardware Raid controller supporting

Raid 0 and 1.

8 Graphics Controller 16MB SDRAM

9 Ethernet Adapter Server should be configured with 2 Number of 10G

Ethernet ports, also support FCOE and ISCSI

functionality on demand. Should support Future

upgradability to at least two more 10Gb ports.

10 Fiber Channel HBA

Connectivity

1 x Dual Port 8Gbps Fiber Channel Expansion Adapter.

PCIe slot should also support 16Gbps Fiber Channel

ports from Day1.

12 I/O Expansions 2 x PCI Express 3.0 interface

16 Warranty 3 Years Onsite Comprehensive Warranty

17 USB USB ports: one external. Two internal for embedded

hypervisor

18 Failure Alerting

Mechanism

The server should be able to alert impending failures on

maximum number of components. The components

covered under alerting mechanism should at least

include Processor, memory and HDDs

19 Server Management

Software

Server should be supplied with OEM Server

Management software

20 OS Support Microsoft Windows Server 2008 R2, Red Hat

Enterprise Linux 5 and 6, SUSE

Linux Enterprise Server 10 and 11, VMware ESX

i. Data Base Server (Rack)

S. No. Components Specification

1.

Processor/

CPU

Min. 4 x Intel Xeon E7 4820 (Eight Core) 2.0 GHz

processors with 24MB cache, 64bit technology or higher

2. Chipset Intel 7500 Chipset or better

3. RAM / Main

Memory

Minimum 256GB of PC3 10600 Registered ECC DDR 3

RAM upgradeable upto 1TB.

4. Hard Disk

capacity &

type

Min. 4 x 200 GB SFF Enterprise class SSD

5. RAID Controller Compatible RAID Controller with 512 MB Cache for SSD

and to be configured with RAID 5


Page 145 of 211

6. Network

Interface

Minimum 2 x Gigabit Full-Duplex Ethernet ports

W/TCP IP offload

Engine & Wake On LAN feature

7. Ports Ports for Keyboard & Mouse, Min. 2 USB Ports, 1

Remote Management

Port

8. Graphics Integrated standard graphics controller

9. SAN

Connectivity

& HBA

2 x 8 Gbps FC HBA PCI-X/PCI-e based required to

configure redundant

SAN adapters.

10. Form Factor Rack Mountable (note more than 4U)

11. Free Slots Min. 2 Free 64 bit PCI-Express Slots (after populating

all the cards)

12. Removable

Drive

Internal IDE/ SCSI DVD-ROM Drive

13. Operating

System

Microsoft Windows Server 2008 R2, Red Hat Enterprise

Linux 5 and 6, SUSE Linux Enterprise Server 10 and 11,

VMware ESX

14. Power supply Redundant Hot-Swappable Voltage-sensing power

supplies and

Variable-speed Fans

15. Certification OEM ISO 9001 Manufacturer, UL, FCC, RoHS and

should be certified on

the supplied OS Version

16. Server

Management

Dedicated Hardware Controller based Management

along with OEM

Server management software

j. Storage Area Network (SAN)

1. SAN controller

1.1 Dual Active Controller

2. Cache

2.1 16 GB Total Mirrored Cache for Disk IO Operations scalable to min 32 GB

3. Host interface

3.1 For front-end host connectivity, the storage system should be configured with

sufficient number of 4/8Gbps FC ports or SAS port with sufficient SAS links,

so as to provide an aggregated total bandwidth of at least 32Gbps across all

the controllers.

4. Drive interface

4.1 For back-end connectivity, the storage system should be configured with

sufficient number of 4/8Gbps FC ports or sufficient 6 Gbps of SAS-II back-

end ports/ lanes across all the controllers so as to provide an aggregated

bandwidth of at least 16Gbps across all the controllers.


Page 146 of 211

5. RAID levels Supported

5.1 0, 1, 5 / 6

6. Fans and power supplies

6.1 Dual redundant, hot-swappable

7. SAN support

7.1 Box should be compatible of SAN environment

8. SAN specifications shall have the following

1. The storage array shall be configured with at least 16 GB cache scalable to min 32

GB mirrored across two storage controllers for disk I/O operations.

2. Storage subsystem shall support SSD/SAS drives or equivalent drives in the same

device array

3. Presently, the storage sub system shall be configured with 300 GB/ 450 GB of

Performance drives and 750 GB or higher on SATA / equivalent for archiving

purpose.

4. The storage system must provide upgrade path to larger or future array controller

and software technology while maintaining the existing investment.

5. All the necessary software to configure and manage the storage space, RAID

configuration, logical drives allocation, virtualization, snapshots (including snap

clones and snap mirrors) for supplied capacity etc.

6. Redundant power supplies, batteries and cooling fans and data path and storage

controller.

7. Load balancing must be controlled by system management software tools.

8. The multi-path software should support the supplied storage and operating

systems.

9. The storage array must have complete cache protection mechanism either by de-

staging data or providing complete cache data protection with battery backup for

up to 72 hours or more.

10. The storage system should be scalable from 30 TB to 60 TB of raw capacity using

40% on SAS drives and 60% on Near SAS or equivalent drives using the same

configuration as Quoted in this tender. The Storage should have at least 4 ports of 4

Gbps Frontend ports and 4 no’s of back end ports of 4 Gbps the storage array must

have the capability to do array based remote replication using FCIP or IP

technology.

11. The storage array should support block level Synchronous and Asynchronous

replication across heterogeneous storage arrays from different OEMs.

12. The storage array should support Operating System Platforms & Clustering

including: Windows Server 2003 (Enterprise Edition), Sun Solaris, HP-UX, IBM-

AIX, Linux / Solaris for x86. Any software or license required to enable connectivity

to these OS should be included.

13. Storage should support non-disruptive online firmware upgrade for both

Controllers and disk drives.

14. The storage array should support hardware based data replication at the Block level

across all models of the offered family.

15. Should provision for LUN masking, fiber zoning and SAN security

16. Should support storage virtualization, i.e. Easy logical drive expansion.

17. Should support hot-swappable physical drive raid array expansion with the

addition of extra hard disks


Page 147 of 211

18. Should be able to support clustered and individual servers at the same time.

19. Should be able to take "snapshots" of the stored data to another logical drive on a

different Disk/RAID Group for backup purposes

20. Should be configured with "snapshots and clone"

21. Vendor should also offer storage performance monitoring and management

software.

22. The vendor must provide the functionality of proactive monitoring of Disk drive

and Storage system for all possible hard or soft disk failure

k. Tape Library

i. Tape drives

1. Minimum 2 latest generation LTO drives. .

ii. Interface

1. Fiber Channel Interface

iii. Other Specifications

1. Should have sufficient speed backup to Tape Library in High Availability for

backing up data from the SAN without any user intervention.

2. Should be able to backup 50% of the entire production landscape in 8 hours

window (indicative only).

3. Should support latest generation LTO drives or latest technology based library

with at least 2 latest generation LTO drives tape drives (>=4), rack mountable

with redundant power supplies.

4. Cartridges should have physical capacity up to 1600 GB per cartridge

compressed; 800 GB native.

5. At least 50 latest generation LTO drive Media Cartridges with 5 Cleaning

Cartridges, Barcode labels shall also be provided

l. FC-IP Router

i. Fibre Channel Ports

1. min 4 FC ports

ii. FC Port Speed

1. Autosensing 1/2/4 Gbps

iii. iSCSI (Ethernet) Ports

1. min 4 Ethernet ports

iv. iSCSI (Ethernet) Port Speed

1. 1 Gigabit Ethernet

v. Protocol Support

1. FCP

2. iSCSI

vi. High-Availability Features

1. Two-way active/active clustering with failover and failback capabilities

2. Multiple iSCSI connections provide multipath support from a single gateway to

as many as 100 servers.

vii. Management Features

1. CLI (by Telnet, SSH, or console)

viii. iSCSI Gateway Manager

1. SNMP


Page 148 of 211

2. Allows for monitoring traffic statistics on each storage and network interface,

fan and temperature and iSCSI session details.

m. SAN switch

S No Feature Description

1. Performance 8 Gbps Fibre Channel

2. Ports 16-24Fibre Channel

3. Aggregate Switch

Bandwidth

384 Gbps Maximum

4. Protocol Support Fibre Channel

5. Availability No single point of failure.

6. Media Types No single point of failure.

7. Upgradeability Standard 16 Ports; 8 Port on Demand upgrades

8. Form Factor 1U

n. Core Router

S.No. Description

1 Router Architecture: The router architecture should have following

features

Modular Chassis, the architecture should be based on high performance,

distributed / centralized forwarding architecture.

Should support Voice, Video, Security

It should support Single Operating System which includes all the feature set

2 Interface Support

Ethernet LAN Ports -> 3 x 10/100/1000/10000 Mbps Ethernet port. It should

support additional Gigabit Ethernet modules i.e. both 10/100/1000 or SFP

type (upgradable )

It should support the industries widest range of wired and wireless

connectivity options such as T1/E1, T3/E3, 3G, copper and fiber GE, etc

3 Performance & Memory Required:

Performance Requirements for 64 byte packet -> Minimum 1.2 Mpps

4 Hardware:

Should support minimum default DRAM = 1 GB, maximum DRAM =2GB

External Compact Flash minimum default = 256MB, maximum External

Compact Flash = 1GB and above

2 External USB (2.0 or higher)

One Serial console port

One Serial auxiliary port


Page 149 of 211

Should support AC and PoE, Power-supply options

Should support internal RPS

Should support 6 High port density WAN interface Modules

Should support 3G standards High-Speed Packet Access (HSPA)

Should have Min three Gigabit Ethernet Port

5 Voice & Video DSP support

Voice & Video DSP support

Support Voice interface i.e. FXS, FXO, PRI, BRI

6 Router Functional Requirements

QoS -> ToS, CoS, Queuing, prioritizing, Resource Reservation Protocol

(RSVP)

NAT -> NAT, PAT

Access Control -> Required

Protocol Support Required:

RIP, BGP4, Policy based Routing, PPP, HDLC, OSPF Version 2, Support for

IPV6.

Re-distribution of routes from on Routing protocol should not be a bottleneck.

All the above features should be provisioned in the router from day 1.

Congestion Management:

The router should have proper congestion management to eliminate Network

congestion when the link is overloaded.

Random Early Detection, Weighted Fair/priority Queuing, IP precedence or

DSCP.

IP Multicasting: Type Forwarding -> MBGP/PIM-DM/PIM-SM

7 Bandwidth Optimization:

The following bandwidth optimization features should be there:

Dial-Backup

Dial-on-Demand

Inactivity timeouts

8 Accounting:

The following accounting features should be supported:

Packet & Byte Counts

Start Time Stamp & End Time Stamps.

Network Time Protocol

Input & Output interface ports.

Type of service, TCP Flags & Protocol


Page 150 of 211

Source & Destination IP addresses

Source & Destination TCP/UDP ports

9 Security Requirements:

The offered router should have following security features:

Support for Standard Access Lists to provide supervision and control.

Controlled SNMP Access through implementation of Access Lists on the

router to ensure SNMP access only to the SNMP manager or the NMS

workstation

Controlled SNMP access through the use of SNMP with MD5 authentication.

Multiple Privilege Levels for managing & monitoring

Support for Remote Authentication User Service (RADIUS) and AAA

PPP CHAP support

10 Management Features :

The offered router should have the following Management

Features:

The Router shall support Telnet, SSH, Console access.

The router shall support FTP or TFTP for easy software upgrades over the

network.

Network Management services shall be provided using open standards based

protocols like SNMP V2/V3

Configuration Management: The Router shall support configuration

management through the command line interface. GUI based software

configuration utility shall be provided. Support of configuration on web

interface shall be available.

Event and System logging: Event and system history logging functions shall be

available. The Router shall generate system alarms on events. Facility to put

selective logging of events onto a separate hardware where the analysis of log

shall be available.

Pre-planned scheduled Reboot Facility: The Router shall support the

preplanned timed reboot to upgrade their hardware to a new software feature

and plan the rebooting as an off-peak time.

Power: Internal Redundant Power supply 230 V AC 50 Hz,

Mounting:

The offered router should be 19" rack mountable

Accessories:

Should come with all necessary power cords, adapters, data cables,

connectors, CDs, manuals, brackets accessories, wire managers, etc, required

for installation and commissioning of the equipment.


Page 151 of 211

o. L3 /Core Switch (48 Ports 10/100/1000)

S.No. Description

1

Core Switch with internal firewall

Chassis based switch with in-built redundancy (power supply)

Layer 3 switch

Should be easily scalable. Should have modular architecture with Min 10 slots

which can be used for line cards.

Should support Gigabit running on fibre

Should support to providing Port level redundancy

Should have sufficient memory to support the entire feature.

19” rack mountable

Full duplex operation

Support for secured Web-Based Management

Support for Enhanced STP functions

High MTBF Support

Operating LED Signal

The Switches must be able to generate Syslog Messages with timestamp and

Severity codes, which can be exported to a Syslog Server.

The Switches must be able to Build up its own inventory (like Device Name,

Chassis Type, Memory, Flash, Software ver. Etc)

2

Interfaces / Slots

a. Support for Gigabit interfaces – SX, LX, 1000Base T

b. All service/payload cards/modules must be hot swappable

c. Support for 10GbE Ports for uplinking the distribution switches/access

switches / Servers/ connectivity with network

Should support 24 Port GE module and 48 Port GE module

Should support 10 G port module

Should support 24 SFP module

3

Layer 2 Features: -

L2 Switching Support

L2 Multi-Homing Support

L2 Multicast Support – IGMP Snooping


Page 152 of 211

Multi-Link Trunking

Multiple Spanning tree Domain (802.1s), IEEE 802.1w rapid spanning tree and

IEEE 802.3ad

Multi Instance Spanning Tree support for Load sharing on redundant links and

fast convergence time

Spanning-Tree Protocol (IEEE 802.1D) per bridge group

Multicast must be supported in hardware so that performance is not affected by

multiple multicast instances.

To support at least 2000 VLANs/switch

To support at least 50K MAC addresses / switch

To support bundling of multiple physical ports into a single logical channel, to

offer aggregate bandwidth

Should support virtual distribution architecture allow for the combination of

two or more switches into a single logical network entity having more switch

performance and more port density.

Support should have switching capacity of minimum 1.1 Tbps or more

The switch fabric/Supervisor engine support configurable in Active/Active and

or Active/Backup modes.

Switch should have forwarding rate of minimum 720 Mbps or more

4

Layer 3 Features: -

Support for high-performance routing with support for RIPv1, RIPv2,

OSPF,BGP

Support for VRRP or equivalent

Secondary Addressing

Classless Interdomain routing

Support for DHCP Server

To support a minimum of 4000 ACL entries

Should Support IPv6 in Hardware

5

Other Features: -

Support for ACLs based on source and destination Media Access Control (MAC)

addresses, IP addresses, or Transmission Control Protocol (TCP)/User

Datagram Protocol (UDP) ports

IEEE 802.1Q VLAN Support – Port based VLANs

Support for Routed VLAN, Port based and QoS based ACLs

Support for Multicast routing protocols (PIM) and Internet Group Management

Protocol (IGMP) snooping in hardware, IP Multicast Support: IGMP snooping,

supporting IGMP v1, v2 and v3


Page 153 of 211

Support for industry standard Differentiated Services Code Point field (DSCP)

and/or the 802.1p Class of Service (CoS) field.

Classification and reclassification based on source/destination IP address,

source/destination Media Access Control (MAC) address or the Layer 4

TCP/UDP ports.

Ability to classify, reclassify, police, and mark the incoming packets before the

packet is placed in the shared buffer.

Scheduling using Weighted Round Robin (WRR)

Congestion control via Weighted Random Early Detection (WRED).

Support for rate-limiting via Committed Access Rate (CAR) with a granularity of

increments of 64 Kbps

6

Policy Based Quality of Services (PB-QoS): -

Policy Based QoS Support

Per Port Priority Based QoS

802.1p Support

Priority Queues

Bandwidth Engineering & Management – Per Port Minimum, Rate Limiting,

excess bursting, shaping

Support for L3/L4 filtering capabilities for inter VLAN traffic

High Priority Transmit Queuing/strict queues.

QoS-based forwarding based on IP precedence

7

Redundancy: -

Redundant Power Supply Unit, Fan tray and Fabric for core switch

support Link Aggregation

Spanning Tree (802.1d) with support for spanning tree per VLAN or Equivalent

Feature

8

Security Features: -

Layer 3 /4 Access Control Lists (ACLs) standard and extended

Security (User Access): Internal DB/External RADIUS /TACACS+

Configuration Change Tracking

System Event Logging

Syslog

Support for 802.1X Authentication

MAC lockdown for port security

Hardware based broadcast control


Page 154 of 211

9

IEEE Standard Compliance: -

802.1Q VLAN tagging

802.1p Priority

802.1D Spanning Tree

802.3u Fast Ethernet

802.3x Flow Control

802.3z Gigabit Ethernet.

802.3ab 1000Base-T (Gigabit Ethernet over Copper)

Should also support Fibre Modules

802.3ae Should support 10 Gbps Ethernet

p. IDS/IPS

High performance with low latency threat prevention solution must provide hardware

(FPGA or ASIC) offloading of application level (L7) content processing (IPS, Anti Virus, Anti

Spyware, Vulnerability Protection, File-type filtering, Data filtering)

o 8 10/100/1000 interfaces and option for 4 fiber slots to cater future requirements

o Should monitor multiple segments of network for malicious traffic

o 1GBPS of threat prevention throughput (real time traffic) with IPS, Gateway

Antivirus, Antispyware & Anti malware modules & signature enabled from day one

o Support Vulnerability, Virus and Spyware Protection features

o Protection against a wide range of malware such as viruses, including HTML and

Javascript viruses, spyware downloads, spyware phone home, Trojans, etc.

o Leverages SSL decryption to block viruses embedded in encrypted or compressed

traffic

o Support various deployment scenarios including Tap mode, transparent mode,

layer2, vWire & layer3 routed mode

o Protect the network against known and unknown threats including vulnerability

exploits and malware embedded in application traffic.

o Should able to scan for threats inside the application e.g. Deep packet inspection

inside Facebook, twitter & peer-to-peer applications.

o Real-time stream-based inspection and not using file-based store-and-forward

techniques

o For high performance with low latency the proposed solution must provide all

application level inspection in a single content engine (each packet must only be

inspected once even with all content inspection features enabled)

o The proposed solution must have modern malware protection that identify unknown

malicious files and execute them in a sandbox environment to expose malicious

behavior even if the malware has never been seen

o Zero-Day signature feed from APT Advanced Malware scanning engine: capable of

updating signature base for threats discovered in APT advanced Malware scanning

engine.

o The proposed solution shall support sandbox behavior based inspection and

protection of unknown viruses and malware


Page 155 of 211

o policy rule creation based on interfaces zones, application identification, user

identification & threat prevention

o The proposed solution shall delineate specific instances of peer2peer traffic

(Bittorrent, emule, neonet, etc.)

o The proposed solution shall delineate specific instances of instant messaging (AIM,

YIM, Facebook Chat, etc.)

o The proposed solution shall support user-identification allowing Active Directory,

LDAP, RADIUS groups, or users to access a particular application, while denying

others

o The proposed solution shall be able to create filters to control groups of application

based on category, sub category, technology, risk or characteristics etc.

o Application usage control policies can be enforced using a combination of the

following parameters:

Allow or deny

Allow but scan

Allow based on schedule

Decrypt and inspect • Apply traffic shaping

Allow for certain users or groups

Allow certain application functions

Any combination

o The proposed firewalls shall support DNS-based signatures to detect specific DNS

lookups for hostnames that have been associated with malware

o The proposed solution shall support inline control of malware infection and

command/control traffic

o The OEM should ensure the delivery of the signature in 1 hour from the time of

inspection

o The proposed solution shall support PCAP downloads of specific traffic sessions

from the GUI from the logging screen

o The proposed management (internal/external) shall also be able to provide a

customizable application dashboard or at least system monitor to provide overall

status of the network traffic and attacks going through the solution, including

potential problems that may need attention.

o The management solution must be capable of providing rich reports based on

application, users and threats or in any combination

o The proposed solution must have built in XML API for management purposes;

custom logging capabilities.

q. External Firewall

I. Physical attributers

o Should be mountable on 19” Rack

II. Interfaces

o 12 10/100/1000 interfaces and option for 4 fiber slots to cater future

requirements.

o 2 10/100/1000 high availability interface

o 1 out of band management interface

III. Memory

o Minimum RAM 4GB

o Flash 64 MB & 120GB SSD hard disk


Page 156 of 211

o Next Generation Firewall system, with a capability of supporting at least

2Gbps of Application Identification Enabled Firewall throughput using 64

byte HTTP packet size,(not UDP 1518)

o 250,000 concurrent sessions & 50,000 new sessions per second.

o 500Mbps of IPSec VPN throughput & 1000 IPsec & SSL VPN tunnels

IV. Routing protocols

o static routing, RIPv2, OSPF & BGP v4

o 10 virtual routers

o Ipv4 & IPv6 routing support for virtual routers

V. Application support

o Traffic classification based on applications across all ports irrespective of

port/protocol/evasive tactic

o Application detection (at least 1700 applications)

o Multiple mechanisms for classifying applications including application

signatures, SSH & SSL, Application decoders & heuristics

o Handling of unknown/unidentified applications e.g. alert, block or allow

o Protocols support IPSec, DES, 3DES, FTP, HTTP, HTTPS, IPv6

o Inspection oh HTTPS & SSH encrypted traffic

o Support for DNS proxy & DNS sinkhole to prevent against DNS attacks

VI. Other support

o Policy controls based on interfaces, zones, user-id, source & destination

address, applications (not ports)

o Dual stack support IPv4/IPv6 application support

o Deployment scenarios – TAP mode, vWire mode, Layer2 & Layer3 routed

mode

o Support active-active and active-standby HA configuration

o Policy based controls by country

o Per policy SSL decryption & inspection

o User identification – Active directory, LDAP, eDirectory, Radius, Kerberos,

client certificates & API’s

o Protections – DOS, DDOS, IP spoofing, Brute force, Syn cookie & malformed

packet protection

VII. QOS

o QoS features like traffic prioritization, differentiated services, committed

access rate

o QoS policy on per rule basis based on source address, destination address,

user/Group, application (such as bittorrent, Skype, Facebook), dynamic

application group & port

VIII. Management

o Internal/external management system for real-time monitoring, Logging &

reporting functions

o Customize application dashboard

o Detailed user activity report including information on applications

o Reporting based on application, users and threats or in any combination

o Report generation on a manual or schedule (Daily, Weekly, Monthly, etc)

basis

o XML API for management purposes; custom logging capabilities

o Console, Telnet, SSHv2, Browser based configuration


Page 157 of 211

o SNMPv1 & v2

IX. Certifications

o Common Criteria EAL4+ certified

o ICSA certified

o Gartner Magic Quadrant of Enterprise Firewall – Leaders Quadrant

o NSS Labs recommendation

r. KVM Switch

S No KVM Switch Description 2 X 16

1. Users / Consoles

2. VGA Resolution – Max 1920 X 1440

3. VGA Resolution - Cat5 Remote 1600 X 1200

4. Cat5 Cable Length 1,000 ft

5. Server / PC Selection

6. LED Specification 16 LED Bank

7. LED Status On (Online) Green

8. LED Status Selected (In use) Red

9. LED Cat5 Power Indication Green

10. LED Cat5 Status Red

11. Scan Intervals (Seconds) 5 to 99

12. Keyboard & Mouse Emulation USB

13. Bandwidth 150 MHz

14. Cascade Levels 8

15. Server/PC Connections – Max 128

s. Global Load Balancer Specifications

S.No Feature description

1 Should Provide a scalable, dedicated hardware platform to help ensure that all

applications

2 The appliance should have minimum 4 triple speed 10/100/1000 Mbps Gigabit

copper ports and 2*10G SFP+ from day one.

3 The appliance should have 5 Gbps of system throughput from day one and scalable to

10 Gbps throughput.

4 Appliance should provide full ipv6 support and OEM should be IPv6 gold-certified.

OEM should be listed vendor for ipv6 phase-2 certification.

5 The appliance should support site selection feature to provide global load balancing

features for disaster recovery and site redundancy.

6 Should tightly integrates with SLB devices without sacrificing the ability to work in a

heterogeneous environment of DNS-capable networking products

7 Solution should also support full DNS server to support all kind of DNS records

including A,AAAA, MX, CNAME, PTR DNS records with option to import zone file

on the device.

8 should support dynamic proximity rules instead of static proximity rules to direct the

traffic to closest datacenter

9 GSLB solution should able to evaluate round trip time (RTT), Persistence loss ration

(PLR) and hop count for dynamic proximity calculations.


Page 158 of 211

10 The appliance should support global server load balancing algorithms including

11 Weighted round robin,Weighted Least Connections,Administrative Priority,

Geography,Proximity, Global Connection Overflow (GCO),Global Least Connection

(GLC),IP Overflow (IPO)

12 Should support USB based FFO link to synchronize configuration at boot time of HA

6.5.20 Minimum Technical Specifications Requirement at Client Site

The below mentioned line items will have to be procured and maintained by the system

integrator. Bidder/ SI need to submit all the technical documents/certifications related to

hardware/software before installation. After installation bidder/Si need to run a check on

systems which provide complete report of the system. The Bidder/SI shall provide all the

details or demonstration if requested by Rajasthan Police which is not limited to Physical

check. If any of the item procured under this project is non compliance with the parameters

mentioned in this RFP by Rajasthan Police them Bidder/SI need to replace it with RFP

compliance product without any additional cost. The operating systems and office

productivity tools which the SI will propose in its solution should be industry standard and

OEM supported.

i. Desktops

1. Processor: Intel Core i5 (Latest Generation) or more or equivalent processor with

cooling solution (CPU fan and heat sink) with latest chipset. Where the processor

is other than Intel Core i5, name of the processor be specified and documentary

evidence from an acceptable accrediting agency (sysmark2007/2012, SPEC CPU

2006 rating with 8GB RAM {60% of SPECint_rate_base2006 plus 40% of

SPECfp_rate_ase2006}) be produced to confirm that the proposed processor is

rated either equal or higher.

2. Base Frequency: 3.2 GHz or more

3. Cache: 6 MB or more L3 Cache:

4. Mother Board: Latest Intel Mother board, Minimum 3 PCI /Express slots with x16

graphics port/4 serial ATA 3 GB/s ports.

5. Memory: 4 GB or more DDR3 expandable up to 16 GB

6. Hard Disk Drive: 500 GB, 7200RPM serial ATA 3 Gb/s with 8 MB cache buffer

7. Disk Controller On-board Chipset: Video RAM size:

8. DVD ROM: Integrated DVD R/W16x or higher speed DVD R/W

9. Ethernet Interface: 10/100/1000 Mbps autosensing Ethernet interface with RJ45

connector

10. Monitor Spec: 17” Square TFT Monitor with TCO 03 / CE Certified In-built

Speakers

11. Key Board: 104 Keys Mechanical (OEM Make) or more with Rupee Symbol, having

key life of 50 million keystrokes. Bilingual keys (English and Hindi supporting

inscript typing)

12. Mouse: optical scroll Mouse (OEM Make)

13. BIOS: Flash upgradeable

14. Ports All ports should be ‘onboard’

o One serial port

o One parallel port

o One PS2/USB port for keyboard

o One PS2/USB port for Mouse


Page 159 of 211

15. USB Ports: at least 2

16. Power supply: Standard ATX-12V, Energy-star 5.0 complied efficiency 85% or

above.

17. Operating System: Pre loaded Latest Windows OS with media & recovery disks for

each PC.

18. Accessories: Good quality dust covers, key skin and mouse pad

ii. Workstation at Client location

S. No. Component Specifications

1. CPU Quad Core Xeon Processor E3-1220 (3.10 GHz,4

Cores,8M cache and 80W)

2. Chipset Latest server class Intel chipset

3. Memory 8GB (2x4GB) DDR3 expendable up to 16GB or

higher.

4. Display Controller Integrated 8 MB or higher Video Standard

5. Hard Disk 2x500 GB SATA HDD with hot pluggable/ simple

swap both will be acceptable. HDDs with Capacity

for three or higher SATA hot pluggable drives.

Provision for adding RAID Controller for providing

RAID 5 should be there

6. Monitor 17” Square TFT Monitor with TCO 03 / CE Certified

In-built Speakers

7. Key Board 104 Keys Mechanical (OEM Make) or more with

Rupee Symbol, having key life of 50 million

keystrokes. Bilingual keys (English and Hindi

supporting Inscript typing)

8. Mouse Optical scroll Mouse (OEM Make)

9. Hard Disk Controller

(Hardware/Software based)

Minimum three SATA II (3 Gbps) connectors with

RAID support in the BIOS; RAID 0, 1 supported for

SATA disk / Software RAID controller with 3Gb/s

SAS Adapter.

10. CD ROM Drive DVD RW Drive

11. DAT Drive 36/72 GB DDS-5 DAT Drive compatible with DDS-4

cartridges with backup software and One Step

Disaster Recovery

12. Ports 1 Serial, and 4 USB ports (other than the


Page 160 of 211

requirement of connecting key board and mouse)

13. Ethernet card 2 Intel Gigabit Ethernet controller supporting

1000BASE-T. One Integrated NIC & one additional

will be provided

14. PCI Slots Total 2 nos. or higher including PCI and PCI-e

15. Server Management Software Appropriate Server Management software to

monitor and manage the various subsystems like

CPU, Memory, I/O, disk and environmental factors

16. Operating system Latest Windows OS (Desktop Version),

17. Power

Requirement/consumption

of servers

250 Watts

iii. Multi-Function Laser (Print/ Scan/ Copy)

S No Components Specifications

1. Print speed, black (normal quality

mode)

Up to 33 ppm, B/W, Legal (8.5 in x 14 in)

2. Print resolution, black 1200 x 1200 dpi

3. Print technology Laser

4. Duty Cycle 12000 pages

5. Duplex printing (printing on both

sides of paper)

Automatic

6. Media sizes, standard A4, ISO B5, JIS B5, A5, A6, Executive, US

Letter, US Legal, Oficio, Folio, DL Envelope,

C5 Envelope, C6 Envelope, Monarch

Envelope, No. 10 Envelope

7. Media types Paper (bond, color, letterhead, plain,

preprinted, pre punched, recycled, rough,

light), envelopes, labels, cardstock,

transparencies, user-defined

8. Connectivity 1 Hi-Speed USB 2.0; 1 10/100 Ethernet

network port

9. Scanner Flatbed with automatic document feed, upto

1200 dpi;; Scan size maximum (flatbed):

215.9 x 297 mm (8.5 x11.7 inches),

10. Copier Black-white Up to 600x600 dpi, Copy speed

(black, draft quality, A4):Up to 25 cpm, Copy

resolution (black graphics): Up to 600 x 600

dpi, Copier resize: 25 to 400%


Page 161 of 211

11. Power Device Power supply, internal

12. System Interface 1 USB (compatible with USB 2.0

specifications), 1 network port

13. Compatible operating systems Windows 8

iv. Duplex Laser Printer (Print)


1. Print Speed Up to 33 ppm, B/W, Legal (8.5 in x 14 in)

2. Connectivity Technology

3. Interface Hi-Speed USB 2.0 port

4. Max Resolution ( B&W ) 2400 dpi x 600 dpi

5. Duplex Printout Duplex

6. PostScript Support Standard

7. First Print Out Time B/W 7 sec

8. Fonts Included 45 x TrueType , 35 x PostScript

9. Media Type Envelopes, transparencies, labels, plain

paper, glossy paper, cards

10. Max Media Size (Custom) 8.5 in x 14 in

11. Media Sizes A4, ISO B5, JIS B5, A5, A6, Executive, US

Letter, US Legal, Oficio, Folio, DL

Envelope, C5 Envelope, C6 Envelope,

Monarch Envelope, No. 10 Envelope

12. Expansion Slots Total (Free) 1 ( 1 ) x memory

13. Connections 1 x Hi-Speed USB

14. Power Device Power supply, internal

v. Generator Set 2.1 KVA

Component Specifications

CAPACITY 2.1 KVA

ENGINE:

Type Single/Multi cylinder

Method of starting Electric start 12 V DC

Type of cooling Water cooled /Air cooled

Type of governor Mechanical/Electronic

Type of fuel Diesel/Petrol

Rating Continuous

Rated Output/HP Minimum 5 HP at 3000 rpm

Alternator rated

speed

3000 RPM

Over load capacity 10% overload – minimum 1 hour

Makes of engine From leading manufacturer


Page 162 of 211

Ignition Type Magnetron Electric

General Engine should be four stroke with Double ball

bearing on PTO & Flywheel with Over Head Valves and should have

Cast Iron Sleeve

ACCESSORIES Flywheel to suitable diameter and fuel injection equipment

Air cleaner

Lubricating oil cooler

Electric motor starting equipment like motor, battery, charging

generator with voltage regulator etc.

Heavy duty radiator with fan

Residential type silencer with exhaust piping with vibration

isolator

Fuel tank suitable for 8 Hrs of continuous running with necessary

piping and fuel gauge, drain valve, inlet and outlet connections.

Anti-vibration mounting pads

Speed controlling governor

Suitable coupling system to the Alternator

Tachometer

Lubricating oil pressure gauge

Hour meter to indicate number of Hrs of operation

Auto trip on low oil pressure

Over speed alarm with trip

Thermal insulation for exhaust line with glass wool, Aluminium

sheet, chicken mesh, Diesel line 12 mm dia including beads

flanger etc

Battery 12 V with lead and terminal

Battery charger.

Protection: Protection against low lubricating oil and over heat

shall be provided for engine

Engine shall be vertical Single/multi cylinder 4 stroke type in

accordance with IS10002-1981 with latest amendments and CPCB

guidelines.

vi. 16 Port Manageable L2 Switch


1. MAC Address Table

Size

8K

2. Switch Fabric 3.2Gbps Forwarding Capacity

3. Transmission

Method

Store-and-Forward

4. Diagnostic LEDs Per Unit: Power

Per Port: Activity/Link, Speed

5. Packet Buffer

Memory

512Kbytes Buffer Memory per Device

6. QoS 802.1p (4 Queues)

7. Acoustics 0 db


Page 163 of 211

8. connectivity 10/100/1000

9. Network Protocol

and Standards

IEEE 802.3 Ethernet, 802.3u Fast Ethernet,

802.3x Flow Control, 802.1p QoS

10. Emissions FCC Class A, CE Class A

11. Power Supply 100-240VAC, 50/60 Hz 0.3 A Internal Power

Supply

12. Environmental RoHS Compliant

Temperature Operating: 32° to 104°F (0° to 40°C)

Storage 32° to 140°F (0° to 60°C)

Operating 15% to 90% RH (Non-Condensing)

vii. Digital Camera


1. Max resolution 4000 x 3000

2. Image ratio w:h 4:3, 16:9

3. Effective pixels 14.1 megapixels or above

4. Sensor type CCD/CMOS

5. Digital zoom Yes, 6x or above

6. Image stabilization Yes

7. Auto Focus Yes

8. Optical zoom Yes, 5x or above

9. Built-in Flash Yes

10. Battery Type Lithium (Rechargeable)(should also be

charged externally and not just with USB)

11. Memory Card 8 GB

12. Accessories Should include any required accessories

(Charger, USB cable, Drivers, etc)

Additional features:

Blur reduction mode, SCN – Blur reduction , landscape, kids and pets etc mode , 6

continuous shots, per second, battery capability with 280 nos. of shots, movie mode 30fps,

Support for Linux Operating system.

viii. Electronic Pen

S.

No.

Parameters Specifications

1 Technology Ultrasound IR Technology or any other technology which

is equivalent or higher. Should able to write on any surface/on

any normal paper

2 Input Paper

3 Input Area A4 size and modifiable up to A3 size

4 Pen Size 12mm diameter and 130 mm length

5 OS Windows, Linux


Page 164 of 211

6 SDK/APIs All API/SDK for any OS to be given free

7 Optional Customizable form filling application

8 Pen Battery Life Not less than 60-80 hrs. of continuous writing should

give XY coordinates impressions through the SDK/APIs

9 Output files File formats

10 Memory Able to store over 100 A4 fully handwritten pages

ix. External Hard disk (500 GB)

S. No. Parameters/ Specifications

1 USB 2.0/ USB 3.0

2 SATA HDD

3 USB Power

4 Hard casing

x. Environment Control (Air-Conditioner)

Type of AC Split

Type of Split Wall Mounted

Cooling capacity (Tonnes) 1.5

Energy Efficiency Ratio (EER) 7.1 or Above

Compressor Type Rotary

Number of Fan motors 1

Power Requirement (Voltage) 230

Nominal Cooling Capacity 5000 or Above

BEE Star Rating 3 - star or above

Others Installation of AC and stabilizer will be in the scope of SI

xi. UPS 2kVA

S No Minimum Technical Specifications

1. ISO 9001 certified brand

2. True On Line Type

3. Backup period should be at least 120 Minutes

4. IGBT with High Frequency PWM (Pulse with Modulation) Technology

5. Output wave form should be Sine wave

6. Compatible with local Electricity Power Generator.

7. Total Harmonic Distortion should be less than 3%.

8. Support input voltage range of 160 V to 270 V.

9. Output Voltage should be 230 Volt AC (+/- 1%)

10. Inherent protection should be provided for over loading, low battery,

over temperature, short circuits, over and under input voltage.


Page 165 of 211

11. LED indicators should be provided for at least load indication, load on

battery, low battery, overload, Mains ON.

12. Audible indicator should be provided for at least load on battery, low

battery, Mains failure, Overload

13. Power factor 0.8

14. Battery Bank minimum 6400 VAH

xii. UPS 1kVA

S No Minimum Technical Specifications for UPS

1. ISO 9001 certified brand

2. Backup period should be at least 60 Minutes

3. True Online Type

4. Output wave form should be Sine wave

5. Support input voltage range of 160 V to 270 V.

6. Output Voltage should be 230 Volt AC (+/- 1%)

7. Output frequency should be 50 Hz +/- 0.05 Hz (Crystal Controlled)

8. LED indicators should be provided for at least load indication, load on

battery, low battery, overload, Mains ON.

9. Power factor 0.8

10. Battery Bank minimum 1600 VAH

6.5.21 Earthling Recommendations:

a) Separate earth pit(s) is/are to be prepared by the SI. Earth Pit of size 1 x 1 foot to be built

and it should not be greater than 2 inches above the ground level. The pit should be

covered with a slab of not less than 1-inch thickness. “UPS Earth Electrode” should

be written inside the pit.

b) SI to undertake plate earthling through Copper wire with provision of copper plate

(300 x 300 x 3 mm) earthling by digging 12’’ deep hole (4 x 4) Four Sq mm wire

should be used for earth (up to the strip).

c) Proper electrical earthling to maintain earth- neutral voltage less than or equal to 3

volts in the supply to the MCB. This should be checked with a multi-meter by the

Nominated district police official/ officer at police Station.

d) All apparatus and equipment transmitting or utilizing power shall be earthed.

Copper/G.I. earth strips/wires shall be used unless otherwise indicated

e) Earth Pipe should be at least 5 feet and pipe should be 1 feet below the ground level

Connection of earth wire to the earth pipe should be visible

f) Water collecting portion in earth pipe should be tightly fitted

g) Two copper wires of thicker size have to be used to connect strip and the Earth Pipe.

h) Earth bus to the earth pit should be connected with 8 gauge thick copper wire.


Page 166 of 211

i) Components for Earthling

1. Earth Bus – 1 no

2. Earth pipe with funnel – 1 no

3. Earth pit with lid – 1 no

4. Copper wire to connect earth pipe & Earth bus

5. Necessary earthling chemicals such as Charcoal, gravel, sand, salt, etc

6. 8 Gauge CU wire from earth bus to earth pipe. The connection

should connected by appropriate nut, bolt & washers

7. Earth pit as a whole should not be more than 2 inches above the ground.

This pit necessarily be covered by a lid with at least 1 inch thickness

8. The earth pipe should be min of 50 Sq mm diameter

9. The earth pipe should be tightly fitted water collecting funnel

6.5.22 Furniture

Component Detailed Specifications

Computer Table

Size: L 910 x W

610 x H 728 mm

Top: Size 910 x 610 mm made of 18 mm thick pre

laminated medium density fiber (MDF) board ISI Marked

(IS: 14587-1998). The top shall be firmly screwed on

25x25x1 mm square tube frame as shown in figure

Upper side of laminated board shall be in natural teak

shade while the bottom side shall be white/cream shade.

Sliding key Board tray: A Sliding key Board tray shall be

made of

18mm pre laminated medium density fiber board of size

725x450 mm. The gap between top and tray shall be

100mm.

The storage shelve for CVT : A storage shelve made of 18

mm particle board shall be provided along with the length

of the table at bottom about 100 mm above from the

ground level. Shelves shall be screwed on frame work of

25x25x1 mm square tube. The shelve shall be covered from

back side with 18mm pre laminated medium density fiber

board as shown in drawing.

Steel Structure: The rigid steel structure shall consist of two

nos. rectangular base tubes of size 50x25x1.25 mm about

520 mm length placed along the width on vertical tubes of

size 25x25x1 mm shall be welded for fixing up of side

panels. A supporting frame of 25x25x1 mm square tube

shall be welded on the top of the tubes for the side panels

as shown for supporting the top of the table.

The base tube shall be provided with adjustable shoes 2

nos. on each side.

Painting: Complete frame of tubes shall be powder coated.

Computer Chair with

Handle

Seat size shall be 430x430 mm on 10 mm. thick molded

comm. ply with 60 mm thick 40 density molded PU foam


Page 167 of 211

Component Detailed Specifications

Back rest size shall be 400x300 mm on 10 mm thick

molded comm. ply with 40 mm thick 32 density

molded PU foam covered with tapestry.

The height of back rest shall be 900x500 mm for top and

bottom edges respectively. The black rest shall be provided

with lifting arrangement on flat iron & helical spring.

Two nos. suitable PU handles shall be proved.

The base stand should be made up of 5 prongs duly pressed

welded together centrally with a pedestal bush with good

quality twin wheel castors. The stand and other metal parts

excluding central spindle shall be powder coated. Complete

steel structure shall be pretreated and powder coated with

minimum thickness of 60 microns coating.

A central spindle of 25mm diagonal rod without threads

shall be provided with revolving arrangements. The

adjustable height of chair shall be from 530 to 570 mm.

A good quality tapestry cloth shall be provided on seat &

back in attractive color/ shade.

6.5.23 Fire Extinguisher (5 Kg)

S No Minimum Technical Specifications

1. Class :Class "C" of American Standards i.e. For Appliances and Electrical

Equipments

2. Type : Clean Gas Agent Based

3. Approved by : NFPA/ EPA Approved

4. Operating Valve : Squeeze Grip Type with Nozzle

5. Operating Temp. range : - 10 to + 55 Degree Celsius

6.5.24 Web Based PMIS

S No General Requirements

1. Should have a User Friendly GUI

2. Should have an Issue Tracking System

3. Should be able to assign tasks

4. Project Portfolio Management should be possible through the tool

5. Should be able to manage resources through the tool

6. Should be able to manage Documents through the too

7. Should have basic project Lifecyle workflow built within the tool

8. Should have reporting and analysis capabilities

9. Should be web based tool or hosted in the State Data Centre

10. Should be suitable for SDLC

11. Should support all major formats for preparation of project plan like

.xls, .mpp, .doc, .docx etc.


Page 168 of 211

6.5.25 Standard Operating Procedure for Hardware Procurement and Quality

Assurance

System Integrator is required to procure and commission hardware identified under the

project. Following standard operating procedures have to be followed by the SI to procure

and deliver hardware at respective locations.

Procedure and Analysis

The procedure of inspection of hardware has been divided into three phases as detailed

below.

a) Phase 1: Inspection at State level

A thorough inspection of specification/ configuration of at-least one (1) equipment per

product type shall be carried out at the State Level.

The State Technical Infrastructure Committee (STIC) shall validate the quantity and

specifications of the sample hardware provided against the Bill of Materials (BoM) as stated

in the RFP. This inspection may be done at a location arranged by the System Integrator in

consultation with the Nodal Officer. The process to be followed should be as follows:

i. SCRB shall release a Delivery Order (D.O.) to the System Integrator for delivering the

required Hardware (1 Item per Product Type).

ii. Nodal Officer and STIC shall finalize the approach and schedule for inspection. The

approach shall be to inspect one (1) item of a specific product type. The same shall be

communicated to the SI.

iii. The SI shall submit a list of equipments available for inspection with a clear

comparison between the DO and BoM agreed as part of its bid.

iv. SI shall intimate the Nodal officer for supply of equipment to the agreed location.

v. As per the agreed schedule, STIC or its nominated members shall initiate a thorough

inspection of the specification/configuration of each product type by comparing the

equipment against the BoM.

vi. For equipment that passes the inspection, a PASS (Green colour) label shall be stuck

on the equipment in a sealed manner. The label shall be signed by all the members of

the STIC available during the inspection. A cello tape should be stuck on top of the

signed labels to prevent tampering. For such “inspection passed equipment”, an in-

principle acceptance note shall be given to the SI with instructions to supply to the

concerned district offices.

vii. For equipment that FAILs the inspection, it shall be labelled with a red colour label

and rejected. The Rejection note shall have equipment wise details. For such

equipment, a rejection note shall be given to the SI and the SI shall be required to

resubmit another sample for testing. The outcome of the inspection would need to be

communicated to the DIC/SP of the District for reference.

viii. In case there is an appeal from the SI regarding the rejection of Items supplied by the

SI, the STIC shall hear and dispose-off the same.


Page 169 of 211

b) Phase 2: Inspection at District level

For the district level inspection, District Infrastructure Committees (DICs) shall be

constituted and complete inspection of the hardware, to the satisfaction of the DIC

chairman.

The process to be followed by DICs would be as follows:

i. SI shall deliver the equipment/ hardware with the in-principle acceptance of STIC to

DIC within a maximum of 10 days from receipt of the acceptance note at an SI

identified pre-designated storage area.

ii. DIC shall finalize the approach and inspection schedule. As part of the inspection

process all equipment/ hardware would be checked for quantity and specifications as

requested in the BOM.

iii. For equipments that FAIL the inspection, a consolidated rejection note shall be given

to SI with instructions to cure within 15 working days.

iv. For equipments that PASS the inspection, a supply note shall be given to the SI and

sent to the concerned sites with the in-principle approval note of DIC attached. Also,

a PASS (Blue colour) label shall be stuck in a sealed manner on all equipments in the

lot. The label shall be signed by all members of the DIC available during the

inspection. A cello tape should be stuck on top of the signed labels to prevent

tampering.

v. If case there is an appeal from the SI regarding the rejection of Items supplied by the

SI, the STIC shall hear and dispose-off the same.

vi. Prior to delivery of the inspected hardware at sites located across the State, DIC shall

send to each location an intimation notice along with the supply note and delivery

schedule.

vii. A copy of the delivery schedule shall also be shared with the SI prior to hardware

delivery at sites.

c) Phase 3: Delivery at Sites:

The steps to be followed at Site level are listed below:

i. The SI shall dispatch the hardware to the concerned locations and obtain Proof of

Delivery (POD) from the Station House Officer.

ii. SHO gives POD only after verifying the PASS labels.

iii. POD defines only the quantity and the item and not the detailed specifications of the

supplied hardware.

iv. System Integrator shall verify the BOM for each location in presence of Station House

Officer during installation process.

v. The BOM verification includes the package list, part nos., CD, detailed specification

etc.

vi. The SHO shall inspect the equipment upon completion of installation and shall

provide the final signoff.

vii. The Final Signoff sheet contains set of instructions along with the list of CCTNS

Hardware & Accessories delivered for Police Station.

viii. After installation of the equipment, the hardware details shall be entered into the

Government asset register and a separate CCTNS register shall be maintained with

repeat entries of all the hardware received from SI.


Page 170 of 211

The Concerned Authority (STIC/ DIC/SHO) shall sign all the 4 copies only on delivery and

testing of all the hardware items mentioned in the sign-off form.

One Copy of the form shall be retained by the Verification Site.

One Copy of the signed form shall be given to the SI.

One Copy (Original) shall be sent to the District SP Office or the Nodal Officer, as

applicable.

One copy of the form shall be sent to the SCRB

6.5.26 Details of Technology Stack CAS (State) and CAS (Center)

The Technical Details for CAS (State) Solution Stack 1 and Stack2, CAS (State) Offline

solution, CAS (Centre) Solution are provided in subsequent tables. These specifications are

indicative and the system integrator may propose solutions compatible with latest

technology trends and meeting CAS (State) requirements in totality. The idea is to have a

scalable solution in technology space. System Integrator is free to choose from any of the

stacks for further customization to be done at the state level. It is also re iterated that the SI if

free to choose any other standard product, other than the ones mentioned in any of the

stacks below, for any of the services / products. The SI has to ensure that the solution

proposed for the Stack has to be in totality compatible and integrable with CAS being

developed by MHA/NCRB. The right to accept or reject any such deviation from the stacks

mentioned below will be on sole discretion of Rajasthan Police. The existing Application

software purchased/deployed by Rajasthan Police for implementing the CAS (State) solution

has been provided at Annexure VIII.

CAS (State) Solution - Stack 1

Component Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Web server Sun Java System

Web Server 7.0

7.0 SUN HTTP Server SUN

Application

Server

Glassfish

Application Server

3.0 SUN J2EE

Application

Server

SUN

Database MySQL 5.1 SUN DB Store SUN

Operating

System

Solaris 10 SUN Operating

System

SUN

Reporting

Engine

Jasper Reports 3.7 Jasper Reporting

Services

Email/Messaging Q-Mail 1.4 Qmail E-Mail


Page 171 of 211

Component Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Community Solution

Search Engine Search:

Unstructured

data: using open

CMS search

features

Structured Data

Mysql & Custom

application

interface

N/a N/a N/a N/a

Portal Server Glassfish

Application Server

3.0 SUN J2EE

Application

Server

SUN

Workflow Engine jBPM 4.0 JBoss Workflow

engine

Rules Engine Custom Built N/a N/a N/a N/a

Directory

Services

Sun Directory

Services

7.0 SUN LDAP SUN

DMS/CMS Open CMS 7.5.1 Open CMS Content

Management

System

Security Physical Security,

Network Security,

DB Encryption

(MySQL), DB

Access Controls,

Role Based Access

Control (Custom

Developed), LDAP

(Sun Directory

Services),

N/a N/a N/a N/a

Identity

Management

OpenSSO 7.0 SUN LDAP SUN

Audit log4j, Custom

Built application

N/a N/a N/a N/a


Page 172 of 211

Component Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

audit

ETL Custom Built N/a N/a N/a N/a

CAS (State) Solution - Stack 2

Component Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Web server IIS 6 Microsoft Web & App

Server

Microsoft

Application

Server

IIS 6 Microsoft Web & App

Server

Microsoft

Database SQL Server 2008 2008 Microsoft DB Store Microsoft

Operating

System

Windows Server

2008

2008 Microsoft Operating

System

Microsoft

Others Microsoft

Reporting

Engine

SQL Server

Reporting Services

2008 Microsoft Reporting

Services

Microsoft

Email/Messaging Q-Mail 1.4 Qmail

Community

E-Mail

Solution


Unstructured

data: using

openCMS search

features

Structured Data:

SQL DB Search

Engine & Custom

application

interface

N/a N/a N/a N/a

Portal Server IIS 6 Microsoft Web & App Microsoft


Page 173 of 211

Component Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Server

Workflow Engine Windows

Workflow

Foundation

N/a N/a N/a N/a


Directory

Services

Microsoft Active

Directory

2008 Microsoft LDAP Microsoft

DMS/CMS Windows

SharePoint

Services

n/a n/a n/a Microsoft


Network Security,

DB Encryption

(MySQL), DB

Access Controls,

Role Based Access

Control (Custom

Developed),

LDAP (Sun

Directory

Services),

N/a N/a N/a N/a

Identity

Management

Microsoft Active

Directory

2008 Microsoft LDAP Microsoft

Audit IIS Log, Custom

Built

N/a N/a N/a N/a

ETL SQL Server ETL 2008 Microsoft ETL Microsoft

CAS (State) Offline Solution

The below list is

indicative only

Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Synchronization Custom Built N/a N/a N/a N/a


Page 174 of 211

Solution

Application

Container

Apache Tomcat 6.0 Apache

Foundation

J2EE

Application

Container

Database MySQL / SQL

Express

5.1/2008 SUN /

Microsoft

DB Store SUN /

Microsoft

CAS (Center) Solution

The below list

is indicative

only

Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

Web server Sun Java System

Web Server 7.0


Application

Server

Glassfish

Application Server

3.0 SUN J2EE

Application

Server

SUN

Database Sybase IQ

Enterprise

15.1 Sybase ETL Sybase

Operating

System

Solaris

Others

Reporting

Engine

Jasper Reports 3.7 Jasper Reporting

Services


Unstructured data:

using Alfresco

search features

Structured Data:

Sybase DB Search

Engine & Custom

application interface

N/a N/a N/a N/a

Portal Server Glassfish

Application Server


Workflow Engine jBPM 4.0 JBoss Workflow

engine


Directory

Services

Sun Directory

Services

7.0 SUN LDAP SUN


Page 175 of 211

The below list

is indicative

only

Proposed

Solution by

Software

Development

Agency

Version

and

Year of

Release

Original

Supplier

Description

(include

major

features/

services

only)

Support

Provided

By

DMS/CMS Alfresco

Email/Messaging N/A


Network Security,

DB Encryption

(MySQL), DB

Access Controls,

Role Based Access

Control (Custom

Developed), LDAP

(Sun Directory

Services),

N/a N/a N/a N/a

Identity

Management

Open SSO 7.0 SUN LDAP SUN

Audit log4j, Custom Built N/a N/a N/a N/a

ETL + Data

Quality

Sybase ETL 15.1 Sybase ETL Sybase


Page 176 of 211

6.6 ANNEXURE- V-Data Capture and Application Integration

The purpose of this section is to provide the details for developing the approach and

formulate a strategy for legacy data capture for implementation of Crime and Criminal

Tracking & Network System (CCTNS) for the State of Rajasthan. This project essentially

involves implementation of an Enterprise Wide application to automate all the processes of

Police. An implementation of this nature essentially requires certain data to be available

without which it would not kick start. The aim of this document is to enable the availability

of such data by virtue of the following

Identification of Data

Isolation of Data

Quantification of Data

Development of strategy for integration/capture of Data.

It is envisaged that Data digitization activity shall not be done through scanning of

documents. SI shall develop the requisite tools/ interfaces for capturing the legacy data

through operator based data entry including development and customization of forms in

enhanced CAS, wherever required.

6.6.1 Types of Data

For any enterprise solution to be implemented, the following would be the categories of data

that need to be captured and ported into the system.

a) Master Data

b) Legacy transaction data to enable the system start up

c) Data for the Content/ Document Management System.

The above types of data would need a comprehensive deployment strategy to ensure smooth

and integrated transition. The scope of this deployment strategy would include laying down

the broad guidelines for the following:

i. Preparation of a comprehensive data digitization plan.

ii. Data creation – Entries/Porting of FIRs, Investigation Details, Case Diaries,

Prosecution Details, Verification Details Etc.

iii. Data migration & conversion – Including the conversion of existing computerized

data into an appropriate format for the proposed new system.

iv. Testing of the conversion programs.

v. Testing of the migrated data validating a particular reporting, auditing, or

processing objectives as per the business rules.

a) Master Data

Master data comprises a set of the non-transactional data entities of an organization (also

called reference data). This data forms the basis for designing and further carrying out

transaction on the system. Management of such data is called Master Data Management

(MDM). The main objective of MDM is providing processes for collecting, aggregating,


Page 177 of 211

matching, consolidating and quality-assuring, persisting and distributing such data

throughout an organization to ensure consistency and control.

Issues

MDM seeks to ensure that an organization does not use multiple (potentially inconsistent)

versions of the same master data in different parts of its operations, which can occur in large

organizations. Other problems include issues with the quality of data, consistent

classification and identification of data, and data-reconciliation issues.

One of the most common reasons some large organizations experience massive issues with

MDM is integration. Two organizations which wish to integrate will typically create an entity

with duplicate master data (since each likely had at least one master database of its own

prior to the integration). Ideally, database administrators resolve such duplication in master

data as part of the integration. In practice, however, reconciling several master data systems

can present difficulties because of the dependencies that existing applications have on the

master databases. As a result, more often than not the two systems do not fully merge, but

remain separate, with a special reconciliation process defined that ensures consistency

between the data stored in the two systems. Over time, however, as further integration occur,

the problem multiplies, more and more master databases appear, and data-reconciliation

processes become extremely complex, and consequently unmanageable and unreliable.

Because of this trend, one can find organizations with 10, 15, or even as many as 100

separate, poorly-integrated master databases, which can cause serious operational problems

in the areas of operational efficiency, decision-support, and regulatory compliance.

Solutions

Processes commonly seen in MDM solutions include source identification, data collection,

data transformation, normalization, rule administration, error detection and correction, data

consolidation, data storage, data distribution, and data governance.

The selection of entities considered for MDM depends somewhat on the nature of an

organization. In this case, MDM may apply to such entities as Police Units, Unit Entitlement,

Personnel Data and list of offences/Acts/IPC. MDM processes identify the sources from

which to collect descriptions of these entities. In the course of transformation and

normalization, administrators adapt descriptions to conform to standard formats and data

domains, making it possible to remove duplicate instances of any entity. Such processes

generally result in an organizational MDM repository, from which all requests for a certain

entity instance produce the same description, irrespective of the originating sources and the

requesting destinations.

i. Source of Master Data

Police Organizations have several Police stations spread all across the state. Currently the

level of automation in the state police is restricted to the implementation of CIPA (Common

Integrated Police Application) which has been developed by NIC on Linux (Knoppix)

platform using PostgreSQL as the standard database. CIPA has been implemented at 566

Police stations out of a total of 760 (as on 31-03-2011).


Page 178 of 211

Figure 11: Source of Master Data

The aim of CIPA was to automate the police functioning as far as registration, investigation

and prosecution processes are concerned.

Following are the Master Data requirements that need to be captured/ ported into the

CCTNS system for it to kick start.

(a) Organization Structure of the complete organization

(b) Unit wise hierarchy: Outposts Police Stations and special Police stations CO/

DySP SP IG Range Police HQ

(c) Details of users at all locations

(d) Local and Special Acts of Rajasthan and

(e) History of Police Station for which data is being migrated

ii. Integration and Updation of Master Data

CCTNS Master Data will include organization structure, unit hierarchy, appointment details,

posting details, etc of all the police personnel. It will collate all relevant data under one

umbrella to ease police functioning.

Figure 12: Integration with other Applications

0

200

400

600

800

1000

Sum Police Stations Sum of CIPA

Sum of Non CIPA

863

566

297

iHRMS

(Personnel Data)

RTO

(Vehicles & Licenses)

(Other application as State requires)

NAFIS/AFIS

(Finger Prints)

CCTNS Master Data


Page 179 of 211

b) Legacy Transaction Data Capture

In addition to all the types of masters discussed above, there is another important type of

data that needs to be captured in order to make the implementation of CCTNS system

effective. This is the legacy transaction data that gives the history of transactions especially

in the terms of FIR, Investigation Reports etc. Every activity in the envisaged CAS

application involves a transaction in complaint registration, Investigation, Prosecution etc.

As far as CIPA implementation is concerned FIR registration, Investigation and Prosecution

functions have been automated. However all the other functions are manual. These manual

transactions in the current system are recorded in ledgers, registers and files. Certain

activities which create transaction data are listed below:

i. Registration of FIR

ii. Registration NCR, Missing person, Unidentified dead body, Unclaimed property,

Preventive action, Proclaimed Offenders

iii. Investigation (Crime Details, Arrest/ surrender, seizure, chargesheet/FR)

iv. Prosecution (Appeal, Bail, Movements, Reopening and Reassigning, Summons/

Warrants, result of the case)

v. FSL (Inward receipt and Outward receipt)

The capture of this legacy transaction data is the most difficult part of data capture effort in

case of any implementation, because this data needs to be identified, cleansed and ported.

The activities involved in the capture of this kind of data are as follows:

i. Identification and Isolation of Digitized Data

ii. Identification and isolation from paper based forms/registers/ledgers

iii. Formatting based on the database structure

iv. Cleansing and validation

v. Entry into the database through forms

vi. Testing

Figure 13: Digitization Recommendation

CAS Application

Legacy Transaction Data

(FIR Registration/

Investigation/Prosecution)

Identification

Isolation

Formatting

Cleansing

Validation

Testing


Page 180 of 211

1. Legacy data:

The following list comprises of all the legacy data that needs to be digitized from

all the 863 Police Stations under CCTNS Rajasthan. SI has to digitize around

20.56 lacs case files plus cases upto Project Go-Live, all History-sheeters

(around 8400), Proclaimed Offenders (around 3250), Absconders (around

5550) and Standing Warranties (around 54000) data as a part of this project in

consultation with Rajasthan Police. Each case file can be assumed to consist of

approximately 10 pages. Out of 21 lac case files approximately 12 lac case files

have been registered in CIPA registration module (IIF 1), 8.5 lacs under

investigation module (IIF 2 to IIF 5) and 3.78 lacs under prosecution module

(IIF 6) (detailed break-up mentioned in below table).

Case files details (2004-2013)

Cognizable crimes registered during 2004-2013

S. No. Year Total no. of offences

1 2004 186161

2 2005 171989

3 2006 177934

4 2007 186501

5 2008 191533

6 2009 210345

7 2010 212767

8 2011 224604

9 2012 242552

10 2013

(estimated)

251284

Total 2055670

CIPA records (as on September' 2013)

S. No. CIPA Phase District Reg. Inv. Pros.

1 CIPA Phase - I Bharatpur 89292 16531 8064

2 Alwar 97649 67193 18777

3 Bhilwara 57722 41390 28192

4 Jaipur Rural 75237 53551 34454

5 CIPA Phase - II Ajmer 66638 60668 33841

6 Bikaner 43727 40787 23935

7 Ganganagar 68571 67083 21496

8 Jaipur East 50751 36397 24681

9 Jaipur North 37727 36198 29134

10 Jaipur South 45728 34424 14094

11 Jodhpur City 36959 32225 13343

12 Jodhpur Rural 26730 25649 9227

13 Kota City 51575 43321 10910

14 Kota Rural 28432 27970 25739


Page 181 of 211

15 Udaipur 73009 65723 34160

16 CIPA Phase - III Baran 32264 14197 215

17 Barmer 25163 19373 3576

18 Bundi 31941 21036 17146

19 Churu 22330 12874 3197

20 Dausa 34947 14701 826

21 Dholpur 23469 8235 192

22 Jalore 19116 10532 8164

23 Jhalawar 33928 22054 2280

24 Karauli 26892 16275 360

25 Nagaur 33524 15376 508

26 Sawai Madhopur 28412 19066 278

27 Sikar 37481 7747 0

28 Tonk 28759 25358 12076

TOTAL 1227973 855934 378865

Indicative list of documents to be digitized:

S No. Group List of Forms

1

IIF

First Information Report (IIF-1)

2 Crime Details Form (IIF-2)

3 Arrest/Court Surrender Form (IIF-3)

4 Property Search & Seizure From (IIF-4)

5 Final Form/Report (IIF-5)

6 Court Disposal Form (IIF-6)

7 Result of Appeal Form (IIF-7)

Flow diagram of Integration and Updation of Content/Document Management System:

Figure 14: Integration and Updation of Content/Document Management

System

CIPA

(Policy related content/ CrPC/IPC)

Digitized Documents

Enhanced CAS Document Management System


Page 182 of 211

a) Quality Control of Data Capture

Challenge of data conversion / migration is the coordination between three normally

disparate groups

Functional (From Business)

Legacy functional

Legacy technical

It is strongly recommended that the project assigns a data conversion manager.

Data conversion process will ensure that there is a focus on conversion requirements from

the start of the project. Overall conversion strategy for the project determines the approach

for data conversion and the tools and methods to be used for conversion. Data requirements

for the test database, conference pilot and the Production database will be met by this

process.

i. The conversion process will include designing and building conversion programs

and the actual data conversion from the legacy systems. The conversion process

will ensure that the team is prepared in advance with extraction scripts for the

legacy systems and the upload scripts for the new applications.

ii. Data conversion is accomplished through manual and/or automated means and

includes the creation of any data needed for new data records. It enables the new

system to accurately reflect the current status of organizational data at the start of

production. The term "data conversion" is used in the method in a wider sense

than the dictionary definition. It is defined to include four separate elements:

Purging/cleansing of existing data.

Reconciliation/balancing of the old data and the old system/new system.

Creation of new/additional data.

Conversion of the old data to the new system to create master file data and

opening balance data (where appropriate) for the new system.

iii. The conversion of data from an old system to a new system usually requires the

creation of a conversion system. The conversion system can be manual,

automated or both. Logically, conversion is taking data from one system and

moving it to another system at a point in time.

iv. Conversion may translate the format of the data but not update it and Conversion

programs may be run more than once or multiple times with each execution

converting a subset of data, such as one calendar month.

v. May be run multiple times for parallel running, phased or staged implementation

where progressive data conversion is required, and may be run multiple times

until reconciliation shows a valid conversion.

vi. System development support may be required to create a data conversion system.

In addition to the normal problems of system development, data conversion has

several unique requirements.

vii. Data may need to be created if it does not exist. Current data may need to be

purged, corrected or verified. The existing system (manual or automated) may

need to be corrected or balanced within itself before conversion can be

commenced or completed;


Page 183 of 211

viii. Timing of the data conversion process may vary, e.g., data cleansing or creation

may precede other tasks by several months.

ix. The following is a description of the various tasks that make up the data

conversion activity:

1. Analyze Data Conversion - Define and analyze data conversion entities,

both on the legacy systems and on the receiving Application.

2. Design/Build Conversion Programs - Design, construct and unit test all

conversion programs.

3. Implement Feedback from Integration Testing - Update design and code

for conversion entities, based on input from system prototyping and

testing

4. Prepare for Cutover - Make final conversion modifications to prepare for

system cutover.

6.6.2 Migration Strategy

Rajasthan Police proposes that the data digitization and migration effort of legacy data be

divided into the following phases:

Figure 15: Process Flow -Data Digitization & Migration

SI shall undertake the digitization of all case files starting 1st January 2004 to the date of Go-

Live of that police station. However, for the records dated earlier than 1st January 2004, all

records which belong to any of the following category need to be considered for purpose of

digitization and migration:

Cases having standing warrants

Cases having proclaimed offenders

Cases having absconders

Cases having history-sheeter

SI is required to update the records available in CIPA by referring physical case files

available in police stations. The data digitization utility provided by NCRB may be used for

the purpose of migration of records from CIPA to CAS. However regarding the data of IIF 6

& 7, SI may use CAS directly for entering the data.

Filtering

Updating

Migration

Validation


Page 184 of 211

SI shall undertake a proof of concept to demonstrate the data digitization and migration

process to the Rajasthan Police. Based upon the performance necessary approval shall be

provided by the Rajasthan Police subsequent to which SI shall undertake the data

digitization and migration exercise across all the locations.

Filtering: Each case file will be filtered for any irrelevant content. During this phase

it will also be ensured that the quality and sequence of the document is in conformity

to the original. All the information from the filtered document shall be validated

against the digitized information (in CIPA) available with Rajasthan Police.

Updating: Based on the case file the missing information shall be updated for

making the record complete for validation and migration.

Validation: Before each case is ported onto the system, validation is an important

activity that needs to be carried out for ensuring consistency and integrity. During

this phase the activities in all the above phases will be validated and verified.

Migration: The validated case files are finally ported into the system and then data

is live for use.


Page 185 of 211

6.7 ANNEXURE- VI-CAPACITY BUILDING & CHANGE MANAGEMENT

6.7.1 Introduction

The purpose of this section is to identify detailed requirements on Change Management and

Capacity Building to be implemented at the State. This section also provides the context to

the changes expected due to CCTNS and their anticipated impacts on skill development

requirements for the workforce. In addition, the document provides details of Capacity

Building initiatives taken by Rajasthan Police; capacity building and training requirements

plan and its implementation w.r.t. the scope of System Integrator.

State specific requirements are defined through a comprehensive understanding and

analysis of police functioning for the State, the issues and challenges faced in adopting the

new technology to improve the police functioning and enhance its efficiency as well as the

training need and capacity building requirements of the police department and its personnel

with respect to implementation of CCTNS project in the state and its sustenance.

6.7.2 Overview of the Capacity building Scope

a) Identification of Trainers (Internal)

Rajasthan Police is under the process of identification of qualified trainers with relevant IT

experience and training competency within each District Mission Team and State Mission

Team. SI would be responsible for training them and building their capacity for all the other

IT initiatives of Rajasthan Police. These Trainers will be responsible for implementing the

Capacity Building interventions beyond the scope of the System Integrator.

b) Identification of Trainers (Police Training Colleges)

Rajasthan Police is under the process of identification of qualified Trainers with relevant IT

experience and training competency within each of the Police Training Colleges in the State,

who will be directly trained by the System Integrator. These trainers will be responsible for

including training on CCTNS within the training college curriculum and impart the training

on CCTNS to the new recruits and current personnel (refresher training) at the Police

Training Colleges.

c) Identification of Trainees

Based on the nature of their responsibilities and their requirements from CCTNS, police staff

can be classified into the following categories for training purposes:

Group I: Key senior officers (ADGP, IG, DIG, SP) responsible for Crime, Law and

Order, IT, etc. who are directly impacted by the CCTNS with respect to receiving/

analyzing the reports through CCTNS.

o Change Management and Role-based training will be carried out for these

officers at suitable location in the State by the System Integrator.

Group II: Key officers (ASP, DySP, INSP., SI, ASI) in charge of a District/ Circle/

Police Station who are directly impacted by the CCTNS with respect to reviewing

the police station performance through CCTNS, reviewing the reports generated


Page 186 of 211

by the system, carrying out the required analysis using CCTNS and providing the

necessary guidance to the officers.

o Change Management and Role-based training will be carried out for these

officers at suitable location in the State or respective Districts/

Commissionerates by the System Integrator

Group III: Key officer (Station Writers, Court Duty, Head Constables, Constables)

in each of the Police Stations and Higher Offices who will use CCTNS for

capturing the data/investigation forms, generating the reports and utilize the

basic and advance search features of CCTNS to service the general service

requests and aid in investigation process.

o Orientation to Change Management and Role-based training will be carried

out for the identified officers at District Training Centers in the respective

Districts/ Commissionerates by the System Integrator

o Refresher training, subsequent training to the remaining officers/constables

in the Police Station and Higher Offices can be carried out by the internal

trainers subsequent to the System Integrator trainings

The main challenges to be addressed effectively by the SI are the geographically dispersed

trainee base, wide variability in education and computer proficiency and minimal availability

of time. The SI holds the responsibility for creation of a detailed and effective training

strategy, user groups and classifications, training plan and guidelines, detailed training

material, training program designed their delivery to the target groups.

The SI holds the responsibility for creation of training material, designing the training

programs and their delivery to the target group. The SI shall be responsible for the following

activities as part of the End User and Train the Trainer Training:

d) Develop Overall Training Plan

SI shall be responsible for finalizing a detailed Training Plan for the program in consultation

with Rajasthan Police covering the training strategy, environment, training need analysis

and role based training curriculum. SI shall own the overall Training plan working closely

with the Rajasthan Police Training team. SI shall coordinate overall training effort.

e) Develop District-Wise Training Schedule and Curriculum

SI shall develop and manage the District-Wise training schedule in consultation with

Rajasthan Police, aligned with the overall implementation roadmap of the project and

coordinate the same with all parties involved. Training schedule shall be developed by

solution and shall be optimized to reduce business impact and effective utilization of

Training infrastructure and capacities. The training curriculum for the CCTNS training

program should be organized by modules and these should be used to develop the training

materials. The training curriculum outlines the mode of delivery, module structure and

outline, duration and target audience. These sessions should be conducted such that the

users of the application/ modules are trained by the time the application “goes-live” in the

district with minimal gap between completion of training and going live of modules.

Continuous reporting (MIS) and assessment should be an integral function of training.


Page 187 of 211

f) Deliver Training to End Users

Based on their needs and the objectives of CCTNS, training programs could be organized

under the following themes:

i. Change Management training - Sensitization and awareness creation regarding

benefits of CCTNS. This part of the training focuses on the general benefits of IT

systems such as automation of routine and redundant tasks or moving from the

paper-based records management to a more sophisticated electronic records

system that can alleviate the efforts to create reports.

ii. Role-based training on the CCTNS application – This training should be in a role

based, benchmarked and standardized format, multi-lingual and lead to learning

completion and assessment. It should also allow for self-learning and retraining.

Training would include mechanism for demonstration using audio/ video/

simulated/ demo practice exercises and evaluation of trainees.

iii. “Train the Trainer” programs- where members of the police staff would be trained

to enable them to conduct further training programs, thus helping build up

scalability in the training program and also reducing the dependency on external

vendors for training.

iv. System Administrator training- a few members of the police staff with high

aptitude would be trained to act as system administrators and troubleshooters for

CCTNS.

SI shall deliver training to the end users utilizing the infrastructure at the District Training

Centers. Role-based training for the senior officers will be carried out at suitable location in

the State by the System Integrator.

SI is required to install the CCTV cameras across all the training locations and ensure that its

feed is made available over the network. The network connectivity for this purpose shall be

provided by the Rajasthan Police. SI is required to get approval of specifications of the CCTV

cameras prior to installation. For the purpose of payment related to training, SI is required

to submit the recording of the training along with the invoice to the Rajasthan police.

SI shall also impart simulated training on the actual CAS (State) with some real life like

database. The SI should create case studies and simulation modules that would be as close to

the real life scenario as possible. The objective of conducting such trainings would be to give

first hand view of benefits of using CAS system. Such training should also be able to provide

the participant a clear comparison between the old way of crime and criminal investigation

against the post CCTNS scenario. This training may seem similar to role play training

mentioned in the section above. However, in this simulated training, the SI would ensure

that the IO’s are provided an environment that would be exactly similar at a Police Station

post CAS (State) implementation.

Most of the training would be an Instructor-Led Training (ILT) conducted by trained and

qualified instructors in a classroom setting. To maintain consistency across CCTNS trainings,

standard templates should be used for each component of a module.

An ILT course will have the following components:

Course Presentation (PowerPoint)


Page 188 of 211

Instructor Demonstrations (CAS - Application training environment)

Hands-on Exercices (CAS - Application training environnent)

Application Simulations: Miniature version of CAS Application with dummy data

providing exposure to the IOs to a real life scenario post implementation of CAS

Job Aids (if required)

Course Evaluations (Inquisition)

In addition to the ILT, for the modules that may be more appropriate to be conducted

through a Computer Based Training (CBT), a CBT should be developed for them. CBT should

involve training delivered through computers with self instructions, screenshots, simulated

process walk-through and self assessment modules.

Select set of police staff with high aptitude group and/or relevant prior training, are to be

imparted with the training/skills to act as system administrators and also as troubleshooters

with basic systems maintenance tasks including hardware and network.

g) Develop Training Material

i. Customization of the Training Manuals, User Manuals, Operational and

Maintenance Manuals provided along with the CCTNS CAS Software.

ii. Design and development of the Training Manuals, User Manuals, Operational

and Maintenance Manuals for the modules developed at Rajasthan Police level.

In cases where the training material may be made available by MHA/ NCRB, it is the SI’s

responsibility to ensure the relevance of the material to the State/UT, customize if necessary

and own up the delivery and effectiveness. All the training material needs to be provided in

two languages i.e Hindi and English.

SI shall ensure that the training content meets all the objectives of the training course. The

material shall be developed in English and Hindi based on the target group. SI shall also

develop the training material for delivery through Computer Based Training, Instructor Led

Training, Online User Material/ Help Manuals and Job Aids.

SI shall provide detailed training material providing step-by-step approach in soft and hard

copies to all police stations and offices for reference.

Rajasthan Police has developed an online Learning Management System for providing access

to all training content online including documents, demo, audio, video, simulation and

practice, assessment, self learning and context sensitive help and monitoring, support and

reporting etc., which is deployed at State Data Centre. The SI may take-over and improves

upon the existing application to suit the above requirements. Brief details of LMS are

mentioned below:


Page 189 of 211

S.

No.

Applicatio

n Name

Type Description Deployment

Details / Current

No. of users

Application

Information

1

Learning

Managemen

t System

Online Developed on

Java Platform

Database –

MySQL

User

Authentication -

Active

Directory

Installed in State

Data Centre,

Jaipur

Expected to be

used by approx.

50,000 users

Online Training

nomination

e-Resource

Management

Typing Tutorial

Online Exams

Online

Feedback/

Survey

h) Deliver Training to Trainers (Internal and Trainers from the Training

Colleges)

SI shall help Rajasthan Police in assessing and selecting the internal trainers as well as the

trainers at training colleges who can conduct the end user training subsequent to the training

by the SI. SI shall coordinate the ‘Train the Trainer’ session for the identified trainers to

ensure that they have the capability to deliver efficient training. For Train the Trainer

training the Rajasthan Police would nominate 2 trainers per District.

In addition to the training delivered to the end-users, the trainers should also be trained on

effectively facilitate and deliver training to end users. Also, it is advisable to always run pilots

for any training program before deployment. This training will hence serve as the pilot and

as a training session for trainers as well. In addition to this the SI should take support from

the ToT trained staff for delivering the training in the respective Districts. In addition the

end-user training sessions, ToT training will consist of three segments:

i. The first segment will be set of workshops covering effective presentation skills

and coaching techniques and discussing the benefits and structure of the trainer

model.

ii. The second segment will be the formal CCTNS training which will consist of all

modules of CCTNS relevant for their role. This would also include Networking

concepts (in view on RSWAN, SecLAN, VPNoBB), Troubleshooting computer

hardware, Application software and Operating system, Application installation

and up-gradation of patches, User creation & role management and effective use

of LMS.

iii. The third segment will be a teach-back session where trained trainers will present

course content and receive feedback regarding content, flow, and presentation

techniques. This will also include a feedback session where trainers can provide

feedback on the training materials, flow, comprehension level, and accuracy.

i) Training Effectiveness Evaluation

To measure the effectiveness of all the end user trainings conducted by SI as part of this

project, SI shall be responsible for preparing the set of questions, i.e. a question bank from


Page 190 of 211

which random questions would be selected and uploaded for online test of the trainees,

Rajasthan Police or its nominated agencies/ representatives would validate and approve the

question bank. SI will be required to make all arrangements, including the software for

conducting online test, trainees’ attendance while premises and infrastructure would be

provided by Rajasthan Police.

For the purpose of evaluation and passing criteria following process shall be followed:

Online Examination shall be administered by SI under the supervision of competent

Police officials (District e-Mission Team). As part of this examination each trainee

shall also undertake the role based test on CAS in a dummy environment. SI has to

ensure that the dummy/test environment of CAS is accessible across all training

centers.

SI shall also ensure that each trainee is registered in Learning Management System

(LMS) and CAS application. District eMission Team shall verify this as part of

completion of training.

SI shall also compile the number of sessions undertaken by the trainees in LMS.

District eMission Team shall validate that a minimum number of training sessions

have been undertaken by each trainee. The minimum number of sessions required by

each trainee shall be defined mutually between SI and the Rajasthan Police at the

time of finalization of training plan.

Rajasthan Police shall deploy a central team which shall monitor the progress of

training and its effectiveness.

Based on the above three steps the final passing certificate shall be issued by the

competent authority stating that the concerned trainee is ready for using CAS in

police station. A minimum of 90% of trainees from each batch need to pass without

which SI shall be required to retake the training of failed candidates of those batches.

If in a particular batch 90% of candidates pass the test, training of that batch would

be considered as successful and training of failed trainess of these batch would be

arranged by competent authority at his own level.

In case of dispute the competent authority at PHQ level would decide the issue.

SI shall consolidate all the certificates and submit it along with the invoice as stated

in the payment schedule in Volume 2 of this RFP.

Rajasthan Police will periodically monitor the training effectiveness through the

performance metrics and Service levels and provide necessary feedback to SI. SI shall be

responsible for incorporating the feedback and arrange for conducting refresher training,

wherever needed.

6.7.3 Training and Capacity Building As-Is

a) Need for Capacity Building

The Department of Police, Government of Rajasthan has recognized the potential of

Information and Communication Technology (ICT) in strengthening the performance of the

police delivery system in the State and is keen to adopt & infuse IT in the applicable areas.

Accordingly, the department has defined the following key objectives for the CCTNS project

(IT initiative of the department):-

The following goals and objectives have been defined for CCTNS:


Page 191 of 211

i. To Empower the Police Officers on duty to effectively provide services to the

citizens and other departments

ii. To eliminate Drudgery from the current Police Station processes, essentially

eliminating the need of repetitive data entry at various data entry points

iii. To Provide Enhanced Tools for Investigation, Crime Prevention, Law & Order

Maintenance and other functions like Traffic Management, Emergency Response,

etc.

iv. To Increase Operational Efficiency

v. To create platforms at State and Central levels for sharing crime and criminal

information / databases across states and across the country. This would enable

easy sharing of real-time information/ intelligence across

vi. To implement secure channels for data and information sharing police stations

and districts at the State level and across states at the National level

vii. To improve the service delivery to the public/ citizen/ stakeholders

Capacity Building is a highly critical component of CCTNS. The objective of CCTNS Capacity

Building (CB) initiatives is to empower the direct users and other stakeholders of CCTNS to

optimally use CCTNS and enhance outcomes in crime investigation, criminals tracking and

other core police functions; and also ensure a smooth functioning of CCTNS.

Success of CCTNS, both in short term as well as long term has unswerving dependency on

the level of penetration it is able to accomplish. Drawing upon the diverse challenges

expected for the implementation of CCTNS, specifically the workforce challenges, it is

apparent that capacity building is the need of the hour to further ensure that CCTNS as a

program is successful.

The implementation of the multiple solutions and new process will significantly impact the

functioning of police force across India. The challenge will be to empower and support the

workforce to understand, learn, and adopt the new way of working in order to fully realize

the potential benefits of this fundamental change.

To manage a large scale implementation which impacts a mammoth number of users directly

or indirectly, a comprehensive and well-structured Capacity Building approach is required.

Capacity Building approach would include availability of requisite infrastructure and

resources to support the entire program. It would also ensure that the required user groups

receive sufficient training to equip them with the skills required to efficiently use or be aware

of the new processes and/or systems.

In totality Capacity Building Programs will assist in:

Identify the training audience groups

Training delivery methods

Training development and delivery resource

Hence, the objectives of developing a Capacity Building Program are:

To motivate, train and capacitate police workforce

Efficiently embark on the revised roles and responsibilities as part of CCTNS

Embed sustainability of the project

To ensure successful implementation of CCTNS


Page 192 of 211

b) Snapshots of Capacity Building Initiatives in the State

Capacity Building is an important aspect of this CCTNS project. It envisages improving the

efficiency of the police personnel, basically, by providing role based and ICT basic training at

the initial stage of Capacity Building. Under Capacity Building scheme Rajasthan Police

personnel of all ranks, are to be trained on various relevant aspects of CCTNS Project

including Basic Computer Knowledge. As a first step towards this, Rajasthan Police wishes to

create computer awareness among all the officers and men of State Police force.

c) Institutional Framework for Police Training and Capacity Building in

Rajasthan

The computer training to the police personnel in the state has been started since 1995 during

implementation of CCIS project and CIPA project (in 2006). However, under CCTNS project,

“Basic Computer Training” is envisaged to acquaint and aware, the Police Personnel, with

basic function and nature of computers and its application. Concerted effort should be

directed towards providing exposure of computers especially to ground level functionary.

Figure 16: Police Training - Organizational Structure

Addl. DGP (Training) is in charge of Training both initial and in-service for various ranks for

Rajasthan Police. He controls various training Institutions including RPA, RPTC, Police

Training Schools and Police Motor Driving School in the state and has to nominate officers

for undergoing training in central government training institutions. He has to get the

syllabus for various trainings revised by DGP. The Training Directorate keeps a record of all

initial and in-service trainings.

IGP of the Range periodically visits the police training schools or institutions in his Range

and guide the Principal/commandant. He sends his observations to ADG (Training)

regarding the functioning of police training institutions periodically.


Page 193 of 211

The details of Rajasthan Police current strength :-( Source: www.police.rajasthan.gov.in)

Police Officials Current strength Sanctioned Posts

Indian Police Service Officers 162 206

Rajasthan Police Service Officers 565 795

Police Subordinate Service

Inspector 909 1162

Sub Inspector 2279 4084

Assistant Sub Inspector 3963 5661

Head Constable 7886 10033

Constable 59147 71414

Police Training Institutions in the State

Police Training Institutions Role

1. Rajasthan police Academy, Jaipur Main centre of training for Rajasthan

Police officers of the level of constables

to gazetted officers (RPS/IPS)

Imparts training of S.I. to IPS officers of

Rajasthan police

2. Rajasthan Police Training College,

(RPTC) Jodhpur

Imparts training to R.A.C. personnel

from the rank of constable to Company

Commander

also offers training of other armed and

civil police personnel

3. Police Training School, Kishangarh

(1950) Imparts training to police constables up to

Inspector rank officers

4. Police Training School Kherwara (1975) -do-

5. Police Training School, Jhalawar -do-

6. Police Training School Jodhpur (1975) -do-

7. Police Motor Driving School, Bikaner

(1999). trains police officials in vehicle driving and

maintenance

8. Security Training School (STS), at RPA,

Jaipur (1962) conducts specialization and refresher courses

on various aspects of security and intelligence

to train the SSB personnel

9. District Training Centers (DTC) There are 41 DTCs across Rajasthan, under

CCTNS project where Basic ICT Awareness

training is conducted.

Table 14:Police Training Institutions in the State


Page 194 of 211

Training in these centers is given keeping in mind the growing complexities of crime,

violence, communal and law and order situations. New subjects relating to human rights,

atrocities against women, police custodial deaths, police-public relations, juvenile

delinquency, cyber crime, pollution control and environment awareness have to be tackled.

The trainees are imbued with the principles of social service and made familiar with the

latest findings in criminology, human behavior, police-community relations, gender issues,

community policing, human resource development and other allied subjects.

Training Courses Conducted at Rajasthan Police Academy

RPA conducts following types of training courses for different ranks of Police Officers in the

state. Promotion cadre courses are held from time to time for posts of the rank of head

constables to inspectors. Various types of special training programs, including on the job

training is being imparted to police personnel. Training is a continuous process and the

courses are geared to meet the challenges faced by the police personnel.

S. No. Course Type Target Audience/Duration

1 Basic Courses 1. IPS officers/ 6weeks

2. RPS officers/1 year

3. SIs-/1 year

4. Constables-/9 months

2 Promotional courses (45 days)

1. ASI to SIs

2. SIs to Inspectors

3. Head constables to ASI

3 Specialized courses

a. Computer awareness

b. Cybercrime investigation

1. SI to ASP (2 days)

2. SI to SP (2 days)

4 Refresher Courses

a. Computer appreciation courses- 4

days, 1 week, 2 week and 4 weeks

b. Orientation course for Dy.SP

c. Induction course for

Inspectors/SI

1. RPS officers

2. SIs

3. Constables

5 Training on Soft Skills HC to Inspectors (4 Days)

Table 15: Training Courses

d) Capacity Building Initiatives undertaken by the Department

The State Crime Records Bureau is designated as Nodal Agency in the state for

implementation of CCTNS project in the state. The table below gives a snapshot of the

personnel trained so far in basic computer training (ICT Basics of 5 days),

Designation No. of Personnel

Trained by In-house

trainers

No. of Personnel

Trained by RKCL (Out-

source)

Addl. S.P. 53 -

DY. S.P. 160 -


Page 195 of 211

Ins. 495 -

S.I. 1178 -

A.S.I. 2332 -

H.C. 2899 -

CONST. 25707 2620

OA/ UDC/ LDC 242 -

TOTAL 33066 2620

Table 16: Trained Personnel in ICT Courses

As a part of CCTNS capacity building program, following initiatives have been planned/

undertaken by the state government

Strengthening Capacity of the existing training institutions:

Establishment of computer lab at District level Training Centers (DTCs) to

conduct Basic ICT training for police personnel at district level and their capacity

building

Emphasis on capacity building i.e. computer awareness and training before

implementation of the project

Focus on training of all police personnel in the state

Integration of computer training in the induction training curricula of all police

cadres

Provision made to provide computer training in the In-service training, refresher

training as well as in Promotional training courses

The infrastructure for computer training made available during 2010-11 to the

police training institutions including the DTCs under CCTNS project is indicated

in the table below:

i. Infrastructure provided to Police Training Institutions (CCTNS

Project):

Infrastructure SCRB RPA RPTC PTSs (5) District

Training

Centers (41)

Total

Server Computer

(High-end

computer)

2 2 1 1 x5=5 1x41=41 51

Computer 33 33 22 22x5 = 110 10x41=41 608

Printer 2 2 2 2x5 = 10 1x41=41 57

UPS 1

(5KV)

1

(5KV)

1

(5KV)

1x5=5 KV 0

1 (3

KV)x41=41

8 (5 KV)

41 (3 KV)


Page 196 of 211

LCD Projector 1 1 1 1x5=5 1x41=41 49

Multi functional

Printer

1 1 1 1x5=5 0 8

White screen 1 1 1 1x5=5 1x41=41 49

White Board 1 1 1 1x5=5 1x41=41 49

Internet

connectivity

Yes Yes Yes Yes Yes

Table 17: Infrastructure for Police Training Institutions (CCTNS Project)

ii. Details of infrastructure provided to Police Training Institutions (to

be considered for AMC)

S.

No.

Item Make Model Description

1 Server Computer Dell Optiplex Desktop computer with Intel V

pro configuration. 19" TFT Digital

Colour Monitor with Windows 7

preloaded with media and

documentation

2 Computer Dell Optiplex Desktop computer with Intel Core

2 Duo. 19" TFT Digital Colour

Monitor with Windows 7

preloaded with media and

documentation

3 Printer Samsung

(43 nos.)

Canon (14

nos.)

ML-3471 ND

LBP 6750 DN

Laser printer resolution in dpi:

Mono 600X600, paper size A4,

print speed in PPM:32, Port:1

USB, Network card 10/100: Yes,

Duplexing: Yes

4 UPS 3 kVA with

DC Power pack

Numeric 3 kVA Online UPS with isolation

transformer suitable for single

phase AC input and single phase

AC output, Floor mounted type,

Indicative backup time: 60

minutes

5 UPS 5 kVA with

DC Power pack

Numeric 5 kVA Online UPS with isolation

transformer suitable for single

phase AC input and single phase

AC output, Floor mounted type,

Indicative backup time: 60

minutes


Page 197 of 211

6 LCD Projector Epson (42

nos.)

Sanyo (7

nos.)

PLC XU 305

Brightness: 3000 Lumens

Resolution: XGA

Lamp life: 4000 hours

Contrast ratio: 2000:1

Interface: Computer, Video, USB

memory device, Wireless device

with RGB out

Accessories: Remote, Cables,

Drivers on CD

7 Multi functional

Printer

Canon MF4570DN Digital Copier & multifunctional

Office machine printer, Type:

Laser, Mono/ Colour: Mono, Min.

printing speed: 25 ppm, Category:

Duplex, ADF/ DADF: ADF,

N/w:Yes, Fax: Yes

Table 18: Infrastructure for Police Training Institutions (CCTNS Project) for AMC

j) Challenges Anticipated for CCTNS

Like all big Information and Communication Technology (ICT) changes in organizations as

complex as the Indian Police, CCTNS is expected to face a lot of challenges. It is going to be a

huge change for everyone and requires strengthening of all supporting levers. In the course

of detailed As–Is assessment, following challenges were highlighted and needs to be kept in

mind while designing and implementing the capacity building program for CCTNS:

S.

No

Challenges

Type

Challenges to Pre-empt

1. People

Challenges

• Varying basic education level among police staff across PS

that impacts the uptake of any IT skills

• Feeling of “…we were recruited for field work in police...

and not for Data Entry”

• Lack of incentives

• Among the duties of the Police, documentation and data

entry holds least priority and value. Hence, it is very

difficult for police staff to focus on IT knowledge/ data

entry

• Working on computers is considered as a special skill and a

non – executive job

• Resources that are IT savvy are overburdened with

requests pertaining to computer operations by other

colleagues

• Age also plays a factor where staff beyond a certain age is

hesitant to pick up IT skills and hence resist usage of such

system


Page 198 of 211

S.

No

Challenges

Type

Challenges to Pre-empt

2. Process

Challenges

• State Police Manuals mandates maintaining multiple

registers that contains redundant and repetitive data

• There is no standardization of some reports and registers

across the state.

• Manual preparation of reports such as Monthly Crime

Review, Monthly Statement on Crime Statistic System

• Manual delivery of these reports as physical copies to

DCRB/ SCRB/ NCRB

• Duplicate data entry at multiple stages, within the same

office and at higher offices

• Manual preparation of Query responses for RTI,

Parliament, Higher Offices, etc

3. Infrastructure/

Technology

Challenges

• Power Supply Issues:

• Improper maintenance of hardware and software at PS

• Information available in silos

• Absence of an interconnected databases and networks at

the Control room

• Poor road connectivity at Semi-urban and Urban PS

Table 19: Challenges for CCTNS project

6.7.4 Implementation Plan

a) Training and Capacity Building Plan

Capacity Building for CCTNS Project will allow State’s Nodal Agency to manage day to day

challenges faced as a result of the project and to ensure a sustainable operating model during

and after implementation and stabilization.

Building capacities at various levels is critical to the successful implementation of the

recommended IT initiatives. Also, the training programs would cover Change Management

and awareness programs in addition to CCTNS-specific programs in order to ensure

adoption of the system at the police station level.

i. Main Training Themes

Based on their needs and the objectives of CCTNS, training programs would be organized

under the following themes:

1. Creating awareness about the benefits of ICT and CCTNS project

2. Role-based training on the CCTNS application

3. “Train the Trainer” programs, where members of the police staff would be

trained to enable them to conduct further training programs, thus helping

build up scalability in the training program and also reducing the dependency

on external vendors for training.


Page 199 of 211

4. System Administrator training: selected members of the police staff with high

aptitude would be trained to act as system administrators and troubleshooters

for CCTNS.

The above themes are expanded as below:

1. Change Management and Orientation to CCTNS training

Creating awareness about the benefits of ICT and CCTNS project

Highlight expected changes and role of various change agents in the project

Prepare the police workforce to accept imminent changes and impact of the

project

For the training program "Orientation to change management and Introduction

to CCTNS" (for Higher officials) the SI shall only invite Change management

experts/ eminent speakers who have national and international recognition

particularly in the field of e-Governance or relevant domain.

For the training program "Change Management and Introduction to CCTNS

(Middle & Junior Officials)" the SI shall only invite Change management experts/

eminent speakers who have national recognition and relevant experience

particularly in the field of e-Governance.

2. Role based training on application software

The training should focus on the users getting comfortable to use the CCTNS

application.

This training would be tailored according to the unique requirements of each user

category. The training program must ensure to cover the following user

categories:

o Senior police officers (there might be sub-categories in this category with

training needs differing from each other; for example, the training for

SP/SSP will have to reflect their requirements in comparison to the

requirements of an IGP)

o Station House Officers (SHO)

o Investigating officers

o Station Writers

o Court Constables

o Duty officers

Hindi Keyboard Usage and Typing training, which shall contain the basics of

the usage of Hindi Keyboard. It shall also equip candidates with familiarity of the

computer keyboard and train them on typing skills so that work place efficiency and

productivity is improved.

3. “Train the Trainer” Programs

Select set of police staff with high aptitude group and/or relevant prior training,

are to be trained as trainers who would, in turn, train their colleagues.


Page 200 of 211

“Train the Trainer” program could be held at a central location or two

The trained trainers would, in turn, conduct training programs for their

colleagues at lower levels such as the district

Trainers would be trained to impart training in role-based training on CCTNS.

4. Specialized training on system administration and troubleshooting

Select set of police staff with high aptitude group and/or relevant prior training, are to be

imparted with the training/skills to act as system administrators and also as troubleshooters

with basic systems maintenance tasks including hardware and network such as:

Information Security & IT Infrastructure Security

Data centre & Network Administration

Hardware Components, Installation & maintenance

Project Management tool and MIS

Data structures, Database management,


Page 201 of 211

6.7.5 Indicative Training Plan for the Members of Police Department

The following is an indicative training plan for members of state police departments based on the nature of their responsibilities:

S.

No.

Name of the

Training

Program

Indicative

Duration

(Days)

Indicative

Location

Target Audience Group

A

Group

B

Group

C

Avg.

Batch

Size

Estd.

no. of

batches

Total

trainees

1 Orientation to

Change

Management

and

Introduction to

CCTNS (Higher

Officials)

1 SCRB/

PHQ/ RPA

Addl DGs, IGs, DIGs,

SP of PHQ, IG Range,

CP, DCP, District SP

100 0 0 15 7 100

2 Change

Management

and

Introduction to

CCTNS

1 RPA, SCRB,

District

Training

Centers

Addl SPs, Dy S.P.,

SHO of Selected

Locations

67 163 320 12 45 550

3 Role Based

training and

Management

Information

System (Higher

officials)

1 SCRB/PHQ/

RPA

Addl DGs, IGs, DIGs,

SP of PHQ, IG Range,

CP, DCP, District SP

100 0 0 15 7 100

4 Role Based

Training and

Basic ICT

4+1 SCRB,

District

Training

Centers

Addl SPs, Dy S.P.,

SHO of Selected

Locations

67 163 320 12 45 550


Page 202 of 211

5 Change

Management

and Role Based

Training and

Basic ICT

4+1+1 SCRB,

District

Training

Centers

Investigation

Officers, Head

Constables,

Constables of

Selected

Locations,

Heads of various

Police Functions

of Selected

Locations

District Mission

Teams

CCTNS core team

3756 20756 12 2042 24513

6 Project

Management,

Document

Management

System/

Reporting

2 SCRB CCTNS core team 0 15 0 15 1 15

7 Information

Security & IT

Infrastructure

Security

15 SCRB CCTNS core team 0 10 0 10 1 10

Data centre &

Network

Administration

Hardware

Components,

Installation &


Page 203 of 211

maintenance

8 Train the

Trainer (Role

based)

5 SCRB 2 Trainers per

District/ Police

Training institute

- - - 15 6 100

Table 20: Indicative Training Plan



6.7.6 Handholding Support

SI shall deploy one competent person per police station for a period of 6 months or 12

months for 2 police station (would be decided by Rajasthan Police) to support the staff in

that police station and ensure that the staffs in that police station are able to use CCTNS on

their own by the end of the support period. The Rajasthan Police would intimate the

successful bidder the date of deployment of resources at least 1 month before. Periodic

assessment of Police station staff shall be done by Rajasthan Police to assess effectiveness of

Handholding support. SI shall provide sufficient training on CAS and related Police

functioning and network architecture for proposed stack . SI shall also develop separate

training material required for training the Handholding persons at no extra cost to

Rajasthan Police.

SI shall update the weekly attendance of Handholding staff verified by SHO on PM tool.

a) Handholding – Scope of work

The technically qualified and trained person deployed at police stations shall do the

following:

i. Use and troubleshoot for various hardware items provided at the police station

such as computer, printer, network components, digital camera, digital pen etc.

as required under the project.

ii. Use the core application software to perform the policing functions and data entry

as per the person’s role.

iii. Able to perform any other functions that may be required under the ambit of the

CCTNS project

iv. As and when newer versions of system or application software are introduced

within the period of handholding support at a particular police station, the

handholding staff shall provide adequate training to the concerned police

personnel.

v. In case a new police official joins the police station during the handholding phase,

it will be the handholding person’s responsibility to ensure that the official is

conversant with all the activities required towards CCTNS functioning.

vi. The handholding staff should assist the police in installation and updation of any

required software needed under the CCTNS project, including updation of PM

tool and Master data.

vii. Create documentation for Knowledge Transfer (KT) before 5 months of

Handholding period, that can be used by the police station staff after closure of

the handholding phase and train at least 2 persons identified by the respective

District Mission team.

viii. The handholding staff must be IT savvy and aware of basic IT trouble shooting

procedure. The person should be able to rectify level 1 issues related to CAS, other

software and hardware. The resolution to the queries raised by the police

personnel must adhere to the SLAs for post implementation phase defined in the

SI agreement. Handholding person shall maintain a separate register to record all

issues and their resolution.

ix. The handholding staff will also conduct CCTNS related workshops (if required)

and refresher courses for the police station staff and effectively use LMS.



x. Handholding staff should have detailed understanding of CAS application and

should be able to provide support related to any technical or workflow related

query raised by the personnel.

xi. Handholding staff should be able to rectify IT related issues being faced by Police

officials during data entry in CAS.

xii. Any issues that need to be escalated to the SI helpdesk for resolution should be

taken up by the handholding person and tracked till closure of the query.

xiii. The handholding staff should assist the police personnel in coordinating with any

higher offices that may be required for proper functioning of CCTNS.

xiv. The handholding staff of each police station shall submit a daily report to the

police station detailing the activities undertaken during the day. The report will

also contain detailed status of each activity along with its resolution and current

status.

b) Qualification / Experience Criteria

i. Graduate with at least 6 month certification in IT and overall experience of 1-2

years of experience in application software/ LAN/ WAN/ PC troubleshooting,

Data Entry on Computer Applications. Working proficiency on office suite.

Fresher’s can also be considered but having at least one of the following

educational qualifications: BCA, MCA, B.Sc (Computer science/ Information

technology), M.Sc (Computer science/ Information technology) , PGDCA, O-

Level, B- Tech.

ii. Working proficiency of Hindi typing is mandatory.

iii. The handholding staff should have sufficient experience in installation and

updating of any required software.



6.8 ANNEXURE VII GOVERNANCE STRUCTURE

This section will provide the governance structure that will be created at the State level to

monitor the implementation of the CCTNS project. As per the Guidelines issued by the

Ministry of Home Affairs, Government of India, The State Police Department shall constitute

appropriate governance and operations structures, and in alignment with the structures

recommended by DIT, GOI under NeGP guidelines. The following governance committees

shall form the institutional framework for implementation, monitoring and evaluation of

CCTNS project.

a) State Apex Committee

b) State Empowered Committee

c) State Mission Team

d) District Mission Team

The following figure depicts the proposed governance structure for implementation of

CCTNS project in Rajasthan:

Figure 17: Proposed Governance Structure for CCTNS Project

The table below provides the committees/ teams that form part of the governance structure

and their roles and responsibilities as defined in the CCTNS implementation guidelines

provided by MHA.

Committee / Team Roles & Responsibilities

State Apex

Committee

Reviewing progress of the Project,

Overseeing utilization of funds,

Policy Directions and Guidance for successful

execution of the Project,

Ensuring continuance of Mission Leader for sufficient

duration, and



Creating a supporting environment for the success of

the project

State

Empowered

Committee

Disbursement of funds to Districts and other

units/agencies

Approval of BPR proposals

Sanction for various project components, as may be

specified, including the Hardware/Software

procurement as per the specifications from NIC

Approval of various Project Components and

Functionalities to be covered in the Project

Review progress of the Project

Ensure proper Training arrangements

Ensure deployment of appropriate handholding

personnel

Other important policy and procedural issues

Guidance to State/District Mission Teams

State Mission

Team

Operational responsibility for the Project

Formulating Project Proposals

Getting sanction of GOI for various projects

Hardware rollout and operationalization

Co-ordination with various agencies

Resolution of all software related issues, including

customization

Resolution of all other issues hindering the Project

Progress

Any other decision to ensure speedy implementation of

the project

Assist the State Apex and Empowered Committees

District

Mission Team

Prepare District Project Proposal

Ensure proper Rollout of the Project in each selected

Police Station

Ensure hardware and software installation, and

operationalization of the Project

Training of all police personnel in the District

Site preparation and availability of all utilities

Ensure separate account keeping for the Project

Ensure the performance of Handholding staff

Deliverable

Review Team

Participate in meetings and requirement finalization

Review various deliverables submitted by SI

Suggest changes/ deviations with respect to the Scope

mentioned in the RFP

Review progress of the Project

Co-ordination with various agencies/ stakeholders

Resolution of all software related issues, including

customization



Resolution of all other issues hindering the Project

Progress

Assist the State Mission Team

a) State Apex Committee

The composition of State Apex Committee is as following:

S No Designation Role

1 Chief Secretary Chairperson

2 Addl. Chief Secretary, Home Co-chair

3 Director General of Police Member

4 Director, SCRB Member

5 Secretary, Finance (Expenditure) Member

6 Secretary (IT) Member

7 SIO, NIC Rajasthan Member

8 Representative of MHA, GOI Member

9 Nodal Officer CCTNS Project Member Secretary

b) State Empowered Committee

The composition of State Empowered Committee is as following:

S

No

Designation Role

1 Director General of Police Chairman

2 Addl. DGP, Crime, Rajasthan

3 Addl. DGP, ATS & SOG, Rajasthan Member

3 Director, SCRB, Rajasthan Member

4 Jt. Secretary,Home (Police), GoR Member

5 Jt. Secretary, Finance (Expenditure IV), GoR Member

6 Representative of NCRB Member

7 Representative of DoIT&C, Rajasthan Member

8 SIO, NIC Rajasthan Member

9 Representative of State Implementation Agency Member

10 S.P., SCRB Nodal Officer



c) State Mission Team

The composition of State Mission Team is as following:

S No Designation

1 Director, SCRB

2 DIG, Training, Rajasthan

3 DIG, Crime, Rajasthan

4 Nodal Officer, CCTNS, Rajasthan

4 Representative of State Implementation Agency

6 SIO, NIC Rajasthan

d) District Mission Team

The composition of District Mission Team will have the following members:

S

No

Designation Role

1 Superintendent of Police of District Chairman

2 Addl. SP/ Dy. SP Member

3 DIO, NIC Member

4 One officer from District Police having

computer knowledge

Member

e) Deliverable Review Team

The composition of Deliverable Review Team will have the following members:

S

No

Designation Role

1 Superintendent of Police, SCRB Chairman

2 Dy. Superintendent of Police, SCRB Member

3 Representative of SPMU Member

4 One officer from DoIT&C (GoR) Member

5 Domain Expert Special Invitee

f) Other Agencies

i. State Designated Agency

“State Designated Agency”, (agency/society/public sector unit) at the state level that would

serve as a channel for transfer of funds from GoI to states and from state governments to the

vendors implementing CCTNS. Identification of such an agency/society and routing funds

through it would ensure the following. Centre for Development of Police Science and

Management (CDPSM) has been nominated as State Designated Agency.

Timely payments for time-critical events



Strict control on utilization of funds for intended purpose

Sustainability even beyond plan period

Enable States in timely hiring of experts and internal capacity building

ii. State Project Management Consultant

Since the implementation of CCTNS and a significant part of the functionality of CCTNS

application are driven by the states, State Project Management Consultants is engaged to

support the State Empowered Committee in the following areas

Preparation of Detailed Project Report (DPR)

Assisting the state in identifying the state Systems Integrator (SI):

o Customizing the model RFP (Request for Proposal) provided by MHA/NCRB

o Releasing the RFP assisting the state in managing the bid process

o Assisting the states with the assessment of techno-commercial appraisal of

bids in identifying the state level Systems Integrator (SI)

Developing the functional specifications for the extensions/enhancements of

CCTNS application not covered by MHA/NCRB.

iii. State Project Management Unit

In order to monitor the progress on CCTNS the state would engage a state-level Program

Management Unit (SPMU).The scope of SPMU’s work would include the following:

Overall project planning and management in collaboration with state Empowered

Committee and State/District Mission teams: includes planning, supervising the

overall progress of the project, monitor conformance with the timelines, budgets

and service levels.

Review the scope and technical solutions (covering all CCTNS components)

provided by the SI

Acceptance testing and acceptance

Perform structured transition and rollout

Post-deployment reviews

Confirm and monitor service levels through the engagement with the SI through

periodic reviews

Monitor the implementation of the project according to the project plan and

report to the state Empowered Committee and CPMU

Assess the progress of the implementation and recommend release of funds to the

state nodal agency for the SI

iv. System Integrator

CCTNS adopts a “bundling of services” approach to implementation. Accordingly, all the

implementation components at the state level are “bundled” and contracted out to a single

Systems Integrator (SI) who would act as a single point of contact and accountability for the

implementation, integration and performance of CCTNS. The bundle of services would

include the following:

Program Planning and Management

The SI would customize and implement CCTNS core application provided by

NCRB under the guidance of and in consultation with NIC.



The SI would develop and deploy additional functionality that is scoped under

CCTNS (for some of the additional functionality, the central nodal agency would

provide the functional specifications to ensure standardization across states).

Procurement, installation and commissioning of hardware (including PCs,

peripherals, etc.) at police stations and higher offices including site preparation

Procurement, deployment and commissioning of communications infrastructure

(Network, Wiring, Switches etc.) at all police stations and higher offices; SWAN

and State Data Center would be leveraged to the extent possible.

Capacity building

o Awareness and Sensitization of benefits of IT along with the application level training

o Trainers Training

o System Administration and Support Training

o Handholding support to the police stations for 6 months

o Change management

Procurement, configuration and commissioning of specialized infrastructure and

applications as necessary

Utilization Statements/ Progress Reports

Digitization of Historical Records

Application, System and Network Maintenance

Helpdesk Support

The SI would be held responsible for the outcomes of the program and their payments would

be linked to the progress of the project as well as the outcomes of the program. The payment

schedule will be based on achieving milestones of the Project as well as on accomplishing

those milestones with predefined SLAs and Standard. The state would select a SI through a

competitive bidding process.