Common use of Project Execution Clause in Contracts

Project Execution. How will you conduct the execution of specific projects and activitities? Reply should include how the day-day execution of project tasks will be conducted, progress monitored and reported, and how issues will be handled. Tenderers response Reply to items 1-3 above. 1. [Project Organization] 2. [Project Definition] 3. [Project Execution] Example Case 2: TRA staff Situation: Consultant sends one or more consultants to TRA, to work on a specific project, and deliver specific deliverables, as agreed between the Consultant and TRA. The consultants arrives at TRA in Dar-Es-Salaam, Tanzania. At their first day on work at TRA, they face these realities: The TRA staff needed for the task is not available to the extent required, because they are assigned to other tasks, or that they have personal issues to attend to. The TRA staff assigned to the task seems to lack needed skills. The TRA staff assigned to the task lacks motivation. Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 3: TRA approval cycle Situation: Based on project plan and deliverables, the Consultant is required to submit a report. This report is tied up to the Consultant’s payment. TRA are required to review the report before payment can be made. Based on the project plan, the report is expected to be reviewed in a weeks time. But TRA takes longer time to review reports. This may be due to: Unavailability of key TRA personnel to review report TRA is occupied with other matter Despite this, the Consultant is still required to continue working in this, or other areas. Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 4: Ad hoc Changes Situation: TRA has a number of changes of plan that deviates a lot from initially planned tasks. This immediate need for change may arise from: Major Security Incident that required immediate attention Government requirement changes, for example additional tasks give to TRA, policy changes that TRA is required to comply to. Auditors' recommendations both internal and external Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 4: Documentation Situation: A number of documentations are required to be supplied by the TRA. These include background information, systems documentations, policies and procedures. The following situations may arise: The documentation provided before the agreement on the task was made, is inadequate. TRA does not have required documentation in place. Documentation is not maintained at all. Documentation provided does not match with actual practice Documentation provided is of poor quality, for example missing required key information. Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Technical Case (Possible Task) 5: Redeployment of System Situation: TRA has a number of computerized application systems. Most of them are custom application developed and configured by vendor. These applications were developed without Security in mind. There were no standard configurations in place, nor were they tested / reviewed. Thus, configuration from application to application is different and there is a huge dependency to internal and external developers in systems configuration. This has resulted in an ICT environment that is fairly unpredictable in terms of: Deployment times Security risks due to misconfigurations Systems availability Performance problems Clients thoughts on TO-BE Solution In order to address the problem, client is planning to redeploy all systems in a High Availability within and across two datacenters, with standard configurations using automated deployment scripts. This is planned to be done using Container-based technology. The acquisition of the hardware etc. for these data centers is in process. Tenderers response: [How will you implement the proposed TO-BE solution] Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros and Cons] Alternatives? [Provide alternative solutions to the problem] Example Technical Case (Possible Task) 6: Decentralized Authentication, Authorization and Accounting Situation: Most of the systems have been implemented with their own Access method in order to provide Authentication and Authorization features. TRA uses Windows Active Directory and Oracle Identity and Access Manager for authentication, password Synchronization and Access Management workflow. This to some extent has been possible to internal users especially on password synchronization. But still most of the systems use their own authentication. External stakeholders access various TRA web applications through various different channels and portals. These various portals exhibit different login features and management of user identities. Consequently, the users experience a variety of entry channels and external users need to maintain several credential sets to access TRA services. This can be unsatisfying for the TRA and lower the user experience. The process however also exposes the environments to vulnerabilities as some users may have access to parts of the applications which are not needed. On system to system level external entities such as banks and service providers have VPN connections to the systems they need access to which may be a threat once the VPN access is misused. Constraint: Furthermore the country’s national IDs are yet to be issued to all citizens. Most of the registration process for companies is still manual and not linked. TRA has it's own process for registering individual tax payers and citizens which also requires maintaining biometric records in order to avoid non-existence individuals and multiple registrations. Clients thoughts on TO-BE Solution Long term solution for this is to implement Central Secure Access Solution with multifactor authentication. Interim solution to implement a Login portal that will centrally manage external user identities and limit their access to the necessary resource. Tenderers response: [How will you implement the proposed TO-BE solutions] Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros and Cons] Alternatives? [Provide alternative solutions to the problem] Example Technical Case (Possible Task) 7: Network Security (Zones and Environment) Situation: TRA has a flat network where applications, users, database are one internal zone and a DMZ zone for public accessible resources. Access to internal network is not restricted. Systems to systems interfaces with external stakeholders are connected through VPN to the internal zone. TRA has gadgets with Simcards that facilitate communication to internal servers. These Simcards are connecting through APN. Limited separation of network zones poses challenges in containing and identifying security holes. Also potential intruder can have access to systems once they enter TRA building and plug in LAN. Constraint: Some of the applications are client server based architecture and require client application installed in user PC to connect directly to database server. Users are still not technology savy. Clients thoughts on TO-BE Solution In order to address challenge, client plans to separate network into at least six zones: Guest for internet access to unauthenticated users, User zone for domain authenticated workstations, internet façade zone for web application that will available to external clients, application zone for application server, database zone for database and file servers and Admin server for tools that will be used for monitoring and management activities. Tenderers response: [How will you implement the proposed TO-BE solutions] [How will you manage and Secure Simcards communication in the TO-BE solutions] Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros and Cons] Alternatives? [Provide alternative solutions to the problem and Solutions to improve this configuration] Schedule 2.2 – Proposed organization This Schedule should include: Schedule 2.3 - CV's for all Key Personnel

Project Execution. How will you conduct the execution of specific projects and activitities? Reply should include how the day-day execution of project tasks will be conducted, progress monitored and reported, and how issues will be handled. Tenderers response Reply to items 1-3 above. 1. [Project Organization] 2. [Project Definition] 3. [Project Execution] Example Case 2: TRA staff Situation: Consultant sends one or more consultants to TRA, to work on a specific project, and deliver specific deliverables, as agreed between the Consultant and TRA. The consultants arrives at TRA in Dar-Es-Salaam, Tanzania. At their first day on work at TRA, they face these realities: The TRA staff needed for the task is not available to the extent required, because they are assigned to other tasks, or that they have personal issues to attend to. The TRA staff assigned to the task seems to lack needed skills. The TRA staff assigned to the task lacks motivation. Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 3: TRA approval cycle Situation: Based on project plan and deliverables, the Consultant is required to submit a report. This report is tied up to the Consultant’s payment. TRA are required to review and approve the report before payment the next step of the project can be madecommence. Based on the project plan, the report is expected to be reviewed in a weeks time. But TRA takes longer time to review reports. This may be due to: Unavailability of key TRA personnel to review report TRA is occupied with other matter Despite this, the Consultant is still required to continue working in this, or other areas. Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 4: Ad hoc Changes Situation: TRA has a number of changes of plan that deviates a lot from initially planned tasks. This immediate need for change may arise from: Major Security Incident that required immediate attention Government requirement changes, for example additional tasks give to TRA, policy changes that TRA is required to comply to. Auditors' recommendations both internal and external Tenderers response: [How will you react in such a situation?] How will problems if any be handled and at which level in the organization? Example Case 4: Documentation Situation: A number of documentations are required to be supplied by the TRA. These include background information, systems documentations, policies and procedures. The following situations may arise: The documentation provided before the agreement on the task was made, is inadequate. inadequate or of poor quality, for example missing key information TRA does not have required documentation in place. Documentation is not maintained at all. Documentation provided does not match with actual practice Documentation provided is of poor quality, for example missing required key information. Tenderers response: [How will you react in such a each specific situation?] How will problems if any be handled and at which level in the organization? Example Technical Case (Possible Task) 5: Redeployment of System Situation: TRA has a number of computerized application systems. Most of them are custom application developed and configured by vendor. These applications were developed without Security in mind. There were no standard configurations in place, nor were they tested / reviewed. Thus, configuration from application to application is different and there is a huge dependency to internal and external developers in systems configuration. This has resulted in an ICT environment that is fairly unpredictable in terms of: Deployment times Security risks due to misconfigurations Systems availability Performance problems Clients thoughts on TO-BE Solution In order to address the problem, client is planning to redeploy all systems in a High Availability within and across two datacenters, with standard configurations using automated deployment scripts. This is planned to be done using Container-based technology. The acquisition of the hardware etc. for these data centers is in process. Tenderers response: [How will you implement the proposed TO-BE solutionsolution using the specified technologies] Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros Pros, cons and Consanticipated challenges in the implementation of the TO-BE solution] Alternatives? [Provide alternative solutions to the problemproblem and/or improvements of the TO-BE solution to address challenges given] Example Technical Case (Possible Task) 6: Decentralized Authentication, Authorization and Accounting Situation: Most of the systems have been implemented with their own Access method in order to provide Authentication and Authorization features. TRA uses Windows Active Directory and Oracle Identity and Access Manager for authentication, password Synchronization and Access Management workflow. This to some extent has been possible to internal users especially on password synchronization. But still most of the systems use their own authentication. External stakeholders access various TRA web applications through various different channels and portals. These various portals exhibit different login features and management of user identities. Consequently, the users experience a variety of entry channels and external users need to maintain several credential sets to access TRA services. This can be unsatisfying for the TRA and lower the user experience. The process however also exposes the environments to vulnerabilities as some users may have access to parts of the applications which are not needed. On system to system level external entities such as banks and service providers have VPN connections to the systems they need access to which may be a threat once the VPN access is misused. Constraint: Furthermore the country’s national IDs are yet to be issued to all citizens. Most of the registration process for companies is still manual and not linked. TRA has it's own process for registering individual tax payers and citizens which also requires maintaining biometric records in order to avoid non-existence individuals and multiple registrations. Clients thoughts on TO-BE Solution Long term solution for this is to implement Central Secure Access Solution with multifactor authentication. Interim solution to implement a Login portal that will centrally manage external user identities and limit their access to the necessary resource. Tenderers response: [How will you implement the proposed TO-BE solutions] Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros and Cons] Alternatives? [Provide alternative solutions to the problem] Example Technical Case (Possible Task) 7: Network Security (Zones and Environment) Situation: TRA has a flat network where applications, users, database are one internal zone and a DMZ zone for public accessible resources. Access to internal network is not restricted. Systems to systems interfaces with external stakeholders are connected through VPN to the internal zone. TRA has gadgets with Simcards that facilitate communication to internal servers. These Simcards are connecting through APN. Limited separation of network zones poses challenges in containing and identifying security holes. Also potential intruder can have access to systems once they enter TRA building and plug in LAN. Constraint: Some of the applications are client server based architecture and require client application installed in user PC to connect directly to database server. Users are still not technology savy. Clients thoughts on TO-BE Solution In order to address challenge, client plans to separate network into at least six zones: Guest for internet access to unauthenticated users, User zone for domain authenticated workstations, internet façade zone for web application that will available to external clients, application zone for application server, database zone for database and file servers and Admin server for tools that will be used for monitoring and management activities. Tenderers response: [How will you implement the proposed TO-BE solutions] [How solutions][How will you manage and Secure Simcards communication in the TO-BE solutions] How will you address all the given constraints without impairing Security Pros/Cons? [Critically assess the proposed TO-BE Solution in terms of Pros Pros, cons and Cons] anticipated challenges in the implementation Alternatives? [Provide alternative solutions to the problem and Solutions to improve this configuration] Schedule 2.2 – Proposed organization This Schedule should include: Schedule 2.3 - CV's for all Key Personnel