4. MIS and Computerization Functional Specifications

8/10/2019 4. MIS and Computerization Functional Specifications

1/71

Capacity Development of

Civil Aviation Authority of Nepal

MIS and Computerization

Functional Specifications

MAY2013


2/71

MIS and Computerization Functional Specifications Page 2 of 71

Index

1 Functional Specifications Introduction .............................................................................. 4

2 Requirements gathering ................................................................................................... 5

3 Requirement Definition..................................................................................................... 63.1 Functional requirements ........................................................................................... 7

3.1.1 MIS Functional Requirements............................................................................. 9

3.1.1.1 Airport Operational Data Base ..................................................................... 9

3.1.1.1.1 AODB Access ...................................................................................... 10

3.1.1.1.2 AODB Update ...................................................................................... 11

3.1.1.1.3 AODB Historical Data Conservation..................................................... 12

3.1.1.2 Lightweight Directory Access Protocol ....................................................... 13

3.1.1.2.1 LDAP Access....................................................................................... 14

3.1.1.2.2 LDAP Exceptions ................................................................................. 15

3.1.1.2.3 LDAP Groups Management ................................................................. 16

3.1.1.2.4 LDAP Update....................................................................................... 17

3.1.1.2.5 LDAP Users Management ................................................................... 18

3.1.1.3 Records Management ............................................................................... 19

3.1.1.3.1 Documents Access .............................................................................. 21

3.1.1.3.2 Documents Creation ............................................................................ 22

3.1.1.3.3 Documents Sharing ............................................................................. 23

3.1.1.3.4 Documents update/delete .................................................................... 243.1.1.4 Web Publications....................................................................................... 25

3.1.1.4.1 Web publication on demand................................................................. 26

3.1.1.5 E-mail adoption.......................................................................................... 27

3.1.1.5.1 Corporate e-mail establishment ........................................................... 28

3.1.1.6 CAAN web site .......................................................................................... 29

3.1.1.6.1 Web site powered by CMS System...................................................... 30

3.1.1.7 New organization web site......................................................................... 31

3.1.1.7.1 New organization web site powered by CMS System .......................... 32

3.1.1.8 Historical Operations Registry ................................................................... 33

3.1.1.9 Corporate Tables....................................................................................... 34

3.1.2 Other Functional Requirements ........................................................................ 35

3.1.2.1 Enterprise Resource Planning ................................................................... 36

3.1.2.1.1 ERP Access......................................................................................... 37

3.1.2.1.2 ERP Reporting..................................................................................... 38

3.1.2.2 New structured cabling for CAAN Offices at Babar Mahal (1) .................... 39

3.1.2.3 New structured cabling for CAAN Offices at Babar Mahal (2) .................... 41

3.1.2.4 Networking infrastructure for CAAN Offices at Babar Mahal ...................... 43

3.1.2.5 Data Center for CAAN Offices at Babar Mahal .......................................... 45


3/71


3.1.2.6 Internet Service Provision for CAAN Offices at Babar Mahal ..................... 46

3.1.2.7 Computing Equipment for CAAN Offices at Babar Mahal .......................... 47

3.1.2.8 Implement the Help Desk Function at CAAN Offices at Babar Mahal ........ 49

3.2 Non-functional requirements or technical requirements .......................................... 50

3.2.1 Availability ........................................................................................................ 51

3.2.2 Backup ............................................................................................................. 52

3.2.3 IT service continuity (ITIL procedure)................................................................ 53

3.2.4 Extensibility ...................................................................................................... 54

3.2.5 Fault tolerance.................................................................................................. 55

3.2.6 Interoperability .................................................................................................. 56

3.2.7 Licensing .......................................................................................................... 57

3.2.8 Maintainability................................................................................................... 58

3.2.9 Performance..................................................................................................... 59

3.2.10 Platform compatibility .................................................................................... 60

3.2.11 Scalability...................................................................................................... 61

3.2.12 Security......................................................................................................... 62

3.2.13............................................................................................................................. 62

3.2.13.1 Security controls (1): Access management ............................................... 63

3.2.13.2 Security controls (2): Awareness & training............................................... 64

3.2.13.3 Security controls (3): Audit & Accountability .............................................. 65

3.2.13.4 Security controls (4): Certification, Accreditation, and Security

Assessment................................................................................................................ 663.2.13.5 Security controls (5): Physical and Environmental Protection.................... 67

3.2.13.6 Security controls (6): System and Communications Protection ................. 68

3.2.13.7 Security controls (7): System and Information Integrity ............................. 69

4 Functional Description.................................................................................................... 70

4.1 Record management .............................................................................................. 71

4.2 Web sites ............................................................................................................... 71

4.3 Airport operational software.................................................................................... 71


4/71


1 Functional Specifications Introduct ion

In this document, Ineco MIS team will detail the functional requirements

detected for the future Nepal CAAN and the proposed NAANSA.

These requirements will be listed and explained, in order to get a better understandingof what the real needs of both organizations are. Understanding of this document bythe responsible officials in this area is a critical point, because this will be the base forthe future MIS infrastructure.

After that, the functionalities of the main parts in MIS infrastructure will be explained,and the scope of the applications and concepts as access, tasks and functions will bedetermined.

This document will be constantly under review to reflect the current situation.
http://dev.ineco.es/confluence/display/NEP/Functional+Specifications+Introductionhttp://dev.ineco.es/confluence/display/NEP/Functional+Specifications+Introduction


5/71


2 Requirements Gathering

The requirements gathering process is the first phase of software development,

collecting all the information necessary to improve the organization procedures.

Requirements establishment is the first step to agree on and visualise the rightproduct. A requirement gathering is a vital part of the systems engineering process. Atthe beginning, it defines the problem scope and after that, it links all the relativeinformation to them through their functional analysis.

The Requirements gathering task is critical to the success of any project. Anyrequirement must be collected clearly and all stakeholders in the project must beinvolved in this task.

This kind of tasks are open while the project is alive, and frequently new requirementswill appear in any phases of the project (definition, analysis, develop, test,maintenance, etc.). In other words, requirements gathering belongs to life cycleworkflow of projects and never finishes completely.


6/71


3 Requirement Definit ion

A common Requirement definit ion drawn f rom IEEE-STD-1220-1998 (IEEE 1998):

Requirement is a statement that identifies a product or process operational, functional,or design characteristic or constraint, which is unambiguous, testable or measurable,and necessary for product or process acceptability (by stakeholders).

Requirements are the basis of any project, defining what the stakeholders users,customers, suppliers, developers, businesses in a new (or legacy) potential systemneed from it, and also what the system must do in order to satisfy that need.

One of the goals of this document is to present a standardized template to collect

requirements and the MIS team will use it to collect all requirements orderly.

There are two kinds of requirements: functional and non-functional. The Definitions andmain differences between them will be discussed in further sections of this document.


7/71


3.1 Functional Requirements

To simplify the collection of MIS project requirements, two different kinds ofrequirements will be used, as described below:

First level requirements: this kind of requirements defines high levelnecessities. In other words, one first level requirement will identify businessrequirements to improve tasks, productivity or enhance workflows. Every firstlevel requirement will match with a whole application to solve a businessnecessity. In fact, they will be "the product vision process" for a new tool. Thesetypes of requirements have to be detected and have to be estimated roughly intime and budget by CAAN staff.

Second level requirements: through an analysis of "product vision" thesekinds of requirements will appear. Stakeholders of a new application mustcollect requirements of any functionality that they need, to cover their functional

necessities. Every one of these requirements must satisfy the following list offeatures:

o Completeo Specific, unambiguous.o Testable or measurableo Prioritizedo Achievable, realistico Connectedo Signed off by the client

It is not mandatory that all requirements must be considered as a new application (firstlevel requirements) or they must be included in the final product (second levelrequirements). All of them must be analysed and estimated in cost and effort todeterminate if they are affordable. However, only a few requirements show upintentionally with a must, these are the mandatory ones.

To maintain minimum traceability between requirements is very important to highlightany dependence between requirements. This approach allows maintaining arequirements hierarchy.


8/71


This is the template to fill up in order to define a new functional requirement.

Functional requirement

First Level

Second Level Dependent requirement

idName

Id

Date

Description

Acceptance Measure

Tester

Extra information


9/71


3.1.1 MIS Functional Requirements

3.1.1.1 Airport Operational Data Base


First Level

Second Level Dependent requirementid

Name Airpor t Operational Data Base (AODB)

Id F-0001

Date

Description

Air Operational database (AODB) is a type of database inwhich all the air operations of a concrete area arerecorded.It is known that in TIA Airport there is a kind of this type ofsoftware, installed by a Dutch company. This database

might be enough to cover this software requirement.It must be taken into account that this information mightincrease its size rapidly. This data model should beevaluated in order to determine if it is only valid for the TIAairport, or it could be expanded to entire model informationof air operations in Nepal.This operational information is crucial to make reports andpredictions. The airport master plans are based onhistorical information, and this information must be storedin a single place, centralised and easy to access toallowed users.Operational mistakes and non-coordinated information will

be reduced if an AODB is created and used. Theinformation stored on that database might be exploited invery different ways, giving information to create newroutes, total passengers amounts, companys informationand so on.In order to facilitate the queries to this kind of database,some queries might be stored, and executed during thenight or in low loaded periods. Reports and graphs couldbe generated using this information.This data base will be one of the key of the ITinfrastructure, it will be interoperable with the purpose of allof the CAAN applications can connect with it.

Acceptance MeasureThe solution proposed must write down all airportoperations and their associate information, and AODBmust contain with methods to be interoperable.

Tester TBD

Extra information

MIS team was informed that TIA airport has alreadyinstalled a similar solution in their IT systems to show realtime arrivals and departures to passengers, whichprobably could be analysed and reused in order to improveit and built a full solution to both problems.


10/71


3.1.1.1.1 AODB Access


First Level


F-0001

Name AODB Access

Id F-0001-01

Date

Description

The Air Operations database (AODB) must be accessiblefrom other applications as Flight Information Displays(FIDs) inside the TIA airport, web sites, or even any otherif required.

To get this goal, it is important that the AODB design

covers this requirement, and to create formal and secureways to access to this data.

An Access Public Interface (API) is the key concept to getthe information accessible to the granted entities.

Acceptance MeasureAODB data must be accessible through an API to grantedentities.

Tester TBD

Extra information


11/71


3.1.1.1.2 AODB Update


First Level


F-0001

Name AODB Update

Id F-0001-02

Date

Description

The Air Operations database (AODB) must be updated ontime and its information must be up to date in the samereal-time approach as now.

To get this goal, it is important that the AODB allows to thecurrent responsible to this task, to enter the flight data andits updates in a friendly interface avoiding data replication

and failures.

There will be just some users who should be allowed toupdate the information gathered in the AODB.

Acceptance Measure AODB data must be updated in a real time approach.

Tester TBD

Extra information


12/71


3.1.1.1.3 AODB Historical Data Conservation


First Level


F-0001

Name AODB Historical Data Conservation

Id F-0001-03

Date

Description

The Air Operations database (AODB) must keep thehistorical operations information.

This is crucial to build reports and statistics information tomake studies and traffic forecast.

This information must be storaged in secondary storageunits, but the processes to extract the AODB informationand to store in the secondary unit must be taken intoaccount

Acceptance Measure AODB data must be kept.

Tester TBD

Extra information


13/71


3.1.1.2 Lightweight Directory Access Protocol


First Level Second Level Dependent requirement

id

Name Lightweight Directory Access Protocol (LDAP)

Id F-0002

Date

Description

The Lightweight Directory Access Protocol (LDAP) is anapplication protocol for accessing and maintainingdistributed directory information services over a network.

Directory services may provide any organized set ofrecords, often with a hierarchical structure, such as a

corporate email directory.

LDAP is required in order to maintain the security accessto information. This is a transversal requirement in all theteams, in order to guarantee the data protection. LDAP isan electronic representation of the corporate structure.This structure is currently being defined and will determineroles and grants.

Anyway, it is possible to assign special permissions toconcrete information or document to a single user. Theseexceptions are defined over the standard hierarchicaldefinition of the entire organization, and must becontinuously reviewed in order to keep the informationcontrol access up to date.

LDAP is a key concept in any sharing information system,and must be defined carefully. Ineco offers its experienceto CAAN staff to show how it works, and how to define thedifferent roles and permissions.

All the systems that are going to be installed will delegateits access rules to the LDAP.

Acceptance Measure All security policies defined will be able to be implementedin the corporate LDAP System.

Tester TBD

Extra informationLDAP is specified using the description language. Thislanguage is well-documented in several places, and iseasy to learn.


14/71


3.1.1.2.1 LDAP Access


First Level


F-0002

Name LDAP Access

Id F-0002-01

Date

Description

LDAP must be accessible from any corporate applicationin the CAAN new organization and in the future airnavigation organization. LDAP must to be the tool to grantany access to any resource, and it must work in atransparent way for final users.

In order to get this goal, any corporate application musthave LDAP compatibility, and restricted accessconfiguration.

The configuration and/or modifications to these accesspolicies must be access restricted to specific users groups.

Acceptance MeasureLDAP will be the way to grant the access to any corporateresource

Tester TBD

Extra information


15/71


3.1.1.2.2 LDAP Exceptions


First Level


F-0002

Name LDAP Exceptions

Id F-0002-02

Date

DescriptionLDAP must be able to accept exceptions in itsconfiguration to allow single users to access to anyresource in any application configured with it.

Acceptance Measure LDAP will be able to grant single users to single resources.

Tester TBD

Extra information


16/71


3.1.1.2.3 LDAP Groups Management


First Level


F-0002

Name LDAP Groups Management

Id F-0002-03

Date

Description

LDAP must be able to accept groups management inorder to facilitate the initial configuration of a group ofusers. These users can belong to the same department, orjust have common features that, using groups, would beconfigured just once.

Acceptance Measure LDAP will be able to configure groups of users.

Tester TBDExtra information


17/71


3.1.1.2.4 LDAP Update


First Level


F-0002

Name LDAP Update

Id F-0002-04

Date

DescriptionLDAP must be configured and updated any time the taskmust be required. This action will be restricted to grantedusers.

Acceptance Measure It will be possible to update the LDAP configuration.

Tester TBD

Extra information


18/71


19/71


3.1.1.3 Records Management



id

Name Records management (RM)

Id F-0003

Date

Description

Records management is the practice of maintaining therecords of an organization from the time they are createdup to their eventual disposal. This may include classifying,storing, securing, and destruction (or in some cases,archival preservation) of records and reports in any kind offormat (doc, xls, pdf, ect.).

A more concrete definition of an EDRM (Electronicdocument and records management system) would be anautomatic system that is used to create original orversioned documents, track and store them through anorganization.

These kind of systems are used to keep documents in anorganization that has the need of sharing and updatingdocuments through different agents. During this process,the document is created, updated, reviewed, versioned or

just read.

This kind of system is always based on a hierarchicalpermissions system that only allows the access to adocument to users that are granted to do.

In CAAN there is a need of sharing information. One of thebig problems of the current organization is the duplicity ofthe same information because the information is notcentralised. With this kind of software, all the differentversions of the same document will be tracked. All thechanges done by a user might be reviewed and the samefile will be distributed through the system in order toreduce to zero the loss of information.

IT security programs will include procedures for storing,handling and destroying information media, supporting therecord life-cycle, including sanitization of the informationsystem media, both digital and non-digital, prior to disposalor release for reuse.

These programs will be aligned with the Record RetentionPolicy.


20/71


Acceptance Measure

All kind of reports, records, documents, etc. generated,must be managed by this system, and all of them must beavailable to be shared with someone else (distributeddocument) or whoever has been allowed (workingdocument).

All the teams involved in the future organization design willdemand this software to guarantee the information integrityand the access control.

Tester TBD

Extra informationWith this kind of system, it is guaranteed always that thelatest and the most updated information are checked in allthe times that this piece of information is needed.


21/71


3.1.1.3.1 Documents Access


First Level


F-0003

Name

Id F-0003-01

Date

Description

The system must be accessible from any computer insidethe organization. This access will be granted through anidentification login page.

Using the LDAP configuration, this access will beconfigured and restricted to single users or groups.

Acceptance MeasureThe system must be accessible to the members of staff,and the access to the different sections and actions mustbe granted separately.

Tester TBD

Extra information


22/71


3.1.1.3.2 Documents Creation


First Level


F-0003

Name

Id F-0003-02

Date

Description

Users must be able to create documents in the sectionswhere they are allowed to.

This documents must be uploaded from their hard disk andwill be kept in the system since this moment

Acceptance Measure The system must allow users to create documents.

Tester TBD

Extra information


23/71


24/71


3.1.1.3.4 Documents update/delete


First Level


F-0003

Name

Id F-0003-04

Date

Description

Users must be able to update or delete documents in thesections where they are allowed to.

Updates will be versioned. Each version will save theauthor, date, changes done and comments.

Users will be allowed to update or delete their owndocuments, and the documents in which they are allowedto.

Acceptance MeasureThe system must allow users to update or deletedocuments.

Tester TBD

Extra information


25/71


3.1.1.4 Web Publications



id

Name Web publications

Id F-0004

Date

Description

Nowadays, websites are the public face in front of theworld.

This websites represent the image that an organizationwants to show to the rest of the world.

The CAAN website is not only this image. CAAN websitemust be the place where important information aboutNepal and its air navigation must be collected and sharedwith the general public.

In concrete, there is some information that must be sharedand published by law. Following the indications of airnavigation experts, Ineco encourage to public AISinformation on the website firmly and regularly.

Therefore, there is a need to create channels to public

information on the current or future websites.

Not only general information must be shown on thesewebsites, but technical information might be required.

Some of the reports based on AODB data could be sharedtoo, in order to give accuracy information to the potentialvisitors or air navigation experts around the world.

Acceptance MeasureAIS documents will be published under the laws related,with the purpose to enforce the law.

Tester TBD

Extra information Some technique to do publications in real time can beimplemented to publish in CAAN or TIA websites, but AISpublication won't be necessary to be real time.


26/71


3.1.1.4.1 Web publication on demand


First Level


F-0004

Name Web publi cation on demand

Id F-0004-01

Date

Description

Web publication mechanisms must be developed.

Some information must be published automatically to theofficial web sites on demand. These mechanisms could bedirectly implemented on the Document Management, or inother application.

This publication must be a robust mechanism andtransparent to final users

Acceptance MeasureDocuments can be published to the officials websitesthrough an automatic mechanism on demand

Tester TBD

Extra information


27/71


3.1.1.5 E-mail adoption


First Level


Name E-mail adoption

Id F-0005

Date

Description

The e-mail communication is the way that modernenterprise communication works. It is so crucial thatsometimes the e-mail address is the authentication tokenin internal systems, and the corporate systems identifyusers by their id.

CAAN and the new air navigation organization must adapt

to this way of communication and distribute information:not only text but files and events or meetings must bedistributed by e-mails across their staff and with any otherprofessional of any other part of the world.

These e-mail addresses must belong to the CAAN and thenew air navigation organization, and their technical staffmust administer them. Nowadays, there is no reason tonot use it, and adapt it as the corporate way of working.

Acceptance Measure

Members of the staff of the CAAN and new air navigationwith their e-mail address distributed and working properly,

and adopting the e-mail as the corporate way ofcommunication.

Tester TBD

Extra information Task on progress


28/71


3.1.1.5.1 Corporate e-mail establishment


First Level


F-0005

Name Corporate e-mail establishment

Id F-0005-01

Date

Description

Corporate e-mail addresses must be distributed throughthe staff.

E-mail client and reader must be installed on eachcomputer in order to facilitate its establishment.

This e-mail address may be the user id to access to thedifferent systems.

Acceptance Measure Any staff member must have a corporate email address.

Tester TBD

Extra information


29/71


3.1.1.6 CAAN web site


First Level


Name CAAN web site

Id F-0006

Date

Description

The CAAN web site must be rebuilt.

A new analysis and redesign must be carried out in orderto obtain a better public image of the organization, andcovering all the information needs.

The new web site must take into account the newtendencies on internet, trying to give to the organization anew look and feel, well in keeping with the Nepal efforts tomodernize its aeronautical sector.

A deep study of the information structuration should becarried out as well, trying to cover all information needs ina well-structured web site. This is crucial in order to get abetter user experience that guarantees the visitorssatisfaction and the access to the proper information fastand with accuracy.

Acceptance Measure

New modern web page with a full redesign, that will offer

the current information and will cover the future needs. Itmust support web publications.

Tester TBD

Extra information


30/71


3.1.1.6.1 Web site powered by CMS System


First Level


F-0006

Name Web site powered by Content Management System

Id F-0006-01

Date

Description

In order to improve the maintenance and the functionalityof the CAAN's web site, it is critical to have a well-supported Content Management System like Joomla,Drupal, etc.

Acceptance MeasureWeb site developed using a Content ManagementSystem.

Tester TBD

Extra information


31/71


3.1.1.7 New organization web site


First Level


Name New organization web site

Id F-0007

Date

Description

The new organization must have a web site.

An exhaustive analysis must be carried out in order toobtain all the information needs and its structuration.

The new web site must take into account the newtendencies on internet, trying to give to the organization anappropriate look and feel, well in keeping with the Nepalefforts to modernize its aeronautical sector.

As the CAAN web site, this is crucial in order to get a gooduser experience that guarantees the visitors satisfactionand the access to the proper information fast and withaccuracy.

Acceptance MeasureWeb page with an attractive and modern design, coveringthe information needs. It must support web publications.

Tester TBD

Extra information


32/71


3.1.1.7.1 New organization web site powered by CMS System


First Level


F-0007

Name New organization web site powered by CMS System

Id F-0007-01

Date

Description

In order to improve the maintenance and the functionalityof the new organization's web site, it is critical for the website to be powered by a well-supported ContentManagement System.

Acceptance Measure Web site developed using a Content Management System.

Tester TBD

Extra information


33/71


34/71


3.1.1.9 Corporate Tables


First Level


Name Corporate Tables

Id F-0009

Date

Description

The corporate tables are the place to stored commoninformation about the airport daily work, as companies,airports and so on.

This information must be centralised in order to reduceredundant information, minimize the typing mistakes andto create a unique place where every department can

access and get update and official information, avoidingpaperwork and keeping the key information inside thecompany.

These tables must be allocated in an internal data baseinstalled in the Data Center, and accessible through theinternal MIS system.

This information must be kept by the technical IT staff, andthe historical evolution of any information must be tracked.

Acceptance MeasureCommon corporate information must be stored in a

centralised data base.Tester TBD

Extra information


35/71


3.1.2 Other Functional Requirements

Although there are lot of applications already detected by the MIS infrastructure, othersoftware requirements have been detected.

The main application of this type is the ERP. ERP (Enterprise Resource Planning)software is the specific software used to billing clients and economic control issues thatit belongs to financial field.

Obviously, there is a need of this kind of software on both organizations, and they mustto be taken into account although they do not belong to MIS field.

Besides that, there are infrastructure necessities that have been collected andexplained on this section.


36/71


3.1.2.1 Enterpr ise Resource Planning


First Level


Name Enterprise Resource Planning

Id F-0010

Date

Description

Enterprise resource planning (ERP) systems integrateinternal and external management information across anentire organization, embracing finance/accounting,manufacturing, sales and service, customer relationshipmanagement, etc.

ERP systems automate this activity with an integrated

software application. The purpose of ERP is to facilitatethe flow of information between all business functionsinside the boundaries of the organization and manage theconnections to outside stakeholders.

It was previously mentioned that this software is not part ofthe MIS itself. This software has to be used just by thefinancial department, and the concept of MIS architecturedoes not cover this part, but it has to be taken into accountas other piece of software that has to be integrated withMIS does not exist currently.

In concrete, this software is demanded by the financialTeam in order to organize the accounting tasks of thefuture organization. Not only providers expenses but alsocompany taxes are included on this software requirement.

This system has to be accessible only by the financialdepartment of the new organization. There will be someinformation just accessible by certain members of the staff,so in addition, LDAP is demanded.

Acceptance MeasureThe solution proposed allows managing the accounting ofboth organizations separately.

Tester TBD

Extra informationAn important task in this requirement will be inquiry andchoose the suitable commercial product.


37/71


3.1.2.1.1 ERP Access


First Level


F-0011

Name ERP Access

Id F-0010-01

Date

Description

The ERP must be accessible from any computer inside theAccounting department. This access will be grantedthrough an identification login page.

Using the LDAP configuration, this access will be

configured and restricted to single users or groups.

Acceptance MeasureERP must be accessible to the members of the accountingstaff, and the access to the different sections and actionsmust be granted separately.

Tester TBD

Extra information


38/71


3.1.2.1.2 ERP Reporting


First Level


F-0011

Name ERP Reporting

Id F-0010-02

Date

Description

The information storage inside the ERP must beaccessible in order to generate automatic reports aboutaccounting department activities. These reports must bedefined by the appropriate users and they must be flexibleand dynamic enough to satisfy the business needs.

Acceptance Measure The ERP reports generation must be possible.

Tester TBD

Extra information


39/71


3.1.2.2 New structured cabling for CAAN Offi ces at Babar Mahal (1)


First Level

Second Level

Dependent requirementid

NameNew structured cabling for CAAN Offices at BabarMahal: Rooms & condui ts

Id F-0011

Date

Description

The CAAN organization office at Babar Mahal requires anew structured cabling, which will provide acomprehensive telecommunications networkinginfrastructure.

This infrastructure serves a wide range of uses, allowing

workstations, laptops and smartphones to connect tonetwork and business application services, residing in thecomputing facilities available in the Data Center Room,and data, voice and video transmission.

The structured cabling is one of the most complex andexpensive installations of a building, comprising differentconstruction spaces, fixtures, electronics, etc.

Regarding construction requirements, the six prominentconstruction elements/spaces required are:

Entrance facility, where the telecommunicationsservice connects to the building network.

Equipment room in the Data Center Room,located close to the main backbone pathway toallow for easier connection. Data Center Room willbe defined in another functional requirement.

Backbone pathway (intrabuilding), use to placebackbone cables between the equipment room andthe entrance facility, the entrance facility and thetelecommunications room or the equipment roomand the telecommunications room.

Telecommunication rooms, spaces that act asthe common access point between backbone andhorizontal distribution pathways, one per floor.

Horizontal pathways, facilities used in theinstallation of horizontal cabling from the work areaoutlet to the telecommunications room.

Work areas, locations where occupants interactwith telecommunications devices. Those workareas will have to be renovated in order to providethe appropriate telecommunication outlets.

Being the CAAN current offices an ancient building at

Babar Mahal, an analysis must be carried out to obtain allthe information about rooms, accessible shafts or


40/71


passages through the floors and ceiling areas, freesleeves, trays and conduits available, etc.

The aforementioned areas will have to be identified in thebuilding prior to refurbish them for the new functions.

Acceptance Measure Compliance with the ANSI/TIA/EIA-569B standard specsand guidance, in terms of sizing, % space filling, etc.

Tester TBD (Ineco QA)

Extra information


41/71


3.1.2.3 New structured cabling for CAAN Offi ces at Babar Mahal (2)


First Level


NameNew structured cabling for CAAN Offices at BabarMahal: Cabling system

Id F-0011-01

Date

Description

The CAAN organization office at Babar Mahal requires anew structured cabling, which will provide acomprehensive telecommunications infrastructure.

This infrastructure serves a wide range of uses, allowingworkstations, laptops and smartphones to connect to

network and business application services, residing in thecomputing facilities available in the Data Center Room,and data, voice and video transmission.

Cable is the fabric that connects every LAN device, eithertalker or listener:

- Horizontal cabling, portion of the cabling systemwith a star topology that extends from the workarea outlet, through the cabling in thewall/ceiling/floor and then to the patch panel in the

telecommunications room.

The system will also include the patch cordsat thework area outlet to connect the user LANdevices/adapters, and patch cords in thetelecommunications room.

- Backbone cabling, Multipair cables with athermoplastic insulating cover, assembled intobinder groups, or fiber cable, between theequipment room and the entrance facility, theentrance facility and the telecommunications room

or the equipment room and the telecommunicationsroom

Cables terminate in connecting hardware, which could alsobe required, depending on the Office layout:

- Main cross connect in telecomm room

- Intermediate cross connect

- Horizontal cross connect

- Horizontal cabling transition points

- Consolidation points- Telecommunications outlets in the work areas,


42/71


close to the users

Acceptance Measure

Compliance with the ANSI/TIA/EIA-568B standard specsand guidance, in terms of resistance, attenuation, etc.

Most horizontal cabling will follow Cat 5e or 6a standards


Extra information


43/71


3.1.2.4 Networking infrastructure for CAAN Offices at Babar Mahal


First Level


idName

Networking in frastructure for CAAN Offices at BabarMahal

Id F-0012

Description

The CAAN organization office at Babar Mahal requires anew networking and telecommunications infrastructure,with the following managed (thru a 3 rd party) orunmanaged enabling elements:

Local Area Network routers and switches, toconnect the different networks and workstations

and devices between them, the DMZ and theoutside world through Internet. They cover thelayers 1 to 3 in the Open Systems InterconnectionISO standard and are the corner stone of thecommunications realm.

Firewalls,sitting between routers and applicationsservers and providing access control, with packetor application filtering capabilities available.

Load balancing components to distribute overallload on your Web or application servers, or todistribute specific demand according to the kind oftask to be performed.

Name servers, to respond to naming queries andidentify the IP address of components andservices.

Storage Area Network elements to make storageindependent of the servers used in conjunction withit. SAN can accelerate the time to recover, using anon-functional server and without having torelocate the storage drives.

CAAN Organization should also add a couple moreelements to comply with the Security ControlRequirements later stated:

- Demilit arized Zone, DMZ, which will separate thecorporate network or internal network from theInternet. The DMZ is a tightly secured area intowhich you place servers providing Internet servicesand facilities e.g. web servers.

- Proxies, to avoid any potential danger whenaccessing to Internet, A machine requiring accessto the Internet can pass its request onto the proxy,which in turn makes the request on the machinesbehalf, shielding it.

Acceptance MeasureFor performance, using a stress test probe to evaluatebottlenecks: maximum concurrent connections to high-


44/71


impact information servers, traffic volume through theproxy per second, etc.

For Security Control, IT Continuity Services, please referto NF-0003 and NF-0012.6

Tester TBD (Ineco QA)Extra information


45/71


3.1.2.5 Data Center for CAAN Offices at Babar Mahal


First Level


idName Data Center for CAAN Offi ces at Babar Mahal

Id F-0013

Description

The CAAN organization office at Babar Mahal requires anew Data Center with a minimum reliability of 99,671%(Tier I Basic TIA 942 standard, based upon UptimeInstitute benchmarks):

Susceptible to planned or unplanneddisruptions

Single path for power and cooling distribution,

without redundant Data Center components(excluded network and computing infrastructure).

No need for raised floor or generator. UPS isconsidered a must (not in Tier I).

Some measures for fire suppression : firedetection, early warning smoke detection andwaterleak detection.

Annual downtime of 29 hours. Complete shutdown for preventive

maintenance.

The Data Center will have enough room to distribute thedifferent network, computing and storage equipment,meeting known and projected maximum requirements:

- Entrance pathways for cabling- Main networking distribution area- Racks with side mounting rails to which equipmentand hardware are mounted.- Pathways to the main distribution area and horizontaldistribution- Hot and cold aisles to optimize cooling provided

appropriate conditions for the installation.

Acceptance MeasureCompliance with standard TIA 942 for Tier I Data Centertype, plus UPS availability


Extra information


46/71


3.1.2.6 Internet Service Provision for CAAN Offices at Babar Mahal


First Level


NameInternet Service Provision for CAAN Offices at BabarMahal

Id F-0014

Description

The CAAN organization office at Babar Mahal must hire abroadband access to Internet, together with a back-upfrom a different provider, to enable access to the Internetfrom the different Business Functions, as well as access tothe corporate web site from everywhere.

Acceptance MeasureResponse times and download times to measure the realbandwidth, within acceptable limits of contract ServiceLevel Agreement.


Extra information


47/71


3.1.2.7 Computing Equipment for CAAN Offices at Babar Mahal


First Level


idName

Computing Equipment for CAAN Offices at BabarMahal

Id F-0015

Description

The CAAN organization office at Babar Mahal mustacquire the hardware and software platform that suits theirneeds for application and database services and end-userworkstations.

New servers (hardware + software) must be provided tohost all network services aforementioned, which integrate

with MIS applications e.g. DNS, and for the MISapplications themselves.

Bearing in mind that the application architecture lies on theJava Enterprise Edition or JEE this will restrict our optionsin terms of application and database platform, to mostlikely JBOSS and PostgreSQL. Both platforms will beaimed to host a bunch of applications, particularly the high-impact ones. Fault-tolerant Clustering is not perceived as amust for CAAN Offices at Babar Mahal.

Storage will be provided via a Storage Area Network

infrastructure to allow for flexibility, scalability andperformance, provided managed SAN GBs annual pricesare reasonable.

Regarding workstations, CAAN must also renew a bigchunk of their workstations inventory. It will have to bedecided before the bidding process, whether the mostsuitable platform is a Microsoft Windows one, whichintegrates better with network services like LDAP(Microsoft Active Directory) but requires a powerfulmachine, or a user-friendly linux one, like the Long TermSupport edition of Ubuntu.

The biggest advantage of linux workstations are softwarecosts and the chance to reuse existing and cheapercomputer hardware, being linux usually a less demandingplatform.

Drivers for current printers and other small peripheralsdevices may be an issue, and therefore we must provisionto renew part of the peripherals park.

Acceptance Measure New platforms must integrate seamless in the newnetwork environment and the CAAN corporate domain,


48/71


provide suitable response times and run the entirecorporate application portfolio, plus specific applications,intended for certain end-users, according to the applicationinventory.


Extra information


49/71


3.1.2.8 Implement the Help Desk Funct ion at CAAN Offices at Babar Mahal


First Level


idName

Implement the Help Desk Function at CAAN Offices atBabar Mahal

Id F-0016

Description

The CAAN organization office at Babar Mahal shouldimplement the necessary IT Governance disciplines, tosuccessfully control the infrastructure and providemanaged IT services.

The first organizational change should be to implement aHelp Desk function that will act as a focal point for support

requests like access management, incidents, request forchange, etc.

The Conceptual Plan will develop the Help Desk functionand the IT Governance disciplines. Policies andprocedures will be developed, training materials producedand the IT Staff trained and getting coached.

A productivity tool to support the Help Desk operations willbe configured and deployed, allowing the Organization orother collaborating entities to assign tickets to incomingqueries and track further communications.

It is a traceable mean of managing incoming inquiries,complaints, support requests, defect reports, and othercommunications. Every ticket will have persistence or a"history" showing what happened to it within its life cycle.

The stored information will be the basis to produce keyperformance indicators (KPIs).

Acceptance Measure

Help Desk Organization in place, ready to perform theroles defined by IT Governance good practices.


Extra information


50/71


3.2 Non-functional requirements or technical requirements

In computer engineering terms, a non-functional requirement is a requirement thatdefine the desired system behaviour rather than specific behaviour or functions. Theplan for implementing functional requirements is detailed in the system design anddetermines what a system is supposed to do, whereas the plan for implementing non-functional requirements is detailed in the system architecture and determines how asystem is supposed to be.

Non-functional requirements are often called qualities of a system, and are definedbased on qualities like stability and portability. Non-functional requirements can bedivided into two main categories:

Execution qualities, such as security and usability, which are observable at runtime.

Evolution qualities, such as testability, maintainability, extensibility and

scalability, which are embodied in the static structure of the software system

This is the template to fill up in order to define a new non-functional requirement.

Non-functional requirement template

Name

Id

Date

Description

Acceptance Measure

Tester

Extra information


51/71


3.2.1 Availability

Non-functional requirement

Name Availabi li ty

Id NF-0001

Date

Description

The system availability is the feature to explain the amountof time that a system has to be accessible and working ina proper way. Availability is the proportion of time a systemis in a functioning condition. This ratio between the totaltime and the time that the system was available is the unitto measure this capability.

Acceptance Measure

The solution proposed must be 24 hours available, 7 daysa week. That means that the application must be alive andworking in any single moment. Therefore, deny of serviceperiods must be avoided. To get this goal the entireinfrastructure must be replicated and the electricity supply

must be guaranteed in the DPC.Tester TBD

Extra information


52/71


3.2.2 Backup


Name Backup

Id NF-0002

Date

Description

CAAN should conduct backups of user-level and system-level information (including system state information)contained in all information systems at least weekly.

System backups are automatic regular copies of high-impact information systems. All the key pieces ofinformation must be stored regularly, in order to haverecovery copies just in case an incident happened.

These recovery copies must be storage in separate units,and must be accessible by the system administrators.

These administrators will be in charge to recover thesystem to the most updated state when the system fails.

Another reason to keep former security copies is for theinformation integrity or forensic purposes. This pastinformation could be accessed to check the informationstate and analyse a temporal incident or decision.

Alternate storage sites should be identified and thenecessary agreements initiated to permit the storage ofbackup information for Moderate and High-impactinformation systems.

Acceptance Measure

The solution proposed must storage the DDBB and high-impact information systems daily, to reduce the risk of lossof information.

In addition to that, the information must be kept during onemonth in order to restore the system on a precise date andanalyse its behaviour.

Tester TBD

Extra information


53/71


3.2.3 IT service continuity (ITIL procedure)


Name IT Service Continuity

Id NF-0003

Date

Description

CAAN Organization should maintain a set of IT ServiceContinuity Plans and IT recovery plans that will support theoverall Business Continuity Plans. (beyond the ITboundaries)

Even if primarily IT Service Continuity considers the ITassets and configurations that support the businessprocesses, following a contingency it will be alsonecessary to relocate to an alternative working location,provision may also be required for items such as office and

personnel accommodation, copies of critical paperrecords, courier services and telephone facilities tocommunicate with customers and third parties

IT high-impact information systems should have thecapacity that enables a system to restore operations aftera system complete fail. Alternate telecommunicationsservices must support these high-impact informationsystems to permit the resumption of system operations forcritical mission/business functions.

When an incident happens it is important to have a clear

protocol that explains what to do and how and what torecover. This protocol must be accessible in any moment(even with the system down), and the systemadministrators and backups must know it.

The elapsed time since the system fail and the systemworking again is important to define this protocol. Actually,it is a QA (Quality assurance), and it is important to definethis time in order to determine subsequent measuresrelated to it, as back-up policies or the real reliability of thesystem.

Personnel should also be trained in their contingency rolesand responsibilities with respect to all information systemsand a refresher should be provided annually.

Acceptance Measure

The solution proposed must recover its proper state high-impact information system in less than 24 hour. Theoptimal situation should require less time, but the SLA willestablish what the acceptable delay is and will be basedupon the Business Continuity Policy

Tester TBD

Extra information


54/71


3.2.4 Extensibility


Name Extensibility

Id NF-0004

Date

Description

The Extensibility principle is the feature that means thatthe implementation takes into consideration future growth.It is a systemic measure of the ability to extend a systemand the level of effort required to implement and fullyintegrate the extension. Extensions can be through theaddition of new functionality or through modification ofexisting functionality. The central theme is to provide forchange while minimizing impact to existing systemfunctions.

Acceptance MeasureThe solution will be implemented following this principle,taking into account future improvements and product

integrations.Tester TBD

Extra information


55/71


3.2.5 Fault tolerance


Name Fault tolerance

Id NF-0005

Date

Description

The fault-tolerant design is a design that enables a systemto continue operation, possibly at a reduced level, ratherthan failing completely, when some part of the systemfails. The term is most commonly used to describecomputer-based systems designed to continue more orless fully operational with, perhaps, a reduction inthroughput or an increase in response time in the event ofsome partial failure. That is, the system as a whole is notstopped due to problems either in the hardware or thesoftware.

Acceptance Measure

The solution must be failure tolerant, and must be strong

enough to guarantee the service during the time theapplication is on. To get this goal, this software shouldemit a signal when a potential problem was detected, inadvance, giving enough time to take preventives measuresto solve it without service interruption

Tester TBD

Extra information


56/71


3.2.6 Interoperability


Name Interoperability

Id NF-0006

Date

Description

Interoperability is the feature that describes the facility tointerchange information between different systems, andthe capacity to use it.Another definition to this principle is "Being able toaccomplish end-user applications using different types ofcomputer systems, operating systems, and applicationsoftware, interconnected by different types of local andwide area networks."This feature must be taken into account when a system isdefined, knowing previously which type of devices aregoing to access to the information and its capabilities.

Acceptance MeasureThe solution will be interoperable between the agreeddevices, and the maximum number of functionalities will beaccessible from the less power devices.

Tester TBD

Extra information


57/71


3.2.7 Licensing


Name Licensing

Id NF-0007

Date

Description

The license is the feature that any product has in order toprotect the intellectual property of its creators. With alicense, a licensor may grant a license under intellectualproperty laws to authorise a use (such as copying softwareor using a (patented invention) to a licensee, sparing thelicensee from a claim of infringement brought by thelicensor. A license under intellectual property commonlyhas several components beyond the grant itself, includinga term, territory, renewal provisions, and other limitationsdeemed vital to the licensor.

Acceptance MeasureThe solution must be licensed and this license must belegal. That means that this software will be legal to beused and distributed along the organization.

Tester TBD

Extra information


58/71


3.2.8 Maintainability


Name Maintainability

Id NF-0008

Date

Description

In engineering, maintainability is the ease with which aproduct can be maintained in order to isolate defects andcorrect them, build up new requirements and make easierits future maintenance, and cope with a changedenvironment

In some cases, maintainability involves a system ofcontinuous improvement - learning from the past in orderto improve the ability to maintain systems, or improvereliability of systems based on maintenance experience.

Maintainability will be subjected to Security Policy, to bedeveloped.

Acceptance Measure

The solution proposed will be easy to maintain. Thesoftware designed will follow maintenance patterns toreduce the impact of new requirements and isolate thepotential bugs.

Tester TBD

Extra information


59/71


3.2.9 Performance


Name Performance

Id NF-0009

Date

Description

The system performance is the capacity to keep theoptimal behaviour of the system components at any time,and any physical or logical circumstances (load,temperature, disk occupation, network concurrence)

This performance level must be constant in anyconcurrence and situation. This goal can be preventedusing enough resources to cover all these situations, oradding resources dynamically when an overload situationis happening, in advance.

Acceptance Measure

The solution will keep the performance in the agreedsituations. When an overload situation is detected, thesolution will emit a signal to the application administratorsto alert about an overload situation.

Tester TBD

Extra information


60/71


3.2.10 Platform compatibili ty


Name Platform compatibility

Id NF-0010

Date

DescriptionThe platform compatibility feature is the system capabilityof run into different platforms without penalties inperformance neither extra configuration.

Acceptance Measure

All the software needed to the CAAN and the futureorganization staff will be runnable in the chosen platform,without any extra performance penalties. The platform willbe transparent to final MIS users.

Tester TBD

Extra information


61/71


62/71


3.2.12 Security


Name Security

Id NF-0012

Date

Description

The Security in the field of computer science is a verybroad concept. It may be defined as the ability toguarantee the integrity of the information providing by thesystem, and the access control to it.

The CAAN organization will employ security controls tomeet security requirements defined by laws, executiveorders, directives, policies, or regulations.

Current assumption and going-in position: No matterhow well the environment is defended, attacks are

inevitable and eventually there will be a breach, beingpeople the weakest link. CAAN should therefore be readyfor incident response, business continuity and digitalforensics.

Acceptance Measure

The solution will guarantee the information confidentiality,integrity, providing a mechanism to grant access to theinformation, based upon discrete access lists and usersgroups or roles.

Tester TBD

Extra information

3.2.13A Security schema for Information Assurance (IA):

By Barbara Endicott, University of Washington


63/71


3.2.13.1 Security controls (1): Access management


First Level


id

NF-0012

Name Access Management contro ls

Id NF-0012-1

Date

Description

Minimum requirements presume a clear cut procedure tomanage information system accounts, inactive accounts,conditions for group memberships, assignment ofassociated authorizations, etc.

Appropriate divisions of responsibility and separated dutiesas needed, to eliminate conflicts of interest, should beimplemented.

Access control requires that the system be able to identifyand differentiate among users through accounts. Otheraccount management policies for information systemaccounts passwords enforcement, lockouts, accounttermination, etc. should be implemented as well.

Wifi access usage and portable and mobile devicesaccess should be restricted, monitored and controlled.

If remote access is allowed (employees), Bureaus andOffices shall authorize, monitor, and control all methods ofremote access e.g. multi-factor authentication.

Access from external systems shall be prohibited.

Acceptance Measure

Audit by inspection that information systems restrictaccess to security functions (deployed in hardware,software, and firmware) and security-relevant informationto explicitly authorized personnel: policies & proceduresand logs.Check policies have been implemented and/or applied toinformation system accounts

Tester TBD (Ineco QA)Extra information


64/71


3.2.13.2 Security controls (2): Awareness & training


First Level


NF-0012

Name Awareness and training controls

Id NF-0012-2

Date

Description

Awareness and training will pursue to focus the usersattention on IT security in the users daily routine,whenever there are important threats and weaknesses in asecurity control, changes in the IT Security Program policyor procedures or simply an incident has occurred.

Awareness programs should be developed according todesktop productivity tools employed and the businessapplications portfolio.

Training should be organized, training records maintained,and people should attend security training events at leastonce per year.

Acceptance Measure

Training may be followed by certification.

Check policy has been implemented: documentation,training plan, etc.


Extra information


65/71


3.2.13.3 Security controls (3): Audit & Accountability


First Level


NF-0012

Name Audi t & Accountabi li ty contro ls

Id NF-0012-3

Date

Description

A record of system activity by the system, applicationprocesses and by user activities should be maintained tolog, monitor, and investigate possible security violationsfrom activity involving access to and modification of files.

Audit trails and event logs will help to reconstruct events,

detect intrusions, and identify problems.

Acceptance MeasureCheck policy has been implemented: documentation, audittrails and logs available per workstation, server & MISsystem.


Extra information


66/71


3.2.13.4 Securi ty controls (4): Certif ication, Accreditation, and SecurityAssessment


First Level


NF-0012

Name Certif ication, Accreditation, and Security Assessment

Id F-0012-4

Date

Description

CAAN shall designate in writing a responsible for ensuringadequate planning and compliance with respect to therelevant policies, standards and guidelines issued by TBD(provided such authority exists).

System security plans should be developed for high-impact systems. Each plan shall include a description anddiagram of the IT system boundary which identifiesservers, network resources, and network devices includedwithin this boundary. System Security Plans must containat least:

- Business Impact Assessment- Risk Assessment- Boundary Hardware/Software- Interconnection Security Agreements- Contingency Plan

- Configuration Management Plan & ChangeManagement Plan

Security Test and Evaluation Plans should documentthe scope and procedures for testing the systems controlbaseline. The Security Test and Evaluation Plan willprovide relevant test cases for all devices included withinthe documented accreditation boundary.

Bureaus and offices should employ an independentcertification agent or certification team to conduct anassessment of the security controls in the information

system.

Bureaus and offices shall monitor the security controls inall information systems on an ongoing basis.

Acceptance MeasureCheck System Security Plans are in place for applicationsand systems defined as high-impact, check security testsresults and evaluation plans.


Extra information


67/71


3.2.13.5 Securi ty controls (5): Physical and Environmental Protection


First Level


id

NF-0012

Name Physical and Environmental Protection

Id NF-0012-5

Date

Description

CAAN should document physical and environmentalprotection controls in the IT System Security Plan.

Offices should develop and keep current a list of personnelwith authorized access to the facilities where informationsystems reside and issue appropriate authorizationcredentials. Personnel no longer requiring access to thefacility will be removed from the list.

Offices shall ensure that badges, keys, combinations, andother access devices are secured and inventoriedregularly.

CAAN should ensure that the physical access controls forcomputer and communications rooms, containing largeconcentrations of information system components, areindependent of the physical access controls for the facility.

Acceptance Measure

Check implementation of the measures, and assess

compliance via appropriate control records e.g. audit trailsand logs.


Extra information


68/71


69/71


3.2.13.7 Securi ty controls (7): System and Information Integrity


First Level


NF-0012

Name System and Information Integrity

Id NF-0012-7

Date

Description

CAAN shall identify, report, and correct all informationsystem flaws, identifying any information systemcontaining software affected with potential vulnerabilitiesresulting from those flaws.

A comprehensive patch management and asset

management program should be established, includingperiodic vulnerability scanning.

CAAN shall ensure that flaws discovered during securityassessments, continuous monitoring, incident responseactivities or information system error handling are alsoaddressed expeditiously, following the philosophy alreadyoutlined on the eventuality of a breach.

CAAN must use malicious code protection mechanisms todetect and eradicate malicious code like viruses, worms,Trojan horses, spyware transported by electronic mail and

attachments, Internet accesses, removable media, or byexploiting information system vulnerabilities.

CAAN must employ tools and techniques to monitorevents on Moderate and High-impact information systems,detect attacks, and provide identification of unauthorizeduse of the systems. CAAN must also ensure that high-impact information systems are configured to detect andprotect against unauthorized changes to software andinformation.

CAAN must receive information system securityalerts/advisories on a regular basis, issue alerts/advisoriesto appropriate personnel, and take appropriate actions inresponse.

Acceptance MeasureCheck implementation of the measures, and assesscompliance via appropriate control records e.g. audit trailsand logs.


Extra information


70/71


4 Functional Descrip tion

Each one of the two organizations will have their own systems. These two systemsarchitecture are being designed in a very similar way. Their own working methods

based on workflows are also being considered.

The goal of this new working method is to achieve the information sharing betweencolleagues, therefore every worker will be able to share or get any information,document or report needed in their project.

It is important to highlight that from these new working methods several new moreefficient working processes will emerge. Besides all the information will be stored in aplace, anybody will lost information and every data will have a backup.

Every worker (or user) and all departments will be configured in the LDAP System, inother words, every level of organization chart of each organization will be represented

in that system. LDAP system will have all the information that exists of each itemsdesigned in the organization chart.

A permissions policy must be defined in the LDAP System in both organizations,separately. Not every worker or department will be able to get all the availableinformation, thanks to a custom permission policy the IT department will be able togrant or reject accesses.

Every system designed in MIS will be able to connect with LDAP system and evaluateif a specific user profile has permission to get into an application.

The key of acceptance to the new paradigm of working processes will be the e-mail

system adoption. Every official communication will be by e-mail and all workers musthave an e-mail address to communicate with their colleagues


71/71

4.1 Record management

The record management will be a transversal system. Every application will be able toaccess to it to store or get any digitalized document. All documents may be stored inthat system and due to the LDAP integration and the access policy, not everybody will

access to any stored information, depending on the user level access.

This software will be a key system in the new software platform and it will be able tostore, share or search in all kind of documents.

It is important to highlight that every document may be classified in folders or taggedwith meta-information to simplify the searching or accessing tasks to them.

In addition, it will be able to create workflows to distribute the documents betweenreviewers or recipients, if necessary.

4.2 Web sites

As mentioned earlier, web sites are the public face of an organization in front of theworld.

These web sites must to be updated and the look and feel of them must to be attractiveenough to show how modern the company is and the appropriate image that thisorganization wants to have.

In order to get this goal, some information has to be published automatically from thedaily working tools to the web sites. These web sites must to be powered by CMSsystems that have these publication mechanisms in order to facilitate this information

publication and management.

4.3 Airpor t operational software

In order to collect all the information about operations, a special data base must beimplanted in the TIA and the rest of the airports in Nepal. This information is critical tomanage the airport operations, but it is also the source to build up master plans andprediction studies about the current and the future situation in an airport.

With this goal in mind, one of this data bases must be installed in the CAANorganization.

In addition of that, external software should be used to extract the information collectedon that data base and automatize the reports generation. These reports will extract theconsolidated information and create custom reports depending on the necessities oneach moment.

4. MIS and Computerization Functional Specifications

Documents

Transcript of 4. MIS and Computerization Functional Specifications