Government Information Technology Systems (Management and Handling) Directory, 2071, in accordance with Requirement Analysis Based on Government Enterprise Architecture and Design on the following Guidelines
Requirement Analysis Consideration Guidelines
During requirement analysis for IT Systems for Government entities should consider following aspects/analysis/activities and output shall be documented explicitly, in addition to areas specified by respective agencies, for GEA compliance.
- Requirement analysis should identify services that are critical for citizen, Business or Employee. This analysis should clearly show how and how much these services reduce number of visit, cost and time to get the services from government agencies.
- Analysis should include what are the data to be used in the system. Should classify data based on owner and trustee of those data. It should be clearly shown that which data are owned by the respective agency and shared to other agencies and which are owned by other public entity and shall be used in the system.
- Analysis shall include service sharing requirement among government IT Systems, i.e. should analyze services that are reusable and shared with other agencies and identify services of other agencies that needs to be used by the system.
- Analysis should cover possibility of delivery of services through multiple channels like internet, mobile, mobile apps etc.
- Analysis should cover required business process reengineering or transformation to achieve specified and identified requirement. This transformation process is not possible immediately than short term immediate alternate should be analyzed and documented.
- Analysis should broadly classify data to be used as Confidential, Restricted and Sharable.
- Authentication requirement analysis shall be conducted for internal employee, employee of other agencies who uses services of the system and service seekers. This should also cover possible use of common authentication framework.
- Should include information security risk analysis and risk management capability for the system.
- Requirement analysis should identify private data and should suggest possible models to protect privacy of data.
- Requirement study should include capacity requirement analysis for Infrastructure (Compute, network, Storage etc.) This analysis should include current and future requirement of the system with scalability requirements.
- Requirement for Business Continuity Plan shall also be included in every aspect to ensure smooth operation of the system.
Design Consideration Guidelines
Government entities should adhere to following design principles and should invite system development committee/ ITES providers to follow the enlisted items for design considerations for GEA Compliance:
- Design should adhere to open standards.
- Design should include definition of master data and master data Management should be considered. If data owner is another government agency and master data is already defined then such master data definition shall be used.
- Proper data validation (client or server side) should be clearly depicted in design document, and should include which data are validated in client side and which data are validated in server side.
- Referential integrity should be clearly highlighted in RDBMS design.
- Data Architecture Models and Data Structures should be clearly demonstrated following ER diagram, RUP, etc.
- Design should consider the reuse of existing data and use of data existing with other government entities.
- Types of Access Methods (Technical Channels) supported by the applications should be explicitly included. If there is any specific business requirement for accessing third party service/ gateway, it should justified with design.
- System shall be designed in such a way that it can interface with third party software/application for additional functionality and features to be added in system for current and future requirements. i.e. Demonstrate the flexibility for API based interfacing with third party system.
- Design should include data access layer through which application layer access the data in database. Design should clearly illustrate which module/s is/are responsible for concurrency control and transaction management, and how it is done.
- Design should justify that data access performance requirements are met. Shall include performance optimizer tools and techniques wherever required.
- Design should be based on Layered Architecture Approach for obtaining maximum cohesion with minimum coupling between layers.
- There should be proper exception handling and error reporting mechanisms (eg: IO, SQL, Runtime Exceptions) illustrated in design, for user intuitive response.
- Design should illustrate where and what type of application logs are maintained and how they are secured. Proper Activity Log and Transaction Log should be managed in System Design.
- Robust AAA and TACACS standards based mechanisms should be designed for system and security management.
- Application should designed to be ready for Single Sign On based user authentication service as per business requirement. eg: LDAP. Design should done to enable integration with Common Authentication Framework.
- System shall be based on Service Oriented Architecture (SOA) and design should cater open standard web protocols that can be used by all major OS platforms and can provide HTTP and XML based web service. For eg: SOAP.
- System design should include and able to handle proper granularities of Services which are exchanged with other Government IT Systems.
- External data access to the system shall be design such that all data access are done through data access layer.
- System design should have provision of access from existing BI/Reporting tools, if there are any.
- Industry accepted Encryption standard for data traversing over public network should be used. For eg: FIPS, SwIPe.
- Design should include security management layer in layered composition architecture.
- Design should include Deployment Architecture to meet size, performance and security requirement including load balancing. This design should also meet BCP requirements. Potential performance bottleneck should be identified and addressed in this architecture.