8/10/2019 4. MIS and Computerization Functional Specifications
1/71
Capacity Development of
Civil Aviation Authority of Nepal
MIS and Computerization
Functional Specifications
MAY2013
8/10/2019 4. MIS and Computerization Functional Specifications
2/71
MIS and Computerization Functional Specifications Page 2 of 71
Index
1 Functional Specifications Introduction .............................................................................. 4
2 Requirements gathering ................................................................................................... 5
3 Requirement Definition..................................................................................................... 63.1 Functional requirements ........................................................................................... 7
3.1.1 MIS Functional Requirements............................................................................. 9
3.1.1.1 Airport Operational Data Base ..................................................................... 9
3.1.1.1.1 AODB Access ...................................................................................... 10
3.1.1.1.2 AODB Update ...................................................................................... 11
3.1.1.1.3 AODB Historical Data Conservation..................................................... 12
3.1.1.2 Lightweight Directory Access Protocol ....................................................... 13
3.1.1.2.1 LDAP Access....................................................................................... 14
3.1.1.2.2 LDAP Exceptions ................................................................................. 15
3.1.1.2.3 LDAP Groups Management ................................................................. 16
3.1.1.2.4 LDAP Update....................................................................................... 17
3.1.1.2.5 LDAP Users Management ................................................................... 18
3.1.1.3 Records Management ............................................................................... 19
3.1.1.3.1 Documents Access .............................................................................. 21
3.1.1.3.2 Documents Creation ............................................................................ 22
3.1.1.3.3 Documents Sharing ............................................................................. 23
3.1.1.3.4 Documents update/delete .................................................................... 243.1.1.4 Web Publications....................................................................................... 25
3.1.1.4.1 Web publication on demand................................................................. 26
3.1.1.5 E-mail adoption.......................................................................................... 27
3.1.1.5.1 Corporate e-mail establishment ........................................................... 28
3.1.1.6 CAAN web site .......................................................................................... 29
3.1.1.6.1 Web site powered by CMS System...................................................... 30
3.1.1.7 New organization web site......................................................................... 31
3.1.1.7.1 New organization web site powered by CMS System .......................... 32
3.1.1.8 Historical Operations Registry ................................................................... 33
3.1.1.9 Corporate Tables....................................................................................... 34
3.1.2 Other Functional Requirements ........................................................................ 35
3.1.2.1 Enterprise Resource Planning ................................................................... 36
3.1.2.1.1 ERP Access......................................................................................... 37
3.1.2.1.2 ERP Reporting..................................................................................... 38
3.1.2.2 New structured cabling for CAAN Offices at Babar Mahal (1) .................... 39
3.1.2.3 New structured cabling for CAAN Offices at Babar Mahal (2) .................... 41
3.1.2.4 Networking infrastructure for CAAN Offices at Babar Mahal ...................... 43
3.1.2.5 Data Center for CAAN Offices at Babar Mahal .......................................... 45
8/10/2019 4. MIS and Computerization Functional Specifications
3/71
MIS and Computerization Functional Specifications Page 3 of 71
3.1.2.6 Internet Service Provision for CAAN Offices at Babar Mahal ..................... 46
3.1.2.7 Computing Equipment for CAAN Offices at Babar Mahal .......................... 47
3.1.2.8 Implement the Help Desk Function at CAAN Offices at Babar Mahal ........ 49
3.2 Non-functional requirements or technical requirements .......................................... 50
3.2.1 Availability ........................................................................................................ 51
3.2.2 Backup ............................................................................................................. 52
3.2.3 IT service continuity (ITIL procedure)................................................................ 53
3.2.4 Extensibility ...................................................................................................... 54
3.2.5 Fault tolerance.................................................................................................. 55
3.2.6 Interoperability .................................................................................................. 56
3.2.7 Licensing .......................................................................................................... 57
3.2.8 Maintainability................................................................................................... 58
3.2.9 Performance..................................................................................................... 59
3.2.10 Platform compatibility .................................................................................... 60
3.2.11 Scalability...................................................................................................... 61
3.2.12 Security......................................................................................................... 62
3.2.13............................................................................................................................. 62
3.2.13.1 Security controls (1): Access management ............................................... 63
3.2.13.2 Security controls (2): Awareness & training............................................... 64
3.2.13.3 Security controls (3): Audit & Accountability .............................................. 65
3.2.13.4 Security controls (4): Certification, Accreditation, and Security
Assessment................................................................................................................ 663.2.13.5 Security controls (5): Physical and Environmental Protection.................... 67
3.2.13.6 Security controls (6): System and Communications Protection ................. 68
3.2.13.7 Security controls (7): System and Information Integrity ............................. 69
4 Functional Description.................................................................................................... 70
4.1 Record management .............................................................................................. 71
4.2 Web sites ............................................................................................................... 71
4.3 Airport operational software.................................................................................... 71
8/10/2019 4. MIS and Computerization Functional Specifications
4/71
MIS and Computerization Functional Specifications Page 4 of 71
1 Functional Specifications Introduct ion
In this document, Ineco MIS team will detail the functional requirements
detected for the future Nepal CAAN and the proposed NAANSA.
These requirements will be listed and explained, in order to get a better understandingof what the real needs of both organizations are. Understanding of this document bythe responsible officials in this area is a critical point, because this will be the base forthe future MIS infrastructure.
After that, the functionalities of the main parts in MIS infrastructure will be explained,and the scope of the applications and concepts as access, tasks and functions will bedetermined.
This document will be constantly under review to reflect the current situation.
http://dev.ineco.es/confluence/display/NEP/Functional+Specifications+Introductionhttp://dev.ineco.es/confluence/display/NEP/Functional+Specifications+Introduction8/10/2019 4. MIS and Computerization Functional Specifications
5/71
MIS and Computerization Functional Specifications Page 5 of 71
2 Requirements Gathering
The requirements gathering process is the first phase of software development,
collecting all the information necessary to improve the organization procedures.
Requirements establishment is the first step to agree on and visualise the rightproduct. A requirement gathering is a vital part of the systems engineering process. Atthe beginning, it defines the problem scope and after that, it links all the relativeinformation to them through their functional analysis.
The Requirements gathering task is critical to the success of any project. Anyrequirement must be collected clearly and all stakeholders in the project must beinvolved in this task.
This kind of tasks are open while the project is alive, and frequently new requirementswill appear in any phases of the project (definition, analysis, develop, test,maintenance, etc.). In other words, requirements gathering belongs to life cycleworkflow of projects and never finishes completely.
8/10/2019 4. MIS and Computerization Functional Specifications
6/71
MIS and Computerization Functional Specifications Page 6 of 71
3 Requirement Definit ion
A common Requirement definit ion drawn f rom IEEE-STD-1220-1998 (IEEE 1998):
Requirement is a statement that identifies a product or process operational, functional,or design characteristic or constraint, which is unambiguous, testable or measurable,and necessary for product or process acceptability (by stakeholders).
Requirements are the basis of any project, defining what the stakeholders users,customers, suppliers, developers, businesses in a new (or legacy) potential systemneed from it, and also what the system must do in order to satisfy that need.
One of the goals of this document is to present a standardized template to collect
requirements and the MIS team will use it to collect all requirements orderly.
There are two kinds of requirements: functional and non-functional. The Definitions andmain differences between them will be discussed in further sections of this document.
8/10/2019 4. MIS and Computerization Functional Specifications
7/71
MIS and Computerization Functional Specifications Page 7 of 71
3.1 Functional Requirements
To simplify the collection of MIS project requirements, two different kinds ofrequirements will be used, as described below:
First level requirements: this kind of requirements defines high levelnecessities. In other words, one first level requirement will identify businessrequirements to improve tasks, productivity or enhance workflows. Every firstlevel requirement will match with a whole application to solve a businessnecessity. In fact, they will be "the product vision process" for a new tool. Thesetypes of requirements have to be detected and have to be estimated roughly intime and budget by CAAN staff.
Second level requirements: through an analysis of "product vision" thesekinds of requirements will appear. Stakeholders of a new application mustcollect requirements of any functionality that they need, to cover their functional
necessities. Every one of these requirements must satisfy the following list offeatures:
o Completeo Specific, unambiguous.o Testable or measurableo Prioritizedo Achievable, realistico Connectedo Signed off by the client
It is not mandatory that all requirements must be considered as a new application (firstlevel requirements) or they must be included in the final product (second levelrequirements). All of them must be analysed and estimated in cost and effort todeterminate if they are affordable. However, only a few requirements show upintentionally with a must, these are the mandatory ones.
To maintain minimum traceability between requirements is very important to highlightany dependence between requirements. This approach allows maintaining arequirements hierarchy.
8/10/2019 4. MIS and Computerization Functional Specifications
8/71
MIS and Computerization Functional Specifications Page 8 of 71
This is the template to fill up in order to define a new functional requirement.
Functional requirement
First Level
Second Level Dependent requirement
idName
Id
Date
Description
Acceptance Measure
Tester
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
9/71
MIS and Computerization Functional Specifications Page 9 of 71
3.1.1 MIS Functional Requirements
3.1.1.1 Airport Operational Data Base
Functional requirement
First Level
Second Level Dependent requirementid
Name Airpor t Operational Data Base (AODB)
Id F-0001
Date
Description
Air Operational database (AODB) is a type of database inwhich all the air operations of a concrete area arerecorded.It is known that in TIA Airport there is a kind of this type ofsoftware, installed by a Dutch company. This database
might be enough to cover this software requirement.It must be taken into account that this information mightincrease its size rapidly. This data model should beevaluated in order to determine if it is only valid for the TIAairport, or it could be expanded to entire model informationof air operations in Nepal.This operational information is crucial to make reports andpredictions. The airport master plans are based onhistorical information, and this information must be storedin a single place, centralised and easy to access toallowed users.Operational mistakes and non-coordinated information will
be reduced if an AODB is created and used. Theinformation stored on that database might be exploited invery different ways, giving information to create newroutes, total passengers amounts, companys informationand so on.In order to facilitate the queries to this kind of database,some queries might be stored, and executed during thenight or in low loaded periods. Reports and graphs couldbe generated using this information.This data base will be one of the key of the ITinfrastructure, it will be interoperable with the purpose of allof the CAAN applications can connect with it.
Acceptance MeasureThe solution proposed must write down all airportoperations and their associate information, and AODBmust contain with methods to be interoperable.
Tester TBD
Extra information
MIS team was informed that TIA airport has alreadyinstalled a similar solution in their IT systems to show realtime arrivals and departures to passengers, whichprobably could be analysed and reused in order to improveit and built a full solution to both problems.
8/10/2019 4. MIS and Computerization Functional Specifications
10/71
MIS and Computerization Functional Specifications Page 10 of 71
3.1.1.1.1 AODB Access
Functional requirement
First Level
Second Level Dependent requirementid
F-0001
Name AODB Access
Id F-0001-01
Date
Description
The Air Operations database (AODB) must be accessiblefrom other applications as Flight Information Displays(FIDs) inside the TIA airport, web sites, or even any otherif required.
To get this goal, it is important that the AODB design
covers this requirement, and to create formal and secureways to access to this data.
An Access Public Interface (API) is the key concept to getthe information accessible to the granted entities.
Acceptance MeasureAODB data must be accessible through an API to grantedentities.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
11/71
MIS and Computerization Functional Specifications Page 11 of 71
3.1.1.1.2 AODB Update
Functional requirement
First Level
Second Level Dependent requirementid
F-0001
Name AODB Update
Id F-0001-02
Date
Description
The Air Operations database (AODB) must be updated ontime and its information must be up to date in the samereal-time approach as now.
To get this goal, it is important that the AODB allows to thecurrent responsible to this task, to enter the flight data andits updates in a friendly interface avoiding data replication
and failures.
There will be just some users who should be allowed toupdate the information gathered in the AODB.
Acceptance Measure AODB data must be updated in a real time approach.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
12/71
MIS and Computerization Functional Specifications Page 12 of 71
3.1.1.1.3 AODB Historical Data Conservation
Functional requirement
First Level
Second Level Dependent requirementid
F-0001
Name AODB Historical Data Conservation
Id F-0001-03
Date
Description
The Air Operations database (AODB) must keep thehistorical operations information.
This is crucial to build reports and statistics information tomake studies and traffic forecast.
This information must be storaged in secondary storageunits, but the processes to extract the AODB informationand to store in the secondary unit must be taken intoaccount
Acceptance Measure AODB data must be kept.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
13/71
MIS and Computerization Functional Specifications Page 13 of 71
3.1.1.2 Lightweight Directory Access Protocol
Functional requirement
First Level Second Level Dependent requirement
id
Name Lightweight Directory Access Protocol (LDAP)
Id F-0002
Date
Description
The Lightweight Directory Access Protocol (LDAP) is anapplication protocol for accessing and maintainingdistributed directory information services over a network.
Directory services may provide any organized set ofrecords, often with a hierarchical structure, such as a
corporate email directory.
LDAP is required in order to maintain the security accessto information. This is a transversal requirement in all theteams, in order to guarantee the data protection. LDAP isan electronic representation of the corporate structure.This structure is currently being defined and will determineroles and grants.
Anyway, it is possible to assign special permissions toconcrete information or document to a single user. Theseexceptions are defined over the standard hierarchicaldefinition of the entire organization, and must becontinuously reviewed in order to keep the informationcontrol access up to date.
LDAP is a key concept in any sharing information system,and must be defined carefully. Ineco offers its experienceto CAAN staff to show how it works, and how to define thedifferent roles and permissions.
All the systems that are going to be installed will delegateits access rules to the LDAP.
Acceptance Measure All security policies defined will be able to be implementedin the corporate LDAP System.
Tester TBD
Extra informationLDAP is specified using the description language. Thislanguage is well-documented in several places, and iseasy to learn.
8/10/2019 4. MIS and Computerization Functional Specifications
14/71
MIS and Computerization Functional Specifications Page 14 of 71
3.1.1.2.1 LDAP Access
Functional requirement
First Level
Second Level Dependent requirementid
F-0002
Name LDAP Access
Id F-0002-01
Date
Description
LDAP must be accessible from any corporate applicationin the CAAN new organization and in the future airnavigation organization. LDAP must to be the tool to grantany access to any resource, and it must work in atransparent way for final users.
In order to get this goal, any corporate application musthave LDAP compatibility, and restricted accessconfiguration.
The configuration and/or modifications to these accesspolicies must be access restricted to specific users groups.
Acceptance MeasureLDAP will be the way to grant the access to any corporateresource
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
15/71
MIS and Computerization Functional Specifications Page 15 of 71
3.1.1.2.2 LDAP Exceptions
Functional requirement
First Level
Second Level Dependent requirementid
F-0002
Name LDAP Exceptions
Id F-0002-02
Date
DescriptionLDAP must be able to accept exceptions in itsconfiguration to allow single users to access to anyresource in any application configured with it.
Acceptance Measure LDAP will be able to grant single users to single resources.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
16/71
MIS and Computerization Functional Specifications Page 16 of 71
3.1.1.2.3 LDAP Groups Management
Functional requirement
First Level
Second Level Dependent requirementid
F-0002
Name LDAP Groups Management
Id F-0002-03
Date
Description
LDAP must be able to accept groups management inorder to facilitate the initial configuration of a group ofusers. These users can belong to the same department, orjust have common features that, using groups, would beconfigured just once.
Acceptance Measure LDAP will be able to configure groups of users.
Tester TBDExtra information
8/10/2019 4. MIS and Computerization Functional Specifications
17/71
MIS and Computerization Functional Specifications Page 17 of 71
3.1.1.2.4 LDAP Update
Functional requirement
First Level
Second Level Dependent requirementid
F-0002
Name LDAP Update
Id F-0002-04
Date
DescriptionLDAP must be configured and updated any time the taskmust be required. This action will be restricted to grantedusers.
Acceptance Measure It will be possible to update the LDAP configuration.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
18/71
8/10/2019 4. MIS and Computerization Functional Specifications
19/71
MIS and Computerization Functional Specifications Page 19 of 71
3.1.1.3 Records Management
Functional requirement
First Level Second Level Dependent requirement
id
Name Records management (RM)
Id F-0003
Date
Description
Records management is the practice of maintaining therecords of an organization from the time they are createdup to their eventual disposal. This may include classifying,storing, securing, and destruction (or in some cases,archival preservation) of records and reports in any kind offormat (doc, xls, pdf, ect.).
A more concrete definition of an EDRM (Electronicdocument and records management system) would be anautomatic system that is used to create original orversioned documents, track and store them through anorganization.
These kind of systems are used to keep documents in anorganization that has the need of sharing and updatingdocuments through different agents. During this process,the document is created, updated, reviewed, versioned or
just read.
This kind of system is always based on a hierarchicalpermissions system that only allows the access to adocument to users that are granted to do.
In CAAN there is a need of sharing information. One of thebig problems of the current organization is the duplicity ofthe same information because the information is notcentralised. With this kind of software, all the differentversions of the same document will be tracked. All thechanges done by a user might be reviewed and the samefile will be distributed through the system in order toreduce to zero the loss of information.
IT security programs will include procedures for storing,handling and destroying information media, supporting therecord life-cycle, including sanitization of the informationsystem media, both digital and non-digital, prior to disposalor release for reuse.
These programs will be aligned with the Record RetentionPolicy.
8/10/2019 4. MIS and Computerization Functional Specifications
20/71
MIS and Computerization Functional Specifications Page 20 of 71
Acceptance Measure
All kind of reports, records, documents, etc. generated,must be managed by this system, and all of them must beavailable to be shared with someone else (distributeddocument) or whoever has been allowed (workingdocument).
All the teams involved in the future organization design willdemand this software to guarantee the information integrityand the access control.
Tester TBD
Extra informationWith this kind of system, it is guaranteed always that thelatest and the most updated information are checked in allthe times that this piece of information is needed.
8/10/2019 4. MIS and Computerization Functional Specifications
21/71
MIS and Computerization Functional Specifications Page 21 of 71
3.1.1.3.1 Documents Access
Functional requirement
First Level
Second Level Dependent requirementid
F-0003
Name
Id F-0003-01
Date
Description
The system must be accessible from any computer insidethe organization. This access will be granted through anidentification login page.
Using the LDAP configuration, this access will beconfigured and restricted to single users or groups.
Acceptance MeasureThe system must be accessible to the members of staff,and the access to the different sections and actions mustbe granted separately.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
22/71
MIS and Computerization Functional Specifications Page 22 of 71
3.1.1.3.2 Documents Creation
Functional requirement
First Level
Second Level Dependent requirementid
F-0003
Name
Id F-0003-02
Date
Description
Users must be able to create documents in the sectionswhere they are allowed to.
This documents must be uploaded from their hard disk andwill be kept in the system since this moment
Acceptance Measure The system must allow users to create documents.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
23/71
8/10/2019 4. MIS and Computerization Functional Specifications
24/71
MIS and Computerization Functional Specifications Page 24 of 71
3.1.1.3.4 Documents update/delete
Functional requirement
First Level
Second Level Dependent requirementid
F-0003
Name
Id F-0003-04
Date
Description
Users must be able to update or delete documents in thesections where they are allowed to.
Updates will be versioned. Each version will save theauthor, date, changes done and comments.
Users will be allowed to update or delete their owndocuments, and the documents in which they are allowedto.
Acceptance MeasureThe system must allow users to update or deletedocuments.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
25/71
MIS and Computerization Functional Specifications Page 25 of 71
3.1.1.4 Web Publications
Functional requirement
First Level Second Level Dependent requirement
id
Name Web publications
Id F-0004
Date
Description
Nowadays, websites are the public face in front of theworld.
This websites represent the image that an organizationwants to show to the rest of the world.
The CAAN website is not only this image. CAAN websitemust be the place where important information aboutNepal and its air navigation must be collected and sharedwith the general public.
In concrete, there is some information that must be sharedand published by law. Following the indications of airnavigation experts, Ineco encourage to public AISinformation on the website firmly and regularly.
Therefore, there is a need to create channels to public
information on the current or future websites.
Not only general information must be shown on thesewebsites, but technical information might be required.
Some of the reports based on AODB data could be sharedtoo, in order to give accuracy information to the potentialvisitors or air navigation experts around the world.
Acceptance MeasureAIS documents will be published under the laws related,with the purpose to enforce the law.
Tester TBD
Extra information Some technique to do publications in real time can beimplemented to publish in CAAN or TIA websites, but AISpublication won't be necessary to be real time.
8/10/2019 4. MIS and Computerization Functional Specifications
26/71
MIS and Computerization Functional Specifications Page 26 of 71
3.1.1.4.1 Web publication on demand
Functional requirement
First Level
Second Level Dependent requirementid
F-0004
Name Web publi cation on demand
Id F-0004-01
Date
Description
Web publication mechanisms must be developed.
Some information must be published automatically to theofficial web sites on demand. These mechanisms could bedirectly implemented on the Document Management, or inother application.
This publication must be a robust mechanism andtransparent to final users
Acceptance MeasureDocuments can be published to the officials websitesthrough an automatic mechanism on demand
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
27/71
MIS and Computerization Functional Specifications Page 27 of 71
3.1.1.5 E-mail adoption
Functional requirement
First Level
Second Level Dependent requirementid
Name E-mail adoption
Id F-0005
Date
Description
The e-mail communication is the way that modernenterprise communication works. It is so crucial thatsometimes the e-mail address is the authentication tokenin internal systems, and the corporate systems identifyusers by their id.
CAAN and the new air navigation organization must adapt
to this way of communication and distribute information:not only text but files and events or meetings must bedistributed by e-mails across their staff and with any otherprofessional of any other part of the world.
These e-mail addresses must belong to the CAAN and thenew air navigation organization, and their technical staffmust administer them. Nowadays, there is no reason tonot use it, and adapt it as the corporate way of working.
Acceptance Measure
Members of the staff of the CAAN and new air navigationwith their e-mail address distributed and working properly,
and adopting the e-mail as the corporate way ofcommunication.
Tester TBD
Extra information Task on progress
8/10/2019 4. MIS and Computerization Functional Specifications
28/71
MIS and Computerization Functional Specifications Page 28 of 71
3.1.1.5.1 Corporate e-mail establishment
Functional requirement
First Level
Second Level Dependent requirementid
F-0005
Name Corporate e-mail establishment
Id F-0005-01
Date
Description
Corporate e-mail addresses must be distributed throughthe staff.
E-mail client and reader must be installed on eachcomputer in order to facilitate its establishment.
This e-mail address may be the user id to access to thedifferent systems.
Acceptance Measure Any staff member must have a corporate email address.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
29/71
MIS and Computerization Functional Specifications Page 29 of 71
3.1.1.6 CAAN web site
Functional requirement
First Level
Second Level Dependent requirementid
Name CAAN web site
Id F-0006
Date
Description
The CAAN web site must be rebuilt.
A new analysis and redesign must be carried out in orderto obtain a better public image of the organization, andcovering all the information needs.
The new web site must take into account the newtendencies on internet, trying to give to the organization anew look and feel, well in keeping with the Nepal efforts tomodernize its aeronautical sector.
A deep study of the information structuration should becarried out as well, trying to cover all information needs ina well-structured web site. This is crucial in order to get abetter user experience that guarantees the visitorssatisfaction and the access to the proper information fastand with accuracy.
Acceptance Measure
New modern web page with a full redesign, that will offer
the current information and will cover the future needs. Itmust support web publications.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
30/71
MIS and Computerization Functional Specifications Page 30 of 71
3.1.1.6.1 Web site powered by CMS System
Functional requirement
First Level
Second Level Dependent requirementid
F-0006
Name Web site powered by Content Management System
Id F-0006-01
Date
Description
In order to improve the maintenance and the functionalityof the CAAN's web site, it is critical to have a well-supported Content Management System like Joomla,Drupal, etc.
Acceptance MeasureWeb site developed using a Content ManagementSystem.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
31/71
MIS and Computerization Functional Specifications Page 31 of 71
3.1.1.7 New organization web site
Functional requirement
First Level
Second Level Dependent requirementid
Name New organization web site
Id F-0007
Date
Description
The new organization must have a web site.
An exhaustive analysis must be carried out in order toobtain all the information needs and its structuration.
The new web site must take into account the newtendencies on internet, trying to give to the organization anappropriate look and feel, well in keeping with the Nepalefforts to modernize its aeronautical sector.
As the CAAN web site, this is crucial in order to get a gooduser experience that guarantees the visitors satisfactionand the access to the proper information fast and withaccuracy.
Acceptance MeasureWeb page with an attractive and modern design, coveringthe information needs. It must support web publications.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
32/71
MIS and Computerization Functional Specifications Page 32 of 71
3.1.1.7.1 New organization web site powered by CMS System
Functional requirement
First Level
Second Level Dependent requirementid
F-0007
Name New organization web site powered by CMS System
Id F-0007-01
Date
Description
In order to improve the maintenance and the functionalityof the new organization's web site, it is critical for the website to be powered by a well-supported ContentManagement System.
Acceptance Measure Web site developed using a Content Management System.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
33/71
8/10/2019 4. MIS and Computerization Functional Specifications
34/71
MIS and Computerization Functional Specifications Page 34 of 71
3.1.1.9 Corporate Tables
Functional requirement
First Level
Second Level Dependent requirementid
Name Corporate Tables
Id F-0009
Date
Description
The corporate tables are the place to stored commoninformation about the airport daily work, as companies,airports and so on.
This information must be centralised in order to reduceredundant information, minimize the typing mistakes andto create a unique place where every department can
access and get update and official information, avoidingpaperwork and keeping the key information inside thecompany.
These tables must be allocated in an internal data baseinstalled in the Data Center, and accessible through theinternal MIS system.
This information must be kept by the technical IT staff, andthe historical evolution of any information must be tracked.
Acceptance MeasureCommon corporate information must be stored in a
centralised data base.Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
35/71
MIS and Computerization Functional Specifications Page 35 of 71
3.1.2 Other Functional Requirements
Although there are lot of applications already detected by the MIS infrastructure, othersoftware requirements have been detected.
The main application of this type is the ERP. ERP (Enterprise Resource Planning)software is the specific software used to billing clients and economic control issues thatit belongs to financial field.
Obviously, there is a need of this kind of software on both organizations, and they mustto be taken into account although they do not belong to MIS field.
Besides that, there are infrastructure necessities that have been collected andexplained on this section.
8/10/2019 4. MIS and Computerization Functional Specifications
36/71
MIS and Computerization Functional Specifications Page 36 of 71
3.1.2.1 Enterpr ise Resource Planning
Functional requirement
First Level
Second Level Dependent requirementid
Name Enterprise Resource Planning
Id F-0010
Date
Description
Enterprise resource planning (ERP) systems integrateinternal and external management information across anentire organization, embracing finance/accounting,manufacturing, sales and service, customer relationshipmanagement, etc.
ERP systems automate this activity with an integrated
software application. The purpose of ERP is to facilitatethe flow of information between all business functionsinside the boundaries of the organization and manage theconnections to outside stakeholders.
It was previously mentioned that this software is not part ofthe MIS itself. This software has to be used just by thefinancial department, and the concept of MIS architecturedoes not cover this part, but it has to be taken into accountas other piece of software that has to be integrated withMIS does not exist currently.
In concrete, this software is demanded by the financialTeam in order to organize the accounting tasks of thefuture organization. Not only providers expenses but alsocompany taxes are included on this software requirement.
This system has to be accessible only by the financialdepartment of the new organization. There will be someinformation just accessible by certain members of the staff,so in addition, LDAP is demanded.
Acceptance MeasureThe solution proposed allows managing the accounting ofboth organizations separately.
Tester TBD
Extra informationAn important task in this requirement will be inquiry andchoose the suitable commercial product.
8/10/2019 4. MIS and Computerization Functional Specifications
37/71
MIS and Computerization Functional Specifications Page 37 of 71
3.1.2.1.1 ERP Access
Functional requirement
First Level
Second Level Dependent requirementid
F-0011
Name ERP Access
Id F-0010-01
Date
Description
The ERP must be accessible from any computer inside theAccounting department. This access will be grantedthrough an identification login page.
Using the LDAP configuration, this access will be
configured and restricted to single users or groups.
Acceptance MeasureERP must be accessible to the members of the accountingstaff, and the access to the different sections and actionsmust be granted separately.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
38/71
MIS and Computerization Functional Specifications Page 38 of 71
3.1.2.1.2 ERP Reporting
Functional requirement
First Level
Second Level Dependent requirementid
F-0011
Name ERP Reporting
Id F-0010-02
Date
Description
The information storage inside the ERP must beaccessible in order to generate automatic reports aboutaccounting department activities. These reports must bedefined by the appropriate users and they must be flexibleand dynamic enough to satisfy the business needs.
Acceptance Measure The ERP reports generation must be possible.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
39/71
MIS and Computerization Functional Specifications Page 39 of 71
3.1.2.2 New structured cabling for CAAN Offi ces at Babar Mahal (1)
Functional requirement
First Level
Second Level
Dependent requirementid
NameNew structured cabling for CAAN Offices at BabarMahal: Rooms & condui ts
Id F-0011
Date
Description
The CAAN organization office at Babar Mahal requires anew structured cabling, which will provide acomprehensive telecommunications networkinginfrastructure.
This infrastructure serves a wide range of uses, allowing
workstations, laptops and smartphones to connect tonetwork and business application services, residing in thecomputing facilities available in the Data Center Room,and data, voice and video transmission.
The structured cabling is one of the most complex andexpensive installations of a building, comprising differentconstruction spaces, fixtures, electronics, etc.
Regarding construction requirements, the six prominentconstruction elements/spaces required are:
Entrance facility, where the telecommunicationsservice connects to the building network.
Equipment room in the Data Center Room,located close to the main backbone pathway toallow for easier connection. Data Center Room willbe defined in another functional requirement.
Backbone pathway (intrabuilding), use to placebackbone cables between the equipment room andthe entrance facility, the entrance facility and thetelecommunications room or the equipment roomand the telecommunications room.
Telecommunication rooms, spaces that act asthe common access point between backbone andhorizontal distribution pathways, one per floor.
Horizontal pathways, facilities used in theinstallation of horizontal cabling from the work areaoutlet to the telecommunications room.
Work areas, locations where occupants interactwith telecommunications devices. Those workareas will have to be renovated in order to providethe appropriate telecommunication outlets.
Being the CAAN current offices an ancient building at
Babar Mahal, an analysis must be carried out to obtain allthe information about rooms, accessible shafts or
8/10/2019 4. MIS and Computerization Functional Specifications
40/71
MIS and Computerization Functional Specifications Page 40 of 71
passages through the floors and ceiling areas, freesleeves, trays and conduits available, etc.
The aforementioned areas will have to be identified in thebuilding prior to refurbish them for the new functions.
Acceptance Measure Compliance with the ANSI/TIA/EIA-569B standard specsand guidance, in terms of sizing, % space filling, etc.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
41/71
MIS and Computerization Functional Specifications Page 41 of 71
3.1.2.3 New structured cabling for CAAN Offi ces at Babar Mahal (2)
Functional requirement
First Level
Second Level Dependent requirementid
NameNew structured cabling for CAAN Offices at BabarMahal: Cabling system
Id F-0011-01
Date
Description
The CAAN organization office at Babar Mahal requires anew structured cabling, which will provide acomprehensive telecommunications infrastructure.
This infrastructure serves a wide range of uses, allowingworkstations, laptops and smartphones to connect to
network and business application services, residing in thecomputing facilities available in the Data Center Room,and data, voice and video transmission.
Cable is the fabric that connects every LAN device, eithertalker or listener:
- Horizontal cabling, portion of the cabling systemwith a star topology that extends from the workarea outlet, through the cabling in thewall/ceiling/floor and then to the patch panel in the
telecommunications room.
The system will also include the patch cordsat thework area outlet to connect the user LANdevices/adapters, and patch cords in thetelecommunications room.
- Backbone cabling, Multipair cables with athermoplastic insulating cover, assembled intobinder groups, or fiber cable, between theequipment room and the entrance facility, theentrance facility and the telecommunications room
or the equipment room and the telecommunicationsroom
Cables terminate in connecting hardware, which could alsobe required, depending on the Office layout:
- Main cross connect in telecomm room
- Intermediate cross connect
- Horizontal cross connect
- Horizontal cabling transition points
- Consolidation points- Telecommunications outlets in the work areas,
8/10/2019 4. MIS and Computerization Functional Specifications
42/71
MIS and Computerization Functional Specifications Page 42 of 71
close to the users
Acceptance Measure
Compliance with the ANSI/TIA/EIA-568B standard specsand guidance, in terms of resistance, attenuation, etc.
Most horizontal cabling will follow Cat 5e or 6a standards
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
43/71
MIS and Computerization Functional Specifications Page 43 of 71
3.1.2.4 Networking infrastructure for CAAN Offices at Babar Mahal
Functional requirement
First Level
Second Level Dependent requirement
idName
Networking in frastructure for CAAN Offices at BabarMahal
Id F-0012
Description
The CAAN organization office at Babar Mahal requires anew networking and telecommunications infrastructure,with the following managed (thru a 3 rd party) orunmanaged enabling elements:
Local Area Network routers and switches, toconnect the different networks and workstations
and devices between them, the DMZ and theoutside world through Internet. They cover thelayers 1 to 3 in the Open Systems InterconnectionISO standard and are the corner stone of thecommunications realm.
Firewalls,sitting between routers and applicationsservers and providing access control, with packetor application filtering capabilities available.
Load balancing components to distribute overallload on your Web or application servers, or todistribute specific demand according to the kind oftask to be performed.
Name servers, to respond to naming queries andidentify the IP address of components andservices.
Storage Area Network elements to make storageindependent of the servers used in conjunction withit. SAN can accelerate the time to recover, using anon-functional server and without having torelocate the storage drives.
CAAN Organization should also add a couple moreelements to comply with the Security ControlRequirements later stated:
- Demilit arized Zone, DMZ, which will separate thecorporate network or internal network from theInternet. The DMZ is a tightly secured area intowhich you place servers providing Internet servicesand facilities e.g. web servers.
- Proxies, to avoid any potential danger whenaccessing to Internet, A machine requiring accessto the Internet can pass its request onto the proxy,which in turn makes the request on the machinesbehalf, shielding it.
Acceptance MeasureFor performance, using a stress test probe to evaluatebottlenecks: maximum concurrent connections to high-
8/10/2019 4. MIS and Computerization Functional Specifications
44/71
MIS and Computerization Functional Specifications Page 44 of 71
impact information servers, traffic volume through theproxy per second, etc.
For Security Control, IT Continuity Services, please referto NF-0003 and NF-0012.6
Tester TBD (Ineco QA)Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
45/71
MIS and Computerization Functional Specifications Page 45 of 71
3.1.2.5 Data Center for CAAN Offices at Babar Mahal
Functional requirement
First Level
Second Level Dependent requirement
idName Data Center for CAAN Offi ces at Babar Mahal
Id F-0013
Description
The CAAN organization office at Babar Mahal requires anew Data Center with a minimum reliability of 99,671%(Tier I Basic TIA 942 standard, based upon UptimeInstitute benchmarks):
Susceptible to planned or unplanneddisruptions
Single path for power and cooling distribution,
without redundant Data Center components(excluded network and computing infrastructure).
No need for raised floor or generator. UPS isconsidered a must (not in Tier I).
Some measures for fire suppression : firedetection, early warning smoke detection andwaterleak detection.
Annual downtime of 29 hours. Complete shutdown for preventive
maintenance.
The Data Center will have enough room to distribute thedifferent network, computing and storage equipment,meeting known and projected maximum requirements:
- Entrance pathways for cabling- Main networking distribution area- Racks with side mounting rails to which equipmentand hardware are mounted.- Pathways to the main distribution area and horizontaldistribution- Hot and cold aisles to optimize cooling provided
appropriate conditions for the installation.
Acceptance MeasureCompliance with standard TIA 942 for Tier I Data Centertype, plus UPS availability
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
46/71
MIS and Computerization Functional Specifications Page 46 of 71
3.1.2.6 Internet Service Provision for CAAN Offices at Babar Mahal
Functional requirement
First Level
Second Level Dependent requirementid
NameInternet Service Provision for CAAN Offices at BabarMahal
Id F-0014
Description
The CAAN organization office at Babar Mahal must hire abroadband access to Internet, together with a back-upfrom a different provider, to enable access to the Internetfrom the different Business Functions, as well as access tothe corporate web site from everywhere.
Acceptance MeasureResponse times and download times to measure the realbandwidth, within acceptable limits of contract ServiceLevel Agreement.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
47/71
MIS and Computerization Functional Specifications Page 47 of 71
3.1.2.7 Computing Equipment for CAAN Offices at Babar Mahal
Functional requirement
First Level
Second Level Dependent requirement
idName
Computing Equipment for CAAN Offices at BabarMahal
Id F-0015
Description
The CAAN organization office at Babar Mahal mustacquire the hardware and software platform that suits theirneeds for application and database services and end-userworkstations.
New servers (hardware + software) must be provided tohost all network services aforementioned, which integrate
with MIS applications e.g. DNS, and for the MISapplications themselves.
Bearing in mind that the application architecture lies on theJava Enterprise Edition or JEE this will restrict our optionsin terms of application and database platform, to mostlikely JBOSS and PostgreSQL. Both platforms will beaimed to host a bunch of applications, particularly the high-impact ones. Fault-tolerant Clustering is not perceived as amust for CAAN Offices at Babar Mahal.
Storage will be provided via a Storage Area Network
infrastructure to allow for flexibility, scalability andperformance, provided managed SAN GBs annual pricesare reasonable.
Regarding workstations, CAAN must also renew a bigchunk of their workstations inventory. It will have to bedecided before the bidding process, whether the mostsuitable platform is a Microsoft Windows one, whichintegrates better with network services like LDAP(Microsoft Active Directory) but requires a powerfulmachine, or a user-friendly linux one, like the Long TermSupport edition of Ubuntu.
The biggest advantage of linux workstations are softwarecosts and the chance to reuse existing and cheapercomputer hardware, being linux usually a less demandingplatform.
Drivers for current printers and other small peripheralsdevices may be an issue, and therefore we must provisionto renew part of the peripherals park.
Acceptance Measure New platforms must integrate seamless in the newnetwork environment and the CAAN corporate domain,
8/10/2019 4. MIS and Computerization Functional Specifications
48/71
MIS and Computerization Functional Specifications Page 48 of 71
provide suitable response times and run the entirecorporate application portfolio, plus specific applications,intended for certain end-users, according to the applicationinventory.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
49/71
MIS and Computerization Functional Specifications Page 49 of 71
3.1.2.8 Implement the Help Desk Funct ion at CAAN Offices at Babar Mahal
Functional requirement
First Level
Second Level Dependent requirement
idName
Implement the Help Desk Function at CAAN Offices atBabar Mahal
Id F-0016
Description
The CAAN organization office at Babar Mahal shouldimplement the necessary IT Governance disciplines, tosuccessfully control the infrastructure and providemanaged IT services.
The first organizational change should be to implement aHelp Desk function that will act as a focal point for support
requests like access management, incidents, request forchange, etc.
The Conceptual Plan will develop the Help Desk functionand the IT Governance disciplines. Policies andprocedures will be developed, training materials producedand the IT Staff trained and getting coached.
A productivity tool to support the Help Desk operations willbe configured and deployed, allowing the Organization orother collaborating entities to assign tickets to incomingqueries and track further communications.
It is a traceable mean of managing incoming inquiries,complaints, support requests, defect reports, and othercommunications. Every ticket will have persistence or a"history" showing what happened to it within its life cycle.
The stored information will be the basis to produce keyperformance indicators (KPIs).
Acceptance Measure
Help Desk Organization in place, ready to perform theroles defined by IT Governance good practices.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
50/71
MIS and Computerization Functional Specifications Page 50 of 71
3.2 Non-functional requirements or technical requirements
In computer engineering terms, a non-functional requirement is a requirement thatdefine the desired system behaviour rather than specific behaviour or functions. Theplan for implementing functional requirements is detailed in the system design anddetermines what a system is supposed to do, whereas the plan for implementing non-functional requirements is detailed in the system architecture and determines how asystem is supposed to be.
Non-functional requirements are often called qualities of a system, and are definedbased on qualities like stability and portability. Non-functional requirements can bedivided into two main categories:
Execution qualities, such as security and usability, which are observable at runtime.
Evolution qualities, such as testability, maintainability, extensibility and
scalability, which are embodied in the static structure of the software system
This is the template to fill up in order to define a new non-functional requirement.
Non-functional requirement template
Name
Id
Date
Description
Acceptance Measure
Tester
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
51/71
MIS and Computerization Functional Specifications Page 51 of 71
3.2.1 Availability
Non-functional requirement
Name Availabi li ty
Id NF-0001
Date
Description
The system availability is the feature to explain the amountof time that a system has to be accessible and working ina proper way. Availability is the proportion of time a systemis in a functioning condition. This ratio between the totaltime and the time that the system was available is the unitto measure this capability.
Acceptance Measure
The solution proposed must be 24 hours available, 7 daysa week. That means that the application must be alive andworking in any single moment. Therefore, deny of serviceperiods must be avoided. To get this goal the entireinfrastructure must be replicated and the electricity supply
must be guaranteed in the DPC.Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
52/71
MIS and Computerization Functional Specifications Page 52 of 71
3.2.2 Backup
Non-functional requirement
Name Backup
Id NF-0002
Date
Description
CAAN should conduct backups of user-level and system-level information (including system state information)contained in all information systems at least weekly.
System backups are automatic regular copies of high-impact information systems. All the key pieces ofinformation must be stored regularly, in order to haverecovery copies just in case an incident happened.
These recovery copies must be storage in separate units,and must be accessible by the system administrators.
These administrators will be in charge to recover thesystem to the most updated state when the system fails.
Another reason to keep former security copies is for theinformation integrity or forensic purposes. This pastinformation could be accessed to check the informationstate and analyse a temporal incident or decision.
Alternate storage sites should be identified and thenecessary agreements initiated to permit the storage ofbackup information for Moderate and High-impactinformation systems.
Acceptance Measure
The solution proposed must storage the DDBB and high-impact information systems daily, to reduce the risk of lossof information.
In addition to that, the information must be kept during onemonth in order to restore the system on a precise date andanalyse its behaviour.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
53/71
MIS and Computerization Functional Specifications Page 53 of 71
3.2.3 IT service continuity (ITIL procedure)
Non-functional requirement
Name IT Service Continuity
Id NF-0003
Date
Description
CAAN Organization should maintain a set of IT ServiceContinuity Plans and IT recovery plans that will support theoverall Business Continuity Plans. (beyond the ITboundaries)
Even if primarily IT Service Continuity considers the ITassets and configurations that support the businessprocesses, following a contingency it will be alsonecessary to relocate to an alternative working location,provision may also be required for items such as office and
personnel accommodation, copies of critical paperrecords, courier services and telephone facilities tocommunicate with customers and third parties
IT high-impact information systems should have thecapacity that enables a system to restore operations aftera system complete fail. Alternate telecommunicationsservices must support these high-impact informationsystems to permit the resumption of system operations forcritical mission/business functions.
When an incident happens it is important to have a clear
protocol that explains what to do and how and what torecover. This protocol must be accessible in any moment(even with the system down), and the systemadministrators and backups must know it.
The elapsed time since the system fail and the systemworking again is important to define this protocol. Actually,it is a QA (Quality assurance), and it is important to definethis time in order to determine subsequent measuresrelated to it, as back-up policies or the real reliability of thesystem.
Personnel should also be trained in their contingency rolesand responsibilities with respect to all information systemsand a refresher should be provided annually.
Acceptance Measure
The solution proposed must recover its proper state high-impact information system in less than 24 hour. Theoptimal situation should require less time, but the SLA willestablish what the acceptable delay is and will be basedupon the Business Continuity Policy
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
54/71
MIS and Computerization Functional Specifications Page 54 of 71
3.2.4 Extensibility
Non-functional requirement
Name Extensibility
Id NF-0004
Date
Description
The Extensibility principle is the feature that means thatthe implementation takes into consideration future growth.It is a systemic measure of the ability to extend a systemand the level of effort required to implement and fullyintegrate the extension. Extensions can be through theaddition of new functionality or through modification ofexisting functionality. The central theme is to provide forchange while minimizing impact to existing systemfunctions.
Acceptance MeasureThe solution will be implemented following this principle,taking into account future improvements and product
integrations.Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
55/71
MIS and Computerization Functional Specifications Page 55 of 71
3.2.5 Fault tolerance
Non-functional requirement
Name Fault tolerance
Id NF-0005
Date
Description
The fault-tolerant design is a design that enables a systemto continue operation, possibly at a reduced level, ratherthan failing completely, when some part of the systemfails. The term is most commonly used to describecomputer-based systems designed to continue more orless fully operational with, perhaps, a reduction inthroughput or an increase in response time in the event ofsome partial failure. That is, the system as a whole is notstopped due to problems either in the hardware or thesoftware.
Acceptance Measure
The solution must be failure tolerant, and must be strong
enough to guarantee the service during the time theapplication is on. To get this goal, this software shouldemit a signal when a potential problem was detected, inadvance, giving enough time to take preventives measuresto solve it without service interruption
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
56/71
MIS and Computerization Functional Specifications Page 56 of 71
3.2.6 Interoperability
Non-functional requirement
Name Interoperability
Id NF-0006
Date
Description
Interoperability is the feature that describes the facility tointerchange information between different systems, andthe capacity to use it.Another definition to this principle is "Being able toaccomplish end-user applications using different types ofcomputer systems, operating systems, and applicationsoftware, interconnected by different types of local andwide area networks."This feature must be taken into account when a system isdefined, knowing previously which type of devices aregoing to access to the information and its capabilities.
Acceptance MeasureThe solution will be interoperable between the agreeddevices, and the maximum number of functionalities will beaccessible from the less power devices.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
57/71
MIS and Computerization Functional Specifications Page 57 of 71
3.2.7 Licensing
Non-functional requirement
Name Licensing
Id NF-0007
Date
Description
The license is the feature that any product has in order toprotect the intellectual property of its creators. With alicense, a licensor may grant a license under intellectualproperty laws to authorise a use (such as copying softwareor using a (patented invention) to a licensee, sparing thelicensee from a claim of infringement brought by thelicensor. A license under intellectual property commonlyhas several components beyond the grant itself, includinga term, territory, renewal provisions, and other limitationsdeemed vital to the licensor.
Acceptance MeasureThe solution must be licensed and this license must belegal. That means that this software will be legal to beused and distributed along the organization.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
58/71
MIS and Computerization Functional Specifications Page 58 of 71
3.2.8 Maintainability
Non-functional requirement
Name Maintainability
Id NF-0008
Date
Description
In engineering, maintainability is the ease with which aproduct can be maintained in order to isolate defects andcorrect them, build up new requirements and make easierits future maintenance, and cope with a changedenvironment
In some cases, maintainability involves a system ofcontinuous improvement - learning from the past in orderto improve the ability to maintain systems, or improvereliability of systems based on maintenance experience.
Maintainability will be subjected to Security Policy, to bedeveloped.
Acceptance Measure
The solution proposed will be easy to maintain. Thesoftware designed will follow maintenance patterns toreduce the impact of new requirements and isolate thepotential bugs.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
59/71
MIS and Computerization Functional Specifications Page 59 of 71
3.2.9 Performance
Non-functional requirement
Name Performance
Id NF-0009
Date
Description
The system performance is the capacity to keep theoptimal behaviour of the system components at any time,and any physical or logical circumstances (load,temperature, disk occupation, network concurrence)
This performance level must be constant in anyconcurrence and situation. This goal can be preventedusing enough resources to cover all these situations, oradding resources dynamically when an overload situationis happening, in advance.
Acceptance Measure
The solution will keep the performance in the agreedsituations. When an overload situation is detected, thesolution will emit a signal to the application administratorsto alert about an overload situation.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
60/71
MIS and Computerization Functional Specifications Page 60 of 71
3.2.10 Platform compatibili ty
Non-functional requirement
Name Platform compatibility
Id NF-0010
Date
DescriptionThe platform compatibility feature is the system capabilityof run into different platforms without penalties inperformance neither extra configuration.
Acceptance Measure
All the software needed to the CAAN and the futureorganization staff will be runnable in the chosen platform,without any extra performance penalties. The platform willbe transparent to final MIS users.
Tester TBD
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
61/71
8/10/2019 4. MIS and Computerization Functional Specifications
62/71
MIS and Computerization Functional Specifications Page 62 of 71
3.2.12 Security
Non-functional requirement
Name Security
Id NF-0012
Date
Description
The Security in the field of computer science is a verybroad concept. It may be defined as the ability toguarantee the integrity of the information providing by thesystem, and the access control to it.
The CAAN organization will employ security controls tomeet security requirements defined by laws, executiveorders, directives, policies, or regulations.
Current assumption and going-in position: No matterhow well the environment is defended, attacks are
inevitable and eventually there will be a breach, beingpeople the weakest link. CAAN should therefore be readyfor incident response, business continuity and digitalforensics.
Acceptance Measure
The solution will guarantee the information confidentiality,integrity, providing a mechanism to grant access to theinformation, based upon discrete access lists and usersgroups or roles.
Tester TBD
Extra information
3.2.13A Security schema for Information Assurance (IA):
By Barbara Endicott, University of Washington
8/10/2019 4. MIS and Computerization Functional Specifications
63/71
MIS and Computerization Functional Specifications Page 63 of 71
3.2.13.1 Security controls (1): Access management
Non-functional requirement
First Level
Second Level Dependent requirement
id
NF-0012
Name Access Management contro ls
Id NF-0012-1
Date
Description
Minimum requirements presume a clear cut procedure tomanage information system accounts, inactive accounts,conditions for group memberships, assignment ofassociated authorizations, etc.
Appropriate divisions of responsibility and separated dutiesas needed, to eliminate conflicts of interest, should beimplemented.
Access control requires that the system be able to identifyand differentiate among users through accounts. Otheraccount management policies for information systemaccounts passwords enforcement, lockouts, accounttermination, etc. should be implemented as well.
Wifi access usage and portable and mobile devicesaccess should be restricted, monitored and controlled.
If remote access is allowed (employees), Bureaus andOffices shall authorize, monitor, and control all methods ofremote access e.g. multi-factor authentication.
Access from external systems shall be prohibited.
Acceptance Measure
Audit by inspection that information systems restrictaccess to security functions (deployed in hardware,software, and firmware) and security-relevant informationto explicitly authorized personnel: policies & proceduresand logs.Check policies have been implemented and/or applied toinformation system accounts
Tester TBD (Ineco QA)Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
64/71
MIS and Computerization Functional Specifications Page 64 of 71
3.2.13.2 Security controls (2): Awareness & training
Functional requirement
First Level
Second Level Dependent requirementid
NF-0012
Name Awareness and training controls
Id NF-0012-2
Date
Description
Awareness and training will pursue to focus the usersattention on IT security in the users daily routine,whenever there are important threats and weaknesses in asecurity control, changes in the IT Security Program policyor procedures or simply an incident has occurred.
Awareness programs should be developed according todesktop productivity tools employed and the businessapplications portfolio.
Training should be organized, training records maintained,and people should attend security training events at leastonce per year.
Acceptance Measure
Training may be followed by certification.
Check policy has been implemented: documentation,training plan, etc.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
65/71
MIS and Computerization Functional Specifications Page 65 of 71
3.2.13.3 Security controls (3): Audit & Accountability
Functional requirement
First Level
Second Level Dependent requirementid
NF-0012
Name Audi t & Accountabi li ty contro ls
Id NF-0012-3
Date
Description
A record of system activity by the system, applicationprocesses and by user activities should be maintained tolog, monitor, and investigate possible security violationsfrom activity involving access to and modification of files.
Audit trails and event logs will help to reconstruct events,
detect intrusions, and identify problems.
Acceptance MeasureCheck policy has been implemented: documentation, audittrails and logs available per workstation, server & MISsystem.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
66/71
MIS and Computerization Functional Specifications Page 66 of 71
3.2.13.4 Securi ty controls (4): Certif ication, Accreditation, and SecurityAssessment
Functional requirement
First Level
Second Level Dependent requirementid
NF-0012
Name Certif ication, Accreditation, and Security Assessment
Id F-0012-4
Date
Description
CAAN shall designate in writing a responsible for ensuringadequate planning and compliance with respect to therelevant policies, standards and guidelines issued by TBD(provided such authority exists).
System security plans should be developed for high-impact systems. Each plan shall include a description anddiagram of the IT system boundary which identifiesservers, network resources, and network devices includedwithin this boundary. System Security Plans must containat least:
- Business Impact Assessment- Risk Assessment- Boundary Hardware/Software- Interconnection Security Agreements- Contingency Plan
- Configuration Management Plan & ChangeManagement Plan
Security Test and Evaluation Plans should documentthe scope and procedures for testing the systems controlbaseline. The Security Test and Evaluation Plan willprovide relevant test cases for all devices included withinthe documented accreditation boundary.
Bureaus and offices should employ an independentcertification agent or certification team to conduct anassessment of the security controls in the information
system.
Bureaus and offices shall monitor the security controls inall information systems on an ongoing basis.
Acceptance MeasureCheck System Security Plans are in place for applicationsand systems defined as high-impact, check security testsresults and evaluation plans.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
67/71
MIS and Computerization Functional Specifications Page 67 of 71
3.2.13.5 Securi ty controls (5): Physical and Environmental Protection
Functional requirement
First Level
Second Level Dependent requirement
id
NF-0012
Name Physical and Environmental Protection
Id NF-0012-5
Date
Description
CAAN should document physical and environmentalprotection controls in the IT System Security Plan.
Offices should develop and keep current a list of personnelwith authorized access to the facilities where informationsystems reside and issue appropriate authorizationcredentials. Personnel no longer requiring access to thefacility will be removed from the list.
Offices shall ensure that badges, keys, combinations, andother access devices are secured and inventoriedregularly.
CAAN should ensure that the physical access controls forcomputer and communications rooms, containing largeconcentrations of information system components, areindependent of the physical access controls for the facility.
Acceptance Measure
Check implementation of the measures, and assess
compliance via appropriate control records e.g. audit trailsand logs.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
68/71
8/10/2019 4. MIS and Computerization Functional Specifications
69/71
MIS and Computerization Functional Specifications Page 69 of 71
3.2.13.7 Securi ty controls (7): System and Information Integrity
Functional requirement
First Level
Second Level Dependent requirementid
NF-0012
Name System and Information Integrity
Id NF-0012-7
Date
Description
CAAN shall identify, report, and correct all informationsystem flaws, identifying any information systemcontaining software affected with potential vulnerabilitiesresulting from those flaws.
A comprehensive patch management and asset
management program should be established, includingperiodic vulnerability scanning.
CAAN shall ensure that flaws discovered during securityassessments, continuous monitoring, incident responseactivities or information system error handling are alsoaddressed expeditiously, following the philosophy alreadyoutlined on the eventuality of a breach.
CAAN must use malicious code protection mechanisms todetect and eradicate malicious code like viruses, worms,Trojan horses, spyware transported by electronic mail and
attachments, Internet accesses, removable media, or byexploiting information system vulnerabilities.
CAAN must employ tools and techniques to monitorevents on Moderate and High-impact information systems,detect attacks, and provide identification of unauthorizeduse of the systems. CAAN must also ensure that high-impact information systems are configured to detect andprotect against unauthorized changes to software andinformation.
CAAN must receive information system securityalerts/advisories on a regular basis, issue alerts/advisoriesto appropriate personnel, and take appropriate actions inresponse.
Acceptance MeasureCheck implementation of the measures, and assesscompliance via appropriate control records e.g. audit trailsand logs.
Tester TBD (Ineco QA)
Extra information
8/10/2019 4. MIS and Computerization Functional Specifications
70/71
MIS and Computerization Functional Specifications Page 70 of 71
4 Functional Descrip tion
Each one of the two organizations will have their own systems. These two systemsarchitecture are being designed in a very similar way. Their own working methods
based on workflows are also being considered.
The goal of this new working method is to achieve the information sharing betweencolleagues, therefore every worker will be able to share or get any information,document or report needed in their project.
It is important to highlight that from these new working methods several new moreefficient working processes will emerge. Besides all the information will be stored in aplace, anybody will lost information and every data will have a backup.
Every worker (or user) and all departments will be configured in the LDAP System, inother words, every level of organization chart of each organization will be represented
in that system. LDAP system will have all the information that exists of each itemsdesigned in the organization chart.
A permissions policy must be defined in the LDAP System in both organizations,separately. Not every worker or department will be able to get all the availableinformation, thanks to a custom permission policy the IT department will be able togrant or reject accesses.
Every system designed in MIS will be able to connect with LDAP system and evaluateif a specific user profile has permission to get into an application.
The key of acceptance to the new paradigm of working processes will be the e-mail
system adoption. Every official communication will be by e-mail and all workers musthave an e-mail address to communicate with their colleagues
8/10/2019 4. MIS and Computerization Functional Specifications
71/71
4.1 Record management
The record management will be a transversal system. Every application will be able toaccess to it to store or get any digitalized document. All documents may be stored inthat system and due to the LDAP integration and the access policy, not everybody will
access to any stored information, depending on the user level access.
This software will be a key system in the new software platform and it will be able tostore, share or search in all kind of documents.
It is important to highlight that every document may be classified in folders or taggedwith meta-information to simplify the searching or accessing tasks to them.
In addition, it will be able to create workflows to distribute the documents betweenreviewers or recipients, if necessary.
4.2 Web sites
As mentioned earlier, web sites are the public face of an organization in front of theworld.
These web sites must to be updated and the look and feel of them must to be attractiveenough to show how modern the company is and the appropriate image that thisorganization wants to have.
In order to get this goal, some information has to be published automatically from thedaily working tools to the web sites. These web sites must to be powered by CMSsystems that have these publication mechanisms in order to facilitate this information
publication and management.
4.3 Airpor t operational software
In order to collect all the information about operations, a special data base must beimplanted in the TIA and the rest of the airports in Nepal. This information is critical tomanage the airport operations, but it is also the source to build up master plans andprediction studies about the current and the future situation in an airport.
With this goal in mind, one of this data bases must be installed in the CAANorganization.
In addition of that, external software should be used to extract the information collectedon that data base and automatize the reports generation. These reports will extract theconsolidated information and create custom reports depending on the necessities oneach moment.