You are on page 1of 39

Request for Proposal

For

Nigerian Pension Clients Biometric Data Capture

10 September 2012

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

TABLE OF CONTENTS 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. INTRODUCTION PROJECT OBJECTIVES PROJECT SCOPE KEY PROJECT DELIVERABLES PROJECT OVERVIEW STAKEHOLDERS PRE-CONDITIONS SOLUTION OVERVIEW AND LAYOUT PROCESS FLOW AND OPERATIONAL PROCEDURE HARDWARE REQUIREMENTS (GUIDE) SOFTWARE REQUIREMENTS (GUIDE) FORMAT FOR PROPOSAL RESPONSE INTENT TO RESPOND TERMS AND CONDITIONS ENQUIRIES PROPOSAL SUBMISSION FORMAT(S) AND DATE SOLUTION REQUIREMENTS LISTING APPENDICES 3 4 4 5 6 6 7 8 9 15 18 20 21 21 22 22 23 26

2|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

1.

INTRODUCTION
National Pension Commission (PENCOM), the regulators of the Pension Industry in Nigeria, has requested all Pension Fund Administrators (PFAs) to ensure that all Retirement Savings Account (RSA) clients profiles are compliant with Automated Finger Identification System (AFIS) standards. A recent verification exercise carried out on the RSA clients National Databank by PENCOM revealed that over 80% of the current biometric data are not AFIS-compliant. Furthermore, about 10% of the AFIS-compliant profiles were duplicates. In order to achieve the expected 100% AFIS-compliant level, it became obvious that the biometrics (and bio-data) of all existing RSA clients have to be re-captured, based on PENCOM-approved standards and specifications. Subsequently, all new RSA client registration MUST include mandatory AFIScompliant biometrics and bio-data capturing. The specifications for capturing of fingerprint images for PENCOM AFIS is attached to this RFP as an appendix. Furthermore, AFIS-compliant RSA clients profiles is also a key requirement for the commencement of the much-awaited Transfer Window, which enables RSA clients to move their accounts from one PFA to another as they desire. This mean that the Biometrics capturing project is expected to be concluded timely, whilst also ensuring the integrity of the data by eliminating multiple registrations, which has been a serious challenge to the Pension Industry, and which needed to be addressed forthwith. It is also observed that many of the RSA clients profiles on PFA Databases are out-dated, thereby making it extremely difficult for the PFAs to seamlessly treat transactions on such RSAs or communicate with such RSA clients. Consequently, the PFAs, through the umbrella body Pension Fund Operators of Nigeria (PENOP), and in conjunction with PENCOM, decided to engage the services of competent professionals to carry out the capturing of the biometrics (and bio-data) of all existing RSA clients in Nigeria. This Request for Proposal (RFP) is therefore prepared to serve as guide to professionals who may be interested in being considered by PENOP to execute the project.

3|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

2.

PROJECT OBJECTIVES
As noted in the introduction, the following are the key objectives of the project: 1. To make all existing RSA clients profiles AFIS-compliant. 2. To make each existing RSA clients profile unique. 3. To provide information that will aid the resolution of all historical cases of duplicate records, multiple registrations under different organisations and/or fake names. 4. To provide the platform for the resolution of all historical cases of duplicate records, multiple registrations under different organisations and/or fake names. 5. To provide the platform for elimination of future occurrence of cases of duplicate records, multiple registrations under different organisations and/or fake names. 6. To provide the platform for subsequent business-as-usual (BAU), AFIScompliant and unique RSA clients registration.

3.

PROJECT SCOPE
The project is designed to cover the capturing of biometric data of all existing RSA Clients as at cut-off date. The date will be specified in the contract award letter. The second aspect of the project is the collection and collation of completed Biometric / Bio-data Update Forms which is MANDATORY for all clients. The basic data for these clients and their geographical spread shall be provided to aid the exercise.

4|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

4.

KEY PROJECT DELIVERABLES


The following are the key project deliverables, though not exhaustive: 1. Unique biometrics per RSA PIN. 2. Biometrics of all existing RSA clients (as provided), consisting of: Finger prints (10 fingers or as specified) Photograph Signature 3. The biometric data capture processis only considered successful when a captured data is loaded unto the Collation Server for verification/validation, successfully verified/validated and successfully passed unto PENCOMs database. There will be penalty for rejections, depending on the nature/reasons. 4. Duplication checks on the Collation Server It MUST not be possible for a biometric data to be duplicated in the system. That is, one biometric data cannot be used for (attached to) two or more RSA PINs. It MUST not be possible for a RSA PIN to be verified / validated more than once. For instance, if an RSA holder goes through the exercise more than once at same location or different locations, all subsequent uploads, after the first validated upload, shall be invalidated and flagged for noting by the RSA holders PFA. 5. Completed biometric / bio-data update form for all existing RSA clients (as provided) that showed up for the exercise, properly noted by field officers in line with agreed process/SLA. 6. Resolution platform on the Collation Server for the PFAs and PENCOM to access, investigate and resolve all cases of multiple registrations, invalid PINs, single PIN to multiple clients, etc. 7. Daily activity reports, including prompt alerts on suspicious / fraud attempts, in line with agreed process/SLA.

5|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

5.

PROJECT OVERVIEW
In view of the fact that the existing RSA clients are spread all over the country, it is expected that Data Capture Centres will be set up simultaneously nationwide (all 36 states and FCT) where RSA clients can visit to do the Biometric registration and also provide their current details to be used in updating their profiles on the respective PFA Databases and PENCOMs database. The Data Capture Centres are expected to upload captured biometrics into the Collation Server located in PENCOMs office for appropriate verification and validation. The validated biometrics will in turn be used in updating RSA clients biometrics on PENCOMs database and sync with the respective PFA Databases. The completed Biometric / Bio-data Update Forms, submitted by the clients at the Data Capture Centres, are expected to be collated and handed over to the affected PFAs at agreed intervals and through approved channels (SLA-based). The PFAs are expected to use these forms in updating the biodata (not Biometrics) of their respective RSA clients on their databases and sync with PENCOMs database. This update process must be in accordance with subsisting PENCOMs guidelines on bio-data changes for the affected fields. It is expected that the new form, once verified / validated, will supercede any prior bio-data form that may have been submitted to the PFAs by the RSA clients. Finally, the subsequent registration of new RSA clients MUST follow same process to ensure that multiple and/or double registration is never allowed again in the databases. The process to achieve this will be determined and advised by PENCOM.

6.

STAKEHOLDERS
1. 2. 3. 4. 5. PENCOM PENOP All PFAs All existing RSA Clients Appointed professionals (Vendors)

6|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

7.

PRE-CONDITIONS AND ASSUMPTIONS


It is assumed that: The exercise is limited to the records of existing RSA Clients only i.e the exercise will not be used to capture new RSA clients data. All existing Clients have valid RSA PINs, Welcome Letters and/or Correspondences from PENCOM and/or their PFAs bearing their RSA PINs and full names. Clients will need to contact their PFAs to obtain copies of these documents, if they do not have them handy. Only clients who can produce any of Welcome Letter and Correspondence from PENCOM and/or their PFAs bearing their RSA PINs and full names as evidences of their ownership of the RSA accounts will be attended to at the Data Capture Centres. All existing RSA clients shall mandatorily complete Biometric / Bio-Data Update Form. Existing RSA clients profile (RSA PIN, Full Names, Photograph, Signature and PFA) will be available at the respective Data Capture Centres to aid the mandatory Documentation and Verification, and the ultimate Biometric Data Capture. Adequate infrastructure will be provided at the respective Data Capture Centres. There will be a Collation Server which will perform the Collation, Verification and Validation routine. All the Data Capture Centres will have robust Internet links that will be used to access the Collation Server Application via Webservice. There will be functionality to detach the newly uploaded/updated biometric data from an RSA PIN, invalidate the RSA PIN and attach the biometric to the right RSA PIN in proven cases of multiple registration, wrong/multiple upload from Data Capture Centre, etc. This will be in accordance with subsisting PENCOM guideline (e.g. Rule of first PIN), and all such activities shall require prior approval by PENCOM and be carried out on the Collation Server by PENCOMs authorized users. Only biometric capture will be done. No bio-data capture. The bio-data update Forms will be used by PFAs for the necessary bio-data capture as deemed appropriate, subject to the appropriate PENCOM-approved governance process.

7|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

For security purposes, all Data Capture Centres will be registered uniquely on the Collation Server, such that any record not carrying recognised Data Centre Code will be rejected by the Collation Server. All Data Capture Centre codes shall be invalidated upon the completion of the project.

8.

SOLUTION OVERVIEW AND LAYOUT


TECHNICAL ARCHITECTURE (BASE CONNECTIVITY)
Captured data from the field systems (36 States and FCT) are transmitted via VPN connection to the Collation Server. The data from the Collation Server are synchronised with PENCOMs National Data Bank (NDB) via a URL. There is Webservice connectivity between respective Pension Funds Administrators (PFAs) and the Collation Server.

8|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

9.

PROCESS FLOW AND OPERATIONAL PROCEDURE


A.
1.

FIELD CAPTURE (please refer to the flowchart)


Existing RSA Client (CLIENT) from any PFA visits any location of his/her choice anywhere in the country (any of the 36 States and FCT) to update his/her Biometrics and provide information for Biodata update. CLIENT collects Biometrics / Bio-data Update Form (see appendix 2), fills it and hand it over to the Documentation Agent for review, along with copy of his/her Welcome Letter and/or Correspondence from PENCOM and/or their PFAs bearing his/her RSA PIN and full names. Documentation Agent will perform the following checks: RSA PIN on the document submitted tallies with the RSA PIN on the form completed by the client. If not, the client is requested to correct it, else registration is not allowed. Full names on the document submitted tallies with the Full names on the form completed by the client. If not, Documentation Agent checks that the client answered YES for the field Name change required? (NO/YES). If not, the client is requested to correct it, else registration is not allowed.

2.

3.

4.

Once satisfied with the checks, Documentation Agent will then: Staple (or clip) the Form and the document submitted together for further processing. Register the client in the clients PFAs Biometric / Bio-data Update Register containing columns for Serial Number, RSA PIN and RSA Holders Names. Stamp the completed Form and the document submitted; noting the registered serial number on the form. Send the stamped documents to the Verification Agent.

5.

Verification Agent will perform the following checks/tasks: Check the RSA PIN on the local Clients Database. If the RSA PIN is not found, the document will be so noted by ticking YES in the section on the Form RSA PIN not on local database? (YES/NO), and passed to Validation Agent.

9|Page

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

If the RSA PIN is available on the local database, the clients Picture and Signature will be displayed for verification. Verification Agent performs reasonable due diligence check on the clients picture by confirming whether or not the picture displayed reasonable degree of resemblance with the physical appearance of the client. Verification Agent notes his/her opinion on the document by ticking the appropriate comment box for Picture Verification (Satisfied, Not Sure or Not Satisfied). Where there is no picture on the local database, Verification Agent ticks the comment box Picture not on local database. Verification Agent then performs reasonable due diligence check on the clients signature by confirming whether or not the signature displayed reasonable degree of resemblance with the signature on the Form. Verification Agent also notes his/her opinion on the document by ticking the appropriate comment box for Signature Verification (Satisfied, Not Sure or Not Satisfied). Where there is no signature on the local database, Verification Agent ticks the comment box Signature not on local database. Where the Verification Agent has noted Not Sure, Not Satisfied, Picture not on local database or Signature not on local database for Picture and /or Signature Verification, the document will be passed to the Validation Agent for second level check. Where the Verification Agent has noted Satisfied for both picture and signature the document will be passed straight to the Data Capture Agent for biometric capture. 6. Validation Agent repeats the Picture and/or Signature Verification due diligence exercise in cases where Verification Agent has noted Not Sure or Not Satisfied for Picture and /or Signature Verification. Validation Agent also notes his/her opinion on the document by ticking the appropriate second level comment boxes for Picture and Signature Verification (Satisfied, Not Sure or Not Satisfied). The document will then be passed to the Data Capture Agent, who will take the Validation Agents comments as final, for noting in the system.

7.

10 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

8.

However, where foul play or fraud attempt is suspected, the socalled client should be denied biometric capture, the document kept as evidence and the incidence reported immediately in line with agreed process. Where Picture and / or Signature is noted not to be on the local database, Validation Agent will recheck the local database and thereafter, if confirmed not found, access the Collation Server. If any or both are still not found on the Collation Server, Validation Agent ticks the comment boxes Picture not on Collation Server and Signature not on Collation Server as applicable; and passes the document to Data Capture Agent for biometric capture. Data Capture Agent will note the comment against the client accordingly in the system. Where any or both are found on the Collation Server, Validation Agent will repeat the Picture and/or Signature Verification due diligence exercise, note his/her opinion on the document by ticking the appropriate second level comment boxes for Picture and Signature Verification (Satisfied, Not Sure or Not Satisfied). The document will then be passed to the Data Capture Agent, who will take the Validation Agents comments as final. Where the RSA PIN is noted not to be on the local database, Validation Agent will recheck the local database and thereafter, if confirmed not found, access the Collation Server. If the RSA PIN is not found, Validation Agent will note the document accordingly by ticking YES in the section on the Form RSA PIN not on Collation Server? (YES/NO), and passed to Data Capture Agent for biometric capture. Data Capture Agent will note the information against the client accordingly in the system. If the RSA PIN is found, Validation Agent will perform the Picture and Signature Verification due diligence exercise, note his/her opinion on the document by ticking the appropriate second level comment boxes for Picture and Signature Verification (Satisfied, Not Sure or Not Satisfied). The document will then be passed to the Data Capture Agent, who will take the Validation Agents comments as final. In all cases where there is an issue with RSA PIN or identity (e.g Clients identity cannot be verified due to clearly different passport photograph and signature on the system), and no foul play or fraud attempt is suspected, the Validation Agent MUST politely explain to the affected RSA client the inconsistencies in his/her data and advise the Client to contact his/her PFA.

9.

10.

11.

12.

13.

14.

15.

11 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

16.

Data Capture Agent will finally fetch the customer details from the local database, or type out the details where they do not exist on local database, carry out the biometric capture, taking the finger prints, picture and signature (as prescribed). The comments by the Verification Agent or Validation Agent (as the case may be) will be noted against the client in the system. An RSA PIN that exists on the local database MUST be automatically flagged once used for biometric data capture, to minimise the risk of double capturing and the attendant time wastages. On completion, Data Capture Agent prints out the confirmation receipt (a slip) for the client. Client (RSA Holder) is advised to confirm the RSA Pin, Full names, picture and signature as captured on the system by examining the details in the printed slip. Once confirmed by the client, the record is put in queue by the Data Capture Agent for synchronization to the Collation Server. The queuing time MUST be specified by Vendors. That is, it must be possible to have an idea of how long it will take a captured data to get uploaded to the Collation Server. The queuing process MUST also not affect the ability of the Data Capture Agent from continuing the capturing of subsequent data. It is also important to know the average time it will take to do biometric data capture for each client. The Data Capture system MUST have facility to store the captured data until they are purged, and also flag any one that has been successfully uploaded. This is to avoid need for data re-capturing in cases of inability to upload unto the Collation Server. At the end of the days work, Data Capture Agent generates a consolidated activity report for reconciliation with the entries recorded by the Documentation Agent for the day in the respective PFA registers. The registers and the system report, together with reconciliation notes MUST be signed off by all the agents, and sent to the Project Manager on a daily basis. It should be possible to generate reports that will show the summary and details of records processed and records sent to Collation Server for each day.

17.

18.

19.

20.

21.

12 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

B.
1.

COLLATION SERVER
Records pushed from various Data Capture Centres are Collected and put on queue for Validation. The queuing time MUST be specified by Vendors. That is, it must be possible to have an idea of how long it will take a captured data to get verified/validated on Collation Server and sync with PENCOM database. It should be possible to generate collected records reports for the Project Manager(s) to use in reconciling with Data Centre reports. Any record not carrying a Data Centre Code will be rejected as invalid and junked. Records collected are validated for AFIS compliance, ensuring that no biometric data or RSA PIN is used more than once. It should also be possible to generate reports that will show the summary and details of records collected and records validated for each day, per one or more search criteria such as State, Local Govt, PFA, Data Capture Centre, etc. Validated records will be updated as new records. That is, the old record will still be kept. Where newly updated PINs are recaptured (cases of multiple biometric capture), duplicated record will marked for approval/rejection. This requires investigation by the affected PFA who will advise the valid record with appropriate proof. If approved, it will be validated and updated as the new record while the previous one will be marked old. For the purposes of the investigation and approval, PFA representatives will have access to Collation Server to review and treat RSA clients records that have issues. Old records are stored away in history and approved records are marked as updated. Collation Server activities (Approvals and updates) synchronised with PENCOM NDB. are then

2.

3. 4.

5.

6.

7.

13 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

8.

Other Collation Server Requirements: i. ii. iii. All PFAs should be able to access the server to see all their RSA Clients and details (captured and outstanding) via a web portal. PFA can approve changes for data that needs to be updated. The system should be able to generate full or on request reports for either new RSA Clients, old RSA Clients or both and monitor progress. The system should be able to generate reports of duplicate records. The system should be able to point out matching records within and amongst the different PFAs. The approved authorities should be able to view and export duplicate records to file.

iv.

v.

vi.

vii. Generate file dump for a particular segment of RSA Clients based on entered fields. viii. File Dump should be encoded to prevent tampering. ix. Ability to receive records via web service from the capture terminals. De-duplication exercise of biometric data

x.

C.
1. 2.

AFIS DUPLICATION CHECK


AFIS compliance check is carried out on all updated records by PENCOM. Duplicate records are marked with an ID which would enable easy identification and trace.

D.
1. 2.

CLEAN UP EXERCISE
Clean and Duplicate records can be viewed directly by PENCOM. Clean records are then moved over to PENCOM NDB via a URL and marked as NDB updated.

14 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

10.

HARDWARE REQUIREMENTS (GUIDE)


Note: These are guides only, the Vendor is at liberty to vary the system specifications in order to satisfactorily and efficiently meet the project requirements, whilst clearly indicating all or any variations introduced.

a.

Verification System Requirements


A mini laptop with 10 or 11 screen size Processing and memory capacity sufficient enough to handle the daily verification exercise 4GB RAM Storage capacity should be able to hold at least 1 million RSA holders records (RSA Number, Full Name, Signature and Passport Photo) 1TB HDD CD/DVD drive not required The laptop should not allow saving of unauthorized data Internet access with VPN capability

b.

Data Capture System Requirement


A mini laptop with 10 or 11 screen size Processing and memory capacity sufficient enough to handle the daily data capture exercise and upload to of records to central collation server 4GB RAM Storage capacity should be able to hold at least 1 million RSA holders records (RSA Number, Full Name, Signature and Passport Photo) 1TB HDD CD/DVD drive not required The laptop should not allow saving of unauthorized data Internet access with VPN capability Provision for backing up captured data - External HDD or Tape drive

15 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

c.

Collation Server Requirements


Storage Capacity to hold current RSA DB + generated biometric data of existing RSA holders + at least 300% growth (over 5 years) Processing and memory capacity sufficient enough to process transactions from all (1700+) Data Capture Centres and update PENCOM database Connectivity to the internet to allow secure connection from the Data Capture Centres Provision for daily data backup 4x 10 2.4GHz Processor 256GB RAM 2x 600GB SAS/SATA HDD (internal) 40TB SAN storage Space (to store 10,000,000 records each with 12 Binary data fields and 30 x 50 character length fields) Tape Library Full Server Redundancy (High Availability) using multiple Switches

d.

Assumptions: i. Netbook for Capture of Biometric data.


Each of the system to hold a minimum of 1 million RSA Clients Records database. The Netbook system will be used to capture existing RSA Clients signature, passport photograph and fingerprint details. The Netbook system to be fast processing speed commensurate with the use to which it would be put. Biometric scanners are functional and compatible with the Netbook systems. The Digital Cameras to be used with the system would be compatible with the Netbook system. 3G/Wi-Fi Internet connectivity to be available on the Netbook system for connection to the Collation Server at PENCOM. The Signature pad to be used will be compatible with the Netbook system

16 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

The Minimum storage facility of each system will be 1TB (solid state). The System should be small and portable (mini). The Netbook system comes with digital security.
The Netbook system to have removable CD drive.

ii. Netbook for Verification of RSA Clients details.


Each System to hold a minimum of 1 million RSA Clients in its database. The system will be used to verify existing RSA Clients details only. The Netbook system to be fast processing speed commensurate with the use to which it would be put. Biometric scanners are functional and compatible with the Netbook systems. The Digital Cameras to be used with the system would be compatible with the Netbook system. 3G/Wi-Fi Internet connectivity to be available on the Netbook system for connection to the Collation Server at PenCom. The Signature pad to be used will be compatible with the Netbook system The Minimum storage facility of each system will be 600GB (solid state). The System should be small and portable (mini).
The Netbook system comes with digital security. The Netbook system to have removable CD drive.

17 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

11.

SOFTWARE REQUIREMENTS (GUIDE)


Note: These are guides only, the Vendor is at liberty to vary the software specifications in order to satisfactorily and efficiently meet the project requirements, whilst clearly indicating all or any variations introduced.

1. Biometric specification: capturing/management capability a. Ability to capture 10 fingers b. Minimum 500dpi 2. Photo Specification: Capturing/management capability a. The passport should be in a JPEG format with pixel dimensions of 120*140 and resolution of 96pixel/inch (minimum). b. Full face frontal poses with both eyes and ears visible c. The full face poses to cover 70-80% of the photo 3. Signature: capture/management capability a. The signature should be in JPEG format with a pixel dimension of 120*140 and the resolution should be 96pixels/inch (minimum) 4. Biodata capture/management capability (for the specified MINIMUM fields listed below) also contained in the Mandatory Biometric/Biodata Update Form a. b. c. d. e. f. g. h. i. j. k. l. m. n. o. p. q. r. s. t. u.
18 | P a g e

First name Surname Middle name Date of Birth Address (1-3 fields Minimum 250 Characters) Telephone/mobile number 1 Telephone/mobile number 2 Email Type of identification Identification number Next of Kins name (First, Middle and Surname) Next of Kins telephone/mobile number Next of Kins Address (1-3 fields) Next of Kins email Address Name of Employer organisation Address of Employer (1 3 fields) Salary scale Designation Level. Date of first employment Place of Posting

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

5. The system should be able to identify and indicate already registered RSA Clients on the field. 6. The local database should be able to store segmented records. 7. Decode dump file of records and upload into local database 8. Dump and encode file from local database 9. Push data over to Collation Server via web services 10. Ability to perform first level (Remote) and second level (Collation Server) AFIS-compliant and uniqueness tests. 11. Allow PFAs to accept AFIS-compliant and unique biometric, certified in the Collation Server, before being adopted into the PFA database via PENCOM database. All items okayed by Collation Server but not accepted by the PFAs should be subjected to the resolution process.

19 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

12.

FORMAT FOR PROPOSAL RESPONSE


1.

Executive Summary - Brief profile of the Company. - Experience in Data Capture Service and/or similar services - List of Client references Technical Information - Description of the solution methodology/approach - Implementation Process & Timelines: Detailed work plan for the deployment of the Solution, including timeframes and deliverables. - Major Milestones & Achievements - Detailed Requirements from PENOPS/PENCOM. Commercials - Detailed cost model, with separate headers for Hardware (Collation Server and Remote Equipments), Software (for Host Server and Remote systems), HR and Logistics, etc.; including payment terms. - Training on the Solution. - Integration Support and Maintenance Plans for the Solution References - Detailed list of at least three (3) Companies or Institutions that similar comprehensive services have been offered including their addresses, Contact Person(s) and Telephone numbers. Appendix - Any other information e.g. Alternate Solution or Services to achieve results, Additional Benefits, Project Team Staffing (resumes and relevant experience and qualifications of key staff and Management personnel) etc. - 3-year tax clearance and PENCOM Certificate of Compliance.

2.

3.

4. 5.

6.

20 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

13.

INTENT TO RESPOND
PENOP requests that parties electing to respond to this RFP submit an Intent to Respond. The Intent to Respond must be via email to afisprojectRFP@penop.com.ng, copying afisproject@penop.com.ng, and received prior to close of business on Wednesday 19 September 2012. Included in the Intent to Respond shall be the following: Formal name of the organization responding Statement indicating intent to respond Contact information of nominated officer responding, including email address and GSM numbers.

This information is required for planning of the related briefing meeting to be held on Friday 21 September 2012, and to enable PENOP invite interested vendors to the meeting.

14.

TERMS AND CONDITIONS


1. 2. PENOP is not liable for any cost incurred by vendors in their response to this RFP. To be considered, bidders must submit a complete proposal in the format specified in this RFP on or before the date specified in the RFP / advert. Proposals should be prepared simply and economically, providing a straightforward, concise description of the Vendors ability to meet the requirements of the RFP. No portion of the work shall be subcontract to a third-party Vendor without the prior written consent of PENOP. By submitting proposal in response to this RFP, the successful bidder represents that they have read and understand the scope of requirements and have familiarized itself with all the Federal, State and Local laws, ordinances and rules and regulations that in any manner may affect the cost, progress, or performance of the work. All financial information requested with the RFP must be included within the proposal and should provide breakdown of the cost of the project. Failure to include the information may result in automatic disqualification.

3.

4. 5.

6.

21 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

7.

Short-listed Vendors will be invited for further discussions/negotiations. PENOP is not obliged to respond to interested Vendors that are not short-listed. PENOP is also not obligated to reschedule meetings for invited Vendors who missed the meeting appointments.

15.

ENQUIRIES
All enquiries in relation to the RFP should be sent via email to: afisprojectRFP@penop.com.ng, copying afisproject@penop.com.ng, with subject as Bio-Capture and Update Application RFP Enquiries.

16.

PROPOSAL SUBMISSION FORMAT(S) AND DATE


Soft copy proposals should be submitted in PDF format and sent to afisprojectRFP@penop.com.ng, copying afisproject@penop.com.ng, Please note that PENOP is not responsible for server delivery failures and the nonreceipt of the soft copy will lead to disqualification, whether or not it was sent before the deadline expiration. Proposals must reach the above E-mail Addresses no later than 10:00am on Friday, 28 September 2012. Please note that late submissions will be disqualified.

22 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________

17.

SOLUTION REQUIREMENTS LISTING


Category

SN Application Requirements

REQUIREMENT AVAILABILITY* COMMENTS STATUS FS PS NA (MANDATORY OR DESIRABLE) 1 Application must be secure and App function MANDATORY data encrypted 2 Ability to Refresh data without App Function MANDATORY having to log-in again 3 Ability to access application App Function MANDATORY online or offline and then download data subsequently 4 Ability to Check for AFIS Unique App Function MANDATORY values to avoid duplicates 5 Ability to collect fingerprint MANDATORY images from several stations simultaneuously and send for processing at DB for matching 6 Ability to decode / detect human App Function MANDATORY finger thread against other types 7 Ability to integrate with PENCOM App Function MANDATORY verification and validation application 8 Ability to pull data from database App Function MANDATORY or where capture is done offline, system should generate unique ID number to tag 9 Ability to run AFIS check App Function MANDATORY independently on capture application as first level check on collected data 10 Ability to track processed and App Function MANDATORY stored information on system 11 An ability to provide real time verification and identification services to online/offline verification systems 12 Client app must be able to capture fingerprints (Minimum of 2 fingerprints or all 10), signature and photograph 13 Client app must be able to download and upload to server over telecom network 14 Client app must be fast in search local and remote database App Function MANDATORY

App function MANDATORY

App function MANDATORY App function MANDATORY

15 Client app must do some App function MANDATORY verification at point of capture 16 Deploy a software that will App Function MANDATORY capture Biometrics from a Biometric scanning device 17 Flexible architecture to enable App Function MANDATORY standard and adhoc report

23 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________
generation 19 Provision for prompt statistical App Function MANDATORY analysis through report generation 20 The client application should be able to generate a confirmation number which will be issued out to the RSA holder as proof of participation in the exercise. 21 The client application should comply with the resolution as required by PENCOM and should also check for completeness and uniqueness on its local database and should flag exceptions and duplicates. 22 The client should be set up on a mobile system (Netbook with webcam and finger print scanner) and should maintain a local database. 23 The entire solution should be robust enough to handle very large bio database with minimal performance degradation. 24 The software should have the capacity to validate and detect duplicates thump prints at capture level. (should not enforce blocking) 25 The system (capture & Collation Server) should have full support for multi-user operation. 26 The system (capture System) should have the ability to display images immediately they are captured - for verification and validation - before processing 27 There should be an automated routine for importing and exporting data between the client side application and the server side application. 28 User-friendly Data Entry interface for easy data storage 29 Biometric Scanner must installed with each system App function MANDATORY

App function MANDATORY

App function MANDATORY

App function MANDATORY

App Function MANDATORY

App Function MANDATORY App Function MANDATORY

App function MANDATORY

App Function MANDATORY

be Hardware

MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY

30 Provide a common platform for Collation Biometric update 31 Provide all PFAs with their distinct Collation PINs or based on update status as required. 32 Collation System should also check Collation intra PFA Biometric duplicate 33 A multi-tier business architecture Security

24 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________
which offers differentiated access, security and look and feel for different types of users classes 34 Ability to allow data backup Security 35 Ability to conduct user access management on the application, including adding users, unlocking users, expiring users, forgotten password management. 36 Ability to export to MS Office or PDF, CSV & XML directly from the collation server by PFA 37 Ability to log on with a registered user name and password - only registered users can use application 38 Ability to maintain complete audit trail Security

MANDATORY MANDATORY

Security Security

MANDATORY MANDATORY

Security

MANDATORY

39 Ability to reset and lock passwords Security on the capture application (using some secure key) 40 Ability to support multiple level of Security users (roles and IDs - managers, field users, supervisors etc) 41 Admin role of database must not Security have default password. 42 Allow separation of Admin Role Security and Operational roles - admin role should not have access to operations and vice versa. 43 Audit trails of all activities on Security application should be available 44 Capacity management plan should be submitted by the vendor. 45 Date & Time of Capture / data update to be available on the audit trail 46 Date of Creation (and deletion) of Operator account to be available on audit trail. 47 Dates of user entry and exit, reset, password change, and wrong password attempts to be captured by application. 48 Forced password change at first logon should be enforced. Security Security Security Security

MANDATORY MANDATORY MANDATORY MANDATORY

MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY

Security

MANDATORY MANDATORY

49 Full tracking of all user activities Security and all database statements should be available on the database. 50 Indexes should be created on the Security database for all major searches by the application

MANDATORY

25 | P a g e

Request for Proposal (RFP): Nigerian Pension Clients Biometric Data Capture. September 2012 __________________________________________________________________________________
51 It should be possible to have a User Role that only allows a read only view of the application. 52 License for database server should come with the software or pricing should be explicitly stated as separate. 53 Location of Capture - state and Local Govt. Area to be captured by application 54 Maximum Password Violation Attempts : 3 attempts 55 Minimum Password Length : 8 56 Operator ID 57 Password History : 10 12 58 Password Life : 30 days Security Security MANDATORY MANDATORY

Security Security Security Security Security Security

MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY MANDATORY

59 Password should be Alphanumeric Security 60 Routine Maintenance plan Security including database management should be submitted by the vendor. 61 Session Time-out : 5 15 mins Security 62 Technical Documentation must be complete. 63 The System Admin role should not be without password 64 Users with admin rights should not have access to any operational area of the application (except read-only access) 65 Server app must be able to validate biometrics 66 Server app must have reporting capabilities 67 The server side application, upon the importation of records from the client application, should also carry out the completeness, resolution and uniqueness tests and should flag exceptions and duplicates. 68 The server side solution database should be such that can be easily and seamlessly integrated into each PFA's core application with minimal cost. Security Security Security

MANDATORY MANDATORY MANDATORY MANDATORY

Server Server Server

MANDATORY MANDATORY MANDATORY

Server

MANDATORY

Legend: FS Fully Supported, PS Partially Supported and NA Not Available

18.

APPENDICES
Data Capture Flowcharts and PENCOMs AFIS Specifications

26 | P a g e

Data Capture Centre Activity Workflow

Start

Client visits Data Capture Center and collects Biometrics/ Bio data update form

Client

The client fills the Biometrics/Bio data update form.

The filled Bio data update form is handed over to the documentation Agent for review along with a proof of RSA account (Welcome Letter/RSA Statement).

Client ticks name change required ? checkbox.

On receipt, the agent ensures the availability of the clients proof of RSA account.

Is Proof available? YES

NO

Client is politely advised to provide a proof of RSA account before being attended to.

End

Documentation Desk (Agent 1)

The agent subsequently validates the PIN on the completed form against that on the proof of RSA account.

Is PIN valid?

NO

The client is advised to correct the PIN on the form with the PIN on the proof of RSA account.

Client is told to tick the name change required? checkbox on the form

YES The agent then validates the clients full names on the completed form against that on the proof of RSA account. Agent enters the date, serial number, and signs off on the stamped area. Both the completed Bio data update form and proof of RSA account are collected from the client and stamped. Is name change checkbox ticked

Does full names correspond?

NO

Both documents are passed on to the verification agent

YES The agent registers the Client in the Clients PFAs Biometric/Biodata Update Register using the PIN and RSA holders names.

YES

Verification desk (Level 1)

Data Capture Centre Activity Workflow Part II

Verification desk (Level 1) 1st Level Verification Agent

Agent checks on the local Clients Database to verify client data using RSA PIN.

Clients RSA PIN found?

YES

The clients Picture and Signature is displayed for verification

Is Picture/ Signature on local system?

YES

Reasonable degree of resemblance?

Both the Bio data update form and proof of RSA account are stamped and the YES agents satisfaction is indicated on the stamp.

NO Agent ticks YES in the section on the form RSA PIN not on local database(YES/NO)

NO Agent ticks the comment box Picture not on local database/Signature not on local database

NO Notes his/her opinion on the document by ticking the appropriate comment box for Picture/Signature verification (Satisfied, Not Sure, Not Satisfied). The client is directed to the capture agent for data capture.

Client is passed to Validation Agent (2nd level verification).

The client is directed to the Validation Agent (2nd level Verifier for further verification.

Verification desk (Level 2) Validation / 2nd Level Verification Agent

Agent searches on the collation server for Client details

Clients data found?

NO

The client is politely told to contact his PFA.

Validation agent ticks the comment boxes Picture not on collation server and Signature not on collation server and also tick YES in the section on the Form RSA PIN not on Collation Server?(YES/NO) Both the Bio data update form and proof of RSA account are stamped and the agents dis-satisfaction is indicated on the stamp.

YES Validation agent ticks the 2ND Level comment boxes for Picture and Signature Verification (Satisfied, Not Sure, Not Satisfied) Is Picture/ Signature on local system? NO The document is passed to the Data Capture Agent who notes Validation agents comment as final on the system Agent ticks the comment box Picture not on local database/ Signature not on local database Reasonable degree of resemblance? NO

YES

YES Agent notes his/her opinion on the document by ticking the appropriate 2nd Level boxes for picture/ Signatureverification

If the Clients identity cannot be verified but no foul play is suspected, the Agent is to politely explain to the Client the inconsistencies and advise the client to contact his/her PFA.

End

Data Capture desk

Data Capture Centre Activity Workflow Part III

Agent captures the clients fingerprints

Data Capture desk

Agent takes the clients Photograph

A confirmation slip is printed and given to the client

The RSA Holder is advised to confirm the RSA PIN, Full names, picture and Signature by examining the details on the Slip

The central database (collation server) is updated with the capture details.

End

Agent captures the clients signature.