KPRA Website Development Firm

Job Description

Complete details of assignment provided in PDF attachment (RFP_KPRA Website Development) – all serious vendors are to refer to PDF Sheet for guidance on submitting proposal’

Sustainable Energy and Economic Development (SEED) is a £37.5 million programme that aims to support provincial economic development and sustainable energy in Pakistan. It will support the province of Khyber Pakhtunkhwa (KPK), to plan and finance the infrastructure and investment it needs for growth, jobs and prosperity. The programme will also address Pakistan’s energy crisis by providing innovative financial solutions to industry for the adoption of sustainable energy practices. Within SEED, ASI has been contracted to deliver the first component - Improved Economic and Urban Planning in Khyber Pakhtunkhwa (KP) – with a budget of £15 million. The outcome of the programme will be public and private investments generate greater economic, social, and environmental returns. The programme will be managed by the UK’s Foreign Commonwealth and Development Office (FDCO).

Khyber Pakhtunkhwa Revenue Authority (KPRA) is responsible for collection and administration of sales tax on services and has made strong efforts in recent years to grow revenue. Through a combination of legislative levers and increased collection and recovery efforts, KPRA has succeeded in doubling STS revenue from Rs. 10.3 billion in FY 2018-19 to Rs. 20.8 billion in FY 2020-21. KPRA is now aiming to maintain this growth momentum and to further increase revenue to Rs. 35 billion over the next few years. KPRA’s target for FY 2021-22 is Rs. 27.4 billion, with aspirations to grow at an average rate of 25% annually for the next 4 years.

Achieving these ambitious growth targets requires a systematic and sustained reform effort on the part of KPRA at every level of the institution. To help achieve its revenue targets, SEED has been assigned by the finance minister, to redesign KPRA’s website to better serve its users and taxpayers. The website will act as a vital tool for connecting tax payers and businesses with KPRA.

The existing KPRA website (see www.kpra.gov.pk) was designed and developed in 2018 by the software team of KPRA. The navigation and design specifications were developed by KPRA. Minor additions and modifications have been made to a few key pages from time to time.

The current website is outdated in appearance, structure, functionality and in the presentation of content. There are approximately 40 webpages of kpra.gov.pk; not including additional PDFs, images, videos, and unlinked archive pages. Being heavy in text and links; it clearly lacks strategy and consistency. The website also has responsiveness issues on different screen sizes (tablet and smartphone etc.).

An opportunity exists to re-engineer the site to better reflect the mission of KPRA and incorporate the latest web technologies. The new website is expected to be user-centric (tax payers), responsive and aesthetically pleasing. Upon completion of development and deployment of the site, KPRA will assume full responsibility for website content, maintenance and administration. All content, coding and graphics will become the sole property of KPRA.

These Terms of Reference (ToRs) provide guidelines for the design, development, deployment, and maintenance of KPRA website.

Adam Smith is accepting proposals to design and develop a new website for KPRA. This will be a design to completion project involving a complete overhaul of the website. The purpose of this RFP is to provide a fair evaluation for all candidates, and to provide the candidates with the evaluation criteria against which they will be judged. The specific objectives are:

1. Design and develop an interactive and professional website to support users to view important tax-related information in the form of acts, rules and notifications;

2. Organise the website pages to allow ready access to sub-pages and other useful information sources in KP;

3. A non-relational repository to host all the web pages on the server;

4. A relational repository to host the data related to compulsory taxpayers list and usage statistics;

5. Develop user-friendly data entry modules for future data and files entry;

6. Develop customizable themes that the administrators can adopt and add new sub-pages as needed;

7. Provide adequate storage and back-up facilities for the data.

Being the premier provincial tax collection authority, KPRA caters to the needs of a diverse set of users (individuals and businesses). Broadly, the main features of the intended website are as follows:

1. Functional KPRA website containing all the crucial elements of the existing website, keeping in mind the original scope, objective and end user;
2. Well designed and user-friendly interface that adheres to specific UI standards provided by Microsoft, Apple and Google respectively;
3. Well supported on well-known web browsers such as Chrome, Edge, Firefox and Safari;
4. Admin panel with options to manage the data, web-pages, and themes using latest combination of technologies;
5. Responsive design that is optimized for different screen sizes, especially mobile smart phones (android and iOS) and tablets;
6. Good loading speed for end user;
7. System of search and filters;
8. Optimized for search and social web;
9. Clear catalogues & folders with attractive page layout, easy to use, update and maintain
10. Flexible navigation & search function;
11. Responsive design;
12. Backup store;
13. Use of open-source technologies for avoiding licensing cost;
14. Relational and on-relational datastore for storing data and usage statistics;
15. Protection of intellectual property rights of the client;
16. Ability to recover from failures;
17. Encrypted / secured communication between web server and web browser;
18. Ability to cope with known security threats;
19. User activity logs and web-pages access statistics.

There are two key components of the website: 1) public user interface and 2) administration module

The Public User Interface is a set of web-pages that are publicly accessible. These web pages contain information and relevant material required by the individual tax payers and businesses to get their tax related information (news, acts, notifications and reports etc.). The tax payers can also use the interfaces to get help in e-Filing of taxes and file complaints / dispute proceedings. The public and other relevant authorities can use the pages to get an updated status about the goals and performance of KPRA. The interface should be able to support a large volume of simultaneous users. The public user interface consists of menus and web pages as follows;

1. Header menu that arranges links in groups (home, individual, businesses, About KPRA, FAQs etc.) and sub-groups (acts, rules, regulations, galleries etc.) based on importance. (Ranking will be decided in consultation with the relevant authorities);

2. A high-quality logo in vector form;

3. General information regarding acts, rules and regulations;

4. e-Registration (links);

5. List of compulsory registered taxpayers;

6. Filtering / search site by keyword;

7. KPRA (About us)

a. Introduction, vision, mission, history, mandate, messages and strategy

b. Organization structure

c. Governance structure

d. Regional offices (Peshawar, Mardan, Abbotabad etc.)

e. Jobs / careers

f. Tenders, tendering processing, tendering rules

g. Research and statistics

h. KPRA library

8. Consultation Desk;

a. Consultation

b. Customer Care

9. Newsroom;

10. Frequently Asked Questions;

a. Categories

b. Searchable

11. Tax Tables;

12. Tax Calculator (for all taxable services as per schedule II of the Finance Act, 2013 (as amended))

13. KPRA Annual Reports and numbers;

14. Staff profiles / biographies;

15. Media center and Gallery;

a. Events (text, photos, images)

b. Workshops and activities

c. Public Awareness Programs

16. Key initiatives;

17. Online Services;

a. Technical support

b. System Maintenance

18. What’s new (typically in the right-top corner);

19. Links to other government / relevant sites;

20. Digital accounts and profiles for KPRA IT officials;

21. Complaint / Suggestion Form;

a. Complaint / claim

b. Object to KPRA decision

c. KPRA Legal Framework

22. Performance Overview (Tax-base broadening) collection over the years;

a. Forecasts / Tax collection projections

b. Major sectors and their performance

23. Downloads;

a. Application forms

b. Acts

c. Notifications

d. Annual reports

e. Rules / regulations

f. Tenders

g. Others

24. Online service for businesses;

25. Media;

a. Video on Sales Tax on Services

b. Video on services for businesses

26. Site Languages (Urdu / English);

27. Find a local office;

28. Your Rights and Obligations;

29. Tax avoidance;

30. Category Individual;

a. Online services

b. New to Tax

c. Registration

d. Starting work

e. Individual sales tax rates

f. Let’s determine if you need to pay tax to KPRA

g. How to apply for STS registration

h. Relevant tax rates

i. Tools and calculators

j. Forms and instructions

k. How do I pay my taxes?

l. How to declare my sales

m. Help and Support

n. Complaint and Redressal

o. Records you need to keep

p. Invoicing

q. If you don’t pay (Tax avoidance taskforce)

31. Category Association of Person (AoP);

a. Not necessarily registered with SECP

b. Registered with FBR having NTN

32. Category Businesses;

a. Tax Groups (property sales, rentals, restaurant, hotels, grocery items etc.)

b. News and events

c. Online Services

d. New to Tax

e. Registration (work out which registration you need)

f. Update your details

g. Starting work

h. Relevant tax rates

i. Let’s determine if you need to pay tax to KPRA

j. How to apply for STS account

k. Tools and Calculators (how much do I pay?)

l. Forms and instructions

m. How do I pay my taxes?

n. How to declare your sales

o. Help and Support – Live Chat (within duty hours)

p. Complaint and Redressal

q. Records you need to keep

r. If you don’t pay

s. Consultation Desk and Guidance

33. Residential Rental Properties and Hotels;

34. eFile Services (notifications);

a. Due dates

b. Tax time 2021

c. News and alerts

35. Footer containing important links and information;

This module consists of a user interface, a database, and reporting. The interface will be used by the KPRA IT team to manage and maintain information on the website. It will help the administrators enter important data and keep a bird-eye view on the site access and will be able get usage statistics.

The primary mode of administration will be through a web-based interface. The firm is expected to design and implement a web-based interface which the administrators will use to enter data. The administration side requires availability of the following features:

1. The creation of user accounts for all administrators;
2. A complete repository of all website material;
3. Online adding of sections (news and galleries) to the web-pages;
4. Listing of all webpages with tree-layout and access statistics;
5. Content upload in the form of text, audio and videos;
6. A customizable dashboard where an administrator can get a bird’s eye view of the status of webpages;
7. Access to historical records – administrators can access the historical records;
8. Notifications;
9. Reports and Analytics;

10. No of tables, rows

The firm is expected to design and implement a database. This will include schema that stores the compulsory taxpayers list and website usage statistics.

KPRA publishes compulsory taxpayers list on its website to potential individuals and businesses. The list is provided by different sub-regions and is then published. The list contains the names of individuals and businesses that are marked for filing their taxes. Data is currently collected in hard copy format and then published in pdf / jpg formats. The database tables are expected to hold the update list, viewable on website and is searchable.

The database is also expected to record the usage statistics. The statistics in the form of reporting will be visible to the administrators.

The database will be a single schema with a maximum of 20 tables. The firm is encouraged to use open-source technologies to avoid recurring costs.

Hosting

The firm is required to provide cloud hosting services to KPRA for a duration of one year. The service provider will be approved by KPRA and the server will host the Web-dashboards, datastore(s) and background services (backup etc.).

Software Interfaces / Communication

Communication between different system components will be performed using web-supported restful APIs. The API Server will act as a middleware facilitating communication between different software components. The APIs will use Jason Web Tokens (JWT) for authentication.

The system consists of the following software interfaces:

1. The XAMP(P) / NGINX server provides an interface to the background services (login, API calls, Backup, and notifications etc.);
2. The Data Storage Service (DSS) provides an interface to the datastore;
3. SQL Server (version 7 or later) provides interface to the database;
4. The Public-User-Interface-Communication (PUIC) provides communication between the PUI and system services;
5. The KPRA-Administrators-Interface-Communication (KAIC) provides communication between the KAI and system services

Security

The system must support and maintain up-to-date data and system security protocols. The proposed software should fully follow the OWASP recommendations to prevent latest identified security vulnerabilities, including but not limited to:

I. Inject flaws

II. Broken Authentication

III. Sensitive data exposure

IV. XML External Entities

V. Broken Access Control

VI. Security Misconfiguration

VII. Cross-site scripting XSS

VIII. Insecure deserialization

IX. Using components with known vulnerabilities

X. Insufficient logging and monitoring

For more details and updates see https://owasp.org/www-project-top-ten/

The following security measures are required.

1. The server security will be the responsibility of the owner of data-centre or hosting agency

2. The applications will be secured using end-to-end authentication mechanisms

3. The APIs will be secured using JWT

4. Access to the data will be role-based

5. The communication between web-server and browser will be encrypted and secured using SSL

6. Reporting of any of the above attacks to the administrator

The development of the system would:

1. Adhere to specific UI standards provided by Microsoft, Apple and Google
2. Adhere to the specific UI standards of different screen sizes (Smartphones and Tablets)
3. Standardize the storage of content
4. A model for security of message and service authentication

The firm is expected to apply backup and availability features as follows:

1. Backup relational database

2. Backup web-pages and its content

3. Cron jobs (that runs at midnight) supporting data and website backup

4. 24 hours availability of all the material / services or according to the schedule of KPRA

A user with 500kbps internet speed should be easily able to load and navigate the web-pages. The system will be able to support 100,000 simultaneous users without incurring performance / load latencies. The system is expected to support digital profiles for 5000 KPRA administrators.

The firm must develop manuals for system administration and functional use. The consultant must conduct training sessions for designated administrators.

The firm is encouraged to use the open-source technologies. However, if a license software is absolutely required, then the costs of that software should be included in the financial proposal. Any recurring costs should also be clearly marked.

This phase will last one year after the launch and testing phase of the website. In this time, the firm will be responsible for ensuring smooth operation of the website, including ensuring that the KPRA IT staff are trained to operate the system on their own and that transition from the firm to KPRA takes place in a smooth manner.

In addition, the firm will be responsible for addressing all user level queries, fixing bugs, changing configurations, patch upgrades, database administration etc. The system should host a help desk where users can log problems using the portal, for the firm and eventually KPRA IT team to address. A Service Level Agreement should be proposed separately for the operations and maintenance phase.

1. An initial software requirements document will be provided to the firm. The firm is expected to undertake a needs assessment of the users and incorporate this in their software/system requirement specification document.

2. The look and feel of the new website should be visually appealing (i.e., with an attractive mix of texts and graphics), have a unified theme and design, and be easy to navigate.

3. The firm is expected to implement the website in latest software framework preferably in Laravel. A combination of php, JavaScript, and other style templates could be used to further enhance the system.

4. It will be useful to have a look at some of the best practices globally for such websites which include:

i. https://iris.gov

ii. https://www.ato.gov.au

5. The website is expected to get an SEO score of 70 or above. The SEO score is a measure of quality of user-interface and technical aspects of the website. For more information please visit:

https://www.seobility.net/en/seocheck/

6. While all the data and webpages shall be linked to the database, the content of the database shall also be editable. For this we would like to have a reliable Content Management System (CMS) that will permit administrators to instantly update website content and add modules or sections.

7. While the website itself may be developed remotely, the representative of the firm is expected to travel to Peshawar when required, especially to develop an understanding of the requirements, and provide support and training.

January 2022 to May 2022.

The firm is expected to complete the development of the website in a period of not more than 5 months. The firm is expected to provide a detailed work plan, considering the deliverable and deadlines. The firm is expected to provide maintenance support to KPRA for one year following the development of the portal.

SEED may terminate the contract for any of the following reasons:

• failure of the firm to meet the requirements specified in the RFP and agreed upon in the contract;
• failure of the firm to meet agreed-to deadlines.
• failure of the firm to resolve problems in a timely manner;

Sustainable Energy and Economic Development (SEED) Programme is assisting KPRA in the development of website. The firm will report to the workstream lead at SEED, however, the KPRA must be satisfied with the quality of each deliverable. It is expected that the firms will report (through a small slides deck) monthly till the development of the website.

About the Organization

Adam Smith International is a global advisory company that works locally to transform lives by making economies stronger, societies safer, and governments more effective. We work on behalf of governments, foundations and companies that share our ambition to take on the big challenges facing the world. They come to us to develop strategies and to design, deliver and evaluate programmes that, in turn, stimulate growth, stability and good governance.

For nearly three decades in almost 100 countries, we have been working in partnership with governments, the private sector, and civil society in countries at all stages of development.

Our core team of staff and technical experts, in multiple offices around the world, ensures the quality of delivery and high ethical standards that we and our clients require. We bring together a global network of specialist experts, who contribute their experience and know-how, where and when it is needed.

ASI is owned and operated by its employees. We are committed to corporate integrity and a triple bottom line of social, environmental, and financial performance.

More information