E-Commerce - Online Shop (B2C)

8.01🔴

Cloud and Multi-Device Accessibility Can your solution allow for cloud based, mobile based and/or web-based usage?

8.02🔴

Type of E-Commerce Solution Design Does your submission include a comprehensive "Business Proposal.pdf" document for each PSG package that contains all of the following mandatory components? Please follow this template Technical Scope of work: a. Detailed description of homogenised UI/UX templates b. Implementation of mandatory modules: Content Management System (open source/customised), secured e-payment gateway, online purchasing, website traffic analysis, inventory management, promotion management, customer loyalty management, mobile optimisation c. Backend system integration capabilities Project Parameters: a. Breakdown of professional services in man-days b. Implementation timeline with clear milestones and deliverables c. Project sign-off criteria at each milestone d. Post-implementation support scope e. Terms of engagement including payment schedule f. Clear termination clauses and dispute resolution process The proposal must not contain any non-supportable items such as digital marketing services, digital assets creation, third-party costs, hardware, and training courses. Please upload the document.

8.03🔴

Content Management System Does your solution include a Content Management System (CMS) that is open source or customised? Eg. Wordpress WooCommerce, Magento, OpenCart, PrestaShop and etc

8.04🔴

Online Shop Modules Does your solution facilitate the creation of online shop front with the following functions? a. Secured E-Payment Gateway, e.g. stripe, paypal, etc. Note: E-payments must generate an automatic payment acknowledgement back to the e-commerce website or must have real time payment verification. The users should not update "Paid status" manually. b. Online Purchasing, e.g. allowing customers to perform a purchase transaction via the solution c. Website Traffic Analysis, e.g. set up of google analytics, Facebook Pixel d. Inventory Management e. Promotion Management, e.g abandon cart reminder, pop up marketing notice f. Customer Loyalty Management Please provide a detailed writeup for a. to f.and and attach relevant brochures/screenshots in your online submission.

8.05

Generative AI (Gen AI) Capabilities Does your solution demonstrate ALL of the following Gen AI capabilities? a. Prompt-Based Generation of Multi-Page Websites: Generate websites (with interconnected web pages e.g. Home, About, Contact) through natural language prompts, without any coding or technical knowledge required. b. Prompt-Based Website Customisation: Customise website content, design, functional features based on clients' specific business needs and preferences using natural language prompts. c. Search Engine Optimisation: Generated Websites/Web Elements/Content are optimised for Search Engines (e.g. Generation of SEO-friendly Meta descriptions, Title tags, Content structure, URL structures etc.) d.Prompt-Based Website Management: Once the base website is created, the user can make further adjustments/direct edits and easily manage the site (e.g. via drag and drop, through natural language prompts etc).

8.06🔴

System Integration and Connectivity Does your solution include backend systems integration with customer relationship management, inventory management, Online-to-Offline (O2O) logistics, integrated marketing/engagement?

8.07

Mandatory to provide a response

Personal Data Protection Can your solution demonstrate compliance with the following Personal Data Protection requirements? Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020). Please complete the Compliance with the Personal Data Protection Requirements form at https://go.gov.sg/pdp

8.08🔴

Vulnerability Assessment/Penetration Testing (VA/PT) Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities. Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications. If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope. Note: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.