E-Commerce - Online Shop (B2C)

Provide businesses with secure online storefronts to sell products and services directly to consumers. The system includes secure payment processing, inventory management, and user-friendly interfaces for product listings, enabling businesses to establish and manage their digital retail presence.

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Cloud and Multi-Device Accessibility

Main Question: Does your solution allow for cloud-based, mobile-based, and/or web-based usage?

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - E-commerce Online Shop

Main Question: Does your solution allow the company to perform the following functions?

Core E-commerce Requirements: a. Create and manage online product catalogs with categories, descriptions, images, and pricing b. Shopping cart functionality with add, remove, and modify capabilities c. Secure checkout process with multiple payment options d. Order management system (order tracking, status updates, fulfillment) e. Customer account creation and management f. Inventory management and stock tracking g. Product search and filtering capabilities h. Mobile-responsive design for optimal mobile shopping experience

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Q3 🔴 Mandatory - Payment Gateway Integration

Main Question: Does your solution integrate with secure payment gateways and support multiple payment methods?

Payment Integration Requirements: a. Integration with major payment gateways (PayPal, Stripe, local payment processors) b. Support for multiple payment methods (credit/debit cards, digital wallets, bank transfers) c. Secure payment processing with SSL encryption d. PCI DSS compliance for payment security e. Support for local payment methods (PayNow, GrabPay, etc.) f. Automated payment confirmation and receipt generation g. Refund and partial refund processing capabilities

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🔴 Mandatory - Order and Inventory Management

Main Question: Does your solution provide comprehensive order and inventory management capabilities?

Order and Inventory Management Requirements: a. Real-time inventory tracking and stock level monitoring b. Automated low stock alerts and notifications c. Order processing workflow (pending, confirmed, shipped, delivered) d. Order history and tracking for customers and administrators e. Bulk product import/export capabilities f. Product variant management (size, color, etc.) g. Supplier and vendor management integration h. Automated order confirmation emails and notifications

🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]

Q5 🔴 Mandatory - Dashboards and Reports

Main Question: Does your solution come with e-commerce analytics dashboards and reporting capabilities?

Dashboard and Analytics Requirements: a. Sales performance metrics and revenue tracking b. Product performance analytics (best sellers, slow movers) c. Customer behavior analytics and purchase patterns d. Inventory turnover and stock level reports e. Order fulfillment and shipping analytics

Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

The dashboard must include at least one of the following interactive features: Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🟡 Preferred - Marketing and SEO Features

Main Question: Does your solution include built-in marketing and SEO optimization features?

Marketing and SEO Features: a. Search Engine Optimization (SEO) tools and meta tag management b. Discount codes and promotional campaign management c. Email marketing integration and automated campaigns d. Social media integration and sharing capabilities e. Product reviews and ratings system f. Cross-selling and upselling recommendations g. Abandoned cart recovery features

🟡 Answer: ○ Yes [Next: Q7] ○ No [Next: Q7]

Q7 🟡 Preferred - Multi-channel Integration

Main Question: Does your solution support multi-channel selling and marketplace integration?

Multi-channel Capabilities: a. Integration with popular marketplaces (Shopee, Lazada, Amazon, etc.) b. Social commerce integration (Facebook Shop, Instagram Shopping) c. Point-of-Sale (POS) system integration for omnichannel experience d. Centralized inventory management across all channels e. Unified order management from multiple sales channels f. Cross-channel analytics and reporting

🟡 Answer: ○ Yes [Next: Q8] ○ No [Next: Q8]

Q8 🟡 Preferred - Shipping and Logistics Integration

Main Question: Does your solution integrate with shipping carriers and logistics providers?

Shipping and Logistics Features: a. Integration with major shipping carriers (SingPost, DHL, FedEx, etc.) b. Real-time shipping rate calculation c. Automated shipping label generation d. Package tracking integration e. Multiple shipping options for customers f. Local delivery and pickup options g. International shipping capabilities with customs documentation

🟡 Answer: ○ Yes [Next: Q9] ○ No [Next: Q9]

Q9 🟡 Preferred - AI Features

Main Question: Does your solution incorporate AI in your core features and functions?

🟡 Answer: ○ Yes [Next: Q10] ○ No [Next: Q11]

--

Q10 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q9

Main Question: Describe your AI feature and its benefits. Examples are:

AI Features Examples: a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Intelligent product recommendations and personalization d. Dynamic pricing optimization based on market conditions e. Automated inventory forecasting and demand prediction f. AI-powered chatbots for customer service g. Image recognition for product categorization and tagging h. Fraud detection and prevention systems i. Others, please specify

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q11] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q11 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q12] ○ No [⚠️ Cannot Proceed]

Q12 🔴 Mandatory - Personal Data Protection

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q13] ○ No [⚠️ Cannot Proceed]

Q13 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Note: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q14] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Text Elaboration Required: [Text Box for Description/Details]

Q14 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q15] ○ No [Next: Q17]

Q15 🟡 Preferred - CEM for Product Principal

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q16] ○ No [Assessment Finished]

--

Q16 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q15

Main Question: Please specify the following information:

Certification Requirements: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Text Elaboration Required: [Text Box for Description/Details]

Q17 🟡 Preferred - CEM for Resellers

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Additional Information: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Note: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q18] ○ No [Assessment Finished]

--

Q18 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q17

Main Question: Please specify the following information:

Certification Requirements: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Text Elaboration Required: [Text Box for Description/Details]