Connected Business Suite

Instructions

• This page helps you prepare "Solution Requirements" section in Vendor Management Portal and you will see the exact questions and flow.

• 🔴 Mandatory questions: Must answer "Yes" to continue

• 🟡 Preferred questions: Can answer either way and continue

• Follow the question flow as indicated

Q1 🔴 Mandatory - Cloud and Multi-Device Accessibility

Main Question: Does your solution allow for cloud-based, mobile-based, and/or web-based usage?

🔴 Answer: ○ Yes [Next: Q2] ○ No [⚠️ Cannot Proceed]

Q2 🔴 Mandatory - Digital Ordering and Payment

Main Question: Does your solution allow customers to:

Customer Capabilities: a. View the food menu to place orders b. Self-order for dine-in and/or takeaway c. Make secured e-payment* (credit card, PayNow, or equivalent) directly via the app or website d. Receive e-receipts

Payment Requirements: *Customers are encouraged to make e-payment via the app/ website during bill settlement.

Exclusions: All hardware, POS software, kitchen management modules, kitchen display solutions, e-commerce sites/ integration to e-commerce sites, e-waiter, e-menu, automated reservation, and queue management are not supported.

🔴 Answer: ○ Yes [Next: Q3] ○ No [⚠️ Cannot Proceed]

Q3 🔴 Mandatory - Food Menu Management

Main Question: Does your solution include a food menu module that allows F&B operators to manage food menus?

🔴 Answer: ○ Yes [Next: Q4] ○ No [⚠️ Cannot Proceed]

Q4 🔴 Mandatory - Promotion and Upselling Management

Main Question: Does your solution include a promotion and upselling module that allows F&B operators to:

Required Capabilities: a. Create promotions, and b. Upsell food items through recommendation based on promotions available, related food items or aggregated order trends?

🔴 Answer: ○ Yes [Next: Q5] ○ No [⚠️ Cannot Proceed]

Q5 🔴 Mandatory - Customer Management Management

Main Question: Does your solution allow F&B operators to collect and assess customer data such as customer profile, purchase history, reward or loyalty points etc?

🔴 Answer: ○ Yes [Next: Q6] ○ No [⚠️ Cannot Proceed]

Q6 🔴 Mandatory - Business Dashboards and Analytics

Main Question: Can your solution consolidate customer and sales data from all sales channels and provide dashboards, reporting and/or insights capabilities?

Business Analytics Requirements: A business analytics module that analyses data collected from the digital ordering and payment and customer management modules, inventory and procurement sales, and provides F&B operators with insights on consumption behaviour etc. to support activities such as upselling, menu planning, human resource scheduling, and cost control.

Dashboard Requirements: Your digital solution should have one or more dashboards that provide an at-a-glance overview of key metrics/indicators with at least 4 charts/graphs to help users analyse data through data visualisation.

Interactive Features (Must include at least one): Option 1: Interactive charts/graphs that allow users to interact with one chart and apply that interaction as a filter to other charts on the dashboard, and vice versa Option 2: At least three common filters/slicers applicable to ALL charts/graphs on the same dashboard

🔴 Answer: ○ Yes [Next: Q7] ○ No [⚠️ Cannot Proceed]

Q7 🔴 Mandatory - Inventory Management and Alerts

Main Question: Does your solution come with an inventory management function that allows for real-time updates of inventory level when orders are fulfilled or when the inventory is stocked up? The solution must be able to automatically trigger reminders or alerts when the inventory has reached a pre-set low level.

Package Requirements: You are required to provide a package in Annex with all the features listed in questions 7,8,9 and 11. For the other 4 packages, you may provide a combination of the modules indicated in questions 7,8,9 and 11.

🔴 Answer: ○ Yes [Next: Q8] ○ No [⚠️ Cannot Proceed]

Q8 🔴 Mandatory - Integration to Accounting Management Solution

Main Question: Does your solution integrate with at least one third-party cloud accounting management solution such as but not limited to Xero, Quickbook Online, Financio?

Integration Requirements: Only off the shelf integration to a third-party cloud accounting management solution will be supported. The development of new accounting solutions will not be supported.

🔴 Answer: ○ Yes [Next: Q9] ○ No [⚠️ Cannot Proceed]

Q9 🔴 Mandatory - Integration to Food Delivery Platform

Main Question: Does your solution integrate with food delivery platforms such as Grabfood, Deliveroo and Food Panda?

Integration Requirements: Only off the shelf integration to a food delivery platform will be supported. New development is not supported.

🔴 Answer: ○ Yes [Next: Q10] ○ No [⚠️ Cannot Proceed]

Q10 🟡 Preferred - Integration to Human Resource Management System (HRMS)

Main Question: Does your solution integrate with a third-party Human Resource Management System (HRMS) solution?

Integration Requirements: Only off the shelf integration to a third-party HRMS solution will be supported. New development is not supported.

🟡 Answer: ○ Yes [Next: Q11] ○ No [Next: Q11]

Q11 🔴 Mandatory - Module Integration

Main Question: Are all modules and features in your solution (i.e. digital ordering and payment, customer management module, business analytics and inventory management and/or accounting, food delivery platform, HR) tightly integrated to each other?

Integration Requirements: The cost of integrating solutions provided by the same vendor will not be supported.

🔴 Answer: ○ Yes [Next: Q12] ○ No [⚠️ Cannot Proceed]

Q12 🔴 Mandatory - Training and Technical Support

Main Question: Does your solution

Required Support Features: a. include technical training to admin users and all staff who will be using the system b. allow admin users to perform basic technical recovery and reboot c. include support such as self-help tool for troubleshooting, and offer continuous system enhancements and/or modifications during contract period

🔴 Answer: ○ Yes [Next: Q13] ○ No [⚠️ Cannot Proceed]

Q13 🟡 Preferred - AI Features

Main Question: Does your solution incorporate AI in your core features and functions?

🟡 Answer: ○ Yes [Next: Q14] ○ No [Next: Q15]

--

Q14 🔴 Mandatory Follow-up - AI Features - Elaboration

This question appears only if you answered "Yes" to Q13

Main Question: Describe your AI feature and its benefits. Examples are:

AI Feature Examples: a. Generate output, identify items, or provide recommendations based on training models to improve decision-making b. Recognise text, images to shorten time taken for manual inputs of forms c. Others, please specify

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q15] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Q15 🔴 Mandatory - Business Data Extraction

Main Question: Can your solution enable SMEs to efficiently extract business data in various discrete formats such as CSV, XLSX, XML, and TSV?

🔴 Answer: ○ Yes [Next: Q16] ○ No [⚠️ Cannot Proceed]

Q16 🔴 Mandatory - Personal Data Protection

Main Question: Can your solution demonstrate compliance with the following Personal Data Protection requirements?

Compliance Requirements: Digital solutions that collect, use, disclose, process or dispose personal data should incorporate features that support the obligations under the Personal Data Protection Act (2020).

To comply with this requirement, you MUST complete the Personal Data Protection Requirements form at https://go.gov.sg/pdp.

🔴 Answer: ○ Yes [Next: Q17] ○ No [⚠️ Cannot Proceed]

Q17 🔴 Mandatory - Vulnerability Assessment/Penetration Testing (VA/PT)

Main Question: Has your solution undergone a comprehensive security vulnerability assessment/penetration testing (VA/PT) conducted by a qualified third-party within the last 12 months? The scope of the VA/PT must cover network security; application security; data protection measures and access control (if applicable); API security testing (if applicable); Cloud security configuration review (if applicable). Specifically, for web application security, the scope must cover minimally all OWASP Top 10 vulnerabilities.

Submission Requirements: Please submit the VA/PT report (dated maximum 1 year from the checklist submission date). The VA/PT Report must include Executive summary; Detailed findings and risk ratings; Remediation recommendations; Evidence of vulnerability fixes or mitigation plans; Testing methodology used; Scope of assessment; Assessor's qualifications and certifications.

Reseller Requirements: If you are the reseller of the solution, please obtain the VA/PT report from your product principal. SOC 2 Type II report can be accepted if the detailed technical vulnerability assessment results are part of the SOC2 Type II scope.

Qualified Third-Party Definition: [1] Qualified third-party refers to: CREST-certified companies [ https://www.crest-approved.org/members/] or companies with security professional with relevant CREST certifications; Security professionals with recognised certifications such as: Offensive Security Certified Professional (OSCP); EC-Council Certified Penetration Testing Professional (CPENT); GIAC Penetration Tester (GPEN); or other equivalent industry-recognised certifications.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Next: Q18] ○ No [⚠️ Cannot Proceed]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q18 🟡 Preferred - Cybersecurity Compliance - Cyber Essentials Mark (CEM)

Main Question: Are you the Product Principal of the solution that you are submitting for pre-approval?

🟡 Answer: ○ Yes [Next: Q19] ○ No [Next: Q21]

Q19 🟡 Preferred - CEM for Product Principal

Main Question: Has your organisation achieved CSA Cyber Essentials for ICT Vendor Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Compliance Timeline: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Additional Information: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q20] ○ No [Assessment Finished]

--

Q20 🔴 Mandatory Follow-up - CEM for Product Principal - Elaboration

This question appears only if you answered "Yes" to Q19

Main Question: Please specify the following information:

Required Information: i. The certificate demonstrating your organisation has attained Cyber Essentials for ICT Vendors ii. The cybersecurity certification the organisation has met iii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]

Q21 🟡 Preferred - CEM for Resellers

Main Question: Has your organisation achieved CSA Cyber Essentials Mark certification or equivalent recognised cybersecurity certifications (including but not limited to Cyber Trust Mark or ISO27001) that validate the implementation of appropriate security controls against common cyber threats in your organisation and the solution you are submitting for pre-approval?

Compliance Timeline: Vendors are encouraged to comply at application and are required to meet this requirement by the Annual Review, where it will be assessed as mandatory.

Additional Information: For more information on Cyber Essentials mark, please refer to https://www.csa.gov.sg/cyber-essentials/

🟡 Answer: ○ Yes [Next: Q22] ○ No [Assessment Finished]

--

Q22 🔴 Mandatory Follow-up - CEM for Resellers - Elaboration

This question appears only if you answered "Yes" to Q21

Main Question: Please specify the following information:

Required Information: i. The cybersecurity certification the organisation has met ii. The scope of the certification

Please also upload a copy of the Certification and indicate the Certification Issuance Date in the date field.

Click "Yes" to confirm you have completed the instructions.

🔴 Answer: ○ Yes [Assessment Finished] ○ No [⚠️ Cannot Proceed]

Text Elaboration Required: [Text Box for Description/Details]

Date of Issue Required: [Date Field]

Upload Supporting Document Required: [File Upload]