Terms and Conditions for the Design and Development of the New Database

1. The ERP system must include predictive capabilities in key academic and administrative areas to forecast future scenarios based on existing and historical data. This capability will support more accurate and effective decision-making within the administration and university, as ordinary reports and raw data alone are no longer sufficient in modern systems.
2. The ERP system must be capable of generating documents such as transcripts, fee receipts, attendance records, and financial reports in Dari, Pashto, and English. Translating only the user interface (UI) is not sufficient.
3. The ERP system must utilize a unified database architecture (a single PostgreSQL schema) to ensure seamless integration and sharing of academic, financial, human resources, library, transportation, procurement, and inventory data without maintaining isolated datasets or requiring separate API requests for each interaction.
4. The ERP system must provide real-time dashboards based on a WebSocket Gateway architecture so that changes such as grade submissions by instructors or approval completions are updated automatically and instantly without requiring manual page refreshes or full page reloads.
5. The ERP system must support undo functionality for critical operations such as attendance and grade corrections. This shall be implemented through a Soft Delete mechanism to ensure that all modifications are securely recorded and available for auditing purposes when required.
6. The ERP system must maintain a complete financial audit trail, including details of every action performed, user identity, timestamp, and all data before and after each modification in a structured and secure manner.
7. The ERP system must provide banking-level security standards. Passwords must be protected using Bcrypt hashing with 12 rounds, sensitive data must be encrypted using AES-256-CBC encryption, and rate limiting mechanisms must be implemented in critical system areas. For example, only five login attempts per minute should be allowed to prevent misuse and unauthorized access.
8. The vendor shall fully migrate all existing ERP system data to the new system.
9. Full payment for the ERP project shall only be made after the database and the entire system have been completely tested, approved, and formally accepted by the university.
10. The vendor must deliver the full ERP source code to the university.
11. Confidentiality and Data Protection:
12. Under this agreement, both parties shall strictly maintain the confidentiality of all non-public information, including student records, financial information, examination records, system architecture, and business processes. This obligation shall remain effective for at least seven (7) years after the termination of the contract.
13. All employees and subcontractors of the vendor who have access to university information must sign individual confidentiality agreements in accordance with the applicable laws of Afghanistan and must also pass a university-approved background verification process.
14. Any actual or suspected data breach must be reported to the university in writing within 24 hours of detection, along with a preliminary impact assessment and a mitigation or containment plan.
15. Implementation and Deployment:
16. The system shall be implemented in multiple phases together with data migration activities.
17. The Go-live announcement shall only occur after all critical issues and technical deficiencies have been fully resolved and the system has been officially approved for operational use.
18. Training and Documentation:
19. Training must be provided to university staff and system users in Dari, Pashto, and English. Training materials must also be available in printed or offline formats.
20. Capacity Building:
21. The vendor shall transfer the necessary system-related skills to university staff and assist in enhancing their practical capabilities.
22. Delivery and Acceptance Criteria:
23. Each deliverable shall only be accepted upon successful completion of UAT testing and in the absence of any major issues. Furthermore, the university shall have 30 days to either accept or reject the deliverables.
24. Testing and Quality Assurance:
25. The vendor shall prepare a comprehensive Test Plan covering Unit Testing, Integration Testing, System Testing, Performance Testing, Security Testing, and User Acceptance Testing (UAT).