Request for information (RFI) - Electronic Monitoring System/Electronic tagging device You are hereby invited to submit your answers to the Swedish Police Authority s questions regarding Electronic Monitoring System, please see page 3 (three). The publication of this RFI can be found on https://polisen.se/aktuellt/aktuellaupphandlingar/ or on http://ted.europa.eu. Purpose The purpose of this RFI is for the Swedish Police Authority to obtain information about the industry s experience, knowledge and comments for possible future procurement of Electronic Monitoring System. Responses to this RFI give the Swedish Police Authority the possibility to determine whether the market has the capability to meet the Authority s need. This also gives market players an opportunity to raise questions and opinions they consider to be important for a good result in a possible future procurement. An RFI is not a request for an application / tender and does not bind the Swedish Police Authority to conduct a public procurement, but is a way to gather information about possible solutions and future cooperation opportunities. Responses to this RFI are voluntary responding is not a prerequisite for participating in a possible future procurement. No financial compensation is paid for participation in this RFI. Administrative conditions Answers to this RFI are to be sent to: it-upphandling@polisen.se. The answers submitted must be in writing, in Swedish or English, and sent to the above e-mail address by 16 th of October 2017. Questions regarding this RFI Questions regarding this RFI should be sent to: it-upphandling@polisen.se before 6 th of October 2017. Headline your e-mail with the following information: 1
The questions, after being anonymized, will thereafter be published together with answers on the Swedish Police Authority s buyer profile: https://polisen.se/aktuellt/aktuella-upphandlingar/ Confidentiality Public authorities activities are governed by the principle of public access. In order for a task in a public act to be kept secret, this must be supported by the Public Access to Information and Secrecy Act (SFS 2009:400). An RFI is a request that is sent out before a public procurement begins and is therefore not a subject to absolute privacy. Certain received information provided by your company may be covered by commercial confidentiality even within this matter. For commercial confidentiality for the protection of information provided by your company, it is necessary that it relates to business or operating conditions and that it may be assumed that your company may suffer damage if the information is disclosed. If you consider that the information provided in the RFI answer is covered by commercial confidentiality as described above, you shall in writing request commercial confidentiality, specifying which information is intended and how your company may suffer damage if the information is disclosed. The Swedish Police Authority will then conduct an independent review of whether commercial confidentiality may be considered to exist. Finally, the confidentiality may be reviewed by a Swedish court. However, the fact that an information supplier has requested confidentiality is not a guarantee that the task in question is considered to be covered by confidentiality. Is confidentiality requested for any part of the RFI? (tick) Yes No If the answer is yes, specify which parts or refer to an attachment where the confidentiality request is stated. Specify here: 2
Results of an RFI When the Authority has received answers to the questions asked and possibly other information or comments, the results will be complied and analyzed. The result can be anything from the Authority adding or changing requirements in a possible future procurement or realize that another product or service should be procured instead. The result could also make the Authority decide that no purchase will be made at all. Electronic Monitoring System The electronic Monitoring System will be used for monitoring of offenders in domestic violence cases. In accordance with the legislation in Sweden, offenders have to comply with electronic monitoring. The prosecutor will decide one or more static geographical exclusion zones. These exclusion zones shall be monitored around the clock by the system and the system shall decide if the offender with the dedicated monitoring equipment has entered the exclusion zone. The offender shall be provided with the dedicated monitoring equipment and the system shall have functionality for detecting attempts to tamper with the equipment. The monitoring system will also be used to support the local police authorities in decisions to take action when the offender does not comply with the monitoring. All preparations for a case and monitoring of defined technical alarms will be handled in a national monitoring central. Please answer if your product/system comply with the following? 1. The system must be able to handle polygon exclusion zones that can be defined using a digital map. A complimentary method can also be using geographical coordinates to define the exclusion zones. 2. It must be possible to register a case identification number, one or several predefined exclusion zones, time period and two telephone numbers dedicated for sending alarm messages (SMS). 3. It must be possible to register changes concerning the case identification number, exclusion zones, time period and dedicated telephone numbers. 3
4. It must be possible to define an interval (minutes/seconds) for the location update through SMS. 5. It must be possible to define the maximum time period (minutes/seconds), when the system continues to send updated data through SMS. 6. It must be possible to produce reports with information from the database. 7. It must be possible to export general case information from the database in XMLformat. Export of general case information must generate a log object in the system. 8. It should be possible to export exclusion zones in XML-format with coordinates in GWS84-format. 9. It should be possible to import exclusion zones and time period in XML-format with coordinates in GWS84-format. 10. It must be possible to permanently erase and over-write location data according to a defined time interval. 11. The system user interface language should be in Swedish. 4
12. Locations for the offender must be logged (registered and stored) only when an exclusion zone offence occurs or an obstruction of the electronic monitoring is imminent. All other location information must not be registered or stored in the system or any equipment parts. A latest updated GPS-position shall be available for handling of events where the alarm message is not sent to the Police management system. This position data must continuously be erased. 13. System must be compliant with either Microsoft Windows or LIMBO. 14. IP-communication must be compliant with IPv4. 15. IP-communication should be compliant with IPv6. 16. The system must support authentication and authorization of users using: Access Manager Windows integrated authentication, Active Directory (Kerberos) 17. It must be possible to define user access to different authorization levels. 18. There must be full redundancy within the system to secure the functionality of the system. 19. It must be possible to monitor the system by SNMP (Simple Network Management Protocol) to secure full availability. The method for monitoring must be documented. 20. The System should be able to generate periodic test transactions to the Swedish Police Management system according to the specified SMS format. This test transaction will be used as a heartbeat signal from the supplier system to the Swedish Police management system. 5
21. The system should have the possibility to mark data and information with a value representing the level of protection. The mark (tag) shall follow the object if exported, printed or other. The national Police Board today applies four degrees: Open, Limited Protection Value, High Protection Value and very High Protection Value. 22. It must be possible to set a time limit for user access. 23. The system must be able to present information on which user group is used The system must be able to present information about user identities in the different user groups. The system must be able to present what access the users in the different user groups have. A user identity must be possible to derive in the system. 24. All information subject to an erase operation must also be over-written. 25. All data and information stored in equipment parts must be possible to delete and erase before handling or destruction of equipment. 26. All data and information stored in equipment parts must be protected against unauthorized access. 27. Encryption algorithms using AES-128, AES-192 or AES-256 for data communication must be used. 28. The application must generate a log with application status and related error codes for the system monitoring purpose. Error codes must be documented and contain relevant error messages 6
29. There must be no remote connections or use of third party services to meet the requirements for communication by SMS. 30. The national Police Board use agents to collect the log entries from the different systems and applications to analyse the log entries. The monitoring system must create the log entries. 31. The system must have a security log logging the users operations in the system. All user operations, also for previous user, must be stored and available for analysis. 32. The security log must be written to a file or a database (Log data will be read by a central log function using agents reading from file or database). 33. The monitoring equipment must have functionality for GPS-based location service (GPS-Function) and functionality for communication with SMS in the cellular network (GSM-Function) as well as functionality for direct detection by using the detection equipment. 34. The GPS-function must always be active and updated location data must be available to be sent with an alarm message. 35. The GSM-function must send messages in standard OVLS format. The format is described in detail in OVLS-Swedish Standard SS 3652, edition 1, chapter 6 Emergency Module The standard document is available through SIS, Swedish Standards Institute on www.sis.se 36. OVLS-messages must contain location data according to WGS84. 7
37. When an exclusion zone has been offended and the alarm sequence has been initiated the GSM-function must send an SMS, according to a defined time interval to two receiving dedicated telephone numbers with the latest updated location, date and time. 38. The monitoring equipment must have functions to detect attempts to obstruct the electronic monitoring by manipulating or tampering the equipment. Functions may be for example, but is not limited to: Detection of electric circuits being manipulated in equipment Detection of monitoring equipment being turned off Detection of critical battery status and an immediate shutdown 39. The national Police Board must be able to define which of the available functions (events) of detecting manipulation or tampering that shall be sent as alarm messages to the Police management. 40. It must be possible to stop the ongoing alarm sequence before the maximum time interval has been reached. When stopped, the GSM-function must send an SMS with the latest updated GPS-location, date and time, to two receiving dedicated telephone numbers. 41. When the maximum time interval has been reached the GSM-function must send an SMS with the latest updated GPS-location, date and time, to two receiving dedicated telephone numbers. 42. The monitoring equipment must have a status indicator showing the battery status enabling the offender to uphold the electronic monitoring. 43. Monitoring equipment should besides GPS, also support additional functionality for determining the offenders location, such as LBS. 8
44. Detection equipment for protected part should be available. 45. Alarm messages must be sent in SIA-format with pre-defined values. 46. When the detection equipment identifies the monitoring equipment the detection equipment must send an SMS to two receiving dedicated telephone numbers in a predefined format. 47. When the detection equipment loses contact with the monitoring equipment, the detection equipment must send an SMS to two receiving dedicated telephone numbers in a pre-defined format. 48. The detection equipment must have a test function to be used during installation in the exclusion zone. When triggered the detection equipment must send an SMS to two receiving dedicated telephone numbers in a pre-defined format. 49. The equipment must have status indicators, showing that it is active and battery level. 50. It must be possible to adjust the sensitivity of the detection equipment during installation to adapt the range of the detection equipment to the exclusion zone. 51. The equipment must allow SIM-cards from all Swedish operators. 52. Text messages used in equipment should be in Swedish. 53. All parts and products must fulfil all requirements for use in Sweden. Parts and products must be approved for valid EU-directives for that type of equipment and thereby be CE-labelled. 9
54. At least one charger for 230V AC (Swe Wall socket) and at least one complete charger for 12-24V DC (vehicle socket) for the equipment part. 55. Equipment secured to the body must meet the SS-EN 60529 requirements for test against penetrating objects and liquid. 56. Equipment must meet the requirements in SS-EN 60068-2-31 Ec, Drop and rollover. 57. The equipment must meet the requirements according to: SS-EN 60068-2-2 method B, Heat. SS-EN 60068-2-1 method A, Cold. 10