Statement of work - Moldova

• Project description

• Terms of reference

• High level goals & requirements

• Project scope

• Employer authorization and authentication

• Worker registriation

Project description

The overarching objective of this project is to adjust openIMIS to manage the voucher program within the Republic of Moldova. The primary aim is to reduce unreported employment by implementing a voucher system. In this project's context, a "voucher" represents a form of compensation for labor carried out by agricultural workers.

Terms of reference

The goal is to have a digital voucher system that is web-based and integrated with relevant government system and payment facilities.

Employers will be the prime user of the system and the system should ease their workload as much as possible through the usage of existing systems and information, alas the link to e.g., MPass . Day labourers and labour inspectors should be able to access some of the information from the system in close to real-time. This will be dealt with below.

The employer can either assign a specific voucher to a specific day labourer on a specific day or purchase generic vouchers valid for one month. This former will be done by entering the day labourer's national ID into the system and assigning a voucher for that specific day. This can be pre-filled in advance (e.g., by simple file-merger of workers ID numbers and the relevant dates) or entered directly into the system but must be done at the beginning of the working day (or a pre-defined time of day) to reduce the instances of fraud. The voucher numbers will be systems generated and unique. Employers can retroactively assign vouchers to individuals that they have failed to assign in the first place. However, they cannot retroactively revoke vouchers assigned to an individual.

To minimize the administrative burden on employers to comply with the demands under the law it has been the working hypothesis that after the employer had logged into the system (using MPass) only two pieces of information was needed for the system to operate: The workers identification number, and the date. Everything else should be built in functionalities in the system (including link with MPay).

The funds from the employers’ purchase of vouchers will be placed in an escrow account and transferred to the social insurance budget and the state budget in the day labourer’s account when a voucher is assigned to the individual.

The day labourer must be able to see that a voucher has been assigned to them for that day and labour inspectors will be able to check in the field whether a worker present have been awarded a voucher for that specific day by their employer.

High level goals & requirements

• Web application with user friendly interactive interface. System design and modules are going to be compatible with those, currently existing in openIMIS system and extended by modules which will handle the demanded Voucher scheme

• Appropriate databases to keep the data of Employers, Workers and Vouchers.

• Integration with MPass to handle employers authorization and authentication

• QR codes system (generated for Workers and Labour Inspectors)

• Integration with eGOV system to send the labour assignment to the Worker

• Voucher generating, purchasing and assignment including the integration with MPay

• Funds transfer process (which is going to be handled externally with proper MPay integration) - managing the process on the escrow account is not the part of the project scope

Project scope

• openIMIS setup for Moldova

• Data structure for Voucher Business Flow

• Authorization and authentication

  • Employer Authorization using MPass

  • Data integration

  • Worker registration

• QR Code

  • QR Code generation

  • Mobile App development

  • Secure login from QR Code

  • Introduction the possibility to read/scan QR Code

  • MNotify Adaptor for the notifications

• Voucher

  • Voucher generation request

  • Online payments for voucher via MPay

  • Payment via bank transfer (Maximum One-Week Deadline) 

  • MPay integration for Escrow Account

  • Voucher generation after successful payment

  • Voucher assignment

  • Voucher send into MCabinet system

Employer authorization and authentication

Use cases

• Employer regisitration - using MPass integration

• Employers are required to select on behalf of which specific economic unit they intend to carry out their activities within the system. (on openIMIS side)

• Employer shouldn’t have any other option to log into the system than MPass (no username/password)

• Employer data in openIMIS has to be verified with MPass data every time, they log into the system

• Roles between openIMIS and MPass are consistent

• Unsucessful login via MPass (Can it be handled only on the MPass side?)

• Mandatory Employer data in OpenIMIS

  • Tax number

  • Name

  • Location

User stories

• As an Employer I want to register in openIMIS using my MPass account

• As an Employer with multiple assignments to different economic units on MPass, I want the capability to select which economic unit I represent when performing actions within the system. This will enable me to accurately conduct activities on behalf of the specific economic unit I am assigned to.

• As an system administratior, I want my data in openIMIS to be verified with MPass data every time I log into the system for enhanced security and accuracy.

• As an employer, I want roles and permissions between openIMIS and MPass to be consistent to ensure seamless access to the system

• As a User attempting to log in via MPass, I want to be redirected to openIMIS with clear information, In the event of an unsuccessful login attempt through MPass

• As an system administrator, I want certain mandatory data fields to be collected during Employer registration in openIMIS, including Tax number, Name, and Location

Funcional requirements

• Exclusive MPass Authentication

  • Employers should only have the option to log into the system using MPass authentication, and no alternative username/password authentication method should be available.

• Real-time Data Verification

  • Employer data in openIMIS must be verified with MPass data in real-time every time they log into the system.

• Consistent Roles and Permissions

  • Roles and permissions between openIMIS and MPass must be consistent to ensure seamless access to the system.

• Handling Unsuccessful Login via MPass

  • In the event of an unsuccessful login attempt via MPass, the system should provide clear information to the user. Handling of unsuccessful login attempts can be coordinated with MPass if necessary.

• Mandatory Employer Data Collection

  • During Employer registration in openIMIS, certain mandatory data fields, including Tax number, Name, and Location, must be collected.

• Employer Registration via MPass

  • Employers must have the capability to register in openIMIS using their MPass account.

• Employer Selection of Economic Unit

  • Employers must be able to select the specific economic unit they intend to represent within the system during registration and subsequent actions.

Worker registriation

Use cases

• Employer creates Worker account

• Worker mandatory fields

  • National ID

  • Name

  • Last name

• No option to create an account if National ID is already assign to another account - validation

• QR code is generated once new Worker is created

• Integration with MConnect to validate the National ID

• Name and Last name should be filled automatically after National ID is filled

User stories

• As a Employer I want to be able to create an account for a Worker, to properly assign the voucher later on

• As an Employer I can’t have the possibility to create a Worker account once his National ID number was already used to create another account in the system

• As an employer, I want the system to validate the uniqueness of the National ID before allowing the creation of a Worker account.

• As a system administrator I want the QR code to be generated for each Worker, once his/her account is created. The QR code will be used later on for Worker verification

• As an employer, I want the Worker's "Name" and "Last name" fields to be automatically filled after entering the National ID

Funcional requirement

• Worker Account Creation

• Prevent Duplicate National ID

• National ID Validation

• QR Code Generation

• Integration with MConnect for National ID Validation

• Automatic Population of Name and Last Name

Non-funcional requirement

• Performance testing

  • Performance measurement using Lighthouse when funcionality is developed

  • Providing lighthouse reports at the final state of the project

  • Comparison of performance measures at the end of the project to identify potential regression in performance matter

  • Example of lighthouse measurement https://developer.chrome.com/docs/lighthouse/performance/first-contentful-paint/

• Security testing

  • Security testing should be performed according to this document https://docs.google.com/document/d/1tmZ5dxltWsB7npMHmNTS_jaV7dJqfWVJDFbWFLFC2a8/edit?usp=sharing

  • Installation and configuration of SonarQube ?

• Reliability and scalability

  • Installation and configuration tool for monitoring users errors (i.e. sentry) ?

  • Scalability partially tested during Lighthouse reports review to identify potential weak spots

  • Reliability - up to 1-3% downtime

    • Implementing a monitoring tool for downtime alerts

    • Implementing tool for uptime reports (i.e. cloudwatch)

QR Code/Mobile App

The primary objective of this feature is to enable Inspectors to use the mobile app to scan a QR code, facilitating the identification of Workers and the verification of whether they have an assigned voucher for the given day.

QR code generation will be integrated into the Worker creation process. When a new Worker account is established, an automated QR code generation system will create the code and dispatch it to the Worker through SMS or email. This functionality is already available in OpenIMIS. https://openimis.atlassian.net/wiki/spaces/KB/pages/3052241077 . QR code is used for Insuree Number (CHFID) and are send by email and SMS

QR Code generation

Use cases

• QR code is generated once new Worker is created (Shall be done within Worker creation process)

• QR code is sent to Worker via SMS/e-mail

User stories

• As a system administrator I want the QR code to be generated for each Worker, once his/her account is created. The QR code will be used later on for Worker verification

• As a Worker, I expect to receive my unique QR code through either SMS or email as soon as my account is created. This will help me quickly access the OpenIMIS Mobile App and facilitate efficient verification processes.

Mobile App development - we’re dropping this part since we will be utilizing the existing OpenIMIS Mobile App

Introduction the possibility to read/scan QR Code

Use cases

• Ability to read/scan QR Code with existing OpenIMIS Mobile App - verify if any adjustment needed

• QR Code adjustment (accessable data once QR code is scanned)

  • Worker details (Name, Surname, National ID)

  • Voucher information

    • to be clarified with Moldova Team

User stories

• As an Inspector I want the ability to scan QR codes with the app to quickly and efficiently verify the identity of Workers and check if they have a voucher assigned for the current day.

• As an Inspector I want the QR code scanning functionality to be adjusted so that, upon scanning a Worker's QR code, I can easily access and view essential Worker details, including their Name, Surname, and National ID.

MNotify Adaptor for the notifications - this is going to be part of voucher related epic

Vouchers

• Voucher generation request

• Online payments for voucher via MPay

• Payment via bank transfer (Maximum One-Week Deadline) 

• MPay integration for Escrow Account

• Voucher generation after successful payment

• Voucher assignment

At the very begining we need to create a module in which Vouchers are going to be handled. As discussed, we will create a new entity to handle that scheme.

New module shall contain the following submodules:

• List of all vouchers with search criteria (available only for Inspector role)

• Voucher acquirement

Voucher acquirement page:

What is shall include?

• place to search for the Worker to whom the voucher shall be acquired

• calendar view to chose to voucher assignment date (to include the limitation for the purchase date - ithe voucher can be purchased only before the day of assignment OR in the very begining of that day - is that feasible?)

What shall voucher have?

• purchase date

• assignment date

• uniqe id

• Employer purchased data

• Worker data