Interactive Team Briefing
▶1) Project Overview & Goals
Client: SAFRA • Project: Smart Membership & Club Management System (SMCMS) • Users: ~450,000 • Clubs: 7
Delivery Model
SaaS on Azure (SG)
Partnership
Ascentis (Membership) + Skubbs (Club)
Security Class
Restricted (High)
- Replace legacy stack with modern, cloud-native platform.
- Elevate member UX; digitize ops; measurable efficiency gains (≥10%).
- Integrate with Dynamics (Finance), mobile app, POS, carpark systems via APIs.
▶2) Scope & Solution Split (Ascentis × Skubbs)
Ascentis — Membership/CRM
- Member profiles, tiers, points, renewals, campaigns.
- Family grouping & bundles; consent & audit trails.
- Dashboards, reporting, engagement APIs.
Skubbs — Club & Facility
- Facilities, villas, courses/events, scheduling, conflicts.
- Quota/time-based pricing, bundles, staff approvals.
- Self-service booking (web/app), payments, access control.
Integration Layer (Skubbs)
- API gateway & data hub: Ascentis ↔ Dynamics/AX ↔ Mobile/POS/Carpark.
- SFTP jobs, webhooks, eventing, data mapping.
▶3) Hosting & Architecture Azure SG Multi-tier HA + Auto-scale
- Single-tenant SaaS in Azure (Singapore). Data residency: SG-only.
- 3-tier design: Presentation / API & Services / Data.
- Security perimeter: WAF, FW, NSGs, private endpoints, VPN.
- Monitoring: metrics + logs to SIEM; dashboards for uptime & SLA.
- Envs: UAT (cost-optimized) & PROD (HA). DR with tested RTO/RPO.
▶4) Security & DevSecOps (Annex II–IV) SAST/DAST/SCA VAPT SIEM
Security Controls
- Encryption: AES‑256 at rest; TLS 1.3 in transit.
- RBAC + MFA; least privilege; full audit logging.
- Incident mgmt: detect → respond → recover; reports ≤24h.
DevSecOps
- CI/CD with automated build, test, deploy; shift‑left testing.
- SAST, DAST, dependency & container scans; secrets mgmt.
- Independent VAPT pre‑go‑live + annually.
▶5) Documentation, QA & Acceptance
Documentation (Ch.5)
- Project plan, process study, FSD/TSD, RTM.
- API (Swagger), config mgmt, review records.
- Test plans (SIT/UAT/Perf/Sec), release notes, manuals.
Testing & Acceptance (Ch.6)
- Stages: SIT → UAT → Perf → Sec → Go‑Live.
- Automated regression; evidence for acceptance.
- Definition of Done = passed UAT + SLAs + security gates.
▶6) Training, Maintenance & Support "Learning without training" 4h Sev‑1
Training (Ch.8)
- Embedded guidance (tooltips, walkthroughs) ≥80% satisfaction.
- 2 on‑site + 2 webinar sessions; recordings & manuals.
Maintenance & Support (Ch.9–10)
- Proactive monitoring; monthly health & SLA reports.
- Sev‑1 response ≤1h, workaround/fix engagement ≤4h.
- RCA & CAPA; patching within policy windows.
▶7) Third‑Party & Governance (Ch.12)
- SAFRA approval for all subcontractors; NDA, PDPA Addendum, IT Compliance.
- Production data handling: request, masking, logs, destruction proof.
- Monthly PSC reporting; audits at any time; transition‑out exit audit.
▶8) Scope Coverage Checklist (Proposal Readiness)
8.1 Membership & CRM (Ascentis)
8.2 Club & Facility Management (Skubbs)
8.3 Integration Layer
8.4 Data Migration & Quality
8.5 Reporting & Analytics
8.6 UX: Web & Mobile
8.7 Hosting & Architecture
8.8 Security & Compliance
8.9 DevSecOps & Quality
8.10 Documentation (Ch.5)
8.11 Testing & Acceptance (Ch.6)
8.12 Training (Ch.8)
8.13 Maintenance & Support (Ch.9–10)
8.14 Third‑Party & Governance (Ch.12)
8.15 Commercials & Proposal Packaging
▶8) Interactive Compliance & Delivery Checklists
Compliance Readiness
Delivery Readiness
▶9) Workstream Assignments & Owners
Workstream / Task
Owner
Due
Status
▶10) Timeline & Milestones (Draft)
| Milestone | Target Date | Notes |
|---|---|---|
| Clarification responses + Solution architecture sign‑off | Dependencies: Ascentis API scope | |
| FSD/TSD v1 complete | Aligned with RTM | |
| UAT environment ready | Parity to PROD (scaled) | |
| End‑to‑end SIT passed | Automated regression | |
| Security testing & VAPT passed | All highs/mediums remediated | |
| UAT completed & accepted | Evidence pack prepared |