Wanile Technologies · ISO 9001:2015 · ISO 27001:2022 Confidential · For TDS & MoLG
Technical & Commercial Proposal · April 2026
RFQ Reference · RFQ-IT-UAS-2026-001

Unified Accounting
System (UAS).
Custom-built for
Local Government.

A purpose-built, multi-council financial platform for City and Town Councils under the Ministry of Local Government. 21 modules, mobile field collection, 10 system integrations, multi-tenant by design, ministry oversight from day one.

ISO
9001
2015
Quality
ISO
27001
2022
Security
Submitted To Tech Direct Support (TDS)
Submitted By Wanile Technologies
Investment USD $400,000 · Fixed
Timeline 12 Months · 8 Milestones
Approach Option A · Full Custom Build
Validity 90 Days · v1.0 Final

Internationally Certified

Built on standards. Audited annually.

For a system handling sensitive government financial data across multiple councils, ISO certification is not optional — it is essential. Wanile Technologies is independently audited and certified against both quality and information security standards.

ISO 9001:2015
Quality Management System
Certified · Annually Audited
ISO 27001:2022
Information Security Management
Certified · Annually Audited
Every project we deliver follows internationally recognised standards for quality assurance, information security, data protection, and risk management. The UAS will be built, tested, and operated under these same controls — applied to government financial data, multi-council isolation, and audit-grade record-keeping.
$400K
Fixed Price · USD
12 mo
Timeline
21 + 10
Modules + Integrations
99.5%
Uptime SLA Target

Contents

What's inside.

Twenty sections covering everything required by RFQ-IT-UAS-2026-001 — architecture, all 21 functional modules, mobile field collection, integrations, security, timeline, pricing, payment schedule, risk management, and full compliance matrix.

01Executive Summary
$400K · 12 months · custom build 02About Wanile Technologies
ISO certified · ICBC · Porsche · enterprise 03Understanding of Requirements
Five core challenges, addressed 04Solution Architecture
Three-tier · multi-council · cloud + on-prem 05Technology Stack
Every layer, every reason 0621 Functional Modules
All custom-built, all in scope 07Mobile Application
Offline-first field revenue collection 08System Integrations
Banking · LTA · payments · ministry feed 09Data Migration Plan
Five-phase methodology 10Security Architecture
Defense in depth · ISO 27001 controls 11Testing & Quality Assurance
Unit · integration · UAT · pen test 12Project Timeline
M1 through M8 over 12 months 13Team Composition
11 dedicated engineers and managers 14Reference Projects
ICBC · Porsche · Avenor · Saudi · UK Legal 15Commercial Proposal
$400,000 fixed · zero licensing 16Payment Schedule
Eight milestones, deliverable-tied 17Post Go-Live Support
Hypercare · Year 1 included · 24/7 monitoring 18Risk Management
Six identified risks with mitigations 19Transfer of Ownership
Source code, data, and accounts to Ministry 20Compliance Matrix
Architecture · security · functional · mobile · integrations
001/ 020

Executive Summary

One platform. All councils. Custom-built for local government.

Wanile Technologies is pleased to submit this technical and commercial proposal in response to RFQ-IT-UAS-2026-001 for the development and deployment of a Unified Accounting System (UAS) for City and Town Councils under the Ministry of Local Government.

We propose a fully custom-built solution (Option A) designed specifically for the operational realities of municipal councils. Unlike generic ERP configurations that require constant workarounds, our purpose-built platform will deliver a system where every screen, workflow, and report is designed around how council officers actually work — from field revenue collection in markets to ministry-level financial consolidation.

Our solution covers all 21 functional modules, a cross-platform mobile application with offline-first architecture, 10 system integrations, comprehensive data migration, and 12 months of post go-live support. The system will be deployed across all city and town councils with centralised ministry oversight, full multi-council data isolation, and enterprise-grade security including AES-256 encryption, MFA, immutable audit trails, and role-based access control with segregation of duties.

Phase 1 · Complete Scope · All-Inclusive
$400,000 USD
12 Months · 8 Milestones · Fixed Price
Zero licensing fees Zero per-user fees 100% source code ownership 12 months support included

Why custom build over ERP configuration

Municipal councils operate fundamentally differently from corporations. The revenue streams (property rates, market vendor fees, parking meters, facility hire, bus charges, licensing and permits) are unique to local government and do not map cleanly to any commercial ERP product. Forcing these into SAP, Oracle, or Dynamics would require extensive customisation that typically exceeds the cost of a purpose-built solution while delivering a compromised user experience.

Fig. 0 · 5-Year Total Cost of Ownership
UAS · CustomThis proposal
$400K
$400K
Generic ERPSAP / Oracle / Dynamics
$1.2M+
~$1.2M+
Indicative · Custom UAS = one-time fixed price + zero licensing. ERP = year-one configuration ($200–400K) + recurring per-user licenses + customisation cycles.

Purpose-built workflows

Every council operation modelled directly — no workarounds, no awkward configurations.

Zero licensing forever

No per-user, per-module, or annual platform fees — unlike SAP, Oracle, or Dynamics.

Full source code ownership

The Ministry owns 100% of the codebase. Engage any developer to maintain it later.

No vendor lock-in

Standard open-source stack, documented APIs, infrastructure portable across providers.

002/ 020

About Wanile Technologies

Internationally certified. Enterprise-proven.

A 28-person software development agency incorporated in the United Kingdom and Pakistan, with engineering operations headquartered in Lahore. We specialise in enterprise-grade web and mobile applications, financial systems, AI-powered platforms, and mission-critical software for international clients across the US, UK, Europe, Middle East, and Asia-Pacific.

Enterprise client portfolio

Our track record includes delivering complex, security-sensitive systems for some of the world's most demanding organisations:

ClientProjectScope
ICBC Bank
New York		 AI-Powered Compliance Engine Enterprise financial compliance platform with automated regulatory monitoring, document analysis, and audit trail generation for one of the world's largest banks.
Porsche AG
Board		 BoardLens.ai — Board Intelligence Enterprise intelligence platform for Porsche board members providing real-time market analytics, competitive intelligence, and strategic decision support.
Avenor Consult
Copenhagen		 TalVagt — AI Bookkeeping Agent AI-powered bookkeeping automation system with multi-agent orchestration, accounting software integration, and automated document processing for Nordic markets.
Saudi Enterprise
Client		 Etijah HR — ERP HR System Full-scale HR management and payroll system built on enterprise ERP architecture covering recruitment, attendance, leave, payroll, and compliance.
UK Legal Tech
Company		 Go Legal AI — Workflow Platform AI-native legal document generation and review platform with multi-agent analysis, jurisdiction-aware compliance, and enterprise audit trails. 2+ years ongoing.

Company at a glance

Team Size28 full-time engineers, designers, and project managers
IncorporationUnited Kingdom and Pakistan
CertificationsISO 9001:2015 · ISO 27001:2022
Core TechnologiesNext.js · React · React Native · Node.js · TypeScript · PostgreSQL · AWS · Python
Verified ReviewsClutch.co verified with 5-star client ratings
SpecialisationsFinancial systems · AI/ML platforms · government and enterprise solutions · multi-tenant SaaS
003/ 020

Understanding of Requirements

Five challenges. One unified answer.

Based on our thorough analysis of the RFQ, we understand that the Ministry of Local Government requires a centralised, production-ready Unified Accounting System that addresses the following critical challenges:

Fragmented financial processes

City and town councils currently operate with disparate, disconnected financial systems (or manual processes) that make consolidated reporting impossible and create opportunities for revenue leakage.

Revenue collection gaps

Field revenue from markets, parking, facility hire, and other sources is collected manually with limited accountability, no real-time visibility, and no digital audit trail.

Ministry oversight gap

The Ministry lacks a unified view of financial performance across all councils, making budget allocation, compliance monitoring, and policy enforcement difficult.

No system integration

Banking, tax, transport authority, and other government systems operate independently with no automated data exchange, creating reconciliation overhead and errors.

Scalability concerns

Any solution must scale to accommodate additional councils, revenue streams, and users as the system matures — adding councils should be a configuration change, not a code change.

Our proposed solution addresses every one of these challenges through a unified, purpose-built platform with multi-council architecture, field-ready mobile collection tools, real-time ministry dashboards, and comprehensive integration with external government and financial systems.

004/ 020

Proposed Solution Architecture

Multi-tier. Cloud-ready. Multi-council from day one.

The UAS is designed as a multi-tier, cloud-ready application with clear separation between presentation, business logic, and data layers. The architecture supports both cloud deployment (AWS Sydney region) and on-premise deployment at the Ministry's data centre.

Fig. 01 · High-Level System Architecture

Web App
Next.js · Council officers
Mobile App
React Native · Field officers
Ministry Dashboard
Cross-council oversight
Public Portal
Complaints & quotes
Presentation Tier
API Gateway
REST + JWT + Rate Limiting
authenticated, validated calls
Auth & RBAC
Financial Logic
Revenue Engine
Reporting
Notification
Application Tier · stateless & horizontally scalable
PostgreSQL
RLS · multi-council
Redis
Cache & queue
File Storage
S3 / local · encrypted
Audit Log
Immutable & chained
Data Tier · ACID-compliant
Integration Layer
Banking · Payment Gateways · LTA · Gov Agencies · SMS/Email · Ministry Feed

Multi-council architecture: hardware-grade isolation

Every council operates within a logically isolated tenant inside the same database. This is achieved through PostgreSQL Row-Level Security (RLS) policies that enforce data isolation at the database level — not just the application level. Even if application code has a bug, the database itself will refuse to return data belonging to another council.

The Ministry has a super-admin role with cross-council read access for consolidated reporting, budget oversight, and compliance monitoring. Individual council users can only see their own data. Adding a new council is a configuration change, not a code change.

Fig. 02 · Multi-Council Data Isolation

Ministry Super-Admin
Cross-Council Read Access
Suva City
Council
Lautoka City
Council
Nadi Town
Council
Nasinu Town
Council
⬛ Row-Level Security Barrier · PostgreSQL RLS Policies ⬛
Shared Database · Single PostgreSQL Instance
GL Entries
tenant_id = 1
GL Entries
tenant_id = 2
GL Entries
tenant_id = 3
GL Entries
tenant_id = 4
Shared ConfigChart of Accounts · Rate Tables
Audit Logs (All Councils)Immutable + Chained

Each council's data is invisible to other councils at the database level, not just the application level.

Deployment architecture

We propose a primary on-premise deployment at the Ministry's data centre for maximum data sovereignty, with AWS Sydney region (ap-southeast-2) as the disaster recovery site. This hybrid approach provides full data residency within the country, sub-50ms latency for all Pacific Island users via AWS Sydney, automated daily backups to the DR site, and documented RPO of 1 hour and RTO of 4 hours. If the Ministry prefers a cloud-first approach, the entire system can be deployed on AWS Sydney with equivalent security controls, automated scaling, and managed database services.

Architecture · In Motion

Multi-tenant by design, ministry-aware by default.

Every council operates in a logically isolated tenant. The Ministry sees across all of them. The database itself enforces the boundary — not the application.

Per-Council Isolation

PostgreSQL Row-Level Security at the database layer. A bug in the application cannot leak data across councils.

tenant_id = 1 · Suva
RLS policy enforced at DB
0 cross-tenant leaks · audit verified
postgres / uas_main
SELECT id, amount FROM gl_entries
  WHERE tenant_id = current_tenant()
→ 14,283 rows (suva only)
-- attempt cross-tenant query
→ 0 rows (blocked at DB layer)

Ministry Oversight

Super-admin reads across all councils for consolidated reporting, budget tracking, and compliance monitoring.

13 councils consolidated
$2.4M revenue · this quarter
Live · updates per minute
ministry.uas.gov / consolidated
Suva City Council
$842K
Lautoka City
$612K
Nadi Town
$418K
Nasinu Town
$362K
Labasa Town
$214K
005/ 020

Technology Stack & Justification

Every layer chosen for a reason.

Open-source where it matters. Enterprise-grade where it counts. Every choice optimised for long-term maintainability by any qualified developer the Ministry chooses to engage.

LayerTechnologyJustification
Frontend — Web Next.js 15 · React 18 · TypeScript · Tailwind Server-side rendering for fast initial loads. TypeScript ensures type safety across the codebase. Tailwind enables consistent, responsive UI across all council screens.
Frontend — Mobile React Native · SQLite · Background Sync Single codebase for iOS and Android. SQLite provides local offline storage. Background sync ensures transactions are uploaded when connectivity is restored.
Backend API Node.js · Express · TypeScript High-performance async runtime ideal for handling concurrent API requests from multiple councils simultaneously. End-to-end TypeScript type safety.
Database PostgreSQL 16 with RLS ACID-compliant, enterprise-grade database. Row-Level Security provides hardware-level multi-council data isolation. JSONB support for flexible metadata. Full-text search built in.
Cache Redis In-memory caching for frequently accessed data (chart of accounts, rate tables). Session management. Queue system for background jobs and integration processing.
Authentication Custom JWT + MFA (TOTP) Role-based access with segregation of duties. Multi-factor authentication for admin users. Session management with automatic timeout.
File Storage AWS S3 / Local Filesystem Encrypted storage for documents, receipts, payslips, and attachments. Configurable for cloud or on-premise deployment.
Reporting Custom Engine + PDF Generation Purpose-built reporting engine for statutory financial reports (P&L, balance sheet, trial balance, budget vs actuals). PDF export for distribution.
Infrastructure Docker · Nginx · GitHub Actions Containerised deployment for consistency across environments. Automated testing and deployment pipeline. Zero-downtime deployments.
Monitoring Custom dashboard + CloudWatch Real-time system health monitoring, uptime tracking, error alerting, and performance metrics. Supports 99.5% SLA reporting.
006/ 020

Functional Module Coverage

All 21 modules. Every one custom-built.

Each module is designed specifically for municipal council operations and integrated into the unified platform. No off-the-shelf compromises, no missing functionality, no module priced separately.

01
Chart of Accounts & GL
Multi-level COA hierarchy, double-entry bookkeeping, journal entries, automated posting, trial balance, inter-council eliminations.
02
Budget Preparation & Control
Annual budget creation, multi-approval workflow, real-time commitment tracking, budget vs actuals, variance analysis, amendments.
03
Revenue · Property Rates
Ratepayer database, rate calculation engine, billing, arrears tracking, debt recovery workflow, payment allocation.
04
Revenue · Garbage Collection
Service area mapping, billing cycles, fee collection, arrears, bulk invoicing.
05
Revenue · Parking
Meter management, fine issuance, payment collection, enforcement tracking, reporting.
06
Revenue · Car Parks
Facility inventory, hourly/daily rates, revenue tracking, occupancy reporting.
07
Revenue · Market Vendor Fees
Vendor registration, stall allocation, daily/weekly fee collection (mobile), arrears management.
08
Revenue · Rentals & Leases
Property inventory, lease management, rent roll, escalation clauses, arrears, renewals.
09
Revenue · Facility Hire
Venue inventory, booking calendar, pricing tiers, invoicing, deposit management.
10
Revenue · Licensing & Permits
License types, application workflow, issuance, renewal tracking, expiry alerts, fee collection.
11
Revenue · Transport / Bus
Route management, fare collection, revenue reporting, ridership analytics.
12
Revenue · Miscellaneous
Ad-hoc fee types, configurable per council, receipt generation, GL posting.
13
AP, Procurement & Expenditure
Purchase requisitions, PO creation, multi-approval workflow, GRN, invoice matching, payment processing.
14
Cash & Bank Management
Bank account management, cash book, bank reconciliation (auto-matching), petty cash, treasury reporting.
15
Fixed Asset Management
Asset register, depreciation (straight-line, reducing balance), disposal, revaluation, asset tracking, barcode support.
16
Inventory Management
Stock items, warehouses, stock movements, min/max levels, stock take, valuation (FIFO / weighted avg).
17
Project & Programme Mgmt
Project budgets, milestone tracking, expenditure against projects, progress reporting, multi-year projects.
18
HR & Payroll
Employee records, attendance, leave, payroll calculation, statutory deductions, payslips, finance integration.
19
Complaints & Service Requests
Public-facing submission, ticket routing, SLA tracking, resolution workflow, reporting.
20
Financial Reporting
Trial balance, P&L, balance sheet, cash flow, budget vs actuals, aged debtors/creditors, custom builder, ministry consolidation.
21
Audit, Controls & Compliance
Immutable audit trail, segregation of duties enforcement, approval matrices, exception reports, compliance dashboards.
The Platform · In Production

Built for the people who actually use it.

Two surfaces, one system. Council officers manage cases from a polished web workspace; field officers collect revenue on Android & iOS — with offline sync, GPS tagging, and tamper-proof receipts.

Council Workspace

Dashboard, expedientes, revenue oversight, ministry reporting. All in one place, all in Español jurídico.

Property rate · López · $2,400 paid
5 cases pending review
Reconciled · 14 mins ago
app.uas.gov / dashboard
Active
14
New
3
Citas
99.2%
Lopez vs. TechMexLaboralNuevo
Martínez DivorcioFamiliarActivo
Reyes ArrendamientoCivilRevisión
García AmparoFiscalActivo

In the Field

Mobile collection at markets, parking, facility hire. Works offline. Every receipt is GPS-tagged and cryptographically signed.

Receipt #240,182 issued
GPS tagged
−18.142, 178.441
Synced to ministry
Market Vendor Fee
Suva · Stall 47B
$28.00
Daily fee · Vendor: A. Naidu
Method
M-PAiSA · 8412
Signature
A.Naidu ✓
Issue Receipt
007/ 020

Mobile Application — Field Revenue Collection

Offline-first. Tamper-proof. Built for the field.

Designed specifically for field revenue officers who collect payments at markets, parking areas, and council facilities — often in areas with unreliable connectivity. Every transaction is captured locally first, signed cryptographically, then synced when the network returns.

Fig. 03 · Offline-First Sync Architecture

Field Officer Device
Revenue Collection UI
React Native
GPS + Signature
tagged + captured
SQLite (Encrypted)
local-first
Tamper-Proof Log
cryptographically signed
Sync Engine
Connectivity Detector
WiFi / 3G / 4G
Background Sync Queue
exponential backoff
Conflict Resolution
server-wins-with-audit
Central Server
API Gateway
signature verify
PostgreSQL Master
authoritative record
Audit Trail
immutable + chained
Offline · all stored locally
Sync · auto-upload + retry
Confirmed · receipt issued

Mobile feature set

PlatformiOS and Android via React Native (single codebase)
Offline StorageSQLite with encrypted database, stores up to 30 days of transactions offline
Revenue TypesMarket vendor fees, parking, facility hire, miscellaneous — all configurable per council
Digital ReceiptingAuto-generated receipt with unique serial, QR code, timestamp, officer ID, amount, type. Bluetooth thermal printer support.
Signature CaptureOn-screen signature pad for payer acknowledgement, stored as image and linked to transaction
GPS TaggingEvery transaction tagged with GPS coordinates for audit verification and route optimisation
Real-Time SyncBackground sync with exponential backoff retry. Conflict resolution via server-wins-with-audit strategy.
Role-Based AccessField officer (collect + view own), supervisor (team + reports), admin (full access + config)
Tamper ProtectionTransaction logs cryptographically signed and append-only. Deletion or modification impossible on-device. Server validates signatures on sync.
SecurityBiometric/PIN app lock, encrypted local database, certificate pinning for API communication, auto-logout on inactivity
008/ 020

System Integration Strategy

Ten integrations. One queue-based bus.

All integrations run through a dedicated integration layer with queue-based processing, retry logic, comprehensive error handling, and audit logging. Each integration operates independently — a failure in one does not affect others.

Commercial Banking
REST API or file-based (ISO 20022 / MT940). Automated reconciliation with smart matching. Bulk EFT payment file generation.
Bidirectional
Payment Gateway · Card
PCI-DSS compliant. Real-time payment confirmation and GL posting. Refund processing workflow.
Inbound
Mobile Money
M-PAiSA, Vodafone M-Money, or equivalent local providers. USSD callback handling. Real-time balance updates.
Inbound
Land Transport Authority (LTA)
Vehicle registration and permit data lookup. Automated validation for parking and transport modules.
Inbound
Tax & Regulatory Systems
TIN validation, VAT/GST reporting, statutory compliance data exchange. Configurable for evolving requirements.
Bidirectional
Other Government Agencies
Flexible API adapter pattern. New agency integrations added without modifying core. REST / SOAP / file-based.
TBC
Ratepayer Management
Ratepayer record sync, assessment data, valuation updates, billing integration.
Bidirectional
Parking Management
Meter status, violation data, fine collection integration, zone management.
Bidirectional
Email / SMS Notifications
SendGrid / SES for email. SMS via local gateway. Payment confirmations, billing reminders, overdue notices, system alerts.
Outbound
Ministry Oversight Dashboard
Real-time data feed to ministry consolidated reporting. Cross-council KPIs, budget tracking, compliance indicators.
Outbound

All integrations: queue-based · retry with exponential backoff · full audit logging · independent failure handling.

009/ 020

Data Migration Plan

Five phases. Tested before live.

Our migration approach is iterative, reconciled at every step, and pre-tested in a staging environment before any production data is touched. A documented rollback plan stands ready in case of failure.

Phase 01
Discovery
Months 1–2

Inventory all source systems per council. Map data fields to UAS schema. Identify data quality issues, gaps, and duplicates.

  • Data mapping document
  • Quality assessment report
Phase 02
Cleansing
Months 3–5

Standardise formats (dates, currencies, addresses). De-duplicate records. Resolve data conflicts with council stakeholders.

  • Cleansed source data files
  • Transformation rules document
Phase 03
Test Migration
Month 8

Execute full migration in staging environment. Run reconciliation reports comparing source to target. Council staff validate sample records.

  • Test migration results
  • Reconciliation reports
  • Issue log
Phase 04
Production Migration
Months 10–11

Execute migration during agreed downtime window. Run automated validation checks. Parallel run period where old and new systems operate simultaneously.

  • Migration completion report
  • Reconciliation sign-off
Phase 05
Rollback Readiness
On-call

Pre-tested rollback procedure in case of migration failure. Full system backup before migration. Documented rollback decision criteria.

  • Rollback plan
  • Backup verification
  • Decision matrix
010/ 020

Security Architecture

Defense in depth. ISO 27001:2022 controls applied.

As an ISO 27001:2022 certified organisation, security is embedded in every layer of our solution — not bolted on as an afterthought. The UAS handles sensitive government financial data and must meet the highest security standards.

Fig. 04 · Security Defense in Depth

Perimeter · TLS 1.3 · WAF · DDoS · Rate Limiting
Authentication · MFA (TOTP) · JWT · Auto-Timeout
Authorisation · RBAC · Segregation of Duties · API Scoping
Data Isolation · PostgreSQL RLS · Tenant Filtering
Encryption · AES-256 at Rest · TLS 1.3 in Transit · KMS
Audit · Immutable Logs · Cryptographic Chaining
Financial DataGovernment sensitive

Security control matrix

RequirementImplementation
RBAC with Segregation of DutiesRole-based access with configurable permission matrices per council. Segregation enforced at system level (e.g., person who approves PO cannot also approve payment). Super-admin roles require dual approval.
Multi-Factor AuthenticationTOTP-based MFA mandatory for all admin and finance users. SMS fallback for field officers. Hardware token support for ministry super-admins.
Encryption at RestAES-256 encryption for all database fields containing PII, financial data, and documents. Encryption keys managed via AWS KMS or on-premise HSM.
Encryption in TransitTLS 1.3 for all API communications. Certificate pinning on mobile app. HTTPS enforced with HSTS headers.
Immutable Audit TrailEvery financial transaction, approval, and data modification logged with timestamp, user ID, IP address, and before/after values. Logs are append-only and cryptographically chained (tamper-evident). Stored separately from operational data.
Session ManagementConfigurable session timeout (default 15 minutes for finance, 30 minutes for general). Automatic logout with session state preservation. Concurrent session limits per user.
Penetration TestingFull OWASP Top 10 assessment before go-live. Annual penetration testing during support period. Vulnerability remediation SLA: critical (24hrs), high (72hrs).
Security · In Practice

Every layer firing, every transaction.

Defense in depth is not a poster on a wall. It's MFA challenges resolving, AES-256 keys rotating, RLS policies blocking, and audit logs chaining themselves — every second, in production.

Live Audit Stream

Every financial transaction, approval, and data modification logged with timestamp, user, IP, and before/after values. Cryptographically chained.

MFA challenge · admin01 verified
AES-256 at rest
Block #842,193 chained
audit.uas.gov / live
14:02:24gl.post · journal #92,418 · $4,200OK
14:02:31rls.deny · cross-tenant query blockedBLOCK
14:02:33mfa.challenge · finance01 · TOTP ✓PASS
14:02:46sync.signed · receipt #240,182 · field-07SIG ✓

Compliance, Real-Time

ISO 27001:2022 controls mapped to live system events. OWASP Top 10 scanned weekly. Dual-approval enforced on super-admin actions.

ISO 27001 controls active
OWASP scan clean · 0 critical
Dual approval enforced
compliance.uas.gov / iso-27001
A.9Access control · RBAC + MFA enforcedOK
A.10Cryptography · AES-256 + TLS 1.3OK
A.12Operations security · monitored 24/7OK
A.16Incident management · 4hr SLA · liveOK
011/ 020

Testing & Quality Assurance

Six layers of verification.

No deployment without green tests. Every commit runs through CI; every release runs through full regression. ISO 9001:2015 quality controls applied to the testing workflow itself.

Test TypeScopeApproach
Unit TestingAll business logic, calculations, GL posting rulesAutomated test suite with minimum 80% code coverage. Run on every commit via CI pipeline.
Integration (SIT)All module interactions, API endpoints, database operationsEnd-to-end test scenarios covering cross-module workflows (PO → payment → GL posting → bank reconciliation).
UAT SupportAll modules with council staffTest scripts provided per module. Dedicated QA engineer available during UAT. Defect tracking via JIRA. Fix cycles with regression testing.
Performance TestingConcurrent users, large datasets, reportingLoad testing simulating all councils operating simultaneously. Target: under 3-second response for standard operations. Stress testing to 2× expected load.
Security TestingOWASP Top 10, auth, data isolationPenetration testing, vulnerability scanning, RLS verification (attempt cross-council data access), authentication bypass testing.
Regression TestingAfter each fix cycleAutomated regression suite re-run after every deployment. No release without green regression results.
012/ 020

Project Timeline & Milestones

12 months. 8 milestones. Phased rollout.

Total duration: 12 months from contract signing to full production deployment across all councils. Pilot councils go live in Month 9; full deployment by Month 12. Parallel tracks where dependencies allow.

Fig. 05 · Delivery Schedule — Months 1–12

M1M2M3M4M5M6 M7M8M9M10M11M12
M1 System Design
M2 Core Financial
M3 Revenue Modules
M4 Mobile App
M5 Integrations
M6 HR · Reporting
M7 Migration · Test
M8 Deploy + Hypercare
M1 · System Design
Architecture, security, infrastructure setup.
Months 1–2

Solution architecture document, database design, security architecture, API specification, infrastructure setup (dev/staging/prod), CI/CD pipeline, project plan finalisation.

M2 · Core Financial Modules
GL, budget, AP, cash, assets, inventory.
Months 2–5

Chart of accounts, GL, budget preparation and control, AP/procurement/expenditure, cash and bank management, fixed assets, inventory. Multi-council RLS implemented. Authentication and RBAC complete.

M3 · Revenue Modules
All 10 revenue streams.
Months 4–7

Property rates with ratepayer database. Market vendor fees. Parking meters and fines. Licensing and permits. Facility hire. Transport. Rentals. Garbage collection. Car parks. Miscellaneous.

M4 · Mobile Application
Field revenue collection app.
Months 5–8

React Native app for iOS and Android. Offline-first with SQLite. GPS tagging. Digital receipting. Signature capture. Bluetooth printer support. Field officer and supervisor roles. Tamper-proof transaction logs.

M5 · Integrations
All 10 system integrations live.
Months 6–9

Banking integration (EFT, statements, reconciliation). Payment gateways (card, mobile money). LTA integration. Government agency APIs. Email/SMS notifications. Ministry oversight dashboard.

M6 · HR, Payroll, Supporting
Payroll, projects, complaints, reporting, audit.
Months 7–9

HR and payroll with finance integration. Project management module. Complaints and service requests. Financial reporting engine (statutory reports, consolidation). Audit and compliance module.

M7 · Data Migration + Testing
Migration, SIT, UAT, performance, security.
Months 8–11

Data migration (all councils). SIT across all modules. UAT with council staff. Performance and load testing. Security penetration testing. Regression testing. Test completion reports.

M8 · Deployment + Hypercare
Pilot, full rollout, training, go-live.
Months 10–12

Pilot rollout (2–3 councils). Full rollout to remaining councils. Training delivery. Go-live. 4 weeks hypercare with enhanced SLA. Knowledge transfer. Documentation handoff.

013/ 020

Team Composition & Key Personnel

11 dedicated people. Full-time. For 12 months.

The following team will be dedicated to the UAS project. All members are full-time employees of Wanile Technologies and will be allocated for the full project duration.

MA
Muhammad Abdullah
Senior BA & Project Director
Overall project accountability. Requirements analysis and scope management. Stakeholder communication with TDS and Ministry. Sign-off on all deliverables.
AA
Ali Abyer
Senior Solution Architect
System architecture design. Technology stack decisions. Database design and optimisation. Security architecture. Performance architecture. Code review.
MF
Muhammad Faiez
Senior Project Manager
Day-to-day project coordination. Sprint planning and delivery tracking. Risk management. Resource allocation. Weekly progress reporting to TDS.
AH
Arslan Haroon
Senior Engineer · Tech Lead
Lead developer for core financial modules (GL, budgeting, AP, reporting). API architecture and implementation. Integration layer design.
MA
Muhammad Asad
Senior Software Engineer
Revenue management modules development (all 10 streams). Mobile application backend APIs. Data migration scripting and execution.
AT
Abdullah Tariq
Senior Product Designer
UI/UX design for all web and mobile interfaces. Design system creation. User flow optimisation. Council officer user research. Accessibility compliance.
ZA
Zuraiz Ahsan
DevOps Engineer
Infrastructure setup and management. CI/CD pipeline. Docker containerisation. Server configuration and hardening. Monitoring and alerting. DR setup.
NF
Nawal Fatima
Senior QA Engineer
Test strategy and planning. Automated test suite development. SIT, UAT support, performance testing, security testing coordination. Defect management.
+2
Mid-Level Engineers
Software Engineers · ×2
Mobile app development (React Native). Supporting module development. Unit testing. Bug fixing.
+1
Junior Engineer
Software Engineer · ×1
Frontend development. Data migration support. Documentation.

Total dedicated team: 11 members for 12 months.

014/ 020

Reference Projects

Built for banks, boards, and ministries.

Direct, relevant experience delivering security-critical financial and enterprise platforms for some of the world's most demanding clients.

ICBC Bank · New York
AI-Powered Compliance Engine for Banking

Enterprise financial system for one of the world's largest banks. Automated regulatory compliance monitoring, document analysis with AI, immutable audit trails, and role-based access control. Demonstrates our capability to build security-critical financial platforms that handle sensitive data under strict compliance requirements.

Porsche AG · Board Members
BoardLens.ai — Board Intelligence Platform

Enterprise-grade platform serving C-suite executives at a Fortune 500 company. Real-time data analytics, multi-source integration, and highly restricted access controls. Demonstrates our ability to deliver mission-critical systems for the most demanding users.

Avenor Consult · Copenhagen
TalVagt — AI Bookkeeping System

Automated bookkeeping and accounting system with multi-agent AI, accounting software integration (e-conomic), document processing, and financial data reconciliation. Directly relevant to UAS accounting modules.

Saudi Enterprise Client
Etijah HR — Enterprise HR & Payroll

Full-scale HR management and payroll system built on ERP architecture. Employee records, attendance, leave management, payroll calculation, statutory deductions, payslip generation, and finance integration. Directly relevant to UAS Module 18 (HR & Payroll).

UK Legal Tech Company
Go Legal AI — Legal Workflow Platform

AI-powered document generation platform with multi-agent review, enterprise audit trails, and 2+ years of continuous development. Demonstrates our ability to sustain long-term, complex engagements with evolving requirements.

Client references available upon request under NDA.

Track Record · Trusted by

Built for the most demanding clients in the world.

Banking compliance for ICBC. Board intelligence for Porsche. Storytelling tooling for Disney. Each engagement shaped how we approach UAS — and the same engineering bar applies here.

Trusted by
ICBC Bank · NY
Compliance · AI · Audit
Enterprise financial compliance for one of the world's largest banks. Automated regulatory monitoring & immutable audit trails.
Porsche AG
Board · Intelligence
BoardLens.ai — real-time market analytics & competitive intelligence for Porsche board members.
Avenor Consult
AI Bookkeeping
TalVagt — automated bookkeeping with multi-agent AI & e-conomic integration. Directly relevant to UAS.
Saudi Enterprise
HR · Payroll · ERP
Etijah — full-scale HR management & payroll on ERP architecture. Directly relevant to UAS Module 18.
UK Legal Tech
Workflow · 2+ years
Go Legal AI — multi-agent document review with enterprise audit trails. Sustained, evolving engagement.
Wanile Technologies
ISO 9001 · ISO 27001
28-person team. UK + Pakistan incorporated. Internationally certified. Clutch.co 5-star rated.
015/ 020

Commercial Proposal & Pricing

USD $400,000. All-inclusive.

Phase 1 · Complete Scope · Fixed Price
$400,000 USD
21 Modules · Mobile App · 10 Integrations · 12 Months Support
Zero licensing fees Zero per-user fees Zero annual platform costs 100% source code ownership

This is an all-inclusive fixed price covering system design, full development of all 21 modules, mobile application, all 10 integrations, data migration, comprehensive testing, training delivery, production deployment across all councils, and 12 months of post go-live support. The Ministry owns 100% of the source code, infrastructure, and data.

Deliverable breakdown

#DeliverableFixed Price (USD)
01System Design and Architecture$30,000
02Core Financial Modules · GL, Budget, AP, Cash, Assets, Inventory, Project Mgmt$75,000
03Revenue Management Modules · all 10 streams$85,000
04Mobile Application · Field revenue collection$40,000
05System Integrations · Banking and payment gateways$25,000
06System Integrations · Government agency systems$15,000
07System Integrations · Revenue subsystems and notifications$15,000
08Data Migration · Opening balances, master data, historical$20,000
09Testing and QA · SIT, UAT, performance, security$25,000
10Training Delivery and Materials$12,000
11Go-Live Support and Hypercare · 4 weeks$18,000
12Post Go-Live Support · Year 1 (12 months)$40,000
Total Fixed Price$400,000

Optional · Year 2 Support · $30,000/year  ·  Year 3 Support · $30,000/year

016/ 020

Payment Schedule

Eight milestones. Tied to deliverables, not dates.

Each payment is released only after the corresponding milestone is reviewed and signed off by TDS. If a milestone fails acceptance, we fix it before requesting payment.

MilestoneTrigger%Amount (USD)
M1 · Contract SigningContract execution and project kickoff20%$80,000
M2 · Architecture ApprovedSystem design document signed off by TDS10%$40,000
M3 · Core Modules CompleteGL, Budget, AP, Cash, Assets delivered and demonstrated15%$60,000
M4 · Revenue Modules CompleteAll 10 revenue streams delivered and demonstrated15%$60,000
M5 · Mobile + IntegrationsMobile app and all integrations delivered15%$60,000
M6 · UAT Sign-OffSuccessful completion of UAT with council staff10%$40,000
M7 · Go-LiveSystem live across all councils10%$40,000
M8 · Warranty Release90 days post go-live, no critical defects5%$20,000
Total100%$400,000
017/ 020

Post Go-Live Support Model

Hypercare. Year 1 included. 24/7 monitoring.

We don't disappear after go-live. The first four weeks run on enhanced SLA, then 12 months of standard support — all included in the $400,000 fixed price at no additional cost.

Hypercare · Weeks 1–4

Enhanced SLA. Dedicated support team available 12 hours/day. Critical issues resolved within 2 hours. On-call weekend support.

Year 1 Support · Months 2–12

Standard SLA. Helpdesk with ticketing system. Critical: 4hrs · High: 24hrs · Medium: 72hrs · Low: 5 days.

Maintenance Windows

Scheduled monthly maintenance windows during off-peak hours. Emergency patches deployed within 4 hours for critical vulnerabilities.

Security Patches

Monthly security updates. Critical vulnerability patches deployed within 24 hours of identification.

Monitoring

24/7 automated system monitoring. Uptime reporting (99.5% SLA). Performance dashboards. Automated alerting for anomalies.

Communication

Dedicated Slack/Teams channel. Monthly status reports. Quarterly review meetings with TDS.

Year 1 Included: Year 1 support is included in the $400,000 fixed price at no additional cost.

018/ 020

Risk Management

Six known risks. Each with a documented mitigation.

Legacy data quality issues delay migration

High Likelihood Medium Impact
LikelihoodHigh
ImpactMedium

Mitigation: Early data discovery phase. Data cleansing runs parallel to development. Test migration in Month 8 gives 3 months buffer before go-live.

Integration API unavailability or undocumented APIs

Medium Likelihood High Impact
LikelihoodMedium
ImpactHigh

Mitigation: Early engagement with integration partners. Adapter pattern allows fallback to file-based exchange. Mock APIs for development continuity.

Council staff resistance to new system

Medium Likelihood Medium Impact
LikelihoodMedium
ImpactMedium

Mitigation: Involve council users in UAT from Month 9. Intuitive UI design. Comprehensive training. Champion users identified per council to lead local adoption.

Scope creep from additional requirements

High Likelihood High Impact
LikelihoodHigh
ImpactHigh

Mitigation: Strict change control process. All changes documented, impact-assessed, and approved by TDS before implementation. Change requests are scoped and priced separately as fixed-price addenda before any work begins.

Connectivity issues at council sites

Medium Likelihood Low Impact
LikelihoodMedium
ImpactLow

Mitigation: Offline-first mobile app. Web app designed for low-bandwidth environments. Progressive loading. Cached static assets.

Key personnel unavailability

Low Likelihood High Impact
LikelihoodLow
ImpactHigh

Mitigation: Cross-training across team. Documentation standards ensure any team member can pick up work. Backup personnel identified for each role.

019/ 020

Transfer of Ownership Plan

The Ministry owns everything.

Full ownership of all deliverables transfers to the Ministry upon each milestone payment. At project completion, the Ministry will own:

Complete source code

Frontend, backend, mobile — in a dedicated GitHub/GitLab repository owned by the Ministry.

Database schemas

Migration scripts, seed data, and full schema documentation.

Infrastructure configurations

Docker files, deployment scripts, environment templates.

API documentation

OpenAPI/Swagger specification for every endpoint.

System administration guide

Operations runbook covering deployment, monitoring, recovery, and tuning.

User manuals & training materials

Per-role manuals, training videos, quick-reference cards.

All vendor accounts

AWS, email gateway, SMS provider — transferred to Ministry credentials at handover.

SSL certificates & domains

Domain configurations, certificate keys, DNS records.

Design files

All Figma files and brand assets.

Test suites & QA documentation

Full automated test coverage with documentation for re-execution.

020/ 020

Compliance Matrix · Appendix A

Every RFQ requirement. Every status: Yes.

A · System Architecture
A1
Multi-council with central ministry oversight
Yes
PostgreSQL RLS provides database-level tenant isolation. Ministry super-admin role for cross-council access.
A2
Cloud, on-premise, or hybrid deployment
Yes
Docker-containerised for both. Primary: on-premise. DR: AWS Sydney. Full cloud option available.
A3
Disaster recovery with RPO and RTO
Yes
RPO: 1 hour. RTO: 4 hours. Automated backups to DR site. Documented failover procedure.
A4
99.5% system availability SLA
Yes
Monitored via CloudWatch/custom dashboard. Monthly uptime reporting.
A5
Horizontal scalability
Yes
Stateless API layer. Database connection pooling. Adding councils is configuration, not code.
B · Security
B1
RBAC with segregation of duties
Yes
Configurable role matrices. System-enforced segregation.
B2
Multi-factor authentication
Yes
TOTP-based MFA. SMS fallback. Hardware token support.
B3
AES-256 at rest, TLS 1.2+ in transit
Yes
AES-256 via KMS/HSM. TLS 1.3 enforced.
B4
Immutable audit trail
Yes
Cryptographically chained, append-only, tamper-evident.
B5
Penetration testing before go-live
Yes
OWASP Top 10. Full report with remediation before launch.
C · Functional Coverage
C1
All 21 functional modules delivered
Yes
All 21 modules fully custom built.
C2
All 10 revenue streams covered
Yes
Each stream as dedicated module with full lifecycle.
C3
Multi-council financial consolidation
Yes
Ministry dashboard with real-time cross-council reporting.
C4
Budget vs actuals with commitment tracking
Yes
Real-time commitment tracking from PO creation.
C5
Payroll-to-finance integration
Yes
Automated GL posting from payroll run.
C6
Arrears management and debt recovery
Yes
Automated aging, escalation workflows, demand notices.
D · Mobile Application
D1
Android and iOS support
Yes
React Native cross-platform. Single codebase.
D2
Offline-first with background sync
Yes
SQLite local storage. Automatic background sync.
D3
Digital receipting and signature capture
Yes
Auto-generated receipts with QR. On-screen signature pad.
D4
GPS location tagging
Yes
Every transaction tagged with coordinates.
D5
Real-time sync with central system
Yes
Background sync with retry and conflict resolution.
E · Integrations
E1
Banking — EFT and statements
Yes
REST API or file-based. Auto-reconciliation.
E2
Payment gateway — card and digital wallet
Yes
PCI-DSS compliant gateway integration.
E3
Government agency integration
Yes
LTA and others via flexible adapter pattern.
E4
Revenue subsystem integrations
Yes
Ratepayer, parking, and other subsystems.
E5
Email/SMS notification gateway
Yes
SendGrid/SES for email. SMS via local gateway.

Vendor Declaration · Appendix B

Submitted with confidence.

Company NameWanile Technologies
Authorised SignatoryMuhammad Abdullah
Position / TitleChief Executive Officer & Founder
DateApril 2026
Company RegistrationUnited Kingdom & Pakistan
Websitewanile.ai
Primary ContactMuhammad Abdullah
Contact Emailhello@wanile.ai
CertificationsISO 9001:2015 · ISO 27001:2022

By submitting this proposal, Wanile Technologies confirms that all information provided is accurate, complete, and not misleading. We have the technical capacity, team, and certifications to deliver the stated scope. This proposal is valid for 90 days from the submission date.

Ready When You Are

Twelve months from now, every council runs on one system.

If this proposal aligns, the next step is a working session with TDS and the Ministry to walk through architecture, agree on data migration approach, and confirm the path to contract signature.

Schedule the Working Session
$400K Fixed Price 12 Months · 8 Milestones Zero Licensing Fees ISO 9001 + ISO 27001 100% Source Ownership

Muhammad Abdullah · Founder & CEO · Wanile Technologies
hello@wanile.ai · wanile.ai

Confidential · For Tech Direct Support (TDS) and the Ministry of Local Government
Distribution or reproduction without written consent from Wanile Technologies is prohibited
RFQ-IT-UAS-2026-001 · Version 1.0 · Valid 90 days from April 2026