About

This comprehensive requirement serves as the official reference template for Bahrain Government entities developing or procuring new websites. It outlines mandatory functional, non-functional, compliance, and technical specifications aligned with the National Enterprise Architecture (NEA) standards, Bahrain Government Website Design System, WCAG 2.2 accessibility guidelines. Government entities should refer this to document project scopes, ensuring consistency, security, accessibility, and optimal user experience across for Developing new websites.

1. Introduction and Scope of Work:

This document outlines the necessary features and functionalities for the development of a new Government website that addresses the challenges identified with the current website.

The scope of work to include the following:

1.1 Development of a new website that addresses the challenges identified with the current website. The website should build and support both Arabic (RTL) and English (LTR) languages and interface orientations, including the migrated content.

1.2 Enhancement of user experience, improvement of security, and effective representation of Government brand.

1.3 Implementation of functional requirements related to content management, design and user experience, security, search engine optimization (SEO), integration, migration and technical documentation.

1.4 Adherence to non-functional requirements such as performance, reliability and availability, scalability, and compliance with standards and regulations.

1.5 Provision of detailed technical documentation and user documentation.

1.6 Conducting training sessions for website administrators.

1.7 Timeline estimation for website development, including milestones and dependencies.

1.8 Identification of required resources for the project.

1.9 Implementation of testing and quality assurance processes.

1.10 Maintenance and support plan, including bug fixes, security updates, and optional ongoing technical support.

1.11 Assumptions and constraints related to content and source code.

2. Functional Requirements:

2.1 Content Management:

2.1.1 User-Friendly Interface: The content management system (CMS) should be intuitive and easy to use, enabling authorized users to create, edit, and publish content without technical expertise.

2.1.2 Page Management: The CMS should allow administrators to create and manage web pages, including the ability to add, edit, and delete pages as needed.

2.1.3 Media Management: The CMS should provide a media library for storing and managing images, videos, and other media files used on the website.

2.1.4 Document Management: The CMS should support the upload, organization, and management of documents such as PDFs, brochures, and forms.

2.1.5 Types of Content Supported: Text, images, videos, interactive elements.

2.1.6 Multilingual Support: The CMS must support Arabic (RTL) and English with automatic language detection, right-to-left text rendering, and separate content management for each language variant.

2.1.7 Accessibility Compliance: The CMS must natively support WCAG 2.2 AA compliance including alt text requirements for media, keyboard navigation, screen reader compatibility, and automated accessibility checking tools.

2.1.8 Version Control & Workflow: The CMS must provide content versioning, draft/publishing workflows with approval stages, rollback capabilities, and change history tracking for all content modifications.

2.1.9 User Roles & Permissions: The CMS must support granular role-based access control allowing different user types (content editors, publishers, administrators) with appropriate permissions and audit trails.

2.1.10 Search & Discovery: The CMS must include built-in search functionality with advanced filters, faceted search, and search analytics to help users find content efficiently.

2.1.11 Mobile Responsiveness: The CMS must generate fully responsive content that adapts seamlessly across all device sizes and orientations following government design system guidelines.

2.1.12 SEO Optimization: The CMS must provide built-in SEO tools including customizable meta tags, XML sitemaps, clean URLs, and canonical tag management.

2.1.13 Performance Optimization: The CMS must include image optimization, lazy loading, caching mechanisms, and performance monitoring to ensure fast page load times.

2.1.14 Template Engine: The CMS shall support a template engine that allows implementing and maintaining the Bahrain Government Website Design System components and page templates, ensuring consistent application of typography, colors, spacing, layouts, and UI patterns across all pages and sites, in line with the official Government Website Design System and Website Standards.

2.2 Open source CMS:

Open-Source Components: Licensing and Security

Government entities implementing open-source content management systems (CMS) must ensure that all plugins, modules, themes, extensions, or third-party components comply with the following mandatory requirements:

• Approved Sources and Licensing: All components must be sourced exclusively from official repositories or trusted vendor directories and must carry verifiable open-source licenses compatible with government use.
• Component Inventory: Maintain a complete, up-to-date register of all third-party components including name, version, source URL, license type, purpose, and security status. This inventory must be provided to the Government entity upon request and with all major releases.
• Active Maintenance: Only use components that are actively maintained by their publishers, covered by official security advisory processes, and compatible with the current CMS core version.
• Security Patching: Apply security updates and patches for the CMS core and all components within agreed SLAs (critical vulnerabilities within 24-48 hours, high-risk within 7 days) following official security advisories or anything reported by NCSC.
• Security Hardening: Implement platform-appropriate security hardening including least-privilege access controls, restricted file permissions, disabled unnecessary administrative functions, and production environment protections.
• Vulnerability Monitoring: Continuously monitor security advisories for the CMS platform and all components, conduct regular security reviews, and maintain audit logs of all security updates and configuration changes. Any issue reported by NCSC team to be fixed as per SLA agreed.
• Pre-Launch Compliance: Before go-live deployment, perform comprehensive security scans, license compliance verification, and vulnerability assessments for all components.

1. Prohibited Practices:

• Components with unclear, missing, or incompatible licensing
• Unmaintained or abandoned components
• Components from unverified third-party sources
• Failure to document license terms or security update history

2.3 Design and User Experience:

2.3.1 Responsive Design: The website should be fully responsive, adapting to different devices and screen sizes to ensure optimal viewing and usability, including the mobile's web browser optimization.

2.3.2 Intuitive Navigation: The website's navigation structure should be logical, user-friendly, and consistent across all pages.

2.3.3 Search Functionality: The website should include an advanced search feature that allows users to find specific information quickly, which includes search filters for specific pages.

2.3.4 UI/UX Design: The website should align with the Bahrain Government branding guidelines and best practices for user experience.

2.3.5 Accessibility: The website should adhere to accessibility standards (e.g., WCAG 2.2) to ensure it is usable by individuals with disabilities.

2.3.6 Well-Organized Sitemap: The website's structure should facilitate easy navigation and help students, staff, and other visitors find the needed information.

2.3.7 Link Redirection: Website links should be meticulously indexed, with redirection in place to guide users to the corresponding content on the new website. Incorporates smooth link redirection that it redirects seamlessly, smoothly transitioning the user to the new page or external website. Additionally, rather than replacing the current tab, the link opens in a new tab, allowing users to easily navigate back to the original page without losing their place.

2.3.8 Integration Capabilities: APIs or connectors for integration with for authentication systems (e.g., ekey), and analytics platforms to enable seamless operations.

2.3.9 Website Template and components: The website shall be created based on the templates and components approved by the cabinet that ensures consistency and ease of use.

Reference: Government Website Design System

2.4 Security:

2.4.1 Data Encryption: User data and sensitive information transmitted through the website should be encrypted to protect against unauthorized access.

2.4.2 Secure Hosting: The website should be tested through the hosted on a secure server infrastructure with regular security updates and monitoring.

2.4.3 Protection against Malicious Attacks: The website should have measures in place to prevent and mitigate common web attacks (e.g., SQL injection, cross-site scripting).

2.4.4 SSL Encryption: Enable SSL to encrypt data transmission between users and government websites.

2.4.5 Compliance Standards: The website should be complied with relevant applicable standards for data protection.

2.5 Search Engine Optimization (SEO):

2.5.1 Metadata Management: The CMS should allow administrators to easily manage Metadata (e.g., page titles, descriptions, keywords) to optimize search engine visibility.

2.5.2 URL Structure: The website's URL structure should be searching engine friendly, utilizing clear and descriptive URLs.

2.5.3 XML Sitemap: The website should automatically generate an XML sitemap to help search engines crawl and index its pages effectively.

2.5.4 Page Speed Optimization: The website should be optimized for fast loading times to improve user experience and search engine rankings.

2.6 Integration:

2.6.1 Analytics Integration(optional): The website should support integration with popular analytics platforms (e.g., Google Analytics) to track and analyze user behavior, website performance, and other key metrics. Including representing the statistics and analytics visualization for the open data datasets on the Government website.

2.6.2 Social Media Integration: The website should include social media integration, allowing users to share content and engage with the respective entity social media accounts. Which shall enable the latest social feeds to be displayed on entity websites, the following widgets shall be integrated: X/Twitter, Instagram, LinkedIn. In addition, the vendor shall enable Share This feature to allow the website users to share the content on social accounts.

2.6.3 Third-Party Applications: The website should have the capability to integrate with external systems and applications if needed based on Government Entity requirements.

2.7 Migration and Technical Documentation:

2.7.1 Content Migration: The website should facilitate the migration of content from the current website, which is managed by CMS. The vendor should precisely include the content migration on the proposal either within the scope of work or as optional.

2.7.2 Technical Documentation: The development team should provide technical documentation if non-native functions are developed to present custom content. The documentation should include the function's location and functionality.

3. Non-Functional Requirements:

3.1 Performance:

3.1.1 Fast Page Load Times: The website should be optimized to deliver fast and responsive page loading across different devices and network conditions. Target page load time under 3 seconds.

3.1.2 Scalability: The website should be designed to handle increasing traffic and user load without significant performance degradation.

3.1.3 Caching: Implement caching mechanisms to reduce server load and improve page load times.

3.2 Reliability and Availability:

3.2.1 High Uptime: The website should have a reliable hosting infrastructure that ensures high availability and minimal downtime in terms of the development errors free.

3.2.2 Backup and Disaster Recovery: Regular backup procedures and a disaster recovery plan should be in place to safeguard website data and ensure quick recovery in the event of data loss.

3.3 Scalability:

3.3.1 Modular Architecture: The website should be built with a modular architecture that allows for easy scalability and future enhancements without disrupting the overall system.

3.3.2 Database Scalability: The website's database should be designed to handle large amounts of data and accommodate future growth.

3.4 Compliance:

3.4.1 National Enterprise Architecture (NEA) Standards:

1. Government website unification Templates The website shall be created based on the templates and components approved by the cabinet that ensures consistency and ease of use across Government websites.

   Reference: Government Website Design System

2. International standards The website should comply with the NEA, iGA, and UN criteria standards, including web accessibility, security, and coding practices. By adhering to these guidelines and best practices, the developer should propose to create a website that meets the requirements of the iGA Standard National Enterprise Architecture, ensures code quality, accessibility, and security, and provides optimal user experience. It is essential for the developer to research and understand the specific compliance and standards outlined by the UN Ranking Compliance & Standards to ensure the website aligns with the requirements and expectations set forth by the organization.

   Reference: Web Accessibility Standards

   Reference: Web Optimization Guidelines

3. HTML5 with mandatory W3C validation HTML5 Validator Validates HTML5 markup against W3C standards, catching syntax errors, deprecated elements, and structural issues. Run it on live site URL or uploaded file before go-live and obtain approval from Entity prior go-live.

4. CSS3 with mandatory W3C validation CSS3 Validator Checks CSS3 stylesheets for syntax errors, invalid properties, browser prefix issues, and W3C compliance. Validates by direct input, URL, or file upload.

5. Cross Browser compatibility validation Test across latest Chrome, Firefox, Safari, Edge, and mobile browsers (iOS Safari, Chrome Android) using these platforms, which align with Bahrain's Website Standards.

3.4.2 Privacy Regulations: The website should adhere to relevant data protection and privacy regulations, to ensure the privacy and security of user data.

3.5 Documentation and Training:

3.5.1 Technical Documentation: Detailed technical documentation should be provided, covering the website's architecture, APIs if any, configuration, and customization options.

3.5.2 User Documentation: User-friendly documentation should be handled to guide website administrators and content creators on using the CMS and managing website content effectively.

3.5.3 Training: Training sessions should be conducted to familiarize website administrators with the CMS, its features, and best practices for website management.

4. Project and Quality Management:

4.1 Timeline: Provide an estimated timeline for website development, including major milestones, deliverables, and key dependencies.

4.2 Resources: Identify the required resources for the project, including developers, designers, content creators, consultants, key personnel, and roles and share the profiles for review and approval from the Government entity.

4.3 Testing and Quality Assurance: Outline the testing and quality assurance processes to ensure the website's functionality, usability, security, accessibility and performance meet the defined requirements.

4.4 Maintenance and Support: Describe the pre-launch and post-launch maintenance and support plan, including bug fixes, security updates, and ongoing technical support plan as optional.