Skip to main content

Overview

The /arckit.sow command generates a comprehensive Statement of Work (SoW) document that serves as an RFP (Request for Proposal) for vendor procurement.

Command Usage

/arckit.sow <project ID or title>

Examples

# Generate SoW for existing project
/arckit.sow 001

# Generate SoW by project name
/arckit.sow Generate SoW for payment gateway modernization

# Create SoW for new project
/arckit.sow Cloud migration project

Prerequisites

Before running /arckit.sow:

Mandatory

  1. Requirements Document (ARC-{PROJECT_ID}-REQ-v1.0.md)
    • Contains BR/FR/NFR/INT/DR requirements
    • Source of truth for SoW scope
    • Run /arckit.requirements first if missing
  2. Architecture Principles (ARC-000-PRIN-v1.0.md in projects/000-global/)
    • Technology standards and constraints
    • Compliance requirements
    • Vendor alignment criteria
    • Run /arckit.principles first if missing
  • Technology Research (ARC-{PROJECT_ID}-RSCH-v1.0.md)
    • Vendor landscape and options
    • TCO estimates
    • Technology decisions
  • Stakeholder Analysis (ARC-{PROJECT_ID}-STKE-v1.0.md)
    • Business drivers
    • Success criteria
    • Evaluation priorities

Optional

  • Risk Register (ARC-{PROJECT_ID}-RISK-v1.0.md)
    • Risks requiring vendor mitigation
    • Risk allocation strategy

Interactive Configuration

The command prompts for procurement preferences:

Question 1: Contract Type

“What contract type should the SoW specify?”

Question 2: Evaluation Weighting

“How should vendor proposals be evaluated?”
WeightingUse CaseRisk Profile
60% Technical / 40% Cost (Recommended)Standard projectsBalanced quality and cost
70% Technical / 30% CostComplex/high-risk projectsQuality-first
50% Technical / 50% CostCommodity procurementsCost-sensitive
80% Technical / 20% CostInnovation/R&D projectsInnovation-focused

Generated SoW Structure

The SoW document (ARC-{PROJECT_ID}-SOW-v1.0.md) includes:

1. Executive Summary

  • Project overview and objectives
  • Expected business outcomes
  • Key success criteria

2. Scope of Work

In Scope:
  • Explicit list of deliverables
  • Functional areas covered
  • Systems/integrations included
Out of Scope:
  • Explicit exclusions
  • Future phases
  • Client responsibilities
Assumptions and Constraints:
  • Technical assumptions
  • Environmental constraints
  • Dependencies

3. Requirements

Imported from ARC-{PROJECT_ID}-REQ-v1.0.md with priorities: 
#### Business Requirements
- **BR-001** (MUST): [requirement text]
  - Acceptance Criteria: [criteria]
- **BR-002** (SHOULD): [requirement text]
  - Acceptance Criteria: [criteria]

#### Functional Requirements
- **FR-001** (MUST): [requirement text]
  - Acceptance Criteria: [criteria]

#### Non-Functional Requirements
- **NFR-S-001** (MUST): Security - [requirement]
- **NFR-P-001** (MUST): Performance - [requirement]
- **NFR-C-001** (MUST): Compliance - [requirement]

#### Integration Requirements
- **INT-001** (MUST): [upstream/downstream system integration]

#### Data Requirements
- **DR-001** (MUST): [data entities, attributes, constraints]
Priority Levels:
  • MUST - Mandatory (missing = disqualification)
  • SHOULD - Highly desirable (affects scoring)
  • MAY - Nice to have (bonus points)

4. Deliverables

Architecture & Design:
  • High-Level Design (HLD) document with diagrams
  • Detailed Design (DLD) document
  • Data model and schemas
  • API contracts (OpenAPI specification)
  • Security design documentation
Implementation:
  • Source code (following architecture principles)
  • Configuration and deployment scripts
  • Database migration scripts
  • Infrastructure as Code (IaC)
Testing & Quality:
  • Test plans and test cases (linked to requirements)
  • Test results and coverage reports
  • Performance test results (NFR-P-xxx validation)
  • Security test results (NFR-S-xxx validation)
  • Compliance evidence (NFR-C-xxx validation)
Documentation:
  • User documentation and guides
  • Administrator documentation
  • Deployment runbooks
  • Training materials
  • Handover documentation
Support & Warranty:
  • Warranty period (typically 90 days)
  • Support arrangements and SLAs
  • Knowledge transfer plan
  • Defect management process

5. Timeline and Milestones

Suggested project phases with review gates: 
Phase 1: HLD (4 weeks)
├── Week 1-3: Design and documentation
└── Week 4: HLD Review Gate (/arckit.hld-review)

Phase 2: DLD (4 weeks)
├── Week 1-3: Detailed design
└── Week 4: DLD Review Gate (/arckit.dld-review)

Phase 3: Implementation (8 weeks)
├── Sprint 1-4: Core features
├── Sprint 5-6: Integration
└── Sprint 7-8: Testing

Phase 4: Testing & UAT (2 weeks)
├── Week 1: System testing
└── Week 2: UAT and fixes

Phase 5: Deployment (1 week)
└── Go-live with runbooks

6. Vendor Qualifications

Required Certifications:
  • Industry-specific (e.g., PCI-DSS for payments, ISO 27001 for security)
  • Cloud provider certifications (AWS/Azure/GCP partner status)
  • Security clearances (UK public sector: SC, DV)
Team Experience Requirements:
  • Minimum years in relevant domain
  • Similar project references
  • Technology stack expertise
Financial Stability:
  • Minimum company age
  • Financial statements
  • Professional indemnity insurance
References:
  • Minimum 2-3 client references from similar projects
  • Contactable references
  • Recent projects (within 2 years)

7. Proposal Requirements

Vendors must provide:
  1. Technical Proposal
    • Solution architecture (aligned with architecture principles)
    • Technology choices with justification
    • Approach to each requirement category (BR, FR, NFR, INT, DR)
    • Risk assessment and mitigation strategy
    • Quality assurance approach
  2. Team Proposal
    • Team composition and roles
    • CVs demonstrating qualifications
    • Availability and commitment (% allocation)
    • Escalation path and governance structure
  3. Project Plan
    • Detailed timeline with milestones
    • Resource allocation plan
    • Review gates schedule (HLD, DLD)
    • Risk management plan
  4. Commercial Proposal
    • Detailed cost breakdown by role/phase
    • Payment terms and milestones
    • Assumptions and exclusions
    • Contract terms
    • Change request process

8. Evaluation Criteria

Based on interactive weighting selection: 60% Technical / 40% Cost (Example):
CategoryWeightCriteria
Technical Approach35%Solution design quality, architecture alignment, technology choices, innovation
Project Approach15%Methodology, risk management, quality assurance, change management
Team Qualifications10%Experience, team composition, CVs, certifications
Cost40%Total cost, value for money, pricing transparency, commercial terms
Mandatory Qualifications (Pass/Fail):
  • All MUST requirements met
  • Required certifications held
  • Minimum experience threshold
  • References provided

9. Contract Terms

Payment Terms:
  • Milestone-based payments (fixed-price)
  • Monthly invoicing (T&M)
  • Retention (typically 10% until warranty completion)
Acceptance Criteria:
  • Linked to requirement IDs
  • Measurable and objective
  • Test evidence required
Change Management:
  • Change request process
  • Impact assessment required
  • Approval thresholds
Intellectual Property Rights:
  • Client owns all IP
  • Source code escrow (if applicable)
  • Open source license compliance
Warranties and Support:
  • Warranty period (typically 90 days)
  • Defect response times
  • Support SLAs
Termination Clauses:
  • Termination for convenience (notice period)
  • Termination for breach
  • Exit assistance obligations

UK Government Specific

For UK public sector procurement, the SoW includes:

Sourcing Playbook Compliance

  • Outcome-based specifications - Focus on “what” not “how”
  • Should-cost modelling - Market benchmarks from research
  • Social value weighting - Minimum 10% in evaluation
  • SME access considerations - Lot sizing, payment terms

Security Clearance Requirements

  • Security Check (SC) for OFFICIAL-SENSITIVE
  • Developed Vetting (DV) for SECRET and above
  • Clearance timelines (8-12 weeks for SC)

Open Source Policy

  • Preference for open standards (TCoP Point 4)
  • Open source considered (TCoP Point 3)
  • License compliance requirements

Example Output

# Statement of Work: Payment Gateway Modernization

**Project ID**: ARC-001
**Document**: ARC-001-SOW-v1.0
**Classification**: OFFICIAL

## Executive Summary

Modernize legacy payment gateway to support real-time payments, open banking, 
and PSD2 Strong Customer Authentication. Expected benefits: 40% reduction in 
payment processing time, 99.99% uptime, PCI-DSS compliance.

## Scope of Work

### In Scope
- Real-time payment processing (Faster Payments, CHAPS)
- Open Banking API integration (PSD2 XS2A)
- Strong Customer Authentication (SCA)
- Payment reconciliation automation
- Fraud detection (rule engine + ML)

### Out of Scope
- Mobile app development (separate project)
- Legacy system decommissioning (BAU)
- Card scheme integrations (future phase)

## Requirements

### Business Requirements (5 total)
- **BR-001** (MUST): Support Faster Payments within 10 seconds
- **BR-002** (MUST): PCI-DSS Level 1 compliance
- **BR-003** (MUST): Open Banking API (OBIE v3.1)
- **BR-004** (SHOULD): Real-time fraud detection
- **BR-005** (SHOULD): Payment analytics dashboard

### Functional Requirements (15 total)
- **FR-001** (MUST): Process payments via Faster Payments API
- **FR-002** (MUST): Implement SCA for PSD2 compliance
...

### Non-Functional Requirements (12 total)
- **NFR-P-001** (MUST): 99.99% uptime SLA
- **NFR-P-002** (MUST): Payment processing < 3 seconds (p95)
- **NFR-S-001** (MUST): PCI-DSS Level 1 certification
- **NFR-S-002** (MUST): Data encryption at rest (AES-256)
...

## Deliverables
- HLD with architecture diagrams (Mermaid/C4)
- DLD with API specs (OpenAPI 3.0)
- Source code (Go, cloud-native)
- Test coverage >80%
- PCI-DSS compliance evidence
- 90-day warranty

## Timeline
- Total: 20 weeks
- HLD: 4 weeks
- DLD: 4 weeks  
- Implementation: 10 weeks
- Testing/UAT: 2 weeks

## Vendor Qualifications
- PCI-DSS QSA certification
- 5+ years payment processing experience
- 2+ UK financial services references
- ISO 27001 certified

## Evaluation Criteria
- Technical Approach: 35%
- Project Approach: 15%
- Team Qualifications: 10%
- Cost: 40%

## Contract Terms
- Fixed-price with milestone payments
- 90-day warranty
- Client owns all IP
- 30-day termination for convenience

Handoff to Vendor Evaluation

After receiving vendor proposals: 
# Create evaluation framework
/arckit.evaluate Create framework for project 001

# Score individual vendors
/arckit.evaluate Score Acme Payment Solutions

# Compare all vendors
/arckit.evaluate Compare all vendors for project 001
See Vendor Evaluation for details.

UK Digital Marketplace Alternative

For UK public sector, consider Digital Marketplace routes:
  • G-Cloud - If off-the-shelf service exists
  • DOS (Digital Outcomes and Specialists) - For custom development

Build docs developers (and LLMs) love

Get started for freeTalk to us