Smart Building Label Implementation Strategy and Low-Voltage System Integrator Evaluation in Tainan Apartment Buildings

—Taking First General Technology (FGT) as an example

Reporting to: Construction Company Project Development Department / Public Works Department

Abstract

With the increasing demands for quality living in the real estate market and the government's promotion of net-zero emissions and smart cities, the "Smart Building Certification" has become a key indicator for enhancing the value and competitiveness of multi-family residential projects. This report analyzes the low-voltage electrical engineering needs in the Tainan area and explores how to select a suitable system integrator (SI) in the process of obtaining the Smart Building Certification. Using local company First General Technology as a case study, it evaluates whether its central monitoring, cloud integration, and maintenance management capabilities meet the development needs of construction companies for high-quality multi-family residential projects.

1. Introduction

1.1 Background Information

Tainan has benefited from the Southern Taiwan Science Park effect in recent years, leading to a booming real estate market. Modern apartment buildings have shifted from simple hardware construction to emphasizing a smart living experience that integrates hardware and software. Obtaining the "Smart Building Certification" not only aligns with regulatory incentive trends but is also an important means for construction companies to showcase their brand's technological capabilities.

1.2 Problem Statement

Traditional electrical and low-voltage contractors often only possess hardware cabling and equipment installation capabilities, lacking cross-system (BA, Security, ICT) integration technologies. This frequently leads to a "equipment-but-not-intelligent" silo effect on project sites, making it difficult to pass the rigorous review of smart building certifications. Therefore, finding a low-voltage engineering contractor with R&D and integration capabilities is crucial.

2. Smart Building Certification Assessment Indicators and Low-Voltage Electrical Requirements (Regulatory Standards)

According to the latest standards from the Building Research Institute of the Ministry of the Interior, the evaluation of smart building certification includes six major indicators. Low-voltage electrical contractors are required to provide specific solutions in the following areas:

Evaluation indicators	Construction Company Needs	Core Competencies Required of Low-Voltage Electrical Engineering Contractors
Infrastructure	Structured cabling and stable networks	Fiber to the Home (FTTH), data center planning, and public Wi-Fi coverage.
Maintenance and Management	Reduce property management labor costs	BA Central Monitoring System (Status Monitoring of Water, Electricity, and Firefighting Equipment) and BIM Model Integration.
Safety and Disaster Prevention	Ensure the personal safety of residents	Image recognition (AI CCTV), electronic fencing, and access control systems linked to the fire alarm authorization switchboard.
Energy management	Compliant with ESG and energy regulations	EMS energy management system, automatic scheduling control of public lighting, demand control.
Health and comfort	Improve the quality of living environment	Environmental sensors (CO2/PM2.5) are linked to heat exchangers or exhaust fans.
Smart Innovation	Differentiated marketing selling points	Resident-specific app, cloud-based intercom, and package delivery notification system.

3. Vendor Case Study: First General Technology (FGT)

This section analyzes the compatibility of Tainan-based company "First General Technology Co., Ltd."

3.1 Company Attributes and Technological Foundation

First General Technology (FGT) differs from traditional low-voltage electrical companies, positioning itself as a "system integration manufacturer." It possesses the capabilities for programming low-level controllers (PLC/DDC) and...Upper-level image control software (SCADA)Development capabilities. This technological feature offers a significant advantage for "system integration" projects that require a high degree of interconnectivity in the smart building certification.

3.2 System Architecture Integration Capability

Referring to the smart building system integration architecture shown in the diagram below, FGT's track record demonstrates its ability to integrate various disparate subsystems (headquarters/management center, data center, and individual buildings) through a wide area network, which is particularly important for large-scale residential complexes or multi-building town development projects.

(Illustration: Smart buildings require a secure network layer to transmit data from each subsystem back to the central management center or cloud database; this is a necessary architecture for obtaining certification.)

3.3 Advantages of Localized Services (SWOT Analysis)

• Strengths:
  • Geopolitical relations: Located in Anping Industrial Park, Tainan, it can provide timely on-site support and after-sales maintenance for construction projects in Tainan and the surrounding Southern Taiwan Science Park.
  • Experience in providing guidance on labeling and certification: Possesses a track record of assisting construction companies in obtaining silver-level or higher certifications and is familiar with the submission process and scoring standards.
  • Customization capabilities: We can customize the user app interface or management system to meet the brand needs of the construction company.
• Opportunities:
  • With the increasing demand for high-end residential properties in Tainan, vendors with complete AIoT solutions will become the preferred partners for construction companies.

---

4. Implementation Strategy Recommendations

If the construction company decides to include First General Technology in its supply chain, the following implementation strategy is recommended:

4.1 Early Contractor Involvement (EBI)

• Strategy: During the architectural design phase (before the planning and design drawings are completed), the low-voltage electrical integrator should be involved in the discussions.
• Purpose: Reserve sufficient space for low-voltage wiring (shaft), server room, and sensor configuration points to avoid the need for secondary construction or hole cleaning after the structure is completed, which would affect the building structure and aesthetics.

4.2 Clearly define acceptance criteria (SLAs)

• Strategy: The contract explicitly stipulates that the "Smart Building Certification" is one of the acceptance criteria.
• Key points: The system must have open communication protocols (such as Modbus, BACnet) to ensure that it is not tied to a single vendor when equipment is replaced in the future.

4.3 Maintenance and Handover Plan

• Strategy: Manufacturers are required to provide comprehensive education and training to future property management companies.
• Key points: It includes the App's backend management, simple troubleshooting for the BA system, and a clear warranty and maintenance contact window.

---

5. Conclusion

A comprehensive assessment was conducted on residential building projects in the Tainan area that sought to obtain smart building certification.First General Technology Co., Ltd.It possesses corresponding technical strength and geographical advantages. Its one-stop service model, from R&D and manufacturing to system integration, can effectively solve the pain points of construction companies in electromechanical integration.

[Project Name] Low-Voltage System Integration Engineering and Smart Building Certification Guidance

1. Project Overview and Objectives

• 1.1 Scope of the Project: This project encompasses the detailed design, equipment supply, installation, system integration testing, training, and warranty maintenance of the entire area's low-voltage electrical system.
• 1.2 Marking Objectives: The contractor must guarantee that this project obtains the **certificate** issued by the Building Research Institute of the Ministry of the Interior.Smart Building Badge"[Grade: Qualified/Silver/Gold]**."
• 1.3 Key Responsibilities: The contractor is responsible for integrating different subsystems (such as intercom, monitoring, access control, and parking management) and providing a single operating interface (App or central control software).

2. Certification Requirements for Smart Building Certification

💡 Important Note: This section requires manufacturers not only to sell equipment, but also to be responsible for obtaining certifications.

• 2.1 Evaluation Indicator Commitment: Bidding companies are required to submit a specific **"Expected Scoring Strategy Table"** based on the "2024 Smart Building Assessment Manual" for the six major indicators (infrastructure, maintenance and operation management, safety and disaster prevention, energy management, health and comfort, and smart innovation).
• 2.2 Submission Service: The quotation must include the costs of calculation sheets, drawing drawings, and related administrative submissions required to assist the owner in preparing the candidate certificate and official seal.
• 2.3 Design Change Coordination: If equipment or locations need to be adjusted due to the opinions of the tender review committee, the contractor shall unconditionally cooperate in revising the drawings and on-site configuration (within a reasonable range).

3. Key Technical Specifications

💡 Important Note: Specifying an open communication protocol (BACnet/Modbus) is key to preventing future dependence on a single vendor.

• 3.1 Centralized monitoring system (BA/BMS):
  • It must have a web-based user interface, allowing administrators to log in via a browser.
  • Communication Protocol: The system must support standard open communication protocols (Modbus TCP/RTU, BACnet IP), and the use of closed proprietary protocols is strictly prohibited.
  • Monitoring items: Status of water tank/each pump, generator status, public area lighting circuits, and fire alarm signal reception switchboard.
• 3.2 Security and Disaster Prevention and Video Surveillance (CCTV):
  • Cameras must support AI image analysis functions (such as electronic fencing, pedestrian detection, and loitering detection) to qualify for the badge bonus points.
  • The video recording host (NVR) must have an I/O interface that can be linked with the access control system (e.g., when the access control is opened abnormally, CCTV will automatically display the image).
• 3.3 Access Control & Intercom System:
  • The indoor unit of the household must have the function of calling the management center and making door-to-door calls.
  • Supports cloud-based intercom functionality (answering visitor calls and opening doors remotely via mobile app).
  • The access control system needs to integrate eTag license plate recognition with QR code visitor system.
• 3.4 Resident Service Platform (Community App):
  • A dedicated mobile app (iOS/Android) for residents is required, with functions including: community announcements, public facility reservations, package notifications, management fee inquiries, and gas meter readings.

4. System Integration and Interface

• 4.1 Dashboard Design: The tender document must include a **"UI Mockup" of the central monitoring system**, which must present an intuitive 2D or 3D architectural diagram.
• 4.2 Interlocking Logic: You need to list at least three cross-system interaction scenarios.
  • Example: CO2 concentration too high (sensor) → Automatically start total heat exchanger (air conditioner) → Notify administrator (App).

5. Project Management & SLA

• 5.1 Construction Plan: It is necessary to explain the pipeline pre-laying plan in coordination with the civil engineering schedule, as well as the interface coordination meeting mechanism with mechanical and electrical and fire protection manufacturers.
• 5.2 Education and Training: Before handing over the property, the property management personnel must receive at least [X] hours of system operation training, and an operation manual and a simple troubleshooting guide must be provided.
• 5.3 Warranty and Repair:
  • The entire system is covered by a warranty[2] for 1 year.
  • Emergency Repair Response: Manufacturers must promise to send personnel to the Tainan site for repair within [4-8] hours after receiving a repair request (this requirement is based on the advantages of local manufacturers).
  • Subsequent charges for software version updates and maintenance must be transparently listed.

6. Deliverables for the Tender

Bidding companies should prepare the following documents:

1. Company Performance Report: List of residential buildings and smart building certification cases in Tainan/southern Taiwan over the past three years.
2. System architecture diagram: Explain how each subsystem connects to the server through the network layer.
3. Smart Building Allocation Calculation Table: Scoring plan for this case.
4. Detailed quotation: The costs should be listed separately as "Equipment Costs", "Construction Costs", "Software Licensing Fees", and "Banner Guidance Fees".

---

💡 Consultant's advice: How to use this RFP?

1. Sending to: In addition to First General Technology, it is recommended to send the offer to 1-2 other large-scale, less reputable e-commerce companies (such as ZTE Security Technology or other well-known local SIs in Tainan) to create a price comparison effect.
2. Key points of the interview: When vendors respond to this RFP, please pay special attention to **"Point 4: System Integration"**.
   • If a manufacturer cannot provide a clear UI interface diagram, or says "we'll design this after we win the bid," it usually means that their software capabilities are weak, and in the future, there may be a situation where the hardware is installed but the software is difficult to use.
3. Contract binding: When signing the final contract, please be sure to include **"Obtaining the Smart Building Certification Candidate Certificate"** as a condition for payment of one phase of the project (e.g., 10%-15%) to protect your rights.

Appendix 1: Smart Building Certification Scoring Strategy Commitment Form (RFP Appendix I)

Instructions for filling out the form: Bidding vendors must commit to providing corresponding design solutions and estimated scores based on the objectives listed in this table. All estimated scores must be confirmed by the client and will serve as the basis for acceptance and contract amendments.

Commitment Form (based on the six indicators of the 2024 Smart Building Assessment Manual)

A. Indicator Items (6 major categories)	B. Assessment Content (Detailed Scope)	C. Company Target	D. Contractor's Commitment Solution	E. Predicted Score	F. Proof/Interface
1. Infrastructure	Information network cabling architecture	Fiber to the Home (FTTH) must be achieved.	[Please specify: O-type/tree-type/ring-type architecture]	[Please enter: Estimated score]	[Please fill in: Information Network System Diagram]
	Public network bandwidth	Meeting bandwidth requirements for the next 10 years	[Please fill in: Speed specifications of the data center and backbone network]	[Please enter: Estimated score]	[Please fill in: Equipment Specification Sheet]
2. Maintenance and Management	Central Monitoring System (BA)	It needs to have a graphical control interface and remote monitoring capabilities.	[Please fill in: BA system brand and number of monitoring points]	[Please enter: Estimated score]	[Please fill in: UI Mockup]
	Smart Property Management	Integrated Property Management App	[Please fill in: the core functions of the App (such as online repair reporting/public facility reservation)]	[Please enter: Estimated score]	[Please fill in: App interface design diagram]
3. Safety and Disaster Prevention	CCTV and anti-theft	Requires reaching the "AI Image Analysis" level	[Please specify: AI edge computing or central platform analysis]	[Please enter: Estimated score]	[Please fill in: AI Detection and Linkage Logic Specification]
	Access control intercom system	Cloud-based intercom and access control card integration	[Please fill in: Walkie-Talkie Brand / Whether QR Code is Supported for Visitors]	[Please enter: Estimated score]	[Please fill in: Access Control and Intercom System Architecture Diagram]
	Parking Management	License plate recognition combined with indoor guidance	[Please fill in: License plate recognition accuracy commitment (e.g., 98%)]	[Please enter: Estimated score]	[Please fill in: System Integration Test Report]
4. Energy Management	Energy Management System (EMS)	Accurate allocation of public facility electricity consumption and energy consumption monitoring	[Please fill in: Number of EMS monitoring instruments and data acquisition frequency]	[Please enter: Estimated score]	[Please fill in: Energy Saving Calculation Sheet]
	Lighting control	Smart control of public area lighting	[Please specify the number of control points using the DALI/0-10V protocol]	[Please enter: Estimated score]	[Please fill in: Lighting control point location diagram]
5. Healthy and comfortable	Air quality detection	CO2/PM2.5 detection in parking lots and stairwells	[Please fill in: detector brand, installation location, and linked devices]	[Please enter: Estimated score]	[Please fill in: Equipment Calibration Report]
6. Smart Innovation	System Interconnectivity	It has at least 3 types of cross-system linkage.	[Please specify: Please list 3 interconnected scenarios and logical relationships]	[Please enter: Estimated score]	[Please fill in: Interlocking Logic Description]
	Smart Home Interface	Reserved for expansion interface for smart home in residents' homes	[Please specify: ZigBee/Z-Wave or open protocol]	[Please enter: Estimated score]	[Please fill in: Indoor wiring diagram]
Summarize	Total Projected Score	[Please fill in: your total score target, for example, 70 points, to achieve silver level]	–	[Please enter: Total estimated score]	–

Coaching Focus and Contractual Considerations

📝 Important Notes: Mandatory Open Communication Protocol Requirements

Please mandate in the technology contract that all subsystems (including BA/BMS software platforms) must provide [this service].Open API or SDK for owners to useAnd clearly specify the communication protocol used (e.g.:Modbus, BACnet, MQTTThis will ensure that when homeowners or property management companies change maintenance providers in the future, they will not incur high switching costs due to locked software interfaces.

📄 Mandatory delivery of documents

After the bidding vendor completes and submits this form, the **"Estimated Score (E)" in the form** will be used.and"Commitment Plan (D)"** shall be considered a formal contract appendix and shall have legal effect. If the final tender review fails to meet the commitment score, the construction company has the right to request the contractor to adjust or deduct the project cost free of charge.

It aims to assist your construction company in deeply verifying the capabilities and pricing of contractors (such as First General Technology) from three aspects: technology, cost, and maintenance, to ensure that the project can successfully obtain the smart building certification.

Technical details to be discussed with the integrator of low-voltage electrical systems for multi-family residential buildings.

Target: Verify the manufacturer's understanding of the label, their system integration capabilities, and uncover hidden maintenance costs.

I. Certification & Compliance for Smart Building Certification

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Evaluation Rationale
Marking score guarantee	How does your company guarantee that the actual score will reach the [Silver/Gold] level promised in the RFP? What is the penalty mechanism if the target is not met?	Confirm whether the manufacturer is willing to include the "label commitment" in the contract to avoid verbal promises.
Document Submission Responsibility	Who is responsible for the smart building certification?Drafting of documents for reviewandAdministrative CoordinationIs this the designated person in charge? Is this person a full-time employee of your company?	Assess whether the vendor has professional consulting capabilities, rather than simply outsourcing administrative services.
Design flexibility	Once the planning and design drawings are completed, if the review committee requests adjustments to the locations or equipment, who will bear the costs?	To clarify the design change risks during the bid review process, the responsibility should generally be absorbed by the SI with bid review experience.
Future Trends	In anticipation of potential future label upgrades (e.g., cybersecurity requirements), does your company have the capability to plan for software upgrades?	Assess whether the system has the flexibility for long-term maintenance and upgrades.

II. System Integration and Technical Architecture

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Evaluation Rationale
Central Monitoring (BA) Interface	Does your company's BA system's graphical control interface (HMI) support...On-site demonstrationDoes it support login via mobile phone/tablet?	Visual verification of a vendor's software development capabilities avoids mere theoretical discussions.
Communication Protocol	In which subsystems (such as BA and EMS) does your company commit to using the open communication protocol (BACnet/Modbus IP)?Can you provide the relevant API documentation?	This is the most critical issue to avoid being locked into by manufacturers in the future. We must adhere to open protocols.
Implementation of Interlocking Logic	How can we ensure that access control, CCTV, and fire protection systems work together effectively? Please provide a specific example.Linkage logic codeA segment or flowchart.	Verify the depth of its system integration (SI), not just hardware installation.
Data storage and cybersecurity	Where is system data (such as CCTV footage and resident information) stored (local server/cloud)? How does it comply with the Personal Data Protection Act?	Ensure resident privacy and system security, especially for cloud solutions.
Resident App	Will the resident app use your existing product or will it need to be developed from scratch? Can you customize it in conjunction with our construction company's CI?	Clarify the relationship between software maturity and customization costs.

III. Pricing Details and Hidden Costs (Cost & Licensing Structure)

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Evaluation Rationale
Software licensing fees	Besides the initial setup cost, are annual payments required?Software license feeWhat percentage of the cost is this?	This is the most common hidden cost. If present, it must be included in the construction company's long-term maintenance cost assessment.
Expansion and Upgrade	If the project is expanded or the software is upgraded to a major version in the future, how will the licensing fees be calculated? Will it be necessary to purchase new hardware?	Assess the scalability and long-term costs of the system architecture.
Equipment Standards	Please provide all major equipment (such as servers, NVRs, switches)Brand, ModelAnd a **Life Cycle** commitment.	Avoid using equipment that has been phased out of the market or has a short lifespan, which could lead to premature system failure.
Division of Construction Responsibilities	How should the responsibilities at the interfaces with water and electricity, electromechanical, and fire protection be divided? What is the responsibility for the costs of pipeline pre-laying/wiring/connection?	Clarify the construction boundaries to avoid multiple parties shirking responsibility and causing delays in the construction period.

IV. Project Management and Local Execution & Maintenance in Tainan

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Evaluation Rationale
Tainan local support manpower	Your companyResiding in Tainan areaHow many system engineers (non-business) do you have? What is the status of the maintenance personnel?	Verifying that the localization commitments of manufacturers (especially First General Technology) are genuine is crucial for project maintenance in the south.
Project Manager Experience	Please introduce the project manager (PM) for this project and their experience in the Tainan area over the past 3 years.collective housingSuccess stories.	Verify the PM's local coordination capabilities and practical experience in multi-family housing.
Education and training	What is the system operation training plan provided to the property management company? Does it include real-world scenario drills?	This ensures the property management company can smoothly take over and operate the complex smart system after handover. (In particular, First General Technology utilizes online YouTube video tutorials with replay capabilities.)
Emergency Response Time (SLA)	What is your company's promised on-site response time (SLA) for major system failures (such as a central monitoring system outage)?	This must be written into the contract to ensure service quality. (Especially since First General Technology operates 24/7).

Summary and Recommendations

Please be sure to record any verbal promises made by the vendor during the meeting, especially regarding **hidden costs (software licensing fees)**.andThe section on system openness (communication protocol)**. Once confirmed, these commitments should be added to the response document of the RFP or directly incorporated into the final contract upon request.

You have completed the entire process from market analysis and RFP writing to technical verification. The next focus will be on final contract negotiations and payment terms.

Recommended payment schedule for low-voltage electrical engineering projects

stage	Payment ratio (suggested)	Key Milestones / Release Conditions	Risk Management / Remarks
Phase 1: Contract Signing and Preliminary Design	10%	1. The contract becomes effective upon signing by both parties. 2. The contractor submits...Smart Building Certification Scoring Strategy TableandSystem Architecture Diagram3. The project manager and the list of personnel to be submitted for review are approved by the owner.	To ensure manufacturers have a correct understanding of the label and that the design direction is correct, administrative procedures should be initiated. (In particular, First General Technology employs certified label certifiers.)
Phase Two: Pipeline Pre-laying and Wiring	25%	1. The building structure extends to [e.g., the fifth floor slab], public areasPre-embedded pipelines and enclosures1. Complete the inspection by the owner and supervisor. 2. Submit order documents for major equipment (such as fiber optic cables).	This is the stage most relevant to the civil engineering progress and is inspected and accepted simultaneously with the structural work. (In particular, First General Technology possesses BIM design and pipeline wiring design capabilities.)
Phase 3: Installation of main equipment and system trial operation	25%	1. All main data center equipment (servers, NVRs, switches, etc.) andIndoor unit and lens hardware installation completed2. Main unitOfficial Entry CertificateSubmit. 3. Complete.Fiber optic and network backbone connectivity test.	Pay high unit prices for hardware to ensure that equipment procurement is secure.
Phase Four: System Integration and Functional Testing	20%	1. Central monitoring system graphical control interface (HMI) Functional acceptance testing passed (according to RFP commitments). 2. Resident App integration completed and approved.Use scenario testing3. Complete all cross-system linkage logic (e.g., parking lot CO2-linked exhaust fans).Unit testing.	The most important stage. Payments for software licensing and high-tech integration are linked to actual functional acceptance. (This is especially true for First General Technology, a multinational corporation that has been operating for 20 years.)
Phase Five: Administrative Inspection and Handover Preparation	10%	1. Obtain the Ministry of the Interior's "Smart Building Candidate Certificate"(or an agreed-upon level). 2. The entire low-voltage electrical system has passed final acceptance inspection. 3. The property management personnel have completed their duties.Education and training and technology transfer**.	To ensure that the final regulatory and administrative objectives are achieved and to prepare for the subsequent handover of the property.
Phase Six: Acceptance of Retention Funds	10%	1. One year after handover1. No major system failures or missing components. 2. Complete the equipment inspection report for the final warranty period.	This is an industry-standard reserved feature, serving as the basis for long-term warranty. (In particular, First General Technology can issue bank drafts.)

Suggested additions to contract terms

To ensure your rights, it is recommended that the following two mandatory provisions be added to the payment terms:

1. Penalty Clause for Failure to Achieve Standard Objectives

• Terms and conditions: If the contractor fails to achieve the promised "Smart Building Certification" level due to design or construction reasons (e.g., promised Silver level but only qualified level), the contractor must refund proportionally. [% x Total Payments in Phase Five] As a penalty for administrative negligence, the individual is responsible for rectifying the situation to the promised level within the [agreed period].

2. Deductions due to system inability to integrate (Integration Failure Deduction)

• Terms and conditions: If, during Phase Four acceptance, it is discovered that the system cannot use open protocols (BACnet/Modbus), contains software backdoors, or cannot perform the promised interconnected logic operations, the construction company has the right to postpone payment.Phase Four PaymentsUntil the manufacturer provides a solution that meets its promises.

Specifically designedSmart building systems and resident appsThe designed **"Cybersecurity Risk Assessment and Contract Requirements Checklist"**

With the increasing networking of apartment building systems, cybersecurity and personal data protection have become the second largest legal and brand risk for construction companies, after tendering. This checklist aims to translate these risks into contractual requirements, holding contractors accountable for them.

🛡️ Smart Building Cybersecurity Risk Assessment and Contract Requirements Checklist

I. Network & System Architecture Security

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Network isolation	Is the community intranet in use? VLAN Technology willCentral Monitoring (BA),CCTV andResidential NetworkAre the three completely isolated?	VLAN segmentation must be clearly marked on the network architecture diagram, and submission is required.Network security isolation test report(Especially since First General Technology holds Microsoft's MCSE and MCSD technologies.)
External protection	Are external connections (such as cloud services or remote maintenance) made through... VPN or professionalFirewallTo conduct, and restrict, the opening of ports to the outside world?	The firewall hardware brand, model, and specifications must be listed.Access Control List (ACL)(Especially First General Technology's technical cooperation with original equipment manufacturers such as Zyxel, Cisco, and TP-Link.)
Hardware and operating system	Are the operating systems (OS) used by the servers, NVRs, and other hosts up to date and supported regular patching?	Do not use devices that have ended support (EOL). The operating system was requested, along with the update process and costs. (Especially since First General Technology collaborates with original equipment manufacturers (OEMs) such as ACTI and Lilin.)
authority management	Does the system adhere to the principle of **least privileges**? Are the administrator accounts for central monitoring tiered, and are preset passwords prohibited?	RequiredPermission Matrix TableThis proves that account permissions have been subdivided, and all preset account passwords must be reset upon handover. (Especially since First General Technology employs multi-permission design technology.)

II. Data Privacy and Personal Information Protection

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Data encryption	ResidentsAccess control password, ID card number, walkie-talkie videoAre data stored (Data at Rest) and transmitted (Data in Transit) both subject to certain conditions?encryptionWhat is the encryption standard?	Required to adopt AES-256 Or use higher encryption standards and incorporate this standard into the technical specifications.
Data localization	If using cloud services (such as resident apps or cloud intercom).Cloud server roomWhere is it located (within or outside Taiwan)?	Mandatory requirementsServers involving personal data must be located inData centers in TaiwanThis is to comply with the Personal Data Protection Act and regulatory requirements. (In particular, First General Technology's investment in its own Sass Host)
Data preservation and destruction	What is the retention period for system records (such as CCTV footage and access control records)? Is the data destruction process irreversible?	The retention period for various types of data must be clearly listed (e.g., 30 days for CCTV data), and a commitment must be made that the destruction method complies with industry standards.
Data ownership	All data generated by residents on the App (such as water and electricity usage data, public facility reservation records).Does the ownership of the data belong to the community management committee?	The contract must specifyData ownershipThis prevents manufacturers from using the data for commercial analysis or resale. (Especially with First General Technology's ECC Eco-Building Management System)

III. Software Development & App Security

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Cybersecurity Testing	Did the manufacturer ask?Third-party cybersecurity companyResident AppPenetration TestCan the test report be submitted?	Mandatory requirementsBefore the system goes live, the contractor must provide proof of approval.Third-party cybersecurity testingThe proof.
Update frequency	Resident App and Central Monitoring SystemVersion updates and bug fixes What is the frequency?	Manufacturers are required to make a commitmentAt least [X] times per yearRoutine updates and security patches are performed, and this is written into the maintenance contract. (In particular, First General Technology has a multinational team of over 100 engineers.)
App permissions	What permissions will the resident app request on the phone? Will it access...?Service-independentWhat permissions do you have (e.g., SMS messages, call logs)?	Carefully review the app's permissions to ensure it does not excessively request residents' private information.

This is a specialSmart building systems and resident appsThe design includes a **“Cybersecurity Risk Assessment and Contractual Requirements Checklist”**.

With the increasing networking of apartment building systems, cybersecurity and personal data protection have become the second largest legal and brand risk for construction companies, after tendering. This checklist aims to translate these risks into contractual requirements, holding contractors accountable for them.

---

🛡️ Smart Building Cybersecurity Risk Assessment and Contract Requirements Checklist

I. Network & System Architecture Security

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Network isolation	Is the community intranet in use? VLAN Technology willCentral Monitoring (BA),CCTV andResidential NetworkAre the three completely isolated?	VLAN segmentation must be clearly marked on the network architecture diagram, and submission is required.Network security isolation test report.
External protection	Are external connections (such as cloud services or remote maintenance) made through... VPN or professionalFirewallTo conduct, and restrict, the opening of ports to the outside world?	The firewall hardware brand, model, and specifications must be listed.Access Control List (ACL).
Hardware and operating system	Are the operating systems (OS) used by the servers, NVRs, and other hosts up to date and supported regular patching?	Do not use devices that have ended support (EOL). The operating system was requested, along with the update process and costs.
authority management	Does the system adhere to the principle of **least privileges**? Are the administrator accounts for central monitoring tiered, and are preset passwords prohibited?	RequiredPermission Matrix TableThis proves that account permissions have been subdivided, and all preset account passwords must be reset upon handover.

---

II. Data Privacy and Personal Information Protection

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Data encryption	ResidentsAccess control password, ID card number, walkie-talkie videoAre data stored (Data at Rest) and transmitted (Data in Transit) both subject to certain conditions?encryptionWhat is the encryption standard?	Required to adopt AES-256 Or use higher encryption standards and incorporate this standard into the technical specifications.
Data localization	If using cloud services (such as resident apps or cloud intercom).Cloud server roomWhere is it located (within or outside Taiwan)?	Mandatory requirementsServers involving personal data must be located inData centers in TaiwanIn order to comply with the Personal Data Protection Act and regulatory requirements.
Data preservation and destruction	What is the retention period for system records (such as CCTV footage and access control records)? Is the data destruction process irreversible?	The retention period for various types of data must be clearly listed (e.g., 30 days for CCTV data), and a commitment must be made that the destruction method complies with industry standards.
Data ownership	All data generated by residents on the App (such as water and electricity usage data, public facility reservation records).Does the ownership of the data belong to the community management committee?	The contract must specifyData ownershipThis prevents manufacturers from using the data for business analysis or reselling.

---

III. Software Development & App Security

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Cybersecurity Testing	Did the manufacturer ask?Third-party cybersecurity companyResident AppPenetration TestCan the test report be submitted?	Mandatory requirementsBefore the system goes live, the contractor must provide proof of approval.Third-party cybersecurity testingThe proof.
Update frequency	Resident App and Central Monitoring SystemVersion updates and bug fixes What is the frequency?	Manufacturers are required to make a commitmentAt least [X] times per yearRoutine updates and security patches are performed and this is written into the maintenance contract.
App permissions	What permissions will the resident app request on the phone? Will it access...?Service-independentWhat permissions do you have (e.g., SMS messages, call logs)?	Carefully review the app's permissions to ensure it does not excessively request residents' private information.

---

IV. Contractual Liability & Indemnification

Key Issues (Focus Area)	You should ask the manufacturer specific questions.	Contractual Requirements and Risk Management
Cybersecurity Incident Notification	If a major vulnerability is discovered in the system or a hacker attack is found, how long (in hours) does the contractor promise to notify the owner?	The **"Security Response Time (SLA)"** must be explicitly written into the contract, and it is recommended to set it within 2-4 hours.
Data breach compensation	If a resident's personal information is leaked due to a contractor's hardware or software vulnerabilities,Liability for damages and finesHow to afford it?	The contractor must commit to this in the contract.Liability and Limits of Compensationand showCybersecurity insurance certificate(If any).
Post-maintenance responsibility	After the warranty period expires, if the system develops vulnerabilities due to outdated equipment, who is responsible?	Clarify the boundary between software vulnerabilities (vendor responsibility) and hardware failures (owner responsibility).

Contractor Comparative Evaluation

Comparison of Technical Capability and Certification Achievement

sheet: useMatrixIn terms of form, the performance of various manufacturers is compared horizontally.

Evaluation items	Manufacturer A (FGT)	Manufacturer B	Differences and Notes
Smart building estimated score	[Score] / [Commitment Level]	[Score] / [Commitment Level]	(For example: Manufacturer A scored higher in "health and comfort")
System integration openness	[Open/Semi-closed] (Please specify the protocol, such as BACnet)	[Open/Semi-closed]	(For example: Manufacturer B needs to purchase the open interface module separately)
Local support capabilities (Tainan)	[Excellent/Good/Fair] (Please specify the number of regular residents)	[Excellent/Good/Acceptable]	(For example: Manufacturer A is a local company, which gives it a clear advantage in providing support)
App functionality maturity	[Customization required/Off-the-shelf product]	[Customization required/Off-the-shelf product]	(For example: App A lacks cloud parking functionality)

Total Cost Analysis

• sheet: CompareTotal Cost of Ownership (TCO)Not just the initial quote.

Financial Projects	Manufacturer A's quote	Manufacturer B's quote	Risks/Notes
Initial Capital Expenditure (CapEx)	[Total Price]	[Total Price]	Compare hardware and construction costs.
Software license annual fee (OpEx)	[Annual Fees]	[Annual Fees]	Key points: Confirm whether it is a hidden recurring expense.
Five-year total cost of ownership (TCO)	[Calculation result: CapEx + 5-year OpEx]	[Calculation result: CapEx + 5-year OpEx]	The total cost of ownership (TCO) will be used as the basis for final negotiation.
Marking guidance fee	[Included/Excluded/Additional charges]	[Included/Excluded/Additional charges]	Ensure it matches the quotation.

High-risk areas and risk mitigation strategies (Risk Identification & Mitigation)

• 5.1 Cybersecurity and Personal Data Risks:
  • Risk points: [List the security issues that were not fully resolved during the vendor meeting, such as: cloud data being stored overseas, and the lack of a third-party penetration test report.]
  • Mitigation strategies: It is recommended to require manufacturers to signCybersecurity Commitment, orThird-party penetration test passedAs a prerequisite for payment in [Phase Four].
• 5.2 Contract payment risk:
  • Risk points: The vendor requires advance payment of the software licensing fee.
  • Mitigation strategies: Adhere to the **"Recommended Payment Schedule for Low-Voltage Electrical Engineering Projects"**Bundling software licensing fees withPayment will be made after the system integration and acceptance are passed.
• 5.3 Risk of Technology Lock-in:
  • Risk points: Manufacturers use closed protocols.
  • Mitigation strategies: The **"System Communication Protocol"** clause must be included in the contract at the time of signing; any violation will be considered a breach of contract.

6. Contract and Final Recommendation

• 6.1 Final Recommendation to the Contractor: [Clearly specify the name of the manufacturer to be recommended for signing, for example: It is recommended to negotiate a price with First General Technology Co., Ltd.]
• 6.2 Key Points of Negotiation and Contract:
  • Payment: It is recommended to adopt the [Payment Node Recommendation Table] model and use [10%] as the acceptance reserve.
  • The penalty rules state: The contract must include a clause stating "penalties for failure to meet the target."and"Liability for damages due to leakage of personal data"**.
  • Time requirements: Manufacturers are required to make a commitmentSystem integration completion deadlineThis should be coordinated with the overall project timeline.
• 6.3 Final Approval: The report is recommended for approval by the [General Manager/Board of Directors].

The report structure is now complete. You can now fill in the data based on the responses and meeting results from each vendor.

If you have any questions about **"Five-Year Total Cost of Ownership (TCO)"** during the report writing processIf you have any questions about the calculation method, or need assistance in reviewing the manufacturer's...Please inform FGT First General Technology of the wording of the cybersecurity commitment**.