In order to provide better development services to Party A regarding Qihoo Online Shopping Mall Information System, Party A hereby engages Party B to develop Qihoo Online Shopping Mall Information System. Party A and Party B hereby agree to enter into this Technology Development Contract after friendly negotiation and in accordance with the Contract Law of the People’s Republic of China and other relevant laws and regulations.

Article 1 Project Background and Purpose

Qihoo Technology is an internet company and has over tens of millions of customers. It has carried out the online sales business for its anti-virus software and established a complete business model. As it is found through market investigation, many digitalized commodities may be sold online, such as software products, software upgrade serial numbers, game cards and prepaid cards, etc. The process of transaction of these digital products can be entirely processed and completed through internet on a real-time basis. The main difference of the digitalized product transaction model, compared to the traditional online e-commerce, is that there is no need of logistic offline. Therefore, it greatly reduces the transaction cost and time, and is handy, easy and instant. Many users are fond of this transaction model.

With a view to the demand of users for the transaction of instant application digitalized products, Qihoo Technology wishes to carry out the business of internet software shop based on the business of anti-virus software online sales. However, Qihoo Technology does not have the support for the professional shop management platform, and so it engages Qizhi Software to develop the platform.

Qihoo Online Shopping Mall Information System is a large e-commerce platform with full functions, and can solve the following key issues:

· Simultaneous sale of many types of digitalized products (such as security products, game points, software, etc.);

· Security issues in the aspects of security certification, monitoring and audit;

· Automatic setup in the business process;

· Providing the system automatic operation mechanism, and reducing the losses caused by any error in mistaken;

· More perfect management function, and providing sophisticated management means such as automatic financial settlement and purchase-sales-inventory management;

· Providing a Unified external interface, and facilitating the business development and system management in future;

· Using a flexible and open technical architecture and incorporating a load balancing mechanism, which can facilitate the deployment and expansion of the system

Article 2 Content, Form and Requirement of Subject Technology

1. Scope of Application

Party B will develop Qihoo Online Shopping Mall Information System in various modules according to Party A’s requirements and after the demand analysis. The Parties will test such modules one by one. After all modules are developed, the modules will be interconnected in the whole system. Within three years after the whole system is accepted by Party A, Party B shall ensure the normal and stable operation of the system.

2. Technical Requirements

Application Structure

[Graphics]

System Description

The whole system is divided into three parts: online shop website sub-systems, background management sub-system and system support.

· Sub-systems of Online Shop Website

1. Portal website

2. Product Purchase

3. Renew and Upgrade

4. Online Payment

5. Customer Service

6. Community

………

· Background Management System

Customer Information Management

Internal User Information Management

Product Information Management

Business Setup Management

Purchase-Sales-Inventory Management

Financial and Settlement Management

Customer Order Management

Customer Service Management

Unified Payment Platform

Community Management

· System Support

Safety Certification

Log Management

Task Scheduling and Control

Statistics Analysis & Inquiry Platform

Parameter Setup Management

Unified Interface Platform

Technical Architecture

[Graphics]

Qihoo Online Shopping Mall Information System applies a structure of multi-layer application system, including presentation layer, logic layer and data layer. All these layers keep connected in a loose coupling manner.

During the course of development, a basic development framework shall be used and the development specifications of each layer shall be followed, to make the whole process of application design and development concise and standardized.

· Presentation Layer

It provides two kinds of front stage structures: MVC model for the traditional B/S application, and AJAX model for the rich client application.

· Business Logic Layer

A transaction accommodation mechanism is used to manage the business logic, and the business logic is divided into command layer, service layer and business component layer.

· Resources Accessing Layer

The platform provides an O/R mapping technology, realizes the transparent database access and provides a Unified interface interconnecting with the external system.

Website Topology

[Graphics]

Article 2 Technical Specifications and Parameters to Be Achieved

The acceptance of the system shall be conducted according to the function requirements described in Appendix 1: Qihoo Online Shopping Mall Information System Technology Development Plan; refer to Appendix 2 for the form of acceptance confirmation.

Article 3 Development Plan

The estimated period of the development project is one year. For details about the definitions and deliverables of each phase, refer to Appendix 3: Qihoo Online Shopping Mall Information System Development Plan.

Article 4 Obligations of both Parties

1. Main obligations of Party A:

(1) Party A shall pay the compensation to Party B in accordance with this Contract.

(2) Party A shall provide Party B with the technical materials, original data and relevant assistance in accordance with this Contract.

(3) Party A shall provide Party B’s persons with certain work place at Party A’s premises for system debugging.

2. Main obligations of Party B:

(1) It shall prepare and implement a development plan;

(2) It shall set up reasonable development environment, reasonably connect and set up the development environment according to Party A’s requirements regarding the development system, and shall ensure the system conform to the operation structure of the development system required by Party A;

(3) Party B shall complete the development of the system and submit all deliverables in accordance with this Contract.

(4) Party B shall ensure the satisfaction of Party A’s requirements, and ensure that the system can achieve the intended functional requirements and technical specifications after it is put into operation; if any specification is provided for in the public standards, it shall not be lower than the domestic or international standards and the technical level can be achieved;

(5) During the course of system development and testing, Party B must comply with all safety management rules of Party A, and shall be liable for all consequences resulting from violation of such rules.

(6) Party B shall provide Party A with the relevant technical materials and necessary technical guidance, and help Party A grasp the subject project.

(7) Party B shall provide Party A with the technical and consulting services, and shall assist Party A in establishing the operation procedures and submit a technology development summary report. Without hindrance to its normal research and development work, Party B shall accept the inspection of Party A regarding the performance of this Contract.

(8) Party B shall keep confidentiality of all key data in the system relating to Party A’s business.

(9) Prior to the acceptance of the Project, Party B shall give guidance regarding the application technology and software maintenance technology to the relevant persons dispatched by Party A.

(10) After the Project is accepted, Party B shall provide Party A with the system maintenance service and shall ensure the normal operation of the system under the subsequent maintenance.

(11) During the term of this Contract, Party B shall dispatch special persons to Party A’s site. These persons shall cooperate with Party A in system maintenance and give routine trainings to Party A’s maintenance persons.

(12) During the term of this Contract, Party B shall dispatch special persons to provide Party A with consulting services regarding the operation, maintenance and subsequent development of the system.

Article 5 Delivery and Acceptance

In view of the characteristic of Party A’s business operations, the Parties hereby agree that the Project shall be developed in various modules and such modules shall be delivered in phases. After the completion of development all modules, Party B shall connect those modules to the whole system, and Party A shall accept the whole system and put it into operation.

1. Party B shall deliver the modules to Party A in phases and install, debug, train and maintain the same in accordance with the provisions of Appendix 1: Development Proposal of Qihoo Online Shopping Mall Information System Technology. Party B shall ensure the normal operation of the modules, and ensure the effective connection and operation of the modules after the whole system is finally developed.

2. Upon receipt of a notice from Party B, Party A shall conduct testing and acceptance on the modules and the system together with Party B in accordance with this Contract, to accept the qualified modules and system delivered by Party B.

3. After Party B deliver the module in each phase, Party A shall promptly conduct acceptance. If Party A considers that there is any defect in the module delivered hereunder, it shall give a written notice to Party B when such module is installed.

4. Within three business days after the modules are delivered and installed by Party B in phases and with the assistance of Party B, Party A shall test and accept the modules as per the technical specifications and parameter setup described in the Development Proposal of Qihoo Online Shopping Mall Information System Technology. If it is found that any module delivered by Party B does not conform to the technical specifications and parameters setup, through testing within the time period of testing and acceptance stipulated herein, Party B shall make correction and all costs and expenses incurred therefrom shall be borne by Party B.

5. The delivery includes delivery of modules in phases and delivery of the whole system.

6. The following persons shall attend at the site when the modules are delivered and connected: project manager, maintenance manager and appropriate module technical manager of Party A, and project manager, appropriate module development manager and installation & debugging manager of Party B.

7. The project managers of the Parties shall confirm whether the installation and operation environment of the modules confirm to the relevant standards as per the requirement described in the function demand statement. If either Party objects, the Parties shall confirm such objection in written forms and determine the deadline and plan of such objection.

8. Party B’s persons responsible for installation and debugging of the system shall install the modules.

9. Where the conditions for installation are not satisfied, Party B’s project manager shall give a notice to Party A. In that case, Party A’s project manager shall solve such problem as soon as possible. Each period of 4 hours in solving the problem shall be accounted as a business day. The subsequent work in Party B’s development plan shall be postponed accordingly.

10. If any module can not work normally or the function of any module does not conform to the requirements described in the system function statement, Party A’s project manager may stop operating the module and demand Party B to solve the problem promptly. In that case, Party B shall be subject to the liabilities for the delay caused by such problem.

11. After the completion of development of the system, Party B shall deliver and connect the whole system.

12. The following persons shall attend at the site when the whole system is delivered and connected: project manager and system maintenance manager of Party A, and project manager and installation & debugging manager of Party B.

13. Party A shall setup the relevant hardware equipments according to the requirements for operation of the modules, prepare the technical requirements as listed in the system function demand statement and provide an installation environment for the whole system separated from other systems operated by Party A.

14. The project managers of the Parties shall confirm whether the installation environment confirm to the relevant conditions as per the requirements described in the system function demand statement. If either Party objects, the Parties shall confirm such problem in written forms and determine the deadline and plan of such problem.

15. Party B’s persons responsible for installation and debugging of the system shall install the whole system.

16. Where the conditions for installation are not satisfied, Party B’s project manager shall give a notice to Party A. In that case,

Party A’s project manager shall solve such problem as soon as possible. Each period of 4 hours in solving the problem shall be accounted as a business day. The subsequent work in Party B’s development plan shall be postponed accordingly.

17. The Parties shall confirm whether the modules connected to the system are complete or not as per the requirements described in the system function demand statement.

18. Party B’s persons responsible for system maintenance shall prepare the interconnection environment.

19. Party B’s persons responsible for installation and debugging shall connect the whole system, and the technicians of both parties shall confirm whether such connection is effective or not.

20. Party A’s system maintenance manager shall effectively connect the operation environment to the whole system and confirm whether the system is operated normally or not; the corresponding module managers of both parties shall confirm whether the functions of the system confirm to the requirements described in the system function demand statement.

21. If the system can not work normally after being connected or the function does not conform to the requirements described in the function demand statement, Party A’s project manager may stop operating the system and demand Party B to solve the problem promptly. In that case, Party B shall be subject to the liabilities for breach of contract accordingly. Additionally, Party B shall indemnify Party A against all losses and damages resulting from abnormality in the operation of the system or inconformity to the requirements described in the function demand statement.

Article 6 Cooperation and Sharing of Technology

1. After the modules are delivered, Party B shall provide Party A’s relevant persons with the trainings on the operation and maintenance of the modules to ensure the normal operation of the modules, and shall dispatch special persons to give routine maintenance on the operation of the modules at Party A’s site.

2. The trainings include group training and onsite training. The site trainings shall be given at Party A’s module operation site and the Party B’s development and simulated operation site.

3. The period of group training shall be three days/module.

4. Party A shall dispatch its module technical manager, module maintenance manager and module operators to participate in the trainings regarding the module.

5. After the system is delivered, Party B shall provide Party A’s relevant persons with the trainings on the operation and maintenance of the whole system for a period of ten days.

6. Party A shall dispatch its project manager, system technical manager, system maintenance manager and system operators to participate in the trainings regarding the system.

7. The trainings shall be given at Party A’s system site and the Party B’s development and simulated operation site.

8. During the course of cooperation between the Parties, Party B shall provide Party A with the guidance to the operation and maintenance of the module after the first module is put into operation. The aforesaid guidance shall include:

(1) Testing and data statistics relating to the routine operation of the modules;

(2) Testing and data statistics relating to the routine operation of the system;

(3) Routine trainings for Party A’s persons responsible for system maintenance;

(4) Cooperation with Party A’s persons responsible for system maintenance, summarize the characteristics of operation of the modules, making discussion and improvement;

(5) Promptly solving any failure in the modules and system maintained by Party B, and promptly giving a notice to Party A’s

persons responsible for system maintenance.

9. Party B shall provide consulting service Party A only during the course of development and operation of the system.

10. With respect to any question raised by Party A, Party B shall answer the question on the same day; if Party B has to answer it on the next day, it shall give a statement to Party A in advance.

Article 7 Allocation of Risks

1. During the development of the target technology, if there is any technical difficulty cannot be overcome under the current technical ability and conditions and such difficulty causes the failure of the Project or any part thereof, all losses resulting therefrom shall be borne by Party B.

2. If the target technology to be developed hereunder has been publicized by others during the course of project development, which causes the performance of this Contract meaningless, either Party may terminate this Contract. If Party B has incurred costs from the performance of this Contract, the costs shall be solely borne by Party B.

Article 8 Price, Compensation and Terms of Payment

1. Within 30 days upon the execution of this Contract, Party A shall pay the first installment of the compensation in sum of RMB 4.5 million to Party B; within 60 days upon execution of this Contract, Party A shall pay the second installment of the compensation in sum of RMB 4.5 million to Party B. From June 2009 to December 2012, Party A shall pay Party B 35% of the operating income of Online Shopping Mall as the compensation.

2. The compensation shall be paid to Party B by check, bank remittance or any other form in accordance with this Contract.

Article 9 Ownership of Technology

This Project will be completed by Party B for the benefits of Party A as a work-for-hire, and the ownership of the target technology shall be belong to Party A.

Article 10 Technical Information and Confidentiality

1. Each Party shall keep confidentiality of all technical information and materials given by the other Party.

2. After the delivery and cutover of the whole system, Party B must immediately deliver to Party A all confidential information (including the copies and extracts thereof) relating to the system, and may not claim any compensation against Party A.

3. Party B must comply with the confidentiality obligation stipulated herein during the term of this Contract and within three years after the termination of this Contract. If Party B provides, discloses, sells, leases, transfers, sublicenses, re-licenses or otherwise makes available of any confidential information to others in violation of this Article 10, Party A may claim damages and losses against Party B.

Article 11 Liabilities for Breach of Contract

1. Party A’s Liabilities for Breach of Contract

(1) Party A fails to provide the agreed technical materials, original data or assistance for more than 15 days after the deadline, Party B may terminate this Contract. In that case, Party A shall reimburse Party B of all costs and expenses incurred from the performance of this Contract.

(2) There is a material defect in the technical materials, original data and assistance provided by Party A, which causes suspension, delay or failure in the development of the Project, Party A shall be fully liable for such suspension, delay or failure. However, if Party B becomes aware that there is certain defect in the materials and data provided by Party A, but it fails to notify Party A for correction or supplementation, Party B shall be subject to the liability accordingly.

(3) If Party A refuses or delays to accept the deliverables without any justifiable cause, which causes such deliverables are lawfully acquired by any third party or the practical value of such deliverables is lost in its novelty, or such deliverables are damaged or lost by accident, Party A shall be liable for such damage or loss.

(4) If Party A fails to provide effective cooperation or conduct acceptance on time according to Party B’s requirements, Party B’s performance of its obligations regarding delivery and subsequent development plan shall be postponed accordingly. If Party A fails to do so for more than 20 days, Party B may terminate this Contract. Party A shall reimburse all costs and expenses incurred by Party B for performance of this Contract, and pay to Party B the liquidated damages at 5‰ of the costs and expenses incurred by Party B.

(5) If Party A terminates this Contract due to its own reason before any module is delivered, it shall reimburse Party B of all costs and expenses incurred from the performance of this Contract, and pay to Party B the liquidated damages at 5‰ of all costs and expenses.

(6) If Party A terminates this Contract due to its own reason after any module is delivered, Party A shall reimburse Party B of all costs and expenses incurred from the performance of this Contract and indemnify Party B against all losses and damages resulting therefrom.

2. Liabilities of Party B for Breach of Contract

(1) Within 15 business days upon effectiveness of this Contract, Party B shall deploy the human resources and environment required for development of the system. If Party B fails to do so within the agreed time period, which causes any suspension or delay in the development or delivery of the system, Party B shall indemnify Party A against all losses and damages resulting therefrom.

(2) If Party B fails to develop the system according to the schedule stipulated herein, Party A may demand Party B to carry out development work and take remedies immediately. If Party B fails to do so for more than 15 days, Party A may terminate this Contract and all costs and expenses incurred from the performance of this Contract shall be borne by Party B. Additionally, Party B shall pay to Party A the liquidated damages (the amount of which shall be determined by the Parties).

(3) If Party B fails to deliver any module within the time period stipulated herein, it shall indemnify Party A against all losses and damages resulting therefrom; if Party B still fails to do so within 15 days after the due date, Party A may terminate this Contract and Party B shall pay to Party A the liquidated damages (the amount of which shall be determined by the Parties).

(4) If the modules and system delivered by Party B fails to meet the intended function or technical specification due to its own reason, Party A may demand Party B to make supplementation or correction, and Party B shall indemnify Party A against all damages and losses resulting therefrom. If Party B fails to make supplementation or correction within 15 days, or it still fails to meet the intended function or technical specification after supplementation or correction, Party A may terminate this Contract, and Party B shall indemnify Party A against all losses and damages resulting therefrom.

(5) If Party B becomes aware of any technical difficulty can not be overcome during the term of this Contract, which may cause failure in the Project or any part thereof, it shall promptly give a notice to Party A and take appropriate actions to reduce losses. If Party B fails to promptly give a notice to Party A, Party B shall be liable for all losses and damages directly caused by such failure.

(6) If Party B terminates this Contract unilaterally, it shall indemnify Party A against all losses and damages resulting therefrom.

Article 12 Intellectual Property Rights

1. Party B hereby warrants that the development of the system and use of the system by Party A in accordance with this Contract will not infringe any intellectual property of any third party, and will not infringe any other legal rights of any third party.

2. If any third party initiates a claim against Party A due to Party A’s use of the system hereunder, alleging Party A infringes the intellectual property right, trade secret or any other lawful right of the third party, Party B shall at its own costs settle the claim, but Party A shall provide necessary assistance to Party B in settlement of the claim.

3. If it is the opinion of Party B that the system itself or its use will infringe or has infringed any copyright, trade secret or patent of any third party, Party B may at its own discretion take sufficient and necessary actions, so that Party A may continue to use the system or its replacement or its modified software. When Party A uses the replaced or modified software, Party B shall warrant that the function thereof is equivalent to that of the original system and it will not infringe any right of any third party.

4. All the intellectual property hereunder shall belong to Party A.

Article 13 Dispute Settlement

1. This Contract is governed by the Contract Law of the People’s Republic of China, the Regulations of the People’s Republic of China Regarding Protection of Computer Software and other relevant laws and regulations.

2. Any dispute arising from the performance or interpretation of or in connection with this Contract shall be first settled by both parties through friendly negotiation or mediation. If no settlement can be reached through negotiation or mediation, the dispute shall be settled by the following means:

(1) Submit the dispute to Beijing Arbitration Commission for arbitration;

(2) The arbitral award shall be final and binding upon both parties;

(3) Unless it is otherwise specified in the arbitral award, the arbitration costs shall be borne by the losing party.

3. Both parties shall continue to perform this Contract other than the parts involved in the mediation or arbitration.

Article 14 Force Majeure

1. If either party fails to perform its obligations hereunder during the term of this Contract due to any force majeure, such as war, floods, fire, typhoon, earthquake or any other event agreed by both parties as force majeure, the term of this Contract shall be extended equal to the duration of such event.

2. The influenced party shall give a written notice to the other Party within 5 days upon occurrence of the event, and provide the other Party with a written certificate of such event issued by the relevant authority within 15 days.

3. If any event of force majeure persists more than 120 days, both parties shall amicably negotiate to settle the issue regarding the continued performance of this Contract within 15 days after the end of such event. If the Parties can not reach an agreement within the aforesaid period, this Contract shall be terminated automatically.

Article 15 Effectiveness, Term, Termination and Miscellaneous

1. Effectiveness

(1) This Contract shall be made and executed in four counterparts, two for each party. This Contract shall become effective as of being duly signed and sealed by the Parties.

(2) This Contract shall become effective as of the effective date. This Contract shall supersede all prior oral or written contracts and undertakings between both parties regarding the subject matter hereof.

2. Term

(1) The term of this Contract shall be four (4) years, as from the date when this Contract is duly executed by both parties.

(2) If the name, organizational form, business nature, business scope, registered capital or investor of either Party is changed

during the term of this Contract, both parties shall continue to perform or procure its successor to perform all obligations hereunder.

3. Termination

If either Party intends to terminate this Agreement, both parties may enter into a supplementary agreement regarding the termination of this Contract through friendly negotiation. This Contract shall be terminated when it is confirmed by both parties in written forms.

4. Miscellaneous

(1) Upon expiration of this Contract, both parties shall continue exercising the rights and performing the obligations remaining thereafter, which will not be affected by the expiration of this Contract. The debtor shall continue to discharge its debt owing to the creditor.

(2) Any change to the provisions and appendices of the Contract shall be made in a written agreement duly executed by the authorized representatives of both parties through friendly negotiation.

(3) It is agreed by both parties that the technological results shall be the property of Party A and shall not be used for personal purpose and-sub-licensed by Party B, but excluding the use by Party B of such technological results for new development work.

Article 16 Definitions

1. “Technical Materials” shall mean any and all information, data, software, emails, faxes, communications, documents, drawings, forms, images and other materials relating to the customized software and customized technology.

2. “Confidential Information” shall mean this Contract and all appendices and supplementations hereto, and all software, software directories, documents, information, data, drawings, benchmark tests, technical specifications and trade secrets, and other information exclusively owed by each Party, provided to the other Party and expressly marked as “confidential”, including all items specified as “confidential” in any other contracts entered into by both parties before or after the date of this Contract.

Article 17 Miscellaneous

This Contract has four appendices and all these appendices shall have the same legal effect as this Contract.

The appendices attached to this Contract include:

Appendix 1: Technology Development Proposal of Qihoo Online Shopping Mall Information System

Appendix 2: Confirmation for Acceptance of Qihoo Online Shopping Mall Information System

Appendix 3: Development Plan of Qihoo Online Shopping Mall Information System

Appendix 4: Confidentiality Agreement for Qihoo Online Shopping Mall Information System

This Contract shall become effective as of being duly signed and sealed by both parties.

Party A:

Legal Representative or Authorized Representative:

/s/ Xiangdong Qi

Table of Contents

Chapter 1	Project Background		5

Chapter 2	Project Overview		5

2.1 Project Name			5

2.2 Target Customer			5

2.3 System Objectives			5

2.4 Design Principles			5

Chapter 3	Requirements Analysis		7

3.1 Understanding of objectives			7

3.1.1 Understanding of general objective			7

3.1.2 Recommended Staged Objectives			7

3.2 Understanding of Business Requirements			9

3.2.1 Business framework			9

3.2.2 Understanding of business requirements			9

3.3 Understanding of Technical Requirements			9

3.3.1 User type			9

3.3.2 Security			10

3.3.3 Data organization			10

3.3.4 Information access			10

3.4 Analysis of Functional Requirements			10

3.4.1 Online Shopping Mall website subsystem			10

3.4.2 Background management system			11

3.4.3 System support			11

Chapter 4		System Characteristics	11

4.1 Maturity and Advancement			11

4.2 Strong Adaptability			11

4.3 Flexibility and Openness			12

4.4 High Scalability			12

4.5 Application Consolidation and Integration			12

4.6 Security			12

Chapter 5	Overall Design		12

5.1.1 Application architecture			12

5.1.2 Technical architecture			13

5.1.3 Network topology			14

Chapter 6 System Functions			14

6.1 Online Shopping Mall Website Subsystem			14

6.1.1 Portal website			14

6.1.2 Product purchase			14

6.1.3 Renewal and upgrade			15

6.1.4 Customer space			15

6.1.5 Customer service center			15

6.1.6 Community			16

6.2 Background Management System			16

6.2.1 Customer information management		16

6.2.2 Internal user information management		16

6.2.3 Product information management		17

6.2.4 Business Configuration Management		17

6.2.5 Supply, Sale and Inventory Management		18

6.2.6 Financial Settlement Management		20

6.2.7 Customer Order Management		21

6.2.8 Customer Service Management		22

6.2.9 Unified Payment Platform		23

6.2.10 Community Management		24

6.3 System Support		24

6.3.1 Security Authentication		24

6.3.2 Task Scheduling and Control		25

6.3.3 Log Management		26

6.3.4 Statistical Analysis and Query Platform		27

6.3.5 Parameterization Configuration Management		27

6.3.6 Unified interfacing platform		29

6.4 Security Management		29

6.4.1 Security of Physical Layer		29

6.4.2 Security of System Layer		30

6.4.3 Security of Network Layer		30

6.4.4 Security of Application Layer		30

6.4.5 Security of Information Representation Layer		31

6.4.6 Security of Management Layer		31

6.5 Data Storage and Backup		31

6.5.1 Backup/Recovery Content		31

6.5.2 Consideration of backup data quantity		31

6.5.3 Daily data backup strategy		31

6.5.4 Recovery Processing		32

Chapter 7	Project Management	33

7.1 Project Management Approaches		33

7.1.1 Project Organization Management		33

7.1.2 Project Personnel Management		33

7.1.3 Project Plan and Progress Management		33

7.1.4 Project Communication Management		34

7.1.5 Project Risk Management		35

7.1.6 Version Management of Project Results		35

7.2 Project’s Lifecycle Selection		36

7.3 Project Progress Control		36

7.4 Project Organization Structure		37

7.4.1 Project Organization Structure		37

7.4.2 Responsibilities of Members of Project Organization Structure		37

7.5 Project Quality Guarantee Scheme		39

7.5.1 Quality Risk Analysis		39

7.5.2 Quality Guarantee Guideline		40

7.5.3 Quality Management Methods		40

7.5.4 Quality Guarantee Measures		40

Chapter 8 Project Testing Scheme		41

8.1 Test Process		41

8.2 Test Stage		41

8.3 Test Method		42

8.4 Test Process Flow		42

8.4.1 Formulation of Project Plan		42

8.4.2 Project Tracking and Monitoring		42

8.4.3 Configuration Management		43

8.4.4 Quality Assurance		43

8.4.5 Evaluation of Test Results		43

8.5 Test Tools		44

Chapter 9 Services and Training		45

9.1 Scope of Services		45

9.2 Silver Service Plan		46

*9.2.1 Hotline Support Service (724hrs)**		46

9.2.2 Remote Dial-in Analysis		46

*9.2.3 Field Support Service (724hrs)**		46

9.2.4 Priority and Response Speed		46

9.2.5 Periodical Patrolling Inspection		47

9.3 Training Content		47

Chapter 1 Project Background

Qihoo is a internet company with a strong base of more than 100 million customers which has developed its online sales business of anti-virus software and established a complete business model. Market survey shows that many digital goods can be sold online, such as software products, software product upgrading serial numbers, game cards and prepaid cards. The whole transaction of those digital products can be performed in an instant and real-time fashion on Internet. The biggest difference between the transaction & operating model of digital products and the traditional online electronic commercial trade is that the former requires no offline logistic distribution, which results in greatly reduced transaction cost & time and quick & convenient transaction. This transaction model is quite popular among a great number of customers.

In response to users’ demand for instant transaction of digital products, Qihoo wishes to develop the business of Internet software online sales on the basis of its anti-virus software online sales. However, Qihoo lacks the support of corresponding professional sales management platform, and so commissions Qizhi Software (Beijing) Co., Ltd. to develop such a platform.

Chapter 2 Project Overview

2.1 Project Name

Qihoo Online Shopping Mall Information System

2.2 Target Customer

All Internet users, cooperative marketing partners, operators and system maintenance & management personnel

2.3 System Objectives

· Provide a secure online sales platform with all necessary functions;

· Realize complete background management functionality, including unified third-party payment & management platform, purchase, sales & storage management subsystem, and financial sub-system;

· Realize a flexible and complete management platform, demonstrate the concept of Parameterization management and ensure business scalability & flexible allocation;

· Enable complete security system, data backup and relevant functions;

· Realize the interfacing with relevant existing systems, which might involve the upgrade or transformation of certain systems.

2.4 Design Principles

· Advancement

The system shall adopt leading & proven techniques to ensure the effectiveness and continuity of investment.

· Reliability

· The system shall be able to work properly.

· The system shall operate 7x24hrs nonstop and reliably.

· The upgrade or improvement of software versions shall proceed without affecting business operations and with steady & smooth system transition.

· Maintainability

· System administrators can configure, monitor, control and diagnose the entire system in a centralized and simple manner, and monitor & control operating conditions, improve working efficiency and remove hazards.

· The configuration, control, monitoring and diagnosis of all functional modules of the system can be done by using professional system management tools without need for specialized encoding.

· Security

· Information security shall be guaranteed. In other words, information can be transmitted and stored securely within the system, and there shall be good data backup and quick restoration schemes.

· A rigorous security system shall be adopted to ensure data security in processing and transmission.

· The system shall be able to work properly without being attacked or damaged.

· Information in the system shall not be subject to unauthorized access, and the authorization of operation personnel shall be defined according to organization structure. Application software modules to be used by operation personnel at different levels of authorization can be freely combined and subject to centralized configuration by system administrators.

· When the security system is damaged, the system shall automatically remind the operators of such damage, detect abnormalities and offer correct operating methods. The bidder shall list the alarm methods that the system offers.

· Manual resetting or system startup is enabled without causing data loss or damage.

· High performance

The system shall have the performance required for user access, and offer consistent & predictable response.

· Flexible & convenient development and deployment

After the construction of data center platform, the system can address business requirement change and data source change flexibly and facilitate the customization, development, deployment and management of functions.

· Scalability

Open, standard and adaptable architecture is used to meet various new requirements on the system with expanded business volume and additional types of business. Packaged modular design idea is adopted to guarantee strong adaptability and scalability of the system. In addition, software architecture supports the upgrading and increased quantity of hardware systems.

Chapter 3 Requirements Analysis

3.1 Understanding of objectives

3.1.1 Understanding of general objective

According to our understanding of relevant requirements, the general objectives of Qihoo Online Shopping Mall information system are: to meet the strategic needs of Qihoo business growth, establish an Online Shopping Mall system of online digital products with all complete functions as well as the corresponding management system and platform supporting systems. In addition, to make sure that the system meets the needs of future business development, the system must possess necessary features including sufficient flexibility, stability and advancement.

Based on our experience in constructing large e-commerce systems, with full consideration of the project’s long-term objectives and short-term objectives as well as the project’s general objectives and the requirements of various businesses at different stages, by adhering to the principles of “overall consideration, step by step”, we put forward construction designs at three stages to ensure the operability and practicability of the project.

The stage-1 objective of the project is to complete the subsystem of Online Shopping Mall website and management functions and supporting modules required for smooth operation of the system; the emphasis of the stage-2 work is to complete the background management system, and to conduct necessary upgrades and adjustments with respect to the testing and operation results of the Online Shopping Mall website subsystem. The emphasis of the stage-3 work is complete supporting systems, complete the overall jointly debugging of the system and ensure smooth operation of the system.

3.1.2 Recommended Staged Objectives

Stage-1 objective

Staged objective: all functions of Online Shopping Mall website subsystem and necessary modules of management system and supporting system

Estimated period: 2009.1.1 — 2009.5.30

Details of major implementations:

· Construction of the architecture of Online Shopping Mall website subsystem

· Construction of the architecture of management system

· Integral data model

· Development of functions of Online Shopping Mall website subsystem (except customer community)

· Development of necessary modules of background management system: customer information management, internal customer information management, product information management, basic customer order management

· To ensure smooth operation of Online Shopping Mall website subsystem, the usage of existing payment platform system is temporarily deferred..

· Development of necessary modules of supporting system: security authentication management, basic log management

· Establishment of basic security management system

Stage-2 objective

Staged objective: to realize most modules of background management system as well as the adjustment and upgrade of Online Shopping Mall website subsystem

Estimated period: 2009.6.1 — 2009.9.30

Notice: due to the possibility of jointly debugging of third-party interfaces between Online Shopping Mall website subsystem and background management system, the potential third-party problems might delay the progress of the project.

Details of major implementations:

· Optimization of the architecture of background management system

· Business configuration management

· Inventory management

· Financial staged management

· Integral customer order management

· Unified payment platform

· Community in Online Shopping Mall website subsystem and the management of community

· Improvement of log management module of system support

· Provision of basic statistical analysis & inquiry platform

· Provision of basic unified interfacing platform

· Improvement of security system

Stage-3 objective

Staged objective: to lay emphasis on the completion of all functions of supporting system, improve the Online Shopping Mall website subsystem and background management system and finalize the comprehensive jointly debugging and integral operation of the system.

Estimated period: 2009.10.1 — 2009.12.30

Details of major implementations:

· Completion of task scheduling and control module

· Improvement of statistical analysis & inquiry platform

· Realization of Parameterization system configuration

· Improvement of unified interfacing platform

· Adjustment and upgrade of relevant modules of Online Shopping Mall website subsystem and background management system

· Integrated system jointly debugging

· Integral operation

· Establish of data storage & backup system

3.2 Understanding of Business Requirements

3.2.1 Business framework

Qihoo is a internet company which has been engaged in online sales of software products and established a set of “digital product operation system” to support such business operations. With further popularization of Internet and development of digital products, Qihoo wants to venture into the sales of digital products of various types, which cover software products, software upgrade & renewal, game cards and China telecom prepaid cards, etc. Product offerings include Qihoo’s own products and those for which Qihoo serves as an agent. Since all products to be sold are digital products, the sale and purchase of all such products can be carried out on Internet. In reality, Qihoo Online Shopping Mall Information System is an e-commerce platform aimed at the sales of digital products.

The businesses of Qihoo Online Shopping Mall Information System involve:

· Online Shopping Mall website subsystem (e-commerce portal system)

· Background management system

· System support module, etc.

3.2.2 Understanding of business requirements

· Business application layer

External customers

Internal business personnel

Internal system management personnel

· Business scope

Qihoo Online Shopping Mall Information System is mainly involved in Internet-based sales, payment, finance, marketing, security authentication, comprehensive management, etc.

· Number of user access and number of concurrent user terminals

The system shall withstand 1,000 or more concurrent accesses and ensure access quality and time as well. In addition, to adapt to business growth, the system shall have logical and physical scalability.

3.3 Understanding of Technical Requirements

3.3.1 User type

External customer: an external customer conducts commercial activities including purchase and payment, so the processing of information concerning customer account is required.

Internal user: an internal user sets the businesses in the system, and is likely to gain access to sensitive data within the system. Certain operations by an internal user need reexamination and audit.

System administrator: a system administrator maintains smooth operation of the system, and is likely to gain access to sensitive data within the system or some operations by it might affect system operation. Its operation requires necessary monitoring and audit.

3.3.2 Security

Security is a must for any e-commerce system. Qihoo Online Shopping Mall Information System is expected to keep plenty of business information, so it is very important to ensure information security. For this purpose, the following measures are taken:

· Strategy of identity authentication and authorization authentication of external customers and internal users

· Establishment of rules and regulations on user creation and authorization

· Maintaining data management over the separation of operation environment from development environment

· Periodical tracking and audit on system security

3.3.3 Data organization

Scientific data organization helps users to understand the information from data center more easily. The following issues will be taken into account:

Metadata management

Data quality issue

Data naming standardization

3.3.4 Information access

Information access falls into the following categories: access to data center via portal system, and direct access to the system via corresponding application systems (e.g., background management system and third party interface). Information access tools shall be characterized by simplified operation, user-friendly interface and ease of operation.

3.4 Analysis of Functional Requirements

3.4.1 Online Shopping Mall website subsystem

Online Shopping Mall website subsystem is primarily used for external customers. An external customer can register himself as a Qihoo member, and conduct commercial activities including product search, order placement and payment in the Online Shopping Mall website subsystem. So the Online Shopping Mall website subsystem shall be able to satisfy customers’ e-commerce requirements.

In addition, internal business management personnel shall conduct business operations, such as recommending various products to customers, marketing campaigns and leasing advertising spaces to third-party partners in the Online Shopping Mall website subsystem.

Therefore, the Online Shopping Mall website subsystem shall have all functions of a most completed e-commerce portal.

3.4.2 Background management system

All modules of background management system will be developed to guarantee smooth operation of the Online Shopping Mall website subsystem.

Customer information management: management of basic information of external customers.

Internal customer information management: internal customer information management, authorization allocation.

Product information management: product categorized information definitions, setting of product information of various types

Business configuration management: definition and management of various business activities

Product inventory management: management of product inventories

Financial settlement management: management of financial settlements with third-party systems or partners

Order management: management and statistical analysis of customer orders

Customer service management: management of customer services

Unified payment platform: unified payment interface of the system

Community management: offering of various community management functions

3.4.3 System support

All modules of the system are mainly technical tools to ensure smooth operation of the system. For detailed functional description, please refer to the section on system functions.

Chapter 4 System Characteristics

4.1 Maturity and Advancement

Qihoo Online Shopping Mall Information System employs many proven development modes, such as AOP and MVC, and it also adopts leading technologies like AJAX and FLASH to enhance customer experience and the system’s operating efficiency.

4.2 Strong Adaptability

Through configuration, the system can support large and medium-sized e-commerce applications and small-sized lightweight applications as well.

4.3 Flexibility and Openness

Thanks to modular design concept, each module can operate independently with loose coupling between modules.

The entire system complies with various standard specifications, and is fully open.

4.4 High Scalability

With design idea of plug-in management as well as JavaBeans module, framework module, AOP interceptor module and application service module, OTP enjoys broad expansion space. The powerful interface module (label library) also supports the expansion and secondary development of external appearance.

4.5 Application Consolidation and Integration

The data routing based enterprise service bus enables flexible & smooth data integration.

4.6 Security

Multi-level authorization, monitoring, alarm and log

Chapter 5 Overall Design

5.1.1 Application architecture

[Graphics]

System description:

The system is generally divided into three parts: Online Shopping Mall website subsystem, background management system and system support.

· Online Shopping Mall website subsystem

1. Portal website

2. Product purchase

3. Renewal & upgrade

4. Online payment

5. Customer services

6. Community

…

· Background management system

Customer information management

Content & user information management

Product information management

Business configuration management

Supply, sales & storage management

Financial settlement management

Customer order management

Unified payment platform

Community management

· System support

Security authentication

Log management

Task scheduling & control

Statistical analysis & inquiry platform

Parameterization configuration management

Unified interfacing platform

5.1.2 Technical architecture

[Graphics]

Qihoo Online Shopping Mall Information System uses the multi-leveled application architecture which comprises representation layer, logical layer and data layer. There is loose coupling between layers.

The development will be based on basic development framework and in compliance with technical codes for the development of those layers so as to simplify and standardize the design and development of the entire application.

· Representation layer

It offers 2 foreground architecture modes, namely MVC mode for traditional B/S application and AJAX mode for rich client application.

· Business logic layer

With transaction reservoir mechanism, business logics are divided into order layer, service layer and business module layer for the purpose of business logic management.

· Resource access layer

The platform offers O/R mapping technology, enables transparent database access, and also provides unified interfaces for interaction with external systems.

5.1.3 Network topology

[Graphics]

Chapter 6 System Functions

6.1 Online Shopping Mall Website Subsystem

6.1.1 Portal website

· Product presentation:

The customer can view all relevant products through general preview or categorized preview. Product offerings include popular products, new arrivals, special offers, etc.

· Product search:

Products can be searched by different search modes, such as search by product name, price, repeat purchases, customer satisfaction rate or product category.

· Product recommendation

Popular products, new arrivals, feature products and products of interest to customers

· Current marketing and promotional activities

· Product advertising space

Advertisements of partners will be released within given periods of time according to the setting of advertising spaces, and statistics will be made on the click-through rate and customer information of advertisements involved.

· System announcement

Current effective announcements (i.e., website maintenance announcements) are shown.

· Customer registration

Basic information on a customer is verified before generating the unique number of customer account.

Send an “account activation email” to the email address furnished by the customer for registration purpose.

The customer activates its account by clicking on the link shown in the “account activation email”.

· Customer logon

Such information as customer name, password and check code shall be entered.

After logon, the customer may revise basic customer information, view & revise purchase orders, or make payments.

· Newsletter

It generally comprises company news and industry information.

6.1.2 Product purchase

· Product information presentation

Product categories

Popular products

A list of goods in which the customer may be interested will be obtained based on the record of purchases they made.

Presentation of detailed product information

A number of most recent customer comments will pop up once customer comment is posted.

· Product purchase

The customer is supposed to select the products to be bought and fill up a purchase order online before order management.

Online payment

Downloading or offline transmission of product information

Registration of out-of-stock product

· Product information search

Product search can be performed by name, category or other factors.

6.1.3 Renewal and upgrade

Log on and select the products to be renewed

Select appropriate payment model

Make payment

Get the activation code

6.1.4 Customer space

· Management of basic customer information

After logon, the customer is entitled to revise the corresponding basic customer information.

· Order management

Order inquiry

If order status permits, orders can be modified or deleted.

6.1.5 Customer service center

FAQ (Frequently Asked Questions)

Online consultation and complaints

Customer services contact information

6.1.6 Community

· Community registration and logon

· Community information search

· Community identity information management

· Basic community functions: post, reply, moderate recommendation, pin, comment, quote, search, statistics, etc.

· Community system can automatically generate navigable tabs including latest topics, latest replies, hottest post and digest.

· Management functions

After logon, the customer can modify, delete or otherwise manage its own posts.

6.2 Background Management System

6.2.1 Customer information management

This module manages customer information and learns about system customer groups to be timely informed of customers’ dynamic state and data concerning customer orders on a daily basis.

Functions:

· Customer data: including customer description, customer credit rating, current sales status of customer region, previous order placement, customer statistical data, ongoing orders, payment status, customer feedback, etc.

· Customer information management: (deletion, disabling, authorization, edition)

· The customer shall edit all data on its own, inquire about its business history records, and establish statistical reports.

· Allocation of customer authorization:

6.2.2 Internal user information management

[Graphics]

User objective : system administrator

For internal users, authorization management means managing the resources and scope of access according to different working scope and roles.

1) For customers of different types, different authorization can be set, and the modules available to different authorization can be freely combined and subject to centralized management by system administrator. System administrator is entitled to add, modify and delete the role groups, and to define the authorization of role groups through different combination of basic authorities.

2) System administrator can perform flexible combination of authorities, and a number of single authorization in functional modules can be superposed to form authorization combination.

3) Authorization configuration must be done by authorized system administrator, and the administrator shall not set any authorization that is beyond its authorization range.

4) It is able to support the setting of authorization according to different dimensions.

6.2.3 Product information management

6.2.3.1 Product category management

Addition, modification, deletion and inquiry of product categories

Product categorized management enables different-level categorization, and product lines can be represented in tree data structure.

6.2.3.2 Product information management

· Information input: business personnel can input product information into the system. Product information includes textual information, images and documents.

· Information modification: modify current product information within the allowable range and submit the information to the system.

· Deletion of product information: delete the chosen product information. Product information is actually not deleted from the database, and the information of this product is set as the status of deletion.

· Product shelving and de-shelving: only products marked “shelved” can be viewed at foreground.

· Template management: set and maintain certain products information templates to facilitate the maintenance of product information.

· Provide partners with sales data analysis, sales details, sales volume, data comparison, etc.

· Provide partners with the analysis and comparison of financial data

6.2.3.3 Design points

· Mass-data statistical analysis, reasonable design of data structure, optimization of data query

· Factory design patterns adopted for business processing classes, plus inheritance of foundation classes

· Functional modules are independent, and class interfaces possess clearly defined functions

6.2.4 Business Configuration Management

For the purpose of structured development, this system adopts the development principles expressed in formulae of the same type to express the requirements for major content updates likely to come with business growth in corresponding type libraries. The use of type library+ interpreter/executor mode minimizes system modification arising from the upgrade of key links.

6.2.4.1 Marketing Campaign Management

Marketing campaign management involves the following functions:

Maintenance of basic information on marketing campaigns: creation of marketing campaigns and maintenance of basic information. Basic information on marketing campaigns includes name, starting and ending date of marketing campaigns, and associated products.

Formulation of rules for marketing campaigns: the system will automatically conduct operations like transaction discount calculation, customer reward calculation and settlement with suppliers according to marketing campaign rules.

Once established, the campaign will be under the activation status. For any customer transaction within the term of validity of the campaign, the system will automatically conduct such operations as discount rate calculation, customer point calculation,

and settlement between system and relevant partners in accordance with the set campaign rules;

Upon the expiry of the campaign, the state of campaign will automatically change from effectiveness to cancellation, and the campaign will be deleted (campaign information and numbering to be retained) and allow for further modification.

6.2.4.2 Management of Advertising Spaces

· Advertising space setting

Define the basic attributes of advertising space. Advertising space of Online Shopping Mall information system can be set either within the portal website or inside emails sent to customers.

· Information management of advertising spaces

Set basic information concerning advertising spaces, including term of validity of advertisements, target of service, term of service, settlement mode, etc.

· Information statistical analysis of advertising spaces

Analysis on use rate, profitability statistical analysis of advertising spaces. . . . . .

Partners who buy advertising spaces may be provided with the results of statistical analysis on information relating to customers who click on such advertisements.

6.2.4.3 Campaign Analysis/Reports Statistics

Perform data summary and statistics by campaign categories. After setting marks for different campaigns, enter parameters like campaign marks to learn about the progress of the campaign and corresponding curve chart. With the help of those information indexes, campaign effect analysis and trend forecast can be realized.

6.2.5 Supply, Sale and Inventory Management

I. Counterparty management:

1. Supplier management: supplier archives can be set and managed. Archive information includes supplier name, address, contact personnel, contact telephone number, fax number, zip code, account-opening bank, bank account number, tax number, website address, EMAIL address, etc.

2. Commodity information management: commodity name, number, type, commodity description, unit of measurement, supply price, retail price, fee rate, etc.

3. Setting of terms of collection and payment

4. Rate setting

5. Setting of terms of collection

II. Warehouse incoming/outgoing management

1. Purchase order information: information entered on a purchase order includes: customer, order number, delivery date,

name & number of goods, unit price of goods, quantity, amount, etc. The previous supply price may automatically pop up when the information concerning purchase order is entered.

2. Receiving management of purchase orders: to perform such operations as delivery inspection and acceptance of goods in purchase orders, automatic cancellation/reduction of purchase orders, automatic registration of accounts payable after receiving the goods, or determine whether or not to warehouse the goods.

3. Management of purchase prepayments: to manage and log on purchase prepayments.

4. Management of purchase payments and settlements: log on purchase payment and settlement, cancel/reduce accounts payable by customers, and make a payment to cancel several accounts payable after verification. In particular, this module is quite effective in processing non-entire voucher settlements, thus solving the thorniest issue in manual accounting.

III. Inventory management

1. Goods stock-in management: stock-in order numbers can be automatically generated, and commodity and customer selection is convenient and fast. Commodities can be put in several warehouses simultaneously, and there is no limitation on the quantity of commodities in each stock-in. Relevant vouchers can be printed out from time to time.

2. Commodity stock-out management: stock-out voucher numbers can be automatically generated, and commodity and customer selection is convenient and fast. Commodities can be delivered out of different warehouses simultaneously, and there is no limitation on the quantity of commodities in each stock-out voucher. Related vouchers can be printed from time to time. Different modes of commodity stock-out including normal stock-out, giveaway stock-out and damaged commodity stock-out can be distinguished.

3. Commodity stock-return management: stock-return voucher numbers can be automatically, and commodity and customer selection is convenient and fast. Commodities can be returned to several warehouses simultaneously, and there is no limitation on the quantity of commodities in each stock-return. Related vouchers can be printed any time.

4. Commodity inventory-taking management: inventory-taking voucher numbers can be automatically generated, and commodity selection is convenient and fast. The inventory-taking data of several warehouses can be entered simultaneously.

5. Commodity borrowing management: commodity borrowing voucher numbers can be automatically generated, and different borrowers are supported. There is no limitation on the quantity of such sheets, and related vouchers can be printed out at any time.

6. Commodity returning management: commodity returning sheet numbers can be automatically generated, and commodity borrowing records can be automatically cancelled. Related vouchers can be printed out at any time.

IV. Inventory query and statistic system:

1. Inventory query: the inventory of goods of various types can be queried any time, and the goods can be automatically categorized for statistics. The inventory of a single warehouse can be queried, and the total inventory of all warehouses can be also queried. The inventory details and inventory summary can be automatically printed out.

2. Voucher query: all kinds of vouchers including ordering, taking delivery of goods, return, stock-in, stock-out, stock-return, sale and payment can be queried and printed out any time.

3. Comprehensive purchase query: queries on data including purchase orders, taking delivery of goods, returns, advance payments and settlement of accounts payable can be made by different conditions like period of time, customer, type and commodity, and data obtained through queries can be summarized. Reports can be formed according to query and statistical results and printed out at any time.

4. Comprehensive query on commodity stock-in/out inventory: Queries on inventory status of commodities can be made by different conditions like period of time, customer, department and commodity name, and data obtained through queries can be summarized. Reports can be formed according to query and statistical results and printed out at any time.

5. Comprehensive sales query: queries can be made by different conditions like period of time, customer, department, commodity and sales volume, and data obtained through queries can be summarized. Reports can be formed according to query and statistical results and printed out at any time.

V. Financial and analysis alarm system:

1. Setting of beginning balance of inventory: the beginning balance of goods of various types in all warehouses shall be set.

2. Inventory account: daily, monthly inventory accounts or those within a given period of time can be generated and printed out at any time.

3. Daily incoming and outgoing reports of goods in stock: daily stock-in reports, daily stock-out reports and daily stock-return reports for goods in stock can be automatically generated. All such daily reports can be printed out anytime.

4. Sales reports: reports of sales volume and reports of sales amount can be automatically generated.

5. Inventory ratio analysis: inventory data can be summarized and converted into statistical charts for analysis to show the components of inventory structure, and reports can be formed based on analysis results and printed out any time.

6. Statistical analysis of operational data: including goods sale cost and gross profit statistics, customer sales ranking, commodity sales ranking, and statistical analysis of annual sales.

7. Setting of upper and lower limits of inventory: the upper and lower limits of goods of various types in stock can be set.

8. Automatic alarm on abnormal inventory: automatically offer warning alarms on categories which are below lower limit of inventory or above upper limit of inventory.

6.2.6 Financial Settlement Management

[Graphics]

1. Settlement judgment

Judge on valid payment vouchers or consignment collection vouchers verified by settlement center, and distinguish payment mode from consignment collection mode.

2. Settlement confirmation

Send an advice of collection to the payee or an advice of payment to the payer after collection or payment operation is confirmed.

3. Settlement operation

Complete settlement operations. Generate documents evidencing completion of collections or payments in the case of

intra-city settlements; generate special checks for transfer in the case of intercity settlements.

6.2.7 Customer Order Management

Order management: order management, order processing progress management, order statistics, payment management, generation of reports of various types.

Control the whole transaction through background program, and form records & reports.

Latest order information management, to view customer orders;

Order processing, to manage orders placed by customers effectively;

Order tracking and allocation means that the administrator allocates customer orders to business personnel;

Order statistical report means categorized summary of all effective orders

Main modules:

· Order placement

[Graphics]

· Order query module

It allows order query by product, date, quantity, amount or processing status, and query interfaces include customer interface and administrator interface.

· Order management module

The administrator may conduct real-time order processing in the background, e.g., whether contact is made, whether the goods are shipped, whether the customer has taken delivery of the goods or made payment, and can mount the function of online payment.

· Order giveaway management

The Online Shopping Mall may carry out the promotion of giveaways, so the project involves order giveaway management.

Foreground presentation:

When the customer makes a purchase at the foreground of website, if there are giveaways available for the goods in purchase order, or the order meets the conditions for “giveaways for purchase order valued at or above a certain amount”, the page will jump direct to gift zone, and remind the customer to select the giveaways.

Background operation:

When the order is presented at background, the giveaways may contain several different types of goods, but the prices of giveaways shall be set prices.

The following points are worth noting:

If there are giveaways available for the goods in purchase order and the administrator modifies the quantity of certain goods or deletes the goods, thus rendering it impossible to meet giveaway conditions, the system shall automatically mark the giveaways as “cancelled” or simply delete such giveaways. In modifying the orders, the administrator shall give an express instruction and confirm the modification or deletion operation, and deleted or cancelled giveaways are unrecoverable.

Customer promotion analysis: including statistical analysis of promotional campaigns including advertisements and publicity activities.

6.2.9 Unified Payment Platform

It provides product unified payment entrance to meet different payment modes, e.g., mobile phone and bank card.

It also offers sound payment modes, such as payment by mobile phone, credit card, debit card and Easy Own card.

According to business model of Qihoo Online Shopping Mall Information System, the mode of payment applicable to this system is B2C, namely payment from personal account to corporate account. The following diagram shows a common payment process.

[Graphics]

Payment module generally comprises three major parts, i.e., service page, payment gateway, management system.

· Service website accepts various management transactions by users and the processing of bills of all kinds.

· Payment gateway accepts the payment request of service page, and forwards the request to all bank systems.

· Management system is used for internal management, and can adjust the operating parameters of website and gateway.

[Graphics]

In terms of functions, the business of payment platform is generally completed by application layer and control layer.

· In application layer, complete payment-related business functions including transaction processing, fund clearance and batch processing; in addition, it also offers management functions and sets & adjusts all parameters of payment platform.

· Control layer is responsible to complete transaction processing function, mainly including transaction route, data storage & forwarding, error processing, timeout processing and reversing.

System security strategies

· Technical guarantee

Application security: certificate authentication, password verification, message encryption

Network security: intrusion detection, hacker prevention, virus control

System security: operating system security, database security

Standard management: quality management, sound maintenance system, etc.

· Business guarantee

Rigorous business process control

Strict business verification and sound reporting system

Risk control system: conduct feedforward, concurrent and feedback monitoring on merchant monetization, user monetization and use & control of users’ funds, and devise detailed rules so as to ensure maximum fund security

The payment platform will keep a complete transaction log for examination and verification whenever necessary.

6.2.10 Community Management

Management functions of community are divided into two levels:

Management by system administrator on forum setting: plate allocation, appointment of plate administrators, management of community account, etc.

Plate administrators perform routine maintenance and management on posts in the community.

6.3 System Support

6.3.1 Security Authentication

6.3.1.1 Business Model

[Graphics]

6.3.1.2 Three Operating Modes

The system supports the following three operating modes:

· Unified user management and authentication mode: identity information of all application resources is subject to unified management. During access to the application resource, the access entity calls USP4i’s authentication service via agent to get user and authentication information.

· Distributed account management and unified authentication mode: the application resource calls USP4i’s management service to maintain its account information. During access to the application resource, the access entity calls USP4i’s authentication service via agent to get user and authentication information.

· Data supply mode: the platform maintains users’ identity information in a centralized manner. By supplying data to the application resource, the application resource completes authentication and uses user information when the access entity gains access to the application resource.

6.3.1.3 Four Access Technologies

· Radius access: system authentication supports standard radius access, such as network equipment and database;

· PAM and AD (Active Directory) access: the system supports the access via open system PAM security architecture and the access via windows operating system Microsoft®Active Directory®(AD) security architecture;

· Standard Agent access: the system supports the standard Agent access of typical application supporting platforms like

weblogic and websphere;

· User-defined agent: user-defined agent may be developed for some systems developed by user itself.

6.3.1.4 Functional Characteristics

USP4i management desk has the functionality of adding, deleting, modifying or querying institutions, users, accounts, roles, resources (application system, mainframe, equipment, posts, menu), authentication mode, security strategies, etc. USP4i provides management and authentication services via WebService. Additionally, USP4i offers signature function (digital signature and seal or handwritten signature).

· Unify the security system and management process of application system identity management and authentication;

· Real-name based user account view manages the user’s lifecycle, and real-name based certification supports fixed grouping of users and dynamic grouping by attribute;

· Support the definition of cross-system global roles as well as static & dynamic isolation of roles;

· Unified voucher management: the same user can possess several certificates with different levels of certification intensity, e.g., static password, dynamic password, certificate, fingerprint and vein, and vouchers allow cross-origin resource sharing;

· Unified certification center supports flexible setting and switching of various certification modes, automatic identification of products certified by different manufacturers and transparent expansion of new certification modes; it also supports prevailing certification modes, types and products: multi-leveled certification can perform independent certification by system, function, menu, page and even command;

· The combination of digital signature and seal or handwritten signature not just ensures anti-juggling of digital documents but corresponds to the habits of domestic users.

6.3.2 Task Scheduling and Control

Operation control module is a set of programs and interface functions.

The background drive scheduling program in the operation control module examines the operation of all programs mentioned in the configuration list according to the settings provided in the configuration file (configuration list), and starts the programs that meet operating conditions in turn on the principle of event triggering and time triggering. In addition, after the end of the operation of a specific program, it checks if there is any other program that meets operating conditions among configured programs. If yes, such programs will be started in turn and operated cyclically.

6.3.2.1 Composition of Operation Control Module

The system comprises background drive part, foreground monitoring part and relevant interface functions & programs:

· Background drive part

Scheduling of batch process flow;

Initiation of batch processing;

Communication with batch processing program;

Communication with foreground monitoring part;

· Foreground monitoring part is responsible to:

Display operating status of batch processing operation

Receive instructions from operators, and transmit them to the background

· Interface functions

Called by application program to notify the program to start/stop the operation;

· Interface program

Called by application shell to notify the program to start/stop the operation;

The background drive part starts the batch processing program requiring operation. This does not constitute the parent-child process relationship, no matter whether the program runs properly;

During operation, the application program needs to notify the operation control module that the operation starts, or ends normally, or fails;

Operation control module is responsible for the start and end of some daemon processes whenever appropriate;

6.3.2.2 Functions of Operation Control

· Conduct all batch processing operations

· The system operates automatically according to work flow, thus reducing human intervention

· Work flow is configurable

· Support event triggering mode and time triggering mode

· Support parallel operation model

Single-job multi-process parallel mode

Multi-job parallel mode

· Support local process serial mode

Multiple programs can be configured in serial mode, and programs with the same operation parameters can be executed according to serial process.

· Support manual auxiliary control mode

Support manual triggering and initiation of certain sub-job flow

Support repetitive operation of a certain function

· Support executable program mode and shell program

6.3.3 Log Management

To maintain the operation status of its own resources, the Internet-based online sale system keeps operation records of its

routine events, and that is so-called system log. System log can be used to monitor system resources, examine users’ behavior, issue alarm on suspicious action, ascertain the scope of intrusion and assist in system recovery.

The types of system management log include:

Operation log: record the operations of external customers and internal users within the system.

Operation types include: logon, push-out, click, order placement, payment, information maintenance, etc.

System log: record system operation status

It records system operating status, and uses such records as the basis for system monitoring.

6.3.4 Statistical Analysis and Query Platform

In order to boost service quality and strengthen automatic business recommendation, the system adopts the function of data mining aimed at information bank and user data bank. On one hand, the system automatically analyzes customer attributes, delves into consumption rules of customers, and automatically recommends services of the same type to customers of interest. On the other hand, the system tries to identify the consumption rules of individual users and automatically recommends other consumption services to individual users. This function greatly increases the accuracy of customer consumption and the number of potential customers, and reduces marketing cost considerably.

Statistical analysis of the system generally includes:

Statistical analysis of customer service information;

Statistical analysis of customer operation;

Statistical analysis of sales status;

Statistical analysis of marketing campaigns; and

Customer survey and analysis

6.3.5 Parameterization Configuration Management

6.3.5.1 Design concept

1. System call reduces manual operation.

The system operates on every workday according to its fixed business process, and each task executed in the process is a kind of routine work. Routine work shall be executed automatically by the system with minimum manual operation. This arrangement can not only lessen the pressure on working personnel but decrease the risks arising from human misoperations.

“Generation and synchronization of interface data” is routine work executed on a daily basis. Therefore, the execution of this task shall be subject to centralized call by “operation control system”.

2. Human intervention, manual execution

Despite automatic execution by the system, the possibility of human intervention is still retained.

System administrator can track execution status and examine execution results at any time, and even terminate the operation of program, adjust execution steps and modify execution function when necessary.

After parameter adjustment, tasks can be performed in the following methods:

· Return execution power to operation control system to continue operation control.

· Manual batch execution;

· Manual step-by-step execution

3. Configuration management and ease of use.

Interface realization shall satisfy the ease of use through simple configuration. Interface functions shall be parameterized during design so that business functions can be realized via parameter setting.

4. Convenience in business adjustment and expansion

To facilitate the addition of new business functions or adjustment of existing functions, business parameters shall be separated from driver program during design, and driver program shall be designed as core service irrelevant to business. When business growth requires the addition of new interface functions, new business parameters can be added simply through configuration management;

Interface data = core service + business parameters

5. Parallel service for efficiency’s sake

During system design, existing business and future development volume shall both be taken into account. Core service shall be designed with parallel processing mode to ensure the efficiency of task execution.

6.3.5.2 Parameterization Programming

[Graphics]

1. Business configuration Line

Business operators configure parameters via management desk, and parameters fall into two types: entrance parameters, which refer to designated parameter form and location, such as path, name or field of files generated; exit parameters, which refer to tables, fields or field types in business database designated to be imported;

2. System operation line

In routine operations, the operation control system calls the core service program, and reads configuration parameters in a parallel manner. According to the setting of configuration parameters, it reads data in the database table and generates interface data including interface data files. In case of system abnormality, the operation personnel can stop the operation of core service program manually. After modifying configuration parameters, the operators can operate manually the core service program on the application server and generate interface data.

Operation process:

[Graphics]

6.3.5.3 Parameterization Operation

[Graphics]

1. Parameter configuration line

Business operators configure parameters via management desk, and parameters fall into two types: entrance parameters, which refer to information like data and data attribute designated to be imported, such as path, name or field of data files; exit parameters, which refer to tables, fields or field types in business database designated to be imported.

2. System operation line

In routine operations, the operation control system calls the core service program, and reads configuration parameters in a parallel manner. According to the setting of configuration parameters, it reads interface data and imports them into database tables. In case of system abnormality, the operation personnel can stop the operation of core service program manually. After modifying configuration parameters, the operators can operate manually the core service program on the application server and import the data from interface data into the database.

Operation process:

[Graphics]

6.3.6 Unified interfacing platform

According to business requirements, Qihoo Online Shopping Mall Information System may exchange information with other systems, such as relevant systems of partners, internal existing systems and third-party system (e.g., payment gateway of a bank).

To facilitate management and expansion, the system shall adopt the unified external interface to realize data exchange between it and other systems. Such unified external interface shall adapt to different data exchange modes including message and file mode, and possess transaction processing capability to ensure the integrity of data transmission.

6.4 Security Management

[Graphics]

The security and stability of Qihoo Online Shopping Mall Information System is primarily realized in six layers:

6.4.1 Security of Physical Layer

The security and stability of physical layer of the system is guaranteed through such measures as security, environmental monitoring and hardware operation & maintenance of computer rooms.

6.4.2 Security of System Layer

In terms of system layer, professional means including intrusion detection, loophole scanning and virus prevention & control to guard against external malicious operations.

6.4.3 Security of Network Layer

A variety of technical and management measures are taken to ensure normal working of network system and the availability, integrity and confidentiality of network data. Therefore, the main purpose of the security of network layer is to rule out any addition, modification, loss or divulgation of data subjected to network transmission and exchange.

For this purpose, besides reasonable network planning, the following technologies are employed:

Firewall technology;

Isolation technology;

Encryption technology;

VPN technology

6.4.4 Security of Application Layer

· Complete identity authentication mechanism

The customers and management personnel within the system are required to access the system’s protected resources through identity authentication.

Different authentication strategies and authentication mechanisms are employed for different customers or internal users.

Different authentication intensity shall be set for different levels of operation.

· Authorization and authentication

Operations by customers and users are regulated via authorization and authentication mechanisms.

· Data encryption

Necessary data undergoes MD5 irreversible encryption to ensure the security of sensitive data effectively.

Secrecy of transaction data: measures shall be taken to prevent the divulgation of important financial information & account information and the misappropriation of transaction data & information.

· Integrity of transaction data

Measures shall be taken to prevent the juggling of sensitive, confidential and significant data in transmission.

· Non-repudiation of transaction data

The whole process of transaction can be recorded to serve as audit basis.

6.4.5 Security of Information Representation Layer

Methods including webpage anti-juggling, content filtering, content management and data authorization management are used to attain the security of system information representation.

6.4.6 Security of Management Layer

In addition to technical means, a sound security management mechanism shall be established to ensure secure & stable operation of the system. Such mechanism involves:

Security technology

Security equipment

Security management system

Department & personnel management

……

6.5 Data Storage and Backup

6.5.1 Backup/Recovery Content

For business applications, data is the most important. Though those data come from business system, it is rather costly to retrieve TB-level data from business system in case of data damage or loss, and this will also affect normal operation of business system. Therefore, it is necessary to do a good job in data backup.

In addition, key applications, data and parameters within mainframe system also require periodical backup.

6.5.2 Consideration of backup data quantity

In planning the capacity of backup device (tape library system), the following data backup/recovery mechanisms shall be guaranteed:

· Full data backup shall be done at least twice. The next full backup covers the first backup (the second backup to be saved). The mechanism of periodical full backup of data may be established according to data growth status.

· Periodical incremental backup of data shall be guaranteed between two full backups of data.

· Backup of key applications, data and parameters of mainframe system

The capacity of backup equipment may be considered and planned according to the quantity of business data which makes up the bulk of database. Generally speaking, the capacity of backup device shall be at least 4 times the said data quantity.

6.5.3 Daily data backup strategy

The approaches of daily data backup are generally divided into incremental backup, full backup and complete backup.

· Incremental backup

Incremental backup means a backup of the changed part of a selected object on the basis of the previous backup. One full backup and all subsequent incremental backups are required for the recovery of any selected object. In addition, corresponding incremental backup strategies may be worked out to address specific needs. For instance, the possibility of backing up historical data on tapes according to specific years and months in the future may be considered.

· Full backup

Full backup means entire backup of the selected object. During recovery, we shall merely rely on this backup to recover the selected object. In general, the so-called full backup refers to the full backup of certain parts of the system rather than the backup of the entire system.

· Complete backup

Complete backup means entire backup of all objects of a system. During recovery, we shall merely rely on this backup to recover the whole system or specific objects of the system.

In Qihoo Online Shopping Mall Information System, large quantities of data are likely to be loaded into core business directories on a daily basis. Out of concern for processing speed and access space in such drastic data change, it is generally advised to perform complete backup of such directories instead of recording data change in the log.

6.5.4 Recovery Processing

System fault recovery

System faults fall into the following types: system software, CPU/ node fault and disk fault, which are specified below.

· System software:

Data recovery is required only when system software failure results in data corruption or crash. Engineer first attempts to repair the damaged data online. If such attempt fails, data recovery is needed, namely recovering data from backup.

· CPU/node fault:

In case of CPU/node fault, the process on faulty node will be automatically transplanted onto other nodes, and load balance will automatically proceed without need for human intervention for data recovery.

· Disk fault:

In the event of total failure of disk system (of course, the probability is rather low), defective modules must be replaced, and the system shall be re-initialized so that data can be recovered from backup cartridge.

Hardware upgrade and recovery

In most cases, hardware upgrade does not require data unloading or reloading, and the product can automatically realize data synchronization.

Error recovery of application program

Erroneous application program means accidental damage to database which is attributed to erroneous program logic of the program itself.

We suggest backing up data files used for interfacing. When recovery is needed, first delete the data sheet, and then recover the data sheet from backup cartridge and correct the error in the application program. Resume the application program for data loading.

Disaster recovery

We suggest that the cartridge should undergo double backup, and one backup must be stored in other place. Though not all backups undergo duplexing, it is suggested that double backup of tapes be conducted at least once every month, and one of those backups shall be sent to other places. In case of any disaster, the range and strategy of data recovery must be determined according to actual needs, and system recovery shall be done from external tape backup after the recovery of system platform.

Chapter 7 Project Management

7.1 Project Management Approaches

7.1.1 Project Organization Management

A project-based organization structure, scientific management, the leaders of both parties pushing forward and supervising the project, and the provision of business and technical experts are keys to successful implementation of the project. The project organization will make decisions on major issues during project implementation, check the progress of the project on a regular basis, learn about difficulties of various types during project implementations, make significant decisions and offer guidance on smooth operation of the project. For details of project organization structure, please refer to corresponding sections below.

7.1.2 Project Personnel Management

Project personnel management means reasonable and careful arrangement of specific working personnel in accordance with technical scope involved at different stages of the project and involved in all divisional works for the purpose of guaranteeing overall working efficiency and quality of project personnel.

To ensure smooth operation of the project, we will organize an efficient project team and strictly implement the control process of “ISO9001 quality management system”.

7.1.3 Project Plan and Progress Management

The management and control of project plan and progress is critical to scheduled completion of the project.

(1) Formation of project plan

Project progress plan is the benchmark and basis for project implementation and control, and is also the most effective tool designed to facilitate project organization, coordination, communication and control. It enables all people involved in project implementation to be well aware of their respective working goals, methods and approaches to reach such goals, and corresponding time limit, and helps minimize the time, cost and other resources required to realize the objectives of the project.

(2) Project progress control

Project progress report: Project Manager shall present a project progress report on time, and be fully responsible for the contents of such report. Items including “confirmed percentage of cumulative completed works”, “estimated man hours of remaining works”, “man hours of the project in the reporting period” in project progress report is extremely important to project analysis, so Project Manager must detail the scope of work of the project and fill up relevant items carefully and accurately and cautiously.

Progress analysis and control: analyze project reports and such information as the results of completed works and project

expenses comprehensively based on progress plan, timely identify latent problems and risks with the project, and take countermeasures accordingly. Modification of progress plan: check against actual project-related information and conduct summary analysis with project progress. When actual progress deviates from initial plan, modify the plan according to project situations and keep a “description of plan modification” for record;

Any major change to progress plan: which involves milestones must be reported to the project leading group for examination and approval prior to actual performance of the plan. In case of any major event that affects project progress, the implementation progress of the project shall be re-negotiated, and the new version of “projection implementation plan” shall be submitted and kept for record.

7.1.4 Project Communication Management

Communication management is a key part of project management. It is very important to reach an agreement on major issues concerning the project. Rules and regulations relating to project communication management include:

(1) Project decision-making system

Project decision-making system is a system of making necessary decisions on conflicting responsibilities/duties during project implementation as well as major disputes arising from the project or major project risks. Main principles for project decision-making system include:

Principle of initiating a request for decision-making on its own;

Principle of project manager making an initial decision;

Principle of documenting decisions on major issues;

Principle of project leading group making final decisions.

(2) Project communication system

Daily communication and exchange concerning the project is very important in the course of project implementation. This helps avoid or timely detect some significant problems or hazards existing in the project. Main principles for project communication system include:

Principle of raising questions/problems timely: if any factor that might affect the completion of any work on schedule with required quantity and quality within the scope of responsibility of any project member, Project Manager or relevant responsible persons shall be timely reported in writing.

Principle of timely clarification: for any task allocated to any project member, no objection means that the member has fully understood the elements relating to the task, such as working environment, work results and work requirements. For this purpose, the task receiver shall timely communicate with task allocator at the time of accepting the task to clarify all relevant factors.

(3) Regular meeting system

A project-related regular meeting is a work meeting at which all parties involved communicate and exchange information, coordinate and study how to settle various problems existing in contract performance. A project-related regular meeting is organized and presided over by Project Manager and attendees include our Project Manager and project-related personnel, Employer’s site representative and the employees of other entities relating to project implementation.

(4) Principles for problem and dispute resolution

Principle of timely reporting problems: with respect to problems arising during the project, the problem initiator must within 3 days from the occurrence of the problem submit a report to Project Manager. If such a problem is not timely reported, the consequences of such delay shall be borne by the person who fails to timely report the problem.

Problem reporting approach: general problems may be reported orally, while significant problems or issues shall be reported in writing.

Dispute resolution: for the purpose of the project, any point of view on which no consensus is reached is deemed a dispute. Any dispute shall be promptly reported to the immediate higher authorization in charge of the project and finally reported to the project leading group. If no agreement is reached within the leading group, the principle of “whoever makes decision is liable for the losses incurred to the other party and the project” shall be obeyed.

7.1.5 Project Risk Management

In the course of project implementation, all risk factors of the project in different aspects shall be fully considered and reasonable measures shall be taken as soon as possible to minimize the losses incurred to the project. Based on our years’ project implementation experience, major risk factors of the project include:

(1) Resource risk

Resource risk arises when there is an imbalance between the supply and demand of human resources and technical resources for the Project. So it requires plenty of mutual communication, exchange, coordination and collaboration between the Employer and Party B’s personnel. The lack or change of project personnel will exert a huge effect on the Project. Therefore, the stability of human resources is extremely important to both parties to the Project.

Countermeasures: we will try our best to provide a sufficient number of professional technicians. We will also strengthen the cultural construction of Project Team, and improve the cohesion of the Project to avert the risk of personnel change.

(2) Cost risk

Cost management is a key part of project management and control, and is intended to control project expenses and ensure completion of the project within the budget.

Countermeasures: first of all, work out a project budget and use it as the basis for project cost control. Carry out project cost control through project expense reporting, cost analysis & control, and project budget adjustment.

(3) Quality risk

There are rigorous requirements on the results of the project, and the quality risk of the project lies in the difference between the system and actual needs.

Countermeasures: we will review the staged results of the project as planned, conduct inspection in strict accordance with the previously established quality standard system, timely correct and settle quality problems raised by the Employer.

7.1.6 Version Management of Project Results

A large number of documents and program codes will be generated during software development. To guarantee effective management and full use of project results and materials, a project configuration management proposal shall be established after the initiation of the project, and version management will be one of the emphases of such a proposal.

We use StarTeam software from Borland as the configuration management tool for the project. The members of the project and

read/write authorization of each such member will be defined at the initiation of the project. A directory of staged results and corresponding subdirectories will be established in line with project plan, and the members of project team will deposit the results of different stages and allocate the authorization for such results pursuant to the rules. In the meantime, the version management system will be also established, and the application for and release of versions will be performed according to the plan.

7.2 Project’s Lifecycle Selection

Software lifecycle means the whole process of software products or systems from creation, use to elimination. At the early stage of computer technology, people simply understood software development as programming. With increasing complexity of software, people have come to realize that software development shall comprise such activities as requirement analysis, design, realization and testing, and that those activities shall be finished at different stages in appropriate manners.

A software lifecycle model is a structural framework describing all processes, activities and tasks of software development. Common software lifecycle models include waterfall model, iteration model, prototype model and spiral model.

In accordance with the requirements on development and management of the project, the software development process model adopts rapid prototyping method for iteration development. Rapid prototyping method is a new system development approach designed to address problems existing in the structured lifecycle approach. Its major principle is: first establish a prototype which reflects the user’s main requirements.

In this way, the user can have a general picture of the new system so that it can determine which functions meet its requirements and which functions need further improvement. Then improve the prototype repeatedly and develop a new system that fully complies with the user’s requirements. The rapid prototyping method is illustrated below:

[Graphics]

The requirement defining process in the rapid prototyping method is a long-time process involving strong collaboration between development personnel and user. Starting from a prototype system that meets the user’s basic requirements, the user may continue to raise better requirements in the course of development for furtherance of the system. It is actually an iteration cyclic development mode.

7.3 Project Progress Control

Project progress report: Project Manager shall present a project progress report on time, and be fully responsible for the contents of such report. Items including “confirmed percentage of cumulative completed works”, “estimated man hours of remaining works”, “man hours of the project in the reporting period” in project progress report is extremely important to project analysis, so Project Manager must detail the scope of work of the project and fill up relevant items carefully and accurately and cautiously.

Progress analysis and control: analyze project reports and such information as the results of completed works and project expenses comprehensively based on progress plan, timely identify latent problems and risks with the project, and take countermeasures accordingly.

Modification of progress plan: check against actual project-related information and conduct summary analysis with project progress. When actual progress deviates from initial plan, modify the plan according to project realities and keep a “description of plan modification” for record.

7.4 Project Organization Structure

[Graphics]

7.4.1 Project Organization Structure

Considering project characteristics, both parties shall coordinate closely and abide by the following project management principles during project implementation:

· The parties to the project shall cooperate in dealing with the works for which they share the common objectives;

· Both parties shall work together for the construction of the project;

· All entities of both parties are related to the project and bear the responsibility for their respective works.

· Principle of linking rights to responsibilities: if any party to the project has the right to decide on a certain event, method or judgment, it shall be responsible for any result or loss arising from such decision;

· Objective-oriented principle: when any party involved in the project raises any requirement against any member or the other party, such requirement shall be limited to the aspects of the objectives. It generally does not request the other party to take specific methods or processes to attain the objectives so that the other party can achieve its objectives according to its own organization and working modes. Both parties shall understand that each party has their consistent organization and working modes and the methods to push forward relevant issues;

· Principle of documenting responsibilities/duties: important responsibilities or rights shall be reported in writing to project responsible organization;

· The user’s technical personnel may join corresponding team and participate in relevant technical discussions and development of application system.

7.4.2 Responsibilities of Members of Project Organization Structure

		supervision of project implementation, and for fulfillment of various management tasks of the Project. CPM also supervises the activities of the Company’s project team, and offers support and assistance for the operations of the Company’s project team. CPM is responsible to coordinate internal institutions and branch offices of the User as well as other customers and users involved in the Project. Its responsibilities include: putting forward the requirements on the entire Project to the project leading group on behalf of the User; · cooperating well with the Company’s project manager, jointly determining and organizing the implementation of project plan as well as other tasks or plans allocated by the project leading group; · allocating and guaranteeing the implementation of tasks/plans, coordinating the resources necessary for project implementation that require the User’s efforts, timely communicating explicit working responsibilities and associated requirements to relevant executors of the User to ensure proper performance of such responsibilities and requirements; · As a leading interface and channel for communication between User and Company, CPM submits the requests for the Company to complete all required tasks through the Company’s project manager on behalf of the User, and inspects and confirms the products or services provided by the Company on behalf of the User; · submitting to the project leading group on a regular or irregular basis project progress reports and the reports of issues requiring mutual coordination which are jointly prepared by project managers of both parties.
Business decision-making manager	CBDM	As the User’s leader in charge of business decision-making, CBDM is responsible to:
		· communicate with all IT service providers including the Company;
		· interpret all policies and industrial standards of business application system accurately;
		· describe business requirements of business application system in detail;
		· put forward and sign confirmation of user requirements of the department where CBDM works.
Technological business-making manager	CTDM	As the User’s leader in charge of technological decision-making, CTDM is responsible to:
		· conduct consultation & planning, organize the implementation, and perform operating maintenance of the User’s information system;
		· arrange technical personnel to participate in and push forward the Project;
		· coordinate subordinates or parallel business partners to work out integration standards.
Business requirement personnel		Main responsibilities include:
		· proposing, interpreting and defining business requirements under the guidance of CBDM;
		· participating in requirement investigation and analysis.
Technical personnel		Main responsibilities include:
		· putting forward and defining IT status quo, existing problems and requirements under the guidance of CTDM;
		· engaging in planning and design.
Company
Project manager	PM	PM is appointed by the Company and generally responsible for the implementation and management of the Project and for fulfilling contract objectives, project planning, project personnel arrangement, human resources guarantee and coordination & settlement of major issues, and is directly responsible for the success or failure of the entire Project. Its major responsibilities include:
		· carrying out all tasks involved in project implementation, including assistance in drafting and forming project implementation plan and report, task division, allocation, inspection and acceptance, and arranging and establishing all

		documents concerning implementation of the Project;
		· accepting or undertaking various service requests and other resource requests from the User on behalf of the Company, and implementing or feeding back the results of handling such requests;
		· serving as a major channel of communication with the User, responsible for coordinating and organizing all Company’s resources required for project implementation, dividing and allocating tasks to each specific person, and formulating a set of control and coordination methods to guarantee quality, project schedule and efficiency;
		· implementing all engineering or technical tasks allocated by project leading group during project implementation. The Company’s customer relations manager is responsible to coordinate and settle commercial issues other than technical or engineering aspects or tasks newly proposed by the User without consent of both parties.
Customer relations manager	CR	CR is appointed by the Company and in charge of execution and monitoring of Project Contract. It is fully responsible for smooth performance of Project Contract on behalf of the Company, and serves as a major channel for communication with the User on non-technical issues. Its responsibilities include:
		· communicating with customers and recording their feedback on a regular basis;
		· handling and tracking the settlement of non-engineering technical issues and events of the Project (such as commercial or legal issues);
		· assisting PM in coordinating the Company’s resources and external resources;
		· serving as another channel for communication with the User, investigating, soliciting, receiving, undertaking to handle or submit any request and complaint from the User, and preventing the blockage of PM’s communication channel;
		· reporting to the project leading group on project monitoring and investigation results as well as Contract performance, providing major relevant issues, and ensuring smooth Project implementation and performance of the Contract.
Requirement analysis engineer		Major responsibilities include:
		business survey and business requirement analysis of the system
System design engineer		Major responsibilities include:
		architecture design and planning of the system;
		preliminary design and detailed design of the system.
Software development engineer		Major responsibilities include:
		Realization of system code
Software testing engineer		Major responsibilities include:
		System testing
UI design engineer		Major responsibilities include:
		UI design of the system
Training and implementation engineer		Major responsibilities include:
		system training;
		system implementation

7.5 Project Quality Guarantee Scheme

7.5.1 Quality Risk Analysis

Based on our years’ system development experience and analysis of realities of the Project, we argue that major quality risks existing with the development of this Project include unclear boundary of system development, less -thorough understanding of requirements, continual addition or change to user requirements in the course of system design.

Therefore, we are expected to have control capacity and requirement management capacity required for system development in project implementation so that the proposed system can be finished on schedule with required quality and satisfy customer’s

requirements.

7.5.2 Quality Guarantee Guideline

Quality guideline: pursuit of perfection, continual innovation, scientific management, user satisfaction.

Quality objective: to ensure the continuity of technical scheme and project management scheme.

Quality commitment: provide the goods and services to customer’s satisfaction in strict compliance with ISO quality standards

7.5.3 Quality Management Methods

According to process control theory, project quality is affected and controlled by the quality of project process. Establishing quality standard in advance for project implementation process and supervising and inspecting actual process of project implementation in accordance with this standard is critical to the quality of the entire project.

With respect to requirement investigation and analysis & design, development realization, and system go-live and training stages of system development process, phased review points shall be set accordingly to ensure that project quality is controllable.

Project quality management involves:

(1) Making quality management plan

Work out a specific quality management plan and determine acceptance criteria for different stages according to general implementation plan and phased plan of the Project.

(2) Strict engineering management

Exercise strict engineering management on the Project, carry through the Project in strict accordance with the previously established specifications and standards, and strengthen communication and staged review.

(3) Establishing stringent quality control system

Set up a dedicated quality assurance team for the Project, conduct strict phased reviews and multi-level comprehensive acceptance.

(4) Developing a sound result management system

Document result management during project management, and keep corresponding result records for major steps and processes of the Project. Make sure that operation process at each stage is organized with clear definition of responsibility, smooth handover and corresponding records.

(5) Sound coordination mechanism

To learn about project progress timely, a system of reporting project status regularly shall be established to communicate with the User, feed back existing problems and timely identify and settle problems. In this way, various types of resources can be used reasonably for the purpose of improved quality and reduced cost.

7.5.4 Quality Guarantee Measures

1. Personnel guarantee measure: first-class technical experts

We have a host of experienced technical experts, and we will select a first-rate project team to guarantee high level of project implementation.

2. Process guarantee measure: leading implementation process scheme

Rigorous & meticulous process control: throughout project implementation, implementation personnel shall record important issues like customer requirements, comments, customer feedback and results.

Strict performance of phased review: the previously stipulated stage-specific deliverables shall be reviewed pursuant to the Contract to ensure that the quality of staged deliverables is approved by the User.

Perfect requirement management scheme: at the time of requirement investigation and analysis, consult the leaders, business personnel and technical personnel of the User in all aspects and conduct comprehensive requirement investigation and analysis; meanwhile, perform strict management of additional requirements or requirement changes in requirement change management & control approaches and make sure that the requirements are traceable, manageable and controllable.

3. Result guarantee measure: strict quality review and control

Comply with and execute management regulations strictly during system development. Perform unit module test, functional test, performance test and integration test in strict accordance with development mode to ensure system quality.

In addition, set up a dedicated QA team to check if the results conform to customer requirements and ensure that the results of the Project fully meet the User’s quality requirements.

Chapter 8 Project Testing Scheme

8.1 Test Process

As an important link of soft engineering, testing requires whole-process management. Our testing starts at software requirement drafting and runs through the whole software engineering from software development and go-live & completion. Processes and works involved are detailed below:

Reciprocal diagram between software testing and software implementation

[Graphics]

8.2 Test Stage

According to test process, testing can be divided into four stages. Each stage and corresponding emphases are detailed below:

Unit test stage

Check whether each software unit can fulfill its functions properly

Check whether each software unit can meet performance and interface requirements

Consistency between verification procedure and the description of detailed design

Integration test stage

Verify the interface relationship between software units

Assemble tested units into software that meets design requirements

Consistency between verification procedure and the description of preliminary design

Detection and correction of errors between module interfaces

System test stage

In the system’s real working environment, check whether the software can be properly connected to the system

Whether the functional and performance requirements stated in job specification of software development are met

Acceptance test stage

Check whether the software works according to technical requirements set out in software requirement specification, such as software functions, performance, restraints and limitations

Check whether the software can be connected to other parts of the system and work properly (when the software needs to operation in conjunction with other software)

Verify the correctness and completeness of user’s manual and operation manual

8.3 Test Method

The combination of manual test and automatic test is adopted for testing purpose.

In terms of test design, design methods of white box, grey box or black box are employed depending on different test stages.

8.4 Test Process Flow

Test process flow is illustrated below:

[Graphics]

8.4.1 Formulation of Project Plan

· Test team leader shall work with all sub-team leaders to determine milestones for each sub-team given the Project period and resources;

· The leader of each sub-team shall allocate tasks to sub-team members and devise a detailed plan according to test requirements;

· Project Manager collects all test plans involving the Project and thus forms the project test plan;

· Estimate project risks and propose preventive measures;

· Plan the testing environment, training and review of the Project.

8.4.2 Project Tracking and Monitoring

· Progress and workload monitoring: test team leader will measure project progress and compare it with the plan each week; each member of project team will report the workload and the size of completed works each day, and Project Manager

will summarize such information at each stage and compare the summarization results with the plan; adjust and revise the plan based on comparison results;

· Risk monitoring: test team leader will estimate subsequent risk factors on a weekly basis, and take measures to circumvent several top-ranked risks;

· Milestone review: conduct milestone review at the points of completion of test plan, test scheme and test report, and monitor test progress, risks and amount of completed works;

· Problem and meeting record: each meeting and problems encountered during project will be recorded and tracked to ensure problem solving and work implementation.

8.4.3 Configuration Management

· Management of development and testing versions: before the start of each round of tests, the development team submits testing versions to the test team and those two teams sign the receipts for confirmation. The test team brings testing versions under controlled configuration management, and testing versions may not be changed during testing;

· Configuration management of testing work products: each work product subject to testing shall be brought under configuration management. For configuration options subjected to review, an application for change to such options shall be submitted for approval before any change is actually made.

8.4.4 Quality Assurance

· Organize experts, users and relevant personnel to review test plans, schemes and reports established in the course of testing;

· Test records and error records made during testing are subject to periodical inspection by test team leader;

8.4.5 Evaluation of Test Results

· In technological test, the test team shall design the following milestones:

a. requirement and design inspection;

b. requirement design milestones;

c. milestones for each round of system tests.

· At the milestones of completion of the first two stages, the test team shall surrender corresponding inspection/analysis reports, test plans and test descriptions.

· At the milestones of completion of each subsequent round of system testing, the test team shall submit test reports, summarize its implemented testing work, and evaluate the tested software or system.

· Evaluation bases are test examples listed in test descriptions, test logs, number and level of errors identified in tests, and the conclusions of quality inspection on tested software are thus reached:

a) pass all tests;

b) attain the designed functional and performance requirements;

c) basically attain the designed functional and performance requirements;

d) meet the designed functional and performance requirements after appropriate modification;

e) fail to meet the designed functional and performance requirements.

8.4.6 Error Management

· Error tracking and record: during test implementation, submit the identified errors to the problem management system and track such errors. Each error has the following lifecycle:

Detect — submit — modify — retest - end

· Error classification:

a) Fatal error: data loss, computational error, system catastrophe and abnormal crash

b) Major functional/performance error: unrealized or incomplete required function or unreasonable design causes poor performance and affects the operation of the system

c) Alarming error: functional/performance issues that do not affect business operations

d) Suggestive error: make suggestions on eliminating defects in software design and functional realization

· Error submission, modification and regression test:

a) When a definitive version submitted by the development team passes comprehensive system test, all errors are confirmed and submitted to relevant members of development team for modification. When the status of all errors changes into “modification complete”, the development team will submit a new version and start the next round of system test.

b) To ensure project progress, the test team shall submit the errors identified in one round of tests in batches (one batch every 2~3 days) via the User to the development team. Submit a complete test record after the end of each round of tests, and categorize, make statistics on and analyze identified errors, and develop a software problem report. Unless it is necessary, the test team does not accept any revised version prior to the completion of one round of tests.

c) After the development team completes the modification, the User shall submit updated software version and problem correction report to the test team for regression test. Problem correction report shall specify corrected errors, updated components, components that might be affected by modification, etc. Errors that fail to be corrected shall be explained. When the test team and development team disputes on issues like time, progress or quality, or any major error is detected during tests, the project coordination team shall be timely reported, and make decisions if necessary.

d) Start the next round of regression tests when the test team receives the updated version. Regression test performed by the test team is a comprehensive regression test to check if new errors are introduced into the modification.

8.5 Test Tools

In testing, correct selection of test tools is very important. Good test tools will be of great help to test personnel in completing test tasks, collecting, arranging and analyzing test results. Based on our analysis of test requirements for the Project and our experience in using tools in previous tests, the adopted test tools are shown below:

Product type		Product name		Product source		Description
Functional test		Rational Robot		IBM		GUI-based function test, provision of test examples for

tool			common objects including menus, lists and bit maps, provision of specialized test examples for objects dedicated to development environment
Performance test tool	LoadRunner	MI	Recording of performance test script, concurrent simulation, performance monitoring and recording & analysis of test results
Performance test tool	Pressure test procedure	Developed independently	If actual system offers insufficient support to test tools, it might be necessary to develop a pressure test program independently
Test management tool	TestDirector	MI	Organize and manage test process

Chapter 9 Services and Training

9.1 Scope of Services

· Organization structure of services

Qizhi Software (Beijing) Co., Ltd. offers comprehensive after-sales and technical support to Internet online sales system.

In terms of organization structure, the project leading group will offer overall guidance and supervision, while the manager of technical support department of Qizhi Software (Beijing) Co., Ltd. will head the service team. Persons in charge of all relevant sub-teams will join the service team and dispatch specific technical personnel to execute the services.

Detailed services cover all service links, i.e., before-sales, in-sales and after-sales links (especially issues involving system upgrade and software upgrade).

· The scope of detailed services offered by Qizhi Software (Beijing) Co., Ltd. includes:

Before-sales services: describe technical features, present solutions, explain technical details, describe the methods of realizing performance, functionality and security, explain the system’s cross-platform technical characteristic, elucidate the system’s maturity and good development potential.

In-sales services: Party B shall submit a project development plan prior to development, a progress report each week during development, and accept Party A’s inspection and detail investigation on an unscheduled basis. After completing software development, Party B shall present user’s manual, system development specification, detail development specification, test plan and regulations for writing of all source programs and source codes. Both parties shall jointly prepare a test plan after finishing the tests.

After-sales services:

Service mode

Services are made available in the forms of field service and remote service.

· Service clauses and commitments

Maintenance services shall be provided free of charge within the period stipulated in the Contract which starts from the date when software system passes acceptance inspection.

Maintenance services are provided in the forms of field maintenance and remote maintenance.

One person shall be designated responsible for maintenance of this Project within the maintenance period.

The security, stability and reliability of software shall be guaranteed after the end of maintenance period.

9.2 Silver Service Plan

Guided by the tenet of “service first, customer foremost”, we attach great importance to technical support service in market competition. For this purpose, we have established a specialized after-sales service team with a complete set of comprehensive service solutions. We also continually improve our technical support plan by drawing on lessons from our practices. This plan generally involves:

9.2.1 Hotline Support Service (7*24hrs)

No limitation on number of dials: the call number of “service hotline” can be dialed any time as long as the system is found defective.

9.2.2 Remote Dial-in Analysis

Data show that at least 70% of system failures in IT industry are attributed to software and configuration problems. Remote dial-in mode will greatly improve diagnostic speed and working efficiency and cut maintenance cost.

Network development nowadays makes this approach possible. If the User permits, our engineers will diagnose and troubleshoot the system quickly and directly via remote dial-in.

9.2.3 Field Support Service (7*24hrs)

When the system is diagnosed with irreversible defect, we will dispatch field engineers to carry necessary materials and rush to the field for emergency repair, and try to minimize the duration of system failure.

9.2.4 Priority and Response Speed

In the event of system trouble, depending on priority and response time of support service center, we provide three different levels of service, including urgent (system cannot be used), serious (the system is seriously damaged) and less serious at corresponding response speed (subject to departure time).

Response time

User-defined priority	Telephone response	Field response

Emergency (system breakdown)	Within 4 hours	Within 1 workday

Serious (serious system malfunction)	Within 8 hours	Within 2 workdays

Not serious (minor system failure)	Within 24 hours	Within 3 workdays

9.2.5 Periodical Patrolling Inspection

Some links to which no enough attention is paid prove to be quite important.

If some latent problems are identified timely, this will considerably increase the system’s MTBF (mean time between failures);

Some problems which are tiny but often neglected may turn out to be fatal;

Sometimes software system has no obvious defects but unsatisfactory operating performance. Therefore, improving or extending system configuration is required.

Periodical patrolling inspection can solve the foregoing problems and meet customers’ various needs:

Routine inspection of system and surrounding environment;

Software repair and maintenance versions;

Introduction of latest products and industry information; and

Experience and lessons from other users.

Service and technology support is a strategic issue for any enterprise seeking development in market competition. We always pay much attention to this issue.

Our commitment — we will always provide our customers with optimal services.

9.3 Training Content

1) Preparation of detailed training plan

A detailed training plan involves training content, courses, training period, relevant tests and examinations, training schedule, training personnel and training site, and such training is provided free of charge.

2) Scope and content of training

Training generally falls into three types: application training, technology training and management training.

Application training means the training on use and maintenance of application software developed for this Project. This kind of training shall be free of charge and completed within 2 months after the end of development. Such training shall enable Qihoo’s relevant technical personnel to use and maintain the software system skillfully.

Technical training is the training on technologies used for this Project. Qizhi Software (Beijing) Co., Ltd. will give play to its training advantage and offer training to relevant technical personnel without charge.

Management training means professional management training and certification examinations recommended by Qizhi Software (Beijing) Co., Ltd. to Qihoo and its relevant business management personnel. This training is authorized by American PMP Association, and trainers are recruited from USA (with interpretation). Training is provided on weekends, and trains are arranged to take certification exams together. The applicability and value of the management certificate is recognized worldwide.

3) Organization form of training

Considering that Qihoo’s employees are usually busy, training is organized by Qizhi Software (Beijing) Co., Ltd., and the convener named by Qihoo shall contact related personnel. As a rule, prearranged trainings shall not be changed, and no training

Appendix 2

Appendix 2: Confirmation for Acceptance of Qihoo Online Shopping Mall Information System

Project name: Qihoo Online Shopping Mall Information System

Date of acceptance:

Name of functional module	Status description	Signature of responsible person
1. Portal website	Meet requirements, pass	Party A: ; Party B:
2. Product purchase	Meet requirements, pass	Party A: ; Party B:
3. Renewal & upgrade	Meet requirements, pass	Party A: ; Party B:
4. Online payment	Meet requirements, pass	Party A: ; Party B:
5. Customer service center	Meet requirements, pass	Party A: ; Party B:
6. Community	Meet requirements, pass	Party A: ; Party B:
7. Customer information management	Meet requirements, pass	Party A: ; Party B:
8. Internal customer information management	Meet requirements, pass	Party A: ; Party B:
9. Product information management	Meet requirements, pass	Party A: ; Party B:
10. Supply, sale and storage management	Meet requirements, pass	Party A: ; Party B:
11. Financial settlement management	Meet requirements, pass	Party A: ; Party B:
12. Customer order management	Meet requirements, pass	Party A: ; Party B:
13. Business configuration management	Meet requirements, pass	Party A: ; Party B:
14. Unified payment platform	Meet requirements, pass	Party A: ; Party B:
15. Customer service management	Meet requirements, pass	Party A: ; Party B:
16.Community management	Meet requirements, pass	Party A: ; Party B:
17. Security authentication	Meet requirements, pass	Party A: ; Party B:
18. Log management	Meet requirements, pass	Party A: ; Party B:
19. Task scheduling and control	Meet requirements, pass	Party A: ; Party B:
20. Statistical analysis & query platform	Meet requirements, pass	Party A: ; Party B:
21. Unified interfacing platform	Meet requirements, pass	Party A: ; Party B:
22. Parameterization configuration management	Meet requirements, pass	Party A: ; Party B:

Appendix 3: Development Plan of Qihoo Online Shopping Mall Information System

1. Requirement Analysis

Understanding of overall objectives

According to our understanding of requirements, the overall objectives of Qihoo Online Shopping Mall Information System are: to satisfy the strategic needs of Qihoo’s business development, and establish the online sale system of online digital products with complete functions and corresponding management system and platform support system; to guarantee that the system must have necessary characteristics such as flexibility, stability and advancement.

Based on our experience in the construction of large-size e-commerce system and by fully considering the Project’s long-term and short-term objectives as well as its overall objectives and business requirements at various stages, we propose the construction of the Project in three stages to ensure operability and practicability on the principles of “Overall consideration and step by step”.

The first-stage objective of the Project is to complete the online sale subsystem and management functions and supporting modules necessary for smooth operation of the sale subsystem; the second-stage objective is to give priority to completion of background management system and make necessary upgrade and adjustment on the testing and operating results of the sale subsystem; the emphasis of the third stage is to complete supporting systems as well as system integration.

2. System Development Methods and Process

Two-dimensional development model based on unified software development process (RUP)

RUP software development lifecycle is a 2D software development model. The horizontal axis adopts time organization to show lifecycle characteristics and dynamic structure of development process, and the terms describing the horizontal axis include cycle, stage, iteration and milestones; the vertical axis adopts content organization to show natural logic activities and static structure of development process, and the terms describing the vertical axis include activities, products, workers and work flow. The model is illustrated below:

[Graphics]

1. Initial stage

The goal of initial stage is to establish business cases for the system and determine the boundary of the Project. For this purpose, it is imperative to identify all external entities interacting with the system and define the characteristics of interaction at a higher level. This stage is very significant, and much attention shall be paid to major risks in business and requirements during this stage. The end of initial stage is the first important milestone at which the basic survivability of the Project is evaluated.

2. Detailing Stage

The objective of detailing stage is to analyze problematic areas, establish a sound architecture system, prepare a project plan and eliminate the most risky elements from the Project. For this purpose, decisions must be made on system architecture, including scope, major functions and non-functional requirements such as performance, based on the understanding of the

whole system. In addition, supporting environment shall be established for the Project, including creation of development cases, templates, criteria and preparation of tools. The end of detailing stage is the second important milestone: to establish management criteria for the establishment of system structure and enable project team to consider such criteria during building stage. At this stage, the objective and scope of the system, structure selection and solutions against major risks shall be inspected.

3. Building stage

At the building stage, the functions of all remaining components and application programs are developed and integrated into products, and all functions are subject to detail test. In a sense, building stage is a manufacturing process, whose emphasis lies in managing resources and controlling operations to optimize cost, progress and quality. The end of building stage is the third important milestone: to determine whether products can be deployed in testing environment. At this stage, it is necessary to ascertain whether the software, environment and user can start system operations. At this time product version is often called “beta” version.

4. Delivery Stage

The emphasis of delivery stage is to ensure that the software is of use to end users. Delivery stage can span several iterations, including product test preceding release and minor adjustment based on user feedback. At this point of lifecycle, user feedback shall focus mainly on product adjustment, setting, installation and availability, and all major structural issues shall have been settled at the early stage of project lifecycle. The end of delivery stage is the fourth milestone, i.e., product release milestone. At this time, it is necessary to determine whether the objective has been fulfilled and whether another development cycle shall be started. In some cases, this milestone might overlap the end of initial stage of the next cycle.

Stage-1 Detailed Development Plan

Overall Description

Stage-1 Objective

Staged objectives: all functions of Online Shopping Mall website subsystem and necessary modules of management system and supporting system

Estimated period: 2009.1.1 – 2009.5.30

Major implementations involve:

· Construction of architecture of Online Shopping Mall website subsystem

· Construction of architecture of background management system

· Complete data model

· Development of functions of Online Shopping Mall website subsystem (except customer community)

· Development of necessary modules of management system: customer information management, internal user information management, product information management and basic customer order management

· To ensure smooth operation of Online Shopping Mall website subsystem, the existing payment platform system is temporarily used

· Development of necessary modules of support system: security authentication management, basic log management and establishment of basic security management system

Result Delivery Plan

No.	Document category	Document name	Document description	Persons in charge	Submission stage
1	Design	Design Specification of Application Components		Design personnel	Preliminary design
2	Design	Specification of Preliminary Design		Requirement personnel	Preliminary design
3	Planning	Development Plan		Project Manager	Preliminary design
4	Planning	Quality Assurance Plan		Quality team	Requirement stage
5	Planning	Configuration management plan		Quality team	Requirement stage
6	Design	Database Design Specification		Design personnel	Preliminary design
7	Design	Detail Design Specification	Detailed description of functional modules	Design personnel	Detail design
8	Planning	Weekly Report of Development Progress	Weekly progress and next-week work plan of the Project	Project leader	Realization
9	Design	Programmer Development Manual	Description of module development, description of functional design	Encoding personnel	Realization result inspection
10	Design	System Interface Design Specification	Interface description	Interfacing personnel	Preliminary design
11	Test	Test Examples	Description of test inputs & outputs	Quality team	System testing
12	Test	System Testing Plan	Description of progress and personnel arrangement	Quality team	System testing
13	Test	Test Analysis Report (including bug list)	Analysis and summary of test results	Quality team	End of system testing
14	Management	Summary Report of Project Development	Summarization of the entire project implementation and comments and experience from development work	Project leader	End of system testing
15	Maintenance	User’s Manual	Instructions on system use	Requirement personnel	System testing
16	Maintenance	Program Maintenance Manual	Development environment, list of source codes	Encoding personnel	End of system testing
17	Program	Packet of Project Source Codes	Packet of source codes of the entire subsystem	Integration personnel	End of system testing
18	Program	Packet of Project Operation Codes	Packet of source codes of the entire subsystem	Integration personnel	End of system testing
19	Maintenance	System Installation and Maintenance Manual	Preparation and setting for system operation, description of installation procedures	Design personnel	End of system testing
20		Project Log		Project leader	All stages of the Project
21	Maintenance	Application Software Configuration Record	Configuration record	Quality team	Project completion

Initial stage

This stage mainly involves defining high-level business process and system boundary.

[Graphics]

Detailing Stage

This stage chiefly involves addressing technical risks existing in the system, defining system functions and platform framework. At this stage, various requirement analysis documents and preliminary detail & detail design documents shall be submitted.

[Graphics]

Building stage

Large-scale development starts at this stage.

[Graphics]

Delivery Stage

[Graphics]

Framework Plan of Stage-2 Development

The second stage lasts 120 days from 2009-06-01 to 2009-09-30.

Stage-2 Objectives

Staged objectives: to realize the majority of modules of background management system and adjustment & upgrade of Online Shopping Mall website subsystem

Estimated period: 2009.6.1 – 2009.9.30

Notice: considering the possibility of jointly debugging between some modules of Online Shopping Mall website subsystem & background management system and third-party interfaces, project progress is likely to be delayed due to third-party’s fault.

Major implementations include:

· optimization of management system framework

· business configuration management

· product inventory management

· finance staged management

· sound customer order management

· unified payment platform

· community in Online Shopping Mall website subsystem and community management

· perfection of log management module in system support

· provision of basic statistical analysis & query platform

· provision of basic unified interfacing platform

· improvement of security system

Stage	Task	Duration	Starting date	Ending date
Initial stage	Requirement analysis of product cooperation & marketing platform	15 days	2009-06-01	2009-06-15
Detailing stage	Confirmation of requirement specification, detailed development specification	25 days	2009-06-01	2009-07-10
Building stage	Development & testing of functional modules, completion of overall functions	60 days	2009-07-11	2009-09-11
Delivery stage	Testing, modification, release	20 days	2009-09-12	2009-09-30
	Go-live

Framework Plan of Stage-3 Development

The third stage lasts 90 days from 2009-10-01 to 2009-12-30.

Stage-3 Objectives

Staged objectives: to lay emphasis on completing all functions of support system, improving the Online Shopping Mall website subsystem and background management system, and completing comprehensive integration test and overall operation of the system.

Recommend period: 2009.10.01 – 2009.12.30

Major implementations include:

· completion of task scheduling and control module

· improvement of statistical analysis & query platform

· realization of Parameterization system configuration

· improvement of unified interfacing platform

· adjustment and upgrade of relevant modules of Online Shopping Mall website subsystem and background management system

· system integration test

· overall operation

· establishment of data storage and backup system

Stage	Task	Duration	Starting date	Ending date
Initial stage	Requirement analysis of product cooperation & marketing platform	10 days	2009-10-01	2009-10-10
Detailing stage	Confirmation of requirement specification, detailed development specification	15 days	2009-10-11	2009-10-25
Building stage	Development & testing of functional modules, completion of overall functions	35 days	2009-10-26	2009-11-30
Delivery stage	Testing, modification, release	30 days	2009-12-01	2009-12-30
	Go-live

Confidentiality Agreement for Qihoo Online Shopping Mall Information System

(Appendix 4)

Party A: Beijing Qihu Technology Company Limited

Party B: Qizhi Software (Beijing) Co., Ltd.

WHEREAS,

1. Party A and Party B (the “Parties”) are developing the “Qihoo Online Shopping Mall Information System” (the “Project”);

2. Party A engages Party B to carry out the researching and developing activities in the Project;

3. During the implementation and cooperation of the Project, each Party will provide the other Party with the relevant confidential information which is lawfully owned by the disclosing party;

4. The Parties wish to effectively protect the confidential information defined herein.

NOW, THEREFORE, the Parties hereby enter into the following agreements through negotiation:

ARTICLE 1 DEFINITION OF CONFIDENTIAL INFORMATION

1. All commercial, marketing, technical, operational or other materials and information received by Party B from Party A during the development of the Project hereunder and relating to the Project or generated from the Project, in whatever forms or media, or indicated as confidential by oral, visual or any other written form at the time of disclosure;

2. This Contract and all appendices and supplementations attached hereto signed by the Parties, and all software, software directories, documents, information, data, drawings, benchmark tests, technical specifications and trade secrets, and other information exclusively owed by each Party, provided to the other Party and expressly marked as “confidential”, including all items specified as “confidential” in any other contract before or after the date of this Contract;

3. The aforesaid confidential information may be embodied in data, words, or materials, discs, software, books or any other physical media containing such information, or may be transmitted in oral or any other visual or audio form.

ARTICLE 2 RIGHTS AND RESPONSIBILITIES OF BOTH PARTIES

1. The Parties hereby warrant that the confidential information will only be used for the purpose or intention of this Contract.

2. The Parties hereby warrant that they will properly keep the confidential information provided by the other Party.

3. Each Party hereby warrants that it shall keep confidentiality of the confidential information provided by the other Party in accordance with the terms and conditions of this Agreement, and shall apply at least the same protective measures and degree of care that it applies to protect its own confidential information.

4. When either Party provides any confidential information, if provided in written forms, it shall mark it with “confidential”; if provided in oral or visual forms, it shall notify the receiving party of the confidential nature of the information prior to the

disclosure, and shall make a written confirmation within five days after the notification, including the content identifying the disclosed information as confidential information.

5. Each Party hereby warrants that it will only disclose the confidential information to its officers and employees engaging in the Project on a need-to-know basis. Before such person is disclosed the confidential information, each Party shall inform the persons of the confidential nature of such information and the relating obligation, procure such person to be bound by the terms and conditions of this Agreement in written forms, and ensure the obligation of confidentiality undertaken by such persons is not lower than the obligation stipulated herein.

6. Upon the request of disclosing party, the receiving party shall return all documents and other materials containing confidential information to the disclosing party or destroy such documents and other materials according to the instructions of the disclosing party. Upon termination of the Project, the disclosing party may give a written notice to the receiving party, demanding the receiving party to return the confidential information.

7. The restrictions mentioned above are not applicable to the following circumstances:

(1) The confidential information has been lawfully owned by the receiving party on or before the date of this Agreement;

(2) The confidential information has been known by the public or is in the public domain before it is provided to the receiving party;

(3) The confidential information is received by the receiving party from any third party not subject to the confidentiality or non-disclosure obligation;

(4) The confidential information has been known by the public or is in the public domain without violation of the confidentiality obligation hereunder;

(5) The confidential information is independently developed by the receiving party or its affiliate or association, without benefits from the information provided by the disclosing party or its affiliate or associate;

(6) Disclosure of confidential information is required by the court or any other judicial or administrative authority (demand of materials or documents through oral inquiry, interrogation or order, summon, civil or criminal investigation or any other procedure), provided that the receiving party shall immediately give a notice to the disclosing party and make necessary explanation.

8. Neither Party warrants the accuracy or reasonableness of any confidential information.

9. If any confidential information provided by the disclosing party infringes any intellectual property of any third party, the disclosing party shall indemnify the receiving party against and hold it harmless from all liabilities and claims resulting therefrom.

ARTICLE 3 LIABILITIES FOR BREACH OF CONTRACT

Failure of either Party in performance of its obligation hereunder shall be deemed as breach of contract. The breaching Party shall indemnify the other Party against all losses and damages resulting therefrom. If the non-breaching party considers that the damages for the breach can not provide sufficient remedy, the non-breaching party may also seek injunction, specific performance or any other reasonable remedies.

ARTICLE 4 EXCLUSIONS

If a Party or the Parties can not perform any obligations hereunder or any part thereof due to any event unforeseeable, inevitable or uncontrollable, including but not limited to earthquake, floods, fire or change of policy, the Parties are not liable to each other; provided that the Party or Parties shall continue to perform this Agreement within a reasonable period after the end of force majeure.

ARTICLE 5 The duration of this Agreement shall be four (4) years.

ARTICLE 6 SETTLEMENT OF DISPUTE

1. All aspects of this Agreement shall be governed by and construed according to the laws of the People’s Republic of China (“China”).

2. Any dispute arising from or in connection with the performance or interpretation of this Agreement, if not settled through negotiation, shall be submitted to Beijing Arbitration Commission for final arbitration in accordance with its then effective arbitration rules and arbitration procedures.

3. The arbitration proceedings shall be conducted in Chinese.

4. The arbitral award shall be final and binding upon the Parties.

5. Except as otherwise specified in the arbitral award, the arbitration costs shall be borne by the losing party.

ARTICLE 7 Neither Party may amend or modify this Agreement without the written agreement of the Parties, unless otherwise provided for in the state laws.

ARTICLE 8 Any issue not covered herein shall be specified in a supplementary agreement duly signed by the Parties. Such supplementary agreement is an integral part of this Agreement and shall have the same legal effect as this Agreement.

ARTICLE 9 This Agreement shall be made in four originals, two for each party hereto.

ARTICLE 10 This Agreement shall become effective as of being duly signed and sealed by the Parties hereto.

Party A (Signature/Seal):		Party B (Signature/Seal):

/s/ Xiangdong Qi		s/ Dewei Zhou

Date :		Date :

Responsible person of Party A:		Responsible person of Party B:

Date:		Date:

System overview:

Project Name:	Qihoo Online Shopping Mall Information System

Client (“Party A”):	Beijing Qihu Technology Company Limited

Developer (“Party B”):	Qizhi Software (Beijing) Co., Ltd.

23. Security management		Meet requirements, pass		Party A: ; Party B:
24. Data storage & backup		Meet requirements, pass		Party A: ; Party B:

Abbreviation

Main
members

Responsibility

Project leading group

The User is central to smooth operation of the Project. To facilitate smooth implementation of the Project, the User shall cause its top executive in charge of the Project to work as the leader of the project leading group, who is responsible to direct the Project, promote the coordination between the Project and the User and ensure smooth execution of the Project.

The Company will appoint one of its top executives as the deputy leader of the project leading group to ensure enough resources from the Company are inputted into the Project. The power and responsibility of project leading group include:

·      approving project objectives and general progress;

·      approving the working modes and methods of project implementation;

·      deciding on disputes between project management layers of both parties;

·      approving major project changes;

·      learning about project progress and pointing out the deviations from project objectives and direction.

User party

Project Manager

CPM, the representative of the User, is in charge of the User’s project management and responsible for the success or failure of the whole Project. CPM is appointed by the User.

CPM is responsible to liaise with the Company’s project manager. They are jointly responsible for the management and