Specifications include, but are not limited to: The Illinois State Toll Highway Authority (ISTHA) is seeking a vendor to provide annual preparation and filing of Internal Revenue Service ("IRS") tax forms including but not limited to 1098-F. New IRS rules require that the Tollway report and file forms for large debtors which is IRS tax form 1098-F. However, this 5-year contract will cover the general need for tax preparation forms. We do not anticipate having to file more than 1500 of these forms per year. There are related setup costs associated with each type of form. Also, research and analysis may be necessary as new forms are required by the IRS. We anticipate providing the vendor with an annual file from which they would prepare the forms and deliver them to us for mailing and also electronically file the forms with the IRS to ensure that the Tollway remains in compliance. This service is time sensitive and requires careful handling by a professional firm with the specialized tax experience and skill set. Failure to process IRS Forms may result in fines or penalties. Manual processing without the assistance of an expert service is cost and resource prohibitive. Requirements for transmitting secure data files: All sensitive data must be encrypted when at rest and transferred using a secure communication channel that must be approved by the Tollway IT Department and must include the vendor’s existing public. pgp key in order to encrypt the information before it can be sent to the vendor. • If Vendor is using PII or other data, it requires encryption. • Per Tollway policy, Confidential Information must be unreadable anywhere it is stored (including on portable electronic media, logs). Any one of the following approaches can be used: • One-way hashes based on strong cryptography. • Truncation. • Index tokens and pads (where pads must be securely stored). • Strong cryptography with associated key-management processes and procedures that meets current encryption standards. • If disk encryption is used, logical access must be managed independently of native operating systems access control mechanisms. • Confidential Information must never be sent unencrypted by end-user messaging technologies (i.e., email). • Sensitive data like the Social Security Number must be masked when displayed.
