Specifications include, but are not limited to: 1. Security, Authentication, and Hosting Environment: a. Single Sign On capability to JCPS infrastructure including synchronization with our Active Directory for employed staff and full-time/part-time contractors (JCPS wishes to minimize overhead and optimize the end user experience. JCPS does not wish to have additional staff time devoted to managing system access.) b. Multifactor authentication integration capability to JCPS infrastructure. (JCPS uses multifactor authentication to access its onsite and cloud-based systems. JCPS expects the proposed solutions to be able to work with our multifactor solutions.) c. External parties to JCPS must be able to interact with the platform. Such parties may be vendors that are attesting to third party expectations, parents and students responding to questionnaires and surveys, community stakeholders accessing publicly available information that is configured in the platform for their access. d. SOC 2 Compliance Report is completed annually and provided to JCPS, preferably a Type II report. e. Platform is cloud based and does not require any specific additional hardware or software from JCPS to utilize the platform solutions access, functionality and reporting features. f. Platform has capability for single tenant (not multi-tenant) implementation at JCPS’s discretion without any additional cost to JCPS. g. Platform can scale without degradation of performance time response to JCPS’ entire user base of employees. (While not envisioned in the near term, JCPS expects there will be no constraints to adding users.) 2. Custom Module Creation Availability a. Proposals must demonstrate that the platform allows for custom modules and workflows including both customization of current module offerings on the platform and creation of new modules based on bespoke JCPS operational use cases. (JCPS will certainly prefer to utilize whenever possible the current modules and workflows of the solution. However, JCPS’ key goal to have a single GRC platform offering the ability to scale and expand to support additional operational processes currently deployed in siloed applications (SharePoint, spreadsheets, Google applications...) and eliminate redundant data entry.) b. Proposals must demonstrate that JCPS staff or JCPS procured consultants can build, update, and manage the modules and workflows on their own. (While JCPS will look to utilizing the solution provider’s support and consulting efforts, JCPS does not wish to be locked into only using the solution provider to create and manage modules and workflows.) 3. Data Integration Capabilities a. Proposals must demonstrate the ability to import and export data to other systems. (JCPS uses MUNIS and Infinite Campus and data warehouses that house financial and operational data as well as numerous other applications. The desired platform should allow JCPS to share data with these and other systems, preferably in both batch and real-time.) 4. Expected GRC Modules a. Proposal must demonstrate that the following out of the box standard GRC modules are available on the platform. i. Audit Management ii. Policy Management iii. Compliance Management iv. Information Security Management (NIST Cybersecurity Framework) v. Information Security Asset Management vi. Third Party Management and Oversight vii. Enterprise Risk Management/Operational Risk Management viii. Operational Process Management (process narrative, risks, and controls management by the department staff/business unit manager) ix. Controls Attestation x. Business Continuity Management 5. User Experience a. Proposals must demonstrate how the platform provides real time dashboard and reporting of data across the platform. b. Proposal must demonstrate how the platform allows for both required dashboards by user group, job classification as well as end user ability to personalize some aspects of their dashboard. (JCPS GRC platform sponsors are looking for the ability to require certain data presentation to specific user groups that sponsors believe are required aspects of that user group’s role while at the same time allowing users to customize other aspects of the data and dashboards they wish to have available. Proposals must show how different user groups are provided different dashboards based on their role.) c. Proposals must demonstrate how configuration of the solution modules allows for different read, edit, write, delete functionality by role at the record and field level. (JCPS will have application module managed by a team that needs full read/write/delete access to all data while other user groups only need access to selected data within such modules.)
