Specifications include, but are not limited to: a)Continuity and Availability •The system should have a system recovery program with policies for nightly back ups and restoration and recovery of data within 24 hours of an outage or request. •The company should provide a completed Higher Education Cloud Vendor Assessment Tool (HECVAT) (lite version available at: https://www.ren-isac.net/public-resources/hecvat.html). b)Security and Access Control•If the system supports two-factor authentication, then please describe the solution options. •The system support single sign-on (CAS, Shibboleth, or SAML). If the system does authentication, it must not use or provide default credentials. •The system should allow for granular control of access to profile data and workflows based on the user (full access, limited access, and view only access). •The system should allow user accounts regardless of the type of employee. •The system should allow the administrator to assign security roles to other users.•The system should provide logging of user management, administrative activity, and user activity.•The system should allow the university administrator to view user data on system use (log ins, uploads, etc.). •The company should provide applicable certifications such as SOC2 documentation. •The system must be secure and meet all local, state, and federal data security standards.c)Interface/Accessibility •The system should allow faculty to enter data via a web browser.•The system should allow bulk import of data from spreadsheets in .csv format. •The solution must allow faculty to upload supporting documentation to activity fields in typical formats (CSV, Word, PDF, JPEG, etc.) •Application Program Interface (API) should be made available to MSU to allow for in-house programming of data interchange to and from third party applications. •The system interfaces must be compliant with WCAG 2.0 AA. •The system should be usable across common web browsers (Google Chrome, Safari, Mozilla Firefox, Microsoft Edge, etc.).
