Specifications include, but are not limited to: A. Data, Hosting, and Infrastructure Vendor shall submit information on each of the following requests in this category: 1.1. Where will UCM’s data be physically stored? 1.2. Describe the mechanism by which data is secured while at rest. 1.3. Describe the mechanism by which data is secured when transferred from UCM to the vendor location or vice versa. 1.4. What layers of protection are invoked to provide safeguards against a breach or compromise of the data? 1.5. Does the vendor perform database auditing? Describe the process. 1.6. In the event you go out of business, what plan do you have in place to provide full access and ownership of data to UCM? 1.7. Describe if the proposed solution is located in a private or public cloud and describe product cloud options 1.8. Describe if there is the ability to setup a test (sandbox) environment and reference whether or not the customer will always have access to this environment while under contract. 1.9 Confirm that the proposed solution interfaces to and from Ellucian Banner (all Banner interface work will be in concert with the UCM Office of Technology). 1.10 Blackboard/LMS integration (The LMS will be changing by August 2025 to D2L Brightspace). 1.11 Platform should have direct integration with Banner to include SSO access to the platform for students as well as direct hold removal upon completion of the orientation as well as dynamic content population based on attributes or other fields from the student’s banner record. B. System Functionality Vendor shall submit information on each of the following requests in this category: 1.1 Provide branded UI design with at least 3 different design concepts with unlimited revisions before launch 1.2 Provide at least 7 “sections” of content to be determined by UCM 1.3 Provide functionality for quizzes or similar functionality in between sections or throughout the orientation 1.4 Allow for multiple slides or screens under each section up to 59 1.5 Provide full-service copy writing for each of the slides and screens throughout 1.2 & 1.3 above with at least 2 rounds of revisions allowed 1.6 Provide on-site video production & copy writing for videos during development of the online orientation platform with at least 2 rounds of revisions allowed. 1.7 Platform should have direct integration with Banner to include SSO access to the platform for students as well as direct hold removal upon completion of the orientation as well as dynamic content population based on attributes or other fields from the student’s banner record. 1.8 Platform should allow students to identify content that interests them throughout the platform and save it for later in a single spot that’s easily accessible at a later time. 1.9 Platform should be able to track student progress and pick them up where they last left the platform if they should leave. 1.10 Platform should be able to allow admin to denote minimum times on each slide before being able to navigate to future content. 1.11 Platform should remain ADA compliant allowing use of (but not limited to) screen readers, keyboard navigation, closed captioning. C. Security Vendor shall information on each of the following requests in this category: 1.1 Please provide a copy of the latest HECVAT reports. Required. 1.2 Do you enforce network segmentation between trusted and untrusted networks (i.e., Internet, DMZ, Extranet, etc.)? 1.3 Please provide copy of latest SOC reports, if available. 1.4 Provide an overview of the administrator’s role in managing access control. 1.5 Software supports multi-factor authentication (DUO) 1.6 Software supports single sign on (“SSO”) options and required protocols. UCMO’s preferred SSO protocols include SAML and CAS. 1.7 Ability to configure role-based security using active directory. 1.8 Do you offer 192- or 256-bit encryption? 1.9 Does the software detect and send alerts about suspicious activity? 1.10 Does the software fully comply with GDPR (General Data Protection Regulation) 1.11 Do you have an incident response process and reporting in place to investigate any potential incidents and report actual incidents? 1.12 Do you require connectivity to the Institution's network for support/administration or access into any existing systems for integration purposes? 1.13 Do you have physical access control and video surveillance to prevent/detect unauthorized access to your data center? 1.14 Does your company manage the physical data center where the institution's data will reside?
