Specifications include, but are not limited to: Saas Is your solution a Saas-based solution Yes Describe the architecture of your system. Yes Self-Hosted Describe your load balancing, clustering and automatic fail-over capabilities Yes Web-Based Describe your contingency plan to prevent service disruptions, including disaster recovery/business continuity plan Yes Web-Based and Mobile Solutions. Need to know systems backup plans General Please list the desktop operating environments supported Yes All- Important for Mac & PC usage. Please list the browsers supported (i.e. IE, Firefox, Chrome) Yes All- Important for Mac & PC usage. Does your software integrate with other systems Yes Software Is additional software required. If yes, please provide specifications Yes How often are new releases rolled out Yes Are the rollouts assisted or are we just sent documentation for us to complete? Describe your new release rollout methodology Yes Store open or store closed? Do we need to be present and active in rollout? Describe how the software integrates to other systems (API) Yes Does the application allow for an administrative user to set certain fields as required fields throughout the system (e.g., in contacts, issues, and sales management) Yes Hardware Does the software require additional hardware to implement? If yes, please provide specifications. Currently we have our own server. Could go virtual if hosted on campus. Data How long is data retained? Yes currently 6 month, needs to be a full FISICAL YEAR JULY-JUNE What are your migrating options? Is data in a migratable format? Can data be exported into other systems? Please describe. Yes Important for both importing current data, and long term if we decided to move away In the event a customer decides to move away from using your software, what happens to the customer's data that is hosted on your environment? Yes Important for long term planning Privacy & Security Describe your management direction and support for information security. Yes PCI compliancy? Describe your controls for managing the security program internally, as well as, external business partners Yes Regarding physical & environmental security, describe your controls for the in scope service to prevent unauthorized access, damage and or interference to business premises Yes What sorts of encryption technologies does your solution use? Yes end-to-end Will you be able to encrypt our data while it is stored at rest Yes Will you be able to encrypt our data during transport? Yes Describe your data backup policies and procedures. What security protocols and measures are in place for data backup and archiving? Yes Please describe how your solution manages authorization/access? Is it role-based? Yes Does your software provide SSO support? Describe how you support SSO. Yes Does your software allow encryption at the data level? (i.e. SIN, DOB, Credit Card, etc). Please describe. Yes Dooes the solution have audit trail capabilites on user activity? Yes Describe the product's support for managing and enforcing access rights Yes Does the software support different security profiles with each profile having access to different information? Yes Can access control be configured at the field level, not just the record level within the same screen? Yes Is the software's security capabilities user driven without requiring code changes? Yes Please Describe your Privacy Policy. Yes Do you perform an annual SSAE 16 or ISAE 3402 audit?
