Specifications include, but are not limited to: The NDUS is soliciting proposals to find a software as a service (SaaS) single-source solution that encompasses all activities related to scholarship management such as application management, payment, communication, reporting and data storage for the NDUSFAO. Applicable Directives This project is subject to the following laws and policies. Vendors are required to review and respond to their ability to meet these requirements. N.D.C.C . Chapter 44-04 related to North Dakota’s laws that all government records and meetings must be open to the public unless otherwise authorized by a specific law. N.D.C.C. § 54-10-28 related to the state auditor’s authority to conduct information technology compliance reviews. SBHE Policy 1203.1 Digital Accessibility ADA/Product Accessibility Information – All products must meet Federal accessibility guidelines. Please see section 3.2 Information Technology Solution-NDUS Accessibility Requirements for more information. Family Educational Rights and Privacy Act of 1974, 20 U.S.C. § 1232g, et seq. Health Insurance Portability & Accountability Act (HIPAA) – Offerors required to attach a Business Associate Agreement. PCI-DSS Vendor must be compliant with the Payment Card Industry Data Security Standard (PCI- DSS) and must provide a current Attestation of Compliance (AoC) or Report on Compliance (RoC). Vendor must be on the Visa Global Registry of Service Providers. If applicable, the payment system or associated application(s) must be PA-DSS validated. This IT Project is a major information technology project subject to the following state of North Dakota laws pursuant to N.D.C.C. § 54-35-15.2(11), including the possible appointment of a steering committee. SBHE Policy 1201.0 along with NDUS Procedure 1201.2 address the mandatory requirements for SBHE oversight of projects that meet the statutory requirements of a Major IT Project.
