Specifications include, but are not limited to: 1. The Vendor will provide a secure, Internet-based registration of stakeholders using a public-facing web application 2. The Vendor will provide a custom-branded portalsite reflecting IDPH's branding, messaging and content 3. The system will have ongoing compliance with the Public Health Information Network (PHIN) and relevant PHEP/HPP grant guidance. 4. The system will provide a robust document library, including full version management capability, check-in check-out functionality, read/write/view permission management, the ability to attach documentsto alerts/messages directly, and an option to watch and subscribe for document changes, all with user logging. 5. The Vendor will allow The Illinois Department of Public Health to fully validate the Extended Validity Security Certificate (EV-SSL) to ensure consumer and stakeholder confidence. 6. The system will provide a state-customizable role, group, and organization directory that enables delegated management of users. 7. The system will have high reliability, uptime, and resilientsite hosting, including disaster recovery failover sites and multiple backup redundancies. 8. Disaster Recovery - The Vendorshall establish and maintain a continuously available alternate processing arrangement adequate to resume, within 24 hours, all of the application's processing services provided under the Contract in the event the system is not fully functional for more than 48 hours, for any reason(s). The alternate processing arrangement shall Retain two at least weeks of transaction log backups and four weeks of daily incremental and weekly full backups for disaster recovery and historic troubleshooting purposes. 9. Reporting and Auditing – The Vendor will conduct an annual SAS 70 Type II or SOC audit certification annually by an unbiased third party at no additional cost to the State, and IDPH will be provided with the written certification. The State will review and approve the comprehensiveness of the proposed security audits. The Vendor will submit the name and background of the third-party auditor. The Vendor will provide the State with its plan for fully correcting or remedying any audit exceptionsidentified due to 5 State of Illinois Chief Procurement Office General Services Contract V. 18.2 of the security audit within sixty (60) days of completion. All exceptions must be corrected within (90 days). The Vendor will describe, in detail, its plan for independentsecurity audits and provide all technical specificsrelative to those audits. 10. The applications shall convey a true sense of security and privacy to the user through one or more of multiple user-apparent message delivery methods. Users sometimes transfer private and personal information through the Internet using the vendor solution. The applications shall be designed to encrypt and fully and continuously protect this personal and private information and comply with all standards for handling Personal Health Information and Personally Identifiable Information (PII). For users who cannotsee the behind-the-scenes effortsto protect data, the applicationsshall be designed to communicate the level of security and privacy employed. The Vendor must adequately address the performance of security management, including, but not limited to, all the components that make up the security barriers to the application,such as encryption, data transmission to or through the application, and data available to the application. The Vendor will provide comprehensive details for system infrastructure, architecture, and security standards, including encryption, that are maintained and allow IDPH to audit compliance with all security methods and standards thoroughly.