Role-based access control (RBAC) for any logical interactive access to applications and/or supporting systems (e.g., user-interface, maintenance). Auditable logs/trails for successful and attempted access to the application/system, administrative actions such as add/delete/modify user permissions, and/or other auditable events. Business continuity and disaster recovery planning, including defined recovery time and recovery point objectives. Third-party certification or audit results that fully covers the scope of the work included in the RFP, such as a SOC 2 Type II report, FISMA compliance certification, or similar information security assurance certification, or agreement to allow the performance of security audit and penetration tests as requested by OIS or its designee...
