a) Continuity and Availability • The system should have a system recovery program with policies for nightly back ups and restoration and recovery of data within 24 hours of an outage or request. b) Security and Access Control • System must be secure and meet all local, state and federal data security standards. • Provide applicable certifications such as SOC2 documentation. • Provide a statement stating whether your company is compliant with FERPA, GLBA, NACH and Red Flag Regulation requirements. • Provide product interfaces that are compliant with WCAG 2.0 AA and provide VPAT if available. • The company should provide a completed Higher Education Cloud Vendor Assessment Tool (HECVAT) (lite version available at: https://www.ren-isac.net/publicresources/hecvat.html). • If the system supports two-factor authentication, then please describe the solution options. • The system supports single sign-on (CAS, Shibboleth, or SAML). If the system does authentication, it must not use or provide default credentials. • The system should allow for granular control of access to profile data and workflows based on the user (full access, limited access, and view only access). • The system should allow user accounts regardless of the type of employee. • The system should allow the administrator to assign security roles to other users. • The system should provide logging of user management, administrative activity, and user activity. • The system should allow the university administrator to view user data on system use (log ins, uploads, etc.). • The company should provide applicable certifications such as SOC2 documentation. • The system must be secure and meet all local, state, and federal data security standards.
