31.4. ADU Software and Deployment 31.4.1. The software must include a comprehensive logging/audit system with robust data backup and consistency checks. DOC prefers a Software as a Service (SaaS) model but will consider a dedicated deployment on an Infrastructure as a Service (IaaS), or a leased dedicated hardware model. Proposal must include all necessary hosting and ongoing maintenance and support. 31.5. System Integration 31.5.1. The ADU system must seamlessly integrate with NaphCare TechCare V5 EHR and/or the Kalos CIPS pharmacy system to ensure smooth data flow and operations. Selected vendor is expected to coordinate and pay for any additional work needed to integrate systems. Both vendors support RESTful APIs and HL7 where required for the implementation. 31.5.2. User Access and Security 31.5.3. Access Security 31.6. Vendor security should conform to SONH security standards, which are based on NIST SP 800-53. 31.7. Single Sign-On (SSO) capability integrated with MS Entra is preferred; if unavailable, robust two-factor authentication (2FA) must be implemented. Systems should allow for secure account management. 31.8. Role-Based Access Control (RBAC) 31.8.1. The system must support RBAC, ensuring users access only the necessary features for their roles. 31.9. User Authentication 31.9.1. Biometrics, NFC cards or other technologies should be used to provide easy and secure access for authorized users. 31.10. ADU Cabinet Specifications by Type/Location 31.10.1. Secure Psychiatric Unit - 2+ Drawer Countertop unit 31.10.2. NHSPM Medication Dispensing Room - 6+ Drawer Floor Unit with Auxiliary Narrow Tower Unit 31.10.3. NHSPM Health Services Center - 6+ Drawer Floor Unit with Auxiliary Narrow Tower Unit 31.10.4. NNHCF - 6+ Drawer Floor Unit with Auxiliary Narrow Tower Unit 31.10.5. NHCFW - 6+ Drawer Floor Unit with Auxiliary Narrow Tower Unit 31.10.6. NHSPM Pharmacy - Controlled Substance Floor Unit
