Specifications include, but are not limited to: Environment 1. SUCCESSFUL PROPOSER shall provide the system architecture and data diagram. 2. System shall be browser based and should be compatible with the minimum set of Google Chrome, Microsoft Edge, and Mozilla Firefox. 3. System shall be tablet compatible (Apple iOS, Android OS). 4. System shall be able to provide secure, centralized document control and organization in meeting the requirements found in the 2016 TNI standard or the 2017 ISO 17025 standard. (See attached) 5. Provider shall not use within the environment, products from foreign firms, nor firms which use parts from these foreign firms, which are prohibited within Section 889 in the National Defense Authorization Act of 2019 to include any subsequent additions. 6. Any data center and all copies of data must reside within the continental United States and shall not be under the control or administration of foreign entities. Security 7. System shall be capable of integrating Active Directory Federation Services (ADFS) to manage authentication. It shall enable users to log on the application through ADFS without needing to authenticate their identity on application directly. System shall have the ability to disable all logins except ADFS. 8. System shall have Secure Socket Layer (SSL) certificate on the web portal. 9. System shall allow role-based access control. The system must allow an administrator to align roles and access permissions with employees’ positions or assigned tasks. Administrator shall be able to control what end-users can do at both broad and granular levels. 10. System shall have the ability to audit and manage access for security compliance. System shall have the ability to manage how data is being accessed and used easily to meet the regulatory requirements for privacy and confidentiality. 11. Proposer shall provide the backup and disaster recovery plan. The data should be backup at least once a day. The data recovery should be back on in 24 hours. 12. Proposer shall provide SOC report to certify the security, integrity, availability, confidentiality and privacy of hosted systems. 13. System shall include the feature of electronic signature. 14. System shall be able to classify confidential documents and grant permission by role based security.
