Specifications include, but are not limited to: 12.1 Hosting Services Offerors are asked to describe the approach for providing hosting and management services necessary to implement and maintain the ITS as described in this RFP, beginning with the initial implementation of any ITS instance and continuing throughout the implementation and post-implementation. Managed hosting includes management of all components provided for the ITS, including those physically installed in distributed locations. Offerors shall provide a detailed description of its managed hosting solution(s), for all environments included in this RFP, including, but not limited to the following: A. Available hosting models and the pros and cons of each option, and whether your solution allows for hosting in Virginia Tax or VITA managed cloud infrastructure (COV CLOUD) B. Managed hosting infrastructures (e.g., hardware, operating systems, network, communications, connectivity, backup, failover, disaster recovery components, etc.) C. Managed hosting services (e.g., software and hardware installation, updating, patch application, monitoring, tuning, disaster recovery and backup support, emergency and planned network, system, application maintenance, etc.) D. Managed hosting location(s) compliant with the Commonwealth security standards located at: https://www.vita.virginia.gov/it-governance/itrm-policies-standards/ (e.g., security compliance for data centers, etc.) E. Offeror shall provide a detailed description outlining the shared responsibilities of Cloud Service Provider and Virginia Tax for securing, maintaining, and operating every aspect of the cloud environment, including the application, hardware, infrastructure, endpoints, data, configurations, settings, operating system (OS), network controls and access rights. F. Offeror shall include the cost of Hosting Services by year in Attachment P – Cost Proposal. 12.2 Authentication Offerors are asked to describe how the ITS provides modern and secure models for user authentication (both internal and external). The ITS must provide a single sign-on (SSO) that authenticates the user to any modules of the system. The ITS must also support multi-factor authentication or comparable secure models. A. Secured Role-Based Authentication Offeror must describe how the ITS provides configurable features that can limit or restrict access based on the user’s constructed role within the solution. This role-based security profile must be attached to the user’s login credentials. 12.3 Data Warehouse Offerors are asked to describe the data warehouse capabilities, implementation approach and proposed tools to meet Virginia Tax’s ad hoc, analytic, data modelling, research, dashboard, tax modeling, BI and/or report needs. Also describe how the ITS data warehouse would incorporate and improve audit programs and fraud detection. The Offeror’s data warehouse design at a minimum shall address the following: B. Data sources and key structures. C. The tools, routines, configuration, integration, and setup to support the initial loading and ongoing refresh of and synchronization assurance. D. Compliance analytics, scoring, discovery, audit selection, and fraud detection functions to be established. E. Reporting tools, views, queries, and dashboards. F. Backup, restore, and recovery methods and tools.
