Ana səhifə

Enterprise-Wide Online Licensing System (eol) Requirements Specification Appendix D: Technical Requirements May June 35, 2010


Yüklə 161.57 Kb.
tarix09.06.2016
ölçüsü161.57 Kb.



Enterprise-Wide Online Licensing System (EOL)

Requirements Specification

Appendix D: Technical Requirements

May June 35, 2010





The technical requirements represent the operational environment constraints and standards with which the EOL system must comply. , in most cases, do not dictate particular technologies to allow potential vendors flexibility in meeting the business needs. These requirements may be refined and updated during the Procurement Phase and will be validated by the EOL Contractor during the requirements validation activities after contract award.

The technical requirements include the following information:



  • Requirement ID – A unique identifier for the requirement. The mandatory technical requirements start with the prefix “TR-“ and are followed by a sequential number. The desirable technical “requirements” begin with a prefix of “DTR-“ and are followed by a sequential number;

  • Priority – Indicates if the requirement is mandatory or desirable;

  • Requirement Text – The requirement text;

  • Requirement Category – A method of organizing related requirements; and

  • Comments - Any comments or supporting information to clarify the requirement.

Section D.1 contains the mandatory requirements that the EOL system must meet.



Section D.2 contains desirable requirements that would provide benefit to CDPH but are not essential for the operation of the system.

D.1. Mandatory Technical Requirements


The following requirements are mandatory for the EOL system.

Req ID

Priority

Requirement Text

Category

Comments

TR-001

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with the CDPH Information Security Office’s Information Systems Security Requirements for Projects (ISO/SR1). Refer to the RFP Reference Library for access to these standards.

Standards




TR-002

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with the State of California Governor’s standards for websites, CDPH’s Application Development Environment (ADE) standards, and the CDPH Web Applications Architecture. Refer to the RFP Reference Library for access to these standards.

Standards




TR-003

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with Office of Technology Services (OTech) standards as described in the OTech Service Catalog and associated Security Bulletins, and the CDPH IT Hardware and Software Standards for hardware, software, firewalls, and network. Refer to the RFP Reference Library for access to these standards.

Standards

If requirements identified in the standards conflict, CDPH‘s requirements supersede OTech’s requirements.

TR-004

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with State and federal disability accessibility laws and standards, specifically Section 508 of the Rehabilitation Act (referenced in Government Code 11135), and the Section 508 standards and recommendations made by the State of California’s Information Organization, Usability, Currency, and Accessibility Working Group (IOUCA). Refer to the RFP Reference Library for access to these standards.

Standards




TR-005

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with the World Wide Web Consortium (W3C) Web Content Accessibility Guidelines priority 1, 2 and 3.

Standards

The State’s IOUCA recommendations and CDPH WAA include Priority 1 and 2. This requirement clarifies that all 3 levels must be addressed.

TR-006

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with the State Administration Manual (SAM), Section 5355.1 (Information Integrity and Data Security), and the State Information Management Manual (SIMM), Section 65 (Information Security) for the protection and recovery of data. Refer to the RFP Reference Library for access to these standards.

Standards




TR-007

Mandatory

The EOL system (i.e., the EOL infrastructure, hardware, and software) must comply with the Health Administration Manual (HAM), Section 6-1000 (Information Privacy and Security Policy) for the handling and protection of data. Refer to the RFP Reference Library for access to these standards.

Standards




TR-008

Mandatory

The system’s electronic payment component (i.e., software and credit card processoring vendor(s)) must be compliant with the latest version of the Payment Card Industry (PCI) Data Security Standard (DSS). Refer to the RFP Reference Library for access to these standards.


Standards

This requirement applies to the EOL Contractor and any subcontractors or third-parties who may be involved in processing payment information.

TR-009

Mandatory

The system’s method of handling electronic signatures must comply with Civil Code Section 1633.1 and Government Code 16.5. Refer to the RFP Reference Library for access to these documents.

Standards




TR-010

Mandatory

All of the system’s graphical user interfaces must be browser-based and support Internet Explorer version 7.0 and higher.

Standards




TR-011

Mandatory

All externally facing parts of the EOL system must be browser-based and support the following browser versions: Safari 4.0, Chrome 4.1, and Mozilla Firefox version 3.0.

Standards

State staff will generally use Internet Explorer. The other browsers are required to support applicants, licensees, and members of the public.

TR-012

Mandatory

The system must provide a method of user authentication within the application that complies with CDPH security requirements as stated in the ISO/SR1.

Standards




TR-013

Mandatory

The system must be compliant with the audit requirements described in the ISO/SR1, Section IV.C.21 (Audit Trails).

Standards




TR-014

Mandatory

All EOL COTS software must be the most recent production release (i.e., beta is not allowed) of the software, or the version immediately prior to the current version.

Standards




TR-015

Mandatory

EOL disaster recovery procedures must be compliant with CDPH’s Disaster Recovery Plan (DRP) standards in the ISO/SR1, Section A.10 through A.12 (Disaster Recovery through Periodic System Recovery Testing). Refer to the RFP Reference for access to these standards.

Standards




TR-016

Mandatory

The EOL development platform system must utilize be ASP .NET MS Windows 2008 (or later version), MS Internet Information Services (IIS) for web services, and MS SQL Server 20085 (or later version).

Standards




TR-017

Mandatory

All custom code delivered by the Bidder must be written in Visual Basic (VB) within the .NET framework.

Architecture




TR-018

Mandatory

If the Bidder needs to develop custom programs to satisfy EOL interface requirements, the custom programs associated with interfaces to other systems must be written in VB within the Microsoft .NET framework.

Architecture

Data conversion routines that would be used solely by the Bidder are not required to be written using VB or .NET.

TR-019

Mandatory

All access from the application layer to SQL Server in the database layer must use only SQL stored procedures.

Architecture




TR-02017

Mandatory

The development, test, acceptance test, training, staging, data conversion, and production environments must reside at the State’s OTech data center.

Architecture




TR-0218

Mandatory

The EOL system must include physically separate servers.

Architecture

CDPH made a preliminary assumption for planning purposes that dedicated servers will be used in all EOL environments. However, after contract award, the State may permit virtualization if the EOL Contractor can prove a virtualized solution can meet all architecture and security requirements.

TR-02219

Mandatory

The staging environment must be available for testing when a new version of the system is about to be pushed into production.

Architecture




TR-0230

Mandatory

The staging environment must be configured identically to the production environment.

Architecture




TR-0241

Mandatory

The system must utilize the existing OTech and CDPH network infrastructure.

Architecture




TR-0252

Mandatory

The system must be a multi-tiered (i.e., database, application and presentation), web-enabled solution according to the CDPH Web Application Architecture standard.

Architecture

The CDPH and OTech standard architecture for Web-enabled systems is a three tier architecture (Web tier, Application tier, Database tier) with at least one physical server in each tier separated by firewalls. If a licensing software vendor uses a different architecture for their application, the vendor may propose and the State may consider alternative configurations. The final decision regarding an acceptable system architecture for EOL will be made by the State.

TR-0263

Mandatory

Web servers and application servers must not exist on the same server as a database server in the production and staging environments.

Architecture




TR-0274

Mandatory

Devices in the presentation, application/business, and data layers of the solution architecture must be separated by firewalls.

Architecture

Refer to OTech bulletin 3117 available from the RFP Reference Library.

TR-0285

Mandatory

The system must not permit direct connections from the presentation layer to a data layer of the solution architecture.

Architecture




TR-0296

Mandatory

Public facing servers must reside on a Demilitarized Zone (DMZ).

Architecture




TR-03027

Mandatory

Web servers and application servers must not exist on the same machine in a Demilitarized Zone (DMZ).

Architecture




TR-03128

Mandatory

Classified data (i.e., Confidential, Sensitive, Personal, Protected Health Information (PHI)) must not be stored on any servers that reside in the DMZ.

Architecture




TR-0329

Mandatory

The products proposed for EOL must allow trained technical staff to customize the field names to match CDPH terminology.

Architecture




TR-0330

Mandatory

The products proposed for EOL must allow trained technical staff to add and modify application types, including the creation/modification of screens (with data validations), workflows and reports by copying and modifying similar existing application types.

Architecture




TR-0341

Mandatory

The system must allow trained technical staff to update the format and templates used for input forms and outgoing correspondence and letters, (e.g., to update the CDPH letterhead).

Architecture




TR-0352

Mandatory

The system must provide tools to allow trained technical staff to add, modify, inactivate and delete business rules and system workflows.

Architecture




TR-0363

Mandatory

The system must integrate with CDPH’s bar coding equipment to update license records with payment information.

Architecture

Billing notices are printed with bar codes that identify the licensee and payment amount due. The bar code readers are made by American Microsystems and use a laser pen to read UPC-format bar codes. The State will provide bar code readers as appropriate.

TR-0374

Mandatory

The system must be implemented as a single instance of the application that provides all the functionality necessary for the seven (7) participating organizations.

Architecture




TR-0385

Mandatory

The system must use Secure Socket Layer (SSL), 128-bit encryption to encrypt data transmissions that include classified data, including personal (e.g., social security numbers (SSNs)) and credit card information.

Security




TR-0396

Mandatory

Classified data must be protected at rest in the database and when being transmitted.

Security

The bidder must propose the type of protection as part of the proposal.

TR-04037

Mandatory

Auditing functionality must exist in EOL to track user access to, entry, deletion, and changing of any classified data as defined by CDPH.

Security




TR-04138

Mandatory

The system must use SSL certificates for server validations.

Security




TR-04239

Mandatory

The system must use the application’s role-based security to control the functions, workflow processes, and data available to users, including access to the document repository.

Security




TR-0430

Mandatory

The system must use group policy objects for security administration.

Security




TR-0441

Mandatory

The system must use group policy objects to authorize user access to specific data elements on a need-to-know basis.

Security




TR-0452

Mandatory

Role-based access to data must be broken down into View, Edit and Delete capabilities.

Security




TR-0463

Mandatory

The system must use Active Directory to authenticate, manage, and control access all to EOL environments servers for by system administrators, developers, testers and other project staff, and technical staff working on the EOL system.

Security

OTech will establish the AD environment. CDPH and the EOL Contractor will manage the authentication and groups.

TR-047

Mandatory

The EOL application must authenticate and control access to the EOL system by CDPH users and applicants/licensees.

Authentication




TR-0484

Mandatory

The system must enforce authentication protocols for access to EOL functionality for CDPH users accessing the system via the CDPH intranet.

Authentication




TR-0495

Mandatory

The system must be accessible through the Citrix remote web client for those CDPH users who have been approved for remote access.

Authentication




TR-05046

Mandatory

The system must enforce authentication protocols for access to EOL functionality for applicants/licensees accessing the system via the Internet.

Authentication




TR-05147

Mandatory

The system must allow authenticated applicants/licensees to access their contact data and appropriate license data via the Internet.

Authentication

Applicants/licensees will only be permitted to update certain data fields.

TR-05248

Mandatory

The system must provide a feature/tool to allow system administrators to add, modify, delete, inactivate and reset user/login accounts and access.

User Access




TR-05349

Mandatory

The system shall require a unique user/login ID and password for each system user (CDPH user and applicant/licensee).

User Access




TR-0540

Mandatory

The authenticated applicants/licensees must only be permitted to access data specific to their license(s).

User Access




TR-0551

Mandatory

The system must allow members of the public unauthenticated access to non-confidential license data via the Internet.

User Access




TR-0562

Mandatory

The system must not allow members of the public to access files stored in the document repository.

User Access




TR-0573

Mandatory

The EOL web interface must allow nationwide authenticated applicants/licensees access to license applications, renewals, and application status.

User Access




TR-0584

Mandatory

The EOL web interface must allow international authenticated applicants/licensees access to license applications, renewals, and application status.

User Access




TR-0595

Mandatory

The EOL web interface must allow nationwide unauthenticated (i.e., members of the public) users to perform standard lookups and searches.

User Access




TR-0560

Mandatory

The EOL web interface must allow international unauthenticated (i.e.,members of the public) users to perform standard lookups and searches.

User Access




TR-06157

Mandatory

The system must provide features that allow authorized CDPH users to perform the configuration and management of user roles and access controls.

User Access




TR-06258

Mandatory

The system must provide a mechanism for CDPH users and applicants/licensees to reset their own password in the event of a lockout and/or forgotten password.

User Access




TR-06359

Mandatory

The system must provide a web portal component that will be integrated with CDPH’s existing portal on the CDPH public website to provide a central point of access to the system for members of the public users and authenticated applicants/licensees.

Web Portal




TR-0640

Mandatory

The system’s web portal must provide a search engine that will allow members of the public (unauthenticated users) to search non-confidential license data by program.

Web Portal




TR-0651

Mandatory

The system must provide a document repository for access and storage of documents, images, and other electronic files associated with the licensing data.

Repository

Documents = MS Wword, MS eExcel, etc.

Images = photos, scanned images



Other files = blueprints and anything else in electronic format

TR-0662

Mandatory

The system must allow CDPH users to associate items in the document repository with specific, related license/licensee data in the EOL system.

Repository




TR-0673

Mandatory

All files uploaded into EOL must be virus checked prior to being stored in the document repository.

Repository




TR-0684

Mandatory

The system must allow designated CDPH users to set a configurable size limit on files that are uploaded and imported into the document repository (i.e., to prevent overly large files from being uploaded).

Repository




TR-0695

Mandatory

The system must allow designated CDPH users to set restrictions on the file types that can be uploaded (e.g., no .EXE files).

Repository




TR-07066

Mandatory

Licensing data export functionality must be available to designated CDPH users as a configurable, regularly scheduled job in addition to an interactive job.

Import / Export




TR-0671

Mandatory

The system must provide the ability to import data in Extensible Markup Language (XML) format to allow CDPH users to import data from outside service providers and agencies.

Import / Export




TR-07268

Mandatory

The system must provide the ability to export data in XML format.

Import / Export




TR-07369

Mandatory

EOL must provide features to export licensing data in comma separated values (CSV) format, Microsoft Excel format, and to a Microsoft Access database.

Import / Export




TR-0740

Mandatory

The system must allow CDPH users to export data by program and license type.

Import / Export




TR-075

Mandatory

The system must accept records with locational data (i.e., county, city, district, zip code, census tract, census block, physical address, latitude, longitude, place name).

GIS

CDPH uses ESRI’s ArcGIS products for enterprise mapping needs, and will provide the necessary licenses.

TR-076

Mandatory

The system must assign a coordinate set (i.e., X/Y) and supporting information to the record based on the locational information. Supporting information includes accuracy, coordinate system, ID of the geocoding protocol used, address validation performed, etc.).

GIS

The geographic coordinate elements in that record will be used to perform various geospatial functions, including displaying the records on a map, performing spatial analysis, generating district listings, evaluating overlain terrain, and identifying proximity to hazards.

TR-071

Mandatory

EOL must generate and store Geographic Information System (GIS) coordinates (Latitude and Longitude) whenever the coordinates can be calculated by a valid street/mailing address.

Address validation

CDPH uses ESRI ArcSMappuct, and will provide the necessary licenses.

TR-0772

Mandatory

Upon submission of street/mailing address data, all street/mailing address entry screens must invoke an address validation task upon submission to the database.

Address validation




TR-0783

Mandatory

EOL must accept any street/mailing address upon submission if the address validation process determines the address is valid.

Address validation




TR-07974

Mandatory

EOL must prompt the CDPH user/applicant/licensee for corrections but must never prevent a street/mailing address from being entered into the system if the user overrides the tool’s suggestion.

Address validation




TR-07805

Mandatory

When a street/mailing address is being entered into EOL and the address validation process returns one or more possible address corrections, those choices must be displayed to the CDPH user/applicant/licensee for the user to select one of those recommendations, enter a new address, or force the address as entered into the system.

Address validation




TR-08176

Mandatory

Street/mailing address data submitted to EOL through interfaces, batch processes, or any non-interactive process must always be accepted without correction or modification by the address validation process.

Address validation




TR-08277

Mandatory

The system must store and provide access to at least ten (10) years of license and licensee data for each program area going forward. This is in addition to the converted legacy data needed for current operations.

Capacity

For some programs, (e.g., STAKE, LFS), historical data since inception must be stored and accessible for query and reporting.

TR-0783

Mandatory

Any EOL screen that does not generate a report or execute a custom query must completely load and display the data in no more than four (4) seconds discounting any time associated with network latency.

Response Time




TR-08479

Mandatory

Any EOL screen involving a read or write to the database that does not generate a report or execute a custom query must completely load and display in no more than four (4) second discounting any time associated with network latency.


Response Time



TR-0850

Mandatory

At a minimum, EOL must be fully operational and available for use between the hours of 5:00 AM to 12:00 Midnight Pacific Time (PT) every day of the year.

Availability

Note: In the event of an emergency, CDPH will instruct OTech to leave the system running throughout the overnight hours. In these situations, the EOL system may continuously run for 24 to 72 hours without downtime.

TR-0861

Mandatory

Any scheduled IT maintenance activities that could result in disruption of normal EOL operations must start, run, and complete within the daily window between 12:00 AM and 5:00 AM Pacific Time (PT).

Availability

Maintenance activities include backups, software updates, patch installation, etc.

TR-0872

Mandatory

EOL data must be available in read-only mode during any IT maintenance cycle that could disrupt the normal operation of EOL.

Availability

The EOL Contractor shall must work with OTech to ensure the application can meet this requirement.

TR-0883

Mandatory

When EOL is running in maintenance read-only mode, the data available in the system must be current as of the point in time that the system went off fully operational mode. This does not include access to files in the document repository.

Availability




TR-08984

Mandatory

Lookup and report viewing functions performed by unauthenticated, members of the public users must be available 24 hours a day, every day of the year, except for planned maintenance that has been pre-approved by the State.

Availability




TR-09085

Mandatory

Lookup and report data for unauthenticated, members of the public users must be no older than the end of the previous working day (5:00 p.m.).

Availability




TR-09186

Mandatory

EOL requires a RAID configuration and/or database mirroring for protection against data loss.

Availability

The EOL Contractor shall must work with OTech to ensure the application can meet this requirement.

TR-09287

Mandatory

Any auditing functions for read-only operations that are required during normal operation must be stored in a temporary location when the system is undergoing maintenance and is in read-only mode of operation.

Recovery




TR-09388

Mandatory

When system maintenance has finished for EOL, any auditing data stored temporarily during maintenance mode of operation must be loaded and merged automatically by the system into the normal auditing storage for EOL by midnight of the next day (including weekends and holidays).

Recovery




TR-0894

Mandatory

Any data stored/queued in a temporary location when EOL is in maintenance mode must be stored with the same or better security measures, access restrictions, and protections that exist for that same data in the fully operational mode.

Recovery




TR-0950

Mandatory

The system must interface with the following assistive technologies in order to allow CDPH staff to use EOL:

1-Freedom Scientific JAWS for Windows, version 10.0 and 11.0;

2-Freedom Scientific MAGic screen magnifier;

3-NonVisual Desktop Access, version 2009.1;

4- ZoomText;

5-Lynx Viewer; and

6-Dragon NaturallySpeaking, version 9.


ADA

Note: Accessibility will be tested using the WatchFire Tool.

Compliance will be tested for the current version and the immediately prior version,



TR-0961

Mandatory

The system must interface to the required systems by initiating the data exchange. Refer to Appendix HI: Interface Requirements for the specific systems to be interfaced.

Interface




TR-0972

Mandatory

The system must generate exception reports for technical staff when errors occur during system batch processes and interface transmissions.

Interface




TR-0983

Mandatory

The exception report must record the date/time of the error, the process/transmission that failed, and the error(s).

Interface




TR-0994

Mandatory

The system must integrate with RightFax to allow CDPH users to transmit outputs via fax.

Interface

This will be a manual integration (i.e., the Department does not have an integration module), but the EOL Contractor must test that this manual approach works correctly.

TR-10095

Mandatory

The system must integrate with Microsoft Exchange/Outlook to allow CDPH users transmit outputs via email.

Interface




TR-10196

Mandatory

Outside application interfaces must be exposed via web services as much possible for reusability.

Interface




TR-10297

Mandatory

The system must provide a daily report of scheduled jobs that indicate the success or failure of the job. The report must include start date/time of the job, finish date/time of the job, job name, and user ID of the job owner/submitter.

Interface

Scheduled jobs include batch interface transmissions, data exports/extracts, and refreshes of the public website(s).

TR-10398

Mandatory

The daily report of scheduled jobs must include the following information in the event of a job failure:

1-Date/time of failure;

2-Program/module that failed;

3-Error message indicating cause or type of failure; and



4- Table/data element/file that failed.

Interface





D.2. Desirable Technical Requirements


These requirements indicate desired capabilities that bidders may elect to provide.

Req ID

Priority

Requirement Text

Category

Comments

DTR-01

Desirable

Electronic EOL data, excluding files in the document repository, should be available to CPDH staff in read-only mode (or better) within one (1) hour after any application software failure.

Recovery




DTR-012

Desirable

Lookup and report data for unauthenticated, members of the public users should be updated on an hourly basis.

Availability




DTR-023

Desirable

The system interfaces for data transfer should adhere to HL7 standards, as appropriate to the data being transferred.

Interfaces




DTR-03

Desirable

The COTS software for EOL should be written in Visual Basic (VB) using the Microsoft .NET framework.

Standards







Page of



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©kagiz.org 2016
rəhbərliyinə müraciət