Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

Similar documents
A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

Interact Intranet Version 7. Technical Requirements. August Interact

Proof of Concept Guide

Research Information Security Guideline

Enterprise Architecture Review Checklist

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Hosting Services VITA Contract VA AISN (Statewide contract available to any public entity in the Commonwealth)

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Security Overview Enterprise-Class Secure Mobile File Sharing

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Oracle Desktop Virtualization

Cloud Vendor Evaluation

All your apps & data in the cloud, all in one place.

custom hosting for how you do business

Ensuring Enterprise Data Security with Secure Mobile File Sharing.

Client Security Risk Assessment Questionnaire

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

WhitePaper. Private Cloud Computing Essentials

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Hosted SharePoint: Questions every provider should answer

Desktop Virtualization. The back-end

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

BMC s Security Strategy for ITSM in the SaaS Environment

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

USING GENIE REMOTELY

InsightCloud. Hosted Desktop Service. What is InsightCloud? What is SaaS? What are the benefits of SaaS?

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

CLOUD SERVICES FOR EMS

Secure Hosting Solutions For SAGE Energy Management

STRONGER AUTHENTICATION for CA SiteMinder

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

How To Achieve Pca Compliance With Redhat Enterprise Linux

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

ANDREW HERTENSTEIN Manager Microsoft Modern Datacenter and Azure Solutions En Pointe Technologies Phone

How To Understand Your Potential Customer Opportunity Profile (Cop) From A Profit Share To A Profit Profit (For A Profit)

G-Cloud 6 Service Definition DCG Cloud Disaster Recovery Service

Comparing Online Enterprise Backup Systems. A reliable online backup system is essential for any business running workstations and

Ancero Hosted Virtual Server (HVS) and Hosted Virtual Desktop (HVD) Service Guide

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

OpenStack Private Cloud Hosting in an Tier 3 Data Centre. G-Cloud Lot 1 IaaS

With Eversync s cloud data tiering, the customer can tier data protection as follows:

Requirement Priority Name Requirement Text Response Comment

Request for Information (RFI) for Managed Hosting Service

HC3 Draft Cloud Security Assessment

Access All Your Files on All Your Devices

Learn more about the technology that makes Workforce Central 8 work

Securing the Service Desk in the Cloud

Dropbox for Business. Secure file sharing, collaboration and cloud storage. G-Cloud Service Description

Kaseya IT Automation Framework

Casper Suite. Security Overview

Dell World Software User Forum 2013

Information Technology Solutions. Managed IT Services

Carahsoft End-User Computing Solutions Services

Logicalis Enterprise Cloud Frequently Asked Questions

IPFW Innovate Cloud Service Task Force

Service Descriptions

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

Monthly Fee Per Server 75/month 295/month 395/month Monthly Fee Per Desktop/Notebook/ 15/month 45/month 55/month

How To Create A Virtual Desktop In Gibidr

The User is Evolving. July 12, 2011

Alliance Key Manager Solution Brief

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

ADDENDUM 1 September 22, 2015 Request for Proposals: Data Center Implementation

Unlimited Server 24/7/365 Support

Uni Vault. An Introduction to Uni Systems Hybrid Cloud Data Protection as a Service. White Paper Solution Brief

Server Software Installation Guide

Ensuring the security of your mobile business intelligence

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

Table of Contents...2 Introduction...3 Mission of IT...3 Primary Service Delivery Objectives...3 Availability of Systems Improve Processes...

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

CONSUMERIZATION OF IT BYOD and Cloud-based File Storage

Top. Enterprise Reasons to Select kiteworks by Accellion

Top 7 Tips for Better Business Continuity

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS.

Alliance Key Manager Cloud HSM Frequently Asked Questions

H.I.P.A.A. Compliance Made Easy Products and Services

Private Cloud. One solution managed by Applied

Compliance and Security Challenges with Remote Administration

Daymark DPS Enterprise - Agentless Cloud Backup and Recovery Software

Egnyte Cloud File Server. White Paper

Secure remote access to your applications and data. Secure Application Access

Cherwell Software Hosted Environment

Vendor Questionnaire

White Paper 2 Factor + 2 Way Authentication to Criminal Justice Information Services. Table of Contents. 1. Two Factor and CJIS

Using Cloud-Based Technologies in Clinical Trials by Niki Kutac, Director, Product Management

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

How Our Cloud Backup Solution Protects Your Network

Retention & Destruction

Transcription:

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider) General Project Questions Please provide the proposed timeline estimate: MILESTONE Kickoff Requirements Review Design Review Build/Config. Complete Acceptance Testing Go-Live Transition to support Project Completion Time from Contracting / Date Will this project be completed in phases? Please list the timeline for each phase if applicable. Customer Responsibilities What is required of Williamson County to implement the proposed solution? Please list any hardware, software, storage, or networking equipment not included in the proposed solution, or major configuration items done by IT or the user. Please provide any specifications if applicable. ITEM NOTES Technology Project Questionnaire Page 1 of 14

Regulatory Compliance / Privacy Regulatory compliance please note that apply to this implementation. Please indicate if the proposed solution is compliant with the regulation. REGULATION APPLIES COMPLIANT The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Health Information Technology for Economic and Clinical Health Act (HITECH) Payment Card Industry Data Security Standard (PCI DSS) Texas Department of Public Safety Criminal Justice Information System (CJIS) Describe the auditing and enforcement of applicable regulations within the proposed solution and company. PLEASE NOTE: 1. If any of the listed regulations apply, Williamson County mayrequireaccess to the audit reports on a regular basis. 2. ANon-Disclosure Agreement(NDA) is required for vendors who need to support their application remotely or exchange data with Williamson County. The NDA must be approved by the Williamson County Legal Department. 3. Business Associate Agreement (BAA) is required if Personally-Identifiable Information (PII) covered by HIPAA regulations is present. The BAA must be approved by the Williamson County Legal Department. 4. A signed CJIS Security Addendum with Williamson County is required if data either directly or indirectly derived from the CJIS systems of the FBI or Texas DPS is present. Employees or contractors may also have to sign a CJIS Security Awareness statement as well as be fingerprinted if they have access to the system. Security What encryption methods and levels (e.g. 256-bit AES) are used by the proposed solution (if any)? AREA Software / Interface Data transmission Client-resident data Database Support / Remote Access ENCRYPTION Technology Project Questionnaire Page 2 of 14

What ports are needed for the proposed solution? SOURCE DESTINATION PORT TCP/UDP Reliability / Backup What is the typically expected uptime with the proposed solution (including downtimes for regular maintenance)? Approximately how much data will be backed up as part of the proposed solution? Software Environments (software solutions only) Will there be other instances of the software available for users besides the Live environment? If so, please indicate below. Environment Test/Development Training Other (explain) Proposed (Y/N) Authentication Is LDAP, RADIUS, or Windows Active Directory authentication supported? If No, please complete the following: Is user authentication required? Does user authentication support strong passwords? Does user authentication support password aging? Can the system support two-factor authentication (e.g. token)? Is Imprivata software supported for authentication? Technology Project Questionnaire Page 3 of 14

Client Requirements What are the client-side platform requirements? ITEM Windows PC/Laptop Windows Mobile Apple Mobile Android Other (specify) MINIMUM SPEC What are the client-side hardware requirements? ITEM CPU RAM Free Disk Space Ports LAN Network Speed Internet Link Speed Sound Other (describe) MINIMUM SPEC What are the client-side software requirements? ITEM Operating Systems Web Browser.NET Java Flash Other (describe) REQUIREMENTS Does the application require any special peripherals (Scanners, Printers, Handheld)? What software toolkit(s) was used to build the application client (e.g. Visual Basic, C++, C#)? Technology Project Questionnaire Page 4 of 14

What rights does the proposed solution require the user to have on the client machine? RIGHT Standard User Power User Local Administrator REQUIRED (Y/N) Is the client supported on Citrix? Is the client supported in a Virtual Desktop infrastructure (VDI) environment? Are there any platform issues known? Can the client be delivered via an Electronic distribution solution like Dell Kace? Does the proposed solution require special approval of Microsoft patches before they are applied? Are there any special anti-virus program restrictions? Can the desktop running this application be used for other purposes? Are there any known incompatibilities with commonly-used hardware or software? If so, please list. Mobile Devices (if applicable) Will end user mobile devices be used for this solution? (e.g. laptop, netbook, smart phone, tablet, etc.) If yes, identify device type and its purpose. What mobile device platforms and versions are utilized? ITEM Apple ipad Apple iphone Android Windows Mobile Other (specify) OS Version Technology Project Questionnaire Page 5 of 14

Is the app available in the Apple/Google Application Store or is it sideloaded? Will there be any sensitive data stored on the mobile device? If yes, what safeguard/encryption is in place or will be put in place to protect this data? Interfaces Will there be data interfaces requested to other systems? Please list in detail. Is/are the interface(s) bi-directional? What interface encryption methods are supported? (Direct connect SSL or SSH / VPN or LAN to LAN / Internal Interface Appliance)? Which interface methodologies are supported by the proposed solution (e.g. XML, FTP)? Vendor access for support Which device types will the vendor access for support? Please add any description / explanation as notes. DEVICE End user s desktop IT Application support s desktop IT System admin s desktop Application Server / Appliance Other device(s): ACCESSED (Y/N)? How will the vendor connect into Williamson County? Please add any description / explanation as notes. CONNECTION VPN Client VPN Tunnel (LAN to LAN) Public Internet On Site Support Other: USED (Y/N)? Technology Project Questionnaire Page 6 of 14

Which tools will be used to access the devices? Please add any description / explanation as notes. TOOL Remote Desktop WebEx / Bomgar /GoToMyPC etc. Tool is built into the system Other: USED (Y/N)? Licensing What type of licensing is being proposed? Please indicate other options that are available. TYPE PROPOSED OPTION Concurrent User / Connection Concurrent Device Named User Named Device Site License Other (please describe) Policies&Procedures What architecture frameworks do you follow? TOGAF? How do you manage projects internally (e.g. Agile, PMP)? What type of project management resources will be involved in the proposed solution? What type of professional services do you offer to implement and support the proposed solution? Integration, APIs & Reports What type of APIs and web-services are available to pull and push data? Are the APIs secured and encrypted? How? Technology Project Questionnaire Page 7 of 14

Is there an option to access the data directly from the database? How? What type of reports can be generated or created? Can ad-hoc reports be created by the user? Is this done inside the software? Can a third-party reporting tool (i.e. Crystal Reports) be used? Service Level Agreements (SLAs) What SLAs are available reliability, availability, performance, issues, requests etc.? What types of credits are available if SLAs are not met? Is there a regular meeting (monthly/quarterly) to review the SLAs, issues, requests? How are the issues escalated if the SLAs are not complied? Who can we escalate to in the management team? Vendor Management, Product Roadmap & Viability What s management role and experience with similar projects? What is the organizational structure of your company? Technology Project Questionnaire Page 8 of 14

Customers: ITEM Total Customers Government Customers Texas County Government Customers COUNT Employees: ITEM Total Employees Total Employees in Texas Total Employees in Austin Region Product development Employees Customer Support Team Employees COUNT What is your companies product road-map and strategy? How is this communicated to the customer? How do you accommodate customer requirements into the product strategy? Is there a customer advisory council? Do you provide a trial or proof of concept for your product including new features? Pricing & Contract What is included and excluded in the proposed pricing? Please be specific. Is the first year of maintenance included? How are new features rolled into the solution? Are they purchased separately or included in future releases? Technology Project Questionnaire Page 9 of 14

Support & Maintenance What is the proposed service level agreement (SLA) for support? What is covered by annual maintenance? Is there a premium support model? How will support be organized between Williamson County IT and the Vendor? Check accountability owner for each tier level and give specific examples of service provided at each level: SUPPORT LEVEL RESPONSIBLE EXAMPLE Tier 1 Support Tier 2 Support Tier 3 Support What type of support is provided? Self-service, email, phone? What are the support hours? What are the support response times? CATEGORY Critical Urgent High Low RESPONSE TIME Who provides the support desk and where are they located? How many employees are part of the support desk? Are they dedicated or shared with projects? What type of monitoring and alerting is included in the proposed solution? What type of migration and integration support is typically provided? Is there a dedicated support manager and account rep? Technology Project Questionnaire Page 10 of 14

Supplemental Questions for Hosted Solutions Infrastructure& Maintenance What does your overall, high level infrastructure look like? Which Operating System(s) are used? Do you have OS vendor support? Do you follow regular patch cycles? What is your marketed uptime? Please offer verification of this number. What database technology is used and what is the revision level? (e.g. Oracle 11gR2, MS-SQL 2008R2) How does the application handle concurrent updates? (Multiple users trying to update the same data at the same time) How are maintenance or unplanned downtimes communicated to customers? What is the typical maintenance window and how frequently is it used? How far in advance is the notification period for scheduled maintenance or upgrades? Do you work with the customer to schedule our downtimes and/or upgrades? Is there a test environment Williamson County can use to test upgrades before they are implemented in production? Does the proposed solution support high availability, redundancy or failover? Technology Project Questionnaire Page 11 of 14

Support & Maintenance How do you support and manage integration with the customer s existing SaaS apps? How are upgrades, patches and other maintenance performed? What type of change management & risk management procedures do you follow? How often is this communicated to the customers? Does the customer have any control on applying patches, upgrades and changes to the SaaS app? Provider & Data Location Do you operate in multiple data centers? How many ISP s support your data centers? Who is/are the hosting provider(s)? Where is the hosting location? Country, State? What type of infrastructure is used? (Hardware, software, operating system, technology platform) What type of virtualization software is used (e.g. VMWare, Hyper-V)? What type of network bandwidth is available? What type of scalability is provided for additional computing power CPU, RAM, Storage? Costs? Time to implement? Technology Project Questionnaire Page 12 of 14

Data Access, Security&Segregation Is the proposed solution a dedicated or a shared environment? If it is a shared environment, how is the data segregated from other shared environments? Is our data in a single database shared by other customers or is our database separate? How is security managed in the shared environment? What controls are in place? Who has access to the infrastructure, hardware, software, data? Please provide specific info on the roles & responsibilities of employees. What application & data access audit logs are available? How often can Williamson County access this? What type of investigative support is provided in cases of data breach? What indemnification (if any) is provided due to data loss? Facility Security & Compliance Is the hosting facility SAS 70 II (Statement of Auditing Standards) compliant? If yes, how often is this compliance audited? How are you actively enforcing SAS 70 II controls& requirements in to your work processes?please answer in detail. Technology Project Questionnaire Page 13 of 14

Data Backup & Restore How is the County s data backed up? Where is the backup data being stored? How is the backup data stored? Is the data in raw files or encrypted format? Who has access to this backup data? What kind of point in time restores of the database are available? (e.g. Once a day? To the minute?) Business Continuity & Disaster Recovery What type of business continuity & disaster recovery options are available? Is this part of the standard services? Where are the DR (disaster recovery) data centers locations located? What type of infrastructure exists to replicate and synchronize data between the primary and DR data centers? Is this available in real-time, daily? If the primary environment is down? How quickly can the DR environment be made active either in the primary or the DR data center? Data Access and Portability How can WilliamsonCounty obtain copies of the data? What formats will the data be delivered in? How often can the County request copies of the data? Technology Project Questionnaire Page 14 of 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information