CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
COMMONWEALTH OF VIRGINIA
VIRGINIA DEPARTMENT OF SOCIAL SERVICES (VDSS)
FAMILY SERVICES DIVISION
801 EAST MAIN STREET
RICHMOND, VIRGINIA 23219
NOTE: This public body does not discriminate against faith-based organizations in
accordance with the Code of Virginia, §2.2-4343.1 or against a Supplier because of race,
religion, color, sex, national origin, age, disability, or any other basis prohibited by state law
relating to discrimination in employment.
VDSS is committed to increasing procurement opportunities for small and micro businesses,
including small or micro businesses that are owned by minorities, women, or disabled
veterans, strengthening the Commonwealth’s overall economic growth through the
development of its Suppliers.
REQUEST FOR PROPOSALS (RFP) FAM-17-041
for
Project Name: CCWIS Enterprise Mobile Software Solution
Issue Date: 5/12/2017
Due Date/Time: 6/20/2017, 4:00 PM Eastern
Single Point of Contact (SPOC): Robert Earley
Phone No: (804) 726-7182
E-mail Address: [email protected]
RFP NUMBER: FAM-17-041
VDSS
PAGE 1 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Table of Contents
1. INTRODUCTION
A.
B.
C.
D.
5
RFP OBJECTIVE AND PROJECT OVERVIEW
INNOVATION TO GOVERNMENT
VDSS OVERVIEW
GLOSSARY OF TERMS
5
6
6
6
2. PROPOSAL INSTRUCTIONS AND ADMINISTRATION
A. OVERVIEW
B. VIRGINIA PUBLIC PROCUREMENT ACT (VPPA)
C. ANTI-DISCRIMINATION- §2.2-4343(1)(E), §2.2-4310 AND §2.2-4311
D. ETHICS IN PUBLIC CONTRACTING - §2.2-4367
E. ANNOUNCEMENT OF AWARD - §2.2-4300 ET SEQ.
F. AUTHORIZED TO TRANSACT BUSINESS IN THE COMMONWEALTH - § 2.2-4311.2
G. PROHIBITED CONTRIBUTIONS AND GIFTS - § 2.2-4376.1
H. LIABILITY
I. NONDISCLOSURE
J. PROPRIETARY INFORMATION
K. FEDERAL ACCESS TO CONTRACT RECORDS - 45 CFR 95.615
L. FEDERAL LICENSE RIGHTS - 45 CFR 95.617
M. PROPOSAL PROTOCOL
N. SINGLE POINT OF CONTACT
O. PRE-PROPOSAL CONFERENCE
P. EVALUATION PROCESS
Q. EVALUATION FACTORS
TABLE 2.1 – MUST HAVE FACTORS
R. PROCUREMENT W EBSITE
S. TIMETABLE
TABLE 2.2 – RFP TIMETABLE
T. EVA REGISTRATION REQUIRED
U. EXCLUDED PARTIES LIST
3. PROPOSAL FORMAT
8
8
8
8
8
8
8
9
9
9
9
9
9
10
10
11
12
12
13
13
13
13
13
14
SUPPLIER'S PROPOSAL FORMAT
TABLE 3.1 – PROPOSAL FORMAT
14
14
4. PRESENT SITUATION
16
A. BACKGROUND INTRODUCTION
TABLE 4.1 – FUTURE CCWIS SYSTEM
FIGURE 4.1 – CONCEPTUAL FRAMEWORK OF FUTURE CCWIS SOLUTION
TABLE 4.2 - KEY MOBILITY CAPABILITIES
B. STAKEHOLDERS
C. CURRENT PLATFORM/ARCHITECTURE
FIGURE 4.3 – OASIS AND ARRIS ARCHITECTURE
FIGURE 4.4 – SDM ARCHITECTURE
FIGURE 4.5 – VEMAT ARCHITECTURE
D. CURRENT PROCESSES
E. CURRENT SACWIS/CCWIS COMPLIANCE
F. IDENTIFICATION OF DESIRED REENGINEERING COMPONENTS OF CURRENT SOLUTION
G. DATA AND/OR PROGRAMMING LANGUAGE
H. OTHER TECHNICAL ENVIRONMENT AND PROTOCOLS INFORMATION
5. FUNCTIONAL AND TECHNICAL REQUIREMENTS
A. PRODUCT SPECIFICATIONS AND STANDARDS – VITA REQUIRED
B. TRAINING REQUIREMENTS
RFP NUMBER: FAM-17-041
8
VDSS
16
16
17
18
19
19
19
20
21
21
22
22
22
22
24
25
26
PAGE 2 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C.
D.
E.
F.
G.
H.
I.
J.
K.
L.
M.
N.
O.
P.
Q.
R.
DEVICE REQUIREMENTS
GENERAL REQUIREMENTS
GPS REQUIREMENTS
OFFLINE REQUIREMENTS
RESOURCE HOME REQUIREMENTS
USER INTERFACE REQUIREMENTS
PROJECT MANAGEMENT REQUIREMENTS
DATA INTERFACE REQUIREMENTS
DATA INTEGRITY REQUIREMENTS
COMPATIBILITY REQUIREMENTS
REPORTING REQUIREMENTS
HOSTING REQUIREMENTS
MAINTENANCE REQUIREMENTS
DISASTER RECOVERY / REDUNDANCY REQUIREMENTS
SDLC ENVIRONMENT AND PROCESS REQUIREMENTS
SECURITY REQUIREMENTS
6. SUPPLIER PROFILE
27
27
31
32
33
33
34
35
36
37
37
38
39
40
41
43
61
A. SUPPLIER PROPOSAL COMPLIANCE
B. SUPPLIER CORPORATE OVERVIEW
C. FINANCIAL INFORMATION
D. FUTURE, LONG TERM VISION AND STRATEGIC PLANS
E. SUPPLIER EXPERIENCE LEVEL AND CUSTOMER REFERENCES
F. SYNOPSIS OR CASE STUDY OF RESULTS
G. PERFORMANCE STANDARDS METHODOLOGY
H. DISASTER RECOVERY/SECURITY PLAN
I. SERVICE AND SUPPORT MANAGEMENT
J. PROJECT TEAM
K. PROJECT SCHEDULE
TABLE 6.1 – SUGGESTED PROJECT DELIVERABLES
61
61
62
62
62
63
63
63
64
65
66
66
7. SUPPLIER PROCUREMENT AND SUBCONTRACTING PLAN
68
8. PRICING INFORMATION
69
9. VDSS STANDARD AGREEMENT
70
TABLE 9.1 – VDSS STANDARD AGREEMENT
70
10. PROJECT GOVERNANCE
72
FIGURE 10.1 – VDSS ORGANIZATION CHART
A. STEERING COMMITTEE
B. ROLES AND RESPONSIBILITIES OF STATE AND SUPPLIER PROJECT TEAMS
FIGURE 10.2 – PROJECT TEAMS
C. REPORTING REQUIREMENTS
D. DELIVERABLE REVIEW AND ACCEPTANCE
E. DELIVERABLE RETENTION
APPENDIX A – SERVICE LEVEL AGREEMENTS
TABLE A.1 - SLAS
72
72
73
73
75
75
75
76
76
APPENDIX B - SUPPLIER PROCUREMENT AND SUBCONTRACTING PLAN
78
TABLE B.1 - SW AM
79
APPENDIX C – PRICING
80
APPENDIX D – STATE CORPORATION COMMISSION FORM
81
APPENDIX E - SUPPLIER EXCEPTIONS TO VDSS CONTRACT TEMPLATE
82
RFP NUMBER: FAM-17-041
VDSS
PAGE 3 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
TABLE E.1 - SUPPLIER EXCEPTIONS TO VDSS CONTRACT TEMPLATE
82
APPENDIX F –ENTERPRISE CLOUD OVERSIGHT SERVICES (ECOS)
83
RFP NUMBER: FAM-17-041
VDSS
PAGE 4 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
1. INTRODUCTION
A. RFP Objective and Project Overview
The objective of this Request for Proposal (RFP) is to solicit proposals from qualified vendors
to enable the Virginia Department of Social Services (VDSS or the Department) and the 120
local departments of social services (LDSS) in Virginia to use mobile technology to enhance
and support documentation and data collection efforts and increase family engagement time
for LDSS Family Service Specialists (FSS) and Supervisors performing child welfare work
outside of their offices.
The goal of this RFP is to acquire and deploy a commercial off-the-shelf (COTS) enterprise
mobile software solution that supports a more effective use of FSS time by allowing them to
document and access sensitive case information, including sensitive, personally-identifiable
information (PII), regardless of the time of the day and their location to improve overall
productivity and provide operational efficiencies. A secondary gain will be the time FSS are
able to spend with children and families in the field rather than having to return to the office to
complete paperwork.
For the purposes of this RFP, “Supplier” shall mean any entity who submits a proposal in
response to this RFP. The Department is pursuing a statewide, enterprise agreement for this
solution.
The Department is seeking a solution that will provide for a configurable, COTS mobile
application that will run concurrently and interface with the Department’s current child welfare
information system, the Online Automated Services Information System (OASIS) along with
related databases. See Figure 4.3 for a schema of the current OASIS system.
The Department is open to Software as a Service (SaaS) or an on-premise Solution. The
Department is also open to Solutions that allow OASIS to be coupled with the Supplier’s
solution using an Application Program Interface (API) provided by the Supplier as part of the
Offering.
Timely proposals received in response to this RFP will be evaluated by the comprehensive
child welfare information system (CCWIS) evaluation team. Once the proposals have been
evaluated, the Department will be in a position to determine the best course of action.
Although it is our intent to accomplish substantial improvements and cost efficiencies as the
result of this project, the Department may determine that no change is warranted at this time.
The expectation is this effort will result in the establishment of a contract that will provide the
means to satisfy the majority of the Department’s immediate and future CCWIS Enterprise
Mobile Software needs through one or more contract(s).
Alliances among Suppliers are acceptable to meet the requirements of this procurement.
However, the Department is interested in simplifying processes by having a single point of
interface wherever possible.
Section 5 sets forth the solution detailed requirements. The Department reserves the right to
adjust the requirements or scope of this RFP. In the event that any modifications become
necessary, an amendment to this RFP will be posted on eVA.
The project scope includes implementation of an on-premise Solution or a Solution that will
result in a cloud-based service delivery model. The supplier must provide detailed plans for
all phases of the project including training and implementation and configuration of all parts of
the proposed solution including Mobile Device Management (MDM) or Mobile Application
Management (MAM).
RFP NUMBER: FAM-17-041
VDSS
PAGE 5 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
B. Innovation to Government
The Commonwealth encourages Suppliers to bring innovative ideas and/or solutions to
government—ideas that result in cost and operational efficiencies or improvements while
enhancing the services that governments provide its citizens.
C. VDSS Overview
The Virginia Department of Social Services is one of the largest agencies in the
Commonwealth of Virginia (COV or the State) and is designated with supervising the state’s
social services programs in accordance with the Code of Virginia, Title 63.2 Welfare (Social
Services). In this role, the Department’s goal is to promote the well-being of the citizens of
Virginia through the delivery of essential services and benefits to ensure families are
strengthened, and individuals achieve their highest level of self-sufficiency.
The Commonwealth of Virginia Social Services system is state-supervised and locallyadministered social services system. Providing oversight and guidance to 120 local offices
across the state, the Department delivers a wide variety of services and benefits to over 1.6
million Virginians each year.
The Department partners with LDSS that are charged with implementing social services
programs and providing direct benefits and services to citizens and residents in their
communities. In addition to partnering with local departments of social services, the
Department works in collaboration with other State Agencies, advocacy groups, faith-based
entities and non-profit organizations to promote the well-being of children and families
statewide.
The Department’s mission is: People helping people triumph over poverty, abuse and neglect
to shape strong futures for themselves, their families and communities.
D. Glossary of Terms
Acronym
Definition
ACF
Administration of Children and Families
AFCARS
Adoption and Foster Care Analysis and Reporting System
API
Application Program Interface
AREVA
Adoption Resource Exchange of Virginia
ARRIS
Adoption Resource and Research Information System
CCWIS
Comprehensive Child Welfare Information System
CIO
Chief Information Officer
COTS
Commercial Off The Shelf
COV
Commonwealth of Virginia
CPS
Child Protective Services
CQI
Continuous Quality Improvement
CRM
Customer Relationship Management
DES
Division of Enterprise Systems
DIS
Division of Information Systems
ECOS
Enterprise Cloud Oversight Services
EDRMS
Electronic Document and Record Management System
FSS
Family Services Specialist
GPS
Global Positioning System
RFP NUMBER: FAM-17-041
VDSS
PAGE 6 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
IAOC
Internal Agency Oversight Committee
ICAMA
Interstate Compact on Adoption& Medical Assistance
ICPC
Interstate Compact on the Placement of Children
ID
Identification Number
IP
Internet Protocol
ISDN
Integrated Services Digital Network
ISO
Information Security Officer
ISRM
Information Security and Risk Management
IT
Information Technology
ITIL
Information Technology Infrastructure Library
ITIM
Information Technology Investment Management
LAN
Local Area Networks
LDSS
Local Departments of Social Services
MAM
Mobile Application Management
MDM
Mobile Device Management
NCANDS
National Child Abuse and Neglect Data System
NG
Northrop Grumman
NYTD
National Youth in Transition Database
OASIS
Online Automated Services Information System
PII
Personally Identifiable Information
QA
Quality Assurance
RFP
Request for Procurement
RTO
Recovery Time Objective
SaaS
Software as a Service
SACWIS
Statewide Automated Child Welfare Information System
SDLC
Systems Development Life Cycle
SDM
Structured Decision Making
SOA
Service Oriented Architecture
SOR
System of Record
SPIDeR
Systems Partnering in a Demographic Repository
VA
Virginia
VaCMS
Virginia Case Management System
VDSS
Virginia Department of Social Services
VEMAT
Virginia Enhanced Maintenance Assessment Tool
VITA
Virginia Information Technologies Agency
VPN
Virtual Private Network
WAN
Wide Area Networks
WBS
Work Breakdown Structure
RFP NUMBER: FAM-17-041
VDSS
PAGE 7 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
2. PROPOSAL INSTRUCTIONS AND ADMINISTRATION
A. Overview
This RFP was developed to provide potential Suppliers with the information required to
prepare proposals. This section outlines the administrative procedures and guidelines for
preparing a proposal. Nothing in this RFP constitutes an offer or an invitation to contract.
B. Virginia Public Procurement Act (VPPA)
This RFP is governed by the VPPA, § 2.2-4300 et seq. of the Code of Virginia, and other
applicable laws.
C. Anti-Discrimination- §2.2-4343(1)(E), §2.2-4310 and §2.2-4311
By submitting their proposals, Suppliers certify to the Commonwealth that they will conform to
the provisions of the Federal Civil Rights Act of 1964, as amended, as well as the Virginia
Fair Employment Contracting Act of 1975, as amended, where applicable, the Virginians With
Disabilities Act, the Americans With Disabilities Act and §2.2-4311 of the Virginia Public
Procurement Act.
D. Ethics in Public Contracting - §2.2-4367
By submitting their proposals, Suppliers certify that their proposals are made without
collusion or fraud and that they have not offered or received any kickbacks or inducements
from any other bidder, Supplier, manufacturer or subcontractor in connection with their
proposal, and that they have not conferred on any public employee having official
responsibility for this procurement transaction any payment, loan, subscription, advance,
deposit of money, services or anything of more than nominal value, present or promised,
unless consideration of substantially equal or greater value was exchanged.
E. Announcement of Award - §2.2-4300 et seq.
Upon the award or the announcement of the decision to award a contract, as a result of this
solicitation, the purchasing agency will post such notice on the DGS/DPS eVA web site
(http://www.eva.virginia.gov) for a minimum of 10 days. No award decision will be provided
verbally. Any final contract, including pricing, awarded as a result of this RFP shall be made
available for public inspection.
F. Authorized to Transact Business in the Commonwealth - § 2.2-4311.2
Any Supplier that is organized as a stock or nonstock corporation, limited liability company,
business trust, or limited partnership or registered as a registered limited liability partnership
shall be authorized to transact business as a domestic or foreign business entity if so
required by Title 13.1 or Title 50 of the Code of Virginia or as otherwise required by law.
Supplier is to include with its proposal either (i) Supplier’s identification number issued to it by
the State Corporation Commissioner (ii) a statement explaining why Supplier is not required
to be registered. No award can be made to a Supplier without this information unless this
requirement is waived. Appendix D of this solicitation includes a space for Supplier to provide
the information required in (i) or (ii) of this subsection.
G. Prohibited Contributions and Gifts - § 2.2-4376.1
No Supplier who submits a proposal in response to this solicitation, and no individual who is
an officer or director of the Supplier, shall knowingly provide a contribution, gift, or other item
with a value greater than $50 or make an express or implied promise to make such a
contribution or gift to the Governor, his political action committee, or the Secretary of
Technology during the period between the submission of the proposal and the award of any
resulting contract award with an expected value of $5 million or more dollars.
RFP NUMBER: FAM-17-041
VDSS
PAGE 8 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H. Liability
The issuance of this document and the receipt of information in response to this document
will not cause the Department to incur any liability or obligation, financial or otherwise, to any
Supplier. The Department assumes no obligation to reimburse or in any way compensate a
Supplier for expenses incurred in connection with its proposal.
I. Nondisclosure
All proposal information will be treated as confidential prior to contract award and will not be
disclosed except as required by law or by court order.
J. Proprietary Information
The Department reserves the right to use information submitted in response to this document
in any manner it may deem appropriate in evaluating the fitness of the solution(s) proposed.
Ownership of all data, materials, and documentation originated and prepared for VDSS
pursuant to the RFP shall rest exclusively with the Department and shall be subject to public
inspection in accordance with the §2.2-4342 of the Virginia Public Procurement Act and the
Virginia Freedom of Information Act.
Trade secrets or proprietary information submitted by a Supplier in connection with a
procurement transaction or prequalification application submitted pursuant to subsection B of
§2.2-4317 shall not be subject to the Virginia Freedom of Information Act (§ 2.2- 3700 et
seq.) if the Supplier:
i). invokes the protections of this section in writing prior to or upon submission of the data or
other materials,
ii). identifies specifically the data or other materials to be protected, and
iii). states the reasons why protection is necessary.
FAILURE TO COMPLY WILL RESULT IN THE DATA OR OTHER MATERIALS BEING
RELEASED TO SUPPLIERS OR THE PUBLIC AS PROVIDED FOR IN THE VIRGINIA
FREEDOM OF INFORMATION ACT.
The Supplier should provide as a separate appendix to its proposal a list of all pages in the
proposal that contain proprietary information and the reason it deems such information
proprietary. The classification of an entire proposal as proprietary or trade secret is not
acceptable.
K. Federal Access to Contract Records - 45 CFR 95.615
The Supplier agrees to allow the federal government access to records related to this RFP
and subsequent contract in accordance with 45 CFR 95.615 – Access to Systems and
Records.
L. Federal License Rights - 45 CFR 95.617
The Supplier agrees to grant ownership rights of all materials produced under this RFP and
subsequent contract to federal, state and local governments in accordance with 45 CFR
95.617 – Software and Ownership Rights. Proprietary operating/vendor software packages
which are provided at established catalog or market prices and sold or leased to the general
public shall not be subject to the ownership provisions as provided via this subsection.
M. Proposal Protocol
In order to be considered for selection, a Supplier is to submit a complete response to this
RFP no later than 4:00 PM local time on the date specified on the cover page of this RFP.
Two (2) original hardcopy proposals should be bound with tabs delineating each section.
Pricing should be submitted in a separate binder.
RFP NUMBER: FAM-17-041
VDSS
PAGE 9 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
In addition to the two original hardcopies, proposals must be uploaded into the eVA VBO application
by the due date and time stated on the cover of this RFP. Pricing should be submitted in a separate
file. If Supplier’s proposal contains trade secrets or proprietary information, a separate redacted
version of their proposals should be submitted with its original submission. Suppliers should invoke
the protections of § 2.2-4317 of the Code of Virginia and state the reason the information should be
held from public disclosure. The redacted proposal file uploaded into the eVA VBO application should
be clearly identified by the file name. No other distribution of the proposal shall be made by the
Supplier. To submit a proposal into eVA, Suppliers must be registered with eVA. Vendors may selfregister at www.eva.virginia.gov.
Hard copy proposals should be submitted to the following location:
To: Virginia Department of Social Services (VDSS)
ATTN: Robert Earley
801 E. Main Street
Richmond, VA 23219
All proposal materials are to be provided in either Microsoft Word or Excel, as specified.
A proposal submitted for consideration should be clearly marked on the outside cover of all
envelopes, boxes or packages with the following:
Name of Supplier
Street Address or P.O. Box Number
City, State, Zip Code
RFP FAM-17-041
The proposal is to be signed by an authorized representative of the Supplier.
Proposals should be prepared and organized as indicated in Section 3, Proposal Format,
providing a concise description of capabilities to satisfy the requirements of the RFP.
Emphasis should be placed on completeness and clarity of content.
Supplier should be prepared to incorporate all statements made in its proposal in response to
Sections 5, 6, 7, 8, and 9 into the final contract. Any and all information that Supplier is
unwilling to incorporate into a final contract must be marked in BOLD CAPS. Suppliers
should suggest alternative language for any language they do not wish to accept.
N. Single Point of Contact
Submit all inquiries concerning this RFP in writing by email, subject: “Questions on RFP No.
FAM-17-041 to:
SPOC: Robert Earley
Email: [email protected]
VDSS cannot guarantee a response to questions received less than five (5) days prior to the
proposal due date. No questions will be addressed orally.
To ensure timely and adequate consideration of proposals, Suppliers are to limit all
contact, whether verbal or written, pertaining to this RFP to the designated SPOC for the
duration of this proposal process.
O. Pre-Proposal Conference
There will be an optional pre-proposal conference held on the date specified in Table 2.2 in
Section 2.S. The pre proposal conference is open to all interested Suppliers and you are
encouraged to attend. There will be no opportunity for a private or individual tour or
presentation.
RFP NUMBER: FAM-17-041
VDSS
PAGE 10 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Suppliers are encouraged to submit pre-proposal questions in writing at least 72 hours prior to the
pre-proposal conference. These questions will be answered as part of the pre-proposal conference as
time allows. Answers provided orally at the pre-proposal conference are not binding and are intended
to give temporary guidance to clarify uncertainties until a written answer is issued by the Department
in the form of an RFP Addendum.
To participate in the pre-proposal conference, register with Robert Earley at
[email protected] by sending an email stating the name of the Supplier and
Supplier’s participating representative(s). It is strongly recommended that Supplier register
with Robert Earley not later than 4:00 pm local time on the day prior to the conference.
If significant questions remain after the Pre-Proposal Conference is held, at the sole
discretion of the Department, a Pre-Proposal Teleconference may be scheduled. Details will
be shared by the SPOC at such time if one is scheduled.
P. Evaluation Process
The Department will review each proposal received by the due date and time to determine
whether it meets the Must Have (M) factors of this RFP. All Must Have factors are evaluated
on a met-or-not-met basis. Any proposal that does not meet all of the Must Have factors will
be set aside and receive no further consideration.
The proposals that meet all the Must Have criteria will be distributed to the evaluation team
who will assess and score each Supplier’s response to Sections 5, 6, 7, 8 and 9 of the RFP
based on a review of the submitted materials.
The Department may elect to continue the evaluation of the most qualified proposal(s) and
may request that Suppliers clarify or explain certain aspects of their proposals in writing
and/or at oral presentations.
A numerical scoring system will be used in evaluation of proposals. The point values
assigned to each of the evaluation criteria shall be posted in eVA prior to the due date and
time for receiving proposals.
At any point in the evaluation process the Department may employ any or all of the following means
of evaluation:











Reviewing industry research
Supplier presentations
Site visits
Supplier’s status as a small business or micro business, including small or micro businesses
that are owned by minorities, women, or disabled veterans, and certified by the Department
of Small Business and Supplier Diversity (DSBSD)
Supplier’s planned amount of spend with certified SWaM or micro business subcontractors,
and Non-SWaM businesses.
Contacting Supplier's references
Product demonstrations/pilot tests/detailed demonstrations
Review of pricing
Review qualifications of key personnel
Interviewing key personnel
Requesting Suppliers elaborate on or clarify specific portions of their proposal, including, as
applicable, any responses to the RFP’s security requirements
The Department may limit all of the above to the most qualified proposals. No Supplier is
guaranteed an opportunity to explain, supplement or amend its initial proposal. Suppliers
should submit their best proposals and not assume there will be an opportunity to negotiate,
amend or clarify any aspect of their initial submitted Proposals. Therefore, each Supplier is
encouraged to ensure that its initial proposal contains and represents its best offering.
RFP NUMBER: FAM-17-041
VDSS
PAGE 11 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
The Supplier should be prepared to conduct product demonstrations, pilot tests,
presentations or site visits at the time, date and location of the Department’s choice, should
the Department so request.
The Department will select for negotiation those proposals deemed to be fully qualified and
best suited based on the factors as stated in the RFP. Negotiations will be conducted with
these Suppliers. After negotiations, the Department may select the proposal(s) which, in its
opinion, is the best proposal(s) representing best value and may award a contract to that
Supplier(s). For purposes of this RFP, the Department will determine best value based on the
value relative to the cost of the Solution, giving consideration to the project's budget
objectives.
This RFP includes requirements for cloud services (Software as a Service), therefore, to be
awarded a contract an assessment will be conducted by VITA based on Supplier’s responses
to Attachment F of the RFP, Standard Form 1-003: ECOS Assessment. Supplier should
ensure that before submitting its proposal it has provided sufficient and complete responses
to reduce the need for additional information.
If any Supplier fails to provide the necessary information for negotiations in a timely manner,
or fails to negotiate in good faith, the Department may terminate negotiations with that
Supplier at any time.
The Department reserves the right, at its sole discretion, to reject any proposal or cancel and
re-issue the RFP. In addition, the Department reserves the right to accept or reject in whole
or in part any proposal submitted, and to waive minor technicalities when in the best interest
of the Commonwealth.
VDSS SHALL NOT BE CONTRACTUALLY BOUND TO ANY SUPPLIER PRIOR TO THE
EXECUTION OF A DEFINITIVE WRITTEN CONTRACT.
Q. Evaluation Factors
The evaluation factors involved in this RFP are as follows:
i.
Must Have (M) factors identified in Table 2.1 below:
Table 2.1 – Must Have Factors
No.
ii.
Must Have (M) Factors
1
(M) Proposal must be received by the due date and time. No late proposals will be
reviewed.
2
(M) Supplier must offer a mobile software solution that functions when online and
offline. The solution must synchronize data between the mobile device and OASIS
when the mobile device becomes active after being offline.
3
(M) Supplier must offer a mobile solution that allows users to complete forms and
use assessment tools in the field, either online or offline, which can be both uploaded
to the system of record and securely emailed to clients.
4
(M) Supplier must perform all work within the United States of America.
The extent to which the Supplier’s proposal satisfies the requirements identified in Section 5
and Section 9.
iii. Supplier’s viability and past performance (see Section 6 – Supplier Profile). This will include
Supplier’s diligence and thoroughness in following and completing the requirements of this
solicitation.
RFP NUMBER: FAM-17-041
VDSS
PAGE 12 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
iv. Supplier’s status as a DSBSD-certified small business or micro business, including small
businesses or micro businesses that are owned by minorities or women, and Supplier’s
proposed Supplier Procurement and Subcontracting Plan (see Section 7).
v.
Cost which may include submitted price, negotiated price, discounted price, total cost of
ownership, etc.
R. Procurement Website
The Commonwealth of Virginia's procurement portal, http://www.eva.virginia.gov, provides
information about Commonwealth solicitations and awards. Suppliers are encouraged to
check this site on a regular basis and, in particular, prior to submission of proposals to
identify any amendments to the RFP that may have been issued.
S. Timetable
Table 2.2 – RFP Timetable
Activity
Target Completion Date
RFP posted to eVA
05/12/2017
Registration for pre-proposal conference due
to VDSS
Supplier pre-proposal conference
05/22/2017; 4:00 PM
Deadline for all questions
06/13/2017 5:00 PM
Proposals due
6/20/2017 4:00 PM
Presentations and site visits (should VDSS
elect)
Contract(s) awarded
July 2017
05/23/2017: 10:00 AM
TBD
The timetable above is provided for planning purposes only.
T. eVA Registration Required
By the date of award, the selected Supplier(s) is required to be registered and able to accept
orders through eVA. If a Supplier is not registered with eVA, select the Vendor tab at the
following website, http://www.eva.virginia.gov , for registration instructions and assistance.
U. Excluded Parties List
Your organization, all affiliates and all subcontractors may not be awarded a contract if they
are excluded on the federal government’s System for Award Management (SAM) at
www.sam.gov or the Commonwealth of Virginia’s Debarment List as provided by Code of
Virginia §2.2-4321 at the time of award.
RFP NUMBER: FAM-17-041
VDSS
PAGE 13 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
3. PROPOSAL FORMAT
Suppliers are to adhere to the specific format set forth in Table 3.1 below to aid the evaluation team in its
efforts to evaluate all proposals fairly and equitably. Proposals that deviate from the requested format will
require additional time for review and evaluation. The Department may reject any proposal that is not in
the required format, or does not address all the requirements of this RFP.
Proposals should be written specifically to answer this RFP. General “sales” material should not be used
within the body of the proposal and any additional terms or conditions on the “sales” material will be
considered invalid. If desired, Supplier may attach such material in a separate appendix. It is essential
that the proposal be thorough and concise. Supplier should avoid broad, unenforceable, or immeasurable
responses and should include all requested information in each section as indicated below.
To facilitate the Department’s review of the submitted proposals, Suppliers are to provide the requested
information in the following format. SUPPLIER SHOULD PLACE ITS NAME, not “VDSS”, IN EACH FILE
NAME (e.g., ABC Corp No Name Transmittal.doc).
Supplier's Proposal Format
By submitting a proposal, Supplier certifies that all information provided in response to this RFP is true
and accurate.
Responses are limited to 300 pages in total. Each section of the response does not have a specific
page limit. Any and all information submitted beyond the overall total page limit will not be reviewed or
evaluated. The following items are excluded from the 300-page limit:
(i) Resumes (which are limited to two (2) pages each);
(ii) Required Attachments and Appendices;
(iii) Financial Statement and Documentation; and,
(iv) Supplier’s Pricing Proposal.
Table 3.1 – Proposal Format
Section Title
Contents/Deliverables (Each a separate file)
Transmittal
A signed cover letter, identifying the individuals
authorized to negotiate on behalf of the Supplier and
their contact information. A copy of a completed eVA
registration confirmation.
Top level summary of the most important aspects of the
proposal, containing a concise description of the
proposed solution(s). Requested limitation: 2 pages.
Supplier’s response by item in the tables set forth in
Section 5, clearly identifying and detailing the proposed
Solution, and any processes, methodologies, and
resources required by the Solution type defined in
Section 5.
Pursuant to Section 6.
Pursuant to Section 7 and Appendix B.
Executive
Summary
Detailed
Description of
Proposed
Solution(s)
Supplier Profile
Supplier
Procurement and
Subcontracting
Plan
RFP NUMBER: FAM-17-041
VDSS
PAGE 14 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Section Title
Contents/Deliverables (Each a separate file)
Contracts
Any comments or edits regarding the Department’s
proposed contractual terms and conditions pursuant to
Section 9, provided and submitted in the completed table
from Appendix E.
Should include Appendix A – Service Level
Agreement(s) (SLAs). Should include Appendix D, the
completed State Corporation Commission form. Any
optional information Supplier may wish to submit, not
including pricing data.
Detailed pricing as specified in Section 8 and Appendix
C. Submitted in a separate envelope for the hard copy
file. Do not include any pricing data in any other section
of your proposal.
Fully redacted proposal.
Appendices
Pricing
Redaction
RFP NUMBER: FAM-17-041
VDSS
PAGE 15 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
4. PRESENT SITUATION
A. Background Introduction
1. Current Situation –
Virginia social services agencies rely heavily on the functionality of and information
maintained in several in-house Legacy Systems: the Online Automated Services Information
System (OASIS); the Structured Decision Making (SDM) Tool; the Adoption Resource and
Research Information System (ARRIS); and the Virginia Enhanced Maintenance Assessment
Tool (VEMAT).
OASIS, the primary application and system of record was a transfer solution from the State of
Oklahoma. The transferred system, Oklahoma’s KIDS, was customized to meet Virginia’s
needs and launched as OASIS in 1997. At the time of the transfer and initial implementation,
OASIS supported only the Adoption and Foster Care programs. Since 2000, OASIS has been
used to support Child Protective Services (CPS) Intake, Investigations and Ongoing Case
Management along with Independent Living and Prevention and Provider Management.
OASIS interfaces with the SDM Tool and ARRIS, while VEMAT is utilized as a stand-alone
application. The web-based SDM Tool is used as an assessment instrument to formalize
Child Protective Service Intake, Safety, and Risk business rules. ARRIS, a client-server
application, is utilized by the Division of Family Services (DFS) staff to track finalized
adoptions and interstate placements. VEMAT, a web-based application, is used by both
VDSS and LDSS staff to assess a child’s level of need for additional daily support and
supervision.
2. Justification for Change –
The goal of the Department is to promote the well-being of the citizens of Virginia through the
delivery of essential services and benefits to ensure families are strengthened and individuals
achieve their highest level of self-sufficiency. Current in-house applications fall short of the
Department’s vision of integrated and coordinated child welfare services. In addressing this
limitation and the other challenges and shortcomings posed by the existing applications, the
Department is committed to acquiring a system(s) that will meet the Administration of
Children and Families (ACF) federally-prescribed CCWIS requirements, conform to the
Commonwealth of Virginia and the Department’s enterprise architecture standards, and
effectively align with the Virginia Local Government and State Child Welfare Program practice
requirements.
As part of a multi-year plan, the Department requires a CCWIS-compliant system that
includes the following functionalities:
Table 4.1 – Future CCWIS System
Future CCWIS System
Seamless interface for mobile device access;
Electronic Document and Record Management System (EDRMS);
Intake Management (Intake, Screening, Investigation, Assessment);
Foster Care Prevention;
Eligibility - Title IV-E and Other Programs (Initial Eligibility Determination,
Maintaining Ongoing Eligibility Requirements);
Case Management (Service/Case Plan, Case Review/Evaluation, Monitoring
RFP NUMBER: FAM-17-041
VDSS
PAGE 16 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Service/Case Plan Service);
Resource Parent Management (Facility Support, Foster/Adoptive Homes
Support, Resource Directory Management, Contract Support);
Court Processing (Court Documents, Notifications, Tracking, Indian Child
Welfare Act, Sex Trafficking);
Financial Management (Payment Accounts, Payment Processing, Special
Welfare Accounts, Requisition and Approval Flow);
Universal Client ID;
E-signature Capability;
Report Services (real-time, monthly, quarterly, annual, and ad hoc reporting);
Case Management Assessment Tools [Structured Decision Making (SDM);
Family Strength & Needs Assessment (FSNA); Virginia Enhanced Maintenance
Assessment Tool (VEMAT); and the Child and Adolescent Needs and
Strengths (CANS)]; and,
Seamless interface for external stakeholder access (Foster/Adoptive Parents,
Foster Youth/Alumni, Families Receiving Services, Service Providers).
3. Conceptual Framework Diagram of the Future CCWIS Solution –
Figure 4.1 – Conceptual Framework of Future CCWIS Solution
RFP NUMBER: FAM-17-041
VDSS
PAGE 17 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
4. Enterprise Mobile Software Solution –
The platform of the current child welfare system is not able to support users or the
Department’s mobile needs. It is not web-enabled and users must be on a VITA network or a
VPN to access OASIS. The type of work done by FSS in the field necessitates the use of
mobile devices, such as cell phones and tablets, to complete their assignments when away
from their agency. Providing them a mobile solution will help to ensure timely, accurate
reporting and will reduce the delay in timely data-entry caused by only having the ability to
enter the information into the system while in the formal office setting. A Solution that
synchronizes with the existing OASIS database (Oracle 12.c) is necessary to allow
individuals access to the system to retrieve existing records and store newly obtained
information. OASIS will remain the system of record.
The Solution will be deployed on mobile devices and allow LDSS staff to work efficiently from
the field. The Solution will provide LDSS workers with tools and information to support their
productivity and allow them to maximize their time away from the office and engage more
deeply with children and families to improve outcomes. The Solution will function in online
and offline modes, integrate with other agency systems such as the SDM tool and a future
EDRMS expected to be in place by the end of 2018.
The data captured, used, kept and managed in the mobile software solution is deemed
sensitive in nature. As such, the sensitive data must be protected and secured in such a way
as to comply with Commonwealth Security requirements and standards.
While Section 5 has detailed requirements, the key requirements for a mobile software
solution include:
Table 4.2 - Key Mobility Capabilities
Key Mobility Capabilities
A Department-supplied tablet or smart phone that can connect to both Wi-Fi and
cellular service;
Capability to enter case notes with the native keyboard, Bluetooth keyboard, voiceto-text or with a stylus;
Capability to utilize and record information while offline that is then synced when
the user returns to online mode;
Capability to capture, store and access photos of individuals or environments
associated with a case;
Capability to capture electronic signatures;
Capability to access existing case notes, service plans, investigations and
demographic information;
Capability to complete safety and risk assessment tools while in a client’s home;
and
Capability to create safety plans and then email to a client either while in a client’s
home or when returning to online status.
RFP NUMBER: FAM-17-041
VDSS
PAGE 18 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
B. Stakeholders
1. Users –
The primary users of the CCWIS Enterprise Mobile Software Solution will be the 2400 FSS
and 450 Supervisors who work for the 120 LDSS. These FSS and Supervisors range in
experience from newly hired to over 40 years of field work. While some are digital natives,
many have limited exposure to smart phones or tablets and consideration for varied training
needs should be addressed by the Supplier when responding to Training Requirements listed
in Section 5.
2. Owners –
The Department shall be considered the Business Owner for the purposes of any contract
resulting from this RFP. Additional details about Project leadership and governance can be
found in Section 10.
3. Developers –
The Department currently employs three in-house PowerBuilder developers to maintain and
update OASIS and ARRIS. A fourth PowerBuilder developer handles production tickets.
VEMAT and SDM are maintained and updated by an in-house Java developer. The Oracle
database instance is supported by a team of in-house developers and DBA’s.
4. Information Security –
The VDSS Division of Information Security and Risk Management and VDSS Local Security
Officers administer security over users of VDSS systems. The solution provided must include
an interface with the departments Access Control System of record and allow Security
Officers to maintain access and privileges.
C. Current Platform/Architecture
1. OASIS and ARRIS Deployment View Architecture –
Figure 4.3 – OASIS and ARRIS Architecture
`
OASIS and ARRIS Clients
(PowerBuilder v12.6)
SAN
OASIS
Database Instance
(Oracle 12c)
`
OASIS and ARRIS Clients
(PowerBuilder v12.6)
RHEL 6.5
Oracle LDAP
(OUD)
To-Be

Note: Arrow indicates the direction of the request. Request data flow is bi-directional.

OASIS and ARRIS are two separate client-server application. ARRIS uses its own database.

Clients: (QTY 2850)
o Software: PowerBuilder v12.6
Database:
o Software: Oracle 12c RAC (not all Database Nodes are depicted in diagram)

RFP NUMBER: FAM-17-041
VDSS
PAGE 19 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
2. SDM Deployment View Architecture –
Figure 4.4 – SDM Architecture
SDM Deployment View Architecture
SDM App Server
Cluster
SDM Web Server
Cluster
SDM Database
RAC
IBM Websphere
Server 1 (v 8.5)
`
https
Web browser
on desktop
https
IBM Http
Server 1 (v 8.5)
https
jdbc
Oracle RAC Node 1
(Oracle 12c)
IBM Websphere
Server 2 (v 8.5)
ACE
LoadBalancer
Balancer
F5 Load
SAN
https
`
Web browser
on desktop
Oracle RAC Node 2
(Oracle 12c)
IBM Http
Server 2 (v 8.5)
IBM Websphere
Server 3 (v 8.5)
RHEL 6.5 VMs on
VMWare
RHEL 6.5 VMs on
VMWare
ldaps
RHEL 6.5 on
Physical Servers
Oracle LDAP
(OUD)
To-Be

Note: Arrow indicates the direction of the request. Request data flow is bi-directional.

SDM is a browser based application but is launched from OASIS application on the user’s desktop.

SDM uses OASIS database, specifically the same schema but different tables within that schema.
RFP NUMBER: FAM-17-041
VDSS
PAGE 20 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
3. VEMAT Deployment View Architecture –
Figure 4.5 – VEMAT Architecture
VEMAT App
Server Cluster
VEMAT Web
Server Cluster
VEMAT Database
RAC
IBM Websphere
Server 1 (v 8.5)
`
https
Web browser
on desktop
https
IBM Http
Server 1 (v 8.5)
https
jdbc
Oracle RAC Node 1
(Oracle 12c)
IBM Websphere
Server 2 (v 8.5)
ACE
LoadBalancer
Balancer
F5 Load
SAN
https
`
Web browser
on desktop
Oracle RAC Node 2
(Oracle 12c)
IBM Http
Server 2 (v 8.5)
IBM Websphere
Server 3 (v 8.5)
RHEL 6.5 VM on
VMWare
ldaps
RHEL 6.5 on
Physical Servers
RHEL 6.5 VM on
VMWare
“As-Is” – OpenLDAP
“To-Be” – OracleLDAP (OUD)




Note: Arrow indicates the direction of the request. Request data flow is bi-directional.
Web Server: (QTY 2)
o Software: IBM HTTP Server v8.5
Application Server: (QTY 3)
o Software: IBM WebSphere Application Server v8.5
Database: (QTY 2)
o Software: Oracle 12c RAC
D. Current Processes
The Department’s in-house staff provides the on-going maintenance and support for the existing
child welfare systems. Waterfall SDLC model is followed to make changes to the applications.
While critical bug fixes are deployed at the earliest opportunity, enhancements and non-critical
bug fixes are worked under a project and released at a scheduled date.
A typical in-house project for web based applications consists of a project manager, business
analyst(s), developer(s) and an application architect. Business analysts work with the business
users to gather functional requirements and also consult with the application architect to know the
feasibility of implementing certain requirements using the approved tools and technologies. The
application architect reviews the functional requirements, lays out the overall architecture taking
into account both the functional and non-functional requirements, provides the WBS, and reviews
the application design. The database administrator(s) reviews the data model and provides
support for the database related activities.
RFP NUMBER: FAM-17-041
VDSS
PAGE 21 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
During implementation, application architect guides the developers on design, ensures
compliance with the prescribed architecture, assists in resolving technical issues, and provides
clarification on requirements. Developers implement the functionality and perform unit testing on
the local machines. Once all the modules from other developers are ready for integration, the
application is deployed and tested by the developers on the System Integration Test (SIT)
environment. Then the changes are moved to the Quality Assurance Testing (QAT) for business
analysts followed by a deployment on the User Acceptance Testing (UAT) for end user testing.
Training to the end users can be provided on a separate training environment.
E. Current SACWIS/CCWIS Compliance
While Virginia’s array of child welfare information systems is not SACWIS compliant, it is our
intention to become fully CCWIS compliant over the next several years. The first of several RFP
efforts to obtain CCWIS compliance is this Mobile Software Solution RFP.
F. Identification of Desired Reengineering Components of Current Solution
The proposed solution will function with and be optimized for the existing Oracle (12.c) servers
used to store OASIS and SDM records. The solution must abide by ANSI SQL standards.
G. Data and/or Programming Language
Current child welfare systems have a mix of technologies and programming languages. OASIS
and ARRIS use PowerScript and SQL whereas SDM and VEMAT use Java, JavaScript and SQL.
Data in Child Welfare Systems are highly sensitive. It contains PII information like SSN, Date of
Birth, and both First and Last Names. The mobile solution will primarily interface with the OASIS
database to display sensitive information in a secure manner.
To ensure the protection of the data at rest, data in the Oracle database is encrypted using
Oracle’s Transparent Data Encryption (TDE). TLS 1.2 is used to secure the channel between the
browser and the web server for VEMAT and SDM.
VEMAT uses an enterprise-wide common authentication repository, Open LDAP, to verify user’s
login credentials whereas OASIS, SDM and ARRIS use Oracle’s native database authentication
for login. The Department is in the process of migrating from Open LDAP to Oracle LDAP (OUD)
and making changes to the Oracle database that will allow the users to use LDAP credentials to
login to OASIS, SDM and ARRIS.
OASIS, ARRIS and SDM stores the authorization data (i.e. roles) in their respective databases.
VEMAT retrieves the role data from Oracle LDAP.
The Division of Information Systems’ (DIS) strategic direction is to develop and maintain n-tier
Java/JEE (JSF, EJB, and JPA) based web applications that run on the IBM WebSphere
Application Server and supported by an Oracle database on the backend.
H. Other Technical Environment and Protocols Information
The Department does not have a separate API that can be used for this product. The supplier’s
solution should interface with LDAP and Oracle databases using standards based protocols like
LDAPS and JDBC/ODBC respectively.
The following environments are available for the four child welfare systems:
Development: In-house developers use laptops to develop code and perform unit testing. They
connect to a development database hosted on a separate Linux server.
System Integration Testing (SIT): All modules of an application are compiled and deployed on the
SIT environment. Developers use this environment to test if interactions between all the modules
within the application and interactions with internal as well as external services are working. This
environment is primarily used by the developers to test the application on the Linux servers
before handing it over to the business analysts in QAT.
RFP NUMBER: FAM-17-041
VDSS
PAGE 22 OF 83
CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Quality Assurance Testing (QAT): This environment is used by the business analysts to test the
functionality of the applications. The business analysts play the role of a tester to execute the test
scripts, record results and report any defects to the developers using IBM Rational Jazz Change
Control Management. Developers will try to re-produce the problem in Development or SIT, fix
the code in Development, deploy to SIT and then to QAT. Regression testing is also done in this
environment.
User Acceptance Testing (UAT): An environment for business users to test the application. This
environment is similar to production.
Training (Pre-Production): This environment is to provide training to the end users of the system
before the system is released to production.
Performance: Performance testing is conducted in this environment. It is used by the Developers
and the Application Architects.
Staging: This environment is identical to production. The project team usually develops a
deployment plan that includes the processes to follow to release an application into production.
Necessary artifacts like the Enterprise Application Resource (EAR) file, Data Manipulation
Language (DML) scripts, Data Definition Language (DDL) scripts, etc. will be provided by the
project team. All participants identified in the deployment plan will first run the deployment scripts
in the staging environment to make sure the scripts run without any errors and the entire
deployment process in the staging environment succeeds. If any errors are encountered, then
they are reported to the project team. If any revisions are necessary to the deployment
processes or new deployment artifacts are required then the project team provides them to the
participants.
Production: An environment where authorized end users of the system login to perform their
duties.
Training (Post-Production): End user training on the system that is currently running in
production is provided in this environment. This is different from Training (Pre-Production)
environment where training is provided on the system changes or new enhancements that are yet
to be deployed.
RFP NUMBER: FAM-17-041
VDSS
PAGE 23 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
5. FUNCTIONAL AND TECHNICAL REQUIREMENTS
Suppliers are to indicate their capability of fulfilling each specific requirement below. Each Supplier’s
responses will be reviewed and compared across Suppliers within each requirement type in order to
determine the best solution for the Department.
Detailed requirements are presented in questionnaire format to facilitate direct responses and establish
accountability regarding delivery of the Solution by the Supplier. To respond to each requirement,
Supplier is asked to enter, in the space provided in Column A, a code that best corresponds to its
intended response for the requirement listed.
The acceptable codes for Column A are as follows:
Y - "Yes" - Supplier can fully meet the requirement as documented with its current application or
proposed solution. If applicable, Supplier should provide in Column B an explanation of how it will fulfill
the requirement. This may include use of alliances with other Suppliers. Supplier may also use Column B
to cross-reference a detailed explanation included in an attachment of its proposal.
F - "Yes, Future" - Supplier will be able to fully meet this requirement in the near future (not longer than
six months from the date of the proposal). Supplier should provide a proposed start date and crossreference any attached documentation in Column B.
N - "No" - Supplier cannot meet the requirement and has no firm plans to be in the position to meet this
need within six months from the date of the proposal.
The Department has posed some open-ended questions. In those instances, Supplier is to provide
adequate information to allow the Department to properly evaluate its proposal.
In order for VDSS to evaluate Supplier’s proposed solution, it is essential that Supplier provide a
sufficiently detailed response in column B relating to the requirement set forth in column A.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 24 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
A. Product Specifications and Standards – VITA Required
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
#
VITA.1
Product Specifications and Standards Requirements
A
Does your solution comply with all current COV ITRM Policies and Standards, as
applicable, found at: http://www.vita.virginia.gov/library/default.aspx?id=537.
If proposed solution does not, please provide details that specify the
Standard/Policy and how Supplier's solution does not comply.
VITA.2
VITA.3
Do your proposed interfaces to Commonwealth systems comply with or have
approved exceptions to all applicable Commonwealth Data Standards as found at:
http://www.vita.virginia.gov/oversight/default.aspx?id=10344.
If not, please explain.
Does your solution provide effective, interactive control and use with nonvisual
means and provide 508 Compliance in accordance with the following standard
regarding IT Accessibility and 508 Compliance:
http://www.vita.virginia.gov/uploadedFiles/Library/AccessibilityStandard_GOV10300_Eff_11-04-05.pdf. (Refer to www.section508.gov and www.access-board.gov
for further information)
If yes, please describe how this functionality is achieved and include a completed
Voluntary Product Accessibility Template (VPAT) with your proposal: (The VPAT
template is located in APPENDIX C of the Accessibility Standard (GOV103-00)).
If no, does your solution provide alternate accessibility functionality? Please
describe.
Included in your RFP submission, provide evidence of 508 Compliance by
submitting the results of Exhibit 1 or equivalent 508 Compliance tool/assessment.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 25 OF 83
B
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
VITA.4
Does your proposed equipment meet the current U.S. Environmental Protection
Agency’s and Department of Energy’s Energy Star guidelines?
If no, please explain.
If not applicable to this procurement, mark “N/A.”
B. Training Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
H.29.18.
H.29.19.
Training Requirements
The Supplier will conduct a minimum of ten
(10) half-day "train-the-trainer" sessions. Two
(2) each in VDSS Training Centers in
Abingdon, Roanoke, Richmond, Virginia Beach
and Warrenton.
The Supplier will provide online and printed
training materials for the mobile solution. The
Department will retain copies of materials
(including digital files) and the right to utilize
them for further training purposes
A
N/A
N/A
H.29.20.
For a VDSS-Hosted solution, the Supplier will
provide training, clear documentation and all
materials necessary for the Department to
provide ongoing maintenance and upgrades to
the Mobile Solution.
N/A
H.29.21.
For a vendor-hosted solution, the Supplier will
provide updated training, clear documentation
and all materials necessary for new release
and updates to ensure the stability of the
Solution and user experience.
N/A
SOLICITATION NUMBER: FAM-17-041
VDSS
B
PAGE 26 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C. Device Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
C.01.02.
C.01.03.
C.01.04.
Device Requirements
A
B
I am a FSS and I want the ability to enter
information using all of the following methods:
a) native keyboard
b) finger swipes
c) stylus
d) external keyboard
I am a FSS and I want a mobile solution that
connects to a cellular network
I am a FSS and I want a mobile solution that
has GPS functionality
D. General Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
C.02.01.
C.02.02.
SOLICITATION NUMBER: FAM-17-041
General Requirements
A
B
I am a FSS and I want the ability to talk into a
mobile solution and have it translate my verbal
words into text that will be saved into the
system.
I am a FSS and I want a mobile solution that
has the ability to take photos and associate
them to specific case files, individuals, and
placements. Photos will be tagged with relevant
case meta data - for example, Case ID# or
Referral #, Client ID#, and the purpose - for
example, investigation
VDSS
PAGE 27 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C.02.03.
C.02.04.
C.02.05.
C.02.06.
C.02.07.
C.02.08.
C.02.09.
SOLICITATION NUMBER: FAM-17-041
I am a FSS and I want a mobile solution that
has the ability to create flags in the recorded
interviews and create notes related to those
flags; I want the ability to review the specific part
of the interview that is flagged and the reason it
was flagged to help me entering my case notes
I am a FSS and I want a mobile solution that
has the ability to integrate with the device's
audio recording function to allow for audio
recording of interviews and storing of relevant
case data (e.g. Case ID#, Referral ID#,
Participant Name and ID#), as well as relevant
metadata (e.g. date, time, length of recording,
as well as device information, and person
logged on to the device/creating the audio
recording/record)
I am a FSS and I want a mobile solution that
has the ability to notify my supervisor and/or
local law enforcement when I feel that I am in an
unsafe situation
I am a FSS and I want a mobile solution that
has that ability to have individuals electronically
sign documents
I am a FSS and I want a mobile solution that
has access to client level historical case
information
I am a FSS and I want a mobile solution that
has remote access to electronic documentation
from the case record. While online, I should
have ability to retrieve this information and store
it within the Solution to prepare for my offline
work
I am a FSS and I want a mobile solution that
has my daily schedule, task list, deadlines, and
events in a dashboard and is able to send me
alerts that I can customize
VDSS
PAGE 28 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C.02.10.
C.02.11.
C.02.12.
C.02.13.
C.02.14.
C.02.15.
C.02.16.
I am a Supervisor and I want a mobile solution
that allows me to send alerts or notifications to
my workers that I can customize
I am a FSS and when my mobile solution is
offline, I want to receive all alerts and
notifications that I missed as soon as I
reconnect
I am a FSS and I want a mobile solution that
has the ability to access and search relevant
policy and guidance
I am a FSS and I want a mobile solution that will
allow me to complete a Safety Plan with a client
and then save to the SOR and email to the
family
I am a FSS and I want a mobile solution that will
allow me to use the various Structured Decision
Making (SDM) tools to assess risk and safety
for a family and then save to the SOR
I am a FSS and I want a mobile solution that
has the ability to scan documents with the
device’s camera and associate them to specific
case files, individuals, and placements
I am a FSS and I want a mobile solution that will
provide me with a guide or template to serve as
a reminder for what needs to be addressed at
specific client meetings (e.g. Family Partnership
Meetings, Required Worker Visits)
C.02.17.
I am a FSS and I want a mobile solution that
has the ability to allow me to enter notes and
keep them in draft until I take action to submit to
the SOR
C.02.18.
I am a FSS and I want a mobile solution that
has access to all relevant case information,
even when it was not initially captured by me
C.02.19.
I am a FSS and I want a mobile solution that will
alert me when I am assigned a new referral
while I am out in the field
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 29 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C.02.20.
C.02.21.
I am a FSS and I want a mobile solution that
has the ability to create and maintain case
records with associated case and case plan
information
I am a FSS and I want a mobile solution that
allows me to complete all necessary case
related functions such as assessments and
case documentation (e.g. safety plans, safety
assessments, case notes, update client
information, searches)
C.02.22.
I am the Home Office and I want a mobile
solution that allows me to easily configure
assessment tools and forms for use by users
C.02.23.
I am a FSS and I want a mobile solution that
has the ability to allow me to see my list of
assigned cases or referrals in a dashboard and
have the ability to filter that list
C.02.24.
C.02.25.
C.02.26.
SOLICITATION NUMBER: FAM-17-041
I am a FSS and I want a mobile solution that will
allow me to search for current or past
allegations on individuals associated with child
welfare history
I am a FSS and I want a mobile solution that
provides me the ability to filter my list of
assigned referrals or cases by:
a) Location, such as "closest to me"
b) Response time
c) Alphabetical (first and/or last name)
d) Assigned date
I am a FSS and I want a mobile solution that
provides a countdown clock for configurable
tasks. E.g.:
a) Investigation timeframes by response type
b) Monthly Worker Visit due date
c) Service Plan submission date
VDSS
PAGE 30 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C.02.27.
I am a FSS and I want a mobile solution that
has a forms library that I can search and fill out
on the device and then print or securely email to
a client after they have electronically signed with
a digit or stylus
C.02.28.
I am a FSS and I want a mobile solution that will
allow me to take the National Youth in
Transition Database (NYTD) surveys on my
mobile solution and have the responses upload
to the SOR
E. GPS Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
GPS Requirements
C.03.01.
I am a FSS and I want a mobile solution that
has GPS navigation functions or integrates with
Google Maps (or similar product) and will allow
me to get voice-guided directions from one
location to another based on my itinerary or by
choosing an address from a case file or
calendar whether I am online or offline
C.03.02.
I am a FSS supervisor and I want a mobile
solution that has the ability to track the GPS
location of my workers when they are out in the
field
SOLICITATION NUMBER: FAM-17-041
VDSS
A
B
PAGE 31 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
F. Offline Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
C.04.01.
C.04.02.
C.04.03.
C.04.04.
C.04.05.
SOLICITATION NUMBER: FAM-17-041
Offline Requirements
A
B
I am a FSS and I want a mobile solution that
has the ability to enter and sync documentation
while I am away from the office, whether it be
my home, community location or a home of a
client
I am a FSS and I want a mobile solution that
has the ability to access and complete
assessments, notes, photos and all relevant
case information when my mobile solution is
offline and have the device automatically sync
when it comes online
I am a FSS and I want a mobile solution that
has the ability to prompt a manually sync if the
automatic sync was disrupted.
I am a FSS and I know that I am going to a
location that will cause my mobile solution to be
offline, I want the ability to sync my mobile
solution with the system of record prior to going
offline so that I have access to the most current
information for a case prior to going in offline
mode
I am a FSS and I want a mobile solution that
has the ability to access a forms library when
my mobile solution is offline
VDSS
PAGE 32 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
G. Resource Home Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Resource Home Requirements
C.05.01.
I am a FSS and I want a mobile solution that will
allow me to see Foster and Adoptive Home
demographic information and availability when I
am looking to place a child
C.05.02.
I am a FSS and I want a mobile solution that
has the ability to search for Foster or Adoptive
Homes within specific geographical and school
district locations
C.05.04.
I am a Resource worker and I want a mobile
solution that has the ability to capture and track
Foster and Adoptive Home information
A
B
H. User Interface Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
User Interface Requirements
H.28.44.
The mobile solution shall have quick navigation
to different functional areas of the solution, to
facilitate the user’s access to information and
tools during client meeting;
H.28.45.
The mobile solution shall have a configurable
workflow to support the caseworkers business
operational processes
H.28.46.
The mobile solution shall have configurable user
interface labels to ensure language is consistent
with the business language used by the
workers.
SOLICITATION NUMBER: FAM-17-041
VDSS
A
B
PAGE 33 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H.28.47.
H.28.48.
C.03.03.
I.
The mobile solution shall have the ability to
interact with mapping tools to provide location
information and geographic information
services.
The mobile solution shall have an intuitive user
interface and a user friendly organization of
content
I am a FSS and I want to be able to see an
address on a map with the ability to zoom in and
out by pinching expanding views for additional
information
Project Management Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Data Interface Requirements
DFS.01.01.
The Supplier will jointly use a Collaboration
Software tool with the Department to coordinate
tasks, deadlines, status updates and
assignments. The CCWIS team currently
utilizes Jazz and Asana but is open to other
tools recommended by the Supplier.
SOLICITATION NUMBER: FAM-17-041
VDSS
A
B
PAGE 34 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
J. Data Interface Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Data Interface Requirements
H.11.50.
The mobile solution shall retrieve case, client
and Resource Home information from, and
return updated and newly captured information
to the SOR while online or if offline, immediately
after returning to online status
H.11.52.
SOLICITATION NUMBER: FAM-17-041
A
B
The mobile solution shall have full
synchronization management capabilities:
a. Configurable synchronization frequency, both
when mobile device is continually online and
becomes active after being offline;
b. Ability to track changes passed through
synchronization and the system being updated
by these changes;
c. Ability to detect and resolve conflicts
according to configurable business rules or alert
system administrator when conflicts occur;
d. Ability to manage slow network connection
synchronization by identifying priority data for
synchronization or similar method;
e. Ability to rollback changes and/or recover
from breaks in synchronization;
f. Ability to perform background synchronization
without locking a device while this activity
occurs;
g. If more than one intermediary database is
used, the ability to manage multiple
synchronization topologies.
VDSS
PAGE 35 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H.11.53
H.11.54
All content, including data, document, and multimedia (e.g. pictures, audio recordings) must be
encrypted within the mobile software system
and not be stored in the standard mobile device
file structure. Describe how you will ensure that
this sensitive data and media will be
containerized.
The mobile solution shall securely send objects,
such as audio recordings and photos to the
database using a standard interface method,
such as an API, Simple Object Access Protocol
(SOAP) web service API, or similar method. In
your response, indicate which method(s) are
used by your solution and provide a justification
for your choice(s) in column B
K. Data Integrity Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Data Integrity Requirements
H.09.01
The system shall maintain data and transaction
integrity and confidentiality; where applicable,
address legal and regulatory issues with regard
to unauthorized access, misuse or fraud audit
trails, and options for resolution
H.09.09
The system shall have the ability to complete
field validations to ensure that all entered data is
in the correct format
H.10.10.
The mobile solution shall have the ability to
perform confidence matching of all new offline
added client and case-related person with
persons already entered in the case
management system and be able to merge or
associate records accordingly
SOLICITATION NUMBER: FAM-17-041
VDSS
A
B
PAGE 36 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H.10.11.
The mobile solution shall have the ability to
perform confidence matching of all new offline
added foster or adoptive homes with entries
already entered in the case management
system and be able to merge or associate
records accordingly
L. Compatibility Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
H.06.02.
Compatibility Requirements
A
B
Any mobile solution shall have the ability to be
compatible with iOS, Android and Microsoft
platforms. If the solution is not compatible with
one or more platform, include the rationale for
this decision in your column B response.
M. Reporting Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
H.29.18.
SOLICITATION NUMBER: FAM-17-041
Reporting Requirements
A
B
The mobile solution shall provide reports and
analysis suitable for the tasks supported by the
solution. In your response, provide two (2)
examples of reports from previous
implementations of your Solution
VDSS
PAGE 37 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
N. Hosting Requirements
If a vendor or third party will host any of the Solution, data or SaaS for any service(s) related to the implementation and service delivery of this
solution, the following requirements are applicable:
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
H.24.05.
H.26.05.
H.29.01.
H.29.02.
H.29.19.
SOLICITATION NUMBER: FAM-17-041
Hosting Requirements
A
B
Virginia maintains in the order of 2400 FSS and
450 Supervisors. The host site and its access to
the mobile networks will be able to scale
appropriately as the use of the mobile solution
increases
The mobile solution must secure data and
transactions on the mobile device and any
intermediary platforms until it is posted to the
System of Record (SOW). Any data hosted
outside of the Commonwealth Data Center shall
be subject to the requirements specified in
Commonwealth Standard SEC 525-02 and in
compliance with Contract, Exhibit H - Additional
Cloud Terms and Conditions.
The Supplier will propose availability and
redundancy capabilities, and their cost
implications
The Supplier will propose backup, restore, and
other business continuity services to support
disaster recovery plan, and their cost
implications
The host site shall be certified to FedRAMP or
similar high-level security standards. If not a
FedRAMP certified site then the Contractor will
be expected to complete a crosswalk with
appropriate NIST standards demonstrating the
level of security
VDSS
PAGE 38 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H.29.20.
Applications must be hosted within the United
States and are subject to all requirements in the
most recent version of the COV ITRM
Standards including SEC 501-xx (most recent
isSEC525) Hosted Applications, Data or SaaS
requires ECOS Agreement and VITA Security
Assessment for Non-Premise Based Services.
H.29.21.
The Supplier will propose a host site
management methodology, such as ITIL. The
host site will provide the Department metrics to
support management and monitoring of the site
O. Maintenance Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Maintenance Requirements
H.29.09.
The Supplier must present a release roadmap
noting current plans for when a mobile device
operating system will no longer be supported,
and when a feature will be being removed.
During the Contract period the Supplier will
regularly update and re-present this roadmap
H.29.22.
The Mobile Solution will be maintained by the
Supplier within the license or ongoing
maintenance costs
H.29.23.
The Supplier will provide Tier 3 help desk
services for the duration of the contract and
propose service levels for this requirement
SOLICITATION NUMBER: FAM-17-041
VDSS
A
B
PAGE 39 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
P. Disaster Recovery / Redundancy Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Disaster Recovery / Redundancy
Requirement ID
A
B
Requirements
The solution will be flexible enough to
accommodate redundant resources to mitigate
availability risks. This could include, but is not
limited to, load balancers, external services,
H.13.06.
DNS services, synchronization servers, data
storage and messaging. How does the solution
handle the loss and replacement of services
when resources become unavailable?
The Supplier will provide a Disaster Recovery
Plan with a Disaster Recovery Test Plan
including backup, restore and other services to
H.13.07.
maintain business continuity. Costs associated
with the plan implementation are to be supplied
with the plan.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 40 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Q. SDLC Environment and Process Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
SDLC Environment and Process
Requirement ID
A
B
Requirements
If the Supplier is hosting the solution, the
Supplier must provide the following
environments to develop and test new product
features or fix critical production defects:
H.14.01.
a) Development
b) System Integration Testing (SIT)
c) Quality Assurance Testing (QAT)
d) User Acceptance Training (UAT)
e) Training
f) Staging
g) Performance
h) Production
To accommodate the development of multiple
projects in parallel, the Supplier must provide
multiple instances of each environment stated
above E.g.: two instances of QAT, three
instances of UAT, etc.
H.14.02.
SOLICITATION NUMBER: FAM-17-041
The system must support replication of user
profile information updates to all system
environments.
VDSS
PAGE 41 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
If the solution is hosted by the Department, the
Supplier must provide the hardware and
software requirements and install and configure
the solution in each of the following
environments:
H.14.03.
a) Development
b) System Integration Testing (SIT)
c) Quality Assurance Testing (QAT)
d) User Acceptance Training (UAT)
e) Training
f) Staging
g) Performance
h) Production
H.14.04.
Code and/or configuration changes must be
promoted from a lower environment to a higher
environment in the following order:
Development, SIT, QAT, UAT and Production.
H.14.05.
The Supplier must first test the product features
or bug fixes in SIT and QAT before releasing
them to the Department staff in UAT for user
acceptance testing.
H.14.06.
H.14.07.
H.14.08.
SOLICITATION NUMBER: FAM-17-041
For a custom-developed solution, the
architecture and design of the solution must be
reviewed and signed-off by the Department prior
to Development.
For a custom-developed solution, code
developed must have sufficient comments
(class level, method level, and in-line) for
maintainability purpose.
Any VDSS-specific code must be reviewed by
the Department prior to the release in UAT. Any
review findings must be addressed prior to the
UAT sign-off. VDSS reserves the right to
request a vulnerability scan of code.
VDSS
PAGE 42 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
H.14.09.
If the vendor proposes a custom developed
solution where the Department has an option to
take over the future maintenance and support
then the solution must be in-line with the
Department's strategic direction, which is to
develop and maintain n-tier Java/JEE (JSF,
EJB, and JPA) based applications.
R. Security Requirements
Column A – Availability of Feature – “Y”-Yes; “F”-Yes in the future (no longer than 6 months); or “N”- No.
Column B – Detailed explanation of how the feature is or will be implemented.
Requirement ID
Security Requirements
C.01.01.
I am a FSS and I want to know that my mobile
device can be securely protected in the event of
loss or theft
C.01.05.
H.11.51.
H.22.01.
SOLICITATION NUMBER: FAM-17-041
A
B
The solution will not store media captured within
the mobile solution outside of the mobile
solution - for example, the mobile device's photo
gallery
The mobile solution shall have the ability to
interface to exchange data with the VDSS
Access Control System of Record (currently
OpenLDAP and moving to Oracle OUD (LDAP))
to validate employee identification, user roles,
and permissions.
The mobile solution shall have role based
access and customization to present only
relevant content to specific user groups in
accordance with the principle of least privilege.
For example, a case worker restricted to a
specific case load should only see those cases
VDSS
PAGE 43 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.02.03.
The mobile solution will secure through
encryption, or deliver through a portal using
encryption, any email communication sent from
the user to a client or VDSS/LDSS. Sensitive
email and attachments must use minimum
established VITA standards for encryption and
use current encryption standards specified in
VITA standards/guidelines. The proposed
solution must securely interface to the
Commonwealth enterprise messaging solution.
The system design should allow only authorized
personnel to modify program settings in
accordance with the principle of least privilege
E.08.01.
Describe how the mobile solution will protect
against malicious programs
E.15.01.
E.02.04.
E.02.05.
E.02.06.
SOLICITATION NUMBER: FAM-17-041
Appropriate authentication practices, session
management principles, data storage separation
by either logical or physical from the application
interface (two or three tier architectures where
possible), input validation and data integrity
checks, default deny, utilization of the principle
of least privilege, and quality assurance
activities.
Applications must be configured to clear the
cached data and temporary files upon exit of the
application or logoff of the system.
A Security review/test of an application is
required. The type and level of the review will be
determined by the VDSS Information Security
Unit or Commonwealth Security once the
sensitivity of the application and data is
determined. The types of reviews may include,
but are not limited to, a code review, a
vulnerability scan and/or a penetration test.
VDSS
PAGE 44 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.02.07.
The opening of new browser windows should
only be done if the user is warned that a new
window will open and there may be a possibility
of functional difficulties. Developers should refer
to the WATG template site for details at
http://www.vadsa.org/watg/.
E.03.01.
IT system development must adhere to the
security concept of separation of duties by
assigning roles that prevent a conflict of interest.
E.04.01.
E.04.02.
The standard for VDSS user logon IDs consists
of the user’s 3 initials and FIPS, whenever
possible.
Inactive user accounts must be automatically
disabled after a specific time period (90 days). If
access control is part of the Solution, address in
your response.
E.04.03.
When a user's logon ID is terminated it may not
be reused. The terminated logon ID data must
remain on the system for audit log and
accountability purposes. If access control is part
of the Solution, address in your response.
E.04.04.
Account lockout – A worker is allowed three
attempts to enter a correct password. After the
third attempt, if an incorrect password is
entered, the logon Id will be suspended. Locked
accounts can be reset by the office/locality
security officers, the VDSS Help Desk or the
VDSS Information Security Unit. If access
control is part of the Solution, address in your
response.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 45 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.04.05.
E.05.01.
E.06.01.
E.06.02.
E.06.03.
E.06.04.
E.06.05.
E.06.06.
Disabled – When an account is disabled, the
logon ID cannot access the system. This is used
when the user no longer needs access to the
system, leaves the agency and/or has access
privileges removed for administrative purposes.
Only the VDSS Information Security Unit has
the ability to disable or remove the disabled
status from a logon ID. If access control is part
of the Solution, address in your response.
Timeout - If there is no activity [keystrokes or
stylus swipes] within 15 minutes, the system
must automatically log-off a user or lock the
device. The system must prompt the user to reenter their password.
Scripts or software code with embedded
passwords are prohibited.
Passwords must comply with the password
standards found in the Commonwealth
Standards.
All passwords must be stored as a hash
Office/locality Security Officers must be able to
reset passwords for workers in their offices
(FIPS).
The VDSS Information Security Unit must be
able to remotely reset passwords for all workers
in all systems and all devices.
The system must implement access control in
compliance with commonwealth standards
specified in SEC 501.xx (latest version).
E.06.07.
Default passwords must be changed
immediately after installation.
E.06.08.
Authentication/session initiation transactions
must be encrypted (i.e., passwords).
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 46 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.06.09.
E.06.10.
E.08.02.
E.08.03.
E.08.04.
E.09.01.
E.09.02.
E.09.03.
SOLICITATION NUMBER: FAM-17-041
The system must generate and provide a
unique initial password for each new user,
deliver the initial password to the user in a
secure and confidential manner, and require
that the user change the initial password upon
the first login attempt.
The system must mask the display of
passwords on the screen as they are entered.
EAL (Enterprise Audit Log) Policy must be
followed for all sensitive systems. All New
Systems or those undergoing substantial
changes must include adherence to EAL policy.
Access, modification, deletion and movement of
PII by each user. This auditing requirement also
applies to data tables or databases embedded
in or residing outside of the application.
The proposed solution must capture all login
attempts unless it uses enterprise directory
services. All login attempts, failures and
account locks are to be collected and updated
to VDSS Web Authentication Service Logs.
Maintenance of all auditable records is required,
including all remote access actions.
The system design should allow access to be
granted to IT systems and data based on the
principle of least privilege.
System Administrators are required to have
both an administrative account and at least one
user account and require that administrators
use their administrative accounts only when
performing tasks that require administrative
privileges.
Access levels must be created and associated
with group membership where practicable and
require that every user account be a member of
at least one group.
VDSS
PAGE 47 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.09.04.
E.09.05.
E.09.06.
E.09.08.
E.09.09.
E.10.02.
E.10.03.
SOLICITATION NUMBER: FAM-17-041
Accounts are to reside in the IT system when
disabled and the system should support
disabled account retention in accordance with
the Agency’s records retention policy.
No guest accounts are allowed.
The Security Access Management System
(SAMS) is used as the administrative interface
for security officers to maintain access controls
(currently OpenLDAP, soon to be Oracle Unified
Directory). All new IT Systems developed must
use VDSS’s Access Control System of Record
for authentication and include modification to
SAMS for the review and maintenance of user
access levels and privileges for all system
users. All Security Officer activities (adds,
modifies and deletes) will be logged in SAMS.
The VDSS Information Security Unit will have
system-wide access. Office/locality security
officers are restricted to maintaining
authentication and access for users in their
FIPS or organizational unit.
If the application is web enabled, VDSS Access
Control System of Record (current OpenLDAP,
moving to Oracle Unified Directory (OUD)) must
be utilized for authentication and access control.
If system generated, a secure method of
delivery of access credentials is required.
Confidentiality statements may be required on
screens and reports depending on the
sensitivity of the client data.
Customer/Client web-enabled applications must
include the agency’s web policy and privacy
policy.
VDSS
PAGE 48 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.11.01.
E.12.02.
E.14.01.
Warning Banner is incorporated at the initial Log
on sequence to the application. (Wording must
match the State/Federal Banners provided
Commonwealth/IRS/SSA/Other. Multiple
Banners may be needed on the initial log on
screen.) Users are required to take explicit
actions for banners to be cleared.
The system must encrypt sensitive data in any
form, format, method of transmission, or
mechanism including the use of the Internet,
interfaces, file transfers, EFT, or any other
means. Encryption strength and
implementation methods must meet or exceed
the requirements defined in commonwealth
security standard ITRM SEC 501-09.
Information gathered and maintained by
applications used in the administration of state
and federal programs may only be used for
those purposes for which it was intended unless
otherwise specified in Local, State or Federal
Laws/Statutes. Adherence to Local, State and
Federal Laws governing the use and sharing of
data is required. Client consent may also govern
the sharing of client supplied data.
E.16.01.
As emails sent from Commonwealth systems
are public records, an approved email
disclaimer (i.e., as provided for and approved by
the Department’s legal counsel) must be
included with the email communication.
E.17.01.
Monitoring must be put in place to identify
potential account sharing. Sharing of any
account and password is prohibited.
E.18.01.
The audit trail shall capture the creation,
modification and deletion of objects including
files, directories, group accounts and user
accounts.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 49 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.18.02.
The audit trail shall capture all actions,
connections and requests performed by
privileged functions i.e. system administrators.
E.18.03.
The audit trail shall capture all changes to
logical access control authorities (e.g., rights,
permissions).
E.18.04.
E.18.05.
E.18.06.
E.18.07.
E.18.08.
E.18.09.
E.18.10.
SOLICITATION NUMBER: FAM-17-041
The audit trail shall capture all system changes
with the potential to compromise the integrity of
audit policy configurations, security policy
configurations and audit record generation
services.
The audit trail shall capture: i) the date of the
system event; ii) the time of the system event;
iii) the type of system event initiated; and iv) the
user account, system account, service or
process responsible for initiating the system
event.
The audit trail shall capture system startup and
shutdown functions.
The audit trail shall capture modifications to
administrator account(s) and administrator
group account(s) including: i) escalation of user
account privileges commensurate with
administrator-equivalent account(s); and ii)
adding or deleting users from the administrator
group account(s).
The audit trail shall capture the enabling or
disabling of audit report generation services.
The audit trail shall capture command line
changes, batch file changes and queries made
to the system (e.g., operating system,
application, and database).
The audit trail shall be protected from
unauthorized access, use, deletion or
modification.
VDSS
PAGE 50 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.18.11
E.18.12.
E.18.13.
E.18.14.
E.18.15.
E.18.16.
SOLICITATION NUMBER: FAM-17-041
The system must provide for the prevention and
detection of IT security incidents, including
those caused by malicious code (i.e. Coded to
prevent attacks such as SQL Injection or crosssite scripting).
The system must log Remote access.
The audit trail shall capture all actions,
connections and requests performed by
privileged users (a user who, by virtue of
function, and/or seniority, has been allocated
powers within the computer system, which are
significantly greater than those available to the
majority of users. Such persons will include, for
example, the system administrator(s) and
network administrator(s) who are responsible for
keeping the system available and may need
powers to create new user profiles as well as
add to or amend the powers and access rights
of existing users).
IT system hardening must be evidenced by
identifying, documenting, and applying
commonwealth-approved security baseline
configurations to the IT system being
developed.
The system design should allow the automatic
malware scanning of all files retrieved through
an external network connection or input storage
device.
Applications shall not disrupt or disable
activated features of any operating system that
are identified as accessibility features where the
application programming interface for those
accessibility features has been documented by
the manufacturer of the operating system and is
available to the product developer.
VDSS
PAGE 51 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.19.02.
E.19.04.
E.20.01.
SOLICITATION NUMBER: FAM-17-041
VDSS has a distributed security architecture.
There are approximately 150 state and local
DSS offices located throughout the
Commonwealth. Each office has a primary and
at least 1 backup security officer. Statewide,
approximately 450 security officers are
responsible for administering the users within
their respective offices to include adding and
removing users and modifying access
privileges. The VDSS Information Security Unit
oversees the VDSS Information Security Policy
and provides administration for primary security
officers and their backups as well as backup for
localities/offices if the regular security officers
are not available. Administration of accounts
must be able to be restricted by FIPS/State
Organizational Unit and VDSS Central Security
Unit. VDSS Central Security Unit must be able
to control access for all VDSS Users.
All individuals involved in the IT system
development efforts (including employees,
clients, vendors, contractors, third-parties, or
other non-employees), while accessing the
system via remote access methods, must obtain
formal authorization and unique user ID and
password prior to using the Agency’s remote
access or another approved remote access
method. The device must be authorized for
remote access.
Developers used in development of sensitive
systems must have the necessary KSAs to
understand the current threats and potential
exploitations of the products to be built as well
as knowledge of secure design and coding
techniques. As necessary, additional training
must be provided.
VDSS
PAGE 52 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.21.02.
E.21.03.
E.21.04.
This application contains sensitive data.
Solution must support the performance of
periodic risk assessments, at the agency
discretion, throughout the development lifecycle.
VITA will conduct a Security Assessment of
controls. Any residual risk must be addressed
by the vendor as part of development or
implementation activities.
Appropriate Security Design (if the application
uses, processes, or stores sensitive information,
then the design must address encryption
requirements, disallowing sensitive information
to be visibility transmitted between the client
and the application, and ensure that sensitive
information is not stored in hidden fields that are
part of the application interface).
E.21.05.
Access granted in each user role must be
clearly documented including all capabilities of
the access granted. Permissions must be
developed based on least privilege.
E.22.01.
No system requirement may be implemented
which makes use of group account IDs and
shared passwords. The IT system use of group
account IDs and shared password is prohibited.
E.23.01.
Printing from Mobile devices through wireless
printing must implement adequate security
controls commensurate with the sensitivity of
data. Private Cloud / Direct encrypted printing
are preferred for mobile devices. If printing does
not use one of these mechanisms, use column
B to describe what technologies are used to
mitigate risk of data disclosure.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 53 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.25.01.
Direct access to data is prohibited. No system
may be designed requiring manual access to
data by end users. The users may not have
direct access to data. Only valid program
functions and transactions can provide access
to view or modify data in any system.
E.26.02.
If applicable to the proposed solution, client
devices connecting to the WLAN must utilize 2factor authentication.
E.26.04.
E.26.05.
E.26.06.
E.26.07.
E.26.08.
E.26.09.
E.26.10.
E.26.11.
E.27.02.
SOLICITATION NUMBER: FAM-17-041
WLAN infrastructure must authenticate client
devices prior to permitting access to the WLAN;
LAN user authorization infrastructure (i.e.,
LDAP) must be used to authorize access to
LAN resources;
Only COV owned or leased equipment shall be
granted access to an internal WLAN until an
exemption has been granted by the ISO;
All WLAN communication must utilize a secure
encryption algorithm that complies with
commonwealth security standard ITRM SEC
501-09.;
There must be physical and logical separation
between WLAN and wired LAN segments;
All COV WLAN access and traffic must be
monitored for malicious activities, event logs
created, and the event logs must be stored on a
centralized storage device appropriately
secured with access controlled and designated
by the ISO;
Configuration and security data associated with
the WLAN must not be provided to
unauthenticated devices (i.e., SSID
broadcasting must be disabled); and
WLAN clients will only permit infrastructure
mode communication.
WLAN Hotspots, defined as wireless network
connections providing unauthenticated access
VDSS
PAGE 54 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.27.03.
E.27.04.
E.27.05.
E.28.02.
E.28.03.
E.28.04.
to the Internet, must have logical or physical
separation from VDSS's LAN;
WLAN Hotspots must have packet filtering
capabilities enabled to protect from malicious
activity;
All WLAN Hotspot access and traffic must be
monitored for malicious activity, event logs
created, and event logs stored on a centralized
storage device appropriately secured with
access controlled and designated by the ISO;
and
When COV clients are involved WLAN clients
will only permit infrastructure mode
communication.
All wireless bridge communications must utilize
a secure encryption algorithm that complies with
commonwealth security standard ITRM SEC
501-09;
Wireless bridging devices will not have a default
gateway configured;
Wireless bridge devices must only permit traffic
destined to traverse the bridge and must not
directly communicate with any other network;
E.28.05.
Configuration and security data associated with
the wireless bridge and WLAN must not be
provided to unauthenticated devices (i.e., SSID
broadcasting must be disabled); and
E.28.06.
Wireless bridging devices must not be
configured for any other service than bridging
(i.e., a wireless access point).
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 55 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.29.01.
E.29.02.
E.29.03.
E.29.04.
E.29.05.
SOLICITATION NUMBER: FAM-17-041
The solution proposed should identify software
or service required to implement Centralized
Device Management/Mobile Device
Management(MDM)/Mobile Application
Management(MAM) including Security Policies,
Operating System (OS), Application, Security
Suite and Configuration items is required for
devices accessing or housing sensitive data.
Device and Application must support remote
administration to lock/unlock or wipe the
device. Maintenance of software, OS, database
and security-related patching must be part of
the solution.
The Supplier will provide a plan for
implementation of Centralized Device and
Application Management, including
configuration of Security Policies; native
resources; application stores; device firewall;
application whitelist and device security
settings; print settings and configuration; and
other configurable device preferences.
Device management solution must support
remote wiping of data, both on-demand and
after a predetermined number of unsuccessful
authentication attempts, in compliance with the
commonwealth data removal standard, SEC
514-04.
Data storage must be encrypted through full
device or container based encryption. Key
management must be addressed in accordance
with the requirements of SEC 501 SC-12.
Sensitive Data must be encrypted in the
database, in transit and at rest. All
communications that transfer confidentially
sensitive data between web clients and web
servers must employ the most current secure
transport protocol which includes: (COV SEC
501-09) TLS 1.2 or higher where required for
communication with the public.
VDSS
PAGE 56 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.29.06.
If the device stores sensitive data, the device
must contain an application or software that logs
changes in location. Each 15 minutes, the
location of the device must be logged
regardless of whether the device is on-line or
not. When the device is online the log must be
uploaded to the central database.
E.29.07.
Known vulnerabilities with the technologies
listed here must be mitigated through code
modifications or by other means. Please explain
how you will address this in your response.
(Java, JavaScript, ActiveX, Postscript, PDF,
Shockwave, Flash, VBScript).
E.29.08.
E.29.09.
SOLICITATION NUMBER: FAM-17-041
Limit or prevent access to enterprise services
based on the mobile device’s operating system
version (including whether the device has been
rooted/jailbroken), vendor/brand, model, or
mobile device management software client
version (if applicable). Note that this information
may include capability to prevent unauthorized
attempts to Root/Jailbreak device are made or
to prevent access to sensitive data or systems if
this has been done.
Automatically monitor, detect, and report when
policy violations occur, such as changes from
the approved security configuration baseline,
and automatically take action when possible
and appropriate.
VDSS
PAGE 57 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.29.10.
E.29.12.
E.29.13.
E.29.14.
E.29.15.
E.29.16.
SOLICITATION NUMBER: FAM-17-041
Dual Factor Authentication: Require a device
password/passcode and/or other authentication
(e.g., token-based authentication, networkbased device authentication, domain
authentication) before accessing the
organization’s resources. Authentication
parameters must comply with commonwealth
security standard ITRM SEC 501-xx (latest
version).The application authentication should, if
possible, use the VDSS Access Control System
of Record. The solution should support both
offline and online authentication capabilities.
Authentication should be performed in
accordance with Commonwealth Standards.
Deploy the organization’s applications from a
dedicated trusted mobile application store or
push the updates from MAM/MDM
platform. Alternative controls can always be
considered and there is flexibility for other
solutions. The Supplier shall justify their use of
alternative controls in column B.
Verification of digital signatures on applications
is required to ensure that only applications from
trusted entities are installed on the device and
that code has not been modified.
Must be able to be configured to restrict
applications that can be installed or run through
application control.
Application/Device must be able restrict access
to required native resources (e.g., camera
access, location access) assigned to each
application.
Permissions to Install, update, and remove
applications must be under Centrally Managed
Policies/Control.
VDSS
PAGE 58 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.29.17.
E.29.18.
E.29.19.
E.29.21.
E.29.22.
E.29.23.
E.29.24.
E.29.25.
E.29.26.
SOLICITATION NUMBER: FAM-17-041
Restrict when possible the use of operating
system and application synchronization services
(e.g., local device synchronization, remote
synchronization services and websites).
Clock synchronization for mobile devices and
servers hosting applications related to the
solution.
Configure software firewall on the device to
block non-VPN traffic to control all inbound and
outbound connections on public networks (or
zones) with the exception of a browser that is
used to connect to captive portals and such.
Provide Security Logging capabilities as
outlined in NIST SP 800-92
Provide configurable transaction log capabilities
Device Intrusion Detection must be active and
take proactive measures in the event an
intrusion is detected.
Independent Security Assessment of Solution
must be provided – Include Vulnerability
Assessments and penetration testing for
Hardware and Application Software Solution as
well as third party products used in the
solution.
Reversion to default device settings must not
compromise security.
Malicious Code Protection, including application
and file scanning, alert notifications, and
quarantine, is required. Malware protection must
comply with commonwealth security standard
ITRM SEC 501-09 and support both on-demand
and scheduled scans of device storage and
volatile memory. This function must be centrally
managed and support automatic updates to
both the application and definition files.
VDSS
PAGE 59 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
E.30.01.
SOLICITATION NUMBER: FAM-17-041
Use of Open Source code requires the Open
Source Project be active. The use of nonproprietary code is preferred. Information on
Licenses governing the use of proprietary code
within the provided solution must be provided as
part of the RFP response.
VDSS
PAGE 60 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
6. SUPPLIER PROFILE
A. Supplier Proposal Compliance
Before submitting its proposal, Supplier should verify: (i) the proposal is accurate and complete;
(ii) the proposal is prepared in accordance with the solicitation requirements, including providing
all information, content, responses and appendices requested and, (iii) that all required
communication, format and submission instructions are followed.
B. Supplier Corporate Overview
1. Business
State your firm’s core business, background, and experience in the child welfare child welfare
(not to exceed three (3) pages).
2. Corporate Identity
Please provide the identity of any parent corporation, including address, phone and fax
numbers, FEIN or Tax ID #, company web site and contact email. Provide the identity of any
subsidiaries, as applicable (not to exceed three (3) pages).
3. Differentiating Factors
Please explain how you differentiate your company from your competitors (not to exceed
three (3) pages).
4. Organization and Structure
(a) Supplier is asked to provide an overview of its organizational operating structure and
describe the operational and functional relationships of the business units of its organization,
as they relate to Supplier’s proposal and the Department’s stated needs and requirements.
Organizational charts are helpful supplements to the descriptions.
(b) Indicate whether your firm expects to provide the solution with existing resources or plans
to secure additional resources by partnering or subcontracting. If applicable, identify the
additional resources required to provide the solution included in the proposal and the
timetable for obtaining such resources.
(c) Days and hours of operation.
5. Locations
Please describe the geographical locations of your firm at the national, regional, and local
levels, as applicable. Identify all locations that will be used to support a resultant contract and
the operations handled from each of these locations. Clearly identify any overseas locations
which may be used to support the resultant contract or any related data transactions. Key
project team members must be located within the United States. Indicate how many staff (by
role and phase) will be located in Richmond, Virginia if awarded the contract.
6. Strategic Relationships
Supplier is asked to identify strategic relationships with other related Suppliers. State all
subcontractors expected to be employed and outsourced Service/Solution to be used in
implementing the proposed solution. The Department reserves the right to request that
Supplier provide all the information described in this section for any and all major
subcontractors proposed by Supplier.
7. ISO 900X Certification
Please indicate if your firm is ISO certified. Yes or no is sufficient. If “yes”, identify the area(s)
certified (e.g., services, manufacturing).
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 61 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
C. Financial Information
1. Total Annual Revenue
Please state total annual revenue and indicate the revenues associated with the provision of
the solution relevant to the proposal.
2. Dun and Bradstreet Credit Report
Include your firm’s current full D&B Business Report, if D&B issues reports on Supplier.
3. Annual Reports or Venture Capital Funding Information
The Department reserves the right to access a Supplier’s publicly available financial
information and to consider such information in its evaluation of such Supplier’s proposal.
4. Research and Development
State the percentage of your firm’s total revenue invested in Research and Development, as
appropriate.
5. Bankruptcy Filing Status
State whether the Supplier has filed for bankruptcy protection in the past five (5) years or is
currently in the process of filing or planning to file for bankruptcy protection or financial
restructuring or refinancing. If so, provide Court and case numbers.
D. Future, Long Term Vision and Strategic Plans
Provide information on your firm’s future, long-term vision, and strategic plans as they relate
to the direction of the proposed solution/service/product and describe a clear vision of how
your firm plans to support emerging technologies and industry standards (not to exceed five
(5) pages).
E. Supplier Experience Level and Customer References
The Supplier should demonstrate a proven record of providing solutions similar to those
defined in Section 5 to customers of similar scope and complexity. Provide three (3) customer
references, with contact names, email addresses, phone numbers, solution descriptions, and
dates implemented which the Department may use in reference checking. A template is
provided below.
Supplier’s references should reflect the overall capabilities of the company and, to the extent
possible, should be work that was done by the individuals who will be assigned to this project.
Where applicable, Supplier should clearly note references that include individuals who will be
assigned to this VDSS project and their role on these previous project(s).
The Department will make such reasonable investigations as deemed proper and necessary
to determine the ability of a Supplier to perform a resultant contract. These may include, but
may not be limited to, reference checks and interviews. The references should be from
organizations where Supplier is providing (or has provided) a solution that are similar in type
and scope to those identified in Section 5.
1. Responsibility
In the course of collecting references, the Department may consider the following in
determining the Supplier’s responsibility and responsiveness:
a.) Whether the Supplier has had a contract within the last five (5) years that was terminated
for cause due to breach or similar failure to comply with the terms of the contract.
b.) Whether the Supplier’s record of performance includes factual evidence of failure to
satisfy the terms of the Supplier’s agreements with any party to a contract. Factual
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 62 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
evidence may consist of documented Contractor performance reports, customer
complaints and/or negative references.
c.) Whether the Supplier promptly supplied all requested information concerning its
responsibility.
d.) Whether the Supplier was in conformance with the requirements contained in the Scope
of Work, Terms and Conditions, and Instructions for the Solicitation and its Amendments,
including the documents incorporated by reference.
e.) Whether the Offer includes or is subject to unreasonable conditions, to include conditions
upon the State or necessary for successful Contract performance. The State shall be the
sole determiner as to the reasonableness of a condition.
f.) Whether the Supplier materially changes the contents set forth in the Solicitation, which
includes the Scope of Work, Terms and Conditions, or Instructions.
g.) Whether the Supplier provides misleading or inaccurate information.
Reference Template
Reference’s Current Point of Contact
Name
Point of Contact
E-mail
Point of Contact
Phone Number
Reference’s Contract No.
Reference’s Project Manager
Name
Project Manager
E-mail
Project Manager
Phone Number
Project Description
Reference’s Contract Manager
Name
Contract Manager
E-mail
Contract Manager
Phone Number
Date Implemented
F. Synopsis or Case Study of Results
The Supplier is asked to provide a synopsis or case study of results attributable to its
commitment to high quality and increased operating efficiency. This is requested to
demonstrate the added value the Supplier can offer and indicate the typical on-going cost
reductions and Solution efficiencies the Department could expect to realize.
G. Performance Standards Methodology
Please describe the methodology used to develop your firm’s internal performance
standards, the processes and tools used to monitor and measure performance against those
standards, and the management reporting systems that capture these data.
Indicate your firm’s present customer satisfaction rating, summarize customer satisfaction
criteria, and describe the methodology used to measure customer satisfaction. Please
include any relevant publication ratings or articles.
H. Disaster Recovery/Security Plan
Describe in detail your firm’s plans to mitigate against any disaster that would affect the ability
to provide the Department with the proposed solution. Provide a detailed plan of your firm’s
security infrastructure including facility and information technology security. Include details on
backup, restoration and other services to maintain business continuity. Costs associated with
plan implementation are to be included on Appendix C – Pricing. If selected and if the
solution involves external hosting, the Supplier will be expected to complete a crosswalk with
appropriate Enterprise Cloud Oversight Service Standards (ECOS) as enumerated in
Virginia’s ITRM Standard SEC525-02. See Appendix F.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 63 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
I.
Service and Support Management
1. Solution Implementation Methodology
Please describe in detail the proposed process for implementing the solution. Please include
a detailed list of key deliverables and recommended measures of success. Table 6.1 includes
a recommended list of deliverables. The Department is open to alternative measures if
justified in the Supplier’s response.
2. Project Management Methodology
Please describe in detail how Supplier will lead the implementation effort for the mobile
software solution. Include details such as tracking tasks, measuring progress,
communication, and managing risks. Identify any specific tools which will be used and outline
roles and responsibilities between the Department and Supplier. Include:
a.) Proposed deliverable review process and Supplier approach to Quality Assurance;
b.) Description of the change control and task order processes;
c.) Specify if it necessary for the Department to maintain any servers, database engines,
supporting software, etc. Include estimates for storage, number of servers and peak
volume bandwidth;
d.) Identified areas of project risk and the procedures to mitigate these risks;
e.) Methodology for gap and options analysis between what the external and/or hosted
service provides compared to the Department’s specific needs.
3. Project Management Case Study
Supplier is asked to provide a synopsis or case study of a project that did not go as planned.
Describe the challenges that were encountered and what happened. Supplier is further asked
to provide a second synopsis or case study detailing the most complex project the company
has managed from start to finish.
4. Account Management Plan
Supplier is asked to provide a detailed description of the approach it would take to manage
the business and performance aspects of a resultant contract. Provide a detailed description
of the approach your firm would take to support self-sufficiency of the Department with
respect to the solution and the transition of solution management to the Department.
Describe what additional technical documentation, besides the ones mentioned in this RFP,
the Supplier is willing to provide that will facilitate the technical knowledge transfer to the
Department’s in-house staff and increase the maintainability of the application.
By submitting a proposal, Supplier agrees that it shall, if awarded a contract pursuant to this
RFP, consent to participation in the meeting(s) of the Steering Committee described in
Section 10 (Project Governance) of this RFP. Please identify the titles and areas of
responsibility of persons who your firm would commit to serve on this Governance
Committee.
5. Training Plan
Provide a training plan covering technical and end user training requirements. Include sample
training and operations manuals (will not count against page limit for RFP response) for all
training required by this RFP. In the response, include:
a.) Method of training (to include “train-the-trainer”; online; and in-person, instructor-led);
b.) Length of training;
c.) Scope of training;
d.) List of recommended skills necessary for operation, system maintenance and
development if a VDSS-hosted solution.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 64 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
e.) Include any post-implementation customer or developer community supports.
6. Product Information
The Supplier must provide details about the proposed solution/service:
a.) Number of client sites using the software including number of total and concurrent users;
b.) Date product was first installed at each client;
c.) Current version number and number of releases or upgrades in the last 3 years;
d.) Technical architecture;
e.) Programming language;
f.) Database connectivity and compatibility;
g.) Suggested hardware and operating server environment;
h.) SLAs to support mobile operating systems and device updates; and,
i.) Custom extensions/plugins.
The Department is interested in seeing actual results of an implementation based upon the
information provided by the Supplier. Included in the RFP response must be a description of
how the Supplier would recommend providing first-hand information to the Department on the
success of the product proposed. This may include demonstrations, site visits, proof of
concepts, etc. All costs associated with this recommendation are the responsibility of the
Supplier, with the exception of travel expenses incurred by VDSS employees, if necessary.
7. Waiver Process
If the Mobile Solution is a SaaS or COTS product, the selected Supplier will be expected to
include draft language during contract negotiations that addresses the requirements of ACFOA-PI-13-01. Refer to the Administration for Children and Families (ACF) Program Instruction
(PI) that is included in this RFP as Exhibit 3.
J. Project Team
It is critical the Supplier provide committed and experience personnel capable of performing the
services set forth in this RFP. The Department reserves the right to review resumes and
participate in interviews for the hiring of any staff assigned to any contract resulting from this
RFP. Further, the Department reserves the right to deny or refuse any offered replacement
personnel by the Supplier, where the Department was not notified prior to the assignment.
1. Provide the resumes of all key members of the project team that would be responsible for the
VDSS account. Be sure to identify relevant experience with similar projects.
2. For each key member of the project team, state the percent of time that will be allocated on a
regular basis to the project and how this may change over the course of the contract.
3. Please describe the duties of your assigned Engagement Manager, Project Manager and
Technical Architect (see Section 10.1 for role expectations) and their level of on-site
presence (on-site to mean at VDSS Home Office location in Richmond, VA) throughout the
life of the contract.
4. Describe the level of access the proposed Project Manager has within your organization and
the authority they have to commit resources to meet unexpected surges in activity and/or to
respond to service issues. The Department prefers that the Project Manager be certified as a
Project Management Professional (PMP) through the Project Management Institute.
5. Describe how you will address background checks and confidentiality. All key members of the
project team and any Supplier employees who have access to sensitive VDSS data must
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 65 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
undergo a VDSS background check and sign the Department’s Confidentiality Agreement on
an annual basis. This agreement is attached as Appendix F.
K. Project Schedule
1. Describe the proposed approach and methodology for preparing and maintaining a project
schedule.
2. Within 30 days after contract award, the Supplier will be required to deliver a Work
Breakdown Structure (WBS).
3. Included in the project schedule, the Supplier will address a phased roll-out of the Solution,
factoring in time for:
a.) Train-the-Trainer sessions;
b.) Field Pilot for a minimum of 90 days;
c.) Go/No-Go decision at the end of the Field Pilot; and,
d.) Phased roll-out for 120 local agencies divided into five regions.
4. Provide a preliminary Project Schedule that proposes key phases, milestones, deliverables,
and major tasks for this project. The schedule must also provide the estimated duration of
each major task and indicate any dependencies between tasks. See Table 6.1 for some
Suggested Project Deliverables. As noted in H.1 above, feel free to include additional
deliverables or iterations of deliverables based on your experience deploying similar projects.
#
Table 6.1 – Suggested Project Deliverables
Deliverable
Type
Frequency
1
Work Breakdown Structure (WBS)
Deliverable
One Time
2
Risk Management Plan
Deliverable
One Time
3
Issue Management Plan
Deliverable
One Time
4
Status Reports
Work Product
Weekly
5
System Workflows, Use Cases and Use Case Diagrams
Deliverable
One Time
6
Business Rules
Deliverable
One Time
7
Security Plan
Deliverable
One Time
8
Architectural System Design
Deliverable
One Time
9
Service Design and Implementation
Deliverable
One Time
10
Software Inventory, Data Model, Data Dictionary and
Implementation Plan
Deliverable
One Time
11
Integration Testing Plan
Deliverable
One Time
12
Interfaces Design and Testing Plan
Deliverable
One Time
13
System Performance and Testing Plan
Deliverable
One Time
14
Security Testing Plan
Deliverable
One Time
15
Disaster Recovery Plan
Deliverable
One Time
16
Software Development and Integration Plan
Deliverable
One Time
17
Operation Schedule and Procedure Manual
Deliverable
One Time
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 66 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
18
Operations, Maintenance and Enhancement Plan
Deliverable
One Time
19
Help Desk Support Plan
Deliverable
One Time
20
Integration Test Scripts and Artifacts
Work Product
Incremental
21
Integration Testing Results Summary
Deliverable
One Time
22
Interfaces Test Scripts and Artifacts
Work Product
Incremental
23
Interfaces Testing Results Summary
Deliverable
One Time
24
System Performance Test Scripts and Artifacts
Work Product
Incremental
25
System Performance Testing Results Summary
Deliverable
One Time
26
Security Test Scripts and Artifacts
Work Product
Incremental
27
Security Testing Results Summary
Deliverable
One Time
28
Training Plan, Materials and Online Help
Deliverable
One Time
29
Training Completion Summary Report
Deliverable
One Time
30
Post Implementation Review Report
Deliverable
One Time
31
Transition Plan (if a VDSS-hosted Solution)
Deliverable
One Time
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 67 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
7. Supplier Procurement and Subcontracting Plan
It is the policy of the Commonwealth of Virginia to contribute to the establishment, preservation and
strengthening of small businesses and micro businesses including those small or micro businesses
owned by women, minorities or service-disabled veterans and to encourage their participation in State
procurement activities. Further, the Department is committed to enable a minimum of three percent (3%)
participation by small businesses owned service disabled veteran businesses as defined in §§ 2.2-2001
and 2.2-4310 of the Code of Virginia when contracting for information technology goods and services.
The Commonwealth encourages all Suppliers to provide for the participation of these small businesses
through partnerships, joint ventures, subcontracts, and other contractual opportunities.
A Supplier which is a small business, a small woman-owned business, a small minority-owned business
or a small service disabled veteran-owned business, as defined in § 2.2-4310 or § 2.2-1401 of the Code
of Virginia, or a certified micro business as defined in Executive Order Number 20 (2014), is a SWaM
business. If Supplier is a SWaM business, the Supplier should include a copy of all Virginia SWaM
certifications with its proposal. No Supplier shall be considered a small business, a woman-owned
business, a minority-owned business, a service-disabled veteran business or a micro business unless
certified by the Department of Small Business and Supplier Diversity (DSBSD). For information, go to:
http://www.sbsd.virginia.gov/.
Please provide a Supplier Procurement and Subcontracting Plan as set forth in Appendix B. In the
submitted Supplier Procurement and Subcontracting Plan, please state the amount of the overall
commitment percentage that will be directly spent with SWaM subcontractors in performing the
Requirements of the contract. Please also include in your plan a list of all subcontractors you plan to
utilize who are Non-SWaM businesses. If Supplier does not plan to use small business subcontractors in
executing a contract resulting from this RFP, so state.
Describe in detail information on all mentor-protégé programs and participation that your firm is involved
with.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 68 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
8. PRICING INFORMATION
Submit all pricing data in the Excel Pricing Submittal spreadsheet (Appendix C) provided. Altered formats
or blank data will be considered incomplete and may be eliminated from further consideration.
The Supplier's pricing proposal must include all charges of any kind associated with the Solution. Pricing
must include the eVA fees. The Department will not be liable for any fees or charges for the Solution that
are not set forth in the MS Excel Pricing Submittal. Any attempt to add these fees to submitted pricing will
not be considered.
The Supplier must be willing and able to successfully provide the Solution proposed for the prices given
and to complete the project on a firm fixed-price.
Supplier’s pricing proposal should be accompanied by a description of the following:
a) assumptions used in preparing proposed prices;
b) project activities or project deliverables that are not included in the proposed pricing and
the reasoning for not including those items;
c) other factors deemed relevant to the proposed pricing;
d) price for each deliverable listed in table 6.1; and,
e) labor categories with a labor rates for the initial contract period and five renewal periods.
Pricing information supplied with a proposal must be valid for at least 120 calendar days from the
submission date. If Supplier is reserving the option to withdraw the pricing during that period, it must state
so clearly in its proposal.
Pricing must be comprehensive. Additional information and backup detail should be attached as
appropriate. Any scheduled price change must be identified, and actual new prices and proposed
effective dates must be stated.
Consider putting any specific instruction in the instruction tab of the actual pricing spreadsheet. All onetime and recurring costs and any underlying assumptions on the part of Supplier must be clearly,
conspicuously and fully disclosed. The intent of the pricing matrix provided is to implement an acquisition
process that is flexible and that supports the Department’s delivery requirements on an individual order
basis. If Supplier is proposing more than one Solution type, it may also submit a bundled cost in addition
to the separate individual Solution costs.
The “Supplier’s Option” category is provided to allow a Supplier to submit additional pricing data/models if
it chooses.
Supplier shall disclose pricing assumptions where possible. For example, if unit price is based on a
certain volume, that assumption should be indicated. Supplier shall clearly identify any discount
targets/ranges available.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 69 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
9. VDSS STANDARD AGREEMENT
Any resulting agreement shall be defined by a written contract, which shall be binding only when fully executed
by both parties. Depending on the type of solution proposed, the agreement may need to address licensing or
hosting issues. Refer to the VDSS Solution Contract template in the RFP, Exhibit H – Additional Cloud
Services Terms and Conditions. These terms will become an Exhibit incorporated by full text into any final
negotiated contract that includes Supplier hosting.
In the event Supplier is a software reseller, the Department will consider the software publisher’s license
agreement language if the software publisher requires an End User License Agreement (EULA). In such case,
Supplier is advised that the Department will require Supplier to obtain VDSS’s License Agreement Addendum
to such EULA to address terms and conditions in such EULA with which the Department, as a government
entity, by law or by policy, cannot agree.
If a Supplier’s proposed Solution requires the Department to execute an EULA, Supplier shall contact the
SPOC, who will provide Supplier with the Department’s “License Agreement Addendum” terms.
Supplier shall read and review the VDSS Solution Contract template in the solicitation package located in eVA.
The final terms and conditions of the contract shall be agreed upon during negotiations; however, the
Department’s business requirements are embodied in its standard agreements and Supplier is to give them
the same careful review and consideration as the other requirements set forth in this RFP.
Supplier shall complete and submit with its proposal, in the format provided in the Appendix E table, all
exceptions or recommended language revisions to the VDSS Solution Contract template and, if applicable to
the Contract Exhibit H, excluding exceptions or recommended language revisions to any provisions regarding
liability. If Supplier is selected to go forward into negotiations, at that time Supplier shall state any exceptions
to any liability provisions contained in the Request for Proposal and the VDSS Contract Template in writing at
the beginning of such negotiations, submitted via email to the designated VDSS SPOC. Such Supplier
provided exceptions or recommended language revisions shall be considered during negotiations. Redlines to
the contract template itself, will not be considered or evaluated. Suppliers are encouraged to utilize the SPOC
to address any questions you may have regarding any part of the VDSS Contract.
Include the completed table below in your response to this RFP:
Table 9.1 – VDSS Standard Agreement
Issue:
Do you agree that the contents of your response to
Sections 5, 7 and 8 will become part of any
contract that may be entered into as a result of this
RFP?
Supplier's response (Y & N)
Will you agree to begin measuring the Service
Level Agreement(s) (SLAs) (Appendix A) at the
start of the integration of the Solution?
The contract will include performance standards,
measurement criteria and significant corresponding
financial remedies.
Do you agree to include the SLAs and remedies for
non-compliance as defined in Appendix A in the
final contract?
Do you agree to include mutually agreed upon cost
reduction initiatives, which will be periodically
updated during the term of the contract?
Do you agree that all provisions of the VDSS
Solution Contract template, and Contract Exhibit H,
NOT addressed by you in the Appendix E table are
acceptable?
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 70 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Do you acknowledge that you will submit a Supplier
Procurement and Subcontracting Plan stating
whether or not and how you will be utilizing small
businesses in your proposal? See Section 7.
Supplier acknowledges that no federal funds may
be used to obtain any Solution under a contract
awarded, pursuant to this RFP, to any Supplier who
appears on any excluded lists on the federal
government’s System for Award Management
(SAM) at www.sam.gov.
If Supplier proposes a solution that will require the
Department to execute a EULA, either as a signed
agreement or as “clickwrap”, with a software
manufacturer, Supplier shall, for each such
software manufacturer, obtain the written consent
of such software manufacturer and provide a copy
of each such consent with its proposal.
Do you affirm that your response meets all of the
Mandatory requirements listed in section 2.Q?
Do you affirm that your organization is properly
registered with the Virginia State Corporation
Commission to conduct business in the
Commonwealth? Supplier is to complete Appendix
D and submit with its proposal.
Do you affirm that your organization and all
affiliates are current with all sales tax obligations to
the Commonwealth as of the due date of the
proposals in response to this RFP?
Do you agree to accept the provisions at the
following URLs:
https://www.vita.virginia.gov/uploadedFiles/SCM/St
atutorilyMandatedTsandCs.pdf;
and the eVA provisions at:
https://www.vita.virginia.gov/uploadedFiles/SCM/eV
ATsandCs.pdf and the contractual claims provision
§2.2-4363 of the Code of Virginia.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 71 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
10. Project Governance
The primary sponsors of this initiative are the Chief Information Officer for VDSS and the Division of Family
Services Director. A high level organizational chart of VDSS is as follows:
Figure 10.1 – VDSS Organization Chart
A. Steering Committee
While the intended contract resulting from this RFP will be between the Department and the
Supplier(s), governance decisions will be made by a CCWIS Steering Committee comprised of
state and local representatives. This committee will serve as the Internal Agency Oversight
Committee (IAOC) when this project becomes a Commonwealth of Virginia (COV) Major Project
as determined by VITA.
Voting members of this oversight committee include the Chief Deputy Commissioner, CIO, CFO,
Director of Family Services, Director of Enterprise Systems, Assistant Director of Information
Security and Risk Management, three (3) LDSS representatives, a Supplier representative and the
CCWIS Project Manager. The non-voting members include a VITA representative, CCWIS Project
Coordinator, Foster Alumni Representative and a Procurement Officer.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 72 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
The CCWIS Steering Committee will meet no less than monthly and will be responsible for:
 Setting business objectives and ensuring project activities are in-line with business objectives.
 Review monthly project status reports from the CCWIS Program Manager and Supplier Project
Lead with sufficient information to assess project progress including:
o Milestones;
o Deliverables; and,
o Adequacy of resources.
 Resolve project issues that the project team cannot resolve.
 Mitigate project risks escalated from the project team.
 Address and manage action items in a timely and efficient manner.
o Action items should be resolved by the next meeting of the Committee and a status
presented at that time.
B. Roles and responsibilities of State and Supplier Project Teams
It is the expectation of the Department that the Supplier’s Project Team work collaboratively and
succinctly with VDSS Project Management Team staff throughout the engagement in order to
ensure successful completion of all required deliverables. The following organizational chart
depicts the expected relationship between the State and Contractor:
Figure 10.2 – Project Teams
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 73 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
1. Project Management Team
The VDSS Project Management Team is composed of a number of roles, including a VDSSassigned CCWIS Project Manager, Project Coordinator, Enterprise Technical and Business
Directors, Information Security and Risk Management Specialist, Change Management
Specialist, Information Systems Project Manager and other VDSS Project Staff.
a.) CCWIS Project Manager
The CCWIS Project Manager shall be responsible for ensuring the Solution proceeds
towards the goal of implementing a successful CCWIS solution that meets the functional
and non-functional needs of the Department. This role will also serve as the Supplier’s
primary point of contact for all contractual and project related matters. The CCWIS Project
Manager is responsible for the following tasks:

Ensuring project activities progress in accordance with the requirements of the Work Plan;

Administering and managing the selected Supplier as a result of this RFP and in conjunction
with the Department’s Division of General Services;

Determining major management and scope related decisions and issue resolution;

Reporting Project status to VDSS management;

Facilitating major program and policy related decisions and issue resolution;

Managing day-to-day aspects of the engagement;

Recruiting and managing VDSS staff and ensuring staff are available to participate in Project
assignments as appropriate; and

Ensuring a timely review and approval of all deliverables.
b.) Supplier Engagement Manager
The Supplier Engagement Manager will function as the executive level representative of
the Supplier’s organization. The Engagement Manager shall be responsible for ensuring
that the overall Project, as staffed by the Supplier and managed by the Supplier’s Project
Manager, is effectively functioning to address Project Requirements.
c.) Supplier Project Manager
The Supplier Project Manager will report organizationally to the VDSS CCWIS Project
Manager and ensure that the day-to-day expectations of the Project are being met. The
CCWIS Project Manager will have the responsibility and authority to make day-to-day
Project Decisions and will work closely with the Supplier’s Project Manager.

Reporting Project status to the CCWIS Project Manager;

Reporting issues and risks to the CCWIS Project Manager;

Ensuring project activities progress in accordance with the requirements of the Work Plan;

Managing day-to-day aspects of the engagement; and

Ensuring timely submission of all deliverables.
d.) Supplier Technical Architect
The Supplier Technical Architect will report organizationally to the Supplier’s Project
Manager and will ensure that the mobile solution will meet all requested requirements,
both as a mobile software solution product and as it interlopes with the existing OASIS
(PowerBuilder v12.6) system and Oracle (12.c) databases.
2. Mobile Solution Project Team
The Mobile Solution Project Team will be composed of the CCWIS Project Coordinator,
representatives from Enterprise Systems, Information Systems, Information Security and Risk
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 74 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Management, Change Management and other VDSS Project Staff. In addition, the
Department will utilize users when needed who have field or policy experience as applicable.
The Supplier’s Project Team will be co-located with the VDSS Project Team for all primary
project activities to include testing, service integration, monitoring and training. The
Department will provide facilities for the identified Supplier’s staff at no cost.
The Supplier shall make use of its own computer hardware and software to provide project
deliverables. Any exceptions shall require prior written approval from the CCWIS Project
Manager. On termination or completion of the Contract, the Supplier shall convert all
information recorded for this project with proprietary software into a format usable with
standard MS Office products.
C. Reporting Requirements
The Supplier shall submit the following:

Provide the Project Management Team with weekly Status Reports that include
Project issue updates.

Provide the Project Management Team with Monthly Progress Project Work Plan
Reports and Project Staffing Plan Reports.

Provide documentation and an updated Organization Chart for any Supplier or subcontractor staffing changes in the monthly progress report.
D. Deliverable Review and Acceptance
1. The deliverable review and acceptance process will consist of the following steps:
a.) The Supplier shall submit the Draft Deliverable(s) to the CCWIS Project Manager.
b.) The CCWIS Project Manager will distribute and coordinate the review with the appropriate
Department personnel. The Department staff will review the Deliverable(s) to determine
whether or not it is complete and acceptable.
c.) The CCWIS Project Manager will notify the Supplier of any changes required in the
Deliverable within five (5) business days.
d.) The Supplier will make changes for Final Submission of the Deliverable within ten (10)
business days.
e.) The CCWIS Project Manager will review the Final Submission of the Deliverable and
determine acceptance or denial within ten (10) business days of receipt of the deliverable.
2. Should the CCWIS Project Manager recommend that the Deliverable not be accepted in its Final
form, the CCWIS Project Manager will provide a written decision, outlining the areas of deficiency,
areas needing improvement or completion, within ten (10) business days of receipt of the
Deliverable.
a.) Should the response require additional time, the CCWIS Project Manager will provide written
justification (within two (2) days) to the Supplier and the date the written decision will be
provided, which will not exceed five (5) additional business days.
b.) If the Final form of the Deliverable is not accepted, the Supplier will have ten (10) business
days from the date of receipt of the notification to correct the deficiencies and resubmit the
Deliverable to the CCWIS Project Manager.
c.) The process outlined above, at the discretion of the Department, may be repeated until the
Department accepts the Deliverable or takes other appropriate action.
E. Deliverable Retention
All deliverables and work products shall be retained by the Department and the Supplier for review by
Federal authorities for the duration of the project. All deliverables and work products will become property
of the Department.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 75 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix A – Service Level Agreements
To be effective upon Solution implementation. The below are examples of possible Service Level Agreements (SLAs). Supplier should provide a
complete list of SLAs using the template below.
Table A.1 - SLAs
Performance Standard
Concurrent Users
Solution Up Time
Measurement
Measurement Period
Up to 2500 users with 1500 online
concurrently
Hourly
24/7/365
Monthly
% Level
100%
$500/1%
Maximum of
$2,000 per
month
99%
(Excluding scheduled
maintenance with 14
calendar days prior
notification) (Excluding
System of Record (SOR)
and VDSS Hosted
environment downtime.)
$1000/0.1%
Maximum of
$5,000 per
month
Ticket Resolution Response
Time
High Priority: within 8 business hours
from receipt of call/email
(Priority Levels to be
determined during Contract
Negotiations)
Medium Priority: Within 2 business
days
Critical Incident Response
Time (Critical Incident to be
defined during Contract
Negotiations)
Supplier will resolve within 4 business
hours.
Supplier Single Point of
Contact
Supplier will identify a single point of
contact with an identified backup for all
Critical Priority tickets/items.
Synchronization to System
of Record (SOR)
On Demand when securely connected
SOLICITATION NUMBER: FAM-17-041
Remedy
Monthly
90%
$500/1%
Monthly
90%
$1000/1%
Low Priority: Within 5 working days
VDSS
100%
Monthly
100%
PAGE 76 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Operational Reporting (if
solution is hosted outside of
a VDSS environment)
At least weekly reports on hosting;
performance; scalability; capacity and
incident management
Monthly
100%
$500/1%
Troubleshooting
Notification and Root Cause Analysis
for all Critical incidents and High
Priority tickets.
Per Incident
100%
$1000/1%
Upgrades (VDSS will receive
prior notification and
documentation to provide
go/no go before
deployment.)
No less than 30 days prior to upgrade
Per Upgrade
100%
Backwards compatible.
Support for two most recent Major
releases of OS.
Support for minor Operating
System (OS) release
Certify support within 30 days of
General Availability (GA) release.
Per Release
100%
Support for major OS
releases (e.g. iOS 11 or
Android 8)
Certify support within 60 days of GA
release.
Per Release
100%
SOLICITATION NUMBER: FAM-17-041
VDSS
100%
PAGE 77 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix B - Supplier Procurement and Subcontracting Plan
All small businesses must be certified by the Commonwealth of Virginia, Department of Small Business and Supplier
Diversity (DSBSD) by the contract award date to participate in the SWAM program. Certification applications are
available through DSBSD online at http://www.sbsd.virginia.gov/.
Supplier Name: _____________________________________________________
Preparer Name: ___________________________ Date: ____________________
Instructions
A. If you are certified by the DSBSD as a small business or as a micro business, complete only Section A of this form. This shall
include DSBSD-certified women, minority, or service-disabled veteran-owned businesses when they have received DSBSD
small business certification.
B. If you are not a DSBSD-certified small business, complete Section B of this form.
Section A
If your firm is certified by the DSBSD, are you certified as a (check all that apply):
______
______
______
______
______
______
______
______
Small Business
Small and Women-owned Business
Small and Minority-owned Business
Small Service Disabled Veteran-owned Business
Micro Business
Micro Business and Women-owned Business
Micro Business and Minority-owned Business
Micro Service Disabled Veteran-owned Business
Certification Number: ___________________________
Certification Approval Date: ______________________________
Certification Expiration Date: _________________________________
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 78 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Section B
Populate the table below to show your firm's plans for utilization of DSBSD-certified SWaM businesses and Non-SWaM
businesses directly performing the Requirements of this contract. This shall not exclude DSBSD-certified micro businesses or
women, minority, or service disabled veteran-owned businesses when they have received the DSBSD small business
certification. Include as well businesses which ARE NOT SWaM businesses that will be utilized in directly performing the
Requirements of this contract. Include plans to utilize small businesses as part of joint ventures, partnerships, subcontractors,
Suppliers, etc.
Note to Supplier: You may add rows as needed.
Table B.1 - SWaM
Small Business Name &
Address
Status if Small
Business is also:
DMBE Certificate #



(Leave certificate number
blank if Non-SWaM)

Contact Person,
Telephone & Email
Women (W)
Minority (M)
Service-Disabled
Veteran (D)
Micro Business
(MB)
Type of Goods
and/or Services
Planned
Involvement
During Initial
Period of the
Contract
Totals $
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 79 OF 83
Planned Contract Dollars
During Initial Period of the
Contract
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix C – Pricing
Supplier must complete “Appendix C – Pricing.xls” and submit the completed document with your
response.
The Supplier shall provide total pricing for the package of an external service and/or hosted solution
in addition to pricing broken down to the service level.
The Supplier will detail the inclusion of pricing provisions to the package including, but not limited to,
service guarantees and contingent fees. Any additional cost assumptions, conditions, and/or
constraints relative to, or which impact the package pricing must also be detailed.
The Supplier shall provide a detailed schedule of costs for maintenance fees related to services,
software and hardware, if applicable, for the contract period.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 80 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix D – State Corporation Commission Form
Virginia State Corporation Commission (SCC) registration information. The Supplier:
is a corporation or other business entity with the following SCC identification number:
____________ -ORis not a corporation, limited liability company, limited partnership, registered limited liability
partnership, or business trust -ORis an out-of-state business entity that does not regularly and continuously maintain as part
of its ordinary and customary business any employees, agents, offices, facilities, or inventories
in Virginia (not counting any employees or agents in Virginia who merely solicit orders that
require acceptance outside Virginia before they become contracts, and not counting any
incidental presence of the Supplier in Virginia that is needed in order to assemble, maintain, and
repair goods in accordance with the contracts by which such goods were sold and shipped into
Virginia from Supplier’s out-of-state location) -ORis an out-of-state business entity that is including with this proposal an opinion of legal
counsel which accurately and completely discloses the undersigned Supplier’s current contacts
with Virginia and describes why those contacts do not constitute the transaction of business in
Virginia within the meaning of § 13.1-757 or other similar provisions in Titles 13.1 or 50 of the
Code of Virginia.
**NOTE** >> Check the following box if you have not completed any of the foregoing options
but currently have pending before the SCC an application for authority to transact business in
the Commonwealth of Virginia and wish to be considered for a waiver to allow you to submit the
SCC identification number after the due date for proposals (the Commonwealth reserves the
right to determine in its sole discretion whether to allow such waiver):
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 81 OF 83
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix E - Supplier Exceptions to VDSS Contract Template
Note to Supplier: You may add rows as needed.
Page
Number
Table E.1 - Supplier Exceptions to VDSS Contract Template
Contract
Current Language
Section/Subsection
SOLICITATION NUMBER: FAM-17-041
VDSS
Exception Explanation
PAGE 82 OF 83
Recommended Revised Language
SOLICITATION NAME: CCWIS ENTERPRISE MOBILE SOFTWARE SOLUTION
Appendix F –Enterprise Cloud Oversight Services (ECOS)
Where the proposed solution includes or requires third party hosting of application, data or SaaS,
before the Department enters into a contract with a Supplier, the Supplier must complete the VITArequired ECOS Security Assessment and Governance Map for Non-Premise Based Services that is
titled “Appendix F – SEC 525 Self-Assessment.xlsx”. Completion of this document is not required for
the RFP response but is included for your awareness.
SOLICITATION NUMBER: FAM-17-041
VDSS
PAGE 83 OF 83