home - kansas department of administration - … web view5.5.1.1 help desk - msc requirements27...

EVT0002842 - Specifications of 39

5.0 Specifications

Contents5.0 Purpose and Background...........................................................................................................................4

5.0.1 Purpose...........................................................................................................................................4

5.0.2 Background....................................................................................................................................4

5.0.3 MSC MIS Overview.......................................................................................................................5

5.1 Current MSC MIS Architecture.................................................................................................................7

5.1.1 Front-End.......................................................................................................................................9

5.1.2 Back-End........................................................................................................................................9

5.1.3 List of Operating Systems..............................................................................................................9

5.1.4 List of Development and Support Software..................................................................................10

5.1.5 MSC MIS Applications................................................................................................................11

5.2 Operations and Maintenance....................................................................................................................12

5.2.1 Operations and Maintenance for New Hampshire........................................................................13

5.2.1.1 Operations and Maintenance - New Hampshire Requirements.....................................................13

5.2.1.2 Data Center - New Hampshire Requirements...............................................................................14

5.2.1.3 Hosting Security - New Hampshire Requirements.......................................................................14

5.2.2 Operations and Maintenance for Kansas and ITCA......................................................................15

5.2.2.1 Operations and Maintenance - Kansas and ITCA Requirements..................................................15

5.2.3 Operations and Maintenance for MSC..........................................................................................16

5.2.3.1 Operations and Maintenance - MSC Requirements......................................................................16

5.2.4 Operations and Maintenance Warranty.........................................................................................16

5.2.4.1 Operations and Maintenance Warranty - MSC Requirements......................................................16

5.2.5 System Maintenance and Network Services.................................................................................17

5.2.5.1 System Maintenance and Network Services - New Hampshire Requirements.............................17

5.2.5.2 System Maintenance and Network Services - Kansas and ITCA Requirements...........................17

5.2.5.3 System Maintenance and Network Services - MSC Requirements...............................................18

5.2.6 Software Monitoring, Maintenance and Modifications.................................................................18

5.2.6.1 Software Monitoring, Maintenance and Modifications - MSC Requirements..............................19

5.2.6.2 Software Releases - MSC Requirements......................................................................................19

5.2.6.3 Software Security - MSC Requirements.......................................................................................20

5.2.6.4 Software Security Testing- MSC Requirements...........................................................................20


5.2.7 System Response Time and Availability......................................................................................21

5.2.7.1 System Response Time and Availability - MSC Requirements....................................................21

5.2.8 Support Response Time................................................................................................................21

5.2.8.1 Support Response Time - MSC Requirements.............................................................................22

5.2.9 Security and Confidentiality of Data............................................................................................22

5.2.9.1 Security and Confidentiality of Data - MSC Requirements..........................................................22

5.2.10 Training........................................................................................................................................23

5.2.10.1 Training - MSC Requirements.....................................................................................................23

5.2.11 External Interfaces........................................................................................................................23

5.2.11.1 External Interface - MSC Requirements.................................................................................23

5.3 Disaster Recovery....................................................................................................................................24

5.3.1 Disaster Recovery - New Hampshire Requirements.....................................................................24

5.3.2 Disaster Recovery - Kansas and ITCA Requirements..................................................................24

5.4 Task Orders..............................................................................................................................................25

5.4.1 Submitting Task Order - MSC Requirements...............................................................................25

5.4.2 Pricing Task Orders - MSC Requirements....................................................................................26

5.4.3 Invoicing Task Orders - MSC Requirements................................................................................26

5.5 Help Desk................................................................................................................................................27

5.5.1 Hours of Operations......................................................................................................................27

5.5.1.1 Help Desk - MSC Requirements....................................................................................................27

5.6 Local Clinic Network Support.................................................................................................................28

5.6.1 Local Clinic Network Support – New Hampshire Requirements..................................................28

5.6.2 Local Clinic Network Support - MSC Requirements....................................................................28

5.7 Communication Plan (Reports and Meetings)..........................................................................................28

5.7.1 Communication Plan (Reports and Meetings) - MSC Requirements......................................................28

5.8 Service Level Agreement (SLA)..............................................................................................................29

5.8.1 Areas of Service...........................................................................................................................29

5.8.1.1 Service Level Agreement - MSC Requirements...........................................................................29

5.9 System Documentation............................................................................................................................29

5.9.1 System Documentation - MSC Requirements..............................................................................29

5.10 Contractor Staffing Levels.......................................................................................................................30

5.10.1 Key Personnel Qualifications.......................................................................................................30

5.10.1.1Contractor Staffing Levels - MSC Requirements.........................................................................31

5.11 Transition to a New Contractor................................................................................................................31

5.11.1 Startup activities...........................................................................................................................32


5.11.1.1 Transition to a New Contractor - MSC Requirements.................................................................32

5.11.1.2 Transition to a New Contractor – New Hampshire Requirements...............................................32

5.11.2 Resources the MSC Will Make Available....................................................................................32

5.12 Contract Duration....................................................................................................................................33

5.13 Operations and Maintenance Invoicing....................................................................................................33

5.14 Glossary...................................................................................................................................................33

5.15 Response Requirements...........................................................................................................................36

5.16 Proposal Evaluation Process....................................................................................................................36

5.16.1 Rights of the MSC in Evaluating Proposals..................................................................................36

5.16.2 Proposal Evaluations....................................................................................................................37

5.16.2.1 Initial Screening...........................................................................................................................37

5.16.2.2 Preliminary Evaluation of Proposals and Reference Checks.......................................................37

5.16.3 Evaluation Criteria........................................................................................................................37

5.16.3.1 Security and Protection of Data...................................................................................................37

5.16.3.2 Compatibility with MSC Personnel.............................................................................................38

5.16.3.3 Project Execution (Transition and Testing).................................................................................38

5.16.3.4 Project Management Competence...............................................................................................38

5.16.3.5 Ongoing Operations.....................................................................................................................38


5.0 Purpose and Background

The State of Kansas Department of Health and Environment (KDHE) is issuing a Request for Proposal to procure technical services for the Operations and Maintenance of the tri-state Management Information System (MIS) for the Special Supplemental Nutrition Program for Women Infants and Children (WIC). The Software Application is a United States Department of Agriculture (USDA) approved public domain WIC Application and is the current operating System for the State of Kansas, the Inter Tribal Council of Arizona, Inc (ITCA) and the State of New Hampshire WIC Programs.

The State of Kansas, ITCA and the State of New Hampshire WIC Programs have a Cooperative Agreement that was executed in 2009, creating the Multi-State Consortium (MSC), in order to maximize efficiencies regarding joint design, development and implementation of changes to their respective Management Information Systems (MIS). In 2011 the MSC secured USDA funding to upgrade the MIS to a web-based, smart-client .NET system.

The MSC MIS is a transfer system originally developed for the State of Washington by Starling Systems (formally Starling Consulting Inc. which was acquired by, and is now known as CQuest America). The system was implemented in Kansas in 2004 as the KWIC system, in ITCA as the STARS system and New Hampshire in 2005 as the StarLINC system. In October of 2012 the MSC MIS was updated to the .Net platform using Service-Oriented Architecture (SOA) principles and object-oriented design.

5.0.1 Purpose

The purpose of this solicitation is to select one (1) domestic Operations Contractor to provide hosting, operations, software maintenance, technical support services, and software enhancements for the MIS operated by the MSC. The contractor’s support and maintenance shall commence upon the Effective Date and extend through the end of the Contract term, and any extensions thereof. The Operations contractor shall be responsible for all aspects of the MIS including, but not limited to, the following:

Hosting Central Processing System (CPS) for the State of New Hampshire Operations of Central Processing System (CPS) for Kansas and ITCA. Database maintenance and administration including, but not limited to, data

synchronization between the Contractor, States, and community-based Local Agencies. Help Desk services. Telecommunications and network support. Security and Disaster Recovery. Applications maintenance, development, deployment (including deployment scripts),

enhancements, bug tracking and documentation as requested by the MSC

5.0.2 Background

WIC is a federally funded program that provides nutrition education and counseling, related preventive health services, and WIC Food Instruments (FI’s) for specific nutritious foods to pregnant women, breastfeeding women up to twelve (12) months following childbirth, non-breastfeeding women up to six (6) months following childbirth, infants, and children up to their


fifth birthday. WIC FI’s are provided to clients/participants who redeem them at approved participating grocers (or vendors) and Farmers’ Markets in the State of Kansas.

The Kansas WIC Program screens applicants and provides services to a monthly average of 70,000 clients in 120 clinic sites throughout the state. There are currently 400 approved participating grocers that provide WIC foods to clients. Each WIC clinic includes a minimum of one computer, a Magnetic Ink Character Recognition (MICR) printer to produce both checks and administrative reports (checks printed by the system include bank coding), and an electronic signature pad.

The ITCA WIC Program screens applicants and provides services to an average of 10,500 clients in 14 permanent clinic sites and 50 mobile sites throughout the State of Arizona. There are 160 approved vendors that are authorized to accept WIC checks and provide the foods to clients. Each WIC clinic includes a minimum of one computer, a Magnetic Ink Character Recognition (MICR) printer to produce both checks and administrative reports (checks printed by the system include bank coding), and an electronic signature pad.

The New Hampshire WIC Program screens applicants and provides services to an average of 17,000 clients/participants at 6 permanent community -based clinic sites and 54 mobile sites throughout the state. There are approximately 206 approved vendors that are authorized to accept WIC vouchers and provide the WIC foods to participants. Each WIC clinic includes a minimum of one computer, a printer to produce both vouchers and administrative reports and an electronic signature pad.

MSC Agency Location and Clinics

Agency Name

State Office Location

Approx Users

Approx # Clients/

Participants

Direct Online Clinics

Remote Offline Clinics

Food Delivery Method

Kansas Topeka, KS 300 70,000 65 clinics 22 main clinics45 satellite clinics Checks

ITCA Phoenix, AZ 55 10,500 0 16 main clinics31 satellite clinics Checks

New Hampshire Concord, NH 92 17,000 0 6 main clinics

54 satellite clinics Vouchers

Each member of the MSC administers the United States Department of Agriculture (USDA) funded WIC Program. This program provides nutrition education and supplemental foods to income-eligible women who are pregnant, postpartum or are breastfeeding, and to infants and children.

WIC provides a range of nutrition services in a supportive environment. Contracts are maintained with local health departments, tribes, community health centers and community based social service agencies to deliver direct services to eligible clients/participants.

WIC provides the following services to clients/participants: Nutrition assessment Nutrition counseling and education Breastfeeding promotion and support Food Instruments for the purchase of nutritious foods Health and social service referrals


5.0.3 MSC MIS Overview

The MIS is a collection of computer-related applications providing functionality that enables the Programs to provide client/participant specific benefits according to federal regulations and state policies. The system is used for certification, data collection, FI processing, financial reconciliation and vendor management. The system is also capable of producing a variety of reports including, but not limited to program participation, breastfeeding initiation and duration, risk incidence and benefit issuance. The MIS is grouped into 4 major functional areas: Client Services, Vendor Management, Financial Management, and System Administration.

Client ServicesThe Client Services application assists clinic staff in providing WIC services to clients/participants. It automates the scheduling of appointments, assessing and certifying applicants, prescribing food packages, issuing and replacing WIC FI’s, and referring clients/participants to other health and social services. This application organizes clients into strong family groupings making the process of group appointments, a family flowsheet, nutrition education and benefit issuance for the family group very easy. Client Services can also track outreach contact information for organizations that sponsor WIC–related activities.

Vendor ManagementThe Vendor Management application is used to document information about WIC vendors, the vendor owners and the wholesalers supplying the vendors. Vendor training, monitoring, complaints, and risk levels are recorded and tracked. Also included in this application is functionality used to document and track vendor investigations, associated sanctions against vendors, correction action plans for vendors found in violation of WIC rules, vendor appeals to investigative findings and payment of fines. This application produces investigative FI’s used by staff members to conduct vendor investigations.

Financial ManagementParticipation & Financial Reports – Participation and Financial Reports contains reports about a wide variety of subjects. Most of the reports in this application use a data warehouse feature which is augmented every month from the clinic, State office and banking contractor data. Participation reports present numeric and statistical reports about the various categories of participants, services offered and used, and participant diversity. The application also contains various financial and FI activity reports.

Check Management (or Voucher Management) – The Check (or Voucher) Management application allows WIC staff to view the records of all issued FIs. FI information includes participant and caregiver, the issue amount and actual amount, who issued the FI, the food package to which it belongs, the food categories it allows, date it was issued and if relevant, the dates the FI was voided, replaced, and/or reissued. Redemption data associated with each issued FI is also displayed.

System AdministrationAdministrative tasks like user maintenance and reference data updates are performed and/or overseen by MSC WIC State Office staff. In addition, regularly scheduled activities are conducted to keep the system up-to-date. Typically these activities are conducted at the end of each day and at the end of each month. Examples of end of day activities is the importing and exporting issuance data, bank payment files, vendor survey data, and food instrument data.


Program information is distributed to local state agencies, the USDA, and FI information is sent to contracted banking institutions or the State of New Hampshire’s accounting system – NH First.

The WIC programs are administered at the State and Clinic level. The State is primarily concerned with overall program administration. The primary role of the Clinic is to enroll, provide nutrition education and referral services and issue benefits to clients/participants.

The Contractor shall be responsible for the support, maintenance and modifications of all the applications using the regulations, policies and standards set forth in the following:

A) USDA’s Functional Requirements Document for a Model WIC System (FReD)B) Vendor Regulations including the federally mandated report The Integrity Report (TIP)C) Financial and participation count by category computations supporting federally mandated

reportsD) WIC System interfaces and standard reports, including

a. Participant Characteristics Minimum Date Set & Supplemental Data Set b. Nightly FTP (or e-mail) interface and/or import/export of files with any WIC FI

processing contractor c. Quarterly reports (formerly known as the CDC PedNSS and PNSS)d. Multi-state Dual Participation flat file interfacee. Monthly Infant Formula and Food Rebate files

During the course of this contract, the MSC will be making a major transition from paper food instruments to an Electronic Benefits Transfer (EBT) card. The bidder should have some familiarity with WIC EBT as this mid contract transition shall involve testing, training, hardware disposition/removal (i.e. printers), possibly impacting contractor staffing resource commitment.

5.1 Current MSC MIS Architecture

The MSC MIS is a full-featured system meeting the Food and Nutrition Services (FNS) mandatory requirements defined by the Functional Requirements Document (FReD) for a Model WIC System required for a WIC information system.

The MIS provides two options for using the applications in urban, rural, and mobile clinic settings. All clinics in ITCA and New Hampshire use the MIS within a LAN topology in which each clinic maintains a local server hosting their clinic database and the database tables are synchronized on a set schedule with a consolidated database (off-line process). The ITCA consolidated database service is located at their State Office location in Phoenix, AZ and is operated remotely by the incumbent Contractor. The New Hampshire consolidated database service is hosted at the incumbent Contractor facility in Springfield, IL and operated by the same. The Kansas consolidated database is located at the KDHE IT Department, Topeka, Kansas, and is operated remotely by the Contractor. Physical operations are performed by the KDHE-IT group. Other clinics in Kansas use Web Services via the internet to access and process the application at State Office servers.

The off-line process that the MIS supports hosts applications on a mobile notebook, allowing clinic personnel to travel and perform their duties in remote or isolated destinations. There is a process to extract identified clients from the LAN database and populate a notebook Sybase© ASA database (called a “check out” process). At the conclusion of the day, the information collected using the notebook version is updated to the local clinic server via the database synchronization process (called a “check in” process). This information, plus all other local clinic collected information, access the WIC State Office

http://www.fns.usda.gov/wic/PC2012Guidance.pdf

http://www.fns.usda.gov/wic/tip/userguide/default.htm

http://www.fns.usda.gov/apd/WIC_FRED.htm


servers through the Internet using their local internet provider and synchronize their database tables with the consolidated database. The use of local internet providers results in a variety of communication types and speed.

The MIS uses Object Oriented programming for developing the .NET WIC application in C# language. There are three applications that use source code written using PowerBuilder© 10.5. The system is supported on Windows XP and Windows 7 machines. The central processing site and local agency servers run on Intel-based servers using MS Server 200x operating systems. Mobile services are provided that are either stand-alone or set up mobile local area networks using Intel-based notebooks and wireless access points. The MICR printers are from Source Technologies (e.g.ST9630).

The database engine used with the MIS is Sybase Adaptive Server Anywhere© (originally developed by Watcom International Corporation©). The introduction of Watcom SQL, a SQL database server product, was presented for use in 1992. Watcom was acquired by Powersoft© in 1994 and was supplied with the Powersoft PowerBuilder© product. Powersoft© was acquired by Sybase© in 1995. In May of 2000, Sybase© spun off their mobile and embedded computing division into its own company, iAnywhere Solutions©. Watcom SQL continues in production under the name Sybase SQL Anywhere© (supplied by iAnywhere Solutions©). ASA Sybase© provides bi-directional synchronization capability.

All of the WIC clinic computer equipment and software is the responsibility of the WIC Local Agency or WIC State Office. Issues addressing WIC computer equipment failures (computers, printers, network connections, etc.) are reported to the WIC Help Desk, who in turn shall contact either the WIC State Office or the Local WIC Agency and determine a corrective course of action. The Help Desk is to track the issue through resolution. There are occasions when the WIC Help Desk is needed to assist in more detail a resolution for such failures.

The MSC MIS is an SOA architecture that uses the Microsoft .NET Framework version 4.0. The application is developed using an object oriented architecture with distinct, logical layers for presentation, business services and data access. The application can be deployed using ClickOnce deployment technology from Microsoft; this allows you to publish Windows-based applications to a Web Server for simplified installation and automatic updates.

The Rich Client application is installed on user’s machines. The Business Services and the Data Access components reside on the Server side application farm. Business Services encapsulate the WIC business logic. Users access servers via the Internet. The Data Access components, deployed in the Server side application farm, access the data that resides on the Database server.

All documentation, including the source code, will be available for potential bidders upon request. Documentation available for review consists of a Disaster Recovery Plan, Help Desk manual, Entity Relationship Diagram, Data Dictionary, Functional Documentation, Technical Documentation, and Operations Manual.


5.1.1 Front-End

The front-end addresses two distinct group of users; Local Agency staff using Client Services and the training database and State Office staff using Participation and Financial Reports, Vendor Management and Food Package applications, etc.

The front-end refers to the screens and other end-user interactive points with the MIS. Desktops and notebooks use Microsoft Windows XP or Windows 7 (or greater). Local servers use Microsoft Server 2000 or greater.

5.1.2 Back-End

The back-end refers to the screens, reports, utilities and processes that are used by contractor staff (i.e. Operations Management) primarily to summarize finance data and transfer files to the WIC FI processor. State Office staff use other back-end applications such as Food Package Management to build food packages and maintain WIC authorized food categories that are issued to clients through the Client Services application in the Local Agencies. The back-end was built and is maintained using Sybase as the development tool and Sybase ASA for the consolidated database.

5.1.3 List of Operating Systems

The Contractor shall be responsible for the support, maintenance and modifications, and where required, the creation of all the applications within the MIS and all supporting systems to ensure continued reliable and maximum uptime. The Contractor must ensure the Production system runs reliably with a minimum 99.9% system availability (“uptime”) during normal business hours.

The Contractor shall be responsible for the establishment of a system and/or process for support, maintenance, modification and possible creation of the application where required. This encompasses all WIC operating systems including:


Production system Testing system(s) Development system Training Databases

o Includes 45 separate training instanceso Uses Terminal Services Remote Application running the latest Remote Desktop

Connection client for Windows Windows Server 2003R2, 2008, 2008R2 Windows XP,7 or 8

5.1.4 List of Development and Support Software

The following list is what is currently being used to support the MIS.


C#XAMLT-SQLWatcom-SQLMS Visual Studio 2012 Premium /w MSDNJetBrains Resharper 7.0ActiveReports 7.0Microsoft Enterprise Library 5.0LINQPad 4.0VMWare Workstation 8.0Sybase SQL Anywhere v12.0OrcaFiddler2ExpressoJetBrains dotTrace Memory 3.5JetBrains dotTrace Performance 5.3ILSpySysInternal ToolsPerformance MonitorEntity Framework ProfilerMS Office 2007MS Visio 2013

MS ProjectMS Team Foundation Server 2012 MS Team Foundation Server 2012 Power ToolsTeam Foundation Sidekicks 2012NuGetSnoop WinPCapWiX Toolset v3.7WixEditWireSharkBeyond Compare 3Blend for Visual Studio 2012IIS 7.0.Net Framework 4.0MoqTopaz SigPlus SDKWPF ToolkitNotepad++PowerBuilder QwerybuilderMicrosoft Server OS

Microsoft ExchangeArcana SchedulerCitrixVMWare ESXi 5.1 + vCenter ServerGFI Network Server MonitorMicrosoft NLBMicrosoft RDS (training environment)Misrosoft SQL 2008 R2 StandardNotepad++WinSCP7-zipLinux (CentOS) w/Postfix (SMTP) and Dovecot (POP3) for database replicationMicrosoft SharePoint (KDHE IT)Symantec Endpoint Protection (KDHE IT)CA Arcserv Backup (KDHE IT)EMC Avamar Backup (KDHE IT)

5.1.5 MSC MIS Applications

The MIS is comprised of several integrated applications: (applications listed in bold italics are a PowerBuilder application.)

List of ApplicationsLocal Agency Applications State Agency Applications Contractor ApplicationsClient Services BF Reports Operations ManagementMobile Sync Central Office UtilitiesLocal Vendor Management Check Management

Voucher Management (NH Only)Voucher Entry (NH only)Clinic ManagementFood PackageParticipation & Financial ReportsVendor Management

The following is a list representing the approximate magnitude of the MSC MIS ApplicationsApproximate Number of SQL Views

Approximate Number of Reports

Approximate Number of Screens

Local Agency ApplicationsClient Services 350 53 126


Approximate Number of SQL Views

Approximate Number of Reports

Approximate Number of Screens

Mobile Sync 5 0 2Local Vendor Management 45 7 25State Agency ApplicationsBreastfeeding Reports 4 13 -Central Office Utilities 20 - 20Check Management 50 15 13Voucher Management (PowerBuilder) 3 4 19Voucher Entry (PowerBuilder) 24 1 12Clinic Management 25 3 17Food Package 25 4 14P & F Reports 60 26 12Statewide Client Services 350 53 126Vendor Management 200 42 92Operations ApplicationsOperations Management (PowerBuilder) 60 13 47

CountNumber of monthly Ad Hoc Production Queries 9Database Tables 481Triggers 3Stored Procedures - Functions 1385

5.2 Operations and Maintenance The Contractor shall be responsible for ongoing operation and maintenance of the MSC MIS, including correction of system operational errors, as well as maintaining the main lines of communication between the Central Processors and local agencies.

The responsibilities and accountabilities of the Contractor is to provide direct and ancillary support of the MIS application and supporting system software, hardware, firmware, and middleware required for the operation of the MSC MIS environments. The Contractor must have the resources to provide hosting tasks mutually agreed upon by Program and Contractor.

In addition to the WIC Application software, the Contractor shall oversee the licensure for additional required software programs, databases and their installation, all necessary operating systems and their installations, data files, enhancements, modifications, systems or control software, and utilities as well as software training, maintenance, support, documentation, and any other related professional services.

Each State program will purchase and maintain contracts for the following hardware and software: all signature pads, database servers and client-side operating systems. In addition, each State will purchase any additional database servers and associated software deemed necessary to fulfill the State’s minimum performance standards. If, through the course of moving the servers to end of life, there is a need to


purchase a new server, the Contractor shall have the opportunity to quote and propose an upgrade to hardware under their ownership and management.

5.2.1 Operations and Maintenance for New Hampshire

The following requirements pertain only to New Hampshire. The hosting server for New Hampshire shall be available twenty-four (24) hours a day, 7 days a week except for during scheduled maintenance. The contractor is required to provide and meet all federal and State regulatory and security requirements as hosting agent.

5.2.1.1 Operations and Maintenance - New Hampshire Requirements(a) Contractor shall maintain a secure hosting environment providing all necessary hardware,

software, and Internet bandwidth to manage the application and support users with permission based logins.

(b) State access shall be via VPN or Internet Browser(c) At the State’s option, authorized third parties may be given limited access by the Contractor

to certain levels of the New Hampshire system through the VPN or through a separate network connection that meets the Contractor’s specifications.

(d) New Hampshire will be responsible for equipment, labor, and /or services necessary to set-up and maintain the internet connectivity at the State and/or other third party sites.

(e) The Contractor shall not be responsible for network connection issues, problems or conditions arising from or related to circumstances outside the control of the Contractor, ex: bandwidth, network outages and /or any other conditions arising on New Hampshire’s internal network or, more generally, outside the Contractor’s firewall or any issues that are the responsibility of the New Hampshire State Internet Service Provider. The hosting server for New Hampshire shall be available twenty-four (24) hours a day, 7 days a week except for during scheduled maintenance.

(f) The Contractor shall be responsible for resolving issues to maintain a fully functioning, hosted system.

(g) A regularly scheduled maintenance window shall be identified (such as weekly, monthly, or quarterly) at which time all relevant server patches and application upgrades shall be applied.

(h) The Contractor must monitor the application and all servers.(i) The Contractor shall manage the databases and services on all servers located at the

Contractor’s facility.(j) The Contractor shall install and update all server patches, updates and other utilities as long

as they don’t interfere with the function or performance of the applications.(k) The Contractor shall monitor System, security, and application logs.(l) The Contractor shall manage the sharing of data resources.(m) The Contractor shall manage daily backups, off-site data storage, and restore operations.(n) The Contractor shall monitor physical hardware.(o) The Contractor shall immediately report any breach in security to the State of New

Hampshire.(p) The Contractor shall give two-business days prior notification to the State Project Manager of

all changes/updates and provide the State with training due to the upgrades and changes.(q) All hardware and software components of the Contractor hosting infrastructure shall be fully

supported by their respective manufacturers at all times. All critical patches for operating systems, databases, web services, etc, shall be applied within sixty (60) days of release by their respective manufacturers.


(r) The Contractor shall maintain a record of the activities related to repair or maintenance activities performed for New Hampshire and shall report quarterly on the following: Server up-time; All change requests implemented, including operating system patches; All critical outages reported including actual issue and resolution; Number of deficiencies reported by class with initial response time as well as time to close.

(s) The Contractor shall make available to the State the latest program updates, general maintenance releases, selected functionality releases, patches, and Documentation that are generally offered to its customers, at no additional cost.

(t) The Contractor shall maintain a record of the activities related to warranty repair or maintenance activities performed for the State. The logs shall be provided upon request.

(u) For all maintenance Services calls, The Contractor shall ensure the following information shall be collected and maintained: 1) nature of the Deficiency; 2) current status of the Deficiency; 3) action plans, dates, and times; 4) expected and actual completion time; 5) Deficiency resolution information, 6) Resolved by, 7) Identifying number i.e. work order number, 8) Issue identified by;

(v) The Contractor must work with the State to identify and troubleshoot potentially large-scale System failures or Deficiencies by collecting the following information: 1) mean time between reported Deficiencies with the Software; 2) diagnosis of the root cause of the problem; and 3) identification of repeat calls or repeat Software problems.

5.2.1.2 Data Center - New Hampshire Requirements(a) The Contractor shall provide a secure Class A Data Center providing equipment (including

dedicated servers), managed firewall services, and managed backup Services.(b) Data Center Air Conditioning – used to control temperature and humidity in the Data Center.

Temperature ranges shall be between 68 and 75 °F.(c) Data Center Humidity shall be non-condensing and be maintained between 40-55% with

maximum dew point of 62 °F.(d) Data Center Backup Power – uninterruptible power supplies shall be sized to sustain

computer systems and associated components for, at a minimum, the amount of time it takes for a backup generator to take over providing power. Where possible, servers shall contain redundant power supplies connected to commercial power via separate feeds.

(e) Data Center Generator – shall be sufficient to sustain computer systems and associated components for, at a minimum, the amount of time it takes for commercial power to return. Fuel tanks shall be large enough to support the generator at -full load for a period not less than 1 ½ days of operation.

(f) Data Center Floor – A raised floor is required for more uniform air circulation in the form of a plenum for cold air as well as to provide space for power cabling and wetness monitoring.

(g) Data Center Fire Protection System – fire detectors in conjunction with suppression gaseous systems must be installed to reduce the risk of loss due to fire.

(h) The Data Center must be physically secured – restricted access to the site to personnel with controls such as biometric, badge, and others security solutions. Policies for granting access must be in place and followed. Access shall only be granted to those with a need to perform tasks in the Data Center.

5.2.1.3 Hosting Security - New Hampshire Requirements(a) The Contractor shall employ security measures ensure that the State’s application and data is

protected.(b) If New Hampshire data is hosted on multiple servers, data exchanges between and among

servers must be encrypted.


(c) All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti-hacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a whole, shall have aggressive intrusion-detection and firewall protection.

(d) All components of the infrastructure shall be reviewed and tested to ensure they protect New Hampshire’s hardware, software, and its related data assets. Tests shall focus on the technical, administrative and physical security controls that have been designed into the System architecture in order to provide confidentiality, integrity and availability.

(e) In the development or maintenance of any code, the Contractor shall ensure that the Software is independently verified and validated using a methodology determined appropriate by New Hampshire. All software and hardware shall be free of malicious code.

(f) The Contractor shall notify the New Hampshire WIC Director of any security breaches within two (2) hours of the time that the Contractor learns of their occurrence.

(g) The Contractor shall ensure its complete cooperation with the New Hampshire Chief Information Officer in the detection of any security vulnerability of the Contractors’ hosting infrastructure and/or the application.

(h) The Contractor shall be solely liable for costs associated with any breach of New Hampshire data housed at their location(s) including but not limited to notification and any damages assessed by the courts.

(i) The Contractor shall authorize New Hampshire to perform scheduled and random security audits, including vulnerability assessments, of the Contractor’s hosting infrastructure and/or the application upon request.

(j) The Contractor shall provide fire detection and suppression system, physical security of and infrastructure security of the proposed hosting facility. The environmental support equipment of the Contractor website hosting facility: power conditioning; HVAC; UPS; generator must be acceptable to New Hampshire.

5.2.2 Operations and Maintenance for Kansas and ITCA

The Kansas and ITCA program’s on-site IT departments provides the hardware and software resources to support the State Office servers, modems, etc. All Kansas equipment is located at 1000 SW Jackson Street, Topeka, Kansas, and is only accessible to authorized staff within the KDHE IT secured area of the Curtis State Office building. All ITCA equipment is located at 2214 North Central Avenue, Phoenix, Arizona and is only accessible to authorized staff. It is estimated the Contractor shall perform 98% of the work required on the Central Site Processor (CSP) servers.

Responsibilities not identified currently for either party but discovered over time shall be evaluated and assigned to the appropriate party.

5.2.2.1 Operations and Maintenance - Kansas and ITCA Requirements (a) The Contractor shall perform system support maintenance on the central processor servers

after the normal business day and during the weekends, to minimize the impact of down time on MIS users for the State of Kansas and ITCA WIC Programs.

(b) The Contractor shall monitor on-site IT operations and maintenance of the Central Site Processor on Program supplied equipment

(c) The Contractor shall provide and monitor the coordination of all data communications between the State Agency, Local Agencies and clinics, and the CSP. This activity includes all uploads, downloads, centralized backup, recovery procedures, etc.

(d) The Contractor shall make every effort to resolve off-hours maintenance issues without on-site IT personnel support.


(e) The Contractor shall maintain the Operations Manual reflecting up-to-date processes(f) The Contractor shall communicate with on-site IT staff and the MSC Project Manager (or

designee) of any scheduled maintenance that must occur during evenings and/or weekends.

5.2.3 Operations and Maintenance for MSC

The following requirements are for all three states.

5.2.3.1 Operations and Maintenance - MSC Requirements(a) All File Maintenance Requirements - This support must ensure backups, archiving of data

and maintenance of database synchronization between systems and system modules are performed on a daily basis.

(b) System Data Tables - Must provide for the maintenance of all CSP Application, state office and standard clinic system data tables.

(c) Software Changes - Programmer/analyst staff must be available to correct software problems in the system as well as to develop system enhancements. These services are to be performed under general maintenance or task order hourly contract provisions as appropriate to the type of change.

(d) Data Communications - Assure the coordination of all data communications between the State Office, clinics, CSP, and within clinic networks. This activity must include all uploads, downloads, centralized backup, recovery procedures, synchronization, etc. Support on-line or dial up capability to the Central Site Processor for the generation of ad hoc reports

5.2.4 Operations and Maintenance Warranty

The Contractor warrants that it shall satisfy all obligations under the contract using the standard of care, skill and diligence in the performance of such obligations. The Contractor warrants that all code, programs, and procedures maintained, delivered, installed, and implemented for the WIC Computer System shall perform as required in accordance with the specifications, terms and requirements of the Contract, including providing upgrades and fixes as required. The Contractor must maintain a record of the activities related to warranty repair or maintenance activities performed for the MSC MIS. The Contractor’s obligation under this warranty shall be to remedy any installation and/or other errors, coding bugs, and/or code defects, at no additional cost to the WIC Program. The Contractor warrants its own workmanship. The Contractor does not warrant hardware or system support software, to the extent that they are otherwise warranted by the manufacturer and are considered outside of the Contractor’s ability of control.

5.2.4.1 Operations and Maintenance Warranty - MSC Requirements(a) Maintain the hardware and Software in accordance with the Specifications, terms, and

requirements of the Contract, including providing, upgrades and fixes as required.(b) Repair or replace the System Software or any portion thereof so that the System operates in

accordance with the Specifications, terms and requirements of the Contract;(c) Maintain a record of the activities related to warranty repair or maintenance activities

performed;(d) For all Warranty Service calls, the Contractor shall ensure the following information shall be

collected and maintained: 1) nature of the Deficiency; 2) current status of the Deficiency; 3) action plans, dates, and times; 4) expected and actual completion time; 5) Deficiency resolution information; 6) resolved by 7) Identifying number i.e. work order number; 8) issue identified by.


(e) The Contactor must work with the State to identify and troubleshoot potentially large-scale Software failures or Deficiencies by collecting the following information: 1) mean time between reported Deficiencies with the Software; 2) diagnosis of the root cause of the problem; and 3) identification of repeat calls or repeat Software problems;

(f) All Deficiencies found during the Warranty Period and all Deficiencies found with the Warranty Releases shall be corrected by the Contractor no later than 5 business days, unless specifically extended in writing by the MSC, and at no additional cost.

5.2.5 System Maintenance and Network Services

These duties include, but are not limited to the coordination of the configuration of all new network hardware required prior to the installation of such hardware. In addition, the Contractor shall be required to coordinate the installation of any new Local Area Networks (LANs) that may be required in all system sites. The Contractor shall provide system maintenance of support software as required to ensure continuous operation of the MIS. The Contractor shall validate the MIS must function properly with new releases or new fixes to system support software.

5.2.5.1 System Maintenance and Network Services - New Hampshire Requirements(a) The Contractor must operate hosting Services on a network offering adequate performance to

meet the business requirements for the State application. For the purpose of this RFP, adequate performance is defined as 99.9% uptime, exclusive of the regularly scheduled maintenance window.

(b) The Contractor shall provide network redundancy deemed adequate by the State by assuring redundant connections provided by multiple Internet Vendors, so that a failure of one Internet connection must not interrupt access to the State application.

(c) Where redundant connections are not provided, then the Internet Vendor who provides the Internet service to the Contractor must have their service supplied by a provider(s) that has multiple feeds to ensure that a failure in one of the larger carriers shall not cause a failure of the State’s Service.

(d) The Contractor’s network architecture must include redundancy of routers and switches in the Data Center.

(e) Remote access shall be customized to the State’s business application. In instances where the State requires access to the application or server -resources not in the DMZ, the Contractor shall provide remote desktop connection to the server through secure protocols such as a Virtual Private Network (VPN).

(f) The Contractor shall provide the State with a personal secure FTP site to be used the State for uploading and downloading files.

5.2.5.2 System Maintenance and Network Services - Kansas and ITCA Requirements(a) Remote network administration – assure secure, remote access to the CPS using a broadband,

persistent connection, remotely monitor all servers, and using remote application software to troubleshoot and maintain the servers.

(b) Remote database administration – adjust indexes, make changes to the database appropriate for new software requirements, and manage log files; perform scheduled, annual maintenance of clinic databases to improve performance.

(c) The Contractor shall work in conjunction with Local Clinic IT support and/or State IT in performing all system troubleshooting activities which include the diagnosis and resolution of problems identified by the Contractor, reported by a State Program, Local clinics, or external entities.


(d) The Contractor shall log all problems with the date and time reported, a recommended priority (critical to low), and log the resolution

(e) The Contractor shall address problem resolution in accordance with their priority as determined by the MSC Project Manager (or designee); e.g. critical problems must be addressed immediately with frequent updates to the MSC WIC Project Manager (or designee) on progress made.

(f) The Contractor shall provide technical staff for responding to questions and problems which adversely affect the MIS application and/or production operation problems within thirty (30) minutes of notification receipt during normal business hours, or within 4 hours of notification receipt after normal business hours. The response is to include an estimated approach and timeline to resolve the reported issue.

(g) The Contractor must ensure the application runs reliably with a minimum 99.9% system availability during normal business hours. The Contractor shall be required to work with Local Agencies IT and/or Program IT staff in addressing issues outside of the application which has a direct or indirect impact on maintaining system availability.

5.2.5.3 System Maintenance and Network Services - MSC Requirements(a) Data synchronization management – The Contractor shall monitor replication logs to ensure

all MSC clinics are replicating with the Central Processing Site (CPS), diagnose and troubleshoot problems, and execute manual replication if necessary.

(b) Centralized application security management – The Contractor shall review usage logs and pinpoint abnormal usage patterns such as off-hours use, multiple failed logins, and extended user sessions; tightly control database users and the permissions assigned to those users, assuring network logins are current and that accounts are disabled or removed for staff as appropriate.

(c) Security management – The Contractor shall plan for and implement multiple levels and types of security to include physical, inventory and configuration control, data, telecommunications, network, operating system, and personnel security.

(d) Numerous automated jobs and extractions – The Contractor shall assure daily replication and data summarization on a predetermined basis, typically monthly, quarterly, and annually.

(e) The Contractor shall set up a process for verifying that all systems were backed up each work day during non-business hours.

(f) The Contractor shall provide and monitor the process of archiving of data and the maintenance of database synchronization between system modules on a daily basis.

(g) The Contractor shall monitor all system components for the need of version upgrades, including but not limited to; operating systems, third-party components, ASA Sybase database, and all related components.

(h) The Contractor shall perform system and software upgrades approved by the MSC Project Manager (or designee) ensuring upgrades work properly and do not disrupt the operational status of the system.

(i) The Contractor shall perform all system upgrades after normal business hours (unless approved otherwise by the MSC in the event the upgrade is required to address a situation which is impeding or preventing the clinic from performing their overall processing).

(j) There must be a system backup prior to beginning of an upgrade to provide a contingency plan in case a return to a pre-upgrade version is required.

5.2.6 Software Monitoring, Maintenance and Modifications


The Contractor must maintain, host and upgrade the full operational capacity of the MIS through the execution of the activities detailed below. All software deployed in the field must be maintained at version revision level that does not void support or maintenance with third party software vendors/developers such as Sybase or Microsoft.

Software is considered as both System Software (manages and controls the hardware enabling the application software to perform a task) and Application Software (employs the capabilities of a computer directly to perform tasks the user wishes performed – this includes all software e.g. PowerBuilder,.NET, database stored procedures, specialized utilities, etc.).

The Contractor shall address software bug corrections, software modifications, and most upgrades through normal maintenance. This involves providing the creation of new programming source code and/or modifications to existing programming source, addressing procedures, and documentation. In conjunction with any programming changes, the Contractor shall continually maintain the System Documentation, ensuring it stays a current reflection of the production system.

5.2.6.1 Software Monitoring, Maintenance and Modifications - MSC Requirements(a) The Contractor shall address and perform the daily monitoring activities as identified in the

Operations Manual. (b) The Contractor shall ensure that issues identified by the monitoring activities are addressed

daily with issue resolution recorded. The MSC Project Manager (or designee) may request a copy of this documentation at any time in which the Contractor shall provide.

(c) Unless otherwise agreed by the MSC Project Manager (or designee) during the course of the contract, the contractor must provide at least (4) four software builds annually, or more as necessary to meet critical business problems.

(d) The Contractor shall ensure that all system changes are tracked by a software version control system. The process must indicate what changes are applicable to each copy of the system.

(e) The Contractor shall be required to detail the IT project methodology used (i.e. ITIL, ISO9000) for change management testing.

(f) The Contractor must perform application testing using an industry standard and MSC approved testing methodology.

(g) All testing results must be shared with the respective State Program.(h) The Contactor must perform application stress testing and tuning.(i) The Contractor shall develop and/or modify software based on programmatic errors and/or

change requests. The change requests may be considered part of normal maintenance or based on Federal requirements and may require the use of the Task Order process.

(j) The Contractor shall use a change management policy for notification and tracking of change requests as well as critical outages.

(k) A critical outage shall be designated when a business function cannot be met by a nonperforming application and there is no work around to the problem.

(l) The Contractor shall update all system documentation to reflect the changes made to the system and maintain documentation to reflect the current production version accurately.

5.2.6.2 Software Releases - MSC Requirements(a) The Contractor shall coordinate the implementation of approved software.(b) Prior to the installation of a new release, the Contractor shall provide a list of the changes and

a list of activities with proposed timing for implementing the new software in each Program.(c) The Contractor shall provide a contingency plan to address any failures.(d) The Contractor shall communicate to all MIS users of the pending implementation.


(e) The Contractor shall install new releases during non-regular business hours and verify the reliable operation of the system following the implementation (with the exception of what would be determined by the MSC Project Manager (or designee) to be an emergency release which could be done during working hours).

(f) The Contractor shall be available for support at the start of the working day immediately following the implementation to assist MSC Program staff in assisting with Help Desk calls related to the changes.

(g) The Contractor shall be prepared to uninstall a release and revert to the previous working system state if significant problems are encountered and the MSC Project Manager (or designee) approves the reversion.

5.2.6.3 Software Security - MSC Requirements a) Verify the identity or authenticate all of the system client applications before allowing use of

the system to prevent access to inappropriate or confidential data or services.b) Verify the identity or authenticate all of the system’s users before allowing them to use its

capabilities to prevent access to inappropriate or confidential data or services.c) Enforce unique user names.d) Enforce complex passwords for Administrator Accounts of ten characters or more.e) Enforce the use of complex passwords for general users using capital letters, numbers and

special characters.f) Encrypt passwords in transmission and at rest within the database.g) Expire passwords after 90 days.h) Authorize users and client applications to prevent access to inappropriate or confidential data

or services.i) Provide ability to limit the number of people that can grant or change authorizationsj) Establish ability to enforce session timeouts during periods of inactivity.k) Ensure application has been tested and hardened to prevent critical application security flaws.

( At a minimum, the application shall be tested against all flaws outlined in the Open Web Application Security Project (OWASP) Top Ten

l) The application shall not store authentication credentials or sensitive Data in its code.m) Audit all attempted accesses that fail identification, authentication and authorization

requirementsn) The application shall log all activities to a central server to prevent parties to application

transactions from denying that they have taken place. The logs must be kept until back-ups are created.

o) The application must allow a user to explicitly terminate a session. No remnants of the prior session should then remain.

p) Use only the Software and System Services designed for use.q) The application Data shall be protected from unauthorized use when at rest.r) Keep any sensitive Data or communications private from unauthorized individuals and

programs.s) Subsequent application enhancements or upgrades shall not remove or degrade security

requirementst) Create change management documentation and procedures

5.2.6.4 Software Security Testing- MSC Requirements(a) All components of the Software shall be reviewed and tested to ensure they protect the State’s

web site and its related Data assets. (b) The Contractor shall be responsible for security testing, as appropriate. Tests shall focus on

the technical, administrative and physical security controls that have been designed into the


System architecture in order to provide the necessary confidentiality, integrity and availability.

(c) Test for Identification and Authentication; supports obtaining information about those parties attempting to log onto a system or application for security purposes and the validation of users

(d) Test for Access Control; supports the management of permissions for logging onto a computer or network

(e) Test for encryption; supports the encoding of data for security purposes(f) Test the Intrusion Detection; supports the detection of illegal entrance into a computer system(g) Test the Verification feature; supports the confirmation of authority to enter a computer

system, application or network(h) Test the Digital Signature; guarantees the unaltered state of a file(i) Test the User Management feature; supports the administration of computer, application and

network accounts within an organization.(j) Test Role/Privilege Management; supports the granting of abilities to users or groups of users

of a computer, application or network(k) Test Audit Trail Capture and Analysis; supports the identification and monitoring of activities

within an application or system(l) Test Input Validation; ensures the application is protected from buffer overflow, cross-site

scripting, SQL injection, and unauthorized access of files and/or directories on the server.(m) Prior to the System being moved into production, the Contractor shall provide results of all

security testing to each program for review and acceptance.

5.2.7 System Response Time and Availability

The MSC requires the following performance standards as a mechanism to ensure quality. The performance standards may be subject to penalties (as described below).

5.2.7.1 System Response Time and Availability - MSC Requirements(a) Window Processing in the Applications - seven seconds or less for 80 percent of the

transactions submitted and never more than 15 seconds. (b) FI Printing - must be completely printed within 10 seconds of function initiation (keystroke

or mouse click that initiates the actual print). (c) File Check Out/In – file synchronization to a portable computer to support a remote clinic

must be completed in less than 20 minutes.(d) Synchronization of State Office Files – the state files must be synchronized with all clinics

with no interference with any other scheduled batch processes and 60 minutes should be available to deal with any unexpected problems during this period.

(e) On Line to State Processor – clinic on line access to the state processor (if used) must be seven seconds or less for 80 percent of the transactions submitted and never more than 15 seconds.

(f) The system must be available during normal operating hours 52 weeks per year as well as during nighttime data transmission sessions.

(g) The Contractor shall guarantee 99.9% uptime, exclusive of the regularly scheduled maintenance window.

(h) If the contractor is unable to meet the 99.9% uptime requirement, the contractor shall credit the affected program’s account in an amount based upon the following formula: (Total Contract Item Price/365) x Number of Days Contract Item Not Provided. The State must request this credit in writing.

5.2.8 Support Response Time


The Contractor response time for support shall conform to the specific deficiency class listed here. Class A Deficiency –

(i) Software - Critical, does not allow the System to operate, no work around, demands immediate action;

(ii) Written Documentation - missing significant portions of information or unintelligible to users;

(i) Non Software - Services were inadequate and require re-performance of the Service. Class B Deficiency –

(ii) Software - important, does not stop operation and/or there is a work around and user can perform tasks;

(iii) Written Documentation - portions of information are missing but not enough to make the document unintelligible;

(iii) Non Software - Services were deficient, require reworking, but do not require re-performance of the Service.

Class C Deficiency – (i) Software - minimal, cosmetic in nature, minimal effect on System, low priority and/or

user can use System; (ii) Written Documentation - minimal changes required and of minor editing nature; (iii) Non Software - Services require only minor reworking and do not require re-performance

of the Service.

5.2.8.1 Support Response Time - MSC Requirements(a) Class A Deficiency –

(i) The Contractor shall have available on-call telephone assistance, with issue tracking available, during system operations with an email / telephone response within two (2) hours of request; or the Contractor shall provide support on-site or with remote diagnostic Services, within four (4) business hours of a request.

(b) Class B & C Deficiencies – MSC system users (local clinics or State Agency staff) shall notify the Contractor of such Deficiencies during regular business hours and the Contractor shall respond back within four (4) hours of notification of planned corrective action; The Contractor shall repair or replace Software, and provide maintenance of the Software in accordance with the Specifications, Terms and Requirements of the Contract.

5.2.9 Security and Confidentiality of Data

The Contractor is responsible for providing a secure system for each program. The MSC MIS contains confidential data of individuals on each WIC program. Operations and maintenance practices must ensure that the appropriate level of security is maintained and reasonable security procedures are in place to protect the integrity of the each State’s resources and information. The MSC MIS must be reliable and secure. Each program’s staff, customers and business partners expect government services and information to be available on an ongoing basis, with appropriate infrastructure to ensure business continuity. To accomplish this, the MSC MIS must continue to incorporate the technical safeguards protecting State’s assets.

5.2.9.1 Security and Confidentiality of Data - MSC Requirements(a) Submit to the MSC Project Manager (or designee) a signed Confidentiality Agreement prior

to starting work.


(b) Any issue regarding unauthorized intrusion, corruption or attempted corruption of data and/or communications, unauthorized software modifications, etc. (as detailed in the list) shall be reported to the MSC Project Manager (or designee) and the appropriate WIC Program Director within two (2) hours.

(c) Identification/Authentication to ensure that externals to the software are who and what they say they are;

(d) Authorization to ensure individuals or authenticated externals have access to specific data and system components if, and only if, they have been explicitly authorized to do so by a properly appointed entity; Immunity to ensure that the software is protected from infection by undesirable programs (e.g. computer viruses, worms, Trojans horses, etc.);

(e) Intrusion detection that specifies the extent to which an application or software component shall detect and record attempted access or modification by unauthorized individuals;

(f) No repudiation ensuring adequate tamper-proof records are maintained to prevent dispute of transactions taking place between authorized and authenticated parties;

(g) Privacy to ensure unauthorized individuals and external parties do not gain access to sensitive data and/or communications;

(h) System maintenance procedures that prevent authorized software modifications (e.g. defect fixes, enhancements, updates) from accidentally defeating its security mechanisms.

5.2.10 Training

Training is intended to achieve proficiency for MSC WIC staff, including State and Clinic staff, in working with the MIS, focusing on the implementation of new modifications to the system. While the majority of training for new employees is the role of the MSC State Office staff, it is the intent that MSC State Office staff will work with the Contractor to approach on-going training in a team approach. New system enhancements training shall provide detailed instruction on the use of new system enhancements and shall include an evaluation module to ensure that trainees achieve proficiency in the use of the enhancement. The Contractor shall work with the MSC WIC State Office staff to provide leadership when requested and/or provide suggestions in training activities if and when required based upon the needs identified by the MSC WIC training personnel.

5.2.10.1 Training - MSC Requirements(a) The Contractor must provide training material for new system enhancements and new State

Office and/or Local Clinic staff as requested. (b) The Contractor shall assist State Office staff in developing and/or maintaining the Training

and User documentation (Help files) to ensure it is current and reflects the current version of the production MIS.

(c) The training databases, materials and methods are to be kept up-to-date (i.e. updating with new versions of Client Services and reflect current versions of Central Office applications)

5.2.11 External Interfaces

The external interfaces include all actions required for the transference of data between the central MSC WIC databases and external agencies.

5.2.11.1 External Interface - MSC Requirements(a) The Contractor shall transfer data to external entities


(i) Interfaces include, but are not limited to:1. Contracted FI Processing Contractor (daily)2. Food manufacturers addressing rebate data files (monthly)3. Immunizations Program status for Kansas WIC clients (KS WebIZ) (daily)4. USDA/FNS consisting of various reports (biennially) 5. Other states relating to Dual Participation (quarterly)6. Other external interfaces as become identified

(b) Ability to access data using open standards access drivers (please specify supported versions in the comments field).

(c) The system software adheres to open standards and is not proprietary.(d) The database platform adheres to open standards.(e) The Solution must comply with Open Standards as specified in RSA 21-R:10 and 21-R:13,

including but not limited to Open Data Formats.(f) Web-based compatible and in conformance with the following W3C standards:

(i) XHTML 1.0(ii) CSS 2.1(iii) XML 1.0 (fourth edition)

5.3 Disaster RecoveryThe Contractor shall provide extensive disaster recovery procedures capable of assuring system availability requirements. The disaster recovery has to address local clinics, each WIC State Office and Help Desk operations.

5.3.1 Disaster Recovery - New Hampshire Requirements

(a) The Contractor shall have in place adequate disaster recovery procedures which shall be approved by the State of New Hampshire.

(b) The Contractor shall have documented disaster recovery plans that address the recovery of lost New Hampshire data as well as their own. Systems shall be architected to meet the defined recovery needs.

(c) The disaster recovery plan shall identify appropriate methods for procuring additional hardware in the event of a component failure. In most instances, systems shall offer a level of redundancy so the loss of a drive or power supply shall not be sufficient to terminate services however, these failed components shall have to be replaced.

(d) The Contractor shall adhere to a defined and documented back-up schedule and procedure.(e) Back-up copies of data are made for the purpose of facilitating a restore of the data in the

event of data loss or System failure.(f) Scheduled backups of all servers must be completed regularly. At a minimum, servers shall

be backed up nightly, with one daily, one weekly, and one monthly backup stored in a secure location to assure data recovery in the event of disaster. Provide details in narrative regarding hosting software. New Hampshire standard is Bluehost.

(g) The minimum acceptable frequency is differential backup daily, and complete backup weekly.

(h) Tapes or other back-up media tapes must be securely transferred from the site to another secure location to avoid complete data loss with the loss of a facility.

(i) If State data is personally identifiable, data must be encrypted in the operation environment and on backup tapes.

5.3.2 Disaster Recovery - Kansas and ITCA Requirements


(a) The disaster recovery plan shall identify appropriate methods for procuring additional hardware in the event of a component failure. In most instances, systems shall offer a level of redundancy so the loss of a drive or power supply shall not be sufficient to terminate services however, these failed components shall have to be replaced.

(b) Data recovery – In the event that recovery back to the last backup is not sufficient to recover program data, the contractor shall employ the use of database logs in addition to backup media in the restoration of the database(s) to afford a much closer to real-time recovery. To do this, logs must be moved off the volume containing the database with a frequency to match the business needs.

(c) The Contractor shall perform testing and verification of disaster recovery procedures as part of the inspection task, validating the functionality of the procedures for the local clinics, State Office, Contractor offices and Help Desk.

5.4 Task Orders A Task Order is the mechanism by which the MSC and the Contractor mutually agree upon the delivery of, and payment for, Services and Deliverables outside of normal maintenance and operations hours. Task Orders normally result in the need for additional funding beyond the base Maintenance and Operations contractual service costs. The Task Order is to be signed by the MSC Directors and an officer of the Contractor (an individual that can commit accountability and sign legal documents for the Contractor). The contractor shall submit to the MSC a firm cost proposal for the requested task order. Any task order and associated cost adjustments to the contract must be agreed upon by the parties by amending the respective contract.

Examples of when a task order would be required may include, but are not limited to, new reporting capabilities, new screens, and new functionality. The Contractor shall provide Project Management and Application Enhancement Support. This shall include solution enhancement support to enable the MSC MIS to further automate and refine business processes, and improve the achievement of operational business objectives. In addition to project management, code development, and database updates, this support also includes producing documentation including, but not limited to scope and approach, project plans, application and system design, functional requirements, test plans, test cases, user’s help guide within the application, and user acceptance with sign-offs. These task orders shall be designed, developed, tested and implemented on a schedule determined by the MSC Project Manager (or designee) following consultation with the Contractor. The Contractor shall provide documented test results and updated system documentation prior to implementation of the change.

If, in the opinion of the MSC Project Manager (or designee), it appears likely that Contractor shall not complete a Task Order in accordance with the time parameters mutually agreed upon, and if such failure to timely complete the tasks fulfill both of the following conditions:

A) Due to circumstances deemed to be the sole fault of Contractor, and/orB) Adversely impacts the project work schedule as a whole,

5.4.1 Submitting Task Order - MSC Requirements

(a) The MSC or a specific MSC Program (or designee), name, mailing address, physical address, telephone number, facsimile number and billing address. Unless explicitly indicated in writing within the Task Order, the party responsible for acceptance of the Services or Deliverables under the Task Order shall be the party responsible for payment.

(b) The Task Order must include the name of the MSC Project Manager (or designee) requesting the Task Order and the name(s) of any other person(s) who may be contacted during any


phase of the performance of work related to the Task Order(c) The Task Order must include a detailed analysis of the desired result, problem, or task(d) The Task Order must include a detailed work plan to be utilized in order to complete the Task

Order (e) The Task Order must include a list of possible impact(s) the work plan may have on other

Services or Deliverables to be or being provided by the Contractor(f) The Task Order must include starting and completion time frames for start and completion of

the work(g) The Task Order must include total person hours to be expended by personnel classification, if

applicable(h) The Task Order must include the desired result to be achieved(i) The Task Order must include the name of the MSC individual responsible for acceptance of

the specific Deliverables, Services and payment of associated invoices(j) The Task Order must include the precise, mutually agreed “not to exceed” cost to the MSC or

the requesting WIC Program.(k) The Task Order must include the work plan or its reference to be followed during the Task

Order performance(l) The Task Order must include the payment schedule or its reference applicable to each

Deliverable or Service(m) The Task Order must include precise and specific criteria for acceptance of Deliverables and

Services;(n) The Task Order must include a line providing for signatures of, and the date signed by the

Contractor, the MSC Project Manager (or designee) and/or WIC Program Director, authorizing work under the Task Order; and(i) The Task Order must include A line provided for each Programs signature to indicate

explicit acknowledgment, verifying that no terms regarding acceptance criteria, nor time for performance, nor the cost to the MSC or requesting WIC Program, nor Services, nor Deliverables, nor the work plan may be changed or altered in any way without the agreement of all signatories to the Task Order

5.4.2 Pricing Task Orders - MSC Requirements

(a) Pricing for services and deliverables for a Task Order negotiated by each MSC Director, MSC Project Manager (or designee), and the Contractor in the execution of this Contract shall be considered a “not to exceed” price.

(b) Task order pricing shall not include the costs associated with existing personnel identified as a System Maintenance Contractor resource assigned to this Operations and Maintenance Contract.

5.4.3 Invoicing Task Orders - MSC Requirements

(a) The Contractor shall provide the MSC Project Manager (or designee) and originating WIC Program Director with invoices for each respective Task Order and shall not include Task Order invoices as part of the monthly Operations and Maintenance invoice.

(b) Each Task Order invoice shall include a section detailing amounts billed for completed deliverables supported by timesheets of each individual working on the Task Order showing time used by task.

(c) The invoice shall identify the Task Order by number and descriptive title.(d) Task Order invoices shall be for progress payments and shall include other appropriate

support documentation as necessary.


5.5 Help DeskHelp Desk services are critical to the MSC MIS. It is a central source of information and assistance for all users. The Contractor must operate a Help Desk providing direct or assisting Local Agency IT support, technical application software support and hardware support to all end users involved with the WIC Program. Each State Program requires the Contractor to provide Help Desk support to MSC State Office users and all clinic personnel who use of the system.

5.5.1 Hours of Operations

The Help Desk provides services to all state programs which encompass four (4) time zones. 8am – 5:30pm Eastern Time – New Hampshire WIC Program7am – 6pm Central Time – Kansas WIC Program7am – 5pm Mountain Time – Kansas WIC Program (3 Kansas clinics operate in MT)7am – 7pm Arizona Time – ITCA WIC Program (Phoenix, AZ)

Every year, each Program shall forward their Holiday schedule. Help Desk services must be available on all days that each State Agency is open for business.

5.5.1.1 Help Desk - MSC Requirements(a) Help Desk services must be available at all times during system operation periods to assure

same day response to system problems as they occur. (b) The Contractor must provide sufficient documentation and reference materials to support

Help Desk activities. The Contractor Help Desk assumes all technical support duties and responsibilities.

(c) The Contractor shall be responsible for providing and configuring the necessary equipment and software to allow prompt diagnosis, tracking and resolution of problems.

(d) Remote access software for diagnosing operating difficulties is required for Help Desk use.(e) Provide a resolution of any question or problem associated with the system including

hardware, application software, operating system(s) and WIC specific applications.(f) Provide immediate responses to system or equipment failures at any MSC State Office and

WIC clinic sites (the MSC WIC State Offices or the clinics may prefer to address technical issues by their own IT Support Staff).(i) In instances where the local clinic’s IT are involved, the Help Desk shall work with local

IT staff in the tracking and resolving issues. Issues may include the addressing of hardware, supporting software, communications, etc. (non-MSC MIS application issues).

(g) Track and document all calls and provide responses to telephone inquiries from a State Office or clinics when users experience difficulties in operating a MIS application. All Program policy questions shall be referred to the appropriate state office.

(h) Calls involving an applicant or participant for whom the staff is unable to certify or issue food instruments shall be given priority handling.

(i) Calls must be answered within 4 rings.(j) Callers may not be put on hold for more than 3 minutes and calls requiring research must be

returned within 4 hours.(k) Provide reports to each State Agency detailing calls received. Including numbers of calls

responded or not responded in a timely manner.


5.6 Local Clinic Network SupportThe Contractor shall provide the Local Clinics support and shall cooperate with Local Clinic technical support staff to analyze, identify, and resolve problems when required.

This cooperation includes, but is not limited to; providing assistance in the form of services and/or contracted assistance related to the installation, maintenance and administration of the system networks, setting up a configuration or coordinating a configuration setup, assist with installing, or coordinating the installation of any new Local Area Networks (LANs) required for Local Clinics, and the providing assistance in the maintenance and support for all LANs employed by the system.

At a minimum, the MIS should support the following client configuration: Pentium 4, 630/3.0GHz PC, Microsoft Windows 7 or later, Internet Explorer 8, and 128 bit encryption.

5.6.1 Local Clinic Network Support – New Hampshire Requirements

(a) The Contractor shall be required to provide on-site services via a subcontract with a New Hampshire based company.

5.6.2 Local Clinic Network Support - MSC Requirements

(a) The Contractor may be required to determine needs and work tasks with the Local Clinic IT staff to facilitate the correction of faulty installations

(b) The Contractor must work directly with Local Clinic IT staff, when installing new LANs, or in rare instances, take the responsibility for installing and configuring, (or coordinate the installation and configuration), all third party software on the Local Clinics computers.

(c) At a minimum, the System should support this client configuration; Pentium 4, 630/3.0GHz PC, Microsoft Windows 7, Internet Explorer 8, and 128 bit encryption.

5.7 Communication Plan (Reports and Meetings) The Contractor must adhere to the MSC Communication Plan as determined by the MSC. See Attachment B for the MSC Communication Plan. The MSC Communication Plan includes events such as status reports and conference calls. The MSC Communication Plan includes all applicable entities, including each State, the Contractor, and any subcontractors. The MSC has a SharePoint site established that is used as by each member of the MSC and the Contractor as a document repository for all Task Orders, Status reports, meeting notes and system documentation.

The Contractor may be required to attend and participate biannual meetings at a time and location to be designated by the MSC. The purpose of these meetings may be to review plans, project status, and/or to provide presentations to interested groups and/or stakeholders describing aspects of the MSC MIS and status of any work currently being addressed. In addition, The Contractor must provide access to all of the Contractor’s facilities and staff for MSC Agency personnel, and appropriate Federal agencies and auditors for periodic visits to monitor, assess and evaluate Contractor’s development and testing process.

5.7.1 Communication Plan (Reports and Meetings) - MSC Requirements


(a) The Contractor shall adhere to the MSC Communication Plan protocol.(b) The Contractor may be required to work with a third party contractor related to the

maintenance of FI inventory. This involves communications from the Contractor Help Desk to the third party contractor regarding the disbursement of FI to the Local Clinics.

(c) The Contractor may be required to attend and participate in biannual meetings at a time and location to be designated by the MSC.

5.8 Service Level Agreement (SLA) The SLA provides a common understanding about services, priorities, responsibilities, guarantees, and warranties. Each area of service scope should have the "level of service" defined for each State Agency and be in a format easily read non technical by MSC staff. An example SLA is appended as RFP Attachment C.

5.8.1 Areas of Service

The areas of service should include but are not limited to: Operations Services Maintenance Services Help Desk Disaster Recovery Performance Tracking and Reporting Responsibilities

5.8.1.1 Service Level Agreement - MSC Requirements(a) The contractor shall write and submit a SLA to each State Program annually. (b) The SLA will be reviewed and approved annually.(c) The Contractor’s system support and maintenance shall commence upon the Effective Date

and extend through the end of the Contract term, and any extensions thereof. (d) Maintain the hardware and Software in accordance with the Specifications, terms, and

requirements of the Contract, including providing, upgrades and fixes as required.(e) Repair or replace the hardware or Software, or any portion thereof, so that the System

operates in accordance with the Specifications, terms, and requirements of the Contract.(f) The State shall have unlimited access, via phone or Email, to the Contractor technical support

staff during normal business hours.

5.9 System DocumentationThe Contractor is required to maintain, update, and keep current complete documentation of program changes, process changes, operations changes, user manuals, etc., and updates to existing applications and documentation for systems developed and implemented by the Contractor, which support the production application(s). Due to the recent conversion to .NET, the system documentation went through extensive review and updating process.

Examples of the Entity Relationship Diagrams (ERD), DB table listings, data dictionary, functional design, and technical design of the overall documentation is presented in Attachment D. Documents for future development shall include data flow activity and sequence diagrams. The Contractor may continue to use the existing documentation format.

5.9.1 System Documentation - MSC Requirements


a) Documentation must be delivered in electronic searchable format, unless otherwise requested. The documentation must be updated based on timeframes determined by the MSC.

b) The Contractor must version control all documentation which allows readers’ to identify the latest version of a document.

c) The Contractor must maintain up to date documentation for each release. The media for these revisions, updates, and modifications shall be in a format easily readable by MSC staff.

d) Source Code: The Contractor must update source code as revisions are made and submit copy of the source code and the standard change control documentation as requested by each State Program. The history is to include the date of the change, author of the change, and a description as to why and where the change was made.

e) Release Notes: The Contractor must provide release notes that include the enhancement or defect tracking number, a short description/title, and a comprehensive description of the issue and its resolution.

f) The Contractor must maintain the data dictionaryg) The Contractor must update training documentation to reflect the changes, modifications

and/or enhancements to the application.h) All user, technical, and System Documentation as well as Project Schedules, plans, status

reports, and correspondence must be maintained as project documentation.

5.10 Contractor Staffing LevelsThe Contractor shall provide appropriate staffing levels to meet the needs of the MSC. Minimum key personnel are identified below. The Contractor shall provide those individuals accepted by the MSC Project Manager (or designee) as key personnel throughout the Contract term. The MSC Project Manager (or designee) may request time sheets for a reporting period for any specific individual, and/or all staff supporting the MSC MIS for any period prior to the current week.

5.10.1 Key Personnel Qualifications

Position Role Minimum Required ExperienceCorporate Officer in Charge

Legal responsibility for contract performance and liabilities

Project Manager Serve as single point of contract with MSC

2 years of Project Management experience

Sr. Network Analyst Daily operation of the system 5 years in operation and maintenance of large-scale networks supporting distributed data systems utilizing network hardware and software employed by the system

Database or Data Administrator

Daily operation of the system Administration and maintenance of

relational databases within a management information system

Manage hardware/software configurations

3 years in the design and database support of similar computer systems

Quality Assurance Specialist

Test all software changes Document all testing results Assist in developing training

2 years of Quality Assurance experience


Position Role Minimum Required Experiencedocumentation

Technical Writer Develop scope documents and update of system documentation, including design documents and on-line help

2 years of technical writing experience

Help Desk Lead (Manager)

Primary contact for help desk calls Lead help desk support team Ensure calls are resolved in a reasonable

timeframe

2 years of help desk experience

5.10.1.1Contractor Staffing Levels - MSC Requirements(a) The Contractor shall ensure that key personnel meet the qualifications identified in this RFP.

Each person assigned to work on the MSC MIS and related systems is required to submit to the MSC Project Manager (or designee) a signed Confidentiality Agreement prior to starting work.

(b) Any substitution of proposed staff or staffing required must have the same or better qualifications and be approved by the MSC Project Manager (or designee).

(c) The Contractor shall provide name and resumes for the key personnel.(d) The Contractor staff identified may not be assigned to non-MSC MIS related activities

without prior approval from the MSC Project Manager (or designee). (e) The Contractor shall reduce the Monthly Maintenance and Operations invoice for staff hours

spent on work for other Contractor clients and/or projects. (f) The Contractor must provide a detailed staffing plan for each State Program including a

description of staff level, FTE and a listing of staff competencies and skills for system operations. Proposals submitted for the Contractor operation which do not identify staff with appropriate experience as described above shall be rejected as non-responsive and unqualified.

5.11 Transition to a New Contractor The new Contractor shall receive an up-to-date operations manual. This manual includes directions for all operations processing, including daily banking exchange with the WIC check processing contractor, standard daily tasks like reviewing the synchronization report, clinic data extracts, and end of month summarization processes. During the on-the-job training, the new Contractor shall make updates the Operations Manual.

The contract start date for the new Contractor is May 1, 2014. The transition period moving from the incumbent Contractor to the new Contractor is a 3 month period from May 1, 2014 to July 31, 2014. The cutover date, which is July 1, 2014, is the date that the new Contractor assumes full responsibility for the MSC system and begins performing all work according to contract. The cutover date is one (1) month prior to the incumbent Contractor’s contract end date. The incumbent Contractor shall be available for questions and assistance until the expiration of their current Maintenance and Operation contract.

During the 3 month transition period, Contractor staff shall not be fully responsible for maintaining the system. Therefore, the first two months should be bid separately, as this is a transitional period when the Contractor shall learn and develop the processes and procedures to fully maintain the MSC system.

The Contractor shall assume full responsibility for all monitoring, maintenance and upgrade tasks under the MSC Project Manager (or designee) and/or MSC Directors on June 1, 2014. The Contractor shall validate the current schedules of the activities and tasks which occur on a recurring basis, ensuring the


production environment is fully functional and performing as specified. The Contractor shall need to work with the MSC State IT staff, including KDHE-IT, NH-IT and ITCA-IT and the incumbent Contractor to define the procedures established which are currently being performed.

5.11.1 Startup activities

A Kickoff Meeting shall be held with the Contractor’s key staff, the incumbent Contractor’s key staff, MSC Directors, MSC Project Manager (or designee) and appropriate MSC State staff within one (1) week of contract start to address the details for all support issues and identify issues which may need resolution.

Establish support resources and ensure all resources necessary to execute contract deliverables are in place and fully operational.

The kickoff meeting shall identify steps required for the Contractor to obtain the knowledge of the current system operations, the computer programs, the ASA Sybase structure with the stored procedures, and other support tools which currently exist.

5.11.1.1 Transition to a New Contractor - MSC Requirements(a) Two-months prior to the cutover date (July 1, 2014), the Contractor should have on staff a

Database Administrator (DBA) and Network Administrator. The incumbent contractor is to provide a one month or longer orientation with the Contractor to review the Database Administrator and Network Administrator operations and disaster recovery procedures. The Contractor shall have their DBA work side by side with the incumbent Contractor’s Database Administrator for up to four weeks prior to cutover. This on-the-job training needs to include a month-end close out process.

(b) Transfer of State hardware used for testing (desktops, laptops, scanners, printers, signature pads, peripherals, etc.)

(c) Preservation and protection of the data prior to and during the physical move of the server(s) with full restoration afterward.

(d) Formal testing of the System following its physical move including full functionality

5.11.1.2 Transition to a New Contractor – New Hampshire Requirements(a) By June 30, the Central Host Site hardware shall be transferred to the new site by the new

Contractor.(b) Preparation of the hosting facility including bandwidth capability sufficient to ensure

transmission and response times required in this solicitation. (c) The Contractor shall submit a finalized Work Plan within ten (10) days after Contract award

and approval by Governor and Council. The Work Plan shall include, without limitation, a detailed description of the Schedule, tasks, Deliverables, critical events, task dependencies, and payment Schedule. The plan shall be updated no less than every two weeks.

5.11.2 Resources the MSC Will Make Available

The MSC will assign a full-time Project Manager (State of Kansas employee) and Program Analyst (State of Kansas employee) during the life of the Maintenance and Operations of the MSC MIS contract. In addition, MSC WIC staff will be available for meetings, including preparation time, detailed design phase of a maintenance item and/or task order. There will be WIC program staff, both from the State Office and local clinics available for addressing issues that may arise and for addressing maintenance and future task orders.


5.12 Contract Duration

For a new contractor, the anticipated start of the initiation of services under the contract resulting from this RFP is May 1, 2014 to account for a transition period if needed. The duration of this initial contract will be five (5) years and two months (includes 2 months at the end of the contract in order for the contract to end June 30, which is the state’s fiscal year end) with optional three (3) year extensions. Responders should propose needed resources to satisfy the defined service needs, deliverables, activities, and timeframes for the initial contract period, and separately, for the extended contract period.

In the event that a transition period is not needed, the contract resulting this RFP will commence on July 1, 2014. In the state of New Hampshire, this is pending approval from Governor and Council.

After the initial contract period, the MSC may choose to extend the contract for any or all of the main functions described in this RFP. The MSC is not obligated to extend the contract past the initial contract period for any of the components. The MSC, at its discretion, may terminate the contract at any time, with or without cause, upon 30 days’ written notice to the Contractor. The form of communication may include email or facsimile medium.

5.13 Operations and Maintenance Invoicing

The contract will list the annual fixed price maximum however; billing will be monthly based on actual hours worked on system maintenance and operations. The Contractor shall prepare one monthly invoice that details the hours worked for base operations and maintenance services applicable to all three members of the consortium. The invoice shall also list separately amount billed for individual state services (e.g. New Hampshire Hosting). The one monthly invoice shall be sent to all three states. Each state will individually pay for their portion of the invoice. The Monthly Status Report must accompany the invoice. Timesheets for the invoice time-period are to be provided to each Program upon request.

Task Orders will be invoiced separately.

5.14 Glossary

This section contains definitions that are used throughout this procurement document, including appropriate abbreviations.

“Applied Hours” means an hour of direct labor capable of exact quantitative measurement performed by IT personnel engaged in creating and/or regulating the technical activities of the contract.

"Bidder" is any person, corporation, or partnership who chooses to submit a proposal.

"Bug" is an error, flaw, mistake, failure, or fault in a computer program that prevents it from behaving as intended (e.g., producing an incorrect result)

"CDC" stands for the Center for Disease Control


"Committee Report" means a report prepared by the Procurement Manager and the Procurement Negotiating Committee for submission to the Director of Purchases for contract award that contains all written determinations resulting from the conduct of a procurement requiring the evaluation of competitive sealed proposals.

"Committee" means the Procurement Negotiating Committee

"Contract" means an agreement for the procurement of items of tangible personal property or services.

"Contractor" shall mean successful bidder.

"Desirable" The terms "may", "can", "should", "preferably", or "prefers" identify a desirable or discretionary item or factor.

"Determination" means the written documentation of a decision of a Procurement Manager including findings of fact required to support a decision. A determination becomes part of the procurement file to which it pertains.

"Director of Purchases" or "DOP" means the purchasing agent for the State of Kansas or a designated representative.

“Enhancement” is any improvement(s) made to a software package and/or hardware device(s) as part of a new version. The term is also used to distinguish an improvement of an existing product capability transforming to a totally new capability. After an enhancement has been completed and approved by the MSC, continued monitoring falls under the auspices of maintenance

"Finalist" is defined as a bidder who meets all the mandatory specifications of the Request for Proposals and whose score on evaluation factors is sufficiently high to qualify that bidder for further consideration by the Procurement Negotiating Committee.

"FNS" means the Food and Nutrition Services, part of the US Department of Agriculture.

“Integration” is defined as a seamless sharing of client data (from the system user’s perspective), through a common user interface.

"Maintenance" is defined as the normal day-to-day system processing operations. Maintenance includes; but, is not limited to the following responsibilities:

-Daily upload, downloads, and nightly transmissions -Updates to existing fields/tables -Assuring the correct selection and plotting of growth and prenatal grids -Correct data producing erroneous caseload stats -Updating/correcting inventory thresholds per MSC written request -All central system processing -All service site system processing -Minor programming changes to the MSC MIS Applications -Correcting system errors to meet specifications -Assuring correct syntax for reporting purposes -Correction of errors and omissions and, -Correction of system "bugs"


"Mandatory" is also defined with the terms "must", "shall", "will", "is required", or "are required" all identify a mandatory item or factor. Failure to meet a mandatory item or factor will result in the rejection of the bidder’s proposal.

"Modification" is defined as a request for a change to an existing specification in the system based upon USDA recommendations, requirements and regulations and/or KDHE regulations, guidelines and mandates. Once a modification has been completed and approved by KDHE-WIC, its’ continued monitoring falls under the auspices of maintenance.

“MSC” The State of Kansas, ITCA and the State of New Hampshire WIC Programs have a Cooperative Agreement that was executed in 2009, creating the Multi-State Consortium (MSC), in order to maximize efficiencies regarding joint design, development and implementation of changes to their respective Management Information Systems (MIS)

"Procurement Negotiating Committee" (PNC) means a body appointed by KDHE management to perform the evaluation of offeror proposals and negotiate the contract pursuant to K.S.A. 75-37 102.

"Procurement Manager" means the person or designee authorized by the Agency to manage or administer a procurement requiring the evaluation of competitive sealed proposals.

"Purchase Order" means the document which directs a contractor to deliver items of tangible personal property or services pursuant to an existing contract.

"Request for Proposals" or "RFP" means all documents, including those attached or incorporated by reference, used for soliciting proposals.

"Responsible Bidder" means an offeror who submits a responsive proposal and who has furnished, when required, information and data to prove that their financial resources, production or service facilities, personnel, service reputation and experience are adequate to make satisfactory delivery of the services or items of tangible personal property described in the proposal.

"Responsive Offer" or "Responsive Proposal" means an offer or proposal, which conforms in all material respects to the requirements set forth in the Request for Proposals. Material respects of a Request for Proposals include, but are not limited to, price, quality, quantity or delivery requirements.

“Software Maintenance” means the modification of software to correct faults, to improve performance, or to adapt the software to a changed environment or changed requirements.

“Software Bug” means the modification of software to correct faults, to improve performance, or to adapt the software to a changed environment or changed requirements.

“System Enhancements” means the modification of software, hardware, and/or communications to correct faults, improve performance, or to adapt software, hardware, and/or communications to a changed environment and/or changed requirements.

“Task Order” is an order for services placed against an established contract. It often is a supplementary contractual and obligating document that usually includes task description, is required for all new proposed tasks, and should logically define the process for accomplishing the work requested of the contractor, including all the necessary details the contractor shall need to successfully complete the project. A task order is for a piece of work to be done which shall normally be tracked and reported as a

http://www.businessdictionary.com/definition/task-description.html

http://www.businessdictionary.com/definition/document.html


project or sub-project. They cannot be accomplished with the assigned Maintenance and Operations personnel, and may require additional funding.

“Transition Period” is moving from the incumbent Contractor to the new Contractor is a 3 month period from May 1, 2014 to July 31, 2014. The cutover date, which is July 1, 2014, is the date that the new Contractor assumes full responsibility for the MSC system and begins performing all work according to contract.

"WIC Application” means a software application for management of WIC Program activities which utilizes Relational Database Technology, a Client/Server Network with a Graphical User Interface, Open Architecture Design, a Configurable Data Replication Manager (or some similar upload and download database tool), and is currently in use at a United States WIC Local/State Agency.

5.15 Response Requirements

Bidders must use RFP Attached E response to Section 5 of this RFP. All requirements listed in sections 5.2 through 5.12 are on the spreadsheet in the appropriate sections. Instructions are as follows:Response Column:Place a “Yes” if the current release of the software can fully support ALL the functionality described in the row, without special customization. A “Yes” can only be used if the delivery method is Standard (see delivery method instructions below) A "No" can only be used with delivery method Future, Custom, or Not Available/Not Proposing (see delivery method instructions below).

Delivery Method Column:Complete the delivery method using a Standard, Future, Custom, or Not Available/Not Proposing (as defined below) that indicates how the requirement shall be delivered.

Standard - Feature/Function is included in the proposed system and available in the current software release.

Future - Feature/Function shall be available in a future release. (Provide anticipated delivery date, version, and service release in the comment area.)

Custom - Feature/Function can be provided with custom modifications. (Respondent must provide estimated hours and average billing rate or flat cost for the software modification in the comment area. These cost estimates should add up to the total cost for software modifications found in the cost summary table in Section X of the RFP).

Not Available/Not Proposing - Feature/Function has not been proposed by the Contractor. (Provide brief description of why this functionality was not proposed.)

Comments Column:For all Delivery Method responses other than standard (Future, Custom, or Not Available/Not Proposing) Contractors must provide a brief explanation. Free form text can be entered into this column.

5.16 Proposal Evaluation Process

5.16.1 Rights of the MSC in Evaluating Proposals


The MSC reserves the right to:a. Consider any source of information in evaluating Proposals.b. Omit any planned evaluation step if, in the State’s view, the step is not needed.c. At its sole discretion, reject any and all Proposals at any time.d. Open Contract discussions with the second highest scoring Vendor if the State is unable

to reach an agreement on Contract terms with the highest scoring Vendor.

5.16.2 Proposal Evaluations

The MSC plans to use the following process: Initial screening. Preliminary evaluation of the Proposals and reference checks. Oral interviews and product demonstrations. Best and Final Offer (BAFO), if appropriate. Final evaluation of Proposals.

5.16.2.1 Initial Screening The MSC will conduct an initial screening step to verify Bidder compliance with submission requirements and to confirm that the Proposal satisfies the following:

Submission requirements addressed in RFP Section 2: Proposal Response. Agreement to the State’s Terms and Conditions and provisions as defined in the

RFP, without exception.

A Proposal that fails to satisfy submission requirements may be rejected without further consideration.

5.16.2.2 Preliminary Evaluation of Proposals and Reference ChecksThe MSC will establish an evaluation team to evaluate Proposals and conduct reference checks. This team shall consist of:

Kansas Department of Health and Environment, Nutrition & WIC Services Section – two (2) representatives

New Hampshire Department of Health and Human Services, Healthy Eating & Physical Activity Section – two (2) representatives

Inter Tribal Council of Arizona – one (1) representative

5.16.3 Evaluation Criteria

The State will select a Contractor based upon the criteria and standards contained in this RFP. Oral interviews, presentations, and reference checks may be used to refine and finalize preliminary evaluations. Key aspects to be evaluated are described below.

5.16.3.1 Security and Protection of DataTopic 1: System Security for a Hosted Environment - The MSC will evaluate the degree to

which System issues can be avoided.


Topic 2: Backup and Recovery - The MSC will evaluate the degree to which proposed backup and recovery processes in the hosted environment protect mission-critical Data, ease of use of these processes, and impact of these processes on operation of the System.

Topic 3: Assurance of Hosting Continuity - The MSC will evaluate the degree to which the plan proposed to assure business continuity mitigates risk in the hosted environment.

Topic 4: Archiving - The MSC will evaluate the degree to which the proposed archiving and retrieval scheme balances response time, or offline and online processing with the value of accessing historical Data.

5.16.3.2 Compatibility with MSC PersonnelTopic 5: Technical Knowledge Transfer - The MSC will evaluate whether the technical

knowledge transfer described in the proposal will prepare MSC staff to accept responsibility for their role in maintaining the System.

5.16.3.3 Project Execution (Transition and Testing)Topic 6: Transition Plan - In the event a new support vendor is selected the MSC will require

a Transition Plan. The MSC will evaluate the quality of analysis, reasonableness, and flexibility evident in the proposed Transition Plan.

Topic 7: Testing - In the event that enhancements, modifications, updates and defect corrections are made in the system the testing process will apply. The MSC will evaluate the quality of support the Vendor will supply to assist State testing staff and the effectiveness of the proposed Defect tracking and resolution process.

5.16.3.4 Project Management CompetenceTopic 8: System Acceptance Criteria - In the event that a new vendor is selected, the MSC

anticipates that the New Hampshire system will be transitioned to a new environment. The MSC will evaluate whether proposed Acceptance criteria will assure the MSC System is functioning correctly before being turned over to the new environment.

Topic 9: Work Plan and SLA - Each vendor shall provide a preliminary Service Level Agreement (SLA) in response to this RFP for the Maintenance and Operation phase of the contract that addresses the needs of the MSC. In the event there is a transition to a new vendor, the vendor shall also submit a preliminary transitional work plan with their proposal. We are looking for a table with tasks and dates of the transition period. The MSC will evaluate whether the Vendor’s preliminary proposed SLA and Work Plan includes a description of the Schedule, tasks, Deliverables, major milestones, task dependencies, and a payment schedule. The SLA/Work Plan shall also address resource allocations (both MSC and Vendor team members). This narrative should reflect current Project management “best practices” and be consistent with narratives on other topics. The software to be used to support the ongoing management of the Project should also be described in the SLA/Work Plan.

5.16.3.5 Ongoing Operations

Topic 10: Hosted System - The MSC will evaluate the degree to which the hosted Environment will suit the needs of its members.

Topic 11: Help Desk Support - The MSC will evaluate the degree to which the Vendor shall absorb demand for help desk support upon Execution of the new Contract.

Topic 12: Support and Maintenance - The MSC will evaluate whether the Vendor’s proposed support and maintenance plan includes a description of the types and


frequency of support, detailed maintenance tasks – including scheduled maintenance and upgrades, and any other dependencies for on-going support and maintenance of the system. This narrative should reflect current “best practices” for these tasks.