Self- Direction System

The vendor is required to provide that self- direction system for the provision, regulation, and oversight of services to state people with developmental disabilities.
- Agency provides services and supports directly and through a network of approximately 500 nonprofit service-providing agencies, with about 80% of services provided by the private nonprofits and 20% provided by state-run services.
- Provide a monthly report of vulnerability scan results of the department system environment and include the associated remediation plan in a format approved by department.
- Conduct annual penetration test using a third-party on the department solution.
- The penetration test plan shall be shared with department or its designee prior to testing for review and approval
- Facilitate annual incident response (IR) tabletop exercise with department.
- The IR tabletop plan shall be shared with department or its designee prior to testing for review and approval.
- Conduct annual disaster recover (DR) testing.
- The DR test plan shall be shared with department or its designee prior to testing for review and approval.
- The bidder shall provide the test results including lessons learned to department.
- An annual third-party risk assessment following the national institute of standards and technology (NIST) 800-30 methodology of the department system environment and provide results to department or its designee.
- Provide updated department workbooks to or its designee on an annual basis or upon any significant system change.
- Provide on an annual basis evidence of ongoing compliance.
- Maintain an ongoing list of all required corrective action resulting from such things as the annual penetration test, vulnerability scanning and risk assessment.
- If custom developed solution, provide department or its designee evidence annually of compliance with department top 10 and state its standard system development life cycle.
- Outstanding fi billing forms processing:
• The system shall list all submitted outstanding fi billing forms in a queue for central operations users to review, process, and approve or reject.
• Forms in progress cannot be accessed by another user until processing is complete.
• In-line approval/rejection for all forms or bulk selections.
• Queue management functionality for reviewing and processing forms.
• Concurrent user access control to prevent conflicts.
• Email notification capabilities for alerts.
- Billing component checks
• The system’s billing component must check against the five-year contract amount.
• Pause processing of forms if the contract amount is exceeded, displaying error messages, and sending email alerts.
• Automatic processing of paused forms when contract funds are increased.
• Automated checking against predefined contract limits.
• Error handling and email alerts for exceeded contract amounts.
• Automatic resumption of processing once the contract funds are adjusted.
- Remittance statements
• Auto-generate monthly remittance statements.
• Secure storage and access for viewing, exporting, and printing.
- Self-direction (SD) termination workflow
• Handle and process SD terminations, including the ability to submit and review termination forms.
• Display decision status and send notifications regarding termination decisions.
• Workflow management for termination processes.
• Status tracking
- DATA transformation
• data conversion and archive capabilities for existing SD budget requests and SD billing forms.
- Low-code platform
• The platform should support rapid development with minimal custom-coding.
• Provide drag-and-drop interfaces for creating workflows, forms, and reports.
• Integration capabilities with other systems preferably with and/or other real-time services.
- Cots product
• The product should be customizable to fit specific needs without extensive development.
• Offer additional modules and functionality that can be easily configured and integrated.
- Cloud deployment model
• The system must be hosted on a secure and scalable cloud platform
• Ensure compliance with relevant data protection regulations.
• Demonstrate a seamless experience for the end user with a desired average response time of 100 milliseconds or less to the end user.
• Preform full audit capabilities on all transactions
- Data Conversion:
• Current data assessment: conduct a thorough assessment of the existing data, including data quality, integrity, and compatibility with the new platform.
• Data mapping: Develop a detailed data mapping document that outlines the transformation rules and mappings from the old data structures to the new platform’s schema.
• Data conversion: Execute the data conversion process, ensuring accuracy and completeness; should include the following:
1. Extraction of data from the existing system.
2. Transformation of data according to the mapping document.
3. Loading of converted data into the new platform
- Load testing:
• Validate individual components of the data conversion process to ensure correctness.
• The entire data conversion process in a controlled environment to ensure that all data is accurately migrated and functional within the new platform.
• User acceptance testing (UAT): Facilitate UAT with designated stakeholders to confirm that the converted data meets business requirements and expectations.
• Data validation: Implement procedures for validating the integrity and quality of the converted data, including comparison reports between the source and target datasets.
- Knowledge transfer:
• System functionalities.
• Best practices for usage
• Troubleshooting common issues.
• Provide materials such as user manuals, FAQs, and video tutorials.
• Documentation shall be updated and stay current with the system for the life of the project using proper naming conventions and versioning.
• Provide virtual training sessions annually.
- Go live:
• Pre-launch testing and validation using lower environments before launching into production.
• The vendor must outline the process for ensuring appropriate data security as data is migrated. these security controls must strictly adhere to all applicable state department and state its policies, standards, and requirements. this includes insuring full compliance with all applicable regulatory requirements.
• User training sessions.
• Go live checklist and procedures to ensure the system in functioning as required.
- Ongoing support and maintenance:
• Helpdesk availability (hours, contact methods).
• Times for critical, high, medium, and low severity issues.
• Maintenance windows and communication protocols.
• Process for reporting and managing bugs or issues.
• Propose service level agreements (SLAS) that encompass:
1. Uptime guarantees for the system.
2. Support response times for different severity levels.
3. Remedies for failing to meet specified service levels.
- Contract Period/Term: 5 years
- Questions/Inquires Deadline: February 18,2025