Claims Search System

The Vendor is required to provide access to a hosted system of claims for internal claims department investigation purposes.
- The system should include the following claim types: auto, general liability, property, and worker's compensation.
- The system must have the ability to be searched by social security numbers. 
- Claimant data that is submitted must be able to lead to a comprehensive "match report" encompassing claimants' complete history across casualty, property, workers comp, including auto, property, and bodily injury claims.
- System include:
•    The system shall maintain an audit trail of all activity and data changes by users, including deletes, and generate audit logs.
•    The system shall provide reporting capability to query for audit log records matching specific criteria (e.g., audit logs for a specific user between certain dates).
•    The system shall provide configurable audit logging on transactions and activities a user may perform.
•    The system shall, at a minimum, include the following attributes for each audit log record: IP address, user account id, date/time stamp, event source, device/browser information, the outcome of an event (success or failure), and any other supplemental information related to the event.
•    The system shall provide the ability to send notifications (e.g., email, text) based on configurable audit log activity (e.g., total system storage exceeds a certain threshold).  Please describe how your software supports this requirement.
•    The system shall only allow authorized users to access the audit trail and prevents unauthorized purging of data.
•    The system shall provide user level and task level auditing (e.g., ip, date/time, user id, task, and outcome)
•    The system shall provide the ability to prompt the user to set up any security questions/answers to assist with authentication.
•    The system shall prevent robot access to the public portal (e.g. creating accounts, conducting searches, etc.) Using capabilities such as captcha.
•    The system shall support different policy and procedures for handling login issues (e.g., automatically inform the customer to reset the password after a certain number of incorrect attempts).
•    The system shall provide minimal error information in the event of authentication failure (e.g., “login fail” instead of “user not found” or “password incorrect”).
•    The system shall provide a protective measure to prevent, detect, and log unauthorized attempts to access the system (e.g., # of invalid login attempts).
•    The system shall be able to encrypt data at rest or in-transit (e.g. Data classified as confidential shall be encrypted, etc.). Encryption should include, but not be limited to: bank account numbers, social security numbers and all confidential employee and vendor data.
•    The system shall have the ability to prevent, detect, and log unauthorized attempts to access information classified as sensitive or confidential data.
•    The system shall have mechanisms to prevent any sensitive licensee or work/permit-related information to be sent via email.
•    The system shall not store any private or sensitive data in the error logs (e.g., passwords).
•    The system shall use https for transport for all web services.
•    The system shall provide the ability to prevent changing or deletion of data in fields without appropriate pre-defined security
•    The system shall prevent purging of data until it has been archived. Only permitted with super user security and field must have full auditing.
•    The system shall not store database connection information, passwords, and any other sensitive credentials in plain text.
•    The system shall allow data to be classified as sensitive or confidential information.
•    The system shall provide the ability to mask input fields for sensitive or confidential information.
•    The system shall be able to lock data elements from modification based on workflow rules (e.g. upon final approval, application data cannot be modified).
•    The system shall provide the ability to dynamically and manually control (discontinue, interrupt, etc.) End-user access.
•    The system shall provide role based access (e.g. Based on unit, user type, etc.) To system functionality and data (e.g. Access documents, specific screens, specific fields, forms, templates) including view-access and change-access.
•    The system shall allow a user to have multiple roles, including individual security
•    The system shall be tightly integrated with the security and workflow modules to disable/enable the various type of users during various life-cycle stages of a project (e.g., disable applicants' "modification" access right on the "application" info once the application is officially submitted).
•    The system shall provide granular access control to different types of data records based on the following permissions: read, write, modify, delete
•    The system shall support department-specific administrators to manage department-specific user groups and user accounts.
•    The system shall be configured to assign tasks to a user or group of users based on security policies.
•    The system shall apply for security and access control permissions consistently on both desktop and mobile devices.
•    The system shall support digital electronic signatures and integration with electronic signature 3rd party software.
•    The system shall allow viewing of list of users logged on to system in real-time.
•    The system shall have the ability to support biometrics (e.g. Facial recognition) to log into the mobile applications.
•    The system shall detect and prevent unauthorized log-in attempts.
•    The system shall support user name changes (e.g., as a result of marriage, divorce, etc.)
•    The system shall allow an administrator to disable a user account.
•    The system shall use anti-virus software on servers to prevent the introduction of viruses and other forms of malicious code into the system environment.
•    The system shall virus scan all document attachments (through public and staff portals, and mobile applications) at the external firewall before it is saved as a temporary/permanent file on any servers.
•    The system shall be monitored and scanned for security vulnerabilities.
•    The system shall provide a catalog of all general and module-specific delivered reports.
•    The system shall support configurable dashboards that may be used to display analytics for different users or user groups (e.g., management, field staff, etc.).  
•    The system shall provide built-in ad-hoc reporting capabilities on all data elements.
•    The system shall provide the ability to create pre-defined reports on all data elements.
•    The system shall provide the ability to run reports within the system, with report parameters (e.g., reporting date range) included, and provide the ability to drill down into detailed data.  
•    The system shall provide a data dictionary annually and any updates as they occur.
•    The system should provide custom, ad hoc reporting capabilities via a user-friendly, native report builder
•    The system shall support role-based security for reporting
•    The system shall allow for a user to create custom reports with the ability to leverage the tables/views.
•    The system shall enable a structured change control process to be used to encapsulate, schedule and implement any changes across environments.
•    The system shall be able to provide granular configuration management to support releases containing only changed functionality.
•    The system shall provide the ability to identify configuration differences between two environments and migrate or sync environments (e.g., promote configurations from development to test environments).
•    The system shall apply business rules and configurations consistently on both desktop and mobile devices (defined once, enforced across all device platforms).
•    The system workflow shall be managed through the product’s business process flow tool that allows administrators to graphically create workflows.
•    The system configuration shall be manageable through a graphical user interface.
•    The system shall provide a configurable and extensible data model and user interfaces.
•    The system shall support keyboard shortcuts for common system actions, including but not limited to adding records, adding attachments and saving information
•    The system shall provide the ability for releases to be tested and deployed within a published and agreed release window
•    The system shall support tab sequencing of fields
•    The system shall provide the ability to convert multiple years of historical data with the help of tools, templates, accelerators, etc. To support required data mapping, field formats and other related information
•    The system logs system warnings and errors for all components and interfaces with adequate details to support defect resolution.
•    The system shall provide the canned reports such as error and exception reports, usage reports, etc.
•    The system shall provide configurable end-user error messages specifying field and error description when business validation rules are not met.
•    The system shall return generic error messages to the client, to avoid disclosure of sensitive information.
•    The system provides error-handling process and does not rely on internal server error handling process (e.g., IIS, windows OS).
•    The system shall log all errors that include severity, date/time, error description, and error codes.  Need the ability to have the clear system logs.
•    The system shall provide notifications (e.g., email, text, etc.) To assigned administrators for configurable severity error levels.
•    The system shall be supported 24x7x365.
•    The system shall be housed within a tier 4 data center.
•    The system must be housed in multiple, geographically diverse data centers within the continental country for all production and non-production environments, including disaster recovery.

- Contract Period/Term: 3 years
- Questions/Inquires Deadline: August 14, 2025