Cloud Based Campus Card Solution

The Vendor is required to provide a comprehensive, cloud based campus card solution.
- Identity & Access Management
•    Integrate with institutional identity provider (e.g., LDAP, SAML, Azure AD, Shibboleth).
•    Enable single sign-on (SSO) for users.
•    Support multi-factor authentication (MFA) for secure access.
•    Role-based access controls for system administrators and users.
- Card Issuance, Management, and Acceptance
•    Support digital and physical card issuance.
•    Allow self-service photo upload and approval workflows.
•    Enable instant card issuance and reprinting.
•    Track card lifecycle (issue, suspend, reissue, deactivate).
•    Support Mag Stripe credentials
- Mobile Credential Support
•    Support for mobile wallets (e.g., Apple Wallet, Google Wallet).
•    Contactless agency-based access for mobile credentials.
•    Remote provisioning and revocation of mobile credentials.
- Transaction Management
•    Real-time transaction processing.
•    Integration with campus POS systems (dining, bookstore, food service, vending, printing).
•    Support declining balance, meal plans, and discretionary funds.
•    Online account management for deposits, transfers, and transaction history.
•    Support of off-campus merchant card programs
- Activity Transaction Management
•    Activity Tracking - Activity Check in / out with report showing how long they were at the activity
•    Validation- ex. ticketing, authorization, etc. 
•    Visitor management
- Event/Conference Management
- Access Management
•    Integration with access control systems
•    Reporting on access transactions from integrated systems
•    Support for credential sharing to integrated access control systems
- Alerts (Email and/or Text)
•    Balance Alerts
•    Confirmation Alerts
•    Push Notification
- Must be able to import data such as users and photos
- Performance: 
•    System must support a large concurrent user’s access with no noticeable latency. 
•    Transaction processing time must not exceed 2 seconds for 95% of transactions.
•    Must be able to support large dataset (300 - 400k) of users as they may not be purged.  
•    Each agency must have its own test and prod environment. "
- Availability 
•    Minimum 99.9% uptime (excluding scheduled maintenance). 
•    Regular scheduled maintenance windows must be communicated at least 72 hours in advance.
•    Any major upgrade or planned outage must be communicated at least 3 weeks in advance. "
- Scalability 
•    Must support scaling of resources based on peak periods (e.g., enrollment, move-in days). 
•    Support both horizontal and vertical scaling."
- Security 
•    Data must be encrypted in transit (TLS 1.2 or higher) and at rest (AES-256). 
•    Regular vulnerability scans and annual third-party penetration testing. 
•    Role-based access control (RBAC) for all administrative functions.
- Compliance 
•    Must comply with relevant laws and regulations (e.g., FERPA, PCI-DSS, GDPR, HIPAA if applicable). 
•    Provide audit reports or SOC 2 Type II certification on request."
- Disaster Recovery & Business Continuity 
•    RTO (Recovery Time Objective) of 4 hours or less. 
•    RPO (Recovery Point Objective) of 15 minutes or less. 
•    Documented and tested disaster recovery plan.
- Data Privacy & Retention 
•    Must allow institution-defined data retention and deletion policies. 
•    Data ownership retained by the institution."
- Support 
•    24/7/365 customer support with response times based on severity: 
•    Critical: ≤ 1 hour o High: ≤ 4 hours 
•    Medium: ≤ 1 business day
•    Dedicated technical account manager or liaison, and 
•    Help desk support for end-users.
- Usability 
•    Intuitive, responsive user interface for desktop and mobile."
- Maintainability 
•    Regular, non-disruptive software updates.
•    Clearly documented upgrade schedules and release notes.
- Portability & Vendor Lock-in 
•    Provide export tools for data extraction in a common format (CSV, JSON, XML). 
•    Clear off boarding procedure in the event of contract termination.
•    Export functionality can be scheduled to as little as 5 minute increments."
- Accessibility
- Branding
- Banner Trusted Partner with ability to provide real time integration to one card system
- Must have API for custom applications
- Handle migration from prior system to new system.  
- Must be able to handle at a minimum CSV, XLSX.
- Provide development server for each agency for testing upgrades and application development.
- Allow for customization of fields
- Provide a list of real-time integration partners for Third Party Software.
- Ability to provide flat-file integration.
- Terminals are not proprietary.  
- Must be able to use both iOS and Android devices as terminals.
- Terminals need to support cash drawers.

- Contract Period/Term: 2 years
- Questions/Inquires Deadline: September 08, 2025