Constituent Services Mobile Application and Supporting Components and Services

The Vendor is required to provide for a constituent services mobile application (CSMA) and supporting components and services.
- The Solution will consolidate access to multiple government services into a single, secure, and user-friendly platform, modeled after successful statewide solutions such as the MyTN Services Mobile Application.
- The CSMA can improve customer service experience by bringing multiple government services into one secure and easy-to-use mobile platform.
- The goal is to improve service delivery, expand accessibility, reduce administrative burden, and increase citizen engagement with government programs.
- The Solution will establish an architecture which allows for onboarding of future services in a manner which allows for a consistent look and feel, and overall improved customer experience, with the goal of establishing an architecture which enables the future incorporation of Omni channel support (i.e., web browser, interactive voice response/chat, short message service (SMS), kiosk support).
- The application will deliver a customizable user experience, allowing individuals to tailor the interface to highlight the services most relevant to their needs. By consolidating multiple constituent services into a single mobile platform, the solution will enhance convenience, improve transparency, and increase engagement.
- Provides as much transparency as possible and respects the privacy of the individual interaction with the Solution.
- The Department envisions this mobile application as a trusted digital gateway, empowering constituents to engage with government services anytime, anywhere (subject to geographic limitations), with confidence in both the usability and security of the platform
- Hosting
•    Solution components (apart from the mobile application itself and components non-resident on state-owned systems, in accordance with an approved solution architecture) must be hosted in a FedRAMP moderate (at a minimum) authorized environment.
•    The environment must meet all requirements outlined in the FedRAMP security assessment framework, including continuous monitoring, incident response, and reporting obligations.
•    The state has a strong preference for all components anticipated by this section to be hosted in a state owned or managed cloud hosting service, or, within the state managed datacenter.
•    The contractor shall ensure that all services, data storage, and processing associated with this solution remain within a FedRAMP Moderate (at a minimum) certified boundary
- Constituent Services Mobile Application (CSMA) Functional Requirements
•    Services directory – the solution must allow for a searchable catalog of available services.
•    Citizen dashboard – the solution must provide a personalized view of selected services.
•    Digital transactions – the solution must integrate with one or more payment card industry data
•    Security standards (PCI-DSS) compliant payment processing service gateways for those services which incorporate a payment component.
•    Applications and forms – the solution must allow for secure digital submission of items necessary for conduction of business via the available services.
•    Messaging – the solution must provide for a secure messaging function for constituent use in communicating with state department business process owners of the available services.
•    Notifications – the solution must provide for selectable “push alerts” with regard to deadlines, benefits, and emergencies.
•    Analytics dashboard – the solution must provide tracking ability and reporting ability for performance and usage of the solution by constituents.
•    Integration application programming interfaces (APIS) – the solution must provide open APIS to support third-party and future services.
•    Offline capability – the solution must provide the ability to save forms and view limited data offline.
•    Chatbot capability – the solution shall allow for integration of chatbot capability.
•    Feedback capability – the solution shall allow for a user to provide feedback or suggestion in relation to a specific service utilized, and for the mobile application itself.
•    In-app help and contextual tips
- Identity Access Management (IAM) Functional Requirements
•    Support tiered identity proofing and verification, ensuring the authenticity of identity claims and accuracy of information provided.
•    Utilize the State’s IAM strategy to capture constituent identity and profile data.
•    Enable Single Sign-On (SSO) with multifactor authentication capability through the State’s IAM strategy for the scope of services available.
•    Incorporate identity lifecycle management components including (but not necessarily limited to):
o    Identity Creation
o    Identity Provisioning
o    Identity attribute management
o    Authentication (e.g., alignment with password policies and synchronization)
o    Identity DE provisioning
•    Provide a sufficient description of the architecture such that incorporation of future means of identity proofing can be incorporated.
•    Enforce application-level access control by supporting the assignment and management of multiple roles and permissions, including but not limited to:
o    Individual.
o    Business Owner.
o    Employee identity for those State employees who work in a support capacity for the Solution.
o    Multi-role individual that could include any combination of the above three.
- The Solution must include support for constituents with personalized and timely assistance with a 24x7x365 service.
- The Solution should deliver a user-friendly and intuitive interface, designed in alignment with best practices in mobile usability, accessibility, and responsiveness.
- The Solution must be architected and developed in accordance with industry-recognized security standards and secure coding practices.
- Sensitive data—including personally identifiable information (PII), authentication credentials, and financial information—must be safeguarded through the use of encryption, secure storage mechanisms, and modern authentication protocols.
- The Solution must undergo comprehensive testing and quality assurance, including vulnerability assessments and penetration testing, prior to production release.
- The Contractor shall propose an approach that balances innovative design, technical excellence, and rigorous security controls to ensure a solution that is sustainable, scalable, and future-ready.
- Provide Apple App Store and Google Play store compliance.
- Mobile Application Store Updates and Compliance to include, at a minimum, Apple App store and Google Play store.
- Monitoring and Analytics which feature, at a minimum:
•    Bug reporting.
•    User analytics (screen view counts, feature usage, how long and how often users engage with the app, etc.).
•    Push notification analytics
•    Security and compliance monitoring (tracked logins, failed logins, audit logging for compliance, etc.)
•    Operational monitoring (app store metrics, device and OS distribution, error and support logs).
•    Advanced Analytics (predictive analytics including churn, download likelihood, and feature adoption, and sentiment analysis to evaluate app reviews or in-app feedback to extract user sentiment trends.)
- The System Security Plan must describe, at a minimum, the security controls, processes for the authorization and establishment of constituent access to services and change governance strategies that are envisioned.
- The System Security Plan must clearly outline the methods, processes, and tools that will be utilized to ensure adherence to the State’s security and compliance standards.

- Contract Period/Term: 3 years
- Questions/Inquires Deadline: October 20, 2025