The vendor is required to provide from qualified vendors the information necessary to select a partner to replace its aging integrated tax administration system (ITAS) and ancillary tax processing systems with a modern, secure meets the agency’s tax administration needs and requirements with minimal customization.
- The apparent omission of detailed description concerning any point, shall be regarded as meaning that only the best commercial practice is to prevail and that only processes, configurations, materials and workmanship of the first quality may be used.
- Provide written notice of its intent to deliver alternate or substitute services, products, goods or other deliverables.
- Alternate or substitute services, products, goods or deliverables may be accepted or rejected in the sole discretion of the state; and any such alternates or substitutes must be accompanied by vendor’s certification and evidence satisfactory to the state that the function, characteristics, performance and endurance will be equal or superior to the original deliverables specified.
- Site and system preparation:
• The deliverables to be installed or implemented shall operate properly and efficiently within the site and System environment.
- This policy applies to all staff and systems
- The CIO may revoke an authorization at any time and all agency data must be sanitized from the system in accordance with publication 1075 sanitization requirements.
• No agency data may be received, stored, processed, or transmitted by systems that do not have an authorization to operate (ATO).
• All systems must be continuously monitored using CIO-approved processes and technologies to ensure all security and compliance requirements are met.
• All systems must be assessed for security and compliance annually to maintain the ATO.
• ATO’S are time limited and may be good for up to three years before expiring. prior to ATO expiration, a new ATO request for the system must be re-submitted to initiate the certification and accreditation (C&A) process.
• Any system undergoing enough significant changes to constitute a major change requires responsible
parties and system owners to update the systems security plan and re-submit an ATO request to initiate the C&A process.
• ATO’S will be issued by the chief information officer (CIO) for the ATO boundary described in the approved system security plan. - All staff must:
• Ensure systems they own and/or are responsible for have an ATO through a formal request and
submission to the C&A process.
• Ensure that they do not allow agency data to reside on systems that do not have an ATO.
• Report a security incident if they know or suspect that agency data resides on systems that do not have an ATO.
• Ensure that systems they are responsible for are continuously monitored for compliance.
• Participate as needed in the C&A process and continual monitoring process to ensure that all security and compliance requirements are met by all systems.
- Contract Period/Term: 6 years
- Questions/Inquires Deadline: March 28, 2025
