Student Information System Solution

The Vendor is required to provide a student information system (SIS) software as a service (SaaS) solution to meet the needs of its universities (Members).
- Procuring an integrated, scalable, and cloud-architected SaaS SIS Solution to help achieve the Strategic Goals listed below:
•    Stakeholder Experience: Deliver a seamless experience for students, faculty, and staff by reducing friction points and providing modern, intuitive features that enable essential academic and administrative activities.
•    Process Improvement: Streamline workflows by adopting best-practice approaches and leveraging automation to reduce manual interventions, driving greater operational efficiency for staff.
•    Integrated Ecosystem: Position the SIS as the single point of access and integration for student information, reducing ecosystem complexity for staff and enabling more efficient access to insights.
•    Reliability and Support: Optimize solution reliability and support model to reduce the risk of downtime and strain on IT and student support resources.
•    Flexible Learning Pathways: Enable a unified experience for learners pursuing traditional, hybrid, or credential-based programs within or across A&M System Members.
•    Shared Innovation: Accelerate innovation and platform improvements through Systemwide collaboration and shared expertise on a common SIS solution.
- Integration Gaps Result in Manual Workarounds: Staff frequently rely on manual processes to synchronize data, reconcile reports, and navigate multiple systems to provide services. Academic and support capabilities spread across a diverse ecosystem of applications lack real-time integration. This complexity impacts the overall stakeholder experience, forcing faculty, staff, and students to navigate multiple disconnected applications for routine tasks, reducing efficiency and negatively impacting user experience.
- There are varying levels of maturity in regard to leveraging data warehouse, data lake, and analytics tools.
- System Include:
•    Solution shall have authorization policy management
•    Solution shall have entitlement management
•    Solution shall have delegated administration
•    Solution shall have appropriate privacy policy
•    Solution shall have granular authorization support
•    Solution shall have proprietary access API
•    Solution shall have  consumer login password reset capability secured by security measure like security questions and one time passcode to phone or email
•    Ability to implement and customize Multifactor authentication (MFA)
•    Solution shall have System for Cross-Domain Identity Management (SCIM) support
•    Ability to provide role-based security that limits access to subsets of records or data elements. The role-based permissions should deny all access unless specifically granted based on a permissions system
•    Ability to provide integration between various modules (e.g. Human Resources, Security, Finance, Payroll, Identity Access Management) to support the update of employee access and security profiles
•    Ability to map application layer user security roles/groups to AD groups for user provisioning
•    Ability to support Active Directory integration for user provisioning/deprovisioning, rights assignment and authentication 
•    Ability to support SAML2.0
•    Ability to pass AD groups in the assertion for rights assignments
•    Ability to support automated user deprovisioning for terminations
•    Ability to provide privileged and administrative access controls
•    Ability to provide physical security to safeguard the underlying digital infrastructure
•    Ability to provide published breach disclosure policy
•    Ability to provide published screening and hiring practices for employees who access enterprise data and user information
•    Ability to provide APIs/open interfaces that are secured and encrypted using both user-authentication/role (for individuals) and bearer-token capability (for system-to-system).  Ability to administratively assign, revoke, authorize permissions for these APIs/open interfaces.
•    System shall have redundancy in the application server tier
•    System shall have redundancy in the database server tier 
•    System shall have restart and recovery capability after system failure with no loss of data or software components
•    System shall have roll-back capability of data (e.g., corruption, invalid data)
•    System shall have roll-back capability of software / system updates
•    System shall have integrity checking capability to identify the existence of program and/or system discrepancies and issue an alert to the appropriate systems operations team
•    System shall have file protection capability to limit the types of operations (e.g. read, write, delete, data dictionary modification) that can be performed by individual users on given data or program files
•    System shall have incremental, differential, and full backups and restores of the database, core and customized software, software and database configuration options, and user preferences and rights
•    Ability to bring system up within a predefined RTO time with a data loss not to exceed a predefined RPO in a remote location in the event of a disaster
•    Ability to perform regular (example:  annual) disaster recovery tests without interference or risk to production environment
•    Ability to restore and roll forward immutable backups at DR location
•    Ability for A&M System to declare disaster
•    Ability to return to production site at the end of a disaster and restore DR capability
•    Ability to perform backups and all other administrative functions at DR location.