Records Management System Software

The Vendor is required to provide web-based, cloud stored, fire department centric records technology system which includes the ability to meet industry standards as they relate to epcr incidents, fire incident reporting, and incorporate a response, resource, incident, incident accountability, another activity modules.
- System must include fire prevention and permit inspections and re-inspections module, accept and maintain, building and occupancy record data (including required occupancy search and retrieval) functionality indexed to local geographical information system data (including owner data).
- Mandatory basic requirements:
•    The provider must demonstrate that the proposed software must be a fully tested, and accepted, production product which is not in alpha or beta review or testing.
•    The provider must demonstrate that the proposed software administration and management functions are 100% compatible with the city's use of Microsoft products, including, but not limited to: MS SQL server, MS outlook, MS excel, MS server software, etc., with forward browser compatibility for any browser add-ons required.
•    Provider shall describe in detail system architecture documentation including system, network, security, and traffic flows to assist city information services division staff with understanding firewall configuration and system implementation requirements.
•    The provider must demonstrate that the proposed software is compatible with industry accepted web-browsers (both desktop and mobile based), including: internet explorer, edge, Firefox, safari, and chrome.
•    The provider must demonstrate that the proposed software is compatible with industry accepted mobile applications (both android and apple iOS).
•    The provider must demonstrate that the proposed software and system utilizes Microsoft active directory, or Microsoft Entra for managing system security access, authentication and SSO integration.
•    The provider must demonstrate that the proposed software is compliant with applicable industry regulatory compliance frameworks for the information that it accesses, processes, renders, and stores.
•    The provider must acknowledge that the city will be the owner of all the data from this software and application, including all meta-data and transactional data.
•    The provider must disclose any consultants or active employees that have (or are currently employed) in the fire service, and their capacity.
•    The provider must assign an account manager, customer support representatives, etc. for single accounts that must be full-time employees with the provider.
- Service level:
•    Provider shall provide commercially reasonable levels of customer service with respect to the software to all third parties who transact business with provider and city and access the software.
•    Provider shall backup the database used in connection with the software to a separate server located within the same web hosting firm which the solution is being hosted on a real time basis.
- Up time and availability:
•    Provider shall demonstrate 99.5% availability record.
- Security:
•    Provider shall describe the application's integration components with Microsoft active directory and Microsoft Entra for managing system security access, authentication, and SSO integration.
•    Provider shall ensure that user account creation, management, authentication, and password security are managed through the city Microsoft active directory and Microsoft Entra environment utilizing single sign-on (SSO).
•    Except for limited local administrative accounts managed by the city’s information services (ISD), the system shall not maintain a separate user password database.
•    Provider shall describe how the software allows for multi-faceted role-based authorization security levels for activities within the software.
•    Provider shall describe the granular security features to restrict information by user that can be viewed, added, deleted or otherwise modified.
•    Provider shall describe all security audit reports, and how those reports will be transmitted to the city and on what frequency.
•    Provider shall describe all hosted data, if applicable, and provide documented security policies and procedures to include handling of electronic data, physical security, and employee security.
•    Provider shall describe any identity theft prevention program in place.
- Disaster recovery:
•    Provider must describe the capability to recover from natural, human-caused, and electronic disasters (including security compromises) that could interrupt service to the city and the city's customers.
•    Provider must describe all redundancy of network gateways using multiple, physically noncontiguous us locations provided in case of network-related issues or loss of service.
•    Provider must describe the environmental safeguards present at any data centers that host software, including:
o    Fire detection and suppression
o    Uninterruptible power supply
o    Power generator management
o    Climate control
o    Procedures for off-site storage of data.