Vital Events Registration System

The Vendor is required to provide for a modern, technologically advanced vital events registration system (VERS) that can accommodate 3,500 users and ~23 million records.
- Requirement:
1. General
•    Provide a general description of your vital events registration system that broadly describes the database structure for systems that are currently used by suppliers’ customers. 
•    Provide an example of a current customer.
•    Describe data conversion methodologies successfully accomplished. 
•    Data conversion can include converting historical, disparate, or even paper records into modernized digital records. 
•    This can also include translating data from various systems into vital records (i.e. Healthcare facilities, funeral homes, medical examiner, etc.)
2. Identity, login and access control
•    Solution manage user identities, ensuring a single, unique secure digital identity for both internal staff and external, authorized partners
•    System’s support for multi-factor authentication (MFA) and single sign-on (SSO) for authorized users.
•    The system implement role-based access control (RBAC) and attribute-based access control (ABAC) to restrict access to sensitive protected health information (phi) and personal identifiable information (PII) based on user authorization
•    Lifecycle management scale for continuous onboarding, role changes and departures.
•    Administrator have the ability to process bulk-add and bulk-disable users, and map them to roles based on organization and job function, instead of managing accounts one by one
3. Audit logs, fraud detection and investigations
•    System auditability: describe how your system creates a secure, computer-generated, time-stamped audit trail that records the user, date, time, login attempts (successful/unsuccessful), IP addresses, device information and specific actions (create, modify, delete) for all electronic records.
•    Workflow monitoring: tools are included to highlight unusual or potentially fraudulent activity, such as large number of certificates issued by a single user, repeated access to restricted records, or inconsistent data (e.g., duplicates).
4. Reliability, disaster recovery and change management
•    System’s approach to achieving 99.99% or higher uptime for critical, 24/7 web-based registration services. 
•    Architecture for high availability, including load balancing and geographical redundancy.
•    Solution offer automated failover to a secondary site or cloud region
•    Disaster recovery (DR) plan, including recovery point objective (RPO) and recovery time objective RTO for a total data center failure.
•    Methodology for testing changes in a staging environment that mirrors production before deployment
5. Integration and interoperability capabilities
•    Implementing cross-jurisdictional verification interfaces to allow secure, real-time data verification
•    Technical infrastructure (SaaS, cloud-based, on premises) and its compliance with data privacy standards.