Integrated Database System Hosting Services

The Vendor is required to provide integrated database system implementation, data conversion, workflow configuration, staff end-user and system administrator training, and post-implementation support under the direction of a qualified project manager.
- Requirement:
1. Implementation services
•    Provide, either directly or through qualified subcontractors, all system implementation services. This includes data conversion, workflow configuration, both staff end-user and system administrator training, and post-implementation support under the direction of a qualified project manager. 
•    Resources and services shall be available until the library and vendor mutually agree on full project acceptance.
2. Software hosting
•    Solution must be available as a fully managed, externally hosted service (SaaS) that does not require any on-premises hardware, software, or database management. 
•    The facilities must maintain administrative, physical, technical, and procedural safeguards and industry best practices to secure library data from unauthorized access, destruction, use, modification, or disclosure.
3. System security
•    Must maintain industry-standard cybersecurity certifications for all systems, processes, and personnel involved in the provision of the proposed services. 
•    Acceptable certifications include ISO/IEV 27001, NIST SP 800-53, or SOC 2. 
•    Must also carry cybersecurity insurance.
4. Data security
•    The system must encrypt sensitive data both at-rest and in-transit using industry-standard encryption methods and protocols. 
•    Data at rest shall be encrypted using aes-256 or a stronger algorithm, with a key management system adhering to NIST guidelines. 
•    Data in transit shall be encrypted using TLS 1.3 or higher.
5. Authentication and access controls
•    The system must support common enterprise single sign-on (SSO) methods, enforce NIST-compliant password length and complexity rules, and support creating and modifying access control groups that define users’ permissions to access and modify system data.
6. Data migration, conversion, and access
•    Shall be responsible for migrating all data from the library’s current ILS to the new system and performing any necessary data conversion processes to ensure all migrated data is accurate and consistent. 
•    At the termination of services, the vendor shall provide the library with a full copy of its data at no cost.
7. Documentation and training
•    Provides comprehensive documentation for system administrators and end users, providing clear, step-by-step instructions for performing all functions available in the system. 
•    Also provides online training materials designed to onboard new staff. 
•    The library will have access to a test and training installation of the vendor’s system for testing and training new capabilities or configurations.
8. Integrations
•    System must support third-party applications and services requiring authentication and data sharing using either the sip2 protocol or APIs. 
•    The system must also fully integrate with biblio commons products, especially biblio core, which the library uses as its PAC and discovery layer, and bibliotheca equipment, which the library uses for self-checkout capabilities.
9. Client software UI
•    The client software must conform to legal ADA requirements and standard user interface functionality and principles found in modern windows applications, including support for keyboard shortcuts, mouse-wheel scrolling, right-click context menus, copy and paste, and presentation of information in multiple windows (or tabs).
10. Database access
•    The system’s database must be fully accessible to the library via industry-standard methods for performing data extracts and supporting third-party reporting and analytics tools. 
•    If the system’s production database isn’t accessible, the vendor provides an operational data store or other data environment synchronized with the production database and optimized for data retrieval and reporting.
11. Services availability and recovery
•    The solution must be available 24/7, except for pre-scheduled and announced maintenance windows, and must achieve a 99.9% uptime rate. 
•    The system must be supported by documented incident response, disaster recovery, and business continuity plans that meet or exceed recognized standards.
12. Data reporting
•    The solution must provide a pre-designed set of reports common for public libraries and an integrated reporting tool designed for non-technical staff to design simple reports requiring little to no SQL or programming knowledge.