Housing Management System

The Vendor is required to provide housing management system (HMS) will serve housing and residence life, finance, IT, facilities, dining, conference services, and related stakeholders.
- Requirement:
1. Hosting and environments
• Deployment model: cloud
• Environments: dedicated prod and test with easy refresh and cloning and configuration promotion.
• Availability: 99.99% monthly uptime; publish real-time status and historical uptime; provide machine-readable status feed and email/SMS alerts.
• Scalability: must support seasonal spikes (e.g., room selection, move-in) without degradation.
• DR/BCP: document RTO ≤ 4 hours and RPO ≤ 15 minutes; geo-redundant backups; quarterly restoration tests.
2. Identity, access and audit
• SSO: SAML 2.0 and/or OpenID connect, compatible with Microsoft entra id (azure ad).
• MFA: respect institution-enforced MFA; no stored passwords for university users.
• RBAC: fine-grained roles and permissions; group-based assignment; delegated administration; least privilege.
• Audit: immutable audit logs for data access, configuration, and user actions; exportable and retainable per university policy.
3. Data protection and security
• Data residency: Primary data processing and storage (preferred).
• Encryption: tls 1.2+ in transit; aes-256 at rest; key management practices documented.
• Secure sdlc: static/dynamic testing, third-party pen tests (annual), SBOM updates, vulnerability SLAs (critical ≤ 7 days; high ≤ 14 days).
• Incident response: 24×7 reporting channel; notify university within 24 hours of security incidents per policy 890; cooperate on root cause analysis.
• Privacy: FERPA-aligned access controls and data handling; data retention schedules configurable; right to export all data at termination in open formats.
4. Integrations (required unless marked otherwise)
• Banner (ellucian) – flat file/sftp, daily minimum
o Imports: student and admissions data; populations (athlete, international); name, gender, email, class, credits, and general student data.
o Ability to handle long or complex names including special characters
o Exports: contracts (add/cancel/reinstate); room assignments (add/change/cancel; early/late stay); meal plans (add/block/declining dollars/cancel).
o Technical: sftp with key-based AUTH, PGP encryption, schema/versioning, error logs, and automated retries.
• Billing and payments: touch net for non-student invoices/charges.
• Accommodations: symplicity accommodate (file/api).
• Conduct: maxient (nice-to-have).
• Mail and packages: brynka or replacement package tracking (nice-to-have).
• Keys: keystone (nice-to-have).