Web-Based Preparedness Application

The Vendor is required to provide for the implementation of a cloud-based application or applications to support the data management and incident command functions described in Background/History.
- Key functional areas:
• Incident Management – a scalable electronic incident command system (ICS) that supports planning for, responding to and recovering from emergency incidents. The system must adhere to the National Incident Management System (NIMS) and the National Response Framework and adapted for public health and healthcare use.
• Bed Availability and Resource Management – A statewide electronic healthcare facility resource management platform as a data store that captures various, customizable essential elements of information (EEI), organize situational awareness views and reports collating the data in a variety of ways (by location, by pre-set region, by state, etc.), and create incidents and incident notifications via email and SMS.
- The application must be accessible and fully functional using any web-capable device, including tablets, smartphones, and laptops.
- The application must be accessible and fully functional with the current versions of at least one of the following web browsers: Microsoft Edge, Google Chrome, Apple Safari, or Mozilla Firefox.
- The application must support users from state, local, and regional levels and conduct cross-sector data collection and information sharing.
- The application shall not have per-seat/per-use license fees and be able to support 5,000 concurrent users.
- Application Availability—The application must be available 24 hours a day, 7 days a week, 365 days a year, with at least a 99.95% uptime (excluding scheduled application maintenance).
- The application must not require any software to be downloaded onto user machines to function properly. Solutions that require the installation of client software will not be considered.
- The application shall allow authorized administrators to view users’ access status and be able to terminate current connections as needed.
- The application must support role-based access controls
- The application’s role-based access controls must allow discrete authorization for read/write, editing, and deletion permissions.
- Local system administrators shall be able to assign user roles and privileges to user accounts.
- The application must support segregation of data access privileges based on user role.
- The application shall allow authorized administrators to create new healthcare facility accounts and new user accounts related to that healthcare facility.
- The application must require all users to login using a unique ID and password.
- Must be able to provide full audit logs for authentication events upon request.
- The application includes a Federal Emergency Management Agency-compatible After-Action Report that is completed and downloaded.
- The application shall provide the ability to create incidents, manage multiple incidents simultaneously, and store, query and view historical data associated with an incident.
- Application has a distinct user administration section. A system administrator must be able to easily add/change/inactivate/remove users.
- Application shall provide access to a test/demo environment for system testing and user training.