The Vendor is required to provide for website design and maintenance services through a competitive contract process.
- Responsive Web Design
• The website must utilize responsive design, adapting seamlessly to various screen sizes and devices (desktop, tablet, mobile).
• Must meet WCAG 2.1 Level AA accessibility standards to ensure usability for all users, including those with disabilities.
• Implement mobile-first design principles to optimize performance on smaller devices.
- Secure Frontend Development
• Utilize a secure, modern content management system (CMS) such as Joomla (version 5.x or latest stable) or equivalent, with real-time frontend editing capabilities.
• Ensure all frontend interactions are protected against cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities.
• Implement input validation and sanitization for all user inputs.
- Robust and Secure Content Management System
• Provide a customized CMS allowing township staff to update pages, content, images, and blogs securely.
• Enforce role-based access control (RBAC) with multi-factor authentication (MFA) for all administrative accounts.
• Regularly update CMS and plugins to patch known vulnerabilities.
- Typography and Analytics
• Integrate Google Fonts with secure HTTPS connections to ensure data integrity.
• Implement Google Analytics with IP anonymization enabled to comply with data privacy regulations (e.g., GDPR/CCPA if applicable).
• Use secure API keys for all third-party integrations, stored in environment variables or a secure vault.
- Search Engine Optimization (SEO)
• Optimize website structure and content for search engines, including clean URLs, Meta tags, and schema markup.
• Ensure no sensitive data is exposed in metadata or publicly accessible files.
- Secure Contact Forms
• Implement a contact form with CAPTCHA (e.g., reCAPTCHA v3) to prevent spam and brute force attacks.
• Use HTTPS for all form submissions to encrypt data in transit.
• Validate and sanitize all form inputs to prevent injection attacks.
- Social Media Integration
• Include secure social media sharing links, using HTTPS and avoiding deprecated APIs.
• Validate all external links to prevent open redirect vulnerabilities.
- Website Archival
• Archive the existing website securely, ensuring no sensitive data is exposed during the process.
• Store archives in a secure, encrypted format with access restricted to authorized personnel.
- Google Calendar Integration
• Integrate Google Calendar feeds using secure API connections with OAuth 2.0 authentication.
• Restrict calendar data exposure to only what is necessary for public display
- User Account Management
• Create user accounts with granular permissions based on the principle of least privilege.
• Enforce strong password policies and MFA for all accounts.
• Implement account lockout mechanisms after repeated failed login attempts.
- Data and Document Migration
• Securely transfer all existing content, including 60+ menus, articles, and documents, from the current website.
• Verify data integrity during migration and ensure no sensitive data is exposed.
• Use encrypted connections (e.g., SFTP or HTTPS) for data transfer.
- Contract Period/Term: 5 years
