Website Design, Implementation and Hosting Services

The Vendor is required to provide for a proponent to design, build, and host a website that meets the following requirements:
•    Provides intuitive navigation and seamless user experience.
•    Highlights library programming, services, and collections.
•    Complies with federal and provincial accessibility standards (AODA, WCAG 2.1 level AA).
•    Maintains strong security and privacy protections for staff and patrons.
•    Supports responsive design and compatibility across all devices.
- Design and project requirements
•    Front and back-end WYSIWYG platform description, including end-coding capabilities (HTML, CSS, animations, 3rd party API's, custom software).
•    Responsive design for a variety of platforms (pc, tablet, phone) and browsers
•    Accessibility conformance report demonstrating WCAG and AODA compliance.
•    Screen reader support, keyboard navigation, dynamic widgets, sitemaps, and search functionality with typo-tolerance for site-wide searches.
•    Migration of existing content to the new platform
•    API integration for real-time syncing with third-party tools (e.g... Sirsidynix
•    Symphony, patron point, bibliocommons, reach deck, google analytics).
•    Secure hosting within country for all environments with 99.9% monthly uptime, excluding scheduled maintenance
•    Staff training and documentation for website maintenance.
•    User acceptance testing (UAT) and core web vitals (CWV) scoring prior to launch.
•    Service level agreement (SLA) detailing uptime commitment, support responsiveness and resolution, maintenance, security response, performance reporting, and rermedies when commitments are not met
- Website security
•    Secure, multi-factor authentication (MFA) for all administrative and library staff logins.
•    Detailed disaster recovery plan (DRP), including backup frequency, recovery time approximations, and recovery point objectives.
•    Encryption of stored data using aes-256 encryption standards.
•    Daily encrypted backups.
•    Hosting infrastructure with firewall, intrusion detection and prevention systems (IDPS), and denial of service (DDOS) protection.
•    Protections against cross-site scripting (XSS), cross-site request forgery (CSRF), and SQL injection attacks using secure coding practices, and content security policy (CSP) headers.
•    All web traffic must be encrypted using https with TLS 1.3.
•    PCI compliant at level 4.
•    Vendors are encouraged to describe any additional security practices.