← Back

Attachment 1.xlsx

Parsed source · 23,958 chars

Functional

B2600076 HR-3449 RFP for Retirement Plan Tracking Software
Functional Requirements Vendor:
Vendor Instructions: Fill out the "Response Code" and "Comments" fields for each requirement. If a "Response Code" is missing or marked as "Not Supported" for any "Must Have" Requirement, the vendor's proposal may be disqualified. Use the "Comments" field to explain or provided additional information on a particular requirement. Reference to an exact page # and paragraph in an attached document is acceptable.
Category Response Code Values:
Values: SF = Standard feature and included in this proposal
M = Must Have AO = Add-on (optional), not included in standard product but available for purchase
S = Should Have TP = Third Party solution, not included in this proposal (identify 3rd party sources)
45839 N = Nice to Have NS = Not supported
Req # Requirement Category Response Code Comments
F-01 Solution must be capable of tracking 3 or more tiers of Retirement Plans (401)a plan types, with grandfathered provisions M
F-02 Solution to accurately calculate benefits for employees with consideration for eligibilty rules (age, service, employment status, job class, etc.) M
F-03 Solution to offer online services for employees to calculate retirement options at various ages, under various circumstances M
F-04 Solution to be configured to support spouse / beneficiary elections M
F-05 Solution to allow for Life event processing, such as: leave of absence, disability, military leave, and beneficiary support in the event of participant death. M
F-06 Data Migration from Weld's current system is part of proposal (See N-34) M
F-07 Ability to move funds between multiple institutions such as Wells Fargo and US Bank N
F-08 Capability of E-signature N
F-09 Ability to link outside / other 401K / 457 plans N
F-10 Ability to provide annual participant statements (Actuary currently does) N
F-11 Provide online retirement application for participants N
F-12 Manage Weld County Retirement Forms or Documents such as: Beneficiary Form, Retirement Checklist, Retirement Beneficiary for Spouse, etc N
F-13 Ability for Administrators or Employees to perform retirement calcs using variable salary changes (forecasting future salary and pension or cost of living increases) S
F-14 Ability to perform audits on events such as death to discontinue or modify payments when appropriate S
F-15 Ability to audit current retirement calculations in Weld's current system and make corrections before moving to new system S
F-16 Track and maintain working retirees, such as important dates for eligibility and expirations S
F-17 Process retirement for multiple employment periods and rehires S
F-18 Ability to process lump sum benefit payouts S
F-19 Report on vesting status & service tracking S
F-20 Outbound integration from Workday to proposed solution S
F-21 Ability to track and perform options for various job positions and time in that position, in different departments S
F-22 Data Retention schedules should be able to be configured and managed according to Weld's policy S
F-23 System tracks prorated service accrual based on FTE or hours worked S

Technical

B2600076 HR-3449 RFP for Retirement Plan Tracking Software
Technical Requirements Vendor:
Vendor Instructions: Fill out the "Response Code" and "Comments" fields for each requirement. If a "Response Code" is missing or marked as "Not Supported" for any "Must Have" Requirement, the vendor's proposal may be disqualified. Use the "Comments" field to explain or provided additional information on a particular requirement. Reference to an exact page # and paragraph in an attached document is acceptable.
Category Response Code Values:
Values: SF = Standard feature and included in this proposal
M = Must Have AO = Add-on (optional), not included in standard product but available for purchase
S = Should Have TP = Third Party solution, not included in this proposal (identify 3rd party sources)
N = Nice to Have NS = Not supported
Req # Requirement Category Response Code Comments
T-01 The solution must be provided as a SaaS or equivalent fully hosted cloud deployment, requiring no on‑prem infrastructure, including compute, database, or storage component M
T-02 The solution supports the most current version of all platforms the application runs on. M
T-03 The solution provides critical updates and patches to their system in support of OS and application security patches M
T-04 The solution is compatible with stateful firewalls, IDS/IPS, and Zero Trust policies. M
T-05 The solution encrypts data in transit. If TLS is used, TLS 1.2 is a minimum requirement. Use the 'Comment' box to describe. M
T-06 The solution encrypts sensitive data at rest M
T-07 The solution does not require a "thick" client installed on endpoints M
T-08 The solutions hosting environment is geographically redundant with real‑time failover capabilities and the ability to shift workloads between primary and secondary data centers without service interruption M
T-09 The solution cloud platform must support seamless, non‑disruptive upgrades with no required system downtime for maintenance. M
T-10 The vendor discloses datacenter locations, redundancy models, and high‑availability architecture. M
T-11 The solution integrates with the County’s Microsoft Azure Active Directory for Single Sign‑On (SSO) and authentication. M
T-12 The solution supports MFA M
T-13 The solution fully supports modern browsers including Chrome, Edge, and Firefox. M
T-14 The solution has the ability to run reports, including the ability to export. M
T-15 The solution supports and uptime of 99.9% or higher M
T-16 The solution provider delivers timely change notifications for all system updates and must provide a documented reason for any outage if one occurs. (Reason For Outage) M
T-17 Vendor must manage backups within their cloud environment and meet County retention requirements. (7 years) M
T-18 The solutions backups must include point‑in‑time recovery and must be stored in geographically redundant facilities. M
T-19 The solution must be capable of exporting all County data in standard formats upon contract termination. M
T-20 The solution must be an end‑to‑end hosted solution, including system monitoring, patching, backups, upgrades, and database management M
T-21 The solution must provide 24×7 support for critical issues, including defined escalation pathways M
T-22 The solution must be compatible with ADA compliance requirements M
T-23 The soliton vendor must provide an architectural overview (network, application, and data flow diagrams) M
T-24 The solution vendor must disclose all subcontractors involved in hosting, support, or data handling M
T-25 The solution must support controlled release channels (e.g., early access, standard release) M
T-26 The solution should provide access to audit logs (admin activity, user logins, configuration changes) with configurable retention. M
T-27 The solution vendor must disclose procedures for security incident notification, including timelines M
T-28 The solution vendor must confirm the County retains full ownership of all data at all times. M
T-29 The solution vendor should offer optional data export automation (scheduled exports or API‑based access). M
T-30 The solution vendor must specify how customer data is segregated if multi‑tenant environments. Please use comment field. M
T-31 The solution vendor must disclose any resource throttling or auto‑scaling constraints in their environment M
T-32 The solution provides performance dashboards or regular service‑level reporting. M
T-33 The vendor provides post‑go‑live hyper care support details. M
T-34 The vendor identifies any required browser extensions or plug‑ins for the solution S
T-35 The solution includes both a production and a Staging tier. Please use the Comments box to describe. S
T-36 The solution provides a separate administrative console accessible only to users with elevated permissions S
T-37 The solution has a built-in or native process to rollback changes , or updates if the patch is not functional. S
T-38 The solution has capabilities for clustering, high availability, etc. S
T-39 The solution meets transaction latency targets ( < 2s for common queries, < 5s for reports) S
T-40 The solution integrates with Microsoft cloud services, including O365 / Exchange Online for email notifications and messaging. S
T-41 The solution supports import/export using formats such as CSV, TXT, XML, PDF S
T-43 The solution is mobile friendly and / or has an app. N
T-44 The solution has AI capabilities for improved reporting and analytics. Please detail in comments. N

Security

B2600076 HR-3449 RFP for Retirement Plan Tracking Software
Security Requirements Vendor:
Vendor Instructions: Fill out the "Response Code" and "Comments" fields for each requirement. If a "Response Code" is missing or marked as "Not Supported" for any "Must Have" Requirement, the vendor's proposal may be disqualified. Use the "Comments" field to explain or provided additional information on a particular requirement. Reference to an exact page # and paragraph in an attached document is acceptable.
Category Response Code Values:
Values: SF = Standard feature and included in this proposal
M = Must Have AO = Add-on (optional), not included in standard product but available for purchase
S = Should Have TP = Third Party solution, not included in this proposal (identify 3rd party sources)
N = Nice to Have NS = Not supported
Req # Requirement Category Response Code Comments
S-01 Application requires user authentication. M
S-02 Each user in the system has a unique login. M
S-03 Credentials are passed over the network encrypted. M
S-04 Credentials are stored encrypted. M
S-05 Application enforces a password policy (i.e. password complexity, account lockout, etc.) M
S-06 Application uses a service account. M
S-07 No sensitive data is accessible from a public facing system. M
S-08 Sensitive data is encrypted at rest. M
S-09 All data is encrypted in transit. M
S-10 Vendor makes updates available on a regular cadence to resolve security vulnerabilities. M
S-11 The application sends email from a vendor domain using a Weld defined alias (and does not required to send as weld.gov). M
S-12 Solution integrates with Active Directory for Authentication. M
S-13 If utilizing a hosted platform, the platform is FedRAMP certified. S
S-14 Role-based security can be applied. S
S-15 Remote log collection is supported by SIEM. S
S-16 Security roles or permissions can be granted to either individual accounts or to groups. S
S-17 Application provides an audit log of user activity. S
S-18 Microsoft file and print sharing is required. S
S-19 Application supports Single Sign-On (SSO) using Azure Active Directory (EntraAD) S
S-20 Application supports Windows Only Authentication Mode. N

Narrative Questions

B2600076 HR-3449 RFP for Retirement Plan Tracking Software
Narrative Questions Response Vendor:
Vendor Instructions: Answer all questions that apply.
Req # Category Question Vendor Answer
N-01 Functional Describe this product's release cycle. Include details of releases over the past year and details of upcoming releases (major improvements/features) within each release for the next 12 months to 3 years.
N-02 Functional How does the proposed solution support ad-hoc reporting?
N-03 Support What are the locations of support services?
N-04 Support What is the level of support during and outside of business hours (e.g. pager, 800 number, hours of operation, etc.)
N-05 Support How are problems reported and tracked?
N-06 Support What are the expected SLAs (service level agreements)?
N-07 Support Describe the release cycle for operational improvements.
N-08 Support What is the problem escalation process, including resolution process and timing?
N-09 Support What is the frequency of software upgrates/upgrades?
N-10 Support What are your standard business hours for technical support?
N-11 Support What is the vendor's preferred method for accessing systems for support?
N-12 Support Describe how hotfixes are released and applied for urgent matters such as bug fixes and security vulnerabilities.
N-13 Vendor Qualifications Provide details of any subcontracting arrangements that will come into effect if vendor is awarded the business outlined in this RFP.
N-14 Security What is the frequency of security patches?
N-15 Security Which of the following authentication systems are used by the proposed software: - Active Directory via LDAP - Integrated Windows Authentication - Application (i.e., usernames stored in database) - Database (i.e., database account required) - Web Server (i.e., htacess file) - Other: - Or specify that an authentication system is not used by the proposed software
N-16 Security What form of authentication are supported: - Password - Biometrics - Token (hardware based)
N-17 Security Document which areas of the system pass credentials over the network. In your documentation, make sure to answer the following questions: - If credentials are passed over the network, are they encrypted? - Are credentials stored? - Where are credentials stored? - Are stored credentials encrypted?
N-18 Security Describe access controls to different modules/levels of software. How does the system verify that the user is authorized to perform specific actions within the system? Can role-based security be applied?
N-19 Security How does the application enforce a password policy? (ex. Password complexity, account lockout, etc.)
N-20 Security Does the application provide an audit log of user activity? If yes, please explain.
N-21 Security Does the application store any sensitive data? If yes, describe how sensitive data is encrypted. Sensitive data may include: - PII (Personally Identifiable Information) - PHI (Personal Health Information) - CJI (Criminal Justice Information) - CHRI (Criminal History Record Information) - Payment Card data - Banking or other fiance-related data
N-22 Security What ports need to be open for the software to function? Can these ports be configured to use non-standard port numbers?
N-23 Technical What protocols are used by the application (i.e., HTTP, HTTPS, SMTP, FTP, etc.)?
N-24 Technical Does the system have capability for clustering, high availability, etc.? Describe.
N-25 Technical List any dependencies on software or hardware that is at end of life or end of sale.
N-26 Technical Identify hardware requirements for PCs/laptops/tablets that will be using this software.
N-27 Technical Indentify workstation operation system requirements.
N-28 Technical Identify all required peripheral devices and their connection type (e.g., network printers, USB scanners, etc.)
N-29 Technical If file transfers are required (inbound or outbound), describe the file types and the related technologies (e.g. SFTP, etc.).
N-30 Technical If proposing Hosted or SaaS software components: Identify all supported browsers and browser versions.
N-31 Technical If proposing Hosted or SaaS software components: Identify the proposed hosting vendor, storage tier, and physical storage locations.
N-32 Technical If proposing Hosted or SaaS software components: Identify the backup strategy, including data encryption strategy, for backup data.
N-33 Technical If proposing Hosted or SaaS software components: Describe the customer entitlements to hosted data (e.g., how frequently can Weld get copies of the data, etc.)
N-34 Functional Data Migration: This proposal must include a comprehensive plan and cost regarding data migration. Please submit appropriate questions by the stated deadline to fully understand current data structures as they may apply to the proposed environment.

Additional Documents

B2600076 HR-3449 RFP for Retirement Plan Tracking Software
Additional Documents Requested Vendor:
Vendor Instructions: Attach requested document to your RFP proposal.
Req # Category Document Document Description Document Provided? If Document is not provided in RFP proposal, explain why not.
A-01 Vendor Qualifications Letter of Authorization For Resellers Only, provide a Letter of Authorization for proposed product.
A-02 Vendor Qualifications Brief Company Synopsis Provide a brief synopsis of your company (size, structure, capabilities, and financial condition). At a minimum, briefly describe the company history, ownership and primary industries served. Provide details of any material changes (e.g. ownership, structure, acquisitions, etc.) in the last calendar year.
A-03 Vendor Qualifications Vendor's Experience Highlight vendor's experience and expertise with deploying HR-3449 RFP for Retirement Plan Tracking Software
A-04 Vendor Qualifications Current Clients Provide information on vendor's current clients, including the total number of current clients they have provided HR-3449 RFP for Retirement Plan Tracking Software or substantially similar solutions
A-05 Vendor Qualifications References List four (4) current references. References should be: - State or local government agencies - Projects similar in size, application, and scope - Projects completed within the past 24 months Include a contact name, position, email address, and current phone number for each reference along with a summary and timeframe for implementation.
A-06 Functional County Responsibilities Identify all services and excluded costs to be borne by Weld County.
A-07 Other Vendor Contract Provide vendor's standard contract template.
A-08 Vendor Qualifications ADA Compliance with Federal Sections 508 and 255; Colorado HB21-2110 Provide a statement of acknowledgment or completion of a Voluntary Product Accessibility Template (VPAT) indicating compliance at WCAG 2.1 Level A and Level AA standards.
A-09 Vendor Qualifications Litigation Notification List details of any litigation the vendor or any of its subsidiaries or affiliates has had in the past three (3) years, as well as any that are currently in litigation.
A-10 Vendor Qualifications Vendor Additional Info Provide any additional information that will aid in evaluation of the Contractor’s qualifications with respect to this project. Include any relevant vendor-supplied specifications and data sheets.
A-11 Vendor Qualifications Project Plan Provide a proposed project plan for implementation of new solution. The project plan should detail all tasks with associated timelines and milestones. The project plan should demonstrate vendor's understanding of project requirements and deliverables, hardware server requirements, technical approach to project, resources, work plan and project controls, deployment plan, and payment milestones.
A-12 Vendor Qualifications IT Training Plan Detail your training plan for the IT project team. The training plan should include system administration, supporting, and using the system. Identify training materials that will be available to IT.
A-13 Vendor Qualifications End-user Training Plan Propose a detailed training plan that you recommend for end-users, and department administrators. Identify training materials that will be available to these end-users and department administrators.
A-14 Technical Application Diagram Provide a diagram of the applications network communications that includes servers, web, ports, etc. Indicate in this diagram if any parts of the application need to be publicly accessible and reside in the DMZ.
A-15 Functional Standard Reports Provide a list of all standard reports that the proposed solution can generate
A-16 Security SOC 2 Report Provide a current SOC 2 (System and Organization Controls 2) report.
A-17 Security Pentest Report Provide the most recent penetration test (pentest) results for the proposed solution.