Technical Requirements a) Technical Requirements • Cloud-based web application hosted by the company providing the service. • Secure web application (SSL) accessible by the latest versions of the most used web browsers (Google Chrome, Mozilla Firefox, Safari, etc.) Security and Compliance • System must be secure and meet all local, state and federal data security standards. • Provide applicable certifications such as SOC2 documentation. • Provide a statement stating whether your company is compliant with FERPA, GLBA, NACH and Red Flag Regulation requirements. • Provide a completed Higher Education Cloud Vendor Assessment Tool (HECVAT) (lite version available at: https://www.ren-isac.net/public-resources/hecvat.html). • Provide product interfaces that are compliant with WCAG 2.0 AA and provide VPAT if available. • Does the system support two-factor authentication? If so, describe solution options. • Does your system support single sign-on (CAS, Shibboleth, or SAML)? Users b) Users • There should be no restrictions on the number of users. • User permissions and accesses to various system functions should be role based with users allowed in multiple roles. Role-based permissions govern each user’s rights to add, edit, and view information within the system. There should be capability to accommodate tiered access based on roles.
