APPENDIX A - RFB RESPONSE IDENTIFICATION FORM
Date: ______
Name of Contractor: ______
Title of Principle Officer: ______
The undersigned certifies, under penalties of Perjury that this bid is in all respects bona fide, fair and made without collusion or fraud with any other person. As used in this section, the word “person” shall mean any natural person, joint venture, partnership, corporation or other business or legal entity and further the undersigned agrees to comply with the terms, conditions, requirements and other specifications as described in the RFP.
Signature: ______
Type / Print: ______
Title: ______
Mailing Address: ______
______
______
Telephone: ______
Fax: ______
Person to Contact Regarding this Bid: ______
Email Address: ______
4.3.12 Indicate that License Agreement Attached______
4.5.5 Indicate that Proof of PCI Compliance Attached______
4.6.6 Indicate that Warranty Terms, Maintenance Agreement and
Disaster Recovery (if separate) Attached ______
4.15.5 Indicate that Sample Reports Attached______
SECTION 4 - BID RESPONSE
Bidders will complete the RFB Response Identification Form found in Appendix A and use this as the first page of their response. Each item must then be responded to in the order in which it appears below. The costs associated with the proposal response are segregated in Appendix B to E and Appendix L. Appendix B is for hardware component costs. Appendix C is for software component costs. Appendix D is for other costs. Appendix E is for support, maintenance, disaster recovery costs. Appendix K is for any revenues to the University. Appendix L is for your transition plan and costs. Appendix M is for your contributions to the transition.
4.1 BRIEF SUMMARY - Provide a brief summary of your proposal that outlines your system, your services, and the highlights of the transition plan.
4.2 THE UCARD
Current Implementation:
· The UCard is the official UMass Amherst campus identification card. The UCard is also the “one card” on campus. It provides access to a number of campus services via barcode, magnetic stripe, and iClass contactless technologies.
· The current UCard is an HID University 1000 iClass contactless smart card. It is a composite (60% PVC / 40% Polyester) card with an iClass 2K bit chip and a Hi-Co (2750oe) magnetic stripe. Previous UCards only have the magnetic stripe, no iClass.
· The campus within the last year re-carded over half of the student population and some of the employee population, providing them with the new dual iClass-magnetic stripe UCard. The remainder continue use the older, magnetic stripe only UCards.
Required Information:
4.2.1 How does your system support barcode, magnetic stripe, and iClass technologies?
4.2.2 Indicate how your system is compatible with iClass and magnetic stripe technologies and what UCard services each technology is compatible with.
4.2.3 As the University does not anticipate additional re-carding or card price increases as part of this project, if your system requires the University to re-card, how would you accomplish this at no cost to the University?
4.3 UCARD SYSTEM SERVERS
Current Implementation:
· The UCard system employs the Blackboard UNIX Transaction System version v9.4 to manage non-door access privileges. UMass has an unlimited user license and supports over 50,000 active cardholders, 38 privileges, 315 locations, and 600 devices.
· The Blackboard card software, BlackBoard Transaction System –Unix (BTS-U), utilizes a flat-file, proprietary RAMA database. When individuals have different campus roles (e.g. if an individual is both an employee and a student, they are assigned two separate records in BTS-U).
· The BTS-U system has extremely limited effective dating capabilities, making it difficult sometimes to produce certain reports or assign/removed privileges
· The core software resides on a HPUX B.11.23.U 9000/800 application (AP) which is a Hewlett Packard RP2470 RISC Server and a proprietary BlackBoard network processing (NP) server on a Pentium 3 computer. These servers are housed in a centralized IT location on campus, and are not virtualized.
· Data from the Blackboard AP server is currently backed up daily to tape. The UCard Office is working with UMass Office of Information Technology (OIT) to migrate the backup process from tape to disk.
Required Information:
4.3.1 HARDWARE COMPONENTS OF ONE CARD SYSTEM
List all hardware components related to the server in the following chart and complete the columns. Include components needed to provide robust backup /restoration functionality. Add rows as needed. Copy the product list to Appendix B, Hardware Components and complete cost and other information requested.
Hardware Product Description / Specifications / Purchase Methods / Can server be virtualized?Proprietary / Purchased only through you / Purchased via any vendor
4.3.2 SOFTWARE COMPONENTS OF ONE CARD SYSTEM In Appendix C: Software Components, list the software components related to the server that comprise your one card system and complete cost and other information requested. Include components needed to provide robust backup /restoration functionality.
4.3.3 Indicate whether or not your system can back-up to a shared disk array.
4.3.4 What is the database behind your product? Is it ODBC compliant? How does your system handle individuals with multiple roles, each of which has a different set of privileges associated with them?
4.3.5 Can your system utilize a shared instance of Microsoft Sql as the database? If so, what are the recommended performance specifications?
4.3.6 Indicate software technologies and protocols that your system depends on such as operating systems, (Windows 2008R2, Unix ) frameworks, (.Net, J2EE) Web servers (apache, IIS).
4.3.7 Indicate process and who’s responsible to keep software current with latest security patches and fixes.
4.3.8 Indicate what security controls the system utilizes such as software firewall, host intrusion protection, ability to run as least privileged user etc.
4.3.9 Indicate security controls you expect the University to maintain, if any, such as hardware firewall, host intrusion detection, scada network, vlan etc.
4.3.10 What effective dating capabilities does your system possess?
4.3.11 How is your licensing cost determined (i.e. FTE, active cards, total card count, flat rate or other factor)?
4.3.12 Attach a copy of your license agreement. Unacceptable terms may be cause for rejection of the bid.
4.4 CARD PRODUCTION
Current Implementation:
· In 2010, the UCard Office purchased four mobile card production stations with digital cameras, Datacard SP75+ card printers, and hp laptops running IDWorks 6.x card production software.
· These laptops also use a customized Datacard driver and specialized Blackboard programming to allow the card printers to, in a single pass process, read the ISO/card number off the iClass chip, encode that ISO number onto the magnetic stripe, and then update the Blackboard cardholder record.
· The UCard Office produces approximately 12,000-13,000 UCards per year. Additionally the UCard Office produces approximately 2,800 badges per year.
Required Information:
4.4.1 Describe how your system integrates with Datacard hardware and software.
4.4.2 Are data card integrations covered under Maintenance /License agreements? If not, how are they covered?
4.4.3 How you would provide the same card production functionality described in the second bullet point above? Include any costs in Appendix D: Other Costs to ensure that the UCard Office can still print and encode UCards in an automated, one pass process.
4.5 CARDHOLDER CUSTOMER SERVICES
Current Implementation:
· The UCard Office provides a number of cardholder services to our customers:
o Sale and issuance of new and replacement UCards
o Opening debit accounts
§ Student and Employee UCard debit accounts are opened by the UCard Office at the cardholder’s request. Cardholders either fill out debit account applications at the UCard Office, or submit an online application via the UCard web site. Cardholders under 18 years of age must have a parent’s or guardian’s signature.
§ Guest Card debit accounts are opened by the UCard Office prior to stocking the kiosks with Guest cards.
§ Departmental Copy and Print Card debit accounts are opened by the UCard Office at the request of the department.
§ Conference Services Card debit accounts are opened by the UCard Office at the request of Conference Services
o Closing debit accounts
§ Student and Employee UCard debit accounts are closed by the UCard Office at the cardholder’s request or automatically when they leave the University
§ Guest Card debit accounts are closed by the UCard Office if they have not been used in several years
§ Departmental Copy and Print Card debit accounts are closed by the UCard Office at the request of the department.
§ Conference Services Card debit accounts are closed by the UCard Office at the end of the specified conference duration
o Manual processing of cash and check deposits
o Email, phone, and personal support for all cardholder, parent, and merchant questions relating to the UCard and UCard-related services, including debit accounts
· The UCard Office also licenses JSA StudentLink to provide a number of online cardholder services:
o StudentLink is hosted and managed by JSA.
o Web hosting site including news/notifications, FAQs, mail-to forms, and other general information about the UCard Office, the UCard, and UCard-related services. This website content is customizable and managed by the UCard Office.
o An automated method for making credit card deposits directly and instantaneously to UCard debit accounts.
o A password protected area where cardholders can check their balances, look at transaction histories, set up notifications, and change their passwords.
o A feedback/trouble reporting system
Required Information:
4.5.1 What types of customer service would you provide to UCard staff, merchants, cardholders, and parents?
4.5.2 What services would you provide in terms of opening and closing debit accounts?
4.5.3 Does your product include a web-based cardholder service application? If so, would the application be hosted by UMass or by your company?
4.5.4 The following questions relate to your web services:
a. What set of web services do you provide the cardholder? Which services are password protected?
b. What set of web services do you provide the card office? Is there an opportunity to host and manage the UCard web site using this product?
c. What set of web services do you provide merchants? Can merchants set up online stores using this application? What types of payments can be accepted online – credit card, debit card, campus card, etc.?
d. Can the web site be configured to allow customers to purchase meal plans online?
e. If the web application is not included with the normal purchasing/licensing costs, include any additional costs associated with this application in Appendix D: Other Costs.
4.5.5 Provide proof of Payment Card Industry Compliance
4.6 SUPPORT, MAINTENANCE, WARRANTIES, AND DISASTER RECOVERY
Current Implementation:
· Blackboard UNIX Transaction software updates are bundled as part of the annual Blackboard software license fees. UNIX updates are provided as part of a separate HP maintenance agreement.
· The Hewlett Packard RP2470 RISC Server hardware maintenance is provided as part of a separate HP maintenance agreement. The BlackBoard network processing (NP) server on a Pentium 3 computer hardware maintenance is purchased from Blackboard on an annual basis.
· Telephone and remote support for Blackboard equipment is provided by Blackboard as part of the annual Blackboard software license fees. Additional support can purchased at an hourly rate.
· Telephone and remote support for the Hewlett Packard equipment is provided by Hewlett Packard as part of an annual Hewlett Packard Service Agreement.
· Newly purchased Blackboard readers come with a 1-year warranty after which some level of hardware maintenance must be purchased on an annual basis. Because UMass originally purchased its one card system from AT&T prior to Blackboard purchasing the product, the option to forgo annual hardware maintenance in lieu of paying for repairs as they occur is also available to UMass.
· Disaster recovery support is purchased from Blackboard and Hewlett Packard on an annual basis.
Required Information:
4.6.1 What type(s) of support (phone, email, etc.) do you provide with the purchase/licensing of your product? What are your response and resolution times?
4.6.2 What base level of software support do you provide with the purchase/licensing of your product? If you have additional levels of software support, please describe them here. Indicate any additional costs associated with these enhanced software support plans in Appendix E, Support, Maintenance, and Disaster Recovery
4.6.3 What base level of hardware support do you provide with the purchase/licensing of your product? If you have additional levels of hardware support, please describe them here. Indicate any additional costs associated with these enhanced hardware support plans in Appendix E,, Support, Maintenance, and Disaster Recovery
4.6.4 Describe your disaster recovery solutions. If these are not provided with the purchase/licensing of your product, what the cost would be to UMass in Appendix E,, Support, Maintenance, and Disaster Recovery
4.6.5 What sort of warranty is provided for readers and other hardware purchased from you? What maintenance options are available after the warranty expires? Is maintenance optional or required? If optional, indicate your hourly bench rates for repairs here:$_____.
4.6.6 Attach a copy of your warranty terms and maintenance agreement. If disaster recovery is in a separate agreement, include that as well. Unacceptable terms may be cause for rejection of the bid.
4.7 UCARD NETWORK
Current Implementation:
· The initial Blackboard implementation required that all readers/devices be wired using special circuit wiring with RS485 Comm Converters and short haul modems. As Blackboard upgraded their hardware to become TCP/IP compatible, the campus replaced some of the traditional network connections with Ethernet jacks and proprietary Blackboard ip converters. However most UCard network connections remain non-TCP/IP.
· For improved security TCP/IP UCard devices are segregated on a virtual UMass (SCADA) network.
· A small number of merchants also connect to the UCard system over analog phone lines using VeriFone Tranz330 and Tranz380x2 Modem Dial-Up Terminals (MDTs)
Required Information:
4.7.1 Describe what type of network connectivity is necessary to run your system. Include any wireless options.
4.7.2 Can your system run on a SCADA network that utilizes multiple discrete IP subnets. List any issues or concerns you have regarding this network configuration.