ATTACHMENT 3

Vendor-Hosted Solution Questions

WMS Vendor-Hosted (Cloud Provider) Solution Questions

If a vendor-hosted option is being offered, provide a detailed response to the items listed below regarding the hosting environment for the proposed solution.

Maintenance:

  1. Describe the maintenance included and how it differs from a NDUS hosted solution?

  1. How are the system’s enhancements prioritized?

  1. Describe the upgrade cycle?

  1. Will NDUS be required to upgrade to the latest version when released?

Reliability and Availability:

  1. How does the hosted solution provide for disaster recovery?

  1. Describe your backup process. Discuss the frequency of backups, is the backup media stored in another location (offsite)?

  1. What redundancy features are available?

  1. How will NDUS be notified of scheduled outages?

  1. Is the hosting solution distributed geographically?

  1. Are all hosting locations within the United States? What is the physical location of each datacenter, and if hosted by a third party, also list the name of the hosting party?

  1. Describe high availability service levels offered.

Network Capability and Availability:

  1. Describe the backbone connectivity of datacenter(s) to broadband provider(s). Is there physical circuit diversity with respect to how circuits enter the datacenter(s)?

  1. What are the speeds of circuits entering the datacenter(s)?

  1. What measures are in place to mitigate single points of failure in your network connection(s) to broadband providers?

  1. Do you have metrics about network latency of your solution? If so, what are they?

Performance, Capacity and Scalability:

  1. Describe the scalability of the solution.

  1. What kind of load balancing options is available in and/or between the datacenter(s)?

  1. What load/performance testing products are used?

  1. Does the solution provide a means for performance monitoring by NDUS?

Security/Access Control:

  1. Describe the security and auditing and logging capabilities of the hosting environment.

  1. How does the solution provide for Single Sign-On (SSO)?

  1. Describe how data contained in the hosting environment is secured. Capability to encrypt data at rest? Capability to encrypt data during transport?

  1. Are any products used to test the security of the datacenter?

  1. Will NDUS be able to run application security scanning software against the hosted solution?

  1. Describe the physical security policy and access control in place in the datacenter. Will NDUS be provided access to the vendor datacenter?

  1. Does this application need to share data with other NDUS systems?

  1. What methods does the system support for securely sharing data with NDUS systems? Describe the secured transmission capability between the datacenter and NDUS.

  1. Have you conducted a SSAE16 audit of your datacenter(s)? Indicate if an SSAE16 audit report is available to the NDUS upon request.

Data Management and Records Management:

  1. Describe the ability and process that it is in place to return NDUS’s data upon contract termination? NDUS readable format? NDUS useable file transfer or media types?

  1. How is the disposal of records, which have satisfied their retention requirements, performed?

  1. How is a discovery request handled for the electronically stored information?

  1. How is a litigation hold process implemented to protect records that cannot be disposed during ongoing litigation?

Page 1 of 4