Automated Driver License Testing - RFP Functional …...Functional Design Phase Business...

FINAL

Automated Driver License Testing - RFP

Functional Design Phase Business Requirements Document

12.30.2016

Version 1.1

Automated Driver License Testing - RFP NH Department of Safety


Office of Information Technology, Agency Software Division – Department of Safety 2

TABLE OF CONTENTS

1. INTRODUCTION ............................................................................................................................... 3

1.1 BUSINESS OWNERS AND CONTACTS ............................................................................................................... 3 1.2 REVISION HISTORY ......................................................................................................................................... 3 1.3 DEFINITIONS, ACRONYMS AND ABBREVIATIONS ............................................................................................ 4

2. PROJECT OVERVIEW ..................................................................................................................... 5

3. PROJECT SCOPE .............................................................................................................................. 5

4. PROCESS FLOWS ............................................................................................................................. 5

4.1 EXISTING PROCESS WORKFLOW ..................................................................................................................... 5

5. BUSINESS REQUIREMENTS .......................................................................................................... 6

5.1 GENERAL REQUIREMENTS .............................................................................................................................. 6 5.2 HARDWARE AND SOFTWARE PLATFORM ........................................................................................................ 6 5.3 VISION SYSTEM INTEGRATION ..................................................................................................................... 7 5.4 AUTOMATED DRIVER LICENSE TEST .............................................................................................................. 8 5.5 HAND-HELD TESTING DEVICE ...................................................................................................................... 11 5.6 DIRECT ADLT ACCESS ................................................................................................................................ 13 5.7 REPORTING ................................................................................................................................................... 13 5.8 FMCSA COMPLIANCE MANDATES ............................................................................................................... 14 5.9 DATA CAPTURE, CONVERSION AND STORAGE .............................................................................................. 14 5.10 SECURITY REQUIREMENTS ........................................................................................................................... 15 5.11 IMPLEMENTATION ........................................................................................................................................ 17 5.12 TRAINING ..................................................................................................................................................... 17 5.13 RESPONSE TIME ............................................................................................................................................ 17 5.14 SYSTEM SUPPORT ......................................................................................................................................... 18 5.15 VENDOR HOSTING ........................................................................................................................................ 19

6. SYSTEM INTERFACE SPECIFICATIONS ................................................................................. 23

6.1 CUSTOMER INFORMATION ............................................................................................................................ 23 6.2 KNOWLEDGE TEST RESULTS ........................................................................................................................ 24 6.3 SKILLS TEST RESULTS .................................................................................................................................. 24

7. USER ROLE DEFINITION ............................................................................................................. 25

8. ISSUES LOG ...................................................................................................................................... 26




1. INTRODUCTION

1.1 Business Owners and Contacts

Name Email Phone Role Elizabeth Bielecki Elizabeth.Bielecki@dos

.nh.gov Director DMV –Project Sponsor

Arthur Garlow [email protected]

(603)227-4027 Assistant Director DMV

William Joseph [email protected]

(603)227-4222 Deputy Director DMV

Scott Hopkins [email protected]

(603) 230-3019 IT Leader-DOS

Thomas Chagnon [email protected]

(603) 227-4041 IT Manager - DMV

Jeffrey Miller [email protected]

(603)227-4205 Project Manager DMV

Lisa Lienhart [email protected]

(603)227-4002 Business Representative DMV

Jeffrey Oberdank [email protected]

(603)227-4203 Business Representative DMV

Trooper, Russ Bailey

[email protected]

603-475-5831 Driver Education Coordinator

Mark Stewart [email protected]

(603)230-3075 Business Systems Analyst

1.2 Revision History

Date Version # Reason for change(s) Author(s)

12/23/2016 Version 1.0 Draft Version 1.0 Mark Stewart

12/30/2016 Version 1.1 Removed Section 5.13 Testing as this section was moved to the overall RFP in Section G-2.2 Security Testing.

Changed on-call assistance from 8 hours per day to 10 hours per day in Requirements 14.6 and 15.4.7 to match RFP Section H-25.11.2 a. Class A Deficiencies.

Removed Section 6 Narrative Topics as these were moved to the body of the RFP in Appendix D Topics for Mandatory Narrative Responses.

Mark Stewart

3/14/2017 Final Version 1.2 Updated Verbiage Elizabeth Bielecki

FINAL

1.3 Definitions, Acronyms and Abbreviations AAMVA American Association of Motor Vehicle Administrators ADLT Automated Driver License Test CDL Commercial Driver’s License CIS Center for Internet Security COTS Commercial off-the-shelf software application. DMV Department of Motor Vehicles FMCSA Federal Motor Carrier Safety Administration GPS Global Positioning System MSF Motorcycle Safety Foundation NIST National Institute of Standards and Technology NSA National Security Agency OEM Original Equipment Manufacturer VISION State of New Hampshire Driver License and Financial Responsibility System




2. PROJECT OVERVIEW Among its many responsibilities, the Division of Motor Vehicles is directly responsible for identifying, examining, and licensing operators for all types of motor vehicles, both non-commercial and commercial. The objective of this RFP is to acquire a software application that will help improve the efficiency of the motor vehicle testing process and enhance the Commercial Driver Licensing (CDL) process for applicants and Examiners. The ability to monitor road tests as they are being conducted allows management to accurately detect fraud and or areas in need of improvement. For CDL licensing, the expectation is to have Examiners conduct pre-trip inspections, basic skills tests and road tests with the ability to report results as they occur in real time via mobile devices with GPS capability.

3. PROJECT SCOPE The DMV seeks to improve the integrity, security and efficiency of its automated driver license testing system by selecting a vendor to provide a robust testing system which at a minimum includes advanced security features, the ability to audit examiner performance, the ability to interface with the FMCSA mandated CSTIMS and/or Rooster, and the integration of hand-held devices for CDL skills examinations. The hand-held devices must meet state standards as defined in Section 5.5 Hand-Held Testing Device, Requirement 5.4. The CDL Examiners will utilize hand-held portable devices to conduct the following tests;

CDL pre-trip inspections to include a visual and mechanical inspection of the test vehicle utilizing the AAMVA score sheet.

Complete the CDL off-road skills assessment within the testing area utilizing the AAMVA score sheet.

Complete the on-road skills assessment utilizing the AAMVA score sheet. The system will be used at 15 DMV locations, comprising fifty (50) touchscreen testing workstations and fifteen (15) hand-held devices with fifteen (15) charging stations. Proposal should include the option to purchase additional hand-held devices in the future. While the system shall be designed to include knowledge testing for all types of exams including CDL, motorcycle, operator and school bus, only the CDL skills examinations are the required part of this RFP utilizing the hand-held devices. The State may, at its option, extend the use of portable hand-held devices to other skills examinations. Pricing for additional devices to be provided in price sheet attachment. Pricing and proposals for a scheduling system should be included for the State’s consideration.

4. PROCESS FLOWS

4.1 Existing Process Workflow The New Hampshire DMV currently administers knowledge and road tests to license applicants at a central location in Concord and at 14 remote substations throughout the state. The qualifying of applicants is carried out by administering knowledge, off-road and on-road skills examinations in accordance with local, state and federal laws. Knowledge tests are administered at touch screen workstations located at the DMV sites. The current testing system communicates with our IDMS database for the following:




• Applicant identification • Test eligibility • Communicating test results from the test stations to the applicant’s record The current testing system retrieves the applicant identification (name, DOB) from the system of record for the purpose of identifying the eligible individual at the test terminal. The current testing system also passes only the eligible exams to be taken. Applicants only see knowledge exams for the license type he/she have applied for. Upon completion of the applicable knowledge exams, the test terminal passes the test result to the system of record for clerical verification. Note that the current system of record is scheduled to be replaced by the VISION system in early 2017. Therefore this RFP is written indicating that the new ADLT system will need to interface with the new VISION system. Currently CDL on-road skills examinations are performed with a paper test sheet that is prone to errors and potential fraud with the audit capability both low and very cumbersome due to the use of a paper form.

5. BUSINESS REQUIREMENTS Vendors shall complete a checklist based on the following format. Indicate whether the requirement is included in the solution without modification (Y), with modification (M), or not at all (N) and add additional information in the Comments column. If modifications are needed to meet requirements, those modifications must be included in the cost. If the requirement is not included in the proposed system, vendors should propose an alternative or explain the reason for omitting the requirement as a system component/feature.

5.1 General Requirements Vendor

Response

No. Business Requirement Y/M/N (see above)

Comments

1.0 The Vendor shall participate in an initial kick-off meeting to initiate the Project.

1.1 The Vendor shall provide Project Staff as specified in the RFP.

1.2 Vendor shall submit a preliminary Work Plan within ten (10) days after the Effective Date. The Work Plan shall include, without limitation, a detailed description of the Schedule, tasks, Deliverables, critical events, task dependencies, and payment Schedule. The plan shall be updated no less than every two weeks.

1.3 The Vendor will provide detailed monthly status reports on the progress of the Project.

5.2 Hardware and Software Platform Vendor

Response


Comments

2.1 Knowledge testing system, to include 50 touchscreen testing




workstations, deployed statewide.

2.2 Hand-held devices for skills and road testing to include 15 handheld devices, deployed statewide.

2.3 Hand-held device to include 15 charging stations.

2.4 New Hampshire data must be segregated on the database from other vendor clients for vendor hosted alternative.

2.5 For vendor owned hardware proposal, all hardware and servers must have a maintenance agreement with the OEM for the length of the contract.

2.6 Integrate with Active Directory to authenticate all users with Active Directory authentication before allowing system access.

2.7 Database must be Microsoft SQL server 2014 or greater relational database.

Windows servers must run Windows 2012 R2 or higher

2.8 Automated test stations must be Windows 10 or higher.

2.9 Automated test stations must have a tilting touch screen.

2.10 The ADLT system must have audio capabilities on all testing workstations to include reading each question and answer to applicants in English, Spanish, and French. Language selection to be assigned by customer service representative

2.11 Operating systems and/or devices must be kept up to the latest version including virus protection.

5.3 VISION System Integration Vendor

Response


Comments

3.0 Is the proposed ADLT solution capable of interfacing with the State’s system of record as described the RFP?

3.1 Is the proposed ADLT solution capable of receiving test requests from the State’s system of record in real time?

3.2 The ADLT system must utilize single sign on through Department of Safety active directory.

3.3 The ADLT functions/roles should be mapped to the roles identified in the system of record.

3.4 Does the ADLT system have the ability to receive requests from the system of record for one or many test task orders? The test task order will consist of the following information, at minimum:

Test request ID {12345678910111213}

Customer ID

Customer full name




Customer date of birth

Customer photo (taken by system of record)

3.5 Does the ADLT system have the ability to respond with a web service message to the system of record with the following information, at minimum:

Test request ID

Customer ID

Date the test was taken

Test result (pass or fail)

Numerical test scores

3.6 Does the ADLT system have the ability to match existing customers by system of record Customer Identifier.

3.7 Can all test task orders received from the system of record, scheduled or already taken be reachable from the system of record through a web interface using the test request ID which was sent as part of the test task order?

3.8 Within the launched ADLT system the DMV clerk must be able to view open testing stations.

3.9 Within the launched ADLT system the DMV clerk must be able to assign the customer in context to the selected open testing station.

3.10 Once the DMV clerk has assigned a testing station to the customer, the customer must be able to log into the assigned testing station.

5.4 Automated Driver License Test Vendor

Response

Business Requirement Y/M/N (see above)

Comments

4.0 The ADLT system must support the following knowledge tests: Commercial Driver License Motorcycle Motorcycle Permit Operator;

o Operator Youth (16 – 65 years of age) o Operator Senior (65+ years of age) o Re-examination

School Bus Certificate Driver Education Instructor

4.1 The ADLT system must include the FMCSA approved AAMVA provided, commercial license testing suite in its entirety and must be updated with any changes, to include




adding, removing and clarifying questions as mandated by AAMVA and FMCSA in a timely fashion. All CDL test must use test bank questions as defined by regulation for CDL, 2005 model 14 spec or latest version from AAMVA.

4.2 The ADLT system must include the MSF testing suite in its entirety and must be updated with any changes to include adding, removing and clarifying questions as mandated by MSF in a timely manner to include all motorcycle test types.

4.3 The ADLT system must include a vendor provided testing suite including comprehensive question banks related to operator tests for use in New Hampshire knowledge test question banks.

4.4 State provided test banks must be incorporated into the ADLT system testing suites.

4.5 Knowledge tests shall be structured as follows: Commercial Driver License - as specified by

FMSCA/AAMVA standards Motorcycle – as specified by MSF standards Motorcycle Permit – as specified by MSF Operator:

o Operator Youth (16 – 65 years of age) – 40 question test with a minimum 200 question bank

o Operator Senior (65+ years of age) - 25 question test with a minimum 200 question bank

o Re-examination - 25 question test with a minimum 200 question bank

School Bus Certificate – 25 question test with a minimum 75 question bank

Driver Education Instructor – 100 question test with a minimum 200 question bank

4.6 The ADLT system must allow the Administrator to modify the test banks by selecting questions from vendor and state provided testing questions.

4.7 ADLT system shall stop the test as soon as the customer has satisfied either the pass or fail criteria for the test to ensure timely testing for all qualified applicants. (i.e. number of correct answers to pass or number of incorrect answers to fail)

4.8 The ADLT system shall provide the ability to set time limits on each knowledge examination type.

4.9 The ADLT system must provide the ability to change, modify, delete or add additional questions to the state specific question banks, to include voice over capabilities.

4.10 The ADLT system shall use high quality graphics or digital photographs to depict actual roadway conditions, signage, etc. and shall appear simultaneously on-screen with the associated test question.

4.11 The ADLT system test banks must be provided in English, Spanish and French at minimum with the ability to add




additional questions /languages at the State’s option

4.12 State specific questions should be included in test banks in English, Spanish and French with the ability to add additional questions at the State’s option.

4.13 The ADLT system shall have the ability to attach multi-language video clips to the questions.

4.14 The ADLT system must have sign language for all tests types to include the display each question and all answers to applicants in sign language.

4.15 The ADLT system must have audible capabilities on all testing workstations to include reading each question and answer to applicants in English, Spanish, and French. Language selection to be assigned by customer service representative. The system must use a secure listening device to ensure privacy.

4.16 The listening device shall have a control that will enable the applicant to adjust the volume as desired.

4.17 The ADLT system shall provide an integrated audio recording tool that will enable DMV staff to record questions and answers for distribution across the system to test workstations.

4.18 The ADLT system shall provide the ability for DMV staff to monitor testing progress remotely. (Role based permission)

4.19 The ADLT system must be able to print paper copies of the test, answer sheet, and answer key (for the examiner) that shall include the associated image or graphic for each question. The printout must be on 8½” x 11” paper.

4.20 Does your system have the ability to function during periods of loss connectivity to the database to include touchscreen test stations and hand-held portable devices?

4.21 The ADLT system shall provide the ability to reestablish connectivity after the outage has been resolved and the system of record is available and provide for uninterrupted transfer of exam results i.e. tests in progress.

4.22 The ADLT system must provide ability to randomize exams and the test questions assigned to tests.

4.23 The ADLT system must generate all tests using algorithms/methods that will assure that unique tests are administered to each applicant and further that each test shall cover all areas of knowledge as required by the DMV and the FMCSA as applicable. The algorithms/methods used to generate the tests shall also assure that the degree of difficulty will remain uniform across the spectrum of tests generated.

4.24 The ADLT system must provide the ability to flag certain test questions within the test bank to appear in every test.

4.25

The ADLT system must allow multiple tests types to be assigned to a candidate at one time for candidates qualified to take more than a single test.




4.26 The ADLT system must provide full audit tracking detail of each user’s actions taken.

5.5 Hand-Held Testing Device Vendor

Response


Comments

5.0 The ADLT system must include a minimum of ten inch screen size portable, hand-held device to support testing for the CDL Pre-trip Vehicle Inspection, CDL Basic Control Skills, and CDL Road Test.

5.1 The hand-held device system must provide the ability to receive customer data from the VISION system for test assignment including:

Customer Identifier License Status Customer Photo First, Last Name Date of Birth

5.2 Hand-held devices must meet the state standards defined belowin requirements 5.4.1 through 5.4.8:

5.3 Mobile devices must have provisions for an Air Card to provide wireless and/or cellular connectivity through VPN.

5.4 Must have a provision to connect directly to the state network.

5.4.1 Must include GPS capability.

5.4.2 Must be outdoor readable.

5.4.3 Must meet military specifications.

5.5 The hand-held devices must provide the ability to establish predetermined times for pre-trip skills and road tests, established by the state.

5.6 For all test types indicated in 5.1, hand-held devices must allow Examiners to score individual test items on the skills test while in progress and automatically display the total score at the end of the test. This functionality must be available in offline mode or while connected to the network.

5.7 Hand-held device must use sign-on credentials and active directory using role based entitlements in VISION for the below roles: Administrators Examiners View Only

See Section 8 User Role Definition for user role permissions.

5.8 Hand-held devices can be used at any DMV location and shall be transferable between locations and staff.

5.9 Hand-held devices must have a consistent user interface and consistent testing process for the various test types and user roles.




5.10 Hand-held devices must support the ability to load predetermined test driving routes by location.

5.11 Hand-held devices must provide a function for staff to change or modify the road test route to another predetermined route based on traffic, road construction, and other unforeseen conditions.

5.12 The hand-held device must provide the ability to match the applicant to the assigned test by displaying the applicant’s photo, First Name, Last Name, Date of Birth and Customer Identification Number for examiners.

5.13 The hand-held device must utilize GPS tracking with the use of a GPS receiver embedded within the device to record and log the coordinates of the driven skills test. Must allow CDL Examiners and managers to review and verify the appropriate route.

5.14 The GPS tracking information including the test route must be part of the stored test record with in the ADLT system.

5.15 In the event that GPS tracking signal is lost during a test the loss of signal must be noted as part of the stored test result.

5.16 The ADLT system may provide an option for managers or administrators to remotely monitor road tests in progress through GPS functionality.

5.17 The hand-held device must be able to communicate remotely with the ADLT system by secure wireless and/or cellular connectivity to a fixed testing facility as necessary. Must also have a provision to connect directly to the state network.

5.18 The hand-held device must be able to transmit test results and GPS route information to the ADLT system in real time.

5.19 The ADLT system must generate a report that shows when GPS tracking was overridden to ensure validity of road testing.

5.20 The test results must also be stored in the hand-held device for later download in the event wireless and/or cellular connectivity is not available.

5.21 The hand-held device must store the below test record information to be transmitted to the ADLT system until it is transferred either real time or downloaded (in the event wireless and/or cellular connectivity is not available): Overall score Pass/Fail indication Customer Identification Number from VISION Customer First Name Customer Last Name Customer Date of Birth Customer photo GPS test route Photos taken vis camera in hand-held device Date and time of test Examiner name




5.22 The hand-held device system must provide full audit tracking detail of each user’s actions taken.

5.6 Direct ADLT Access Vendor

Response


Comments

6.0 DMV users need direct access to the ADLT system with roles based entitlements via single sign-on utilizing active directory. Role based entitlements in VISION must pass through to ADLT for:

Clerks

Managers

Administrators

Examiners

View Only See Section 8 User Role Definition for user role permissions.

6.1 The ADLT system must provide the ability to change, modify, delete or add additional questions to the state specific question banks, to include voice over capabilities.

6.2 The ADLT system must provide the ability to monitor knowledge testing and skill testing in progress from remote locations. (Role based permission)

6.3 DMV users must have access to verify Examiner test schedules and test lengths.

5.7 Reporting Vendor

Response


Comments

7.0 The ADLT system must provide the ability to run standard reports and perform custom queries to generate ad hoc reports.

7.1 The ADLT system must track and report testing statistics for both knowledge and skills tests by DMV location, staff, examiner and geographic area. Reports must include but are not limited to: Numbers of exams taken by test type Numbers of pass/fails per examination, by applicant, by

location, by test type, by examiner Questions queried by pass/fail rate to determine the level

of difficulty Number of examinations and types of examination

assigned by examiners




State would also be open to other query types that accompany an existing system.

7.2 The ADLT system must track and report Examiners test routes to ensure road test reliability and validity.

7.3 The ADLT system must track and report accurate statistical information for knowledge and skills test criteria, to include but not limited to, questions and grading given by examiner.

7.4 The ADLT scheduling system must have the ability to pass scheduled appointments for knowledge and skills tests to VISION for use in a daily report. Information must include:

Customer Identifier Test(s) scheduled Date of test Time of test

7.5 The ADLT system must generate a report that shows when GPS tracking was overridden to ensure validity of road testing.

5.8 FMCSA Compliance Mandates Vendor

Response


Comments

8.0 The ADLT must provide the ability to track scores and share information with other jurisdictions via CSTIMS in accordance with FMCSA mandates.

8.1 The ADLT system must ensure test question randomization for all knowledge exams.

8.2 The ADLT system must ensure test randomization for all skills examinations.

8.3 The ADLT system must ensure AAMVA compliant test forms mandated by AAMVA are used at all times.

8.4 The ADLT system must allow for randomization of pre-trip test forms.

8.5 The vendor must ensure that test questions and question banks are updated with any changes, to include adding, removing and clarifying questions as mandated by AAMVA and FMCSA in a timely fashion.

5.9 Data Capture, Conversion and Storage Vendor

Response


Comments

9.0 A detailed test score must be stored in the ADLT system. The record must include:

Test taken Questions included in test Answers given by customer




Indication of correct or incorrect answer Overall score Pass/Fail indication Customer Identification Number from VISION Customer First Name Customer Last Name Customer Date of Birth Customer photo GPS tracking information Photos taken vis camera in hand-held device Date and time of test Test station Examiner name DMV Clerk Testing workstation used Location (DMV office)

9.1 All information identified in 9.0 above shall be stored indefinitely.

9.2 Historical data from the existing ADLT system, stored on a SQL server, must be converted to the new system. The state requires the chosen vendor to convert all applicant test history for the following data points:

Applicant name Applicant DOB Test types taken Test results (pass/fail) Date of Test Customer ID Number

5.10 Security Requirements Vendor

Response


Comments

10.0 DMV users need direct access to the ADLT system with roles based entitlements via single sign-on through active directory.Role based entitlements in VISION must pass through to ADLT for:

Clerks

Managers

Administrators

Examiners

View Only See Section 8 User Role Definition for user role permissions.

10.1 The state must be able to add its standard data encryption (McAfee Endpoint) to all hand-held deviceed devices.




10.2 The system must utilize SSL Certificates, verifiable by 3rd party, of 2048bit or higher encryption protocols for all data transfers.

10.3 The ADLT must authenticate all of its users with Active Directory before allowing them to use its capabilities to prevent access to inappropriate or confidential data or services. The ADLT must be able to reference Active Directory Groups.

10.4 The ADLT system must support user accounts and passwords that meet DoIT’s statewide User Account and Password Policy as defined below in requirements 10.4.1 through 10.4.10:

10.4.1 Minimum password length is ten characters.

10.4.2 Passwords must contain three of the following four: Uppercase character(s) Lowercase character(s) Number(s) Non-alphabetic special character(s) such as @, &, %,!

10.4.3 Passwords must not contain parts of the user name.

10.4.4 Encrypt passwords in transmission and at rest within the database.

10.4.5 Maximum password age is 90 days. Minimum password age is 1 day.

10.4.6 Enforce password history, previous 5 passwords cannot be repeated.

10.4.7 Account lockout threshold is 4 invalid attempts.

10.4.8 Reset Account Lockout counter after 60 minutes.

10.4.9 Account lockout duration is 60 minutes.

10.5 Ability to limit the number of people that can grant or change authorizations at the user and database levels.

10.6 Ability to enforce application session timeouts during periods of inactivity.

10.7 Ensure application has been tested and hardened to prevent critical application security flaws. At a minimum, the application shall be tested against all flaws outlined in the Open Web Application Security Project (OWASP) Top Ten (http://www.owasp.org/index.php/OWASP_Top_Ten_Project)

10.8 ADLT system and hand-held devices must provide full audit trail tracking to include logging all attempted accesses that fail identification, authentication and authorization requirements, at minimum logs must be kept for 24 months.

10.9 Application data and communications with other systems must be encrypted to protect from unauthorized individuals and programs.




10.10 Subsequent application enhancements or upgrades to the system shall not impact configuration settings or previously provided system enhancements.

10.11 Subsequent application enhancements or upgrades to the system shall not remove or degrade security requirements.

5.11 Implementation Vendor

Response


Comments

11.0 Vendor must create a detailed plan for application rollout to insure a minimum amount of operational interruption.

11.1 Vendor must ensure that implementation plan timeline meets hard deadline of January 31, 2018 to complete implementation.

11.2 Vendor must ensure that all test taking devices and hand-held devices have software loaded prior to application roll out.

5.12 Training Vendor

Response


Comments

12.0 The vendor’s proposal shall include a full description of all training materials and methods that they will use to train DMV staff.

12.1 A detailed training plan including in person training and training materials must be provided to and approved by DMV staff prior to commencement of training.

12.2 Training material must be provided to DMV to be kept onsite for training of additional staff in the future.

12.3 Provide documentation and procedures describing how administrators can grant or change authorizations in the ADLT system, including detailed user manuals for each role and system function.

5.13 Response Time Vendor

Response


Comments

13.0 In normal network operating conditions, all user interfaces on testing stations and DMV workstations must have a response time of no more than 3 seconds for user interactions.




5.14 System Support Vendor

Response


Comments

14.1 Vendor must have support for software from 7 am to 5 pm EST, Monday through Friday, with the exceptions of predetermined holidays.

14.2 Vendor must offer after hours software support.

14.3 Servers, test workstations and hand-held devices must be operational during business hours in accordance with industry standards, to include 4-hour or less response to service.

14.4 Vendor must have change control procedures to control when application and or database changes are applied.

14.5 The Vendor shall conform to the specific deficiency class as described: Class A Deficiency - Software - Critical, does not allow

System to operate, no work around, demands immediate action; Written Documentation - missing significant portions of information or unintelligible to State; Non Software - Services were inadequate and require re-performance of the Service.

Class B Deficiency - Software - important, does not stop operation and/or there is a work around and user can perform tasks; Written Documentation - portions of information are missing but not enough to make the document unintelligible; Non Software - Services were deficient, require reworking, but do not require re-performance of the Service.

Class C Deficiency - Software - minimal, cosmetic in nature, minimal effect on System, low priority and/or user can use System; Written Documentation - minimal changes required and of minor editing nature; Non Software - Services require only minor reworking and do not require re-performance of the Service.

14.6 As part of the support contract, ongoing support issues shall be responded to according to the following: Class A Deficiencies - The Vendor shall have available

to the State on-call telephone assistance, with issue tracking available to the State, ten (10) hours per day and five (5) days a week with an email / telephone response within two (2) hours of request; or the Vendor shall provide support on-site or with remote diagnostic Services, within four (4) business hours of a request;

b. Class B & C Deficiencies –The State shall notify the Vendor of such Deficiencies during regular business hours and the Vendor shall respond back within four (4) hours of notification of planned corrective action.

The Vendor shall repair or replace Software, and provide maintenance of the Software in accordance with the




Specifications, Terms and Requirements of the Contract.

5.15 Vendor Hosting Vendor

Response


Comments

15.0 With a vendor hosted implementation the vendor must meet the below hosting, recovery, security and service level requirements.

15.1 Vendor Hosting Requirements are detailed below in requirements 15.1.1 through 15.1.9: -

15.1.1 Vendor shall provide an ANSI/TIA-942 Tier 3 Data Center or equivalent. A tier 3 data center requires 1) Multiple independent distribution paths serving the IT equipment, 2) All IT equipment must be dual-powered and fully compatible with the topology of a site's architecture and 3) Concurrently maintainable site infrastructure with expected availability of 99.982%

15.1.2 Vendor shall maintain a secure hosting environment providing all necessary hardware and software to manage the application and support users with permission based logins.

15.1.3 New Hampshire data must be segregated on the database from other vendor clients for vendor hosted alternative.

15.1.4 The Data Center must be physically secured – restricted access to the site to personnel with controls such as biometric, badge, and others security solutions. Policies for granting access must be in place and followed. Access shall only be granted to those with a need to perform tasks in the Data Center.

15.1.5 Vendor shall install and update all server patches, updates, and other utilities within 60 days of release from the manufacturer.

15.1.6 Vendor shall monitor System, security, and application logs.

15.1.7 Vendor shall manage the sharing of data resources.

15.1.8 Vendor shall manage daily backups, off-site data storage, and restore operations.

15.1.9 The Vendor shall monitor physical hardware.

15.1.10 Spare equipment levels will be maintained at a level acceptable to the state and as outlined in the contract.

15.2 Hosting Disaster Recovery Requirements are detailed below in requirements 15.2.1 through 15.2.7 : -

15.2.1 Vendor shall have documented disaster recovery plans that address the recovery of lost State data as well as their own. Systems shall be architected to meet the defined recovery needs.

15.2.2 The disaster recovery plan shall identify appropriate methods




for procuring additional hardware in the event of a component failure. In most instances, systems shall offer a level of redundancy so the loss of a drive or power supply will not be sufficient to terminate services however, these failed components will have to be replaced.

15.2.3 Vendor shall adhere to a defined and documented back-up schedule and procedure.

15.2.4 Back-up copies of data are made for the purpose of facilitating a restore of the data in the event of data loss or System failure.

15.2.5 Scheduled backups of all servers must be completed regularly. The minimum acceptable frequency is differential backup daily, and complete backup weekly.

15.2.6 Tapes or other back-up media tapes must be securely transferred from the site to another secure location to avoid complete data loss with the loss of a facility.

15.2.7 Data recovery – In the event that recovery back to the last backup is not sufficient to recover State Data, the Vendor shall employ the use of database logs in addition to backup media in the restoration of the database(s) to afford a much closer to real-time recovery. To do this, logs must be moved off the volume containing the database with a frequency to match the business needs.

15.3 Hosting Security Requirements are detailed below in requirements 15.3.1 through 15.3.10: -

15.3.1 The Vendor shall employ security measures to ensure that the State’s application and data is protected.

15.3.2 If State data is hosted on multiple servers, data exchanges between and among servers must be encrypted.

15.3.3 All servers and devices must have currently-supported and hardened operating systems, the latest anti-viral, anti-hacker, anti-spam, anti-spyware, and anti-malware utilities. The environment, as a whole, shall have aggressive intrusion-detection and firewall protection.

15.3.4 All components of the infrastructure shall be reviewed and tested to ensure they protect the State’s data assets. Tests shall focus on the technical, administrative and physical security controls that have been designed into the System architecture in order to provide confidentiality, integrity and availability.

15.3.5 The Vendor shall ensure its complete cooperation with the State’s Chief Information Officer in the detection of any security vulnerability of the hosting infrastructure.

15.3.6 The Vendor shall authorize the State to perform scheduled and random security audits, including vulnerability assessments, of the Vendor’ hosting infrastructure and/or the application upon request.

15.3.7 All servers and devices must have event logging enabled. Logs must be protected with access limited to only authorized administrators. Logs shall include System,




Application, Web and Database logs.

15.3.8 Operating Systems (OS) and Databases (DB) shall be built and hardened in accordance with guidelines set forth by CIS, NIST or NSA

15.3.9 The Vendor shall notify the State’s Project Manager of any security breaches within two (2) hours of the time that the Vendor learns of their occurrence.

15.3.10 The Vendor shall be solely liable for costs associated with any breach of State data housed at their location(s) including but not limited to notification and any damages assessed by the courts.

15.4 Hosting Service Level Agreement requirements are detailed below in requirements 15.4.1 through 15.4.13: -

15.4.1 The Vendor’s System support and maintenance shall commence upon the Effective Date and extend through the end of the Contract term, and any extensions thereof.

15.4.2 The vendor shall maintain the hardware and Software in accordance with the specifications, terms, and requirements of the Contract, including providing, upgrades and fixes as required.

15.4.3 The vendor shall repair or replace the hardware or software, or any portion thereof, so that the System operates in accordance with the Specifications, terms, and requirements of the Contract.

15.4.4 All hardware and software components of the Vendor hosting infrastructure shall be fully supported by their respective manufacturers at all times. All critical patches for operating systems, databases, web services, etc., shall be applied within sixty (60) days of release by their respective manufacturers.

15.4.5 The State shall have unlimited access, via phone or Email, to the Vendor technical support staff between the hours of 7:00am to 5:00pm EST - Monday thru Friday.

15.4.6 The Vendor shall conform to the specific deficiency class as described: Class A Deficiency - Software - Critical, does not

allow System to operate, no work around, demands immediate action; Written Documentation - missing significant portions of information or unintelligible to State; Non Software - Services were inadequate and require re-performance of the Service.

Class B Deficiency - Software - important, does not stop operation and/or there is a work around and user can perform tasks; Written Documentation - portions of information are missing but not enough to make the document unintelligible; Non Software - Services were deficient, require reworking, but do not require re-performance of the Service.

Class C Deficiency - Software - minimal, cosmetic in




nature, minimal effect on System, low priority and/or user can use System; Written Documentation - minimal changes required and of minor editing nature; Non Software - Services require only minor reworking and do not require re-performance of the Service.

15.4.7 As part of the maintenance agreement, ongoing support issues shall be responded to according to the following: Class A Deficiencies - The Vendor shall have available

to the State on-call telephone assistance, with issue tracking available to the State, ten (10) hours per day and five (5) days a week with an email / telephone response within two (2) hours of request; or the Vendor shall provide support on-site or with remote diagnostic Services, within four (4) business hours of a request;

b. Class B & C Deficiencies –The State shall notify the Vendor of such Deficiencies during regular business hours and the Vendor shall respond back within four (4) hours of notification of planned corrective action.

The Vendor shall repair or replace Software, and provide maintenance of the Software in accordance with the Specifications, Terms and Requirements of the Contract.

15.4.8 The hosting server for the State shall be available twenty-four (24) hours a day, 7 days a week except for during scheduled maintenance.

15.4.9 A regularly scheduled maintenance window shall be weekly on Sundays at 5:00 am EST at which time all relevant server patches and application upgrades shall be applied.

15.4.10 If The Vendor is unable to meet the uptime requirement, The Vendor shall credit State’s account in an amount based upon the following formula: (Total Contract Item Price/365) x Number of Days Contract Item Not Provided. The State must request this credit in writing.

15.4.11 The Vendor shall use a change management policy for notification and tracking of change requests as well as critical outages.

15.4.12 The Vendor shall maintain a record of the activities related to repair or maintenance activities performed for the State and shall report quarterly on the following: Server up-time; All change requests implemented, including operating system patches; All critical outages reported including actual issue and resolution; Number of deficiencies reported by class with initial response time as well as time to close.

15.4.13 The Vendor will give two-business days prior notification to the State Project Manager of all changes/updates and provide the State with training due to the upgrades and changes.




6. SYSTEM INTERFACE SPECIFICATIONS

6.1 Customer Information Customer information is to be exchanged between the VISION System and the ADLT system as customer “in context” when a user links from VISION to the ADLT system at DMV workstations as well as hand-held devices.

Field Name Table Name Data Type / Precision

Edits and Formats

Description and Use

Users Role Roles (role) String Name should be within the list of roles available in Vision.

The Role within the VISION system of the user linking from VISION to ADLT.

Customer Identifier

Customer (contact)

String Starts with prefix NHI. Max Length: 11 Eg: NHI99999999

Unique identifier assigned to each customer record within the VISION system.

License Status Customer Credential for Vision (vision_customercredential)

String Values: Active, Suspended, Revoked, Cancel

Field within the VISION system that indicated the stats of a customer license as either “Active”, “Suspended”, “Revoked” or “Canceled”

Customer Photo Photos (crisp_photo)

String Length should be 36. Eg: 17AD162D‐D9AE‐4F01‐8D94‐560C680940FE

Photographic facial image of customer.

First Name Customer (contact)

String 20/22 Customer first name in VISION system.

Last Name Customer (contact)

String 20/22 Customer last name in VISION system.

Date of Birth Customer (contact)

String Format: MMddyyyy

Customer date of birth in VISION system.




6.2 Knowledge Test Results Results of knowledge tests must be sent back to VISION from the ADLT system in order to clear the deficiency in VISION for the specific test as well as to create a record of the test result in VISION.


Edits and Formats

Description and Use

Test Identifier Crisp_customerrequirement

string Eg: 17AD162D‐D9AE‐4F01‐8D94‐560C680940FE

Identifies the test type in the VISION system.

Pass/Fail Indicator Crisp_customerrequirement

string Yes/No Indicates if the test was passed or failed based on customer test score.

Percentage Score Crisp_customerrequirement

string Decimal format. Eg: 90.5%

Customer test score expressed as a percentage.

Number of correct answers

Crisp_customerrequirement

string Number Number of questions the customer answered correctly.

Number of incorrect answers

Crisp_customerrequirement

string Number Number of questions the customer answered incorrectly.

6.3 Skills Test Results Results of skills tests must be sent back to VISION from the ADLT system in order to clear the deficiency in VISION for the specific test as well as to create a record of the test result in VISION.


Edits and Formats

Description and Use

Test Identifier Crisp_customerrequirement

string Eg: 17AD162D‐D9AE‐4F01‐8D94‐560C680940FE

Identifies the test type in the VISION system.

Pass/Fail Indicator Crisp_customerrequirement

string Yes/No Indicates if the test was passed or failed based on customer test score.

Percentage Score Crisp_customerrequirement

string Decimal format. Eg: 90.5%

Customer test score expressed as a percentage.




7. USER ROLE DEFINITION

User Role / Permission View Only

Clerk Examiner Manager Administrator

Set up customers √ √ √ √

View customer records √ √ √ √ √

Update customer records √ √ √ √

Assign tests to customers √ √ √ √

Assign test workstations to customers √ √ √ √

Schedule Customers for tests √ √ √ √

Change Customer Test Schedules √ √ √ √

Administer Road Tests √ √ √

Change Road Test Route √ √ √

Administer Skills test √ √ √

Download test results to ADLT √ √ √

Take / Save pictures with hand-held device

√ √ √

View Knowledge and Skills tests in progress remotely

√ √ √ √

View road test progress remotely with GPS information.

√ √ √ √

Print paper test results √ √ √ √

Run Reports √ √ √

Run Ad-hoc reports √ √ √

Set Up Users √ √

Set Up User Roles √

Maintain Road Test Routes √ √

Assign Permissions to Roles √ √

Set Up Test Questions √

Maintain Question Banks √

Maintain test questions √

Maintain test parameters √

Add/maintain graphics associated with test questions

√

Maintain audio files associated with test questions

√

Maintain test question groups √

Flag questions as mandatory √

Reset Passwords √ √

Lock / unlock hand-held devices remotely

√

View/Report on user audit tracking √

Update software on hand-held devices, workstations and workstations.

√




8. ISSUES LOG The issues log is a table that tracks any issues that arise after this document is approved and signed. Its purpose is to update the document while leaving the original content intact. The issues log can be maintained in an Excel worksheet and “pasted” into this Word document. The issues log should include the following details:

Issue Number Date Logged Requirement Number (a reference to the original requirement that is impacted) Issue description Resolution description Date Resolved Decision Made By

The issues log worksheet can also be used to track all requirements, design/development, and/or solution alternatives issues that occur after the corresponding documentation is signed. The following is an example Issue Log and a spreadsheet template is attached below:

Issue Number Date Logged

Requirement Number Issue Description Resolution Description

Date Resolved Decision Made By

Automated Driver License Testing - RFP Functional …...Functional Design Phase Business...

Documents

Transcript of Automated Driver License Testing - RFP Functional …...Functional Design Phase Business...