Information Security Architect - Denver, United States - Softpath System

Description

STATEMENT OF WORK (COVENDIS)
SECTION 1.0 PROJECT OVERVIEW
CDE IDM Replacement / Upgrade recommendations for RFP assistance project
1.1.

The Colorado Department of Education (hereafter referred to as "CDE" or "the Department") is contracting with , dba Covendis, 200 Walker St.

SW, Unit B, Atlanta, GA 30313, to provide an Information Security Architect, Contractor name, Vendor Name (the "Contractor").

The Contractor shall assess the existing Identity Management system (IDM) in support of the Statewide Longitudinal Data Systems (SLDS) federal grant to assure that education data is protected appropriately.

1.2. CDE received the grant award in 2020, and it will continue through February of 2025.

The early years of the grant focused on two use care areas, Adult Education (AE) and Concurrent Enrollment (CE), and has now shifted to the operationalization of those efforts including underlying components like the identity management system.

1.3.

The Colorado Department of Education Identity Management system (IDM) has been in place since 2009 and provides Local Education Agencies (LEAs) with a means of administering and maintaining user access to integrated CDE data systems.

IDM also helps ensure adequate protection of student-level data that is received, collected, developed, and used by the Colorado Department of Education, in compliance with the Family Educational Rights and Privacy Act (FERPA).

CDE's Identity Management process streamlines the user authentication and authorization process for CDE data systems and enhances the security to student-level data.

It automates the user registration, approval, and password reset processes and provides districts and administrative units with the ability to maintain users vi Delegated Administration model.

1.4. The current Colorado Department of Education (CDE) identity management system was implemented the Oracle Identity Management Suite


The software components include:

• Oracle Internet Directory (OID)
• Oracle Access Manager (OAM)
• Oracle Identity Manager (OIM)

Current system is based on the following high-level specifications:

• Implementation of multiple organizations (e.g. each school district) and user-ids

Integration of OAM/SSO and Key CDE Applications:
o Data Pipeline (District Data Collection System)
o COGNOS (Colorado Education Data Analysis and Reporting (CEDAR))
o RITS (Record Integration Tracking System, Unique Student Identification application) EDIS (Educator Data Integration System) J2EE Application

• Develop OIM Connectors

o RITS / EDIS J2EE Application
o Others, as needed for the key applications

• Create a delegated administration environment for data custodians using Oracle Identity Manager to provision, de-provision, and manage the user accounts associated with the CDE key applications
• OAM Self-Service Password Reset Functionality
• High Availability (HA) architecture

1.5.

The CDE seeks to upgrade and or replace the current identity management system through a technology upgrade that could include architectural changes where the authorization work is pushed to respective applications as opposed to a Delegated Administration model.

The application support is both in-house and outsourced to vendor-supported systems that interface with the identity management system through SAML XML.

1.6.

For this project, CDE not only requires an individual with strong knowledge of Identity Management Systems, and best practices, but also someone familiar with architecture and implementation of Identity Management systems.

SECTION 2.0 GENERAL REQUIREMENTS
2.1. The Department's Project Manager for this project is Jawed Samsor, ***.
2.2.

Contractor shall work closely and collaboratively with the Department's Project Manager throughout the duration of the Purchase Order to discuss suggestions or issues and incorporate guidance from the Department while performing the work described within this Statement of Work.

2.3. Contractor shall alert the Project Manager, when issues or potential risks are encountered that will affect the project.
2.4.

Contractor shall submit periodic status reports or participate in weekly status meetings as required by the Department during the engagement.

2.5. Contractor shall coordinate and prioritize all work to ensure that all deliverables and deadlines are met.
2.6.

Contractor shall employ an internal quality control process to ensure that all deliverables are complete, accurate, easy to understand, and of high quality.

2.7.

Contractor shall provide deliverables that, at a minimum, are responsive to the specific requirements of this Statement of Work, organized into a logical order, contain no spelling or grammatical errors, formatted uniformly, and contain accurate information and correct calculations.

2.8. Contractor shall submit each deliverable to the Department's Project Manager for review and approval.
2.9. Contractor shall retain all work papers generated for reference through the duration of the project and project acceptance.
2.10. Contractor shall participate in the review and revision process until the Department provides written acceptance of the deliverable.
2.11. Contractor shall research, document, and share any documentation as requested by the Department.
2.12. Contractor shall provide copies of any supporting documentation to the Department upon request of the Department and without charge.
2.13.

Contractor shall assist the Department with planning, scheduling, and facilitating meetings within CDE; with other *** Agencies; and with other states, as needed.

2.14. Contractor shall serve as a subject matter expert (SME) and mentor for CDE designated employees.
2.15. Contractor shall respond to all telephone calls, voice mails and e-mail inquiries from the Department within one business day.
2.16.

Contractor shall enable all Contractor staff to exchange documents and electronic files with the Department in formats compatible with the Department's systems.

The Department currently uses Microsoft Office 365.
2.17. dditional consulting projects as requested by the Department.
SECTION 3.0 Project Requirements
Provide expert Identity management systems consulting services.
3.1.

Contractor shall join the SLDS project team and interview necessary subject matter experts to understand the current IDM system and how best to upgrade the system.

3.2. Contractor shall review current architecture, business rules and application requirements.
3.3.

Contractor shall develop a new high-level architecture and design for the new identity management system, based on current industry direction, which shall include all changes to the base requirements.

3.4.

Contractor shall develop a roadmap that includes a timeline, milestones tasks and budget for the implementation of a new identity management system.

3.5.

Contractor shall assist in the development of an RFP using the information gathered in the discovery and design work to include requirements, timeline and budget.

3.6. ll deliverables will be submitted in draft form to SLDS Project Manager on the deliverable dates defined below. There will be 1 week allowed for CDE review and approval of draft plans. Plans are not limited to the plans defined below. There may be additional deliverables identified as the project progresses.

DELIVERABLE

DATE DUE
(Draft Plan)
Review of the current architecture and environment - Discovery
Contract Start +2 weeks
Present possible options based on the discovery and solutions available in the industry to CDE IMS team - Direction Setting
Contract Start +3 weeks
Develop high level architecture plan and requirements for the new application
Contract Start +5weeks
Develop a road map, timeline and budget for moving to the new architecture
Contract Start + 7 weeks
Develop RFP based on the information gathered during the review
Contract Start + 10 weeks
Present documentation to the CDE IMS/Upper Management
July 31, 2024
3.7.

The Contractor shall also deliver a detailed report on the review of the current architecture and environment to the Grant Project Manager for review.

Note that this report may be presented to the IMS team.


This report should:
Provide details about the current architecture based on the communications with the CDE IMS team and end-users (i.e. the districts) and other stakeholders identified by CDE.

Offer recommendations on how the existing identity management system can be improved based on the latest industry best practices and work done by other states.

Once report is review and IMS management provided feedback, Contractor shall submit a high-level architecture plan for the new environment to the Grant Project Manager for approval.

At minimum the plan shall include the items listed below
Recommendations on how to implement a new identity management system
ll suggestions shall be accompanied by associated timeline recommendations.
3.8.

Contractor shall participate in project team meetings, workstream meetings and others as necessary to fully understand project approach and progress.

3.9. Contractor shall participate in regular progress meetings as requested by the Department. These meetings may be held in-person or remotely, at CDE's request.
Provide On the job training to Identity management workstream members
3.10.

The Department's Identity management system workstream team consists of information security officer, infrastructure manager, identity management administrator, SLDS Grant Project Manager and CDE's applications development manager.

This team is well versed in maintaining the existing oracle identity management system. Contractor shall join this workstream group and work closely with these CDE employees.

For the identity management system roadmap, CDE employees must understand how the conclusion has been and that implantation of the new system is feasible within a foreseeable timeline and how it shifts from the project implementation phase to an ongoing operational phase.

3.11. The intent is for the contractor to provide identity management review services as needed throughout the remaining grant period.
3.12. Contractor shall share knowledge of identity management system as required deliverables are developed and submitted.

The identity management system workstream members may also contribute to the work required for these deliverables, as time allows and as negotiated with Project Manager.

SECTION 4.0
DELIVERABLES, TIMELINE AND COMPENSATION
4.1.

The total amount of funding for this fixed price purchase order for all work to be performed pursuant to this Statement of Work is *** This total amount of funding will be the sole compensation to the Contractor for the services and/or deliverables provided.

No additional costs will be reimbursed.
4.2. The Contractor shall provide the stated deliverables in accordance with the due dates listed below.

The payment for each deliverable is also detailed in the table below:


DELIVERABLE

DATE DUE
to CDE
AMOUNT CONTRACTOR WILL AMOUNT OF TOTAL FIXED PRICE CONTRACTOR WILL BE PAID UPON ACCEPTANCE OF
DELIVERABLE
Covendis Posting Req


ID:
XXXXX Information Security Architect - Contractor Name - Vendor Name,
/HR, Not to Exceed
05/15/24 -12/31/2024
Max Hourly Rate
- /hour
Original PO Total Not to Exceed Amount

There is no travel out of the Denver metro area anticipated for this work effort.

CDE does not pay travel expenses, so any travel conducted in the course of this contract must be included in the hourly rate*** 4.3.

The Contractor shall be paid the fixed price amount stated in the table in the Deliverables, Timeline and Compensation Section upon review and acceptance by CDE of each deliverable and receipt of an acceptable invoice.

All invoices must be submitted to CDE no later than January 31, 2025.
n acceptable invoice is an invoice created by the Contractor that contains, at a minimum, the following information:
Invoice Number
Invoice Date
Contractor Name and Address
Bill to Name (or Customer Name)
Bill to (Customer) Address
Purchase Order Number


If invoicing for services:
Service Dates
Description of Services Provided
mount being invoiced, aligned to the deliverables in the Statement of Work


If invoicing for goods:
Order date
Description of goods
Quantity
Unit price
Line-item total
Grand total of invoice
4.4.

The Contractor shall deliver the invoice to the Department's Contract Project Manager listed in Section 2.1 of this Statement of Work.

Do not send your invoice to the purchasing agent.
This document by itself is not a legal document.

This SOW must be attached to an official *** Department of Education Purchase Order (PO) coversheet to be legally binding.

No Contractor signature is necessary. By performing the work identified in this SOW, the Contractor has accepted the terms of this agreement.

In the event that the Contractor does not agree with the SOW and/or the terms and conditions of the PO, do not perform any work and immediately contact the CDE Contact Person or Buyer identified on the front of the PO.

*

• Contractor is an independent contractor and not a state employee.