Common use of PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support Clause in Contracts

PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support. PEBC Maintenance and Support includes troubleshooting, modifying, upgrading, maintaining, improving security, and enhancing systems and applications which may be running in a production environment. This software is written in C#, housed in Azure, and the data is housed in a SQL Server database. PEBC provides healthcare benefits administrative services for Dallas County, Tarrant County, Denton County, Parker County and the North Texas Tollway Authority. Files are received weekly from each entity related to the health insurance being provided to employees and retirees. These files are reviewed, loaded and processed into the database using the Benefits Administration Software. • The software uses rules engines and stored procedures to: o identify errors in the data; o make corrections; o prepare the information for submittal to insurance providers; and o process files containing information on tax saver and/or health savings plans that are submitted to vendors. • In addition to traditional software maintenance activities of bug fixes, patches, etc., the vendor will also: o provide software development services as needed for development of new features o perform modifications required due to regulatory changes or plan changes of customer entities o Maintain the Azure environment from the standpoint of provisioning users, removing users, ensuring updates to the environment are made using a process that ensure the system continues to operate accurately and performance meet PEBC needs. • Security of the system is critical. This requires: o The vendor to possess and exercise expertise in Microsoft Azure security best practices around, but not limited to: ▪ Network segmentation, ▪ Network Security Groups, ▪ Azure Security Center, ▪ Data security/encryption ▪ Identity management, ▪ Virtual machine hardening, and ▪ Endpoint access control. • All application development must, at a minimum, adhere to the standards outlined in the Open Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS) at Level 2. • All code changes must be scanned for vulnerabilities before being put to User Acceptance Testing to ensure any weaknesses are addressed. Additionally, all software in use must remain current to provide a secure environment so the vendor will be responsible for ensuring that occurs. Additional responsibilities include documenting and managing the process for adding new users to the system and removing users when requested by PEBC. The successful vendor will be required to sign a Business Associate Agreement with PEBC. This agreement satisfies the HIPAA requirements of the engagement. • Submit data updates to vendors in custom data formats • Assure high data integrity, while meeting regular (at least weekly) data processing deadlines • Implement innovative data programming techniques to meet unique business needs • A comprehensive and detailed list of desired features can be found as PEBC Scope of Services. Detailed Scope of Work: The response document should provide a comprehensive description of the project's scope of work, including but not limited to: 1. Background information about our organization, including our industry, size, and strategic objectives. 2. Specific project objectives, goals, and desired outcomes. 3. Detailed description of each service category and associated deliverables. 4. Required qualifications and experience of the vendor, including any certifications or specialized expertise. 5. Specifications for the hardware, software, and technologies to be utilized. 6. Project timeline, milestones, and dependencies. 7. Reporting requirements and communication protocols. 8. Evaluation criteria and weightage for vendor selection. 9. Budget and pricing structure, including any additional costs or contingencies. 10. Terms and conditions, including intellectual property rights, liability, and confidentiality. The proposal for Deliverable 14 should also include the following information: 1. Vendor's background, including company profile, years of experience, and relevant industry certifications. 2. Detailed approach and methodology to address each service category, with clear alignment to our objectives. 3. Project team composition, roles, and qualifications, highlighting relevant experience and expertise. 4. Case studies, references, and success stories related to similar projects, demonstrating a track record of delivering successful IT solutions. 5. Pricing details, including cost estimates and any additional charges. 6. Proposed timeline and milestones for project execution, with consideration for potential risks and contingencies. 7. Implementation plan, including risk mitigation strategies and change management processes. 8. Any additional information or documentation that the vendor deems relevant.

PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support. PEBC Maintenance and Support includes troubleshooting, modifying, upgrading, maintaining, improving security, and enhancing systems and applications which may be running in a production environment. This software is written in C#, housed in Azure, and the data is housed in a SQL Server database. PEBC provides healthcare benefits administrative services for Dallas County, Tarrant County, Denton County, Parker County and the North Texas Tollway Authority. Files are received weekly from each entity related to the health insurance being provided to employees and retirees. These files are reviewed, loaded and processed into the database using the Benefits Administration Software. • The software uses rules engines and stored procedures to: o identify errors in the data; o make corrections; o prepare the information for submittal to insurance providers; and o process files containing information on tax saver and/or health savings plans that are submitted to vendors. • In addition to traditional software maintenance activities of bug fixes, patches, etc., the vendor will also: o provide software development services as needed for development of new features o perform modifications required due to regulatory changes or plan changes of customer entities o Maintain the Azure environment from the standpoint of provisioning users, removing users, ensuring updates to the environment are made using a process that ensure the system continues to operate accurately and performance meet PEBC needs. • Security of the system is critical. This requires: o The vendor to possess and exercise expertise in Microsoft Azure security best practices around, but not limited to: ▪ Network segmentation, ▪ Network Security Groups, ▪ Azure Security Center, ▪ Data security/encryption ▪ Identity management, ▪ Virtual machine hardening, and ▪ Endpoint access control. • All application development must, at a minimum, adhere to the standards outlined in the Open Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS) at Level 2. • All code changes must be scanned for vulnerabilities before being put to User Acceptance Testing to ensure any weaknesses are addressed. Additionally, all software in use must remain current to provide a secure environment so the vendor will be responsible for ensuring that occurs. Additional responsibilities include documenting and managing the process for adding new users to the system and removing users when requested by PEBC. The successful vendor will be required to sign a Business Associate Agreement with PEBC. This agreement satisfies the HIPAA requirements of the engagement. • Submit data updates to vendors in custom data formats • Assure high data integrity, while meeting regular (at least weekly) data processing deadlines • Implement innovative data programming techniques to meet unique business needs • A comprehensive and detailed list of desired features can be found as PEBC Scope of Services. Detailed Scope of Work: The response document should provide a comprehensive description of the project's scope of work, including but not limited to: 1. Background information about our organization, including our industry, size, and strategic objectives. 2. Specific project objectives, goals, and desired outcomes. 3. Detailed description of each service category and associated deliverables. 4. Required qualifications and experience of the vendor, including any certifications or specialized expertise. 5. Specifications for the hardware, software, and technologies to be utilized. 6. Project timeline, milestones, and dependencies. 7. Reporting requirements and communication protocols. 8. Evaluation criteria and weightage for vendor selection. 9. Budget and pricing structure, including any additional costs or contingencies. 10. Terms and conditions, including intellectual property rights, liability, and confidentiality. The proposal for Deliverable 14 should also include the following information: 1. Vendor's background, including company profile, years of experience, and relevant industry certifications. 2. Detailed approach and methodology to address each service category, with clear alignment to our objectives. 3. Project team composition, roles, and qualifications, highlighting relevant experience and expertise. 4. Case studies, references, and success stories related to similar projects, demonstrating a track record of delivering successful IT solutions. 5. Pricing details, including cost estimates and any additional charges. 6. Proposed timeline and milestones for project execution, with consideration for potential risks and contingencies. 7. Implementation plan, including risk mitigation strategies and change management processes. 8. Any additional information or documentation that the vendor deems relevant.

PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support. PEBC Maintenance and Support includes troubleshooting, modifying, upgrading, maintaining, improving security, and enhancing systems and applications which may be running in a production environment. This software is written in C#, housed in Azure, and the data is housed in a SQL Server database. PEBC provides healthcare benefits administrative services for Dallas County, Tarrant County, Denton County, Parker County and the North Texas Tollway Authority. Files are received weekly from each entity related to the health insurance being provided to employees and retirees. These files are reviewed, loaded and processed into the database using the Benefits Administration Software. • The software uses rules engines and stored procedures to: o identify errors in the data; o make corrections; o prepare the information for submittal to insurance providers; and o process files containing information on tax saver and/or health savings plans that are submitted to vendors. • In addition to traditional software maintenance activities of bug fixes, patches, etc., the vendor will also: o provide software development services as needed for development of new features o perform modifications required due to regulatory changes or plan changes of customer entities o Maintain the Azure environment from the standpoint of provisioning users, removing users, ensuring updates to the environment are made using a process that ensure the system continues to operate accurately and performance meet PEBC needs. • Security of the system is critical. This requires: o The vendor to possess and exercise expertise in Microsoft Azure security best practices around, but not limited to: ▪ Network segmentation, ▪ Network Security Groups, ▪ Azure Security Center, ▪ Data security/encryption ▪ Identity management, ▪ Virtual machine hardening, and ▪ Endpoint access control. • All application development must, at a minimum, adhere to the standards outlined in the Open Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS) at Level 2. • All code changes must be scanned for vulnerabilities before being put to User Acceptance Testing to ensure any weaknesses are addressed. Additionally, all software in use must remain current to provide a secure environment so the vendor will be responsible for ensuring that occurs. Additional responsibilities include documenting and managing the process for adding new users to the system and removing users when requested by PEBC. The successful vendor will be required to sign a Business Associate Agreement with PEBC. This agreement satisfies the HIPAA requirements of the engagement. • Submit data updates to vendors in custom data formats • Assure high data integrity, while meeting regular (at least weekly) data processing deadlines • Implement innovative data programming techniques to meet unique business needs • A comprehensive and detailed list of desired features can be found as PEBC Scope of Services. Detailed Scope of Work: The response document should provide a comprehensive description of the project's scope of work, including but not limited to: 1. Background information about our organization, including our industry, size, and strategic objectives. 2. Specific project objectives, goals, and desired outcomes. 3. Detailed description of each service category and associated deliverables. 4. Required qualifications and experience of the vendor, including any certifications or specialized expertise. 5. Specifications for the hardware, software, and technologies to be utilized. 6. Project timeline, milestones, and dependencies. 7. Reporting requirements and communication protocols. 8. Evaluation criteria and weightage for vendor selection. 9. Budget and pricing structure, including any additional costs or contingencies. 10. Terms and conditions, including intellectual property rights, liability, and confidentiality. The proposal for Deliverable 14 should also include the following information:: Ven 1. Vendordor's background, including company profile, years of experience, and relevant industry certifications. 2. Detailed approach and methodology to address each service category, with clear alignment to our objectives. 3. Project team composition, roles, and qualifications, highlighting relevant experience and expertise. 4. Case studies, references, and success stories related to similar projects, demonstrating a track record of delivering successful IT solutions. 5. Pricing details, including cost estimates and any additional charges. 6. Proposed timeline and milestones for project execution, with consideration for potential risks and contingencies. 7. Implementation plan, including risk mitigation strategies and change management processes. 8. Any additional information or documentation that the vendor deems relevant.

PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support. PEBC Maintenance and Support includes troubleshooting, modifying, upgrading, maintaining, improving security, and enhancing systems and applications which may be running in a production environment. This software is written in C#, housed in Azure, and the data is housed in a SQL Server database. PEBC provides healthcare benefits administrative services for Dallas County, Tarrant County, Denton County, Parker County and the North Texas Tollway Authority. Files are received weekly from each entity related to the health insurance being provided to employees and retirees. These files are reviewed, loaded and processed into the database using the Benefits Administration Software. • The software uses rules engines and stored procedures to: o identify errors in the data; o make corrections; o prepare the information for submittal to insurance providers; and o process files containing information on tax saver and/or health savings plans that are submitted to vendors. • In addition to traditional software maintenance activities of bug fixes, patches, etc., the vendor will also: o provide software development services as needed for development of new features o perform modifications required due to regulatory changes or plan changes of customer entities o Maintain the Azure environment from the standpoint of provisioning users, removing users, ensuring updates to the environment are made using a process that ensure the system continues to operate accurately and performance meet PEBC needs. • Security of the system is critical. This requires: o The vendor to possess and exercise expertise in Microsoft Azure security best practices around, but not limited to: ▪ Network segmentation, ▪ Network Security Groups, ▪ Azure Security Center, ▪ Data security/encryption ▪ Identity management, ▪ Virtual machine hardening, and ▪ Endpoint access control. • All application development must, at a minimum, adhere to the standards outlined in the Open Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS) at Level 2. • All code changes must be scanned for vulnerabilities before being put to User Acceptance Testing to ensure any weaknesses are addressed. Additionally, all software in use must remain current to provide a secure environment so the vendor will be responsible for ensuring that occurs. Additional responsibilities include documenting and managing the process for adding new users to the system and removing users when requested by PEBC. The successful vendor will be required to sign a Business Associate Agreement with PEBC. This agreement satisfies the HIPAA requirements of the engagement. • Submit data updates to vendors in custom data formats • Assure high data integrity, while meeting regular (at least weekly) data processing deadlines • Implement innovative data programming techniques to meet unique business needs • A comprehensive and detailed list of desired features can be found as PEBC Scope of Services. Detailed Scope of Work: The response document should provide a comprehensive description of the project's scope of work, including but not limited to: 1. Background information about our organization, including our industry, size, and strategic objectives. 2. Specific project objectives, goals, and desired outcomes.. DocuSign Envelope ID: 5A4C267D-C06D-4BA7-911C-B5208DEE47CB 3. Detailed description of each service category and associated deliverables. 4. Required qualifications and experience of the vendor, including any certifications or specialized expertise. 5. Specifications for the hardware, software, and technologies to be utilized. 6. Project timeline, milestones, and dependencies. 7. Reporting requirements and communication protocols. 8. Evaluation criteria and weightage for vendor selection. 9. Budget and pricing structure, including any additional costs or contingencies. 10. Terms and conditions, including intellectual property rights, liability, and confidentiality. The proposal for Deliverable 14 should also include the following information: 1. Vendor's background, including company profile, years of experience, and relevant industry certifications. 2. Detailed approach and methodology to address each service category, with clear alignment to our objectives. 3. Project team composition, roles, and qualifications, highlighting relevant experience and expertise. 4. Case studies, references, and success stories related to similar projects, demonstrating a track record of delivering successful IT solutions. 5. Pricing details, including cost estimates and any additional charges. 6. Proposed timeline and milestones for project execution, with consideration for potential risks and contingencies. 7. Implementation plan, including risk mitigation strategies and change management processes. 8. Any additional information or documentation that the vendor deems relevant.. DocuSign Envelope ID: 5A4C267D-C06D-4BA7-911C-B5208DEE47CB This section is intended to complement but not repeat the overview section at the front of this RFP. To gain a basic understanding regarding the overall approach of this RFP, the proposer should read both sections and respond to the criteria listed in both. The following features, or the equivalent of, are essential features of the software solution that NCTCOG desires. The proposer should identify if they possess the ability or willingness to provide for each feature, and a description of Proposer’s method of delivery for each:

PEBC Employee Benefits Enrollment Application and Database Software Maintenance and Support. PEBC Maintenance and Support includes troubleshooting, modifying, upgrading, maintaining, improving security, and enhancing systems and applications which may be running in a production environment. This software is written in C#, housed in Azure, and the data is housed in a SQL Server database. PEBC provides healthcare benefits administrative services for Dallas County, Tarrant County, Denton County, Parker County and the North Texas Tollway Authority. Files are received weekly from each entity related to the health insurance being provided to employees and retirees. These files are reviewed, loaded and processed into the database using the Benefits Administration Software. • The software uses rules engines and stored procedures to: o identify errors in the data; o make corrections; o prepare the information for submittal to insurance providers; and o process files containing information on tax saver and/or health savings plans that are submitted to vendors. • In addition to traditional software maintenance activities of bug fixes, patches, etc., the vendor will also: o provide software development services as needed for development of new features o perform modifications required due to regulatory changes or plan changes of customer entities o Maintain the Azure environment from the standpoint of provisioning users, removing users, ensuring updates to the environment are made using a process that ensure the system continues to operate accurately and performance meet PEBC needs. • Security of the system is critical. This requires: o The vendor to possess and exercise expertise in Microsoft Azure security best practices around, but not limited to: ▪ Network segmentation, ▪ Network Security Groups, ▪ Azure Security Center, ▪ Data security/encryption ▪ Identity management, ▪ Virtual machine hardening, and ▪ Endpoint access control. • All application development must, at a minimum, adhere to the standards outlined in the Open Web Application Security Project’s (OWASP) Application Security Verification Standard (ASVS) at Level 2. • All code changes must be scanned for vulnerabilities before being put to User Acceptance Testing to ensure any weaknesses are addressed. Additionally, all software in use must remain current to provide a secure environment so the vendor will be responsible for ensuring that occurs. Additional responsibilities include documenting and managing the process for adding new users to the system and removing users when requested by PEBC. The successful vendor will be required to sign a Business Associate Agreement with PEBC. This agreement satisfies the HIPAA requirements of the engagement. • Submit data updates to vendors in custom data formats • Assure high data integrity, while meeting regular (at least weekly) data processing deadlines • Implement innovative data programming techniques to meet unique business needs • A comprehensive and detailed list of desired features can be found as PEBC Scope of Services. Detailed Scope of Work: The response document should provide a comprehensive description of the project's scope of work, including but not limited to: 1. Background information about our organization, including our industry, size, and strategic objectives. 2. Specific project objectives, goals, and desired outcomes. 3. Detailed description of each service category and associated deliverables. 4. Required qualifications and experience of the vendor, including any certifications or specialized expertise. 5. Specifications for the hardware, software, and technologies to be utilized. 6. Project timeline, milestones, and dependencies. 7. Reporting requirements and communication protocols. 8. Evaluation criteria and weightage for vendor selection. 9. Budget and pricing structure, including any additional costs or contingencies. 10. Terms and conditions, including intellectual property rights, liability, and confidentiality. The proposal for Deliverable 14 should also include the following information: 1. Vendor's background, including company profile, years of experience, and relevant industry certifications. 2. Detailed approach and methodology to address each service category, with clear alignment to our objectives. 3. Project team composition, roles, and qualifications, highlighting relevant experience and expertise. 4. Case studies, references, and success stories related to similar projects, demonstrating a track record of delivering successful IT solutions. 5. Pricing details, including cost estimates and any additional charges. 6. Proposed timeline and milestones for project execution, with consideration for potential risks and contingencies. 7. Implementation plan, including risk mitigation strategies and change management processes. 8. Any additional information or documentation that the vendor deems relevant.