Skip to main content

Technical Requirements in a RFP

Technical Requirements (West Jordan Utah)

  • Must be hosting in a U.S.-based data center
  • Data encryption at rest and in transit
  • Role-based access controls and audit logging
  • Disaster recovery and business continuity plan
  • API availability and documentation
  • Support for single sign-on (SSO) and multi-factor authentication (MFA)
  • City retains full ownership of all data
  • Clear process for data export upon contract termination
  • No use of City data for AI training or analytics without explicit permission
  • Security and data protection


Shared By GD

  • Does your organization's development and testing teams receive training specific to application security?
  • Does your organization's development team use a development framework? List development languages and framework.
  • Does your organization follow secure coding development standards?
  • Does your organization have a security methodology for continuous maintenance of the application and applicable components?
  • Does your organization review security at each phase of the software development life cycle?
  • Does your organization use an industry standard methodology for conducting security testing? Describe.
  • Does your organization use automated tools for security testing or code reviews to identify security vulnerabilities (e.g., brute force, injection, buffer overflows)?
  • Does your organization perform security testing based on industry standards (e.g., OWASP Top 10, SANS Top 25)?
  • Does your organization use an independent third party for periodic security penetration testing?
  • Does your organization perform peer code reviews on source code prior to production deployment?
  • Does your organization remediate all vulnerabilities identified prior to production deployment?
  • Is your organization outsourcing any aspect of the development to a third party?
  • Will the County receive a copy of the source code?
  • Does product or solution process, store or transmit confidential data (e.g., Social Security Number, Date of Birth, Credit Card information)?
No Comments
Back to top