Vendor Engagement Resources Information for Vendors This page provides vendors a high-level understanding of how to navigate the complexities of the state IT procurement process Architecture Strategy Security Data Digital NCDIT Services Identity & Access Management Required Architecture Diagrams The following are templates for architectural diagrams required upon RFP submission: Network Architecture Diagram Template Technology Stack Diagram Template For additional information on these diagrams, see the descriptions below. Network Architecture Diagram This diagram describes the means of communication, the method of sending and receiving information, between the assets in the Technology Architecture. The diagram will take logical connections between client and server components and identify network boundaries and network infrastructure required to physically implement those connections. It does not describe the information format or content but will address protocol and capacity issues. Technology Stack Diagram Technology stack, also called a solution stack, is a set of software components that compose a logically complete platform for running a service or supporting an application. It is the set of software that provides the infrastructure for a solution. The stacks differ based on the deployment location (e.g. client, server, mainframe). The technology stack diagram depicts the relationships and critical communication paths between the solution’s software components. Overview The goals listed below reflect the overall strategy of DIT to find better ways to leverage and share what is common across the State in terms of IT. Key elements of the vision include providing agile, world-class technology solutions, with an emphasis on digital services, delivering value through a disciplined approach to the management of technology across the enterprise of state government, increasing overall productivity of agencies and their employees, meeting the Governor’s directive to increase the use of shared data and analytics among agencies, and protecting government systems and citizen information from unauthorized access. Updated Statewide Information Technology Goals Secure IT systems and infrastructure: Provide a resilient infrastructure that mitigates risk, supports business continuity, provides security and privacy of the State’s and citizens’ data, and supports secure collaboration and information sharing. Deepen trusted partnerships: Support and empower the business of State government by improving processes, enhancing cross-agency collaboration and cooperation, and establishing and managing IT standards. Improve the management and transparency of IT: Better utilize the State’s IT resources by increasing visibility into what the State has, what it costs, and how the State uses it. Modernize and centralize IT operations: Modernize and centralize technology operations to effectively support a 21st century government. Empower our citizens through technology: Provide transparent, easy-to-use, and customer-focused government and student services. Promote better decision-making through analytics: Leverage the State’s data to make more informed decisions, policies, and laws. Strategic Resources NCDIT Strategic Plan Statewide IT Plan Overview An enterprise approach optimizes information technology (IT) security and risk management activities performed at the statewide level, allowing the State to gain economies of scale and helping to ensure security program consistency. Security Resources Statewide Information Technology Security Manual Statewide Information Technology Security Policies Data Classification & Handling Policy Vendor Readiness Assessment Report Overview The Government Data Analytics Center (GDAC) is developing a comprehensive master data management tool to document the State’s data sources and definitions, as well as any quality issues associated with the data in terms of accuracy, currency, and completeness. Evaluating a data source at the enterprise level with varying business perspectives can point out these types of data quality concerns. Based on this knowledge, the GDAC can work with the data source agency to identify ways to improve and expand the capture of quality data to support more accurate analysis and decisions. Overview North Carolina constituencies expect great digital experiences when engaging with state government. Our goal is to deliver content, resources and services anytime, anywhere and on any device. We aim to deliver user-centric digital services with an emphasis on accessibility, ease-of-use and consistency while ensuring security and reliability. Digital Commons The N.C. Department of Information Technology administers Digital Commons, a customized content management platform running on the open-source Drupal framework (currently Drupal 9) and hosted on FedRAMP compliant Amazon Web Services. As the state's enterprise web content management system, Digital Commons is considered the standard delivery platform for web and digital content. The platform supports more than 60 websites for agencies, boards and commission, including the NC.gov Constituent Portal Resources Digital Commons Platform Accessibility Principles Digital Commons Websites New Website FAQs Overview NCDIT provides over 40 services to State agencies and other local government entities. DIT’s technical services range from networking to platform and hosting to productivity and collaboration. Key NCDIT Services Platform Services Multi-Factor Authentication NC Identity Management (NCID) Overview The State Chief Information Officer (SCIO) strives to simplify electronic transactions with North Carolina State Government. The SCIO is required to ensure this happens in a secure manner. This is accomplished through authentication of users and controlled access to applications and services. Standard To achieve this, the SCIO requires all inter-agency and external facing solutions/applications that create content use the State’s Identity and Access Management solution (“NCID”). More information about the NCID service. NCID is used to integrate with numerous systems to synergize the end-user experience by providing authentication/authorization to State applications and solutions. All solutions requiring NCID authentication must externalize identity and access management and support the following protocols: Security Assertion Markup Language (SAML v2) Lightweight Directory Access Protocol (LDAP) Web Services (SOAP/WSDL) As existing solutions are upgraded or replaced, they will be required to support the above protocols. A formal exception is required to use a solution other than NCID. The agency must provide just cause for the exception to be approved. Find the exception form and additional information about exceptions.