Vendor Engagement Resources Information for Vendors This page provides vendors a high-level understanding of how to navigate the complexities of the state IT procurement process Architecture Strategy Security Data Digital NCDIT Services Identity & Access Management Architecture Required Architecture Diagrams The following are templates for architectural diagrams required upon RFP submission: Network Architecture Diagram Template Technology Stack Diagram Template For additional information on these diagrams, see the descriptions below. Network Architecture Diagram This diagram describes the means of communication, the method of sending and receiving information, between the assets in the Technology Architecture. The diagram will take logical connections between client and server components and identify network boundaries and network infrastructure required to physically implement those connections. It does not describe the information format or content but will address protocol and capacity issues. Technology Stack Diagram Technology stack, also called a solution stack, is a set of software components that compose a logically complete platform for running a service or supporting an application. It is the set of software that provides the infrastructure for a solution. The stacks differ based on the deployment location (e.g. client, server, mainframe). The technology stack diagram depicts the relationships and critical communication paths between the solution’s software components. Strategy Overview The goals listed below reflect the overall strategy of DIT to find better ways to leverage and share what is common across the State in terms of IT. Key elements of the vision include providing agile, world-class technology solutions, with an emphasis on digital services, delivering value through a disciplined approach to the management of technology across the enterprise of state government, increasing overall productivity of agencies and their employees, meeting the Governor’s directive to increase the use of shared data and analytics among agencies, and protecting government systems and citizen information from unauthorized access. Updated Statewide Information Technology Goals Secure IT systems and infrastructure: Provide a resilient infrastructure that mitigates risk, supports business continuity, provides security and privacy of the State’s and citizens’ data, and supports secure collaboration and information sharing. Deepen trusted partnerships: Support and empower the business of State government by improving processes, enhancing cross-agency collaboration and cooperation, and establishing and managing IT standards. Improve the management and transparency of IT: Better utilize the State’s IT resources by increasing visibility into what the State has, what it costs, and how the State uses it. Modernize and centralize IT operations: Modernize and centralize technology operations to effectively support a 21st century government. Empower our citizens through technology: Provide transparent, easy-to-use, and customer-focused government and student services. Promote better decision-making through analytics: Leverage the State’s data to make more informed decisions, policies, and laws. Strategic Resources NCDIT Strategic Plan Statewide IT Plan Security Overview An enterprise approach optimizes information technology (IT) security and risk management activities performed at the statewide level, allowing the State to gain economies of scale and helping to ensure security program consistency. Security Resources Statewide Information Technology Security Manual Statewide Information Technology Security Policies Data Classification & Handling Policy Vendor Readiness Assessment Report Data Overview The Government Data Analytics Center (GDAC) is developing a comprehensive master data management tool to document the State’s data sources and definitions, as well as any quality issues associated with the data in terms of accuracy, currency, and completeness. Evaluating a data source at the enterprise level with varying business perspectives can point out these types of data quality concerns. Based on this knowledge, the GDAC can work with the data source agency to identify ways to improve and expand the capture of quality data to support more accurate analysis and decisions. Digital Overview North Carolina citizens, businesses, and other constituencies expect great digital experiences when engaging with state government. Our goal is to deliver content, resources, and services to our customers anytime, anywhere and on any platform. We aim to deliver citizen-centric digital services with an emphasis on ease-of-use and consistency while ensuring security and reliability. Digital Commons The Department of Information Technology administers a centralized digital publishing platform running on the open-source Drupal framework (currently v7, multi-site) and hosted in Amazon Web Services. As the state's enterprise web content management system, it is considered the standard delivery platform for web and digital content. The Digital Commons platform supports approximately 55 websites including NC.gov, the Governor's Office, and several key agencies. All files for Digital Commons websites are stored in AWS S3 buckets. The Digital Commons technology stack is LAMP (Linux, Apache, MySQL/AWS' Aurora, and PHP). Digital Commons utilizes common "DevOps" tools such as Jenkins, Git, TerraForm (infrastructure-as-code), and TeamCity. Learn more about Digital Commons https://digitalcommons.nc.gov/Glossary Standards Universal Access & Accessibility State agency websites and applications are designed to reduce barriers to content for visitors with disabilities by implementing requirements that allow an inclusive, accessible online experience for users with assistive technology. In developing state government websites and digital applications, vendors must make appropriate efforts to adhere to Web Content Accessibility Guidelines 2.0 (WCAG 2.0) to make the sites more accessible to people with disabilities. The four principles of WCAG 2.0 are: Perceivable - Information and user interface components must be presented to users in ways that they can perceive, regardless of the user's functional impairment Operable - User interface components and navigation must be operable, regardless of the assistive technology used to interact with the interface Understandable - Information and the operation of the user interface must be predictable and understandable to the user Robust - Content must be robust enough to be able to be transformed and interpreted by a wide variety of user agents, like assistive technologies Usability & User Experience Creating intuitive and citizen-centric digital experiences requires following user experience (UX) best practices and guidelines. Vendors are encouraged to follow usability recommendations for content strategy, visual design, user research methods, and other resources found at https://www.usability.gov/ Brand As a part of the Digital Commons initiative, a "living" style has been established at http://digitalstyle.nc.gov/. The style guide outlines visual, interaction, and information standards as well as approved templates available for download. Style guide resources address areas such as: Typography Color Palettes Form interactions Status notifications Iconography and glyphs Layouts including specific agency layouts Header and footer regions HTML elements such as links, blockquotes, buttons, and form inputs Tooltips Flyout menus (Username/Password provided upon request) Mobility Digital content should be available anytime, anywhere, and on any device. "Responsive" web design (RWD) is an approach to design and development that ensures an optimal user experience across an array of mobile devices. All websites running on the Digital Commons platform and other state hosting systems should be optimized for mobile users and include "breakpoints" for both mobile phones and tablets. Native Applications DIT urges caution when considering native mobile application (i.e. iOS/Android) development -- consider responsive websites whenever possible. Native application development may make sense in instances when specific mobile device functionality is required that is not achievable through a browser. Agencies should ask do we have resources available for ongoing native application development and support. There are no dedicated iOS/Android developers in NC state government. In most cases, all information and services may be made available to mobile users by optimizing the agency website to be mobile accessible. Plain Language Plain language makes it easier for the public to read, understand, and use government communications. Vendor supported web and digital initiatives should support and adhere to the principles of plain language including: Less is more! Be concise. Break up text into small chunks Use lots of headings Keep paragraphs short Turn sentences into more visual forms, like lists and tables Include pictures and graphics to visually reinforce your text One space after a period, not two Never use "click here" as a link - link language should describe what your reader will get if they click the link. Other guidelines can be found at https://www.plainlanguage.gov/guidelines/ Other content guides can found at: https://content-guide.18f.gov/ NCDIT Services Overview NCDIT provides over 40 services to State agencies and other local government entities. DIT’s technical services range from networking to platform and hosting to productivity and collaboration. Key NCDIT Services Platform Services Multi-Factor Authentication NC Identity Management (NCID) Identity & Access Management Overview The State Chief Information Officer (SCIO) strives to simplify electronic transactions with North Carolina State Government. The SCIO is required to ensure this happens in a secure manner. This is accomplished through authentication of users and controlled access to applications and services. Standard To achieve this, the SCIO requires all inter-agency and external facing solutions/applications that create content use the State’s Identity and Access Management solution (“NCID”). More information about the NCID service and ordering the NCID service. NCID is used to integrate with numerous systems to synergize the end-user experience by providing authentication/authorization to State applications and solutions. All solutions requiring NCID authentication must externalize identity and access management and support the following protocols: Security Assertion Markup Language (SAML v2) Lightweight Directory Access Protocol (LDAP) Web Services (SOAP/WSDL) As existing solutions are upgraded or replaced, they will be required to support the above protocols. A formal exception is required to use a solution other than NCID. The agency must provide just cause for the exception to be approved. Find the exception form and additional information about exceptions.