Tab 2A - Business Criteria

TAB 2A - BUSINESS CRITERIA
Instructions: Please provide a response to each comment listed. The University believes that the prospective bidder's previous experience, financial capability, expertise of personnel, and related
factors are important in assessing the bidder's potential to successfully fulfill the qualifications defined herein. Lack of comments to any items listed may render the bidder's proposal as non-
responsive.
Does Not Meet
Item No. Business Criteria and Other Information Requested Meets Qualification
Qualification
Provide a brief overview of your company, including but not limited
1.0 to, ownership over the last 5 years, number of years in business,
mission, vision, and business philosophy.
Please explain the general qualifications and overview of the firm

to include demonstrated ability to provide products, configuration,
1.1
implementation, documentation, turnover and training consistent
with The University objectives as outlined in the RFP.
Please describe your company's strategy around Application

1.2 Program Interface (API) Management software solutions. Is it
considered a core competency of the business? What percentage
of your company's revenue is derived from API Management?
APIs, social, and mobile are fast moving topics. Can you provide
1.3
examples of your thought leadership in the API space?
Please provide Biographies for the Top Executives of the company
2.0
and how long each has been with your company.
How long has your company provided Application Program
Interface (API) Management software solutions? What is the total
3.0 number of hospitals your company provides this software and
related services for in the US? How many are academic medical
centers?
3.1 What % of the Fortune 100 use the product?
Is the product telco grade? What % of the largest 12 global telcos
3.2
use your product?
3.3 Is the product in production with large retail brands?
Who are your most significant NEW customers (of your API
3.4 products) in the past 6 months? If possible, provide details in Tab
2B reference information.
How many hospitals does your company provide Application
Program Interface (API) Management software solutions in the
4.0 state of California? How many are academic medical centers?
Are any of these customers University of California centers? If so,
please list.
Please name and describe the background of key subcontractors
or partners that would be used in the University's implementation.
5.0
Please identify if they have installed a like platform into a university
hospital.
How many employees would be assigned to support development,
6.0 onsite implementation and servicing of your proposed solution, if
applicable?
Please provide a list of your current strategic alliances. Provide
any current or future plans for mergers or acquisitions for your
7.0
company. If there are any plans currently in progress, please
provide details of the plans and an estimated timeline.
The respondent shall provide a description of any material litigation

8.0 in which your company is currently involved and how such litigation
may affect implementation of the proposed solution.
The bidder shall provide indication of any potential conflict of

9.0
interest and a plan for avoiding any conflict.
Bidders shall have the ability to obtain the necessary insurance
10.0 (refer to Article 17 of the enclosed Appendix A, University of
California Terms and Conditions of Purchase).
Bidder shall provide its federal employer tax identification number
10.1
and complete a UCLA Business information Form.
10.2 Provide 2 years audited financial statements or equivalent.
Bidder shall submit a current Dun & Bradstreet report ("Supplier
Qualifier Report" or similar) with its bid submission. The report
10.3
shall be dated no more than 60 days prior to the date of bid
submission.
IA
r's previous experience, financial capability, expertise of personnel, and related
of comments to any items listed may render the bidder's proposal as non-
Comment
TAB 2B REFERENCES
Instructions: The vendor shall submit reference information for successful implementations at healthcare organizations with similar
requirements to UCLA.
INFORMATION REQUESTED REFERENCE #1 - ACADEMIC HOSPITAL #2 - MULTI-FACILITY HOSPITAL SYSTEM
Customer name
Street address
City/State/Zip Code
IT Contact Email address
IT Contact telephone number
Summary of project
Approximate volume of Web API Calls
Date of Customer Acceptance
Approximate value of installed solution
INFORMATION REQUESTED #3 - CALIFORNIA HOSPITAL #4 - OTHER LARGE-VOLUME CLIENT
Customer name
Street address
City/State/Zip Code
IT Contact telephone number
Summary of project
Approximate volume of Web API Calls
Date of Customer Acceptance
Approximate value of installed solution
TAB 3 - MANDATORY REQUIREMENTS
Instructions: The submitter should indicate whether or not each of the requirements can be met. Lack of comments to any items listed may render the bidder's proposal as nonresponsive.
The responder shall explain alternate solutions in the comment column.
Does Not Meet Meets
Item No. Mandatory Requirements Comment
Requirement Requirement
The systems proposed shall include all equipment, software, accessories, and features necessary
for a complete, operating, state-of-the-art system. All software shall have been validated by
1.0 prior use in healthcare applications (i.e., unless UCLA directs in writing, software supplied shall not
be of an investigational nature). All software provided shall be of the latest revision/version
commercially available at the time of installation and go-live.
The system must be able to meet privacy and security requirements to protect Protected
2.0 Healthcare Information and comply with HIPAA regulations. Name the prominent features of your
solution that contribute to this level of security.
The proposed system must support a multi-entity environment (e.g. Westwood Hospital, Santa
3.0 Monica Hospital, Neuropsychiatric Hospital, multiple hospital-based clinics). Describe the features
of your company's solution that help to achieve this goal.
The proposed system must have been successfully implemented at an academic medical
4.0
center of 200 beds or greater. Please name the academic medical center.
The system must be capable of full integration with UCLA's CareConnect (EPIC) Electronic
Health Record. Please name the health system most closely matching the size and complexity of
5.0
UCLA Health System at which your company's solution has been successfully integrated with the
EPIC E.H.R. Provide additional details in Tab 2B.
The system shall have the ability to support multiple simultaneous users. State how your
6.0 solution accomplishes this goal. What is the maximum number of users supported by the proposed
system? What is the highest number of users in actual use at current customer site?
All work related to UCLA's project shall take place within the United States. The vendor shall
7.0 confirm that no development, configuration or other work related to the solution shall be "off-shored"
to a foreign country.
The proposed solution shall provide an API Gateway. Describe the key and differentiating features,
8.0
The proposed solution shall provide an API Identity manager, Access Control and Security
9.0 enforcement. - Describe how the product implements identtity management, access control and
enforces security.
The proposed solution shall provide an API Service Manager. This feature should provide a quick
10.0 and easy access to enable the users to manage services and policies online. It may be a part of
API gateway. Describe the key and differentiating features,
The proposed solution shall provide an API Developer Portal - Describe the key distinguished
11.0
feature of the products developer portal.
The proposed solution shall provide a Sandbox environment. Sandbox shall allow developers to
12.0 mimic the characteristics of the production environment and create simulated responses. Describe
the key and differentiating features,
531754140.xls TAB 3 MANDATORY REQUIREMENTS Page 6

TAB 3 - MANDATORY REQUIREMENTS
Instructions: The submitter should indicate whether or not each of the requirements can be met. Lack of comments to any items listed may render the bidder's proposal as nonresponsive.
The responder shall explain alternate solutions in the comment column.
The proposed solution shall provide for API Lifecycle governance. It shall include Design Time
Governance such as API versioning, design standard etc. and Run time governance, such as API
13.0 monitoring, API deployment, and dynamic provisioning. Describe the key and differentiating
features,
The proposed solution shall provide Design and Prototype APIs - Should be able to quickly design
14.0
and create/resuse APIs. Describe the key and differentiating features,
The proposed solution shall provide a Manage Developer Community. Describe the key and
15.0
differentiating features,
The proposed solution shall provide for API monitoring. Explain different types of available
16.0
monitoring tools and key and differentiating features,
The proposed solution shall provide for Multi Tenancy. Explain how your product supports multi
17.0
tenancy ? Describe the key and differentiating features,
The proposed solution shall provide for Analytics paradigms- Describe what analytic paradigms
are available. The API portal needs to provide access to reports and charts including:
18.0 • Predictive
• Real-time
• Historic
• Message Logs
The proposed solution should be able to integrate with SOA/ESB. Can your product seamlessly
integrate with any SOA/ESB architecture? Please explain and provide references examples of
19.0 clients with successful implementation. Include one such refereence in Tab 2B.
531754140.xls TAB 3 MANDATORY REQUIREMENTS Page 7

TAB 4 - FUNCTIONAL and TECHNICAL REQUIREMENTS
Instructions: The respondent should indicate whether or not each of the requirements can be met. Any specification not marked as either "Meets Requirement" or "Does Not Meet Requirement"
may render the bidder's proposal non-responsive. The responder shall explain any non-compliance or alternate solutions in the comment column.
Does Not Meet Meets
Item No. A - Architecture Comment
Deployment Flexibility- Product must support public cloud, private cloud and
hybrid deployments.
1.0
Describe the platform's support for on premises and cloud deployments, with
specific attention to feature parity, and central management of a hybrid
deployment modality
Multi-tenancy - Product must support multi-tenancy for both public and private
2.0 cloud deployments. Multiple teams should be able to work independently with
runtime isolation.
Enterpise scalability, reliability and load balancing - The platform should

3.0 support a multi-region, multi-data center deployment to ensure the highest level
of availability and distribution.
Solution should support a scalable environment and should be able to provision
additional capacity per API / per team / per region / per organization on demand.
4.0 CI/CD -The platform should be able to integrate into continuous development and
deployment practice. Explain the features of your product that support this goal.
Multi-DC deployments- The product should support multi-DC deployments.
5.0 Explain if the product provides a centralized UI for multi-DC deployments or do
we need to manage them independently?
6.0 Zero downtime-rolling upgrades - The product should support zero downtime
patching and updates. Explain how does your product achieves this.
Intelligent Traffic Routing - The product should have the ability to do intelligent
7.0 traffic routing to give users the closest point of presence over wide geographical
areas.
Transport - The product should support some of following transports. Explain

which ones your product support.
Uniform interface/proxy to multiple backend messaging protocols (JMS, RMI etc)
8.0 ● HTTP
● JMS
● Websphere MQ (via JMS)
● AMQP
● File
● RDBMS (which ones)
● NoSQL (which ones)
531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 8

Application Connectivity - The product should be able to support some of

following application connectivity. Explain which ones your product supports.
Microsoft .Net, Sharepoint
9.0 ● SalesForce
● ServiceNow
● Splunk
● SAP General SAP Business Intelligence Platform (BIP) support
● SAP Universes
Message path inspection- Product should provide some sort of interface that
10.0 allows a user to inspect a message’s path and metadata at runtime (in
production). Please explain if your product has this feature.
Run time troubleshooting - Product should have a utility to capture all the
11.0 system dumps and application logs for troubleshooting. For ex : thread dumps,
memory dumps etc.
Testing - Product should have a testing mechanism.
Explain approach to Test Driven Development capabilities to test mappings and

12.0 interfaces, and cover support for Unit and Integration tests, as well as for
standing up common (possibly embedded) test fixtures (FTP Server, DB, etc)
API Discovery - The product should have features like Catalog, Search and
13.0
Provisioning. Explain in detail.
Alerting - Product should have a alerting mechanism in place. Please explain
14.0
product features.
Logging- Product should have searchable system logs.Describe your APIM

15.0 product's management and configuration of logging at runtime and design time.
Does the product have the ability customize the log content (log entry formatting,
including selective input parameters and authenticated user, etc)?
Reporting - Product should have some sort of reporting features.Describe what
16.0 types and level of reporting are available. Can we manipulate and create custom
reports using a web based GUI?
FHIR (Fast Healthcare Interoperability Resources ) - Product should support
17.0 FHIR APIs. Please explain the product's ability to support FHIR API calls and it's
interoperablity features
Does Not Meet Meets
Item No. B - API Gateway Requirements Comment
Design/Documentation- Product should support OpenAPI (formerly known as
1.0
Swagger) or RAML to design APIs and generate documentation.

Prototyping - The product should facilitate rapid prototyping of mock APIs.
2.0
Please explain how your product supports this.
3.0 AP uniformity - The platform should enforce some sort of uniformity across API
creators/publishers. Does the product help create uniform, consistent, well-
formed APIs, even if the underlying backend systems weren't built that way?
Traffic Mediation - The product should support SOAP to REST (and vice versa)
4.0
mediation, data format transformation, legacy application integration
Policy management- Product should have a policy management feature.
Describe the product approach to policy management, and the relationship
5.0 between a backend API implementation, policy, and a packaged API product
(through addition of SLAs, QoS).
Can a custom policy be created ?
Extensibility & Enterprise Integration Customer should be able to extend

some of the products features. Please explain what core functionalities of the
product can be extendedand and how ? Ex : Can the SOAP envelope and its
6.0 XML name-spaces be configured?
Describe your microsoft Interoperability capabilities & development lifecycle

support.
Branding Support - Customer should be able to brand the API as per it's need.
7.0 Please explain if the customer can skin and modify the portal without the vendor.
If yes, how? And to what extent?
Existing assets inclusion - Does the product have asset inclusion feature ? Can
8.0 your platform reference existing assets such as encryption libraries, schema
validation tools, data validation libraries, etc.
Fraudulent data injections - The product should be able to handle Fraudulent
9.0 data injections.How does your product support threat detection by detecting
fraudulent data injections at the API level?
10.0 Protection from traffic spikes - The product should be able to handle and
manage traffic spikes. Please describe your ability to protect from traffic spikes.
Rates and Quotas - Product should have a rate and quota limiting feature.
Please describe your ability to manage API consumption through quotas. Can
11.0 quotas be setup both by developers as well as by product managers post-
development? Can they be adjusted at runtime?
Does the proxy rate limiting, quotas, and spike arrests?

Message support - Product should be able to support different message types.
12.0 Does the platform support publishing SOAP, REST, JSON, and XML style
services as APIs as well as JMS?

API mashups - Does the product support API mashups?
For example getCustomerInfo API would require multiple back-end calls to be
13.0 made to multiple systems and each system supports different protocols (for
example SOAP web service, JSON service and direct database call). Does this
require custom development or is it supported by configurations?
Proxy - Product should have proxy support. Please describe your ability to
enhance Proxy functionality through both configuration and code. Does the proxy
14.0 support compression? Does the proxy support HTTP & HTTPS? When
necessary, can the proxy talk to JMS based systems? Does the proxy support
dynamic routing (orchestration—or intelligent routing to a second system based
upon the response from a first system)?
Debugging - Product should have some sort of debugging features. Please

15.0 describe the debugging tools built into the platform. Can the debugging tool show
a "before" and "after" of each policy during replay? Also can the debugging be
performed in an off-line mode to minimize any overhead to the runtime API traffic.
Versioning - Product should support API versioning. Please explain ow is
16.0
versioning supported in your product ?
Caching - Product should support caching. In addition to an expiration, can the
17.0 cache be manipulated programmatically? Does the product support caching
based on payload information and HTTP headers? Is this available via built-in
policies?
Out of the box APIs - The product should have some sort of out of box APIs.
18.0 Please describe the out-of-the-box backend service APIs for common application
functionality such as user management, data storage and synchronization,
messaging, and locations.
Language support - The product should support some common Languages like
Java, Python, or JavaScript.
19.0 Which language does your product support ?
What's the support for existing tools and technologies like - Microsoft and java
development platform.
Governance - APIM product should have a governance feature. What are the
20.0 standard governance features available in the product?
How does the product support API Lifecycle governance?
Extrenal and Internal users - The product should be able to publish API's to
21.0 external and internal customers. Please explain how are these managed
independently?
Visblity and Access - The product should be able to manage API visibility and
22.0 restrict access to consumers. Please explain if this configuration in the platform
or built as part of the APIs enablement?

System Integration - The product should be able to integrate with other
23.0 systems.Does your product provides the ability to easily integrate with other
systems, for instance through API calls?
Data Inclusion - - Does the product have the ability to create rules for data
inclusion and exclusion based on the:
- authenticated user
24.0 - header of the request
- certain data values in the request
- certain data values in the response
Does Not Meet Meets

Item No. C - API Analytics Comment
Out of box reports - The product should provide some sort of out-of-the-box
reports.
Please explain:
1.0
-If there is a UI which allows for drill down on each of the charts?
-If the tool provides a wizard for creating custom reports?Can thse custom
dashboards be used to perform root-cause analysis?
-If the reports be created on-demand?
Analytics paradigms- The product should provide some level of intelligent

analysis based on the system logs.
- What tools are available out of the box to do various kinds of trend analysis(like
2.0 performance) and inspection of anomalies?
- Please explain if the data for analytics collected asynchronously (so as not to
impede runtime traffic)?
- Does the analytics data, once collected, provide an API for easy access and
export?

Operational,Performance & Business Visibility - Extension of above

requirement.
- What level of operational visibility can the solution provide based on API traffic
flowing through the system?
- Do you provide service performance monitoring, reporting, and analysis?

Can the solution be used to provide business level visibility?
3.0
- Describe how the product gathers contextual information (information above
and beyond the basic transaction details which helps the business to understand
the transaction in depth). Please specify third-party APIs and internal enterprise
data sources.
-Is there a service for attaining business level insights based on the contextual
data?
- Geo-location Are there maps for detailing geo-location of API calls?
- Monetization Does the platform provide support for monetization?

Reports for Developers- The product should be able to provide some reports to
4.0 the developers. What level of reporting is available to the developer? (call
latency, SLA compliance, other metrics)
Using Payload - The product should be able to use the payload data to generate
reports/charts. Does your product provide the ability to report using the payload
5.0 of the messages?
Does the product provide the ability to inspect the payload and retrieve payload
data to create custom metrics to be included in custom reports?
Does Not Meet Meets
Item No. D - API Security Comment
SSO support - The product should support Single Sign-on.
1.0 Please explain how is single-sign on supported across all the roles involved in the
lifecycle in your product?
Data Protection- The product should provide data security.Describe the system
2.0 support for Data encryption, Data masking etc for PCI/PII compliance.
Does the product has any integeration with a DLP(Data loss prevention)
API Identity - describe the other features used in your product like - -
3.0 Authentication & Authorization, API key, OAuth, SAML, LDAP, proprietary IAM,
multifactor, token translation & management etc

Threat protection -
The product should be secure against some of the below mentioned
threats.Describe the platform's support for security threat protection. :
• JSON Message Threat
• XML Message Threat
4.0 • SQL Injection
• Javascript Injection
• Pattern Matching
• Virus infection
• Cross Site Scripting
• Insecure Direct Object References (IDOR)
• Bad Session / Authentication Handling
IP white & black listing - The product should be able to support IP white &
black listing when connecting with API consumers.
5.0
Does the product integrates with a SIEM (Security information and event
management) solution, to issue such alerts ?
Security Certifications - Please explain what are the standard industry security
6.0
certifications available for your product?
Security Mechanisms- Please Explain the mechanisms you use to support API
7.0
security (e.g. tokens, encryption, policy systems).
Oauth - The product should have a OAUTH support. Please describe your
8.0 expertise with OAuth (including major customers you have supported). Which
versions of OAuth are supported?
Authorization- Describe the platform's support for authorization:
• XACML
• App Contract
• License-based
• 3rd party Identity & Access Mgmt integration
The Gateway needs to be able to participate in the authorization process,

9.0
in some cases it will be the decision point, in others the definition point,
and in many the enforcement point.

Authentication- Describe the platform's support for authentication:
• Interfaces to LDAP(S), Active Directory

• Transport-level
• Message-level
• OpenID Connect
10.0 • SAML (ADFS - NEAR TERM)
• Kerberos/SPNEGO (yes)
• X.509 - (yes)
• WS-Trust - (yes - enabled in AD / not used yet)
Ensure that the Gateway can effectively identify all security principals
LDAP/AD/IDP - The product should support LDAP/AD and shoould be able to

11.0 seamlessly integrate with any 3rd part IDP. Please explain how does your
product achieves this.
Secure channels & secure Payloads - The product support both secure
12.0 channels and secure payloads. Please explain how does your product supports
this.
13.0
CORS - Does the proxy provide support for CORS?
XML or JSON attacks- The product should be safe from XML or JSON attacks.
14.0
Please explain how your product achieves this.
15.0 RBAC - The product should support RBAC. Please explain how does the solution
handle role based access controls to ensure different members of the API team
can perform their roles effectively without affecting other teams?
HIPAA compliant - The product should be HIPAA compliant. Describe the
16.0
primary features which support such compliance.
Operational level security- The product should support security at API
16.0
operational level. (Ex: can do GET, but not POST or PUT)
Does Not Meet Meets
Item No. E - Developer Portal Comment
1.0 How are assets manifested in the developer portal for developer use?
Developer On Boarding- The product should facilitate seamless developer on
2.0 boarding. Please describe how the tool facilitates on-boarding. Is this portal
available as a completely on-premises solution?
Developer Registration & IaM integration - The product should
3.0
supporteIdentity and Access Management for developer registration.
Interactive Documentation- The product should allow creation of interactive API
4.0 documentation to allow API consumers to easily try out published APIs. Please
explain some key features of your product.

Personalized Metrics- Does each developer (or team) get their own
5.0
personalized metrics?
Customization - The product should allow the registration form to be

customizable
6.0
Can the customer customize, skin, and modify the portal without vendor
involvement?. Does the portal leverage standard CMS technologies to ensure
easy to find skill sets and pre-existing modules?
API keys management - The product shuld allow to manage API keys.Does the
7.0
tool provide the ability to revoke or suspend developer keys?

TAB 5 - IMPLEMENTATION
Instructions: The respondent should indicate whether or not each of the requirements can be met. Any specification not marked as either "Meets Requirement" or
"Does Not Meet Requirement" may render the bidder's proposal non-responsive. The responder shall explain any non-compliance or alternate solutions in the
comment column.
Does Not Meet Meets

Item No. A - Project Management Comment
UCLA requires a dedicated Project Manager to manage the implementation of work

envisioned in this RFP. Project Manager will be required to create and manage the project
plan, attend periodic status meetings and provide a status report. Project Manager shall be
1.0 responsible for all facets of configuration, implementation and training. Please provide resume
of the project manager your company would assign to UCLA's implementation, if selected for
the award. Please indicate whether the assigned project manager is a vendor employee or
subcontractor.
The designated Project Manager will work in cooperation with UCLA department
representatives and UCLA's Computer Services representatives. Individuals designated by
1.1
the vendor will remain in place throughout the project except to the extent illness or injury
makes such continuity impossible.
Qualified respondent will provide qualified and sufficient manpower and resources to facilitate
1.3
the project in the time frame allocated.
Please list the job titles of employees that would be assigned to the project and the estimated
1.4
percentage of their work hours that would be devoted to UCLA's project.
Personnel assigned to the project will remain a part of the project throughout the duration of
1.5 the project as long as the personnel remain employed by the contractor or subcontractor,
unless replaced by the contractor at the request of UCLA Health System.
Project Manager will work closely with UCLA to develop implementation schedules and
2.0 quantity of work necessary for each phase of the project required. What is the average
amount of time required for implementation? What is the minimum amount of time required?
List any competing orders from other customers across the country with potentially parallel
2.1
delivery and implementation time frames.
Provide a sample project plan and timeline for a UCLA Health System implementation with an
3.0
anticipated start date in the 3rd quarter of 2017.
531754140.xls 17 TAB 5-IMPLEMENTATION

comment column.
The project plan should also contain an executive summary (no more than two pages in
length) on how your company would approach an implementation at UCLA Health System.
3.1
Explain your standard preparation/process for pre-implementation. Describe other on-site and
off-site project management support provided.
Does Not Meet Meets

Item No. B - Setup / Conversion / Interfaces Comment
Configuration and Administration of Subsystem:.

Describe the following:
1) Installation process
5.0
2) Hardware Software Support - What OS, Hardware, Browser are supported?
3) Client software- What should be installed IDE, Browser, Thick Client of some sort etc?
Describe:
1) Recommended connectivity
5.1
2) Load balancing recommendations
3) Redundancy recommendations.
Describe how storage will be configured to support requirements. What is the minimum space
5.2
requirment for the product's configuartion ?
Describe any software, firmware or other processes that need to be set up for reporting and
management of the subsystem. Include the following:
1) Any products that need to be installed
5.3
2) Any additional servers required to run management/configuration/reporting software
3) How system reports problems and requirements for set up
4) How system is configured and whether any additional hardware or software is required.

comment column.
It is required that this equipment support upgrades to the processing environment, both
hardware and software. Please explain the support profile for this product, including:
1) How quickly does your company respond to hardware and or software changes from other
5.4
vendors that may require changes to the subsystem
2) How are upgrades to the subsystem validated such that it will not be disruptive to the
current production environment?
Does Not Meet Meets

Item No. C - Staffing / Training Comment
For an institution the size and complexity of UCLA, please outline the skills needed by the
1.0
client to operate your system and the number of UCLA FTEs required.
With your submittal please provide a sample copy of your training and implementation
2.0
materials.

TAB 6 - CLIENT SUPPORT
Instructions: The respondent should indicate whether or not each of the requirements can be met. Any specification not marked as either "Meets
Requirement" or "Does Not Meet Requirement" may render the bidder's proposal non-responsive. The responder shall explain any non-compliance or
alternate solutions in the comment column.
Does Not Meet Meets
Item No. A - Customer Service Comment
1.0 The Vendor shall provide telephone and internet-based support.
Please identify the office which would provide UCLA support and provide
2.0
the location and time zone.
The vendor shall be capable of connecting to client sites remotely to assist
3.0
with implementation and training if needed.
The Vendor shall respond to client questions to acknowledge receipt of
4.0
question and provide an estimate as to when a reply can be expected.
Vendor resources shall be assigned to fix system errors or failures within

one business day. Describe policies and procedure offered with the
5.0
standard service level agreement. Describe any upgrades in service levels
offered.
The vendor shall maintain and make available regular client support staff
6.0
from 8 AM to 5 PM Pacific Time. State the typical coverage time.
The vendor shall maintain and make available an emergency client support
staff to be contacted outside normal business hours (8 AM to 5 PM Pacific
7.0
Time). Please describe emergency contact procedure and any upcharges
associated with after-hours emergency service.
The vendor shall maintain and make available current application web
8.0
resources, publications, references and training materials, etc. to clients.
The vendor shall maintain a website where answers to frequently asked

9.0
questions can be obtained.
The vendor shall maintain a web list where clients can post questions and
10.0
exchange information and ideas with other clients.
The vendor shall make training opportunities, User Conferences, and

11.0 Educational Courses available to clients. Please describe regularly offered
training opportunities.
Does Not Meet Meets
Item No. B - Updates / Maintenance Comment
531754140.xls 20 TAB 6 -CLIENT SUPPORT

TAB 6 - CLIENT SUPPORT
Instructions: The respondent should indicate whether or not each of the requirements can be met. Any specification not marked as either "Meets
Requirement" or "Does Not Meet Requirement" may render the bidder's proposal non-responsive. The responder shall explain any non-compliance or
alternate solutions in the comment column.
Please outline the job requirements of UCLA systems personnel

1.0
involvement for system upgrades and maintenance.
2.0 Describe how new enhancements are installed?
Please describe a typical upgrade/update, including frequency and time
2.0
required to accomplish.
3.0 Please describe your policy for supporting prior releases.
531754140.xls 21 TAB 6 -CLIENT SUPPORT

TAB 7A - PRICING TEMPLATE
Instructions: Using the pricing template below, the vendor should provide pricing for a proposed solution having the
functions/features listed in the attached document. Vendor shall populate all applicable cost fields. Use additional lines as
needed to describe components or modules needed to meet function/feature requirements. Please itemize proposal costs as
appropriate. Vendors may use a second copy of this tab for any optional or alternate product offerings not covered by the
scope described in this RFP. In addition to completing the template, the vendor shall submit a signed quotation on company
letterhead corresponding to this pricing template.
DESCRIPTION QTY - IF UNIT COST TOTALS

APPLICABLE
1 SOFTWARE ((list the cost if separate for each module
like API gateway, App Server etc) )
1.1 COST OF ANY OTHER SOFTWARES/SERVICES
LIKE OAUTH SERVER, FHIR SUPPORT ETC (if
separate)
1.2 3RD PARTY SOFTWARE (if applicable)
1.3 INTEGRATION WITH OTHER SOFTWARES (if

applicable)
2 USER LICENSES
2.1 UNIT COST FOR ADDITIONAL USER LICENSES 1
PROPOSED PRODUCT SUBTOTAL

IMPLEMENTATION SERVICES, TO INCLUDE:
3 PROJECT MANAGEMENT - included in a typical
engagement of this size.
4 CONFIGURATION - customizations and workflow

creation included to achieve the functionalities listed in
the attached document.
5 MIGRATION - Cost of any vendor professional

services for data migrated into application.
6 TRAINING included in a typical installation of this size.
7 TRAVEL (IN ACCORDANCE WITH UC TRAVEL

POLICY)
8 CONSULTING SERVICES (Mention cost per service)
9 DEVELOPMENT ASSISTANCE
10 YEAR 1 SUPPORT
SERVICES SUBTOTAL
PROPOSED SOLUTION ACQUISITION TOTAL
YEAR 2 SUPPORT
YEAR 3 SUPPORT
YEAR 4 SUPPORT
YEAR 5 SUPPORT
OTHER ON-GOING CHARGES (LIST BELOW)

FOLLOW-UP TRAINING 1
SUBSEQUENT YEARS SUBTOTAL
TAB 7B - ALTERNATE PRICING TEMPLATE
Instructions: Using the pricing template below, the vendor should provide pricing for a proposed cloud-based or "sorftware-as-a-
service" solution having the functions/features listed in the attached document, if available. Vendor shall populate all applicable
cost fields. Use additional lines as needed to describe components or modules needed to meet function/feature requirements. Please
itemize proposal costs as appropriate. Clearly define whether user licenses are based on total or concurrent user counts. The vendor
may also give incentivized pricing for higher user counts, or tier levels if available. In addition to completing the template, the
vendor shall submit a signed quotation on company letterhead corresponding to this pricing template.
DESCRIPTION QTY - IF UNIT COST TOTALS

APPLICABLE
1 SOFTWARE (list the cost if separate for each module
like API gateway, App Server etc)
1.1 3RD PARTY SOFTWARE (if applicable)
1.2 INTEGRATION WITH OTHER SOFTWARES (if

applicable)
2 USER LICENSES
2.1 UNIT COST FOR ADDITIONAL USER LICENSES 1
3 MENTION BELOW COSTS IF ANY APPLICABLE

FOR CLOUD (Separate from the original product
offering)
3.1 Storage
3.2 Computational
3.3 Networking
3.4 Storage
3.5 Databases
3.6 Integration
3.7 Security/identity
3.8 Monitoring and Manegement
3.9 Transaction based cost
4 MANAGED CLOUD HOSTING COSTS
PROPOSED PRODUCT SUBTOTAL

IMPLEMENTATION SERVICES, TO INCLUDE:
5 PROJECT MANAGEMENT - included in a typical
engagement of this size.
6 IMPLEMENTATION AND CONFIGURATION -

customizations and workflow creation included to
achieve the functionalities listed in the attached
document.
7 TRAINING included in a typical engagement of this

size.
8 TRAVEL (IN ACCORDANCE WITH UC TRAVEL

POLICY)
9 CONSULTING SERVICES (Mention cost per service)
10 DEVELOPMENT ASSISTANCE
11 YEAR 1 SUPPORT
SERVICES SUBTOTAL
PROPOSED SOLUTION ACQUISITION TOTAL
SUBSCRIPTION/LICENSE (YEAR 2)
YEAR 2 SUPPORT
YEAR 3 SUPPORT
YEAR 4 SUPPORT
YEAR 5 SUPPORT
OTHER ON-GOING CHARGES (LIST BELOW)
FOLLOW-UP TRAINING 1
SUBSEQUENT YEARS SUBTOTAL
5-YEAR COST OF OWNERSHIP
LICENSE FEE FOR AVAILABLE OPTIONAL TIER UNIT COST
LEVELS (SPECIFY USER COUNT IF AVAILABLE)

Tab 2A - Business Criteria

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tab 2A - Business Criteria

Uploaded by

Copyright:

Available Formats

TAB 2A - BUSINESS CRITERIA

Please explain the general qualifications and overview of the firm

Please describe your company's strategy around Application

The respondent shall provide a description of any material litigation

The bidder shall provide indication of any potential conflict of

531754140.xls TAB 3 MANDATORY REQUIREMENTS Page 6

531754140.xls TAB 3 MANDATORY REQUIREMENTS Page 7

Enterpise scalability, reliability and load balancing - The platform should

Transport - The product should support some of following transports. Explain

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 8

Application Connectivity - The product should be able to support some of

Explain approach to Test Driven Development capabilities to test mappings and

Logging- Product should have searchable system logs.Describe your APIM

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 9

Extensibility & Enterprise Integration Customer should be able to extend

Describe your microsoft Interoperability capabilities & development lifecycle

Does the proxy rate limiting, quotas, and spike arrests?

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 10

Debugging - Product should have some sort of debugging features. Please

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 11

Does Not Meet Meets

Analytics paradigms- The product should provide some level of intelligent

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 12

Operational,Performance & Business Visibility - Extension of above

- Do you provide service performance monitoring, reporting, and analysis?

- Geo-location Are there maps for detailing geo-location of API calls?

- Monetization Does the platform provide support for monetization?

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 13

The Gateway needs to be able to participate in the authorization process,

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 14

• Interfaces to LDAP(S), Active Directory

LDAP/AD/IDP - The product should support LDAP/AD and shoould be able to

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 15

Customization - The product should allow the registration form to be

531754140.xls 4 - FUNCTIONAL REQUIREMENTS Page 16

Does Not Meet Meets

UCLA requires a dedicated Project Manager to manage the implementation of work

531754140.xls 17 TAB 5-IMPLEMENTATION

Does Not Meet Meets

Configuration and Administration of Subsystem:.

531754140.xls 18 TAB 5-IMPLEMENTATION

Does Not Meet Meets

531754140.xls 19 TAB 5-IMPLEMENTATION

1.0 The Vendor shall provide telephone and internet-based support.

Vendor resources shall be assigned to fix system errors or failures within

The vendor shall maintain a website where answers to frequently asked

The vendor shall make training opportunities, User Conferences, and

531754140.xls 20 TAB 6 -CLIENT SUPPORT

Please outline the job requirements of UCLA systems personnel

3.0 Please describe your policy for supporting prior releases.

531754140.xls 21 TAB 6 -CLIENT SUPPORT

DESCRIPTION QTY - IF UNIT COST TOTALS

1.2 3RD PARTY SOFTWARE (if applicable)

1.3 INTEGRATION WITH OTHER SOFTWARES (if

2.1 UNIT COST FOR ADDITIONAL USER LICENSES 1

PROPOSED PRODUCT SUBTOTAL

4 CONFIGURATION - customizations and workflow

5 MIGRATION - Cost of any vendor professional

6 TRAINING included in a typical installation of this size.

7 TRAVEL (IN ACCORDANCE WITH UC TRAVEL

8 CONSULTING SERVICES (Mention cost per service)

OTHER ON-GOING CHARGES (LIST BELOW)

DESCRIPTION QTY - IF UNIT COST TOTALS