Transcription
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATECompliance Response Instructions:Proposers are required to submit a completed compliance response indicating the compliance being offered relative to therequirements for the CT METS Systems Integrator solicitation. Proposals received without a fully completed compliance matrixmay be rejected as non-responsive. Proposers must indicate compliance in accordance with the codes and instructions asdefined in the table below. In the "Comments" column for each requirement, Proposers should include information todemonstrate how their services and/or solution is compliant, not just state compliance. Proposers should also include a crossreference to a specific location in their proposal's technical submittal validating and elaborating on their response to eachrequirement. Failure to demonstrate compliance will be reflected in the evaluation of the proposal. The State reserves the rightto request additional information and clarification for any response.ResponseCodeFECMNDefinitionFully Compliant (proposed services and/or solution fully complies with this requirement)Note - Proposers shall provide language demonstrating how their proposed solution meets the requirement.Additional information provided in the proposal can also be cross-referenced.Exceeds Requirement (proposed services and/or solution fully complies with AND exceeds this requirement)Note - Proposers shall provide language demonstrating how their proposed solution exceeds the originalrequirement. An “E” response will be considered equivalent to an “F” response for the original requirement.Complies with Modified Requirement (proposed services and/or solution only complies with this requirement ifthe Department adopts alternate proposed requirement language)Note - Proposers shall provide alternate requirement language, to which they shall fully comply. The “CM”response will be considered equivalent to an “F” response if the Department opts to adopt the proposedalternate requirement language. The “CM” response will be considered equivalent to an “N” response (does notcomply) if the Department opts to not adopt the alternate requirement language. If alternate requirementlanguage is not proposed, the “CM” response will be considered equivalent to an “N” response (does notcomply).Does Not Comply (proposed services and/or solution does not comply with this requirement).Note - Accompanying comments are not required.1
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement1PR A.1.1.12PR A.1.1.2Proposers must describe approach and methodology to meet thePhase 1 kickoff requirementProposers must describe prior experience with kickoff presentationsfor a project of similar size and complexity to CT METS3PR A.1.2.1.1Proposers must describe approach and methodology to meet theDSS Project Management Processes and Templates requirement,including any deviations they propose from PMI/PMBOK or DSS PMProcesses4PR A.1.2.1.2Proposers must describe prior experience with similar projects andapproach to working closely and cooperatively with States, otherState Contractors such as IV&V, OCM, and the EPMO, ensuringprogress on the project proceeds according to plan and is notimpeded.5PR A.1.2.2.16PR A.1.2.2.27PR A.1.2.2.3Proposers must describe prior experience and approach, includingmethodology, to meet the PMP requirementProposers must describe how Phase 1 work will be coordinated,performed, monitored, controlled, and closed outProposers must describe prior experience, methods and processesfor managing and organizing project documentation in a customerprovided repository as well as provide any other innovative ideasfor maintaining project documentation and artifacts2Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATE#Req. #Requirement8PR A.1.2.2.4Proposers must describe their approach to developing mitigationplans required by CMS and outlined at 42 CFR 433.112 (b) (18) andSMDL 16-009. Proposers will include approach to address risks thatcould potentially affect the M&O phase and/or costs of the projectdown the road as well as approach to keeping mitigation plansupdated and providing documentation needed for revised plans tobe resubmitted to CMS through Advanced Planning Documents(APDs) and project reporting as risks and mitigations change alongthe system lifecycle9PR A.1.2.3.1Proposers must describe prior experience and approach includingmethodology to meet the Integrated Master Project Plan input andsupport requirement10PR A.1.2.4.1Proposers must describe approach and methodology to meet theProject Management Artifacts requirement11PR A.1.2.4.2Proposers must identify and describe any other projectmanagement artifacts not listed but recommended for a project likeCT METS12PR A.1.2.4.3Proposers must describe approach and methodology to developand manage the RTMs during Phase 1 of the project. The processmust produce all-encompassing requirements for the MedicaidEnterprise technical infrastructure, computing environment,security, supporting components, module requirements and theRTMs to be included in the module procurement eComments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement13PR A.1.2.5.1Proposers must describe approach and methodology to meet theexample projected PMP and PM artifacts for Phase 2 and projectedapproach for DDI Project Management for the modular MMIS,including how the SI will handle the transitional state of the rollingmodular implementation into operations14PR A.1.2.5.2Proposers must provide prior experience with project managementfor a modular implementation. If proposers do not have thisexperience, proposers must address understanding of the uniquechallenges and mitigation strategies needed for successful projectmanagement of a rolling modular implementation and transitionaloperations as modules are incrementally implemented15PR A.1.2.5.3Proposers must describe approach, recommended tools, andmethodology to manage an end-to-end requirements elicitationand RTM management process during Phase 2 of the project. Thedescription must include how proposers recommend the RTM bemanaged and controlled during the DDI and Operations Phase andhow that process is envisioned to fit into the overall SDLC process16PR A.1.3.1.1Proposers must provide a description of prior experience andapproach including methodology to meet the Business ProcessModeling Notation and Execution Language requirement17PR A.1.3.1.2Proposers must describe approach and method for mapping allbusiness processes to the appropriate modules based on BPMNgenerated and provided by the OCM and SI contractor4Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATE#Req. #Requirement18PR A.1.3.1.3Proposers must describe approach, methods, tools, and processesfor creating BPMN and BPEL for business processes not within thepurview of the OCM contractor or module contractors19PR A.1.3.1.4Proposers must describe the approach to transition future BPMNresponsibility and maintenance to DSS after the process and toolsare established for the CT METS project and initial mapping iscomplete20PR A.1.3.2.1Proposers must describe approach to identifying stakeholderparticipants for conducting Requirement Elicitation Sessions toensure it is capturing all perspectives for user, technical, functional,and non-functional requirements, and modular cross-cuttingdependency requirements in sufficient detail21PR A.1.3.2.2Proposers must describe approach to conducting RequirementElicitation Sessions and documenting the modular RTM to ensure thecapturing of all business, functional, and non-functionalrequirements. The requirements should be all encompassingincluding performance metrics, MECT/MECL checklists/certificationrequirements, and modular cross-cutting dependency requirementsincluding training needs in sufficient detail to map and develop therequirements to include in the component and module RFPs22PR A.1.3.2.3Proposers must describe strategy for ensuring there are not anymissed requirement areas leaving gaps such as orphaned functionsor fiscal agent/service components, gaps in certificationrequirements, as well as demonstrate how the proposed solutionsimprove the state’s MITA maturity and how the mapping andsequencing of modular implementation/replacement modulesconsiders cost, benefit, schedule, and risk5ContractorComplianceResponseCodeComments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement23PR A.1.3.2.424PR A.1.3.3.125PR A.1.3.3.2Proposers must describe prior experience gathering, documenting,and tracing requirements for a project of similar size and complexityas CT METSProposers must describe approach and methodology to meet theConnecticut IT Assets and Services Leverage AssessmentrequirementProposers must describe prior experience with assessing leverageand reuse in the Medicaid Enterprise or in Health IT26PR A.1.3.3.3Proposers must describe how they will address and meet all CMSleverage and re-use requirements and adhere to guidance andregulations such as those documented in 42 CFR 433.112(b), StateMedicaid Director’s letters, CMS Standards and Conditions, the StateMedicaid Manuals, and the Office of the National Coordinator forHealth Information Technology (ONC) standards27PR A.1.3.4.1Proposers must describe approach and methodology to meet theReference Data Management Analysis requirement28PR A.1.3.4.2Proposers must describe prior experience and provide an exampleReference Management Analysis Report Table of Contents includingdescriptions of the contents that would be developed for CT METS29PR A.1.3.4.3Proposers must describe examples of various recommended sourcesof reference data that may be key for assessment of a potentialReference Data Management solution for the CT METS project.Proposers must describe factors to be considered whenrecommending placement and design of the reference datamanagement function30PR A.1.3.5.1Proposers must describe approach and methodology to meet theModular Solutions Alternatives and Feasibility Assessmentrequirement6Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement31PR A.1.3.5.2Proposers must describe prior experience with feasibility study,requirements analysis, alternatives analysis, and cost benefit analysis32PR A.1.3.5.3Proposers must describe how they will meet the requirements ofproviding the required content in the Alternatives Analysis section ofthe IAPD-U for each module and technical infrastructurecomponents33PR A.1.3.6.1Proposers must provide a description of approach and methodologyto meet all DSS Architecture Governance Board (AGB) and CT METSProgram Architecture Group Governance Participation requirementsand provide SI staffing recommendations. Proposers must outline avision for the role of the CT METS Program Architecture Group inassisting with the design of the CT METS technology infrastructure,integration platform, and operational planning during Phase 1. It isexpected that critical design and infrastructure decisions will bemade with input from these groups and considerations of criticalfactors such as the lowering of risks and future operationscomplexity and cost will be addressed during Phase 134PR A.1.4.1Proposers must describe approach and methodology tomeet the CT METS Master Data Management Strategyrequirement35PR A.1.4.2Proposers must describe prior experience with Master DataManagement approaches and implementations36PR A.1.4.3Proposers must describe prior experience and approaches with DataGovernance in a health and human services and/or stategovernment environment or comparable enterprise environment7Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement37PR A.1.5.1Proposers must describe approach and methodology to meet all theCT METS Technical Environment Design requirements including howthe CMS MECT Checklists and Conditions and Standards will bespecifically addressed and factored into the design38PR A.1.5.2Proposers must describe prior experience with designing a technicalinfrastructure for a successful modular Medicaid Enterprise or closelyrelated health or human services enterprise of similar size andcomplexity to CT METS39PR A.1.5.3Proposers must describe any additional components or items thatmay be needed for a state-of-the-art modern Medicaid modulartechnical infrastructure and computing environment not listed ordiscussed in this RFP40PR A.1.5.4Proposers must describe approach to providing the CT METS testinginfrastructure and CT METS test management framework, thestandards for test management, and the approach to development ofan RFP for a testing contractor41PR A.1.5.5Proposers must describe approach to ensuring the CT METS technicalarchitecture, infrastructure, and solutions are planned and designedto produce the needed transaction data, reports, and performanceinformation that would contribute to program evaluation, continuousimprovement in business operations, transparency and accountability42PR A.1.5.6Proposers must describe approach to the program architecture andinfrastructure design that ensures integration and interoperability willbe achieved between existing systems and new modules and systemcomponents that are implemented as a state-built solution,commercial off-the-shelf (COTS), or reused from another state’ssolution43PR A.1.6.1Proposers must describe approach and methodology to meet all theCT METS Data Conversion Strategy requirements8Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement44PR A.1.6.245PR A.1.6.346PR A.1.7.1Proposers must describe strategy for converting and validating theaccuracy of all legacy Medicaid and health data into the newConnecticut Medicaid EnterpriseProposers must describe prior experience with data conversion for amodular Medicaid Enterprise Solution or a project of similar size andcomplexity to CT METSProposers must describe approach and methodology to meet all theCT METS Privacy and Security Strategy requirements, including keyprivacy and security considerations described in Section 1.747PR A.1.7.2Proposers must describe prior experience with implementingsuccessful Medicaid Enterprise or other health or human servicessystems which are fully compliant with federal privacy and securitystandards, including their experience performing PIAs48PR A.1.7.3Proposers must describe approach to meeting the unique privacy andsecurity challenges presented by the modular structure and rollingimplementation of the CT METS project49PR A.1.7.4Proposers must describe the roles and qualifications of staff who willbe performing key security and privacy tasks during the project50PR A.1.8.1Proposers must describe prior experience in developing BusinessContinuity and Disaster Recovery Strategy and requirements9Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement51PR A.1.8.2Proposers must describe the approach and methodology they will useto develop a strategy and plan BC/DR requirements and deliverablesthat includes at a minimum: Framework for BC/DR design, testing, and deployment Approach that outlines process requirements and elements that willdrive an enterprise approach to the modular BC/DR design, testing,and deployment, including the unique challenges presented duringthe transition period when modules are being implementedincrementally Approach to Metrics and acceptance criteria for each module’sBC/DR plan52PR A.1.9.1Proposers must describe approach and methodology to meet all theCT METS Modular Impact Assessment on Current Operationsrequirements and deliverables including methods, processes, andtarget areas for conducting the Modular Implementation ImpactAssessment on current operations53PR A.1.9.2Proposers must describe prior experience in conducting impactassessments and impact risk mitigation strategies54PR A.1.9.3Proposers must describe approach to the impact risk mitigationstrategy/plan and provide an outline of a representative example55PR A.1.9.4Proposers must describe approach to identify transitional operationschanges to Desk Level Procedures (DLP) for Medicaid Operations anddetermining operational readiness for each modular implementationto avoid service disruptions, delays, and negative impacts to theConnecticut Medicaid program56PR A.1.10.1Proposers must describe approach and methodology to meet all theCT METS SDLC framework, ITSM, and Program Governance strategyand plan requirements and deliverables10Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement57PR A.1.10.258PR A.1.10.359PR A.1.11.1Proposers must describe prior experience developing andimplementing Agile or hybrid SDLC framework and processes, ITSM,and the tools and technologies used to manage them for a modularMedicaid Enterprise system or another project of similar size andcomplexity to CT METSProposers must provide a representative table of contents and briefdescription of the contents for an SDLC and ITSM strategy andframework for CT METSProposers must describe approach and methodology to meet all theCT METS MECT/MECL Compliance and CT METS ModularCertification Strategy requirements and deliverables60PR A.1.11.2Proposers must describe approach to CMS modular MMIScertification process, including creating artifacts and documentationnecessary for CMS review and progress reports61PR A.1.11.3Proposers must describe prior experience coordinating the efforts ofmultiple module contractors in preparation for and support duringCMS milestone and certification reviews62PR A.1.12.1Proposers must describe approach and methodology to meet all theCT METS Assessment and Recommendations Report requirements63PR A.1.13.1Proposers must describe approach and methodology to meet all theCT METS Final Conceptual Design, Modular Operating Model, andUpdated Modular Roadmap requirements and deliverables64PR A.2.1.1.1Proposers must provide an approach and methodology todeveloping and executing SOWs for SI Phase 2 DDI efforts11Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement65PR A.2.1.1.2Proposers must provide a Rate Catalog sufficient to cover allactivities and personnel that may be needed for Phase 2 includingoperations; this will be used during Phase 2 DDI and for operationssupport and M&O Scopes of Work cost calculations66PR A.2.1.1.1.1Proposers must provide a description of approach and methodologyto meet the SI Phase 2 kickoff requirement67PR A.2.1.1.2.1Proposers must provide a description of their approach andmethodology to meet all of the SI Phase 2 Project Management Plancomponents, artifacts, and required responsibilities68PR A.2.1.1.3.1Proposers must provide a description of their approach for SIparticipation in the DSS AGB and Program Architecture group duringPhase 2 (DDI) of the project. Proposers must describe how the DSSAGB and CT METS Program Architecture group should be utilized toassist the CT METS technology infrastructure development, modulecomponent development, integration platform development,computing environment and hosting set up, and operationsexecution phase with the focus on lowering risks and futureoperations complexity and cost69PR A.2.1.1.4.170PR A.2.1.1.5.1Proposers must provide a description of their approach andmethodology to meet all the Business Process Modeling Notationand Execution Language requirements during Phase 2Proposers must provide a description of their approach andmethodology to meet all the integration platform requirements module integration, interface, and file transfer requirements and allrelated services71PR A.2.1.1.6.1Proposers must provide a description of their approach andmethodology to meet all the Data Conversion requirements12Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement72PR A.2.1.1.7.1Proposers must provide a description of their approach andmethodology to meet all the requirements to operationalize theSDLC/ITSM Process, Governance, and Support Services as definedand approved during Phase 173PR A.2.1.1.8.1Proposers must provide a description of their approach andmethodology to meet all the integration requirements for a securitysolution, single sign on, and identity and access management74PR A.2.1.1.9.175PR A.2.1.1.10.1Proposers must provide a description of their approach andmethodology to meet all the CT METS Privacy and Security ProgramrequirementsProposers must provide a description of their approach andmethodology to meet the requirements of operationalizing theBC/DR for CT METS including the transitional operations and rollingmodular implementations76PR A.2.1.1.11.1Proposers must provide a description of their approach andmethodology to meet all the CT METS Certification requirements77PR A.2.1.1.12.1Proposers must provide a description of their approach andmethodology to estimating and controlling operational cost andmanaging CT METS M&O requirements including transitional DeskLevel Procedures (DLP) for Medicaid operations in the transitionalphase78PR A.2.1.1.12.2Proposers must provide their approach to keeping M&O costs withinthe limits of the current costs to operate the Connecticut MMIS andMedicaid operations and/or achieve improvements by reducingoperations costs13Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICES TEMPLATEContractorComplianceResponseCode#Req. #Requirement79PR B. 1.180PR B. 1.2Proposers must describe approach and methodology to meet thecurrent Phase 1 timeline and provide a suggested timeline withrationale and plans to minimize impact to the overall projectProposers must describe approach and outlined level of effort for SIPhase 2 DDI activities81PR B. 2.1Proposers must describe approach and experience with deliveringtimely high-quality deliverables, work products, and artifacts82PR B. 6.1Proposers must provide organizational staffing strategy and plan,including identification of key staff and other requirements listed inSection B. 6. b, meeting all requirements of the engagement83PR B. 6.284PR B. 6.385PR B. 6.486PR B. 7.187PR B. 7.2Proposers must provide three (3) references for key staff, meeting allrequirements listed in Section B.6 b.Proposers must provide resumes for key staff, meeting allrequirements listed in Section B.6. b.Proposers must identify any current project work that is underwayby the proposed staff or vendor in which SI services are beingperformedProposers must describe approach and methodology to meet therequirements for Contractor Privacy and Security Responsibilities inSection B.7Proposers must describe prior experience with projects involvingsensitive data available to contractor staff14Comments
18PSX0213ATTACHMENT H ‐ TECHNICAL COMPLIANCE MATRICESContractorComplianceResponseCode#Req. #Requirement88PR B. 7.3Proposers must describe approach to developing and enforcing aPrivacy and Security Plan for their staff89PR B. 8.190PR B. 9.1Proposers must download, fill and submit the CMS RequiredAssurances Table with their assessment of the requirementsapplicable to the SI scope of work and their rationale for thoserequirements they judge to be inapplicableProposers must describe value-added services which enhance the SIContractor’s solution and contribute to the successfulimplementation of the CT METS Program15Comments
requirement. Failure to demonstrate compliance will be reflected in the evaluation of the proposal. The State reserves the right to request additional information and clarification for any response. Response Code Definition F Fully Compliant (proposed services and/or solution fully complies with this requirement)
