Service Planning Survey

Transcription

1 Attachment A Service Planning Survey Westchester Medical Center Information Systems Endoscopy Documentation and Imaging System Westchester Medical Center 15 Oval Connector Elmwood Hall Information Systems Valhalla, NY Tel (914) Fax (914)

2 1.0 General Desktop Mobility and Wireless Server Data Protection Hosting Disaster Planning Network Interface Application Support and Training Security... 13

3 Please complete and/or provide detailed documentation for all applicable questions below. If providing separate documentation, please verify that all applicable questions below are addressed in that documentation. Instructions: To respond to a question, position cursor at the end of a question, press Enter, then Tab, then type or paste your response. 1.0 General 1.1 Company Name? 1.2 Product Name? 1.3 Version? 1.4 What is the purpose of this service or application? 1.5 What are the goals and commitments of this service or application? 1.6 Please identify the intended users for the system: 1.7 How many total users are expected to access the system? 1.8 Is a Business Agreement/Contract with WMC in place at this time? 1.9 Is this system proposed or already in place? 1.10 When is the desired live date for the system? 1.11 Is the desired live date based on a regulatory or other requirement?

4 2.0 Desktop 2.1 What are device hardware requirements? 2.2 What are the supported OS versions? (e.g. Win XP SP3, Win 7, 32bit, 64bit, etc.) 2.3 What are the device software and client requirements? 2.4 Please explain restrictions (if any) to this application running in a Virtual Desktop Infrastructure (i.e. VMWare View) environment: 2.5 Please explain restrictions (if any) to this application running in a Citrix XenApp environment: 2.6 Please explain restrictions (if any) to this application running as a virtualized application (i.e. VMWare ThinApp): 2.7 Does the client installation require Local Admin rights? 2.8 What are browser version requirements (Supported IE versions, etc.)? 2.9 What are Java requirements (Include specific versions supported)? 2.10 What are browser add-in requirements? 2.11 Are vendor supplied browser add-ins downloaded automatically upon first use? 2.12 What are browser security requirements (Settings, SSL certificates)? 2.13 What are additional workstation software requirements? 2.14 Describe specific requirements to support printing: 2.15 Describe any special printer hardware requirements:

5 3.0 Mobility and Wireless 3.1 If mobile devices are required for application workflow, what hardware will be used? 3.2 What are the minimum operating system requirements? 3.3 Will this hardware require pre-configuration? 3.4 What are the wireless specifications and requirements? 3.5 Can alternative compatible devices to those specified be used? If yes, please give details.

6 4.0 Server 4.1 What are server requirements? 4.2 Which version of Windows Server is supported (2003, 2008, 2008R2)? 4.3 What are sizing/version requirements for the database? 4.4 Please provide drive layout details (e.g. C:=OS, D:=DATA, E:=LOGS) and requested size of each drive. 4.5 What is Database Management System (name, version) is utilized for the application (e.g. SQL 2000, SQL 2005)? 4.6 What are the sizing/scaling specifications for application servers? 4.7 What are the sizing/scaling specifications for database servers? 4.8 Is this application/service/database certified to run under VMWare server environment? 4.9 Please explain restrictions (if any) to this application supporting VMWare: 4.10 Is an application test environment recommended? Please give details.

7 5.0 Data Protection 5.1 Our standardized solution for anti-virus protection is Microsoft Systems Center Endpoint Protection (SCEP). Are there any restrictions? Is so, please explain: 5.2 Our standardized solution for data backup is Symantec NetBackup. Are there any restrictions? Is so, please explain: 5.3 Is Storage Area Network (SAN) supported for data volumes? 5.4 Are there restrictions to utilizing Boot-from-SAN (BfS) for the server OS volume? 5.5 In the event of an interruption caused by network, application, etc., how is transaction integrity provided? In other words, if the system hangs while the user is entering data, how much work does the user potentially need to reconstruct?

8 6.0 Hosting 6.1 If this is a hosted solution, is it web based? 6.2 If web based, are there automated software downloads? 6.3 What type of authentication methods are utilized (IP, UserID only)? 6.4 What ports are necessary? 6.5 What type of security is utilized? 7.0 Disaster Planning 7.1 Is application level clustering of the application provided natively? 7.2 Is data replication provided natively by the application (host-based) or is data replication accomplished via WMC-furnished SAN mirroring (framebased)? 7.3 Is application level clustering of the application provided natively? 7.4 If this is a hosted solution, are you providing a high-availability solution in the event of a hardware or network failure? 7.5 If this is a hosted solution, are you providing a disaster recovery solution in the event of a hardware or network failure? 7.6 In the event of a disaster, where physical integrity has been restored, are measures in place to insure automatic logical transaction integrity? If not automatic, describe what steps are necessary.

9 8.0 Network 8.1 Is the application routable - capable of traversing networks/vlans? 8.2 Is this application to be fully or partially hosted offsite? Please give details. 8.3 If hosted, how is the site staffed? (24x7?, number and skill sets of staff) 8.4 If other than Internet, what are hosting communications details and requirements? (Note: 90-day lead time is required) 8.5 Does your support team require remote access to servers located in the WMC Data Center? 8.6 What are your remote support networking requirements beyond remote control access (VPN, etc.)?

10 9.0 Interface 9.1 With which other existing or planned WMC applications is this application expected to interface or communicate? 9.2 To which standards does the interface conform? 9.3 If applicable, which version of HL7 does the interface support? 9.4 Does this application support or performs bulk import of data? 9.5 Does this application support or performs bulk export of data? 9.6 Is an outbound transaction interface provided or available?

11 10.0 Application 10.1 Is the application Active Directory aware? 10.2 Is a separate AD Domain required? 10.3 How is system documentation provided? 10.4 What is maximum number of concurrent users that the application can support in the designed configuration? 10.5 What is maximum number of "seats" that the application can support in the specified version and designed configuration? 10.6 What type of licensing is provided? 10.7 Is additional licensing required when new users are introduced to the application? 10.8 What is your company's policy by which application software patches and updates delivered and implemented? 10.9 What is your company's policy by which major releases are made available? Are user test plans and/or test procedures provided for certifying software updates? What specific languages, development platforms, methodologies, etc. are used in the programming and development of this application? What is your company's policy on withdrawal of marketing of a product? What is your company's policy on withdrawal of support of a product?

12 11.0 Support and Training 11.1 What type of direct vendor support is provided? 11.2 We offer several support delivery methods, what is preferred? Remote Control Dameware via Citrix Clientless VPN Site-to-Site VPN Other Please specify: 11.3 How is your support organization staffed? (Days, hours of day, number and skill sets of staff) 11.4 What is your support escalation policy? 11.5 Does your company have a support agreement with Microsoft? 11.6 Does your company have a Premier Services support agreement with Microsoft? 11.7 How and what type of User Guides are provided? 11.8 Do you provide online self-learning? 11.9 In what manner are professional services made available? Where is a branch office providing support staff that is nearest to our facility (ZIP Code 10595)? How is user training provided and what local resources are required? What are your recommended maintenance windows? (Days, times of day)

13 12.0 Security 12.1 Is private health information transmitted and/or stored on this system? 12.2 Is software in place that controls or restricts user access? 12.3 Is an automatic log-off in place after a specified time of activity? 12.4 What audit trails are in place; system imposed, software controlled, transaction log, file level, record level, field level? 12.5 Is there an automatic display of last access at the next user logon? 12.6 Is each user assigned a unique identifier? 12.7 Are passwords required? 12.8 Does the system require periodic password changes? 12.9 Does the system generate random passwords? Are weak passwords prohibited (Please describe password rules)? Does the system store passwords in encrypted format? Are tokens, biometrics used? Are network communications encrypted? Is healthcare data accessible by or available to an external network? Which systems are being accessed? Is healthcare data being encrypted when sent over an external network? Are database contents encrypted? Are digital signatures applied to documents? Are there checksum or signature protections in place to protect critical files?