(1) Vendor needs to provide consent and preference management software– The primary goals of the Consent and Preference Management Software is to contract with a vendor in an effort to centralize and unify consent and cookie management across platforms, automate enable automatic detection, classification, and tracking, to integrate. • Platform Capabilities – Describe how your platform manages consent creation, updates, withdrawals, and historical audit trails across web and mobile. Include data model, event logging, and reconciliation. – Explain your automated cookie/tracker/pixel detection capabilities, classification taxonomy (e.g., Strictly Necessary, Analytics, Advertising), and false positive/negative handling. – Confirm support for multiple environments (public website(s), member portal(s), mobile apps). Describe or tags required. – Provide screenshots/descriptions of admin UI for bulk cookie/provider management, policy configuration, and consent rule authoring. Attach screenshots to Bonfire Requested Documents. • Integration & Architecture – Provide REST API specs for consent retrieval/write, cookie inventory, reporting exports. Include auth, rate limits, and versioning strategy. • Security & Compliance – Describe how the platform supports compliance with agency, including consent records. Do Not Sell/Share purpose/legitimate interest. Please attach SOC 2 Type II, ISO 27001, or HITRUST certifications. – Detail encryption in transit (TLS 1.2+) and at rest (AES–256), key management, audit logs, and tamper–evidence. – Explain RBAC, least privilege, admin action auditing, and support for break–glass procedures. Privacy Controls & UX – Provide examples of end–user consent banners, preference centers, granular toggles, and layered notices (mobile & web). – Confirm WCAG 2.1 AA compliance for all user–facing components and describe testing approach and assistive tech compatibility. • Reporting & Analytics – Describe built–in dashboards (consent opt–in rates, declines, pending, trends), drill–downs, and export formats (CSV/JSON). – Explain audit log coverage (admin actions, policy changes, versioning) and retention configuration. (2) All the questions must be submitted no later than February 24, 2026 (3) The contract period will be for one year.