2024-0198 Atlassian Development (CTS) - TUE 12 Nov

Deadline Date: Tuesday 12 November 2024

Requirement: Atlassian Development

Location: Mons, BE

Full Time On-Site: No

Time On-Site: One week per month: SHAPE, Mons, Belgium

Note: the first 4 weeks will be fully performed at SHAPE, Mons Belgium.

Period of Performance: 2025: 02 January – 31 December 2025

Option 2026: 01 January – 31 December 2026

Option 2027: 01 January – 31 December 2027

Starting Date: 01 January 2025

Required Security Clearance: NATO COSMIC TOP SECRET

Bidding Instructions:

1. Technical Proposal

Bidders shall submit a proposal clearly providing the following information:

a. The proposed approach to address the required scope of work and the required delivery and milestones plan.

b. CVs of the assigned resource(s) for the project. It is up to the bidder to propose the size of the team that executes the work and produces the deliverables in the time line allocated.

c. A compliancy matrix clearly stating how your proposal meets the deliverables/ performance goals outlined in Part 2, Section 2.

d. Any other appropriate technical information to determine whether your proposal meets the deliverables/ performance goals outlined in Part 2, Section 2.

e. Any other similar past performances explaining the relevance of the bidder with the requirements and elaborating on why they are the best candidate for this contract award.

2. Award

Contract shall be awarded under the framework contract CO-115786- AAS+ - Market Place 1

 

1. INTRODUCTION

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services. The Portfolio ranges from Programme of Work (POW) activities funded via the NATO Military Budget (MB) to Critical / Urgent Requirements (CURs/URs) and NATO Security Investment Programme (NSIP) projects funded via the Investment Budget (IB). In some edge cases, projects are also funded via the Civilian Budget (CB). Projects can span multiple years and are governed by various frameworks, including the Common Funded Capability Development Governance Framework (CFCDGM).

In order to execute this work, the NCI Agency is seeking additional labour through contracted resources (or consulting) to support the work undertaken by the NATO Cyber Security Centre (NCSC) in the area of Communications and Information System (CIS) security, cyber defence and cyberspace operations. This Statement of Work (SoW) specifies the required skillset and experience.

1.1 PURPOSE

The NCSC is responsible to defend NATO networks on a 24/7 basis. To support the processes and the information management aspects of all the elements encompassing such responsibility, the NCSC is looking for a heavily experienced development contractor in Atlassian products (JIRA, Confluence and Bitbucket) to create custom applications, macros, code and data extraction/ingestion from and to a wide-variety of data sources to support such need, both by working on a remotely accessible development environment as by implementing the approved development into our core networks.

The development requirement are depending on multiple factors and stakelholders’ inputs, and will vary during time.

2. DELIVERABLES

The following functions are to be delivered:

D1. The contractor shall on regular basis, but not less than twice a week, remotely access the JIRA platform to:

- Assess the new request for development (in the form of a JIRA ticket) entered by the NCIA Service Delivery Manager (SDM) in terms of complexity of development and associated time required to develop such request.

- Update the existing agreed development tasks requested through the JIRA platform in terms of the percentage of completion to achieve the objective.

The NCIA SDM will review the contractor’s input and validate the assessment of development progress by having a weekly videoconference with the contractor of maximum 1h. Both parties will agree on the best moment to have such videoconference setup.

D1 Outcome: On a weekly basis, the NCIA SDM validates the progress made by the contractor on the development aspects

D2. Once per month, the contractor shall be physically present at SHAPE, Mons Belgium for 5 working days to implement on NCSC networks the code that have been authorised for deployment by NCSC Change Advisory Board (CAB) and demonstrate to NCIA staff the new capability developed.

D2 Outcome: The NCIA SDM validation, on a monthly basis, that the developed product(s), linked to an agreed JIRA ticket has been successfully implemented on NCSC network.

D3. Each of the JIRA ticket that have been made into production shall be accompanied by its associated documentation to be written and stored on NCSC Confluence instance. The documentation shall start being written while the development is ongoing to ensure the documentation is ready for consumption by the time the product is approved for installation on NCSC network.

D3 Outcome: The NCIA SDM validation of the quality and completeness of each piece of documentation linked to an associated JIRA ticket.

Each deliverable shall meet the following requirements:

Language: the product shall be written in English, meeting the NATO STANAG 6001 Level 3 “Professional Proficiency”.

Intended Audience: the product shall be intended for Cyber Security Professionals.

Accuracy: the product shall accurately reflect what was discussed, decided, and action items assigned during the meeting.

Clarity and Conciseness: Information shall be presented clearly and concisely, avoiding unnecessary jargon or complex language.

Formatting: Consistent formatting shall be used throughout the document, including font style, size, headings, and spacing further directed by the NCSC.

Further Details: Each provider of this service must pass an assessment to demonstrate proficiency before being approved to provide the service. The assessment will then be followed by a four weeks on-site familiarisation period with key NCSC personnel and tool to be introduced to the environment.

3. REPORTING

R1. On a monthly basis (see Annex A),and in accordance with D1, a report on:

Which new JIRA issue has been authorised for development

Which existing JIRA issue has been worked on and the progress rate

R2. A monthly report (see Annex B), provided 7 working days after the monthly physical presence on SHAPE as defined containing:

The outcome of each JIRA ticket that was installed on NCSC production environment. (D2)

The approval of the documentation created for each associated JIRA ticket (D3)

4. SKILLS

[See Requirements]

5. WORK EXECUTION

The services will be mainly executed on contractor premises.

A physical meeting once per month for a duration of 5 working days in SHAPE, Mons, Belgium will be required for tracking the SoW execution.

NCIA IT equipment will be provided (NCSC NROP laptop and/or NCIA NRAIS laptop) + access to NCSC NSOP workstation. This equipment can be used by one person only and associated to that individual.

Results of the work will be provided as stated in paragraph 3 – Reporting.

6. DELIVERABLES MILESTONES AND PAYMENT SCHEDULE

Payment will be done as per the milestones below.

Related invoice will be accompanied by a Monthly Performance Report (Annex B) and the Weekly Statistics Report (Annex A) and/or a Delivery Acceptance Sheet (Annex C), signed by the project authority.

Payment will be done in accordance with the table below:

2025: 52 weeks

D1: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of 4x D1 by NCIA SDM

D2: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

D3: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

Option 2026: 52 weeks

D1: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of 4x D1 by NCIA SDM

D2: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

D3: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

Option 2027: 52 weeks

D1: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of 4x D1 by NCIA SDM

D2: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

D3: Deliverable Due Date: End of Each Month

Quantity: Max 12

Type and conditions of payment: Approval of D2 by NCIA SDM

7. TRAVEL

All travel costs are included in the quoted price. No additional cost for travel (including accommodation, per diem, travel expenses, etc.,) will be claimed separately. All travel arrangements are the responsibility of the contractor.

Travel 2025: 12 travels, of 6 day length (5 working days), are to be planned as part of this contract to SHAPE, Mons Belgium.

Option 2026 ands 2027: 12 travels per year, of 6 day length (5 working days), are to be planned as part of this contract to SHAPE, Mons Belgium.

8. PERIOD OF PERFORMANCE

The base period of performance is scheduled to begin on 02 January 2025, and will conclude no later than 31 December 2025.If the options are exercised, the period of performance will be from 01 January 2026 to 31 December 2026, followed by 01 January 2027 to 31 December 2027.

9. SECURITY AND NON-DISCLOSURE AGREEMENT

Any contracted individuals of the Service Provider must be in possession of a security clearance by their National Authority of COSMIC TOP SECRET. The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.

Requirements

4. SKILLS

It is up to the bidding company to propose and size the team that will be working to fulfilling these deliverables.

Required skillset of the contracted team:

• Extensive software development experience with Java, JSP, Javascript, CSS.
• Extensive software development experience with Python
• Extensive experience with SQL databases.
• Extensive experience in developing software integrations through APIs.
• Very good experience in developing in Atlassian software, mostly with JIRA and Confluence
• Experience with Java Servlet and Tomcat
• Experience with the management of Linux servers (preferably RedHat).
• Experience in interfacing with IT Service / Change Management.
• Extensive experience with troubleshooting of complex software and IT infrastructure issues; from the source code to the network and database layer.
• The need to take ownership of tasks and wish to accomplish them to the end.

9. SECURITY AND NON-DISCLOSURE AGREEMENT

• Any contracted individuals of the Service Provider must be in possession of a security clearance by their National Authority of COSMIC TOP SECRET. The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.