Deadline Date: Monday 18 November 2024 (originally Friday 8 November 2024)
Requirement: NATO ICT role mapping support
Location: Off-Site
Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs
Period of Performance: 2025 BASE: As soon as possible, but not later than 6 January 2025 – 31 December 2025 with the possibility to exercise following options:
2026 Option: 1 January 2026 until 31 December 2026
2027 Option: 1 January 2027 until 31 December 2027
Start date as soon as possible but not later than 6 January 2025.
Required Security Clearance: NATO SECRET
1. INTRODUCTION
At present, NATO does not have a standardized way to describe professional roles in the domain of Information and Communication Technology (ICT), nor are the Knowledge, Skills and Attitudes that are required to perform each of these roles successfully standardized.
Building on the previous year’s mapping of NATO Cybersecurity Roles, the aim of this project is to expand the mapping of all ICT roles to the SFIA Framework.
A 'NATO ICT Role' refers to a specific function within NATO that individuals occupy and execute. These roles are defined based on the SFIA framework, which serves as an industry-standard for standardizing language and categorizing skills. The scope of this mapping project includes all professionals in NATO who are involved in designing, developing, implementing, managing, and protecting the data and technology that power the digital world.
The project includes the creation of a database with all the acquired NATO ICT roles. The database will allow the identification of required trainings for each NATO ICT role and further analysis, for instance in supporting the forecasting of future training efforts.
2. OBJECTIVES
The scope of all activities is the NATO Enterprise unless otherwise indicated. At its conclusion, this project aims to deliver:
An inventory of all NATO ICT roles
A mapping of NATO ICT roles to the SFIA framework
A mapping of ‘Role to training recommendations’ for NATO ICT roles;
An implemented and accredited platform that enables hosting, analysing and managing all above mappings and creation of visual overviews and mapping reports per role, that can be used for insertion in / adjustment of NATO Job Descriptions (note: adjustment of the actual Job Descriptions is out of scope of this project)
3. SCOPE OF WORK in 2025
The following activities require support in 2025 under this SOW:
Where needed, finalize existing mappings, which focuses on NATO Cybersecurity roles and support the loading of these mappings in to the platform that was selected as Proof of Concept (Lexonis)
Build an inventory of NATO ICT roles and associated ICT Job Descriptions.
For all persona’s and 50% of all NATO ICT roles map the duties to the associated competencies and proficiency levels in the SFIA framework, create references to existing NATO and commercial training programs, and develop an annex and visual overviews to describe the SFIA mappings and training recommendations
Across all mapped NATO ICT roles: generate a cross-entity picture of ICT role training recommendations
Support the evaluation of the 2024 Proof of Concept of the mapping platform (Lexonis), pertaining to the platform’s ability to host, manage and analyse mappings, generate visual and usable reporting, identify required trainings for each NATO ICT role and further analysis, for instance in forecasting future training efforts and conducting competency assessments and function and to be accredited in the NATO IT system landscape, adhering to the associated security policies
Based on the evaluation outcomes, support the acquisition and/or implementation of the selected tool to host and manage all NATO CS and CSI role mappings to industry frameworks
Support the loading of all mappings between NATO ICT roles and industry frameworks to the selected platform
The contractor will work remotely, providing services during Core working hours of the NCI Academy team (Oeiras / PRT).
The measurement of execution for this work is sprints, with each sprint planned for a duration and due date as outlined in table 1 of Section 4 – Deliverables and Payment Milestones.
4. DELIVERABLES AND PAYMENT MILESTONES
The following deliverables are expected from the work on this statement of work:
2025 BASE: 01 January 2025 to 31 December 2025
Deliverable: Up to 6 Sprints (Number of sprints is estimated considering a starting date of 1 January 2025. This will be adjusted depending on the actual start date.)
Payment Milestones: Upon completion of each sprint and at the end of the work.
The NCI Academy team reserves the possibility to exercise a number of options within the year 2025, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A) including the EBA Receipt number.
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and line manager.
See below for the schedule of 2025 deliverables:
Sprint 1: All missing mappings of NATO Cybersecurity roles from the 2024 PoW have been completed and validated and loaded on the platform that was selected as Proof of Concept (Lexonis) - 1 March 2025
Sprint 2: Evaluation finalized of the 2024 Proof of Concept of the mapping platform (Lexonis) + recommended way forward (i.e. accreditation of Lexonis OR explore other platform options) - 1 April 2025
Sprint 3: Up to 25% of all NATO ICT roles have been mapped to SFIA including training recommendations - 1 June 2025
Annexes and visual overviews have been developed to describe the SFIA mappings and training recommendations – Scope: 25% of all NATO ICT roles - 1 June 2025
All mappings of the 2024 project (focussing on NATO Cybersecurity roles) have been updated where needed - 1 June 2025
Sprint 4: Up to 50% of all NATO ICT roles have been mapped to SFIA including training recommendations - 1 Oct 2025
Annexes and visual overviews have been developed to describe the SFIA mappings and training recommendations – Scope: 50% of all NATO ICT roles - 1 Oct 2025
Overview of activities, work plan and engagement plan for the follow-on work in 2026 - 1 Oct 2025
Sprint 5: Across all mapped NATO ICT roles: generate a cross-entity picture of ICT role training recommendations - 1 Nov 2025
Sprint 6: All mappings between NATO ICT roles and industry frameworks have been loaded to the selected platform (depending on platform availability) - 1 Dec 2025
Final report describing the 2025 mapping outcomes - 1 Dec 2025
2026 OPTION: 01 January 2026 to 31 December 2026
Deliverable: Up to 6 sprints as described on above Table 1 section 4
Payment Milestones: Upon completion of each sprint and at the end of the work.
2027 OPTION: 01 January 2027 to 31 December 2027
Deliverable: Up to 6 sprints as described on above Table 1 section 4
Payment Milestones: Upon completion of each sprint and at the end of the work.
The NCIA team reserves the possibility to exercise a number of options in the respective option years, based on the same scrum deliverable timeframe and cost, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex A) including the EBA Receipt number.
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex A) signed by the Contractor and the project authority.
5. COORDINATION AND REPORTING
The contractor shall participate in status update meetings, sprint planning, and other meetings, physically in the office, or in person via electronic means using Conference Call capabilities, according to line manager’s instructions.
For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in written within three (3) days after the sprint’s end date. The format of this report will be aligned with the line manager mentioning briefly the work held and the development achievements during the sprint.
Acceptance of each sprint completion will be documented in Annex A – Delivery Acceptance Sheet.
6. SCHEDULE
This task order will be active immediately after signing of the contract by both parties.
The BASE period of performance is as soon as possible but not later than 6 January 2025 and will end no later than 31 December 2025.
If the 2026 option is exercised, the period of performance is 01 January 2026 to 31 December 2026.
If the 2027 option is exercised, the period of performance is 01 January 2027 to 31 December 2027.
7. CONSTRAINTS
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the line manager.
All documentation will be stored under configuration management and/or in the provided NCI Agency tools.
All the deliverables of this project will be considered NATO UNCLASSIFIED.
Part of the work may involve handling classified networks, therefore, a security clearance at the right level is expected for the contractor(s) undertaking this service, although the contractor may start working already while the clearance process is ongoing.
8. SECURITY
The security classification of the service will be up to NATO SECRET.
The contractor providing the services under this SOW is required to hold a valid NATO SECRET security clearance
9. PRACTICAL ARRANGEMENTS
The work shall be primarily conducted remote, e.g. at the contractor’s premises, with occasional travel.
Travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract. He or she will work under the direction and guidance of the NCI Academy Technical Capability Support Section Head or their designated representative.
10. QUALIFICATIONS
[See Requirements]
Requirements
10. QUALIFICATIONS
The contractor should have the following experience:
Education:
Experience:
Language Proficiency