2025-0357 Capability Package 120 in NATO Cyber Security Center (NS) - WED 17 Dec

Deadline Date: Wednesday 17 December 2025

Requirement: Support to Capability Package 120 in NATO Cyber Security Center

Location: Braine-l’Alleud, Belgium

Full Time On-Site: Flexibility such as home working is subject to prior approval from line manager

Period of Performance: 2026 Base: Immediate availability (15 Jan 2026 the latest)

Possibility to exercise following options:

• 2027 Option: 01 Jan 2027 – 31 Dec 2027

• 2028 Option: 01 Jan 2028 – 31 Dec 2028

Required Security Clearance: NATO SECRET

1. BACKGROUND

The NCI Agency has been established with a view to meeting the collective requirements of some or all NATO nations in the fields of capability delivery and service provision related to Consultation, Command & Control as well as Communications, Information and Cyber Defence functions, thereby also facilitating the integration of Intelligence, Surveillance, Reconnaissance, Target Acquisition functions and their associated information exchange.

2. INTRODUCTION

The NATO Cyber Security Centre (NCSC) is a team of over 200 members working to monitor and protect NATO networks. In the NCSC’s role to deliver robust security services to the NATO Enterprise and NATO Allied Operations and Missions (AOM), the centre executes a portfolio of programmes and projects around 219 MEUR euros per year, in order to uplift and enhance critical cyber security services.

The TRANSFORM Branch supports the missions of the NCSC by ensuring the delivery of coherent, holistic, effective and efficient Cyber Security services across the NATO Enterprise.

The CP120 project refers to the comprehensive management of technology assets to enhance NATO's cyber security posture to maintaining the ability to defend and protect NATO's networks. Through the implementation of the Capability Package 120 (CP120), NATO ensures the effectiveness of the cyber security services delivered by NCSC in an ever-changing cyber threat landscape.

In this project, the Agency upgraded the central management of two systems that work together to help the NCSC monitor NATO networks for threats and flag important issues.

3. OBJECTIVES

The main objective of the statement of work is to underline the Cyber Security needs of the NCSC and to look for support to Project.

This document outlines the services to be provided by the Supplier to NCI Agency Cyber Security Transform Branch for the implementation and management of the Project.

Moreover, it specifies the required skillset and experience.

The Contractor will have a support role, helping Project Managers and teams with both administrative and operational aspects of project management.

4. SCOPE OF WORK

4.1 Problem statement

The Cyber Security TRANSFORM Branch, in charge of managing a large scale of projects in its daily operations, is facing a heavy workload and a lack of personnel.

This situation is impacting all the Cyber Security services and numerous other projects.

4.2 Service details and deliverables

The Service Provider will deliver the following core activities as per the schedule below, under the direction of CP120 Project Managers:

01 Project planning and execution support: Weekly

02 General Project Support Package: Weekly

03 Software and tools Package: Weekly

04 Administrative Support Package: Weekly

05 Project management documentation: Weekly

06 Project Tracking and Reporting Bundle: Weekly

07 Meeting Management Suite: Weekly

08 Compliance and Audit Support Materials: Weekly

4.3 Project planning and execution support

The Supplier will:

• Organise and track meetings (weekly, monthly, quarterly, ad hoc) as agreed at the begging of the sprint and requested by the PMs
• Create tasks, resource plans, and allocate resources in Service Now

4.4 General Project Support Package

The Supplier will:

• Develop and keep up to date the NATO Enterprise Tier 2/3 data sources points of contact list
• Develop and keep up to date the REACH/NR laptops Database provided to contractors
• Develop and keep up to date the Database tracking the accounts delivered to contractors (type, validity, etc.)
• Develop and keep up to date the Database with contractor documentation for the NATO sites access
• Develop and keep up to date the Access list to the project portal
• Develop and keep up to date the list of actions assigned to both the NCIA Project Management Team (PMT) as well as to the Contractor PMT members
• Provide logistical support for workshops and meetings

4.5 Software and tools Package

• Use project management software (ServiceNow) and Agency official tools
• Perform project-related transactions in systems like ServiceNow and EBA

4.6 Administrative Support Package

The Service Provider will:

• Support the work of the Project Managers in all administrative tasks.
• Coordinate international teams and meetings
• Organized digital filing system for all project documents
• Travel itineraries and expense reports for project team members
• Procurement logs for project-related supplies and services
• Coordinate and submit Purchase Requisitions

4.7 Project management documentation

The Service Provider will:

• Provide requested routine and planned documentation
• Provide ad-hoc project management documentation
• Maintain Service Line project-related portals such as work loading and work capacity metrics; reporting and planning; contact information; prioritization; project status.

4.8 Project Tracking and Reporting Bundle

The Service Provider will:

Support the team by routinely

• Weekly project status reports
• Custom reports generated from project management tools
• Regular stakeholder update reports
• Support the production and submission of exception reports
• Closely liaise with Cyber Service Line team and Admin Office to support preparation of defined reports
• Create and maintain all project related documentation (risk and issue management, dependencies, change management, scheduling, supplier management).
• Support with the budget tracking spreadsheets with variance analysis report
• Resource utilization reports

4.9 Meeting Management Suite

• Organized meeting agendas for various project-related meetings
• Detailed meeting minutes with action items clearly highlighted
• Follow-up reports on action items and decisions

4.10 Compliance and Audit Support Materials

• Compliance checklists ensuring adherence to cybersecurity standards and regulations
• Policy and procedure implementation packages
• Audit-ready documentation packages

4.11 Service Level Agreements (SLAs)

The following SLAs will apply:

• Average speed for response times for client queries: 30 minutes-1hour
• Adherence to project timelines
• 99.9% Task completion rates
• Number of reports provided per week: as agreed at the beginning of the sprint NTE 10/week
• Stakeholder Meeting Attendance: 100% of required meetings attended
• Service provider is expected to provide service every day during normal business hours 08:30-17:30.

4.12 Client Responsibilities

The Client will:

• Provide necessary access to systems and information required for all services
• Tools and equipment (laptop) will be provided for remote service provisioning
• Designate primary points of contact for escalations and decision-making
• Early Definition: Establish criteria at the beginning of the sprint; Refine criteria as needed throughout the development process
• Prioritization: Identify must-have criteria vs. nice-to-have features; Align prioritization with project / service goals and constraints

4.13 Acceptance Criteria

The services will be deemed accepted when:

• All specified SLAs are met
• All deliverables have been provided as outlined in Section 4

4.14 Rejection Criteria:

• The client may reject deliverables if they do not meet the specified acceptance criteria or if they contain critical errors.
• A rejected deliverable must be corrected and resubmitted within 1 (one) business day.

Further, the supplier must conduct the following reviews:

• A weekly ‘touch point’ between NCIA POC and the supplier’s POC to ensure work is on track

5. PAYMENT MILESTONES

The payments shall be dependent upon successful acceptance of the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.

Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and project authority.

Invoicing will upon completion of each 4 sprints and at the end of the work, with payment due within 30 days of invoice date.

5.1 Base 2026: Period of performance 01 January 2026 to 31 December 2026

Deliverable: Up to 44 Sprints containing all deliverables in section 4 (Number of sprints is estimated and will be adjusted based on actual starting date.)

Payment Milestones: Upon completion of each 4 sprint accepted within the respective month (at the end of the month) and at the end of the work.

5.2 Option 2027: Period of performance 01 January 2027 to 31 December 2027

Deliverable: Up to 44 Sprints containing all deliverables in section 4 (Number of sprints is estimated and will be adjusted based on actual starting date.)

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each 4 sprint accepted within the respective month (at the end of the month) and at the end of the work.

5.2 Option 2028: Period of performance 01 January 2028 to 31 December 2028

Deliverable: Up to 44 Sprints containing all deliverables in section 4 (Number of sprints is estimated and will be adjusted based on actual starting date.)

Cost Ceiling: Price will be determined by applying the price adjustment formula as outlined in CO‐115786‐ AAS+ Special Provisions article 6.5.

Payment Milestones: Upon completion of each 4 sprint accepted within the respective month (at the end of the month) and at the end of the work.

6. COORDINATION AND REPORTING

Due to the hybrid approach of this project (AGILE and PRINCE2), there is a need to define a set of specific arrangements between the NCI Agency and the contractor that specifically defines the deliverables to be provided for each sprint as well as their associated acceptance criteria. This includes sprint planning, execution and review processes, which are detailed below:

6.1 Sprint Planning:

Objective: Plan the objectives for the upcoming sprint

Kick-off meeting: Conduct a monthly meeting with the contractor to plan the objectives of the 4 upcoming sprints to meet the agreed deliverables

Set sprint goals: Define clear, achievable goals for the sprints

Backlog Review: Review and prioritise the backlog of tasks, issues, and improvements from previous sprints.

6.2 Sprint Execution:

Objective: Contractor to execute the agreed “sprint plans” with continuous monitoring and adjustments.

Regular meetings between NCI Agency and the contractor to review sprint progress, address issues, and make necessary adjustments to the processes or production methodology. The Meetings will be physically in the office or virtually via Skype.

Progress Tracking: Contractor to use a shared dashboard or tool to track the status of the sprint deliveries and any issues.

Quality Assurance/Quality Check: Contractor shall ensure that the quality standards agreed for the sprint deliverables are maintained throughout the sprint.

Quality Control: NCIA to perform the Final Quality Control of the agreed deliverables and provide feedback on any issues.

6.3 Sprint Review

Objective: Review the sprint performance and identify areas for improvement.

At the end of each sprint, there will be a meeting between the NCI Agency and the Contractor to review the outcomes against the acceptance criteria comprising sprint goals, agreed quality criteria and Key Performance Indicators (KPIs).

Define specific actions to address issues and enhance the next sprint.

6.4 Sprint Payment

For each 4 (four) sprints to be considered as complete and payable, the contractor must report the outcome of their work during the sprint, first verbally during the retrospective sprint review meeting and then in writing within five days after the 4th sprint’s end date. A report must be sent by email to the NCI Agency CP 120 Project Managers, listing all the work achieved against the agreed tasking list set for the sprint.

The contractor's payment for each set of 4 sprints will be depending upon the achievement of agreed Acceptance Criteria for each task, defined at the sprint planning stage.

The payment shall be dependent upon successful acceptance as set in the above planning/review meetings. This will follow the payment milestones that shall include a completed Delivery Acceptance Sheet (DAS) – (Annex A) including the EBA Receipt number

Invoices shall be accompanied with a Delivery Acceptance Sheet (DAS) – (Annex A) signed by the Contractor and project authority.

If the contractor fails to meet the agreed Acceptance criteria for any task, the NCI Agency reserves the right to withhold payment for that task/sprint.

7. SCHEDULE

Period of performance for SOW will commence on 1st of January 2026 and continue for max. 44 weeks (sprints) until the 31st of December 2026.

On the first working day of 2026, The NCIA representative will have a Kick Off meeting with the Service Provider to perform introductions and review the project plan (sprints activities)

The NCIA team reserves the possibility to exercise the 2027 and 2028 options, based on the same sprint deliverable timeframe and cost, at a later time, depending on the project priorities, requirements and budget approval.

8. TRAVEL

Travel may be required. Additional cost for travel (including accommodation, travel expenses, etc.,) will be claimed separately. All travel arrangements are the responsibility of the contractor.

9. SECURITY AND NON-DISCLOSURE AGREEMENT

Any proposed resource providing services under this SOW must be in possession of a security clearance NATO SECRET or above.

The signature of a Non-Disclosure Agreement between any Service Provider’s individuals contributing to this task and NCIA will be required prior to execution.

10. CONSTRAINS

All the documentation provided under this statement of work will be based on NCI Agency templates or agreed with project point of contact.

All scripts, documentation and required code will be stored under configuration management and/or in the provided NCI Agency tools.

Responsible for complying will all applicable local employment laws, in addition to following all SHAPE & NCIA on boarding procedures. Delivery of the service cannot begin until these requirements are fulfilled.

11. PRACTICAL ARRANGEMENTS

NCIA IT equipment will be provided (one REACH laptop will be provided). This equipment can be used by one person only and associated to that individual.

Results of the work to be stored on NCI Agency NATO RESTRICTED SharePoint portal and checked on a weekly basis to the assigned Point of Contact (Annex A – Weekly progress report).

All the documentation provided under this statement of work will be based on NCI Agency templates and/or agreed with the NCIA service manager.

All support, maintenance, documentation will be stored under configuration management and/or in the provided NCI Agency tools.

All developed solutions will be property of the NCI Agency.

12. QUALIFICATIONS

[See Requirements]

Requirements

9. SECURITY AND NON-DISCLOSURE AGREEMENT

• Any proposed resource providing services under this SOW must be in possession of a security clearance NATO SECRET or above.

12. QUALIFICATIONS

Services under current SOW are to be delivered by ONE resource that must meet the following experience, qualities and qualifications:

Experience:

• Relevant experience with Service Now, MS Office suite including MS Project
• Knowledge and experience with the practical support on implementation of ICT projects.
• Prior experience of working in an international environment comprising both military and civilian elements.
• Proactive attitude in seeking and maintaining trust from stakeholders and team.
• Proven ability to communicate effectively orally and in writing with good briefing skills.
• Analytical skills. Time management.
• Works productively in a pressurized environment.
• Focused on objectives and deliverable oriented

Skills

• Proven track on developing and maintaining strong and effective relationships with internal and external stakeholders
• Flexible and adaptable; able to work in ambiguous situations.
• Proven ability to communicate effectively orally and in writing with good briefing skills.
• Proactive attitude in seeking and maintaining trust from stakeholders and team.
• Analytical skills
• Time management
• Works productively in a pressurized environment
• Focused on objectives
• Deliverable oriented
• Ability to work autonomously
• Strong reporting skills

Minimum qualifications required

• Vocational training at a higher administration level in a relevant discipline or 5 years equivalent combination of qualification and experience.
• Diploma of secondary education.