Deadline Date: Tuesday 26 November 2024
Requirement: NATO Enterprise Directory Service – Operational Service Support
Location: Braine-l’Alleud, Belgium
Full Time On-Site: Yes
Time On-Site: 100%
Period of Performance: 2nd January 2025 – 31st December 2025 with the possibility to exercise following options:
2026 OPTION period: 1st January 2026 until 31st December 2026;
2027 OPTION period: 1st January 2027 until 31st December 2027
2028 OPTION period: 1st January 2028 until 31st December 2028
Required Security Clearance: NATO Cosmic Top Secret
1. INTRODUCTION
NATO Communication and Information Agency (NCI Agency) provides end-user services to customers throughout NATO. These end-users services are supported by NATO Enterprise Directory Services provided by the NATO Infrastructure Services Centre (NISC) Business Area of NCIA. All services provided by NCIA, regardless of whether they are end-user services or supporting services, are under the responsibility of Service Delivery Managers (SDM).
NATO Enterprise Directory Service (NEDS) provides the capability to share trusted identity information between different systems and to Enterprise users.
NEDS system will act as the Trusted Data Source for identity data for the future Identity and Access Management capability of the NATO Enterprise.
The information on identities (e.g. people and organizations) is retrieved from different, authoritative sources (e.g. APMS). NEDS covers the whole enterprise (including NATO HQ) and will become the standard way to exchange identity information across NATO.
Information can be synchronised between different affiliate systems and automated workflows can be created, including provisioning and de-provisioning of User Accounts. NEDS service information can be made available through either the NEDS native interface (e.g. LDAP) or through customized interfaces such as Web Access, file based interface or SQL.
NEDS provides value to customers through the sharing of identity information across multiple identity stores, improving data quality and reducing the administrative burden for connected systems. This ensures a coherent set of identity data from authoritative sources, while increasing the security posture of the NATO Enterprise.
NEDS allows to improve integrity of (identity) information between overlapping NATO systems. This in itself is a security enhancement as well as the NEDS provides insight in the potential multitude of accounts of a single individual. The automated way of working prevents effort on the part of the affiliate systems.
The lifecycle management information helps connected affiliate systems to improve their management of accounts, in particular to synchronize expiry of accounts with the actual contract, position and clearance expiry of the individual. Thus security is improved, while automation improves efficiency.
Examples of a staff member lifecycle:
Staff member data management: Deduplication, Validation of data quality, Synchronization with affiliate systems (e.g. Windows Environment details provided to HR system), Correlation of data retrieved from different affiliates
Staff member leaving
NEDS is the preferred source to retrieve identity/user information for (new) systems, and as such acts as a trusted broker of authoritative identity information.
2. OBJECTIVES
The main objectives of this statement of work can be summarized as follows:
Ensure high-quality, continuous support for NEDS service
Provide continuous monitoring and pro-active administration of the NEDS service
Develop and deploy iterative updates to the NEDS services, aligning with evolving business requirements.
This SOW covers the Operations and Maintenance (O&M) of NATO Enterprise Directory Services across multiple security domains (NU, NR, NS).
3. SCOPE OF WORK
Support activities:
Monitor, operate and administer the DirX Product Family (I.e. DirX Directory, DirX Identity).
Establish, administer and maintain DirX Directory Synchronization tool parameters and repository tool parameters.
Develop and implement operating procedures following Purchaser’s guidance.
Respond to user inquiries and technical support (Level 2 and Level 3) requests via NCI Agency’s ticketing systems (I.e. ITSM)
Troubleshoot and diagnose software issues reported by users
Management, provisioning and implementation of any alternative or superseding software items should the original item be no longer available or no longer supported
Conduct regular maintenance tasks, such as performance monitoring and optimizations to ensure Continual Service Improvement
Offer on the job training and documentation to the Level 1 support team for software usage and best practices
Perform data backups and disaster recovery procedures as described in Administrator Manual
Collaborate with the stakeholders, both internal and externals, as necessary, to coordinate efforts and ensure smooth execution of software support and development activities
Ensure compliance with software license agreements and security protocols
Provide support in connecting other future affiliates to NEDS (either Master Data Sources or Consumers of data) by performing the necessary configuration and customization of NEDS.
Execute the processes of Incident Management, Change Management and Release Management, as required, following the NCI Agency procedures.
Implement small increments or enhancements to the current NEDS application as requested by the NEDS Service Delivery Manager to address specific needs or improve functionality
Configure DirX to connect additional HR sources as Authoritative Data Source
Build additional connectors to facilitate the integration with other systems using standard DirX technologies
On-Call Support and Responsibilities
The Contractor’s personnel will participate in a rotation-based on-call system with the Purchaser’s staff.
On-call activities are considered delivery-based and part of the monthly sprint cycle
On-Call Rotation Schedule
The schedule will be defined during sprint planning and will outline who is responsible for on-call activities duties each week
On-call shifts will cover critical issues outside the normal working hours
The Contractor’s personnel would cover maximum 2 weeks per month.
On-Call Responsibilities
Responding to urgent incidents or requests during the designated on-call hours
Resolving high-priority incidents to ensure minimal downtime and quick resolution
Documenting any on-call activities, including actions taken to resolve issues
On-Call Deliverables
After each on-call day, a daily status report will be provided on a Purchaser provided SharePoint page containing the following information:
Any Issue: Yes / No
Remarks: Summary of the issue and the fix provided.
The daily report will be provided no later than 8:30 the following day.
A summary of the issues handled and resolutions provided during the on-call period will be submitted at the end of the sprint.
The work shall be carried out in sprints whereby each sprint is independent. The work will be executed mainly onsite but some sprint will be offsite at other NATO locations. Remote work cannot be performed offsite since the nature and classification of the work which requires the contractor to be present at the office. Nevertheless, incidental requests will be reviewed on a case by case basis.
The contractor will be part of a team and will work using an Agile and iterative approach using multiple sprints. Each sprint is planned for a rough duration of 4 weeks. Services need to be provided during standard working hours of NCI Agency. The content and scope of each sprint will be agreed with the service delivery manager during the sprint-planning meeting, in writing.
Sprint planning
At the start of each sprint:
A planning meeting will be held to define activities and goals for the sprint.
The deliverables for the sprint will be clearly outlined, including any specific tasks, outputs and measurable objectives.
On-call rotations and responsibilities will be defined for the upcoming sprint.
Both parties must approve the planned activities before the sprint can begin.
4. PAYMENT MILESTONES AND DELIVERABLES
The following deliverables are expected from this statement of work:
1) Complete the activities/tasks agreed in each spring meeting as per sections 2 and 3 above.
2) Produce sprint completion reports (format: e-mail update), which include details of activities performed. Specifically, the resolved number of tickets will be broken down into number of Incidents, Service Requests (work orders), Change Requests, Tasks, and Requests for Information or Internal Activities, traceable through ITSM.
3) The Contractor will participate in the daily reporting and planning activities (daily stand-ups) as well as the required participation in workshops, events and conferences related to the supported services, as requested by the Service Delivery Manager or deputy.
Payment Schedule will be at the end of each sprint of four working weeks, following the acceptance of the sprint report.
The NCIA team reserves the possibility to exercise a number of options, based on the same scrum deliverable timeframe, at a later time, depending on the project priorities and requirements.
The payment shall be dependent upon successful acceptance of the sprint report and the Delivery Acceptance Sheet (DAS) – (Annex B) including the EBA Receipt number.
Invoices shall be accompanied with a Delivery Acceptance Sheet (Annex B) signed by the Contractor and the NCIA POC.
4.1 2025 BASE: 02 January 2025 to 31 December 2025
Deliverable: Up to 12 Sprints
Payment Milestones: Upon completion of each sprint after delivery acceptance sheet approval.
2026 OPTION: 01 January 2026 to 31 December 2026
Deliverable: Up to 12 Sprints
Payment Milestones: Upon completion of each sprint after delivery acceptance sheet approval.
2027 OPTION: 01 January 2026 to 31 December 2027
Deliverable: Up to 12 Sprints
Payment Milestones: Upon completion of each sprint after delivery acceptance sheet approval.
2028 OPTION: 01 January 2026 to 31 December 2028
Deliverable: Up to 12 Sprints
Payment Milestones: Upon completion of each sprint after delivery acceptance sheet approval.
5. COORDINATION AND REPORTING
5.1 The Contractor shall deliver services on-site at NCI Agency premises in Braine-l’Alleud, Mons, Belgium.
5.2 The contractor shall report to the NISC NEDS Service Delivery Manager (or deputy).
5.3 The Contractor shall participate in daily status update meetings, activity planning and other meetings as instructed, physically in the office, or in person via electronic means using Conference Call capabilities, according to Service Delivery Manager (or deputy) instructions.
5.4 For each sprint to be considered as complete and payable, the contractor must report the outcome of his/her work during the sprint, first verbally during the retrospective meeting and then in writing, within three (3) working days after the sprint’s end date. A report in the format of a short email shall be sent to NCI Agency POC (Service Delivery Manager (or deputy)) briefly mentioning the work held and the achievements during the sprint.
6. SCHEDULE
This task order will be active immediately after signing of the contract by both parties.
6.1 The BASE period of performance is 02nd January 2025 and will end no later than 31st December 2025.
6.2 If the 2026 onwards option is exercised, the period of performance is 01st January 2026 to 31st December 2026.
6.3 If the 2027 onwards option is exercised, the period of performance is 01st January 2027 to 31st December 2027.
6.4 If the 2028 onwards option is exercised, the period of performance is 01st January 2028 to 31st December 2028.
7. SECURITY
7.1 Performance of the services described in this SOW require a valid NATO SECRET security clearance prior to the start of the engagement and obtain COSMIC TOP SECRET during the first year of the execution of deliverables under this SoW
7.2 The Contractor SHALL ensure that all the Contractor staff or anyone working under the remit of the Contractor requiring recurring access to on-site locations for the delivery of the services under this SoW, have a valid NATO Personal Security Clearance at least to the NATO COSMIC TOP SECRET level.
8. CONSTRAINTS
8.1 All the documentation provided under this statement of work will be based on NCI Agency templates or agreed with project point of contact.
8.2 All scripts, documentation and required code will be stored under configuration management and/or in the provided NCI Agency tools.
9. PRACTICAL ARRANGEMENTS
9.1 This is a deliverables-based contract.
9.2 The contractor shall provide services On-site in Braine-l’Alleud, Belgium. Exceptional off- site activities to support service delivery can also be arranged with the line manager’s and Business Area’s PaaS Service Area Owner coordination and approval on sprint activities which do not require physical presence on-site.
9.3 There may be requirements to travel to other sites within NATO for completing these tasks.
9.4 Travel costs are out of scope and will be borne by the NCI Agency separately in accordance to the provisions of the AAS+ Framework Contract.
9.5 The work depicted in this SOW is to be performed by team of at least two contractor personnel.
9.10 The contractor personnel need to be assigned at the beginning of the each sprint (decided in the Sprint Planning meeting) to be able to fulfil the agreed activities (I.e. in case there is a requirement for development activities, developers need to be assigned to the sprint).
10. QUALIFICATIONS
[See Requirements]
Requirements
* Performance of the services described in this SOW require a valid NATO SECRET security clearance prior to the start of the engagement and obtain COSMIC TOP SECRET during the first year of the execution of deliverables under this SoW.
* The Contractor SHALL ensure that all the Contractor staff or anyone working under the remit of the Contractor requiring recurring access to on-site locations for the delivery of the services under this SoW, have a valid NATO Personal Security Clearance at least to the NATO COSMIC TOP SECRET level.
10. QUALIFICATIONS
The consultancy support for this work requires the following qualifications:
Technical Qualifications
* Proficiency in design, integration and implementation of directory systems (based on DirX COTS).
* Familiarity with ACP133, Lightweight Directory Access Protocol (LDAP), ITU-T X.500 standards.
* Requires demonstrable expertise in X.500/LDAP directory and directory synchronization products.
* At least 2 years’ experience in Identity Management.
* Completion of DirX Identity 1, DirX Identity 2 and DirX Directory courses / certification demonstrating a comprehensive understanding of its functionalities and maintenance requirements.
* Proficiency in TCL (Tool Command Language) with a demonstrable level of experience in scripting and automation tasks, specifically in DirX.
* Familiarity with Active Directory for managing user accounts, permissions and access control within the organization’s network environment.
* Proficiency in SQL for database management and querying.
* Experience with .NET or Java development for software customizations and enhancements.
* Familiarity with PowerShell scripting for automation and system administration tasks.
* Experience with Linux Red Hat operating system administration
* Knowledge of PKI (Public Key Infrastructure) and experience with managing digital certificates
* Experience in providing technical support and maintenance for similar software systems based on DirX COTS.
* Experience in developing new functionality for similar software systems based on DirX COTS (I.e. Java and TCL)
Professional Qualifications
* Must have excellent spoken and written English communication and presentation skills, as demonstrated by recent experience (within the past 5 years);
* Excellent communication skills to effectively interact with users, team members and stakeholders
* Must demonstrate the ability and self-motivation to work on his/her own but must also work well within groups as part of a team;
* Must demonstrate an ability and keen sense for problem-solving.
* Motivated, good communication skills, team player.
* Able to work independently with minimal supervision.
* Knowledge of NATO responsibilities and organization.