Deadline Date:
Thursday 19 June 2025
Requirement:
ACPV Service Catalogue Design and Development Support
Location:
Mons, BELGIUM
Time On-Site:
100%
Not to Exceed:
2025 BASE: € 72,270 (22 sprints at € 3,285 NTE / sprint), 2026 OPTION
Period of Performance:
2025 BASE: 01 Aug 2025
Required Security Clearance:
NATO SECRET
Purpose:
The objective of Statement of Work (SoW) is to support the design and development ofthe Asset, Configuration, Patching and Vulnerability (ACPV) Service in the Service Catalogue and to prepare its integration in an SLA Framework. It aims at;
- Designing and developing the Service Design Package needed for the ACPV Service in order to be integrated in the service catalogue of the Agency within the requisite lead-time,
- Allowing the aforementioned to be incorporated into an SLA framework from which all NATO entities can consume ACPV data.
Background:
- ACPV supports the NATO strategic objective to enhance cyber defence and resilience.
- It directly contributes to NATO’s cybersecurity posture, proactively challenging adversarial freedom of manoeuvre in cyberspace, countering malicious cyber activities on the Alliance and contributing to Enterprise cyberspace situational awareness in a dynamic environment.
- NATO needs to continuously improve its enterprise vulnerability management process as part of its aim to operate at the high security levels, which ensure its effectiveness and reliability. The ACPV Core System is expected to provide the NATO Cybersecurity Ecosystem with adequate ACP management for vulnerability assessment information within the NATO Enterprise, ensuring that NATO CIS are understood, monitored, patched and actioned properly, in order to improve their protection against the full spectrum of current and future cyber threats.
- In support of this, the NCI Agency is tasked under a Programme of Work (POW) to support the ACPV program.
- To support NCSC for the execution of tasks identified in the subject work package of the project, the NCI Agency is looking for subject matter expertise in the delivery of complex, foundational and novel ACPV support capability.
- This contract is to provide consistent support on a deliverable-based (completion-type) contract, to NCSC contributing to its POW based on the deliverables that are described in the scope of work below.
The objective of this Statement of Work (SOW) is to provide support to the activities executed by NCSC with a qualified contractor on a deliverable-based (completion-type) contract. The work will consist in preparing the following deliverables:
- Service Description (SD) following NCIA template, describing the service, service value proposition, each service feature or flavour, support hours, standard service support level, unit of consumption and unitary price.
- Service Delivery Plan (SDP) following NCIA template describing all Service Technology Components, the Service Tree, Service Support Model, Roles and Responsibilities, Service Level Targets and Key Performance Indicators.
- A bottom-up quantified Service Cost Model following NCIA template.
Service Description
The Contractor following a NCIA Template will develop a Service Description Document with the detailed technical description that needs to include Service Identification, Service Type, Description of Service, Value Proposition, Service Features/Flavors, Environments, Prerequisites, Standard Service Support Levels and Service Cost.
Service Delivery Plan (SDP)
In this activity the Contractor needs to draft the Service Delivery Plan and will need to gather from all stakeholders, in the following activities, all the necessary elements and include the information gathered/developed in the SDP.
Service overview:
The contractor will develop a brief description of the Service from a technical point of view, providing the link to the document containing the detailed technical description of the Service (developed in the previous activity).
The contractor will identify and document all prerequisite Customer Facing Services, Underlying Services, Service Assets (Software/Hardware), Licenses and Underpinning Contracts.
Service Technology Components and Model:
The Contractor will develop a visual representation of the relationship of service technology Components, using a provided template.
Service Support Model:
In this activity the Contractor needs to describe what levels of support are applicable to the Service, keeping in scope how the NCI Agency has defined standardized levels of support. If the Service requires deviation/different definition of support levels, they need to be described identifying their source (e.g. SLA, POW, etc.)
Service Delivery Support Process:
The Contractor needs to develop a scheme that best depicts how the support process for the Service is defined and operated. An illustration of such a scheme will be provided to harmonize this work with other existing SDPs.
Description of future end-state implementation overview of the Service Delivery Support Process.
The Contractor needs to develop a RACI table to describe the Roles and responsibilities within the Service Delivery Process.
Service Delivery Point is defined as the latest physical location where physical work needs to take place to have a service delivered. The Contractor needs to identify all Service Delivery points for the Service and document them in a matrix indicating all the instances for each.
Service Delivery Management:
The Contractor needs to identify all the major coordination events and their time-frames, reporting activities or other relevant events planned during Service Delivery (e.g. Full Service Delivery Review, Collection of Customer Inputs, etc.).
Annexes:
The Contractor may need to Include any other annexes, in accordance with the requirements of the specific SDP to address (Service Level Targets, ITSM Configuration Parameters, CMDB Data Configuration, Acquisition Procedures, Material Requisition Procedures, Capacity Management, etc.) determined during the work on previous activities.
Definitions and Acronyms
Develop the list of definitions and acronyms used in the Service Delivery plan
Constraints:
All the deliverables provided under this statement of work will be based on NCI Agency templates or agreed with the project point of contact.
All documentation etc. will be stored under configuration management and/or in the provided NCI Agency tools.
Security and Non-Disclousure Agreement:
It is mandatory to have the candidate be in possession of a NATO SECRET security clearance to facilitate follow-on engagements and coordination at NATO venues.
The signature of a Non-Disclosure Agreement between the contractor contributing to this task and NCIA will be required prior to execution.
Practical Arrangements:
- The contractor will be required to work approximately 100% onsite at NCIA Headquarters in Mons / BEL as part of this engagement. The NCSC Team is located in Mons/BEL, with working hours to be adjusted accordingly. Incident resolution activities may be requested during the out of business hours as part of deliverable-based sprints.
- The contractor will be required to work within a NATO country, following the rules and regulations applicable for the operations of NATO CIS.
- The contractor may be required to travel to other NATO locations as part of his role. Travel expenses for missions to other NATO/NCIA locations than Mons/BEL will be reimbursed to the individual directly (outside this contract) under NATO rules.
- Travel arrangements will be the responsibility of the contractor and the expenses will be reimbursed in accordance with Article 5.5 of AAS Framework Contract and within the limits of the NCIA Travel Directive.
- The services must be provided by ONE contractor for the entire performance period.
- Access to NATO sites, as required, for the purpose of executing this SOW.
- Workspace (needed business IT for both on- and off-site work, hot-desk at NISC facility).
- NCIA “REACH” laptop to be used by the contractor for the execution of the contract.
The contractor who is going to deliver the identified services must have demonstrated skills, knowledge and experience as listed below:
Technical Proficiency:
- The support for this work requires the following technical proficiencies:
- Good Knowledge and experience with the ITIL Framework (Service Strategy/Service Design)
- Solid understanding of financial management of IT Services and experience with Service Costs and Service Rates calculation.
- Strong troubleshooting skills to diagnose and resolve hardware, software, and network issues,
- Ability to guide users through problem-solving steps effectively.
- Excellent verbal and written communication skills,
- Full proficiency in English,
- Ability to communicate technical information to non-technical users in a clear and concise manner.
- Ability to manage multiple tasks and prioritize tasks effectively,
- Attention to detail in documenting support activities and maintaining accurate records.
- Ability to work effectively as part of a team and share knowledge and resources,
- Willingness to collaborate with colleagues to solve complex issues.
- The candidate has strong customer relationship skills, including negotiating complex and sensitive situations under pressure,
- The candidate must have the nationality of one of the NATO nations.
The contractor should also ideally have knowledge and experience in the following areas:
- Experience in working with NATO,
- Experience of working with NATO Communications and Information Agency,
- Experience of working with national Defence or Government entities.