1. What We Do

Strengthening Digital Governance for Service Delivery

Overview

NOTICE AT-A-GLANCE

  • P178162

  • Strengthening Digital Governance for Service Delivery

  • Kosovo

  • OP00330444

  • Request for Expression of Interest

  • Published

  • SDGSDP/QCBS-1.2.1-2/2024

  • Quality And Cost-Based Selection

  • English

  • Feb 05, 2025 16:00

  • Jan 25, 2025

CONTACT INFORMATION

  • Strengthening Digital Governance for Service Delivery

  • Luan Asllani

  • Ministry of Internal Affairs (MIA) - Prishtina, Kosova

  • Kosovo

  • Kosovo

  • +383 (38) 200 14018

Details

REPUBLIC OF KOSOVA

Ministry of Internal Affairs (MIA)

Agency for Information Society (AIS).

REQUEST FOR EXPRESSIONS OF INTEREST - EXTENDED DEADLINE

(CONSULTING SERVICES – FIRMS SELECTION)

COUNTRY: Kosova

NAME OF PROJECT: Strengthening Digital Governance for Service Delivery Project (SDGSDP)

CREDIT NO: P178162

ASSIGNMENT TITLE: Development of the Strategic Approach to Cloud Computing, and of the Disaster Recovery Contingency, and Continuity of Government Operations Framework

REFERENCE NO: SDGSDP/QCBS-1.2.1-2/2024

DATE: December 26, 2024

The Ministry of Internal Affairs/Agency for Information Society has received financing from the World Bank toward the cost of the Strengthening Digital Governance for Service Delivery Project and intends to apply part of the proceeds for consulting services.

The consulting services (“the Services”) include: develop a Cloud Computing National Strategic Approach and Transition Plan for adoption and utilization of cloud computing within the government of Kosovo. This strategic approach should address technical, operational, business processes, security, and policy considerations to ensure a robust and well-coordinated transition to cloud-based services, and prepare the detailed functional and technical requirements together with the draft bidding documents for the supply and installation of necessary information and communication technology (ICT) systems and equipment to implement the proposed technical solutions (to be purchased through a competitive selection process later).

The other objective of this consultancy assignment is to conduct a needs assessment and prepare the detailed functional and technical requirements for the development of a comprehensive Disaster Recovery Contingency and Continuity of Operations (DR/COOP) Framework for the GoK, together with the draft bidding documents for the supply and installation of necessary information and communication technology (ICT) equipment to enhance the SDC and DRC platforms (to be purchased through a competitive selection process later). This part of the assignment will mainly focus on the development of requirements and draft bidding documents for the short-term and long-term DRC, while developing the long term DR/COOP framework for the GoK. 

The detailed Terms of Reference (TOR) for the assignment are attached to this request for expressions of interest.

The Ministry of Internal Affairs/Agency for Information Society now invites eligible consulting firms (“Consultants”) to indicate their interest in providing the Services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience to perform the Services.

REQUIRED QUALIFICATIONS FOR THE COMPANY

(i) General qualifications of the company to REOI

  1. The Consultant firm must be a legally established and registered entity.
  2. The Consultant firm should demonstrate at least 10 years of relevant experience.
  3. Demonstrated capacity to engage with public institutions, national and local authorities;
  4. Demonstrated experience working with international donors

 (ii) Relevant experience with similar assignments

  1. The Consultant firm must have successfully completed at least two (2) projects including the design and implementation of strategic approach and transition to a government cloud platform and at least two (2) projects including the design and implementation of disaster recovery and business continuity solutions within the last five (5) years (as the main solution provider or main contributor in a joint venture). Successfully completed projects will be presented through a table listing the name of the relevant assignments, short scope of work, contract start and end dates, country/region, and contact reference (name, e-mail, phone number).
  2. Excellent project management skills, including quality assurance of work products; ability to deliver high-quality outputs in a high-pressure multicultural environment;
  3. Excellent command of English, with the ability to deliver high-quality report writing, presentation, and communication skills, with experience in communicating and engaging with high-level decision makers in the public sector.

THE SHORTLISTING CRITERIA ARE:

(i) General qualifications of the company to REOI (40%),

(ii) Relevant experience with similar assignments (60%)

The Consultants’ Staff CV are NOT subject to evaluation at the shortlisting stage.

The attention of interested Consultants is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the World Bank’s “Procurement Regulations for IPF Borrowers” July 2016 revised November 2017, August 2018, November 2020, September 2023 (“Procurement Regulations”), setting forth the World Bank’s policy on conflict of interest.   

Consultants may associate with other firms to enhance their qualifications, but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected.

The Consultant firm will be selected in accordance with Quality-and Cost-Based Selection (QCBS) method set out in the World Bank’s Procurement Regulations for IPF Borrowers (July 2016, revised November 2017, August 2018, November 2020, and September 2023.

Further information can be obtained at the address below during office hours 09.00 to 15.00 hour, Kosova time.

Expressions of interest must be delivered in a written form by e-mail to the address below by: February 5, 2025, at 16.00h Kosova Time.

Ministry of Internal Affairs (MIA)

Agency for Information Society (AIS)

Attn: Luan Asllani, Procurement Specialist

Government Building, Ex-Rilindja

10000 Prishtina, Republic of Kosova,

Ph.: +383 (38) 200 14018

E-mail: kodgov@rks-gov.net

 

Kosovo – Strengthening Digital Governance for Service Delivery

TERMS OF REFERECE

for Consultancy Services to

Development of the Strategic Approach to Cloud Computing, and of the Disaster Recovery Contingency, and Continuity of Government Operations Framework

Reference No: SDGSD/QCBS-1.2.1-2/2024

  1. Background

The Government of Kosovo (GoK) recognizes digital development as a priority to enable sustained economic growth and improve public services. The enabling environment exists for opening new channels of communication and improving the transparency and accountability of public service provision, by building upon the existing foundations of countrywide Information and Communication Technologies (ICT) infrastructure, internet penetration and digital literacy. An Open Data Charter was approved in 2016 and a national portal for open data was established, in addition to the government’s State Services Portal (e-Kosova).

As a horizontal agenda supporting the National Development Strategy (NDS) 2030, the Digital Agenda 2030 lays out the cross-sectoral government horizontal agenda that summarizes the policy and priorities for Kosovo to support the digital transformation of the economy and the society. The digitalization of government is included as Strategic Objective #3 (SO3). With support from the e-Governance Academy of Estonia, the GoK prepared the new e-Government strategy and Action Plan, which was approved in October 2023.

Coordination on the digital governance agenda has been a particular challenge. Coordination is needed on the agenda both within Government and with development partners. There are several agencies which have the mandate for and focus on process reengineering and administrative reforms including supporting digital governance infrastructure. In the recent past, the Ministry of Public Administration (MPA) has had the legal authority to take forward the digital governance and e-services agenda, and hosted some of the critical institutions, including the Agency for Information Society (AIS) and the State Data Center (SDC). In 2021, the Ministry of Public Administration (MPA) has been merged to the Ministry of Internal Affairs (MIA), and hence AIS has become part of MIA.  The Office of the Prime Minister (OPM) is directly engaged in leading the development and overseeing the implementation of the e-Government Strategy, which includes engagement with the Ministry of Internal Affairs (MIA), Ministry of Industry, Entrepreneurship and Trade (MIET) (for business services), Ministry of Finance, Labor and Transfers (MFLT), and other key ministries and agencies that are also major stakeholders. A Digital Transformation Unit (DTU) within OPM was established in 2022 to coordinate all digital initiatives within the Government and with the development partners. The World Bank has been directly engaged as a partner supporting the GoK digitalization reforms.

Given this current context, there is significant room to support the GoK on a more holistic enabling framework and reform plan for simplifications to administrative services for citizens and businesses. The GoK and the World Bank launched a new project in March 2023, “Strengthening Digital Governance for Service Delivery (P178162)”, to improve the quality of, and user access to selected public administrative services. The project, which was ratified by the Parliament of Kosovo in May 2024, builds upon recent World Bank advisory support to digital governance and service delivery and advances in connectivity under the Kosovo Digital Economy (KODE) project. Additionally, the Quality Infrastructure Investment (QII) grant with the support of the Government of Japan was awarded to Kosovo in Q4 2022. The Grant has provided advisory and analytical support to the GoK for ICT infrastructure management to underpin the digital transformation of the public sector and the digitalization of government services, which will feed into the above-mentioned upcoming project.

The Strengthening Digital Governance for Service Delivery project includes three components:

  • Component 1: Digital transformation of government
  • Component 2: Digital transformation of public service delivery
  • Component 3: Institutional strengthening, change management, and project management

Subcomponent 1.2 is focused on strengthening the State Data Center (SDC) and Disaster Recovery Center (DRC) capabilities and transition towards a government cloud platform to enhance the resilience of government operations to disruptions from, among other things, climate change natural disasters and other unforeseen events.

As a part of the new project preparation activities, the World Bank commissioned two technical assessments to inform decisions on the design of new project components. The feasibility study and requirements for the temporary DRC and the preliminary plan for transition to government cloud were completed in January 2023, together with the technical assessment of the whole-of-government platform. Additionally, a consulting firm was selected for the development of requirements to implement an enhanced government shared platform to support the “whole of government” approach (with multiple features such as intranet, dashboard for monitoring the implementation performance of the NDS 2030, workflow automation, and providing access to existing document management system, e-Archive, and other digital solutions).

As a part of the subcomponent 1.2 activities, the GoK will hire a consulting firm (hereinafter “The Consultant”) to develop a Cloud Computing National Strategic Approach and Transition Plan providing a roadmap for transitioning to a hybrid government cloud platform. The Consultant will also prepare the detailed requirements and draft bidding documents for the supply and installation of necessary software, hardware, network equipment and other components (to be implemented through another contract) needed for the implementation of the proposed plan. The Consultant will not be involved in the implementation of proposed solutions.

In addition, the Consultant will develop a comprehensive Disaster Recovery Contingency and Continuity of Operations Framework to address the short-term and long-term needs identified by the GoK including the establishment of a DRC.[1] The Consultant will also prepare the detailed requirements and draft bidding documents for the supply and installation of necessary software, hardware, network equipment, as well as the refurbishment of the building and facilities and other components (to be implemented through another contract) to enhance the SDC and the short-term and long-term DRC platform(s) for the successful implementation of the proposed framework. The Consultant will not be involved in the implementation of proposed solutions. The DRC is expected to be a part of the future hybrid government cloud including built-in disaster recovery and continuity solutions.

  1. Objectives

The objective of this consultancy assignment is to develop a Cloud Computing National Strategic Approach and Transition Plan for adoption and utilization of cloud computing within the government of Kosovo. This strategic approach should address technical, operational, business processes, security, and policy considerations to ensure a robust and well-coordinated transition to cloud-based services, and prepare the detailed functional and technical requirements together with the draft bidding documents for the supply and installation of necessary information and communication technology (ICT) systems and equipment to implement the proposed technical solutions (to be purchased through a competitive selection process later).

The other objective of this consultancy assignment is to conduct a needs assessment and prepare the detailed functional and technical requirements for the development of a comprehensive Disaster Recovery Contingency and Continuity of Operations (DR/COOP) Framework for the GoK, together with the draft bidding documents for the supply and installation of necessary information and communication technology (ICT) equipment to enhance the SDC and DRC platforms (to be purchased through a competitive selection process later). This part of the assignment will mainly focus on the development of requirements and draft bidding documents for the short-term and long-term DRC, while developing the long term DR/COOP framework for the GoK. 

  1. Scope of Work and Activities

During this engagement, the Consultant (Firm) is expected to carry out the following tasks:

    1. Review international best practices, standards and trends in cloud computing adoption and security, including analysis and comparison (pros and cons from technical, operational, business processes, security, legal and Total Cost of Ownership (TCO) perspective) of cases of utilizing private, public and hybrid cloud by the governments.
    2. Conduct an “As-Is” assessment of information systems and applications used by the AIS as common applications and the Ministries, Departments, and Agencies (MDA) as core applications.
    3. Review human resource skills and competencies of MDAs related to cloud computing operations.
    4. Analyze options from the technical, operational, business processes, security, legal and TCO perspective and develop a recommended national strategic approach for cloud computing with an action plan and a roadmap for adopting cloud approach and migration to government cloud in information systems, in line with the new e-Gov strategy action plan.
    5. Identify necessary IT solutions and IT Equipment (ITE) improvements for transition to cloud computing, including acquisition of energy-efficient critical ITE as a basic design principle.
    6. Prepare (or recommend adopting international) policies, frameworks, and standards needed to provide direction and basis for MDA data center decommissioning, cloud computing transition, and migration. Policies and frameworks should be consistent with Government of Kosovo regulations, and preferably with the European Union Agency for Cybersecurity (EU/ENISA) references when available.
    7. Prepare a Cloud Computing Transition Plan prioritizing at risk MDA core applications and databases and proposing a structured plan for preparing MDAs to transition to GovCloud. This plan will ensure that transition for MDAs is scheduled, supported, and adequate cloud resources available. Transition plan must be coordinated with MDA stakeholders and approved by AIS.
    8. Propose a Cloud Computing Center of Excellence (CCOE) within AIS and coordinate with AIS and MDA leadership to encourage cloud-skilled staff to assist with consulting services and assistance for MDAs transitioning to GovCloud. The CCOE resources will include cloud transition process development, security controls, testing plans, commissioning plans, and acceptance criteria. In some cases, the CCOE may also assist MDAs in planning when core applications are incompatible with a cloud computing environment.
    9. Prepare a change management, training and recruitment plan for MDAs and AIS to develop required skills and competencies needed to fully implement and realize cloud computing benefits. Skills criteria should follow either Skills Framework for the Information Age (SFIA v8) or the European e-Competency Framework. Staffing and recruiting plan will be approved by AIS.
    10. Prepare the detailed requirements for the acquisition of necessary equipment and solutions, including cost and duration estimates for the supply and installation of proposed equipment and solutions to support transition to cloud computing.
    11. Prepare the draft bidding documents (in line with the World Bank procurement guidelines for the purchase of information systems/request for bids).
    12. Assist the GoK during the selection of solution providers for the supply and installation of necessary equipment and solutions, and during the implementation of the proposed solutions.
    13. Review the existing SDC and DRC platforms, previously prepared assessment reports, as well as related regulations, practice, and business and operations continuity plans, and perform a needs assessment.
    14. Identify necessary improvements for a sustainable SDC and DRC environment, including the readiness for cloud computing, and the acquisition of energy efficient critical equipment, as needed, to safeguard the information stored and maintained in the government’s registries.
    15. Prepare a DR/COOP Framework, and an action plan for the implementation of proposed solutions.
    16. Propose a change management and training program for supporting the implementation of the framework and for strengthening the capacity of government officials involved in the SDC and DRC operations.
    17. Prepare the detailed requirements for the acquisition of necessary equipment, including cost and duration estimates for the supply and installation of proposed DRC solutions.
    18. Prepare the draft bidding documents (in line with the World Bank procurement guidelines for the purchase of information systems/request for bids) for the establishment of a DRC.
    19. Assist the GoK during the selection of solution providers for the supply and installation of necessary equipment, and during the implementation of the proposed DRC solutions.

The details of above tasks m) to s) are presented below:

Functional Area

Task

Continuity of Business and Operations Plan

 

Develop AIS Continuity of Operations Plan

  • Conduct an audit of all Government of Kosovo MDAs to assess information system (IS) readiness, database structure, documentation of data into meta-directory format.
  • Conduct an audit of all MDAs to determine current continuity of business and operations procedures and objectives.
  • Prepare an alignment table showing all policies, standards, and frameworks with relevant touchpoints to Continuity of Business and Operations.
  • Complete a Business Impact Analysis for all Core Government Information Systems and Shared Applications.
  • Review already identified temporary continuity/DRC location.
  • Determine continuity hardware, telecommunications, application, and refurbishment requirements at designated short-term continuity/DRC location and for a long-term DRC solution which will be based on the GoK decided strategic approach to cloud.
  • Develop Risk Assessment with potential Continuity of business and operations events.
  • Develop Continuity of Business and Operations Initiation Checklist.
  • Develop Recovery, Reconstitution, and COOP deactivation process.

Disaster Recovery Plan

Complete a Disaster Recovery Plan including facilities (as selected and provided by GoK), telecommunications and interconnections, information technology equipment, information systems, and cloud computing high availability architecture.

  • Complete an As-Is assessment of all GoK MDA Data Centers, including disaster recovery capabilities.
  • Complete an As-Is assessment of all core information systems in use within GoK MDAs and disaster recovery capabilities.
  • Complete a Gap Analysis to determine development requirements for DR Plan.
  • Identify critical information systems and network interconnections.
  • Identify staff position responsible for IT / IS systems and networks.
  • Determine RTO and RPO requirements.
  • Identify steps and time to restart, reconfigure, and recover information systems and supporting IT Equipment and networks.
  • Develop emergency operations procedures required during an unforeseen incident/s.
  • Consult with MDA stakeholders for acceptance of proposed disaster recovery plan.

Procurement

Assist the GoK during the preparation of bidding documents and the selection of solution provider(s) for the supply and installation of necessary equipment and the refurbishment of the selected data center for the DRC.

  • Prepare the detailed requirements for the acquisition of necessary equipment, including cost and duration estimates for the supply and installation of proposed solutions.
  • Prepare the draft bidding documents (in line with the WBG procurement guidelines for the purchase of information systems/request for bids).
  • Review technical proposals and provide comments on their compliance with the functional and technical requirements.
  • Assist the GoK in the clarification of specific issues related to the proposed technical solutions.

Implementation

Assist the GoK during the establishment of the DRC

  • Assist the GoK during the establishment of the short-term DRC to ensure compliance with contractual requirements.
  • Assist the GoK while conducting disaster recovery and failover testing.
  1. Methodology

Cloud Computing Strategic Approach and Transition Plan

The Consultant will prepare a Cloud Computing Strategic Approach and Transition Plan to provide a roadmap for transitioning to a government cloud platform, providing business and operational continuity, ensuring data and information systems confidentiality, integrity, availability, security, and portability. The Consultant will also support the preparation of associated policies aimed at ensuring cloud readiness and cloud awareness of all new information systems.

One of the main purposes of the Cloud Computing Strategic Approach and Transition Plan is to provide a pathway for Kosovo Government Ministries, Departments, and Agencies (MDAs) to decommission local data centers and IT resources through migration or transition to an AIS operated national GovCloud employing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). 

The Cloud Computing Strategic Approach and Transition Plan relies on supporting policies, frameworks, and standards to ensure that Government and citizen information systems and data created or stored within cloud systems is secure, available, timely, and relevant. The Strategic Approach and Plan will consider potential combinations of government owned and operated private cloud resources for MDA transition, government owned and operated disaster recovery cloud computing resources, and public and/or hybrid cloud computing models provided by commercial cloud service providers (CSPs) for the primary and the disaster recovery needs.

Supporting policies and frameworks needed for developing the Cloud Computing Strategic Approach and Transition Plan may include:

  • Cloud First Policy
  • National Cloud Computing Reference Architecture
  • National Data Centre Consolidation Plan.

The Consultant will conduct an “As-Is” assessment of information systems and applications in use by both AIS as common applications and MDA core applications.  Consideration is given to categorizing Transition Readiness as:

  • Cloud Ready
  • Cloud Aware
  • Incompatible with Cloud Resources (e.g., RISC-based systems)
  • Applications or information at risk of potential failure or loss due to obsolete hardware, unsupported software, lack of disaster recovery capabilities, and lack of capability to adopt new information systems due to lack of local resources.

The Consultant will also evaluate MDA human resource skills and competencies related to cloud computing operations including the following positions:

  • Cloud Platform Architect
  • Enterprise Architect
  • Cloud Solutions Architect
  • Database Administration
  • Cloud Service Delivery and Orchestration

Individuals identified having specific cloud computing-related skills and competencies may be considered for inclusion in an AIS Cloud Computing Center of Excellence (CCOE), which may be called on to assist MDAs in their transition planning for migration to GovCloud.

Disaster Recovery Contingency and Continuity of Operations Framework (DR/COOP)

The main purpose of the Disaster Recovery Contingency and Continuity of Operations Framework (DR/COOP) is to ensure that the GoK can operate existing digital government systems in the event of natural or man-made disasters, including civil disruption or other national emergencies. The proposed plan must also be fully cloud aware, including the potential of employing a hybrid cloud outside of the territory of Kosovo using cloud service providers in the countries allowed by the Kosovo legislation and approved by the GoK.

The DR/COOP Framework will follow ISO 22301:2019 “Security and resilience - Business continuity management systems – Requirements” in addition to specific Continuity of Government requirements established by the GoK and through individual stakeholder meetings with related Ministries, Departments, and Agencies (MDAs).

Supporting policies and frameworks needed for developing the Disaster Recovery Contingency and Continuity of Operations Framework include:

  • Data Classification Policy.
  • Succession Management Plan.
  • National Continuity of Operations Plan.

The GoK will develop a new Data Classification Policy and related action plans through another activity. Hence, this assignment will not focus on above areas to avoid a potential overlap.

The GoK State Data Center and planned Disaster Recovery Center will provide disaster recovery resources for ensuring ICT infrastructure do not present any single point of failure for the information systems. Disaster recovery plans must be applicable to both localized equipment or systems failures, as well as larger natural and man-made disasters. The disaster recovery plan is based on a combination of availability and data center resource design.

ISO 22301 includes the following metrics for availability:

  • Maximum Acceptable Outage (MAO): The length of time an activity or process can be unavailable or ineffective before the health and survival of the organization are threatened.
  • Minimum Business Continuity Objective (MBCO): The lowest level of products or services that is acceptable for a business to offer during a disruption.
  • Recovery Timeframe Objectives (RTO): This refers to the prioritization of key activities and the timing that makes those activities operational.

One additional measurement required for the Disaster Recovery Plan includes a Recovery Point Objective (RPO): The maximum amount of data, as measured by time, that can be lost after recovery from a disaster, failure, or comparable event before data loss will exceed what is acceptable to an organization.

The data center designs should be based on an international data center design standard such as BICSI 002-2019, CENELEC 50600, or TIA-942, considering the dynamics of a multi-data center design and an information systems transition to cloud computing.

The Continuity of Operations Plan will include the following main considerations:

  • Program plans and procedures
  • Risk management
  • Budgeting and acquisition of resources
  • Essential functions
  • Orders of succession
  • Delegations of authority
  • Continuity of facilities
  • Continuity of communications
  • Incident records management
  • Human resource management (staffing)
  • Test, training, and exercise plan
  • Devolution of control and direction
  • Reconstitution of operations
  • Continuity of business and operations
  • Operational phases
  • Implementation process (approvals)

The Disaster Recovery Plan is a supporting component of the Continuity of Operations Plan but can be initiated on its own in the event of a localized incident.

The Continuity of Operations plan must be coordinated and aligned with national and MDA continuity plans, in cases when they exist.

The intent for all tasks and requirements is to develop standards, frameworks, processes, and skills needed for the GoK – and the general public – to improve the overall security profile and capabilities of information and technology systems across government. It is expected at the end of the contract, security operations will be the responsibility of the GoK MDAs.

  1. Timing and Inputs

This assignment is expected to start once the contract is signed by the consulting firm and be completed within a period of 60 weeks.

The Consulting firm is expected to provide minimum 16 person-months (p-m) of total input within this period through six (6) key experts with required qualifications to complete the activities listed above through in-country assistance, coordination, reporting and presentations of the analysis and recommendations to the GoK officials, including: KE-1: international expert leading the team; KE-2: international expert experienced on cloud platform architecture; KE-3: international  expert experienced on cloud solutions architecture; KE-4: international expert with experience on the design and implementation of disaster recovery solutions; KE-5: international or national expert with expertise on the procurement and implementation of cloud solutions; and KE-6: international or national expert with expertise on the procurement and implementation of disaster recovery and business continuity solutions.. The team should work in Kosovo for a minimum of 9 person-months in total during this assignment (KE-1: 3 p-m; KE-2: 1 p-m; KE-3: 1 p-m; KE-4: 1.5 p-m; KE-5: 0.5 p-m; KE-6: 1 p-m).

  1. Deliverables and Reports

The Consultant shall prepare the following deliverables:

No.

Deliverable

Deadline*

1

The Inception Report presenting the methodology, meeting requirements with AIS and MDA stakeholders, unique considerations for Kosovo government’s strategic approach to cloud and MDAs transitioning to cloud, and key deliverables, together with the work plan of the assignment with clearly defined deadlines, indicating the expected amount of work and results, acceptable to the GoK.

Week 4

2

The Interim Report-1 covering the review of international best practices, standards and trends in cloud computing adoption, Cloud Readiness Assessment of information systems, skills, and competencies at each MDA, as well as the proposed (or recommended international) policies, frameworks, and standards needed to provide direction and basis for MDA data center decommissioning, cloud computing transition, and migration. All results documented in an informative report including status, risk assessments, and stakeholder concerns.

Week 12

3

The Interim Report-2 including the Cloud Computing Strategic Approach and Transition Plan prioritizing at risk MDA core applications and databases, and a structured plan for preparing MDAs to transition to GovCloud, the proposed Cloud Computing Center of Excellence (CCOE) model, and a training and recruitment plan for MDAs and AIS to develop required skills and competencies.

Week 18

4

The Interim Report-3 covering the review of existing information systems, ICT infrastructure, data centers, business needs and relevant plans/standards, as well as the initial disaster recovery continuity of operations plans.

Week 12

5

The Interim Report-4 covering the detailed DR/COOP framework prepared in consultation with the government stakeholders from related MDAs, together with high availability and failover requirements for cloud computing environment.

Week 18

6

The Final Report (part 1) including summaries of all previous reports and overall project assessment. The report should include the final version of the Cloud Computing strategic Approach and Transition Plan, and the detailed functional and technical requirements for the acquisition of necessary equipment and solutions, including cost and duration estimates for the supply and installation of proposed equipment and solutions, and the draft bidding documents.

Week 24

7

The Final Report (part 2) covering the final version of the DR/COOP framework and action plan, as well as the detailed functional and technical requirements for the acquisition of necessary equipment for the short-term and long-term DRC, including cost and duration estimates for the supply and installation of proposed solutions, and the draft bidding documents.

Week 24

8

The Implementation Progress Report-1 covering the support provided during the procurement of solutions related to the Cloud Strategic Approach and Transition Plan.

Estimate Week 36*

9

The Implementation Progress Report-2 covering the support provided during the implementation of solutions related to Cloud Strategic Approach and Transition Plan and CCOE, change management, and training activities.

Estimate

Week 58*

10

The Implementation Progress Report-3 covering the support provided during the procurement of a short-term DRC solution.

Estimate Week 36*

11

The Implementation Progress Report-4 covering the support provided during the implementation of a short-term DRC solution.

Estimate

Week 60*

(*) All dates are after the signature and effectiveness of the contract. Deadlines for items 5 and 6 may be shifted depending on the duration of procurement and implementation phases.

  1. Reporting

The Project Manager shall be the Consultant’s main counterpart on key substantive matters related to this assignment. The Consultant shall work closely with the DTU and AIS staff. Interaction with related government entities, as well as the development partners providing technical assistance to the GoK for the implementation of the digital agenda may also be required.

The Project Manager will facilitate the Consultant’s access to the necessary documentary materials as well as access to the key stakeholders to the assignment. In the Consultant’s working relations with the GoK officials and other stakeholders, the Consultant will be expected to be self-sufficient and conduct himself/herself in the highest professional manner.

The reports must be submitted in English and Albanian language in electronic format.

  1. Resources Provided

The GoK shall be responsible for all basic logistics, staff office accommodation, and internal administration, required to perform the assignment.

The GoK will provide administrative and communications assistance (except cellular), meeting/conference logistics and space, and other such resources, required to perform the assignment. International calls will be paid by the Consultant.

  1. Qualifications

The Consultant firm must possess, at the minimum, the following:

General qualifications:

  1. The Consultant firm must be a legally established and registered entity.
  2. The Consultant firm should demonstrate at least ten (10) years of relevant experience.
  3. Demonstrated capacity to engage with public institutions, national and local authorities;
  4. Demonstrated experience working with international donors;

Specific qualifications:

  1. The Consultant firm must have successfully completed at least two (2) projects including the design and implementation of strategic approach and transition to a government cloud platform and at least two (2) projects including the design and implementation of disaster recovery and business continuity solutions within the last five (5) years (as the main solution provider or main contributor in a joint venture). Successfully completed projects will be presented through a table listing the name of the relevant assignments, short scope of work, contract start and end dates, country/region, and contact reference (name, e-mail, phone number).
  2. Excellent project management skills, including quality assurance of work products; ability to deliver high-quality outputs in a high-pressure multicultural environment;
  3. Excellent command of English, with the ability to deliver high-quality report writing, presentation, and communication skills, with experience in communicating and engaging with high-level decision makers in the public sector

The Consultants’ Staff CV are NOT subject to evaluation at the shortlisting stage.

The attention of interested Consultants is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the World Bank’s “Procurement Regulations for IPF Borrowers” July 2016 revised November 2017, August 2018, November 2020, September 2023 (“Procurement Regulations”), setting forth the World Bank’s policy on conflict of interest.  

Consultants may associate with other firms to enhance their qualifications, but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected.

The Consultant firm will be selected in accordance with Quality-and Cost-Based Selection (QCBS) method set out in the World Bank’s Procurement Regulations for IPF Borrowers (July 2016, revised November 2017, August 2018, November 2020 and September 2023).

The Consultant firm must ensure that the key experts who will perform the listed activities possess the following qualifications:

KE-1: Team Leader (6 person-months; 3 p-m onsite and 3 p-m remote)

  • At least BA/BS Degree in systems engineering, computer science, computer engineering, information technology, management information systems or equivalent.
  • International expert with at least ten (10) years of relevant experience in the region or other parts of the world, preferably in countries with transitional economies.
  • At least three (3) relevant projects completed over the past eight (8) years.
  • Minimum five (5) years of technical architecture design, evaluation, and investigation experience.
  • Minimum five (5) years of project management experience.
  • Minimum two (2) years of professional experience in one or more of the following areas:
    • Public and private cloud discovery, design, build, and migration experience.
    • Application of cloud economics and as-a-service business models.
    • Application of cloud-based delivery models in selected industries or horizontals.
  • Recognized industry cloud architect certification.
  • Experience with private and public cloud architectures, pros/cons, and migration considerations.
  • Technical/Team Leadership Experience.
  • Personnel Development Experience (hiring, resource planning, performance feedback, etc.).
  • Experience in developing disaster recovery and continuity of operations plans for private and hybrid cloud computing environments.
  • Excellent communication skills (both written and oral).
  • Strong interpersonal skills.
  • Ability to be flexible and work analytically in a problem-solving environment.
  • Attention to detail.
  • Strong organizational & multi-tasking skills.
  • Ability to handle ambiguity and make decisions and recommendations with limited data.
  • Solid analytical/problem-solving skills with capability to identify solutions to unusual and complex problems.
  • Experience working with senior government or enterprise leadership regarding information security strategy, information security incident response, and information security governance.
  • Certifications and continuing professional learning demonstrating subject matter expertise in information systems governance, information security, risk, disaster management, cloud computing (e.g., CRISC, CISA, ETL, CGEIT, etc.).
  • Fluency in English.

KE-2: Cloud Platform Architecture (2 person-months; 1 p-m onsite and 1 p-m remote)

  • At least Bachelor’s degree in information and communication technologies or an equivalent combination of academic qualifications and work experience.
  • International expert with at least eight (8) years of relevant experience in the region or other parts of the world, preferably in developing countries.
  • At least two (2) relevant projects completed over the past seven (7) years.
  • Minimum four (4) years of technical architecture design, evaluation, and investigation experience.
  • Minimum two (2) years of professional experience in one or more of the following areas:
    • Public and private cloud discovery, design, build, and migration experience.
    • Application of cloud economics and as-a-service business models.
    • Application of cloud-based delivery models in selected industries or horizontals.
  • Recognized industry cloud platform architect certification.
  • Demonstrated experience with practical application of leading digital technologies, in particular related to cloud architecture.
  • Certification in Cloud Computing implementation, integrations, or equivalent experience.
  • Desirable - Certifications and continuing professional learning demonstrating subject matter expertise in information systems governance, information security, risk, disaster management, cloud computing (e.g., CRISC, CISA, ETL, CGEIT, etc.).
  • Fluency in English.

KE-3: Cloud Solutions Architecture (2 person-months; 1 p-m onsite and 1 p-m remote)

  • At least Bachelor’s degree in information and communication technologies or an equivalent combination of academic qualifications and work experience.
  • International expert with at least eight (8) years of relevant experience in the region or other parts of the world, preferably in developing countries.
  • At least two (2) relevant projects completed over the past seven (7) years.
  • Minimum four (4) years of technical architecture design, evaluation, and investigation experience.
  • Minimum two (2) years of professional experience in one or more of the following areas:
    • Public and private cloud discovery, design, build, and migration experience.
    • Application of cloud economics and as-a-service business models.
    • Application of cloud-based delivery models in selected industries or horizontals.
  • Recognized industry cloud solutions architect certification.
  • Demonstrated experience with practical application of leading digital technologies, in particular related to cloud architecture.
  • Certification in Cloud Computing implementation, integrations, or equivalent experience.
  • Desirable - Certifications and continuing professional learning demonstrating subject matter expertise in information systems governance, information security, risk, disaster management, cloud computing (e.g., CRISC, CISA, ETL, CGEIT, etc.).
  • Fluency in English.

KE-4: Disaster Recovery Planning (3 person-months; 1.5 p-m onsite and 1.5 p-m remote)

  • At least Bachelor’s degree in information and communication technologies or an equivalent combination of academic qualifications and work experience.
  • International expert with at least eight (8) years of relevant experience in the region or other parts of the world, preferably in developing countries.
  • At least two (2) relevant projects completed over the past seven (7) years.
  • Network and IT Security administration experience (5 years)
  • Demonstrated experience with practical application of leading digital technologies, in particular related to cloud architecture.
  • Knowledge and experience of ICT sector security issues.
  • Certified in designing data center facility and interconnectivity infrastructure (e.g., BICSI RCDD).
  • Certified in one or more internationally accepted ICT, data, data analytics, or data sharing qualifications.
  • Certification in Cloud Computing implementation, Integrations, PaaS utility development and implementation, or equivalent experience.
  • Certified or trained in one or more of the following security audit, risk assessment, and governance certifications/standards: CGEIT, CRISC, Open FAIR, ISO 31000, ISO 27005, NIST SP 800-60, ISO 2230x, NIST SP 800-34r1.
  • Fluency in English.

KE-5: Cloud Computing Procurement and Implementation (1 person-months; 0.5 p-m onsite and 0.5 p-m remote)

  • At least Bachelor’s degree in information and communication technologies or an equivalent combination of academic qualifications and work experience.
  • International or national expert with at least eight (8) years of relevant experience in the region or other parts of the world, preferably in developing countries.
  • At least two (2) relevant projects completed over the past seven (7) years.
  • Recognized industry cloud solutions architect certification.
  • Experience in the procurement and implementation of cloud solutions, including change management and training activities.
  • Knowledge and experience of preparing the bidding documents for World Bank funded activities supporting the supply and installation of solutions for disaster recovery and business continuity.
  • Desirable - Certifications and continuing professional learning demonstrating subject matter expertise in information systems governance, information security, risk, disaster management, cloud computing (e.g., CRISC, CISA, ETL, CGEIT, etc.).
  • Fluency in English (also, fluency in Albanian is preferred).

KE-6: Disaster Recovery / Business Continuity Procurement and Implementation (2 person-months; 1 p-m onsite and 1 p-m remote)

  • At least Bachelor’s degree in information and communication technologies or an equivalent combination of academic qualifications and work experience.
  • International or national expert with at least eight (8) years of relevant experience in the region or other parts of the world, preferably in developing countries.
  • At least two (2) relevant projects completed over the past seven (7) years.
  • Experience in the procurement and implementation of disaster recovery and business continuity solutions, including change management and training activities.
  • Knowledge and experience of preparing the bidding documents for World Bank funded activities supporting the supply and installation of solutions for disaster recovery and business continuity.
  • Desirable - Certified in designing data center facility and interconnectivity infrastructure (e.g., BICSI RCDD).
  • Desirable - Certified in one or more internationally accepted ICT, data, data analytics, or data sharing qualifications.
  • Fluency in English (also, fluency in Albanian is preferred).

 

 

[1]  The GoK identified a suitable location for the temporary DRC to provide backup and colocation services to selected public entities to address their urgent business continuity and backup needs. The Consultant is expected to benefit from existing diagnostic reports and focus on the development of requirements for the selected location during this assignment.