REQUEST FOR PROPOSAL - DATA SECURITY AND PROTECTION POLICY

NGO Jobs / UN Jobs Vacancy



Organization: International Treatment Preparedness Coalition
Closing date: 23 Mar 2021

Purpose

The International Treatment Preparedness Coalition (ITPC) is conducting a global competitive search for proposals from qualified firms or individual contractors or part time external privacy expert to develop a Data Security and Data Protection Policy that enables ITPC to be Global Data Protection Regulation (GDPR) Compliant. The project is expected to last 1 month and be conducted over a series of remote meetings.

It is the intent of this RFP to secure competitive proposals for the provision of legal and technical advice to support the compliance with existing local data legislation and GDPR across the countries of ITPC operations.

ITPC is committed to obtaining a fair value for services received with a competitive price and timely delivery of the right quantities at the right quality.

1. SCOPE OF WORK

There are 2 aspects to this remote work:

  • GDPR compliance and general enterprise-wide data safety and security and;
  • A policy that outlines management of above and program data at ITPC. Careful management of recipient of care data is essential to effective program implementation. By carrying out surveys, focus group discussions and interviews and for example, advocacy campaigns, projects and programs capture highly sensitive data and content in the form of pictures, audio clips and videos for the purpose of programme implementation and improved outcomes. Sharing this kind of information with partners, donors and the general public has inherent legal, ethical and operational implications and must be considered within the broader framework of data protection, privacy and human rights.

GDPR compliance across all operations:

Produce a risk assessment report with mitigation plan appropriate for the size and complexity of our organization.

  • Map data (ITPC files, project and program data) across ITPC including the data owners, current storage, archiving and processing practices. Provide advice on potential data breaches already occurred or occurring during the contract length.
  • Conduct interviews as needed – regions, staff etc.
  • Compare GDPR legislation and POPIA requirements to practices in operation to identify areas of non-compliance with a suggested corrective action plan for implementation.
  • Present by PowerPoint to Senior Management for review and discussion.

Produce a data security and protection policy that covers:

  • Review data security guide that is in draft form at ITPC to extract relevant content.
  • Develop a table of contents and overall plan for SMT approval before producing the policy.
  • Policy content to include:
  • ITPC’s approach to data protection
  • Legal framework, human rights, data protection principles
  • A step-wise guide on how to apply the policy to our projects and beneficiary data
  • Data Breaches
  • Prevention
  • Monitoring
  • Response plan
  • Provide a sample data use/processing agreement that ITPC can customize for our data processors (persons or partners we engage).
  • Provide a sample data processing map and advise how we can customize for our systems.
  • Recommend appropriate on-line privacy training for ITPC staff, consultants, and volunteers.
  • Recommendations for remaining GDPR compliant over time
  • Create a self-assessment checklist for senior management on GDPR compliance.
  • Conduct one 3-hr session for all staff on key aspects of the policy.

Planning and Reporting

  • Provide a complete project plan of the activity, noting the input required when and from which key stakeholders.
  • Provide a short bi-weekly update to the Director of Finance, Director Global Programs and Advocacy and Executive Director of progress made and key concerns arising during project
    2. PERIOD OF PERFORMANCE

April 12, 2021 to May 31, 2021.

3. OTHER CONSIDERATIONS

The vendor should document their experience related to GDPR Compliance work in international non-profit vertical market.

4. Conflict of Interest

  • State whether you or your firm or any individual within your firm represents any clients or interests that may create an actual or potential conflict in the performance of services for ITPC. Please include any additional information as an attachment.
  • Please include a statement to the effect that, at the time your firm is selected by ITPC Global, if any facts are known or come to light which create an actual or potential conflict that information will be fully disclosed in writing to ITPC Global. Also, please describe your firm’s policies or procedures for avoiding ethical or conflicts of interest violations

5. References:

Please provide a minimum of three references, preferably other non-profit organizations of like size and scope to ITPC. Provide the name, title, address, and telephone number for each reference. Please provide information referencing the actual services provided.

6. RFP SUBMISSION REQUIREMENTS

All prospective bidders must complete the following steps:

  1. A breakdown of tasks, their LOE and estimated costs per activity

  2. A total cost of project.

  3. Cost estimates should include all taxes.

  4. Submit company documentation including but not exclusively:

a) GDPR and privacy compliance experience

b) Key personnel resume and GDPR experience

  1. Submit an explanation of project implementation method.

  2. References of current and similar clients.

7 . CRITERIA FOR SELECTION

The evaluation of each response to this RFP will be based on the requirements set out in the solicitation and any addenda thereto. At the sole discretion of ITPC Global, the top proposals may be selected for follow-up questions or to provide an oral presentation.

The following weighting and points will be assigned to the proposal for evaluation purposes:

Experience of the expert / company – including bios of the experts advising: (20 points)

  • Range and depth of company experience
  • Relevant client reference to similar contracts
  • Internal good practice policies
  • Resources available to deliver
  • Clarity of project method & plan - 30 points
  • Price for services & deliverables - 40 points
  • References - 10 points

TOTAL - 100 POINTS

ITPC reserves the right to award the contract to the organization or consultant whose proposal is deemed to be in the best interest of ITPC. ITPC will not award a contract to any bidder where there is a lack of business integrity.

8. TERMS AND CONDITIONS

  1. The Request for Proposal is not and shall not be considered an offer by ITPC.

  2. All responses must be received on or before the date and time indicated on the RFP.

  3. All unresponsive offers will be rejected.

  4. All proposals will be considered binding offers. Prices proposed must be valid for entire period provided by respondent.

  5. All awards will be subject to ITPC contractual terms and conditions and contingent on the availability of donor funding.

  6. ITPC reserves the right to accept or reject any proposal or cancel the solicitation process at any time and shall have no liability to the proposing organizations submitting proposals for such rejection or cancellation of the request for proposals.

  7. ITPC reserves the right to accept all or part of the proposal when award is provided.

  8. All information provided by ITPC in this RFP is offered in good faith. Individual items are subject to change at any time, and all bidders will be provided with notification of any changes. ITPC is not responsible or liable for any use of the information submitted by bidders or for any claims asserted therefrom.

  9. ITPC reserves the right to require any bidder to enter into a non-disclosure agreement.

  10. The bidders are solely obligated to pay for any costs, of any kind whatsoever, which may be incurred by bidder or any third parties, in connection with the Response. All responses and supporting documentation shall become the property of ITPC, subject to claims of confidentiality in respect of the response and supporting documentation, which have been clearly marked confidential by the bidder.

  11. Bidders are required to identify and disclose any actual or potential conflict of interest.

How to apply:

SCHEDULE OF EVENTS

  1. Email finance@itpcglobal.org by 15th March 2021 informing whether your firm will or will not be responding to the RFP.

  2. Questions regarding this request may be addressed in writing to and sent to finance@itpcglobal.org and must be received no later than 5pm SAT 15th March 2021. Responses will be published by end of day 17th March 2021.

  3. Proposals in response to the RFP should be addressed to the finance@itpcglobal.org and must be received no later than 5pm SAT 23rd March 2021.

  4. April 5-6: In person interviews with finalists

  5. April 9: Selection will be announced.

  6. April 12: anticipated Contract Start Date



Apply to Job

Comments

Popular posts from this blog

Head Anticipation Hub (m/f/d)

Escuintla Associate, Guatemala

Consultant - Market System Development & Value Chain Development