BIDDING INSTRUCTIONS – TECHNICAL PROPOSAL
Bidders shall submit a proposal (all four parts in one (1) document) clearly providing the following information:
a.: Cover page with the following information: company name; name(s) of assigned contractor personnel; role(s) and responsibilities assigned to each profiled contractor personnel.
b.: Evidence of successfully delivering scope similar to the statement of work within the last five years. Each evidence shall demonstrate proof of performance and be comparable in size and scope to the requirements of the statement of work.
c.: CVs of the proposed contractor personnel.
d.: Effort estimation (exclusively provided for evaluation purposes) covering the following: estimated labour cost for BASE contract and quarterly options; estimated costs associated with travel for BASE contract and quarterly options.
Deadline Date: Tuesday 26 May 2026
Requirement: Software Application Development Services
Location of Performance: 100% off-site with occasional travel to various NATO or non-NATO locations.
Note: Please refer to your Subcontract Agreement, article 6.4.1.a, which states “Off-Site Discount: 5% (this discount is applicable to all requirements, and applies when the assigned personnel are permitted to work Off-Site, such as at- home)". Please be sure to price this discount in your overall price proposal when submitting bids against off-site RFQs
Period of Performance: BASE: 1 July 2026 – 31 December 2026.
Quarterly Options (if required): 1 January 2027 – 31 December 2028.
Required Security Clearance: NATO SECRET or above. It is acceptable to be in the process of acquiring a security clearance.
1. INTRODUCTION
The NATO Information and Communication Agency (NCIA), located in The Hague, The Netherlands, is currently involved in the development of new capabilities for NATO as well as in the support of existing capabilities.
At the Command and Control (C2) Business Area, NCIA is delivering secure, innovative, coherent, and interoperable communications and information systems solutions to enable command and control of NATO forces, where and when required.
In the light of these activities, the C2 Business Area is looking for support for the development of new capabilities and enhancement of existing features in the existing NATO TOPFAS Application Services.
2. OBJECTIVES
The main objectives of this statement of work are to deliver functional, maintainable, and high-quality software features, enhancements, and fixes in alignment with business requirements and architecture guidelines; and to maintain stable, secure, and performant software systems by applying best practices in coding, testing, automation, and continuous integration.
3. DELIVERABLES
The scope of this statement of work covers the deliverables described in the sections below. The deliverable-to-project-code mapping is as follows:
D01: ACO021634 – CyOC CPAL Services
D02: ACO021634 – CyOC CPAL Services
D03: ACO021634 – CyOC CPAL Services
D04: SRV021269 – TOPFAS Application Service
D05: SRV021269 – TOPFAS Application Service
D06: SRV021269 – TOPFAS Application Service
3.1 D01: Implemented TOPFAS Application Suite Features
To establish the deliverable, the contractor personnel will design, develop, and deliver high-quality code implementing new features and user stories; improve existing functionality through refactoring and optimizations; use version control (Git) properly and apply branching strategies in use; write automated unit and integration tests; follow coding standards and architectural patterns and ensure code meets quality gates (linting, tests, coverage thresholds); participate in code reviews; assist QA when needed; and prepare and support test events with users and stakeholders.
Evidence of Completion and Acceptance Criteria
Merged Pull Request including functional testing and code review; passing automated tests; build pipeline success; code review approval; no blocking violations (Sonar, static analysis, vulnerabilities); feature accepted by technical lead or product owner; task/PBI status created and updated in Azure DevOps.
Key Performance Indicators
DEV-KPI-01: Sprint/User Story completion rate: 90% or more of committed stories completed per sprint.
DEV-KPI-02: Code quality gate compliance: 100% compliance before merge.
DEV-KPI-03: Critical defects introduced into production: 0 critical defects.
DEV-KPI-04: Pull request review participation: 100% participation as assigned.
DEV-KPI-05: Git branching strategy compliance: 100% compliance.
DEV-KPI-06: Static code analysis violations: no critical or high severity violations.
DEV-KPI-07: Participation in planned test events: 100% attendance and support.
DEV-KPI-08: Build pipeline success rate: 95% or more successful builds.
Payment Conditions
Payments shall be dependent upon: acceptance of sprint deliverables; achievement of KPI thresholds; delivery of sprint reports with traceability between planned and completed scope; successful completion of testing; no unresolved critical defects; and compliance with quality standards.
3.2 D02: Implemented TOPFAS Application Suite Bugs/Issues
To establish the deliverable, the contractor personnel will develop and deliver high-quality code fixing software bugs and performance issues; use version control (Git) properly and apply branching strategies in use; write automated unit and integration tests; follow coding standards and architectural patterns and ensure code meets quality gates; participate in code reviews; assist QA when needed; and prepare and support test events with users and stakeholders.
Evidence of Completion and Acceptance Criteria
Merged Pull Request including functional testing and code review; passing automated tests; build pipeline success; code review approval; no blocking violations (Sonar, static analysis, vulnerabilities); feature accepted by technical lead or product owner; task/PBI status created and updated in Azure DevOps.
Key Performance Indicators
BUG-KPI-01: Bug/Defect completion rate: 90% or more within agreed sprint/release.
BUG-KPI-02: Code quality gate compliance: 100% compliance before merge.
BUG-KPI-03: Critical defects introduced into production: 0 critical defects.
BUG-KPI-04: Pull request review participation: 100% participation as assigned.
BUG-KPI-05: Git branching strategy compliance: 100% compliance.
BUG-KPI-06: Static code analysis violations: no critical or high severity violations.
BUG-KPI-07: Participation in planned test events: 100% attendance and support.
BUG-KPI-08: Build pipeline success rate: 95% or more successful builds.
Payment Conditions
Payments shall be conditional upon: acceptance of resolved defects and fixes; achievement of KPI thresholds; delivery of sprint reports with traceability between planned and completed scope; successful completion of testing; compliance with code quality standards; and no unresolved critical defects attributable to contractor work.
3.3 D03: TOPFAS Application Suite Technical Documentation
To establish the deliverable, the contractor personnel will develop and maintain documentation needed for team usage, including: API/interface definitions; README and usage instructions; architecture notes for complex changes; and how-to and wiki documents for new technical changes, tools, or packages introduced.
Evidence of Completion and Acceptance Criteria
README/API docs updated in repo; auto-generated docs or diagrams produced from code; wiki pages and other documents created or updated.
Key Performance Indicators
DOC-KPI-01: Documentation completeness for delivered technical changes: 100%.
DOC-KPI-02: Timeliness of documentation updates: 5 working days or fewer after implementation.
DOC-KPI-03: README/usage instruction availability for new components: 100%.
DOC-KPI-04: Architecture documentation for complex changes: 100% for applicable changes.
DOC-KPI-05: Wiki/how-to documentation coverage for introduced tools/packages: 100%.
DOC-KPI-06: Documentation accessibility within agreed repositories/platforms: 100% availability.
Payment Conditions
Payments shall be conditional upon: timely updates aligned with technical implementations; successful review and validation by NCIA/team leads; acceptance of documentation deliverables; compliance with documentation standards; and delivery of sprint reports with traceability between planned and completed scope.
3.4 D04: Implemented TOPFAS Application Suite Features
To establish the deliverable, the contractor personnel will design, develop, and deliver high-quality code implementing new features and user stories; improve existing functionality through refactoring and optimizations; use version control (Git) properly and apply branching strategies in use; write automated unit and integration tests; follow coding standards and architectural patterns and ensure code meets quality gates; participate in code reviews; assist QA when needed; and prepare and support test events with users and stakeholders.
Evidence of Completion and Acceptance Criteria
Merged Pull Request including functional testing and code review; passing automated tests; build pipeline success; code review approval; no blocking violations (Sonar, static analysis, vulnerabilities); feature accepted by technical lead or product owner; task/PBI status created and updated in Azure DevOps.
Key Performance Indicators
DEV-KPI-01: Sprint/User Story completion rate: 90% or more of committed stories completed per sprint.
DEV-KPI-02: Code quality gate compliance: 100% compliance before merge.
DEV-KPI-03: Critical defects introduced into production: 0 critical defects.
DEV-KPI-04: Pull request review participation: 100% participation as assigned.
DEV-KPI-05: Git branching strategy compliance: 100% compliance.
DEV-KPI-06: Static code analysis violations: no critical or high severity violations.
DEV-KPI-07: Participation in planned test events: 100% attendance and support.
DEV-KPI-08: Build pipeline success rate: 95% or more successful builds.
Payment Conditions
Payments shall be conditional upon: achievement of KPI thresholds; delivery of sprint reports with traceability between planned and completed scope; successful completion of testing; no unresolved critical defects; and compliance with quality standards.
3.5 D05: Implemented TOPFAS Application Suite Bugs/Issues
To establish the deliverable, the contractor personnel will develop and deliver high-quality code fixing software bugs and performance issues; use version control (Git) properly and apply branching strategies in use; write automated unit and integration tests; follow coding standards and architectural patterns and ensure code meets quality gates; participate in code reviews; assist QA when needed; and prepare and support test events with users and stakeholders.
Evidence of Completion and Acceptance Criteria
Merged Pull Request including functional testing and code review; passing automated tests; build pipeline success; code review approval; no blocking violations (Sonar, static analysis, vulnerabilities); feature accepted by technical lead or product owner; task/PBI status created and updated in Azure DevOps.
Key Performance Indicators
BUG-KPI-01: Bug/Defect completion rate: 90% or more within agreed sprint/release.
BUG-KPI-02: Code quality gate compliance: 100% compliance before merge.
BUG-KPI-03: Critical defects introduced into production: 0 critical defects.
BUG-KPI-04: Pull request review participation: 100% participation as assigned.
BUG-KPI-05: Git branching strategy compliance: 100% compliance.
BUG-KPI-06: Static code analysis violations: no critical or high severity violations.
BUG-KPI-07: Participation in planned test events: 100% attendance and support.
BUG-KPI-08: Build pipeline success rate: 95% or more successful builds.
Payment Conditions
Payments shall be conditional upon: acceptance of resolved defects and fixes; achievement of KPI thresholds; delivery of sprint reports with traceability between planned and completed scope; successful completion of testing; compliance with code quality standards; and no unresolved critical defects attributable to contractor work.
3.6 D06: TOPFAS Application Suite Technical Documentation
To establish the deliverable, the contractor personnel will develop and maintain documentation needed for team usage, including: API/interface definitions; README and usage instructions; architecture notes for complex changes; and how-to and wiki documents for new technical changes, tools, or packages introduced.
Evidence of Completion and Acceptance Criteria
README/API docs updated in repo; auto-generated docs or diagrams produced from code; wiki pages and other documents created or updated.
Key Performance Indicators
DOC-KPI-01: Documentation completeness for delivered technical changes: 100%.
DOC-KPI-02: Timeliness of documentation updates: 5 working days or fewer after implementation.
DOC-KPI-03: README/usage instruction availability for new components: 100%.
DOC-KPI-04: Architecture documentation for complex changes: 100% for applicable changes.
DOC-KPI-05: Wiki/how-to documentation coverage for introduced tools/packages: 100%.
DOC-KPI-06: Documentation accessibility within agreed repositories/platforms: 100% availability.
Payment Conditions
Payments shall be conditional upon: timely updates aligned with technical implementations; successful review and validation by NCIA/team leads; acceptance of documentation deliverables; compliance with documentation standards; and delivery of sprint reports with traceability between planned and completed scope.
4. COORDINATION AND REPORTING
The contractor personnel shall report to the designated NCIA TOPFAS product manager and/or technical lead. The content of each iteration work package will be agreed with the product manager and the technical lead during the planning meeting. Deliverables shall be provided using an Agile and iterative approach.
The work will be executed mainly off-site, and some activities may require visits to other NATO locations. Development work will be carried out by accessing remotely the Azure DevOps NATO Software Factory system. The scope of the assignment will be limited to providing functional and technical solution analysis and software development, traceable through the Azure DevOps NATO Software Factory system.
The contractor personnel shall participate in planning meetings, daily status update meetings, and other meetings via electronic means using conference call capabilities, according to NCIA instructions. When using conference call capabilities, the camera feature should be used at all times. The contractor personnel shall also participate in workshops, events, and conferences related to the supported services, as requested by the NCIA project team.
5. PERIOD OF PERFORMANCE
This task order will be active immediately after signing of the contract by both parties. The services are to be provided from 1 July 2026 through 31 December 2026, with quarterly options starting 1 January 2027 up to 31 December 2028.
6. DELIVERABLES AND PAYMENT MILESTONES
The prioritized list of user stories and activities will be determined and agreed in writing during the planning meetings in the format of a work package. These meetings are held remotely. All user stories will be included in a system level milestone (e.g. software release).
The following is expected from this statement of work: complete agreed deliverables and activities supported in each work package as per Section 3 above, with resolved Product Backlog Items broken down into tasks traceable through Azure DevOps NATO Software Factory; and provide a consolidated monthly report in the form of a completed Delivery Acceptance Sheet (DAS), with traceability to planned scope and annotating the deliverables produced for the projects and activities supported, signed by the individual contractor personnel.
2026 BASE: 1 July 2026 – 31 December 2026
M01 – Sprint/Release 1 Deliverable Acceptance: Date NLT: 31 July 2026. Deliverables: D01–D06. Payment: 15%.
M02 – Sprint/Release 2 Deliverable Acceptance: Date NLT: 31 August 2026. Deliverables: D01–D06. Payment: 15%.
M03 – Sprint/Release 3 Deliverable Acceptance: Date NLT: 30 September 2026. Deliverables: D01–D06. Payment: 15%.
M04 – Sprint/Release 4 Deliverable Acceptance: Date NLT: 31 October 2026. Deliverables: D01–D06. Payment: 15%.
M05 – Sprint/Release 5 Deliverable Acceptance: Date NLT: 30 November 2026. Deliverables: D01–D06. Payment: 15%.
M06 – Sprint/Release 6 Deliverable Acceptance: Date NLT: 18 December 2026. Deliverables: D01–D06. Payment: 15%.
M07 – Final Acceptance and Closure: Date NLT: 31 December 2026. Deliverables: D01–D06. Payment: 10%.
Total: 100%
Quarterly Options: 1 January 2027 – 31 December 2027
Each quarter follows the same structure of three sprint/release milestones at 30%, 30%, and 40% of the quarterly NTE respectively, covering deliverables D01–D06.
Q1 2027: M01: 31 January 2027 (30%), M02: 28 February 2027 (30%), M03: 30 March 2027 (40%). Total Q1: 100%.
Q2 2027: M04: 30 April 2027 (30%), M05: 30 May 2027 (30%), M06: 30 June 2027 (40%). Total Q2: 100%.
Q3 2027: M07: 31 July 2027 (30%), M08: 31 August 2027 (30%), M09: 30 September 2027 (40%). Total Q3: 100%.
Q4 2027: M10: 31 October 2027 (30%), M11: 30 November 2027 (30%), M12: 31 December 2027 (40%). Total Q4: 100%.
Quarterly Options: 1 January 2028 – 31 December 2028
Q1 2028: M01: 31 January 2028 (30%), M02: 28 February 2028 (30%), M03: 30 March 2028 (40%). Total Q1: 100%.
Q2 2028: M04: 30 April 2028 (30%), M05: 30 May 2028 (30%), M06: 30 June 2028 (40%). Total Q2: 100%.
Q3 2028: M07: 31 July 2028 (30%), M08: 31 August 2028 (30%), M09: 30 September 2028 (40%). Total Q3: 100%.
Q4 2028: M10: 31 October 2028 (30%), M11: 30 November 2028 (30%), M12: 31 December 2028 (40%). Total Q4: 100%.
Payment will be provided monthly and each payment shall be dependent upon successful acceptance of the deliverables produced and the Delivery Acceptance Sheet (DAS) signed by both the contractor personnel and the NCIA POC. If the contractor fails to meet the agreed activities completion, the NCIA reserves the right to withhold part or full payment for that milestone.
7. OPTIONAL SCOPE
Contract optional extensions may be awarded at the discretion of the NCIA.
8. SECURITY
Performance of the services described in this statement of work requires a valid NATO SECRET or above Personnel Security Clearance (PSC). It is acceptable to be in the process of acquiring the clearance at the start of the service. The contractor personnel shall be aware of all security rules and their responsibilities pertaining to the access and handling of NATO classified information.
9. CONSTRAINTS
All deliverables provided under this statement of work will be based on NCIA templates or agreed with the NCIA point of contact. All scripts, documentation, and required code will be stored in the provided NCIA repositories. NATO will retain the intellectual property rights for all products developed in relation to this contract.
10. PRACTICAL ARRANGEMENTS
The contractor's personnel shall deliver services off-site during business hours, available to participate in meetings as required: Monday to Thursday between 08:30 and 17:30 CET, and Friday between 08:30 and 15:30 CET.
The contractor shall furnish everything required to perform the contract. Access to relevant environments and licenses to commercial third-party libraries required to perform the contract will be provided by NCIA. The work depicted in this statement of work is expected to be carried out by two members of the contractor's personnel.
11. TRAVEL
The activities may require travel to up to 3 remote sites in Europe per quarter per contractor personnel, to either the Netherlands (NCIA-TH, JFC Brunssum) or Belgium (SHAPE, NATO HQ). Each trip shall provide for up to four full working days on-site, with travel time in addition. Travel time, lodging, and associated expenses are included in the price of the bid (NTE) and shall not be invoiced separately.
12. SPECIFIC EXPERTISE REQUIREMENTS
[See Requirements]
13. KEY PERFORMANCE INDICATORS
13.1 Unless stipulated differently, the contractor's personnel's performance shall be assessed quarterly, with each quarter assessed independently.
13.2 Contractor's personnel are expected to successfully complete a minimum of three work packages per quarter.
13.3 Failure to achieve the threshold mentioned in 13.2 by the contractor's personnel in any given quarter may be grounds for a partial Termination For The Convenience Of The Purchaser, with the requirement subsequently released for competition. This determination is a unilateral right of the purchaser, is a function of the Terms and Conditions of this contract, and is not subject to dispute or to any claim for monetary compensation.
Requirements
REQUIREMENTS
Essential Software Developer Expertise
Desirable Expertise
Essential Soft Skills
EMW was founded in 1995 by engineers and managers who formerly held senior positions in well known telecommunications and information technology companies to pursue their vision for this new company.
Our core business is providing information and communication technology services in the areas of planning, engineering and implementation; project and program management; systems integration; operations and maintenance; and training. Our competencies range over all aspects of inside and outside plant; feeder, access and inter-office networks; switching, transmission, multiplexing and data communications equipment; network management, operations support, and asset management systems; information assurance; web enabling; applications software; and beyond. While staying abreast of today’s technologies, we keep a watchful eye on technology trends, and are very serious about future-proofing our solutions.
We play in the global marketplace, and are proud to serve a wide spectrum of distinguished clients from defense and government agencies, as well as commercial enterprise. Our watchwords are competency, innovation, integrity, and—above all—respect and care for the customer.
