World Food Programme Tender

06 November 2020   Request For Expression Of Interest (eoi) Hq20nf583 For Provision Of Static Code Analysis Software     Closing On 25th November At 16:00 Hrs (rome, Italy Time) Background The United Nations World Food Programme Hereinafter Referred To As The “wfp”, With Its Headquarters Located In Via C.g. Viola, 68/70, 00148 Rome, Italy Is The Leading Humanitarian Organization Saving Lives And Changing Lives, Delivering Food Assistance In Emergencies And Working With Communities To Improve Nutrition And Build Resilience By Assisting Almost 100 Million People In Around 83 Countries Each Year. About 17,000 People Work For The Organization, Most Of Them In Remote Areas, Directly Serving The Hungry Poor. The Wfp Has Developed Several Applications To Manage And Assist In The Business Process Services It Provides To Its Beneficiaries. While These Systems Undergone Several Security Tests, Its Evolution Necessitate Further And Rigorous Security Testing, Referred Here-in As “static Code Analysis”.  More Specifically, Static Code Analysis Is The Process Of Debugging By Examining The Source Code Without Actually Executing Programs, To Identify Weaknesses In An Information System Or Product That May Lead To Security Vulnerabilities. Wfp Is Looking For One Or More Reputable Third-party Organization To Establish A Long-term Agreements[1] (lta) With, For Procuring A High-quality Static Code Analysis Software, For Analyzing Wfp Application Systems’ Source Codes, Developed Internally Within Wfp And/or Externally. For The Purpose Of This Assignment, The Third-party Organization Is Referred To As The “contractor” And Wfp As The “client”. The Selected Contractors Will Be Required To Provide Or Cover The Supply, Installation, (technical) Support And Maintenance Of The Static Code Analysis Software In Wfp It Environment. It Includes But Will Not Be Limited To:  The Installation Of The Software In Wfp’s It Environment; Support For Integration Of The Software With Wfp’s Applications And/or (its) Associated Third Parties’ Applications Development Platform; Provision For All The Licenses Required For The Software And Integrated Applications To Work; Technical Support/maintenance For The Software Upgrades And Regular Security Patch Management; And Provision Of Trainings To Wfp’s Teams Responsible For The Software Administration As Part Of Initial Or Subsequent Implementation. Wfp Invites Eligible Suppliers/contractors To Express Their Interest In Providing The Requested Services. The Purpose Of This Eoi The Purpose Of This Request For Eoi Is To Identify Contractors With Verified Technical And Financial Capacity And Able To Deliver The Above-mentioned Services At The Required Standards. Eligible Contractors Will Be Invited To Participate In A Forthcoming Tender Process For The Ltas For Provision Of Static Code Analysis Software. After The Deadline For Submission Of Responses Has Passed, Wfp Will Evaluate Responses Received And Will Notify Eligible Participants Of The Outcome Of The Evaluation. Minimum Qualifications Interested Contractors’ Static Code Analysis Software – The Software, Must Meet The Following Minimum Requirements: Support Multiple Application Development/programming Languages And Frameworks, Such As Python, Php, Java, .net, Javascript, Sql, Postgreysql, Etc.;  a Software Should Automatically Find Security Flaws With A High Degree Of Confidence That What Is Found Is Indeed A Flaw, Such As Buffer Overflows, Sql Injection Flaws, Owasp Top Ten Vulnerabilities, Etc.; Support Object-oriented Programming (oop) And Open Source Security Library; The Software Product Must Be Able To Integrate With Microsoft Azure Devops, As Well As (its) Third Party Applications Development Platforms; Ability Of The Software To Provide A Dashboard (snapshot) Reports Of Corporate Applications Security Status Is Highly Desirable. The Software Reporting Functionality Must Be Human Readable And Exportable To Easier Sharing Of The Software Reports With Other Internal And/or External Stakeholders; Support For Common And Reputable Apis Standards, Considering Those In Use By Wfp And Other Associated Third-party Applications; The Software Can Be Saas Or Can Be Deployed On Wfp On-prem Or On Cloud Environment. Both Deployment Modality May Be Purchased By Wfp; Application Source Codes And Vulnerability Assessment Findings Must At All Times Remain Private/confidential To Only Wfp; The Vendor Should Be Able To Provide A Long-term Agreement (lta) And Be Able To Support the Software Implementation; The Vendor Must Provide Regular Trainings (about The Software Features, Hands-on Administration Of The Software, Etc.) To Wfp (it & Cybersecurity) Teams Responsible For The Software; And The Vendor Should Supply All The Necessary technical documentation related To The Software In English Along With Their Submission. Interested Contractors Must At Minimum Meet The Following Criteria Must Adhere To International Codes, The Equivalent Of Aisc, Astm, Aws, Ibc, Eurocode 3 & 9, & En1090. Must Not Be Included In The United Nations Security Council Consolidated List (available At This Hyperlink). Must Not Be Engaged In Any Fraudulent, Corrupt, Collusive, Unethical, Or Illicit Practice, And Timely Disclosure Of Any Information In This Respect (wfp’s Anti-fraud And Anti-corruption Policy Is Available At This Hyperlink).   How To Prepare And Submit Your Expression Of Interest To Participate In The Pre-qualification Exercise, General Information Kindly Fill Out Tables 1 And 2 In Eoi Response Form (this Document). Table 1.  Contractor Information; Table 2.  Contractor Financial Status; Technical Capabilities In Delivering The Software/service Signatory By The Authorized Company Representative And Company Stamp. Documents Or Information To Submit Kindly Submit The Following Documents In One Pdf (less Than 8 Mb) Via Email: Executive Summary: A 2-page (maximum) High-level Synopsis Of The Bidder’s Response To The Eoi. This Includes Its Understanding Of Wfp’s Needs. The Executive Summary Is A Brief Overview Of Who The Bidder Is (company History, Size, Etc.), How It Can Meet Wfp’s Needs Of Provision Of Static Code Analysis Software, Covering The Software Setup, Integration With Wfp’s Applications Development Platforms, And Support/maintenance, And Why The Bidder Is Best Able To Provide These Services To Wfp. A Proof Of Legal Registration – Company Operating For At Least 3 Years; List And Description Of Services And Technologies: A 5-page (maximum) List Of The Services That The Bidder Can Provide, With A Detailed Description For Each Service, And Mentioning How Many Employees (with Relevant Professional Experience With Respect To Different Levels: I.e. Junior, Intermediate And Senior) The Bidder Has Available To Perform This Service. Mention Also The Technologies That The Bidder Is Specialised In, The Design Standards To Which The Bidder Works And All Applicable Certifications; Portfolio: A 3-page (maximum) For The Service Being Bid Upon (see Services Sought On Page 1), Describe The Three Largest And Three Most Recent Projects (six Maximum) Focusing On How The Bidder’s Skills Contributed To The Success Of The Project. Include Artefacts To Demonstrate The Work. The Portfolio Must Also Include A Description Of A Sample Setup On Amazon Web Services Or Microsoft Azure, Demonstrating How Security, Performance, Availability, Scalability, Resiliency, And Latency Matters Are Addressed; Further, Note That The Selected Contractor(s) Must Be Able To Participate In A Maximum Of 5 Hours Practical Demonstration Of Executing The Static Code Analysis Software In A Simulated Vulnerable Application Source Code As Per The Arrangement That Will Be Set By Wfp. The Demonstrations Will Be Performed Remotely. The Date Will Be Communicated After Closing Of The Tender. Maximum Up To 3 Presenters/participants Are Allowed To Be Part Of The Demonstration; The Static Code Analysis Software Support/maintenance Services Eoi Must Also Include: Standard Description Of Incident, Problem And Change Request Handling Procedures; Standard Service Level Agreement (with Response Times) For 24x7 Incident And Problem Management For Mission Critical (parts Of) Systems; And Standard Service Level Agreement (with Response Times) For Business-hours Support. Confidentiality: Provide The Approach That Will Be Taken To Protect The Information/data About Wfp’s Network During And After Execution Of Any Assignment, Including Sensitive Data, Such As Risks And Vulnerabilities Discovered, Protection Of Personal Data, Etc.; Disclosure Agreement: Agree To Sign And Adhere To Wfp’s It And Security Policies, Data Protection Requirements, As Well As The Nda; And Curricula Vitae (cv): The Cv Of The Technology Lead (the Most Senior Technology Expert At The Company; The Software Experts, The Most Senior Quality Assurance And Testing Experts, As Well As The Software Support/maintenance Services Specialists. The Reputable Profiles Of Staff And Teams That Will Be Engaged In This Assignment May Include Teams Of Certified Ethical Hackers, And With Recognized Certifications Such As, Cissp, Oscp, Ceh, Cisa, Cism, Iso 27001, Etc. The Cvs Should Include Their Current Contact Details (name, E-mail, And Telephone). All The Project Team Members Must Be Full-time Employees Of The Contractor. Miscellaneous – Supporting Evidence That Highlights Your Firm’s Competitive Advantage In Providing The Static Code Analysis Software, Such As Proof Of Financial Turnover, Proof Of Adhering To International Codes – Certificates, Roof Of Professional Indemnity Insurance, Etc.   All Supporting Documentation Listed Above Shall Be Prepared In Accordance With The Instructions Provided And Hq.tenders@wfp.org . The Email Subject Must Be Your Company’s Legal Name Only. Wfp Will Not Consider Incomplete Or Unsigned Submissions. All Responses And Supporting Documentation Received Will Be Treated As Strictly Confidential And Will Not Be Made Available To The Public. This Request For Eoi Does Not Constitute A Solicitation. Wfp Reserves The Right To Change Or Cancel This Procurement Process Or Any Of Its Requirements At Any Time During The Process; Any Such Action Will Be Communicated To All Participants. Should You Have Any Questions Please Do Not Hesitate To Contact Us At Hq.tenders@wfp.org .                                                                           Snjezana Leovac Head, Goods And Services Procurement Supply Chain Division The United Nations World Food Programme           Eoi Response Form   Table I. Table Ii. Contrator/supplier Information Company / Organization’s Background Information 1 Legal Name Of Company/organization:       2 Full Address:       3 E-mail Address:       Website Address:       4 Telephone:       Fax:      5 Contact Person, Title:       Tel./e-mail Of Contact Person:       6 Registration With Ungm Yes  ☐   No  ☐  Ungm No.      7 Type Of Business Corporate/limited       Partnership               Other (specify)           8 Goods / Services:       9 Company/organization Business Registration Number:       6 Date Of Registration:       10 Additional Company/organization Background Information: [if Applicable, Insert Not More Than 100 Words]     Table Ii. Supplier Financial Status Company / Organization’s Financial Status Item Value Usd Gross Turnover [insert Year]       Gross Turnover [insert Year]       Gross Turnover [insert Year]       Maximum Contract Value In Relation To Which Your Company Can Be Engaged:                   Above Usd 500,000   Maximum “bank Guarantee” Amount Available To The Company/organization       Last Two Years Audited Accounts Or Alternative Assessed Within Wfp’s Discretion Are Attached To Prove The Information Stated Above         Company/organization Stamp Signatory Name Of Company/organization: Name Of The Authorized Representative:       Signature: Title:       Date:           [1] A Long-term Agreement (lta) Is An Agreement Between Wfp And A Vendor, Setting Terms For The Supply Of Goods Or Provision Of Services Under Certain Agreed Conditions Which Have Been Accepted By Both Parties. An Lta Is A Non-binding And Non-exclusive Agreement On Wfp, And Does Not Carry Any Commitment, Expressed Or Implied, To Any Purchase Whatsoever By Wfp.