Request for Proposal for OTF Rapid Response Fund

The Open Technology Fund (OTF) is soliciting proposals from service providers, organizations and individuals interested to provide services to OTF’s Rapid Response Fund.

OTF is an independent 501(c)(3) non-profit corporation registered in the District of Columbia. OTF is fully funded by the U.S. Government.

OTF supports technology-centric projects and research, which empower world citizens to have access to modern communication channels free of restrictions, and allow them to communicate without fear of repressive censorship or surveillance.

OTF’s Rapid Response Fund aims to facilitate the digital emergency response community to resolve threats in a timely and comprehensive manner for individuals, communities, and organizations that have experienced digital emergencies or digital attacks that have limited their freedom of expression or compromised their ability to operate securely. To resolve digital emergencies, OTF offers both direct financial support as well as technical services from trusted partners to high-risk people and organizations, such as bloggers, cyber activists, journalists, and human rights defenders. Through this call for proposals, OTF aims to establish a network of trusted partners who have diverse technical, thematic, and regional expertise to respond to digital emergencies from around the world. In addition to service offerings and pricing, OTF will also consider: the network and community of the applicant, their outreach and communication strategy, their qualifications, and their strategy to respond to rapid response cases and digital emergencies. Selected Rapid Response service partners will be responsible for case identification and referral network triage, as well as management of requests for support. Service partners will also ultimately carry out the work requested, with OTF’s oversight and support.

Scope of Services Requested

The scope of contract is to provide organizations and individuals with rapid response services based on the scope of services below. OTF intends to award indefinite deliverable, indefinite quantity (IDIQ) contracts to multiple vendors with a performance period of one year, with the option to extend for an additional year. The maximum ceiling for an awarded IDIQ agreement for one applicant will be $150,000 for the first year and another $150,000 for the option year should OTF choose to exercise the option year. A consortium that consists of multiple organizations will have the maximum ceiling for the primary applicant of $200,000 and $ 100,000 for sub-applicants. Following the award of IDIQ contracts to selected vendors, work will be ordered on a per-work-order basis as needed, and OTF does not guarantee that the full ceiling value of the IDIQ contract will be used.

In addition to providing Support Services as defined below, vendors are expected to provide services in at least one of the Primary Service Categories listed below (not necessarily every service under the category).

Services and Pricing

Applicants should specify in their application which Primary Service Category(ies) they will provide, their pricing for the Primary Service Category(ies) and their pricing for the Support Services.

Primary Service Categories

Category (1): Organizational Security & Digital Security Support

• Digital security audits for organizations
• Urgent risk mitigation for organizations
• Rapid assessment and crisis response planning for organizations
• Organizational security improvements
• Digital security mentoring

Category (2): Digital Attacks Response & Forensic Analysis

• Analysis of malicious mobile apps
• Security Audits of web applications and systems
• Forensic analysis of digital attacks
• Recovery of compromised websites
• Audit of compromised websites
• Malware analysis
• DDoS response and mitigation
• Web application and website vulnerability assessments
• Analysis of compromised mobile phones

Category (3) Web Hosting

• Migration and onboarding support
• Secure web hosting
• Secure hosting, monitoring, and resiliency of websites during special events (elections, campaigns etc.)
• Provision of human rights abuse documentation tools
• Enabling access to blocked websites (e.g. website mirroring)

Category (4): Connectivity Issues Response

• Establishing VPN servers during digital emergencies
• Providing internet access alternatives during shutdowns/censorship events
• Analysis of Internet disruption events
• Network shutdown response

Support Services

• Problem assessment and submission to OTF: The trusted partners would be responsible for assessing the cases they receive, identifying the problem and the suitable intervention, and submitting an application to OTF to obtain a signed work orderto carry out the work.
• Communication and coordination with organizations and individuals, OTF, and other RR vendors if needed
• Follow up and report to OTF.

Qualifications

In addition to the services and pricing, Please include your relevant qualifications on the following:

1. Network and community: Describe the organizations and individuals you aim to focus on as a Rapid Response Fund partner, and list any relevant work you have carried out with activists, human rights defenders, journalists, and internet freedom community.
2. Promotion and outreach strategy: Describe your outreach strategy to the relevant network and community you’ve described above. How would they learn about the OTF Rapid Response Fund and the services you provide?
3. Institutional capacity and record: Provide information on your capacity to handle rapid response cases and the services you would provide.
4. Methodology and responsiveness: Describe your incident response approach. How do you plan to triage cases?, how you plan to receive reports and cases, and the communication channels available to the community you would serve. . List the days/hours you are open to receive cases and process them.
5. Governance structure: Elaborate on your entity governance structure and your experience in handling sensitive data and the procedure you would follow to protect the privacy and security of the applicants you work with.

Proposal Submission

Submit by September 23, 2021 at [email protected].

Information to be submitted in your Proposal must include:

1. An overview of your organization, company or individual expertise;
2. Specify the category/categories of work you are applying for;
3. Vendor’s relevant qualifications including your responses to 1) Network and community 2) Promotion and outreach strategy 3) Institutional Capacity and Record 4) Methodology and responsiveness 5) Governance Structure.
4. A detailed budget offer. Please download the budget template here.
5. Biographical sketches or CVs of the key employee(s) and staff who would be assigned to this project;
6. Other relevant services you provide, if any;
7. Two (2) letters of support from groups you worked with and who are part of the community you aim to serve. Acknowledgement that the vendor accepts the Standard Provisions in Appendix A.

Pricing

Provide a fully-burdened hourly rate (inclusive of fringe benefits) for labor for providing services to Open Technology Fund on a per-work-order basis. Provide a detailed description of each service you would provide, what that entails, and the pricing for that service, including technical specifications for different services, capacity, duration, etc. Provide an example budget for travel or any other costs that you expect to incur during the period of performance of your contract. All travel costs should follow the U.S. Federal Travel Regulations (FTR) and Department of State per diem rates. Please download the budget template here.

If you provide a discount on your regular commercial rates, please also provide those commercial rates for comparison.

The budget provided will be used for evaluation purposes only, and any contract awarded will be based on hourly rates according to actual labor hours plus costs incurred according to agreed-upon rates and/or receipts, insofar as those costs are allowable under 2 CFR 200 and the FTR.

Individuals can contact [email protected] with questions regarding this RFP. If it becomes necessary to revise any part of this RFP, an Addendum will be provided to each vendor that received the original RFP.

Restrictions on the use of data contained within a proposal must be clearly stated. Due to OTF’s evaluation process for RFPs, it cannot sign non-disclosure agreements with any bidder. All material submitted regarding this RFP becomes the property of OTF and will only be returned to the bidder at OTF’s option.

All costs incurred in the preparation of the proposal response to this RFP will be the responsibility of the responding vendors and will not be reimbursed by OTF.

Schedule of Activities

August 23, 2021 RFP announced

September 23, 2021 Proposal submission due

Selection Process

The criteria for selection of the successful proposal will include adequacy and completeness of the proposal, general experience, qualifications, and review of prior work. Although the price will be an important factor, it will not be the only factor considered.

OTF reserves the right to accept or reject any or all bids, to take exceptions to the RFP specifications, and to waive any requirements stated herein.

OTF reserves the right to make an award based solely on the proposals or to negotiate with one or more vendors. Issuance of this RFP, preparation, submission, and evaluation of bidder responses does not commit OTF to award a contract to any vendor. The award of the IDIQ contract does not guarantee the award of work orders under that contract, which will vary based on need and availability. OTF reserves the right to cancel or modify this solicitation at any time for any reason within its sole discretion without liability.

Other Provisions

OTF, in its sole discretion, will make the final determination as to the acceptability of all work products due hereunder.

The vendor shall not issue, or permit to be issued, during the period covered by this contract or at any time thereafter, publicity in any form respecting the work hereunder or the fact of its participation herein, unless such publicity is first approved in writing by OTF.

In the event any portion of the cost of the services provided hereunder includes travel cost reimbursement, the vendor shall obtain advance approval of OTF and all travel expenditures must conform to the Standard Government Travel Regulations..

The vendor hereby agrees that all Work Product produced under the contract will be the sole property of OTF and the fees to be paid to the Vendor are full, fair and adequate compensation for Vendor’s conveyance to OTF of copyrights in all Work Product.

The awarded contract will be based on OTF’s standard contract terms, including a termination for convenience provision, and will also include the relevant U.S. Government provisions, which are attached here as Appendix A.

STANDARD PROVISIONS FOR USG-FUNDED AGREEMENTS

1. Debarment, Suspension, Ineligibility, and Voluntary Exclusion. The Consultant certifies that neither it nor any of its principals is presently debarred, suspended, proposed for debarment, declared ineligible, or voluntarily excluded from participation in this Agreement by any U. S. Government department or agency.
2. USG Funding Agency Non-liability. The USG Funding Agency does not assume liability for any third party claims for damages arising out of this Agreement.
3. Travel. The Consultant agrees to use U.S. flag carriers to the extent possible for all air travel and transportation arrangements funded by the U. S. Government under this Agreement. The Consultant must abide by the requirements set forth in the Fly America Act of 1974, which is incorporated by reference.
4. Rights to Invention. Contracts or agreements for the performance of experimental, developmental, or research work shall provide for the rights of the Federal Government and the recipient in any resulting invention in accordance with 37 CFR part 401, “Rights to Inventions Made by Nonprofit Organizations and Small Business Firms Under Government Grants, Contracts, and Cooperative Agreements,” and any implementing regulations issued by the awarding agency.
5. Equal Employment Opportunity. If the Agreement is to be performed in the U. S. or to be performed with employees recruited in the U. S., the Consultant agrees to comply with Executive Order 11246, entitled “Equal Employment Opportunity,” as amended, and as supplemented in Department of Labor Regulations (41 CFR Part 60).
6. Nondiscrimination. To the extent such laws apply to the Consultant; the Consultant agrees to abide by U.S. laws in regards to nondiscrimination of U.S. citizens or legal residents working under the Agreement.
7. Worker’s Compensation. For Agreements that require performance outside the United States, the Consultant agrees to provide Worker’s Compensation Insurance (42 U.S.C. 1651, et seq.). As a general rule, Department of Labor waivers will be obtained for persons employed outside the United States who are not United States citizens or residents provided adequate protection will be given such persons. It is the responsibility of the Consultant to obtain such waivers. The Consultant shall notify OTF of all requests for waivers.
8. Anti-Lobbying.  For Contracts of $100,000 or more, the Contractor certifies that no funds will be used to lobby, influence or attempt to influence any person or organization in connection with obtaining any Federal contract, grant or any other award covered by 31 USC 1352.
9. Prohibition on certain telecommunications and video surveillance services or equipment Where applicable, Contractor certifies that none of the funds payable under this contract will be used to procure or obtain the equipment, services, or systems that uses covered telecommunications equipment or services as a substantial or essential component of any system, or as critical technology as part of any system in compliance with the National Defense Authorization Act. Covered telecommunications equipment and services include the following:

• Telecommunications equipment produced by Huawei Technologies Company or ZTE Corporation (or any subsidiary or affiliate of such entities).
• For the purpose of public safety, security of government facilities, physical security surveillance of critical infrastructure, and other national security purposes, video surveillance and telecommunications equipment produced by Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, or Dahua Technology Company (or any subsidiary or affiliate of such entities).
• Telecommunications or video surveillance services provided by such entities or using such equipment.
• Telecommunications or video surveillance equipment or services produced or provided by an entity that the Secretary of Defense, in consultation with the Director of the National Intelligence or the Director of the Federal Bureau of Investigation, reasonably believes to be an entity owned or controlled by, or otherwise connected to, the government of a covered foreign country.

1. Prioritization of certain enterprises. Where applicable, subcontracts awarded under this contract, Contractor will take all necessary affirmative steps to assure that minority businesses, women’s business enterprises, and labor surplus area firms are used when possible.