Apply by December 6, 2023
About OTF:
OTF is an independent 501(c)(3) non-profit corporation registered in the District of Columbia. OTF is fully funded by the U.S. Government.
OTF supports technology-centric projects and research, which empower world citizens to have access to modern communication channels free of restrictions, and allow them to communicate without fear of repressive censorship or surveillance.
About the Rapid Response Fund:
OTF’s Rapid Response Fund aims to facilitate the digital emergency response community to resolve threats in a timely and comprehensive manner for individuals, communities, and organizations that have experienced digital emergencies or digital attacks that have limited their freedom of expression or compromised their ability to operate securely. To resolve digital emergencies, OTF offers both direct financial support as well as technical services from trusted partners to high-risk people and organizations, such as bloggers, cyber activists, journalists, and human rights defenders.
Through this call for proposals, OTF aims to establish a network of trusted partners who have diverse technical, thematic, and regional expertise to respond to digital emergencies from around the world. In addition to service offerings and pricing, OTF will also consider: the network and community of the applicant, their outreach and communication strategy, their qualifications, and their strategy to respond to rapid response cases and digital emergencies. Selected Rapid Response service partners will be responsible for case identification and referral network triage, as well as management of requests for support. Service partners will also ultimately carry out the work requested, with OTF’s oversight and support.
Scope of Services Requested:
The scope of contract is to provide organizations and individuals with rapid response services. OTF intends to award indefinite deliverable, indefinite quantity (IDIQ) contracts to selected vendors with a performance period of one year, with the option to extend on an annual basis for up to three years. The initial maximum ceiling for an awarded IDIQ agreement for one applicant will be $150,000 for the first year. Should OTF choose to extend the IDIQ, this ceiling will be raised. Following the award of IDIQ contracts to selected vendors, work will be ordered on a per-work-order basis as needed, and OTF does not guarantee that the full ceiling value of the IDIQ contract will be used.
Perspective Rapid Response providers are expected to provide services in at least one of the following Primary Service Categories (and not necessarily every service listed under each category. Applicants should specify which Primary Service Category(ies) they will provide:
Category (1): Organizational Security & Digital Security Support
- Digital security audits for organizations
- Urgent risk mitigation for organizations
- Rapid assessment and crisis response planning for organizations
- Organizational security improvements
- Digital security mentoring
Category (2): Digital Attacks Response & Forensic Analysis
- Analysis of malicious mobile apps
- Security Audits of web applications and systems
- Forensic analysis of digital attacks
- Recovery of compromised websites
- Audit of compromised websites
- Malware analysis
- DDoS response and mitigation
- Web application and website vulnerability assessments
- Analysis of compromised mobile phones
Category (3) Web Hosting
- Migration and onboarding support
- Secure web hosting
- Secure hosting, monitoring, and resiliency of websites during special events (elections, campaigns etc.)
- Provision of human rights abuse documentation tools
- Enabling access to blocked websites (e.g. website mirroring)
Category (4): Censorship Events and Network Shutdowns Response
- Establishing VPN servers during digital emergencies
- Providing alternative applications for communications and internet access during shutdowns/censorship events
- Analysis of Internet disruption events
- Network shutdown response
Category (5): Localization
- Translation of relevant documents and/or digital security guides
- Localization of circumvention tools, secure messaging tools, or any other privacy-enhancing tools in response to digital emergencies
Support Services:
In addition to the Primary Service Categories, service providers must be able to provide the following Support Services:
*Problem assessment and submission to OTF: The trusted partners would be responsible for assessing the cases they receive, identifying the problem and the suitable intervention, and submitting an application to OTF to obtain a signed work order to carry out the work.
*Communication and coordination with organizations and individuals, OTF, and other RR vendors if needed including translation of relevant material.
*Outreach activities including with local networks and conference attendance to promote rapid response services and encourage greater community coordination
*Follow up and report to OTF.
Qualifications:
In addition to the services and pricing, Please include your relevant qualifications on the following:
1: Network and community: Describe the organizations and individuals you aim to focus on as a Rapid Response Fund partner, and list any relevant work you have carried out with activists, human rights defenders, journalists, and the internet freedom community.
2: Promotion and outreach strategy: Describe your outreach strategy to the relevant network and community you’ve described above. How would they learn about the OTF Rapid Response Fund and the services you provide?
3: Institutional capacity and record: Provide information on your capacity to handle rapid response cases and the services you would provide. Provide information on the languages you/members of your team speak at a professional capacity.
4: Methodology and responsiveness: Describe your incident response approach. How do you plan to triage cases? How do you plan to receive reports and cases? What are the communication channels available to the community you would serve? List the days/hours you are open to receive cases and process them.
5: Governance structure: Elaborate on your entity governance structure and your experience in handling sensitive data and the procedure you would follow to protect the privacy and security of the applicants you work with.
Proposal Submission:
Please submit your proposal by December 6, 2023 to [email protected].
All proposals should include:
1: An overview of your organization, company or individual expertise;
2: Specify the Service Category/Categories of work described for which you are applying;
3: Relevant qualifications;
4: Pricing / Fee Schedule (see section below);
5: Biographical sketches or CVs of the key employee(s) and staff who would be assigned to this project;
6: Other relevant services you provide, if any;
7: Two (2) letters of support from groups you worked with and who are part of the community you aim to serve;
8: Restrictions, if any, on the use of data contained within a proposal; and
9: Acknowledgement that the vendor accepts the Standard Provisions in Appendix A of the full RFP announcement (link below).
Pricing and Fee Schedule:
Provide a fully-burdened hourly rate (inclusive of fringe benefits and overhead) for labor for providing services to Open Technology Fund on a per-work-order basis.
Provide a detailed description of each service you would provide, what that entails, and the fixed pricing for that service, including technical specifications for different services, capacity, duration, etc.
If you provide a discount on your regular commercial rates, please also provide those commercial rates for comparison.
Please download a copy of this budget template and fill out the required information. The budget provided will be used for evaluation purposes only, and any contract awarded will be based on hourly rates according to actual labor hours plus costs incurred according to agreed-upon rates and/or receipts, insofar as those costs are allowable under 2 CFR 200.