EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Provision of external staff and services for maintenance, support, development and implementation of packages and specific information systems at the EIB Group
Terms of Reference
June 2019
EIB Information Security classification: CONFIDENTIAL document Page 1 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Table of Contents
1 INTRODUCTION ...... 5 2 SUMMARY ...... 6 2.1 Definition of key terms used in these Terms of Reference ...... 6 2.2 Key tender characteristics ...... 7 2.3 Overall tendering requirements (applicable to all lots) ...... 8 2.4 Service provision modes ...... 10 2.4.1 Service types ...... 11 2.4.2 Services location ...... 11 2.4.3 Other Service modalities: Managed Services ...... 12 3 OVERVIEW OF LOTS ...... 13 4 LOT 1: FINANCIAL PACKAGES ...... 15 4.1 Lot overview ...... 15 4.2 Domain descriptions...... 16 4.3 Profile descriptions ...... 20 4.4 Contracting modalities ...... 24 5 LOT 2: DOCUMENT MANAGEMENT SYSTEM - SHAREPOINT ...... 25 5.1 Lot description ...... 25 5.2 Domain descriptions...... 26 5.3 Profile descriptions ...... 27 5.4 Contracting modalities ...... 32 6 LOT 3: DOCUMENT MANAGEMENT SYSTEM – CONTENT SERVER ...... 33 6.1 Lot description ...... 33 6.2 Domain descriptions...... 34 6.3 Profile descriptions ...... 35 6.4 Contracting modalities ...... 40 7 LOT 4: ADMIN SUITE APPLICATIONS ...... 41 7.1 Lot description ...... 41 7.2 Domain descriptions...... 43 7.3 Profile descriptions ...... 44 7.4 Contracting modalities ...... 48 8 LOT 5: ENTERPRISE SERVICE BUS (ESB) AND SERVICE ORIENTED ARCHITECTURE (SOA) 49 8.1 Lot description ...... 49 8.2 Domain descriptions...... 51 8.3 Profile descriptions ...... 53 8.4 Contracting modalities ...... 55 9 LOT 6: EIB-SPECIFIC APPLICATIONS ...... 56 9.1 Lot description ...... 56 9.2 Domain descriptions...... 58 9.3 Profile descriptions ...... 63 9.4 Contracting modalities ...... 69 10 LOT 7: APPLICATION TECHNICAL SUPPORT AND DATABASES ...... 70 10.1 Lot description ...... 70 10.2 Domain descriptions...... 71 10.3 Profile descriptions ...... 74 10.4 Contracting modalities ...... 76 11 LOT 8: BUSINESS ANALYSIS, PROJECT MANAGEMENT AND TESTING SERVICES ...... 77 11.1 Lot description ...... 77 11.2 Domain descriptions...... 78 11.3 Profile descriptions ...... 79 11.4 Contracting modalities ...... 81 12 LOT 9: INTRANET AND EXTRANET WEBSITES AND APPLICATIONS ...... 83
EIB Information Security classification: CONFIDENTIAL document Page 2 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
12.1 Lot description ...... 83 12.2 Domain descriptions...... 84 12.3 Profile descriptions ...... 85 12.4 Contracting modalities ...... 90 13 LOT 10: DATA WAREHOUSE ...... 92 13.1 Lot description ...... 92 13.2 Domain descriptions...... 95 13.3 Profile descriptions ...... 96 13.4 Contracting modalities ...... 100 14 LOT 11: ADMINISTRATIVE SERVICES ...... 101 14.1 Lot description ...... 101 14.2 Domain descriptions...... 101 14.3 Profile descriptions ...... 101 14.4 Contracting modalities ...... 103 15 LOT 12: PEOPLESOFT ...... 104 15.1 Lot overview ...... 104 15.2 Domain descriptions...... 104 15.3 Profile descriptions ...... 106 15.4 Contracting modalities ...... 109 16 OTHER REQUIREMENTS FOR THE PERFORMANCE OF SERVICES COMMON TO ALL LOTS 110 16.1 CV and resourcing requirements...... 110 16.2 Language requirements ...... 110 16.3 Scalability of resources ...... 110 16.4 Staff training ...... 110 16.5 Staff present at Premises ...... 111 16.6 On-Site assignments ...... 111 16.7 On-Call assignments ...... 112 16.8 Nearshoring ...... 113 16.9 Staff replacement and new staff during assignments ...... 113 16.10 Knowledge management ...... 113 16.11 Data protection for Nearshore services ...... 114 16.12 Discrete Services ...... 114 16.13 Managed Services ...... 115 16.14 Internal EIB service level agreement ...... 115 16.15 Service level targets ...... 115 16.15.1 Service Level Agreement ...... 116 16.15.2 Service Level Targets (minimum mandatory requirements) ...... 116 16.15.3 Detailed description of Service Level Targets ...... 117 16.15.4 Application of penalties ...... 120 16.15.5 SLA validity and review ...... 121 16.16 Takeover and exit assistance (hand-over) activities...... 121 16.16.1 Takeover of present activities ...... 121 16.16.2 Exit assistance (hand-over) Services...... 121 16.17 Required professional standards ...... 122 16.18 Contract management ...... 122 16.18.1 Relationship management ...... 122 16.18.2 Reports and meetings involving the Bank and Service Providers ...... 123 16.18.3 Business Continuity Programme (BCP) of the Service Provider ...... 124 16.18.4 Business continuity site ...... 125 16.19 IT Organisation at the EIB ...... 125 16.19.1 Service and project organisation at the EIB ...... 125 16.19.2 Policies, procedures and tools at the EIB ...... 125 16.20 Audits ...... 126 16.21 Invoicing ...... 126 17 CONTRACTING MODALITIES ...... 127 17.1 Framework Agreements ...... 127 17.2 Procedure for the award of specific assignments under the CASCADING mechanism (call-off mechanism) ...... 127 17.3 Procedure for the award of specific assignments under the PARALLEL mechanism (call-off mechanism) 127 17.4 Awarding assignments ...... 127 17.5 Changes to awarded Contracts ...... 128 17.6 Execution of assignments ...... 129
EIB Information Security classification: CONFIDENTIAL document Page 3 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
18 TENDER REQUIREMENTS AND STRUCTURE ...... 130 18.1 General tender requirements ...... 130 18.2 Joint offers (consortia) and subcontracting ...... 130 18.2.1 Joint offers ...... 130 18.2.2 Subcontracting ...... 131 18.2.3 Freelancing ...... 132 19 EXCLUSION CRITERIA AND ADMINISTRATIVE DOCUMENTATION ...... 133 20 SELECTION CRITERIA DOCUMENTATION ...... 134 20.1 Selection phase: Technical and professional capacity ...... 134 20.1.1 Technical and professional capacity ...... Error! Bookmark not defined. 20.1.2 Relevant experience ...... 134 20.1.3 Human Resources ...... 135 20.2 Selection phase: Economic and financial capacity ...... 136 21 AWARD CRITERIA DOCUMENTATION ...... 138 21.1 Compliance with mandatory requirements ...... 138 21.2 Technical award criteria {800/1000} ...... 138 21.3 Financial award criteria {200/1000} ...... 146 22 ASSESSMENT OF THE TENDERS ...... 148 22.1 Award Criteria for lots 5 and 11 ...... 148 22.1.1 Technical Award Criteria {800} ...... 148 22.1.2 Financial Award Criteria {200} ...... 150 22.1.3 Final score ...... 150 22.2 Award Criteria for lots 8 and 12 ...... 150 22.2.1 Technical Award Criteria {800} ...... 150 22.2.2 Financial Award Criteria {200} ...... 151 22.2.3 Final score ...... 151 22.3 Award Criteria for lot 6 ...... 152 22.3.1 Technical Award Criteria {800} ...... 152 22.3.2 Financial Award Criteria {200} ...... 153 22.3.3 Final score ...... 153 22.4 Award Criteria for lots 1 and 7 ...... 153 22.4.1 Technical Award Criteria {800} ...... 153 22.4.2 Financial Award Criteria {200} ...... 155 22.4.3 Final score ...... 155 22.5 Award Criteria for lot 10 ...... 155 22.5.1 Technical Award Criteria {800} ...... 155 22.5.2 Financial Award Criteria {200} ...... 157 22.5.3 Final score ...... 157 22.6 Award Criteria for lots 2, 3, 4 and 9 ...... 157 22.6.1 Technical Award Criteria {800} ...... 157 22.6.2 Financial Award Criteria {200} ...... 159 22.6.3 Final score ...... 159 23 TENDER DOCUMENTS CHECKLIST (FOR REFERENCE ONLY) ...... 160
EIB Information Security classification: CONFIDENTIAL document Page 4 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
1 Introduction
The European Investment Bank Group (EIB Group) is made up of the European Investment Bank (EIB) and the European Investment Fund (EIF). For the purposes of this Call for Tenders, the EIB Group is represented by the EIB.
The EIB is the financing institution of the European Union (EU). Created by the Treaty of Rome, its shareholders are the EU Member States, and its Board of Governors is composed of the Finance Ministers of these States. The EIB enjoys its own legal personality and financial autonomy within the EU system.
The EIB contributes towards the integration, balanced development and economic and social cohesion of the EU Member States. To this end, it raises on the markets substantial volumes of funds that it directs on favourable terms towards financing capital projects in accordance with the objectives of the EU. Outside the EU the EIB implements the financial components of agreements concluded under European development aid and cooperation policies. The EIF supports Europe’s SMEs by improving their access to finance through a wide range of selected financial intermediaries. To this end, the EIF designs, promotes and implements equity and debt financial instruments which specifically target SMEs. In this role, the EIF fosters EU objectives in support of entrepreneurship, growth, innovation, research and development, and employment.
More background information about the EIB may be found on the website http://www.eib.org. For further information on the EIF, please consult its website http://www.eif.org.
EIB Information Security classification: CONFIDENTIAL document Page 5 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
2 Summary
2.1 Definition of key terms used in these Terms of Reference
For the purposes of this Call for Tenders, the terms defined below shall have the following meaning. Please also refer to Article 1 of the Model Framework Agreement for the Provision of Services (Annex 5) for the definition of terms not defined here.
Term Definition Assignment Terms of Document describing the specific Service requirements for an Assignment. Specific Reference (AToR) deliverables and, as the case may be, means of tracking performance and quality will be defined in the Assignment Terms of Reference. Bank The European Investment Bank (may also be referred to as the EIB) as the Contracting Authority, representing the European Investment Group (the EIB Group) for the purposes of this Call for Tenders and the Framework Agreements. Any reference to the Bank or the EIB may or may not include the EIF, depending on the context. Business Hours From 07:00hrs to 19:00hrs on Bank working days. Call for Tenders The procurement procedure (open published) organised and implemented in accordance with the provisions of the EIB’s Corporate & Technical Assistance Procurement Guide1 for the procurement of services, supplies, works and concessions managed by the EIB (version July 2017). Continuous Services Long-term Assignments to meet on-going needs of the Bank in relation to a lot. Contract (or Specific Any contract pursuant to the Agreement entered into between the Bank and the Contract) Service Provider for the performance of an Assignment and formalised in writing either substantially in the form contained in Appendix C of the Model Framework Agreement or as a purchase order. Discrete Services Ad-hoc or project Assignments (of fixed duration and scope) to meet specific needs of the Bank in relation to a lot. EIB Group The European Investment Bank Group (EIB Group), made up of the European Investment Bank (EIB) and the European Investment Fund (EIF), as eventual beneficiary of the Services to be provided under the Agreement. Fixed Price (FP) Contractual arrangement for an Assignment in which the Service Provider is compensated based on the parties’ Agreement on a lump sum payable, irrespective of the actual resources (Time and Materials) used to perform the Assignment. Framework Agreement or The Framework Agreement(s) awarded by the Bank in each lot as a result of this Agreement Call for Tenders. FTE (Full Time The hours worked by one employee on a full-time basis, working on all working Equivalent) days and therefore not taking holidays into consideration (i.e. the FTE is counted as NOT having holidays, Service Providers shall therefore plan resources accord- ingly). General Terms and “General terms and conditions for Framework Agreements for the provision of Conditions or GTC services to the European Investment Bank”, forming an integral part of the Agreement, in “Annex 6 – General Terms and Conditions for framework agreements”. Managed Services Services that are being delivered On-Site or in a Nearshore location and measured based on outcome (e.g. SLAs) rather than inputs (e.g. numbers of people). Managed Services typically include ongoing management and operational services structured as an ongoing multiyear service, defined and governed by service-level agreements. The key element is that the Service Provider has the primary responsibility for managing and operating the offering both during the Bank’s Business Hours and outside. Nearshoring Services Continuous or Discrete Services that are being delivered outside of the EIB Premises, but within the EU/EEA. On-Call Services Provision of people available for Services outside the Bank’s Business Hours for timely intervention in case of incidents affecting the EIB IT services. On-Site Services On-Site Services are Continuous or Discrete Services that are being delivered at EIB Premises.
1http://www.eib.org/attachments/strategies/eib_corporate_and_technical_assistance_procure- ment_guide_2017_en.pdfhttp://www.eib.org/attachments/strategies/eib_corporate_and_technical_assis- tance_procurement_guide_2017_en.pdf
EIB Information Security classification: CONFIDENTIAL document Page 6 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Term Definition Premises The EIB Group’s headquarters and other buildings in Luxembourg, including offices and other technical buildings, as described in section 2.4.2.1. Service Provider(s) Economic operator(s) to whom a Framework Agreement is awarded for the performance of Services in each lot herein defined as a result of this Call for Tenders. Services The Services to be delivered by the Service Provider(s) under a Framework Agreement and more particularly described in sections 4-15 of this Call for Tender. Tenderer(s) Economic operator(s) submitting a tender in response to this Call for Tenders. Where these Terms of Reference refers to ‘Tenderer’ it shall be considered as ‘Service Provider’ after signature of the Framework Agreements, depending on the context. Terms of Reference This Annex describing the requirements for the Services to be provided under this (ToR) Call for Tender, including its appendices. Time & Materials (TM) Contractual arrangement for an Assignment in which the Service Provider is compensated based on the time spent and for materials used to perform the Assignment. Table 1: Definition of key terms used in these Terms of Reference
2.2 Key tender characteristics
Contracting Authority The EIB Group, comprising the EIB and the EIF, represented by the European Investment Bank, hereinafter referred to as “the EIB” or “the Bank”. Purpose Provision of external staff and services for maintenance, support, development and implementation of packages and specific information systems at the EIB Group. Lots This Call for Tenders is divided into twelve (12) distinct lots, each lot representing a different technical domain and scope:
Lot 1: Financial Packages Lot 2: Document Management System - SharePoint Lot 3: Document Management System - Content Server Lot 4: Admin Suite Applications Lot 5: Enterprise Service Bus and Service Oriented Architecture Lot 6: EIB-specific Applications Lot 7: Application Technical Support and Databases Lot 8: Business Analysis, Project Management and Testing Services Lot 9: Intranet and Extranet websites and applications Lot 10: Data Warehouse Lot 11: Administrative Services Lot 12: PeopleSoft
Tenderers may submit a proposal for one, several or all of the lots; the Bank considers that it is neither an advantage nor a disadvantage to submit proposals for all lots; Tenderers will be evaluated separately for each lot. Framework Agreement The EIB will sign multiple Framework Agreements with up to five successful Tenderers for each lot. For the execution of these Framework Agreements, a cascade award mechanism or a parallel award mechanism as described in 17.2 and 17.3 will apply. A draft Framework Agreement is included in Annex 5. Duration of the 4 years Framework Agreement
EIB Information Security classification: CONFIDENTIAL document Page 7 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Estimated maximum total Lot 1: EUR 20.000.000 value Lot 2: EUR 8.500.000 Lot 3: EUR 4.000.000 Lot 4: EUR 11.000.000 Lot 5: EUR 10.000.000 Lot 6: EUR 28.000.000 Lot 7: EUR 5.000.000 Lot 8: EUR 18.000.000 Lot 9: EUR 5.000.000 Lot 10: EUR18.000.000 Lot 11: EUR 3.500.000 Lot 12: EUR 14.000.000 (see Contract Notice in OJEU for more information). Tentative start date of the Framework Lots Description Earliest date of Agreement entry into force 1 Financial Packages Q4 2019 2 Document Management System – Q4 2019 SharePoint 3 Document Management System – Q4 2019 Content Server 4 Admin Suite Applications Q4 2019 5 Enterprise Service Bus and Service Q4 2019 Oriented Architecture 6 EIB-specific Applications Q4 2019 7 Application Technical Support and Q4 2019 Databases 8 Business Analysis, Project Q4 2019 Management and Testing Services 9 Intranet and Extranet websites and Q4 2019 applications 10 Data Warehouse 01/02/2020 11 Administrative Services Q4 2019 12 PeopleSoft 01/01/2020
Main places of delivery Mainly on-site at the Premises of EIB and off-site for On-Call Services, Managed Services and/or Nearshoring. Variants Not permitted. Joint offers (consortia) Permitted. Subcontracting Permitted. Table 2: Key tender characteristics
2.3 Overall tendering requirements (applicable to all lots)
Answers to this Call for Tenders must cover all the tender requirements indicated in this Terms of Reference (ToR). Failure to cover all general or specific sections will result in exclusion. During the evaluation process, the Bank may request the Tenderers to provide clarifications, explanations and/or evidence for the proposed terms, conditions, calculation of costs and prices, especially in cases where the tender “appears to be abnormally low” in the sense of Article 69 of the Directive 2014/24/EU on public procurement2. Such requests will be made in writing to the Tenderers designated point of contact.
All quantities and sizing mentioned in this document regarding this Call for Tenders and the EIB Group including staffing, infrastructure, services, hardware and software are indicative of the current situation and may change over the term of the Framework Agreement. Tenderers must also note that the
2 https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0024&from=EN
EIB Information Security classification: CONFIDENTIAL document Page 8 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
information provided for this tender intends to highlight what is most relevant and should therefore not be considered to be exhaustive.
The Bank may at any time decide to award Contracts for services that are not specifically listed in the ToR, due for example to the evolution of technology or operational and strategic decisions, but which will nevertheless fall within the scope of the Agreement.
Within a period of three years following the conclusion of the original (initial) Framework Agreement, the EIB may have recourse to a negotiated procedure without prior publication of a contract notice for new services consisting in the repetition of similar services entrusted to the economic operators to which the EIB awarded the original Framework Agreements. The additional services shall be in conformity with the basic project as described in these Terms of Reference.
Tenders must be fully inclusive of any hardware, software or tools necessary for the Service Provider to work with the Bank’s existing systems and technologies as listed in this ToR and any future systems acquired by the Bank following signature of the Framework Agreement. This said, the Service Providers will play an advisory role both at strategic and technological level, in domains that relate to or could affect the services described in this ToR, such as for instance software innovation, DevOps, virtualisation, cloud computing etc. in order to assist the EIB in making the right choices for the evolution of IT services at the Bank. It should be clear to the Tenderer that the EIB may choose to change tools during the execution of the Agreement, in which case the Tenderer will use whatever tools the EIB has chosen.
The Bank will provide strategic direction and leadership while the Service Provider will contribute to and underpin the Bank’s objectives. The Service Provider shall be proactive, reliable and technically skilled and prepared to invest in a mutually beneficial long-term relationship in which, under the leadership and management of the Bank, the Service Provider implements all planned services and provides efficient support for the Bank’s IT services. The Service Provider shall underpin the Bank’s ability to reach its objectives in terms of effectiveness, efficiency and compliance with internal policies and procedures for all services rendered. In the future, the Bank may wish to migrate a percentage of certain services from a Time and Materials model to a Partially or Fully Managed Services model. In those cases, the Bank requires the Service Provider to implement a process that will achieve this migration. The Bank may also want to use a Nearshoring service model for parts of the services, this is detailed in a separate section on the subject.
General principles to be applied:
The place where services shall be delivered is Luxembourg, unless specified differently in the AToR (e.g. for Managed Services, Nearshoring); Service Providers must be familiar, or to have familiarised themselves to the largest extent possible, with the prevailing economic and regulatory implications of providing services in EIB locations in Luxembourg, in particular in terms of timely sourcing and deployment of qualified IT staff; Service Providers must always ensure compliance with applicable environmental, social and labour law obligations established by Union law, national legislation, collective agreements or the international environmental, social and labour conventions listed in Annex X to Directive 2014/24/EU; Tenderers acknowledge and accept the possibility that provisions of Directive 2001/23/EC (as implemented into national law)3 may apply to this Agreement. In such case, both the incumbent service providers and the Service Providers shall fully cooperate with the transfer of those employees of the incumbent providing services under the current contract and shall perform all actions necessary to facilitate such transfer. For the avoidance of doubt, no em- ployee shall be transferred to the EIB;
3 Directive 2001/23/EC of 12 March 2011 on the approximation of the laws of the Member States relating to the safeguarding of employees' rights in the event of transfers of undertakings, businesses or parts of undertakings or businesses.
EIB Information Security classification: CONFIDENTIAL document Page 9 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Service Providers need to be versed in “good practice”in their respective domains. To this end they are expected to use, and have been proven to use, quality IT service management and security frameworks for their customers; The Bank is committed to open standards (i.e. not covered by patents and not proprietary); The Bank requires all Service Providers to strive to maintain a homogenous, interoperable and up-to-date IT environment; As there is a split into twelve (12) different lots, the Bank requires Service Providers to collaborate in a constructive and collegial manner, for the benefit of the Bank; There must be no requirement for changes to hardware or software. Changes to hardware or software are a decision for the Bank and will under no circumstances be based on demands from the Service Providers; Service Providers must provide time reporting for on-site resources, as required by the EIB, which will include differentiating and specifying day-to-day vs. project type activities; Service Providers must include an approved and budgeted plan for knowledge transfer to the replacement service provider prior to the expiry or termination (irrespective of the cause) of the Agreement. Essentially, Service Providers must co-operate and not frustrate the handover to a new service provider at the expiry or termination of the Agreement and ensure a smooth handover; In some cases, activities by the Service Provider that cause or may cause an interruption of services to the Bank will have to be conducted outside Business Hours. They can occur during the night, weekends, or holidays as per agreement with the EIB; During the term of the Agreement or of a Contract, the definition of Services, the minimum coverage required and the competencies may vary and the Service Provider must adapt accordingly. Should there be any reductions in cost, this shall be reflected in monthly/yearly costs; The main EIB offices are in Luxembourg, including the disaster recovery site. Over the course of the Agreement, Luxembourg locations may be added or removed.
2.4 Service provision modes
Different service types are in scope of this Framework Agreement, and those services can be delivered from different locations, as depicted below. The definitions for the service provision modes can be found in 2.1 Definition of key terms used in these Terms of Reference”.
Figure 1: Service provision modes
The Service Provider will provide Services to support the respective IT units in achieving their mission under one of the Service Types and Locations as described below. The specific service delivery
EIB Information Security classification: CONFIDENTIAL document Page 10 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
requirements for each of the lots are described in the ‘Contracting Modalities’ sections of the detailed lot descriptions.
2.4.1 Service types
2.4.1.1 Continuous Services
The Service Provider in each lot will be required to provide staff under longer-term assignments at EIB Premises or remotely. Continuous Services will typically cover ongoing maintenance and support, and handling day-to-day operations. However, this does not exclude involvement in project work or other activities in the service domain of the given lot.
According to the specifications in the different lots, Service Providers might be required to provide On- Call Services outside the Bank’s Business Hours, as described in section 16.7 On-Call assignments, for timely intervention in case of incidents affecting the EIB IT services. This type of service must be considered an add-on for Continuous Services that are being delivered on-site.
2.4.1.2 Discrete Services
The Service Provider in each lot will be required to provide staff under assignments of fixed duration (cf. ‘Projects’), on a Time and Materials basis or on a Fixed Price basis.
According to the specifications in the different lots, Service Providers might be required to provide On- Call Services outside the Bank’s Business Hours, as described in section 16.7 On-Call assignments, for timely intervention in case of incidents affecting the EIB IT services. This type of service must be considered an add-on for Discrete Services that are being delivered on-site.
2.4.2 Services location
2.4.2.1 On-Site
On-Site Services are Continuous or Discrete Services that are being delivered at the Bank’s Premises in Luxembourg:
Headquarter (WKI/EKI): 98-100, boulevard Konrad Adenauer, L-2950 Luxembourg
Main IT building (LHO) 43, Boulevard Pierre Frieden, L-1543 Luxembourg
Main Business Continuity site address will be provided to selected Service Providers.
2.4.2.2 Nearshoring
Nearshoring Services are Continuous or Discrete Services that are being delivered outside of the EIB Premises, but within the EU/EEA. According to the specifications in the different lots, Service Providers can be asked to migrate (part of) the Discrete or Continuous Services for their lot to a Nearshoring delivery model, as described in section 16.8 “Nearshoring”.
EIB Information Security classification: CONFIDENTIAL document Page 11 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
2.4.3 Other Service modalities: Managed Services
Managed Services are a subset of Continuous Services that are being delivered on-site or in a nearshore location. Managed Services typically include ongoing management and operational services structured as an ongoing multiyear service, defined and governed by service-level agreements. The key element is that the Service Provider has the primary responsibility for managing and operating the offering.
The offering itself may be limited to ongoing curation of data or may involve the operational management of the business process or technology solution. Services may range across business processes, applications, and platforms that are customized, commercial off-the-shelf (COTS), software as a service (SaaS) or combinations thereof, as specified in the domain descriptions of the respective lots.
According to the specifications in the different lots, Service Providers can be asked to migrate (part of) the Continuous Services for their lot to a Managed Services delivery model, as described in section 16.13 “Managed Services”.
EIB Information Security classification: CONFIDENTIAL document Page 12 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
3 Overview of lots
The scope of this procurement procedure is the provision of IT services in relation to the maintenance, support, development and implementation of packages and specific information systems at the European Investment Bank, as well as business analysis, enterprise architecture, testing, change management and project management services.
The following is a description of the current scope at the EIB, which is provided as general information to the Tenderers in order to allow them to assess their capacity to respond to the Call for Tenders.
An overview of the different lots, the required profiles, the contracting modalities and the estimated volumes over the duration of the Framework Agreement are provided in the table below:
Lot Name Profiles Contracting Modality4 Maximum Contract Volume 1 Financial packages Programming/Software Development D (T&M): Parallel € 20.000.000 Business Analysis D (FP): Parallel Software Design C: Parallel Portfolio, Programme and Project Support Project Management Application Support 2 Document Management Programming/Software Development D (T&M): Cascade € 8.500.000 System – SharePoint Systems Design D (FP): Cascade Business Analysis C: Cascade Systems Software Project Management Testing
3 Document Management Programming/Software Development D (T&M): Cascade € 4.000.000 System – Content Server Systems Design D (FP): Cascade Business Analysis C: Cascade Systems Software Project Management Testing 4 Admin Suite Applications Project Management D (T&M): Cascade € 11.000.000 Change Manager / Communications D (FP): Cascade Manager C: Cascade Information Content Authoring (Technical Author) Business Analysis Programming/Software Development Programming/Software Development (java) Solutions Test Manager Package Application Specialist Application Technical Administrator Application Technical Administrator (BMC) Service/Contract Manager Solutions Architect 5 Enterprise Service Bus Programming/Software Development D (T&M): Cascade € 10.000.000 and Service Oriented Project Management D (FP): Cascade Architecture Systems Design C: Cascade Application Support 6 EIB-specific Applications Programming/Software Development D (T&M): Cascade € 28.000.000 Business Analysis D (FP): Cascade Systems Design C: Cascade Project Management Testing 7 Application Technical Project Management D (T&M): Cascade € 5.000.000 Support & Databases Database Administration (Oracle, D (FP): Cascade Sybase, MsSQL) C: Cascade Application Support
4 D: Discrete Services; C: Continuous Services, T&M: Time and Materials, FP: Fixed Price
EIB Information Security classification: CONFIDENTIAL document Page 13 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Lot Name Profiles Contracting Modality4 Maximum Contract Volume 8 Business Analysis, Project Project Management D (T&M): Parallel € 18.000.000 Management and Testing Business Analysis D (FP): Parallel Services Specialist Advice C: Parallel Testing 9 Intranet and Extranet Programming/Software Development D (T&M): Cascade € 5.000.000 websites and applications Systems Design D (FP): Cascade User Experience Analysis and Design C: Cascade Project Management Systems Software Business Analysis Testing 10 Data Warehouse Programming/Software Development D (T&M): Cascade € 18.000.000 Business Analysis D (FP): Cascade Project Management C: Cascade Systems Design 11 Administrative Services Vendor Management Support D (T&M): Parallel € 3.500.000 Budget D (FP): Parallel Contracts C: Parallel Project & Reporting 12 PeopleSoft Business Analysis D (T&M): Cascade € 14.000.000 PeopleSoft Technical Application D (FP): Cascade Specialist C: Cascade PeopleSoft Administrator Project Management Testing Table 3: Overview of the 12 lots in this Call for Tenders
For each lot, the Service Provider shall provide the Bank with profiles from 4 possible levels of seniority listed below, except for lot 10:
Junior: 1-2 years of experience Intermediate: 3-6 years of experience Senior: 7-10 years of experience (in case there is also a specialist profile required), or 7 or more years of experience (in case no specialist profile is required) Specialist: 11 or more years of experience
EIB Information Security classification: CONFIDENTIAL document Page 14 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
4 Lot 1: Financial packages
4.1 Lot overview
Lot 1 covers services related to the maintenance, support and development of the EIB’s financial (off- the-shelf) packages used in the treasury, capital market, back-office lending and risk management area. Those services are necessary to operate financial packages in the short-term, and include some or all of the following non-exhaustive activities:
Application monitoring System performance improvement End-users support and investigation of technical / functional issues Coordination of the resolution of issues with other IT units Maintenance of the test and development environments Installation of patches Functional and technical analysis Application testing and documentation
Furthermore, lot 1 covers expert services related to the maintenance, support and development of these financial packages, to deploy software and configuration changes in the financial packages and includes some or all of the following non-exhaustive activities:
Application architecture and strategy development Value added services such as Quality Control or Security Auditing Organisation Change Management and Business Process Reengineering Project Management including typical Project Office tasks Requirement specification Development of new features or modules Code review Training & communication
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 4.3):
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Junior Programming and scripting development languages (Unix shell, Python, Perl) and DBMS 5 Systems (Oracle and/or Sybase) Programming / Software Intermediate Programming and scripting development languages (Unix shell, Python, Perl) and DBMS 5 Systems (Oracle and/or Sybase) Programming / Software Senior Programming and scripting development languages (Unix shell, Python, Perl) and DBMS 2 Systems (Oracle and/or Sybase) Business Analysis Junior See profile descriptions in 5 section 4.3 Business Analysis Intermediate See profile descriptions in 5 section 4.3 Business Analysis Senior See profile descriptions in 2 section 4.3 Software Design Senior Knowledge of IT applications architecture and IT infrastructure 5 Specialist of one or more financial packages listed
EIB Information Security classification: CONFIDENTIAL document Page 15 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE under 4.2, including a recent certification Portfolio, programme and Junior 2 Microsoft Office project support Project Management Intermediate Microsoft Project 3 Project Management Senior Microsoft Project 2 Application Support Junior - RDBMS (Sybase 15.*, 2 Oracle 12g, MySQL 5.*) - OS (Linux/ Windows System admin, Performance monitoring and debugging) - Middleware JBOSS, VSphere 5.* - Network debugging (strace, tcpdump, wireshark) - Application server setup (JBoss) Application Support Intermediate - RDBMS (Sybase 15.*, 2 Oracle 12g, MySQL 5.*) - OS (Linux/ Windows System admin, Performance monitoring and debugging) - Middleware JBOSS, VSphere 5.* - Network debugging (strace, tcpdump,wireshark) - Application server setup (JBoss) Application Support Senior - RDBMS (Sybase 15.*, 2 Oracle 12g, MySQL 5.*) - OS (Linux/ Windows System admin, Performance monitoring and debugging) -Middleware JBOSS, VSphere 5.* - Network debugging (strace, tcpdump,wireshark) - Application server setup (JBoss) Table 4: Overview of profiles for lot 1
4.2 Domain descriptions
Lot 1 covers services related to the following main financial packages:
Application Description Technology Users Volumes Environments Accurate - Back-Office -FISERV v2.17.0 100 - The - Development Reconciliation - Oracle 12 reconciliation - Integration Test - Intraday and -Red Hat Linux system is a data - UAT End-of-day 6.6 hub, which - Production Reconciliation of -Client-Server concentrates nostro -Thick Windows information from movements and client the SWIFT balances, -Thin client - https Alliance, WSS- - Real-time - Application TRM, PSFT matching of trade server Jboss Accounting and confirmations, - DB server Oracle APEX. - Monthly - 400 accounts reconciliation of reconciled on securities end-of-day basis positions - 50 accounts reconciled Intraday
EIB Information Security classification: CONFIDENTIAL document Page 16 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments - 100 safe accounts for Securities - 2 deal types for Confirmations (FX and MM) APEX Collateral - Collateral - FIS (Former: 50 Implementation of - Development Management SunGard) APEX repo phase - Integration Test - Collateral v16.1 ongoing; - UAT Management - Oracle 12 integration with - Production Inventory (cash - Red Hat Linux several trading and security 6.6 platforms is collateral from - Client-Server foreseen in the repo / reverse - APEX Collateral future repo, loans and is written in Java, swaps business based on spring lines) framework - Margining - Repo trading CompatibL Risk Application CompatibL 50 High volume - Development framework for platform (6.1, 7 calculation - Integration Test calculation of and above) engine, with daily, - UAT financial risk and C# stack weekly batches - Production financial software C# Development for various risk in general Knowledge of and financial CompatibL scenarios models Quantitative skillset Microservices rest Kubernetes, Redis, and MongoDB. Grid computing Financial - Manual entry of - edited by 50 10000 financial - UAT Statement financial ACTICO GmbH) statements - Production Database (FSDB) statements data - Oracle created or using - Red Hat updated per year standardized - JBoss financial spreading templates - Comparison of data between periods for a given company, and across companies over time IBM Algorithmics - Market Risk, Algorithmics (RW, 20 Others in-house - Development ALM, Liquidity IDM, MDM, ASE, developed - Integration Test Forecasting PMU, RM) v5 satellite - UAT - Long term applications are - Production forecasting and available, based gap analysis on data extracts - Value at Risk from Algo and calculations from EIB's - IFRS Fair value Datawarehouse, calculations to provide - Short Term custom-made liquidity Stress tools allowing to Testing analyse the EIB - Calculations of figures, to Earnings measure the contribution and performance and performance to simulate the - Forecasts and evolution of the Projections Bank MATLAB - General v2016b 30 used for various - Development mathematical activities such as - Integration Test programing tool , rate setting, loan - UAT
EIB Information Security classification: CONFIDENTIAL document Page 17 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments - Validation grading, - Production - Credit Modelling modelling Various - Mathematical models - Statistical programing. Moody’s Analytics - Risk Proprietary 10 One loading per - Development Risk Authority Management - ETL IBM month - Integration Test Basel II and Datastage - UAT Basel III SYBASE - Production -Basel Capital Adequacy Requirement
RM-Derivatives Pricing of - windows 2016 ( 10 Processing of - Development derivatives: upgrade in approx. 3,000 - Integration Test - valuation progress ) swap transactions - UAT - call probabilities - C# for in-house overnight, very - Production - valuation under add on high volume with risk scenarios developments millions of (PFE: Potential Sybase database calculations Future Exposure) backend performed for - reporting of new - ETL for data valuations and risk measures. transfer PFE autosys for scheduling - BO for certain reporting - PowerShell for batch control SAS Modelling - Statistical - SAS server on 40 IFRS9 Probability - Development Analysis UNIX of Default and - Integration Test - PD, LGD - Internal Loss Given - UAT Creation database Default - Production - Credit Modelling - Oracle DB calculations - Statistical - Thin and Thick performed on a Analysis client quarterly basis, - SAS v9.4 medium volume SAS Ops Risk - Operational Risk - SAS server on 3 Low volume - Development Calculation UNIX - Integration Test - AMA calculation - Internal - UAT for ops risk database - Production - Risk register - Oracle DB database - Thin and Thick client - SAS v9.2 Screening - Screening of - Windows 40 One screening - Integration Test Deployed EIF & EIB - MS SQL Server per day - UAT counterparties - Production and related parties for Anti- money Laundering purposes - Alert management Swift Alliance - Back-Office: - SWIFT v7.2 60 ON a yearly - Development Transmission of - SWIFT Alliance basis: - Integration Test financial Access and - 70K messages - UAT messages Alliance Web of 30 types sent: - Production - MT messages Platform located Cash Payments, - FileAct files in a secure zone Deal - Integration with with restricted confirmations, back-office via access Security buy/sell MQ - Jump servers to confirmations and - Secure Zone access the secure payments management zone on Windows - 330K messages - TARGET2 2012 by 70 types participation and - 2FA received: Account access to ICM authentication via statements, module SMS Security
EIB Information Security classification: CONFIDENTIAL document Page 18 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments - Data Reporting positions, Cash (BO) based on Payments, Deal custom based confirmations, message Security buy/sell database (SWIFT confirmation and Traffic Storage) payments - Interfaces with back-office systems WSS- TRM, WSS-CLM, Accurate, APEX- CMS, Reporting Message DB (SWIFT Traffic Storage) WallStreet Suite - - Treasury: Front, - Wallstreet 200 - Treasury - Development TRM Back and Middle- Systems 7.3.3 operation: FX, - Integration Test Office - Solaris 10 Money Market - UAT - Borrowings: - Sybase 15 instruments and - Production Front and Back- - Python, Perl Securities Office - Xml (>10,000 trades - Deal capture - Messaging: IBM per year) - Middle-Office WebSphere MQ, - Borrowings: EIB trade monitoring ActiveMQ issues and their - Credit Limits related monitoring derivatives (<100 - Performance trades per year, measurement >50 bn EUR - Settlement equivalent raised processing & annually on the SWIFT messages capital markets, - Cash via large management benchmark bonds - Accounting sub- and smaller ledger complex - Market data structured management transactions) - Valuation - Payments and transfers: >30,000 back- office transaction processing per year - Number of interfaces: > 25 (Market data feeders, Lending back-office system, Collateral management system, Data Warehouse, Accounting general ledger, Swift gateway, Document Archiving, etc.). Contains several customer specific developments in areas of reporting, settlement, interfaces. -Contains several customer specific developments in areas of reporting, settlement, interfaces.
EIB Information Security classification: CONFIDENTIAL document Page 19 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments - Monthly maintenance releases - Approx. 400 change requests / year - Project duration: 1-3 months for regular business evolutions, >12 months for major application upgrades. WallStreet Suite - - Lending Back- - Wallstreet 110 - Customer - Development CLM Office Systems 7.4.4 Specific - Integration Test - Lending - Solaris 10 Developments - UAT Contract data - Sybase 15 (CSDs) exist in - Production - Product types: - Python, Perl the following Loans, - Xml areas: Guarantees, - Messaging: IBM - Facility Equity, WebSphere MQ, Situation, Debt Investment ActiveMQ Schedule, Alerts, Grants etc. - Loan lifecycle - There are events: several interfaces Disbursements, Prepayments, Amendments, Rate Renewal, Conditional remuneration, Guaranty call, Equity investing. - Debt Services: Payment allocation, Late Payment Penalties - Monitoring: Loan Monitor, Debt Monitor - Accounting Generation and IFRS9 accounting mode - Document creation and management Table 5: Domains for lot 1
4.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming / Software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming / Software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and
EIB Information Security classification: CONFIDENTIAL document Page 20 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming / Software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Intermediate processes and systems, Investigates operational reducing their costs, requirements, problems, and enhancing their opportunities, seeking sustainability, and the effective business solutions quantification of potential through improvements in business benefits. The automated and non- collaborative creation and automated components of iteration of viable new or changed processes. specifications and Assists in the analysis of acceptance criteria in stakeholder objectives, and preparation for the the underlying issues arising deployment of information from investigations into and communication business requirements and systems. The adoption and problems, and identifies adaptation of business options for consideration. analysis approaches based Works with stakeholders, to on the context of the work identify potential benefits and selecting appropriately and available options for from predictive (plan-driven) consideration, and in approaches or adaptive defining acceptance tests. (iterative/agile) approaches. Contributes to selection of the business analysis methods, tools and
EIB Information Security classification: CONFIDENTIAL document Page 21 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Business Analysis Senior Takes full responsibility for business analysis within a significant segment of an organisation where the advice given, and decisions made will have a measurable impact on the profitability or effectiveness of the organisation. Leads the selection of appropriate business analysis methods, tools, techniques; selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Establishes the contribution that technology can make to business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Software Design Senior The specification and design Leads the selection and of software to meet defined development of appropriate requirements by following software design methods, agreed design standards tools, techniques; whether and principles. The definition predictive (plan-driven) of software, components, approaches or more interfaces and related adaptive (iterative/agile) characteristics. The approaches. Develops identification of concepts organisational policies, and patterns and the standards, and guidelines translation into a design for software design and which provides a basis for software architectures. software construction and Ensures adherence to verification. The evaluation technical strategies and of alternative solutions and systems architectures trade-offs. The facilitation of (including security). design decisions within the constraints of systems designs, design standards, quality, feasibility, extensibility and maintainability. The development and iteration of prototypes/simulations to enable informed decision- making. The adoption and adaptation of software design models, tools and techniques based on the context of the work and selecting appropriately from predictive (plan-driven)
EIB Information Security classification: CONFIDENTIAL document Page 22 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility approaches or adaptive (iterative/agile) approaches. Portfolio, programme and Junior The provision of support and Assists with the compilation project support guidance on portfolio, of portfolio, programme and programme and project project management reports. management processes, Maintains programme and procedures, tools and project files from supplied techniques. Support actual and forecast data. includes definition of portfolios, programmes, and projects; advice on the development, production and maintenance of business cases; time, resource, cost and exception plans, and the use of related software tools. Tracking and reporting of programme/project progress and performance are also covered, as is the capability to facilitate all aspects of portfolio/ programme/ project meetings, workshops and documentation. Project Management Intermediate The management of Takes full responsibility for projects, typically (but not the definition, approach, exclusively) involving the facilitation and satisfactory development and completion of medium-scale implementation of business projects (typically with direct processes to meet identified business impact and firm business needs, acquiring deadlines). Identifies, and utilising the necessary assesses and manages resources and skills, within risks to the success of the agreed parameters of cost, project. Ensures that timescales, and quality. The realistic project plans are adoption and adaptation of maintained and ensures project management regular and accurate methodologies based on the communication to context of the project and stakeholders. Adopts selecting appropriately from appropriate project predictive (plan-driven) management methods and approaches or adaptive tools whether predictive (iterative/agile) approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances.
Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting
EIB Information Security classification: CONFIDENTIAL document Page 23 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders.
Application Support Junior The provision of application Identifies and resolves maintenance and support issues with applications, services, either directly to following agreed users of the systems or to procedures. Uses service delivery functions. application management Support typically includes software and tools to collect investigation and resolution agreed performance of issues and may also statistics. Carries out agreed include performance applications maintenance monitoring. Issues may be tasks. Application Support Intermediate resolved by providing advice Maintains application or training to users, by support processes, and devising corrections checks that all requests for (permanent or temporary) support are dealt with for faults, making general or according to agreed site-specific modifications, procedures. Uses updating documentation, application management manipulating data, or software and tools to defining enhancements investigate issues, collect Support often involves close performance statistics and collaboration with the create reports. Application Support Senior system's developers and/or Drafts and maintains with colleagues specialising procedures and in different areas, such as documentation for Database administration or applications support. Network support. Manages application enhancements to improve business performance. Advises on application security, licensing, upgrades, backups, and disaster recovery needs. Ensures that all requests for support are dealt with according to set standards and procedures. Table 6: Detailed profiles for lot 1
4.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Parallel Discrete Services (Fixed Price): Parallel Continuous Services: Parallel
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 24 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
5 Lot 2: Document Management System - SharePoint
5.1 Lot description
Lot 2 covers the maintenance, support and development of SharePoint applications and solutions.
The EIB uses all major SharePoint areas, the main business needs in the Call for Tenders being (non- exhaustive listing):
Development of new applications/solutions Maintenance /support of the existing applications/solutions Examples of solutions in place today (November 2018): o Document generation and collaboration with approval workflows, including presence information, about 60 users o FAST-based document collection and curation, about 5 users o Publishing for legal documents, about 100 users o Team Sites for IT and others, including the governance of the sites o Excel services and other end-user computing solutions Development of new Business Intelligence (BI) applications/solutions Maintenance/support of the existing BI-applications/solutions Example of a solution in place as of today (November 2018): o Directorate dashboards Business analysis leading to new SharePoint applications/solutions Maintenance/support of the existing interfaces using Microsoft Office and OpenXML (document data injection, merge service) Interfaces/integration between SharePoint and OpenText Content Server 10 platform based solutions and content migration between the two
The staff member must demonstrate knowledge and competence in: In depth knowledge and experience in the use of C# and .Net The use of Linq and lambda to handle IEnumerable lists using generics Good understanding of interfaces, classes and abstract classes Understanding of Microsoft C# libraries such as WCF Good knowledge of ASP.Net development (although it does not need to be on Share-Point)
Regarding SharePoint, the staff member must demonstrate knowledge and competence in: In depth knowledge and experience in SharePoint and its modules Knowledge and experience in the C# Server Object Model (SOM) Knowledge of SharePoint SOM development with lists, pages, and content types
Knowledge on Microsoft development tools and development best practice is required, especially in: Visual Studio Team Foundation Server (TSF) Testing frameworks TFS build/deploy
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 5.3):
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Junior - MS SharePoint 2010 and 0.2 development 2019 - MS Office 365 Programming / Software Intermediate - MS SharePoint 2010 and 0.2 development 2019 - MS Office 365
EIB Information Security classification: CONFIDENTIAL document Page 25 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Senior - MS SharePoint 2010 and 8 development 2019 - MS Office 365 Systems Design Senior - MS SharePoint 2010 and 0.5 2019 - MS Office 365 Business Analysis Junior - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Business Analysis Senior - MS SharePoint 2010 and 1.5 2019 - MS Office 365 Systems Software Junior - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Systems Software Senior - MS SharePoint 2010 and 2 2019 - MS Office 365 Project Management Junior - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Project Management Intermediate - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Project Management Senior - MS SharePoint 2010 and 2 2019 - MS Office 365 Testing Junior - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Testing Intermediate - MS SharePoint 2010 and 0.2 2019 - MS Office 365 Testing Senior - MS SharePoint 2010 and 1 2019 - MS Office 365 Table 7: Overview of profiles for lot 2
5.2 Domain descriptions
Application Description Technology Users Volumes Environments SharePoint Content SharePoint 2013 5.500 - 1.7 million - Development management and .NET 4.45 documents - Integration Test collaboration Visual Studio - 131 sites - UAT 2012 - Total Size: - Production 330GB Table 8: Domains for lot 2
The tasks and activities will include: Application architecture and strategy development Application prototyping and piloting Application analysis design and development Application testing and documentation Data or document migration Technical administration
Moreover, a working knowledge of design patterns is necessary: Knowledge about what a singleton, strategy, and factory pattern is and what they are used for Knowledge of the SOLID development principles OpenXML Microsoft office AddIns development Microsoft WCF integration experience
EIB Information Security classification: CONFIDENTIAL document Page 26 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Some additional frameworks and development tools that might be used during the maintenance, support and development of SharePoint applications and solutions: .NET Framework ASP.NET ASP.NET MVC Entity Framework Node.js Visual Studio Code Gulp Web pack TypeScript Yeoman Mocha Chai Enzyme Sinon React KendoUI Office UI Fabric SASS PnPJS
5.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming / Software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming / Software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming / Software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities.
EIB Information Security classification: CONFIDENTIAL document Page 27 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Systems Design Senior The design of systems to Develops organisational meet specified policies, standards, requirements, compatible guidelines, and methods for with agreed systems systems design. Champions architectures, adhering to the importance and value of corporate standards and systems design principles within constraints of and the selection of performance and feasibility. appropriate systems design The identification of lifecycle models; whether concepts and their predictive (plan-driven) translation into a design approaches or more which forms the basis for adaptive (iterative/agile) systems construction and approaches. Drives adoption verification. The design or of and adherence to relevant selection of components. policies, standards, The development of a strategies and architectures. complete set of detailed Leads systems design models, properties, and/or activities for strategic, large characteristics described in and complex systems a form suitable for development programmes. implementation. The Develops effective adoption and adaptation of implementation and systems design lifecycle procurement strategies, models based on the context consistent with specified of the work and selecting requirements, architectures appropriately from predictive and constraints of (plan-driven) approaches or performance and feasibility. adaptive (iterative/agile) Develops systems designs approaches. requiring introduction of new technologies or new uses for existing technologies. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Senior processes and systems, Takes full responsibility for reducing their costs, business analysis within a enhancing their significant segment of an sustainability, and the organisation where the quantification of potential advice given, and decisions business benefits. The made will have a collaborative creation and measurable impact on the iteration of viable profitability or effectiveness specifications and of the organisation. Leads acceptance criteria in the selection of appropriate preparation for the business analysis methods, deployment of information tools, techniques; selecting and communication appropriately from plan- systems. The adoption and
EIB Information Security classification: CONFIDENTIAL document Page 28 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility adaptation of business driven/predictive approaches analysis approaches based or more adaptive (iterative on the context of the work and agile) approaches. and selecting appropriately Establishes the contribution from predictive (plan-driven) that technology can make to approaches or adaptive business objectives, defining (iterative/agile) approaches. strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. System Software Junior The provision of specialist Uses system management expertise to facilitate and software and tools to collect execute the installation and agreed performance maintenance of system statistics. Carries out agreed software such as operating system software systems, data management maintenance tasks. System Software Senior products, office automation Evaluates new system products and other utility software, reviews system software. software updates and identifies those that merit action. Ensures that system software is tailored to facilitate the achievement of service objectives. Plans the installation and testing of new versions of system software. Investigates and coordinates the resolution of potential and actual service problems. Ensures that operational documentation for system software is fit for purpose and current. Advises on the correct and effective use of system software. Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and
EIB Information Security classification: CONFIDENTIAL document Page 29 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. Project Management Intermediate Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects (typically with direct business impact and firm deadlines). Identifies, assesses and manages risks to the success of the project. Ensures that realistic project plans are maintained and ensures regular and accurate communication to stakeholders. Adopts appropriate project management methods and tools whether predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders.
EIB Information Security classification: CONFIDENTIAL document Page 30 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks. Testing Intermediate interfaces, perform as Accepts responsibility for specified (including security creation of test cases using requirements) , and that the own in-depth technical risks associated with analysis of both functional deployment are adequately and non-functional understood and specifications (such as documented. Testing reliability, efficiency, includes the process of usability, maintainability and engineering, using and portability). Creates maintaining testware (test traceability records, from cases, test scripts, test test cases back to reports, test plans, etc.) to requirements. Produces test measure and improve the scripts, materials and quality of the software being regression test packs to test tested. new and amended software or services. Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results, and maintains a defect register. Reviews test results and modifies tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. Testing Senior Coordinates and manages planning of the system and/or acceptance tests, including software security testing, within a development or integration project or programme. Takes responsibility for integrity of testing and acceptance activities and coordinates the execution of these activities. Provides authoritative advice and guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process
EIB Information Security classification: CONFIDENTIAL document Page 31 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility improvements, and contributes to corporate testing standards and definition of best practice. Table 9: Detailed profiles for lot 2
5.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 32 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
6 Lot 3: Document Management System – Content Server
6.1 Lot description
Lot 3 covers Services related to the maintenance, support and development of the EIB’s Document Management System (Content Server). The required Services are grouped in 3 categories: development, maintenance and operational.
Development of the system includes, amongst others:
Support for the evolution of interfacing systems, based mostly on Webservices Development/maintenance of Webservices Minor improvements and customisations Configuration and customisations of built-in features of content server Longer-term projects requiring planning, management and implementation of services Implementation of new modules, either from the software provider (OpenText) or 3rd parties
Maintenance of the system includes, amongst others:
Performance and capacity monitoring Planning and improvements Software upgrades Issue tracking with the software provider Involvement in hardware changes / virtualisation Corrective action to address any failures on the core product or the customisations
Operation of the system includes, amongst others:
Technical administration 2nd level support
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 6.3):
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Junior - OpenText Content Server 0.2 development - OScript - Javascript - HTML Programming / Software Intermediate - OpenText Content Server 1.5 development - OScript - Java - Webservices - Javascript Programming / Software Senior - OpenText Content Server 2.2 development - OScript - Archive Center - OTDS - Monitoring - Upgrades - AGA - Java - Webservices - .Net - Oracle SQL - Webreports Systems Design Senior - OpenText Content Server 1.5 - Content Server integrations - Archive Center - OTDS - Monitoring
EIB Information Security classification: CONFIDENTIAL document Page 33 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - Upgrades - AGA - Records Management Systems Software Senior - OpenText Content Server 1.1 - Administration - Archive Center - OTDS - Monitoring - Webservers (IIS, Tomcat preferably) - Upgrades - AGA - Windows Server OS2012 - VMWare - PowerShell - Kerberos - Active Directory Business Analysis Junior - Refer to section 6.3 0.2 Business Analysis Intermediate - Refer to section 6.3 0.2 Business Analysis Senior - Refer to section 6.3 0.1 Project Management Junior - Refer to section 6.3 0.2 Project Management Intermediate - Refer to section 6.3 0.2 Project Management Senior - Refer to section 6.3 0.2 Testing Junior - Refer to section 6.3 0.1 Testing Intermediate - Refer to section 6.3 0.2 Testing Senior - Refer to section 6.3 0.1 Table 10: Overview of profiles for lot 3
6.2 Domain descriptions
In 2004, the EIB finalised the installation and deployment of the OpenText Document Management software (Content Server) running originally on UNIX, later migrated to Windows, with a number of customisations for the EIB to meet its document and records management requirements across the whole Bank.
At present, the system has approximately 5,500 users, with some 15 million documents and EIB records. It primarily supports the EIB’s lending systems as well as all other EIB business processes divided in a central repository named Content Server and organised in an activity based structured taxonomy (file plan, metadata, etc.). The system is integrated with a number of business applications and with SharePoint.
Content Server version 10.5 from OpenText has been installed for the entire Bank with a range of modules from Content Suite Platform Package plus some other modules like: Records Management Document Properties Synchronization Application Governance and Archiving Content Intelligence including Webreports and ActiveView Archive Center 3rd party modules/tools (XMLInterlinks, Muhimbi PDF conversion) A number of EIB-specific customisations, in particular o Interfaces to 30+ other systems of the EIB, like the custom-made lending application called SERAPIS o SharePoint integration o PeopleSoft and Wall Street Suite integration, etc.
Application Description Technology Users Volumes Environments Gestion Content - OpenText 5500 - 11 million - Development Electronique des Management Content Server documents - Integration Test Documents 10.5 and 4 million - UAT (Content Server) - Windows emails stored - Production Server 2012 - 3,5 million - VMWare folders
EIB Information Security classification: CONFIDENTIAL document Page 34 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments - Oscript and - 1300 user Java groups - Oracle 12c - 2.200 projects - .NET Basic - 100.000 user transactions per day - 12.000 documents added per day Table 11: Domains for lot 3
6.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming / Software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming / Software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming / Software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development.
EIB Information Security classification: CONFIDENTIAL document Page 35 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Systems Design Senior Designing of systems to Develops organisational meet specified policies, standards, requirements, compatible guidelines, and methods for with agreed systems systems design. Champions architectures, adhering to the importance and value of corporate standards and systems design principles within constraints of and the selection of performance and feasibility. appropriate systems design The identification of lifecycle models; whether concepts and their predictive (plan-driven) translation into a design approaches or more which forms the basis for adaptive (iterative/agile) systems construction and approaches. Drives adoption verification. The design or of and adherence to relevant selection of components. policies, standards, The development of a strategies and architectures. complete set of detailed Leads systems design models, properties, and/or activities for strategic, large characteristics described in and complex systems a form suitable for development programmes. implementation. The Develops effective adoption and adaptation of implementation and systems design lifecycle procurement strategies, models based on the context consistent with specified of the work and selecting requirements, architectures appropriately from predictive and constraints of (plan-driven) approaches or performance and feasibility. adaptive (iterative/agile) Develops systems designs approaches. requiring introduction of new technologies or new uses for existing technologies. System Software Senior The provision of specialist Evaluates new system expertise to facilitate and software, reviews system execute the installation and software updates and maintenance of system identifies those that merit software such as operating action. Ensures that system systems, data management software is tailored to products, office automation facilitate the achievement of products and other utility service objectives. Plans the software. installation and testing of new versions of system software. Investigates and coordinates the resolution of potential and actual service problems. Ensures that operational documentation for system software is fit for purpose and current. Advises on the correct and effective use of system software. Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and
EIB Information Security classification: CONFIDENTIAL document Page 36 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. Project Management Intermediate Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects (typically with direct business impact and firm deadlines). Identifies, assesses and manages risks to the success of the project. Ensures that realistic project plans are maintained and ensures regular and accurate communication to stakeholders. Adopts appropriate project management methods and tools whether predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages
EIB Information Security classification: CONFIDENTIAL document Page 37 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility expectations of all project stakeholders. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Intermediate processes and systems, Investigates operational reducing their costs, requirements, problems, and enhancing their opportunities, seeking sustainability, and the effective business solutions quantification of potential through improvements in business benefits. The automated and non- collaborative creation and automated components of iteration of viable new or changed processes. specifications and Assists in the analysis of acceptance criteria in stakeholder objectives, and preparation for the the underlying issues arising deployment of information from investigations into and communication business requirements and systems. The adoption and problems, and identifies adaptation of business options for consideration. analysis approaches based Works with stakeholders, to on the context of the work identify potential benefits and selecting appropriately and available options for from predictive (plan-driven) consideration, and in approaches or adaptive defining acceptance tests. (iterative/agile) approaches. Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Business Analysis Senior Takes full responsibility for business analysis within a significant segment of an organisation where the advice given, and decisions made will have a measurable impact on the profitability or effectiveness of the organisation. Leads the selection of appropriate business analysis methods, tools, techniques; selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Establishes the contribution that technology can make to business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all
EIB Information Security classification: CONFIDENTIAL document Page 38 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks. Testing Intermediate interfaces, perform as Accepts responsibility for specified (including security creation of test cases using requirements) , and that the own in-depth technical risks associated with analysis of both functional deployment are adequately and non-functional understood and specifications (such as documented. Testing reliability, efficiency, includes the process of usability, maintainability and engineering, using and portability). Creates maintaining testware (test traceability records, from cases, test scripts, test test cases back to reports, test plans, etc.) to requirements. Produces test measure and improve the scripts, materials and quality of the software being regression test packs to test tested. new and amended software or services. Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results, and maintains a defect register. Reviews test results and modifies tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. Testing Senior Coordinates and manages planning of the system and/or acceptance tests, including software security testing, within a development or integration project or programme. Takes responsibility for integrity of testing and acceptance activities and coordinates the execution of these activities. Provides authoritative advice and guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test
EIB Information Security classification: CONFIDENTIAL document Page 39 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice. Table 12: Detailed profiles for lot 3
6.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 40 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
7 Lot 4: Admin Suite Applications
7.1 Lot description
Lot 4 covers services related to the maintenance, support and development of the specific enterprise applications at the EIB.
The EIB has developed or purchased and implemented a variety of applications based on solutions such as BMC Software Remedy, Archibus Java, Sybase PowerBuilder, etc.
This collection of applications is called Admin Suite.
The Bank requires assistance for the support, maintenance and further development of these applications, including functional and technical administration, project management, change management, performance and security monitoring, end-user support and resolution of day-to-day problems, corrective and evolutionary maintenance. Longer-term development projects may include the consolidation of new minor functions or custom-made applications, with or without integration to other systems in the Bank.
Due to the high diversity of the solutions and technologies available as part of the Admin Suite, each profile that does not contain upfront a specific technology or solution will be amended at the moment of assignment with the specific skill set relevant to the required technology and solution.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 7.3):
The following technical/interpersonal skills are required for all Service Provider staff in lot 4:
. Teamwork skills . Spoken and written interpersonal, communication and presentation skills . Excellent documentation and writing skills
Profile type Profile level Technical skills Estimated number of FTE Project Management Senior - Strong project management background specifically 1 around IT and Banking projects - PM related certification(s), preferably PM2 - Ability to manage complex teams/projects and bring them to success - General knowledge in software development methodologies & release management - Strong experience in managing applications projects at different stages - Strong Stakeholder management and negotiation skills - Excellent time and budget management skills - Strong ability to interact with various stakeholders at a technical and non-technical level - Ability to manage interactions between the stakeholders and the project team - Strong communication skills - both written and verbal - Executive project reporting: progress, risks & issues - Proven expertise in management of large projects - Build and manage interpersonal relationships, showing flexibility and ability to adapt to change and cultural realities Change Manager / Intermediate - Analysis of existing business processes and proposals 1 Communications Manager for improvements and business process reengineering - Effective and transversal communication - Identification of organisational impacts and recommendations regarding change process - Evaluation of training requirements, training design and follow-up of related issues
EIB Information Security classification: CONFIDENTIAL document Page 41 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE Information content Intermediate - A clear and concise writing style 1 authoring (Technical - A flair for turning technical subjects and jargon into Author) easily understood text - An analytical mind and an inquisitive nature - An eye for detail, and a thorough and methodical approach - Excellent written and verbal communication skills - Interviewing skills - Flexibility to adapt to different audience and environments Business Analysis Intermediate - Ability to impact operations and effect change without 1 being confrontational - Detail oriented, analytical and inquisitive - Ability to work independently and with others - Efficiently organized with strong time-management skills - Definition and analysis of requirements - Experience creating detailed reports and giving presentations - Effectively communicate information to stakeholders - Executive project reporting Programming/software Intermediate - Expertise in software development methodologies and 2 development release management - Knowledge of the business concepts covered by the relevant lot - Software testing and debugging - Technical experience in several systems / development tools and languages - Software documentation - Resourcefulness and problem-solving aptitude Programming/software Intermediate - Expertise in software development methodologies and 1 development (Java) release management using Java techniques and frameworks - Knowledge of the business concepts covered by the relevant lot - Software testing and debugging - Software documentation - Resourcefulness and problem-solving aptitude Solutions Test Manager Intermediate - Functional knowledge of at least one of the domains 1 covered by the applications mentioned under the relevant lot - Testing expertise including planning, specification, preparation and execution - Requirement gathering - Detailed analysis - Software development methodologies, as well as software testing methodologies Package Application Specialist - Technical Expertise and in-depth knowledge of a 3 Specialist relevant solution/ system / development tool - Detailed analysis - Setup and configuration, generic maintenance tasks, monitoring, upgrades - Software testing and debugging - Resourcefulness and problem-solving aptitude - Systems integration Application Technical Senior - Experience with web technologies 1 Administrator - Experience with different authentication technologies - Ability to create scripts - Familiarity with various operating systems and database platforms - Resourcefulness and problem-solving aptitude - Flexibility to adapt to different technologies - Short- or long-term administration of several systems, setup and configuration, generic maintenance tasks, monitoring, upgrades, related to one of the systems covered under the relevant lot Application Technical Senior - Experience with BMC Remedy technologies 1 Administrator (BMC) - Experience with different authentication technologies - Ability to create scripts specific to BMC - Resourcefulness and problem-solving aptitude
EIB Information Security classification: CONFIDENTIAL document Page 42 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - Flexibility to adapt to different technologies - Short- or long-term administration of several BMC systems, experience with past and current versions of the system, setup and configuration, generic maintenance tasks, monitoring, upgrades, related to one of the systems covered under the relevant lot Service / Contract Manager Senior - Strong knowledge of contract management processes 1 and tools - Ability to create documentation to support contract management processes - Contract (re)negotiation experience - Ability to provide ideas to improve contract performance - Excellent sourcing knowledgebase - Undertake and manage tendering processes and perform evaluations - Strong ability to perform supplier benchmarking and evaluation - Monitor supplier performance to ensure the contractual obligations whilst achieving value for money - Build and manage interpersonal relationships, showing flexibility and ability to adapt to change and cultural realities - Strong communication skills - both written and verbal - Excellent budget management skills Solutions Architect Senior - Flexibility to adapt to different technologies 1 - ITIL Foundation Level accreditation (or higher) - Experience of translating technical requirements into business language and vice versa - Extensive experience of enterprise design and implementation of corporate/transversal solutions - Good knowledge of relevant technologies together with an understanding of the key technology providers Table 13: Overview of profiles for lot 4
7.2 Domain descriptions
Application Description Technology Users Volumes Environments Legacy Applications Agenda Elaboration of the agenda Visual Basic 400 Development Management of Board of Directors: CA User acceptance System (AMS) (“Conseil d’Administration”) test CA/CD/CV Production Cambio Currency conversion with Power Builder 400 Development history, tendencies, etc. User acceptance test Production Online Agenda Follow-up the progress of C++ 200 Development the different EIB User acceptance committees and to invite test participants to a particular Production topic Pvcs_Merge Configuration Visual Basic 200 Development management: execute User acceptance merge request test Production Pvcs_Sign Configuration Visual Basic 200 Development management: sign merge User acceptance request test Production Pvcs_tolib Configuration Visual Basic 200 Development management: merge User acceptance request to UAT and test production environment Production Notenum Allocate a number to an Power Builder 200 Development official note depending on User acceptance its characteristics (status,
EIB Information Security classification: CONFIDENTIAL document Page 43 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments date, category, author, test etc.) Production Internal Development PJ CMS Contract management Java web 200 Development system application User acceptance test Production EU Doc Documentation and Java web 60 Development information management application User acceptance tool for EU legal test publications Production Packaged Software Plunet Translation ticketing Package Development system (translation part) software User acceptance test Production BMC-REMEDY Ticketing system (ITSM) BMC Remedy Development ITSM and Workflow User acceptance test Production Systems Architect Process documentation Package Development software software User acceptance test Production TeamMate Manage the internal audit Package Development process and maintaining software User acceptance control over audit test documentation Production TMS Art Gallery Manage the works of art Package Development that the EIB possesses: software User acceptance paintings, sculptures, test tapestries, etc. Production TRADOS Terminology management Package Development MultiTerm tool for translation software User acceptance test Production TRADOS Studio Translation memory tool Package Development (for recycling of earlier software User acceptance translation parts) test Production Unicorn/Symphony Library management Package Development system software User acceptance test Production Inflow Stock Physical Stock Package Development Management Management software User acceptance test Production Archibus Computer-Aided Facilities Package Development Management (CAFM) tool software User acceptance (formerly Facility test Mgmt Architecture system) Production PJ GIS - Esri Geospatial Information Package Development ArcGIS Online System (GIS software User acceptance test Production Scala Digital Signage Package Development software User acceptance test Production Table 14: Domains for lot 4
7.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
EIB Information Security classification: CONFIDENTIAL document Page 44 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile Role Responsibility level Project Management Senior The management of projects, Preparation of Project Charters, typically (but not exclusively) including project plans, budget, involving the development and resource requirements implementation of business Operational Project Management or processes to meet identified assistance to the internal EIB business needs, acquiring and Project Managers utilising the necessary resources Coordination of project work and skills, within agreed streams parameters of cost, timescales, and Provide regular status reports and quality. The adoption and project updates in line with PMO adaptation of project management and business stakeholder methodologies based on the requirements, including context of the project and selecting management of deliverables, appropriately from predictive (plan- budget and risk identification at an driven) approaches or adaptive early stage (iterative/agile) approaches. Understand and set project goals, including documenting workflows and complex technology concepts Understanding of the technology managed by the Admin Suite Unit. Change Manager / Intermediate Change management (including Business process improvement Communications Manager Business Process Reengineering) and reengineering: analysis of comprises support to the business existing business processes, owner and functional project teams proposals for improvements and with regard to IT projects in main transformation process (how to get areas of : there) in order to ensure optimal efficiency and adherence to best Business process improvement practice principles. Consultants will and reengineering be expected to support and advise Communication organisational project teams which Human Impact will be set up on an ad-hoc basis to Training discuss specific areas of improvement, and which will be composed of senior management representatives from the relevant business areas. Communication: ensuring that project goals, progress and achievements are communicated on a regular ba-sis to all members of a project, as well as to the Bank’s management, staff concerned and other relevant parties; proposing appropriate measures to get buy-in and adherence to envisaged changes, preparation of communication material. Human Impact: identification of impacts of a project on the organisation of an organisational unit, and proposals for its reorganisation in order to achieve optimum efficiency and best leverage of chosen technical solutions. Training: evaluation of training requirements, design of training programmes, preparation of training material, if appropriate supervision of “train the trainer” programmes, and follow-up of related issues Information content Intermediate The application of the principles Plan, develop, organize, write and authoring (Technical Author) and practices of authoring, edit operational procedures and designing, controlling, and manuals presenting textual information Meet different teams to discuss (supported where necessary by technology and authoring graphical content) to meet the requirements requirements of intended Decide how best to organise and audience(s). present documents
EIB Information Security classification: CONFIDENTIAL document Page 45 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile Role Responsibility level Commission any photographs or illustrations required Write the material clearly and concisely, making sure it can be easily understood by the target audience Editing, proofreading and indexing Test the written material with target audience Manage updates and revisions to technical literature Analyse documents to maintain continuity of style of content Maintain a comprehensive library of technical terminology and documentation Create diagrams using BPMN, UML or any other standard modelling language Business Analysis Intermediate The methodical investigation, Review, analyse and evaluate analysis, review and business systems and user needs documentation of all or part of a Document requirements, define business in terms of business scope and objectives and formulate goals, objectives, functions and systems to support the overall processes, the information used business strategies and the data on which the Lead ongoing reviews of business information is based. The definition processes and develop optimisation of requirements for improving strategies processes and systems, reducing Evaluate, test and recommend new their costs, enhancing their opportunities for enhancing our sustainability, and the quantification software, hardware and IT of potential business benefits. The processes collaborative creation and iteration Detailed analysis and of viable specifications and documentation of target processes acceptance criteria in preparation and system functions for the deployment of information Requirement gathering and communication systems. The Develop business cases adoption and adaptation of Transfer of best practice to the EIB business analysis approaches Input to the selection of packages based on the context of the work and solutions and selecting appropriately from predictive (plan-driven) approaches Communicate clearly with the or adaptive (iterative/agile) business users and stakeholders approaches. Programming / Software Intermediate The planning, designing, creation, Analysis of system requirements development & amending, verification, testing and Recommend improvements and Programming/software documentation of new and solutions development (Java) amended software components in Offer support to project teams order to deliver agreed value to Lead design, development and stakeholders. The identification, review of new systems creation and application of agreed Design solutions for potentially software development and security complex new technologies standards and processes. Adopting Customize solutions to support and adapting software business objectives development lifecycle models Preparation and execution of unit based on the context of the work tests (automatic and/or manual). and selecting appropriately from Provide support for integration and predictive (plan-driven) approaches user acceptance testing. or adaptive (iterative/agile) Provide support on current approaches. solutions, including problem solving, bug fixing, enhancements, configuration, and technical and functional assistance Release management, planning and co-ordinating releases with other teams
Solutions Test Manager Intermediate The planning, design, Design and documentation of test management, execution and cases, test scenarios, test scripts reporting of tests, using appropriate
EIB Information Security classification: CONFIDENTIAL document Page 46 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile Role Responsibility level testing tools and techniques and Cross-reference of test scripts with conforming to agreed process business requirements standards and industry specific Definition of test plans regulations. Testing coordination Assistance with the execution of tests Follow-up of test plans Documentation of test plans, test results User acceptance test, regression test, and technical test coverage Coordinating with business users to ensure correct testing and sign off Package Application Specialist The management and Analysis of system requirements Specialist implementation of complex Recommend improvements and systems to meet specified solutions requirements, compatible with Offer support to project teams agreed systems architectures, Lead design, development and adhering to corporate standards review of new systems and within constraints of Design solutions for potentially performance and feasibility. complex new technologies Customize solutions to support business objectives Provide support on current solutions, including problem solving, bug fixing, enhancements, configuration, and technical and functional assistance Release management, planning and co-ordinating releases with other teams Application Technical Senior The provision of application Coordinate the different Administrator & maintenance and support services, infrastructure tasks involved in the Application Technical either directly to users of the deployment, support and Administrator (BMC) systems or to service delivery maintenance of the applications in functions. Support includes the area of responsibility investigation and resolution of Request the server infrastructure, issues and performance accesses and permissions monitoring. The role involves close Install and configure software of the collaboration with the system's different application environments developers and/or with colleagues Patch applications to be compliant specialising in different areas, such with the security policies of the as Database administration or Bank Network support. Upgrade applications with new releases and versions Create and maintain technical documentation of the applications in the area of responsibility: installation, configuration, operation and so on Ensure that the applications are compliant with the desired documented configuration Propose, analyse, create specifications, develop and implement tools to administer and support the infrastructure of the applications Perform backup/restore, fail-over and disaster recovery tests Provide support to the development teams Validate and implement changes as part of the change and release management processes Perform analysis and resolve incidents as part of the incident and problem management processes Troubleshoot application infrastructure issues
EIB Information Security classification: CONFIDENTIAL document Page 47 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile Role Responsibility level Ensure that proper monitoring is put in place for the applications Develop expertise on new technologies Service / Contract Manager Senior Overall management and control of Oversees and measures the the operation of formal contracts for fulfilment of contractual obligations supply of products and services. Uses Key Performance Indicators (KPIs) to monitor and challenge performance and identify opportunities for continuous improvement Develops strategies to address under-performance and compliance failures, including application of contract terms Identifies where changes are required, evaluates the impact, and advises stakeholders about the implications and consequences for the business and/or the procurement element of programmes/projects Negotiates variations and seeks appropriate authorisation Actively supports and engages with experts and stakeholders to ensure continuous improvements are identified through review and benchmarking processes Develops and implements change management protocols Solutions Architect Senior Design and communication of high- Uses appropriate tools to lead the level structures to enable and guide development of solution the design and development of architectures in specific business, integrated solutions that meet infrastructure or functional areas current and future business needs. Ensures that appropriate tools and In addition to technology methods are available, understood components, solution architecture and employed in architecture encompasses changes to service, development process, organisation, and Within a business change operating models. The provision of programme, leads the preparation comprehensive guidance on the of technical plans and cooperates development of, and modifications with business assurance and to, solution components to ensure project staff to ensure that that they take account of relevant appropriate technical resources are architectures, strategies, policies, made available. standards and practices (including Provides advice on technical security) and that existing and aspects of solution development planned solution components and integration (including requests remain compatible for changes, deviations from specifications, etc.) and ensures that relevant technical strategies, policies, standards and practices (including security) are applied correctly Table 15: Detailed profiles for lot 4
7.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 48 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
8 Lot 5: Enterprise Service Bus (ESB) and Service Oriented Architecture (SOA)
8.1 Lot description
Lot 5 covers services related to the maintenance, administration, support, design and development of the EIB’s Enterprise Service Bus (ESB) middleware and services (the Integration Platform), and the evolution of the EIB’s Service Oriented Architecture (SOA) program. This includes, but is not limited to, the following:
Integration Platform administration and management Incident resolution and change request management Service requirement specifications Service design specifications Service implementation Service life-cycle management Service deployment preparation Middleware deployment preparation Regression testing of updated services and interfaces (both manual and automatic testing), Regression testing of new middleware patches and versions (both manual and automatic testing) Integration Platform monitoring Integration Platform evolution and maintenance Support for services running in DEV/TST/UAT Infrastructure administration and support of the Integration Platform
Figure 2: Context diagram for Integration Platform (ESB)
EIB Information Security classification: CONFIDENTIAL document Page 49 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
An overview of the Enterprise Service Bus (ESB) and Service Oriented Architecture (SOA):
Figure 3: High-level architecture of ESB and SOA
The EIB is using a Service Oriented Architecture approach to business application communication, which is realised using its central ESB that enables service producers and service consumers to interact. The SOA approach covers the fundamental and federated SOA, currently without the process-enabled middleware layer. A process engine might be considered in the future.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 8.3):
Profile type Profile level Technical skills Number of FTE Programming/software Junior IIB certification (50% of the 10 development required FTEs) Programming/software Intermediate IIB certification (100% of the 2 development required FTEs) Programming/software Senior IIB & ITW certifications 3 development (100% of the required FTEs) Programming/software Specialist IIB & ITW certifications 1 development (100% of the required FTEs) Project Management Senior See profile descriptions in 1 section 8.3 Systems Design Senior See profile descriptions in 1 section 8.3 Application Support Junior Installation of IBM products 2 Table 16: Overview of profiles for Lot 5
According to their seniority, a certain number of profiles for lot 5 (as specified in Table 16) require mandatory certifications with Integration Bus (IIB) & Transformation Extender (ITX) and certifications with IBM MQ V9 is preferred. Subsequent knowledge in JavaPlay, AngularJS and Bootstrap (for at least 3 of the overall consultants) is required.
EIB Information Security classification: CONFIDENTIAL document Page 50 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
8.2 Domain descriptions
The ESB contains re-usable business services (consisting of composition and mediation services) with global data types, which allows for easy communication between around 50 business applications in the EIB’s IT landscape, as well as 20 external data providers. The EIB applications comprise both packages and in-house development.
The ESB is based on the product IBM Integration Bus V10 and additional tools around it to create a complete platform. IBM MQ Series is used as the principal messaging middleware component for the ESB. The IBM WebSphere Registry and Repository (WSRR) is the Bank’s repository for service documentation and life-cycle handling.
An Activity Dashboard Service (ADS) is an in-house developed application that caters for real-time tracing and logging of business and technical events on the ESB.
The ESB platform serves as the underlying backbone for Service Orchestration. Both Synchronous and Asynchronous Message Exchange Patterns (MEP) are covered by the ESB, for example: Request - Response Request - Call back Request - Poll Publish & Subscribe One-Way patterns
Binding type examples supported by the ESB: Web Services over both SOAP and REST HTTPS with WS-Security and TLS 1.2 MQ, JMS, SSH, Database and file transfer (FTP-based)
The ESB platform is patched on a quarterly basis following the product patch cycles from IBM.
The ESB platform is set-up (VMware Linux servers V7) in an active-active manner allowing for hot deployment with: 2 x 3 active nodes running IBM Integration Bus V10 behind a Load Balancer, additionally 2 x 3 active nodes running Integration Bus V10 with a higher patch level (seamless migration between versions) MQ cluster running MQ V9 An Oracle RDBMS V12 2 x Open Source Data Services, WSO2 V3.2 IBM Transformation Extender (ITX) is used for complex transformations and Swift message decoding
In addition to this, the ESB team provides configuration and operation support for about 20 IBM MQ instances hosted on other application servers and connected to the ESB MQ.
Additional technical components of the integration platform include: An in-house developed monitoring system, ADS running on Play framework V2.5, AngularJS and Bootstrap V3 with a MongoDB V3.2 WSRR V8.5.6 MongoDB 3.6 is used for high performance staging areas ILMT, IBM Licence Server V9.2.2.0 Jenkins 2.100 for continuous integration
The ESB development toolchain includes: IIB Toolkit, IBM Integration Toolkit SoapUI for prototyping and automatic test generation
EIB Information Security classification: CONFIDENTIAL document Page 51 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Postman and Restlet for REST service testing Subversion and Git / GitHub Enterprise for source version control Maven and Nexus for managing binary artefacts Atlassian JIRA for issue and work tracking Linux Bash scripts for automation of deployments and runtime system management
The ESB is only available at the EIB headquarters in Luxembourg, and has no connections with EIB external offices.
Application Description Technology Users Volumes Environments Enterprise The ESB Platform • IBM Integration N/A • 50 connected Production: Service Bus connects to all major Bus V10 business • IIB: (2 groups applications of the • IBM applications and with 3 nodes) + 1 Bank. Some of the WebSphere an additional 20 mono-ESB = 7 well-known Transformation connected VMs applications per Extender V9 external data • MQ: 2 VMs business domain • IBM providers • Data Services: 2 include: Transformation • 500 VMs • Finance: Wall Street Extender Pack webservices • ADS: 1 VM Systems (Treasury, for Financial • 2000 • WSRR: 1 VM Borrowings and Payments operations • ILMT: 1 VM Loans), Swift Alliance, • IBM MQ V9 (translates to Apex (Collateral • IBM 2000 Data UAT 1&2: Management WebSphere Flows, not • IIB: 2 x (2 Systems), PeopleSoft Registry and considering re- groups with 3 Financials, Accurate Repository usability) nodes) + 1 mono- (Reconciliation) (WSRR) V8.5 • 130 million ESB + 1 *Human Resources: • Oracle, Sybase messages / Regression Test PeopleSoft HR, SAP and MongoDB month = 14 VMs SuccessFactors database • 50 change • MQ: 2 x 2 = 4 • Document management requests / month VMs Management: systems and 100 support • Data Services: 2 SharePoint, • WSO2 Data requests / month x 2 = 4 VMs OpenText), Service • 120 • ADS: 2 VMs • Risk and Lending: • Activity maintenance • WSRR 1 VM Algorithmics, Rate Dashboard releases / year • ILMT: 1 VM Setting and Data Service (ADS) - and 50 project Warehouse), in-house Java releases / year TST 1&2: • General and Development • 90 VMs (14 • IIB: 2 x (2 Administrative: MS with Play production VMs) groups with 3 Exchange, SMS, Fax framework, with 1400 GB of nodes) = 12 VMs and Active Directory) AngularJS, RAM and 1200 MQ: 2 x 2 = 4 • External Data Bootstrap and GB of Disk VMs Providers: ECB, MongoDB. • Data Services: Bloomberg, Moody’s, • RedHat Linux 2 x 2 = 4 VMs Kamakura, etc., V7 • ADS: 2 VMs accessed via SSH, Standards: FTPS or SFTP • XML (XMLNS, DEV 1&2: XSD, XPATH, JAXB) / JSON • IIB: 2 x (2 (Swagger) groups with • Web Services 3 nodes) + 1 (SOAP, REST) mono- ESB • WS-Security = 13 VMs • TLS (for HTTPS • MQ: 2 x 2 = 4 and TCP/IP (MQ VMs & JDBC) • Data Services: connections) 2 x 2 = 4 • JMS VMs • SAML tokens • ADS: 2 VMs (for authentication) 5 x Dedicated DEVs = 5 VMs Table 17: Domains for lot 5
EIB Information Security classification: CONFIDENTIAL document Page 52 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
8.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming / Software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming / Software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming / Software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Programming / Software Specialist Develops organisational development policies, standards, and guidelines for software construction and refactoring. Plans and leads software construction activities for strategic, large and complex development projects. Develops new methods and organisational capabilities and drives adoption of, and adherence to policies and standards.
EIB Information Security classification: CONFIDENTIAL document Page 53 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Project Management Senior The management of Takes full responsibility for projects, typically (but not the definition, documentation exclusively) involving the and successful completion development and of complex projects (typically implementation of business with significant business, processes to meet identified political, or high-profile business needs, acquiring impact, and high-risk and utilising the necessary dependencies). Adopts and resources and skills, within adapts project management agreed parameters of cost, methods and tools, selecting timescales, and quality. The appropriately from plan- adoption and adaptation of driven/predictive approaches project management or more adaptive (iterative methodologies based on the and agile) approaches. context of the project and Ensures that effective selecting appropriately from project control, change predictive (plan-driven) control, risk management approaches or adaptive and testing processes are (iterative/agile) approaches. maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Systems Design Senior The design of systems to Develops organisational meet specified policies, standards, requirements, compatible guidelines, and methods for with agreed systems systems design. Champions architectures, adhering to the importance and value of corporate standards and systems design principles within constraints of and the selection of performance and feasibility. appropriate systems design The identification of lifecycle models; whether concepts and their predictive (plan-driven) translation into a design approaches or more which forms the basis for adaptive (iterative/agile) systems construction and approaches. Drives adoption verification. The design or of and adherence to relevant selection of components. policies, standards, The development of a strategies and architectures. complete set of detailed Leads systems design models, properties, and/or activities for strategic, large characteristics described in and complex systems a form suitable for development programmes. implementation. The Develops effective adoption and adaptation of implementation and systems design lifecycle procurement strategies, models based on the context consistent with specified of the work and selecting requirements, architectures appropriately from predictive and constraints of (plan-driven) approaches or performance and feasibility. adaptive (iterative/agile) Develops systems designs approaches. requiring introduction of new technologies or new uses for existing technologies. Application Support Junior The provision of application Identifies and resolves maintenance and support issues with applications, services, either directly to following agreed users of the systems or to procedures. Uses service delivery functions. application management Support typically includes software and tools to collect investigation and resolution agreed performance of issues and may also statistics. Carries out agreed include performance applications maintenance monitoring. Issues may be tasks. resolved by providing advice or training to users, by devising corrections (permanent or temporary) for faults, making general or site-specific modifications, updating documentation, manipulating data, or
EIB Information Security classification: CONFIDENTIAL document Page 54 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility defining enhancements Support often involves close collaboration with the system's developers and/or with colleagues specialising in different areas, such as Database administration or Network support. Table 18: Detailed profiles for lot 5
8.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 55 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
9 Lot 6: EIB-specific applications
9.1 Lot description
Lot 6 covers services related to the maintenance, support and development of the Bank’s specific (in- house) applications.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 9.3):
Profile type Profile level Technical skills Estimated number of FTE Programming/software Junior - Sybase Adaptive Server 7 development Enterprise (ASE) and/or Oracle databases, SQL, - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate - Continuous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM datastage is a plus - Unix shell, perl, python, BO Universes, php are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Programming/software Intermediate - Sybase Adaptive Server 18 development Enterprise (ASE) and/or Oracle databases, SQL, - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate - Continous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM datastage is a plus - Unix shell, perl, python, BO Universes, php are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Programming/software Senior - Sybase Adaptive Server 22 development Enterprise (ASE) and/or Oracle databases, SQL,
EIB Information Security classification: CONFIDENTIAL document Page 56 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate - Continous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM datastage is a plus - Unix shell, perl, python, BO Universes, php are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Programming/software Specialist - Sybase Adaptive Server 5 development Enterprise (ASE) and/or Oracle databases, SQL, - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate - Continous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM datastage is a plus - Unix shell, perl, python, BO Universes, php are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Business Analysis Junior - See profile descriptions 2 in section 9.3 Business Analysis Intermediate - See profile descriptions 2 in section 9.3 Business Analysis Senior - See profile descriptions 2 in section 9.3 Systems Design Senior - Sybase Adaptive Server 8 Enterprise (ASE) and/or Oracle databases, SQL, - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate
EIB Information Security classification: CONFIDENTIAL document Page 57 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - Continous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM datastage is a plus - unixUnix shell, perl, python, BO Universes, php are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Systems Design Specialist - Sybase Adaptive Server 7 Enterprise (ASE) and/or Oracle databases, SQL, - JBoss Application Server (JavaEE) recommended or equivalent application servers - JavaEE (8), EJB, CDI, JSF, Primefaces, REST / SOAP webservices, JMS, React, Redux, Hibernate - Continous build and integration using Jenkins, Maven, Sonar, Liquibase, Junit - Github or another source code repository - Powershell, IBM Datastage is a plus - Unix shell, Perl, Python, BO Universes, PHP are a plus - Low Code Platform (i.e. Outsystems, Mendix) is a plus Project Management Junior - See profile descriptions 1 in section 9.3 Project Management Intermediate - See profile descriptions 1 in section 9.3 Project Management Senior - See profile descriptions 1 in section 9.3 Project Management Specialist - See profile descriptions 1 in section 9.3 Testing Junior - See profile descriptions 4 in section 9.3 Testing Intermediate - See profile descriptions 5 in section 9.3 Testing Senior - See profile descriptions 3 in section 9.3 Testing Specialist - See profile descriptions 1 in section 9.3 Table 19: Overview of profiles for lot 6
9.2 Domain descriptions
Application Description Technology Users Volumes Environments SERAPIS All-in-one information Server side RedHat 2,000 Databases Development management portal for Linux on multi- 1 Sybase Test operational staff in the processor clustered instance and User Acceptance lending area, i.e. the environment Sybase 2 Oracle Test Operations Directorates, Adaptive Server instance Production Risk Management Enterprise (ASE) and (business
EIB Information Security classification: CONFIDENTIAL document Page 58 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments Directorate, Projects Oracle databases. data and Directorate, Transaction JBoss Application application management and reporting Server (JavaEE). repository) directorate, Compliance Key technologies used in directorate and Legal in development are Production Service of the EIB. Serapis JavaEE (8), EJB, CDI, having is EIB’s cornerstone JSF, Primefaces, around 1300 application for its core REST / SOAP tables in lending activity. It is used to webservices, JMS, total, 600 manage the whole portfolio React, Redux, views, 3000 of EIB’s investment products Hibernate,SQL stored throughout their lifecycle procedures Continous build and 45 GByte, integration using 22,000 Jenkins, Maven, financial Sonar, Liquibase, operations Junit with a Github as source growth rate control system of 2000 new operations per year, 25.000 documents yearly (2017)
User : 1000 users daily interface : 300 webservices
Classic 120 Workstation pages (HTML, JSP and servlets) of incl. 80 data screens 60 Wizards with a total of 300 pages
Leap 40 data entry screens Loan Grading EIB in-house application Server side RedHat 200 active : ~ 600 Development used to quantify the credit Linux on multi- users Indicative Testing risk of lending projects processor clustered pricings User Acceptance according to regulations environment Sybase ~ 2'000 Production (Basel III, IFRS9) Adaptive Server simulations Enterprise (ASE) and for EIB loan Oracle databases. appraisal JBoss Application document Server (JavaEE) . 4 quarterly Key technologies used reviews of ~ in development are 10'000loans JavaEE (8), EJB, CDI, each JSF, Primefaces, 12 monthly REST / SOAP reviews of webservices, JMS, ~9'000 loans React, Redux, each for Hibernate,SQL watch list monitoring Continous build and ~ 2000 integration using regradings Jenkins, Maven, due to Sonar, Liquibase, events Junit (change of rating or
EIB Information Security classification: CONFIDENTIAL document Page 59 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments Github as source contract control system structure) ~ 100 tables Rmderivative Package Application based Powershell, sql, on NumeriX CVA datastage Algorithmics Package Application + in- unix shell, perl, house development python, sql, BO Universes, php, javascript PiRat User front-end to access EIB standard Java ~ 600 ~ 250 tables Development and maintain the Bank’s platform: Seam, JSF users, ~ 20 stored User Acceptance counterparts and their (JBoss rich-faces), ~100 procedure + & Simulation internal ratings. EJB3, JPA/Hibernate, regular 30 trigger Production Manage EIB reference data, TestNG, Quartz users procedures mainly counterparts and Eclipse IDE (JBoss Ratings Studio) Sybase database server with stored procedures JBoss Application Server Subversion version manager (SVN) ESB for downloading ratings and other interfaces Mandate User front-end to access Server side RedHat ~10 Nbr of Development Inventory and maintain the Bank's Linux tables: 62 Test mandate structure and its Oracle database Nbre of line User Acceptance static data JBoss Application of code: Test Server (EAP7) 43,000 Production Key technologies used in development are JavaEE6&7, Java8, EJB, CDI, JSF, Primefaces, REST / SOAP webservices, React, Hibernate,SQL
Continous build and integration using Jenkins, Maven, Sonar, Junit Github as source control system
LDAP Authentication & Access control IntelliJ IDEA DataStage Business Objects EFSI User front-end to manage Server side RedHat ~20 Nbr of Development Reporting data quality and group Linux tables: 38 Test reporting on EFSI activities Oracle database Nbre of line User Acceptance JBoss Application of code: Test Server (EAP7) 25,000 Production Key technologies used in development are JavaEE6&7, Java8, EJB, CDI, JSF, Primefaces, REST / SOAP webservices, React, Hibernate,SQL
Continous build and integration using Jenkins, Maven, Sonar, Junit Github as source control system
LDAP Authentication & Access control IntelliJ IDEA
EIB Information Security classification: CONFIDENTIAL document Page 60 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments DataStage Business Objects Fund User front-end to capture, Server side RedHat ~200 Nbr of Development Reporting manage and report on Linux tables: 36 Test System middle office activities for Oracle database Nbre of line User Acceptance EIB Fund equity JBoss Application of code: Test Server (EAP7) 21,000 Production Key technologies used in development are JavaEE6&7, Java8, EJB, CDI, JSF, Primefaces, REST / SOAP webservices, React, Hibernate,SQL
Continous build and integration using Jenkins, Maven, Sonar, Junit Github as source control system
LDAP Authentication & Access control IntelliJ IDEA DataStage Business Objects ClientConnect Borrower's Web Portal 2 Servers RedHat ~1200- Nbr of Development where the EIB borrowers Linux: 1 in LAN and 1 1500 tables: 15 Test can access, in a secure way, in DMZ Nbre of line User Acceptance financial information about Oracle and MySQL of code: Test their debt situation databases 100,000 Production JBoss Application Server (EAP7) Key technologies used in development are JavaEE6&7, Java8, EJB, CDI, JSF, Primefaces, REST / SOAP webservices, React, Hibernate,SQL
Continous build and integration using Jenkins, Maven, Sonar, Junit Github as source control system
LDAP Authentication & Access control 2Factors authentication architecture (LDS, ADFS, SecureEnvoy) IntelliJ IDEA DataStage Business Objects LMS Loan operations Linux RedHat EIB 30 Technical Development management that have not Standard Java components Test been paid on time. The user platform: Seam, JSF, Database of User Acceptance community is located in the EJB3, JPA, Hibernate, 5 Gb Test Transaction Management JBoss, Web Services, 141 tables Production and Restructuring automated tests 75 extracting Directorate (TMR) and, with (JUnit, DBUnit, jobs in a the help of the application, is Arquillian) LDAP DataStage in charge of checking the Authentication & extraction late payments, alerting the Access control Eclipse project back and the front office, IDE Sybase database ~50 web sending the demand of the server SubVersion application third party guaranty call and Version Manager screens producing reports for the Operational
EIB Information Security classification: CONFIDENTIAL document Page 61 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments Commission. The solution Jenkins DataStage data produces various documents Business Objects Late in that field. Payment: ~1,500 cash flows arrears Liquidiy Provision of general cash Linux RedHat EIB 5 actives Technical Development Planning and liquidity availabilities Standard Java users components Testing through several reports on platform: PrimeFaces, Database of User Acceptance the daily and future cash JSF, EJB3, JPA, 4.5 Gb Production flows. This information is Hibernate, JBoss, 45 tables transmitted to the dealing Web Services, 140 room for market orientation automated tests attributes and to the BackOffice (JUnit, DBUnit, 120 Treasury for bank account Arquillian) LDAP extracting positioning and cash flow Authentication & jobs in a controls. The application is Access control Sybase DataStage fed by a direct extraction database server extraction from 4 applications. GitHub Version project Manager Jenkins 21 web DataStage Business application Objects screens 3 Business Objects universes 25 Business Objects reports Operational data ~80 cash flow types ~400,000 cash flows ~40 starting positions EIB Bond Analysis of the secondary Linux RedHat 6 active Technical Development Turnover market of the EIB GBP JBoss users components Testing (Sterling), USD and EUR Java5/JSP/JDBC, Database of User Acceptance (EARN & ECOOP curves) automated tests 150 MB Production bonds. (JUnit, DBUnit, 14 tables Arquillian) LDAP 1 BO Authentication & universe for Access control all 4 Eclipse IDE reporting Sybase database areas server SubVersion o USD: 3 Version Manager BO reports Jenkins o GBP: 13 DataStage BO reports Business Objects o EUR EARN: 5 BO reports o EUR ECOOP: 3 BO reports Operational data 39 Banks 208 Bonds Developmen t Testing User Acceptance Production Investor EIB in-house application Linux RedHat 5 users Technical Development Relationship which offers the technical JBoss components Testing Management support for marketing within Java5/JSP/JDBC, Database of User Acceptance the Bank’s Capital Markets automated tests 1300 MB Production Department. (JUnit, DBUnit, 46 tables Arquillian) LDAP 1 BO Authentication & universe
EIB Information Security classification: CONFIDENTIAL document Page 62 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments Access control 5 distinct Eclipse IDE Business Sybase database Objects server SubVersion reports Version Manager implemented Jenkins by IT DataStage Operational Business Objects data ~5,700 Investors ~2,000 Bonds ~200 Dealers ~3,500 Events ~3,600 Transactions JASPERS EIB in-house application Linux RedHat 150 users Technical Development Database which supports the JBoss components Testing Environment administration of JASPERS ( Java Database User Acceptance Joint Assistance to Support EE7/JSP/JDBC/Struts/ 1 BO Production Projects in European Spring, automated universe Regions). tests (JUnit) IntelliJ; Oracle; Business Objects ; Jenkins; IntelliJ Advisory EIB in-house application Linux RedHat 150 users Technical Development Services which supports the JBoss components Testing Application administration of JASPERS ( Java Database User Acceptance Joint Assistance to Support EE7/React/Redux/Jav Application Production Projects in European aScript/Rest;Maven;Je Regions). nkins;Sonar;Nexus;Git Hub Table 20: Domains for lot 6
9.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming/software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming/software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and
EIB Information Security classification: CONFIDENTIAL document Page 63 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility leads reviews of colleagues' work. Programming/software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Intermediate processes and systems, Investigates operational reducing their costs, requirements, problems, and enhancing their opportunities, seeking sustainability, and the effective business solutions quantification of potential through improvements in business benefits. The automated and non- collaborative creation and automated components of iteration of viable new or changed processes. specifications and Assists in the analysis of acceptance criteria in stakeholder objectives, and preparation for the the underlying issues arising deployment of information from investigations into and communication business requirements and systems. The adoption and problems, and identifies adaptation of business options for consideration. analysis approaches based Works with stakeholders, to on the context of the work identify potential benefits and selecting appropriately and available options for from predictive (plan-driven) consideration, and in approaches or adaptive defining acceptance tests. (iterative/agile) approaches. Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Business Analysis Senior Takes full responsibility for business analysis within a significant segment of an organisation where the advice given, and decisions made will have a measurable impact on the profitability or effectiveness
EIB Information Security classification: CONFIDENTIAL document Page 64 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility of the organisation. Leads the selection of appropriate business analysis methods, tools, techniques; selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Establishes the contribution that technology can make to business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Systems Design Intermediate The design of systems to Adopts and adapts meet specified appropriate systems design requirements, compatible methods, tools and with agreed systems techniques selecting architectures, adhering to appropriately from predictive corporate standards and (plan-driven) approaches or within constraints of adaptive (iterative/agile) performance and feasibility. approaches, and ensures The identification of they are applied effectively. concepts and their Designs large or complex translation into a design systems. Undertakes impact which forms the basis for analysis on major design systems construction and options and trade-off. Makes verification. The design or recommendations and selection of components. assesses and manages The development of a associated risks. Reviews complete set of detailed others' systems designs to models, properties, and/or ensure selection of characteristics described in appropriate technology, a form suitable for efficient use of resources, implementation. The and integration of multiple adoption and adaptation of systems and technology. systems design lifecycle Ensures that the system models based on the context design balances functional of the work and selecting and non-functional appropriately from predictive requirements. Contributes to (plan-driven) approaches or development of systems adaptive (iterative/agile) design policies and approaches. standards and selection of The design of systems to architecture components. Systems Design Senior meet specified Develops organisational requirements, compatible policies, standards, with agreed systems guidelines, and methods for architectures, adhering to systems design. Champions corporate standards and the importance and value of within constraints of systems design principles performance and feasibility. and the selection of The identification of appropriate systems design concepts and their lifecycle models; whether translation into a design predictive (plan-driven) which forms the basis for approaches or more systems construction and adaptive (iterative/agile) verification. The design or approaches. Drives adoption selection of components. of and adherence to relevant The development of a policies, standards,
EIB Information Security classification: CONFIDENTIAL document Page 65 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility complete set of detailed strategies and architectures. models, properties, and/or Leads systems design characteristics described in activities for strategic, large a form suitable for and complex systems implementation. The development programmes. adoption and adaptation of Develops effective systems design lifecycle implementation and models based on the context procurement strategies, of the work and selecting consistent with specified appropriately from predictive requirements, architectures (plan-driven) approaches or and constraints of adaptive (iterative/agile) performance and feasibility. approaches. Develops systems designs requiring introduction of new technologies or new uses for existing technologies. Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. Project Management Intermediate Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale projects (typically with direct business impact and firm deadlines). Identifies, assesses and manages risks to the success of the project. Ensures that realistic project plans are maintained and ensures regular and accurate communication to stakeholders. Adopts appropriate project management methods and tools whether predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures
EIB Information Security classification: CONFIDENTIAL document Page 66 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Project Management Specialist Sets organisational strategy governing the direction and conduct of project management, including application of appropriate methodologies. Authorises the management of large scale projects. Leads project planning, scheduling, controlling and reporting activities for strategic, high impact, high risk projects. Manages risk and ensures that solutions to problems are implemented in line with change control processes. Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks. Testing Intermediate interfaces, perform as Accepts responsibility for specified (including security creation of test cases using requirements) , and that the own in-depth technical risks associated with analysis of both functional deployment are adequately and non-functional
EIB Information Security classification: CONFIDENTIAL document Page 67 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility understood and specifications (such as documented. Testing reliability, efficiency, includes the process of usability, maintainability and engineering, using and portability). Creates maintaining testware (test traceability records, from cases, test scripts, test test cases back to reports, test plans, etc) to requirements. Produces test measure and improve the scripts, materials and quality of the software being regression test packs to test tested. new and amended software or services. Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results, and maintains a defect register. Reviews test results and modifies tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. Testing Senior Coordinates and manages planning of the system and/or acceptance tests, including software security testing, within a development or integration project or programme. Takes responsibility for integrity of testing and acceptance activities and coordinates the execution of these activities. Provides authoritative advice and guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice. Testing Specialist Determines testing policy, and owns the supporting processes including software security testing. Takes responsibility for the management of all testing activities within a development or integration project or programme. Manages all risks associated with the testing and takes preventative action when any risks become
EIB Information Security classification: CONFIDENTIAL document Page 68 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility unacceptable. Assesses and advises on the practicality of testing process alternatives, including automated testing. Initiates improvements to test processes and directs their implementation. Assesses suppliers' development and testing capabilities. Determines project testing standards for all phases, influencing all parties to conform to those standards. Manages client relationships with respect to all testing matters. Table 21: Detailed profiles for lot 6
9.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17.
EIB Information Security classification: CONFIDENTIAL document Page 69 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
10 Lot 7: Application Technical Support and Databases
10.1 Lot description
Lot 7 covers database and applications support services related to the technologies and products used by EIB, both server and client tools, and includes the following (non-exhaustive listing):
Sybase Adaptive Server Enterprise, Sybase IQ management of production and non- production systems on Linux/Unix platform Oracle Database administration on Linux/Unix platform Microsoft SQL Database administration on Windows platform and in LAMP environment Managing databases supporting ERP software including PeopleSoft, Bank trading systems (Treasury and Borrowings), risk management systems, document management systems and data warehousing Installation, upgrade, configuration and optimisation of databases Daily DBA activities including health checks, backup checks, backup and restore operations, space management, performance troubleshooting, interfacing with application support teams for problem resolution and change implementation, etc. Detailed pro-active monitoring Capacity planning and availability planning Structured approach to problem handling, escalation and solution implementation in a production environment Domain and product specific expertise Updating configuration and related configuration item documentation Administration of system monitoring and management tools Compliance with and implementation of security requirements as defined in EIB policy and procedures Inventory management Statistics and reporting (SLAs, dashboards, etc.) Database patching and Service Pack patching procedures and deployment Performing regular upgrades of the products Administration of logins and users with access to databases according to EIB procedures Assisting and/or supporting third party activities related systems and platform scope
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 10.3):
Profile type Profile level Technical skills Estimated number of FTE Project Management Senior 0,5 Database Administration Intermediate -Oracle 11g, 12c for 1 (Oracle) Unix/Linux -Scripting skills (korn, born shells) Database Administration Senior -Oracle 11g, 12c for Oracle : 2.5 ; Sybase: 2; (Oracle, Sybase, MsSQL) Unix/Linux MsSQL : 1.5 -Scripting skills (korn, born shells) -Mql 5.X,6.X for Lamp Stack on Unix/Linux -Microsoft SQL 2008, 2012, 2016 on Windows platform -Scripting skills (PowerShell for Microsoft SQL) -SAP/Sybase ASE 15.7 for Unix/Linux -SAP/Sybase IQ 16 for Unix/Linux
EIB Information Security classification: CONFIDENTIAL document Page 70 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE -Scripting skills (korn, Born for Linux) Application Support Intermediate - Scripting skills (Unix shell) 2 - Experience in RHEL and Windows admin - Administration, configuration, Installation, tuning and patching of JBoss EAP middleware - Administration, configuration, Installation, tuning of Oracle JVM instances - Knowledge of good monitoring practices, notably the Administration and configuration of APM tools - Experience Administering (upgrades, patching, debugging, configuration) DevOps tools (maven, GitHub, Nexus, Jenkins, Sonar,…) - Experience in network debugging - Experience in managing application certificates Application Support Senior - Scripting skills (Unix shell) 2 - Experience in RHEL and Windows admin - Administration, configuration, Installation, tuning and patching of JBoss EAP middleware - Administration, configuration, Installation, tuning of Oracle JVM instances - Knowledge of good monitoring practices, notably the Administration and configuration of APM tools - Experience Administering (upgrades, patching, debugging, configuration) DevOps tools (maven, GitHub, Nexus, Jenkins, Sonar,…) - Experience in network debugging - Experience in managing application certificates Table 22: Overview of profiles for lot 7
10.2 Domain descriptions
Application Description Technology Users Volumes Environments Sybase Adaptive Sybase ASE is SAP/Sybase ASE Through the 200 Servers Development Server Enterprise, an OLTP rdbms 12 and 15.0 and applications, (Virtual and Integration Sybase IQ offering from SAP 15.7 SAP/Sybase 3,500 users - Physical) Testing management of otherwise known IQ 15.2 and 16 Bank staff and User Acceptance production and as Sybase ASE. It external service Testing non-production is used by EIB for providers Production systems on business Linux/Unix applications from platform Back office to Front office. SAP IQ is a column- based rdbms offering from SAP
EIB Information Security classification: CONFIDENTIAL document Page 71 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments using column compression and index technology optimised for Data Warehousing, DSS, Analytics and Business Intelligence operations and is used in this contect at EIB. Oracle Database Oracle Database Oracle 9i, 10g, Through the 200 Servers Development administration on Server is the 11g, 12c applications, (Virtual and Integration Linux/Unix rdbms offering 3,500 users - Physical) Testing platform from Oracle Bank staff and User Acceptance Corporation for external service Testing OLTP, Data providers Production Warehousing and mixed workload database operations. It is used for small OLTP to larger ERP implementations of Business applications. Microsoft SQL Microsoft SQL MySql 5.X Through the 200 Servers Development Database Server is the Microsoft SQL applications, (Virtual and Integration administration on rdbms offering 2005, 2008, 3,500 users - Physical) Testing Windows platform from Microsoft for 2012,2016 Bank staff and User Acceptance OLTP and external service Testing Business providers Production Intelligence operations. At EIB it is the host rdbms used for Sharepoint and the Collaboration projects document management sharing platform. Mysql Database MySQL is a Mysql Enterprise Through the 35 Servers(Virtual Development Administration popular open Edition version applications, and physical) Integration source database 5.6 and 5.7 3,500 users - Testing available from Bank staff and User Acceptance Oracle external service Testing Corporation and providers Production as a community version. At EIB it is used for LAMP applications such as Intranet CMS/standalone A Java platform is 20 users Development Java instance a particular Integration environment in Testing which Java User Acceptance programming Testing language Production applications run Swift Alliance -Back-Office: -SWIFT v7.2 60 ON a yearly Development Transmission of -SWIFT Alliance basis: Integration Test financial Access and -70K messages of UAT messages Alliance Web 30 types sent: Production -MT messages Platform located Cash Payments, -FileAct files in a secure zone Deal -Integration with with restricted confirmations, back-office via access Security buy/sell MQ -Jump servers to confirmations and access the secure payments
EIB Information Security classification: CONFIDENTIAL document Page 72 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments -Secure Zone zone on Windows -330K messages management 2012 by 70 types -TARGET2 -2FA received: Account participation and authentication via statements, access to ICM SMS Security module positions, Cash -Data Reporting Payments, Deal (BO) based on confirmations, custom based Security buy/sell message confirmation and database (SWIFT payments Traffic Storage) -Interfaces with back-office systems WSS- TRM, WSS-CLM, Accurate, APEX- CMS, Reporting Message DB (SWIFT Traffic Storage) WallStreet Suite - -Treasury: Front, -Wallstreet 200 - Treasury Development TRM Back and Middle- Systems 7.3.3 operation: FX, Integration Test Office -Solaris 10 Money Market UAT -Borrowings: -Sybase 15 instruments and Production Front and Back- -Python, Perl Securities Office -Xml (>10,000 trades -Deal capture -Messaging: IBM per year) -Middle-Office WebSphere MQ, - Borrowings: EIB trade monitoring ActiveMQ issues and their -Credit Limits related monitoring derivatives (<100 -Performance trades per year, measurement >50 bn EUR -Settlement equivalent raised processing & annually on the SWIFT messages capital markets, -Cash via large management benchmark bonds -Accounting sub- and smaller ledger complex -Market data structured management transactions) -Valuation - Payments and transfers: >30,000 back- office transaction processing per year - Number of interfaces: > 25 (Market data feeders, Lending back-office system, Collateral management system, Data Warehouse, Accounting general ledger, Swift gateway, Document Archiving, etc.). Contains several customer specific developments in areas of reporting, settlement, interfaces. -Contains several customer specific developments in areas of
EIB Information Security classification: CONFIDENTIAL document Page 73 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments reporting, settlement, interfaces. - Monthly maintenance releases - Approx. 400 change requests / year - Project duration: 1-3 months for regular business evolutions, >12 months for major application upgrades. WallStreet Suite - -Lending back- -Wallstreet 110 -Customer Development CLM office Systems 7.4.4 Specific Integration Test -Lending contract -Solaris 10 Developments UAT data -Sybase 15 (CSDs) exist in Production -Product types: -Python, Perl the following Loans, -Xml areas: Guarantees, -Messaging: IBM -Facility Situation, Equity, WebSphere MQ, Debt Schedule, Investment ActiveMQ Alerts, etc. Grants -There are -Loan lifecycle several events: interfaces, see Disbursements, the schema. Prepayments, Amendments, Rate renewal, Conditional remuneration, Guaranty call, Equity investing. -Debt services: Payment allocation, Late payment penalties -Monitoring: Loan monitor, Debt monitor -Accounting generation and IFRS9 accounting mode -Document creation and management Table 23: Domains for lot 7
10.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Project Management Senior The management of Takes full responsibility for projects, typically (but not the definition, documentation exclusively) involving the and successful completion development and of complex projects (typically implementation of business with significant business, processes to meet identified political, or high-profile business needs, acquiring impact, and high-risk and utilising the necessary dependencies). Adopts and resources and skills, within adapts project management agreed parameters of cost, methods and tools, selecting
EIB Information Security classification: CONFIDENTIAL document Page 74 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility timescales, and quality. The appropriately from plan- adoption and adaptation of driven/predictive approaches project management or more adaptive (iterative methodologies based on the and agile) approaches. context of the project and Ensures that effective selecting appropriately from project control, change predictive (plan-driven) control, risk management approaches or adaptive and testing processes are (iterative/agile) approaches. maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Database Administration Intermediate The installation, Uses database management (Oracle, Sybase, MsSQL) configuration, upgrade, system software and tools, administration, monitoring and knowledge of logical and maintenance of database schemata, to databases. Providing investigate problems and support for operational collect performance databases in production use statistics and create reports. and for internal or interim Carries out routine purposes such as iterative configuration, installation, developments and testing. and reconfiguration of Improving the performance database and related of databases and the tools products. Develops and and processes for database configures tools to enable administration (including automation of database automation). administration tasks. Identify problems and issues and recommend corrective actions. Database Administration Senior Develops and maintains (Oracle, Sybase, MsSQL) procedures and documentation for databases. Identifies, evaluates and manages the adoption of appropriate database administration tools and processes, including automation. Contributes to the setting of standards for definition, security and integrity of database objects and ensures conformance to these standards. Manages database configuration including installing and upgrading software and maintaining relevant documentation. Monitors database activity and resource usage. Optimises database performance and plans for forecast resource needs. Application Support Intermediate The provision of application Maintains application maintenance and support support processes, and services, either directly to checks that all requests for users of the systems or to support are dealt with service delivery functions. according to agreed Support typically includes procedures. Uses investigation and resolution application management of issues and may also software and tools to include performance investigate issues, collect monitoring. Issues may be performance statistics and resolved by providing advice create reports. Application Support Senior or training to users, by Drafts and maintains devising corrections procedures and (permanent or temporary) documentation for for faults, making general or applications support.
EIB Information Security classification: CONFIDENTIAL document Page 75 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility site-specific modifications, Manages application updating documentation, enhancements to improve manipulating data, or business performance. defining enhancements Advises on application Support often involves close security, licensing, collaboration with the upgrades, backups, and system's developers and/or disaster recovery needs. with colleagues specialising Ensures that all requests for in different areas, such as support are dealt with Database administration or according to set standards Network support. and procedures. Table 24: Detailed profiles for lot 7
10.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 76 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
11 Lot 8: Business Analysis, Project Management and Testing Services
11.1 Lot description
Lot 8 covers the provision of services for the Bank in the area of business analysis, project management and testing for standard IT services and platform scope.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 11.3):
Profile type Profile level Technical skills Estimated number of FTE Project Management Junior - Portal, Web and End-User 0.25 Technologies - PMO skills Project Management Junior - Corporate Services and 0.25 Productivity Tools - PMO skills Project Management Junior - Content Management, 0.25 Data and Reporting - PMO skills Project Management Junior - Finance and Risk 0.25 Management - PMO skills Project Management Senior - Portal, Web and End-User 0.5 Technologies Project Management Senior - Corporate Services and 0.5 Productivity Tools Project Management Senior - Content Management, 0.5 Data and Reporting Project Management Senior - Finance and Risk 0.5 Management Business Analysis Junior - Portal, Web and End-User 0.5 Technologies Business Analysis Junior - Corporate Services and 0.5 Productivity Tools Business Analysis Junior - Content Management, 0.5 Data and Reporting Business Analysis Junior - Finance and Risk 0.5 Management Business Analysis Senior - Portal, Web and End-User 2 Technologies Business Analysis Senior - Corporate Services and 2 Productivity Tools Business Analysis Senior - Content Management, 2 Data and Reporting Business Analysis Senior - Finance and Risk 2 Management Specialist Advice Senior - Portal, Web and End-User 1 Technologies Specialist Advice Senior - Corporate Services and 1 Productivity Tools Specialist Advice Senior - Content Management, 1 Data and Reporting Specialist Advice Senior - Finance and Risk 1 Management Testing Junior - Portal, Web and End-User 0.25 Technologies Testing Junior - Corporate Services and 0.25 Productivity Tools Testing Junior - Content Management, 0.25 Data and Reporting Testing Junior - Finance and Risk 0.25 Management Testing Senior - Portal, Web and End-User 0.25 Technologies
EIB Information Security classification: CONFIDENTIAL document Page 77 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE Testing Senior - Corporate Services and 0.25 Productivity Tools Testing Senior - Content Management, 0.25 Data and Reporting Testing Senior - Finance and Risk 0.25 Management Testing Specialist - Portal, Web and End-User 0.25 Technologies Testing Specialist - Corporate Services and 0.25 Productivity Tools Testing Specialist - Content Management, 0.25 Data and Reporting Testing Specialist - Finance and Risk 0.25 Management Table 25: Overview of profiles for lot 8
11.2 Domain descriptions
Application Description Technology Environments Portal, Web and - Portals PeopleSoft Interaction Hub, Development End-User - Intranet Drupal, Java, Open Source, Integration Testing Technologies - Social Media Smart Cards, IOS, User Acceptance Testing - Collaboration and Digitalisation SharePoint, Skype, Production - Mobile Computing MobileIron, etc. - SaaS / Cloud Corporate Services - Lending PeopleSoft Human Capital Development and Productivity - Budgeting / Procurement / Cost Management, PeopleSoft Integration Testing Tools Accounting Financial Management, User Acceptance Testing - Human Capital Management BMC, System Architect , MS Production - Compliance (AML, CFT, KYC, etc.) Office suite, etc. - IT Service Management - Customer Relationship Management - Business Process Mapping - Productivity Tools - Smart automation and Internet of Things (IoT) Content - Document and Content PeopleSoft Human Capital Development Management, Data Management Management, PeopleSoft Integration Testing and Reporting - Master Data Management Financial Management, User Acceptance Testing (counterparties, market data) BMC, MS Office suite, Production - Business Intelligence OpenText, Livelink/Content - Reporting (including regulatory Server, SharePoint, reporting) Business Object, Sophos, - Intraday decision/operational Active Directory, etc. support (ODS) - IT Security (security high posture) - End User Computing (EUC) - Big data (Artificial Intelligence, Machine Learning) Finance and Risk - Front, Middle and back-office Wallstreet Suite, IBM Development Management treasury & borrowings / capital Algorithmics, SunGuard Integration Testing markets (issued bonds, swaps) Apex collateral User Acceptance Testing - Collateral management management, Swift, Production - Liquidity & cash management CreditMetrics, Moody’s - Best Banking Practices, Basel II Analytics Risk Authority and III (RAY), etc. - Financial, liquidity and market/credit risk - Settlement & payment systems (incl. reconciliation) - Mandate Management - Blockchain Table 26: Domains for lot 8
EIB Information Security classification: CONFIDENTIAL document Page 78 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
11.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated
EIB Information Security classification: CONFIDENTIAL document Page 79 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Senior processes and systems, Takes full responsibility for reducing their costs, business analysis within a enhancing their significant segment of an sustainability, and the organisation where the quantification of potential advice given, and decisions business benefits. The made will have a collaborative creation and measurable impact on the iteration of viable profitability or effectiveness specifications and of the organisation. Leads acceptance criteria in the selection of appropriate preparation for the business analysis methods, deployment of information tools, techniques; selecting and communication appropriately from plan- systems. The adoption and driven/predictive approaches adaptation of business or more adaptive (iterative analysis approaches based and agile) approaches. on the context of the work Establishes the contribution and selecting appropriately that technology can make to from predictive (plan-driven) business objectives, defining approaches or adaptive strategies, validating and (iterative/agile) approaches. justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks. interfaces, perform as Testing Senior specified (including security Coordinates and manages requirements) , and that the planning of the system risks associated with and/or acceptance tests, deployment are adequately including software security understood and testing, within a documented. Testing development or integration includes the process of project or programme. engineering, using and Takes responsibility for maintaining testware (test integrity of testing and cases, test scripts, test acceptance activities and reports, test plans, etc) to coordinates the execution of measure and improve the these activities. Provides quality of the software being authoritative advice and tested. guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test
EIB Information Security classification: CONFIDENTIAL document Page 80 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice.
Testing Specialist Determines testing policy, and owns the supporting processes including software security testing. Takes responsibility for the management of all testing activities within a development or integration project or programme. Manages all risks associated with the testing and takes preventative action when any risks become unacceptable. Assesses and advises on the practicality of testing process alternatives, including automated testing. Initiates improvements to test processes and directs their implementation. Assesses suppliers' development and testing capabilities. Determines project testing standards for all phases, influencing all parties to conform to those standards. Manages client relationships with respect to all testing matters. Specialist Advice Senior The development and Actively maintains exploitation of expertise in recognised expert level any specific area of knowledge in one or more information or identifiable specialisms. communications technology, Provides definitive and digital working, specific expert advice in their techniques, methodologies, specialist area(s). Oversees products or application the provision of specialist areas, for the purposes of advice by others, providing specialist advice. consolidates expertise from multiple sources, including third party experts, to provide coherent advice to further organisational objectives. Supports and promotes the development and sharing of specialist knowledge within the organisation. Table 27: Detailed profiles for lot 8
11.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Parallel Discrete Services (Fixed Price): Parallel Continuous Services: Parallel
EIB Information Security classification: CONFIDENTIAL document Page 81 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 82 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
12 Lot 9: Intranet and Extranet websites and applications
12.1 Lot description
Lot 9 covers services related to the maintenance, support and development of the intranet and extranet websites, mobile applications, and applications at the EIB Group while keeping up-to-date with the technological improvements and developments at the EIB Group.
The Bank may request longer-term services normally associated with the on-going support, maintenance and development of systems and software applications. Typically, these will be of an operational nature with repetitive deliverables and will include some or all of the following types of services (non-exhaustive listing): Business analysis and specification Application analysis design and development (including mobile applications) Training and communication Helpdesk services Functional administration services Investigation of functional / technical problems Installation of patches (bundles) and regular software upgrades Application testing and documentation Corrective and evolutionary application maintenance Technical support services Technical administration services Application monitoring
From time to time, in the context of shorter-term assignments of fixed duration (and cost) for the provision of agreed deliverables, the Bank may request any of the services normally associated with the support, maintenance, development and implementation of software applications, individually or jointly in any combination. These will include some or all of the following types of services (non-exhaustive listing): Business analysis and specification Applications prototyping and piloting Application testing and documentation Corrective and evolutionary application maintenance Value added services such as quality control or security auditing Project management including typical project office tasks Information architecture Applications architecture and strategy development Application design and development, including mobile applications Training and communication Technical administration services Helpdesk and functional administration services Organisation change management and business process reengineering Software upgrades Graphic design services
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 12.3):
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Junior - PHP, MySQL 0.2 development - JavaScript Programming / Software Intermediate - PHP, MySQL - Zend 0.2 development Framework, Drupal modules/themes
EIB Information Security classification: CONFIDENTIAL document Page 83 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - JavaScript - jQuery, AngularJS, React, Vue Programming / Software Senior - PHP, MySQL - Zend 4 development Framework, Drupal modules/themes, AJAX, Web Services - JavaScript - jQuery, AngularJS, React, AJAX, Web Services Systems Design Senior - PHP, JavaScript, 0.2 MySQL, Enterprise integration architecture (EIA) - Requirements analysis, Knowledge of application landscape User Experience Analysis Senior - Requirements 0.2 and Design gathering, Prototyping, Usability testing, Graphical user interface design Systems Software Senior - Linux, Apache, MySQL, 1 Scripting, Load Balancer, SSL, Redis - PHP apps (such as DRUPAL, ownCloud, Matomo) Business Analysis Junior Refer to Section 12.3 0.2 Business Analysis Intermediate Refer to Section 12.3 0.2 Business Analysis Senior Refer to Section 12.3 0.25 Project Management Junior Refer to Section 12.3 0.2 Project Management Intermediate Refer to Section 12.3 0.2 Project Management Senior Refer to Section 12.3 0.1 Testing Junior Refer to Section 12.3 0.2 Testing Intermediate Refer to Section 12.3 0.2 Testing Senior Refer to Section 12.3 0.25 Table 28: Overview of profiles for lot 9
12.2 Domain descriptions
Intranet All members of staff of the EIB Group, as well as other staff working at EIB and EIF Premises under contracts with third-party service providers, are potential users of the Bank's Intranet. This gives a total of approximately 5,500 users.
The EIB Group’s Intranet sites are used for several related purposes: A repository of information about the Bank, services available to employees and the activities of their various organisational units. A distribution channel for the publication of internal news and other information, particularly that of a time sensitive nature. This includes, for example, news from EIB and/or EIF Internal Communications units, articles prepared by other business units and notification of internal job vacancies. A portal providing access to a range of software applications; the access rights for these applications are managed separately, not as part of the Intranet functionality.
The Bank would like to further develop its Intranet with the intention of: Consolidating and reducing the number of separate intranet sites; Improving governance and search functionalities; Aiding collaboration and interaction; Integrating with other systems, by developing applications to publish data/information through web services, or by developing applications to retrieve data/information by consuming web services.
EIB Information Security classification: CONFIDENTIAL document Page 84 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Extranet The Bank’s and the EIF’s Extranet provides secure access to information and services to users outside the EIB Group. These services include, for the time being, systems to facilitate the distribution of corporate documents in a timely and secured manner to interested parties.
These Extranet sites include portals for The EIB’s Board of Directors, including sub-committees, and the Audit Committee The EIF’s Board and Audit Board
Application Description Technology Users Volumes Environments Intranet Secure access to in- PHP, JavaScript 5500 EIB and EIF Development formation and ser- (jQuery, ExtJS, Intranet sites: UAT vices for internal us- AngularJS), Ajax, - Unique visitors Production ers HTML, XML per week: more Mobile - Drupal, Zend than 4000 Framework, - Approximate Symphony, visits per week: Media Wiki, 60,000 Wordpress, - Approximate - OpenText page views per ContentServer week: 250,000 - Database systems: MySQL, Oracle - SugarCRM Extranet Secure access to PHP, JavaScript 5500 EIB and EIF Development information and (jQuery, ExtJS, Intranet sites: UAT services for external AngularJS), Ajax, - Unique visitors Production users HTML, XML per week: more Mobile - Drupal, Zend than 4000 Framework, - Approximate Symphony, visits per week: Media Wiki, 60,000 Wordpress, - Approximate - OpenText page views per ContentServer week: 250,000 - Database systems: MySQL, Oracle - SugarCRM Table 29: Domains for lot 9
12.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Programming / Software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming / Software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software
EIB Information Security classification: CONFIDENTIAL document Page 85 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming / Software Senior Takes technical development responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Systems Design Senior The design of systems to Develops organisational meet specified policies, standards, requirements, compatible guidelines, and methods for with agreed systems systems design. Champions architectures, adhering to the importance and value of corporate standards and systems design principles within constraints of and the selection of performance and feasibility. appropriate systems design The identification of lifecycle models; whether concepts and their predictive (plan-driven) translation into a design approaches or more which forms the basis for adaptive (iterative/agile) systems construction and approaches. Drives adoption verification. The design or of and adherence to relevant selection of components. policies, standards, The development of a strategies and architectures. complete set of detailed Leads systems design models, properties, and/or activities for strategic, large characteristics described in and complex systems a form suitable for development programmes. implementation. The Develops effective adoption and adaptation of implementation and systems design lifecycle procurement strategies, models based on the context consistent with specified of the work and selecting requirements, architectures appropriately from predictive and constraints of (plan-driven) approaches or performance and feasibility. adaptive (iterative/agile) Develops systems designs approaches. requiring introduction of new technologies or new uses for existing technologies. User Experience Analysis Senior The identification, analysis, Determines the approaches and Design clarification and to be used to analyse, clarify communication of the and communicate the user context of use in which experience, users' applications will operate, characteristics and tasks, and of the goals of products, and the technical, social,
EIB Information Security classification: CONFIDENTIAL document Page 86 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility systems or services. organisational and physical Analysis and prioritisation of environment in which stakeholders’ user systems, products or experience needs and services will operate. Plans definition of required system, and drives user experience product or service attributes, and accessibility analysis behaviour and performance. activities providing expert The definition and advice and guidance to management of user support adoption of agreed experience and user approaches accessibility requirements for all potential users. System Software Senior The provision of specialist Evaluates new system expertise to facilitate and software, reviews system execute the installation and software updates and maintenance of system identifies those that merit software such as operating action. Ensures that system systems, data management software is tailored to products, office automation facilitate the achievement of products and other utility service objectives. Plans the software. installation and testing of new versions of system software. Investigates and coordinates the resolution of potential and actual service problems. Ensures that operational documentation for system software is fit for purpose and current. Advises on the correct and effective use of system software. Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded. Project Management Intermediate Takes full responsibility for the definition, approach, facilitation and satisfactory completion of medium-scale
EIB Information Security classification: CONFIDENTIAL document Page 87 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility projects (typically with direct business impact and firm deadlines). Identifies, assesses and manages risks to the success of the project. Ensures that realistic project plans are maintained and ensures regular and accurate communication to stakeholders. Adopts appropriate project management methods and tools whether predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Intermediate processes and systems, Investigates operational reducing their costs, requirements, problems, and enhancing their opportunities, seeking sustainability, and the effective business solutions quantification of potential through improvements in
EIB Information Security classification: CONFIDENTIAL document Page 88 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility business benefits. The automated and non- collaborative creation and automated components of iteration of viable new or changed processes. specifications and Assists in the analysis of acceptance criteria in stakeholder objectives, and preparation for the the underlying issues arising deployment of information from investigations into and communication business requirements and systems. The adoption and problems, and identifies adaptation of business options for consideration. analysis approaches based Works with stakeholders, to on the context of the work identify potential benefits and selecting appropriately and available options for from predictive (plan-driven) consideration, and in approaches or adaptive defining acceptance tests. (iterative/agile) approaches. Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Business Analysis Senior Takes full responsibility for business analysis within a significant segment of an organisation where the advice given, and decisions made will have a measurable impact on the profitability or effectiveness of the organisation. Leads the selection of appropriate business analysis methods, tools, techniques; selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Establishes the contribution that technology can make to business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks.
EIB Information Security classification: CONFIDENTIAL document Page 89 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Testing Intermediate interfaces, perform as Accepts responsibility for specified (including security creation of test cases using requirements), and that the own in-depth technical risks associated with analysis of both functional deployment are adequately and non-functional understood and specifications (such as documented. Testing reliability, efficiency, includes the process of usability, maintainability and engineering, using and portability). Creates maintaining testware (test traceability records, from cases, test scripts, test test cases back to reports, test plans, etc) to requirements. Produces test measure and improve the scripts, materials and quality of the software being regression test packs to test tested. new and amended software or services. Specifies requirements for environment, data, resources and tools. Interprets, executes and documents complex test scripts using agreed methods and standards. Records and analyses actions and results, and maintains a defect register. Reviews test results and modifies tests if necessary. Provides reports on progress, anomalies, risks and issues associated with the overall project. Reports on system quality and collects metrics on test cases. Provides specialist advice to support others. Testing Senior Coordinates and manages planning of the system and/or acceptance tests, including software security testing, within a development or integration project or programme. Takes responsibility for integrity of testing and acceptance activities and coordinates the execution of these activities. Provides authoritative advice and guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice. Table 30: Detailed profiles for lot 9
12.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade
EIB Information Security classification: CONFIDENTIAL document Page 90 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 91 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
13 Lot 10: Data Warehouse
13.1 Lot description
Lot 10 covers the maintenance, support and development of the Operational Data Warehouse and Administrative (Admin) Warehouse as well as the reporting and interfaces linked to it.
The services will be provided to the EIB Group’s business areas including their functional support teams, and to IT, and can be required in all functional areas of the Bank including EIB Group’s business areas that are not covered in this Call for Tenders.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 13.3):
Profile type Profile level Technical skills Estimated number of FTE Programming / Software Junior - 12 to 35 months of 6 development relevant experience in: - IBM Datastage development (specifically IBM Infosphere Datastage 11.x Enterprise parallel developments) - Business Object 4.1 - Designer + Web intelligence reporting - Up to 5 months of relevant experience in SAP Power designer - 12 to 35 months of relevant experience in Database design and SQL (Sybase ASE & IQ): - More than 12 months of relevant experience in Banking Sector functional knowledge (including design of data Warehouse models) Programming / Software Intermediate - 36 to 59 months of 5 development relevant experience in: - IBM Datastage development (specifically IBM Infosphere Datastage 11.x Enterprise parallel developments) - Business Object 4.1 - Designer + Web intelligence reporting - From 6 to 10 months of relevant experience in SAP Power designer - 36 to 59 months of relevant experience in Database design and SQL (Sybase ASE & IQ): - More than 36 months of relevant experience in Banking Sector functional knowledge (including
EIB Information Security classification: CONFIDENTIAL document Page 92 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE design of data Warehouse models) Programming / Software Senior - More than 60 months of 8 development relevant experience in: - IBM Datastage development (specifically IBM Infosphere Datastage 11.x Enterprise parallel developments) - Business Object 4.1 - Designer + Web intelligence reporting - More than 11 months of relevant experience in SAP Power designer - More than 60 months of relevant experience in Database design and SQL (Sybase ASE & IQ): - More than 60 months of relevant experience in Banking Sector functional knowledge (including design of data Warehouse models) Business Analyst Junior - 12 to 35 months of 2 relevant experience in Transact SQL (Sybase ASE & IQ) - 12 to 35 months of relevant experience in Banking Sector functional knowledge: Practical experience in relevant domains (e.g. as Trader, Banker, Front-officer, Back-office clerk, accountant, risk manager, administrative expert, etc.) Business Analyst Senior - More than 24 months of 2 relevant experience in Transact SQL (Sybase ASE & IQ) - More than 36 months of relevant experience in Banking Sector functional knowledge: Practical experience in relevant domains (e.g. as Trader, Banker, Front-officer, Back-office clerk, accountant, risk manager, administrative expert, etc.) Project Management Junior - 12 to 35 months of 2 relevant experience in: - Transact SQL (Sybase ASE & IQ) - MSProject 2013 - MSExcel 2013 - SharePoint 2013 - SAP BusinessObjects 4.x (Infoview) - Banking Sector functional knowledge
EIB Information Security classification: CONFIDENTIAL document Page 93 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE - Domain experience (IT and Banking) - General knowledge in software development methodologies and release management Project Management Senior - More than 36 months of 2 relevant experience in: - Transact SQL (Sybase ASE & IQ) - Oracle 12g - MSProject 2013 - MSExcel 2013 - SharePoint 2013 - SAP BusinessObjects 4.x (Infoview) - Banking Sector functional knowledge - Domain experience (IT and Banking) - General knowledge in software development methodologies and release management Systems Design Junior - 12 to 35 months of 2 relevant experience in: - Database design and SQL (Sybase ASE & IQ, Oracle 12g, SQLServer) - Shell/Powershell - Test and documentation - Expert and In-depth knowledge of a relevant system / development tool - Short-term assignments on particular feasibility studies, configuration issues, proof- of-concept tasks, related to one of the systems covered by the Data Warehouse area. Systems Design Senior - More than 36 months of 2 relevant experience in: - Database design and SQL (Sybase ASE & IQ, Oracle 12g, SQLServer) - Shell/Powershell - Test and documentation - Expert and In-depth knowledge of a relevant system / development tool - Short-term assignments on particular feasibility studies, configuration issues, proof- of-concept tasks, related to one of the systems covered
EIB Information Security classification: CONFIDENTIAL document Page 94 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Technical skills Estimated number of FTE by the Data Warehouse area. Table 31: Overview of profiles for lot 10
13.2 Domain descriptions
The Operational Data Warehouse (ODW): The ODW contains a subset of the majority of the Bank’s operational data. The end-users access the data by means of a reporting tool (SAP BusinessObjects 4.2). The Operational Data Warehouse is also used as a source of information for third party tools (e.g. analytics, risk management tools).
The ODW is fed by various operational databases, notably: - Lending back-office, Treasury, Borrowings (Wall Street Systems / Wallstreet Suite) - Collateral Management System (SunGard APEX) - Lending front-office (EIB in-house development - Serapis[1]) - Reference database for counterparts and ratings (EIB in-house development - PiRat[2]) using the ETL tool IBM Infosphere Datastage 11.3. The documentation of the business terms is done using IBM Information Governance Catalog and the data quality is managed through IBM Information Analyser and IBM Qualitystage. These tools are technically maintained by the Data Warehouse team at the EIB.
The ODW is also used as a source of information for analytic applications in various areas like Risk Management and Cost Accounting.
The Service Providers shall be responsible for:
- Feeding the ODW: maintaining the existing system, adaptation to upgrades or changes of source systems, addition or replacement of data, system documentation, and technical migration - Ensuring the technical support of the tools used in the Data Warehouse area - Providing the second level support for end-user reporting: maintenance of the existing universes and reports, training of end-users, creation of new universes and reports, technical migration or upgrade of tools - Sourcing, design and feeding of the Risk Application data models (Algorithmics, Moody’s Risk Authority, and the in-house application “Dispositif de Mesure de Résultat et de Rentabilité” (DM2R) using the Extraction Transform and Load tool “IBM Infosphere Datastage”
The Administrative Warehouse (ADW): The ADW is composed of personnel data (staff information, jobs & positions management, training, payroll, pension & pension scheme, time management), accounting, purchasing, budgeting and cost accounting.
Data are extracted from the Oracle PeopleSoft Human Capital Management (HCM) and Financial Management modules, using IBM Infosphere Datastage version 11.3. The documentation of the business terms is done using IBM Information Governance Catalog and the data quality is managed through IBM Qualitystage.
As with the ODW, Infosphere Datastage 11.3 and SAP Business Objects 4.2 being the main tools used by the software developers involved in the maintenance and support of ADW, all software developers proposed by the Tenderers will be required to have proven experience with these specific tools.
ADW is also the main data source for the Bank’s cost accounting system, Cost Perform, which is fed by files, generated using the ETL.
[1] Serapis is designed as an all-in-one information management portal for operational staff in the lending area, i.e. the Operations Directorates, Risk Management Directorate, Projects Directorate, Compliance Directorate and Legal Service of the EIB. It supports the lending business. [2] The PiRat application is the user front-end to access and maintain the Bank’s counterparts and their internal ratings.
EIB Information Security classification: CONFIDENTIAL document Page 95 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
The Service Providers shall be responsible for: - Feeding the ADW: maintaining the existing system, adaptation to the upgrade or change of source systems, addition or replacement of data, system documentation, and technical migration - Providing the second level of technical support of the tools used in the ADW area - End-user reporting: maintenance of the existing universes and reports, training of the end-users, end-user support, creation of new universes and reports, technical migration or upgrade of tools - Maintaining the ETL interfaces feeding ADW, as well as the ETL interfaces pushing data out of ADW (e.g. Cost Accounting interfaces)
Application Description Technology Users Volumes Environments Operational Data The Operational - IBM Infosphere 1500 Technical - Development Warehouse, Data Warehouse DataStage components: - Test Administrative contains a subset Enterprise 11.3 - Sybase ASE - User Warehouse and of the majority of - SAP BO XI 4.2 Database of 32 Acceptance reporting the Bank’s (Infoview / Webi) GB (1595 - Production operational data. - LAMP tables) developments - Sybase IQ (php) Database of 5 - LDAP GB (565 Authentication & tables) Access control - Approx. 7000 - Shell/PowerShell ETL jobs - 80 Business Objects universes More than 7000 Business Objects Reports (webi) Administrative The Administrative - IBM Infosphere 400 Technical com- - Development Warehouse Warehouse (Admin DataStage Enter- ponents: - Test Warehouse) is prise 11.3 - Sybase IQ 16 - User composed of - Cost Perform 9.x Database with Acceptance Personnel data - Oracle/PeopleSoft a volume of - Production (Staff information, HCM & Financial 250 GB (1000 jobs & positions Management (as tables) management, source of data) - Approx. 3000 training, payroll, - SAP BO XI 4.2 (In- ETL jobs pension & pension foview / Webi) - 40 Business scheme, time - LAMP develop- Objects uni- management), Ac- ments (php) verses counting, - LDAP Authentica- More than 3000 Purchasing, tion & Access con- Business Budgeting and trol Objects Reports Cost accounting. - Shell/Powershell (webi) Table 32: Domains for lot 10
13.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
EIB Information Security classification: CONFIDENTIAL document Page 96 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Programming/software Junior The planning, designing, Designs, codes, verifies, development creation, amending, tests, documents, amends verification, testing and and refactors moderately documentation of new and complex programs/scripts. amended software Applies agreed standards components in order to and tools, to achieve a well- deliver agreed value to engineered result. stakeholders. The Collaborates in reviews of identification, creation and work with others as application of agreed appropriate. Programming/software Intermediate software development and Designs, codes, verifies, development security standards and tests, documents, amends processes. Adopting and and refactors complex adapting software programs/scripts and development lifecycle integration software models based on the context services. Contributes to of the work and selecting selection of the software appropriately from predictive development approach for (plan-driven) approaches or projects, selecting adaptive (iterative/agile) appropriately from predictive approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Applies agreed standards and tools, to achieve well-engineered outcomes. Participates in reviews of own work and leads reviews of colleagues' work. Programming/software Senior Designs, codes, verifies, development tests, documents, amends and refactors complex programs/scripts and integration software services. Takes technical responsibility across all stages and iterations of software development. Plans and drives software construction activities. Adopts and adapts appropriate software development methods, tools and techniques selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Measures and monitors applications of project/team standards for software construction including software security. Contributes to the development of organisational policies, standards, and guidelines for software development. Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations.
EIB Information Security classification: CONFIDENTIAL document Page 97 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Business Analysis Senior processes and systems, Takes full responsibility for reducing their costs, business analysis within a enhancing their significant segment of an sustainability, and the organisation where the quantification of potential advice given, and decisions business benefits. The made will have a collaborative creation and measurable impact on the iteration of viable profitability or effectiveness specifications and of the organisation. Leads acceptance criteria in the selection of appropriate preparation for the business analysis methods, deployment of information tools, techniques; selecting and communication appropriately from plan- systems. The adoption and driven/predictive approaches adaptation of business or more adaptive (iterative analysis approaches based and agile) approaches. on the context of the work Establishes the contribution and selecting appropriately that technology can make to from predictive (plan-driven) business objectives, defining approaches or adaptive strategies, validating and (iterative/agile) approaches. justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. Project Management Junior The management of Defines, documents and projects, typically (but not carries out small projects or exclusively) involving the sub-projects (typically less development and than six months, with limited implementation of business budget, limited processes to meet identified interdependency with other business needs, acquiring projects, and no significant and utilising the necessary strategic impact), alone or resources and skills, within with a small team, actively agreed parameters of cost, participating in all phases. timescales, and quality. The Identifies, assesses and adoption and adaptation of manages risks to the project management success of the project. methodologies based on the Applies appropriate project context of the project and management methods and selecting appropriately from tools whether predictive predictive (plan-driven) (plan-driven) approaches or approaches or adaptive adaptive (iterative/agile) (iterative/agile) approaches. approaches. Agrees project approach with stakeholders, and prepares realistic plans (including quality, risk and communications plans) and tracks activities against the project schedule, managing stakeholder involvement as appropriate. Monitors costs, timescales and resources used, and takes action where these deviate from agreed tolerances. Ensures that own projects are formally closed and, where appropriate, subsequently reviewed, and that lessons learned are recorded.
EIB Information Security classification: CONFIDENTIAL document Page 98 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Systems Design Junior The design of systems to Designs components using meet specified appropriate modelling requirements, compatible techniques following agreed with agreed systems architectures, design architectures, adhering to standards, patterns and corporate standards and methodology. Identifies and within constraints of evaluates alternative design performance and feasibility. options and trade-offs. The identification of Creates multiple design concepts and their views to address the translation into a design concerns of the different which forms the basis for stakeholders of the systems construction and architecture and to handle verification. The design or both functional and non- selection of components. functional requirements. The development of a Models, simulates or complete set of detailed prototypes the behaviour of models, properties, and/or proposed systems characteristics described in components to enable a form suitable for approval by stakeholders. implementation. The Produces detailed design adoption and adaptation of specification to form the systems design lifecycle basis for construction of models based on the context systems. Reviews, verifies of the work and selecting and improves own designs appropriately from predictive against specifications. (plan-driven) approaches or Support the existing systems and ensure their availability.
EIB Information Security classification: CONFIDENTIAL document Page 99 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Systems Design Senior adaptive (iterative/agile) Develops organisational approaches. policies, standards, guidelines, and methods for systems design. Champions the importance and value of systems design principles and the selection of appropriate systems design lifecycle models; whether predictive (plan-driven) approaches or more adaptive (iterative/agile) approaches. Drives adoption of and adherence to relevant policies, standards, strategies and architectures. Leads systems design activities for strategic, large and complex systems development programmes. Develops effective implementation and procurement strategies, consistent with specified requirements, architectures and constraints of performance and feasibility. Develops systems designs requiring introduction of new technologies or new uses for existing technologies. Ensure continuous improvement of relevant systems. Table 33: Detailed profiles for lot 10
13.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 100 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
14 Lot 11: Administrative Services
14.1 Lot description
Lot 11 covers administrative support services concerning procurement, budget, contracts, projects and reporting related to externally delivered IT services.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 14.3):
Profile type Profile level Technical skills Estimated number of FTE Administrative Support Junior Procurement 1 Administrative Support Junior Budget 0.25 Administrative Support Junior Contracts 0.25 Administrative Support Junior Project & Reporting 0.5 Administrative Support Intermediate Procurement 3 Administrative Support Intermediate Budget 0.75 Administrative Support Intermediate Contracts 0.75 Administrative Support Intermediate Project & Reporting 1 Administrative Support Senior Procurement 1 Administrative Support Senior Budget 0.25 Administrative Support Senior Contracts 0.25 Administrative Support Senior Project & Reporting 1 Table 34: Overview of profiles for lot 11
14.2 Domain descriptions
Business area Description Technology Procurement -Procurement (Procure to Pay) PeopleSoft Financial, - Requisition creation, review and validation Business Objects, Excel - Invoice processing and handling - Travel authorisations and expense reports validation
Budget - Budget and financial control and associated reporting PeopleSoft Financial, - Performance, budgeting & costing analysis Business Objects, Excel - Budget forecast and resource planning - Control the payment of invoices and reconciliation of budgetary data
Contracts - Contract Management (pre, executing, post) PeopleSoft Financial, - Contract Performance and monitoring Business Objects, Excel - Document Management - Update of contract database - Management of contractual documents Project & Reporting - Organisation of meetings and drafting of minutes PeopleSoft Financial, - Filing of electronic and hard copy documents Business Objects, Excel, - Logistical support such as organisation of business trips, SharePoint workshops, seminars, etc. Table 35: Domains for lot 11
14.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Procurement Junior Support in the overall Provide operational and Intermediate support and control of the administrative support for Senior Procure-To-Pay processes the main aspects of the Procure-To-Pay processes so as to ensure smooth and
EIB Information Security classification: CONFIDENTIAL document Page 101 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility timely execution of EIB’s procedures. Propose improvements and participate in the optimisation of working methods and processes. To the extent possible as external staff, ensure back- up of the essential activities of other Operational Assistants during their absence to guarantee business continuity Budget support Junior The overall financial support, Assists in monitoring and Intermediate control and monitoring of the maintaining all required Senior IT assets and resources financial records for used in the provision of IT compliance and audit to all services, ensuring agreed requirements. compliance with all Assists all other areas of IT governance, legal and with their financial tasks, regulatory requirements. especially in the areas of identification of process, service, project and component costs and the calculation and subsequent reduction of all IT service, project, component and process failures. Contributes to financial planning and budgeting. Collates required financial data and reports for analysis and to facilitate decision making
Contracts Junior The overall support and Supports the design, Intermediate control of the operation of negotiation and Senior formal contracts for supply management of contracts of products and services. and vendor relationships for IT products and services. Sources and collects contract performance data), and monitors performance against KPIs. Identifies and reports under-performance and develops opportunities for improvement. Monitors compliance with Terms and Conditions and take appropriate steps to address non-compliance. Coordination of signatures and filing of electronic and hard copy documents and contracts
Projects & Reporting Junior The overall support to Line Tracking the status of Intermediate Managers, Project program and project Senior Managers and/or PMO deliverables and milestones. functions Verifying project lifecycle and deliverables. Coordination on program level risk and issues. Monitoring the status of projects transitioning into normal service. Coordination of the post project reviews. Organisation of meetings and drafting of minutes
EIB Information Security classification: CONFIDENTIAL document Page 102 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility Filing of electronic and hard copy documents Logistical support such as organisation of business trips, workshops, seminars, etc. Table 36: Detailed profiles for lot 11
14.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Parallel Discrete Services (Fixed Price): Parallel Continuous Services: Parallel
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 103 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
15 Lot 12: PeopleSoft
15.1 Lot overview
Lot 12 covers services related to the maintenance, support and development of the Bank’s PeopleSoft Suite. The required services are grouped in 3 categories: development, maintenance and operational.
Services under this lot shall be provided by the following staff profile roles (for a detailed description of the roles, see section 15.3):
Profile type Profile level Technical skills Number of FTE Business Analysis Junior PeopleSoft 1 - 3 Business Analysis Intermediate PeopleSoft 2 - 4 Business Analysis Senior PeopleSoft 4 - 6 PeopleSoft Technical Junior - Oracle Peopletools 8.50 1 - 3 Application Specialist and above - PeopleCode - Application Engine - PS Query - SQL PeopleSoft Technical Intermediate - Oracle Peopletools 8.50 2 - 4 Application Specialist and above - PeopleCode - Application Engine - PS Query - SQL PeopleSoft Technical Senior - Oracle Peopletools 8.50 4 - 6 Application Specialist and above - PeopleCode - Application Engine - PS Query - SQL PeopleSoft Administrator Junior - MS Windows 1 - 3 (2007/2012 servers) - BEA Weblogic - PeopleSoft Upgrade Manager and/or Change Assistant and/or Change Impact Analyzer and/or Setup Manager PeopleSoft Administrator Senior - MS Windows 4 - 6 (2007/2012 servers) - BEA Weblogic - PeopleSoft Upgrade Manager and/or Change Assistant and/or Change Impact Analyzer and/or Setup Manager Testing Junior PeopleSoft 1 - 3 Testing Senior PeopleSoft 2 - 4 Project Management Intermediate ERP / PM methodologies 1 - 3 Project Management Senior ERP / PM methodologies 2 - 4 Table 37: Overview of profiles for lot 12
15.2 Domain descriptions
Financial Management: Purchasing, Accounts Payable, General Ledger (the EIB’s reference accounting system), Expenses:
While the EIB’s implementation of Procure to Pay (PtP) is very close to the standard software, with the exception of the workflow which has been adapted, General Ledger (GL) and Expenses have been customised considerably in line with the Bank’s needs (notably chartfields, Average Daily Balance (ADB), adjustments, security). Several interfaces from other applications (Finance Kit, SWIFT and Force (an in-house application)) are in production and are supported by the maintenance team (Application
EIB Information Security classification: CONFIDENTIAL document Page 104 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Messaging and Application Engine (AE)). The whole set of modules is supervised by commitment control (extensively used), which is secured with the Tree Manager and the standard rules of commitment control set-up.
In the last years, a lot of custom solutions have been developed and integrated in the related modules: paperless requisitions (PO), paperless approval of invoices (AP), invoicing fees (GL), amortisation modules (GL).
PeopleTools is used to create and maintain the entire structure (tables, pages, components, menus and PeopleCode). The Workflow is extensively used as well as SQL (to debug / zap the data) and the Query Manager.
Human Capital Management (HCM): Administer Workforce, Recruitment, Position Management, Compensation, Global Payroll, Self-Service, Training, Time & Labor, PeopleSoft Interaction HUB:
The Recruitment module was upgraded to version 9.2 in September 2014.
Employees and managers can access HR data using PeopleSoft Interaction Hub 9.1.
While the EIB’s implementation of Administer Workforce, Global Payroll, Self-Service, Enterprise Learning and Position Management is very close to the standard software, the other modules have been customised considerably in line with the Bank’s needs. In addition, specific functionalities have been developed in-house (e.g. simulation tool and appraisal management). The EIB developed and maintains a complete set of rules within the Global Payroll core engine to pay salaries and pensions. PeopleTools is used to create and/or maintain tables, views, screens, components, menus, and PeopleCode. PeopleSoft Workflow is extensively used. Transfers of data across PeopleSoft environments are carried out using Integration Broker. Many batches have been written using SQR and Application Engine.
For means of reporting, HR data are extracted, on a daily basis, to the EIB Data Warehouse.
Some peripheral applications are linked to PeopleSoft HCM systems: Organisation charts based on the product HRCharter from Cezanne Software Time Management system (TiM by DSK systems)
Application Description Technology Users Volumes Environments PeopleSoft HCM Administer Oracle-database : 4,000 Technical Development Workforce, 12c (12.1.0.2) components: Test Candidate under Linux RH Database: 700 Play (sand box) Gateway, Talent 5.11 Gb - 3000 tables User Acceptance Management, Application used from a total Test Position server, Web of 27000 Production Management, server, Process Global Payroll, scheduler, Absence Reports Management, repository under Self-Service Windows 2012 PeopleTools 8.55.19, Oracle Tuxedo 12.1.3, Oracle Weblogic 12.1.3 PeopleSoft HCM PeopleSoft Oracle-database : 5,000 Technical Development Interaction HUB, 12c (12.1.0.2) components: Test Content under Linux RH Database: 160 Play (sand box) Management 6.9 Gb - 1000 tables User Acceptance Application used from a total Test server, Web of 5000 Production server, Process scheduler under Windows 2012 PeopleTools
EIB Information Security classification: CONFIDENTIAL document Page 105 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Application Description Technology Users Volumes Environments 8.55.19, Oracle Tuxedo 12.1.3 , Oracle Weblogic 12.1.3 Table 38: Domains for lot 12
15.3 Profile descriptions
The following is a detailed and lot-specific indication of the required profiles and their roles and responsibilities.
Profile type Profile level Role Responsibility Business Analysis Junior The methodical Investigates operational investigation, analysis, needs and problems, and review and documentation of opportunities, contributing to all or part of a business in the recommendation of terms of business goals, improvements in automated objectives, functions and and non-automated processes, the information components of new or used and the data on which changed processes and the information is based. organisation. Assists in The definition of defining acceptance tests for requirements for improving these recommendations. Business Analysis Intermediate processes and systems, Investigates operational reducing their costs, requirements, problems, and enhancing their opportunities, seeking sustainability, and the effective business solutions quantification of potential through improvements in business benefits. The automated and non- collaborative creation and automated components of iteration of viable new or changed processes. specifications and Assists in the analysis of acceptance criteria in stakeholder objectives, and preparation for the the underlying issues arising deployment of information from investigations into and communication business requirements and systems. The adoption and problems, and identifies adaptation of business options for consideration. analysis approaches based Works with stakeholders, to on the context of the work identify potential benefits and selecting appropriately and available options for from predictive (plan-driven) consideration, and in approaches or adaptive defining acceptance tests. (iterative/agile) approaches. Contributes to selection of the business analysis methods, tools and techniques for projects; selecting appropriately from predictive (plan-driven) approaches or adaptive (iterative/agile) approaches. Senior Takes full responsibility for business analysis within a significant segment of an organisation where the advice given, and decisions made will have a measurable impact on the profitability or effectiveness of the organisation. Leads the selection of appropriate business analysis methods, tools, techniques; selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Establishes the contribution that technology can make to
EIB Information Security classification: CONFIDENTIAL document Page 106 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility business objectives, defining strategies, validating and justifying business needs, conducting feasibility studies, producing high-level and detailed business models, preparing business cases, overseeing development and implementation of solutions, taking into account the implications of change on the organisation and all stakeholders. Guides senior management towards accepting change brought about through process and organisational change. PeopleSoft Technical Junior The design of systems to Applications: prototyping, Application Specialist meet specified piloting, design, requirements, compatible development, testing and with agreed systems documentation architectures, adhering to Training and corporate standards and communications within constraints of Corrective and evolutionary performance and feasibility. application maintenance The identification of Technical support services concepts and their Technical administration translation into a design services which forms the basis for Investigation of technical systems construction and problems verification. The design or application monitoring selection of components. Project Management The development of a including typical Project complete set of detailed Office tasks models, properties, and/or Software upgrades PeopleSoft Technical Intermediate characteristics described in Applications: prototyping, Application Specialist a form suitable for piloting, design, implementation. The development, testing and adoption and adaptation of documentation systems design lifecycle Training and models based on the context communications of the work and selecting Corrective and evolutionary appropriately from predictive application maintenance (plan-driven) approaches or Technical support services adaptive (iterative/agile) Technical administration approaches. services Investigation of technical problems application monitoring Project Management including typical Project Office tasks Software upgrades PeopleSoft Technical Senior Applications: prototyping, Application Specialist piloting, design, development, testing and documentation Training and communications Corrective and evolutionary application maintenance Technical support services Technical administration services Investigation of technical problems application monitoring Project Management including typical Project Office tasks Software upgrades
EIB Information Security classification: CONFIDENTIAL document Page 107 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility PeopleSoft Administrator Junior The provision of specialist Software and patches expertise to facilitate and (bundles) installation execute the installation and Servers administration maintenance of system Software upgrades software such as operating Software and server systems, data management monitoring products, office automation Applications architecture products and other utility and strategy development software. Technical support activities Technical administration services Investigation of technical problems PeopleSoft Administrator Senior Software and patches (bundles) installation Servers administration Software upgrades Software and server monitoring Applications architecture and strategy development Technical support activities Technical administration services Investigation of technical problems Testing Junior The planning, design, Defines test conditions for management, execution and given requirements. Designs reporting of tests, using test cases and creates test appropriate testing tools and scripts and supporting data, techniques and conforming working to the specifications to agreed process standards provided. Interprets, and industry specific executes and records test regulations. The purpose of cases in accordance with testing is to ensure that new project test plans. Analyses and amended systems, and reports test activities configurations, packages, or and results. Identifies and services, together with any reports issues and risks. interfaces, perform as Testing Senior specified (including security Coordinates and manages requirements) , and that the planning of the system risks associated with and/or acceptance tests, deployment are adequately including software security understood and testing, within a documented. Testing development or integration includes the process of project or programme. engineering, using and Takes responsibility for maintaining testware (test integrity of testing and cases, test scripts, test acceptance activities and reports, test plans, etc) to coordinates the execution of measure and improve the these activities. Provides quality of the software being authoritative advice and tested. guidance on any aspect of test planning and execution. Defines and communicates the test strategy for the project. Manages all test processes, including test plans, resources, costs, timescales, test deliverables and traceability. Manages client relationships with respect to testing matters. Identifies process improvements, and contributes to corporate testing standards and definition of best practice.
Project Management Intermediate The management of Takes full responsibility for projects, typically (but not the definition, approach, exclusively) involving the facilitation and satisfactory
EIB Information Security classification: CONFIDENTIAL document Page 108 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Profile type Profile level Role Responsibility development and completion of medium-scale implementation of business projects (typically with direct processes to meet identified business impact and firm business needs, acquiring deadlines). Identifies, and utilising the necessary assesses and manages resources and skills, within risks to the success of the agreed parameters of cost, project. Ensures that timescales, and quality. The realistic project plans are adoption and adaptation of maintained and ensures project management regular and accurate methodologies based on the communication to context of the project and stakeholders. Adopts selecting appropriately from appropriate project predictive (plan-driven) management methods and approaches or adaptive tools whether predictive (iterative/agile) approaches. (plan-driven) approaches or adaptive (iterative/agile) approaches. Ensures Quality reviews occur on schedule and according to procedure. Manages the change control procedure, and ensures that project deliverables are completed within agreed cost, timescale and resource budgets, and are signed off. Provides effective leadership to the project team, and takes appropriate action where team performance deviates from agreed tolerances. Project Management Senior Takes full responsibility for the definition, documentation and successful completion of complex projects (typically with significant business, political, or high-profile impact, and high-risk dependencies). Adopts and adapts project management methods and tools, selecting appropriately from plan- driven/predictive approaches or more adaptive (iterative and agile) approaches. Ensures that effective project control, change control, risk management and testing processes are maintained. Monitors and controls resources, revenue and capital costs against the project budget and manages expectations of all project stakeholders. Table 39: Detailed profiles for lot 12
15.4 Contracting modalities
The contracting types for this lot are defined for each of the service types as described in section 2.4: Discrete Services (T&M): Cascade Discrete Services (Fixed Price): Cascade Continuous Services: Cascade
A detailed description of the contracting modalities is provided in chapter 17 “Contracting Modalities”.
EIB Information Security classification: CONFIDENTIAL document Page 109 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
16 Other requirements for the performance of Services common to all lots
Unless otherwise stated, the requirements below are common to the performance of Services across all 12 lots of this Call for Tender.
16.1 CV and resourcing requirements
During the term of the Agreement and of any Contract, the Bank reserves the right to interview any persons proposed by the Service Provider for the delivery of Services. The Bank shall be the ultimate arbiter on whether the proposed resource meets the stated needs of the Bank.
A background check is required for all Service Provider staff members with access to EIB Group build- ings and/or EIB Group systems and will be performed by the Service Provider prior to the start of any Assignment related to the performance of the Agreement involving such access.
The EIB reserves the right to access and review the background check information upon request. Such requests will be analysed and honoured subject to the terms and conditions of the applicable data pro- tection regulations and/or prior consent of the staff in question to the disclosure of personal data, if required.
Planned interventions may also require presence on-site or on-call support outside Business hours, including weekends. The Bank will decide, based on the type of intervention, whether this support shall be given on-site and by the same staff resource or by an additional staff resource.
The Bank reserves the right to increase or decrease the estimated number of FTEs during the imple- mentation phase of the Framework Agreement.
16.2 Language requirements
Staff must be proficient in English (B2 level or equivalent) and should be proficient in French (B2 level or equivalent). Knowledge of other languages is an asset. The language level will be assessed based on the Common European Framework of Reference for Languages.
16.3 Scalability of resources
The Service Provider will provide the number of resources initially requested by EIB. The Service Pro- vider will monitor the ratio between resources provided, users to support and the workload.
The Service Provider will provide alternative metrics to optimize capacity for workload based on tech- nology and demand evolution.
The number of resources will be reviewed once every 6 months in order to ensure the increase in re- sources is proportional to the increase in EIB staff or tasks.
Additional resources can be requested by the Bank as a Discrete Service based on an AToR to accom- modate a need for additional resources. .
16.4 Staff training
Training of the Service Provider staff shall not have any negative effects on the execution of the Framework Agreement (i.e. reduced staffing levels).
The Bank is open to consider the possibility of allowing staff to be trained on-site if that is judged convenient for both sides. In this case, the Bank shall incur no cost for the Service Provider staff who
EIB Information Security classification: CONFIDENTIAL document Page 110 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
are receiving training. However, while in training, these staff do not contribute to the required minimal presence on-site. The Service Provider will need to provide additional staff in order to fulfil the required minimal presence on-site.
During the performance of each Assignment of minimum 9 months on Continuous Services, the Service Provider will provide a detailed approach of how the training will be provided, including:
A plan covering the terms of the Assignment that includes training areas, certifications (which certifications, for which profiles etc.) and the number of hours per year that the Service Provider staff will be attending technical and soft skills training (minimum 24 hours of technical training). The training plan needs to be validated and agreed with the Bank and online training should be limited up to 25%; Remedial training for underperforming staff based on user feedback and EIB staff evaluation; Initial newcomer training pack per role. The Service Provider will provide and fund on- boarding training for new staff joining the EIB. Training will have a duration of two weeks and will be done before the staff member joins the EIB projects, unless agreed differently with the Bank; The structure and organisation of the EIB specific training that will be provided.
16.5 Staff present at Premises
The Service Provider will maintain the agreed-upon number of resources during all working days and ensure there are backups for holidays, sick-leave, and any other contingencies, in order to avoid any understaffing. It is the responsibility of the Service Provider to ensure there is an adequate amount of backup staff for the different profiles and to ensure resources have been approved beforehand by the Bank, including the backups.
The Service Provider will provide an overview of resource provision planning including holidays, training and resource backup procedures, in case of unforeseen absences. Understaffing will be subject to SLA breach penalties.
16.6 On-Site assignments
On-Site Continuous and Discrete Services will be provided at the Bank’s Premises in Luxembourg, un- less otherwise requested or specified by the Bank (e.g. intervention in other locations). The Bank will supply the Service Provider staff with office accommodation and the Bank’s standard office equipment, including PCs and Devices attached to the Bank’s network.
On-Site Continuous and Discrete Services will be provided during Business Hours unless otherwise specified.
In addition, certain types of work, such as a system upgrades, may require work outside Business Hours defined above or even on weekends or public or Bank holidays of Luxembourg.
In case of damage to the primary Premises, it could be required to perform work from the Business Continuity site as described in section 16.18.4
Remote access to the Bank’s IT systems will only be possible on a case-by-case basis, subject to prior agreement of the Bank
For on-site Services delivered outside normal Bank working days (after hours, on weekends and Bank or public holidays of Luxembourg), subject to the Bank’s request or prior approval, the following rules shall apply (travel time is excluded from the below):
For after-hours work from 19:00 to 07:00 on normal working days, a multiplier of 1.5 (150%) of the applicable daily rate will be applied, pro-rata on the hours worked;
EIB Information Security classification: CONFIDENTIAL document Page 111 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
For work on Saturdays a multiplier of 1.5 (150%) of the applicable daily rate will be applied, pro-rata on the hours worked; For work on Sundays and Luxembourgish public holidays, a multiplier of 2 (200%) of the applicable daily rate will be applied, pro-rata on the hours worked.
For Services based on on-call assignments the standard rate will apply for any activities provided outside the Bank’s Business Hours.
16.7 On-Call assignments
As specified for each of the different lots, the EIB and the Service Provider might agree through an AToR, for the Service Provider to set up and operate an on-call support service in a location where the required response times can be met, outside the normal Business Hours during the week (described in section 16.6 “On-Site assignments”) and during weekends and Bank holidays, all year round.
Staff on on-call support will be required to handle incidents and changes, which could be related to software failures or general incidents affecting the respective applications.
Services shall be provided by the Service Provider staff who have reached a good understanding of the EIB’s IT environment and infrastructure, and who, if required (e.g. if physical presence on-site is re- quested by the EIB or if remote connection is not possible) will be able to come to the Luxembourg based Premises of the EIB to analyse the incident, take the necessary actions and/or escalate the inci- dent in accordance with the relevant policy.
For each of the lots, the following profiles are likely to be requested on on-call basis:
For LOT 1, this may apply to any profile
For LOT 2, this will be: o the Systems Software Junior profiles; o the Systems Software Senior profiles;
For LOT 3, this will be: o the Systems Software Senior profiles;
For LOT 4, this will be: o the Package Application Specialist profiles; o the Application Technical Administrator (BMC) Senior profiles; o the Application Technical Administrator Senior profiles;
For LOT 7, this will be: o the Oracle Database Administration Intermediate profiles; o the Oracle Database Administration Senior profiles; o the Sybase Database Administration Senior profiles; o the MsSQL Database Administration Senior profiles;
For LOT 9, this will be: o the Systems Software Senior profiles;
The On-Call Service will cover time slots outside normal Business Hours and can be handled remotely by phone. Its purpose is to be able to solve incidents. Incidents can be solved remotely (if applicable) unless resolution requires presence on-site. The On-Call Service can be triggered via telephone by an approved list of EIB operators or by internal EIB IT staff members.
The Service Provider will do whatever is necessary to ensure all the on-call staff is accessible by the Bank. The on-call staff shall be part of the same team responsible for infrastructure engineering on a daily basis; the Bank must explicitly agree with exceptions to this rule.
EIB Information Security classification: CONFIDENTIAL document Page 112 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
16.8 Nearshoring
Nearshoring consists of a transfer by the Service Provider of some of its activities to a different location within the European Union of the choosing of the Service Provider and may be requested by the EIB sometime in the future. This nearshoring arrangement could possibly be linked to a move to Managed Services as described in section 16.13 “Managed Services”.
The request for Nearshoring Services will be initiated with a request for an AToR by the EIB, which is governed by the modalities outlined in 17.2 “ Procedure for the award of specific assignments under the CASCADING mechanism (call-off mechanism)” and 17.3 “Procedure for the award of specific assignments under the PARALLEL mechanism (call-off mechanism)”. Upon submission of the AToR by the Bank, the Bank can decide whether to accept the proposal.
16.9 Staff replacement and new staff during assignments
Staff replacement during the term of an Assignment will be subject to the Bank’s prior written approval, if this approval is given, the Service Provider will be responsible for maintaining the continuity, the level and the quality of Services performed as part of the Assignment. Regardless of the cause of the staff replacement, the Bank shall not be charged for any extra cost (including hand-over activities and train- ing) owing to staff replacement. The Service Provider shall notify the Bank without delay in case a re- source provided under the Agreement resigns or plans to resign from the Assignment.
At all times the Bank’s assessment of a staff replacement or a new staff member for an Assignment shall be final (see section 16.1 “CV and resourcing requirements”).
For resources assigned to the EIB in a Continuous or Discrete assignment (Time & Material or Fixed Price) or On-Call Service, the Bank shall have the right to request the Service Provider to replace any of the resources, if not satisfied with the performance or quality of Services rendered.
Before the on-boarding of a new resource (staff replacement or new staff), the Bank will require an interview of the proposed resource and will reserve the right to accept or reject the proposed resource, in accordance with the procedure described in Section 16.1 “CV and resourcing requirements”. This also applies to a trial period of at least two weeks after completion of the handover.
New resources, regardless of their seniority level, will spend 10 working days onboarding and participating in the appropriate knowledge transfers for their role. Time spent during this period (i.e. 10 working days) shall not be invoiced to the Bank.
16.10 Knowledge management
Knowledge management is important to the EIB. If knowledge is retained, it can be shared to ensure that the right information is always available when required, which allows making informed decisions. Knowledge transfers will be greatest at the start of the Agreement when the Service Provider takes over from the incumbent service provider and when the Service Provider does a handover at the end of the Agreement.
Knowledge management will also play a role during the execution of the Agreement because it is im- portant that knowledge is captured and made available and (actively) shared to allow all parties to benefit from it.
Service Providers in all lots will have to create documentation destined for the EIB IT department in case it does not exist, and maintain existing documentation.
EIB Information Security classification: CONFIDENTIAL document Page 113 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Intellectual property of all parts of the knowledge database will remain with the Bank.
As part of proactive incident management activities, the Service Providers will analyse all available information in the tools at their disposal, in order to continuously improve the service, which may include raising problems, changes, improving tools and documentation and recommending users for training activities.
16.11 Data protection for Nearshore services
The location for Nearshore Services shall be limited to countries that ensure an adequate level of protection equivalent to the protection ensured by the European Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation Directive), and the Regulation (EU) 2018/1725 of the European Parliament and of the Council on the protection of natural persons with regard to the protection of personal data by the Union institutions, bodies, offices and agencies and on the free movements of such data, as amended from time to time and applicable to EIB.
The burden of proof on the equivalent level of protection will be on the Service Provider/Tenderer proposing the location for execution of the Agreement. All relevant information must be included in the Tenderer’s offer to the respective AToR.
16.12 Discrete Services
At any time during the term of the Agreement, the EIB may request for Discrete Services related to the domains of the 12 lots, to be provided during the lifetime of the Agreement. These services may be provided in either Time and Material or Fixed Price modes. Such services may include:
Ad-hoc advisory and consultancy services; Applications and/or system architecture and strategy development Applications and/or system prototyping and piloting Business analysis and specification Application and/or system design and development Application and/or system testing and documentation Training and communication Data or document migration Technical administration services Corrective and evolutionary application maintenance Helpdesk and functional administration services Value added services such as Quality Control or Security Auditing Organisation Change Management and Business Process Reengineering Enterprise Architecture services Project Management including typical Project Office tasks Software upgrades
In the context of Discrete Services, the Bank may specifically request the Service Provider to allocate some of the resources already dedicated to the Bank under on-site continuous Assignments, or other resources of the Service Provider, as the case may be. Otherwise, Service Providers shall not make use of resources already assigned to Continuous Services, unless specifically agreed with the Bank.
Internal staff members of the Bank will manage the Assignments for the Discrete Services, though this will not impede the Bank from requesting project management services as part of Discrete Services.
When the Bank determines a need for Discrete Services, it shall submit an AToR, which is governed by the modalities outlined in sections 17.2 and 17.3.
EIB Information Security classification: CONFIDENTIAL document Page 114 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
16.13 Managed Services
Any time after the first anniversary of the Agreement, the Service Provider in a given lot may be requested to shift a certain portion of On-Site Continuous Services into Managed Services in specific areas to be defined.
Managed Services are a subset of Continuous Services that are being delivered either at EIB Premises, either in a Nearshore location. Managed Services typically include ongoing management and operational services structured as an ongoing multiyear service, defined and governed by service-level agreements. The key element is that the Service Provider has the primary responsibility for managing and operating the offering.
The offering itself may be limited to ongoing curation of data or may involve the operational management of the business process or technology solution. Services may range across business processes, applications, and platforms that are customized, commercial off-the-shelf (COTS), software as a service (SaaS) or combinations thereof, as specified in the domain descriptions of the respective lots.
The request for a move to Managed Services will be initiated with an AToR issued by the Bank, which is governed by the modalities outlined in sections 17.2 and 17.3.
Upon submission of the AToR by the Bank, the Bank can decide whether to accept the proposal. If the proposal is accepted, the services described in the AToR replace the defined portion of On-Site Continuous Services, including the billing thereof.
16.14 Internal EIB service level agreement
The Services provided by the Service Provider will help the IT Department Units in performing their internal operations and achieving Service Level Targets contained in internal Service Level Agreements between IT and the business, expressed in the expected resolution time targets as described below.
These expected resolution times apply both during and outside normal office hours, and shall not be confused with the Service Level Targets relevant to the Service Providers’ Services as described in 16.15 “Service level targets” which are subject to an SLA between the EIB and the Service Provider.
However, the service level targets outlined in the Service Level Agreement of the EIB IT department will be used as the basis for monitoring the performance and quality of Services provided by the Service Provider. These targets are outlined in the following section.
16.15 Service level targets
The EIB is seeking to establish a multi-year relationship with the Service Providers based on a mutual understanding, trust and the achievement of agreed quality measures. The Bank shares a list of Service Level metrics and relevant Service Level Targets (SLTs) with the Service Providers.
A number of SLTs have been defined at Framework level, enabling the Bank to evaluate the overall relationship and service delivery of the Service Provider.
This section specifies the Service Level Targets for the Service provided by the Service Provider in a Service Level Agreement which shall be part of the Agreement.
The Service Level Targets detail the minimum requirements of Services to be provided, the defined metrics, the method of measuring Service Level Target achievement, as well as the applicable penalties for underperformance against or non-fulfilment of the Service Level Targets.
EIB Information Security classification: CONFIDENTIAL document Page 115 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
16.15.1 Service Level Agreement
The Service Level Agreement (SLA) for the Services provided by the Service Providers under the Agreement will be finalised taking into account the proposal of the selected Tenderer and upon acceptance of the Bank, but the final requirements will not, in any case, be less strict than specified below in Table 40. The SLA will further specify the Service Level indicators, as shown in Table 40, for the relevant Services provided under the Agreement.
Compliance with the Service Level Targets in the SLA will be measured on the basis of the metrics as reported by the Service Provider and/or measured by the EIB, and will be calculated and potentially penalised as outlined in 16.15.4.
When SLTs are not met (consistently) by the Service Provider, the Bank may apply penalties. These penalties could be triggered by non-compliance against a single SLT, or consistent underperformance against one or multiple SLTs, as indicated in Table 40 and further specified in section 16.15.4. Furthermore, the EIB may at its sole discretion decide to add bonus options to any of the SLTs in the AToRs.
16.15.2 Service Level Targets (minimum mandatory requirements)
The Service Level Targets give the minimum acceptable values for the performance metrics. SLTs are measured and potentially penalised at the Bank’s discretion on an individual basis per SLT, as described in section 16.15.4. Note that a number of SLTs are only applicable for Service Providers in a Cascading award mechanism.
The following table gives the measurements, values, minimum values and penalties (if applicable) for the performance metrics. Detailed descriptions of the SLTs are provided in section 16.15.3.
Measurement needs to be executed by the Service Provider and reported in the Service Review Reports as described in section 16.18.2.1.
Service Level SLT ref. Performance metric Measurement Penalty Target 3 consecutive Timely AToR response breaches, or according to the 50% of all Time to respond to an submission deadline set in AToRs for this Consecutive: Altering SLT 1 AToR (Cascade) the AToR (no less than 3 lot within the Cascade order5 working days after notice) last twelve on a yearly basis months rolling period 3 consecutive breaches, or AToR responses meeting 50% of all Quality of responses the minimum quality criteria AToRs for this Consecutive: Altering SLT 2 (Cascade) (e.g. number of resources, lot within the Cascade order6 experience) last twelve months rolling period Number of staff replaced Time to successfully (i.e. having a physical replace on-site staff at replacement that can start SLT 3 95% N/A the EIB’s or Service knowledge transfer) within Provider’s request 1 month / Total replaced staff per year Customer satisfaction: Average customer Individual: The Service SLT 4 survey for EIB’s satisfaction survey result 75% Delivery Manager will feedback on the (%) per year produce an action plan and
5 As described in section 16.15.4 6 As described in section 16.15.4
EIB Information Security classification: CONFIDENTIAL document Page 116 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Service Level SLT ref. Performance metric Measurement Penalty Target services delivered by follow it up with the team if the Service Provider the minimum score is not achieved. The EIB will monitor the improvement initiative. Timely delivery of Management / Number of timely delivered Performance reports periodic reports in the right SLT 5 100% N/A (as agreed by the format / Total periodic Parties) in the format reports per year requested by the EIB Final correct invoices to be submitted within 30 working days in compliance with EIB’s invoicing requirements:
T&M Assignments: submission within 30 working days Number of timely delivered 95% - with 1% after the final and compliant invoices increase every Individual: 1% of invoiced SLT 6 acceptance by the / Total final invoices per new contract amount EIB of the provided year year timesheets Fixed Price Assignments: submission within 30 working days after acceptance by the EIB of milestone delivery
Submission of timesheets within the template format (submitted by Service Number of timely delivered Provider within 3 days SLT 7 correct timesheets / Total 100% N/A of month close until timesheets per year EIB provides a tool when submission is required the first day of the next month) Table 40: SLTs
16.15.3 Detailed description of Service Level Targets
16.15.3.1 SLT 1 - Time to respond to an AToR (Cascade)
This metric intends to measure whether the Service Provider timely responds to a request from the Bank. It is only applicable for Service Providers in a Cascade bidding mechanism. The table below provides the relevant definitions.
EIB Information Security classification: CONFIDENTIAL document Page 117 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Term Definition Timely Within the time that is specified in the respective AToR, starting from official publication of the AToR and notification of the selected Service Provider. This timeframe cannot be less than 3 working days. A different timeframe may be specified for the two types of responses as defined below. Request AToR issued by the Bank in the context of the Framework Agreement Response Two types of responses are being considered: Notification of not bidding: the Service Provider sends a formal notification that there is no intent to bid on this request Formal response to request: a service proposal meeting the format requirements of the Bank’s request
The Bank will keep track of all requests, responses and non-reponses for all issued requests. Breaching this SLT for 3 consecutive requests within one lot will lead to the Bank having the right to alter the Cascade order, as described in section16.15.4.
16.15.3.2 SLT 2 – Quality of responses (Cascade)
This metric intends to measure whether the response from the Service Provider meets the quality requirements from the Bank. It is only applicable for Service Providers in a Cascade bidding mechanism. The table below provides the relevant definitions.
Term Definition Quality The requirements for the responses as described in the AToR. Key requirements consideration will be given to proposing adequate profiles in terms of profile type and experience, and to adhering to the templates and formatting requirements. Request AToR issued by the Bank in the context of the Framework Agreement Response Two types of responses are being considered: Notification of not bidding: the Service Provider sends a formal notification that there is no intent to bid on this request Formal response to request: a service proposal meeting the format and quality requirements of the Bank’s request
The Bank will keep track of all requests, responses and non-reponses for all issued requests. Breaching this SLT for 3 consecutive requests within one lot or 50% of all AToRs within one lot within the last twelve months rolling period will lead to the Bank having the right to alter the Cascade order, as described in section16.15.4.
16.15.3.3 SLT 3 – Time to successfully replace on-site staff at the EIB’s or Service Provider’s request
This metric intends to measure whether on-site staff is successfully replaced in a timely manner, for either replacements on the Bank’s or the Service Provider’s request. The table below provides the relevant definitions.
Term Definition On-Site staff This SLT only applies to staff that is working at EIB Premises (On-Site assignments) Successfully Staff is being replaced by a similar profile with a similar expertise and that replaced meets the profile requirements as stated in the original AToR, as described in section 16.9 Timely manner Staff is being replaced (i.e. having a physical replacement that can start knowledge transfer) within one month after formal notice of replacement is given by the Service Provider, or after replacement is agreed between the
EIB Information Security classification: CONFIDENTIAL document Page 118 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Term Definition Bank and the Service Provider (if on the Bank’s request), as described in section 16.9, unless specified differently in the respective AToR.
The Bank will keep track of all replacements per year, and requires 95% of the replacements to be executed within the time and quality standards as set above.
16.15.3.4 SLT 4 – Customer satisfaction: survey for EIB’s feedback on the services delivered by the Service Provider
This metric intends to measure the extent to which the Bank is satisfied with the services delivered by the Service Provider. At the end of each Assignment, a customer satisfaction survey will be completed by the Bank. The template questions and scoring mechanism for the survey can be found in Appendix 9.
The Bank will keep track of all surveys per Service Provider per year, and requires a yearly average satisfaction score above 75%.
Breach of this metric will lead to an action plan to be provided by the Service Provider, detailing how the Service Provider intends to improve customer satisfaction. This action plan will be monitored closely by the Bank.
16.15.3.5 SLT 5 – Timely delivery of Management / Performance reports (as agreed by the Parties) in the format requested by the EIB
This metric intends to measure whether the Service Provider delivers the specified periodic reports in a timely manner and in the right format. The table below provides the relevant definitions.
Term Definition Periodic Reports The periodic reports as defined in section 16.18.2, as well as any other periodic reports that are defined in the respective AToRs. Timely manner The report triggers and timelines are defined in the respective AToRs. Right format The format requirements of the reports will be described in the respective AToRs.
The Bank will keep track of all periodic reports submitted by the Service Provider per year, and requires 100% of them to be delivered in the right format and in a timely manner.
16.15.3.6 SLT 6 – Final correct invoices to be submitted within 30 working days in compliance with the Bank’s invoicing requirements
This metric intends to measure whether the Service Provider submits final invoices within 30 working days and in the right format. The table below provides the relevant definitions.
Term Definition Invoice Invoice for services delivered by the Service Provider, as described in section 16.21 30 working days Final correct invoices to be submitted within 30 working days in compliance with EIB’s invoicing requirements, unless specified differently in the respective AToRs:
T&M Assignments: submission within 30 working days after the acceptance by the EIB of the provided timesheets
EIB Information Security classification: CONFIDENTIAL document Page 119 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Term Definition Fixed Price Assignments: submission within 30 working days after acceptance by the EIB of milestone delivery
Right format The minimum format requirements will be specified in the specific AToRs.
The Bank will keep track of all invoices submitted by the Service Provider per year, and requires 95% (increased with 1% every new contract year) of them to be delivered in the right format and in a timely manner. Breach of this metric in a single occasion will allow the Bank to charge the Service Provider with a penalty of 1% of the invoiced value.
16.15.3.7 SLT 7 – Final correct timesheets to be submitted within 30 working days in compliance with the Bank’s invoicing requirements
This metric intends to measure whether the Service Provider submits final timesheets within the defined timeframe. The table below provides the relevant definitions.
Term Definition Timesheet Timesheet for services delivered by the Service Provider, per resource Within 3 days of Timesheet submission within 3 days after the last day of the month where month close services are provided Right format The minimum format requirements will be specified in the specific AToRs until EIB provides a tool (then submission is required the first day of the next month).
The Bank will keep track of all timesheets submitted by the Service Provider per year, and requires 100% of them to be delivered in the right format and in a timely manner.
16.15.4 Application of penalties
The Bank has the right to apply penalties to the Service Provider, when the Service Provider: Breaches one single SLT (‘Individual’ penalty) Consecutively breaches one single SLT (‘Consecutive’ penalty)
The types of penalties that could be applied are the following: Financial penalty (monetary fine) Action penalty (Service Provider to develop resolution plan) Altering Cascade penalty (Changing the Cascade order - if applicable - as described below)
Table 41 describes how the penalty triggers and types are linked:
Penalty trigger Penalty type Breach of one single SLT Financial penalty Action penalty
Consecutive breach of one single SLT Altering Cascade penalty
Table 41- Penalty triggers and types
Altering the Cascade order When using a cascading award mechanism and the Service Provider is found to be consistently underperforming, measures affecting the Cascade could be applied at the Banks discretion. In case of consecutive breach of an individual SLT, as referred to in the table “SLTs” (Table 40), the Bank will bypass the Service Provider for a period of 12 months as specified below, and to address the AToRs for all new requests to the next ranked Service Provider in the cascade directly.
EIB Information Security classification: CONFIDENTIAL document Page 120 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
These measures will be applied when underperformance is achieved through consecutive breach of SLT 1 or 2. In this event, the Cascade order will be altered for a period of 12 months, starting from the date indicated in the notification sent to the contractor.
The measures above may be applied in the following conditions: The period of measurement is the last 12 months The minimum number of requests must be 4 (during the last 12 months)
At the end of the application of the measures, a new period of measurement of the performance metrics will be initiated.
16.15.5 SLA validity and review
For the duration of the Agreement the Bank may propose changes to the SLAs with the objective to clarify or help the execution of the Agreement. These changes however cannot be in contradiction with the Agreement itself and will require the Service Provider’s written agreement to take effect. Following this approval, a new version of the SLA will be incorporated into the Agreement. However, the Bank may add metrics (not linked to an SLT) at any time, and the Service Provider may also make suggestions to add metrics and subsequently include them in reporting.
16.16 Takeover and exit assistance (hand-over) activities
16.16.1 Takeover of present activities
The takeover period is estimated to take up to 2 months for a complete transfer of all services for the concerned lot, i.e. for all requested FTEs to be operational and fully independent from the incumbent service providers.
The Service Provider(s) will take into consideration the possibility that holiday periods (summer, Christmas, etc.) may overlap with the takeover period.
During the takeover period, defined as two months after the start of the Framework Agreement (per each of the lots (1 through 12) under this Call for Tenders, Service Provider(s) shall perform the services and activities required in the context of their respective lots (lots 1 through 12).
16.16.2 Exit assistance (hand-over) Services
One of the key challenges in the implementation of the Agreement is smooth handover from the Service Provider to the service provider selected under a new agreement. Apart from a well organised and executed planning, this also requires well accompanied learning, knowledge transfer and other measures required to ensure effectiveness and efficiency do not suffer because of the handover. The respective provisions of the General Terms and Conditions notwithstanding, upon expiry or termination of the Agreement at any time during the planned lifetime of the Agreement for whatever reason, the Service Provider(s) shall be required to provide Exit Assistance Services for the hand-over of Services to the internal or external staff members designated by the EIB, and/or successor contractors to whom new contracts for the same or similar scope of Services will have been awarded.
The hand-over period and the phasing out of resources, if any, will be specified in an AToR that will cover this period.
At the end of the Agreement, the Service Provider(s) must hand over the Services, data, know-how, documentation, processes, contracts database and repository, and any related infrastructure within the EIB Premises. Exit assistance services shall include training of the staff of the new contractor and transfer of knowledge of the underlying processes, documentation, etc. This hand-over must be done without impacting the Services provided to the Bank, and without impacting the day-to-day operation, quality of services or the achievement of the Service Level Targets.
EIB Information Security classification: CONFIDENTIAL document Page 121 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
At the Bank’s request, the Service Provider(s) will develop an updated Exit Plan, in collaboration with the EIB that complements the successor plan developed by the Bank (or its designated contractor). The Service Provider(s) will then keep the Exit Plan up-to-date to reflect eventual updates to the transition plan.
To facilitate the transfer of knowledge from the Service Provider(s) to the Bank or the new provider(s), the Service Provider(s) shall explain to the Bank (or its designated contractor personnel) the procedures and operations, configuration and change management process, and other standards and procedures that are specific to the Services.
The provisions of the GTC notwithstanding, all data and information, reports or other documentation (and title of ownership to such) derived from the contractual relationship between the Service Provider(s) and the Bank will belong to the Bank. The Service Provider(s) must return all of the Bank’s property, i.e. all copies of data, licenses, standard software, etc., and related data shall be deleted or destroyed, after explicit approval by the Bank. The Service Provider(s) must in any case guarantee the confidentiality of information, including details on the Bank’s application landscape, user data, procedures, details of communications, and any other aspects related to the Services provided during the term of the Agreement, even after termination or expiration of the Agreement.
The owner of the transition period will be the Bank (or its designated contractor), who will manage the transition/migration and phase-in procedure. To the extent necessary however, the Service Provider(s) will be required to ensure availability of its staff dedicated to the performance and governance of the Agreement during the entire hand-over and migration period.
Upon successful conclusion of the handover, an acceptance certificate will be delivered by the Bank to the Service Provider(s). The Bank (or its designated contractor) will be consulted to ensure that all the necessary information and documentation allowing transfer of responsibilities at the end of the handover period has been received.
16.17 Required professional standards
The Service Provider will be required to perform the Services requested by the Bank including the prep- aration and submission of deliverables, in accordance with the highest standards of professional com- petence and integrity in the industry, having due regard for the nature and purposes of the Bank as the EU’s long-term financing institution.
The Service Providers must have an IT Services Model based on industry best practices and accepted standards. The Bank is adopting ITIL-based best practices for IT Service Management, ITIL terminology is therefore also used in the context of this Call for Tenders. The Service Providers accept to adopt best practices in their communications with the Bank concerning the delivery of the Services, in order to minimize the likelihood of misunderstandings due to terminology used or the understanding of basic service processes.
16.18 Contract management
16.18.1 Relationship management
Contact persons will be defined by both parties, and clearly identified with their names, e-mail addresses and telephone numbers, either in the Agreement or in the relevant Assignments.
16.18.1.1 Account Management
The Account Manager is responsible for managing and administering this Agreement, including ad- dressing Assignment requests from the Bank, proposals and Contracts concluded with the Bank, as they arise. The Account Manager must be reachable by the Bank during Business Hours. In case of absence, a back-up must be designated. The activities carried out by the Account Manager shall not
EIB Information Security classification: CONFIDENTIAL document Page 122 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
constitute a service paid by the Bank, as this shall be considered to be part of the customer service on behalf of the Service Provider.
16.18.1.2 Service Delivery Management
The Service Delivery Manager will be the main interface for all the technical and operational matters. The Service Delivery Manager will be the recipient of notifications and the first point of contact for esca- lation related to any incident or crisis related to the Services delivered to the Bank. He will also have to follow up on quality matters, responsible for meeting any performance metrics or SLTs agreed between Parties. The Service Delivery Manager will provide reports to the Bank in relation to any aspect of the Services at the Bank’s request, in the format and frequency as may be required by the Bank.
In case of absence, a back-up must be designated for the Service Delivery Manager. The Service De- livery Manager will be on-site one (1) day a week and when requested by the Bank. The Service Delivery Manager will also be the first point of contact for specific issues, whereas the Service Provider on-site staff will be in contact with the respective EIB staff members for daily operations. The activities carried out by the Service Delivery Manager (or their back-up) shall not constitute a service paid by the Bank, as this shall be considered to be part of the customer service on behalf of the Service Provider.
16.18.1.3 EIB Service Management
The Bank will provide at least one (1) contact person as the EIB Service Manager. They will be in charge of managing all technical and operational issues related to the Services provided by the Service Pro- vider. The EIB Service Manager will send and receive notifications and escalations related to any inci- dent or crisis situations related to the Service delivered by the Service Provider. They will be in charge of following up on all SLA matters, thereby being responsible on-site for ensuring that any SLTs are met by the Service Provider.
16.18.1.4 EIB Budget, Contract and Vendor Management unit
The EIB Budget, Contract and Vendor Management (BCV) unit will act as the administrative contact in charge of managing administrative and contractual matters related to the Services with the Service Provider. This will include managing contract extensions and indexation, as well as invoicing and other procurement related activities.
16.18.2 Reports and meetings involving the Bank and Service Providers
16.18.2.1 Service Review and Continuous Improvement
A Service Review Report must be provided by the Service Provider to the EIB Service Manager by email every 3 months, following the service period in question, per respective lot. The Bank will provide a template for this report upon initiation of the Agreement.
Following the Service Review Report, a Service Review and Continuous Improvement Meeting (SRCIM) might be requested by the Bank. The Service Provider’s Account Manager, Service Delivery Manager, and the EIB Service Manager – and/or their nominated representatives – shall attend these meetings.
The Service Delivery Manager shall produce a meeting report (minutes) 5 working days after the meeting at the latest and submits it for approval by the Bank.
The main objectives of the SRCIMs are as follows (list not exhaustive): Review of the last minutes Review of Service quality indicators and the reports Review the status of the outstanding actions Review of any complaints Review of specific on-going assignments and orders and of outstanding invoices Agree on the plan for any outstanding requests for change
EIB Information Security classification: CONFIDENTIAL document Page 123 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Setup/update the actions list Review of any ongoing projects or projects starting shortly Review of Service Improvement action plans and initiatives
Other periodic or non-periodic meetings may also be organised on demand by either party, to discuss specific subjects or projects.
Other members of the Service Provider team may be involved and may attend the meeting to discuss matters related to their area of responsibility. Other representatives of the Bank may attend the meetings according to the subject matter on the agenda.
16.18.2.2 Steering Committee Meetings (SCM)
The Bank may take the initiative to hold a Steering Committee Meeting (SCM) twice a year. When such meetings are called, the Service Provider shall ensure the presence of the following participants at a minimum:
Account Manager Service Delivery Manager The hierarchical managers to whom the Account Manager and the Service Delivery Manager report
Other participants may be required depending on the particular points on the agenda of the SCM.
For the EIB, at least the EIB Service Manager will attend the SCMs.
The main objectives of the SCMs include but are not limited to:
Event or situation review, when relevant Review of technical and contractual achievements and performance issues since the last Steering Committee meeting Definition of the strategic action plan for the coming months or years Other points as may be required
Documents for the SCM including a report of issues relating to the period in question will be provided by e-mail by the Service Provider to the EIB Service Manager at least 2 working days before the meeting.
The Service Delivery Manager shall produce a meeting report (minutes) 5 working days after the meeting at the latest and submits it for approval by the Bank.
16.18.3 Business Continuity Programme (BCP) of the Service Provider
The Services delivered by the Service Provider to the Bank under the Agreement are considered to be critical services by the Bank. As stated in the respective provisions of the General Terms and Conditions (GTC) regarding the Business Continuity Management Programme (BCMP), the Service Provider shall run and maintain its own BCMP in relation to the provision and operation of the Services.
The provisions of the GTC notwithstanding, the Service Provider BCMP shall at least cover the following aspects:
Description of services A review of workforce and logistics with focus on availability, redundancy and remaining weaknesses Identification of major dependencies A description of key service procedures (including incident management, change management, escalation procedure) and the way the Service Provider handles business continuity / disaster recovery
EIB Information Security classification: CONFIDENTIAL document Page 124 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
A risk identification and analysis (impact/likelihood) with focus on worst case outages and associated high level recovery plans Communication with the EIB Group in case of crisis Recommendations and possible improvements A disaster recovery plan (DRP)
16.18.4 Business continuity site
The Bank operates a business continuity site which is located in the Grand Duchy of Luxembourg. Service Provider staff members might need to provide support and maintenance of the business continuity sites, contribute to the BCP testing and carry out the specified activities in case the BCP is invoked (in line with the BCP / DRP policies and procedures at the EIB).
16.19 IT Organisation at the EIB
16.19.1 Service and project organisation at the EIB
The Service Provider will carry out Assignments in different areas of the Bank, and in doing so will need to rely on other operational units for the day-to-day support of their activities. The main points of inter- action with the Bank are as follows:
IT Service Owner, typically a senior IT professional working closely with the Business Owner, with overall responsibility for technology related services for the systems and applications in a particular area or domain of the business, including budgeting, resourcing, capacity plan- ning and tracking service levels; IT Project Manager, typically an IT professional working closely with the Business Project Leader, with responsibility for the architectural design of solutions, the planning and execution of all IT related components of the project; IT Maintenance and Development Unit, a group of IT professional staff with responsibility for second line support of the systems and applications within a particular area or domain of the business, designing and implementing corrections or changes; IT Operations, responsible for the day-to-day running and operation of all systems and appli- cations and execution of disaster recovery procedures; IT Security, responsible for the definition and tracking of IT security policies and procedures across all systems and applications; IT Service Desk, responsible for first level user support, primarily in the desktop and MS Office environments, and client side installations required by the various applications; Infrastructure Services, responsible for support design and implementation of changes in the following areas: servers, storage, operating systems (Red Hat, Linux and Solaris), Virtualiza- tion technologies (VMWare), Backup & Recovery systems and Database Support (Oracle, MySQL, MSSQL, Sybase); Enterprise Architecture, responsible for defining technology standards & guidelines and for the validation of design specifications regarding systems and applications within the Bank.
16.19.2 Policies, procedures and tools at the EIB
The provisions of the GTC notwithstanding, in the performance of any Assignment the Service Provider will have to comply with the Bank’s IT policies, standards, and procedures applicable to all systems, applications and projects in the Bank. The key policies are listed below, and the Service Provider will be required to review them upon signature of the Agreement and commit to the following active policies, standards and procedures that are of relevance to the Services under the Agreement:
Configuration Management Plans: address the identification, structure and change control applied to systems, applications and procedures. The configuration management plans for each system or application are stored centrally and are available online. In some cases, these are still to be developed;
EIB Information Security classification: CONFIDENTIAL document Page 125 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
System Development Lifecycle: addresses the structure and management of systems devel- opment projects. All project documentation is stored centrally once approved and is available internally online; IT Security Policy: addresses identification, authentication, access controls, accountability, confidentiality, integrity and service continuity for all systems and applications. Security ad- ministration is performed centrally using Windows and UNIX applications. Security assess- ments are carried out for systems, applications and projects. The results are held centrally; Information Security Policy: defines the governance framework to manage information secu- rity in order to ensure that the EIB Group's information assets and IT facilities are properly protected against a variety of security threats; it also outlines the EIB Group's requirements for information security and its framework of supporting policies, procedures and guidelines for the protection of the confidentiality, integrity and availability of its information assets; Incident and Change Management: addresses the tracking and management of disruptions or changes to production services and systems. All such incidents or changes are recorded and tracked via a central incident and change management tool; Time Management: staff from the Service Provider who work for regular or prolonged periods on EIB premises will be required to electronically register their time of entry and departure (including lunch breaks).
16.20 Audits
The relevant provisions of the GTC notwithstanding, the Bank reserves the right to organise and perform audits for the contractual performance of the Service Provider. The number of such audits shall be limited to one per year at the maximum.
The Service Provider shall have the following obligations in relation to the performance of audits:
Nominate a point of contact within its organisation for the coordination of all audit-related matters; Permit the Bank or its designated representatives to periodically inspect its accounts and records relating to the performance of the Agreement as per the relevant provisions of the GTC; Maintain and keep accessible all records pertinent to the execution of audits; the Bank shall have the right to make copies thereof, to have them audited by auditors appointed by the Bank, if so required by the Bank, and to transmit any such document to entity having authority to audit the activities of the Bank as per the relevant provisions of the GTC; Ensure appropriate implementation of corrective measures in a timely manner and accurate follow-up of the remediation plans.
16.21 Invoicing
The relevant provisions of the GTC notwithstanding, the Service Provider’s invoice shall make reference to the corresponding purchase order and contract reference numbers of the Bank. Where the invoice covers more than one activity (under the same purchase order), the relevant entries shall be indicated separately for each activity, matching the description of the purchase order, together with the total amount to pay.
For Time and Materials Contracts a pro forma invoice shall be sent within 10 working days after the end of the month covered by the invoice and a final invoice within 30 working days after the end of the calendar month covered by the invoice, upon acceptance by the Bank of the timesheets for Time and Materials Assignments.
For Fixed Price Contracts, a pro forma invoice shall be sent within 10 working days after acceptance by the EIB of the defined milestone and a final invoice within 30 working days after acceptance by the EIB of the defined milestone.
EIB Information Security classification: CONFIDENTIAL document Page 126 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
17 Contracting modalities
Two distinct mechanisms will be used in the context of the Framework Agreements awarded under this Call for Tenders. The selected mechanism depends on the lot and the type of Services as described in paragraph 2.4.
17.1 Framework Agreements
It is intended to establish multiple Framework Agreements with up to five different Service Providers for each lot and to subsequently award particular Assignments in relation to a lot to one of these Service Providers, using the cascading or the parallel award mechanism as described in paragraphs 17.2 and 17.3.
The objectives of the Bank in selecting this particular approach are the following: Flexibility - services will be secured on a timely, as-needed basis with minimal overhead within a clear and transparent procedural framework; Reliability - establishing a long-term relationship with a selected group of service providers will ensure consistency and continuity of Services, staff and management over the life of the Framework Agreement.
Tenderers shall be aware that the conclusion of multiple Framework Agreements in a given lot following this Call for Tenders will not oblige the Bank to request all of the Services or volumes of Services specified in this Call for Tenders from the selected Service Providers.
Multiple Framework Agreements concluded between the Bank and selected Service Providers shall be for a period of 4 years.
17.2 Procedure for the award of specific assignments under the CASCADING mechanism (call-off mechanism)
The procedure for awarding Specific Contracts under the cascading mechanism is described in Article 4 of the Agreement for lots 2, 3, 4, 5, 6, 7, 9, 10 and 12.
In the case of Discrete Services, Service Providers shall not make use of resources already assigned to Continuous Services in awarded Assignment, unless specifically agreed with the Bank.
17.3 Procedure for the award of specific assignments under the PARALLEL mechanism (call-off mechanism)
The procedure for awarding Specific Contracts under the parallel mechanism is described in Article 4 of the Agreement for lots 1, 8 and 11.
In the case of Discrete Services, Service Providers shall not make use of resources already assigned to Continuous Services in awarded Assignment, unless specifically agreed with the Bank.
17.4 Awarding assignments
The Tenderers are requested to take note of the following additional rules complementing provisions of Article 4 and Article 5 of the Agreement regarding the awarding of assignments.
AToRs will be dispatched via a central mailbox or by other electronic means as specified by the EIB.
EIB Information Security classification: CONFIDENTIAL document Page 127 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
During the bidding phase (from the time the AToR has been dispatched up to the award of the Contract), this communication channel shall be the sole means of communication allowed, and any requests for clarification and the Proposals themselves must be addressed via this communication channel: no other EIB staff member or other EIB email address may be used or copied. Failure to comply with these communication restrictions may lead to disqualification of the Service Provider's Proposal.
In all cases, the specific requirements included in the AToR notwithstanding, Proposals sent in response to AToRs must include:
1. The CV (or CVs) of the staff resource(s) proposed for the assignment; 2. The identification of the subcontractor to be involved in the provision of Services, if any; 3. A signed Background Check Statement (as described in Section 16.1)
Each Assignment will be limited to an overall cost and duration, and may include take-over (start-up) and handover activities at the beginning or end of the Assignment. Specific deliverables and, where applicable, means of tracking performance and quality will be defined in the Assignment Terms of Reference (AToR), the Purchase Order (PO) issued which constitute the Contract or, in exceptional cases, the specific Contract concluded with the Service Provider selected for that assignment.
In the case of Fixed Price Assignments, the Fixed Price is not subject to any upward adjustment and the selected Service Provider takes full responsibility for all potential cost escalations in relation to that Assignment.
During their involvement in Service delivery at the Bank, seniority levels of the Service Provider’s staff resources will evolve as they acquire additional experience. Changes in seniority will have no effect on pricing or the delivery of Services to the Bank. If a Service Provider’s staff resource evolves to a higher experience profile, e.g. from Junior to Senior, the Service Provider must propose a suitable alternative at the lower profile level or obtain the Bank’s approval to change the composition of the team dedicated to an Assignment, in accordance with the provisions of this Section. However, if the profile that has evolved to another seniority level takes another position, with the approval of the EIB, adjustments in pricing can be agreed between the Service Provider and the Bank.
17.5 Changes to awarded Contracts
After submission of the Proposal in response to an AToR, no changes to the Proposal are permitted from the time of submission of a Proposal to the time of Contract award, apart from the correction of obvious clerical errors or omissions and/or adjustments made in response to clarification requests made by the Bank.
Should the Service Provider require changes be made to a Contract, a request in writing to this extent shall be sent to the Bank via the same communication channel that was used for the award. Such change requests must include the following information as a minimum:
1. Reasons for requesting changes in the staff resource, the team or the subcontractor allocated to the assignment; 2. Composition of the new proposed team 3. CV (or CVs) of the new staff resource(s) 4. A signed Background Check Statement for each proposed staff resource 5. Description of the new sub-contractor involved 6. Description of how the Service Provider intends to maintain continuity, level and quality of Service following the change 7. Description of the Service Provider’s arrangements for knowledge transfer, hand-over and training following the change 8. Statement exonerating the EIB from all financial and other impacts of the change
EIB Information Security classification: CONFIDENTIAL document Page 128 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Changes to Contracts will only take effect once approved by the EIB. If the requested changes are not approved, the Contract will continue on the original terms or will be terminated. If approved, an Addendum to the AToR will be sent to the Service Provider for signature.
17.6 Execution of assignments
The Service Provider will carry out the Assignment according to the terms of the Contract and the Agreement to provide the agreed deliverables and/or Services in the agreed timetable and within the agreed costs.
All deliverables and/or Services provided as part of an Assignment are subject to the Bank’s review and acceptance. All deliverables shall be reviewed by the Service Provider prior to delivery to the Bank for approval to ensure that they are complete, accurate and up-to-date.
In performing the Services, the Service Provider will be required to comply with the Bank’s rules and regulations and in particular with the “General Terms and Conditions for Framework Agreements for the provision of services to the European Investment Bank" (GTC) in Annex 6.
EIB Information Security classification: CONFIDENTIAL document Page 129 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
18 Tender requirements and structure
18.1 General tender requirements
Tenders shall be drafted and submitted in English. The provisions of the “General administrative and submission clauses” notwithstanding, Tenders (delivered on paper as well as an electronic version in searchable PDF format and Excel)7 must be structured by the Tenderers according to the following outline and include the items below:
1. Exclusion phase and administrative documentation (see details under Section 19 “Exclusion criteria and administrative documentation”); 2. Selection phase documentation (see details under Section 20 “Selection criteria documentation”); 3. Award phase documentation (see details under Section 21 “Award criteria documentation”).
The tender for each lot shall include all the documentation mentioned above. This applies to both paper and electronic form.
Documents and other files in the electronic version shall use the provided templates and naming/numbering when requested. For some documents, summary information has to be filled out in the Excel templates, this will be indicated where applicable.
By submitting a tender, the Tenderer shall be deemed to have accepted the terms of this Call for Tenders, including the contractual terms and conditions. Additional or different terms and conditions proposed by the Service Provider shall not apply.
18.2 Joint offers (consortia) and subcontracting
Both joint offers (consortia) and subcontracting or a combination of both are permitted in the context of this Call for Tenders.
However, economic operators may not participate in more than one consortium submitting offers for the same lot.
In all cases, the tender must state very clearly whether each company involved is acting as a Tenderer in a joint offer, or as a subcontractor (this also applies where the various companies involved belong to the same group, or even where one is the parent company of the others). The implications of these two modes of collaboration are radically different and are outlined below.
The Service Provider must obtain all relevant licences needed to perform the Services described before the Assignment commences and must, throughout the entire Assignment period, comply with all laws and provisions in force. In any event, the Service Providers shall retain full responsibility for the performance of the Services under the relevant Agreement.
If a Tenderer intends to use subcontracting, the tender must describe the reasons why the Tenderer is envisaging subcontracting and specify the volume / proportion for each subcontractor in Annex 2 – Deed of Undertaking, as well include a letter of intent by each subcontractor stating its intention to collaborate with the Tenderer, if the Tenderer is awarded an Agreement.
18.2.1 Joint offers
Any tendering grouping will appoint one legal entity that will represent it and act as its sole spokesperson. This entity will be fully liable and responsible for performance of the Agreement. The Bank will treat all contractual matters (e.g. payment) with this legal entity.
7 In case of discrepancies between the paper version and the electronic version, the former shall prevail.
EIB Information Security classification: CONFIDENTIAL document Page 130 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
All members of the grouping assume joint and several liability towards the Bank for the performance of the Agreement as a whole. Statements saying, for instance:
1. That one of the Tenderers in the joint offer will be responsible for part of the Agreement and another one for the rest, or 2. That more than one Agreement shall be signed if the joint offer is successful are thus incompatible with the principle of joint and several liability. The Bank will disregard any such statement contained in a joint offer, and reserves the right to reject such offers without further evaluation on the grounds that they do not comply with the Terms of Reference.
Joint offers will be assessed as follows:
1. The exclusion criteria will be assessed in relation to each company individually; 2. The selection criteria will be assessed in relation to the tendering group as a whole; 3. The award criteria will be assessed in relation to the tender.
If a Tenderer intends to tender jointly with a partner this shall be indicated in Annex 2 – Deed of Undertaking. The tender shall provide in the same document a clear description of the proposed group organisation and structure, clearly identifying the roles, activities and responsibilities of the partner(s) in the consortium.
The Tenderer shall also provide the Annex 8 – Consortium Member Declaration, completed and signed by each consortium member.
If a Tenderer intends to submit a joint offer, he shall be aware that, if awarded an Agreement, the Bank may require him to give a formal status to the proposed association before the Agreement is signed. This can take the form of:
1. An entity with legal personality recognised by a Member State; or 2. An entity without legal personality but offering sufficient protection of the Bank’s contractual interests (depending on the Member State concerned, this may be, for example, a consortium or a temporary association); or 3. The signature by all the Tenderers in the consortium of a “power of attorney”, which provides for a form of cooperation.
Should the composition of the grouping change at any point during the tendering process, the offer will be rejected. Furthermore, shall the composition of the grouping proposed change any time after the award and signature of the Framework Agreement, the Bank has the right to terminate the Framework Agreement.
18.2.2 Subcontracting
Subcontracting is the situation where a contract has been or is to be established between the Bank and a Tenderer and where the Tenderer, in order to carry out that contract, enters into legal commitments with other legal entities for performing part of the work, service or supply. However, the Bank has no direct legal commitment with the subcontractor(s).
In case of subcontracting, which needs prior approval of the Bank, the Service Providers has the obligation to transpose vis-à-vis the obligation of the contract with the Bank with the subcontractor.
Certain tasks provided for in the scope may be entrusted to subcontractors, but the Service Provider retains full liability towards the Bank for performance of the Agreement as a whole. Accordingly:
1. The Bank will treat all contractual matters (e.g. payment) exclusively with the Tenderer, whether or not the tasks are performed by a subcontractor; 2. Under no circumstances can the Tenderer avoid liability towards the Bank on the grounds that the subcontractor is at fault.
EIB Information Security classification: CONFIDENTIAL document Page 131 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Tenders involving subcontracting will be assessed as follows:
1. The exclusion criteria will be assessed individually in relation to the Tenderer and to each sub- contractor; 2. The selection criteria will be assessed in relation to the Tenderer and possible subcontractors as a whole; 3. The award criteria will be assessed in relation to the tender.
If a Tenderer intends to use subcontracting, it must identify the subcontractors in Annex 2 – Deed of Undertaking. In the same document, the Tenderer shall describe:
1. The reasons why the Tenderer is envisaging subcontracting; 2. Which tasks it intends to subcontract and clearly indicate the roles, activities and responsibilities of the subcontractor(s); 3. Specify the volume or proportion of the activities likely to be subcontracted.
The Tenderer shall provide the Annex 9 – Subcontractor Declaration, completed and signed by each subcontractor.
During execution of the Agreement, the Service Provider will need the Bank’s express authorisation to replace a subcontractor with another and/or to subcontract tasks for which subcontracting was not foreseen in their original tender. In such cases, the new subcontractor(s) proposed by the Service Provider will be subjected to the same exclusion and selection criteria assessment as described above.
18.2.3 Freelancing
Freelancing, drawing on the activities or staff of any other entirely different legal entity than the Service Provider, independently of its exact legal form, the relation to the Service Provider (and independently of the applicable national law), qualifies as subcontracting.
EIB Information Security classification: CONFIDENTIAL document Page 132 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
19 Exclusion criteria and administrative documentation
Exclusion criteria documentation: declaration in Annex 1 to the “General administrative and submission clauses” (Declaration on honour on exclusion criteria and selection criteria and on absence of conflict of interest) duly signed and dated by an authorised representative (sole Tenderer, lead contractor in a consortium, all consortia members, prime contractor in a sub-contracting situation and any subcontractor, as applicable) stating that they are not in one of the situations listed in Annex 1 to the General administrative and submission clauses. The successful Tenderers shall provide the documents mentioned as supporting evidence in this annex before signature of the Contract and within the deadline specified by the Bank.
In the case of joint offers, the exclusion criteria will be assessed in relation to each member of the consortium individually. The Bank may require that the Tenderer replaces a consortium member in respect of which there are grounds for exclusion. Any proposed replacement will be assessed under the same conditions.
In the case of subcontracting, the exclusion criteria will be assessed individually in relation to the Tenderer and to each subcontractor.
Exclusion criteria – documents to be provided:
[1] Pass/Fail rule: Annex 1 - Declaration on honour on exclusion criteria and selection criteria and on absence of conflict of interest, completed and signed by the Tenderer and, if applicable, by each group member (in case of joint tenders) and subcontractor.
The Tenderers must also cover all the administrative requirements of the invitation to tender documents and include all the requested documentation (Annexes 2, 3, 7, 8 and 9 of the “General administrative and submission clauses”). Failure to cover all requirements of the invitation to tender documents and include all documentation will result in elimination.
Administrative requirements – documents to be provided:
[2] Pass/Fail rule: Annex 2 - Deed of undertaking, completed and signed by the Tenderer [3] Pass/Fail rule: Annex 3 - Non-collusion Declaration, completed and signed by the Tenderer [4] Pass/Fail rule: Annex 7 - Candidate Contact Sheet, completed and signed by the Tenderer [5] Pass/Fail rule: Annex 8 - Consortium Member Declaration, completed and signed by the consor- tium member(s) (where applicable) [6] Pass/Fail rule: Annex 9 - Subcontractor Declaration, completed and signed by the subcontractor (where applicable)
The Tenderers shall confirm their compliance with the above requirements by filling in the Appendix 7 - Exclusion and Administrative Questionnaire, in addition to the documents requested herein.
EIB Information Security classification: CONFIDENTIAL document Page 133 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
20 Selection criteria documentation
Tenderers must have the overall capacity (economic and financial, technical and professional) to perform the Services under the Agreement they apply for. If any of the minimum requirements specified in relation to the selection criteria listed in Sections 20.1 “Selection phase: Technical and professional capacity” and 20.2 “Selection phase: Economic and financial capacity” below are not fulfilled, their tenders will not be further evaluated.
In the case of joint tenders, the selection criteria for economic and financial capacity and for technical and professional capacity will be assessed on a consolidated basis, for all the members of the consortium together.
In the case of subcontracting, the selection criteria for economic and financial capacity and technical and professional capacity will be assessed in relation to the combined capacity of the Tenderer and the subcontractor(s).
The Bank will require that the Tenderer replaces the group member or subcontractor which does not meet a relevant selection criterion.
The Tenderers shall confirm their compliance with the requirements stated in this section by filling in the Appendix 8 – Selection and Award Questionnaire, in addition to the documents requested herein.
20.1 Selection phase: Technical and professional capacity
Tenderers must have the technical and professional capacity to provide the required Services. To be selected to proceed to the award phase, Tenderers shall demonstrate that they meet the below requirements as evidenced by the documents listed below in relation to their technical and professional capacity.
20.1.1 Relevant experience
The Tenderer shall possess the necessary and relevant experience8 in providing the services that are the subject of this Call for Tenders.
For each of the lots the Tenderer is applying for, unless otherwise stated below, the Tenderer shall submit in its Tender a minimum of two (2) and a maximum of four (4) references to past assignments fulfilling the following requirements:
[7] Pass/Fail rule: At least one (1) assignment must demonstrate relevant experience in providing Managed Services. This criterion is only applicable for lots 1, 2, 3, 4, 6, 7, 9, and 10.
[8] Pass/Fail rule: At least one (1) assignment must demonstrate relevant experience in providing the services to banking, financial, governmental institutions within Europe and/or EU Institutional context;
[9] Pass/Fail rule: At least one (1) assignment must demonstrate relevant experience within the last 5 years in providing the relevant service domains to be covered for the lot the Tenderer is applying for, in an environment of similar size as the Bank (in terms of number of users and supported applications);
[10] Pass/Fail rule: At least one (1) assignment was carried out within the last two (2) years (including on-going projects) in providing Services for each lot that the Tenderer is applying for.
8 For the purpose of meeting this requirement, experience shall be relevant in relation to the type and nature of services provided under the lot.
EIB Information Security classification: CONFIDENTIAL document Page 134 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Documents to be provided:
Appendix 2 – Technical and Professional Capacity Overview: In order to demonstrate the relevant experience, the Tenderer must provide (for each lot the Tenderer is applying for) from two (2) to maximum of four (4) relevant and verifiable references meeting the criteria of requirements [7], [8], [9] and [10].
One reference can address more than one requirement.
Appendix 8 – Selection and Award Questionnaire: the Tenderer must fill out the worksheet “Selection” (for each lot the Tenderer is applying for).
20.1.2 Human Resources
The Tenderer shall have the necessary resources with the required technical skills to provide the Services.
[11] Pass/Fail rule: For each Lot, the Tenderers must demonstrate that they meet the minimum number of CVs required, as specified in Appendix 3 (Table of Profiles), meeting the technical skills requirements specified in the description of each lot (see Sections 4 – 15), and the level of seniority requirements described in Section 3.
Documents to be provided:
Appendix 3 – Table of Staff Profiles with the following requirements:
The Table of Staff Profiles (all worksheets except Guidance) shall be filled in by the Tenderer. The Table of Staff Profiles (Appendix 3) contains the profiles and the number of minimum required resources per profile for each lot.
This information is requested in order to assess the ability of the Tenderer to provide resources for the Bank but does not guarantee the number of resources that will be required during the implementation of the Agreement.
Appendix 4 – CV template: The CV template shall be filled out by the Tenderer for each proposed resource. The following requirements for CVs shall be taken into consideration:
The CVs must be named (i.e. not anonymous CVs). Named CVs have to be submitted for all staff proposed both in response to the Call for Tenders and during the lifetime of the subsequent Framework Agreements, as well as for any changes in staff. The number of CVs for each profile shall correspond to the minimum required number per profile as indicated in Appendix 3 - Table of Staff Profiles. For FTEs below 1, the minimum number of CVs to be provided by Tenderer is at least 1. Tenderers’ attention is drawn to the fact that the maximum number of CVs per profile that can be included in the proposal is the required minimum plus 2, except for lot 6 where the maximum number of CVs per profile is the required minimum plus 5. Please note that each resource can be assigned for one profile and one level of seniority only.
The templates have to match what has been filled in for Appendix 3, i.e. it must be possible to reconcile the profiles and skills in the staff profiles tables with the content of the actual CVs.
Appendix 8 – Selection and Award Questionnaire: the Tenderer must fill out the worksheet “Selection” (for each lot the Tenderer is applying for).
EIB Information Security classification: CONFIDENTIAL document Page 135 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
20.2 Selection phase: Economic and financial capacity
Tenderers must be in a stable financial position and have the financial capacity to provide the required Services. To be selected to proceed to the award phase, Tenderers must provide the information which meets the minimum requirements listed below in relation to their economic and financial capacity.
[12] Pass/Fail rule: Tenderers are required to demonstrate a total annual turnover for any of the last three financial years for which final audited figures are available, equal or exceeding the following threshold:
Threshold on annual turnover in € Lot 1 10.000.000 Lot 2 4.250.000 Lot 3 2.000.000 Lot 4 5.500.000 Lot 5 5.000.000 Lot 6 14.000.000 Lot 7 2.500.000 Lot 8 9.000.000 Lot 9 2.500.000 Lot 10 9.000.000 Lot 11 1.750.000 Lot 12 7.000.000
Table 42: Tenderer turnover threshold table
In the event that a Tenderer intends to rely on the capacities of other entities (consortium members and/or subcontractors) to fulfil this criterion, the Bank will require the Tenderer and those entities to be jointly liable for the execution of the Agreement and of any Contract. In such cases, the pass/fail rule may be satisfied under a consolidated assessment.
Tenderers may submit proposals for different lots. This implies that if a Tenderer submits offers for more than one lot, the assessment of its turnover will be assessed separately for each lot.
Documents to be provided:
A statement of overall total annual turnover, for the last three financial years available, depending on the date on which the Tenderer was set up or started trading, as far as the information on this turnover is available. This information must be submitted by completing Appendix 1 – Economic and Financial Capacity Overview: - Tenderer shall provide an extract of the concerned legal entities’ approved annual ac- counts demonstrating turnover, as approved by the general assembly of the company and, where applicable, audited and/or published. These documents must be signed by the authorised representative of the Tenderer. The original statement of overall turnover must be approved by an independent source in accordance with the applicable legal pro- visions of the country of the Tenderer (or the group member, or subcontractor as the case may be). - Tenderer shall fill out the Turnover section.
If the turnover is not expressed in EUR in the original statement, the Bank will apply the foreign exchange reference rates published by the European Central Bank on www.ecb.int/stats/exchange/eurofxref/html/index.en.html on the date of the approved annual accounts.
Appendix 8 – Selection and Award Questionnaire: the Tenderer must fill out the worksheet “Turnover” (for each lot the Tenderer is applying for).
EIB Information Security classification: CONFIDENTIAL document Page 136 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
EIB Information Security classification: CONFIDENTIAL document Page 137 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
21 Award criteria documentation
Tenderers must describe how they will perform the Services if awarded the Agreement. Any such description must relate to how things will be done specifically for this Agreement.
In the case of joint offers and subcontracting, the award criteria will be assessed on a consolidated basis, for all the members of the consortium or joint group together.
Please note that the page limits referred to in the following sections are considered a maximum and any illustrations, diagrams, etc. shall be included within these limits.
Free form submissions are documents that will be written by the Tenderer in response to topics for which submissions will be requested in the following sections. For these documents, the maximum number of pages will also be specified. The Tenderer shall follow a naming convention for each freeform document that is submitted of the format: “Appendix Requirement [#]” of which the # corresponds to the requirement number specified in the sections 19 to 21 e.g. “Appendix Requirement [25]”.
21.1 Compliance with mandatory requirements
Before assessing the tenders against the technical and financial award criteria, the Bank will assess if the tenders meet all the mandatory requirements. If a tender does not meet one or more of the stated mandatory requirements, it will be rejected.
The tenders must comply with the following mandatory requirements:
[13] Pass/Fail Rule: The Tenderer must explicitly accept compliance with the SLTs as described in section 16.15.3
Documents to be provided
Appendix 8 – Selection and Award Questionnaire: Tenderers are required to confirm their acceptance of the SLTs described in section 16.16.2 “Service Level Targets (minimum mandatory requirements)” by filling in the respective cells in the Questionnaire (worksheet Compliance). This requirement is a pass/fail type of criterion. Non-acceptance shall lead to the rejection of the tender.
21.2 Technical award criteria {800/1000}
The score for the technical award criteria will be calculated based on the number of marks the tenders receive for the evaluation of the Tenderer submissions received in response to the requests below.
The weighting of each criterion is specified in section 22 “Assessment of the tenders”.
21.2.1.1 Recruitment capabilities and ability to source quality staff in a timely manner
Providing staff to the EIB in Luxembourg for services to be rendered at that location, with adequate profiles and in a timely fashion is critical to the EIB. Amongst other factors, the ability to do this is linked to the size, capabilities and other resources of the team at the Service Provider who will source said staff for the Bank. In this context, the ability to “ramp up” at the required locations and provide certain quantities of staff within given timeframes is highly relevant. Moreover, the ability to provide back-up resources in case of absence in order to ensure guaranteed on-site presence.
For these requirements, the Bank requires the Tenderer to provide a document that will address the following:
EIB Information Security classification: CONFIDENTIAL document Page 138 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
[14] A description of how staff sourcing will be handled for the Agreement, including future additions of staff, including (but not limited to) the topics of:
i. Organisation of the staff sourcing, including proposed staff sourcing team; ii. Sources and channels from which staff candidates will be drawn; iii. How sufficient staffing in Luxembourg as well as Nearshoring within short timeframes will be handled including their placement/relocation; iv. How on-site presence will be guaranteed including back-up resources in case of absence; v. How candidate evaluation for suitability will be handled; vi. Proposed application of good practices such as diversity and social responsibility.
[15] A description of how the Service Provider intends to organise staffing during the execution of an Assignment (outside of the handover period), including but not limited to:
i. Staff planning; ii. Ensuring the presence of the required number of FTEs on a day to day basis (including during holiday periods); iii. Having adequate pool sizes (backup) for sickness and other circumstances causing absence of staff members; iv. Providing additional staff if requested by the EIB; v. A description of an approach on how the staff (working outside normal hours under 24/7 coverage), could contribute in the fulfilling of the normal Business Hours tasks during their idle time.
Documents to be provided:
Appendix Requirement [14] - Tenderers are required to address Requirement [14] in a document of maximum 10 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [15] - Tenderers are required to address Requirement [15] in a document of maximum 10 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.2 Training organisation and development of resources
Training is vital in order to introduce Service Provider staff to the environment of the Bank and in order to ensure staff remains up-to-date in their respective domain of work, and developing additional competencies.
Tenderer must include in their Tender a document that will address the following:
[16] A description of how the Tenderer proposes to train staff on the specific environment at the Bank, including training at the start of an Assignment and training for replacements; [17] A description of how the Tenderer proposes to train staff once working for the EIB, including certifications (which certifications, for which profiles etc.); [18] A description of how the Tenderer proposes to replace the resources that are on training.
Documents to be provided:
Appendix Requirement [16] - Tenderers are required to address Requirement [16] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [17] - Tenderers are required to address Requirement [17] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
EIB Information Security classification: CONFIDENTIAL document Page 139 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Appendix Requirement [18] - Tenderers are required to address Requirement [18] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.3 Measurement of resource performance
Performance of resources is key for the EIB. Therefore, the Bank requires the Tenderer to provide insight in their proposed staff performance measures, including KPIs, for measuring performance and productivity of the evaluation process (e.g. frequency, staff involved in the assessment) and foreseen action plans to remediate underperformance.
Tenderer must include in their Tender a document that will address the following:
[19] :A description of :
i. the proposed performance measures including the KPIs for measuring performance and productivity of the resources under the Agreement; ii. the proposed evaluation process for these performance measures (e.g. frequency, staff involved in the assessment) under the Agreement; iii. the proposed action plans to remediate underperformance under the Agreement.
Documents to be provided:
Appendix Requirement [19] - Tenderers are required to address Requirement [19] in a document of maximum 5 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.4 Key personnel continuity plan
Key personnel business continuity is key factor to ensure the long-term success of the relationship between the Service Provider and the Bank.
Tenderer must include in their Tender a document that will address the following:
[20] A description of the proposed measures for assessing and mitigating the risk of knowledge concentration within key personnel and to ensure proper knowledge transfer of key personnel and reduce the impact in case of unavailability (e.g. sickness, long-term absence) of these resources under the Agreement.
Documents to be provided:
Appendix Requirement [20] - Tenderers are required to address Requirement [20] in a document of maximum 5 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.5 SLA between the Bank and the Service Provider
The Service Provider must meet the SLTs of the SLA under section 16.14. SLAs can only be achieved if activities to manage the achievement of service level targets are properly managed by the Service Provider. The Service Provider must therefore have processes and proper organisation in place to guarantee the achievement of service level targets.
Tenderers must include in their Tender one document per lot that will address the following:
EIB Information Security classification: CONFIDENTIAL document Page 140 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
[21]
i) Proposed approach for managing the SLA and achievement of the SLTs throughout the duration of the Agreement; ii) Proposed approach to measure and report on the status of the SLTs to the Bank including tolling used.
Documents to be provided:
Appendix –Requirement [21] – Tenderers are required to address Requirement [21].Error! Reference source not found. Requirement in a document of maximum 5 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.6 Governance and relationship management
Adequate relationship management will ensure that the needs of the Bank are met and misunderstandings avoided, which is of mutual benefit.
Tenderer must include in their Tender a document that will address the following:
[22] A description of processes the Tenderer proposes to use, including the roles at the Tenderer, for managing the relationship between the Bank and the Tenderer, including but not limited to:
i. Account Governance ii. Risk Management iii. Collaboration with the ecosystem iv. Customer Satisfaction
Regarding Account Governance, a description of how the Tenderer proposes to organise:
Key account management practices; Contract/Agreement management e.g. how the preparation of proposals, between the reception of the request and the submission of your proposal, is internally managed taking into account the relevant mechanism (parallel or cascading mechanism); The account management structure (including reporting lines, roles and responsibilities and follow-up) and governance bodies the Provider proposes to manage the relationship with the Bank; A description of the proposed best practices, standards and relevant frameworks in the domain that the Tenderer will apply in the delivery of the Services; The relationship dashboard to measure the relationship, covering both hard measures (KPIs) and soft measures (sentiment) Issue management.
Regarding Risk Management, a description of the proposed risk management processes in order to capture and manage risks related to the services provided to the Bank.
Regarding Collaboration with the ecosystem, a description of how the Tenderer proposes to collaborate with the other actors in the Bank's ecosystem (e.g. other the Bank vendors and providers).
Regarding Customer Satisfaction, a description of how the Tenderer proposes to capture Bank satisfaction levels and the frequency of this process as well as the tools used; a description of the proposed processes to capture the Bank satisfaction and the ones in place to systematically address points for improvement. The proposed actions taken based upon the outcome of these processes.
Documents to be provided:
EIB Information Security classification: CONFIDENTIAL document Page 141 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Appendix Requirement [22] - Tenderers are required to address Requirement [22] in a document of maximum 20 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.7 Knowledge management and documentation
The Tenderers must include in their Tender a document that will address the following:
[23] For the Knowledge Management:
i. The proposed policies and practices for knowledge management during the handovers at the beginning and end of the Agreement; ii. The proposed policies and practices for knowledge management during the remainder of the Agreement (i.e. outside of the initial and final handover);
[24] For the Documentation: the proposed processes and best practices to ensure adequate documen- tation levels of the Services.
Documents to be provided:
Appendix Requirement [23] - Tenderers are required to address Requirement [23] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [24] - Tenderers are required to address Requirement [24] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.8 Takeover and exit assistance (Handover)
One of the key challenges in the implementation of the Agreement, in case of Continuous Services, is smooth handover from the incumbent service provider(s). Apart from a well organised and executed planning, this also requires well accompanied learning, and other measures required to ensure effectiveness and efficiency do not suffer because of the handover.
Tenderer must include in their Tender a document that will address the following:
[25] A description on how the Tenderer proposes to take over the Continuous Services, taking into account the requirements given in section 16.16 “Takeover and exit assistance (hand-over) activities”.
[26] A description of how the Tenderer proposes to organise staffing during the takeover period, taking into account the requirements of section 16.16 “Takeover and exit assistance (hand-over) activities”, including but not limited to:
i. Staff planning taking into account the provision of staff on the specified milestone dates; ii. Ensuring the presence of the required number of FTEs on a day to day basis (including during holiday periods); iii. Having adequate pool sizes (backup) for sickness and other circumstances causing absence of staff members. .
[27] A description of how the Tenderer proposes to organize the handover to the next provider (i.e. exit services) at the end of the Agreement, including but not limited to:
i. The approach for exit planning under the Agreement; ii. The draft exit plan including frequency of revision.
EIB Information Security classification: CONFIDENTIAL document Page 142 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Documents to be provided:
Appendix Requirement [25] - Tenderers are required to address Requirement [25] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [26] - Tenderers are required to address Requirement [26] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [27] - Tenderers are required to address Requirement [27] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.9 Continuous improvement and innovation
The Tenderer must include in their Tender a document that will address the following:
[28] A description of the proposed methodology and approach for continuous improvement throughout the duration of the Agreement, including but not limited to:
i. The processes that the Tenderer proposes to ensure that the services are monitored for improvement and the actions that are taken are based upon this monitoring; ii. The measures that the Tenderer proposes to ensure continuous improvement of the service delivery and the results the Tenderer intends to achieve.
[29] A description of the proposed processes and organizational structure to capture innovation and to implement innovative elements into the services delivered to the Bank, including but not limited to:
i. New technology to be integrated (both hardware and software) for the improvement of the end user experience, productivity and maintainability; ii. Changes in the support model in order to align on the evolution of the lot related technologies; iii. Automation; iv. Process improvement.
Documents to be provided:
Appendix Requirement [28] - Tenderers are required to address Requirement [28] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [29] - Tenderers are required to address Requirement [29] in a document of maximum 4 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.10 Project methodology
Given the importance of the Services for the Bank, the Bank requires an adequate project methodology on the part of the Tenderer to be used for both Discrete and Continuous Services delivery.
For these requirements, the Bank requires the Tenderer to provide a document that will address the following:
EIB Information Security classification: CONFIDENTIAL document Page 143 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
[30] A description of the Project Management methodologies9 (e.g. Waterfall, agile, Prince 2, PMI, ...) the Tenderer proposes to use across the different service delivery;
[31] A description of the measures the Tenderer proposes to put in place to capture the project outcomes as well as the description of the KPIs in place to measure the outcome of executed projects under the Agreement and the approach proposed to capture lessons learned from previous projects and to incorporate them in future projects under the Agreement;
[32] A description of the approach the Tenderer proposes to use to estimate budget and timing in the context of project execution in the Agreement.
Documents to be provided:
Appendix Requirement [30] – Tenderers are required to address Requirement [30] in a document of maximum 10 pages (no requirements on the format, but the structure provided above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [31] – Tenderers are required to address Requirement [31] in a document of maximum 10 pages (no requirements on the format, but the structure provided above shall be used) with a typeface no smaller than Arial 10 pt.
Appendix Requirement [32] – Tenderers are required to address Requirement [32] in a document of maximum 10 pages (no requirements on the format, but the structure provided above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.11 Managed Services
The Tenderers are required to provide an approach for a Managed Services arrangement, only for the lots for which Nearshoring is envisioned (lots 1, 2, 3, 4, 6 7, 9 and 10).
For these requirements, the Bank requires the Tenderer to provide a document that will address the following:
[33] Provide a description of how the Tenderer sees a potential move to Managed Services and how quality, effectiveness and efficiency will be maintained irrespective of the move to Managed Services. The description shall include but not be limited to the:
i. Proposed organisational and operational model; ii. Description of the transition process from current to Managed Services model; iii. Description of the measures taken to prevent incidents and service degradation due to Partially or Fully Managed Services; iv. Options for roll back if Managed Services fails (i.e. exit strategy).
Documents to be provided:
Appendix Requirement [33] – Tenderers are required to address Requirement [33] in a document of maximum 10 pages (no requirements on the format, but the structure provided above shall be used) with a typeface no smaller than Arial 10 pt.
9The project management methodology used at the Bank is PM², a project management methodology developed and supported by the European Commission.
EIB Information Security classification: CONFIDENTIAL document Page 144 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
21.2.1.12 Nearshoring
The Tenderers are required to provide an approach for a Nearshoring arrangement, only for the lots for which Nearshoring is envisioned, both for Continuous and Discrete Services (lots 1, 2, 3, 4, 6 7, 9 and 10).
For this requirement, the Bank requires the Tenderer to provide a document that will address the following:
[34] Provide a description of how the Tenderer sees a potential move to Nearshoring for both Continuous and Discrete Services and how quality, effectiveness and efficiency will be maintained irrespective of the move to Nearshoring. The description shall include but not be limited to the:
i. Proposed organisational and operational model for Nearshoring; ii. Description of the transition process from current to Nearshoring model; iii. Description of the measures taken to prevent incidents and service degradation due to Nearshoring; iv. Options for roll back if Nearshoring fails (i.e. exit strategy).
Documents to be provided:
Appendix Requirement [34] – Tenderers are required to address Requirement [34] in a document of maximum 10 pages (no requirements on the format, but the structure above shall be used) with a typeface no smaller than Arial 10 pt.
21.2.1.13 Case Studies
To assess the methodology for the execution of Services that may be requested by the Bank, the Tenderers are requested to:
[35] Prepare a proposal in response to hypothetical specific assignments (listed below) for each of the following lots that the Tenderer is applying for:
. Lot 2: i. Appendix 6 – Case Study – Fixed Price
. Lot 3: ii. Appendix 6 - Case Study – Time and Materials
. Lot 4: iii. Appendix 6 - Case Study – BMC Technical Administration iv. Appendix 6 - Case Study – Change Manager v. Appendix 6 - Case Study – Managed Services
. Lot 8: vi. Appendix 6 - Case Study – Fixed Price vii. Appendix 6 - Case Study – Time and Materials
. Lot 9: viii. Appendix 6 - Case Study – Fixed Price
. Lot 10: ix. Appendix 6 - Case Study – Time and Materials x. Appendix 6 - Case Study – Fixed Price
Lot 12: xi. Appendix 6 - Case Study – Time and Materials
EIB Information Security classification: CONFIDENTIAL document Page 145 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
xii. Appendix 6 - Case Study – Fixed Price
The responses to the case studies have to comply with the procedures set out in these Terms of Reference and shall include the proposed approach for the specific case study.
Please note that these case studies are based on fictive examples and are intended only for the purpose of evaluation of the offers. These case studies do not prejudge in any way the form, content or value of any future Assignment Terms of reference or specific contract.
Documents to be provided:
Appendix Requirement [35] – Tenderers are required to address Requirement [35] in a document of maximum 15 pages with a typeface no smaller than Arial 10 pt.
21.3 Financial award criteria {200/1000}
Tenderers are reminded that all rates and prices proposed must be firm, non-revisable, quoted in Euros and exclusive of VAT. Pursuant to Article 21 of the Protocol on the Privileges and Immunities of the European Communities10, the EIB is exempt from all taxes and duties, in particular value added tax; such charges therefore may not be taken into account in the calculation of the prices tendered.
The score attained for the financial award criteria score will be calculated on the basis of the total financial value of the Tenderer’s offer for the total possible duration of the Agreement (for 4 years), including Continuous and Discrete services, based on the sub-criteria described below.
The weighting of each criterion is specified in section 22 “Assessment of the tenders”.
21.3.1.1 Total value of On-Site Continuous and Discrete Services (based on proposed daily rates)
[36] The costs for each staff profile shall be quoted as the daily rate for Continuous Services and Dis- crete Services on normal working days (the daily rate is to be understood as compensation for 8 hours worked in a working day) on the Bank’s Premises.
The estimated weighting, as reflected in the Appendix 5 Form, is only as a reflection of the EIB’s projected needs for the different profiles, based on past experience. The Bank does not commit to ordering Services according to these volumes; these are purely for evaluation purposes, shall not be binding on the Bank, and rates submitted by the Service Providers shall be cognisant of these conditions.
All rates offered shall include all expenses, unless stated otherwise in this document: the Bank will not reimburse travel, accommodation, meals or sundry expenses. The daily rate for all Services quoted by the Service Provider will cover such expenses.
It should be noted that the offered unit prices (e.g. hourly rates, daily rates, monthly fees, etc.) shall be fixed as legally binding maximum prices valid for the whole duration of the Agreement.
Documents to be provided:
Appendix 5 – Financial Response Form – Tenderers are required to address Requirement [36] in the response form.
10 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:C:2012:326:FULL&from=EN
EIB Information Security classification: CONFIDENTIAL document Page 146 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
21.3.1.2 Total value of Nearshoring Continuous Services (based on proposed daily rates)
[37] Tenderers are required to provide the cost of each staff profile using the table provided in the Appendix 5 – Financial Response Form.
The tender must include a completed version of this table for each lot being tendered.
The costs shall be quoted as the daily rate for Continuous Services and Discrete Services on normal business days (the daily rate is to be understood as compensation for 8 hours worked in a working day).
The estimated weighting, as reflected in the Appendix 5 Form, is only a reflection of the EIB’s projected needs for the different profiles, based on past experience. The Bank does not commit to ordering Services according to these volumes; these are purely for evaluation purposes, shall not be binding on the Bank, and rates submitted by the Service Providers shall be cognisant of these conditions.
All rates offered shall include all expenses, unless stated otherwise in this document: the Bank will not reimburse travel, accommodation, meals or sundry expenses. The daily rate for all Services quoted by the Service Provider will cover such expenses.
It should be noted that the offered unit prices (e.g. hourly rates, daily rates, monthly fees, etc.) shall be legally binding maximum prices valid for the whole duration of the Agreement.
Documents to be provided:
Appendix 5 – Financial Response Form – Tenderers are required to address Requirement [37] in the response form.
21.3.1.3 Total value of On-Call support Services (based on weekly fee)
[38] Tenderers are required to quote a weekly fee for the operation of an On-call assistance rate as described in Section 16.7 “On-Call assignments”.
All rates offered should include all expenses as these will not be reimbursed separately by the Bank. All prices must be firm and non-revisable for the entire duration of the Agreement, quoted in Euros and exclusive of VAT.
Documents to be provided:
Appendix 5 – Financial Response Form – Tenderers are required to address Requirement [38] by filling in Appendix 5 - Financial Response Form.
EIB Information Security classification: CONFIDENTIAL document Page 147 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
22 Assessment of the tenders
Tender assessment will be conducted in accordance with the criteria set out in this Call for Tenders. The tenders will be assessed by an Evaluation Committee working under conditions of confidentiality. The identity of the members of the Evaluation Committee will not be disclosed.
Tenders submitted will be assessed according to the following stages and criteria. Exclusion phase: Tenderers to whom the exclusion criteria apply and/or who fail to meet the admin- istrative requirements will be excluded from further participation in the tender assessment. Selection phase: Tenderers who provide the documents requested under Section 20 will be selected to proceed to the award phase, on condition that they meet the selection criteria indicated in section 20. Award phase: the selected tenders will be first assessed for compliance with the mandatory require- ments and then assessed and ranked using the award criteria in Section 21.
Multiple Framework Agreements will be awarded to the most economically advantageous tender as determined by the Technical and Financial Award Criteria in Sections 21.2 and 21.3.
The most economically advantageous tender will be identified in the following way:
1. The tenders will be first evaluated and scored on the basis of the Technical Award Criteria.
In order to guarantee a minimum level of quality, tenders have to meet the minimum required scores listed below in order to remain eligible for further evaluation on the basis of the financial criteria. Tenders not reaching the thresholds specified below will not be evaluated further:
at least 60% (480 of 800) of the total technical score for the lot and at least 50% of the maximum score for each technical sub-criterion
2. The remaining eligible tenders that have reached the aforementioned thresholds will be evaluated on the basis of the Financial Award Criteria.
The offer found to be the cheapest will receive the maximum number of points for the Financial Award Criteria (i.e. 200). The remaining offers will receive a score according to the formula below: Fs = W x Fm / F, in which Fs - financial score for the offer under consideration, W - weighting of the financial award criteria (i.e. 200), Fm – cheapest financial offer, and F - financial offer under consideration.
22.1 Award Criteria for lots 5 and 11
22.1.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
EIB Information Security classification: CONFIDENTIAL document Page 148 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum score required score 21.2.1.1 Recruitment capabilities and ability to 122 61 source quality staff in a timely manner Assessed based on the response to require- 61 30,5 ment [14] Assessed based on the response to require- 61 30,5 ment [15] 21.2.1.2 Training organisation and development 44 22 of resources Assessed based on the response to require- 15 7,5 ment [16] Assessed based on the response to require- 15 7,5 ment [17] Assessed based on the response to require- 14 7 ment [18] 21.2.1.3 Measurement of resource performance 44 22 Assessed based on the response to require- 44 22 ment [19] 21.2.1.4 Key personnel continuity plan 61 30,5 Assessed based on the response to require- 61 30,5 ment [20] 21.2.1.5 SLA between the Bank and the Service 72 36 Provider Assessed based on the response to require- 72 36 ment [21] 21.2.1.6 Governance and Relationship Manage- 156 78 ment Assessed based on the response to require- 156 78 ment [22] 21.2.1.7 Knowledge management and documen- 67 33,5 tation Assessed based on the response to require- 45 22,5 ment [23] Assessed based on the response to require- 22 11 ment [24] 21.2.1.8 Takeover and Exit assistance (Handover) 67 33,5 Assessed based on the response to require- 24 12 ment [25] Assessed based on the response to require- 24 12 ment [26] Assessed based on the response to require- 19 9,5 ment [27] 21.2.1.9 Continuous improvement and innovation 67 33,5 Assessed based on the response to require- 33 16,5 ment [28] Assessed based on the response to re- 34 17 quirement [29] 21.2.1.10 Project methodology 100 50 Assessed based on the response to require- 58 29 ment [30] Assessed based on the response to require- 21 10,5 ment [31] Assessed based on the response to require- 21 10,5 ment [32] Total 800 480
EIB Information Security classification: CONFIDENTIAL document Page 149 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
22.1.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Con- tinuous and Discrete Ser- vices (based on proposed daily rates) Assessed based on the re- sponse to requirement [36] Total financial value of the Tenderer’s offer 200
22.1.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for: lot 5 in a cascading mechanism for all Services lot 11 in a parallel mechanism for all Services
22.2 Award Criteria for lots 8 and 12
22.2.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.1. Recruitment capabilities and ability to 108 54 source quality staff in a timely manner Assessed based on the response to require- 54 27 ment [14] Assessed based on the response to require- 54 27 ment [15] 21.2.1.2 Training organisation and development 39 19,5 of resources Assessed based on the response to require- 13 6,5 ment [16] Assessed based on the response to require- 13 6,5 ment [17] Assessed based on the response to require- 13 6,5 ment [18] 21.2.1.3 Measurement of resource performance 39 19,5 Assessed based on the response to require- 39 19,5 ment [19] 21.2.1.4 Key personnel continuity plan 54 27 Assessed based on the response to require- 54 27 ment [20] 21.2.1.5 SLA between the Bank and the Service 62 31 Provider
EIB Information Security classification: CONFIDENTIAL document Page 150 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score Assessed based on the response to require- 62 31 ment [21] 21.2.1.6 Governance and Relationship Manage- 136 88 ment Assessed based on the response to require- 136 88 ment [22] 21.2.1.7 Knowledge management and documen- 59 29,5 tation Assessed based on the response to require- 39 19,5 ment [23] Assessed based on the response to require- 20 10 ment [24] 21.2.1.8 Takeover and Exit assistance (Handover) 59 29,5 Assessed based on the response to 21 10,5 requirement [25] Assessed based on the response to require- 21 10,5 ment [26] Assessed based on the response to require- 17 8,5 ment [27] 21.2.1.9 Continuous improvement and innovation 59 29,5 Assessed based on the response to require- 29 14,5 ment [28] Assessed based on the response to re- 30 15 quirement [29] 21.2.1.10 Project methodology 88 24 Assessed based on the response to require- 52 26 ment [30] Assessed based on the response to require- 18 9 ment [31] Assessed based on the response to require- 18 9 ment [32] 21.2.1.13 Case Studies 97 48,5 Assessed based on the response to require- 97 48,5 ment [33] Total for lots 8 800 480 and 12
22.2.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Con- tinuous and Discrete Ser- vices (based on proposed daily rates) Assessed based on the re- sponse to requirement [36] Total financial value of the Tenderer’s offer 200
22.2.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for:
EIB Information Security classification: CONFIDENTIAL document Page 151 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
lot 8 in a parallel mechanism for all Services; lot 12 in a cascading mechanism for all Services.
22.3 Award Criteria for lot 6
22.3.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.1 Recruitment capabilities and ability to 100 50 source quality staff in a timely manner Assessed based on the response to require- 50 25 ment [14] Assessed based on the response to require- 50 25 ment [15] 21.2.1.2 Training organisation and development 36 18 of resources Assessed based on the response to require- 12 6 ment [16] Assessed based on the response to require- 12 6 ment [17] Assessed based on the response to require- 12 6 ment [18] 21.2.1.3 Measurement of resource performance 36 18 Assessed based on the response to require- 36 18 ment [19] 21.2.1.4 Key personnel continuity plan 50 25 Assessed based on the response to require- 50 25 ment [20] 21.2.1.5 SLA between the Bank and the Service 59 29,5 Provider Assessed based on the response to require- 59 29,5 ment [21] 21.2.1.6 Governance and Relationship Manage- 126 63 ment Assessed based on the response to require- 126 63 ment [22] 21.2.1.7 Knowledge management and documen- 55 27,5 tation Assessed based on the response to require- 37 18,5 ment [23] Assessed based on the response to require- 18 9 ment [24] 21.2.1.8 Takeover and Exit assistance (Handover) 55 27,5 Assessed based on the response to require- 20 10 ment [25] Assessed based on the response to require- 20 10 ment [26] Assessed based on the response to require- 15 7,5 ment [27]
EIB Information Security classification: CONFIDENTIAL document Page 152 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.9 Continuous improvement and innovation 55 27,5 Assessed based on the response to require- 27 13,5 ment [28] Assessed based on the response to re- 28 14 quirement [29] 21.2.1.10 Project methodology 82 41 Assessed based on the response to require- 48 24 ment [30] Assessed based on the response to require- 17 8,5 ment [31] Assessed based on the response to require- 17 8,5 ment [32] 21.2.1.11 Managed Services 73 36,5 Assessed based on the response to require- 73 36,5 ment [33] 21.2.1.12 Nearshoring 73 36,5 Assessed based on the response to require- 73 36,5 ment [34] Total for lot 6 800 480 and 11
22.3.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Contin- uous and Discrete Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [37] 21.3.1.2 Total value of Nearshore Con- tinuous Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [38] Total financial value of the Tenderer’s offer (21.3.1.1 + 200 21.3.1.2)
22.3.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for lot 6 in a cascade mechanism for all Services.
22.4 Award Criteria for lots 1 and 7
22.4.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of
EIB Information Security classification: CONFIDENTIAL document Page 153 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.1 Recruitment capabilities and ability to 100 50 source quality staff in a timely manner Assessed based on the response to require- 50 25 ment [14] Assessed based on the response to require- 50 25 ment [15] 21.2.1.2 Training organisation and development 36 18 of resources Assessed based on the response to require- 12 6 ment [16] Assessed based on the response to require- 12 6 ment [17] Assessed based on the response to require- 12 6 ment [18] 21.2.1.3 Measurement of resource performance 36 18 Assessed based on the response to require- 36 18 ment [19] 21.2.1.4 Retention of key personnel 50 25 Assessed based on the response to require- 50 25 ment [20] 21.2.1.5 SLA between the Bank and the Service 59 29,5 Provider Assessed based on the response to require- 59 29,5 ment [21] 21.2.1.6 Governance and Relationship Manage- 126 82 ment Assessed based on the response to require- 126 82 ment [22] 21.2.1.7 Knowledge management and documenta- 55 27,5 tion Assessed based on the response to require- 37 18,5 ment [23] Assessed based on the response to require- 18 9 ment [24] 21.2.1.8 Takeover and Exit assistance (Handover) 55 27,5 Assessed based on the response to require- 20 10 ment [25] Assessed based on the response to require- 20 10 ment [26] Assessed based on the response to require- 15 7,5 ment [27] 21.2.1.9 Continuous improvement and innovation 55 27,5 Assessed based on the response to require- 27 13,5 ment [28] Assessed based on the response to require- 28 14 ment [29] 21.2.1.10 Project methodology 82 41 Assessed based on the response to require- 48 24 ment [30] Assessed based on the response to require- 17 8,5 ment [31] Assessed based on the response to require- 17 8,5 ment [32]
EIB Information Security classification: CONFIDENTIAL document Page 154 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.11 Managed Services 73 36,5 Assessed based on the response to require- 73 36,5 ment [33] 21.2.1.12 Nearshoring 73 36,5 Assessed based on the response to require- 73 36,5 ment [34] Total for lots 1 800 480 and 7
22.4.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Con- tinuous and Discrete Ser- vices (based on proposed daily rates) Assessed based on the re- sponse to requirement [36] 21.3.1.2 Total value of Nearshore Continuous Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [37] 21.3.1.3 Total value of On-call Sup- port Services Assessed based on the re- sponse to requirement [38] Total financial value of the Tenderer’s offer (21.3.1.1 + 200 21.3.1.2 + 21.3.1.3)
22.4.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for: lot 1 in a parallel mechanism for all Services; lot 7 in a cascade mechanism for all Services
22.5 Award Criteria for lot 10
22.5.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.1 Recruitment capabilities and ability to 90 45 source quality staff in a timely manner
EIB Information Security classification: CONFIDENTIAL document Page 155 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score Assessed based on the response to re- 45 22,5 quirement [14] Assessed based on the response to re- 45 22,5 quirement [15] 21.2.1.2 Training organisation and development 33 16,5 of resources Assessed based on the response to re- 11 5,5 quirement [16] Assessed based on the response to re- 11 5,5 quirement [17] Assessed based on the response to re- 11 5,5 quirement [18] 21.2.1.3 Measurement of resource performance 33 16,5 Assessed based on the response to re- 33 16,5 quirement [19] 21.2.1.4 Key personnel continuity plan 45 22,5 Assessed based on the response to re- 45 22,5 quirement [20] 21.2.1.5 SLA between the Bank and the Service 53 26,5 Provider Assessed based on the response to re- 53 26,5 quirement [21] 21.2.1.6 Governance and Relationship Manage- 114 57 ment Assessed based on the response to re- 114 57 quirement [22] 21.2.1.7 Knowledge management and docu- 49 24,5 mentation Assessed based on the response to re- 33 16,5 quirement [23] Assessed based on the response to re- 16 8 quirement [24] 21.2.1.8 Takeover and Exit assistance (Hando- 49 24,5 ver) Assessed based on the response to re- 18 9 quirement [25] Assessed based on the response to re- 18 9 quirement [26] Assessed based on the response to re- 13 6,5 quirement [27] 21.2.1.9 Continuous improvement and innova- 49 24,5 tion Assessed based on the response to re- 24 12 quirement [28] Assessed based on the response to re- 25 12,5 quirement [29] 21.2.1.10 Project methodology 73 36,5 Assessed based on the response to re- 43 12,5 quirement [30] Assessed based on the response to re- 15 7,5 quirement [31] Assessed based on the response to re- 15 7,5 quirement [32] 21.2.1.11 Managed Services 65 32,5 Assessed based on the response to re- 65 32,5 quirement
EIB Information Security classification: CONFIDENTIAL document Page 156 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.12 Nearshoring 65 32,5 Assessed based on the response to re- 65 32,5 quirement [33] 21.2.1.13 Case Studies 82 41 Assessed based on the response to re- 82 41 quirement [34] Total for lot 10 800 480
22.5.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Contin- uous and Discrete Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [36] 21.3.1.2 Total value of Nearshore Con- tinuous Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [37] Total financial value of the Tenderer’s offer (21.3.1.1 + 200 21.3.1.2)
22.5.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for lot 10 in a cascade mechanism for all Services.
22.6 Award Criteria for lots 2, 3, 4 and 9
22.6.1 Technical Award Criteria {800}
For each of the technical award criteria the Evaluation Committee will assess the quality of the Ten- derer’s offer in terms of levels of their compliance with the Bank’s specifications and requirements of this Terms of Reference in general and the technical award criteria in particular. The score per criterion will be calculated as the sum of the points obtained for each sub-criterion.
Reference Technical award criteria Maximum Minimum re- score quired score 21.2.1.1 Recruitment capabilities and ability to 90 45 source quality staff in a timely manner Assessed based on the response to require- 45 22,5 ment [14] Assessed based on the response to require- 45 22,5 ment [15] 21.2.1.2 Training organisation and development 33 16,5 of resources
EIB Information Security classification: CONFIDENTIAL document Page 157 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Reference Technical award criteria Maximum Minimum re- score quired score Assessed based on the response to require- 11 5,5 ment [16] Assessed based on the response to require- 11 5,5 ment [17] Assessed based on the response to require- 11 5,5 ment [18] 21.2.1.3 Measurement of resource performance 33 16,5 Assessed based on the response to require- 33 16,5 ment [19] 21.2.1.4 Key personnel continuity plan 45 22,5 Assessed based on the response to require- 45 22,5 ment [20] 21.2.1.5 SLA between the Bank and the Service 53 26,5 Provider Assessed based on the response to require- 53 26,5 ment [21] 21.2.1.6 Governance and Relationship Manage- 114 57 ment Assessed based on the response to require- 114 57 ment [22] 21.2.1.7 Knowledge management and documenta- 49 24,5 tion Assessed based on the response to require- 33 16,5 ment [23] Assessed based on the response to require- 16 8 ment [24] 21.2.1.8 Takeover and Exit assistance (Handover) 49 24,5 Assessed based on the response to require- 18 9 ment [25] Assessed based on the response to require- 18 9 ment [26] Assessed based on the response to require- 13 6,5 ment [27] 21.2.1.9 Continuous improvement and innovation 49 24,5 Assessed based on the response to require- 24 12 ment [28] Assessed based on the response to re- 25 12,5 quirement [29] 21.2.1.10 Project methodology 73 36,5 Assessed based on the response to require- 43 21,5 ment [30] Assessed based on the response to require- 15 7,5 ment [31] Assessed based on the response to require- 15 7,5 ment [32] 21.2.1.11 Managed Services 65 32,5 Assessed based on the response to require- 65 32,5 ment [33] 21.2.1.12 Nearshoring 65 32,5 Assessed based on the response to require- 65 32,5 ment [34] 21.2.1.13 Case Studies 82 41 Assessed based on the response to require- 82 41 ment [35] Total for lots 2, 3, 800 480 4 and 9
EIB Information Security classification: CONFIDENTIAL document Page 158 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
22.6.2 Financial Award Criteria {200}
Reference Financial award criteria Maximum score 21.3.1.1 Total value of On-Site Con- tinuous and Discrete Ser- vices (based on proposed daily rates) Assessed based on the re- sponse to requirement [36] 21.3.1.2 Total value of Nearshore Continuous Services (based on proposed daily rates) Assessed based on the re- sponse to requirement [37] 21.3.1.3 Total value of On-call Sup- port Services Assessed based on the re- sponse to requirement [38] Total financial value of the Tenderer’s offer (21.3.1.1 + 200 21.3.1.2 + 21.3.1.3)
22.6.3 Final score
The final score will be calculated as the sum of the technical score and the financial score. Tenderers will be ranked according to this final score, from highest to lowest score, and the Framework Agreement will be awarded to the maximum five tenders having obtained the highest final score for: lot 2 in a cascade mechanism for all Services lot 3 in a cascade mechanism for all Services lot 4 in a cascade mechanism for all Services lot 9 in a cascade mechanism for all Services
EIB Information Security classification: CONFIDENTIAL document Page 159 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
23 Tender documents checklist (for reference only)
Form / template Document Tenderer’s required response to this Call for Tenders Exclusion phase and eligibility documentation Annex 1 Declaration on honour on the exclusion and Completed and signed by selection criteria the sole Tenderer; or the lead contractor and by each member in case of a consortium; or the prime contractor in a sub- contracting situation and by each subcontractor Annex 2 Deed of undertaking Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Annex 3 Non-collusion Declaration Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Annex 4 Terms of Reference (this document) No response required Annex 5 Model Framework Agreement No response required Annex 6 General Terms and Conditions for Framework No response required Agreements for the provision of services to the European Investment Bank Annex 7 Candidate Contact Sheet Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Annex 8 Consortium Member Declaration Completed and signed by each respective consortium member in the case that tasks will be subcontracted Annex 9 Subcontractor Declaration Completed and signed by each respective subcontractor in the case that tasks will be subcontracted Selection phase documentation: Economic and financial capacity Appendix 1 Economic and financial capacity overview Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Attachment to Extract of the concerned legal entities’ approved To be provided for Appendix 1 annual accounts for the last 3 financial years the sole Tenderer; or (no template) the lead contractor and by each member in case of a consortium, or prime contractor in a sub-contracting situation and for the sub- contractor(s) on whom the prime contractor relies to fulfil the minimum turnover requirement No template Written undertaking on reliance on other entities Completed by other entities, concerning economic and financial capacity (if such as subcontractors etc. applicable) Selection phase documentation: Technical and professional capacity Appendix 2 Technical and professional capacity overview Completed and signed by
EIB Information Security classification: CONFIDENTIAL document Page 160 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Form / template Document Tenderer’s required response to this Call for Tenders the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Appendix 3 Table of staff profiles Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Appendix 4 CV Template Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Appendix 6 Hypothetic AToR Please see Section 21.2.1.13 Case Studies Appendix 7 Exclusion and Administrative Questionnaire Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Appendix 8 Selection and Award Questionnaire Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation No template Written undertaking on reliance on other entities Completed by other entities, concerning technical and professional capacity such as subcontractors etc. (if applicable) Award phase documentation: Technical award criteria Appendix 8 Selection and Award Questionnaire Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Appendix Appendices named according to the Completed and signed by Requirement [#] requirement number for all cases where this is the sole Tenderer; or asked for in the award criteria section. the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Award phase documentation: Financial award criteria Appendix 5 Financial Response Form Completed and signed by the sole Tenderer; or the lead contractor in a consortium; or the prime contractor in a sub- contracting situation Other Appendix 9 Customer Satisfaction Survey No response required
EIB Information Security classification: CONFIDENTIAL document Page 161 of 162 EIB Call for Tenders CFT-1561
Provision of external staff and services for maintenance, support, development and implementation of packages and specific Annex 4. information systems at the EIB Group Terms of Reference
Appendices to this Terms of Reference (Annex 4)
Appendix 1 Economic and Financial Capacity Overview Form Appendix 2 Technical and Professional Capacity Overview form Appendix 3 Table of Staff profiles Appendix 4 CV Template Appendix 5 Financial Response Form Appendix 6 Hypothetical AToRs Appendix 7 Exclusion and Eligibility Questionnaire Appendix 8 Selection and Award Questionnaire Appendix 9 Customer Satisfaction Survey
EIB Information Security classification: CONFIDENTIAL document Page 162 of 162