RFP Website maintenance and hosting

Closing Date: July 18, 2024

Estimated Award Date: August 7, 2024

https://www.pactworld.org/sites/default/files/2024-06/RFP_Website%20services.pdf

I. BACKGROUND

Pact is an international NGO that works in nearly 40 countries building solutions for human

development that are evidence-based, data-driven and owned by the communities we serve.

Founded in 1971, Pact works with partners to build resilience, improve accountability, and

strengthen knowledge and skills for sustainable social impact.

Pact’s corporate website, www.pactworld.org, is a vital tool for sharing information about Pact,

our expertise and our impact among target audiences, as well as attracting new talent to the

organization. For many, the website is the first experience and interaction with the organization.

Pact seeks a vendor to host and maintain Pact’s corporate website. We require a vendor that has

significant digital capabilities and experience managing website projects that use best practices

regarding website design, UX and usability testing, information architecture, content strategy,

search engine optimization, website development and deployment, website and web server

security, and website hosting.

II. SCOPE OF WORK

A. Place of Performance

All services required under this solicitation will be provided for a 5-year period.

C. Scope of Work

Website Hosting

Version 2

Owner: Grants & Contracts

Host Pact’s corporate website, www.pactworld.org. Website hosting must be isolated

from any other websites or applications not related to the website. Pact’s current website

host is Pantheon, and we prefer a cloud host to comply with our environmental

sustainability commitments.

• Pact should be allowed to choose the geographical location of the datacenter.

• Designated Pact staff should have full access permissions to the hosting

environment.

• The hosting environment must have monitoring and threat protection systems in

place to monitor for unusual activity and activity patterns and prevent

unauthorized access attempts.

• The website should only be accessible through HTTPS connection using an auto renewing SSL (TLS) certificate. The certificate must be maintained by the

Vendor.

Website Maintenance

Provide ongoing website maintenance, including:

• Regular updates of the server and the website software as verified updates and

security patches become available.

o Upgrades must be deployed to Vendor’s test servers and tested prior to

production release.

• Ongoing performance and security monitoring.

o Upon discovery of any performance and/or security issue, notifications

must be sent to Client. Performance and security issues are treated as

high priority/urgent, and Client is immediately notified by email.

• Routine maintenance of the server and application software, licensing, including

third-party integrations such as Single Sign-On, ADP, Google Tag Manager and

Analytics, and other third-party systems as applicable to ensure website’s optimal

and secure performance.

• Daily backups.

• Maintenance of WCAG 2.2 AA web accessibility scores in the 90+/100 range

across the site. As WCAG standards are updated, our website must also update to

maintain 90+/100 scores at the AA level.

Tasks related to website hosting and system administration and maintenance will not

require the use of support hours, delineated below.

User Support

Provide ongoing website user support, including but not limited to:

• Requests to modify or update content, imagery and templates.

• Password reset assistance.

A minimum of 50% of remaining user support hours at the end of the month should roll

over to the next month.

General Requirements

Vendor should specify regular support hours Monday to Friday, excluding holidays. User

support requests of a non-emergency nature can be submitted 24/7. During weekdays,

Vendor will respond within 24 hours of receiving a service request, with an estimate of

when the request can be completed.

Vendor will monitor and respond to emergency issues with Client website 24/7, Monday

to Friday, and all-day Saturday, Sunday and holidays. During emergency support hours,

Vendor will respond within 2 hours of receiving a request, with an estimate of when the

issue can be completed.

Vendor should provide a Service Level Agreement that specifies quality of service,

availability of the website and responsibilities.

Website hosting, maintenance and support should be performed according to a Pactapproved plan developed by the Vendor. The plan should include information about the

support team, maintenance, and security procedures (for example: backup schedule and

retention, update schedule, security services information, references to incident response

and recovery protocols), security measures, response and issue resolution time,

scheduled reviews of website access permissions, and other logs with the responsible

Pact staff.

Vendor should have incident response protocol and other information security policies

and procedures in place and should be willing to adjust its practices according to Pact’s

requirements if needed.

Security incident disclosure: Vendor will notify Client with undue delay after becoming

aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure

of, or access to, any Client data (a “security incident”). Vendor will make reasonable

efforts to identify and remediate the cause of such breach, including steps to mitigate the

effects and to minimize any damage resulting from the security incident.

Vendor must submit a monthly report outlining activities performed, hours used, and

overall website performance metrics.

D. Deliverables

The vendor will deliver a functional, accessible, and secure website that incorporates

SEO and other website best practices to improve site and content visibility.