Closing Date: July 18, 2024
Estimated Award Date: August 7, 2024
https://www.pactworld.org/sites/default/files/2024-06/RFP_Website%20services.pdf
I. BACKGROUND
Pact is an international NGO that works in nearly 40 countries building solutions for human
development that are evidence-based, data-driven and owned by the communities we serve.
Founded in 1971, Pact works with partners to build resilience, improve accountability, and
strengthen knowledge and skills for sustainable social impact.
Pact’s corporate website, www.pactworld.org, is a vital tool for sharing information about Pact,
our expertise and our impact among target audiences, as well as attracting new talent to the
organization. For many, the website is the first experience and interaction with the organization.
Pact seeks a vendor to host and maintain Pact’s corporate website. We require a vendor that has
significant digital capabilities and experience managing website projects that use best practices
regarding website design, UX and usability testing, information architecture, content strategy,
search engine optimization, website development and deployment, website and web server
security, and website hosting.
II. SCOPE OF WORK
A. Place of Performance
All services required under this solicitation will be provided for a 5-year period.
C. Scope of Work
Website Hosting
Version 2
Owner: Grants & Contracts
Host Pact’s corporate website, www.pactworld.org. Website hosting must be isolated
from any other websites or applications not related to the website. Pact’s current website
host is Pantheon, and we prefer a cloud host to comply with our environmental
sustainability commitments.
• Pact should be allowed to choose the geographical location of the datacenter.
• Designated Pact staff should have full access permissions to the hosting
environment.
• The hosting environment must have monitoring and threat protection systems in
place to monitor for unusual activity and activity patterns and prevent
unauthorized access attempts.
• The website should only be accessible through HTTPS connection using an auto renewing SSL (TLS) certificate. The certificate must be maintained by the
Vendor.
Website Maintenance
Provide ongoing website maintenance, including:
• Regular updates of the server and the website software as verified updates and
security patches become available.
o Upgrades must be deployed to Vendor’s test servers and tested prior to
production release.
• Ongoing performance and security monitoring.
o Upon discovery of any performance and/or security issue, notifications
must be sent to Client. Performance and security issues are treated as
high priority/urgent, and Client is immediately notified by email.
• Routine maintenance of the server and application software, licensing, including
third-party integrations such as Single Sign-On, ADP, Google Tag Manager and
Analytics, and other third-party systems as applicable to ensure website’s optimal
and secure performance.
• Daily backups.
• Maintenance of WCAG 2.2 AA web accessibility scores in the 90+/100 range
across the site. As WCAG standards are updated, our website must also update to
maintain 90+/100 scores at the AA level.
Tasks related to website hosting and system administration and maintenance will not
require the use of support hours, delineated below.
User Support
Provide ongoing website user support, including but not limited to:
• Requests to modify or update content, imagery and templates.
• Password reset assistance.
A minimum of 50% of remaining user support hours at the end of the month should roll
over to the next month.
General Requirements
Vendor should specify regular support hours Monday to Friday, excluding holidays. User
support requests of a non-emergency nature can be submitted 24/7. During weekdays,
Vendor will respond within 24 hours of receiving a service request, with an estimate of
when the request can be completed.
Vendor will monitor and respond to emergency issues with Client website 24/7, Monday
to Friday, and all-day Saturday, Sunday and holidays. During emergency support hours,
Vendor will respond within 2 hours of receiving a request, with an estimate of when the
issue can be completed.
Vendor should provide a Service Level Agreement that specifies quality of service,
availability of the website and responsibilities.
Website hosting, maintenance and support should be performed according to a Pactapproved plan developed by the Vendor. The plan should include information about the
support team, maintenance, and security procedures (for example: backup schedule and
retention, update schedule, security services information, references to incident response
and recovery protocols), security measures, response and issue resolution time,
scheduled reviews of website access permissions, and other logs with the responsible
Pact staff.
Vendor should have incident response protocol and other information security policies
and procedures in place and should be willing to adjust its practices according to Pact’s
requirements if needed.
Security incident disclosure: Vendor will notify Client with undue delay after becoming
aware of any accidental or unlawful destruction, loss, alteration, unauthorized disclosure
of, or access to, any Client data (a “security incident”). Vendor will make reasonable
efforts to identify and remediate the cause of such breach, including steps to mitigate the
effects and to minimize any damage resulting from the security incident.
Vendor must submit a monthly report outlining activities performed, hours used, and
overall website performance metrics.
D. Deliverables
The vendor will deliver a functional, accessible, and secure website that incorporates
SEO and other website best practices to improve site and content visibility.