RFP for Development and implementation of the Case Management System for General Jurisdiction Prosecution Office in Albania

New clarification added: Dear Bidder,Please find the clarifications below:1: Is it strict to deploy the whole solution on-premises? Or can we use a hybrid solution where the processing and integration software is moved to the cloud, while all data, documents, evidence, or other sensitive information is kept secure on-premises?  Please refer to BRD 8.1 Hardware Requirements: The CMS will be hosted on premises as per the GPO’s explicit request, no public cloud solutions are allowed.2: To proceed with the system design and ensure proper access control implementation, detailed information regarding user roles is required. Specifically, it is necessary to define and describe all roles within the system, including their responsibilities, permissions, and scope of access. This should cover different levels of access (e.g., read, write, edit, approve, administrative rights) as well as access boundaries across modules, data types, and case-related information. Please refer to BRD and 3.3 User Profiles Specification and Appendix D: User Role Access Table3: Please share the list of integrations. For each integration mentioned (courts, police, NAIS, etc.), please clarify.Please refer to BRD 7.2.2.1 Most critical integrations and Appendix E: Integration Specifications. First priority integrations are Police, Courts and NAIS4: Does the external system expose APIs? If yes, please provide specifications or samples.  Question is not clear - what is called 'external system'? Detailed specifications of integration counterparts mentioned in BRD 7.2.21 will be shared with winning bidder during the Technical Specifications preparation stage5: What integration pattern is expected (synchronous API, asynchronous messaging, file exchange)?  While synchronous API is expected to be the major usage scenario, file exchange also may be in use. 6: What are the expected data exchange scenarios (create/update/query)?  All 3 scenarios are possible for different integration counterparts7: What are the expected volumes and frequency of data exchange?  During 2024, the prosecution body handled 61,091 reporting materials, of which 24,921 are registered criminal proceedings, and 179 reinitiated criminal proceedings. Average case size is around 400 paper pages. 8: What authentication and security mechanisms are required?  Not available yet, to be developed by the winning bidder during the Technical Specifications preparation stage 9: Are test environments available for integration development?  Yes 10: Who is responsible for coordination and support on the external system side?  Question is not clear - what is called 'external system'? Integration partner have their respective development teams in charge of integration API support11: What administrative capabilities are expected (user management, role configuration, system settings, audit management)? Should these be provided via a dedicated administrative interface? Yes. Dedicated System and user management module is required as mentioned in BRD 3.2, 3.412: Is English speaking staff sufficient for the support team? Significant part of GPO staff have limited knowledge of English. Ongoing Helpdesk/Support team should possess the means and tools to work with non-English speaking users.13: Should backup management be a part of proposal? If so - what are the legal requirements for backup retention duration? Regarding backup management please refer to BRD 6.1.5 Backup and recovery; 6.4.2 Documentation and ToR 4. Scope of Work (SoW): " A disaster recovery plan must be developed and maintained to ensure the system will be restored within defined recovery timeframes in the event of a disaster.  The plan must include procedures for activating the disaster recovery site, restoring system data and modules, testing and validating the restored system, and returning to the primary site. The disaster recovery plan must be regularly tested and updated to ensure its effectiveness. Vendor must provide Business Continuity and Disaster Recovery Plan: Documented and tested plans defining Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO).As per legal requirements archive cases retention is between 20 years and indefinitely, depending on the applicable law.14: Is there SIEM system which will get information from the new system? At the moment there is no SIEM system in place 15: Which source code repository system is already in use (GitHub or GitLab)?  At the moment there is no coderepository owned by GPO 16: What are the requirements for the operating systems on the server hosts (Ubuntu, CentOS, etc.)?  There is no strictly mandated, proprietary "IT roadmap" (e.g., a hard requirement to use Oracle, Microsoft SQL, or specific servers OS ) that you must follow. However, consider that the resulting infrastructure will be hosted by the government agency, which has limited support and maintenance capabilities. Your proposed infrastructure should therefore be standard, easy to maintain, highly virtualized  and capable of running in an isolated, on-premise government environment without requiring constant external "call-home" internet access for license validation.17: Are there any restrictions or preferences regarding configuration management and deployment tools? We prefer to use Ansible as the configuration management system. Would that be acceptable for you? No restrictions 18:  Does GPO have an indicative annual budget or expected cost range for post-warranty maintenance and support services, and licenses? Yes, GPO has annual budget for IT support services however it cannot be disclosed at the moment. Reasonable post-warrranty budget amendment is possible based on the system and infrastructure needs.19: What is the expected number of users (by role) and concurrent users? Please refer to BRD 6.5 Performance Requirements. Currently up to 1000 concurrent  users are expected in the system with the possibility of organic growth and scaling.20: What are the expected transaction volumes (cases per day, document uploads, queries)? During 2024, the prosecution body handled 61,091 reporting materials, of which 24,921 are registered criminal proceedings, and 179 reinitiated criminal proceedings. Average case size is around 400 paper pages. Exact size of transaction volumes is hard to estimate at the moment and to be defined during the Technical Specifications preparation stage 21: What is the expected volume of data (initial and projected growth)? GPO's current primary data center storage shows 15TB data used, however it is not clear which part of data is case-related.22: What is the average size of a case including documents and evidence? GPO operates on paper. Average size of a case is around 400 pp. Arounrd 60% of cases have digital evidences attached such as photos and videos recording.  Unfortunately, the space for response is limited. The separate file for Q&A will be uploaded.Thanks and regardsUNOPS Procurement Team

New clarification added: Dear Bidder,Please find the below clarification below:clarification: Through the requirement "Offeror should be in continuous business of supplying similar services as specified in the Schedule of requirements for the last 5 years with minimum three (3) projects of similar nature in the area of enterprise software development, the development of Case Management Systems, Judicial Information Records, or High-Security Government Registries each with a value of at least $500,000 USD.", please can you spcify if the value of the contract should or not include the VAT? For the contracts in other currencies, the exhange rate of each date should be used?Clarification: Preferably the value of the implemented projects should be excluding VAT. As for the exchange rate, the currency will be calculated considering the UNOPS exchange rate for the respective period.Thanks and regardsUNOPS Procurement Team

New clarification added: Dear Bidder,Please find the below clarificaiton to your questions:Question: Could you please clarify how many files are expected to be processed in a year and what the average number of pages per file is?Clarificaiton: During 2024, the prosecution body handled 61,091 reporting materials, of which 24,921 are registered criminal proceedings, and 179 reinitiated criminal proceedings. Average case size is around 400 paper pages. Thanks and regardsUNOPS Prourement Team

New clarification added: Dear Bidder,Please find the clarifications below: Question 1. Can you accept a platform solution based on source code escrow for our basis platform and full delivery of all customized services in xml?  Clarification: The solution built on a proprietary basis platform supported by a Source Code Escrow agreement is acceptable and will not be disqualified as long as it fulfil requirements listed in BRD and ToR. However, please note the following evaluation conditions:1.      While the 'basis platform' code may be held in escrow, the source code for all custom configurations, integrations, and modules specifically developed for the GPO CMS under this contract must be fully handed over to the contracting authority without restriction.2.      As per the BRD (Section 8.2), the usage of open-source architecture is explicitly encouraged and considered a benefit. While a proprietary platform with an escrow agreement mitigates disaster-recovery risk, it still involves inherent vendor lock-in and potential ongoing licensing fees. Therefore, during the technical evaluation (specifically regarding Architecture, Total Cost of Ownership, and Long-Term Maintainability), we may score a proprietary basis platform considering relevant criteria.3.       Any financial costs associated with establishing and maintaining the source code escrow agreement during the warranty and maintenance periods must be borne by the vendor and clearly factored into the financial proposal. Question 2. Our platform is tech agnostic with regards to required infrastructure - but the specific server and data base choices have financial consequences. Is there a preferred technical IT roadmap around which we can design the supporting infrastructure? Clarification: There is no strictly mandated, proprietary "IT roadmap" (e.g., a hard requirement to use Oracle, Microsoft SQL, or specific proprietary servers) that you must follow. However, consider that the resulting infrastructure will be hosted by the government agency, which has limited support and maintenance capabilities. Your proposed infrastructure should therefore be standard, highly virtualized and capable of running in an isolated, on-premise government environment without requiring constant external "call-home" internet access for license validation. Thanks and regardsUNOPS Procurement Team

New clarification added: Dear bidder,Please be kindly informed that the pre-bid conference presentation and minutes of meeting of RFP/2026/61528 are uploaded in the section Documents.Thanks and regardsUNOPS procurement Team 

New amendment added #2: Pre-bid meeting minutes and presentation upload

New clarification added: Dear Bidder,Please note that we admitted all bidders that wanted to join the meeting. Sorry there was no one in the waiting line.Thanks and regardsUNOPS procurement Team

New clarification added: Dear Bidder,Please find the below clarifications to your questions:Question 1:  In section 8.1 Hardware Requirements it is stated:"The estimated cost of the proposed hardware solution will be taken into consideration and evaluated together with the proposed cost of CMS development." - Our question is "Will it be taken into consideration in the total points of the technical proposal or financial proposal? How will the points be calculated?"Clarification: The estimated cost of the hardware solution is considered as a part of Technical Proposal evaluation. The evaluation framework is designed to assess the architectural efficiency and the Total Cost of Ownership (TCO). Specifically, the scoring rubric considers solutions that suggest the "usage of unreasonably complex or costly hardware without proper justification" (which would score 40% or Satisfactory). Also it rewards solutions that achieve "better long-term maintainability or significantly lower hardware specifications" (which can score up to 100% or Outstanding). Therefore, the hardware estimate is used to qualitatively score the viability, efficiency, and maintenance risk of your proposed technical architecture.Question 2: In section 8.2 Licenses Requirements, it is stated: "The CMS is expected to require several licenses based on the software architecture that it will use (this may include Operating System licences, Database Licences, Application Licences and BI Engine). Usage of open source code software when possible is encouraged and considered as a benefit."- Our question is "Does that mean that Licenses of OS, Database, etc, must be provided by the vendor within this offer?" Clarification: If your solution relies on commercial software, the licenses required for the CMS to function must be factored into your proposed solution and priced specifically within your financial offer (as part of the overall software development and implementation cost).  Question 3: In the Evaluation criteria, can one person hold 2 or more roles if he/she fulfills all the requirements for those roles?Clarification: Assigning one person for implementation of  two or more key roles  carries significant risk. Given the scale of this system, core roles like the Senior Project Manager, Lead System/Database Architect, and Lead QA/Test Engineer demand dedicated focus. Proposing a single individual to cover multiple key roles may be evaluated as a capacity and implementation risk, which could impact score under Section 3 (Key Personnel proposed) and Section 1.1 (Provision of a mechanism for securing external niche short-term specialist expertise and a capacity to spike increase of development team headcount). Any proposed alternative structure is subject to strict review and acceptance Thanks and regardsUNOPS procurement Team

New clarification added: Dear Bidder,Sorry for misleading you. The meeting link and the updated communication sent to the potential bidders indicate the start of the pre-bi meeting at 1.00 p.m Vienna time.Sorry for confusion and hope you will be able to join the meeting.Thanks and regardsUNOPS procurement Team

New clarification added: Dear Bidder,Thank you for your clarification request.All BRD Appendixes and documents mentioned by you will be combined in one file and will be uploaded in the tender Documents section in the earliest future.Thanks and regardsUNOPS Procurement Team

New clarification added: Dear Bidder,Thank you for your clarification request.All BRD Appendixes and documents mentioned by you will be combined in one file and will be uploaded in the tender Documents section in the earliest future.Thanks and regardsUNOPS Procurement Team

New clarification added: Dear Bidder,Thank you for your clarification request.All BRD Appendixes and documents mentioned by you will be combined in one file and will be uploaded in the tender Documents section in the earliest future.Thanks and regardsUNOPS Procurement Team

New clarification added: Dear Bidder,Please find the below clarifications to your questions:1. Open-Source Integration ToolsPlease confirm that the requirement stating “the Vendor must ensure that all tools used for integrations are open source and provided at no additional cost to the GPO” refers exclusively to auxiliary integration components (e.g. middleware, ESB, message brokers, adapters), and does not apply to the core application platform itself, where integration capabilities (such as REST/SOAP APIs) are provided as native features of the proposed solution.Clarification: Confirmed  2. API Exposure – Scope and ExpectationsPlease clarify which system components are expected to expose APIs (e.g., case data, document metadata, reporting, reference data), and whether API exposure is required only for explicitly identified external systems or also for future, currently unspecified consumers.Clarification: Specific list of required endpoints to be identified during Phase 1 as a part of Tech Specs preparation.  It's envisaged but not limited that case, documents and evidences may require dedicated API endpoints.The system is expected to expose APIs for both explicitly identified external systems and for future, currently unspecified consumers.  The architecture must be designed with readiness for future integrations - particularly with EU judicial cooperation systems without requiring fundamental system redesign.  3. API Security and Identity ManagementPlease clarify whether the solution is expected to integrate with an existing Identity Provider (e.g., Active Directory, national IAM) for API authentication and authorization, or whether API security mechanisms (authentication, authorization, token management) are expected to be fully managed within the proposed solution.Clarification: The proposed solution is expected to integrate with existing Identity Providers rather than fully managing security mechanisms and identity entirely within the solution. The system must support LDAP/LDAPS protocols for primary user authentication against the GPO's central Directory Service, such as Microsoft Active Directory or another IAM solution. The solution must also support user electronic identification via the e-Albania platform. For integrations routed through the NAIS Government Gateway, the system will leverage the gateway's centralized security and authentication protocols. 4. Process Definition and Level of DetailWhile the RfP and BRD describe the case lifecycle and key business processes at a functional level, please confirm that detailed process definitions (e.g., BPMN flows, branching, exceptions, parallel activities, escalation logic) are expected to be finalized during Phase 1 as part of the Validated BRD and Technical Specifications deliverables. Clarification: Confirmed, detailed process definitions are to be prepared during Phase 1 5. On-Premise Infrastructure ResponsibilitiesPlease clarify whether the provisioning of on-premise infrastructure components (servers, virtualization, operating systems) will be the responsibility of UNOPS/GPO, or whether these activities are expected to be supplied, installed and configured by the Vendor as part of the project scope.Clarification: Procurement and installation of on-premise infrastructure components will be done by UNOPS in line with specifications and recommendations by the Vendor. Configuration of the procured equipment to be done by Vendor. 6. Document Management CapabilitiesPlease confirm whether an existing Document Management System is in place and must be integrated with the CMS, or whether the Vendor is expected to provide a complete document management capability as part of the proposed solution.Clarification: At the moment there is no existing Document Management System in place. Vendor is expected to provide document management capability in line with BRD requirements.   7. Post Go-Live Support and MaintenancePlease clarify whether post go-live support and maintenance services are expected to be included within the scope of this RfP, and if so, for what duration and under which service level expectations. Clarification: Post go-live support and maintenance are explicitly included within the scope of the RfP and are structured across two key phases:Hypercare Support: The vendor must provide intensive "hypercare" support immediately post-Go-Live to ensure a smooth transition and rapid resolution of any initial issuesWarranty Period: Following the final system acceptance, the vendor must provide a 36-month (3-year) warranty period for all software, products, and services provided. This warranty service must include bug fixes, security patches, and performance tuning. The support and warranty services will be governed by a Service Level Agreement (SLA) accordingly to response and resolution times for critical, high, and medium-priority issues proposed by the Vendor as a part of RfP submission. 8. Licensing and Total Cost of OwnershipPlease clarify UNOPS/GPO expectations regarding the licensing model of the proposed solution. In particular, please confirm whether:a) all platform and third‑party licensing costs are expected to be included in the Financial Proposal for a defined initial period, orb) recurring platform licensing costs (where applicable) may be managed separately (e.g., through a direct contract between GPO and the software vendor).Clarification: All licensing costs to be included in the Financial Proposal and to be indicated separately. Recurring licensing costs, which may be required after the contract period ends, should clearly state so.Thanks and regards​UNOPS Procurement Team

New amendment added #1: Update of the tender name and deadline