(EoI)-Consultancy Services for Software Development of a Trust Seal system for Rwandan e-Commerce Companies at GIZ Rwanda

Expression of Interest (EoI) Consultancy Services for Software Development of a Trust Seal system for Rwandan e-Commerce companies

Contract identification number: 83399484

0.Context

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a federally owned international cooperation enterprise for sustainable development with worldwide operations. GIZ has worked in Rwanda for over 30 years. The primary objectives between the Government of Rwanda and the Federal Republic of Germany are poverty reduction and promotion of sustainable development. To achieve these objectives, GIZ Rwanda is active in the sectors of Decentralization and Good Governance, Economic Development and Employment Promotion, Energy, and ICT (Information and Communications Technology).

Electronic Commerce, also known as e-Commerce, is an increasingly important procurement and sales channel in emerging African economies. However, the prerequisites that would enable African companies to participate in cross-border e-Commerce are not yet in place. These include the availability of electronic payment systems, consumers’ and companies’ trust in e-Commerce, and supportive regulatory frameworks.

The GIZ project “Pan-African e-Commerce Initiative – Boosting African Digital Trade” (PeCI) aims to improve the framework conditions for companies in selected African countries to participate in cross-border e-Commerce. The PeCI is a continental programme to improve the ecosystem for companies to participate in cross-border e-commerce. Framework conditions such as the harmonisation of regulations are crucial for businesses to participate in cross-border e-trade. In the long run, PeCI contributes to deepen the economic integration of East Africa, increasing trade within and outside the East African Community (EAC). At the strategic level, it contributes to deepening the economic integration of Africa, increasing exports from Least Developed Countries (LDCs), implementing the Marshall Plan with Africa, the BMZ Aid for Trade strategy, the BMZ sector strategy for private sector development, the BMZ Digitalisation strategy, and the BMZ ‘Digital Africa’ Initiative.

Trust in e-Commerce

Trust is essential for doing business. The lack of trust by businesses and households to purchase online is among the main inhibitors for the adoption and growth of e-Commerce in many countries.

Many businesses and household consumers are afraid that:

1) Purchased items are either not delivered at all, delivered late, broken or not according to specification, and refunds are not issued.

2) Putting their credentials online – particularly their financial information – will subject them to online fraud and material damage.

Trust in e-Commerce in Rwanda

The Strategy for Digital Transformation of Trade, Industry and Commerce (ICT4COM) in Rwanda is under development and is likely to include a significant component on improving trust, with e-Commerce a key enabler of the strategy’s objective to digitalise trade, industry, and commerce by 2024. One of the key tenets of Strategic Priority 2 is likely to be to guarantee trust, security, and consumer data privacy with the envisaged outcome being a secure and trusted ecosystem that drives sustainable production and consumption of goods and services. Key actions under this Strategic Priority are likely to include the development of an e-Commerce trust mark and return policy, and the establishment of partnerships with specialised institutions for certification of emerging technologies.

Trust seals in e-Commerce in Rwanda

Issuing credible trust seals to e-Commerce shops or businesses would strengthen consumer confidence in purchasing through such suppliers. Research revealed that the lack of trust in purchasing online is among the main inhibitors for the adoption and subsequent growth of e-Commerce in the EAC region.

Trust seals can mitigate such reservations to a degree. They could be issued to reliable e-Commerce platforms by public or private entities, or Public-Private Partnerships (PPP) that consumers perceive as being trustworthy and credible. An example of such an entity is a company exclusively operating in Europe which not only claims to have certified more than 25,000 online shops, but also that its clients have been able to improve their online sales by obtaining its trust seal. There are only a limited number of trust seal systems operational on the African continent and none with widespread adoption in East Africa.

Definition of Trust Seal criteria and Trust Seal system software requirements

In order to increase customer trust in e-Commerce businesses, a Trust Seal is to be based on a criteria catalogue which defines the requirements that need to be fulfilled in order for an e-Commerce business to be successfully certified. For that reason, an external team of consultants has been contracted by GIZ, to define this set of criteria and ultimately conduct a pilot certification of three e-Commerce businesses. In order to achieve this goal, the external team was also tasked with the definition of business processes and technical requirements to operationalise the Trust Seal system both from an organizational as well as a technical perspective.

The technical part of the Trust Seal system, is to be implemented by a software development company. These ToR represent the definition of software requirements, which are further specified in the objectives below.

Objectives of the contractor’s assignment

The overall objective of this assignment is the development of a web-based application (including frontend, backend, and database) to conduct the process of guiding applicants (e-Commerce companies) who want to obtain a certified trust seal, through the different requirements defined by the criteria catalogue and to ultimately provide successful applicants with resources to implement the trust seal on their websites. A top-level view of the desired architecture is shown below. While the final system architecture can be further refined by the contractor, the diagram should help to understand the different components required by the web-application.

In order to facilitate the certification process, the web-application can be further disaggregated into the following functions:

The online self-assessment form

• Each applicant (e-Commerce business) starts the application process by accessing a public URL which leads them to an online self-assessment form. In the initial step, they will be required to provide basic information in order to create an account, allowing them to complete the application at a later stage and to access certificate information once they have successfully passed all the different stages of the certification process.
• After sign-up, the applicant will be guided through the different sections defined by the criteria catalogue, which will be a mix of text-based and binary (yes/no) questions.
• Each criteria can be either required or not required, only allowing applicants to proceed with the process once all required information has been entered.
• As the system intends to support capacity building, each criterion is linked to a thorough explanation, which will be shown to the applicant in a final summary in case a requirement was not met.
• On completion of the initial part of the criteria assessment, the applicant should be notified about the successful filing of an application and a case number should be created.
• The self-assessment form only covers a predefined set of criteria which the applicant can fill out without further verification. A consecutive vetting performed by an admin user is then performed in a protected system only accessible by the certifying authority – the DBI (see admin system below).

The admin system

• In general, the admin system is a secured part of the web-based frontend which requires eligible users (e.g. DBI employees) to authenticate (see authentication service below).
• When authenticated the administrators should see a list of all applicants who filled out the self-assessment form for both successful and unsuccessful (or incomplete) submissions. For each applicant, the admins need to be able to see the responses for criteria in the catalogue, in order to be able to provide feedback (capacity building). The list should have filtering criteria’s and the admin should be able to match a status to each application. The accounting department should be informed on starting the invoicing process via email (see email service below).
• The admins will be able to select successful submissions and schedule appointments, in order to invite applicants for an in-depth certification interview via an automated email (see email service below).
• During an interview, the admin needs to be able to continue the certification from where the applicant finished when filing the self-assessment form and should be able to make changes.
• The main purpose of the interview is to conduct a thorough vetting of the applicant with regards to the criteria catalogue. For that reason, each criteria in the catalogue can be either part of the self-assessment form or part of the in-person interview session.
• In order to allow the system to be dynamically adjusted according to new regulations and criteria, it should be possible to add additional text-based or binary criteria when needed.

• After successful completion of an interview, the admin can create a certificate for the applicant, which will trigger the system to generate a unique identifier and a corresponding certificate page (see certificate landing page below) for the applicant.
• Admins can set a certificate as invalid when required.

The publicly accessible certificate landing page

• The certificate landing page should be a publicly accessible part under the trust seal systems domain, which contains relevant data (e.g., name of business, URL of the business, certification status, expiry date, etc.) with regards to the certification of e-Commerce business.
• e-Commerce businesses should be allowed to link to their individual certificate landing page from their websites to allow customers to verify the legitimacy of the website

• The landing page should be populated with the relevant certification information using the unique identifier assigned to the e-Commerce business generated by the system.

The user portal

• In general, the user portal is a secured part of the web-based frontend which requires applicants of a trust seal to authenticate (see authentication service below). A limited part of the portal is visible to the user as soon as an account has successfully been created as part of the self-assessment form above.
• After an admin user has confirmed the certification of an applicant, the user will see additional content in the portal, providing them with the information and resources to implement the trust seal on their business’s website (e.g. hyperlink to certificate landing page, trust seal images in different resolutions).

The authentication service

• In order to provide a secure mechanism for authentication of users (both applicants and admins) an authentication service needs to be put in place.
• The use of an existing authentication service offering the necessary security (such as OTPs) in Rwanda should be considered to avoid the complexity of implementing a custom solution.

The email service

• In general, the email service can be regarded as a notification service which will be designed to inform both parties (the applicant e-Commerce business and the administrators) about updates during the certification process.
• Administrators should have the option to trigger automated emails to inform Trust Seal system users about updates of their application and certification status (e.g., invitation for in-person interview, expiry of certificate, information about new regulations being put in place, invoicing).

While the above features serve as a detailed description of the different features to be implemented throughout the course of this assignment, the web-application should be implemented based on the following general requirements:

• The user-interface (UI) of the web-application should be easy-to-use, responsive, and adhere to modern web-design paradigms.
• The web-application should be implemented with modularity and scalability in mind, to allow future extension of the system functionalities.
• The system shall ensure compliance with Rwandan data protection regulations, making sure that communication between frontend and backend is encrypted, personal data is handled securely and access to the admin backend / database is restricted to authenticated users.

1. Tasks to be performed by the contractor

The contractor shall provide services totalling 100 expert days, comprising a Team Leader (IT-project manager) with up to 15 days, and a pool of up to 3 software developers with up to 85 days.

The contractor is responsible for providing the following services:

• Draft system requirements for web-based Trust Seal system according to above objectives.
• Develop system architecture for trust seal system using appropriate diagrams and refine architecture based on stakeholder feedback.
• Develop web-based Trust Seal system.
• Deploy and regularly update working prototype of trust seal system on a staging system for tracking development progress.
• Implement adjustments and bug fixes according to feedback with a minimum of 3 rounds of feedback and testing.
• Maintain and adjust the Trust Seal system for an additional 6 months following the development (up to 10 days)

Throughout the development of the project, the contractor is expected to:

• Liaise with GIZ and key stakeholders to ensure requirements are in line with the objectives to be covered by the Trust Seal system. An in-person onboarding is planned for the first weeks of the project.
• Conduct regular review meetings with GIZ to provide transparent information with regards to current state of development (status reports)

Provide access to a staging environment updated regularly (e.g., before every review meeting) in order to allow for continuous progress updates.

• Provide unrestricted, irrevocable access to system and its code when handing over the final version of the trust seal system

Certain milestones, as laid out in the table below, are to be achieved by certain dates during the contract term:

Milestone	Deadline/place/person responsible
Requirements catalogue for Trust Seal system	15.02.2022, Team-leader (IT-project manager)
System architecture diagram including technologies used for each part of the system	15.02.2022, Team-leader (IT-project manager) and software developers
Working prototype deployed on staging system	15.03.2022, Team-leader (IT-project manager) and software developers
Presentation of the Trust Seal system and incorporation of client feedback	15.03.2022, Team-leader (IT-project manager) and software developers
Trust Seal system implemented	15.04.2022, Team-leader (IT-project manager) and software developers
Code documentation, software testing and operations manual completed	15.04.2022, Software developers
System adjustments and bug-fixing according to client feedback	31.05.2022, Team-leader (IT-project manager) and software developers
Reports on the implementation status of the project (5-7 pages/slides)	Monthly, Team-leader (IT-project manager)
Maintenance of and minor adjustments to the Trust Seal system	1.06.2022 – 15.11.2022, Software developers

All deliverables must be provided in English. This also includes meetings and all communication with the client as well as reports to be prepared.

Period of assignment: From 01.02.2022 until 15.11.2022.

2.Concept

In the bid, the bidder is required to show how the objectives defined in Chapter 2 are to be achieved, if applicable under consideration of further specific method-related requirements (technical-methodological concept).

Technical-methodological concept

Strategy: The bidder is required to consider the tasks to be performed with reference to the objectives of the services put out to tender (see Chapter 1). Following this, the bidder presents and justifies the strategy with which it intends to provide the services for which it is responsible (see Chapter 2).

The bidder is required to describe the key processes for the services for which it is responsible and create a schedule that describes how the services according to Chapter 2 are to be provided. In particular, the bidder is required to describe the necessary work steps and, if applicable, take account of the milestones and contributions of other actors in accordance with Chapter 2.

The bidder is required to describe its contribution to knowledge management for the partner and GIZ and promote scaling-up effects (learning and innovation).

Project management of the contractor

The bidder is required to explain its approach for coordination with the GIZ project.

• The contractor is responsible for selecting, preparing, training, and steering the experts (international and national, short and long term) assigned to perform the advisory tasks.
• The contractor makes available equipment and supplies (consumables) and assumes the associated operating and administrative costs.
• The contractor manages costs and expenditures, accounting processes, and invoicing in line with the requirements of GIZ.

The contractor reports regularly to GIZ in accordance with the AVB of the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH from 2018.

In addition to the reports required by GIZ in accordance with AVB, the contractor submits the following reports:

• Monthly reports on the implementation status of the project (5-7 pages/slides)
• A final report (maximum 10 pages/slides) summarising key lessons learned throughout the project.

The bidder is required to draw up a personnel assignment plan with explanatory notes that lists all the experts proposed in the bid; the plan includes information on assignment dates (duration and expert days) and locations of the individual members of the team complete with the allocation of work steps as set out in the schedule.

3.Personnel concept

The bidder is required to provide personnel who are suited to filling the positions described, on the basis of their CVs (see Chapter 7), the range of tasks involved, and the required qualifications.

The below specified qualifications represent the requirements to reach the maximum number of points.

Team leader (IT-project manager)

Tasks of the team leader (IT-project manager)

• Overall responsibility for the advisory packages of the contractor (quality and deadlines).
• Coordinating and ensuring communication with GIZ and key stakeholders involved in the project.
• Aligning work-packages for pool of short-term experts (software developers) to meet deadlines.
• Personnel management, in particular identifying the need for short-term assignments within the available budget, as well as planning and steering assignments and supporting local and international short-term experts.
• Regular reporting in accordance with deadlines.

Qualifications of the team leader

• Education/training (2.1.1): University qualification (Bachelor’s degree) or equivalent work experience/training in computer science, information systems or other related fields.
• Language (2.1.2): Good business language skills in English (C1 in the Common European Framework of Reference for Languages or equivalent)
• General professional experience (2.1.3): 3 years of professional experience in IT-project management.
• Specific professional experience (2.1.4): 3 years in requirements engineering.
• Leadership/management experience (2.1.5): 3 years of management/leadership experience as IT-project manager in a company.
• Regional experience (2.1.6): 3 years of relevant experience in Rwanda.
• Development Cooperation (DC) experience (2.1.7): – not applicable –
• Other (2.2.8): – not applicable –

Short-term expert pool with minimum 2, maximum 3 members

Tasks of the short-term expert pool

• Design overall system architecture of Trust Seal system.
• Specify technologies and frameworks used for implementation of different software components.
• Implement Trust Seal system.
• Document code.
• Create system operations manual / deployment instructions.
• Maintenance and minor adjustments to Trust Seal system following its development.

Qualifications of the short-term expert pool

• Education/training (2.6.1): University qualification (Bachelor’s degree) or equivalent work experience/training in computer science, information systems or other related fields.
• Language (2.6.2): Good business language skills in English (C1 in the Common European Framework of Reference for Languages or equivalent)
• General professional experience (2.6.3): 2 experts each with 5 years of experience in software engineering and development of modern cloud-based web applications, 2 experts each with 5 years of professional experience in relational databases.
• Specific professional experience (2.6.4): 2 experts each with 3 years of experience in MVC-architectures.
• Regional experience (2.6.5): 3 years of relevant experience in Rwanda.
• Development Cooperation (DC) experience (2.6.6): – not applicable –
• Other (2.6.7): 1 expert with 2 years of experience in web design/design of user interfaces, 2 experts each with 2 years of experience with version control systems (e.g. Git). All experts must demonstrate experience in implementing 3 cloud-based applications in the past 5 years.

Soft skills of team members

In addition to their specialist qualifications, the following qualifications are required of team members:

• Team skills.
• Communication skills, especially with regards to communicating complex technical problems.
• Sociocultural competence.
• Efficient, partner- and client-focused working methods.
• Interdisciplinary thinking.

The bidder must provide a clear overview of all proposed short-term experts and their individual qualifications.

4.Costing requirements

Assignment of personnel

Team leader (IT-project manager): Assignment in home country for 15 expert days.

Short-term expert pool: Assignment in home country for a total of 85 expert days.

5.Submission of your EoI

EoI will be evaluated based on the following criteria:

• Company or individual profile,
• Relevant experience,
• Company strategies to assure agility, flexibility, and responsiveness,
• Personnel and,
• Financial offer.

The EoI should contain the following:

For Technical Proposal:

• The structure of the bid must correspond to the structure of the ToRs. In particular, the detailed structure of the concept (Chapter 3) is to be organised in accordance with the positively weighted criteria in the assessment grid (not with zero). It must be legible (font size 11 or larger) and clearly formulated. The bid is drawn up in English.
• The complete bid shall not exceed 10 pages (excluding CVs).
• The CVs of the personnel proposed in accordance with Chapter 4 of the ToRs must be submitted using the format specified in the terms and conditions for application. The CVs shall not exceed 4 pages. The CVs must clearly show the position and job the proposed person held in the reference project and for how long. The CVs shall also be submitted in English.
• If one of the maximum page lengths is exceeded, the content appearing after the cut-off point will not be included in the assessment.
• Please calculate your price bid based exactly on the aforementioned costing requirements. In the contract the contractor has no claim to fully exhaust the days/travel/workshops/ budgets. The number of days/travel/workshops and the budget amount shall be agreed in the contract as ‘up to’ amounts. The specifications for pricing are defined in the price schedule.
• References and recommendations of similar works executed in Rwanda or elsewhere outside of Rwanda must be provided.
• Company registration certificate (RDB) must be provided (local bidders)
• VAT registration certificate with RRA (local bidders)
• Latest tax clearance certificate (local companies)

For the Financial Proposal:

The Financial Proposal indicates the all-inclusive total contract price, supported by a breakdown of all costs. The cost must be in RWF and VAT excluded.

Please submit electronically your EoI (technical & Financial offer) in 2 separated PDF files to this email: RW_Quotation@giz.de until latest Monday 27^th  December 2021 

 Please you must write in your email subject this sentence:

EOI number 83399484 – submission of technical& financial offer,

without this sentence, your offer may not be considered

Hard copies are not allowed this time

GIZ reserves all rights

6. List of abbreviations

API : Application Programming Interface

AVB : General Terms and Conditions of Contract (AVB) for supplying services and work 2018

BMZ :Bundesministerium für wirtschaftliche Zusammenarbeit und Entwicklung – Federal Ministry for Economic Cooperation and Development

DBI : Digital Business Institute

DC : Development Cooperation

EAC: East African Community

GIZ :Deutsche Gesellschaft für Internationale Zusammenarbeit – German Corporation for International Cooperation

LDCs :Least Developed Countries

MVC :Model-view-controller

OTP :One-time password

PeCI :Pan-African e-Commerce Initiative

PPP :Public-Private Partnerships

ToR :Terms of reference

TSS :Trust Seal system

UI :User-interface