Terms Of Reference (Tor) For Incident Management Risk And Compliance Reporting Solution At Living Goods

Introduction

Living Goods aims to save lives at scale by professionalizing community health services. Through our tried and tested DESC framework, we seek to create an environment in which Community Health Workers (CHWs) are Digitally-enabled, Equipped, Supervised and Compensated. In this way, we improve access to essential healthcare services for underserved populations, particularly in sub-Saharan Africa. We also work closely with governments and other partners to leverage technology, strengthen performance monitoring, and innovate to deliver high-quality, impactful, and cost-effective community health services.

Background

Effective incident management, risk management, and compliance reporting are critical to ensuring organizational accountability, transparency, and regulatory adherence. Many organizations face challenges such as manual processes, decentralized reporting systems, and inconsistent escalation workflows, which hinder efficiency and compliance oversight.

To address these challenges, Living Goods seeks to implement a comprehensive Incident Management, Risk Management, and Compliance Monitoring & Reporting solution built on Jira Service Management (JSM). This system will provide real-time dashboards for monitoring key risks and compliance metrics, ensuring a centralized, automated, and structured approach to:

• Tracking compliance obligations,
• Managing risk exposure, and
• Handling incidents efficiently through interactive reporting tools.

The solution will integrate a pre-populated compliance grid that maps applicable regulatory requirements across jurisdictions and business functions. Additionally, the incident, risk, and compliance management modules will include automated tracking, reporting, and escalation mechanisms to strengthen adherence to governance, compliance, and risk management obligations.

• The Incident Management Solution will streamline incident logging, categorization, escalation, and resolution through structured workflows, automated notifications, and integration with existing systems for secure document storage.
• The Risk & Compliance Reporting Solution will provide interactive dashboards to track, analyze, and visualize compliance status and risk trends, facilitating proactive decision-making and regulatory reporting.

This Terms of Reference (TOR) outlines the requirements for developing:

1. An Incident Management Solution built on Jira Service Management (JSM).
2. A Risk & Compliance Management Reporting Solution with dashboards for real-time monitoring of organizational risks and compliance adherence.

The solution will integrate a pre-populated compliance grid that maps applicable requirements across jurisdictions and business functions. Additionally, the compliance risk management, and incident management modules should include automated tracking, reporting, and escalation mechanisms to ensure adherence to compliance and risk management obligations. The incident management solution will streamline incident logging, categorization, escalation, and resolution through structured workflows, automated notifications, and integration with existing system for document storage. The risk/compliance reporting solution will enable the organization to track, analyze, and visualize compliance status and risk trends through interactive dashboards, facilitating proactive decision-making and regulatory reporting.

This Terms of Reference (TOR) outlines the requirements for the development of an Incident Management Solution built on Jira Service Management (JSM) and a Risk/Compliance Reporting Solution with dashboards for monitoring organizational risks and compliance.

Objectives

The primary objectives of this project are:

• To develop an efficient Incident Management Solution leveraging Jira Service Management (JSM) to track, manage, and resolve incidents.
• To Implement a Risk & Compliance Management Reporting Solution that provides interactive dashboards for monitoring compliance and risk metrics.
  • To automate workflows for:
  • Incident management (event logging, escalation, and resolution).
  • Compliance tracking (monitoring obligations and ensuring adherence).
  • Risk management (identifying and mitigating risks in real time).
• To enable reporting capabilities to provide leadership insights and facilitate regulatory compliance.
• To enable real-time monitoring of incident management, compliance adherence, and risk mitigation through interactive dashboards that support data-driven decision-making.

The consulting agency will be expected to work closely with Living Goods’ leadership, the Compliance team, and other stakeholders to ensure that the objectives are met within the agreed-upon timelines and standards.

Scope Of Work

This project involves the design, development, and deployment of two integrated solutions:

1. Incident Management Solution (to be built on JSM)

   The consultancy agency will develop an incident management system using Jira Service Management (JSM) to facilitate efficient reporting, categorization, tracking, and resolution of incidents. The system will automate workflows, provide role-based access, integrate with SharePoint for document management, and offer real-time analytics to improve incident response and compliance.

2. Risk & Compliance Reporting Solution

   The consultancy agency will develop a reporting solution that aggregates, tracks, and visualizes key risks and compliance metrics through interactive dashboards. The system will consolidate data from various sources, automate reporting workflows, and provide real-time insights to enhance risk management and regulatory adherence.

As part of this engagement, the vendor is required to:

• Conduct a review of the current incident management solution (JSM) and risk/compliance reporting requirements to ensure completeness and feasibility.
• Provide recommendations and refinements before finalizing the system design.
• Develop and implement the solutions based on the validated requirements.
• Conduct testing, training, and provide ongoing support during rollout.

Incident Management Solution High Level Requirements

• Incident Reporting: User-friendly interface for logging incidents with key fields (title, date/time, location, type, description).
• Reporter Information: Captures reporter details (name, role/department, contact information).
• Workflow & Automation (JSM-Based): Pre-configured incident categories and subcategories.
• Automated assignment, escalation, and resolution tracking: Notifications for incident updates and escalations.
• Document Management & Storage: Integration with SharePoint for secure document storage.
• Granular access control based on incident type.
• Security & Compliance – Data encryption (in transit and at rest).
• Detailed audit logs for all system activities.
• Incident Tracking & Escalation
• Unique incident IDs for tracking.
• Status updates (New, In Progress, Resolved, Closed).
• Automated escalation alerts based on severity and response time.
• Reporting & Dashboards – Real-time dashboard with incident status, severity, and trends.
• Data export capability for further analysis.
• User Experience & Training – Intuitive landing page for reporting incidents.
• Pilot testing before full deployment.
• Export Capabilities: Support exporting reports in multiple formats (Excel, PDF, etc.) for further analysis.

Risk and Compliance Management Reporting Solution

• Develop separate modules for Risk Management and Compliance Management, enabling targeted tracking and analysis.
• Develop a dashboard-based system for real time visualizing compliance and risk management metrics, trends, and compliance adherence.
• Automated tracking and escalation of non-compliance incidents and risk management obligations per assigned timelines.
• Escalation and Notifications: Generate alerts for overdue compliance and risk management tasks.
• Customizable Compliance and risk management Reports: Generate reports by function, jurisdiction, or regulation type.
• Executive Dashboard-Display compliance scores task completion, risk trends, and outstanding actions for leadership insights.
• Integrate the solution with existing data sources (e.g., compliance databases, audit reports, financial systems).
• Provide real-time alerts and notifications for non-compliance or risk threshold breaches.
• Enable data export capabilities for further analysis.
• Implement user role management to ensure appropriate data access.
• Support customizable reporting templates for compliance status assessments and risk management status assessments.
• Export Capabilities: Support exporting reports in multiple formats (Excel, PDF, etc.) for further analysis.

Risk Management module

• Support Risk Classification: Categorize risks based on severity, likelihood, and impact.
• Risk Register: Maintain a centralized risk repository with ownership assignment.
• Mitigation and Action Tracking: Assign risk mitigation tasks with progress tracking.
• Integrated Reporting: Provide risk heat maps, trend analysis, and detailed risk assessment reports.

Deliverables

The consultancy agency is expected to deliver the following outputs as part of the engagement with Living Goods. The timelines and final project plan will be agreed upon during the inception period.

1. Requirement Validation & System Design

• Requirement Review & Validation Report:
  • Review of the initial requirements provided by Living Goods.
  • Recommendations for enhancements, feasibility assessment, and potential challenges.
  • Finalized and approved system requirements.
• System Design Document:
  • Detailed system architecture, including integration points (e.g., JSM, SharePoint, Reporting Dashboards).
  • Workflow design and automation logic.
  • Data model and security framework.
• User Journey & Wireframes:
  • Visual representation of the incident reporting and risk/compliance dashboards.
  • User experience (UX) flow and interaction models.

2. Development & System Configuration

• Configured Incident Management Solution (JSM-Based):
  • Fully developed and tested incident reporting workflows in JSM.
  • Automated notifications and escalation processes.
  • SharePoint document storage integration with access control.
• Developed Risk management & Compliance management Reporting Solution:
  • Dashboards and visualization for tracking risks and compliance metrics.
  • Automated report generation and alerts.
  • Integration with existing data sources.
• Data Security & Access Control Implementation:
  • Role-based permissions for different teams within Living Goods.
  • Encryption of sensitive data.
  • Audit logging and tracking of user actions.

3. Testing & Quality Assurance

• Test Plan & Test Cases:
  • Functional and non-functional test scenarios.
  • Performance, security, and user acceptance test (UAT) criteria.
• User Acceptance Testing (UAT) Report:
  • Summary of test findings and resolutions.
  • Sign-off from Compliance team and other key stakeholders.

4. Documentation & Training

• Technical Documentation:
  • System Administration Guides and relevant materials (for Support teams).
  • API Documentation (if any and if integrations are exposed).
• User Guides & Training Materials:
  • Step-by-step guide for end-users.
  • FAQs and troubleshooting guide.
• Training & Knowledge Transfer:
  • Live training sessions for system users and administrators.
  • Q&A sessions and ongoing support during initial rollout.

5. Deployment & Post-Implementation Support

• Deployment & Go-Live Plan:
  • Phased rollout strategy.
  • Change management support.
• Post-Implementation Support:
  • Bug fixes and performance optimizations.
  • Hypercare support for a defined period post-go-live that will be agreed between Living Goods and the consultancy agency at project inception.

Consulting Agency Qualifications

To successfully deliver the Incident Management Solution and Risk & Compliance Reporting Solution, the selected consultancy agency must meet the following qualifications and competencies:

1. Technical Competencies

• Expertise in Jira Service Management (JSM): Proven experience in configuring and customizing JSM for incident management workflows.
• Enterprise Software Development: Strong experience in designing and implementing secure, scalable, and high-performance enterprise applications.
• Integration Capabilities: Ability to integrate JSM with SharePoint, email systems, and other third-party tools as needed.
• Dashboard & Reporting Development: Experience with data visualization tools (e.g., Power BI, Tableau, or Jira dashboards) for risk and compliance reporting.
• Cloud & Security Best Practices: Knowledge of cloud-based solutions, encryption, access control, and data protection best practices.

2. Project Management Competencies

• Project Planning & Execution: Ability to develop a detailed project plan, set milestones, and ensure timely delivery.
• Agile & Iterative Development: Experience with Agile methodologies, sprint planning, and iterative system development.
• Risk Management & Mitigation: Ability to anticipate project risks, propose mitigation strategies, and ensure business continuity.
• Stakeholder Engagement: Experience in working with multiple stakeholders, conducting requirement workshops, and ensuring alignment with Living Goods business needs.

3. Professional Experience

• Industry Experience: Minimum of 5+ years in software development, IT consulting, or risk/compliance solutions implementation (will be an added advantage)
• Proven Track Record: Demonstrated success in delivering similar incident management and risk reporting solutions for other organizations.
• Regulatory & Compliance Knowledge: Understanding of regulatory frameworks relevant to incident reporting and compliance.

4. Problem-Solving & Analytical Skills

• Requirement Analysis: Ability to assess existing business processes and propose innovative technical solutions.
• Troubleshooting & Issue Resolution: Strong diagnostic and debugging skills to resolve system issues efficiently.
• Process Improvement Mindset: Ability to suggest and implement process optimizations based on industry best practices.

5. Training & Support Capabilities

• User Training & Documentation: Ability to develop and deliver training materials and user guides for system adoption.
• Post-Implementation Support: Commitment to providing maintenance, troubleshooting, and system updates as required.

The successful consulting agency will be expected to provide evidence of their qualifications, including a portfolio of past projects that demonstrates their expertise in similar roles. Bidders are also required to share testimonials from previous clients to support their proposals.

EVALUATION CRITERIA

Technical evaluation (Maximum score 70%)

The evaluation will review the bidder’s understanding of Living Goods’ business process and requirements and how their proposed solution will best fit Living Goods’ requirements under this Datawarehouse solution.

Certain technical responses will be evaluated qualitatively based on the following criteria:

1. 65% -70%: The bidder is competent and exceeds the expected criteria for the requirement.
2. 55% -64%: The bidder is competent and meets the expected criteria for the requirement.
3. <55%: The bidder does not meet some minor criteria, but these are within an acceptable limit.

These percentages serve as a qualitative measure to assess the level of compliance with the specified technical requirements.

Living Goods retains the right to verify the authenticity of the information and documents submitted in relation to the technical evaluation criteria. The bidder is required to provide the necessary support and cooperation in this regard. The scoring for each section of the technical evaluation will be conducted as demonstrated in Table 1 below.

Table 1: Technical Evaluation Criteria

# Section Total Marks

1. Successful Customer References & testimonials 10
2. Technical Competencies: Expertise in Jira Service Management (JSM), Enterprise Software Development or similar platforms, Integration Capabilities, Dashboard & Reporting Development, Cloud & Security Best Practices, 30 SDLC – Requirements analysis to production using sprint and iterative development. Evidence of custom development of functional industry applications from ground up
3. Project Management Competencies: Project Planning & Execution, Risk Management 20 & Mitigation, Stakeholder Engagement
4. Training & Support Capabilities: User Training & Documentation, Post-Implementation Support 10

Commercial evaluation (Maximum score 30%)

Once the technical scores have been calculated, the financial scores will be ranked using the following formula:

Financial Score (FS) = 30 x Fm / F

where FS represents the financial score, Fm is the lowest priced financial proposal, and F is the price of the proposal under consideration.

In the final evaluation, proposals will be ranked based on their combined technical and financial scores, considering the weights assigned to the Technical Proposal and the financial score. The bidder(s) achieving the highest combined technical and financial score will be invited for negotiations.

Clarification of RFP document

Our goal is to provide you with all the necessary information to enable you to submit a comprehensive and competitive response to this RFP. We encourage you to contact us with any inquiries or requests for clarification in writing before the proposal submission deadline. Please ensure that all questions or clarification requests are submitted via email to procurementglobal@livinggoods.org no later than 19th Feb 2025. We will promptly respond to all queries to ensure a fair and transparent bidding process.

Offer Validity

In accordance with the guidelines set forth in this RFP, the proposal for support services should remain valid for a minimum period of three (3) months starting from the final date of proposal submission. Living Goods will make every effort to conclude negotiations within this period. If Living Goods deems it necessary to extend the validity period of the proposals, the Bidder will be required to agree to such an extension.

Important Due Dates

Date/ Timeline Description

14th February 2025 Questions relating to the TOR submitted

19th February 2025 Final proposal submission deadline

Notification of Intent

Upon successful negotiation, Living Goods will issue a ‘Notification of Intent’ to the most competitive bidder(s). It is important to note that this Notification of Intent does not constitute the formation of a contract between Living Goods and the [partner organization] unless certain conditions are met. These conditions may include results of the standard due diligence procedures to be carried out by Living Goods, formal acceptance of the proposal, commitment of necessary resources, and submission of a performance guarantee, among others.

The sole purpose of this Notification of Intent is to express Living Goods’ willingness to proceed with the acquisition of the service, subject to the execution of a valid Master Service Agreement (MSA) or Contract and/or the issuance of a signed purchase order.

Acceptance or Rejection

Living Goods, at its sole discretion, retains the right to accept or reject all proposals. The issuance of this request for proposal does not impose any obligation on Living Goods to take any action concerning any response submitted by a Bidder in response to this request.

Anti-Corruption Clause

The bidder must not offer, give, or make any illegal or corrupt payments, gifts, considerations, or benefits, directly or indirectly, as inducement or reward for the award or execution of this contract. Any such practice will lead to the contract’s termination or other corrective actions as needed. A breach of this clause will be deemed a material breach of the agreement, enabling Living Goods to terminate the contract immediately.