Consultancy Service for the Migration, Redesign, And Hosting of The Boost Application

can goredema·September 18, 2025·0 comments

Type of Contract : Consultancy

Duration: 8 weeks (2 months) + 12 months support

Terms of Reference (TOR) for Migration, Redesign and Hosting of the Boost Application

TOR – Migration, Redesign and Hosting of the Boost ApplicationDownload

1. Project Overview

The Boost application currently operates on a fragmented technology stack comprising Strapi, Digital Ocean, Netlify, Vercel, Supabase, Capacitor, Google Playstore, Looker Studio, Google Analytics, Sendgrid, Twilio, GitHub, and Cookiebot. While functional, this ecosystem is unsustainable, costly, and operationally complex.

The objective of this project is to deliver a fully redesigned, OPHID-hosted, enterprise-grade application that consolidates and stabilizes the environment, ensures long-term sustainability, and meets both regulatory and donor compliance requirements.

The new solution must integrate advanced modules, enable future extensibility, and support data migration for four organizations and over 200,000 records, while also incorporating capacity building, governance frameworks, and robust cybersecurity controls.

2. Scope of Work Components

2.1 Application Redevelopment & Hosting

  • Design and build a fully functional Boost application hosted within OPHID-controlled infrastructure (on-prem or OPHID-owned cloud accounts).
  • Eliminate reliance on third-party providers except where explicitly approved (e.g., compliance reporting).
  • Implement API-first architecture to enable seamless integrations with donor systems (DHIS2, Power BI, MOHCC systems, WhatsApp, etc.).
  • Ensure cross-platform support (Android, iOS, web).

2.2 Data Migration (200,000+ Records)

  • Execute secure, lossless migration of data from four organizations.
  • Multi-stage backup, validation, and rollback protocols.
  • Deduplication, normalization, and quality assurance of all migrated data.
  • Audit logs for all migration activities.

2.3 Cybersecurity & Compliance

  • Align to Zimbabwe’s CDPA, GDPR, and ISO27001 standards.
  • Deploy Zero Trust Architecture and role-based access control.
  • Implement SPF, DKIM, DMARC, and SIEM/SOC integration.
  • Conduct full Vulnerability Assessment & Penetration Testing (VAPT) prior to launch.
  • Ensure compliance with Google Playstore, Apple App Store, and donor data protection requirements.

2.4 Functional Enhancements & Integrations

  • AUD/SUD Module Integration – incorporate draft Alcohol and Substance Use Disorder content as a test case for module design.
  • Illustrations – explore human and AI-generated visual content for culturally relevant, accessible interfaces.
  • Analytics & Monitoring – advanced dashboards in Looker Studio, Google Analytics, and AI-driven reporting.
  • Communications – integration with Sendgrid, Twilio, WhatsApp, and OPHID’s CRM stack.
  • Consent & Cookie Compliance – maintain Cookiebot or equivalent for regulatory compliance.

2.5 Testing & Pilot Phase

  • Structured user pilot testing across multiple OPHID field sites and user groups.
  • Performance testing under load (simulate 50,000 concurrent sessions).
  • Usability/accessibility testing across low-bandwidth and offline environments.
  • Security stress-testing (brute force, phishing simulation).
  • End-user acceptance testing with reporting on success metrics.

2.6 Capacity Building & Knowledge Transfer

  • Training for OPHID IT staff on application hosting, DevOps, security monitoring, and module development.
  • Training for program staff on content management, user management, and reporting.
  • Development of manuals, video tutorials, and sandbox environments.
  • Certification of staff competencies post-training.

2.7 Project Governance & Documentation

  • Establish a Boost Steering Committee with representation from OPHID leadership, IT, Data Protection, and Programs.
  • Define a governance charter and roadmap approval process.
  • Provide full documentation: architecture diagrams, source code documentation, SOPs, and compliance reports.
  • All source code to be submitted to OPHID GitHub repositories with branching, versioning, and access control.

2.8 Support & Handover

  • Minimum 12 months of post-launch support covering bug fixes, patches, and security updates.
  • SLA-driven response times (e.g., critical issues within 2 hours).
  • Knowledge transfer sessions to ensure OPHID’s independence in managing the platform.

3. Deliverables

  1. OPHID-hosted Boost Application (Android, iOS, Web).
  2. Migration of 200,000+ records across four organizations.
  3. Integrated AUD/SUD module with illustrations.
  4. Governance framework and Steering Committee setup.
  5. User pilot testing reports.
  6. Training program, manuals, and sandbox environments.
  7. Final security assessment (VAPT report).
  8. 12-month support and maintenance plan.

4. Project Complexity & Risks

This project involves significant technical, compliance, and operational risks:

  • Large-scale data migration across multiple entities.
  • Integration of diverse technologies and communications channels.
  • Regulatory compliance across multiple frameworks.
  • Dependency on user adoption across dispersed field sites.
  • Need for in-depth training across technical and programmatic staff.

5. Timeline

  • Planning & Requirements: 1 week
  • Development & Migration: 4 weeks
  • Testing & Pilot: 1 week
  • Deployment & Handover: 2 weeks
  • Support & Monitoring: 12 months

Total Project Duration: ~8 weeks (2 months) + 12 months support

6. Vendor Requirements

  • Proven track record in large-scale application migration and development.
  • Certified expertise in cybersecurity (ISO27001, CISSP) and cloud infrastructure.
  • Demonstrable experience with health information systems, data migration, and donor-funded projects.
  • Data Protection Certification
  • Capability to deliver multi-disciplinary training.
  • Financial capacity to sustain a multi-phase, high-complexity project.

7. Supervision & Reporting

The consultant/team will work under the supervision of OPHID’s IT Officer and Boost Project Lead, with regular check-ins to ensure alignment with project objectives.

8. Application Process

Interested applicants should submit:

  • A brief proposal outlining their approach to the assignment.
  • Portfolio of past design work (preferably related to health, education, or NGO materials).
  • Cost estimate and timeline for completion.
  • Bid Submission
  • Bid price must be stated in United States Dollars
  • Deadline of submission: Friday, 26th of September 2025
  • Time: 5 pm (local time)
  • Means of submission: email to tenderbox@ophid.co.zw
  • Email Subject: Migration, Redesign, and Hosting of the Boost Application

10. Contact Information

For further clarification, please contact: procurements@ophid.co.zw on or before Friday 26 September 2025, at 10am.

can goredema

Related posts