©2026 Wakanda Systems. All right reserved.

This Position is Closed

REQUEST FOR PROPOSAL (RFP) National Health Data Repository System Software Development Services

Sorry, this position is no longer available. The job posting has expired and we are not accepting new applications at this time.

Looking for other opportunities? Check out our current job openings to find your next career opportunity.

Browse Available Jobs
Job Details

REQUEST FOR PROPOSAL (RFP) National Health Data Repository System Software Development Services

Hire Type         Consultancy firm only

Proposal Submission Deadline: June 19, 2026, 5:00 PM

Contact Person: Wegayehu Madebo

Contact Email: wm•••••@••••••.org

Expected project duration: 4 months(July 1 - October 30)

DOCUMENT CONTROL

VersionDateDescription
1.0April 2, 2026Initial Release

 

1. INTRODUCTION & EXECUTIVE SUMMARY

1.1 Purpose of RFP

Project HOPE (hereinafter referred to as “the Client” or “Organization”) is soliciting proposals from qualified software development companies for the design, development, implementation, and support of a National Health Data Repository System.

This Request for Proposal (RFP) outlines the requirements, specifications, and expectations for the proposed system. Vendors are invited to submit comprehensive proposals demonstrating their capability to deliver a robust, scalable, and secure solution that meets our organizational needs.

1.2 Executive Summary

The Organization requires a modern, enterprise-grade document management platform to:

  • Centralize the storage and management of research papers, abstracts, reports, and other academic/business documents
  • Enable secure document sharing with granular access controls
  • Implement role-based access control with approval workflows for document access requests
  • Provide powerful search capabilities across document content and metadata
  • Support future integration with AI/ML systems for advanced document processing

The system must be built using open-source technologies only (no proprietary licensed software) and follow a scalable modular monolith architecture that can evolve into microservices if needed.

 

2. PROJECT OVERVIEW

2.1 Project Description

The National Health Data Repository and Sharing System shall serve as the Organization’s centralized platform for:

  1. Document Storage & Management
    • Secure storage of research papers, abstracts, technical documents, reports, and datasets
    • Version control with complete revision history
    • Metadata management and categorization
    • Support for multiple file formats (PDF, DOCX, XLSX, PPTX, images, etc.)
  2. Access Control & Security
    • Role-based access control (RBAC) with predefined and custom roles
    • Document-level access permissions
    • Access request and approval workflows
    • Integration with organizational identity provider
  3. Search & Discovery
    • Full-text search across document content
    • Advanced filtering and faceted search
    • Tag-based navigation and categorization
  4. Collaboration & Sharing
    • Secure document sharing with internal and external users
    • Expiring access links
    • Notification system for relevant activities
  5. Compliance & Audit
    • Comprehensive audit logging of all activities
    • Compliance reporting capabilities
    • Data retention policy enforcement

 

3. SCOPE OF WORK

3.1 In-Scope

The following items are within the scope of this project:

3.1.1 Software Development

#DeliverableDescription
1Backend ApplicationModular monolith application with all business logic
2Frontend ApplicationWeb-based user interface (responsive design)
3Database Design & ImplementationSchema design, implementation, and optimization
4API DevelopmentRESTful APIs for all system functions
5Integration LayerIntegration with identity provider, email, storage
6Search Engine IntegrationFull-text search implementation
7Workflow EngineApproval workflow implementation
8Notification SystemEmail and in-app notifications
9Audit & Logging SystemComprehensive activity logging

3.1.2 Infrastructure & DevOps

#DeliverableDescription
1Infrastructure as CodeKubernetes manifests, Helm charts, or equivalent
2CI/CD PipelineAutomated build, test, and deployment pipeline
3Monitoring & Alerting SetupPrometheus, Grafana dashboards, alert rules
4Logging InfrastructureCentralized logging setup (ELK or equivalent)
5Backup & RecoveryAutomated backup procedures and recovery scripts

3.1.3 Documentation

#DeliverableDescription
1Technical Architecture DocumentDetailed system architecture documentation
2API DocumentationOpenAPI/Swagger specifications
3Database Documentationdata dictionary, schema documentation
4Deployment GuideStep-by-step deployment procedures
5Operations ManualSystem administration and operations guide
6User ManualEnd-user documentation
7Security DocumentationSecurity architecture and procedures

3.1.4 Quality Assurance

#DeliverableDescription
1Test Strategy & PlansComprehensive testing approach
2Unit TestsMinimum 80% code coverage
3Integration TestsAPI and integration test suites
4Performance TestsLoad and stress testing
5Security TestingVulnerability assessment and penetration testing
6UAT SupportUser acceptance testing support

3.1.5 Training & Knowledge Transfer

#DeliverableDescription
1Administrator TrainingSystem administration training
2Developer TrainingTechnical training for maintenance team
3End-User TrainingUser training sessions or materials
4Knowledge Transfer SessionsHandover sessions with documentation

 

4. FUNCTIONAL REQUIREMENTS

4.1 User Management Module

4.1.1 User Account Management

Req IDRequirementPriority
UM-001System shall integrate with external Identity Provider (Keycloak/LDAP/SAML) for user authenticationCritical
UM-002System shall support Single Sign-On (SSO) via OAuth2/OIDC protocolsCritical
UM-004System shall allow administrators to view and manage user accountsHigh
UM-005System shall support user account status management (active, suspended, deactivated)High
UM-006System shall capture and display user profile information (name, email, department, etc.)Medium

4.1.2 Role Management

Req IDRequirementPriority
UM-010System shall provide predefined roles: Administrator, Uploader, Reviewer, Viewer, GuestCritical
UM-011System shall allow administrators to create custom rolesMedium
UM-012System shall support assignment of multiple roles to a single userHigh

4.1.3 Organization & Group Management

Req IDRequirementPriority
UM-020System shall support organizational hierarchy (Organizations → Departments → Groups)High
UM-021System shall allow users to belong to multiple groupsHigh
UM-022System shall support group-based access permissionsHigh
UM-023System shall allow administrators to manage group membershipHigh

4.2 Document Management Module

5.2.1 Document Upload & Storage

Req IDRequirementPriority
DM-001System shall allow authorized users to upload documentsCritical
DM-002System shall support file formats: PDF, DOCX, XLSX, PPTX, TXT, RTF, images (JPG, PNG, TIFF)Critical
DM-003System shall support configurable maximum file size (default: 500MB)High
DM-004System shall support chunked/resumable uploads for large filesHigh
DM-005System shall generate and verify file checksums for integrityHigh
DM-006System shall extract and store file metadata automaticallyHigh

4.2.2 Document Metadata & Classification

Req IDRequirementPriority
DM-010System shall require mandatory metadata: Title, Document Type, Abstract/DescriptionCritical
DM-011System shall support custom metadata fields per document typeMedium
DM-012System shall support document categorization (hierarchical categories)High
DM-013System shall support document tagging with user-defined tagsHigh
DM-014System shall support document types: Research Paper, Abstract, Thesis, Report, Dataset, OtherHigh
DM-016System shall support author attribution (single and multiple authors)High

4.2.3 Version Control

Req IDRequirementPriority
DM-020System shall maintain version history for all documentsCritical
DM-021System shall auto-increment version numbers on new uploadsHigh
DM-022System shall allow users to view and download previous versionsHigh

4.2.4 Document Lifecycle

Req IDRequirementPriority
DM-030System shall support document status workflow: Draft → Pending Review → Published → ArchivedCritical
DM-031System shall allow document owners to submit documents for reviewHigh
DM-032System shall notify reviewers when documents are pending approvalHigh
DM-033System shall allow reviewers to approve, reject, or return documents with commentsHigh
DM-035System shall support soft delete with recovery capabilityHigh
DM-036System shall support permanent deletion with appropriate authorizationHigh

4.3 Access Control Module

5.3.1 Document Access Levels

Req IDRequirementPriority
AC-001System shall support document access levels: Public, Internal, Restricted, ConfidentialCritical
AC-002Public documents shall be accessible to all authenticated usersHigh
AC-003Internal documents shall be accessible to users within the same organizationHigh
AC-004Restricted documents shall require explicit access grantsCritical
AC-005Confidential documents shall require multi-step approval for accessCritical

4.3.2 Access Permissions

Req IDRequirementPriority
AC-010System shall support permission levels: View, Download, Edit, Full ControlCritical
AC-011System shall allow document owners to grant access to individual usersHigh
AC-012System shall allow document owners to grant access to groupsHigh
AC-013System shall support time-limited access (expiring permissions)High
AC-014System shall allow document owners to revoke access at any timeHigh
AC-015System shall support access inheritance from categories/foldersMedium

4.3.3 Access Request Workflow

Req IDRequirementPriority
AC-020System shall allow users to request access to restricted documentsCritical
AC-021System shall require justification text for access requestsHigh
AC-022System shall route access requests based on document access levelCritical
AC-023System shall auto-approve requests for Public and Internal (same org) documentsHigh
AC-024System shall route Restricted document requests to document ownerCritical
AC-025System shall route Confidential document requests through multi-step approvalCritical
AC-026System shall notify approvers of pending access requestsHigh
AC-027System shall allow approvers to approve, reject, or delegate requestsHigh
AC-028System shall notify requesters of approval decisionsHigh
AC-030System shall maintain complete audit trail of access requestsHigh

4.4 Workflow Engine Module

5.4.1 Workflow Definition

Req IDRequirementPriority
WF-001System shall support configurable workflow templatesHigh
WF-002System shall support sequential and parallel approval stepsHigh
WF-003System shall allow administrators to create and modify workflow templatesHigh
WF-004System shall support workflow triggers based on document eventsMedium

4.4.2 Workflow Execution

Req IDRequirementPriority
WF-010System shall create workflow instances when triggeredHigh
WF-011System shall track workflow instance status and progressHigh
WF-012System shall support workflow actions: Approve, Reject, Return, Delegate, EscalateHigh
WF-013System shall enforce step deadlines with reminders and escalationMedium
WF-014System shall allow workflow cancellation by authorized usersMedium
WF-015System shall maintain workflow history for audit purposesHigh

4.5 Search Module

4.5.1 Search Capabilities

Req IDRequirementPriority
SR-001System shall provide full-text search across document contentCritical
SR-002System shall search document metadata (title, abstract, authors, tags)Critical
SR-003System shall support Boolean search operators (AND, OR, NOT)High
SR-004System shall support phrase search using quotation marksHigh
SR-005System shall support wildcard searchMedium
SR-006System shall return results ranked by relevanceHigh
SR-007System shall highlight search terms in resultsMedium
SR-008System shall support search within specific fieldsMedium

4.5.2 Filtering & Facets

Req IDRequirementPriority
SR-010System shall provide faceted search/filteringHigh
SR-011System shall support filtering by document typeHigh
SR-012System shall support filtering by categoryHigh
SR-013System shall support filtering by tagsHigh
SR-014System shall support filtering by date rangeHigh
SR-015System shall support filtering by authorMedium
SR-016System shall support filtering by access levelMedium
   

4.5.3 Search Features

Req IDRequirementPriority
SR-020System shall provide search autocomplete/suggestionsMedium
SR-022System shall only return results user has access to viewCritical

4.6 Notification Module

4.6.1 Notification Channels

Req IDRequirementPriority
NT-001System shall send notifications via emailCritical
NT-002System shall provide in-app notificationsHigh
NT-003System shall support webhook notifications for external integrationsLow

4.6.2 Notification Events

Req IDRequirementPriority
NT-010System shall notify when access request is receivedHigh
NT-011System shall notify when access request is approved/rejectedHigh
NT-012System shall notify when document is shared with userHigh
NT-013System shall notify when approval action is requiredHigh

4.7 Audit & Compliance Module

4.7.1 Audit Logging

Req IDRequirementPriority
AU-001System shall log all user authentication eventsCritical
AU-002System shall log all document operations (create, read, update, delete)Critical
AU-003System shall log all document downloadsCritical
AU-004System shall log all access grant and revocation eventsCritical
AU-005System shall log all access request and approval eventsCritical
AU-006System shall log all administrative actionsCritical
AU-007System shall capture actor, action, resource, timestamp, and context for all logsCritical
AU-008System shall capture IP address and user agent for all actionsHigh
AU-009System shall store audit logs in immutable/append-only storageHigh
AU-010System shall retain audit logs per configurable retention policyHigh

4.7.2 Audit Reporting

Req IDRequirementPriority
AU-020System shall provide audit log search and filtering interfaceHigh
AU-021System shall support audit reports by userHigh
AU-022System shall support audit reports by documentHigh
AU-023System shall support audit reports by action typeHigh
AU-024System shall support audit reports by date rangeHigh
AU-025System shall support export of audit reports (CSV, PDF)Medium
AU-026System shall provide dashboard with audit statisticsMedium

4.8 Administration Module

5.8.1 System Configuration

Req IDRequirementPriority
AD-001System shall provide administrative dashboardHigh
AD-002System shall allow configuration of system-wide settingsHigh
AD-003System shall allow configuration of document types and categoriesHigh
AD-004System shall allow configuration of workflow templatesHigh
AD-005System shall allow configuration of notification templatesMedium
AD-006System shall allow configuration of file size and type restrictionsHigh
AD-007System shall allow configuration of retention policiesMedium

4.8.2 System Monitoring

Req IDRequirementPriority
AD-010System shall display system health statusHigh
AD-011System shall display storage usage statisticsHigh
AD-012System shall display user activity statisticsMedium
AD-013System shall display document statisticsMedium
AD-014System shall provide performance metrics dashboardMedium

 

5. TECHNICAL REQUIREMENTS

5.1 Architecture Requirements

5.1.1 Architecture Pattern

Req IDRequirementPriority
AR-001System shall be built as a Modular Monolith architectureCritical
AR-002System shall be designed with clear module boundaries for future microservices extractionHigh
AR-003System shall implement Domain-Driven Design (DDD) principlesHigh
   
   
AR-006System shall be stateless for horizontal scalabilityCritical

5.1.2 Recommended Module Structure

The system shall be organized into the following modules:

ModuleResponsibility
User ManagementUser profiles, roles, permissions, groups
Document ManagementDocument CRUD, versions, metadata, categories
Access ControlDocument permissions, access requests
Workflow EngineApproval workflows, workflow instances
StorageFile storage abstraction (MinIO integration)
SearchFull-text search (OpenSearch integration)
NotificationEmail, in-app, webhook notifications
AuditLogging, compliance reporting
Shared KernelCommon utilities, domain events, base classes

5.2 Technology Stack Requirements

5.2.1 Mandatory Open-Source Technologies

ComponentRequired TechnologyVersion
RuntimeJava17 LTS or 21 LTS
FrameworkSpring Boot3.x
DatabasePostgreSQL15 or 16
Object StorageMinIOLatest stable
Search EngineOpenSearch2.x
Message Queue RabbitMQLatest stable
CachingRedis7.x
Identity ManagementKeycloak22.x or later
Container RuntimeDockerLatest stable
OrchestrationKubernetes1.27+
API GatewayKong (OSS) OR TraefikLatest stable
MonitoringPrometheus + GrafanaLatest stable
LoggingELK Stack OR OpenSearch + FluentdLatest stable

 

5.2.3 Frontend Technology

ComponentRequirement
FrameworkModern JavaScript framework (React, Vue.js)
State ManagementAppropriate for chosen framework
UI Component LibraryOpen-source (Material UI, Ant Design, etc.)
Build ToolWebpack, Vite, or equivalent
CSSModern CSS with preprocessor (SCSS/LESS) or CSS-in-JS

5.3 Integration Requirements

5.3.1 Authentication Integration

Req IDRequirementPriority
INT-001System shall integrate with Keycloak for authenticationCritical
INT-002System shall support OAuth2 / OpenID Connect protocolsCritical
INT-004System shall support JWT token-based authentication for APIsCritical
INT-005System shall support integration with existing LDAP/AD (via Keycloak)High

5.3.2 External System Integration

Req IDRequirementPriority
INT-010System shall provide RESTful APIs for all functionalityCriticalSystem shall provide storage for document embeddings (pgvector or similar)
INT-011System shall provide OpenAPI/Swagger documentationHigh
INT-012System shall support API versioningHigh
INT-013System shall provide webhook capabilities for external notificationsMedium
INT-014System shall support SMTP integration for email notificationsHigh

5.3.3 Future AI/ML Integration Readiness

Req IDRequirementPriority
INT-020System shall provide APIs for document content extractionHigh
INT-021  
INT-022System shall provide storage for document embeddings (pgvector or similar)Medium
INT-023System shall provide batch export APIs for ML training dataMedium
INT-024

Architecture shall support future semantic search capabilities

 

Medium

5.4 Data Requirements

6.4.1 Database Design

Req IDRequirementPriority
DB-001System shall use schema-per-module approach for data isolationHigh
DB-002System shall implement database migrations using Flyway or LiquibaseHigh
DB-003System shall use UUIDs for primary keysHigh
DB-004System shall implement soft delete for recoverable entitiesHigh
DB-005System shall implement audit columns (created_at, updated_at, created_by, updated_by)

High

 

DB-006System shall use appropriate indexes for query optimizationHigh
   

5.4.2 Data Storage

Req IDRequirementPriority
DB-010Documents shall be stored in MinIO object storageCritical
DB-011Document metadata shall be stored in PostgreSQLCritical
DB-012Search indexes shall be maintained in OpenSearchCritical
DB-013System shall maintain referential integrity between database and object storageHigh
DB-014System shall support storage quotas per user/organizationMedium

5.5 API Requirements

6.5.1 API Design

Req IDRequirementPriority
API-001APIs shall follow RESTful design principlesCritical
API-002APIs shall use JSON for request/response payloadsCritical
API-003APIs shall implement proper HTTP status codesHigh
API-004APIs shall implement pagination for list endpointsHigh
API-005APIs shall implement filtering and sorting capabilitiesHigh
API-006APIs shall implement rate limitingHigh
API-007APIs shall be versioned (URL path versioning: /api/v1/)High
API-008APIs shall implement HATEOAS principles where appropriateLow

6.5.2 API Security

Req IDRequirementPriority
API-010APIs shall require authentication (except public endpoints)Critical
API-011APIs shall implement authorization checksCritical
API-012APIs shall validate all input dataCritical
API-013APIs shall sanitize output dataCritical
API-014APIs shall implement CORS policiesHigh
API-015APIs shall be protected against common vulnerabilitiesCritical

5.6 DevOps Requirements

5.6.1 CI/CD Pipeline

Req IDRequirementPriority
DO-001System shall have automated CI/CD pipelineHigh
DO-002Pipeline shall include automated code quality checksHigh
DO-003Pipeline shall include automated unit test executionHigh
DO-004Pipeline shall include automated integration test executionHigh
   
DO-006Pipeline shall include automated container image buildingHigh
DO-007Pipeline shall support multiple environments (dev, staging, production)High
DO-008Pipeline shall support rollback capabilitiesHigh

5.6.3 Containerization

Req IDRequirementPriority
DO-020All application components shall be containerizedCritical
DO-021Container images shall follow security best practicesHigh

 

6. NON-FUNCTIONAL REQUIREMENTS

6.1 Performance Requirements

Req IDRequirementTargetPriority
PF-001Page load time< 3 seconds (90th percentile)High
PF-002API response time (simple operations)< 500ms (95th percentile)High
PF-003API response time (complex operations)< 2 seconds (95th percentile)High
PF-004Search response time< 2 seconds (95th percentile)High
    
PF-006Concurrent usersSupport minimum 500 concurrent usersHigh

6.2 Scalability Requirements

Req IDRequirementPriority
SC-001System shall support horizontal scaling of application tierCritical
SC-002System shall support database read replicasHigh
SC-003System shall support distributed object storageHigh
SC-004System shall support search cluster scalingHigh

6.3 Security Requirements

6.3.1 Authentication & Authorization

Req IDRequirementPriority
SE-001System shall enforce strong password policies (via Keycloak)Critical
SE-002System shall support multi-factor authentication (via Keycloak)High
SE-003System shall implement session timeout (configurable)High
SE-004System shall lock accounts after failed login attemptsHigh
SE-005System shall enforce role-based access controlCritical
SE-006System shall implement principle of least privilegeCritical

6.3.2 Data Security

Req IDRequirementPriority
SE-010All data in transit shall be encrypted (TLS 1.2+)Critical
SE-011Sensitive data at rest shall be encryptedCritical
SE-012Document storage shall be encryptedCritical
SE-013Database connections shall be encryptedCritical
SE-014API keys and secrets shall be stored securely (vault/secrets manager)Critical
SE-015PII data shall be protected per applicable regulationsCritical

6.3.3 Application Security

Req IDRequirementPriority
   
SE-021Application shall implement input validationCritical
SE-022Application shall implement output encodingCritical
SE-023Application shall protect against SQL injectionCritical
SE-024Application shall protect against XSS attacksCritical
SE-025Application shall protect against CSRF attacksCritical
SE-026Application shall implement security headersHigh
SE-027Application shall undergo security testing before releaseCritical

6.3 Reliability Requirements

Req IDRequirementPriority
RL-001System shall implement graceful degradationHigh
RL-002System shall implement circuit breaker patternsHigh
RL-003System shall implement retry mechanisms with exponential backoffHigh
RL-004System shall handle failures gracefully with appropriate error messagesHigh
RL-005System shall implement health check endpointsHigh
RL-006System shall implement automated alerting for failuresHigh

6.4 Compatibility Requirements

Req IDRequirementPriority
CP-001Web application shall support Chrome (last 2 versions)High
CP-002Web application shall support Firefox (last 2 versions)High
CP-003Web application shall support Safari (last 2 versions)High
CP-004Web application shall support Edge (last 2 versions)High
CP-005APIs shall be backward compatible within same major versionHigh
CP-006System shall support deployment on major cloud providers or on-premisesHigh

 

7. DELIVERABLES

7.1 Software Deliverables

#DeliverableDescriptionFormat
1Source CodeComplete source code for all componentsGit Repository
2Backend ApplicationCompiled/packaged backend applicationDocker Images
3Frontend ApplicationBuilt frontend applicationDocker Images
4Database ScriptsSchema, migrations, seed dataSQL/Migration files
5Infrastructure CodeKubernetes manifests/Helm chartsYAML/Helm
6CI/CD PipelinePipeline configuration filesPlatform-specific
7Configuration TemplatesEnvironment configuration templatesYAML/Properties

7.2 Documentation Deliverables

#DeliverableDescriptionFormat
1Technical Architecture DocumentSystem architecture, component design, data flowPDF/Word
2API DocumentationComplete API reference with examplesOpenAPI/Swagger
3Database DocumentationERD, data dictionary, schema documentationPDF/Word
4Deployment GuideStep-by-step deployment instructionsPDF/Word
5Operations ManualSystem administration, monitoring, troubleshootingPDF/Word
6User ManualEnd-user documentation with screenshotsPDF/Word

7.3 Training Deliverables

#DeliverableDescriptionFormat
1Administrator TrainingSystem administration training materialsSlides + Hands-on
2Developer TrainingTechnical training for development teamSlides + Hands-on
3End-User TrainingUser training materialsSlides + Video
4Training RecordingsRecorded training sessionsVideo files

 

 

About the Company
Project HOPE The poeple to people health foundation Inc.
Project HOPE The poeple to people health foundation Inc.

We believe in a universal right to be healthy and thrive, and we envision a world where everyone has...

View Company Profile
Wakanda Jobs - Find All Jobs

New Things Will Always
Update Regularly

Wakanda Jobs - Find All Jobs
Your experience on this site will be improved by allowing cookies Cookie Policy

These cookies are essential for the website to function properly.

These cookies help us understand how visitors interact with the website.

These cookies are used to deliver personalized advertisements.