Search      Advanced Search

Development of an “Information Security Policy” for the Government Information Technology infrastructures

Request For Expressions of Interest

Versions
Edition 3:   Nov 19, 2009 (shown)
Edition 2:   Nov 19, 2009
Edition 1:   Nov 18, 2009

General Information
Country:   Rwanda
Notice/Contract Number:   RDB/IT/NDC/CTR/01/2009
Publication Date:   Nov 19, 2009
Deadline:   Dec 18, 2009
Buyer:   eRwanda Project. Rwanda Information Technology Authority
Original Language:   English

Contact Information
Address:   Wilson Muyenzi
Rwanda Develpment Board/Information Technology
Telecom House, Boulevard de l'Umuganda
P.O.Box 7229 Kigali, Rwanda
Kigali
Rwanda
Telephone:   + 250 583220
Fax:   + 250 583222
Email:   Click here
Web Site:   http://www.erwanda.org

Assignments

 

Original Text

      view in:

RWANDA DEVELOPMENT BOARD/IT

Contract Number RDB/IT/NDC/CTR/01/2009


Development of an “Information Security Policy” for the Government Information Technology infrastructures.


REQUEST FOR EXPRESSIONS OF INTEREST

1. Introduction and Background
The Government of Rwanda has received a grant from the Swedish Government through SIDA to implement the National Cyber Security Center. This Grant has been provided under the institutional capacity development which is being implemented by the Rwanda Development Board – Information Technology Authority (RDB-IT) based in Kigali, Rwanda.
Rwanda Development Board / Information Technology (RDB/IT) is a government institution established by an act of parliament, with a specific purpose to articulate, catalyze, and facilitate the implementation of National ICT policies, strategies and plans, as outlined in the National Information and Communication Infrastructure Policy and Plan (NICI).
One of the projects in National Information and Communication Infrastructure (NICI) Plan is to establish a National Cyber Security Center and one of the activities under this project is to develop a Government Information Security Policy (policies, procedures and best practices).

2. The objective and purpose
The objective of this project is to deliver an Information Security management, Security policy and controls to the Public Service Organizations and Ministries in order to use Government Information Technology (IT) infrastructures in a manner that will:
• Protect Government key data and information infrastructures from security breach so that it remains accurate and available.
• Provide controls which enable sensitive information to be kept confidential.

RDB/IT now seeks for a qualified consultancy firm, well experienced to develop Government Information Security Management and Information Security Policy to carry out this project.

3. Scope of the Consultancy Services

The consultancy firm will develop an Information Security Policy for the Government Information Technology/Information System infrastructure. The consultancy firm will focus on the following main items but not limited to:

a) Develop Information Security Policies for the government; these information security policies target all Government IT infrastructures.

• Develop an ISMS policy as per ISO 27001.
• Develop code of practices for Information Security management (i.e. Policies, sub policies, Procedures and Guidelines), as per ISO 27002 standards. These policies should include but not limited to the component below detailed in annexure:
o General Security policy;
o Government Network infrastructure Security policies and procedures.
o National Data Center (NDC) Security Policies and procedures.
• Propose to Government a list of Information Security Laws to be developed;
• Provide an implementation roadmap of the developed information security policies.
• Conduct workshops with stakeholders to receive feedback on the developed security policies.

b) Organize Information security training.

• Organize a workshop to educate IT staff on security standards (ISO 27001 and ISO 27002)
• Organize a Vulnerability Assessment and Penetration testing training for IT security personnel.

c) Develop other important policies which do not fall under information security policies category but which can have a direct or indirect impact to the information security.


4. Competences

Interested firms must indicate their interest in providing the above mentioned services.
a) For the consulting firm:
• Must have carried out at least 5 major Information Security policies Development for Government, critical telecommunications environments or similar.
• Must be ISO 27001 & 27002 Certified

b) For the appointed consultant(s) assigned for the job:
• Should be CISSP and ISO 27001 & 27002 certified with minimum 5 years experience in information Security Policies development.
• Should have created Policies , Procedures , Guidelines Related to IT Security Process
• Should have conducted at least three application or network security audits or similar projects
• Should have developed policies for Data Center environments
• Experience in creating/documenting Policies, Procedures, Plans and MOU.

c) For Vulnerability assessment and Penetration testing Training job:
• Must be CISSP, CEH and LPT Certified with minimum of 5 years of experience
• Should have excellent knowledge and working experience in the risk management and business continuity processes such as GAP Analysis, Risk Assessment, and Business Continuity Planning, Disaster Recovery Procedures and Policy Formulation.

5. Selection Procedures

RDB-IT now invites eligible consultancy firms to indicate their interest in providing the above mentioned services. Interested firms must provide information indicating that they are qualified to perform the services (description of similar assignments, availability of skills among the staff etc.

The firm will be selected in accordance with Sida procedures and using “Quality and Cost Based Selection Method”. Only consultancy firms with demonstrated experience and good track record in similar assignments will be short-listed.


6. Submission Address

Expressions of interest must be delivered to the Procurement Office, e-Rwanda Project, Rwanda Development Board Office Block, Gishushu, 4th Floor, and P.O Box 6239, Kigali, Rwanda or by email at bids@rita.rw with a copy to wilson.muyenzi@rita.rw, terry.bayingana@rita.rw and charles.mugisha@rita.rw. Acknowledgement will only be made valid by a “read confirmation” receipt from e-Rwanda Project.

7. Deadline Date and Time

Expressions of Interest must be received at the address indicated above by 1600hrs Rwanda time, on Tuesday 18th December, 2009 clearly marked “Expression of Interest for Consultancy Services for the Development of an Information Security Policy for the Government Information Technology infrastructures”
”.

Done at Kigali on,




Patrick NYIRISHEMA
DCEO-IT
Rwanda Development Board/IT
Please note that this notice is for your information only.
We try our best to have the most accurate and up-to-date information available on our web site, but we cannot guarantee that all of the information provided is error-free.
If you have any suggestions for updates/corrections for this notice, please let us know.