GovBidAlerts
← My Opportunities
Request for Expression of Interestopen🌐 World BankOP00453310

Consultancy services to conduct an External audits, vulnerability, and penetration testing — Uganda Digital Acceleration Project - GovNet

National Information and Technology Authority - Uganda

Description

REQUEST FOR EXPRESSION OF INTEREST (CONSULTING SERVICES – FIRMS SELECTION) UGANDA UGANDA DIGITAL ACCELERATION PROJECT – GOVERNMENT NETWORK (UDAP-GOVNET) PROJECT ID-P171305 LOAN NUMBER: IDA-68980 REFERENCE NUMBER: NITA-UDAP/CONS/25-26/00053 ASSIGNMENT TITLE: CONSULTANCY SERVICES TO CONDUCT AN EXTERNAL AUDITS, VULNERABILITY, AND PENETRATION TESTING The Government of Uganda, represented by the National Information Technology Authority - Uganda (NITA-U), has received financing from the World Bank towards the cost of the Uganda Digital Acceleration Project - Government Network (UDAP-GOVNET) and intends to apply part of the proceeds for Consultancy services to conduct an External audits, vulnerability, and penetration testing. The consulting services (“the Services”) include conducting External audits, vulnerability, and penetration testing. The primary goal of this project is to identify and address vulnerabilities and to ensure compliance with national and international cybersecurity standards, namely the National Information Security Framework (NISF) and ISO/IEC 27001:2022. The NISF is Uganda's mandatory national information security standard governing all Government Ministries, Departments, and Agencies (MDAs); it defines the minimum information security controls that Government agencies, as well as private- sector companies that own or operate protected computers, must apply to reduce their vulnerability to cyber threats. ISO/IEC 27001:2022, an internationally recognized standard for information security management systems, is used as a supplementary reference for global benchmarking. While the NISF provides the primary compliance baseline specific to Uganda's public-sector context, ISO/IEC 27001:2022 ensures findings are aligned with international best practice. This effort aims to strengthen the cybersecurity posture of Uganda's Government digital services, fostering a secure and resilient digital environment that supports the efficient delivery of public services The Implementation period of the assignment is 25 Weeks from the date of signing the contract. The detailed Terms of Reference (TOR) for the assignment can be found at the following website: https://www.nita.go.ug/opportunities/bids-and-tenders The National Information Technology Authority - Uganda now invites eligible consulting firms (“Consultants”) to indicate their interest in providing the services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience to perform the Services. The Shortlisting Criteria for the firm’s capacity and experience are: The Consulting Firm shall be a legally registered organization in Uganda or overseas, Proof of legal registration must be included in the proposal submission and be valid for the year of operation. The Consulting Firm shall be a legally registered and authorized to provide cybersecurity assessment and penetration testing services by NITA -U. The firm must demonstrate previous experience in cybersecurity consulting, specifically in conducting Vulnerability Assessments and Penetration Testing (VAPT). The firm should provide evidence of successful execution of at least five (5) similar assignments of comparable type, scope, and complexity, preferably involving Government institutions, critical national infrastructure or Data Centers and Operational Technology (OT) or Supervisory Control and Data Acquisition (SCADA) systems. The firm shall demonstrate depth of expertise, quality of reporting, and experience in conducting Vulnerability Assessment and Penetration Testing (VAPT) assignments. To facilitate this assessment, the firm shall submit at least two (2) redacted VAPT reports from previously completed assignments of similar scope and complexity. The submitted reports will be reviewed to evaluate the firm's methodology, technical rigor, clarity of findings, risk-rating approach, quality of recommendations, and adherence to recognized cybersecurity standards and best practices. The firm must have the current ISO 27001 Certification Submit the firm’s organogram to demonstrate the firm’s technical and managerial capability; The consulting firm must demonstrate the ability to field a team of experts with the required qualifications and experience for the assignment. These shall include at least: Team Leader / Senior Cybersecurity Consultant (1), Two (2) Penetration Testing Experts, Two (2) Cybersecurity Risk and Compliance Analysts, and Two (2) Systems and Infrastructure Security Experts. The attention of interested consultants is drawn to Section III, paragraphs 3.15, 3.16, of the World Bank’s ‘ Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025 (Procurement in investment Project Financing; Goods, Works, Non-Consulting and Consulting Services), setting forth the World Bank’s policy on conflict of interest. Consultants may associate with other firms to enhance their qualifications, but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected. A consultant will be selected in accordance with the Least Cost Selection method set out in the World Bank Procurement Regulations “ Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025” . Further information can be obtained at the address below during office hours at the address below 08:00 to 17:00 hours from Monday to Friday at the address given below. Expressions of Interest (One original plus two copies) must be delivered in a written form to the address below (in person or by e-mail) on or before 8th July 2026 at 11:00am Consultants not located in the Country may submit their REOIs through the provided email address. The packages must be clearly marked as; “ Expression of Interest for Consultancy services to conduct an External audits, vulnerability, and penetration testing . ” The Procurement Officer, National Information Technology Authority-Uganda Palm Courts, Plot 7A Rotary Avenue,1st Floor Kampala-Uganda, Email: steven.batte@nita.go.ug Any form of canvassing or lobbying for the tender shall lead to automatic disqualification. EXECUTIVE DIRECTOR.

Details

Posted
Jun 25, 2026
Response deadline
Jul 8, 2026, 11:00 AM UTC
Type
Request for Expression of Interest
Category
Request for Expression of Interest
Procurement method
Least Cost Selection
Status
open
Buyer
National Information and Technology Authority - Uganda
Jurisdiction
World Bank
Reference #
OP00453310
Country
Uganda
Notice Text
  REQUEST FOR EXPRESSION OF INTEREST (CONSULTING SERVICES – FIRMS SELECTION) UGANDA
Project Name
Uganda Digital Acceleration Project - GovNet
Notice Status
Published
Bid Description
Consultancy services to conduct an External audits, vulnerability, and penetration testing
Contact Address
Palm Courts, Plot 7A, Rotary Avenue (Lugogo Bypass) P.O.Box 33151, Kampala -Uganda
Bid Reference No
UG-NITA-U-495887-CS-LCS
Notice Lang Name
English
Procurement Group
CS
Procurement Method Code
LCS
Submission Deadline Time
11:00

Contact

Batte steven mukasa
steven.batte@nita.go.ug
+256783314320
Finding similar opportunities…

This listing is a summary from World Bank's open procurement data. We ingest every field the feed publishes; the full solicitation documents are on the source portal.