Request for Expression of Interestopen🌐 World BankOP00453310
Consultancy services to conduct an External audits, vulnerability, and penetration testing — Uganda Digital Acceleration Project - GovNet
National Information and Technology Authority - Uganda
Description
REQUEST FOR EXPRESSION OF INTEREST (CONSULTING SERVICES – FIRMS SELECTION) UGANDA UGANDA DIGITAL ACCELERATION PROJECT – GOVERNMENT NETWORK (UDAP-GOVNET) PROJECT ID-P171305 LOAN NUMBER: IDA-68980 REFERENCE NUMBER: NITA-UDAP/CONS/25-26/00053 ASSIGNMENT TITLE: CONSULTANCY SERVICES TO CONDUCT AN EXTERNAL AUDITS, VULNERABILITY, AND PENETRATION TESTING The Government of Uganda, represented by the National Information Technology Authority - Uganda (NITA-U), has received financing from the World Bank towards the cost of the Uganda Digital Acceleration Project - Government Network (UDAP-GOVNET) and intends to apply part of the proceeds for Consultancy services to conduct an External audits, vulnerability, and penetration testing. The consulting services (“the Services”) include conducting External audits, vulnerability, and penetration testing. The primary goal of this project is to identify and address vulnerabilities and to ensure compliance with national and international cybersecurity standards, namely the National Information Security Framework (NISF) and ISO/IEC 27001:2022. The NISF is Uganda's mandatory national information security standard governing all Government Ministries, Departments, and Agencies (MDAs); it defines the minimum information security controls that Government agencies, as well as private- sector companies that own or operate protected computers, must apply to reduce their vulnerability to cyber threats. ISO/IEC 27001:2022, an internationally recognized standard for information security management systems, is used as a supplementary reference for global benchmarking. While the NISF provides the primary compliance baseline specific to Uganda's public-sector context, ISO/IEC 27001:2022 ensures findings are aligned with international best practice. This effort aims to strengthen the cybersecurity posture of Uganda's Government digital services, fostering a secure and resilient digital environment that supports the efficient delivery of public services The Implementation period of the assignment is 25 Weeks from the date of signing the contract. The detailed Terms of Reference (TOR) for the assignment can be found at the following website: https://www.nita.go.ug/opportunities/bids-and-tenders The National Information Technology Authority - Uganda now invites eligible consulting firms (“Consultants”) to indicate their interest in providing the services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience to perform the Services. The Shortlisting Criteria for the firm’s capacity and experience are: The Consulting Firm shall be a legally registered organization in Uganda or overseas, Proof of legal registration must be included in the proposal submission and be valid for the year of operation. The Consulting Firm shall be a legally registered and authorized to provide cybersecurity assessment and penetration testing services by NITA -U. The firm must demonstrate previous experience in cybersecurity consulting, specifically in conducting Vulnerability Assessments and Penetration Testing (VAPT). The firm should provide evidence of successful execution of at least five (5) similar assignments of comparable type, scope, and complexity, preferably involving Government institutions, critical national infrastructure or Data Centers and Operational Technology (OT) or Supervisory Control and Data Acquisition (SCADA) systems. The firm shall demonstrate depth of expertise, quality of reporting, and experience in conducting Vulnerability Assessment and Penetration Testing (VAPT) assignments. To facilitate this assessment, the firm shall submit at least two (2) redacted VAPT reports from previously completed assignments of similar scope and complexity. The submitted reports will be reviewed to evaluate the firm's methodology, technical rigor, clarity of findings, risk-rating approach, quality of recommendations, and adherence to recognized cybersecurity standards and best practices. The firm must have the current ISO 27001 Certification Submit the firm’s organogram to demonstrate the firm’s technical and managerial capability; The consulting firm must demonstrate the ability to field a team of experts with the required qualifications and experience for the assignment. These shall include at least: Team Leader / Senior Cybersecurity Consultant (1), Two (2) Penetration Testing Experts, Two (2) Cybersecurity Risk and Compliance Analysts, and Two (2) Systems and Infrastructure Security Experts. The attention of interested consultants is drawn to Section III, paragraphs 3.15, 3.16, of the World Bank’s ‘ Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025 (Procurement in investment Project Financing; Goods, Works, Non-Consulting and Consulting Services), setting forth the World Bank’s policy on conflict of interest. Consultants may associate with other firms to enhance their qualifications, but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected. A consultant will be selected in accordance with the Least Cost Selection method set out in the World Bank Procurement Regulations “ Procurement in Investment Project Financing Goods, Works, Non-Consulting and Consulting Services, Seventh Edition September 2025” . Further information can be obtained at the address below during office hours at the address below 08:00 to 17:00 hours from Monday to Friday at the address given below. Expressions of Interest (One original plus two copies) must be delivered in a written form to the address below (in person or by e-mail) on or before 8th July 2026 at 11:00am Consultants not located in the Country may submit their REOIs through the provided email address. The packages must be clearly marked as; “ Expression of Interest for Consultancy services to conduct an External audits, vulnerability, and penetration testing . ” The Procurement Officer, National Information Technology Authority-Uganda Palm Courts, Plot 7A Rotary Avenue,1st Floor Kampala-Uganda, Email: steven.batte@nita.go.ug Any form of canvassing or lobbying for the tender shall lead to automatic disqualification. EXECUTIVE DIRECTOR.
Details?
- Posted
- Jun 25, 2026
- Response deadline
- Jul 8, 2026, 11:00 AM UTC
- Type
- Request for Expression of Interest
- Category
- Request for Expression of Interest
- Procurement method
- Least Cost Selection
- Status
- open
- Buyer
- National Information and Technology Authority - Uganda
- Jurisdiction
- World Bank
- Reference #
- OP00453310
- Country
- Uganda
- Notice Text
- REQUEST FOR EXPRESSION OF INTEREST (CONSULTING SERVICES – FIRMS SELECTION) UGANDA
- Project Name
- Uganda Digital Acceleration Project - GovNet
- Notice Status
- Published
- Bid Description
- Consultancy services to conduct an External audits, vulnerability, and penetration testing
- Contact Address
- Palm Courts, Plot 7A, Rotary Avenue (Lugogo Bypass) P.O.Box 33151, Kampala -Uganda
- Bid Reference No
- UG-NITA-U-495887-CS-LCS
- Notice Lang Name
- English
- Procurement Group
- CS
- Procurement Method Code
- LCS
- Submission Deadline Time
- 11:00
Contact
Finding similar opportunities…
This listing is a summary from World Bank's open procurement data. We ingest every field the feed publishes; the full solicitation documents are on the source portal.