Request for Proposal (RFP) at African Union Commission (AUC)


The African Union Commission (AUC) invites eligible Individual Consultants to submit EOI documents for the following:

The African Union Commission (AUC) is the AU’s secretariat and undertakes the day to day activities of the Union. It is based in Addis Ababa, Ethiopia.

Applications are invited for:

Title: Request for Proposal (RFP) for Consultancy Services for the Implementation of IT Security Policies

Reference No: 
AUC/MIS/C/001

Background
The African Union, like most continental international organizations, is increasingly exposed to targeted cyber-attacks, which can prove to be compromising.

The Management Information System (MIS) Directorate manages the IT Infrastructure and Systems of the African Union. The IT infrastructure comprises a data center which is located at the Headquarters office, Azure Cloud Infrastructure, a wired and wireless network and WAN connectivity to its regional, liaison and organ offices. On top of this current IT infrastructure, MIS provides access to numerous services like Email, ERP System (SAP), Collaboration platforms and other intranet applications.

As part of the improvement plan for the protection of its information system, the Management Information System Directorate (MIS) adopted ISO 27000 standard and launched the first step for compliance with the development of fourteen IT security policies to align them with the existing IT policy.

Therefore, MIS wishes to setup approach for an effective application of its security policies on all of its information system and to develop an executable strategy and roadmap that includes initiatives and estimated budget.

Objectives of Assignment
The executable strategy that needs to be developed should provide:

  • A methodology for standardizing the application of its policies on its technical infrastructures.
  • An organizational model as well as the processes allowing it to operate its policies effectively.
  • Clear and actionable data protection plan aligned to AU general requirements and constraints
  • Clear the protection capabilities gap that will allow the implementation of its policies. These targeted protection capabilities will have to take into consideration the technical environment, the technological orientations, the technical architecture as well as the operating model to develop the environments in order to achieve its security target. Its capabilities will be defined in the form of projects to be implemented and may be based on an evolution of existing infrastructures or new solutions or processes to be deployed in technical environments.
  • Minimum requirements to ensure the protection of critical AU data and information.
  • A coherent roadmap for the integration of these security projects and provide budget estimation.

Scope of Assignment

  • Review the current security risk assessment document
  • Propose an operational model that will enable the application and enforcement of the security policies
  • Conduct a gap analysis by assessing current security capabilities, and defining security target state in line with the existing policies
  • Propose and prioritize initiatives to bridge the gap
  • Provide clear and actionable data protection plan and cost implication aligned to AU general requirements and constraints

Competence Requirements of the Firm and Personnel
The multi-disciplinary team should comprise members with the following educational qualifications; experience and competencies: Project manager and Functional Experts with cyber security certifications and IT skills with the following competences:

The Company/Consultancy firm:

  • Should have a minimum of one year of experience in the area of Information security and Cybersecurity strategy development
  • Should submit a complete bid document that includes cost of consultancy, schedule of delivery, appropriate evidences together with all filled forms in the bidding document.

Team Leader:

  • Hold a Master’s degree preferred (minimum acceptable is bachelor’s degree) in international law, political science, sociology, international relations, telecommunications, engineering, information technology, computer science, economics, business management, business administration, public administration, or equivalent
  • Having significant experience in the implementation of cyber security strategy and cyber security transformation programs for large international companies
  • Having more than +15 of experience in cyber security
  • Ability to provide direction and leadership in terms of cybersecurity
  • Experience in working closely with the Functional Lead to ensure ongoing business requirements are clearly specified
  • Experience of drafting and supporting the development of Organization cybersecurity legal and regulatory frameworks. The Lead Consultant should have a proven ability to engage with complex policy and strategic issues, general understanding of policy issues, pertaining to Corporate Cybersecurity.
  • Proven experience in conducting needs assessment in similar project
  • Track record of high worth projects with proven effectiveness.
  • Proven experience in project estimation and sourcing strategy
  • Proven experience as Security Architect in transformation program and technology implementation.
  • Expert technical knowledge in certification in cyber security, data protection or information rights with at least 15 years of relevant work experience in managing cybersecurity projects/programs or leading similar assignments

Cybersecurity Expert:

  • Hold a Master’s degree preferred (minimum acceptable is bachelor’s degree) in Computer Science, Computer / Software Engineering, Information and Communication Technology (ICT), Information Systems or related fields such as Information Science, Data Protection
  • Having more 6 years of experience in cyber security
  • Having deploy significant security projects in IT in different domains
  • Having participate into cyber security transformation program
  • Having define and deploy cyber security operating model
  • Having a sharp organization skill in all cyber security areas as well as the 27001.
  • Having cyber security certifications recognized by international organizations (SANS, or others …)
  • Having a good knowledge of IS infrastructures (Cloud, DC, …) and knowledge of cyber intelligence fundamentals and key security concepts; vulnerability assessment and, Zero Trust Network, IDS/IPS, network monitoring, incident response, email security, security analytics and deployment or management of security tools such as SIEM, NAC, DAM, WAF, NGFW, UTM etc

IT Expert:

  • Hold a Master’s degree preferred (minimum acceptable is bachelor’s degree) in Computer Science, Computer / Software Engineering, Information and Communication Technology (ICT), Information Systems or related fields such as Information Science, Data Protection
  • Having experience in cyber security and cloud security project
  • Having deploy significant security projects in IT, cloud, Data in different domains
  • Having cloud certification
  • Having a good knowledge of IS infrastructures (Cloud, DC, …) and knowledge of cyber intelligence fundamentals and key security concepts; vulnerability assessment and, Zero Trust Network, IDS/IPS, network monitoring, incident response, email security, security analytics and deployment or management of security tools such as SIEM, NAC, DAM, WAF, NGFW, UTM etc.

Application Closing Date
12th May, 2022.

Submission of Documents

Proposals shall be submitted via email to: [email protected] Cc: [email protected]

Click Here(PDF) for more clarifications on the RFP.