TERMS OF REFERENCE: CONSULTANCY SERVICES FOR THE IMPLEMENTATION OF THE NATIONAL INFORMATION SECURITY FRAMEWORK UNDER THE REGIONAL COMMUNICATIONS INFRASTRUCTURE PROGRAM (RCIP)

NATIONAL INFORMATION TECHNOLOGY AUTHORITY, UGANDA (NITA-U), (herein after called “the CLIENT”) is an autonomous agency of the Government of Uganda established by the National Information Technology Authority, Uganda Act, 2009 to coordinate, promote and monitor Information Technology (IT) developments in Uganda within the context of National Social and Economic development

The Government of Uganda, through the National Information Technology Authority, Uganda (NITA-U) has received funding from the World Bank towards financing of the Regional Communications Infrastructure Project (RCIP). The project shall among other areas, focus on the enhance of the Government Data Center and establishment of a Disaster Recovery Site as shared infrastructure for secure centralized hosting of Government applications and electronic services. The National Information Security Framework (NISF) was developed by the Government of Uganda to provide a common approach and conceptual guide to the management all Information Security matters. Furthermore, the Framework outlines minimum mandatory security outcomes for all MDA & Critical Information Infrastructure (CII) in the four critical domains of Governance, Information Security, Personnel Security and Physical Security. In order to enhance NISF compliance levels and validate that information security measures within MDAs are adequate to guarantee the preservation of the confidentiality, integrity and availability of information and information processing assets, the Government of Uganda seeks to obtain consulting services to implement remedial measures that address and close high risk compliance gaps in already assessed MDAs.