Upload
doanngoc
View
221
Download
0
Embed Size (px)
Citation preview
NATIONAL INFORMATION TECHNOLOGY AUTHORITY-UGANDA
DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES
UNDER FRAMEWORK CONTRACTS
SEPTEMBER 2014
Consultancy Services – Framework Contracts Version 1.0 2 | P a g e
1.0 INTRODUCTION
The National Information Technology Authority-Uganda (NITA-U) is an autonomous statutory
body established under the NITA-U Act 2009, to coordinate and regulate Information
Technology services in Uganda. NITA-U is under the general supervision of the Ministry of
Information and Communication Technology (MoICT). NITA-U is mandated “to coordinate,
promote and monitor IT development within the context of national social and economic
development”, with a vision as “a facilitator of a knowledge-based, globally competitive Uganda
where social transformation and economic development is supported through IT enabled
services”.
Under the objects of the Authority, NITA-U is mandated to;
a) Provide high quality information technology services to government
b) Promote standardization in the planning, acquisition, implementation, delivery, support and
maintenance of information technology equipment and services, to ensure uniformity
equality, adequacy and reliability of information technology usage throughout Uganda;
c) Provide guidance and other assistance as may be required to other users and providers of
information technology;
d) Promote cooperation, coordination and rationalization among users and providers of
information technology at national and local levels as to avoid duplication of efforts and
ensure optimal utilization of scarce resources;
e) To promote and be the focal point of co-operation for information technology users and
providers at regional and international levels; and
f) To promote access to and utilization of information technology by the special interest
groups.
Under the powers of the Authority, NITA-U is;
1) To carry out regular e-Readiness surveys to ascertain the status of information technology
in Uganda;
2) To establish a repository of information technology standards, and for the registration and
classification of documentation related to locally developed and imported information
technology solutions;
3) To establish a mechanism for collaboration and promotion of partnerships between various
categories of players in the information technology sector;
4) To regulate and certify information technology education in Uganda in consultation with the
ministry responsible for Education or its agencies;
5) To charge fees for services provided by the authority
Consultancy Services – Framework Contracts Version 1.0 3 | P a g e
NITA-U would like to engage suitably qualified firms under framework contracts to provide
technical assistance (consultancy services) to enable her fulfill her mandate. NITA-U expects
the highest level of professionalism from the contracted firms.
2.0 ASSIGNMENT BACKGROUND
In line with her mandate, NITA-U is working on a number of projects across government which
periodically calls for extra highly qualified human resources to enable her deliver on all
assignments within the set budget and expected time frame. From time to time, NITA-U
requires specialized resources to work on specific tasks or projects in accordance with specific
guidelines, to ensure successful implementation.
3.0 OBJECTIVE
The objective of this procurement is to engage firms under framework contract to provide
technical assistance in highly specialized areas as and when required; and ensure that
assignments / tasks, projects and or programmes are completed in time, within budget, and
with satisfactory quality.
4.0 SCOPE OF CONSULTANCY SERVICES
In all cases NITA-U will need short-term technical assistance at short notice allowing for fast
recruitment of experts. The quality of this technical assistance will be guaranteed by
Framework Contractors who have been pre-selected for the thematic areas, or lots below:
LOT 1: DIS: Software Applications / Systems Audit
LOT 2: DIS: Information Systems Audit
LOT 3: DIS: Computer Forensics and Investigations
LOT 4: DRLS: Compliance Assessments and Audits
LOT 5: DRPD: Research and Innovation Services
LOT 6: DTS: Technical Services
LOT 7: DRPD: IT Project Management
LOT 8: DeG: Web Development
LOT 9: DPRD: IT Standards and Frameworks Development Services LOT 10: DPRD: IT Training and Capacity Building Services
LOT 11: PDRP: Project Quality Assurance / Monitoring & Evaluation
LOT 12: DeG: Business Analysis and Design
Consultancy Services – Framework Contracts Version 1.0 4 | P a g e
Each framework contractor disposes of the appropriate internal or external technical expertise and skills required for the lot for which it has been pre-selected.
5.0 SPECIFIC TERMS OF REFERENCE
5.1 LOT 1: DIS: Software Applications / Systems Audit
5.1.1 Background
In line with her mandate, NITA-U intends to conduct several Software
Applications / System Audits on various Government of Uganda Systems that will
determine the security and policy decisions required to ensure the protection of
all internal information resources.
NITA-U invites expressions of Interest from consultants/consulting firms having a
minimum of five years related experience and a proven track record in projects of
a similar nature, who wish to carry out the Audit exercise under a framework
contract arrangement.
5.1.2 Description of assignment
1) Global objective
The objective is to carry out a comprehensive review and examination of the
controls and internal checks built into the application. The consultant shall report
on the conclusions reached from his audit/review of the application controls and
recommend suitable measures for correcting any deficiencies which were
identified during the audit review process.
2) The consultant will be permitted to access concerned records, software,
hardware, and computer installations and shall be required to sign a non-
disclosure agreement before commencement of duty.
3) The scope of work includes
a) Evaluation of all the processes and activities, which are computerized under
the systems using appropriate test data.
b) Evaluation of data origination controls - adequacy on controls in procedures
relating to data preparation, document control, data authorization and data
retention.
c) Review the adequacy of systems and controls for data entry, segregation of
roles, and duties, data validation / editing procedures and data input error
handling procedures.
d) Evaluate the adequacy of controls in the data processing procedures to
ensure that data integrity.
Consultancy Services – Framework Contracts Version 1.0 5 | P a g e
e) Ensure that adequate checks and controls are built into the system to provide
completeness and accuracy of the output reports.
f) Knowledge transfer
g) Recommendations and implementation plan to correct the deficiencies.
h) Study the existing system and validating the application software. Also.
Attempt an analysis of comparator applications used for similar functions in
successful projects in elsewhere.
i) The evaluation framework should include multiple criteria based assessment
for evaluating and validating the application software like ease of use,
complexity of procedure, errors in documentation, timely response, etc.
should be incorporated.
4) Required outputs
The consultant shall submit an application software / system audit report, which
shall include the following;
a) Study the existing system(s), validate the application and submission of
reports with recommendations.
b) Test / audit the application software modules, identify deficiencies observed in
the systems and submission of reports with appropriate recommendations.
c) Knowledge transfer to selected staff.
d) Submission of final reports.
5) NITA-U reserves the right to cancel the consultancy at any point in time if the
performance is found to be unsatisfactory.
5.1.3 Experts profile or Expertise required
1) The expected number of key personnel in the team is five. The team will consist
of one team leader and four team members as a minimum.
They should have experience in the complete life cycle of application software
(study, design, development, testing, implementation, training, troubleshooting
and support, etc.) using various operating systems (like Linux, windows, UNIX)
and tools and environments (like VB, .net , Oracle, Ms Access, Postgres etc.)
2) Profile per expert or expertise required:
a. The Team Leader having Bachelors in Software Engineering, computer
Science, computer application, IT, as well as an IT audit / Information
Security certification with minimum of 5 years computer systems audit
related experience.
b. The Team Member having Bachelors in Software Engineering, computer
Science, computer application, IT, as well as an IT audit / Security
Consultancy Services – Framework Contracts Version 1.0 6 | P a g e
certification with minimum of 3 years computer systems audit related
experience.
5.1.4 Location and duration
1) The duration of this consultancy is 60 calendar days
2) The location(s) of assignment shall be as advised by NITA-U
5.1.5 Reporting
1) The Audit Report should comprise of an Executive Summary, Findings and
Recommendations which should include, but not limited to, System
Vulnerabilities, Security Program Management of Information Technology
Resources and Application Life Cycle Controls.
2) Unless otherwise stated, the reporting language shall be English.
3) Weekly activity reports, tasks to be performed and travel schedule to be
submitted to NITA-U.
4) A committee shall be setup to review the progress on completion of the entire
work at different stages or as and when necessary.
5.1.6 Administrative information
1) Interviews for the Team leader and two of the team members may be required
2) In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
3) English shall be the language of communication for all legal documents
4) For each assignment, a proposal shall be submitted that must contain a brief and
clear methodology to be used to accomplish the assignment at hand
5) Management team member presence shall be required for briefing and/or
debriefing.
5.2 LOT 2: DIS: Information Security Audit
5.2.1 Background
In line with her mandate, NITA-U intends to conduct several Information Security
Audits for various Government of Uganda institutions to determine whether their
information security measures are adequate to guarantee the preservation of the
confidentiality, integrity and availability of information and information processing
assets.
NITA-U invites expressions of Interest from consultants/consulting firms having a
minimum of five years related experience and a proven track record in projects of
Consultancy Services – Framework Contracts Version 1.0 7 | P a g e
a similar nature, who wish to carry out the Audit exercise under a framework
contract arrangement.
5.2.2 Description of assignment
1) Global objective
The objective is to carry out an Information Security Audit by using best security
practices, which helps Government of Uganda institutions to maintain Information
Technology (IT) security through ongoing, integrated management of policies and
procedures, personnel training, selection and implementation of effective
controls, reviewing their effectiveness and improvement. This should improve
customer confidence, a competitive edge, better personnel motivation and
involvement, and reduced incident impact. Ultimately, this leads to control over
organizational losses and improved revenues
2) The consultant will be permitted to access concerned records, software,
hardware, and computer installations and shall be required to sign a non-
disclosure agreement before commencement of duty.
3) The scope of work includes
a) Review adequacy of systems controls for Database Management system
including access to, structuring of and control over shared database, Evaluate
adequacy of systems for data administration, data access, concurrency
controls, database integrity and content recovery processes.
b) Review and report on the logical and physical security of the computer
systems including Password administration, security violation reports, security
of online access to data, backup and recovery plans and disaster
management procedures.
c) Information security policy for the organization: This activity involves a
thorough understanding of the organization’s business goals and its
dependence on information security. This entire exercise begins with the
creation of the IT Security Policy. This is an extremely important task and
should convey total commitment of top management. The policy cannot be a
theoretical exercise. It should reflect the needs of actual users. It should be
implement-able, easy to understand and must balance the level of protection
with productivity. The policy should cover all the important areas like
personnel, physical, procedural and technical.
d) Creation of information security infrastructure: A management framework
needs to be established to initiate, implement and control information security
within the organization. This needs proper procedures for approval of the
information security policy, assigning of the security roles and co-ordination of
security across the organization.
Consultancy Services – Framework Contracts Version 1.0 8 | P a g e
e) Asset classification and control: One of the most laborious but essential tasks
is to manage inventory of all the IT assets, which could be information assets,
software assets, physical assets or other similar services. These information
assets need to be classified to indicate the degree of protection. The
classification should result into appropriate information labeling to indicate
whether it is sensitive or critical, and the procedure which is appropriate for
copy, store, transmit or destruction of the information asset.
f) Personnel security: Human errors, negligence and greed are responsible for
most thefts, fraud or misuse of facilities. Various practical measures should
be taken, like making personnel screening policies, confidentiality
agreements, terms and conditions of employment, and information security
education and training. Alert and well-trained employees who are aware of
what to look for can prevent future security breaches.
g) Physical and environmental security: Designing a secure physical
environment to prevent unauthorized access, damage and interference to
business premises and information is usually the beginning point of any
security plan. This involves physical security perimeter, physical entry control,
creating secure offices, rooms, facilities, providing physical access controls,
providing protection devices to minimize risks ranging from fire to
electromagnetic radiation and providing adequate protection to power
supplies and data cables. Cost-effective design and constant monitoring are
two key aspects to maintain adequate physical security control.
h) Communications and operations management : Properly documented
procedures for the management and operation of all information processing
facilities should be established. This includes detailed operating instructions
and incident response procedures.
i) Network management requires a range of controls to achieve and maintain
security in computer networks. This also includes establishing procedures for
remote equipment including equipment in user areas. Special controls should
be established to safeguard the confidentiality and integrity of data passing
over public networks. Special controls may also be required to maintain the
availability of the network services.
j) Exchange of information and software between external organizations should
be controlled, and should be complied with any relevant legislation. There
should be proper information and software exchange agreements, the media
in transit needs to be secure and should not be vulnerable to unauthorized
access, misuse or corruption.
k) Electronic commerce involves electronic data interchange, electronic mail and
online transactions across public networks such as the Internet. Electronic
Consultancy Services – Framework Contracts Version 1.0 9 | P a g e
commerce is vulnerable to a number of network threats that may result in
fraudulent activity, contract dispute and disclosure or modification of
information. Controls should be applied to protect electronic commerce from
such threats.
l) Access control: Access to information and business processes should be
controlled. The business and security requirements will include:
i. Defining an access control policy and rules
ii. User access management
iii. User registration
iv. Privilege management
v. User password and management
vi. Review of user access rights, network access controls
vii. Enforcing paths from user terminals to computer
viii. User authentication, node authentication
ix. Segregation of networks
x. Network connection control, network routing control, operating system
access control
xi. User identification and authentication
xii. Use of system utilities
xiii. Application access control
xiv. Monitoring system access and use
xv. Ensuring information security when using mobile computing and tele-
working facilities.
m) System development and maintenance: Security should ideally be built at the
time of inception of a system. Hence security requirements should be
identified and agreed prior to the development of information systems. This
begins with security requirement analysis and specification, and providing
controls at every stage i.e. data input, data processing, data storage and
retrieval and data output. It may be necessary to build applications with
cryptographic controls. There should be a defined policy on the use of such
controls, which may involve encryption, digital signature, use of digital
certificates, protection of cryptographic keys and standards to be used for
cryptography. A strict change control procedure should be in place to facilitate
tracking of changes. Any changes to the operating system or software
packages should be strictly controlled. Special precautions must be taken to
ensure that no covert channels, back doors or Trojans are left in the
application system for later exploitation.
n) Business continuity management: A business continuity management
process should be designed, implemented and periodically tested to reduce
Consultancy Services – Framework Contracts Version 1.0 10 | P a g e
the disruption caused by disasters and security failures. This begins by
identifying all events that could cause interruptions to business processes,
and depending on the risk assessment, a strategy plan should be prepared.
The plan needs to be periodically tested, maintained and re-assessed based
on changing circumstances.
o) Compliance: It is essential that strict adherence is observed to the provision
of national and international IT laws, pertaining to Intellectual Property Rights
(IPR), software copyrights, safeguarding of organizational records, data
protection and privacy of personal information, prevention of misuse of
information processing facilities, regulation of cryptographic controls and
collection of evidence. The use of Information Technology in business has
also resulted in the enactment of laws that enforce responsibility of
compliance. All legal requirements must be complied with to avoid breaches
of any criminal and civil law, statutory, regulatory or contractual obligations
and of any security requirements.
p) Review adequacy of systems documentation for operating and maintaining
the new systems, ensure control functions and responsibilities are
appropriately documented and quality of documentation complies with
minimum industry standards.
q) Documentation: The ISMS documentation shall consist of the following
information:
i. Evidences for action taken for implementation of the ISMS
ii. Details of the procedures adopted to implement the controls. It should
also describe the responsibilities and relevant factors
iii. Procedures covering the management and operation of ISMS.
r) Document Control: Procedures should be established for controlling all
documentation required as detailed above and that the documentation is:
i. Readily available
ii. Periodically reviewed and revised as necessary in line with the
organization’s security policy
iii. Maintained under version control and made available to all locations
where operations essential to ISMS are being performed
iv. Promptly withdrawn when obsolete
v. Identified and retained when obsolete and required for legal or
knowledge preservation purposes or both.
s) Records: Records like visitor’s book, audit records, ACLs, etc, being evidence
generated as a consequence of the operation of the Information System
Management System, should be maintained to demonstrate compliance with
the requirements of ISO 17799:2000. There should be procedures
Consultancy Services – Framework Contracts Version 1.0 11 | P a g e
established for identifying, maintaining, retaining and disposing of these
records demonstrating compliance.
t) Knowledge transfer
u) Recommendations and an implementation plan to correct the deficiencies
4) Required outputs
The consultant shall submit an audit report, which shall include the following;
a) Study of the existing governance, policies, procedures and submission of
reports with recommendations.
b) Validation of the existing administrative documents and submission of the
reports
c) Recommendations and changes in the existing administrative documents
based on industry standards
d) Fine tune the administrative documents based on best practice and business
requirements of the target institution
e) Knowledge transfer to selected staff.
f) Submission of final reports.
5) NITA-U reserves the right to cancel the consultancy at any point in time if the
performance is found to be unsatisfactory.
5.2.3 Experts profile or Expertise required
1) The expected number of key personnel in the team is five. The team will consist
of one team leader and four team members (Systems Specialist, Network
Specialist, Applications Specialist, Architecture and Integration Specialist) as a
minimum.
They should have knowledge and experience in customizing and deploying
application, Systems analysis and design, Information Systems Auditing,
Operating systems installation, administration and auditing, Information Security
risk analysis and remediation, Network design, installation, support and auditing,
Penetration testing and vulnerability assessment.
2) Profile per expert or expertise required:
a. The Team Leader having bachelor’s degree in either information systems
or computer science (or other technical discipline) with a minimum of 5
years’ Information Security audit related experience. The Team Leader
should possess an IT audit / Information Security certification and project
management knowledge and experience.
b. The System Security Specialist having bachelor’s degree in either
information systems or computer science (or other technical discipline)
Consultancy Services – Framework Contracts Version 1.0 12 | P a g e
with a minimum of 3 years’ System Administration / Audit related
experience. The System Security Specialist should possess a System
Administration and an IT audit / Information Security certification.
c. The Network Specialist having bachelor’s degree in either information
systems or computer science (or other technical discipline) with a
minimum of 3 years’ Network Administration / Audit related experience.
The Network Specialist should possess Network Administration and an IT
audit / Information Security certification.
d. The Application Specialist having bachelor’s degree in either information
systems or computer science (or other technical discipline) with a
minimum of 3 years’ Application or Database Administration / Audit related
experience. The Application Specialist should possess Application /
Database Administration and an IT audit / Information Security
certification.
e. The Architecture and Integration Specialist having bachelor’s degree in
either information systems or computer science (or other technical
discipline) with a minimum of 3 years’ System Integration related
experience. The Architecture and Integration Specialist should possess
System Integration and an IT audit / Information Security certification.
5.2.4 Location and duration
1) The duration of this consultancy is 75 calendar days
2) The location(s) of assignment shall be as advised by NITA-U
5.2.5 Reporting
1) The Audit Report should comprise of an Executive Summary, Findings and
Recommendations which should include, but not limited to, Web Application
Security, Vulnerability Testing, Penetration Testing, Wireless Security, Policy and
Procedure Review, Cyber Security Incident Response, Physical Security,
Personnel Security, Asset classification, Source Code Review.
2) Unless otherwise stated, the reporting language shall be English.
3) Weekly activity reports, tasks to be performed and travel schedule to be
submitted to NITA-U.
4) A committee shall be setup to review the progress on completion of the entire
work at different stages or as and when necessary.
5.2.6 Administrative information
1) Interviews for the Team leader and two of the team members may be required
2) In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
Consultancy Services – Framework Contracts Version 1.0 13 | P a g e
3) English shall be the language of communication for all legal documents
4) For each assignment, a proposal shall be submitted that must contain a brief and
clear methodology to be used to accomplish the assignment at hand
5) Management team member presence shall be required for briefing and/or
debriefing.
5.3 LOT 3: DIS: Computer Forensics and Investigations
5.3.1 Background
In line with her mandate and as need arises, NITA-U intends to contract a firm
under framework contract arrangement to conduct several computer forensics
and investigation exercises on various Government of Uganda Systems in
pursuit of those that violate or mismanage computer systems in accordance with
the various cyber laws.
The firm selected will be experienced in all aspects of computer forensic work
and will have a high level of skills and qualifications necessary to conduct the
investigations to effectively support the collection and analysis of electronic
evidence and the effective use of this evidence in later processes including the
recovery from financial loss, administrative action and criminal prosecution by
other government agencies.
5.3.2 Description of assignment
1) Global objective
The objective is to carry out electronic investigations, while ensuring that the
investigator creates an audit trail, maintains a complete chain of custody which
can be used to demonstrate that any conclusions drawn from the investigation
are verifiable and in accordance with the industry standards and guidelines for
Digital Evidence.
2) The consultant will be permitted to access concerned records, software,
hardware, and computer installations and shall be required to sign a non-
disclosure agreement before commencement of duty.
3) The scope of work includes
a) Acquisition of data in a way that preserves the data in the state in which it
existed immediately prior to its capture,
b) Investigation of any device which can hold digital data and
c) Analysis of and reporting on the captured data.
d) Knowledge transfer
4) Required outputs
Consultancy Services – Framework Contracts Version 1.0 14 | P a g e
a) The consultant shall submit an investigation report, which shall include the
following;
i. Procedures used
ii. Evidence located
iii. Evidence collected
iv. Conclusion with reasoning
b) The consultant shall also be expected to undertake deliberate actions aimed
at building capacity of selected staff.
5) NITA-U reserves the right to cancel the consultancy at any point in time if the
performance is found to be unsatisfactory.
5.3.3 Technical Skills and Competences
1) Knowledge and experience with the following operating systems: windows, Linux,
UNIX, iOS and Android as well as a thorough understanding on computer
forensic tools such as EnCase, Forensic Toolkit (FTK), Autopsy, and/or I/Look
Investigator.
2) Thorough knowledge of computer forensic procedures for data collection,
preservation, recovery analysis – including network forensic analysis and
reporting
3) Ability to properly caliber and maintain the forensic equipment in proper working
order
4) Ability to analyze industry technology trends to incorporate proven forensic
investigation and supporting technologies into practice
5) Ability to analyze and deploy best practices applicable to forensics
6) Understanding of information systems security; network architecture; general
database concepts; document management; hardware and software
troubleshooting; electronic mail systems like exchange and Microsoft office
applications
7) Ability to provide deposition and expert trial testimony when needed
5.3.4 Qualifications
1) Possession of professional certifications and membership in professional
associations in the field of computer forensics is highly desirable
2) The successful firm will have a combination of education and experience related
to the essential duties and responsibilities including;
a. At least seven years of experience in computer forensic investigation with a
law enforcement agency or with a professional services firm
b. Ability to maintain confidentiality is critical
Consultancy Services – Framework Contracts Version 1.0 15 | P a g e
c. Demonstrated experience in managing day to day aspects of client
relationships, as well as forensic cases is a must
d. Knowledge of computer forensic tools, methodologies, and protocols (e.g.
EnCase, FTK, etc.)
e. Expertise in windows operating systems, Linux, UNIX, PC hardware, PC
networking
f. Hardware to be analyzed will primarily encompass hard drives (such as SATA,
SDD). However additional equipment may include thumb drives, memory
cards, mobile phones, and other related storage devices
g. Experience of undertaking engagements of similar nature is an asset.
5.3.5 Experts profile or Expertise required
1) The expected number of key personnel in the team is three. The team will consist
of one team leader and two team members as a minimum.
They should have strong technical ability with various computers, software and
hardware, excellent communication abilities, strong analytical approach to
problem-solving, working knowledge of tools such as Encase, FTK, Paraben and
other industry-recognized tools, and should be willing to travel across Uganda for
business-related purposes without restriction.
2) Profile per expert or expertise required:
a. The Team Leader having bachelor’s degree in either forensics or computer
science (or other technical discipline) with a minimum of 3 years’ experience
working in either a computer forensics or eDiscovery environment as well as
experience in imaging of various digital media platforms, acquiring all sources
of data
b. The Team Member having bachelor’s degree in either forensics or computer
science (or other technical discipline) with a minimum of 1 years’ experience
working in either a computer forensics or eDiscovery environment as well as
experience in imaging of various digital media platforms, acquiring all sources
of data
5.3.6 Reporting
1) The consultant shall submit their forensic examination report(s) to NITA-U as well
as to the institution where the services have been provided. The information
provided in the reports should be concise and accurate
2) The consultant shall maintain an audit trail or other record of all processes
applied to computer based electronic evidence to allow third party re-examination
to achieve same results
Consultancy Services – Framework Contracts Version 1.0 16 | P a g e
3) Unless otherwise stated, the reporting language shall be English.
4) Analysis and reporting shall be within 30 days of receipt of the digital device
5) Weekly activity reports, tasks to be performed and travel schedule to be
submitted to NITA-U.
6) A committee shall be setup to review the progress on completion of the entire
work at different stages or as and when necessary.
7) Any indications included in the report restricting its distribution and /or use will be
deemed null and void.
5.3.7 Administrative information
1) Interviews for the Team leader and one of the team members may be required
2) In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
3) The electronic evidence and other related records are the property of the
information owners but may be retained by the consultant and should be made
available for review upon request. The retention period for electronic evidence
and other related records shall be seven year.
4) English shall be the language of communication for all legal documents
5) For each assignment, a proposal shall be submitted that must contain a brief and
clear methodology to be used to accomplish the assignment at hand
6) Management team member presence shall be required for briefing and/or
debriefing.
7) The firm and its staff shall maintain confidentiality regarding any information
obtained in connection with the computer forensic services undertaken on behalf
of NITA-U
5.4 LOT4: DRLS: Compliance Assessments and Audits
5.4.1 Background
As the Authority for Information Technology, NITA-U is required to regulate the
Information Technology (IT) sector which includes public and private entities/persons
and in particular to regulate IT education, IT professionals and IT service providers.
Specific laws have been passed by Parliament to wit: The Electronic Transactions Act,
2011, The Electronic Signatures Act, 2011 and their underlying regulations; and the
Computer Misuse Act, 2011. These laws were passed in order to facilitate, and provide
assurance on the authenticity of, e-transactions and guard against the abuse of
computer systems. Additional regulations are currently being drafted to further
operationalize the NITA-U Act. In addition to the above mentioned laws, Government
Consultancy Services – Framework Contracts Version 1.0 17 | P a g e
Directives on IT and IT Standards that NITA-U issues from time to time together form
the legal framework. These laws apply to the service providers as well as the users of IT
products and services who are expected to abide by them. It is imperative therefore that
NITA-U monitors adherence to these laws or other laws and Directives that may be
passed/issued from time to time. NITA-U may choose to do this using in-house
expertise or engage third party experts for support.
5.4.2 Description of assignment
1) Global objective
1.1 To achieve the objective of Government in setting up NITA-U, which
includes;
The implementation of the NITA-U Act, the IT laws, Cabinet Directives and
laws passed from time to time.
To achieve efficiency and effectiveness in service delivery by Government.
To facilitate the provision of quality IT products and services to consumers.
Growth and development of the IT sector that translates in socio economic
development for the nation.
1.2 Monitor compliance by the Authority, management, employees and
stakeholders in the Information Technology (IT) Sector with IT Laws,
Regulations, Standards, Directives, Policies, Procedures and other
relevant Laws (collectively, IT laws/the legal framework) in order to ensure
the delivery of government objectives for regulating the IT sector.
2) Specific objective(s)
The consultant(s) will be required to conduct compliance assessments and or
audits to determine the level of compliance of the target group/entity, and in
particular;
Conduct compliance assessments in order to provide management and the
Board with assurance that the IT laws are being complied with.
Identify compliance gaps within the entity assessed and make appropriate
recommendations for addressing those gaps including the establishment of
necessary controls.
Follow up on progress with resolution of the compliance gaps identified,
where requested by NITA-U.
Consultancy Services – Framework Contracts Version 1.0 18 | P a g e
3) Requested services
The Consult will be required to provide the following services.
Conduct compliance assessments and or audits as assigned by NITA-U from
time to time.
Provide timely reports to NITA-U on the results of the assessments and or
audits.
Where required, conduct follow up reviews to check that review
recommendations have been actioned.
4) Required outputs
It is expected that following the engagement of the consultant for a specific
assignment, the following should be the outputs.
Compliance assessments and or audits conducted as assigned by NITA-U.
A duly completed report issued in accordance with NITA-U terms of reference.
Timely conduct of follow up reviews requested by NITA-U.
5.4.3 Experts profile or Expertise required
1) Number of requested experts per category and number of man-days per expert
or per category.
Category: Compliance with requirements under the IT legal framework.
Number of required experts: 1 (one) expert
Number of man-days per expert: 20 working days
NB: The above will depend on the nature and scope of assignment to be
undertaken and will be determined before engagement of the consultant.
2) Profile per expert or expertise required:
a. Category and duration of equivalent experience
Demonstrated knowledge of IT laws and practices.
At least 5 (five) years’ experience in monitoring and evaluation work
in the IT field and evidence of a minimum of 5 assignments
successfully completed for a large organization or Government.
Consultancy Services – Framework Contracts Version 1.0 19 | P a g e
b. Education
As a minimum:
Master’s or Honours degree in IT, Accounting or other relevant
fields, with skills in compliance audits.
Masters or Honours degree in Law. Possession of professional
qualifications in IT will be an added advantage.
Accreditation and certification in IT will be an added advantage.
Formal training in monitoring and evaluation will be an added
advantage
c. Experience
Evidence of similar assignments undertaken and successfully completed
for a minimum 5 (five) large organizations or Government departments.
d. Language skills
Proficiency in the English language.
Minimum required skills must be clearly identified.
Excellent knowledge of the IT laws and overall IT regulatory environment.
Sufficient technical expertise in IT, audit and the conduct of compliance
assessments.
Excellent report writing skills
5.4.4 Location and duration
1) Starting period
At the start of the Quarter, to be undertaken 4 (four) times in a financial year or
as may be determined by management from time to time.
2) Foreseen finishing period or duration
Each assignment should last no later than 20 working days.
3) Planning including the period for notification for placement of the staff
No less than 10 working days before commencement of an assignment.
Consultancy Services – Framework Contracts Version 1.0 20 | P a g e
4) Location(s) of assignment
The assignments will be conducted onsite at the premises of the entity being
assessed. However, a combination of onsite and offsite assessments may be
adopted as deemed appropriate for the achievement of the objectives of the
assignment.
NB: the duration of the assignment may vary based on the scope of the
assignment but NITA-U reserves the right to determine the assignment scope
and duration.
5.4.5 Reporting
1) Content
As a minimum requirement, the report should contain the following:
An acknowledged receipt of the engagement letter issued to the entity assessed
in accordance with clause 5.4.4 (3) above.
2) Language
The report as well as any annexures thereto shall be written in the English
language.
3) Submission/comments timing
The draft report should be issued within 5 (five) working days from the 20th day
referred to under 5.4.4 (2) above.
4) Number of report(s) copies
A minimum of 3 reports spiral bound with appropriate stationery.
5.5 LOT 5: DRPD: Research and Innovation Services
5.5.1 Background
Under Sections 5(l) and (o) of the NITA-U Act respectively, NITA-U has the
mandate to provide information management services through acting as a
records management facility and information depository and also to undertake
and commission research as may be necessary to promote its objectives. In
execution of its functions under Section 19, NITA-U is required to conduct
Consultancy Services – Framework Contracts Version 1.0 21 | P a g e
Information Technology (IT) surveys. In addition, Section 23 of the Act authorizes
NITA-U to disseminate any information collected from a survey.
NITA-U shall in performing above functions, consult and cooperate with other
Institutions/organizations with functions related to, or having aims or objectives
related to IT Research & Innovation Services. Section 32(2) of the NITA-U Act
2009 (Relationship with other Organization) mandates NITA-U to delegate any of
its functions under the Act to any organization.
In light of the above, NITA-U is seeking suitable individuals, firms/ companies to
deliver upon specified IT Research and innovations services whenever need
arises
5.5.2 Description of assignment
1) Global objective
The global objective of this assignment is to strengthen the capacities of NITA-U
in fulfilling her respective pre-accession roles and functions.
2) Specific objective(s)
To provide IT Research and Innovation services being sought after include but
not limited to;
a) Conducting IT Surveys
b) Conducting research on emerging technologies
c) Development of a comprehensive IT Research & Innovation System
d) Developing research project proposals (needs assessments, appraisals,
and pre‐project studies) in line with the authority’s strategic plan;
e) Software applications and database development
3) Required outputs
Outputs required will be structured/stated according to the service need/request
5.5.3 Experts profile or Expertise required
1) Qualifications
a) A Minimum of a Bachelor’s Degree in Computer Science, Information
Technology, Information Systems, Statistics or their equivalent;
b) A Master's Degree in Computer Science, Information Technology, Information
Systems, Software Engineering or a closely related field is a requirement;
c) Professional/ Industry IT Certification such as ITIL, MCSE,CISSP, CISM, CGEIT,
CRISC, PMP etc. are an added advantage;
Consultancy Services – Framework Contracts Version 1.0 22 | P a g e
d) Certification in Research Administration such as Certified Research Administrator
(CRA) is an added advantage.
2) Experience
a) A minimum of Five years’ proven and demonstrable experience in IT Research
and Innovation in a reputable Public or Private Organization;
b) Experience researching and recommending technical solutions related to
Information Technology;
c) Experience managing technology or software development projects; supervising
professional or management staff; preparing and managing a variety of complex
information technology related operations; setting goals, priorities and strategies
for computer system security and other technical solutions;
d) Experience in establishing procedures and implementing processes; analysing
functions and practices to improve effectiveness; using technology for research
and development efforts; and facilitating group processes;
e) Knowledge of emerging technologies; systems integration and infrastructure;
project implementation strategies; and research and development strategies;
5.5.4 Location and duration
Starting periods and finishing period or duration will be appropriately
communicated along with the location(s) of assignment
5.5.5 Reporting
The medium of communication for the assignment shall be English. The
consultant will produce the documents and Reports in both electronic and hard
copy formats, as Microsoft Word documents, and submit them to the NITA-U.
The nature of the reports shall include;
a) Inception report that should outline the details of the approach, methodology,
work plan (including budget) and the timeline for all the activities in project
scope.
b) Periodic report on project progress and budget exhaustion.
(Daily/Weekly/Monthly)
c) Final report as per indicated in the project timeline.
The work plan should specify the management structure as well as the
responsibility of each member of the team, including the main contractor and/or
sub-contractors. The work plan should include a list of detailed tasks to be
performed, with clear and realistic phases and milestones. Resources should be
clearly associated to each task.
Consultancy Services – Framework Contracts Version 1.0 23 | P a g e
On the basis of reporting, mentioned above the consultant should closely work
under the guidance of the head of department Research and Innovation who is
responsible for planning, executing and monitoring the project as per the contract
agreement with NITA-U.
5.5.6 Administrative information
1) In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
2) English shall be the language of communication for all legal documents
3) For each assignment, a proposal shall be submitted that must contain a brief and
clear methodology to be used to accomplish the assignment at hand.
5.6 LOT 6: DTS: Technical Services
5.6.1 Background
The Directorate of Technical Services is mandated under the NITA – U act to foster the
development of the following functions of the NITA – U Act:
a) Provide first level technical support and advice for critical Government information
technology systems including managing the utilisation of the resources and
infrastructure for centralised data centre facilities for large systems through the
provision of specialised technical skills;
b) Identify and advise Government on all matters of information technology
development, utilisation, usability, accessibility and deployment including
networking, systems development, information technology security, training and
support;
c) Create and manage the national data bank, its inputs and outputs; and
d) Provide guidance on the establishment of an infrastructure for information sharing by
Government and related stakeholders.
5.6.2 Description of assignment
a) Specific objective(s)
The consultant(s) will be required to provide advisory services to and on behalf of
NITA – U in relation to its mandate as the IT advisory and implementation arm of
Government. The Directorate of Technical Services provides IT Services to
Ministries Departments and Agencies. The directorate would therefore like to
Consultancy Services – Framework Contracts Version 1.0 24 | P a g e
engage suitable qualified professionals to provide the above services on behalf
of NITA – U.
b) Requested services
The Consult will be required to provide the following services.
Provide Technical Advice in relation to the provisioning of IT Services for
Ministries Departments and Agencies with the specific goal of enabling the
delivery of optimized and rationalized IT services from NITA - U;
developing Conduct compliance assessments and or audits as assigned by
NITA-U from time to time.
Provide timely reports to NITA-U on the results of the assessments and or
audits.
Where required, conduct follow up reviews to check that review
recommendations have been actioned.
c) Required outputs
The Consultancy firms shall be required to undertake all required activities from
project planning until closure; and follow the National IT Project Management
Methodology or any applicable guidelines. Companies will work under the
guidance of IT Services Department in the Directorate of Technical Service.
Contracted firms will be expected to present a list of key resources categorized
based on their experiences in various IT specialized areas including IT Solution
experts, Systems Analysts, Business Analysts, Information Security experts, that
are detailed in attached Terms of Reference, at all levels including senior
management, middle management and entry level positions.
5.6.3 Experts profile or Expertise required
The consultants firms should comprise of network specialists, systems
specialists, and Infrastructure Specialist and IT Services Delivery specialists with
the following qualifications and job experience:
a) Network Specialist
The specialist shall possess network planning, management, supervision and
maintenance of large Next Generation Networks Enterprise Wide Area Networks,
Network Operating Centres (NOCs) and any LAN, MAN or WAN infrastructure.
The Network Specialists will be required to perform the following:
Consultancy Services – Framework Contracts Version 1.0 25 | P a g e
- Planning, Design, implementation, testing and maintenance of Network
Infrastructure;
- Supervision of the systems administration and maintenance of DWDM, SDH
and optical switching networks that is being implemented and maintained by
NITA – U;
- Design and implement security controls for MDA LAN and WAN infrastructure;
- Monitoring and implementation of these to ensure that the performance
targets are met;
- Manage network performance and recommend adjustments to wide variety of
complex network management functions;
- Monitor and ensure availability of the Network for it to be operational at all
times;
- Proactively investigate problems that may affect Network availability and take
actions to resolve them;
- Monitor Network security, deployment of IOS software upgrades, and enforce
Network licence agreements;
- Review and manage service agreements ensuring maximum productivity on
all running SLAs; and
- Recommend and implement policies, standards and documentation
procedures related to the NOC operation procedures.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems, Information
Technology, or Telecommunications Engineering;
- Master’s Degree in any IT related field;
- Five years’ Experience in the design, implementation and management of
Networks in a large enterprise.
- Professional certifications such as CCDA, CCNA, CISSP, MCSE, etc, will be
an added advantage.
- Demonstrated project management and communication experience will be
required.
b) OFC Specialists
The OFC shall provide services in the field of maintenance of the optical
switching networks deployed; oversee the development of the Optical Fibre
networks and quality assurance of OFC implementations.
The OFC Specialists will be required to perform the following:
- Systems administration and maintenance of DWDM, SDH and optical
switching networks;
Consultancy Services – Framework Contracts Version 1.0 26 | P a g e
- Provision of technical support to operators and services providers that
interconnect with the Government Optical Fibre network;
- Monitor and evaluation of the performance of the Optical Transmission
Networks and Systems.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
- Three years’ Experience in the design, implementation and management
of Optical Switching Systems;
- Professional certifications such as CCDA, CCNA, CISSP, MCSE,
c) WAN/MAN Solution Expert
The WAN/MAN Solution Expert shall administer, maintain and operate the
Wide Area Networks/ Metropolitan Area Networks that deployed by NITA – U.
the Expert will maintain the Network Operating Centres (NoCs) to ensure
maximum availability and uptime.
The WAN/MAN Solutions Expert will be required to perform the following:
- Maintenance and configuration of the Datacom systems;
- Supervision of the installation of the Data communications systems and
hardware;
- Configuration and set-up of all new server systems required for WAN/MAN
infrastructure;
- Firewall administration and overall internal network security.
- Corrective and preventive maintenance of transmission sites.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
- Three years’ Experience in the in the administration of LAN/WAN/MAN
servers and infrastructure;
- Professional certifications such as CCDA, CCNA, CISSP, MCSE.
d) Infrastructure Delivery Specialists
The Infrastructure Delivery Specialist will be expected to plan for, build and
supervise the implementation of Infrastructure programmes and projects and
conduct related monitoring and evaluation activities according to project
implementation plans and specifications.
The Infrastructure Delivery Specialist will be required to perform the following:
Consultancy Services – Framework Contracts Version 1.0 27 | P a g e
- Planning and execution of Infrastructure projects that are undertaken by
NITA – U;
- Development of Infrastructure blue prints for NITA-U projects.
- Monitoring and Evaluating the project activities that are undertaken by
NITA – U with emphasis on quality programming with the project
development partners;
- Supervise and control the administrative and financial programs of NITA –
U infrastructure projects;
- Provision of technical support to other public and private sector agencies
undertaking IT Infrastructure Projects to promote high quality, cost
effective and timely outputs of the projects and support the project design
and development.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
- Master’s Degree in any IT related field;
- Five years’ experience in the in the supervision, management and
administration of IT infrastructure delivery projects;
- Professional certifications such as CCDA, CCNA, CISSP, MCSE;
- Demonstrated project management and communication experience will be
required
e) Data Centre Expert
The Data Centre Expert shall be capable of the design, construction,
management, supervision and maintenance of the all Data Centres and Disaster
Recovery Site Infrastructure and Applications.
The Data Centre Expert will be required to perform the following:
- Design, construction, management and supervision of Government Data
Centres.
- Management of the implementation, integration and support of Data
Centre Applications.
- Management of the Primary Data Centre storage systems and
applications;
- Recommend and implement policies, standards and documentation
procedures related to Data Centre operation procedures.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
Consultancy Services – Framework Contracts Version 1.0 28 | P a g e
- Five years’ Experience in the design, implementation and management of
Data Centres in a large enterprise.
- Professional certifications such as MCSE, MCSA, CCNA,
- Demonstrated project management and communication experience will be
required.
f) Systems Administrator
The Systems Administrator shall be capable of the configuration and
maintenance of the application systems and enterprise software.
The System Administrator will be required to perform the following:
- Design and acquisition of tools to proactively identify errors, ensuring
efficient and effective use of system resources.
- Implementation, integration and support to Data Centre Applications.
- Implementation of Disaster Recovery Plans.
- Development of application policies and procedures; monitoring
compliance of these.
- Ensuring that server operating systems are up to date with the latest
patches and antivirus updates.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
- Three years’ Experience in the design, implementation and management
of Data Centers in a large enterprise.
- Professional certifications such as MCSE, MCSA, CCNA
.
g) IT Services Specialist
The IT Services Specialist is expected to manage the performance of the IT
implementations in MDAs across the country and supervise the implementation
of IT projects countrywide.
The IT Services Specialist will be required to perform the following:
- Management of Clients and Stakeholders on behalf of NITA-U in the
delivery of NITA-U services to districts.
- Supervision of the implementation of IT related projects being deployed in
districts.
- Overseeing the management of IT inventories of equipment, hardware
and software that will be resident in the respective regions;
Consultancy Services – Framework Contracts Version 1.0 29 | P a g e
- Monitor the IT needs specific to the respective regions and develop an IT
needs assessment for the respective regions;
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems,
Information Technology, or Telecommunications Engineering;
- Three years’ experience in the management of critical national IT projects.
- Professional certifications such as MCSE, MCSA, CCNA,
h) IT Services Manager
The IT Services Manager shall support the planning, coordination and delivery of
Government wide IT Services up to the District level.
The IT Services Manager will be required to perform the following:
- Provision of first level technical support and advisory services for the
development of Government IT systems.
- Managing the utilisation of Government wide IT resources and
infrastructure through the provision of specialised technical skills.
- Provide guidance on the establishment of an infrastructure for information
sharing by Government and related stakeholders.
- Monitoring and managing supplier performance to ensure compliance with
service level agreements.
- Coordinate the development of annual business plans, capital and
operating budgets.
Qualifications and Competencies
- Bachelor’s Degree Computer Science, Information Systems, Information
Technology, or Telecommunications Engineering;
- Master’s Degree in any IT related field;
- Five years’ experience in coordination and management of IT Services in
a large enterprise is essential.
- Professional certifications such as CCDA, CCNA, CISSP, MCSE,
- Demonstrated project management and communication experience will be
required.
i) Database Administrator
The Database Administrator shall be capable of the configuration and maintenance of
all the applications and systems Databases. The Database Administrator shall also be
responsible for the performance, integrity and security of all databases.
The Database Administrator will be required to perform the following:
- monitoring performance and managing parameters to provide fast responses to
front-end users;
Consultancy Services – Framework Contracts Version 1.0 30 | P a g e
- Ensures data remains consistent across the database;
- Data is clearly defined;
- Users access data concurrently, in a form that suits their needs;
- There is provision for data security and recovery control (all data is retrievable in an
emergency)
- Mapping out the conceptual design for a planned database;
- refining the logical design so that it can be translated into a specific data model;
- further refining the physical design to meet system storage requirements;
- installing and testing new versions of the DBMS;
- maintaining data standards, including adherence to the Data Protection Act;
- writing database documentation, including data standards, procedures and
definitions for the data dictionary (metadata);
- controlling access permissions and privileges;
- developing, managing and testing back-up and recovery plans;
- ensuring that storage and archiving procedures are functioning correctly;
- communicating regularly with technical, applications and operational staff to ensure
database integrity and security;
- commissioning and installing new applications and customizing existing applications
in order to make them fit for purpose.
Qualifications and Competencies
- Bachelor’s Degree in Computer Science, Information Systems, Information
Technology, or Telecommunications Engineering;
- Understanding of structured query language (SQL)
- Knowledge of 'relational database management systems' (RDBMS), 'object
oriented database management systems' (OODBMS) and XML database
management systems
- Experience with their database software/web applications
Consultancy Services – Framework Contracts Version 1.0 31 | P a g e
- Three years’ Experience in the design, implementation and management of Data
bases in a large enterprise.
- Professional certifications such as MCDBA, OCP,CDMP, MTA,MCM, MCTS will be
an added advantage.
5.6.4 Location and duration
1) Starting period
At the start of the Quarter, to be undertaken 4 (four) times in a financial year or
as may be determined by management from time to time.
2) Foreseen finishing period or duration
Each assignment should last no later than 20 working days.
3) Planning including the period for notification for placement of the staff
No less than 10 working days before commencement of an assignment.
4) Location(s) of assignment
The assignments will be conducted onsite at the premises of the entity being
assessed. However, a combination of onsite and offsite assessments may be
adopted as deemed appropriate for the achievement of the objectives of the
assignment.
NB: the duration of the assignment may vary based on the scope of the
assignment but NITA-U reserves the right to determine the assignment scope
and duration.
5.6.5 Reporting
1) Content
As a minimum requirement, the report should contain the following:
An acknowledged receipt of the engagement letter issued to the entity assessed
in accordance with clause 5.14.4 (3) above.
2) Language
The report as well as any annexures thereto shall be written in the English
language.
3) Submission/comments timing
The draft report should be issued within 5 (five) working days from the 20th day
referred to under 5.14.4 (2) above.
Consultancy Services – Framework Contracts Version 1.0 32 | P a g e
4) Number of report(s) copies
A minimum of 3 reports spiral bound with appropriate stationery.
5.7 LOT 7: DRPD: IT Project Management
5.7.1 Background
National Information Technology Authority in Uganda (NITA-U) is mandated to enhance
the infrastructure and capacity to deliver on IT projects and programs in government. In
order to improve project delivery success rate, it is important that competent team of
project managers and or companies with proven experience and skills in project
management are identified and pre-qualified for future assignments as projects get
initiated.
Acquisition of qualified project Managers and or companies will support a standard way
to manage critical business operational activities at NITA-U by offering critical Project
management skills.
The project managers and or companies required will be appointed on need basis to
manage NITA-U projects in accordance with the approved IT project management
methodology, best practices, guidelines and standards to ensure successful
implementation of NITA-U programmes and /or projects in time, within budget and
required quality.
5.7.2 Description of assignment
1) Global objective
The global objective of this assignment is to identify, pre-qualify and develop an
updatable database of qualified project managers and or project management
companies who will be outsourced to manage NITA-U projects as and when required
depending on the type, size, complexity or risk profile.
2) Specific objective(s)
The assignment of acquired project managers and or companies will involve the
following major tasks among others:
i. Management of assigned projects from project planning phase, implementation until closure following NITA-U’s IT Project Management Methodology
Consultancy Services – Framework Contracts Version 1.0 33 | P a g e
ii. Undertake the development of project (s) documentation iii. Undertake project quality assurance iv. Undertake Monitoring and Evaluation tasks v. Support contractors/suppliers in project risks management to ensure flawless
execution of projects vi. Undertake IT project management capacity building and training.
2) Requested services
A Consultant (Project Manager and or project management companies) assigned
will be required to provide the service as per the scope of work that will be
defined at the time of contracting. NITA-U will determine the scope of work to be
outsourced.
3) Required outputs
The assignment will always have clear deliverables that the consultant shall deliver
5.7.3 Experts profile or Expertise required
Consultants undertaking the above services shall meet the following minimum
requirements
No. Basic Requirement Minimum Standards
1. Person
Qualifications
- Bachelor’s degree in IT, IS or related
degree with a Postgraduate degree is an
added advantage;
- Project management training
- Project Management Certifications such as
PMP, Prince 2 will be an added advantage.
2. Person Experience - A minimum of Three years of working
experience in ICT Project Management in a reputable Public or Private Organization
In case of a company, the contracted firm shall provide detailed CVs of the team
showing the qualifications and experience of key persons for the assignment. For each
specialist proposed, curriculum vitae shall be provided, maximum length five pages,
setting out relevant experience.
Consultancy Services – Framework Contracts Version 1.0 34 | P a g e
5.7.4 Location and duration
The duration of assignment will be pegged to duration of the project and/or contract
assigned.
5.7.5 Reporting
The managers contracted shall submit to the National Information Technology Authority
(NITA-U) all reports and documents in English in both soft and hard copies.
a) Inception Report
The firm / company/manager will provide upon award of the contract, the Inception
report that will detail the methodology that will be utilized in the implementation of
the project. The Inception report shall include the detailed Project Management Plan
which among other issues will outline the Project Implementation Plan (PIP) with
deliverables clearly spelt out with accompanying time lines, change control
procedures, risk management plans, communication plans, and human resource
plans etc.
b) Project Progress Report:
Comprehensive periodic progress reports as stated in the approved PMP.
c) Final Completion Report
The Final Completion Report will summarize all aspects of the assignment and will
include a record of a summary of the deliverables, lessons learnt, difficulties
encountered during execution of the assignment and the means employed to
overcome them, assumptions, etc.
d) Distribution of Reports
Distribution of reports by project managers will be as stipulated in the approved
Project Management Plan
5.8. LOT 8: DeG: Web Development
5.8.1 Background
National Information Authority – Uganda has a mandate to advise government on all matters of information technology development, utilization, usability and accessibility. It is also mandated to promote and provide technical guidance for establishment of IT services to Government.
Consultancy Services – Framework Contracts Version 1.0 35 | P a g e
In line with her mandate, NITA-U has developed website and social media
guidelines that will act as a control in improving online communication in
government. The focus areas are web, social media, email and telephony. We
are to conduct several web evaluations on various Government of Uganda
websites to determine those which fall below the minimum requirements.
NITA-U invites expressions of Interest from consultants/consulting firms having a
minimum of three years related experience and a proven track record in online
communications and service delivery systems (web, social media, email and
telephony or mobile), who wish to carry out the design and development of
government online communication systems.
5.8.2 Description of assignment
a) Global objective
The objective is to do an end to end online communication and service delivery
consulting for government agencies on behalf of NITA-U
b) Specific objective(s)
The consultant(s) will be required to provide advisory and technical services to
and on behalf of NITA – U in relation to its mandate as the IT advisory and
implementation arm of Government. The Directorate of eGovernance provides IT
Services to Ministries Departments and Agencies. The directorate would
therefore like to engage suitable qualified professionals to provide the above
services on behalf of NITA – U.
c) Required outputs
The consultant shall submit a fully functional web solution / system report, and
user manuals which shall include the following;
i. Study the existing online communications system(s); validate the
application and submission of reports with recommendations.
ii. Test / audit and deploy the web solution,
iii. Knowledge transfer to selected staff.
iv. Submission of final reports.
Consultancy Services – Framework Contracts Version 1.0 36 | P a g e
5.8.3 Experts profile or Expertise required
3) The expected number of key personnel in the team is four. The team will consist
of one team leader and three team members as a minimum.
They should have experience in the complete life cycle of systems development
(study, design, development, testing, implementation, training, troubleshooting
and support, etc.) using various operating systems (like Linux, windows, UNIX)
and tools and environments (like VB, .net , Oracle, Ms Access, Postgres etc.)
4) Profile per expert or expertise required:
a. The Team Leader having Bachelor of Science computer Science,
computer application, IT, as well as professional certification in creative
design tools and project management skills are a prerequisite.
b. The Team Member having Bachelors in computer Science, computer
application, software engineering, IT, as well as professional certification in
creative design tools, advanced programming skills and data base
management.
5.8.4 Location and duration
3) The duration of this consultancy is 90 calendar days
4) The location(s) of assignment shall be as advised by NITA-U
5.8.5 Reporting
5) The project Report should comprise of an Executive Summary, project
implementation plan which should include, but not limited to, System
development methodologies, software and specialized applications.
6) Unless otherwise stated, the reporting language shall be English.
7) A contact committee shall be setup to review the progress on completion of the
entire work at different stages or as and when necessary.
5.8.6 Administrative information
6) Interviews for the Team leader and two of the team members may be required
7) In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
8) English shall be the language of communication for all legal documents
9) For each assignment, a proposal shall be submitted that must contain a brief and
clear methodology to be used to accomplish the assignment at hand
1) Management team member presence shall be required for briefing and/or
debriefing.
Consultancy Services – Framework Contracts Version 1.0 37 | P a g e
5.9: LOT 9: DPRD: IT Standards and Frameworks Development Services
5.9.1 Background
As enshrined in the NITA-U Act 2009, Section 5(f), one of the core functions of NITA-U is to
set, monitor, and regulate standards for information Technology planning, acquisition,
implementation, delivery, support, organization, sustenance, disposal, risks management, data
protection, security and contingency planning.
NITA-U shall in performing above functions, consult and cooperate with other
Institutions/organizations with functions related to, or having aims or objectives related to IT
Standards development. Section 32(2) of the NITA-U Act 2009 (Relationship with other
Organization) mandates NITA-U to delegate any of its functions under the Act to any
organization.
In light of the above, NITA-U is seeking suitable individuals, firms/companies to develop IT
Standards, guidelines and frameworks. The successful individuals, firms/companies shall be
contracted from time to time to undertake the specific assignments as and when need arises.
5.9.2 Description of assignment
1) Global objective
The global objective of the assignment is to undertake the development of IT Standards,
guidelines and frameworks for orderly development of the IT Industry in Uganda.
2) Specific objective(s)
The specific objectives of the assignment shall include:
i. To identify areas within the IT Sector that requires standardization
ii. To develop and review IT standards in line with the ever changing environment
as well as advancement in technology
iii. To develop guidelines for the implementation of the already gazetted IT
Standards
iv. To build capacity of Government Institutions in the rollout and implementation of
IT Standards.
v. To develop Enterprise Architecture Framework/Blueprint for Government and the
e-Government Interoperability Framework
Consultancy Services – Framework Contracts Version 1.0 38 | P a g e
vi. To disseminate and create awareness on IT Standards, Enterprise Architecture,
e-Government Interoperability and Accreditation and Certification Framework
vii. To lobby for active participation and involvement of all stakeholders as well as
creating synergies in the development of IT Standards, Enterprise Architecture
for Government and the e-Government Interoperability Framework
viii. To establish collaboration in Accreditation and Certification, IT standards
development, implementation and enforcement with other local, regional and
international bodies.
3) Scope of Work
The successful individuals, firms/companies shall undertake the following tasks. Other areas
identified through consultation and engagement with NITA-U management and key
stakeholders shall be included as well:
a) IT Standards development Services
i. Identify and document priority areas for standardization within the IT Industry in Uganda
ii. Benchmark and document internationally recognized best practices in the development,
adoption, implementation and enforcement of IT Standards.
iii. Develop, review and update National and MDA IT standards in line with technology
advancement in the IT Industry
iv. Develop implementation guidelines for the already adopted and gazetted IT Standards
v. To develop, implement and maintain a framework, model, process and tools for the
development of National IT Standards, Procedures and Guidelines for IT service
delivery domains.
vi. Conduct capacity building for key stakeholders in the development and implementation
of IT standards.
vii. Create stakeholder awareness as well as conduct sensitize stakeholders on the
adoption, implementation and enforcement of IT Standards.
Consultancy Services – Framework Contracts Version 1.0 39 | P a g e
b) Framework development Services
viii. To develop an Enterprise Architecture Framework/Blueprint for Government including its
implementation and rollout plan.
ix. Develop an E-Government Interoperability Framework including its implementation and
rollout plan.
x. Develop strategy and plans for implementation of the Accreditation and Certification
Framework for IT Service Providers, IT Products, IT Training and IT Professionals
xi. Develop Framework for enforcement and monitoring compliance to both National and
MDA IT Standards
xii. Develop framework for advocacy and dissemination of National and MDA IT Standards,
Enterprise Architecture blueprint for Government, e-Government Interoperability
Framework and the Accreditation and Certification Framework
xiii. Develop Framework for capacity building in the development, implementation and
enforcement of IT Standards as well as Enterprise Architecture Blueprint for
Government, e-Government interoperability Framework and Accreditation and
Certification Framework
xiv. Create stakeholder awareness and sensitization on the Enterprise Architecture
Framework/Blueprint for Government and on the e-Government Interoperability
Framework
xv. Build capacity of key stakeholders in the implementation and rollout of the Enterprise
Architecture Blueprint and the e-Government Interoperability Framework
4) Required Outputs
The following are the desired outputs of the assignment:
i. Inception Report detailing the methodology and timelines for the task areas
ii. Documented list of priority areas for standardization within the IT Industry in Uganda
iii. National and MDA IT Standards and guidelines as agreed upon.
iv. Framework, model, process and tools for the development of National and MDAIT
Standards
Consultancy Services – Framework Contracts Version 1.0 40 | P a g e
v. An Enterprise Architecture Framework/Blueprint for Government
vi. An E-Government Interoperability Framework
vii. Framework for advocacy and dissemination of IT standards, Enterprise Architecture, E-
Government Interoperability and Accreditation and Certification Framework
viii. Strategy and Plans for implementation of the Accreditation and Certification Framework
ix. Framework for Capacity building in the development and rollout of IT Standards,
Enterprise Architecture for Government, e-Government Interoperability and
Accreditation and Certification framework
x. Framework for collaboration with local, regional and internationals standards,
Accreditation and Certification bodies in the development and implementation of IT
standards.
5.9.3 Experts profile or Expertise required
1) The expected number of key personnel in the team is Five (5). The team will consist of
one team leader and three (3) ICT Experts/Specialists and one (1) Legal Advisor/Officer
as a minimum.
2) Profile per expert or expertise required:
a) A Team Leader
i. The team leader shall possess a Bachelor’s Degree in Computer Science or Information
Technology/Telecommunications/Electrical Engineering or a related relevant
qualification with proven additional training in planning, implementation, monitoring and
evaluation of IT Projects and programmes
ii. Possess Industry Certifications in IT Service Management, IT Governance, IT Security
ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.)
iii. At least 5 years’ experience working in the ICT field, with particular verifiable experience
in:
- Developing and implementing Policies, Standards & Guidelines, Frameworks,
Architectures and Strategies for ICT/IT, Management Information Systems, etc. at
organizational, national and regional levels
Consultancy Services – Framework Contracts Version 1.0 41 | P a g e
- Linking ICT to overall National and Regional Development plans
- Working knowledge of Government and IT Sector procedures and processes.
- Negotiation and conflict resolution skills
- Report writing
b) Three (3) ICT Experts/Specialists
i. The three (3) ICT Experts/Specialist shall each possess a Bachelor’s Degree in
Computer Science or Information Technology/Telecommunications/Electrical
Engineering or a related relevant qualification with proven additional training in
planning, implementation, monitoring and evaluation of IT Projects and programmes.
ii. Possess Industry Certifications in IT Service Management, IT Governance, IT
Security (ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.)
iii. At least 3 years’ experience working in the ICT field, with particular verifiable
experience and expertise in:
- Developing and implementing Policies, Standards & Guidelines, Frameworks,
Architectures and Strategies for ICT/IT, Management Information Systems,
etc. at organizational, national and regional levels
- Linking ICT to overall National and Regional Development plans
- Working knowledge of Government and IT Sector procedures and processes.
- Negotiation and conflict resolution skills
- Report writing
c) Legal Advisor/Officer
The Legal Service Officer shall possess the following minimum qualification and skills:
i. Bachelor Degree in Law with a diploma in legal Practice
ii. Postgraduate qualification in law or business administration
iii. A minimum of 3 years’ experience in legal practice or corporate legal services and
verifiable knowledge in the following:
- Accreditation & Certification of Training Institutions, Professionals, Service
providers and Products
Consultancy Services – Framework Contracts Version 1.0 42 | P a g e
- Implementation of legal and policy frameworks and policies to support
governance of IT delivery in the public and private sector.
- Excellent Knowledge of Contract, Commercial , Corporate Law and business
acumen
- National legal and policy framework for IT Service level Management
iv. Knowledge of the Ugandan Cyber Laws will be an added advantage.
v. Negotiation and conflict resolution skills
vi. Report Writing
5.9.4 Location and duration
5) The duration of this consultancy is 60 calendar days
6) The location (s) of assignment shall be as advised by NITA-U
5.9.5 Reporting
8) The Progress Reports for each task should comprise of an Executive Summary, Findings
and Recommendations to guide NITA-U Management especially where administrative
decisions have to be made.
9) Unless otherwise stated, the reporting language shall be English.
10) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-
U.
11) A committee shall be setup to review the progress on completion of the entire work at
different stages or as and when necessary.
5.9.6 Administrative information
10) Interviews for the Team leader and the four (4) of the team members may be required
11) In case of the need to subcontract, NITA-U shall review and approve of such arrangements
12) English shall be the language of communication for all legal documents
13) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand
14) Management team member presence shall be required for briefing and/or debriefing.
Consultancy Services – Framework Contracts Version 1.0 43 | P a g e
5.10: LOT 10: PDRP: IT Training and Capacity Building Services
5.10.1 Background
Information and Communication Technology (ICT) is a key enabler in the enhancement of
Government services. An ICT-literate population, encompassing the necessary skills, will
enable the realization of ICT’s benefits and foster increased levels of service efficiency while
contributing positively to the economy. The government of Uganda has identified ICTs as one
of the rapidly growing areas that have the potential to ‘leap-frog’ the nation to benefit from the
globalized economy and has invested in initiatives to promote its development, however there
is no programme in place to enhance and equip the users with skills to utilize ICTs and reap
their benefits..
National Information Technology Authority (NITA-U) was established by the Act of Parliament
(National Information Technology Authority, Uganda Act of 2009) and was operationalized in
2010. The authority was charged with an overall mandate to coordinate, promote and monitor
the development of Information Technology (IT) in the context of social and economic
development of Uganda. In order to fulfill its mandate NITA-U seeks to develop, implement and
maintain a National IT Capacity building, Training and awareness framework, policy and
strategy.
In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide IT
Training and Capacity Building Services. The successful individuals, firms/companies shall be
contracted from time to time to undertake the specific assignments as and when need arises
5.10.2 Description of assignment
1) Global objective
The main objective this consultancy is expected to establish the National ICT capacity
targets which will enable systems, organizations and the actors therein to function more
effectively
2) Specific objective(s)
The specific objectives include
i. To review the current situation and establish goals of the stakeholders and
identify their required ICT skills, competences, knowledge and training needs.
ii. To map the existing and available ICT skills, competences and knowledge. To
availability of required training courses.
iii. To identify the gaps between the current and required ICT skills and
competences and provide a roadmap on how these gaps could be filled
Consultancy Services – Framework Contracts Version 1.0 44 | P a g e
iv. To deliver Training Programmes that can address the identified gaps
3) Requested services/Scope of work
The Consult will be required to provide the following services
i. Undertake a capacity building needs assessment and strategy development
ii. Undertake Training Needs Analysis/ Skills Gap Analysis
iii. Develop an Action Plan
iv. Develop required Training Content and Training Plan
v. Deliver Training Programmes
vi. Design and develop a Training Needs Analysis and Skills Gap Analysis Monitoring
and Evaluation Framework;
vii. Identify Volume of ICT skills Demand, occupational categories that are in demand as
well as accompanying trends
viii. Identify supply base trends and suitability of current IT Curriculum of IT and
Computing Programmes
ix. Clarification of competencies - both technical and non-technical that are required for
the present and in future at varying levels in all sectors of the ICT industry
x. Designing E-learning Content
xi. Undertaking Instructional Design for e-learning modules
4) Required outputs
The deliverables for the assignment include
i. A Capacity Building Needs Assessment Report/ Training Needs Analysis Report/
Skills Gap Analysis Report
ii. A Capacity Building Action Plan/ Training Action Plan/ Training Programme
iii. Capacity Building/ A Training Needs and skills Analysis reporting and monitoring &
Evaluation Framework
iv. Customized Operational e-learning Platform
v. E-learning Content
5.10.3 Experts profile or Expertise required
1) The expected number of key personnel in the team is Three (5). The team will consist of
one team leader and three (1) ICT Experts/Specialist Surveys/ Needs Assessment Expert, (2)
Trainers, (1) E-learning Specialist
2) Profile per expert or expertise required:
a) Lead Expert
Consultancy Services – Framework Contracts Version 1.0 45 | P a g e
i. Bachelor’s degree in Computer Science, Information Technology, Information Systems
or related area
ii. Professional qualifications in Capacity Building, Training or related area;
iii. A Postgraduate degree in Computer Science, Information Technology, Information
Systems or related area
iv. Experience in project and programme implementation;
v. At least 5 years’ experience at a senior level in the area of institutional
strengthening/capacity building in the public sector
vi. Demonstrated experience in capacity/training needs assessment and implementation of
training programmes
vii. Proven capacity to provide technical advice to and able to win confidence/trust of senior
government officials and other stakeholders
viii. Fluency in English, both spoken and written.
b) ICT Expert
(i) Should have a Post‐graduate Degree in any ICT related field
(ii) In‐depth knowledge and understanding of ICT and Capacity Building issues and relevant work experience
(iii) Experience in project and programme implementation
(iv) Experience in Survey Design and Methodology
(v) Knowledge of the government institutions
(vi) Minimum of 5 years of experience in institutional organization and business management in complex environments, previous experience with capacity Building Needs Assessment would be an asset.
c) Surveys/ Needs Assessment Expert
i. Bachelor’s Degree in Statistics OR Bachelor of Science (Statistics and Economics) and
any closely related qualification.
ii. Should have a Post‐Graduate Degree in Statistics, Demography or ICT related field;
iii. In‐depth knowledge and understanding of survey design and methodologies
iv. Experience in project and programme implementation;
v. Knowledge of the government institutions;
vi. Knowledge of capacity building instruments and methods
vii. At least 5 years of working experience in survey related work including questionnaire
design and elaboration of survey methodologies, experience in strategic processes
planning, in project management, drafting reports, working with Government institutions.
Consultancy Services – Framework Contracts Version 1.0 46 | P a g e
viii. Ability to analyze, plan, communicate effectively orally and in writing, draft report, solve
problems, organize and meet expected results, adapt to different environments (cultural,
economic, political and social.
b) E-learning Specialist
i. Has a Bachelor’s degree in a Degree in Education and a Postgraduate Qualification in
IT or related field.
ii. Has experience in authoring /programming and is able to develop the functionality and
design the graphical components of an e-learning module using an authoring program
and/or web development tools.
iii. Has skills and knowledge in e-Learning technology is able to configure/set up/update a
learning management system (LMS), software required for synchronous or
asynchronous communication, and any other software or tools required for the learning
environment.
iv. Competent in Instructional Design
v. Is knowledgeable about the latest developments in e-learning technology and trends
and how these can benefit the organization.
c) Trainer
Each trainer should have
i. A Bachelor’s degree in any ICT related field
ii. Professional qualifications in Capacity Building, Training or related area
iii. Has Demonstrated experience in
a. Learning and development Management
b. Learning and Development Assessment
c. Learning Design and development
d. Learning Delivery
e. Teaching and Subject Formation
5.10.4 Location and duration
1. The duration of this consultancy will be determined by the nature of the assignment
2. The location (s) of assignment shall be as advised by NITA-U
5.10.5 Reporting
1. The Progress Reports for each task should comprise of an Executive Summary,
Findings and Recommendations to guide NITA-U Management especially where
administrative decisions have to be made.
Consultancy Services – Framework Contracts Version 1.0 47 | P a g e
2. Unless otherwise stated, the reporting language shall be English.
3. Weekly activity reports, tasks to be performed and travel schedule to be submitted to
NITA-U.
4. A committee shall be setup to review the progress on completion of the entire work at
different stages or as and when necessary
5.10.6 Administrative information
1. Interviews for the Team leader and the four (4) of the team members may be required
2. In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
3. English shall be the language of communication for all legal documents
4. For each assignment, a proposal shall be submitted that must contain a brief and clear
methodology to be used to accomplish the assignment at hand
5. Management team member presence shall be required for briefing and/or debriefing
5.11: Lot 11: PDRP: Project Quality Assurance / Monitoring & Evaluation
5.11.1 Background
National Information Technology Authority (NITA-U) was established by the Act of Parliament
(National Information Technology Authority, Uganda Act of 2009) and was operationalized in
2010. The authority was charged with an overall mandate to coordinate, promote and monitor
the development of Information Technology (IT) in the context of social and economic
development of Uganda.
NITA-U is mandated to co-ordinate, supervise and monitor the utilization of information
technology in the public and private sectors. In performing above function, NITA-U shall
consult and cooperate with other Institutions/organizations with functions related to, or having
aims or objectives related to project quality assurance / monitoring & evaluation services.
Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U
to delegate any of its functions under the Act to any organization..
In light of the above, NITA-U is seeking suitable individuals, firms/companies to project quality
assurance / monitoring & evaluation services. The successful individuals, firms/companies
shall be contracted from time to time to undertake the specific assignments as and when need
arises
Consultancy Services – Framework Contracts Version 1.0 48 | P a g e
5.11.2 Description of assignment
1) Global objective
The main objective this consultancy is to assess the progress and impact of
projects/initiatives, activities in fulfilling the set objectives through the planned activities; to
assess the efficiency and effectiveness with which resources have been used to generate
results and achieve project objectives with special emphasis on impact and sustainability
and determine achievements and challenges encountered in the implementation in order to
influence policy decisions regarding the development IT in the country.
The focus will be on measuring achievements against the benchmark (baseline data),
assessing whether the envisaged outputs have been achieved and the contribution of the
projects towards the overall objective.
2) Specific objective(s)
The specific objectives include
v. To analyze and interpret qualitative and quantitative data to gauge project/ Initiative/
activity impact;
vi. To monitor and evaluate the progress of the Project/ Initiative/ Activity on the basis of
indicators set out in the Project (if there are no indicators the consultant will develop
indicators)
vii. To develop a monitoring and evaluation system and documentation required for
evaluation of Projects/Initiatives/Activities in line with best international practices,
including data collection (questionnaires, interviews as applicable), analysis, and
interpretation of findings
viii. To establish procedures and data collection system and analyses tools for long term
impact evaluation of Projects/Initiatives/Activities
ix. To prepare detailed monitoring and evaluation manuals,
x. To conduct training of the selected staff in M&E to ensure that long-term capacity is
established in the NITA-U to monitor existing and future Projects/Initiatives/Activities,
xi. To produce interim and final M&E reports (which describe established monitoring
mechanisms and results of evaluation process).
xii. To undertake efficient and effective reporting on activities, accomplishments, and
results
3) Requested services/Scope of work
The Consult will be required to provide the following services
xii. Determine the extent to which the project outputs have been achieved taking into
account the indicators given in the project document.
Consultancy Services – Framework Contracts Version 1.0 49 | P a g e
xiii. Develop indicators in cases where they are lacking to be used in assessing the
achievements of the project so far.
xiv. Prepare Quality assurance and action plans.
xv. Prepare activity based project monitoring and Evaluation plans
xvi. A review of the annual work plans, progress reports, mission reports and mid-term
evaluation report for the projects/initiatives or activities;
xvii. Field visits to assess actual progress made in the implementation of various
activities.
xviii. Evaluate the level of contribution of the outputs towards the achievement of the
expected project objectives, goal and impact.
xix. Assess the relevance, effectiveness, and efficiency of interventions as well as, the
sustainability of the results, and the degree of satisfaction of the beneficiaries.
xx. Critically review the roles and responsibilities played by the various players and
stakeholders in project implementation. The review of the roles and responsibilities
should be linked to institutional mechanisms and implementation arrangements that
were put in place to facilitate the delivery of NITA-U objectives. The review should
also identify quality assurance measures put in place for NITA-U to effectively and
efficiently implement the project.
xxi. Identify major external factors that influenced or impacted on the implementation of
the project and evaluate their implication on future interventions.
xxii. Highlight lessons or good practices learned from the project and make
recommendations for future policies/strategies.
4) Required outputs
The deliverables for the assignment include
vi. A Quality Assurance Plan for projects/initiatives or activities
vii. A monitoring and evaluation system will all documentation required for evaluation of
Projects/Initiatives/Activities in line with best international practices.
viii. Procedures for data collection system and analysis for long term impact evaluation
of Projects/Initiatives/Activities
5.11.3 Experts profile or Expertise required
1) The expected number of key personnel in the team is four (4). The team will consist of
one (1) lead M&E expert, one (1) analyst and two (2) monitoring and evaluation officers
2) Profile per expert or expertise required:
a) Lead M&E Expert
ix. Master’s degree in economics/statistics or in any related field in social/economic
sciences.
Consultancy Services – Framework Contracts Version 1.0 50 | P a g e
x. At least 5 years working experience in M&E related issues and/ development context.
xi. Experience in project and programme implementation
xii. At least 5 years’ experience at a senior level in the area of policy, planning and
management in the public sector
xiii. Good management and co-ordination skills, and experience on technical project
implementation Proven capacity to provide technical advice to and able to win
confidence/trust of senior government officials and other stakeholders
xiv. Expert knowledge of programme design (mainly log frame) or similar frameworks for
monitoring and evaluation.
xv. Excellent organizational and time management skills required to meet deadlines.
xvi. Competence in managing and implementing Information Technology (IT) projects.
b) Data Analyst
i. The applicant must have as minimum a degree in statistics/Quantitative economics and
should be comfortable with numbers and basic statistics coupled with the ability to
communicate findings and recommendations in conversational business formats.
ii. Knowledge of database management and statistical software programs including but
not limited to Microsoft Access, Excel, and SPSS understanding of basic multivariate
analysis like correlation, regression
iii. Knowledge of the sources of data and methods of obtaining data
iv. Strong analytical skills including analysis of both quantitative and qualitative data.
v. Experience in project and programme implementation
vi. Experience in Survey Design and Methodology and Data collection
vii. Knowledge of the government institutions
viii. Minimum of 5 years of experience in institutional organization and business
management in complex environments, previous experience with capacity Building
Needs Assessment would be an asset.
c) Monitoring and evaluation officers
i. The applicants must have as minimum a degree in statistics, Quantitative
economics, social / economic sciences or related field and should be comfortable
with numbers and basic statistics coupled with the ability to communicate findings
and recommendations
ii. Formal training in monitoring and evaluation will be an added advantage
iii. Excellent written communication skills
iv. At least 2 years of experience in activities and/or projects that involved working in
the ICT field
v. High degree of competence with MS Office applications: Word, Excel, PowerPoint,
Outlook.
Consultancy Services – Framework Contracts Version 1.0 51 | P a g e
vi. Knowledge of the sources of data and methods of obtaining data.
5.11.4 Location and duration
3. The duration of this consultancy will be determined by the nature of the assignment
4. The location (s) of assignment shall be as advised by NITA-U
4.11.5 Reporting
5. The Progress Reports for each task should comprise of an Executive Summary,
Findings and Recommendations to guide NITA-U Management especially where
administrative decisions have to be made.
6. Unless otherwise stated, the reporting language shall be English.
7. Weekly activity reports, tasks to be performed and travel schedule to be submitted to
NITA-U.
8. A committee shall be setup to review the progress on completion of the entire work at
different stages or as and when necessary
5.11.6 Administrative information
6. Interviews for the Team leader, Data analyst and two (2) of the team members may be
required
7. In case of the need to subcontract, NITA-U shall review and approve of such
arrangements
8. English shall be the language of communication for all legal documents
9. For each assignment, a proposal shall be submitted that must contain a brief and clear
methodology to be used to accomplish the assignment at hand
10. Management team member presence shall be required for briefing and/or debriefing
5.12: LOT 12: DeG: Business Analysis and Design
5.12.1 Background
NITA-U is mandated to promote and provide technical guidance for the establishment of e-Government, e-Commerce and other e-Transactions in Uganda. In order to effectively establish e-government systems in institutions, there is need to understand specific organizational challenges and needs so as to propose appropriate solutions for effective delivery of services to citizens using e-government.
5.12.2 Description of assignment
1) Global objective
Consultancy Services – Framework Contracts Version 1.0 52 | P a g e
The consultant(s) will be required to provide advisory services in Business analysis for an
Institution to and on behalf of NITA – U in relation to its mandate as the IT advisory and
implementation arm of Government. The Objective is helping institutions implement technology
solutions in a cost-effective way by determining the requirements/business need for a project
or program, and communicating them clearly too all stakeholders, facilitators and partners.
2) Specific objective(s)
The consultant(s) will be required to conduct the following specific objectives
1. To lead government institutions through the development of ICT business cases and obtains approval of senior management to proceed through the ICT investment process.
2. To Lead cross-functional business process re-engineering teams and continuous improvement efforts. Identifies opportunities for process improvement and makes recommendations to MDAs, including changes to job functions, elimination and /or creation of positions etc.
3. To develop technical solutions to government institutions by defining, analyzing and documenting requirements, managing requirements at the project level to fulfilling business needs.
4. To document /design business processes using relevant modeling techniques such as Use Case, Swim-lane, and Data Flow Diagramming;
5. To analyse processes to recommend fundamental process improvements to management which exploit technology components, eliminate redundant tasks, and/or minimize duplicationof effort;
6. To evaluate potential software solutions, including off-the-shelf and open source components, and the system architecture to ensure that they meet business requirements; ensuring alignment with architectural and technical standards;
7. Responsible to create of an accurate business requirements document and obtaining stakeholder and senior management’s approval;
8. To perform analysis and facilitates stakeholder consensus to create documented, agreed upon functional and non-functional business requirements and specifications
9. To analyse proposed Project Change Requests for impacts on documented Business Requirements and projected Business Benefits defined in the Business Case;
10. To develop or supports the development of training material; 11. To support development of procurement documents such as TORs, project proposals
and technical requirements
3) Requested services
The Consult will be required to provide the following services.
Conducts business requirements gathering in government institutions
Conduct business process reengineering in government institutions
Develops business proposals/business cases for the institutions based on
the business needs and what solutions are recommended.
Consultancy Services – Framework Contracts Version 1.0 53 | P a g e
Provide timely reports to NITA-U on the results from requirements
gathering and needs assessments.
Where required, conduct follow up on project implementation to ensure
the business case objectives are aligned.
4) Required outputs
It is expected that following the engagement of the consultant for a specific
assignment, the following should be the outputs.
Business requirements gathering and needs assessment report for
respective institutions as assigned by NITA-U.
Business proposals/Business cases and technical solution proposals for
respective institutions
Process re-engineering action plan for respective institutions
Terms of reference for the specified solutions for procurement purposes
based on the business need
Timely follow up reviews requested by NITA-U.
5.12.3 Experts profile or Expertise required
1) Number of requested experts per category and number of man-days per expert
or per category
Category: Business Analyst.
Number of required experts: 2 (two) expert
Number of man-days per expert: 20 working days
2) Profile per expert or expertise required:
a. Category and duration of equivalent experience
Demonstrated knowledge of business analysis process
At least 4 (four) years’ experience in business analysis work in the IT
environment and evidence of a minimum of 5 assignments successfully
completed for a large organization or Government.
Consultancy Services – Framework Contracts Version 1.0 54 | P a g e
b. Education
Masters of Business Administration
Undergraduate degree in Information Technology or Business
Computing a suitable combination of a degree with Business
Analysis training and experience;
The following levels of education or certification would be
considered an asset:
o Certification in Business Analysis
o ITIL Certification
c. Experience
Evidence of similar assignments undertaken and successfully
completed for a minimum 4 (four) large organizations or
Government departments
d. Language skills
Proficiency in the English language
Consultant minimum requirement are as follows;
Excellent knowledge of the Business analysis process
Sufficient technical expertise in IT, project management and conducting
business needs assessments.
Excellent report writing skills
5.12.4 Location and duration
1) Starting period
As may be required and determined by demand from government institutions.
2) Foreseen finishing period or duration
Each assignment should last no later than 30 working days.
3) Planning including the period for notification for placement of the staff
No less than 10 working days before commencement of an assignment.
4) Location(s) of assignment
Consultancy Services – Framework Contracts Version 1.0 55 | P a g e
The assignments will be conducted onsite at the premises of the institutions
being analyzed. However, a combination of onsite and offsite assessments may
be adopted as deemed appropriate for the achievement of the objectives of the
assignment.
NB: the duration of the assignment may vary based on the scope of the
assignment but NITA-U reserves the right to determine the assignment scope
and duration.
5.12.5 Reporting
On the basis of reporting, the consultant should closely work under the guidance of
the Senior Business Analyst in the department of Strategy and Business
development, who is responsible for planning, executing and monitoring the
assignment as per the contract agreement with NITA-U
1) Content
The consultant will produce the documents and Reports in both electronic and
hard copy formats, as Microsoft Word documents, and submit them to the NITA-
U. The nature of the reports shall include;
a) Inception report that should outline the details of the approach,
methodology, work plan (including budget) and the timeline for all the
activities in assignment.
b) Periodic report on project progress and budget exhaustion.
(Daily/Weekly/Monthly)
c) Final report as per indicated in the approved timelines.
2) Language
The reports/documents as well as any annexures thereto shall be written in the
English language.
3) Submission/comments timing
The draft reports/documents should be issued based on the timelines agreed
during inception of the assignment.
4) Number of report(s) copies
A minimum of 2 reports/documents spiral bound with appropriate stationery.
Consultancy Services – Framework Contracts Version 1.0 56 | P a g e
5.13: LOT 13: DFA: Financial Management and Accounting Services. 5.13.1Background
National Information Technology Authority (NITA-U) was established by the Act of Parliament
(National Information Technology Authority, Uganda Act of 2009) and was operationalized in
2010. The authority was charged with an overall mandate to coordinate, promote and monitor
the development of Information Technology (IT) in the context of social and economic
development of Uganda. In order to fulfill its mandate the Directorate of Finance and
Administration plays a role of support function to all other Directorates.
The Directorate mainly plays a critical but supportive role to the other directorates in the
delivery of the NITA-U mandate and strategic objectives.
These are some of the activities undertaken:
o In house run and maintain approaches,
o Insourcing using inter departmental technical teams,
o Independent private consultancies and,
o Outright acquisitions especially for equipment and supplies.
In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide
Financial Management, Accounting and advisory Services. The successful individuals,
firms/companies shall be contracted from time to time to undertake the specific assignments
as and when need arises.
NITA-U is looking for a consultant/firm to support the Finance and Accounts department.
5.13.2 Description of Assignment
1. Global Objective
The global objective of the assignment is to develop and implement an effective Financial
Management & Accounting Systems and Tools, Policies and Procedures for optimal
sourcing and application of NITA-U Resources.
2) Specific Objective(s)
The specific objectives of the assignment shall include
a) The Consultant will be responsible for assisting in fulfilling all aspects of project, Government of Uganda accounting and financial reporting including advise on maintaining proper books of accounts on the computerized accounting system, advise on managing all bank accounts and petty cash transactions and advice on ensuring the reimbursement requests are reviewed and processed on a timely basis for eligible expenditures, timely
Consultancy Services – Framework Contracts Version 1.0 57 | P a g e
submission of withdrawal application for replenishment from the Bank of Uganda, advice on safeguard of NITA’s assets, advice on both internal and external audits of the Authority.
b) Use the NITA’s Standard Operating Procedures (SOP) and FMM as the financial framework to update the Financial Management Manual for the specific needs of NITA-U.
c) Strengthen the financial management capacity and provide oversight, monitoring and supervision of financial management team; and establish a safeguard mechanism for NITA’s assets
d) Advice and work closely with NITA’s management team on annual budget preparation.
e) Cash flow forecasting for NITA-U and its business projects at large.
f) Installation of the Computerized Accounting package and Billing systems, training of
Finance staff on how to use and support services after installation.
5.13.3 Scope of Service The financial consultant shall provide advice and assistance to NITA-U Executive management, projects and staff. This shall include but not limited to advice on preparing monthly management accounts and prepare financial planning and budgets, financial and management reporting, including reports for the Board, financial partners and the stakeholders. Responsibilities The Financial Consultant’s duties and responsibilities will include, but not limited to:
a) Participate to the implementation of Operational …. midterm review recommendation to improve the financial management system of NITA and adopting best international accounting standards, and the recommendation of External auditors and review
b) Contribute to design financial reporting formats that provide analysis and financial performance indicators,
c) Assess the staff capacity of NITA’s Finance Team, and recommend strategic steps for capacity building that will enable the team to carry out its mandates, roles and responsibilities.
d) Provide class-room and on-job trainings to assist NITA-U Finance Team in establishment and management of the Financial Management Mechanism including the use of an accounting system and preparation of financial reports.
e) Assist the management in ensuring that all expenditures are authorized in accordance with established financial procedures, with proper supporting documentation and are recorded in the computerized accounting system, and maintenance of supporting documentation in proper order and form for the project and Government of Uganda expenditures.
f) Assist in preparation of annual work plan and budget, disbursement projection and subsequent monitoring which include analysis and comment of variance. And coordinate with others stakeholders.
h) Ensure that all financial reports are prepared and submitted to relevant authorities in a timely manner
Consultancy Services – Framework Contracts Version 1.0 58 | P a g e
i) In collaboration with other staff, review and improve the accounting system to meet stakeholders requirements
j) Liaise with internal and external auditors on audit queries and advice accordingly. k) Provide monitoring tools of physical achievements against expenditure and, l) Perform other related duties as required
5.13.4 Reporting and Duration
The Financial Consultant will report to the Director Finance and Administration. The services are expected to continue through approximately 12 months, with possible extension based on the annual performance review and on the project work programs and based on funding. The progress Reports would be produced which include the Executive summary, findings and recommendations to guide NITA-U especially where admistrative decisions have to be made. 5.13.5 Location The Consultant will be based at NITA-U offices based at Palm Courts, Plot 7A Rotary Avenue (Lugogo By pass Kampala. 5.13.6 Knowledge and Skills The candidate/firm must have proficient knowledge in the following areas: Financial analysis Budgeting and budget analysis Mentoring and coaching Cash flow forecasting techniques. Financial performance review techniques Understanding of Government accounting Research and program development skills Computer skills with ability to use advanced spreadsheets and word programs Ability to work individually and provide training as above requirement Demonstrated ability to consult and work cooperatively with others. Effective communication skills with the ability to prepare reports, proposals, policies and
procedures Must demonstrate sound work ethics and maintain standards of conduct 5.13.7 Qualifications Minimum: Masters degree in Finance, Finance management,Bussiness administration, or
related field At least 5 years of work experiences in financial management, financial control, audit or
public or private institutions as a financial controller. Advanced knowledge of Government Accounting Software Full Membership of Internationally Recognized Professional Accounting Body (ACCA,
CPA,CIMA,CA)