REQUEST FOR EXPRESSION OF INTEREST (EOI)
Date: 4th October 2021
CONDUCT VULNERABILITY AND PENETRATION TEST
Procurement Number: NRA/ICT/EOI/2021/138
The NRA is already implementing automated systems for Customs Services Department, Finance & Budget Department and Human Resources Department. The customs system has been upgraded to ASYCUDA WORLD. The NRA is on the verge of completing the automation of domestic taxes through an integrated tax administration system and the introduction of electronic cash registers. The NRA is keen to support the adoption of digital technologies across all departments.
Due to these upgrades and the implementation of new systems, there may arise new information security vulnerabilities and threats. Therefore, the NRA has decided to undergo robust Vulnerability and Penetration Testing.
SCOPE OF THE JOB
NRA requires a firm to conduct a Vulnerability and Penetration Testing in the following areas:
Network and Device Scanning
General ICT skills assessment
Required Security Tools
Malware Scanning
Access Control
Database security assessment
Website and Web Applications Assessment
Interested firms can submit their proposal to NRA. Sealed Proposals must be marked on the outer envelope “Expression of Interest for Vulnerability and Penetration Testing”, delivered to the below office on or before 12.00 pm on Friday, 29th October 2021 at The Procurement Unit, 4th Floor, 18 Wellington Street, Freetown and must be accompanied by the following documentation:
- A certified true copy of a valid Business Registration Certificate
- A certified true copy of a valid NRA tax clearance certificate
- A certified true copy of a valid NASSIT clearance certificate
- A certified copy of the New NRA Tax Identification Number (TIN)
- Evidence of similar contract for at least 3 years, its past relevant work, the work plan including time and the propose technical team members.
| TECHNICAL CRITERIA |
| The bidder must be Major IT service firm with wealth of experience in Security and Vulnerability and Penetration Testing (Attach Proof) |
| The interested party must have a globally known Vulnerability Scanner such as NESUS. |
| The Interested party must hold professional certifications in Penetration Testing. Eg. Certified Penetration Tester (CPT), Certified Expert Penetration Tester (CEPT), EC-Council Licensed Penetration Tester Master etc. |
| The interested party must have at least five (5) years’ experience in dealing with Network devices, databases, websites, application coding, penetration testing, ICT skills assessment, Access Control etc. |
| Service Level Agreement Uptime (SLA) >99.30%. |
Interested firms may obtain further information at The Procurement Unit, 4th Floor, 18 Wellington Street, Freetown from 9:00 a.m. and 4:00 p.m., Mondays to Fridays inclusive, except on public holidays, throughout the advert period.
Only shortlisted firms will be contacted to submit detailed technical and financial proposal, for further evaluation and final award of contract.
