NATIONAL INFORMATION TECHNOLOGY AUTHORITY-UGANDA DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES UNDER FRAMEWORK CONTRACTS

Transcription

1 NATIONAL INFORMATION TECHNOLOGY AUTHORITY-UGANDA DRAFT TERMS OF REFERENCE FOR CONSULTANCY SERVICES UNDER FRAMEWORK CONTRACTS SEPTEMBER 2014

2 1.0 INTRODUCTION The National Information Technology Authority-Uganda (NITA-U) is an autonomous statutory body established under the NITA-U Act 2009, to coordinate and regulate Information Technology services in Uganda. NITA-U is under the general supervision of the Ministry of Information and Communication Technology (MoICT). NITA-U is mandated to coordinate, promote and monitor IT development within the context of national social and economic development, with a vision as a facilitator of a knowledge-based, globally competitive Uganda where social transformation and economic development is supported through IT enabled services. Under the objects of the Authority, NITA-U is mandated to; a) Provide high quality information technology services to government b) Promote standardization in the planning, acquisition, implementation, delivery, support and maintenance of information technology equipment and services, to ensure uniformity equality, adequacy and reliability of information technology usage throughout Uganda; c) Provide guidance and other assistance as may be required to other users and providers of information technology; d) Promote cooperation, coordination and rationalization among users and providers of information technology at national and local levels as to avoid duplication of efforts and ensure optimal utilization of scarce resources; e) To promote and be the focal point of co-operation for information technology users and providers at regional and international levels; and f) To promote access to and utilization of information technology by the special interest groups. Under the powers of the Authority, NITA-U is; 1) To carry out regular e-readiness surveys to ascertain the status of information technology in Uganda; 2) To establish a repository of information technology standards, and for the registration and classification of documentation related to locally developed and imported information technology solutions; 3) To establish a mechanism for collaboration and promotion of partnerships between various categories of players in the information technology sector; 4) To regulate and certify information technology education in Uganda in consultation with the ministry responsible for Education or its agencies; 5) To charge fees for services provided by the authority Consultancy Services Framework Contracts Version P age

3 NITA-U would like to engage suitably qualified firms under framework contracts to provide technical assistance (consultancy services) to enable her fulfill her mandate. NITA-U expects the highest level of professionalism from the contracted firms. 2.0 ASSIGNMENT BACKGROUND In line with her mandate, NITA-U is working on a number of projects across government which periodically calls for extra highly qualified human resources to enable her deliver on all assignments within the set budget and expected time frame. From time to time, NITA-U requires specialized resources to work on specific tasks or projects in accordance with specific guidelines, to ensure successful implementation. 3.0 OBJECTIVE The objective of this procurement is to engage firms under framework contract to provide technical assistance in highly specialized areas as and when required; and ensure that assignments / tasks, projects and or programmes are completed in time, within budget, and with satisfactory quality. 4.0 SCOPE OF CONSULTANCY SERVICES In all cases NITA-U will need short-term technical assistance at short notice allowing for fast recruitment of experts. The quality of this technical assistance will be guaranteed by Framework Contractors who have been pre-selected for the thematic areas, or lots below: LOT 1: DIS: Software Applications / Systems Audit LOT 2: DIS: Information Systems Audit LOT 3: DIS: Computer Forensics and Investigations LOT 4: DRLS: Compliance Assessments and Audits LOT 5: DRPD: Research and Innovation Services LOT 6: DTS: Technical Services LOT 7: DRPD: IT Project Management LOT 8: DeG: Web Development LOT 9: DPRD: IT Standards and Frameworks Development Services LOT 10: DPRD: IT Training and Capacity Building Services LOT 11: PDRP: Project Quality Assurance / Monitoring & Evaluation LOT 12: DeG: Business Analysis and Design Consultancy Services Framework Contracts Version P age

4 Each framework contractor disposes of the appropriate internal or external technical expertise and skills required for the lot for which it has been pre-selected. 5.0 SPECIFIC TERMS OF REFERENCE 5.1 LOT 1: DIS: Software Applications / Systems Audit Background In line with her mandate, NITA-U intends to conduct several Software Applications / System Audits on various Government of Uganda Systems that will determine the security and policy decisions required to ensure the protection of all internal information resources. NITA-U invites expressions of Interest from consultants/consulting firms having a minimum of five years related experience and a proven track record in projects of a similar nature, who wish to carry out the Audit exercise under a framework contract arrangement Description of assignment 1) Global objective The objective is to carry out a comprehensive review and examination of the controls and internal checks built into the application. The consultant shall report on the conclusions reached from his audit/review of the application controls and recommend suitable measures for correcting any deficiencies which were identified during the audit review process. 2) The consultant will be permitted to access concerned records, software, hardware, and computer installations and shall be required to sign a nondisclosure agreement before commencement of duty. 3) The scope of work includes a) Evaluation of all the processes and activities, which are computerized under the systems using appropriate test data. b) Evaluation of data origination controls - adequacy on controls in procedures relating to data preparation, document control, data authorization and data retention. c) Review the adequacy of systems and controls for data entry, segregation of roles, and duties, data validation / editing procedures and data input error handling procedures. d) Evaluate the adequacy of controls in the data processing procedures to ensure that data integrity. Consultancy Services Framework Contracts Version P age

5 e) Ensure that adequate checks and controls are built into the system to provide completeness and accuracy of the output reports. f) Knowledge transfer g) Recommendations and implementation plan to correct the deficiencies. h) Study the existing system and validating the application software. Also. Attempt an analysis of comparator applications used for similar functions in successful projects in elsewhere. i) The evaluation framework should include multiple criteria based assessment for evaluating and validating the application software like ease of use, complexity of procedure, errors in documentation, timely response, etc. should be incorporated. 4) Required outputs The consultant shall submit an application software / system audit report, which shall include the following; a) Study the existing system(s), validate the application and submission of reports with recommendations. b) Test / audit the application software modules, identify deficiencies observed in the systems and submission of reports with appropriate recommendations. c) Knowledge transfer to selected staff. d) Submission of final reports. 5) NITA-U reserves the right to cancel the consultancy at any point in time if the performance is found to be unsatisfactory Experts profile or Expertise required 1) The expected number of key personnel in the team is five. The team will consist of one team leader and four team members as a minimum. They should have experience in the complete life cycle of application software (study, design, development, testing, implementation, training, troubleshooting and support, etc.) using various operating systems (like Linux, windows, UNIX) and tools and environments (like VB,.net, Oracle, Ms Access, Postgres etc.) 2) Profile per expert or expertise required: a. The Team Leader having Bachelors in Software Engineering, computer Science, computer application, IT, as well as an IT audit / Information Security certification with minimum of 5 years computer systems audit related experience. b. The Team Member having Bachelors in Software Engineering, computer Science, computer application, IT, as well as an IT audit / Security Consultancy Services Framework Contracts Version P age

6 certification with minimum of 3 years computer systems audit related experience Location and duration 1) The duration of this consultancy is 60 calendar days 2) The location(s) of assignment shall be as advised by NITA-U Reporting 1) The Audit Report should comprise of an Executive Summary, Findings and Recommendations which should include, but not limited to, System Vulnerabilities, Security Program Management of Information Technology Resources and Application Life Cycle Controls. 2) Unless otherwise stated, the reporting language shall be English. 3) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-U. 4) A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 1) Interviews for the Team leader and two of the team members may be required 2) In case of the need to subcontract, NITA-U shall review and approve of such arrangements 3) English shall be the language of communication for all legal documents 4) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 5) Management team member presence shall be required for briefing and/or debriefing. 5.2 LOT 2: DIS: Information Security Audit Background In line with her mandate, NITA-U intends to conduct several Information Security Audits for various Government of Uganda institutions to determine whether their information security measures are adequate to guarantee the preservation of the confidentiality, integrity and availability of information and information processing assets. NITA-U invites expressions of Interest from consultants/consulting firms having a minimum of five years related experience and a proven track record in projects of Consultancy Services Framework Contracts Version P age

7 a similar nature, who wish to carry out the Audit exercise under a framework contract arrangement Description of assignment 1) Global objective The objective is to carry out an Information Security Audit by using best security practices, which helps Government of Uganda institutions to maintain Information Technology (IT) security through ongoing, integrated management of policies and procedures, personnel training, selection and implementation of effective controls, reviewing their effectiveness and improvement. This should improve customer confidence, a competitive edge, better personnel motivation and involvement, and reduced incident impact. Ultimately, this leads to control over organizational losses and improved revenues 2) The consultant will be permitted to access concerned records, software, hardware, and computer installations and shall be required to sign a nondisclosure agreement before commencement of duty. 3) The scope of work includes a) Review adequacy of systems controls for Database Management system including access to, structuring of and control over shared database, Evaluate adequacy of systems for data administration, data access, concurrency controls, database integrity and content recovery processes. b) Review and report on the logical and physical security of the computer systems including Password administration, security violation reports, security of online access to data, backup and recovery plans and disaster management procedures. c) Information security policy for the organization: This activity involves a thorough understanding of the organization s business goals and its dependence on information security. This entire exercise begins with the creation of the IT Security Policy. This is an extremely important task and should convey total commitment of top management. The policy cannot be a theoretical exercise. It should reflect the needs of actual users. It should be implement-able, easy to understand and must balance the level of protection with productivity. The policy should cover all the important areas like personnel, physical, procedural and technical. d) Creation of information security infrastructure: A management framework needs to be established to initiate, implement and control information security within the organization. This needs proper procedures for approval of the information security policy, assigning of the security roles and co-ordination of security across the organization. Consultancy Services Framework Contracts Version P age

8 e) Asset classification and control: One of the most laborious but essential tasks is to manage inventory of all the IT assets, which could be information assets, software assets, physical assets or other similar services. These information assets need to be classified to indicate the degree of protection. The classification should result into appropriate information labeling to indicate whether it is sensitive or critical, and the procedure which is appropriate for copy, store, transmit or destruction of the information asset. f) Personnel security: Human errors, negligence and greed are responsible for most thefts, fraud or misuse of facilities. Various practical measures should be taken, like making personnel screening policies, confidentiality agreements, terms and conditions of employment, and information security education and training. Alert and well-trained employees who are aware of what to look for can prevent future security breaches. g) Physical and environmental security: Designing a secure physical environment to prevent unauthorized access, damage and interference to business premises and information is usually the beginning point of any security plan. This involves physical security perimeter, physical entry control, creating secure offices, rooms, facilities, providing physical access controls, providing protection devices to minimize risks ranging from fire to electromagnetic radiation and providing adequate protection to power supplies and data cables. Cost-effective design and constant monitoring are two key aspects to maintain adequate physical security control. h) Communications and operations management : Properly documented procedures for the management and operation of all information processing facilities should be established. This includes detailed operating instructions and incident response procedures. i) Network management requires a range of controls to achieve and maintain security in computer networks. This also includes establishing procedures for remote equipment including equipment in user areas. Special controls should be established to safeguard the confidentiality and integrity of data passing over public networks. Special controls may also be required to maintain the availability of the network services. j) Exchange of information and software between external organizations should be controlled, and should be complied with any relevant legislation. There should be proper information and software exchange agreements, the media in transit needs to be secure and should not be vulnerable to unauthorized access, misuse or corruption. k) Electronic commerce involves electronic data interchange, electronic mail and online transactions across public networks such as the Internet. Electronic Consultancy Services Framework Contracts Version P age

9 commerce is vulnerable to a number of network threats that may result in fraudulent activity, contract dispute and disclosure or modification of information. Controls should be applied to protect electronic commerce from such threats. l) Access control: Access to information and business processes should be controlled. The business and security requirements will include: i. Defining an access control policy and rules ii. User access management iii. User registration iv. Privilege management v. User password and management vi. Review of user access rights, network access controls vii. Enforcing paths from user terminals to computer viii. User authentication, node authentication ix. Segregation of networks x. Network connection control, network routing control, operating system access control xi. User identification and authentication xii. Use of system utilities xiii. Application access control xiv. Monitoring system access and use xv. Ensuring information security when using mobile computing and teleworking facilities. m) System development and maintenance: Security should ideally be built at the time of inception of a system. Hence security requirements should be identified and agreed prior to the development of information systems. This begins with security requirement analysis and specification, and providing controls at every stage i.e. data input, data processing, data storage and retrieval and data output. It may be necessary to build applications with cryptographic controls. There should be a defined policy on the use of such controls, which may involve encryption, digital signature, use of digital certificates, protection of cryptographic keys and standards to be used for cryptography. A strict change control procedure should be in place to facilitate tracking of changes. Any changes to the operating system or software packages should be strictly controlled. Special precautions must be taken to ensure that no covert channels, back doors or Trojans are left in the application system for later exploitation. n) Business continuity management: A business continuity management process should be designed, implemented and periodically tested to reduce Consultancy Services Framework Contracts Version P age

10 the disruption caused by disasters and security failures. This begins by identifying all events that could cause interruptions to business processes, and depending on the risk assessment, a strategy plan should be prepared. The plan needs to be periodically tested, maintained and re-assessed based on changing circumstances. o) Compliance: It is essential that strict adherence is observed to the provision of national and international IT laws, pertaining to Intellectual Property Rights (IPR), software copyrights, safeguarding of organizational records, data protection and privacy of personal information, prevention of misuse of information processing facilities, regulation of cryptographic controls and collection of evidence. The use of Information Technology in business has also resulted in the enactment of laws that enforce responsibility of compliance. All legal requirements must be complied with to avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations and of any security requirements. p) Review adequacy of systems documentation for operating and maintaining the new systems, ensure control functions and responsibilities are appropriately documented and quality of documentation complies with minimum industry standards. q) Documentation: The ISMS documentation shall consist of the following information: i. Evidences for action taken for implementation of the ISMS ii. Details of the procedures adopted to implement the controls. It should also describe the responsibilities and relevant factors iii. Procedures covering the management and operation of ISMS. r) Document Control: Procedures should be established for controlling all documentation required as detailed above and that the documentation is: i. Readily available ii. Periodically reviewed and revised as necessary in line with the organization s security policy iii. Maintained under version control and made available to all locations where operations essential to ISMS are being performed iv. Promptly withdrawn when obsolete v. Identified and retained when obsolete and required for legal or knowledge preservation purposes or both. s) Records: Records like visitor s book, audit records, ACLs, etc, being evidence generated as a consequence of the operation of the Information System Management System, should be maintained to demonstrate compliance with the requirements of ISO 17799:2000. There should be procedures Consultancy Services Framework Contracts Version P age

11 established for identifying, maintaining, retaining and disposing of these records demonstrating compliance. t) Knowledge transfer u) Recommendations and an implementation plan to correct the deficiencies 4) Required outputs The consultant shall submit an audit report, which shall include the following; a) Study of the existing governance, policies, procedures and submission of reports with recommendations. b) Validation of the existing administrative documents and submission of the reports c) Recommendations and changes in the existing administrative documents based on industry standards d) Fine tune the administrative documents based on best practice and business requirements of the target institution e) Knowledge transfer to selected staff. f) Submission of final reports. 5) NITA-U reserves the right to cancel the consultancy at any point in time if the performance is found to be unsatisfactory Experts profile or Expertise required 1) The expected number of key personnel in the team is five. The team will consist of one team leader and four team members (Systems Specialist, Network Specialist, Applications Specialist, Architecture and Integration Specialist) as a minimum. They should have knowledge and experience in customizing and deploying application, Systems analysis and design, Information Systems Auditing, Operating systems installation, administration and auditing, Information Security risk analysis and remediation, Network design, installation, support and auditing, Penetration testing and vulnerability assessment. 2) Profile per expert or expertise required: a. The Team Leader having bachelor s degree in either information systems or computer science (or other technical discipline) with a minimum of 5 years Information Security audit related experience. The Team Leader should possess an IT audit / Information Security certification and project management knowledge and experience. b. The System Security Specialist having bachelor s degree in either information systems or computer science (or other technical discipline) Consultancy Services Framework Contracts Version Page

12 with a minimum of 3 years System Administration / Audit related experience. The System Security Specialist should possess a System Administration and an IT audit / Information Security certification. c. The Network Specialist having bachelor s degree in either information systems or computer science (or other technical discipline) with a minimum of 3 years Network Administration / Audit related experience. The Network Specialist should possess Network Administration and an IT audit / Information Security certification. d. The Application Specialist having bachelor s degree in either information systems or computer science (or other technical discipline) with a minimum of 3 years Application or Database Administration / Audit related experience. The Application Specialist should possess Application / Database Administration and an IT audit / Information Security certification. e. The Architecture and Integration Specialist having bachelor s degree in either information systems or computer science (or other technical discipline) with a minimum of 3 years System Integration related experience. The Architecture and Integration Specialist should possess System Integration and an IT audit / Information Security certification Location and duration 1) The duration of this consultancy is 75 calendar days 2) The location(s) of assignment shall be as advised by NITA-U Reporting 1) The Audit Report should comprise of an Executive Summary, Findings and Recommendations which should include, but not limited to, Web Application Security, Vulnerability Testing, Penetration Testing, Wireless Security, Policy and Procedure Review, Cyber Security Incident Response, Physical Security, Personnel Security, Asset classification, Source Code Review. 2) Unless otherwise stated, the reporting language shall be English. 3) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-U. 4) A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 1) Interviews for the Team leader and two of the team members may be required 2) In case of the need to subcontract, NITA-U shall review and approve of such arrangements Consultancy Services Framework Contracts Version P age

13 3) English shall be the language of communication for all legal documents 4) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 5) Management team member presence shall be required for briefing and/or debriefing. 5.3 LOT 3: DIS: Computer Forensics and Investigations Background In line with her mandate and as need arises, NITA-U intends to contract a firm under framework contract arrangement to conduct several computer forensics and investigation exercises on various Government of Uganda Systems in pursuit of those that violate or mismanage computer systems in accordance with the various cyber laws. The firm selected will be experienced in all aspects of computer forensic work and will have a high level of skills and qualifications necessary to conduct the investigations to effectively support the collection and analysis of electronic evidence and the effective use of this evidence in later processes including the recovery from financial loss, administrative action and criminal prosecution by other government agencies Description of assignment 1) Global objective The objective is to carry out electronic investigations, while ensuring that the investigator creates an audit trail, maintains a complete chain of custody which can be used to demonstrate that any conclusions drawn from the investigation are verifiable and in accordance with the industry standards and guidelines for Digital Evidence. 2) The consultant will be permitted to access concerned records, software, hardware, and computer installations and shall be required to sign a nondisclosure agreement before commencement of duty. 3) The scope of work includes a) Acquisition of data in a way that preserves the data in the state in which it existed immediately prior to its capture, b) Investigation of any device which can hold digital data and c) Analysis of and reporting on the captured data. d) Knowledge transfer 4) Required outputs Consultancy Services Framework Contracts Version P age

14 a) The consultant shall submit an investigation report, which shall include the following; i. Procedures used ii. Evidence located iii. Evidence collected iv. Conclusion with reasoning b) The consultant shall also be expected to undertake deliberate actions aimed at building capacity of selected staff. 5) NITA-U reserves the right to cancel the consultancy at any point in time if the performance is found to be unsatisfactory Technical Skills and Competences 1) Knowledge and experience with the following operating systems: windows, Linux, UNIX, ios and Android as well as a thorough understanding on computer forensic tools such as EnCase, Forensic Toolkit (FTK), Autopsy, and/or I/Look Investigator. 2) Thorough knowledge of computer forensic procedures for data collection, preservation, recovery analysis including network forensic analysis and reporting 3) Ability to properly caliber and maintain the forensic equipment in proper working order 4) Ability to analyze industry technology trends to incorporate proven forensic investigation and supporting technologies into practice 5) Ability to analyze and deploy best practices applicable to forensics 6) Understanding of information systems security; network architecture; general database concepts; document management; hardware and software troubleshooting; electronic mail systems like exchange and Microsoft office applications 7) Ability to provide deposition and expert trial testimony when needed Qualifications 1) Possession of professional certifications and membership in professional associations in the field of computer forensics is highly desirable 2) The successful firm will have a combination of education and experience related to the essential duties and responsibilities including; a. At least seven years of experience in computer forensic investigation with a law enforcement agency or with a professional services firm b. Ability to maintain confidentiality is critical Consultancy Services Framework Contracts Version P age

15 c. Demonstrated experience in managing day to day aspects of client relationships, as well as forensic cases is a must d. Knowledge of computer forensic tools, methodologies, and protocols (e.g. EnCase, FTK, etc.) e. Expertise in windows operating systems, Linux, UNIX, PC hardware, PC networking f. Hardware to be analyzed will primarily encompass hard drives (such as SATA, SDD). However additional equipment may include thumb drives, memory cards, mobile phones, and other related storage devices g. Experience of undertaking engagements of similar nature is an asset Experts profile or Expertise required 1) The expected number of key personnel in the team is three. The team will consist of one team leader and two team members as a minimum. They should have strong technical ability with various computers, software and hardware, excellent communication abilities, strong analytical approach to problem-solving, working knowledge of tools such as Encase, FTK, Paraben and other industry-recognized tools, and should be willing to travel across Uganda for business-related purposes without restriction. 2) Profile per expert or expertise required: a. The Team Leader having bachelor s degree in either forensics or computer science (or other technical discipline) with a minimum of 3 years experience working in either a computer forensics or ediscovery environment as well as experience in imaging of various digital media platforms, acquiring all sources of data b. The Team Member having bachelor s degree in either forensics or computer science (or other technical discipline) with a minimum of 1 years experience working in either a computer forensics or ediscovery environment as well as experience in imaging of various digital media platforms, acquiring all sources of data Reporting 1) The consultant shall submit their forensic examination report(s) to NITA-U as well as to the institution where the services have been provided. The information provided in the reports should be concise and accurate 2) The consultant shall maintain an audit trail or other record of all processes applied to computer based electronic evidence to allow third party re-examination to achieve same results Consultancy Services Framework Contracts Version Page

16 3) Unless otherwise stated, the reporting language shall be English. 4) Analysis and reporting shall be within 30 days of receipt of the digital device 5) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-U. 6) A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary. 7) Any indications included in the report restricting its distribution and /or use will be deemed null and void Administrative information 1) Interviews for the Team leader and one of the team members may be required 2) In case of the need to subcontract, NITA-U shall review and approve of such arrangements 3) The electronic evidence and other related records are the property of the information owners but may be retained by the consultant and should be made available for review upon request. The retention period for electronic evidence and other related records shall be seven year. 4) English shall be the language of communication for all legal documents 5) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 6) Management team member presence shall be required for briefing and/or debriefing. 7) The firm and its staff shall maintain confidentiality regarding any information obtained in connection with the computer forensic services undertaken on behalf of NITA-U 5.4 LOT4: DRLS: Compliance Assessments and Audits Background As the Authority for Information Technology, NITA-U is required to regulate the Information Technology (IT) sector which includes public and private entities/persons and in particular to regulate IT education, IT professionals and IT service providers. Specific laws have been passed by Parliament to wit: The Electronic Transactions Act, 2011, The Electronic Signatures Act, 2011 and their underlying regulations; and the Computer Misuse Act, These laws were passed in order to facilitate, and provide assurance on the authenticity of, e-transactions and guard against the abuse of computer systems. Additional regulations are currently being drafted to further operationalize the NITA-U Act. In addition to the above mentioned laws, Government Consultancy Services Framework Contracts Version P age

17 Directives on IT and IT Standards that NITA-U issues from time to time together form the legal framework. These laws apply to the service providers as well as the users of IT products and services who are expected to abide by them. It is imperative therefore that NITA-U monitors adherence to these laws or other laws and Directives that may be passed/issued from time to time. NITA-U may choose to do this using in-house expertise or engage third party experts for support Description of assignment 1) Global objective 1.1 To achieve the objective of Government in setting up NITA-U, which includes; The implementation of the NITA-U Act, the IT laws, Cabinet Directives and laws passed from time to time. To achieve efficiency and effectiveness in service delivery by Government. To facilitate the provision of quality IT products and services to consumers. Growth and development of the IT sector that translates in socio economic development for the nation. 1.2 Monitor compliance by the Authority, management, employees and stakeholders in the Information Technology (IT) Sector with IT Laws, Regulations, Standards, Directives, Policies, Procedures and other relevant Laws (collectively, IT laws/the legal framework) in order to ensure the delivery of government objectives for regulating the IT sector. 2) Specific objective(s) The consultant(s) will be required to conduct compliance assessments and or audits to determine the level of compliance of the target group/entity, and in particular; Conduct compliance assessments in order to provide management and the Board with assurance that the IT laws are being complied with. Identify compliance gaps within the entity assessed and make appropriate recommendations for addressing those gaps including the establishment of necessary controls. Follow up on progress with resolution of the compliance gaps identified, where requested by NITA-U. Consultancy Services Framework Contracts Version P age

18 3) Requested services The Consult will be required to provide the following services. Conduct compliance assessments and or audits as assigned by NITA-U from time to time. Provide timely reports to NITA-U on the results of the assessments and or audits. Where required, conduct follow up reviews to check that review recommendations have been actioned. 4) Required outputs It is expected that following the engagement of the consultant for a specific assignment, the following should be the outputs. Compliance assessments and or audits conducted as assigned by NITA-U. A duly completed report issued in accordance with NITA-U terms of reference. Timely conduct of follow up reviews requested by NITA-U Experts profile or Expertise required 1) Number of requested experts per category and number of man-days per expert or per category. Category: Compliance with requirements under the IT legal framework. Number of required experts: 1 (one) expert Number of man-days per expert: 20 working days NB: The above will depend on the nature and scope of assignment to be undertaken and will be determined before engagement of the consultant. 2) Profile per expert or expertise required: a. Category and duration of equivalent experience Demonstrated knowledge of IT laws and practices. At least 5 (five) years experience in monitoring and evaluation work in the IT field and evidence of a minimum of 5 assignments successfully completed for a large organization or Government. Consultancy Services Framework Contracts Version P age

19 b. Education As a minimum: Master s or Honours degree in IT, Accounting or other relevant fields, with skills in compliance audits. Masters or Honours degree in Law. Possession of professional qualifications in IT will be an added advantage. Accreditation and certification in IT will be an added advantage. Formal training in monitoring and evaluation will be an added advantage c. Experience Evidence of similar assignments undertaken and successfully completed for a minimum 5 (five) large organizations or Government departments. d. Language skills Proficiency in the English language. Minimum required skills must be clearly identified. Excellent knowledge of the IT laws and overall IT regulatory environment. Sufficient technical expertise in IT, audit and the conduct of compliance assessments. Excellent report writing skills Location and duration 1) Starting period At the start of the Quarter, to be undertaken 4 (four) times in a financial year or as may be determined by management from time to time. 2) Foreseen finishing period or duration Each assignment should last no later than 20 working days. 3) Planning including the period for notification for placement of the staff No less than 10 working days before commencement of an assignment. Consultancy Services Framework Contracts Version P age

20 4) Location(s) of assignment The assignments will be conducted onsite at the premises of the entity being assessed. However, a combination of onsite and offsite assessments may be adopted as deemed appropriate for the achievement of the objectives of the assignment. NB: the duration of the assignment may vary based on the scope of the assignment but NITA-U reserves the right to determine the assignment scope and duration Reporting 1) Content As a minimum requirement, the report should contain the following: An acknowledged receipt of the engagement letter issued to the entity assessed in accordance with clause (3) above. 2) Language The report as well as any annexures thereto shall be written in the English language. 3) Submission/comments timing The draft report should be issued within 5 (five) working days from the 20 th day referred to under (2) above. 4) Number of report(s) copies A minimum of 3 reports spiral bound with appropriate stationery. 5.5 LOT 5: DRPD: Research and Innovation Services Background Under Sections 5(l) and (o) of the NITA-U Act respectively, NITA-U has the mandate to provide information management services through acting as a records management facility and information depository and also to undertake and commission research as may be necessary to promote its objectives. In execution of its functions under Section 19, NITA-U is required to conduct Consultancy Services Framework Contracts Version P age

21 Information Technology (IT) surveys. In addition, Section 23 of the Act authorizes NITA-U to disseminate any information collected from a survey. NITA-U shall in performing above functions, consult and cooperate with other Institutions/organizations with functions related to, or having aims or objectives related to IT Research & Innovation Services. Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U to delegate any of its functions under the Act to any organization. In light of the above, NITA-U is seeking suitable individuals, firms/ companies to deliver upon specified IT Research and innovations services whenever need arises Description of assignment 1) Global objective The global objective of this assignment is to strengthen the capacities of NITA-U in fulfilling her respective pre-accession roles and functions. 2) Specific objective(s) To provide IT Research and Innovation services being sought after include but not limited to; a) Conducting IT Surveys b) Conducting research on emerging technologies c) Development of a comprehensive IT Research & Innovation System d) Developing research project proposals (needs assessments, appraisals, and pre project studies) in line with the authority s strategic plan; e) Software applications and database development 3) Required outputs Outputs required will be structured/stated according to the service need/request Experts profile or Expertise required 1) Qualifications a) A Minimum of a Bachelor s Degree in Computer Science, Information Technology, Information Systems, Statistics or their equivalent; b) A Master's Degree in Computer Science, Information Technology, Information Systems, Software Engineering or a closely related field is a requirement; c) Professional/ Industry IT Certification such as ITIL, MCSE,CISSP, CISM, CGEIT, CRISC, PMP etc. are an added advantage; Consultancy Services Framework Contracts Version Page

22 d) Certification in Research Administration such as Certified Research Administrator (CRA) is an added advantage. 2) Experience a) A minimum of Five years proven and demonstrable experience in IT Research and Innovation in a reputable Public or Private Organization; b) Experience researching and recommending technical solutions related to Information Technology; c) Experience managing technology or software development projects; supervising professional or management staff; preparing and managing a variety of complex information technology related operations; setting goals, priorities and strategies for computer system security and other technical solutions; d) Experience in establishing procedures and implementing processes; analysing functions and practices to improve effectiveness; using technology for research and development efforts; and facilitating group processes; e) Knowledge of emerging technologies; systems integration and infrastructure; project implementation strategies; and research and development strategies; Location and duration Starting periods and finishing period or duration will be appropriately communicated along with the location(s) of assignment Reporting The medium of communication for the assignment shall be English. The consultant will produce the documents and Reports in both electronic and hard copy formats, as Microsoft Word documents, and submit them to the NITA-U. The nature of the reports shall include; a) Inception report that should outline the details of the approach, methodology, work plan (including budget) and the timeline for all the activities in project scope. b) Periodic report on project progress and budget exhaustion. (Daily/Weekly/Monthly) c) Final report as per indicated in the project timeline. The work plan should specify the management structure as well as the responsibility of each member of the team, including the main contractor and/or sub-contractors. The work plan should include a list of detailed tasks to be performed, with clear and realistic phases and milestones. Resources should be clearly associated to each task. Consultancy Services Framework Contracts Version P age

23 On the basis of reporting, mentioned above the consultant should closely work under the guidance of the head of department Research and Innovation who is responsible for planning, executing and monitoring the project as per the contract agreement with NITA-U Administrative information 1) In case of the need to subcontract, NITA-U shall review and approve of such arrangements 2) English shall be the language of communication for all legal documents 3) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand. 5.6 LOT 6: DTS: Technical Services Background The Directorate of Technical Services is mandated under the NITA U act to foster the development of the following functions of the NITA U Act: a) Provide first level technical support and advice for critical Government information technology systems including managing the utilisation of the resources and infrastructure for centralised data centre facilities for large systems through the provision of specialised technical skills; b) Identify and advise Government on all matters of information technology development, utilisation, usability, accessibility and deployment including networking, systems development, information technology security, training and support; c) Create and manage the national data bank, its inputs and outputs; and d) Provide guidance on the establishment of an infrastructure for information sharing by Government and related stakeholders Description of assignment a) Specific objective(s) The consultant(s) will be required to provide advisory services to and on behalf of NITA U in relation to its mandate as the IT advisory and implementation arm of Government. The Directorate of Technical Services provides IT Services to Ministries Departments and Agencies. The directorate would therefore like to Consultancy Services Framework Contracts Version P age

24 engage suitable qualified professionals to provide the above services on behalf of NITA U. b) Requested services The Consult will be required to provide the following services. Provide Technical Advice in relation to the provisioning of IT Services for Ministries Departments and Agencies with the specific goal of enabling the delivery of optimized and rationalized IT services from NITA - U; developing Conduct compliance assessments and or audits as assigned by NITA-U from time to time. Provide timely reports to NITA-U on the results of the assessments and or audits. Where required, conduct follow up reviews to check that review recommendations have been actioned. c) Required outputs The Consultancy firms shall be required to undertake all required activities from project planning until closure; and follow the National IT Project Management Methodology or any applicable guidelines. Companies will work under the guidance of IT Services Department in the Directorate of Technical Service. Contracted firms will be expected to present a list of key resources categorized based on their experiences in various IT specialized areas including IT Solution experts, Systems Analysts, Business Analysts, Information Security experts, that are detailed in attached Terms of Reference, at all levels including senior management, middle management and entry level positions Experts profile or Expertise required The consultants firms should comprise of network specialists, systems specialists, and Infrastructure Specialist and IT Services Delivery specialists with the following qualifications and job experience: a) Network Specialist The specialist shall possess network planning, management, supervision and maintenance of large Next Generation Networks Enterprise Wide Area Networks, Network Operating Centres (NOCs) and any LAN, MAN or WAN infrastructure. The Network Specialists will be required to perform the following: Consultancy Services Framework Contracts Version P age

25 - Planning, Design, implementation, testing and maintenance of Network Infrastructure; - Supervision of the systems administration and maintenance of DWDM, SDH and optical switching networks that is being implemented and maintained by NITA U; - Design and implement security controls for MDA LAN and WAN infrastructure; - Monitoring and implementation of these to ensure that the performance targets are met; - Manage network performance and recommend adjustments to wide variety of complex network management functions; - Monitor and ensure availability of the Network for it to be operational at all times; - Proactively investigate problems that may affect Network availability and take actions to resolve them; - Monitor Network security, deployment of IOS software upgrades, and enforce Network licence agreements; - Review and manage service agreements ensuring maximum productivity on all running SLAs; and - Recommend and implement policies, standards and documentation procedures related to the NOC operation procedures. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Master s Degree in any IT related field; - Five years Experience in the design, implementation and management of Networks in a large enterprise. - Professional certifications such as CCDA, CCNA, CISSP, MCSE, etc, will be an added advantage. - Demonstrated project management and communication experience will be required. b) OFC Specialists The OFC shall provide services in the field of maintenance of the optical switching networks deployed; oversee the development of the Optical Fibre networks and quality assurance of OFC implementations. The OFC Specialists will be required to perform the following: - Systems administration and maintenance of DWDM, SDH and optical switching networks; Consultancy Services Framework Contracts Version P age

26 - Provision of technical support to operators and services providers that interconnect with the Government Optical Fibre network; - Monitor and evaluation of the performance of the Optical Transmission Networks and Systems. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Three years Experience in the design, implementation and management of Optical Switching Systems; - Professional certifications such as CCDA, CCNA, CISSP, MCSE, c) WAN/MAN Solution Expert The WAN/MAN Solution Expert shall administer, maintain and operate the Wide Area Networks/ Metropolitan Area Networks that deployed by NITA U. the Expert will maintain the Network Operating Centres (NoCs) to ensure maximum availability and uptime. The WAN/MAN Solutions Expert will be required to perform the following: - Maintenance and configuration of the Datacom systems; - Supervision of the installation of the Data communications systems and hardware; - Configuration and set-up of all new server systems required for WAN/MAN infrastructure; - Firewall administration and overall internal network security. - Corrective and preventive maintenance of transmission sites. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Three years Experience in the in the administration of LAN/WAN/MAN servers and infrastructure; - Professional certifications such as CCDA, CCNA, CISSP, MCSE. d) Infrastructure Delivery Specialists The Infrastructure Delivery Specialist will be expected to plan for, build and supervise the implementation of Infrastructure programmes and projects and conduct related monitoring and evaluation activities according to project implementation plans and specifications. The Infrastructure Delivery Specialist will be required to perform the following: Consultancy Services Framework Contracts Version Page

27 - Planning and execution of Infrastructure projects that are undertaken by NITA U; - Development of Infrastructure blue prints for NITA-U projects. - Monitoring and Evaluating the project activities that are undertaken by NITA U with emphasis on quality programming with the project development partners; - Supervise and control the administrative and financial programs of NITA U infrastructure projects; - Provision of technical support to other public and private sector agencies undertaking IT Infrastructure Projects to promote high quality, cost effective and timely outputs of the projects and support the project design and development. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Master s Degree in any IT related field; - Five years experience in the in the supervision, management and administration of IT infrastructure delivery projects; - Professional certifications such as CCDA, CCNA, CISSP, MCSE; - Demonstrated project management and communication experience will be required e) Data Centre Expert The Data Centre Expert shall be capable of the design, construction, management, supervision and maintenance of the all Data Centres and Disaster Recovery Site Infrastructure and Applications. The Data Centre Expert will be required to perform the following: - Design, construction, management and supervision of Government Data Centres. - Management of the implementation, integration and support of Data Centre Applications. - Management of the Primary Data Centre storage systems and applications; - Recommend and implement policies, standards and documentation procedures related to Data Centre operation procedures. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; Consultancy Services Framework Contracts Version P age

28 - Five years Experience in the design, implementation and management of Data Centres in a large enterprise. - Professional certifications such as MCSE, MCSA, CCNA, - Demonstrated project management and communication experience will be required. f) Systems Administrator The Systems Administrator shall be capable of the configuration and maintenance of the application systems and enterprise software. The System Administrator will be required to perform the following: - Design and acquisition of tools to proactively identify errors, ensuring efficient and effective use of system resources. - Implementation, integration and support to Data Centre Applications. - Implementation of Disaster Recovery Plans. - Development of application policies and procedures; monitoring compliance of these. - Ensuring that server operating systems are up to date with the latest patches and antivirus updates. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Three years Experience in the design, implementation and management of Data Centers in a large enterprise. - Professional certifications such as MCSE, MCSA, CCNA. g) IT Services Specialist The IT Services Specialist is expected to manage the performance of the IT implementations in MDAs across the country and supervise the implementation of IT projects countrywide. The IT Services Specialist will be required to perform the following: - Management of Clients and Stakeholders on behalf of NITA-U in the delivery of NITA-U services to districts. - Supervision of the implementation of IT related projects being deployed in districts. - Overseeing the management of IT inventories of equipment, hardware and software that will be resident in the respective regions; Consultancy Services Framework Contracts Version P age

29 - Monitor the IT needs specific to the respective regions and develop an IT needs assessment for the respective regions; Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Three years experience in the management of critical national IT projects. - Professional certifications such as MCSE, MCSA, CCNA, h) IT Services Manager The IT Services Manager shall support the planning, coordination and delivery of Government wide IT Services up to the District level. The IT Services Manager will be required to perform the following: - Provision of first level technical support and advisory services for the development of Government IT systems. - Managing the utilisation of Government wide IT resources and infrastructure through the provision of specialised technical skills. - Provide guidance on the establishment of an infrastructure for information sharing by Government and related stakeholders. - Monitoring and managing supplier performance to ensure compliance with service level agreements. - Coordinate the development of annual business plans, capital and operating budgets. Qualifications and Competencies - Bachelor s Degree Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Master s Degree in any IT related field; - Five years experience in coordination and management of IT Services in a large enterprise is essential. - Professional certifications such as CCDA, CCNA, CISSP, MCSE, - Demonstrated project management and communication experience will be required. i) Database Administrator The Database Administrator shall be capable of the configuration and maintenance of all the applications and systems Databases. The Database Administrator shall also be responsible for the performance, integrity and security of all databases. The Database Administrator will be required to perform the following: - monitoring performance and managing parameters to provide fast responses to front-end users; Consultancy Services Framework Contracts Version Page

30 - Ensures data remains consistent across the database; - Data is clearly defined; - Users access data concurrently, in a form that suits their needs; - There is provision for data security and recovery control (all data is retrievable in an emergency) - Mapping out the conceptual design for a planned database; - refining the logical design so that it can be translated into a specific data model; - further refining the physical design to meet system storage requirements; - installing and testing new versions of the DBMS; - maintaining data standards, including adherence to the Data Protection Act; - writing database documentation, including data standards, procedures and definitions for the data dictionary (metadata); - controlling access permissions and privileges; - developing, managing and testing back-up and recovery plans; - ensuring that storage and archiving procedures are functioning correctly; - communicating regularly with technical, applications and operational staff to ensure database integrity and security; - commissioning and installing new applications and customizing existing applications in order to make them fit for purpose. Qualifications and Competencies - Bachelor s Degree in Computer Science, Information Systems, Information Technology, or Telecommunications Engineering; - Understanding of structured query language (SQL) - Knowledge of 'relational database management systems' (RDBMS), 'object oriented database management systems' (OODBMS) and XML database management systems - Experience with their database software/web applications Consultancy Services Framework Contracts Version P age

31 - Three years Experience in the design, implementation and management of Data bases in a large enterprise. - Professional certifications such as MCDBA, OCP,CDMP, MTA,MCM, MCTS will be an added advantage Location and duration 1) Starting period At the start of the Quarter, to be undertaken 4 (four) times in a financial year or as may be determined by management from time to time. 2) Foreseen finishing period or duration Each assignment should last no later than 20 working days. 3) Planning including the period for notification for placement of the staff No less than 10 working days before commencement of an assignment. 4) Location(s) of assignment The assignments will be conducted onsite at the premises of the entity being assessed. However, a combination of onsite and offsite assessments may be adopted as deemed appropriate for the achievement of the objectives of the assignment. NB: the duration of the assignment may vary based on the scope of the assignment but NITA-U reserves the right to determine the assignment scope and duration Reporting 1) Content As a minimum requirement, the report should contain the following: An acknowledged receipt of the engagement letter issued to the entity assessed in accordance with clause (3) above. 2) Language The report as well as any annexures thereto shall be written in the English language. 3) Submission/comments timing The draft report should be issued within 5 (five) working days from the 20 th day referred to under (2) above. Consultancy Services Framework Contracts Version P age

32 4) Number of report(s) copies A minimum of 3 reports spiral bound with appropriate stationery. 5.7 LOT 7: DRPD: IT Project Management Background National Information Technology Authority in Uganda (NITA-U) is mandated to enhance the infrastructure and capacity to deliver on IT projects and programs in government. In order to improve project delivery success rate, it is important that competent team of project managers and or companies with proven experience and skills in project management are identified and pre-qualified for future assignments as projects get initiated. Acquisition of qualified project Managers and or companies will support a standard way to manage critical business operational activities at NITA-U by offering critical Project management skills. The project managers and or companies required will be appointed on need basis to manage NITA-U projects in accordance with the approved IT project management methodology, best practices, guidelines and standards to ensure successful implementation of NITA-U programmes and /or projects in time, within budget and required quality Description of assignment 1) Global objective The global objective of this assignment is to identify, pre-qualify and develop an updatable database of qualified project managers and or project management companies who will be outsourced to manage NITA-U projects as and when required depending on the type, size, complexity or risk profile. 2) Specific objective(s) The assignment of acquired project managers and or companies will involve the following major tasks among others: i. Management of assigned projects from project planning phase, implementation until closure following NITA-U s IT Project Management Methodology Consultancy Services Framework Contracts Version Page

33 ii. Undertake the development of project (s) documentation iii. Undertake project quality assurance iv. Undertake Monitoring and Evaluation tasks v. Support contractors/suppliers in project risks management to ensure flawless execution of projects vi. Undertake IT project management capacity building and training. 2) Requested services A Consultant (Project Manager and or project management companies) assigned will be required to provide the service as per the scope of work that will be defined at the time of contracting. NITA-U will determine the scope of work to be outsourced. 3) Required outputs The assignment will always have clear deliverables that the consultant shall deliver Experts profile or Expertise required Consultants undertaking the above services shall meet the following minimum requirements No. Basic Requirement Minimum Standards 1. Person Qualifications 2. Person Experience - Bachelor s degree in IT, IS or related degree with a Postgraduate degree is an added advantage; - Project management training - Project Management Certifications such as PMP, Prince 2 will be an added advantage. - A minimum of Three years of working experience in ICT Project Management in a reputable Public or Private Organization In case of a company, the contracted firm shall provide detailed CVs of the team showing the qualifications and experience of key persons for the assignment. For each specialist proposed, curriculum vitae shall be provided, maximum length five pages, setting out relevant experience. Consultancy Services Framework Contracts Version P age

34 5.7.4 Location and duration The duration of assignment will be pegged to duration of the project and/or contract assigned Reporting The managers contracted shall submit to the National Information Technology Authority (NITA-U) all reports and documents in English in both soft and hard copies. a) Inception Report The firm / company/manager will provide upon award of the contract, the Inception report that will detail the methodology that will be utilized in the implementation of the project. The Inception report shall include the detailed Project Management Plan which among other issues will outline the Project Implementation Plan (PIP) with deliverables clearly spelt out with accompanying time lines, change control procedures, risk management plans, communication plans, and human resource plans etc. b) Project Progress Report: Comprehensive periodic progress reports as stated in the approved PMP. c) Final Completion Report The Final Completion Report will summarize all aspects of the assignment and will include a record of a summary of the deliverables, lessons learnt, difficulties encountered during execution of the assignment and the means employed to overcome them, assumptions, etc. d) Distribution of Reports Distribution of reports by project managers will be as stipulated in the approved Project Management Plan 5.8. LOT 8: DeG: Web Development Background National Information Authority Uganda has a mandate to advise government on all matters of information technology development, utilization, usability and accessibility. It is also mandated to promote and provide technical guidance for establishment of IT services to Government. Consultancy Services Framework Contracts Version Page

35 In line with her mandate, NITA-U has developed website and social media guidelines that will act as a control in improving online communication in government. The focus areas are web, social media, and telephony. We are to conduct several web evaluations on various Government of Uganda websites to determine those which fall below the minimum requirements. NITA-U invites expressions of Interest from consultants/consulting firms having a minimum of three years related experience and a proven track record in online communications and service delivery systems (web, social media, and telephony or mobile), who wish to carry out the design and development of government online communication systems Description of assignment a) Global objective The objective is to do an end to end online communication and service delivery consulting for government agencies on behalf of NITA-U b) Specific objective(s) The consultant(s) will be required to provide advisory and technical services to and on behalf of NITA U in relation to its mandate as the IT advisory and implementation arm of Government. The Directorate of egovernance provides IT Services to Ministries Departments and Agencies. The directorate would therefore like to engage suitable qualified professionals to provide the above services on behalf of NITA U. c) Required outputs The consultant shall submit a fully functional web solution / system report, and user manuals which shall include the following; i. Study the existing online communications system(s); validate the application and submission of reports with recommendations. ii. Test / audit and deploy the web solution, iii. Knowledge transfer to selected staff. iv. Submission of final reports. Consultancy Services Framework Contracts Version P age

36 5.8.3 Experts profile or Expertise required 3) The expected number of key personnel in the team is four. The team will consist of one team leader and three team members as a minimum. They should have experience in the complete life cycle of systems development (study, design, development, testing, implementation, training, troubleshooting and support, etc.) using various operating systems (like Linux, windows, UNIX) and tools and environments (like VB,.net, Oracle, Ms Access, Postgres etc.) 4) Profile per expert or expertise required: a. The Team Leader having Bachelor of Science computer Science, computer application, IT, as well as professional certification in creative design tools and project management skills are a prerequisite. b. The Team Member having Bachelors in computer Science, computer application, software engineering, IT, as well as professional certification in creative design tools, advanced programming skills and data base management Location and duration 3) The duration of this consultancy is 90 calendar days 4) The location(s) of assignment shall be as advised by NITA-U Reporting 5) The project Report should comprise of an Executive Summary, project implementation plan which should include, but not limited to, System development methodologies, software and specialized applications. 6) Unless otherwise stated, the reporting language shall be English. 7) A contact committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 6) Interviews for the Team leader and two of the team members may be required 7) In case of the need to subcontract, NITA-U shall review and approve of such arrangements 8) English shall be the language of communication for all legal documents 9) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 1) Management team member presence shall be required for briefing and/or debriefing. Consultancy Services Framework Contracts Version P age

37 5.9: LOT 9: DPRD: IT Standards and Frameworks Development Services Background As enshrined in the NITA-U Act 2009, Section 5(f), one of the core functions of NITA-U is to set, monitor, and regulate standards for information Technology planning, acquisition, implementation, delivery, support, organization, sustenance, disposal, risks management, data protection, security and contingency planning. NITA-U shall in performing above functions, consult and cooperate with other Institutions/organizations with functions related to, or having aims or objectives related to IT Standards development. Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U to delegate any of its functions under the Act to any organization. In light of the above, NITA-U is seeking suitable individuals, firms/companies to develop IT Standards, guidelines and frameworks. The successful individuals, firms/companies shall be contracted from time to time to undertake the specific assignments as and when need arises Description of assignment 1) Global objective The global objective of the assignment is to undertake the development of IT Standards, guidelines and frameworks for orderly development of the IT Industry in Uganda. 2) Specific objective(s) The specific objectives of the assignment shall include: i. To identify areas within the IT Sector that requires standardization ii. iii. iv. To develop and review IT standards in line with the ever changing environment as well as advancement in technology To develop guidelines for the implementation of the already gazetted IT Standards To build capacity of Government Institutions in the rollout and implementation of IT Standards. v. To develop Enterprise Architecture Framework/Blueprint for Government and the e-government Interoperability Framework Consultancy Services Framework Contracts Version Page

38 vi. vii. viii. 3) Scope of Work To disseminate and create awareness on IT Standards, Enterprise Architecture, e-government Interoperability and Accreditation and Certification Framework To lobby for active participation and involvement of all stakeholders as well as creating synergies in the development of IT Standards, Enterprise Architecture for Government and the e-government Interoperability Framework To establish collaboration in Accreditation and Certification, IT standards development, implementation and enforcement with other local, regional and international bodies. The successful individuals, firms/companies shall undertake the following tasks. Other areas identified through consultation and engagement with NITA-U management and key stakeholders shall be included as well: a) IT Standards development Services i. Identify and document priority areas for standardization within the IT Industry in Uganda ii. iii. iv. Benchmark and document internationally recognized best practices in the development, adoption, implementation and enforcement of IT Standards. Develop, review and update National and MDA IT standards in line with technology advancement in the IT Industry Develop implementation guidelines for the already adopted and gazetted IT Standards v. To develop, implement and maintain a framework, model, process and tools for the vi. vii. development of National IT Standards, Procedures and Guidelines for IT service delivery domains. Conduct capacity building for key stakeholders in the development and implementation of IT standards. Create stakeholder awareness as well as conduct sensitize stakeholders on the adoption, implementation and enforcement of IT Standards. Consultancy Services Framework Contracts Version P age

39 b) Framework development Services viii. To develop an Enterprise Architecture Framework/Blueprint for Government including its implementation and rollout plan. ix. Develop an E-Government Interoperability Framework including its implementation and rollout plan. x. Develop strategy and plans for implementation of the Accreditation and Certification Framework for IT Service Providers, IT Products, IT Training and IT Professionals xi. Develop Framework for enforcement and monitoring compliance to both National and MDA IT Standards xii. Develop framework for advocacy and dissemination of National and MDA IT Standards, Enterprise Architecture blueprint for Government, e-government Interoperability Framework and the Accreditation and Certification Framework xiii. Develop Framework for capacity building in the development, implementation and enforcement of IT Standards as well as Enterprise Architecture Blueprint for Government, e-government interoperability Framework and Accreditation and Certification Framework xiv. Create stakeholder awareness and sensitization on the Enterprise Architecture Framework/Blueprint for Government and on the e-government Interoperability Framework xv. Build capacity of key stakeholders in the implementation and rollout of the Enterprise Architecture Blueprint and the e-government Interoperability Framework 4) Required Outputs The following are the desired outputs of the assignment: i. Inception Report detailing the methodology and timelines for the task areas ii. Documented list of priority areas for standardization within the IT Industry in Uganda iii. National and MDA IT Standards and guidelines as agreed upon. iv. Framework, model, process and tools for the development of National and MDAIT Standards Consultancy Services Framework Contracts Version Page

40 v. An Enterprise Architecture Framework/Blueprint for Government vi. An E-Government Interoperability Framework vii. Framework for advocacy and dissemination of IT standards, Enterprise Architecture, E- Government Interoperability and Accreditation and Certification Framework viii. Strategy and Plans for implementation of the Accreditation and Certification Framework ix. Framework for Capacity building in the development and rollout of IT Standards, Enterprise Architecture for Government, e-government Interoperability and Accreditation and Certification framework x. Framework for collaboration with local, regional and internationals standards, Accreditation and Certification bodies in the development and implementation of IT standards Experts profile or Expertise required 1) The expected number of key personnel in the team is Five (5). The team will consist of one team leader and three (3) ICT Experts/Specialists and one (1) Legal Advisor/Officer as a minimum. 2) Profile per expert or expertise required: a) A Team Leader i. The team leader shall possess a Bachelor s Degree in Computer Science or Information Technology/Telecommunications/Electrical Engineering or a related relevant qualification with proven additional training in planning, implementation, monitoring and evaluation of IT Projects and programmes ii. iii. Possess Industry Certifications in IT Service Management, IT Governance, IT Security ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.) At least 5 years experience working in the ICT field, with particular verifiable experience in: - Developing and implementing Policies, Standards & Guidelines, Frameworks, Architectures and Strategies for ICT/IT, Management Information Systems, etc. at organizational, national and regional levels Consultancy Services Framework Contracts Version P age

41 - Linking ICT to overall National and Regional Development plans - Working knowledge of Government and IT Sector procedures and processes. - Negotiation and conflict resolution skills - Report writing b) Three (3) ICT Experts/Specialists i. The three (3) ICT Experts/Specialist shall each possess a Bachelor s Degree in Computer Science or Information Technology/Telecommunications/Electrical Engineering or a related relevant qualification with proven additional training in planning, implementation, monitoring and evaluation of IT Projects and programmes. ii. Possess Industry Certifications in IT Service Management, IT Governance, IT Security (ISO 20000, ITIL, CGEIT, CISSP, CISM, CISA, PMP etc.) iii. At least 3 years experience working in the ICT field, with particular verifiable experience and expertise in: - Developing and implementing Policies, Standards & Guidelines, Frameworks, Architectures and Strategies for ICT/IT, Management Information Systems, etc. at organizational, national and regional levels - Linking ICT to overall National and Regional Development plans - Working knowledge of Government and IT Sector procedures and processes. - Negotiation and conflict resolution skills - Report writing c) Legal Advisor/Officer The Legal Service Officer shall possess the following minimum qualification and skills: i. Bachelor Degree in Law with a diploma in legal Practice ii. iii. Postgraduate qualification in law or business administration A minimum of 3 years experience in legal practice or corporate legal services and verifiable knowledge in the following: - Accreditation & Certification of Training Institutions, Professionals, Service providers and Products Consultancy Services Framework Contracts Version P age

42 - Implementation of legal and policy frameworks and policies to support governance of IT delivery in the public and private sector. - Excellent Knowledge of Contract, Commercial, Corporate Law and business acumen - National legal and policy framework for IT Service level Management iv. Knowledge of the Ugandan Cyber Laws will be an added advantage. v. Negotiation and conflict resolution skills vi. Report Writing Location and duration 5) The duration of this consultancy is 60 calendar days 6) The location (s) of assignment shall be as advised by NITA-U Reporting 8) The Progress Reports for each task should comprise of an Executive Summary, Findings and Recommendations to guide NITA-U Management especially where administrative decisions have to be made. 9) Unless otherwise stated, the reporting language shall be English. 10) Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA- U. 11) A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 10) Interviews for the Team leader and the four (4) of the team members may be required 11) In case of the need to subcontract, NITA-U shall review and approve of such arrangements 12) English shall be the language of communication for all legal documents 13) For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 14) Management team member presence shall be required for briefing and/or debriefing. Consultancy Services Framework Contracts Version P age

43 5.10: LOT 10: PDRP: IT Training and Capacity Building Services Background Information and Communication Technology (ICT) is a key enabler in the enhancement of Government services. An ICT-literate population, encompassing the necessary skills, will enable the realization of ICT s benefits and foster increased levels of service efficiency while contributing positively to the economy. The government of Uganda has identified ICTs as one of the rapidly growing areas that have the potential to leap-frog the nation to benefit from the globalized economy and has invested in initiatives to promote its development, however there is no programme in place to enhance and equip the users with skills to utilize ICTs and reap their benefits.. National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology Authority, Uganda Act of 2009) and was operationalized in The authority was charged with an overall mandate to coordinate, promote and monitor the development of Information Technology (IT) in the context of social and economic development of Uganda. In order to fulfill its mandate NITA-U seeks to develop, implement and maintain a National IT Capacity building, Training and awareness framework, policy and strategy. In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide IT Training and Capacity Building Services. The successful individuals, firms/companies shall be contracted from time to time to undertake the specific assignments as and when need arises Description of assignment 1) Global objective The main objective this consultancy is expected to establish the National ICT capacity targets which will enable systems, organizations and the actors therein to function more effectively 2) Specific objective(s) The specific objectives include i. To review the current situation and establish goals of the stakeholders and identify their required ICT skills, competences, knowledge and training needs. ii. To map the existing and available ICT skills, competences and knowledge. To availability of required training courses. iii. To identify the gaps between the current and required ICT skills and competences and provide a roadmap on how these gaps could be filled Consultancy Services Framework Contracts Version P age

44 iv. To deliver Training Programmes that can address the identified gaps 3) Requested services/scope of work The Consult will be required to provide the following services i. Undertake a capacity building needs assessment and strategy development ii. Undertake Training Needs Analysis/ Skills Gap Analysis iii. Develop an Action Plan iv. Develop required Training Content and Training Plan v. Deliver Training Programmes vi. Design and develop a Training Needs Analysis and Skills Gap Analysis Monitoring and Evaluation Framework; vii. Identify Volume of ICT skills Demand, occupational categories that are in demand as well as accompanying trends viii. Identify supply base trends and suitability of current IT Curriculum of IT and Computing Programmes ix. Clarification of competencies - both technical and non-technical that are required for the present and in future at varying levels in all sectors of the ICT industry x. Designing E-learning Content xi. Undertaking Instructional Design for e-learning modules 4) Required outputs The deliverables for the assignment include i. A Capacity Building Needs Assessment Report/ Training Needs Analysis Report/ Skills Gap Analysis Report ii. A Capacity Building Action Plan/ Training Action Plan/ Training Programme iii. Capacity Building/ A Training Needs and skills Analysis reporting and monitoring & Evaluation Framework iv. Customized Operational e-learning Platform v. E-learning Content Experts profile or Expertise required 1) The expected number of key personnel in the team is Three (5). The team will consist of one team leader and three (1) ICT Experts/Specialist Surveys/ Needs Assessment Expert, (2) Trainers, (1) E-learning Specialist 2) Profile per expert or expertise required: a) Lead Expert Consultancy Services Framework Contracts Version P age

45 i. Bachelor s degree in Computer Science, Information Technology, Information Systems ii. iii. iv. or related area Professional qualifications in Capacity Building, Training or related area; A Postgraduate degree in Computer Science, Information Technology, Information Systems or related area Experience in project and programme implementation; v. At least 5 years experience at a senior level in the area of institutional strengthening/capacity building in the public sector vi. Demonstrated experience in capacity/training needs assessment and implementation of training programmes vii. Proven capacity to provide technical advice to and able to win confidence/trust of senior government officials and other stakeholders viii. Fluency in English, both spoken and written. b) ICT Expert (i) Should have a Post graduate Degree in any ICT related field (ii) In depth knowledge and understanding of ICT and Capacity Building issues and relevant work experience (iii) Experience in project and programme implementation (iv) Experience in Survey Design and Methodology (v) Knowledge of the government institutions (vi) Minimum of 5 years of experience in institutional organization and business management in complex environments, previous experience with capacity Building Needs Assessment would be an asset. c) Surveys/ Needs Assessment Expert i. Bachelor s Degree in Statistics OR Bachelor of Science (Statistics and Economics) and any closely related qualification. ii. Should have a Post Graduate Degree in Statistics, Demography or ICT related field; iii. In depth knowledge and understanding of survey design and methodologies iv. Experience in project and programme implementation; v. Knowledge of the government institutions; vi. Knowledge of capacity building instruments and methods vii. At least 5 years of working experience in survey related work including questionnaire design and elaboration of survey methodologies, experience in strategic processes planning, in project management, drafting reports, working with Government institutions. Consultancy Services Framework Contracts Version Page

46 viii. Ability to analyze, plan, communicate effectively orally and in writing, draft report, solve problems, organize and meet expected results, adapt to different environments (cultural, economic, political and social. b) E-learning Specialist i. Has a Bachelor s degree in a Degree in Education and a Postgraduate Qualification in IT or related field. ii. Has experience in authoring /programming and is able to develop the functionality and design the graphical components of an e-learning module using an authoring program and/or web development tools. iii. Has skills and knowledge in e-learning technology is able to configure/set up/update a learning management system (LMS), software required for synchronous or asynchronous communication, and any other software or tools required for the learning environment. iv. Competent in Instructional Design v. Is knowledgeable about the latest developments in e-learning technology and trends and how these can benefit the organization. c) Trainer Each trainer should have i. A Bachelor s degree in any ICT related field ii. Professional qualifications in Capacity Building, Training or related area iii. Has Demonstrated experience in a. Learning and development Management b. Learning and Development Assessment c. Learning Design and development d. Learning Delivery e. Teaching and Subject Formation Location and duration 1. The duration of this consultancy will be determined by the nature of the assignment 2. The location (s) of assignment shall be as advised by NITA-U Reporting 1. The Progress Reports for each task should comprise of an Executive Summary, Findings and Recommendations to guide NITA-U Management especially where administrative decisions have to be made. Consultancy Services Framework Contracts Version P age

47 2. Unless otherwise stated, the reporting language shall be English. 3. Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-U. 4. A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 1. Interviews for the Team leader and the four (4) of the team members may be required 2. In case of the need to subcontract, NITA-U shall review and approve of such arrangements 3. English shall be the language of communication for all legal documents 4. For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 5. Management team member presence shall be required for briefing and/or debriefing 5.11: Lot 11: PDRP: Project Quality Assurance / Monitoring & Evaluation Background National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology Authority, Uganda Act of 2009) and was operationalized in The authority was charged with an overall mandate to coordinate, promote and monitor the development of Information Technology (IT) in the context of social and economic development of Uganda. NITA-U is mandated to co-ordinate, supervise and monitor the utilization of information technology in the public and private sectors. In performing above function, NITA-U shall consult and cooperate with other Institutions/organizations with functions related to, or having aims or objectives related to project quality assurance / monitoring & evaluation services. Section 32(2) of the NITA-U Act 2009 (Relationship with other Organization) mandates NITA-U to delegate any of its functions under the Act to any organization.. In light of the above, NITA-U is seeking suitable individuals, firms/companies to project quality assurance / monitoring & evaluation services. The successful individuals, firms/companies shall be contracted from time to time to undertake the specific assignments as and when need arises Consultancy Services Framework Contracts Version P age

48 Description of assignment 1) Global objective The main objective this consultancy is to assess the progress and impact of projects/initiatives, activities in fulfilling the set objectives through the planned activities; to assess the efficiency and effectiveness with which resources have been used to generate results and achieve project objectives with special emphasis on impact and sustainability and determine achievements and challenges encountered in the implementation in order to influence policy decisions regarding the development IT in the country. The focus will be on measuring achievements against the benchmark (baseline data), assessing whether the envisaged outputs have been achieved and the contribution of the projects towards the overall objective. 2) Specific objective(s) The specific objectives include v. To analyze and interpret qualitative and quantitative data to gauge project/ Initiative/ activity impact; vi. To monitor and evaluate the progress of the Project/ Initiative/ Activity on the basis of indicators set out in the Project (if there are no indicators the consultant will develop indicators) vii. To develop a monitoring and evaluation system and documentation required for evaluation of Projects/Initiatives/Activities in line with best international practices, including data collection (questionnaires, interviews as applicable), analysis, and interpretation of findings viii. To establish procedures and data collection system and analyses tools for long term impact evaluation of Projects/Initiatives/Activities ix. To prepare detailed monitoring and evaluation manuals, x. To conduct training of the selected staff in M&E to ensure that long-term capacity is established in the NITA-U to monitor existing and future Projects/Initiatives/Activities, xi. To produce interim and final M&E reports (which describe established monitoring mechanisms and results of evaluation process). xii. To undertake efficient and effective reporting on activities, accomplishments, and results 3) Requested services/scope of work The Consult will be required to provide the following services xii. Determine the extent to which the project outputs have been achieved taking into account the indicators given in the project document. Consultancy Services Framework Contracts Version P age

49 xiii. Develop indicators in cases where they are lacking to be used in assessing the achievements of the project so far. xiv. Prepare Quality assurance and action plans. xv. Prepare activity based project monitoring and Evaluation plans xvi. A review of the annual work plans, progress reports, mission reports and mid-term evaluation report for the projects/initiatives or activities; xvii. Field visits to assess actual progress made in the implementation of various activities. xviii. Evaluate the level of contribution of the outputs towards the achievement of the expected project objectives, goal and impact. xix. Assess the relevance, effectiveness, and efficiency of interventions as well as, the sustainability of the results, and the degree of satisfaction of the beneficiaries. xx. Critically review the roles and responsibilities played by the various players and stakeholders in project implementation. The review of the roles and responsibilities should be linked to institutional mechanisms and implementation arrangements that were put in place to facilitate the delivery of NITA-U objectives. The review should also identify quality assurance measures put in place for NITA-U to effectively and efficiently implement the project. xxi. Identify major external factors that influenced or impacted on the implementation of the project and evaluate their implication on future interventions. xxii. Highlight lessons or good practices learned from the project and make recommendations for future policies/strategies. 4) Required outputs The deliverables for the assignment include vi. vii. viii. A Quality Assurance Plan for projects/initiatives or activities A monitoring and evaluation system will all documentation required for evaluation of Projects/Initiatives/Activities in line with best international practices. Procedures for data collection system and analysis for long term impact evaluation of Projects/Initiatives/Activities Experts profile or Expertise required 1) The expected number of key personnel in the team is four (4). The team will consist of one (1) lead M&E expert, one (1) analyst and two (2) monitoring and evaluation officers 2) Profile per expert or expertise required: a) Lead M&E Expert ix. Master s degree in economics/statistics or in any related field in social/economic sciences. Consultancy Services Framework Contracts Version P age

50 x. At least 5 years working experience in M&E related issues and/ development context. xi. Experience in project and programme implementation xii. At least 5 years experience at a senior level in the area of policy, planning and management in the public sector xiii. Good management and co-ordination skills, and experience on technical project implementation Proven capacity to provide technical advice to and able to win confidence/trust of senior government officials and other stakeholders xiv. Expert knowledge of programme design (mainly log frame) or similar frameworks for monitoring and evaluation. xv. Excellent organizational and time management skills required to meet deadlines. xvi. Competence in managing and implementing Information Technology (IT) projects. b) Data Analyst i. The applicant must have as minimum a degree in statistics/quantitative economics and should be comfortable with numbers and basic statistics coupled with the ability to communicate findings and recommendations in conversational business formats. ii. Knowledge of database management and statistical software programs including but not limited to Microsoft Access, Excel, and SPSS understanding of basic multivariate analysis like correlation, regression iii. Knowledge of the sources of data and methods of obtaining data iv. Strong analytical skills including analysis of both quantitative and qualitative data. v. Experience in project and programme implementation vi. Experience in Survey Design and Methodology and Data collection vii. Knowledge of the government institutions viii. Minimum of 5 years of experience in institutional organization and business management in complex environments, previous experience with capacity Building Needs Assessment would be an asset. c) Monitoring and evaluation officers i. The applicants must have as minimum a degree in statistics, Quantitative economics, social / economic sciences or related field and should be comfortable with numbers and basic statistics coupled with the ability to communicate findings and recommendations ii. Formal training in monitoring and evaluation will be an added advantage iii. Excellent written communication skills iv. At least 2 years of experience in activities and/or projects that involved working in the ICT field v. High degree of competence with MS Office applications: Word, Excel, PowerPoint, Outlook. Consultancy Services Framework Contracts Version P age

51 vi. Knowledge of the sources of data and methods of obtaining data Location and duration 3. The duration of this consultancy will be determined by the nature of the assignment 4. The location (s) of assignment shall be as advised by NITA-U Reporting 5. The Progress Reports for each task should comprise of an Executive Summary, Findings and Recommendations to guide NITA-U Management especially where administrative decisions have to be made. 6. Unless otherwise stated, the reporting language shall be English. 7. Weekly activity reports, tasks to be performed and travel schedule to be submitted to NITA-U. 8. A committee shall be setup to review the progress on completion of the entire work at different stages or as and when necessary Administrative information 6. Interviews for the Team leader, Data analyst and two (2) of the team members may be required 7. In case of the need to subcontract, NITA-U shall review and approve of such arrangements 8. English shall be the language of communication for all legal documents 9. For each assignment, a proposal shall be submitted that must contain a brief and clear methodology to be used to accomplish the assignment at hand 10. Management team member presence shall be required for briefing and/or debriefing 5.12: LOT 12: DeG: Business Analysis and Design Background NITA-U is mandated to promote and provide technical guidance for the establishment of e- Government, e-commerce and other e-transactions in Uganda. In order to effectively establish e-government systems in institutions, there is need to understand specific organizational challenges and needs so as to propose appropriate solutions for effective delivery of services to citizens using e-government Description of assignment 1) Global objective Consultancy Services Framework Contracts Version P age

52 The consultant(s) will be required to provide advisory services in Business analysis for an Institution to and on behalf of NITA U in relation to its mandate as the IT advisory and implementation arm of Government. The Objective is helping institutions implement technology solutions in a cost-effective way by determining the requirements/business need for a project or program, and communicating them clearly too all stakeholders, facilitators and partners. 2) Specific objective(s) The consultant(s) will be required to conduct the following specific objectives 1. To lead government institutions through the development of ICT business cases and obtains approval of senior management to proceed through the ICT investment process. 2. To Lead cross-functional business process re-engineering teams and continuous improvement efforts. Identifies opportunities for process improvement and makes recommendations to MDAs, including changes to job functions, elimination and /or creation of positions etc. 3. To develop technical solutions to government institutions by defining, analyzing and documenting requirements, managing requirements at the project level to fulfilling business needs. 4. To document /design business processes using relevant modeling techniques such as Use Case, Swim-lane, and Data Flow Diagramming; 5. To analyse processes to recommend fundamental process improvements to management which exploit technology components, eliminate redundant tasks, and/or minimize duplicationof effort; 6. To evaluate potential software solutions, including off-the-shelf and open source components, and the system architecture to ensure that they meet business requirements; ensuring alignment with architectural and technical standards; 7. Responsible to create of an accurate business requirements document and obtaining stakeholder and senior management s approval; 8. To perform analysis and facilitates stakeholder consensus to create documented, agreed upon functional and non-functional business requirements and specifications 9. To analyse proposed Project Change Requests for impacts on documented Business Requirements and projected Business Benefits defined in the Business Case; 10. To develop or supports the development of training material; 11. To support development of procurement documents such as TORs, project proposals and technical requirements 3) Requested services The Consult will be required to provide the following services. Conducts business requirements gathering in government institutions Conduct business process reengineering in government institutions Develops business proposals/business cases for the institutions based on the business needs and what solutions are recommended. Consultancy Services Framework Contracts Version P age

53 Provide timely reports to NITA-U on the results from requirements gathering and needs assessments. Where required, conduct follow up on project implementation to ensure the business case objectives are aligned. 4) Required outputs It is expected that following the engagement of the consultant for a specific assignment, the following should be the outputs. Business requirements gathering and needs assessment report for respective institutions as assigned by NITA-U. Business proposals/business cases and technical solution proposals for respective institutions Process re-engineering action plan for respective institutions Terms of reference for the specified solutions for procurement purposes based on the business need Timely follow up reviews requested by NITA-U Experts profile or Expertise required 1) Number of requested experts per category and number of man-days per expert or per category Category: Business Analyst. Number of required experts: 2 (two) expert Number of man-days per expert: 20 working days 2) Profile per expert or expertise required: a. Category and duration of equivalent experience Demonstrated knowledge of business analysis process At least 4 (four) years experience in business analysis work in the IT environment and evidence of a minimum of 5 assignments successfully completed for a large organization or Government. Consultancy Services Framework Contracts Version P age

54 b. Education Masters of Business Administration Undergraduate degree in Information Technology or Business Computing a suitable combination of a degree with Business Analysis training and experience; The following levels of education or certification would be considered an asset: o Certification in Business Analysis o ITIL Certification c. Experience Evidence of similar assignments undertaken and successfully completed for a minimum 4 (four) large organizations or Government departments d. Language skills Proficiency in the English language Consultant minimum requirement are as follows; Excellent knowledge of the Business analysis process Sufficient technical expertise in IT, project management and conducting business needs assessments. Excellent report writing skills Location and duration 1) Starting period As may be required and determined by demand from government institutions. 2) Foreseen finishing period or duration Each assignment should last no later than 30 working days. 3) Planning including the period for notification for placement of the staff No less than 10 working days before commencement of an assignment. 4) Location(s) of assignment Consultancy Services Framework Contracts Version Page

55 The assignments will be conducted onsite at the premises of the institutions being analyzed. However, a combination of onsite and offsite assessments may be adopted as deemed appropriate for the achievement of the objectives of the assignment. NB: the duration of the assignment may vary based on the scope of the assignment but NITA-U reserves the right to determine the assignment scope and duration Reporting On the basis of reporting, the consultant should closely work under the guidance of the Senior Business Analyst in the department of Strategy and Business development, who is responsible for planning, executing and monitoring the assignment as per the contract agreement with NITA-U 1) Content The consultant will produce the documents and Reports in both electronic and hard copy formats, as Microsoft Word documents, and submit them to the NITA- U. The nature of the reports shall include; a) Inception report that should outline the details of the approach, methodology, work plan (including budget) and the timeline for all the activities in assignment. b) Periodic report on project progress and budget exhaustion. (Daily/Weekly/Monthly) c) Final report as per indicated in the approved timelines. 2) Language The reports/documents as well as any annexures thereto shall be written in the English language. 3) Submission/comments timing The draft reports/documents should be issued based on the timelines agreed during inception of the assignment. 4) Number of report(s) copies A minimum of 2 reports/documents spiral bound with appropriate stationery. Consultancy Services Framework Contracts Version P age

56 5.13: LOT 13: DFA: Financial Management and Accounting Services Background National Information Technology Authority (NITA-U) was established by the Act of Parliament (National Information Technology Authority, Uganda Act of 2009) and was operationalized in The authority was charged with an overall mandate to coordinate, promote and monitor the development of Information Technology (IT) in the context of social and economic development of Uganda. In order to fulfill its mandate the Directorate of Finance and Administration plays a role of support function to all other Directorates. The Directorate mainly plays a critical but supportive role to the other directorates in the delivery of the NITA-U mandate and strategic objectives. These are some of the activities undertaken: o In house run and maintain approaches, o Insourcing using inter departmental technical teams, o Independent private consultancies and, o Outright acquisitions especially for equipment and supplies. In light of the above, NITA-U is seeking suitable individuals, firms/companies to provide Financial Management, Accounting and advisory Services. The successful individuals, firms/companies shall be contracted from time to time to undertake the specific assignments as and when need arises. NITA-U is looking for a consultant/firm to support the Finance and Accounts department Description of Assignment 1. Global Objective The global objective of the assignment is to develop and implement an effective Financial Management & Accounting Systems and Tools, Policies and Procedures for optimal sourcing and application of NITA-U Resources. 2) Specific Objective(s) The specific objectives of the assignment shall include a) The Consultant will be responsible for assisting in fulfilling all aspects of project, Government of Uganda accounting and financial reporting including advise on maintaining proper books of accounts on the computerized accounting system, advise on managing all bank accounts and petty cash transactions and advice on ensuring the reimbursement requests are reviewed and processed on a timely basis for eligible expenditures, timely Consultancy Services Framework Contracts Version P age

57 submission of withdrawal application for replenishment from the Bank of Uganda, advice on safeguard of NITA s assets, advice on both internal and external audits of the Authority. b) Use the NITA s Standard Operating Procedures (SOP) and FMM as the financial framework to update the Financial Management Manual for the specific needs of NITA-U. c) Strengthen the financial management capacity and provide oversight, monitoring and supervision of financial management team; and establish a safeguard mechanism for NITA s assets d) Advice and work closely with NITA s management team on annual budget preparation. e) Cash flow forecasting for NITA-U and its business projects at large. f) Installation of the Computerized Accounting package and Billing systems, training of Finance staff on how to use and support services after installation Scope of Service The financial consultant shall provide advice and assistance to NITA-U Executive management, projects and staff. This shall include but not limited to advice on preparing monthly management accounts and prepare financial planning and budgets, financial and management reporting, including reports for the Board, financial partners and the stakeholders. Responsibilities The Financial Consultant s duties and responsibilities will include, but not limited to: a) Participate to the implementation of Operational. midterm review recommendation to improve the financial management system of NITA and adopting best international accounting standards, and the recommendation of External auditors and review b) Contribute to design financial reporting formats that provide analysis and financial performance indicators, c) Assess the staff capacity of NITA s Finance Team, and recommend strategic steps for capacity building that will enable the team to carry out its mandates, roles and responsibilities. d) Provide class-room and on-job trainings to assist NITA-U Finance Team in establishment and management of the Financial Management Mechanism including the use of an accounting system and preparation of financial reports. e) Assist the management in ensuring that all expenditures are authorized in accordance with established financial procedures, with proper supporting documentation and are recorded in the computerized accounting system, and maintenance of supporting documentation in proper order and form for the project and Government of Uganda expenditures. f) Assist in preparation of annual work plan and budget, disbursement projection and subsequent monitoring which include analysis and comment of variance. And coordinate with others stakeholders. h) Ensure that all financial reports are prepared and submitted to relevant authorities in a timely manner Consultancy Services Framework Contracts Version P age

58 i) In collaboration with other staff, review and improve the accounting system to meet stakeholders requirements j) Liaise with internal and external auditors on audit queries and advice accordingly. k) Provide monitoring tools of physical achievements against expenditure and, l) Perform other related duties as required Reporting and Duration The Financial Consultant will report to the Director Finance and Administration. The services are expected to continue through approximately 12 months, with possible extension based on the annual performance review and on the project work programs and based on funding. The progress Reports would be produced which include the Executive summary, findings and recommendations to guide NITA-U especially where admistrative decisions have to be made Location The Consultant will be based at NITA-U offices based at Palm Courts, Plot 7A Rotary Avenue (Lugogo By pass Kampala Knowledge and Skills The candidate/firm must have proficient knowledge in the following areas: Financial analysis Budgeting and budget analysis Mentoring and coaching Cash flow forecasting techniques. Financial performance review techniques Understanding of Government accounting Research and program development skills Computer skills with ability to use advanced spreadsheets and word programs Ability to work individually and provide training as above requirement Demonstrated ability to consult and work cooperatively with others. Effective communication skills with the ability to prepare reports, proposals, policies and procedures Must demonstrate sound work ethics and maintain standards of conduct Qualifications Minimum: Masters degree in Finance, Finance management,bussiness administration, or related field At least 5 years of work experiences in financial management, financial control, audit or public or private institutions as a financial controller. Advanced knowledge of Government Accounting Software Full Membership of Internationally Recognized Professional Accounting Body (ACCA, CPA,CIMA,CA) Consultancy Services Framework Contracts Version P age

59 Post Graduate qualification in a relevant field will be an added advantage. Practising Certificate of Accountancy from the Institute of Certified Public Accountants Uganda(ICPAU) Consultancy Services Framework Contracts Version P age