WWF Tanzania Country
REQUEST FOR PROPOSAL (RFP)
CONSULTANCY FOR INFORMATION & TECHNOLOGY SYSTEM HEALTH CHECK
WWF Tanzania Country Office (WWF TCO) is a Non-Government Organization dealing with environmental protection in Tanzania since 1990 and it has supported the Government at Tanzania in implementing various projects on Marine. Forest, Fresh Water. Energy and Wildlife. WWF global mission is to stop the degradation of the planet’s natural environment and to build a future in which humans live in harmony with nature, by:
· conserving the world’s biological diversity;
· ensuring that the use of renewable natural resources is sustainable and
· promoting the reduction of pollution and wasteful consumption
information and Technology is one of the core functions under Operations department This unit develops. maintains and implements information technology strategies, by researching and implementing technological strategic solutions to support across depaItments, projects and programmes. IT function develops IT Security policies and controls to address and optimize the implementation of information technology infrastructure, systems, and services while complying with the rules and regulations of the organization. Having effective and reliable Information technology systems, there are controls and infrastructures which facilitate the business continuity for secure and easy of information sharing while meeting organizational goals.
From the 2015-2020 Country Strategic Plan, the main objective of the unit is to ensure that By 2020, WWF Tanzania has ICT policies, procedures, infrastructures and systems in place that provide security to organizational data for delivery of conservation goals. The objective aims to:
· Define the technical direction and framework for developments of infrastructure, administrative & applications that involve use of information technology .
· Define lT policies, principles and standards that permit data sharing, knowledge management, integration and devolvement of systems that will lead to efficient and coherent working.
· Cover Issues such as lCT security and disaster recovery through iT risk management and Information security I
· Acquire effective and efficient IT infrastructures and systems that will support WWF programs to achieve its goals.
· Have a centralized system with a centralized database driven application hosted at head-office that requires internet connectivity for accessibility.
The information system is valued an essential part of WWF Tanzania’s internal control systems. This does not merely record business transactions. but actually drives the key business processes and policies. In such a scenario, senior management remains concerned about information systems. The purpose of Information and Technology Systems health Check is to review and provide feedback, assurances and suggestions on the overall lT Systems and procedures.
Objective
WWF Tanzania believes that information systems health check is part of the overall IT situation analysis process, to ensure control maximization and risk mitigation. It seeks an independent and objective assurance to determine whether the information systems, related resources and the environment adequately safeguard assets, maintain data and system integrity; provide relevant and reliable information; achieve organizational or information system goals and consume resources efficiently, and have internal controls that provide reasonable assurance that operational and control objectives will be met, undesired events will be prevented or detected & rectified in a timely manner.
Scope of work
The information system at WWF Tanzania Country Office has different functions and activities coupled with a number of computer installations at different geographical locations. There are risks inherent to information systems which may impact the information system in different ways, The Consultant is required to provide assurance on technology infrastructure , application and associated internal control framework by assessing computerized information system’s functionality, efficiency and security through risk assessment. internal control evaluation and detailed testing of associated data.
The Consultant is expected to adopt a risk-based approach to making a health check plan. The major elements of a consultant can be broadly classified:
· Report Validation To provide assurance that the systems which used to provide reports at the system is working according to the specification, are error free and can be trusted e.g back up system report produced by the system, etc.
· Application software review To provide assurance whether the financial and operational applications meet the current and future needs of the organization. These business applications include Oracle System. Procurement System, Asset Management System. Human Resource and Payroll Management System. M&E System. C26 System, Docub‘lgn, Panda Pay and Basecamp platforms. accounting application etc. The Consultant must access control and authorizations, business pmoess ilows within the application software and complementary controls (enterprise level, general, application and specialist IT control) and procedures and validation of reports (both operational and financial) generated from the system.
· Network security review To provide assurance that the database and the web server system is fully secure and is corresponding to the controls objectives of control system. Review oi internal and external connections to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion detection are some typical areas of coverage.
· Data integrity review To provide assurance that the database design and structure provides the best possible design for the organizational needs and corresponding application and future integration needs. The purpose is scrutiny of live data to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews.
· Business continuity review includes existence and maintenance of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaster recovery/business continuity plan, effectiveness of disaster recovery plan, as well as ensuring existence of well-defined Information and Technology manual and its compliance thereon.
In line with the above, the Consultant is required to perform gap analysis of the business requirements and current functions available Systems in IT applications. Validation of business system controls in the IT applications, covering documentation, input and output controls, processing controls, and most importantly, the accuracy of system generated reports is also required to done. In addition the Consultant must analyse business process risks and controls based on an understanding of planned or implemented controls and identified control gaps.
Deliverablee
· At the end of consultancy, the Consultant is required to submit a report containing \ detailed observations on aforementioned areas as well as suggested areas during preliminary meetings with the management.
· In addition, a detailed roadmap/ recommendations for improvements in risk areas identified are also required.
Tlmeframe
The IT Health check assignment is expected to be completed within 1 month.
Skills required The organization seeks services of an individual or Institution which can conduct this work In a professional manner and international standards.
· The consultant Is expected to have at least three years of work experience in IT Audit
· A Bachelor’s or Master Degree In Computer Science, Informational Technology or related fields. Certification in CCNE (Cisco Certified Network Engineer), MCSE (Microsoft Certified Systems Engineer) is desirable but not a requirement.
· Five or more relevant experience implementation of IT Strategies, management of IT services, hardware and software platforms, telecommunication facilities and knowledge of Windows-based applications
· Analytical knowledge of the following; SAS, SQL, Oracle, Linux operating systems, Identity and Access
Management tools, and Visual Basic
· Professional certifications: CISSP. CISA, or Linux Administrator
Please, send request for ToR and all enquiries to [email protected] and or visit us at; Kiko Street, Mikocheni Off Mwai Kibaki Road Plot 252, P. O. Box 63117, Dar es Salaam, Tanzania Tel: +255 22 277 5346/27? 2455/270 0077 Fax: +255 22 277 5535; website. www.panda.org
Registered, eligible and reputable. firms, institutions and individuals are advised to submit both technical and financial proposals lor this assignment. The technical proposal should clearly indicate the individual institution’s team’s experience on SIMILAR assignment relevant to the subject matter.
Deadline for submission: Applications should be a concise full combined technical & financial proposals fully signed, highlighting company profile, concrete evidences of experiences on similar works, the proposed approach and methodologies, work schedule and timings of the process. Team We should also be attached. Also apart from one pager application letter Financial proposal should clearly specifying time and other expenses both direct and reimbursable, these include unit costs on professional tees and the eligible taxes; kindly submit your applications as Instructed by Friday, 19th November 2019 at 17.00hrs Tanzania local time. Only successful applicant will be contacted.
Evaluation 01 the consultancy applications will be done based on WWF procurement guidelines and that WWF Tanzania is not bound to accept any lowest or highest proposal/bid
