Common Market for Eastern and Southern Africa, COMESA,African Solidarity Fund (FSA),African Union
04-12-2025
Work Detail
Tenders are invited for Provision of Vulnerability Assessment & Penetration Testing (VAPT) and Data Protection Impact Assessment (DPIA) Services. Location: Kigali Deadline: Thursday, 04/12/2025 15:30 1. Background Prime Life Insurance Ltd and Prime Insurance Ltd (hereinafter referred to as the Companies) are regulated financial institutions operating under the laws of the Republic of Rwanda. In line with regulatory requirements, cybersecurity best practices, and data protection obligations, the Companies invite eligible and qualified bidders to submit proposals under this Open Tender for the provision of one (1) Vulnerability Assessment & Penetration Testing (VAPT) and one (1) Data Protection Impact Assessment (DPIA). This engagement is in compliance with: National Bank of Rwanda (BNR) Cybersecurity Regulation Rwanda Data Protection and Privacy Law (Law No. 058/2021) ISO/IEC 27001, 27005 PRIME IT Policies 2. Scope of Services The successful bidder shall provide the following professional services: 2.1 Vulnerability Assessment & Penetration Testing (VAPT) One (1) Engagement External and internal network vulnerability assessment Web application security testing Server, database, and perimeter security testing Manual and automated penetration testing Risk rating and exploit validation Detailed technical report with: Identified vulnerabilities Risk severity (CVSS scoring) Impact analysis Remediation recommendations Executive management summary 2.2 Data Protection Impact Assessment (DPIA) One (1) Engagement Assessment of personal data processing activities Identification of privacy risks to data subjects Evaluation of: Lawfulness Purpose limitation Data minimization Storage limitation Security safeguards Compliance check with: Rwanda Data Protection Law Sectoral regulatory requirements DPIA report including: Risk register Mitigation measures Residual risk assessment Compliance recommendations Final management presentation 3. Deliverables The bidder shall provide: Comprehensive VAPT Technical Report VAPT Executive Summary Comprehensive DPIA Report DPIA Risk Assessment Matrix Final Presentation to Management All reports to be delivered in both soft copy and signed hard copy 4. Engagement Period The total engagement period shall not exceed 15 working days from contract signing. Proposed timeline must be clearly indicated in the financial proposal. 5. Bidder Eligibility & Qualification Requirements Bidders must submit: Valid RDBCompany Registration Certificate Valid Tax Clearance Certificate At least three (3) similar VAPT and/or DPIA assignments in the last five (5) years Profiles and professional certifications of the proposed consultants, such as: CEH, OSCP, CISSP, CISA (for VAPT) CDPSE, DPO Certification, ISO 27701 Lead Implementer, CIPP/E (for DPIA) Methodology and tools to be used Non-blacklisting declaration Evidence of professional indemnity insurance. 6. Financial Proposal Requirements The financial proposal must clearly indicate: Cost for one (1) VAPT Cost for one (1) DPIA Applicable taxes (VAT) Total price (VAT exclusive & inclusive) Payment terms Validity of the financial offer (minimum 90 days) 7. Confidentiality & Data Protection All information accessed during the assignment shall be treated as strictly confidential. The bidder shall sign a Non-Disclosure Agreement (NDA) prior to engagement. No test data or reports shall be shared with third parties without prior written consent of the Companies. Tender Link : https://www.jobinrwanda.com/job/tender-notice-provision-vulnerability-assessment-penetration-testing-vapt-and-data-protection
We takes all possible care for accurate & authentic tender information, however Users are requested to refer Original source of Tender Notice / Tender Document published by Tender Issuing Agency before taking any call regarding this tender.
