Expression of Interest for Support to Digital Strategy and Assessment of the Needs and National Cybersecurity Competency. Implementation Support to Digital Strategy and Assessment of the Needs and National Competency Framework of the Cybersecurity Workforce Health Enterprise Architecture, Digital Identity, Cybersecurity Publication Date: 03/30/2026 12:00 AM EDT EOI Deadline: 04/13/2026 11:59 PM EDT The purpose of these Terms of Reference is to select a firm that will provide expert implementation support for the following three activities in Senegal and the fourth activity in Ghana: i) Health Enterprise Architecture (HEA), ii) Digital Identity (eID), and iii) the assessment of the needs and national competency framework of the cybersecurity workforce. This contract can be launched in a single lot (authorising consortia/subcontractors) for a maximum period of 12 months. Background and institutional alignment With regards to the Senegal activities, with funding from the World Bank (WB), the Government of Senegal has launched the Senegal Digital Economy Acceleration Project (PAENS) 2023-2028, which aims to expand access to affordable and climate-resilient broadband connectivity and improve the adoption of online government services and electronic health records. PAENS is structured around four integrated and mutually reinforcing components at the level of policies, infrastructure, public platforms, and services. This mission aims to accelerate the reforms conducted by the authorities and aligns with the ongoing activities of the project, including the development of an HEA, improving the interoperability of health platforms, conducting feasibility studies on digital ID, as well as assessing workforce needs in the field of cybersecurity. It also aims to develop a competency framework to support the update of the national cybersecurity strategy. The main national counterparts are the Ministry of Communication, Telecommunications and Digital Affairs (MCTN) the Ministry of Health and Public Hygiene (MSHP), Senegal Numerique SA (SENUM); the Ministry of the Interior, the Directorate General for Encryption and Information Systems Security (DCSSI). With regards to activity (iii) of this TOR, Ghanas rapid digital transformation has increased exposure to cyber threats across the public and private sectors, but the country lacks a nationally endorsed cybersecurity workforce framework. Fragmented skills supply, limited data on workforce needs, and weak coordination between academia, industry, and government have resulted in persistent cybersecurity talent gaps. These constraints undermine the security of digital services, protection of critical infrastructure, and trust in the digital economy. The grant addresses this gap by establishing for both countries a national cybersecurity workforce framework and generating empirical evidence on skills demand to inform policy, education, and future workforce investments, while complementing ongoing cybersecurity safeguard programs. Duration: 12 months maximum. Competitive bidding method: 1 lot (authorises consortia) Objectives: Provide concrete technical assistance to: i. Design a pragmatic Health Enterprise Architecture (HEA), in line with the national enterprise architecture currently under development. This architecture will be supplemented by an adapted governance model and priority artifacts to strategically guide digital investments in the Ministry. ii. Define and support the implementation of an inclusive, secure, and interoperable electronic identification framework adapted to the legal and institutional context of Senegal. iii. Conduct an in-depth analysis of national skills needs in the field of cybersecurity and propose a reference framework of roles and skills. An operational plan will be provided alongside this reference framework to support the development of key pathways and skill-building initiatives in both countries. Stream A: Health Enterprise Architecture (HEA) - Senegal A1. Mapping of the existing: Rapid review of feasibility outputs, existing HEA artifacts, the portfolio of existing platforms, registries, hosting, data protection and exchange mechanisms, and governance within MSHP. A2. HEA target and reference models: Co-development of business reference models, data protection, applications, and technologies; definition of pragmatic principles and a minimum interoperability profile (API, standards) for health use cases priority uses. A3. Roadmap: Production of an 18 to 36-month roadmap related to indicators (HEA and interoperability), integrating "quick win" solutions in the short term, sequencing, and governance points. A4. HEA Governance and Operating Model: Establishment of an architecture review committee, definition of roles, processes, compliance and waiver procedures, and centralization of resources. A5. Implementation support: Production of 35 priority artifacts (canonical data models, API specifications for 2 services, security patterns) and supervision of 2 sprints. Stream B: Digital Identity (eID) - Senegal B1. Electronic Identification Framework: Development of a governance framework for digital identity (eID) based on feasibility recommendations. This will specify the levels of assurance, federation mechanisms, onboarding policies, lifecycle management of authentication means, as well as consent and recourse procedures. B2. Technical and Pilot Architecture: Design of an integration-ready technical architecture for authentication (e.g., OIDC), attribute sharing, and consent logging; Preparation of technical specifications and test plans for a limited pilot with one or two priority services on senegalservices.sn. B3. Safeguards and inclusion: Putting in place measures to reduce exclusion (assisted channels, recourse), alignment with data protection requirements, and management of identified risks; integration of monitoring indicators. B4. Documentation: Integration guides, relying party onboarding manuals, compliance checklist, etc. Stream C: Cybersecurity Workforce Senegal and Ghana C1. National Cybersecurity Workforce Needs Assessment Design and administer a nationally representative survey across key sectors (government, finance, telecoms, energy, education, SMEs) to assess workforce size, roles, skills gaps, and training needs. Deliverables: Validated survey instrument Survey data analysis and national workforce needs report C2. Development of Cybersecurity Workforce Framework Develop a national framework mapping cybersecurity job roles, skills, and career pathways, adapted from international best practice (notably the US NICE Framework). Deliverable: Draft Cybersecurity Workforce Frameworks C3. Stakeholder Consultations and Dissemination Conduct national and sectoral consultations and disseminate findings domestically and within the World Bank. Deliverables: National workshop on survey results; Consultations on the workforce framework; World Bank Brown Bag Lunch (BBL). Deliverables, milestones, and indicative timeline (12 months) D0 Inception (M1): Inception report, work plan, risk/quality plan; HEA repository configuration plan. HEA (M2M6): A1 inventory (M2); A2 v1 Reference Models and Interoperability Profile (M4); A3 Roadmap (M5); A4 Governance and Configured Repository (M6). HEA Support (M7M10): A5 priority artifacts + 2 sprints; compliance checklist (M10). EID (M2M5): B1 Trust Framework (M4); B2 Pilot Architecture, Test Plans, and Guides (M5). EID Support (M6M9): Pilot Integration Support and Lessons Learned Report (M9). Cybersecurity (M2M8): C1 National Cybersecurity Workforce Needs Assessment (M4); C2 Development of a Cybersecurity Workforce Frameworks (M6); C3 Stakeholder Consultations and Dissemination (M7). Closing (K9U12): 68 training/coaching sessions; playbooks; final report; sustainability plan (M12). Reporting: monthly notes; quarterly reports. Bidders can offer optimized ventilation by guaranteeing the minimum deliverables. Desired team and qualifications The consultant shall be a firm with a strong track-record of successfully completing similar assignments of (i) conducting studies or assessments in the national digital transformation space, (ii) supporting or assisting digital transformation projects in the public sector and (iii) assessing skills and workforce gaps at the national level in more than two countries. The firm should have a strong understanding of how cybersecurity awareness, skills and training programs are designed and the issues and trends regarding national cybersecurity skills programs and good practices. Familiarity with the digital development context of Senegal and Ghana is considered an advantage. The firm shall propose a team consisting of at least one team leader, minimum number of technical experts listed below, plus any additional support staff the firm finds necessary to deliver the assignment with the following qualifications. The firm is encouraged to collaborate with local staff where appropriate. · Head of Mission (10+ years, public digital reforms; multi-agency coordination). · Enterprise Architect (7+ years; HEA Public Sector; TOGAF or equivalent). · Digital Identity Specialist (7+ years; proof of identity, authentication, federation; trust frameworks). · Workforce Specialist/HRD Cybersecurity (7+ years; competency planning; management adaptation). · Information Security Advisor (ISMS/risk; privacy-by-design). Local coordination in Dakar; fluency in French. Local coordination in Ghana: fluency in English Submission file Technical (max 30 pages): background, methodology, plan and milestones, CVs, 3 comparable cases, capacity building plan, risk management, FR capacities. Financial: budget per deliverable (p Tender Link : https://wbgeprocure-rfxnow.worldbank.org/rfxnow/public/advertisement/6737/view.html
