Website Kwacha Pension Trust Fund
REQUEST FOR EXPRESSION OF INTEREST FOR THE COMPREHENSIVE ASSESSMENT OF THE INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) OPERATING ENVIRONMENT
1.0 INTRODUCTION
Kwacha Pension Trust Fund (the Fund) is a single employer defined benefit pension fund and is regulated by the Pensions and Insurance Authority (PIA).
1.1 The Fund wishes to engage a Consultant/ Firm to carry out an assessment of the Information and Communications Technology (ICT) operating environment and to also conduct a Systems Penetration/ Network Vulnerability Testing.
2.0 OBJECTIVE
The objective of the exercise is to provide an assurance on the operating effectiveness of the Fund’s ICT environment.
Objectives will include:
2.1 Evaluate the Fund systems and processes to ensure that they are able to secure Fund data;
2.2 Determine whether there are potential risks to the Fund’s information assets and ways to minimise those risks;
2.3 Verify the reliability and integrity of information;
2.4 Check that information management processes are compliant with IT specific laws, policies and standards;
2.5 Determine whether there are any inefficiencies in the ICT systems and management thereof and
2.6 Where any risks/ weaknesses are noted, recommend remedial actions plus any required tools.
3.0 SCOPE OF SERVICES
The Terms of Reference for the ICT assessment and system penetration testing are to provide assurance on the following:
3.1 Operations, programs and systems are appropriately managed to support the scheduling, execution, monitoring, and continuity of ICT programs and processes for the complete, accurate, and valid processing, recording, update and storage of financial and members’ transactions;
3.2 The Management Information system that is currently under development meets the minimum required software development standards;
3.3 In the event of a disaster at the primary site, essential business processes and information systems can be recovered timely;
3.4 Systems security is appropriately implemented, administered, and logged to safeguard against unauthorised access to or modifications of programs and data;
3.5 Configurations and programs, and systems changes are appropriately managed to minimise the likelihood of disruption, unauthorised alterations, and errors which impact the accurate, complete, and valid processing and recording of financial and members’ information.
3.6 The data architecture is appropriately defined and implemented to organise data in a manner supporting the accuracy, completeness, and validity of financial and Members’ information.
3.7 The software applications in use have current and valid licences.
3.8 Carry out Network vulnerability detection and system application penetration testing for the Fund’s systems;
3.9 The information management processes are compliant with IT-specific laws, policies and standards;
3.10 The Fund has the relevant ICT policies and procedures in place;
3.11 Appropriateness and effectiveness of ICT equipment that includes, servers, laptops, desktop computers, CCTV, and access control, and
3.12 Any risks to the Fund’s information assets and methods to minimise those risks.
4.0 DELIVERABLES
4.1 Initial draft report highlighting the following:
- A Review of the ICT environment;
- The findings arising from the review;
- Evidence to support the findings as appropriate;
- Recommended strategic ICT goals and operational objectives;
- Recommendations on corrective action to be taken;
- References to include:
a. List of people consulted, their institutions and contact addresses, and
b. List of references used in the document.
The initial draft report is to be presented to the Fund Management and eventually to the Board of Trustees for final approval.
4.2 Three bound copies of the final report after approval by the Board of Trustees.
5.0 TENDER PROCESS
The Fund now invites eligible consultants to indicate their interest in assessing the operating effectiveness of the Fund’s ICT environment which would meet the above requirements or even better. Interested consultants must provide the Expression of Interest indicating that they are qualified to perform the services.
Other documentation to be provided will include:
5.1 Proof of relevant experience to undertake the assignment i.e. Five (5) years or more demonstrated evidence of performing similar work with traceable references preferably in the pensions industry, fund management or financial services;
5.2 Technical Proposals: the technical proposal should clearly explain the consultant’s understanding of the ToRs and clear explanation of the methodology (including qualitative and quantitative methods) that the consultant is proposing to use and a comprehensive roadmap for undertaking the assignment;
5.3 A draft work plan detailing the duration required to undertake the assignment;
5.4 Company/ Personal profile describing the core business and requisite experience of the Firm Consultant;
5.5 Qualifications and experience of Senior Management Team and the team that will be assigned to this project;
5.6 Description of similar assignments previously undertaken (should include the year, amounts involved, names of the clients and contact persons);
5.7 PACRA Registration certificate and print out of PACRA Form II;
5.8 Three recent reference letters from former or existing Clients for similar works;
5.9 Copies of IDs of Shareholders/Directors/Partners;
5.10 Valid Tax Clearance Certificate;
5.11 The financial proposal which includes consultancy fee quotation and other costs related to the assignment and
5.12 Quotation must be valid for 90 days (indicate validity of the quotation).
Interested Consultants or Firms are to submit their applications in a sealed envelope clearly marked “Expression of Interest for the Comprehensive Assessment of the ICT Operating Environment of KPTF” to the address below by 16.30 hours on 6th July 2022.
The Director
Kwacha Pension Trust Fund
Stand No. 5534
Corner Kakola/Libala Roads, Kalundu
Post Net Box 663 P/Bag E891
Lusaka
For any queries, please write to the following email addresses:
THE FUND RESERVES THE RIGHT TO DISCONTINUE THE PROCESS WITHOUT ANY RECOURSE TO THE PARTICIPANTS.