|
|
||
Government of the People’s Republic of Bangladesh
Office of the Project Coordinator
Road Sector Reform Project (RSRP)
and Addl. Chief Engineer, RHD
Sarak Bhaban, Ramna, Dhaka.
Expressions of Interest (EOI)
Proposed Road Sector Reform Project (RSRP
Consultancy Services for Technical Audit of IT and MIS Data Security (Package # S-9) under the Proposed Road Sector Reform Project of the Roads and Highways Department, Bangladesh”
| Memo No.: 61/07-799/1(8) | Date: 11-06-2008 |
The People’s Republic of Bangladesh intends to apply for a credit in the amount of about US$ 150 million from the International Development Association (IDA) towards the cost of the proposed 'Road Sector Reform Project (RSRP)' to be implemented by Roads and Highway Department (RHD) and it intends to apply part of the proceeds to payments for the services described below.
The objective of the Project is to help the Government of Bangladesh (GOB) to provide a sustainable, efficient and safe major road network in Bangladesh, through further enhancements in road asset management, planning and development, resource mobilization and financial management. The RSRP will assist the GOB to achieve this objective through:
• Financing for major physical road network rehabilitation and improvements;
• Technical assistance for major reforms in roads sector;
• Advisory and capacity building assistance to Bangladesh’s key ‘land transport sector’ entities;
In this context, the GOB and the IDA have reached agreement on an Operational Risk Management Plan (ORMP), which is aimed at ensuring that the activities of the RHD and its interactions with the MoC and within the GOB financial management (FM) framework are conducted via a combination of policies, processes, systems, skills and resources capable of maintaining effective competition, value-for-money, efficiency, FM probity, transparency and accountability, with reduced operational risk to GOB interests and responsibilities. Apart from some strategic GOB-level measures, the ORMP will mostly be executed with RSRP assistance, partly integrated with the RSRP implementation and partly in parallel with yet separate from the main RSRP-assisted activities.
Since 2003, the RHD has been among a lead group of GOB agencies who have been implementing major GOB-mandated national Procurement, FM and Audit reforms and GOB enhancement measures. In this period, the RHD has also been making improvements to its capacities in business management and project development, implementation and monitoring. This has included the externally-assisted development and commissioning by the RHD of two IT-based management information systems, the Central Management System (CMS) and the Road Asset Management System (RAMS). The effectiveness and security of these two systems is of vital importance to the RHD, hence access to CMS and RAMS data must be kept to intended and authorized uses only.
As part of the ORMP implementation, the RHD has decided to carry out a comprehensive assessment of all factors directly affecting the security of data in its IT operations and in its key MIS tools, namely the CMS and the RAMS. The assessment will be undertaken as a Technical Audit of IT & MIS Data Security, including provision of a phased Action Plan for recommended data security interventions. On present planning for the RSRP appraisal, the technical audit (with Action Plan) is expected to be finalised and submitted for joint RHD, GOB and IDA consideration / decisions by end-February 2009
While the RHD will carry overall responsibility for the Technical Audit, the Department will require the assistance of external technical expertise and services, to be secured on the basis of RSRP-funded consultancy services.
Consultancy Services for Specialist IT & MIS Data Security are required. Accordingly RHD now invites eligible consultants to submit their EOIs for the following Consultancy Services.
Contract Package S-9:
Consultancy Services for Technical Audit of IT and MIS Data Security
The objective of the proposed Technical Audit services is to make a comprehensive assessment of the capacity of the management framework and operational circumstances in the RHD relating to the department’s main IT-based MIS tools and their data holdings, and to identify (where necessary) viable measures that can quickly help to ensure the security of such data and minimization of likely risks from inappropriate and/or unauthorized access.
The following combination of tasks will be under taken under the services:
• Assessment of the status of security policy, provisions, controls and practices in RHD for IT-based data / records, particularly in regard to the CMS and RAMS databases;
• Assessment of the nature, level and implication of current vulnerabilities and risks, including diagnosis of relevant features and capacity of the technology used by CMS and RAMS, ‘mapping’ of the typical RHD work patterns and processes involving use of CMS and RAMS, and identification of any relevant ‘workplace culture’ factors in the RHD in relation to IT-ICT-MIS usage;
• Identification of realistic, readily-actionable remedial measures and options available to the RHD, capable of establishing a satisfactory and sustainable level of data security and risk management in the Department’s IT-based information management tools, organizational arrangements / capacity and workplace culture;
• Facilitation of a Workshop on the findings, priorities and remedial options; and
• Report on the Technical Audit of RHD IT Data & Systems Security which shall comprehensively document the assessment method(s), scope and findings, and which shall conclude in the provision of a recommended “phased Action Plan” comprising prioritized remedial actions and/or improvements deemed viable within the RHD’s situation and circumstances.
Consultants may associate to enhance the qualification but should clearly / explicitly mentioned whether the association is in the form a “Joint Venture” or “Sub-consultancy”. In case of a “Joint Venture” all members must have real and well defined inputs to the assignment, and it is preferable to limit the total number of firms including associates to a maximum of 4 (four).
Interested consultants must provide information indicating that they are qualified to perform the services (brochures, description of similar assignments, experience in similar conditions, availability of appropriate skills among staff, etc.). The EOIs would be reviewed on the basis of the following to prepare a short list:
• Registration of the firm
• Availability of appropriate skills among staff
• Demonstrated capacity to handle such assignment in terms of resources
• Experience in similar tasks
Consultants will be selected in accordance with the procedure set out by the World Bank’s Guideline:
Selection and Employment of Consultants by World Bank Borrowers, May, 2004, Revised October 2006.
Interested consultants may obtain further information from the address below, from 0900 to 1600 hours for Sunday to Thursday except on government holiday.
Expressions of Interest with supporting documents must be delivered to the address given below by date
03-07-2008 by 3:00 PM & clearly marked “Expressions of Interest for Contract Package # S-9” for RSRP on the top of EOI envelope.
Project Director, RSRP
(Addl. Chief Engineer, RHD)
Sarak Bhaban, Ramna, Dhaka.
Ph. 9568740, Fx. 9568302
e-mail: pdrsrp@rhd.gov.bd
