Realizar um estudo de viabilidade para diferentes modelos de governança para a autoridade de segurança cibernética e proteção de dados.

Request for Expression of Interest WARDIP-C - 015-2023

Feasibility Study on Cybersecurity and data Protection Governance Models, Operation Manual as well as Cybercrime Capacity Building support in Guinea-Bissau

• Backgraund To support the region’s digital transformation, the World Bank (WB) is financing the preparation of the West African Regional Digital Integration Program (WARDIP) – Guinea-Bissau – for US$60 million for five years. The project is expected to be submitted for approval by the World Bank Executive Board in September 2023; it’s entered the preparations phase since May 2023

The design of the proposed program considers the need for Guinea-Bissau to develop a digital economy, while aligning itself and integrating into a single and harmonized regional digital market. This will be done through a logical chain consisting on building single regional market for connectivity, data and online services,

Guinea Bissau, a West African nation, has been experiencing rapid technological advancements and increased internet penetration in recent years. With the growing dependency on information and communication technologies (ICT), the country faces an increased risk of cyber threats and vulnerabilities. Recognizing the importance of cybersecurity to ensure the safety and security of its citizens, businesses, and critical infrastructure, the government is taking proactive measures to address these challenges.

The selected consulting firm will have the following objectives:

(i) Conduct a Feasibility Study: Perform a comprehensive feasibility study on different cybersecurity and data protection governance models and their advantages and disadvantages for Guinea-Bissau given the country’s specific challenges and context. This study should inform the establishment of a robust, effective, and efficient data protection and cybersecurity function in Guinea-Bissau.

(ii) Establishment Support: Assist in the design of the data protection and cybersecurity agency(ies), providing guidance and expertise in the staffing process, agency structure, and operational practices.

(iii) Operations Manual Development: Collaborate with stakeholders to develop a comprehensive operation manual for the newly established data protection and cybersecurity agency(ies). This manual should include standard operating procedures, incident response protocols, and guidelines for data privacy and protection.

(iv) Design Capacity Building Plan: Formulate a detailed plan for capacity building on (i) cybercrime for the agency(ies), operational units, judiciary, and law enforcement staff as well as on (ii) data protection. The capacity building program should comprise local and international training on computer/digital forensics and investigation, incident response, preservation of evidence, data recovery/retrieval and analysis, digital intelligence, and other relevant courses.

(v) Online Educational Tools Development: Design and develop online educational tools to enhance awareness and accountability in the areas of cybersecurity and cybercrime. These tools should cater to different audiences, including public sector employees, private sector organizations, and the general public. They should provide clear, accessible information on essential topics, such as recognizing cyber threats, safe online practices, and the role of individuals in preventing cybercrime.

• qualification requirements The consulting firm should have:

• Over 15 years of experience in the cybersecurity sector, with a focus on the African context.
• A proven track record of conducting similar technical assistance and developing cybersecurity and data privacy strategies and action plans.
• In-depth knowledge of international cybersecurity and data privacy standards and best practices.
• A team of experts with diverse backgrounds, including cybersecurity, risk management, data privacy, policy development, and infrastructure design.
• Experience in working with government institutions.

Profiles of the key Experts:

• Cybersecurity Governance Expert: This expert should have a deep understanding of cybersecurity policy, governance models, and best practices. They should hold a master's degree (or equivalent) in Cybersecurity, Information Systems, Computer Science, or a related field, with at least 10 years of experience in cybersecurity governance, policy development, or in a related area.
• Legal and Regulatory Expert: This expert should have a deep understanding of data protection laws and regulations, both locally in Guinea-Bissau and internationally. They should have a law degree and at least 10 years of experience in legal aspects of data privacy and protection. Experience with legal aspects of cybersecurity would be a plus.
• Organizational Development Expert: This expert should have a solid background in organizational structure, HR, and agency formation. They should hold a master's degree (or equivalent) in Business Administration, Organizational Development, HR, or a related field, with at least 10 years of experience in similar roles.
• Capacity Building and Training Expert: This expert should have a robust background in creating and executing training and capacity-building programs, ideally in the field of cybersecurity. They should hold a master's degree (or equivalent) in Education, Training, or a related field, with at least 10 years of experience in designing and implementing training programs.
• Cybersecurity Technical Expert: This expert should have a deep technical understanding of cybersecurity, including computer/digital forensics, incident response, data recovery, and digital intelligence. They should hold a degree in Cybersecurity, Information Systems, Computer Science, or a related field, with several relevant cybersecurity certifications and at least 10 years of experience in a similar role.
• E-Learning and Digital Tools Expert: This expert should have a solid background in the design and development of online educational tools and e-learning platforms. They should hold a degree in Instructional Design, E-Learning, Education Technology, or a related field, with at least 10 years of experience in the e-learning industry.

Selection of the sucessful consultant will be made on the basis of the “Quality and Cost method” as described in the World Bank procurement regulations for Investiments Projets Borrowers 2016 Edition and following updates. For more information and obtention of term of reference, you can requeste it directly on the Office of the Emergency and Food Safety Project (PUSA) located: Rua Osvaldo Vieira, house nº 10, or via email: [email protected]. It should be noted that TOR's are available in Portuguese and English, however the procurement language remains in Portuguese.

Consultants firm insterested in providing the consultancy services mentionned above should express their interest until August 31st 2023 at 12:00 GMT

The Coordinator

_________________________________________

Aníbal Baldé