ocds-bidanga-KE-OP00449974
Vulnerability Assessment & Penetration Testing Services for E-Citizen Platform — ICTA Program Implementation Unit, KDEAP Project
Titre original : Vulnerability Assessment & Penetration Testing Services for Remediation of E-Citizen Platform
Deadline
June 24, 2026
Key information
- Type
- IT & Télécom
- Deadline
- June 24, 2026 at 12:00 AMClosed
- Estimated Value
- Not disclosed
- Language of Notice
- English
Description
THE INFORMATION AND COMMUNICATIONS TECHNOLOGY AUTHORITY
KENYA DIGITAL ECONOMY ACCELERATION PROJECT (KDEAP)
ICTA-PROGRAM IMPLEMENTATION UNIT
REQUEST FOR EXPRESSION OF INTEREST
(Consulting Services – Firms Selection)
Country: Kenya
Name of project: Kenya Digital Economy Acceleration Project (KDEAP)
Project No.: P170941
Credit No: 7289-KE and 7290-KE
Assignment Title: Vulnerability Assessment & Penetration Testing Services for Remediation of ECitizen Platform
Contract No.: KE-ICTA-526653-CS-QCBS
- The Government of Kenya has received financing from the World Bank towards the cost of the Kenya Digital Economy Acceleration Project (KDEAP) and intends to apply part of the proceeds for consulting services.
- The consulting services (“the Services”) include Vulnerability Assessment & Penetration Testing for Remediation of ECitizen Platform. The assignment is expected to take six (6) calendar months from the date of contract commencement.
- The detailed Terms of Reference (TOR) for the assignment can be found at the following website: www.icta.go.ke and www.tenders.go.ke/tenders or can be obtained at the address given below.
- The Information and Communications Technology Authority through the Program Implementation Unit (PIU) now invites eligible consulting firms (“Consultants”) to indicate their interest in providing the Services. Interested Consultants should provide information demonstrating that they have the required qualifications and relevant experience to perform the Services. The shortlisting criteria are:
a) Core business and years in business: The firm must be formally registered and incorporated as a consulting firm with a core business demonstrably in cybersecurity, information security, IT governance, risk and compliance (GRC), or an equivalent field. This specialization must have been maintained for a minimum period of Eight (8) years. This extensive operational history indicates a depth of experience necessary for a project of this magnitude.
b) Relevant experience: The firm shall demonstrate having successfully executed and completed at least five (5) assignments of a similar nature and complexity. This includes large-scale enterprise cybersecurity remediation, projects involving government digital platforms, or critical national infrastructure. These assignments must have been completed within the last seven (7) years. Experience in a similar operating environment is crucial, as government systems often present unique bureaucratic, procurement, and political complexities that differ significantly from the private sector. Detailed information for each similar assignment, including the name and address of the client, the scope of work, value, and period of execution, must be provided with the Expression of Interest.
c) Technical and managerial capability of the consulting firm: The firm must demonstrate the requisite technical capacity, including access to advanced cybersecurity tools, proven methodologies, and established frameworks. Furthermore, it must exhibit strong managerial capability, evidenced by project management certifications, a robust organizational structure, and rigorous quality assurance processes, all necessary to undertake an assignment of this national significance. This demonstration should be clearly articulated in the submitted company profile(s).
Key Experts will not be evaluated at the shortlisting stage.
- The attention of interested Consultants is drawn to Section III, paragraphs, 3.14, 3.16, and 3.17 of the World Bank’s “Procurement Regulations for IPF Borrowers” First Published July 2016 and Revised Fifth Edition September 2023 (“Procurement Regulations”), setting forth the World Bank’s policy on conflict of interest.
- Consultants may associate with other firms to enhance their qualifications but should indicate clearly whether the association is in the form of a joint venture and/or a sub-consultancy. In the case of a joint venture, all the partners in the joint venture shall be jointly and severally liable for the entire contract, if selected.
- A Consulting firm will be selected in accordance with the Quality and Cost Based Selection (QCBS) method set out in the Procurement Regulations.
- Further information can be obtained at the address below during the following office hours 0900 and 1600 hours from Monday to Friday excluding lunch hour (1300 to 1400hours) East African Time (EAT) and public holidays.
- Expression of interest must be delivered in written form by 24th June 2026 at 1000hours EAT. - using one of the following modalities: (i) deposit in the tender box located on 12th Floor, Telposta Towers, Kenyatta Avenue in Nairobi, Kenya or (ii) send by email to: [email protected] and quote the Assignment title and Contract No. in the subject row. For expressions of interest that will be deposited at the tender box, the packages should be clearly marked Vulnerability Assessment & Penetration Testing Services for Remediation of ECitizen Platform Contract No. KE-ICTA-526653-CS-QCBS
Address:
Chief Executive Officer,
The Information and Communications Technology Authority,
P.O Box 27150, Kenyatta Avenue
00100, Nairobi, Kenya.
Tel.: (+254) 20 667 6999
E-mail: [email protected] / [email protected]
Attn: Deputy Director, Supply Chain Management
Tender Timeline
Publication
June 9, 2026
Bid Submission Deadline
June 24, 2026
Evaluation & Award
Pending
Contract Signature
Pending
Tender Documents
Connectez-vous pour télécharger le dossier et être averti automatiquement de toute modification de cet appel d'offres.